Guest

Cisco IOS Software Releases 12.3 T

Cross-Platform Release Notes for Cisco IOS Release 12.3 T, Part 5: Caveats

 Feedback

Table Of Contents

Caveats for Cisco IOS Release 12.3T

How to Use This Document

If You Need More Information

Contents

Resolved Caveats—Cisco IOS Release 12.3(14)T7

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T6

IP Routing Protocols

Miscellaneous

Protocol Translation

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T5

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T4

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T3

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T2

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T1

Miscellaneous

Open Caveats—Cisco IOS Release 12.3(14)T

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

ISO CLNS

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(14)T

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T12

Basic System Services

IBM Connectivity

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Resolved Caveats—Cisco IOS Release 12.3(11)T11

Basic System Services

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(11)T10

Basic System Services

Interfaces and Bridging

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T9

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Protocol Translation

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T8

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T7

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T6

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T5

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(11)T4

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T3

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T2

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(11)T

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

ISO CLNS

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T11

Basic System Services

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(8)T10

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T9

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T8

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(8)T7

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T6

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T5

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T4

Basic System Services

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T3

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(8)T1

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(8)T

Basic System Services

EXEC and Configuration Parser

IBM Connectivity

Interfaces and Bridging

IP Routing Protocols

ISO CLNS

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T12

Basic System Services

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(7)T11

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T10

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T9

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(7)T8

IP Routing Protocols

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(7)T7

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T6

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T4

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T3

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T2

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T1

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(7)T

Basic System Services

EXEC and Configuration Parser

IBM Connectivity

Interfaces and Bridging

IP Routing Protocols

ISO CLNS

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T11

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(4)T10

Basic System Services

Interfaces and Bridging

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T9

Basic System Services

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T8

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T7

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T6

Interfaces and Bridging

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T4

Basic System Services

IP Routing Protocols

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(4)T3

Basic System Services

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T2

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T1

Basic System Services

IBM Connectivity

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(4)T

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

ISO CLNS

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T9

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T8

Basic System Services

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T7

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T6

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T5

Basic System Services

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(2)T4

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T3

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.3(2)T2

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T1

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.3(2)T

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Obtaining Documentation, Obtaining Support, and Security Guidelines


Caveats for Cisco IOS Release 12.3T


September 24, 2008

Cisco IOS Release 12.3(14)T7

Text Part Number: OL-4748-06 Rev. J1

This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.3T, up to and including Release 12.3(14)T7. Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.

Because Cisco IOS Release 12.3T is based on Cisco IOS Release 12.3, many caveats that apply to Cisco IOS Release 12.3 also apply to Cisco IOS Release 12.3T. For information on severity 1 and 2 caveats in Cisco IOS Release 12.3, see the Caveats for Cisco IOS Release 12.3 document located on Cisco.com.

How to Use This Document

This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:

The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.

The "Resolved Caveats" sections list caveats resolved in a particular release, but open in previous releases.

Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.

The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm

If You Need More Information

Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation, Obtaining Support, and Security Guidelines" section.

For more information on caveats and features in Cisco IOS Release 12.3T, refer to the following sources:

Dictionary of Internetworking Terms and Acronyms—The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this caveats document.

Bug Toolkit—If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Software Center > Cisco IOS Software > BUG TOOLKIT. Another option is to go to http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)

Release Notes for Cisco IOS Release 12.3T—These release notes describe new features and significant software components for Cisco IOS software Release 12.3T.

Deferral Advisories and Software Advisories for Cisco IOS SoftwareDeferral Advisories and Software Advisories for Cisco IOS Software provides information about caveats that are related to deferred software images for Cisco IOS releases. If you have an account on Cisco.com, you can access Deferral Advisories and Software Advisories for Cisco IOS Software at http://www.cisco.com/public/sw-center/sw-ios-advisories.shtml.

What's New for IOSWhat's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account on Cisco.com, you can access What's New for IOS at http://www.cisco.com/public/sw-center/sw-ios.shtml or by logging into Cisco.com and selecting Technical Support > Software Center >roducts and Downloads > Cisco IOS Software.


Note Release notes are modified only on an as-needed basis. The maintenance release number and the revision date represent the last time the release notes were modified to include new or updated information. For example, release notes are modified whenever any of the following items change: software or hardware features, feature sets, memory requirements, software deferrals for the platform, microcode or modem code, or related documents.


The most recent release notes when this caveats document was published were Release Notes for Cisco IOS Release 12.3T, for Cisco IOS Release 12.3(14)T on April 17, 2007.

Contents

How to Use This Document

If You Need More Information

Resolved Caveats—Cisco IOS Release 12.3(14)T7

Resolved Caveats—Cisco IOS Release 12.3(14)T6

Resolved Caveats—Cisco IOS Release 12.3(14)T5

Resolved Caveats—Cisco IOS Release 12.3(14)T4

Resolved Caveats—Cisco IOS Release 12.3(14)T3

Resolved Caveats—Cisco IOS Release 12.3(14)T2

Resolved Caveats—Cisco IOS Release 12.3(14)T1

Open Caveats—Cisco IOS Release 12.3(14)T

Resolved Caveats—Cisco IOS Release 12.3(14)T

Resolved Caveats—Cisco IOS Release 12.3(11)T12

Resolved Caveats—Cisco IOS Release 12.3(11)T11

Resolved Caveats—Cisco IOS Release 12.3(11)T10

Resolved Caveats—Cisco IOS Release 12.3(11)T9

Resolved Caveats—Cisco IOS Release 12.3(11)T8

Resolved Caveats—Cisco IOS Release 12.3(11)T7

Resolved Caveats—Cisco IOS Release 12.3(11)T6

Resolved Caveats—Cisco IOS Release 12.3(11)T5

Resolved Caveats—Cisco IOS Release 12.3(11)T4

Resolved Caveats—Cisco IOS Release 12.3(11)T2

Resolved Caveats—Cisco IOS Release 12.3(11)T

Resolved Caveats—Cisco IOS Release 12.3(8)T11

Resolved Caveats—Cisco IOS Release 12.3(8)T10

Resolved Caveats—Cisco IOS Release 12.3(8)T9

Resolved Caveats—Cisco IOS Release 12.3(8)T8

Resolved Caveats—Cisco IOS Release 12.3(8)T7

Resolved Caveats—Cisco IOS Release 12.3(8)T6

Resolved Caveats—Cisco IOS Release 12.3(8)T5

Resolved Caveats—Cisco IOS Release 12.3(8)T4

Resolved Caveats—Cisco IOS Release 12.3(8)T3

Resolved Caveats—Cisco IOS Release 12.3(8)T1

Resolved Caveats—Cisco IOS Release 12.3(8)T

Resolved Caveats—Cisco IOS Release 12.3(7)T12

Resolved Caveats—Cisco IOS Release 12.3(7)T11

Resolved Caveats—Cisco IOS Release 12.3(7)T10

Resolved Caveats—Cisco IOS Release 12.3(7)T9

Resolved Caveats—Cisco IOS Release 12.3(7)T8

Resolved Caveats—Cisco IOS Release 12.3(7)T7

Resolved Caveats—Cisco IOS Release 12.3(7)T6

Resolved Caveats—Cisco IOS Release 12.3(7)T4

Resolved Caveats—Cisco IOS Release 12.3(7)T3

Resolved Caveats—Cisco IOS Release 12.3(7)T2

Resolved Caveats—Cisco IOS Release 12.3(7)T1

Resolved Caveats—Cisco IOS Release 12.3(7)T

Resolved Caveats—Cisco IOS Release 12.3(4)T11

Resolved Caveats—Cisco IOS Release 12.3(4)T10

Resolved Caveats—Cisco IOS Release 12.3(4)T9

Resolved Caveats—Cisco IOS Release 12.3(4)T8

Resolved Caveats—Cisco IOS Release 12.3(4)T7

Resolved Caveats—Cisco IOS Release 12.3(4)T6

Resolved Caveats—Cisco IOS Release 12.3(4)T4

Resolved Caveats—Cisco IOS Release 12.3(4)T3

Resolved Caveats—Cisco IOS Release 12.3(4)T2

Resolved Caveats—Cisco IOS Release 12.3(4)T1

Resolved Caveats—Cisco IOS Release 12.3(4)T

Resolved Caveats—Cisco IOS Release 12.3(2)T9

Resolved Caveats—Cisco IOS Release 12.3(2)T8

Resolved Caveats—Cisco IOS Release 12.3(2)T7

Resolved Caveats—Cisco IOS Release 12.3(2)T6

Resolved Caveats—Cisco IOS Release 12.3(2)T5

Resolved Caveats—Cisco IOS Release 12.3(2)T4

Resolved Caveats—Cisco IOS Release 12.3(2)T3

Resolved Caveats—Cisco IOS Release 12.3(2)T2

Resolved Caveats—Cisco IOS Release 12.3(2)T1

Resolved Caveats—Cisco IOS Release 12.3(2)T

Obtaining Documentation, Obtaining Support, and Security Guidelines

Resolved Caveats—Cisco IOS Release 12.3(14)T7

Cisco IOS Release 12.3(14)T7 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T7 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCek27271

Symptoms: The IPSLA test packets returned by the IPSLA responder for the UDP jitter operation have ToS value of 0 instead of the value configured for the operation. Because of this, the two IPSLA UDP jitter operations between same source and responder routers with just the different ToS configurations will report the same round trip time even though the expected values are different.

Conditions: This symptom has been observed on the routers configured with an IP SLA User Datagram Protocol (UDP) jitter operation with microseconds precision and has the ToS value configured.

Workaround: There is no workaround.

Interfaces and Bridging

CSCei68284

Symptoms: POS interfaces may remain in the up/down state after the router has been reloaded.

Conditions: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.

Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.

IP Routing Protocols

CSCek10384

Symptoms: A Cisco 7200 router that is performing NAT could drop IPSec packets.

Conditions: This symptom is observed on a Cisco 7200 router that is performing NAT functionality for IPSec transit packets. The router will NAT and forward the Inside to Outside IPSec (ESP) packets, but might drop the return IPSec packets from Outside to Inside.

Workaround: Disable NAT for IPSec.

Miscellaneous

CSCeh08363

Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.

Workaround: There is no workaround.

CSCeh30975

Symptoms: The FXSLS voice port is stuck in an on-hook state, and the digital signal processor (DSP) is not released.

Condition: This symptom occurs when the FXSLS user stays offhook at the end of the call after Cisco IOS software sends a Howler tone to the FXSLS port.

Workaround: There is no workaround.

CSCej87817

Symptoms: Policing does not drop any packets after the packets are sent or received at a rate that is much higher than the committed information rate (CIR).

Conditions: This symptom is observed on a Cisco 7500 series router but is not platform dependent.

Workaround: There is no workaround.

CSCsa63173

Symptoms: CEF may not be updated with a new path label that is received from the BGP peer.

If a router configured for BGP IPv4+labels multipath receives a BGP update that only changes the MPLS label for a non-bestpath multipath, the router fails to update the forwarding plane. This results in dropping or mis-branding the traffic.

Conditions: In a IPv4+labels multipath setup, if a label is changed for the non-bestpath multipath and that is the only change in the new update received from the neighbor, the new label will not be programmed in forwarding, hence there will be label inconsistency between the BGP and the forwarding tables.

Workaround: There is no workaround.

CSCsa86572

Symptoms: A large configuration in NVRAM on a primary or secondary RSP may become corrupted and the router may generate relevant warning messages during the execution of a copy system:running-config nvram: startup-config command.

When you erase NVRAM by entering the erase nvram command and then enter the copy system:running-config nvram: startup-config command, the router may crash.

Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.

Workaround: If the configuration file is significantly large, place a copy of the configuration file on a flash card or disk with ample space and enter the boot config slot0:startup-config command to force the startup configuration file to be read from the flash card.

When you enter the copy system:running-config nvram: startup-config command, the current running configuration is saved to the flash card or disk and the configuration is auto-synchronized to the corresponding flash card on the secondary RSP.

Caution: Do not remove the flash card while the boot config slot0:startup-config command is being executed.

CSCsb52900

Symptoms: An inconsistency may occur in the outlabel information that is used by BGP and MPLS forwarding.

Conditions: This symptom is observed when there are two route reflectors (RRs) that advertise the same route and when one of the routes is the best path. The symptom occurs when the following conditions are present:

The PE router that is the source restarts, causing the prefix to be readvertised with a new label.

The RR that forms the non-best path delays the withdrawal and readvertisement of the prefix, for example, because the RR has a heavy load.

This situation causes BGP to function with the new label but MPLS forwarding to function with the old label.

Workaround: Enter the clear ip route network command for the affected prefix.

CSCsb76671

Symptoms: Intermittent one-way audio (PSTN hears dead air) on inbound ISDN call through Cisco VoIP AS5850 gateway.

Conditions: This symptom has been observed to occur with inbound ISDN calls with outbound SIP calls towards a Cisco MeetingPlace server. Numerous calls which are transferred via SIP REFER contribute to the gateway get into this state.

Workaround: There is no workaround to prevent the gateway from getting into this state. Once in this state, reloading the gateway will help clear this condition for awhile.

CSCsc12098

Symptoms: The fix for busyout slot on the Cisco AS5400 platform causes build issues.

Conditions: This symptom is observed on a Cisco AS5400 platform.

Workaround: There is no workaround.

CSCsc20149

Symptoms: When you enter the show voice call status command five to six times in quick succession, the CPU use of a Cisco AS5850 reaches 99 percent. The Cisco AS5850 thereafter becomes very unstable in accepting incoming calls. This situation can be highly service-impacting under stress conditions.

Conditions: This symptom is observed on a Cisco AS5850 that is running a special image of Cisco IOS Release 12.3(11)T6 and occurs only when there are more than 900 H.323 voice calls.

Workaround: Do not enter the show voice call status command in a stress situation.

CSCsc40236

Symptoms: Incorrect outgoing labels are installed for BGP-IPv4 Multipath prefixes.

Conditions: This symptom has been observed anytime that a label changes from a BGP-IPv4 Multipath peer.

Workaround: Clearing the BGP neighbor should allow the correct labels to be installed.

CSCsc80670

Symptoms: The on-board FastEthernet 0/0 results in state "FastEthernet0/0 is up, line protocol is down" after a reload, power-up or a shutdown and no shutdown operation. This is verified when the FastEthernet 0/0 is connected to Telsey and Pirelli Media Converters in series.

This symptom is not present if the Cisco 1718 and Cisco 2950 routers are connected directly, without any media converters in between. This symptom may not be present using a media converter from other vendors.

Conditions: This symptom has been observed connecting the on-board port of a Cisco 17xx router running Cisco IOS Release 12.3(11)T to Telsey and Pirelli Media Converters in series, like:

1718(fa0/0)--Telsey MC ----------- Pirelli MC--(fa 0/1)2950

This symptom has also been observed with Cisco IOS Release 12.4(5), which is the latest available image for this platform.

Workaround: Replace the media converter with one from another vendor.

CSCsc94359

Symptoms: The BGP table and CEF forwarding table may have mismatched labels for prefixes that are learned from a remote PE router.

Conditions: This symptom is observed on a Cisco router that functions as a PE router when an eBGP session flap or route flap occurs on the remote PE router. A new label for the prefix is learnt from the remote PE router, but forwarding may not be updated properly.

Workaround: There is no workaround. When the symptom has occurred, and to correct the situation, enter the clear ip route vrf vrf-name network command on the PE router that has mismatched labels.

CSCsd30244

Symptoms: The router crashes on busyout of a CT3 card.

Conditions: This symptom has been observed only after the router is booted with no T1 configuration on the T3 controller.

Workaround: There is no workaround.

CSCsd39519

Symptoms: The Media Gateway Control Protocol (MGCP) gateway hangs when getting voice calls from either the IP or the PSTN side in which a leg of the call is on a BRI Voice Interface Card (VIC). The gateway stops responding and does not process any traffic. The only way to bring the router back is to power-cycle it.

Conditions: This problem can be seen for every call over a BRI VIC/WIC if the router is running Cisco IOS Release 12.4(4)T1 or later releases, but it is not seen when the router is running Cisco IOS Release 12.4(4)T.

Workaround: For an MGCP GW with BRI interfaces, do not use the Cisco IOS release for later than Cisco IOS Release 12.4(4)T.

CSCsd40334

Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

CSCsd58220

Symptoms: The callee's phone rings continuously even after the caller goes on- hook.

Conditions: When the caller goes on-hook, the gateway receives idle and does not recognize the idle. The call does not get disconnected and the callee keeps hearing the ringing tone continuously.

Workaround: The callee has to pick up the phone for the call to be dropped.

CSCsd58381

Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

Wide-Area Networking

CSCeg77994

Symptoms: A LAC does not send an Accounting-Start RADIUS record to a RADIUS server for a user session.

Conditions: This symptom is observed on a Cisco platform that functions as a LAC and that runs Cisco IOS Release 12.3(14)T1 when a switchover occurs from one LNS to another LNS while the user session is brought up.

Workaround: There is no workaround.

CSCei00766

Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).

Workaround: There is no workaround.

CSCsc17673

Symptoms: Using the show caller full or show caller interface Virtual-Access XX full commands on a PPPoE client interface causes the router to unexpectedly reload.

Conditions: This symptom has been observed on routers using Cisco IOS Release 12.4(3.3) and later versions.

Workaround: Avoid using those commands.

CSCsc66612

Symptoms: A Cisco router configured for Virtual Private Dialup Network (VPDN) may unexpectedly reload with Bus Error.

Conditions: This symptom was observed on a Cisco7200VXR series router equipped with NPE-G1 processor card running Cisco IOS Release 12.3(14)T3.

Workaround: There is no workaround.

Further Problem Description: The crash was preceded by "SYS-2-INPUT_GETBUF: Bad getbuffer" error messages.

Resolved Caveats—Cisco IOS Release 12.3(14)T6

Cisco IOS Release 12.3(14)T6 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T6 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

IP Routing Protocols

CSCeh95427

Symptoms: Ping/Telnet may fail across a Network Address Translation (NAT) box when static NAT configuration is on.

Conditions: This symptom is observed with Cisco IOS Releases 12.4(3) and 12.4 (4)T.

Workaround: There is no workaround.

CSCei93982

Symptoms: A router that is running Cisco IOS may crash unexpectedly.

Conditions: NAT must be enabled for this symptom to occur. The problem is seen when an application uses two well known ports: one for source and the other for destination. The outgoing translation is created, but on the return trip, using the previous source port as the destination, NAT may use the incorrect algorithm.

For example, if a PPTP session is initiated to the well known port 1723 from source port 21 (FTP), then the outgoing packet will create a FTP translation (we look at source information when going from in->out). When the packet is returned, we again look at the source information to know what kind of packet this is. In this case we have the source port will be 1723, and NAT will assume this is a PPTP packet. This will try to perform PPTP NAT operations on a data structure that NAT built for a FTP packet and may lead to a crash.

Workaround: There is no workaround.

CSCsb54823

Symptoms: One router (R2) may begin sending updates to another router (R1) before R2 has received the BGP prefix list from R1.

R1 does apply its inbound BGP prefix list so routes are denied if they need to be. However, R2 sends routes to R1 which are denied by R1.

Conditions: This symptom is observed when both routers have negotiated a BGP outbound route filter (ORF) and when R1 sends its BGP prefix list to R2.

Workaround: There is no workaround.

CSCsb61487

Symptoms: A (*,G) prune is not processed on a non-Designated Router (DR), causing a link that is shut down on a DR router to continue to receive multicast packets.

Conditions: This symptom is observed in a configuration with a DR router that has a link (link A) to a PIM neighbor and a backup router that has a link (link B) to another PIM neighbor. The symptom occurs when you shut down link A and bring up link B. The OIL of the DR router is Null on (S,G) but on its PIM neighbor, the OIL on (S, G) still points to the interface that is connected to the DR router, that is, to link A. The OIL on the PIM should be pruned immediately, but it takes three minutes before this occurs. This situation causes the DR router to continue to receive multicast packets until the OIL on the PIM is finally pruned.

Workaround: There is no workaround.

Miscellaneous

CSCef48325

Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.

Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.

Workaround: There is no workaround.

CSCef67842

Symptoms: The router may not be able to detect busy and congestion on the cptone Japan voice-port configuration.

Conditions: This symptom is observed on Cisco 2600, Cisco 3660, and Cisco 3640 routers when the cptone command is configured for Japan.

Workaround: There is no workaround.

CSCeg70465

Symptoms: There is no QoS classification at a main interface when packets are switched from a GRE tunnel that also has a QoS policy enabled.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4 when a QoS policy is enabled on both the GRE tunnel and the main interface in the output direction. The symptom may also occur in other releases.

Workaround: Move the complete QoS configuration to the QoS policy on the main interface (that is, use an hierarchical policy).

CSCeh35324

Symptoms: Weighted Random Early Detection (WRED) does not match packets based on any marking done.

Conditions: This symptom has been observed when qos pre-classification (the qos pre-classify command) is turned on.

Workaround: Remove the qos pre-classify command.

CSCeh56312

Symptoms: Packets are not shaped when traffic shaping is configured on a tunnel interface.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(27)SBA but may also occur in other releases.

Workaround: Configure class-based shaping. If this is not an option, there is no workaround.

CSCeh88604

Symptoms: One or more VIP slot controllers reset.

Conditions: This symptom is observed on a Cisco 7500 series when the ip nbar protocol-discovery command is enabled. The symptom may not be platform-dependent and may also occur on other platforms in a similar configuration.

Workaround: Disable protocol discovery by entering the no ip nbar protocol-discovery command.

CSCei05553

Symptoms: A Modular QoS CLI (MQC) CoS marking disappears after you reload a router and QoS does not work.

Conditions: This symptom is observed on a Cisco router when the policy map is configured with a class using CoS marking via the set cos command. After the router has reloaded, the CoS marking is still present in the configuration but does not appear in the output of the show policy-map interface command.

Workaround: Remove and re-apply the service policy on the main interface.

CSCei33351

Symptoms: A router that is configured for QoS crashes because of a bus error.

Conditions: This symptom is observed when you bring up a session that has a policy map attached in both directions.

Workaround: There is no workaround.

CSCei62952

Symptoms: A Cisco device that is running Cisco IOS software may drop traffic because the routing table and the CEF forwarding table are inconsistent.

Conditions: This problem is exposed when the routing table is reloaded by clearing the routing table or on a box that supports hardware forwarding resetting the forwarding complex, for example, PXF. This is a rare situation due to the prefix distribution and timing required to expose the condition.

Workaround: There is no workaround.

CSCei82163

Symptoms: A Cisco AS5400 might not release all voice resources for an MGCP call after it is disconnected.

Conditions: This symptom is observed on both the Cisco AS5400 and Cisco AS5850 platforms but is not platform dependent. The symptom is associated with the simultaneous disconnection of a large number of calls.

Workaround: There is no workaround.

CSCej13460

Symptoms: The packets are not switched correctly using the Fast Switching with IPSec tunnel protection feature.

Condition: This symptom has been observed in Cisco IOS Release 12.4(1b) when tunnel protection IPSec is configured and tunnel source interface has Fast- switching (but not CEF) configured.

Workaround: Use CEF switching.

CSCej20505

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCej42804

Symptoms: A Cisco Gateway that is running Session Initiation Protocol (SIP) calls might run out of processor memory due to hung SIP calls.

Conditions: Active and hung calls can be seen using the show sip-ua calls command. The following specific scenario will result in a hung call: 1) The gateway initiates an INVITE. 2) The gateway receives a 100/180 response. 3) The gateway sends a CANCEL. 4) The gateway receives the 200ok for the CANCEL. 5) The gateway receives an invalid final response for the INVITE (or no final response) and drops the message.

Each hung call will use a little more memory, and eventually the gateway will run out of memory.

Workaround: Downgrade to Cisco IOS Release 12.3(14)T3, Release 12.3(11)T6, Release 12.4(2)T1, or Release 12.4(1a).

CSCin79691

Symptoms: QoS information disappears from a FlexWAN module or VIP that is configured with a distributed MFR interface.

Conditions: This symptom is observed after the FlexWAN module or VIP resets or after the interface flaps.

Workaround: Remove the service policy from the interface and reapply it to the interface.

CSCin86923

Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.

Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.

Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.

CSCin91381

Symptoms: A VIP that has a dMLFR configuration may crash when you enter the microcode reload global configuration command.

Conditions: This symptom is observed on a Cisco 7500 series when traffic flows through the VIP.

Workaround: There is no workaround.

CSCin97815

Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.

The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in the show frame-relay pvc command show the packets correctly.

Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.

Workaround: There is no workaround.

CSCsa65035

Symptoms: The committed information rate (CIR) of policers is calculated incorrectly.

Conditions: This symptom is observed when Frame Relay Traffic Shaping (FRTS) is applied using Modular QoS CLI (MQC) (that is, it is applied on the shaper in the parent service policy) and when the classes of the child policy include percentage-based policers.

Workaround: There is no workaround.

CSCsa68001

Symptoms: All incoming packets on a Frame Relay Link have the DE bit set.

Conditions: This symptom is observed on a Cisco 2811 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 under normal traffic conditions.

Workaround: There is no workaround. Note that the symptom does not occur on a Cisco 1760 that runs Cisco IOS Release 12.3(10).

CSCsa73120

Symptoms: A Cisco IPSec router may restart because of a bus error.

Conditions: This symptom is observed when you remove a crypto map entry that includes the dynamic keyword in its definition, as in the following example:

router#show running

...

crypto map map-name 5 ipsec-isakmp dynamic dyn-map

...

router(config)#no crypto map map-name 5

Workaround: Before you delete the crypto map entry that includes the dynamic keyword in its definition, manually configure all dynamic crypto maps that must be deleted to point to a nonexistent ACL, as in the following example:

router#show running

...

crypto dynamic-map dyn-map 5

...

router(config)#crypto dynamic-map dyn-map 5

router(config-crypto-map)#match address no-such-acl

CSCsa82945

Symptoms: A router crashes because of a bus error when ICMP or UDP packets that are larger than 1393 bytes are transmitted through an IPSec tunnel.

Conditions: This symptom is observed when a policy map and crypto map are applied to the tunnel interface.

Workaround: Remove the policy map.

CSCsb11124

The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml

CSCsb39237

Symptoms: When using a Cisco 3845 router with Cisco IOS Release 12.4 and entering the show ip inspect statistics command, the number for the half-open session keeps increasing, never decreasing. If it reaches the maximum, then no one can establish any new SSL sessions. It can cause a potential router crash.

Conditions: This symptom is observed on a Cisco 3845 router that is running Cisco IOS Release 12.4(1) but is not platform dependent. This has been seen when ICMP inspection is enabled with the ip inspect name name icmp.

Workaround: Increase the half-open session limit with the ip inspect max-incomplete high command.

CSCsb42374

Symptoms: There are two symptoms:

1. When a policy is attached to the incoming interface, an aggregate control- plane policing policy will not classify traffic correctly.

2. When a control-plane policing policy is attached to the aggregate path, a similar policy attached to the host, transit or cef-exception paths will not classify traffic correctly.

Conditions: This symptom has been observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4.

Workaround: Any existing interface policy would have to be removed for the aggregate control-plane policing policy to work. Any existing aggregate policing policy will have to removed for the host/cef-exception/transit path control-plane policing policy to work.

CSCsb51663

Symptoms: The SNMP process hangs while a QoS MIB object is queried.

Conditions: This symptom is observed when the execution of a QoS show command is in the "More" state while the QoS MIB object is queried. The SNMP process resumes when the show command is finished. Depending on the SNMP configuration, different symptoms may occur while the SNMP process is waiting for the QoS show command to finish.

Workaround: Do not leave the show policy-map command or the show class-map in the more state or prior to executing one of these commands issue the exec command term len 0 and after the show command is complete issue the exec command term len 24.

CSCsb54961

Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third party gateway. When the third party gateway sends T.38 open logical channel to the Cisco gateway, no open logical channel acknowledgement is sent by the Cisco gateway. After waiting for 30 seconds for T.38 open logical channel acknowledgement, the third party gateway closes its T.38 open logical channel.

Conditions: This happens when T.38 fax relay calls are originated or terminated on a Cisco gateway that is running Cisco IOS Release 12.3(4)T and later releases.

Workaround: There is no workaround.

CSCsb67539

Symptoms: A Voice Gateway crashes when running under a heavy voice call load.

Conditions: This symptom is observed on a Voice Gateway that is running Cisco IOS Release 12.3(11)T6. The gateway is under heavy voice call load with access to media/application documents residing on local gateway flash, http and tftp servers.

Workaround: The following is not quite a workaround:

call threshold global cpu-5sec low value high value

For example:

call threshold global cpu-5sec low 50 high 70

The CLI can ease the CPU load on the gateway by reducing the probability for a crash.

CSCsb72138

Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.

Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.3(11)T5. This symptom typically occurs when fax lines are configured on the FXS port.

Workaround: There is no workaround.

CSCsb77885

Symptoms: IKE negotiation will fail. Any tunnel that requires IKE to successfully negotiate a security association will not work.

Conditions: This symptom occurs when authentication for IKE is configured as RSA encryption (authentication rsa-encr).

Workaround: There is no workaround.

CSCsc09246

Symptoms: The following commands used for detecting memory leaks would crash the router which uses external memory such as the RPM-XF platforms.

show memory debug leaks
show memory debug leaks chunks
show memory debug leaks largest
show memory debug leaks summary

Conditions: This symptom has been observed on the RPM-XF cards using Cisco IOS interim release 12.4(4.6).

Workaround: There is no workaround.

CSCsc13844

Symptoms: After loading "flash:c2600-entservicesk9-mz.123-11.T7.bin", the E1 controller is missing from the snmpwalk command of IF-MIB.

Conditions: This symptom has been observed on a Cisco2621XM.

Workaround: There is no workaround.

CSCsc15366

Symptoms: If a Media Gateway Control Protocol (MGCP) Create Connection (CRCX) request is received containing a request for a clear-channel codec, the Cisco 1760 router fails to find a matching codec, and the call fails.

Conditions: This symptom has been observed on a Cisco 1760 router.

Workaround: There is no workaround.

CSCsc20062

Symptoms: A Cisco IOS router configured with Cisco IOS IPS may reload after a new signature file (SDF) is loaded on the router.

Conditions: There are two ways to load a new signature file on the router. Conditions leading to the reload are different based on which method is used:

1. When using this method, no other conditions need to be met.

Execute the copy url ips- sdf command.

2. When using this method, the conditions necessary for a reload are when any global inspect parameters are configured in the Cisco IOS configuration.

a. Remove all configured ip ips sdf location commands.

b. Configure the ip ips sdf location url command.

c. Place the new signature file at the url argument.

d. Unconfigure ips from all interfaces.

e. Reconfigure ips on the appropriate interfaces.

Workaround: Use method 2 above to load the signature file with the following modifications.

a. Remove all configured ip ips sdf location commands.

b. Configure the ip ips sdf location url command.

c. Place the new signature file at the url argument.

d. Unconfigure ips from all interfaces

e. Unconfigure all global inspect parameters

f. Reconfigure ips on the appropriate interfaces

g. Reconfigure the global inspect parameters

CSCsc21674

Symptoms: PSTN is sending in an "*" and the router is reading it in as a "D". PSTN is also sending in a "#" and router is reading it in as an "*".

Conditions: This symptom has been observed on an MGCP T1-CAS gateway connected to Cisco CallManager doing MF and using Cisco IOS Release 12.3(8)T11, Release 12.3(11.T7), or Release 12.3(14)T4.

Workaround: There is no workaround.

CSCsc28333

Symptoms: The error message "Got WATCHDOG Interrupt from NM at slot x" is displayed, and CEM stops passing traffic.

Conditions: This symptom occurs when an adaptive clock is configured on the CEM.

Workaround: Disable adaptive clock or configure a different payload-size.

Further Problem Description: The problem is caused by a floating point exception that caused the firmware to crash.

CSCsc31082

Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.

The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in show frame-relay pvc show the packets correctly.

Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.

Workaround: There is no workaround.

CSCsc41913

Symptoms: A Cisco IOS gateway using Cisco IOS Release 12.3(8)T or later versions will use an ephemeral port to send a response to any SIP request. This may not work with port restricted NAT, which is expecting a response on the same connection as the one on which the request was sent and may drop the response.

Conditions: This symptom is observed on a Cisco IOS gateway with Cisco IOS Release 12.3(8)T or later releases and a port restricted NAT.

Workaround: There is no workaround.

CSCsc44237

This caveat consists of two symptoms, two conditions, and two workarounds:

Symptom 1: A switch or router that is either configured with a PA-A3 ATM port adapter may eventually run out of memory. The leak occurs when the FlexWAN or VIP that contains the PA-A3 port adapter is removed from the switch or router and not re-inserted.

The output of the show processes memory command shows that the "ATM PA Helper" process does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.

Symptom 2: A switch or router that has certain PIM configurations may eventually run out of memory.

The output of the show processes memory command shows that the "PIM process" does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.

Condition 1: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.

Condition 2: This symptom observed on a Cisco 2811 and Cisco 3845 and occurs only in Cisco IOS Release 12.2(30)S, interim Release 12.4(2.10), and interim Release 12.4(2.10)T, or in any later releases.

Workaround 1: Either do not remove the PA-A3 ATM port adapter from the FlexWAN or VIP or re-insert the PA-A3 ATM port adapter promptly. The memory leak stops immediately when you re-insert the PA-A3 ATM port adapter.

Workaround 2: When the ip multicast-routing command is configured, enable at least one interface for PIM. When the ip multicast-routing vrf vrf-name command is configured, enter the ip vrf forwarding vrf-name command on at least one interface that has PIM enabled.

CSCsc51183

Symptoms: A Cisco AS5850 may restart because of a software forced crash preceded by the following error:

%SYS-6-STACKLOW: Stack for process VTSP running low, 0/12000

Conditions: This symptom has been observed on Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCsc54584

Symptoms: A standard ingress ACL for transit traffic does not function on an interface that is configured for MFR.

Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(11)T8 and that has an MFR bundle that is configured on a PA-MC-8TE1 port adapter. The symptom may also occur in other releases.

Workaround: There is no workaround.

Protocol Translation

CSCei15942

Symptoms: You may not be able to download a complete file from an FTP during a V.120 session.

Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that runs Cisco IOS Release 12.2(15)ZK6 or Release 12.3(11)T5. The symptom could also occur in other releases such as Release 12.3 or Release 12.4.

Workaround: This problem can be circumvented by disabling the negotiation of multilink on the client adapter or the router. Alternatively, configuring ppp multilink queue depth fifo 10 on the Virtual-Template interface should allow for a successful FTP download.

Wide-Area Networking

CSCeg88174

Symptoms: Drops occur in a class in which the throughput does not oversubscribe the allocated bandwidth for the class.

Conditions: This symptom is observed when multilink Frame Relay is configured along with generic traffic shaping or Frame Relay traffic shaping and when several class maps are configured.

When one class map starts dropping packets because the throughput is greater than the allocated bandwidth (which is normal behavior), drops may also occur in another class map even though this class map is not oversubscribed. The root cause of this symptom is that the bundle is oversubscribed and tx rings are building up, causing excessive misordering that the receiver cannot handle.

Workaround: Configure a fancy queue on the bundle interface through which the traffic is sent.

CSCei11919

Symptoms: A dialed circuit that carries a PPP connection over a tunnel between an LNS and a LAC is not dropped when the tunnel is reset.

Conditions: This symptom is observed when you enter the clear vpdn all command, when the LNS reloads, when the IP link between the LSN and LAC is disrupted, or when any other event occurs that causes the tunnel to be reset.

Workaround: There is no workaround.

CSCej45061

Symptoms: Attempts to remove a PRI group fail.

Conditions: This symptom is observed when an NFAS group has group number 0 and when you attempt to remove a FAS PRI group.

Workaround: Shut down the NFAS group before you remove the FAS PRI group.

CSCej73049

Symptoms: AAA method may fail on calls in the Cisco IOS 12.3(11)T releases.

Conditions: This symptom was observed on a Cisco AS5850 that was running Cisco IOS Release 12.3(11)T8 but is not platform dependent.

Workaround: There is no workaround.

CSCsb89292

Symptoms: ISDN NFAS failover issues are observed in Cisco IOS Release 12.3(11) T7. If the primary NFAS d-channel is bounced, the switch sees some of the b- channels in "remote busy" (RMB).

Conditions: This symptom only happens when the primary NFAS d-channel is bounced.

Workaround: There is no workaround.

CSCsc49637

Symptoms: If a PPPoE client session is timed out (e.g. due to a network outage), and a restart of the session is subsequently unsuccessful (e.g. because network outage persists or the PPPoE server has not timed out the prior session) and if the user then manually clears the session, then the router will no longer be able to bring up this session until a reload is performed.

Conditions: This symptom has been observed when the PPPoE session is unexpectedly interrupted with Cisco IOS Release 12.3(8)T8 or Release 12.3(11) T5. The next feature also needs to be configured.

pppoe-client dial-pool-number 1 dial-on-demand

Workaround: Use the following procedure:

1. Reload.

2. Do not configure the DDR feature for the PPPoE session. This problem is limited to PPPoE client sessions using the DDR feature.

Resolved Caveats—Cisco IOS Release 12.3(14)T5

Cisco IOS Release 12.3(14)T5 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T5 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCed09685

Symptoms: When command accounting is enabled, Cisco IOS routers will send the full text of each command to the ACS server. Though this information is sent to the server encrypted, the server will decrypt the packet and log these commands to the logfile in plain text. Thus sensitive information like passwords will be visible in the server's log files.

Conditions: This problem happens only with command accounting enabled.

Workaround: Disable command accounting.

CSCeh64791

Symptoms: A memory leak may occur when you delete a RADIUS server group.

Conditions: This symptom is observed when the server is configured with a key.

Workaround: There is no workaround.

CSCeh65692

Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.

Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.

Workaround: There is no workaround.

CSCin90842

Symptoms: Memory allocations fail on the gateway though there is enough free memory. If this failure happens in ISDN, the gateway crashes subsequently.

Conditions: This symptom has been observed when the H323 aaa accounting command is enabled.

Workaround: There is no workaround.

Further Problem Description: Memory allocations for a block of 3k bytes fail with memory fragmentation as the cause. When this failure occurs, there is approximately 20MB of free memory on a gateway with 220MB of processor memory.

IP Routing Protocols

CSCin95836

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.

CSCsb32141

Symptoms: A router that is configured for Resource Reservation Protocol (RSVP) generates the following error messages on the console and then crashes:

%LINK-0-REENTER: Fatal reentrancy, level=3, intfc=FastEthernet0/1

-Process= "RSVP", ipl= 3, pid= 251

%SYS-6-STACKLOW: Stack for process RSVP running low, 0/24000

Conditions: This symptom is observed when the ip rsvp bandwidth and service-policy output commands are configured on the same interface and when the policy map for the service policy is configured with the fair-queue command.

Workaround:

Option 1: Enter the ip rsvp resource-provider none command on the interface.

Option 2: Configure the ip rsvp bandwidth value command such that value is equal to the value displayed in the "Available Bandwidth" line of output in the show interfaceinterface display plus the value shown in the "allocated" column of the show ip rsvp int display.

Miscellaneous

CSCed94829

Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.

Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml.

CSCee32365

Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.

Workaround: There is no workaround.

CSCeg27836

Symptoms: Under some circumstances when eBGP flaps on the PE, packets from another VRF are forwarded to an incorrect interface.

Conditions: This symptom occurs when eBGP flaps on the PE.

Workaround: There is no workaround.

CSCeh01182

Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.

Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.

Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.

Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.

CSCeh08689

Symptoms: When CRTP is enabled on a PPP over Frame Relay PVC via a policy-map configuration, the service policy on the PVC does not function properly because packets are not placed in the priority queue. The output of the show policy-map interface command does not show a class counter.

Conditions: This symptom is observed when you attach a policy map with CRTP on a virtual-template interface and then attach a policy map with a priority feature on the Frame relay PVC. Note that the symptom does not occur for a PPP over ATM PVC or PPP over Ethernet configuration.

Workaround: There is no workaround.

CSCeh09198

Symptoms: A Cisco gateway that has the garbage detector (a tool that is used for debugging memory leaks) enabled may hang indefinitely.

Conditions: This symptom is observed when you enter the garbage detector-related show memory debug leaks command or show memory debug incremental leaks command.

Workaround: There is no workaround.

CSCeh14446

Symptoms: The maintenance mode on a Cisco AS5850 that is configured for RPR+ may not function.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T but is release- and platform-independent.

Workaround: There is no workaround.

CSCeh20048

Symptoms: When you enter the show crypto session command, tracebacks and %SYS-3-BADLIST_DESTROY error messages may be generated.

Conditions: This symptom is observed on a Cisco router that is configured for IPSec and multiple crypto tunnels.

Workaround: There is no workaround.

CSCeh40161

Symptoms: When a branch router attempts to access the Internet via HTTP or TCP, the HTP or TCP session times out unexpectedly.

Conditions: This symptom is observed when the router at the headquarter has a Cisco IOS Firewall and resets the HTTP or TCP connection.

Workaround: Configure a GRE+IPSec connection between the branch router and the router at the headquarter.

Alternate Workaround: Disable the Cisco IOS Firewall on the router at the headquarter.

CSCeh47169

Symptoms: A Cisco router that contains the fix for CSCef84400 may experience a reload due to memory corruption in I/O memory when using telnet, reverse telnet, rsh or other vty based applicatoins such as accessing service-modules.

Conditions: This symptom is observed on a Cisco 2851, Cisco 3745, and Cisco 3845.

Workaround: There is no workaround.

CSCeh61467

This caveat consists of the two symptoms, two conditions, and two workarounds:

Symptom 1: After you have disabled MVPN on a VRF interface, the CPU use for the PIM process increases to 99 or 100 percent and remains at that level.

Condition 1: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases.

Workaround 1: Before you disable MVPN on the VRF interface, enable and then disable multicast routing by entering the ip multicast-routing vrf vrf-name global configuration command followed by the no ip multicast-routing vrf vrf-name global configuration command.

Symptom 2: A router that functions under stress and that is configured with a VRF interface may crash when an MDT group is removed from a remote PE router.

Condition 2: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases, and occurs only when there are frequent link flaps or other multicast topology changes that affect the VRF interface.

Workaround 2: There is no workaround.

CSCeh73049

Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.

Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.

This vulnerability is present in all versions of Cisco IOS that support the tclsh command.

Workaround: This advisory with appropriate workarounds is posted at

http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml

CSCei02275

Symptoms: A Cisco router may reload when removing a Frame Relay map from a dial interface.

Conditions: This symptom occurs when a dial (ISDN) interface is configured for Frame Relay encapsulation with a map that includes IP Header Compression.

Workaround: There is no workaround.

CSCei08458

Symptoms: The FIB may be disabled or the output interface may be stuck on an A3 ATM port adapter.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM.

Workaround: Reload the microcode or perform an OIR to recover the A3 ATM port adapter.

CSCei42842

Symptoms: A Cisco 2851 may crash at the tsp_search_voice_port function.

Conditions: This symptom is observed when the no ccm-manager mgcp command is entered very rapidly, for example, via an automated script.

Workaround: There is no workaround.

CSCei46509

Symptoms: No more than 930 H.323 terminating calls can be brought up on a Cisco 5850 because socket allocation failures occur.

Conditions: This symptom is observed on a Cisco 5850 that functions as a TGW in RPR+ mode when H.323 slow start is enabled and when H.245 tunneling is disabled. Note that the symptom does not occur when H.245 tunneling is enabled or when the Cisco 5850 functions as an OGW.

Workaround: Configure H.245 tunneling and fast start by entering the following commands:

Router(config)# voice service voip Router(conf-voi-serv)#h323 Router(conf-serv-h323)#no h245 tunnel disable

CSCei51322

Symptoms: A router that is configured for IPSec may reload because of a stack or program counter corruption.

Conditions: This symptom is observed on a Cisco router that uses a certificate with a very long subject name of several hundred bytes when the distinguished name (DN) is used as an ISAKMP identity. The symptom does not occur for shorter subject names (for example, 290 characters). In most environments, a subject name of 80 characters or less is common.

Workaround: Use certificates with a shorter subject name.

CSCei61814

Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5850 may reset unexpectedly.

Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.

Workaround: There is no workaround.

CSCei75294

Symptoms: A Cisco AS5850 that functions in RPR+ mode reloads unexpectedly because for each call an MGCP application holds an increasing amount of memory that is not freed up.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T7. The symptom could also occur in Release 12.4 or Release 12.4T.

Workaround: There is no workaround.

CSCsa53334

The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include:

Fragmented IP packets may be used to evade signature inspection.

IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service.

There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml.

CSCsa57147

Symptoms: A disconnect event is not thrown or caught on a Cisco AS5400.

Conditions: This symptom is observed when the platform functions under a heavy load with a large number of calls that are disconnected from the gateway during VXML page execution. The disconnect event may not be thrown or get caught by the catch blocks of the root document.

Workaround: There is no workaround.

CSCsa60223

Symptoms: After a call is made between H.323 and SIP on the IPIPGW, executing the show call active voice command does not reflect the call leg information.

Conditions: This symptom occurs when doing SIP-H323 calls.

Workaround: There is no workaround.

CSCsa61115

Symptoms: After upgrading from Cisco IOS Release 12.3 mainline to Cisco IOS Release 12.3T, some information is not getting passed along correctly that is causing failures, for example third party Message Waiting Indication (MWI).

Conditions: This problem is seen when routers are upgraded to Cisco IOS 12.3T when QSIG signaling is used.

Workaround: Downgrade all routers involved to a version prior to Cisco IOS 12.3 (4)T.

CSCsa70040

Symptoms: A router does not attempt to autoinstall a software configuration via a Frame Relay WAN segment when it receives a response to a DHCP request on an Ethernet LAN, even though the DHCP server does not support autoinstall via TFTP.

Conditions: This symptom is observed when a software configuration is replaced on a failed remote router or installed on a new remote router. The router is connected to an existing Ethernet LAN and a Frame Relay WAN segment. You would expected that the router autoinstalls over the Frame Relay WAN segment because it is supposed to download the configuration from a central TFTP server. However, this does not occur.

When the router has a response to its DHCP request on the Ethernet LAN, it attempts to autoinstall over DHCP. Although the DHCP server does not support autoinstall over DHCP, the router does not attempt to autoinstall over the Frame Relay WAN segment.

Workaround: Prevent the DHCP server from responding to the router request or ensure that someone is physically present to disconnect the Ethernet LAN link from the router to force the router to autoinstall over the Frame Relay WAN segment. When the router has autoinstalled over the Frame Relay WAN segment, the router should be reconnected to the Ethernet LAN.

CSCsa73842

Symptoms: An IP phone line is not released for some calls between Cisco CallManagers.

Conditions: This symptom is observed when calls between the Cisco CallManagers are made via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) that is configured for H.323.

Workaround: There is no workaround.

CSCsa74930

Symptoms: A Cisco 3825 or Cisco 3845 may display the following error message and traffic may be interrupted:

%SBETH-3-ERRINT: GigabitEthernet0/0, error interrupt, mac_status = 0x0000000000840000

Conditions: This symptom is observed when multiple users that are connected to a downstream switch attempt to log into network resources across a WAN that traverses the router. The symptom is most likely to occur when AppleTalk is configured over a Gigabit Ethernet connection.

Workaround: There is no workaround.

CSCsa86291

Symptoms: Packets that enter on an interface that has the ssg direction downlink command enabled are not translated even though the ip nat inside is enabled.

Conditions: This symptom is observed on a Cisco router that is configured for SSG with the TP, TT, or TX type of service and that runs Cisco IOS Release 12.3(11)T4 or Release 12.3(14)T. The symptom may also occur in Release 12.3 but does not occur in Release 12.3(11)T3.

Note that when you disable the ssg direction downlink command on the interface, NAT works fine.

Workaround: There is no workaround.

CSCsa86390

Symptoms: A Cisco router shows ALIGN-3-TRACE traceback and DSPDUMP in log and spurious access counter if show align is not zero.

Conditions: This symptom occurs when error message is observed during stress calls.

Workaround: There is no workaround.

CSCsa86555

Symptoms: The User Adaptation Layer for a Digital Private Network Signaling System (DPNSS) path does not come up.

Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as a gateway and that run Cisco IOS Release 12.3(14)T or Release 12.4. The DPNSS path is configured on a VWIC-2MFT-E1-DI Multiflex Voice/WAN interface card that is installed in an NM-HDV2 network module.

Workaround: There is no workaround.

CSCsa87811

Symptoms: A memory leak occurs on an originating gateway.

Conditions: This symptom is observed when Fast Start is enabled, when a call fails after the call proceeding has been received from a primary or alternate endpoint, and when the call falls back to the next alternate endpoint.

Workaround: There is no workaround.

Further Problem Description: The fast-start elements that are received in the call proceeding are freed only once for each call instead of being freed for each endpoint that is tried (assuming that the call falls back to alternate endpoints). This situation causes the memory leak.

CSCsa97663

Symptoms: An ATM interface is unexpectedly removed from an IMA group even though the ATM interface is still in the up/up state, causing T1 links to be disconnected.

Conditions: This symptom is observed on a Cisco 2600 series when you change the Cisco IOS software from Release 12.2(13)T8 to Release 12.3(12b).

Workaround: Re-add the ATM interface to the IMA group by removing and reconfiguring the IMA configuration on the ATM interface.

CSCsb09190

Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.

Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.

Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.

CSCsb10341

Symptoms: A Cisco 2651XM may not drop unicast Ethernet frames that are not destined for its MAC address.

Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP.

Workaround: Enter the standby use-bia command on the main interface.

CSCsb33129

Symptoms: A router may reload unexpectedly when the SSG queue for RADIUS requests that are in the waiting state becomes too large.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(14)T1 or Release 12.4(1a) and that is configured for SSG. When there is a large number of RADIUS requests or a connectivity problem between SSG and the RADIUS server, the SSG queue for RADIUS requests that are in the waiting state may become too large.

Workaround: There is no workaround.

CSCsb34344

Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5400 may reset unexpectedly.

Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.

Workaround: There is no workaround.

CSCsb37645

Symptoms: A router may crash during a basic H.323 call with carrier ID routing.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).

Workaround: There is no workaround.

CSCsb42859

Symptoms: A router may reload unexpectedly when the stack for VTSP runs low in memory.

Conditions: This symptom is observed on a Cisco router that functions as a voice gateway.

Workaround: There is no workaround.

CSCsb50143

Symptoms: You cannot create a maximum session number for a DSPfarm profile conference.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T or Release 12.4(1a) when time slot 1 through 24 of the PRI group are configured before you attempt to create a maximum session number. The symptom occurs on an NM-HDV2 that has a PVDM2-64 installed.

Workaround: First configure a maximum session number for the DSPfarm profile conference, then configure time slot 1 through 24 of the PRI group.

Do not reload the gateway or enter the shutdown command for the DSPfarm profile after everything is properly configured because otherwise the PRI group would grasp all the DSP resources again.

CSCsb65056

Symptoms: A PPP may stay active after the idle-timer zeroes out. These might affect other services, which rely on the disconnect.

Conditions: This symptom was observed in a SSG setup, where the host object was disconnected whereas the PPP connection stayed up, leading to an incorrect re-direct.

Workaround: There is no workaround.

Further Problem Description: Was troubleshooted through the debug ssg events command, following the host idle-timeout/user idle-timeout in the output of the related virtual access interface.

CSCsb90264

Symptoms: Cisco AS5400 and AS5350 T1 CAS calls fail with "no users answer," and a traceback is seen at vtsp_tsp_call_setup_ind, along with the following error:

%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

Conditions: This problem is seen when making CAS calls in Cisco AS5400 and AS5350 platforms.

Workaround: There is no workaround.

Wide-Area Networking

CSCee85138

Symptoms: A SegV exception crash may occur on a Cisco router that is configured for voice calls.

Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6a) or Release 12.3(9) but may not be platform-dependent.

Workaround: There is no workaround.

CSCeg03958

Symptoms: A router may crash while performing an SNMP walk on VPDN-related MIB Objects. SNMP get and set operations function fine.

Conditions: This symptom is observed on a Cisco router that is configured with MLP interfaces.

Workaround: Reload the router and do not perform an SNMP walk. Instead use get operations.

CSCei21549

Symptoms: A Cisco 5850 reloads when an RLM group is unconfigured.

Conditions: This symptom is observed when you enter the no isdn rlm-group number command and when there are more than 31 NFAS members in the same NFAS group.

Workaround: Shut the primary interface, remove the NFAS members of the same NFAS group, and unconfigure the RLM group.

CSCsa55747

Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.

Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.

Workaround: There is no workaround.

CSCsa66756

Symptoms: The B channel on an NFAS "none" group member may hang with its channel state set to PROPOSED, which you can see in the output of the show isdn service command.

Conditions: This symptom is observed when the first activity on an NFAS "none" member is an outgoing call. After the first incoming or outgoing call, the symptom does no longer occur.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.3(14)T4

Cisco IOS Release 12.3(14)T4 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T4 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.

CSCsb27960

Symptoms: When the local method is used at the beginning of a PPP authentication method list and when a user does not exist in the local database, failover to the next method in the method list does not occur. This situation prevents users that are listed in the database of a RADIUS or TACACS+ server from being authenticated.

Conditions: This symptom is observed on a Cisco router that is configured for AAA.

Workaround: Temporarily remove the local method from the beginning of the method list.

Interfaces and Bridging

CSCef44950

Symptoms: ISDN is not properly established.

Conditions: This symptom is observed on a Cisco 7500 series that has distributed switching enabled via the ip cef distributed command.

Workaround: Disable distributed switching.

IP Routing Protocols

CSCef60452

Symptoms: A router may stop receiving multicast traffic.

Conditions: This symptom is observed rarely during convergence when a router receives a Join message on an RPF interface and when a downstream router converges faster than the first router that receives the Join message.

In this situation, the router does not populate the RPF interface into the OIL (that is, the OIL remains null) because the old SP-tree has already been pruned by the downstream router. When the RPF interface of the router changes to the new path later, it does not trigger a Join message toward the multicast source until the router receives a next periodic Join message from the downstream router and populates the OIL. As a result, multicast traffic stops temporarily but no longer than the periodic Join message interval.

Workaround: There is no workaround.

CSCef80861

Symptoms: When a switchport is detected at boot time, the IP subsystem initializes all ports that do not have an explicit IP configuration to the shutdown state. This can be seen when a router with an L2 switchport is started with no (IP) configuration on those ports.

Conditions: On a Layer (L2), or switched, port, an IP address is not meaningful, and therefore shutting it down is inappropriate.

Workaround: If an explicit no ip address configuration is put onto each switchport, IP will not place the ports into shutdown state.

Further Problem Description: IP should ignore L2 ports, as they don't exist at the same layer as IP.

The proper behavior, when not disabled by IP, is for switchports with no configuration to come up (i.e. no shutdown) and handle L2 traffic. In the presence of VLAN switching, they will default to being members of the native VLAN, i.e. VLAN 1.

A potential security implication is that if ports are connected with attached remote devices, these remote devices will now see traffic that was previously (implicited) blocked from reaching them.

CSCeh15639

Symptoms: A Cisco router may crash when it is reloaded with PIM traffic on the network.

Conditions: This symptom is observed on a Cisco 7200 series router with multicast enabled but is not platform dependent. Bootup is the most likely place where this will happen, but the router may crash anytime if an interface flap happens at the right time while receiving PIM traffic.

Workaround: There is no workaround.

CSCeh33504

Symptoms: A router terminates 102,000 VPNv4 routes but route reflectors (RRs) report only a a subset of the total.

Conditions: This symptom is observed on a Cisco MGX RPM-XF that runs Cisco IOS Release 12.3(11)T4 when 204 routes are configured per VRF over 496 VPNs (one VPN has about 1000 routes). However, Cisco MGX RPM-PRs that function as RRs show that only 76245 routes are terminated on the Cisco MGX RPM-XF. The symptom is platform-independent and may also occur in other releases.

Workaround: There is no workaround.

CSCeh47763

Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.

Conditions: This symptom occurs when using Port Address Translation (PAT).

Workaround: Use the clear ip nat translation * command.

CSCei06089

Symptoms: Conditional advertisement of the default route via a route map does not work when you enter the neighbor default-originate command.

Conditions: This symptom is observed on a Cisco router that is configured for BGP.

Workaround: Disable the route map entirely. If this is not an option, there is no workaround.

CSCei21133

Symptoms: A router reloads because of a watchdog timeout when you perform an snmpwalk.

Conditions: This symptom is observed on a Cisco 7200 series but may be platform-independent. The traceback stack decode points to an EIGRP function although EIGRP is not configured on the router.

Possible Workaround: Configure a dummy EIGRP router process, for example one for which the network covers only a loopback interface, so that the snmpwalk does not cause the router to crash.

CSCei26899

Symptoms: When you reset a BGP peer, some prefixes are missing.

Conditions: This symptom is observed on a Cisco MGX8850 RPM-XF that runs Cisco IOS Release 12.3(11)T. However, the symptom is platform-independent and may also occur in other releases.

Workaround: There is no workaround.

CSCsa61842

Symptoms: A Cisco router may reload unexpectedly with a bus error exception.

Conditions: This symptom has been observed on a router with Network Address Translation (NAT) enabled.

Workaround: There is no workaround.

CSCsa65155

Symptoms: IS-IS may not update redistributed BGP network changes.

Conditions: This symptom is observed when the network network-number command is enabled to introduce connected networks into a BGP topology and when, afterwards, BGP is redistributed into IS-IS. The symptom occurs after one of the interfaces that forms a network connection goes down and comes up again; the network re-enters the BGP topology but is no longer redistributed into IS-IS.

Workaround: There is no workaround.

CSCsa86914

Symptoms: RFC3550 states the following:

"For applications in which the RTP and RTCP destination port numbers are specified via explicit, separate parameters (using a signaling protocol or other means), the application MAY disregard the restrictions that the port numbers be even/odd and consecutive although the use of an even/odd port pair is still encouraged. The RTP and RTCP port numbers MUST NOT be the same since RTP relies on the port numbers to demultiplex the RTP data and RTCP control streams."

The Cisco IOS NAT SIP ALG gateways comply with the snippet from the RFC above. The Cisco IOS NAT SIP ALG gateways currently select the next available port+1 for SIP fixup in the NAT translations. The NAT gateway does not check for even and odd pair for RTP and RTCP port numbers. As a result, some issues can arise with SIP User Agents that are strictly following the encouraged even and odd pair for RTP and RTCP port numbers.

The Cisco IOS NAT SIP ALG gateways need a configurable parameter to enable even and odd pair port numbering for RTP and RTCP port numbers with SIP fixup or the gateways need to change to always follow the encouraged behavior of even and odd pair port numbering for RTP and RTCP port numbers with SIP fixup.

Conditions: This symptom has been observed when an application is supplied with an odd number for use as the RTP port.

Workaround: There is no workaround.

CSCsa87473

Symptoms: A BGP speaker may fail to send all of its prefixes to a neighbor if the neighbor sends a refresh request to the BGP speaker at the same time that the BGP speaker is generating updates to the neighbor. This situation causes the neighbor to miss some prefixes from its BGP table.

Conditions: This symptom may occur between any pair of BGP speakers.

A common scenario is that a VPNv4 PE router is reloaded and then fails to learn all prefixes from its route reflector (RR). In this configuration, the symptom occurs when the processing of a VRF configuration causes the PE router to automatically generate a route-refresh request to the RR, while the RR is still generating updates to the PE.

Workaround: There is no workaround.

CSCsa94774

Symptoms: When you enter the traceroute command from an IP address that is different from the address in the NAT default configuration, the incoming PAT sends the reply packets to the NAT default address that is defined in the NAT default configuration and not to the original source address from which the traceroute command was entered. Note that the outside PAT works fine.

Conditions: This symptom is platform-independent. NAT overload traffic and other TCP traffic is not affected.

Workaround: There is no workaround.

CSCsb07372

Symptoms: NAT H.323 does not create an entry in the NAT translation table even though debugging shows that NAT processes the packet correctly. This situation causes one-way voice for the called party, preventing them from hearing the calling party.

Conditions: This symptom is observed only when ICMP error messages are processed by NAT.

Workaround: There is no workaround.

CSCsb13988

Symptoms: A router that is configured for NAT may crash because of a bus error.

Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(9a) but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an H.323 RAS messages that does not contain an IP address.

Workaround: Disable H.323 RAS in NAT by entering the no ip nat service ras command. If you must use H.323 RAS in NAT, there is no workaround.

CSCsb25662

Symptoms: When an IP phone that is located at a central site leaves a conference, a one-way voice condition occurs for the remaining two phones in the conference.

Conditions: This symptom is observed in a Hub-and-Spoke configuration in which both sites perform NAT when a voice conference is created by an IP phone that is located at a central site with two IP phones that are located at a remote site. NAT is configured on the hub and at the remote site, SCCP is the voice signaling protocol, and the conference occurs between the hub and the remote site.

Workaround: Enter the clear ip nat translation * command.

Miscellaneous

CSCee17241

Symptoms: When the redundancy mode is changed from classic-split to RPR-plus through the command line interface (CLI), the peer Route Switch Controller (RSC) goes to the initial configuration setup dialogue.

Conditions: This symptom has been observed on a Cisco AS5850 universal gateway.

Workaround: Load the configurations with RPR-plus configured onto the startup configurations of both RSCs. The symptom will not be seen.

CSCee41831

Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.

Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.

Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.

CSCee42932

Symptoms: Resuming a call that was placed on hold fails on a Cisco CallManager.

Conditions: This symptom is observed when a Cisco CallManager that runs version 4.0 and that is not configured for Message Transport Protocol (MTP) is connected via an IPIPGW to another Cisco CallManager that runs version 4.0 and that is not configured for MTP.

The symptom occurs on the second Cisco CallManager because the IPIPGW sends an incorrect ICT version for the first Cisco CallManager to the second Cisco CallManager and because the IPIPGW drops the non-standard fields in the callproc, alert, and connect messages from the second Cisco CallManager to the first Cisco CallManager.

Workaround: Configure MTP.

CSCef28975

Symptoms: A router that functions as an H.323 gateway crashes.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when authentication is enabled.

Workaround: Enter the no memory lite command.

CSCef29090

Symptoms: TCPClear sessions on a Cisco AS5850 may have throughput issues and slow response time. Conditions: This symptom was observed on a Cisco AS5850 with TCPclear sessions. Workaround: There is no workaround.

CSCef81634

Symptoms: When you bring up and tear down SSG sessions quickly, a router may crash because of a bus error exception.

Conditions: This symptom is observed on a Cisco router that is configured for SSG when you use a tool that initializes the interface and quickly brings sessions back up while the old sessions are still being cleared.

Workaround: There is no workaround.

CSCef84174

Symptoms: PPP forwarding may fail between two virtual access interfaces.

Conditions: This symptom is observed on a Cisco AS5850 but is not platform dependent.

Workaround: Disable PPP multilink on the asynchronous interfaces.

CSCeg53478

Symptoms: A Cisco 831 may display the following message on the console:

pktFlowLink() logic error, pMatch and pEmptySlot

Conditions: This symptom is observed very rarely after the router has been up for a long time. The functionalities of the router are not affected.

Workaround: There is no workaround.

CSCeg82392

Symptoms: A Cisco CallManager uses different versions of the G.729 codec when setting up Message Transfer Protocol (MTP) calls across intercluster trunks. The Cisco CallManager should set up the call legs with the same versions of the G.729 codec.

Conditions: This symptom is observed when a Cisco 3700 series that runs Cisco IOS Release 12.3(11)T2 connects to a Cisco CallManager that runs version 4.1.

Workaround: There is no workaround.

CSCeg82614

Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.

Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.

Workaround: There is no workaround.

CSCeh35457

Symptoms: A policy map may be removed from an ATM PVC range configuration without a check for an exact match of the policy map name. This situation may cause the wrong policy map to be removed from the ATM PVC range configuration.

Conditions: This symptom is observed when you enter the no service-policy output policy-map-name command on a subinterface that is administratively shut down. Any policy map that is attached to this subinterface may be deleted, regardless of whether or not the name of the policy map that is removed matches with the name of the policy map that should be removed. The symptom occurs only in a PVC range configuration on ATM subinterfaces.

Workaround: There is no workaround.

CSCeh43717

Symptoms: A Cisco 3745 reloads when you enable the H.323 proxy.

Conditions: A reload may be seen if the OGW is trying to tunnel QSIG APDUs or other UUIEs.

Workaround: Disable proxy mode.

CSCeh76239

Symptoms: Web Cache Communication Protocol (WCCP) may fail.

Conditions: This symptom is observed on a router that is configured with IPSec, CBAC (that is, the ip inspect command is enabled), and NAT. One specific scenario in which WCCP fails is when a single interface is configured to terminate one or more IPSec tunnels and has the ip nat outside source command, ip inspect out command, and ip wccp web-cache redirect out command enabled.

Workaround: When the ip inspect out command is enabled on the WCCP-redirected interface but the ip inspect in command is not configured on the client interface, configure a WCCP redirect list that excludes the address of the WCCP-redirected interface.

CSCeh78411

Symptoms: If a spoke cannot complete IKE phase I because of a bad certificate, the failed IKE sessions may not be deleted on an IPSec/IKE responder. Such failed sessions may accumulate, eventually causing router instability. These failed sessions can be seen in the output of the show crypto isakmp sa | i MM command:

172.18.95.21 10.253.34.80 MM_KEY_EXCH 898 0 ACTIVE

172.18.95.21 10.253.34.80 MM_KEY_EXCH 896 0 ACTIVE

172.18.95.21 10.253.34.80 MM_KEY_EXCH 895 0 ACTIVE

172.18.95.21 10.253.34.80 MM_KEY_EXCH 894 0 ACTIVE

172.18.95.21 10.253.34.80 MM_KEY_EXCH 893 0 ACTIVE

...

Conditions: These symptoms are observed when RSA signatures are used as the authentication method.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that is used for the IKE sessions or re-apply the crypto map to this interface.

CSCeh95801

Symptoms: The domain name does not appear in the accounting records.

Conditions: This symptom is observed when EzVPN clients use digital certifications that are terminated on a Cisco router and when RADIUS accounting is enabled.

Workaround: Use the accounting information that is available such as the Group-ID.

CSCeh96861

Symptoms: One-way audio or no audio may occur during a call that is made through a Cisco AS5400.

Conditions: This symptom is observed when the Cisco AS5400 functions as a terminating gateway and is connected to a Cisco 3600 series or Cisco 3800 series that functions as an originating gateway. All platforms run Cisco IOS Release 12.3(14)T. The symptom may also occur in later releases.

Workaround: Enter the playout-delay nominal 200 command on the voice port that is used for the call.

CSCei23159

Symptoms: The HSRP feature does not work on the L3 switchport on NM-16/36ESW for the Cisco 2800 series and Cisco 3700 series routers. HSRP works correctly on the VLAN interface and onboard L3 interfaces.

Conditions: This symptom has been observed on the Cisco 2800 series and Cisco 3700 series routers.

Workaround: Use either of the following workarounds as necessary:

1. Use the MAC address of the physical interface for the HSRP virtual MAC address, but this could not be applied in customer's design.

or

2. Enable the standby use-bia command under the Routed Interface as in the following example:

interface FastEthernet1/0

no switchport

ip address 10.116.216.2 255.255.255.0

standby use-bia

standby 2 ip 10.116.216.1

standby 2 preempt

end

CSCei36482

Symptoms: The output of the show resource user iosprocess brief command does show the resource owner (RO) and its usage by resource user (RU) but only for the first RU. Starting from the second RU, the ROs are displayed incorrectly, that is, only the buffer RO is shown. Other RO information such as CPU use are not displayed.

Conditions: This symptom is observed on a Cisco router that has the Embedded Resource Manager (ERM) enabled.

Workaround: Do not enter the show resource user iosprocess brief command. Rather, enter the show resource owner command as in the following example: show resource owner cpu user iosprocess. The output of this command shows the CPU use for the RO for all RUs in the "iosprocess" Resource User Type (RUT). Note that the symptom does not impact the functionality of the ERM or the router.

CSCei37299

Symptoms: A VPN hub router may reload when you enter the clear crypto session remote ip-address command.

Conditions: This symptom is observed after a remote peer disconnects ungracefully (that is, the peer is suddenly powered-off or the LAN cable is disconnected) and immediately reconnects to the VPN hub router with a different public address.

Workaround: Do not enter the clear crypto session remote ip-address command. Rather, enter the clear crypto sa command.

CSCei41674

Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.

Conditions: This symptom is observed when both the following conditions are present:

The router generates traffic such as routing updates that are encrypted via IPSec and the traffic (packets) is process-switched after encryption.

The router is configured with a hardware crypto accelerator.

A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CCSCeg43855. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround.

Further Problem Description: When the error message is generated, a crash may also occur in the following configuration in which hub-n-spoke GRE tunnels are configured for IPSec and EIGRP: When the spokes have a primary hub and a backup hub (that is, a GRE tunnel to each) and when a switchover from the primary hub to the backup hub occurs multiple times, the spoke man crash. This particular situation is observed on a Cisco 1841 and Cisco 3825.

A workaround for this particular situation is to prevent multiple hub switchovers from occurring or to refrain from configuring GRE tunnels with IPSec and EIGRP.

CSCei44586

Symptoms: The wrong IKE SA is deleted when the SA deletion is triggered by the idle timer.

Conditions: This symptom has been observed when the clients are behind a firewall or NAT device and their public address is set by Port Address Translation (PAT) to the same IP address as their LAN IP address.

Workaround: Use NAT instead of PAT.

CSCei50425

Symptoms: A Cisco 7200 series or Cisco 7301 that is equipped with a VAM, VAM2 or VAM2+ accelerator may refuse a valid RSA key and generate an error message such as the following:

% Error in generating keys: did not validate % Key pair import failed.

Conditions: This symptom is observed under rare circumstances when a valid RSA key is composed of unusually short or long prime numbers and coefficient.

When the VAM is deactivated during the importation of the RSA key, the router accepts the key but when the VAM, VAM2, or VAM2+ is inserted into the chassis, the router miscomputates the signature payload of the IKE/ISAKMP exchanges.

Workaround: Create a new RSA key.

Further Problem Description: The result of the wrong operation can be seen on the other side of the connection by activating the debug crypto engine and debug crypto isakmp commands. The following messages are related to the failure:

crypto_engine: public key verify

crypto_engine: public key verify, got error no available resources

ISAKMP:(0:2:HW:2): signature invalid!

CSCin86954

Symptoms: A spurious memory access is generated after you have entered the show running-config command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(13) when a range of PVCs is configured on an interface or subinterface.

Workaround: There is no workaround.

CSCin89043

Symptoms: A VIP may pause indefinitely or quality of service (QoS) may not work as expected on an interface that is configured for distributed MLP (dMLP).

Conditions: This symptom is observed on a Cisco 7500 series when the VIP processes dMLP and LFI traffic.

Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

CSCsa44556

Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.

Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.

Workaround: Reload the gatekeeper after you have made the configuration changes.

CSCsa44852

Symptoms: A virtual-access interface flaps continuously.

Conditions: This symptom is observed Cisco 3745 router that functions in a PPPoA environment during normal working conditions.

Workaround: Disable keepalives on the dialer interface on the remote router.

CSCsa56901

Symptoms: Cisco Fax Relay calls both to and from computer-based fax devices fail. Calls to and from traditional fax machines work fine. Calls to and from computer-based fax devices via the PSTN instead of via a Cisco Fax Relay network work fine too.

Conditions: This symptom is observed on a Cisco 3700 series that is configured for Cisco Fax Relay and VoIP.

Workaround: There is no workaround.

CSCsa61523

Symptoms: The following error message is generated on a Cisco 7200 series that has Multilink PPP (MLP) configured on serial interfaces of a PA-MC-STM-1 port adapter:

%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T3 only when MLP is configured on the serial interfaces. The symptom may also occur in Release 12.3 or 12.4.

Workaround: Unconfigure MLP on the serial interfaces.

CSCsa66255

Symptoms: IP data traffic does not pass via MLP.

Conditions: This symptom is observed on a Cisco 3825 that runs the c3825-advsecurityk9-mz image of Cisco IOS Release 12.3(11)T3 when STAC compression on an AIM-COMPR4 fails.

Workaround: There is no workaround.

CSCsa68228

Symptoms: A Cisco router may crash when you enter the dialplan-pattern command.

Conditions: This symptom is observed on a Cisco router that is configured with a high number of ephone-dns when you enter the dialplan-pattern command.

Workaround: There is no workaround.

CSCsa68978

Symptoms: Memory allocation (malloc) failures may occur on a Cisco router that functions as a gatekeeper and that runs an H.323 stack.

Conditions: This symptom is observed on the gatekeeper when gateways attempt to register a list of terminal aliases that consists of user names and H.323 IDs with the gatekeeper. The gatekeeper attempts to authenticate each terminal alias by allocating memory and sending an authentication request to the AAA server for each entry. Because the gatekeeper does not free the allocated memory when it receives a response from the AAA server, a memory allocation failure occurs eventually.

Workaround: There is no workaround.

CSCsa69020

Symptoms: The default port 1720 on an H.323 gatekeeper is used for H.225 Messaging. This fix allows users to configure H.225 listen port from 1 - 65535.

Conditions: This symptom is observed on an H.323 gatekeeper.

Workaround: There is no workaround.

CSCsa71310

Symptoms: An E1 controller on an MGCP trunking gateway reports Loss of Frames (LOF).

Conditions: This symptom is observed when you configure a Cisco 3660 as an MGCP trunking gateway.

Workaround: There is no workaround.

CSCsa71612

Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.

Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.

Workaround: Add another NM-HD-2VE and configure codec complexity medium.

CSCsa89621

Symptoms: The firewall performance of an NPE-G1 is below expectations, causing high CPU use.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(14)T1 and that is configured with an NPE-G1.

Workaround: There is no workaround.

CSCsa98462

Symptoms: A Cisco router may display the following error messages and then reload because of a bus error:

HDLC32_RX_ISR_ERR: no particles available!

HDLC32_RX_ISR_ERR: no particles available!

HDLC32_RX_ISR_ERR: no particles available!

HDLC32_RX_ISR_ERR: no particles available!

%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=64689BC0, count=0

-Traceback= 0x6100C244 0x604B9F4C 0x60955894 0x60959690 0x60AFCE14 0x60AFF7E4

%ALIGN-1-FATAL: Illegal access to a low address

addr=0x0, pc=0x609560C0 , ra=0x609596BC , sp=0x6476BBF8

%ALIGN-1-FATAL: Illegal access to a low address

addr=0x0, pc=0x609560C0 , ra=0x609596BC , sp=0x6476BBF8

TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x609560C0

-Traceback= 0x609560C0 0x609596BC 0x60AFCE14 0x60AFF7E4

Conditions: This symptom is observed on a Cisco router when you enter the channel group command to create a serial interface on an NM-HD or NM-HDV2 network module or on an onboard controller of an Integrated Services Router (ISR) such as a Cisco 2800 series or Cisco 3800 series.

Workaround: There is no workaround.

CSCsb01043

Symptoms: When a Turbo ACL classification table grows beyond a certain size, a memory allocation failure may occur or the router may crash.

If the router runs Cisco IOS Release 12.3, memory corruption may occur, causing the router to crash. If the router runs Cisco IOS Release 12.2S, an error message similar to the following may appear during a Turbo ACL compilation, the compilation will fail, and a recompilation is forced:

%SYS-2-CHUNKBADELESIZE: Chunk element size is more than 64k for TACL Block -Process= "TurboACL", ipl= 0, pid= 82

These symptoms do not occur because of an out-of-memory condition.

Conditions: This symptom is observed on a Cisco router that is configured for Turbo ACL. The Cisco 10000 series is not affected.

Workaround: Monitor the output of the show access-lists compiled command and force the Turbo ACL tables to be cleared if a table is at risk of growing large enough to trigger the symptoms.

The tables that have significant sizes are the first and third tables shown next to "L1:" and the first table shown next to "L2:". When the number after the slash for one of these tables is greater than 16384 for the "L1" tables or greater than 32768 for the "L2" table, the table is already too large and the symptom may occur any moment.

When the number is in the range from 10924 to 16384 inclusive for the "L1" tables or the range from 21846 to 32768 inclusive for the "L2" tables, the table size will be too large on the next expansion. An expansion occurs when the number to the left of the slash reaches 90 percent of the value to the right of the slash. When the value to the left of the slash approaches 90 percent of the value to the right, enter the no access-list compiled command followed by the access-list compiled command to disable and re-enable Turbo ACL. Doing so causes the tables to be cleared and, therefore, delay the expansion. This workaround may be impractical when there is a high rate of incoming packets and when entries are added frequently to the tables.

Alternative Workaround: Disable Turbo ACL by entering the no access-list compiled command.

Note that neither of these workarounds are supported on a Cisco 7304 that is configured with an NSE-100: there is no workaround for this platform.

CSCsb06330

Symptoms: A router may crash when you make basic IPIPGW fax calls.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T6.

Workaround: There is no workaround.

CSCsb12405

Symptoms: A fax call that is made over a VoIP MGCP link may fail when both the originating and terminating gateways have the mgcp fax t38 gateway force command enabled.

Conditions: This symptom is observed on Cisco routers that run Cisco IOS Release 12.4 or interim Release 12.4(2.2)T.

Workaround: There is no workaround.

CSCsb16321

Symptoms: The logging buffer is full with strange messages such as "readreadread."

Conditions: This symptom is observed on a Cisco router with a 4-wire DSL WIC module that has the logging buffered debugging command enabled when an invalid message is accepted via the debug port TCP 1666.

Workaround: Configure buffer logging to the informational level or lower by entering the logging buffered informational command.

Access to the debug port can be blocked by deploying an interface access list that blocks access to the debug port TCP 1666 for traffic that is destined for any of the IP addresses of the router.

For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document: http://www.cisco.com/warp/public/707/tacl.html

For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document: http://www.cisco.com/warp/public/707/iacl.html

For information about using control plane policing to block access to the debug port, see the "Deploying Control Plane Policing White Paper:" http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html

Note that the symptom does not impact other applications and services.

CSCsb24007

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsb27436

Symptoms: A Cisco platform that is configured for SSG may reload unexpectedly because of a bus error, and generate a crashinfo file that shows the following error message:

%ALIGN-1-FATAL: Corrupted program counter

Conditions: This symptom is observed when the no host overlap command is enabled and when users connect and disconnect.

Workaround: Remove the no host overlap command. If this is not an option, there is no workaround.

CSCsb40194

Symptoms: A Cisco 7301 that is configured for SSG may reload unexpectedly because of a bus error.

Conditions: This symptom is observed when a user with an active session logs in again. The symptom may be platform-independent.

Workaround: There is no workaround.

CSCsb46264

Symptoms: When a dialer interface is configured as an endpoint for a IPSec+GRE tunnel, tracebacks with bad refcount may be generated.

Conditions: This symptom is observed on a Cisco 837 when router-generated packets such as routing updates are being switched.

Workaround: There is no workaround.

Wide-Area Networking

CSCea75722

Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.

Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.

Workaround: There is no workaround.

CSCeg20283

Symptoms: E1R2 SS7 calls fail to come up when more than one call is made with the following ISDN error:

ISDN Se1/6:15 SC **ERROR**: call_connect: call_id not found, rejecting call

ISDN **ERROR**: Module-CCPRI Function-CCPCC_CallConnected Error-Unknown

event received in message from L3 or Host: 4F

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCeg22171

Symptoms: Calls fail to connect when they are switched from the primary D channel to the backup D channel.

Conditions: This symptom is observed when you either unplug the cable or shut down the controller of the primary D channel.

Workaround: There is no workaround.

CSCeg22533

Symptoms: A signal-only call fails when an INVALID message is generated because a B-channel IDB is not found.

Conditions: This symptom is observed when ISDN PRI QSIG Voice Signaling is configured.

Workaround: There is no workaround.

CSCeg42148

Symptoms: Attempts to change a B-channel service state by entering the isdn service nfas-int number b_channel number {state {0 | 1 | 2} [hard | immediate | soft]} command appear to succeed but the service state does not change.

Conditions: This symptom is observed when a voice application uses a B-channel. The output of the show isdn service detail command shows a locale of ISDN_NEAR_END_APP.

Workaround: There is no workaround.

CSCeg43033

Symptoms: A Cisco 7200 series periodically shows incorrect adjacencies for the loopback address. The output of the show ip cef events ip-prefix command shows the following:

<ip-prefix>/32, version 8177, epoch 0, attached, connected

0 packets, 0 bytes

tag information set

local tag: implicit-null

via Loopback0, 0 dependencies

valid discard adjacency

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9b) and that is configured for PPP and CEF. However, the symptom maybe platform-independent.

Workaround: There is no workaround.

CSCeg82698

Symptoms: PPTP tunnels do not come up.

Conditions: This symptom is observed when VPDN is configured.

Workaround: There is no workaround.

CSCeh11771

Symptoms: On a leased line (non-dialup) serial connection that is configured for PPP encapsulation, the line protocol may not come back up when the connection is reset. The PPP LCP remains in the closed state, even though the link is up physically.

Conditions: This symptom is observed when an active PPP session is reset and when the underlying link is not simultaneously reset, that is, when PPP goes down but when the link does not go down physically. This situation would occur, for example, when a PPP session is terminated because of keepalive failures.

Workaround: There is no workaround.

CSCeh33185

Symptoms: A POS interface on a VIP4-80 that is configured for PPP goes down and remains down.

Conditions: This symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0S only when PPP receives an LCP PROTOCOL REJECT message for PAP or CHAP. The symptom may also occur in other releases.

Workaround: Enter the shutdown command followed by the no shutdown command on the affected POS interface.

CSCeh48987

Symptoms: The CEF-Dialer feature fails to add an adjacency for a Virtual-Access1 CEF interface.

Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(14.10).

Workaround: There is no workaround.

CSCeh59311

Symptoms: None of the digits in INFO messages are passed to an ISDN switch.

Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11) or Release 12.3(11)T4 when overlap is configured and when the setup acknowledgement arrives late from the terminating switch after some of the INFO messages have already been received from the OGW. The symptom may be platform-independent.

Workaround: There is no workaround.

CSCei16649

Symptoms: The output of the show pppoe session or show vpdn session command does not show PPPoEoA session details.

Conditions: This symptom is observed for a point-to-point ATM interface.

Workaround: There is no workaround.

CSCsa78067

Symptoms: A Cisco 5400HPX may crash when conditional debugging runs.

Conditions: This symptom is observed on a Cisco 5400HPX that runs Cisco IOS Release 12.3(11)T3 when ISDN globally unique identifier (GUID) is configured.

Workaround: There is no workaround.

CSCsa81268

Symptoms: A Cisco AS5850 may reload with a software forced crash.

Conditions: This symptom occurs when configuring the isdn ie oli interface configuration command.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.3(14)T3

Cisco IOS Release 12.3(14)T3 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T3 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCds33629

Symptoms: Closing an existing Telnet session may cause a router to crash.

Conditions: This symptom is platform-independent

Workaround: There is no workaround.

CSCeh04755

Symptoms: When you reload a router by entering the reload command, the router may unexpectedly enter the ROMmon mode and generate the following error message:

%SYS-5-RELOAD: Reload requested by console. Reload Reason:Reload command. monitor: command "boot" aborted due to user interrupt rommon 1 >

Conditions: This symptom is observed only on a Cisco 7200 that is configured with an NPE-G1, and on UBR7246VXR with UBR-NPE-G1

Workaround: Enter the confreg 0x2002 command.

CSCsa58890

Symptoms: No "Accounting On" message is sent at boot up when an ADSL interface is used, however, this message is sent when a FastEthernet card is used.

Conditions: This symptom has been observed when the aaa accounting system default start-stop group ssg-proxy command is configured on the router.

Workaround: There is no workaround.

CSCsb03401

Symptoms: You cannot open a specific port on a Cisco IOS IP SLA responder.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(14)T1 or Release 12.4 when you attempt to open a specific port on the responder instead of using normal control protocol.

Workaround: Use normal control protocol.

Interfaces and Bridging

CSCeh17935

Symptoms: When you perform an Online Insertion and Removal (OIR) of an ATM port adapter, tracebacks are generated.

Conditions: This symptom is observed on a Cisco 7200 series when the ATM port adapter is up and has a VC configured.

Workaround: There is no workaround.

Further Problem Description: Tracebacks were seen on a Cisco 7200 platform when the ATM PA is removed and replaced online while traffic was still passing through ATM interface and the interface is oversubscribed.

CSCei08289

Symptoms: The transmit rate is higher than the configured committed information rate (CIR), causing the network to drop frames.

Conditions: This symptom is observed only when traffic is process-switched and when software payload compression and header compression are configured.

Workaround: Enable either CEF or fast-switching. If process-switching must be used, add a compression adaptor and configure FRF9 data compression instead of packet-by-packet payload compression. You can enable FRF9 data compression in the following ways:

On a point-to-point interface, enter the following command in interface configuration mode:

frame-relay payload-compression frf9 stac

On a multipoint interface, enter the following command in interface configuration mode:

frame-relay map ip ip-address dlci payload-compression frf9 stac

Further Problem Description: We do not recommend process-switching in combination with software payload compression because it is not possible to provide latency guarantees.

IP Routing Protocols

CSCef21601

Symptoms: Calls may not complete because ResvConfirm messages are dropped. You can enter the debug ip rsvp messages command to track RSVP messages as they traverse routers.

Conditions: This symptom is observed when RSVP is configured for call admission control in a network with routers that do not have RSVP and a proxy ARP enabled. The symptom occurs because the RSVP-capable hop that sends the ResvConfirm messages uses the next RSVP-capable hop as the next IP hop for the packets and does not have the MAC address that is needed to encapsulate the IP packets for this next IP hop.

Workaround: Configure a static ARP entry that enables the router to properly encapsulate the packet by entering the arp ip-address hardware-address arpa command. The ip-address argument is the address of the next hop (that is visible via the RSVP debugs) for the ResvConfirm messages and the hardware-address argument is the MAC address of the interface of the next IP hop through which the ResvConfirm messages should be routed.

CSCsa54937

Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.

Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.

Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.

CSCsa55555

Symptoms: A router may reload because of a bus error when the NAT MIB is polled via SNMP.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T2.

Workaround: There is no workaround.

CSCsa98059

Symptoms: Suboptimal routing occurs in an OSPF configuration or a routing loop occurs between two border routers that redistribute BGP into OSPF.

Conditions: These symptoms are observed when at least two border routers are connected via eBGP to another autonomous system, receive the same prefix over these connections, and redistribute the prefix into OSPF. Under certain conditions, for example when the eBGP session from the preferred BGP exit point to the eBGP peer flaps, the second router in the local autonomous system becomes the preferred path and redistributes the eBGP route into OSPF. When the eBGP session with the first router comes back up, the LSA should be flushed but this does not occur. This situation may create routing problems on other OSPF routers or, when BGP has a higher administrative distance than OSPF, routing loops between both border routers.

Workaround: There is no workaround.

Miscellaneous

CSCed66010

Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.

Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(5b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.

Workaround: There is no workaround.

CSCef97768

Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.

Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).

Workaround: There is no workaround.

CSCeg14231

Symptoms: Various commands that include the virtual access keywords do not work as expected. For example, the show policy-map interface virtual-access2.1 produces no output even when there is policy map data associated with interface virtual-access2.1.

Conditions: This symptom is observed only on certain commands and only when these commands specify a virtual access interface.

Workaround: There is no workaround. However, the symptom is not service-affecting.

CSCeg15065

Symptoms: After a DSP restarts, RTP packets are not sent from the DSP to a trunk connection.

Conditions: This symptom is observed on a Cisco 7200 VXR router that runs Cisco IOS Release 12.3(10a) or Release 12.3(11)T when the connection trunk command is enabled.

Workaround: There is no workaround. To re-enable the DSP to send RTP packets, enter the enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the voice port that is associated with the DSP.

CSCeg43855

Symptoms: An encrypting router may send traffic that is locally originated (such as keepalive packets or routing update packets) out of order after the packets have been encrypted. Because of the anti-replay check failure, these packets are dropped on the receiving router.

Conditions: This symptom is observed when a multipoint GRE (mGRE) and IPSec tunnel is build between two routers.

Workaround: Turn off packet authentication for the configured IPSec transform.

Further Problem Description: On a Cisco 7200 series that functions as the receiving router, you can observe the symptom in the output of the show crypto ipsec sa detail or show pas isa interface command.

CSCeg50651

Symptoms: When a router has the moh-live dn-number out-call command enabled with 1234 for the dn-number argument and 9876 for the out-call argument, the outcall to an FXO port does not occur. Only when the router is manually placed into SRST mode does the outcall occur.

Conditions: This symptom is observed on a Cisco 2800 series that is configured as a MGCP gateway.

Workaround: Place the gateway into SRST mode, force the outcall to the live feed, then place the router back into MGCP mode.

Further Problem Description: This caveat is an enhancement to the MOH Live-Feed Support feature. The fix for this caveat ensures that MoH works in any configuration, not only when the router functions in SRST mode.

CSCeg52468

Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:

%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)

or

%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid Packet

Conditions: This symptom is observed under rare circumstances on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying.

Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.

Further Problem Description: HSP firmware version 2.3.1 was committed through CSCeg15422 to address the most common conditions that could result in PCI NULL writes that cause memory corruption. The fix for this caveat (CSCeg52468) implements HSP firmware version 2.3.2 to address additional conditions that could result in PCI NULL writes.

CSCeg78036

Symptoms: The following tracebacks may be generated when VFR handles fragmented packets:

%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 0 data 6472EE80 chunkmagic 0 chunk_freemagic 6484FA7C -Process= "IP Input", ipl= 4, pid= 60

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.11)T1. The symptom may also occur on a Cisco 2651XM.

Workaround: Disable virtual-reassembly using the "no ip virtual-reassembly" command.

CSCeg89017

Symptoms: MGCP calls fail with a fast busy signal. When you enter the debug mgcp packet command, the output indicates that the 400 Voice Call Setup failed.

Conditions: This symptom is observed when MGCP PRI backhaul is configured on a Cisco 2800 series that is configured with PVDM2 DSPs. Calls fail only after the router is reloaded. The symptom may also occur on a Cisco 3800 series that functions in the same configuration.

Workaround: Enter the following sequence of commands:

1. Enter the ccm-manager config server ip-address command followed by the ccm-manager config command.

2. Enter the shutdown command on the voice port or on the T1 controller.

3. Enter the no mgcp command followed by the mgcp command.

4. Enter the no ccm-manager config command followed by the ccm-manager config command, assuming that you have the TFTP server defined.

5. After you reload the router, enter the write erase command, add the configuration, and save the configuration.

CSCeh14272

Symptoms: Prioritized encrypted traffic is dropped.

Conditions: This symptom is observed when the Low Latency Queuing (LLQ) for IPSec Encryption Engines feature is enabled.

Workaround: Disable QOS preclassification on the crypto map.

CSCeh17689

Symptoms: Poor voice quality may be experienced as the default impedance selection may not yield the best ERL.

Conditions: This symptom has been observed when using the default impedance selection on a Cisco 2800 router.

Workaround: Use the test voice port [slot] /[subunit]/[port] inject-tone local sweep [sweep step] [high amplitude] [low amplitude] command to manually calibrate the best ERL.

CSCeh21613

Symptoms: When multicast is configured as part of a dial-peer configuration and you enter the shutdown command quickly followed by the no shutdown command on a voice port that is part of the dial-peer configuration, the router may generate tracebacks and may crash.

Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11)T4.

Workaround: There is no workaround.

CSCeh25446

Symptoms: The following error message may be generated when a Cisco AS5850 voice gateway boots:

Could not enable MAC

This situation may prevent line cards from booting up and pings over the Fast Ethernet and Gigabit Ethernet interfaces may fail.

Conditions: This symptom is observed on a Cisco AS5850 voice gateway that runs Cisco IOS Release 12.3T.

Workaround: There is no workaround.

CSCeh32576

Symptoms: Configuring an AUX port through a non-slotted notation such as "interface async 1" may not be possible on a Cisco 1841 and a Cisco 2801.

Conditions: This symptom is observed on a Cisco 1841 and Cisco 2801 that run Cisco IOS interim Release 12.3(11.9)T or a later release.

Workaround: Configure the AUX port through the slotted notation such as "interface async 0/0/0".

CSCeh35823

Symptoms: When a router detects "invalid identity" failures while decrypting IPsec packets, a memory leak occurs for the packet memory that is associated with these failed packets.

Conditions: This symptom is observed only when an "invalid identity" error occurs, which is an uncommon error that indicates that the originating router does not send packets according to what was originally negotiated. However, if there is another error that causes a "bad" decryption, the packet could be invalid and may also cause the symptom to occur.

Workaround: There is no workaround.

CSCeh40183

Symptoms: A router reloads unexpectedly when the show policy interface EXEC command is entered.

Conditions: This symptom is observed on a Cisco router when two users are connected to the router and simultaneously enter the show policy interface EXEC command.

Workaround: Ensure that only one user at a time enters the command.

CSCeh42620

Symptoms: Authentication, Authorization, and Accounting (AAA) for IKE fails with the following message when trying to begin session accounting:

ISAKMP AAA: Unable to allocate AAA User ID: no peer

Conditions: This error occurs when IKE accounting is configured in a site-to- site IPSec VPN. It will not occur when IKE accounting is configured in conjunction with mode configuration, XAUTH or EZVPN.

Workaround: There is no workaround.

CSCeh42852

Symptoms: A T.37 fax fails on a Cisco 2800 series because of clocking problems with a BRI. The fax that is sent or received via the BRI may be incomplete with cut pages or a part lost. About 40 to 50 percent of the faxes fail.

Conditions: This symptom is observed in the following topology:

A fax is sent from a fax machine via the PSTN to a BRI on a Cisco 2800 series. The Cisco 2800 series connects via an IP interface to an SMTP mail server.

Workaround: There is no workaround. Note that a fax that is sent via FXS instead of via a BRI goes through fine.

CSCeh49462

Symptoms: Tracebacks are generated on a Cisco AS5850 that is configured for analog and digital bulk calls.

Conditions: This symptom is observed on a Cisco AS5850 that is configured with ERSCs and that functions under stress.

Workaround: There is no workaround. However, the symptom does not impact service because the calls are processed by the Cisco AS5850.

CSCeh60700

Symptoms: A router that is configured for GRE+IPSec tunnel protection and VRF drops packets that are larger than the size of the MTU of the tunnel interface. The router should fragment the packets.

Conditions: This symptom is observed on a Cisco 2600 series when the size of a (cleartext) packet is larger than 1434 bytes (which is the Ethernet MTU minus the IPSec overhead). However, the symptom is platform-independent and occurs with both software encryption and onboard hardware encryption engines.

Workaround: On the tunnel interface that is configured for GRE+IPsec tunnel protection and VRF, configure an MTU size that is smaller than the MTU size of the physical interface of the tunnel source minus the IPSec overhead, as in the following example:

interface tunnel0 ip mtu 1400

(This example assumes that the physical interface of the tunnel source is an Ethernet interface with an MTU of 1500 bytes.)

CSCeh62596

Symptoms: Performing Telnet results in the session pausing indefinitely after accepting 13 characters or carriage returns.

Conditions: This symptom has been observed when performing a Telnet session through ATM PVC which is PPPoA but that a Telnet session through Fast Ethernet works fine.

Workaround: Avoid using Telnet session through ATM PVC which is PPPoA. Use Fast Ethernet for Telnet sessions if possible.

CSCeh62694

Symptoms: Before you start a BACD script, you cannot log out all agents from an ephone hunt group and activate the Do Not Disturb (DND) feature.

Conditions: This symptom is observed on a Cisco gateway that has an ephone hunt group configured.

Workaround: There is no workaround.

CSCeh65386

Symptoms: If a crypto map has RRI enabled and is applied to more than one interface, removing the map from one interface removes all active routes that are associated with other instances of this crypto map. In particular, this situation affects dialup termination and VPN connectivity on the same physical router. When you use a virtual template, the disconnection of one virtual-access interface that is spawned from the virtual template causes all routes for all other virtual-access interfaces to be removed.

Not all IKE and IPSec SAs on active connections are impacted, and when IPSec is rekeyed, routes are restored on the active interfaces.

Conditions: These symptoms are observed on a Cisco router under the following conditions:

The same crypto map is applied to multiple interfaces.

RRI is configured on the crypto map.

VPN and dialup are configured on the same physical router.

There are active IPSec SAs and routes.

Workaround: Do not remove a crypto map from an interface when there are active connections on other interfaces that use the same crypto map. First clear all SAs from the crypto map and then remove the interface.

CSCeh72180

Symptoms: A router may unexpectedly reload and generate the following error message:

TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x60FB1F70

Conditions: This symptom is observed on a Cisco 7200 series when one interface is configured for IP Header Compression (IPHC) and when another interface has a crypto map that includes the qos pre-classify command. However, the symptom is platform-independent.

Workaround: There is no workaround.

CSCei01321

Symptoms: You cannot bring up a serial interface of a channelized E1 or T1 port. The interface remains in the down/down state.

Conditions: This symptom is observed on a Cisco 3600 series.

Workaround: There is no workaround.

CSCei22930

Symptoms: After an upgrade to Cisco IOS Release 12.3(11)T5 so that QoS could be configured on an IMA group in an ATM interface, the following error messages were generated:

%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level

-Traceback= 611D46E8 6002160C 61D4EF90 602C329C 602C6574 602C6D40 61D52170

61D54F2C 61D553E8 61D55784 61D6FF84 61D550EC 61D5516C 604818FC 6047E89C

6047E9C8

%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 611D46E8 600177F4 6145DCB4 6145DDFC 6146B8E8 6146E174 616AB8B0

616ABB58 6205C598 62066DE0 6205C640 61D557F0 61D6FF84 61D550EC 61D5516C

604818FC

%SYS-2-MALLOCFAIL: Memory allocation of 19 bytes failed from 0x6145DCAC,

alignment 0

Pool: Processor Free: 139749528 Cause: Interrupt level allocation

Alternate Pool: None Free: 0 Cause: No Alternate pool

-Process= "<interrupt level>", ipl= 1, pid= 3

-Traceback= 611D46E8 60012958 6001822C 6145DCB4 6145DDFC 6146B8E8 6146E174

616AB8B0 616ABB58 6205C598 62066DE0 6205C640 61D557F0 61D6FF84 61D550EC

61D5516C

Conditions: This symptom has been observed on a Cisco 3745 router with the c3745-adventerprisek9-mz.123-11.T5 image installed and when configuring QoS on an IMA group in an ATM interface.

Workaround: There is no workaround.

CSCin77189

Symptoms: When a voice call is made via the G726r16 or G726r24 codec via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) using H.323-to-SIP interworking, the following symptoms may occur:

The originating party does not hear the ringback tone.

Both the originating and terminating party do not hear voice because the voice path was not established.

Conditions: This symptom is observed when H.323 is configured to use a static payload type for the G726r16 or G726r24 codec and when SIP is configured to use a dynamic payload type for the G726r16 or G726r24 codec. This situation causes a mismatch of payload type for the G726r16 or G726r24 codec.

Workaround: There is no workaround.

CSCin85528

Symptoms: A router crashes during a conference call.

Conditions: This symptom is observed on a Cisco 3700 series that is configured with a DSP Farm.

Workaround: There is no workaround.

CSCin87258

Symptoms: A Cisco router that is configured for SSG may reload when you configure a local service profile.

Conditions: This symptom is observed when the local service profile is configured with more than 150 service network entries.

Workaround: There is no workaround.

CSCin91843

Symptoms: Auto-logon services do not automatically log on when you connect via a Service Selection Gateway (SSG).

Conditions: This symptom is observed when the user profile that is downloaded via the Access-Accept response from a RADIUS server contains a netmask (RADIUS attribute 9) that is smaller than 32 bits and when the SSG functions in PBHK mode.

Workaround: Increase the netmask bits in such a way that the bitwise and ampersand (&) operation between the netmask and the SSG PBHK source IP address results in an SSG PBHK source IP address without any alteration.

CSCsa52821

Symptoms: When AAA accounting is configured for an EZ-VPN server, the EZ-VPN server may stop sending periodic updates for an idle client. When the symptom occurs, the output of the show aaa sessions command shows that the user name is not available for the idle client. The user name appears to be lost.

Conditions: This symptom is observed on a Cisco 7200 series that functions as an EZ-VPN server and that runs Cisco IOS Release 12.3(8)T or a later release. The symptom may not be release-specific.

Workaround: Add an IPSec idle time of a shorter duration than the IPSec lifetime to enable idle clients to send stop records.

CSCsa59549

Symptoms: A Cisco 2800 series that is configured for encryption, CBAC, and IPS crashes and reloads during the inspect process.

Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS 12.3T when it functions under a heavy load of mixed application traffic and IP telephony traffic.

Workaround: There is no workaround.

CSCsa63019

Symptoms: A security gateway may crash when ISAKMP accounting is enabled at aggressive time intervals such as 1-minute updates.

Conditions: This symptom is observed when ISAKMP accounting is enabled at very frequent update intervals together with ISAKMP NAT-T.

Workaround: Use ISAKMP accounting timers with a longer duration.

CSCsa64885

Symptoms: A router that is configured for SSG intermittently resets itself and generates a spurious memory access.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T with a prepaid or proxy service that has an idle or session timeout configured in the service profile.

Workaround: There is no workaround.

CSCsa71793

Symptoms: A Cisco 7200 series may reload because of a bus error when you enter a show atm command that accesses deleted VCs structures.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(12a).

Workaround: There is no workaround.

CSCsa72951

Symptoms: A DSMP-3-DSP_TIMEOUT error message may be generated when you place a fax call via a VoIP gateway.

Conditions: This symptom is observed when the fax call is torn down and the gateway attempts to obtain call statistic information from the DSP. The DSMP state in this case is S_DSMP_COLLECTING_STATS as displayed in the error message. The timeout occurs only when MGCP PRI-backhaul mode is enabled. The symptom does not occur in standalone mode.

The timeout itself does not impact the call for which it occurs because the timeout occurs at the end of the call while the call is being torn down and cleaned up. However, on some network modules, specifically, the 549 and 5421 DSP-based modules such as the NM-HDV and AIM network modules, when the timeout occurs, a DSP recovery mechanism is triggered and may impact other active calls on other channels on the same DSP as the one that reports the timeout. For this problem, caveat CSCsb14481 has been opened.

Although the timeout may occur on a 5510-based DSP network module such as the NM-HDV2 network module, the DSP itself does not appear to be reset so no impact to other active calls is observed.

To verify which DSP is currently in use on a gateway, enter the show voice dsp EXEC command.

Workaround: When MGCP PRI-backhaul is configured in a Cisco CallManager environment, you can disable Fax Relay on a gateway to prevent timeouts from occurring by entering the no ccm-manager fax protocol cisco global configuration command on the gateway.

Alternate Workaround: To prevent timeouts from occurring, configure the gateway to function in standalone mode.

CSCsa73438

Symptoms: When SSG functions in RADIUS proxy mode, SSG sends the RADIUS Framed IP Netmask Attribute value that it receives from a RADIUS server as the Framed IP Address Attribute value towards a GGSN or CSG downlink RADIUS client.

Conditions: This symptom is observed when the RADIUS Framed IP Netmask Attribute value is less then a 32-bit mask.

Workaround: Avoid using the RADIUS Framed IP Netmask Attribute or use a 32-bit mask value for it.

CSCsa85839

Symptoms: A Cisco Aironet AIR-AP1131AG-E-K9-P access point may not function because it does not receive power.

Conditions: This symptom is observed when an EtherSwitch NM-16ESW-PWR network module or EtherSwitch NMD-36ESW-PWR network module does not detect and supply power to the AIR-AP1131AG-E-K9-P access point.

Workaround: Use a power injector or external power supply.

CSCsa86918

Symptoms: A clicking sound is heard after each .wav audio file is played from a VoiceXML (VXML) document.

Conditions: This symptom occurs in Cisco IOS Release 12.3(14)T on a Cisco AS5400. The problem only occurs when there are multiple .wav files in a single VXML document that are concatenated together to play to the caller. A VXML document containing a single .wav file does not experience the problem.

Workaround: There is no workaround.

CSCsa94162

Symptoms: A DHCP client router has an old static route and a new static route concurrently. The output of the debug dhcp detail on the DHCP client router shows that the old static route is removed but that the routing table still contains the old static route. Also, the old static route is not removed after the static configuration is deleted.

Conditions: This symptom is observed when a DHCP server renews the DHCP address and the DHCP gateway.

Workaround: There is no workaround.

CSCsa96494

Symptoms: A call from an originating gateway (OGW) that is configured for SIP via an IPIPGW to a terminating gateway (TGW) that is configured for H.323 may fail when certain codecs are configured on the IPIPGW and H.323 TGW.

Conditions: This symptom is observed under either one of the following conditions:

The SIP OGW is configured for g.711u, the IPIPGW for g.711u for both connections, and the H.323 TGW for g.729r8. In this configuration, the SIP OGW continues to use g.711u as the negotiated codec and discards the g.729r8 codec that is sent by the H.323 TGW via OLC.

The SIP OGW is configured for g.729r8, the IPIPGW for g.729r8 for both connections, and the H.323 TGW for g.711u. In this configuration, the SIP OGW continues to use g.729r8 as the negotiated codec and discards the g.711u codec that is sent by the H.323 TGW via OLC.

Workaround: There is no workaround.

CSCsa99597

Symptoms: Reload is caused by memory corruption.

Conditions: This symptom has been observed when the router is a Cisco IPSec gateway which implements XAUTH. One example of this situation is a Cisco EZVPN server.

Workaround: There is no workaround.

Further Problem Description: The problem occurs if the username given to XAUTH is exactly 7, 19 or 43 characters long (given a default configuration). The exact lengths which tickle the symptom may vary depending on the memory lite configuration.

CSCsb04965

A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, Cisco 1900 series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device.

Cisco is making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml.

CSCsb06649

Symptoms: A Cisco 3725 that is configured as an H.323 gateway does not provide three beeps for a tone-on-hold. Instead, it generates the no-circuit tone.

Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(14)T2 and that is not configured for Music on Hold.

Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(11)T5.

CSCsb08192

Symptoms: A Cisco 3800 series may not drop unicast Ethernet frames that are not destined for its MAC address.

Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP.

Workaround: Enter the standby use-bia command on the main interface.

CSCsb08428

Symptoms: A router may crash when a VPN tunnel is established.

Conditions: This symptom is observed on a Cisco router when an interface has both IPSec and the ip verify unicast reachable-via command enabled and when a hardware encryption engine is used for IPSec.

Workaround: Remove the ip verify unicast reachable-via command from the interface.

CSCsb14481

Symptoms: Active voice and fax calls may stop unexpectedly on a gateway, that is, either the call may drop or two-way audio may stop.

Conditions: This symptom is observed when a DSP recovery algorithm on the gateway is started in response to a DSMP-3-DSP_TIMEOUT error condition. The timeout may occur on one of the channels of the DSP, but the reset algorithm impacts other calls on other channels that are active on the same DSP.

Network modules with 549 and 5421 DSPs such as the NM-HDV and AIM-VOICE network modules are reset when this timeout occurs, causing other active voice and fax calls on other channels of the same DSP to be reset. Network modules that use 5510 DSPs such as the NM-HDV2 network module do not seem to be reset when this timeout occurs during statistics collection.

To verify which DSP is currently in use on a gateway, enter the show voice dsp EXEC command.

Workaround: Disable the DSP recovery algorithm by entering the test dsp recovery disable command. However, use this command with caution because disabling the auto-recovery mechanism prevents voice and fax calls from functioning properly when a DSP enters a valid non-responding state.

Further Problem Description: This fix for this caveat suppresses the resetting of the DSP when the timeout occurs under a statistics collection state as shown in the sample output below where the state is equal to S_DSMP_COLLECTING_STATS:

%DSMP-3-DSP_TIMEOUT: DSP timeout on DSP 1/5:4: event 0x6, DSMP timed out,

while waiting for statistics from the DSP. DSMP State =

S_DSMP_COLLECTING_STATS

The timeout may occur when an internal software error causes some invalid statistics to be polled, leading to the timeout. As an example, see caveat CSCsa72951.

Wide-Area Networking

CSCeg55098

Symptoms: As soon as the ISDN switch deactivates layer 2, the router immediately activates layer 2.

Conditions: This problem is seen in Cisco IOS Release 12.3(11)T2. It was not seen in Cisco IOS Release 12.3(11)T.

In the ISDN q921 debugs, the following can be seen:

Dec 10 13:48:17.558: ISDN BR0 Q921: User RX <- DISCp sapi=0 tei=65

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

....

Dec 10 13:48:17.562: ISDN BR0 Q921: User TX -> UAf sapi=0 tei=65

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

In 6 milliseconds, the router activated the layer 2. (This was not the case in Cisco IOS Release12.3(11)T.)

Workaround: There is no workaround. However, to get rid of the consecutive line up/down messages, the following can be configured on the interface level as a temporary workaround:

conf t

int bri x

no logging event link-status

CSCeh06916

Symptoms: A Cisco router crashes when PVCs are deleted while the show pppoe session or show vpdn command is entered.

Conditions: This symptom is observed on a Cisco 10000 series that is configured for PPP over Ethernet (PPPoE) when there are two concurrent Telnet sessions. PVCs are deleted via one Telnet session while the show pppoe session or show vpdn command is entered via the other Telnet session. The symptom is platform-independent.

Workaround: Do not delete PVCs via one session and enter the show pppoe session or show vpdn command via another session at the same time.

CSCeh18018

Symptoms: The asynchronous resources on a NAS may remain active after a VPDN setup because the LAC does not close the L2TP session on receipt of the L2TP Call Disconnect Notification (CDN) from the LNS.

Conditions: This symptom is observed on a NAS that is configured with digital modems when the L2TP session is abnormally aborted, for example, when the L2TP session is aborted before the LNS sends an LCP termination request to the dialin user.

Workaround: Manually free the asynchronous resources on the NAS by entering the clear line line-number command or ask the remote dialin user to disconnect the modem.

CSCeh62257

Symptoms: PPP does not establish new sessions.

Conditions: This symptom is observed on a Cisco router that is configured with full virtual-access interfaces when a PPP leak occurs.

Workaround: Reload the router and configure virtual-access subinterfaces instead of full virtual-access interfaces.

CSCin86951

Symptoms: An LNS router crashes on establishing a large number of PPPoA L2TP sessions.

Conditions: This symptom is observed only when you establish sessions at a high rate. When you attempt to establish 8000 sessions, the router crashes shortly after 5000 sessions are established.

Workaround: Establish sessions at a low rate.

Resolved Caveats—Cisco IOS Release 12.3(14)T2

Cisco IOS Release 12.3(14)T2 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T2 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCeg52924

Symptoms: When T+ accounting or authorization is configured, many CPU cycles are consumed. The messages are not sent out, and the box is unusable.

Conditions: When T+ accounting/authentication/authorization is enabled with a faulty server, the server sends back unsolicited data when the socket is being set up. This symptom is observed on any Cisco IOS 12.3 release.

Workaround: Disable T+.

CSCeg62206

Symptoms: High CPU utilization may occur during the TPLUS process on a platform.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6c) and that is configured for TACACS.

Workaround: There is no workaround.

CSCeg64124

Symptoms: The operation result of an IP SLA jitter probe shows a high packet MIA that is equal to the jitter's number of packets minus one. In the responder router, the responder debug message shows many error packets.

Conditions: This symptom is observed when multiple jitter probes (either from the same router or from different routers) are configured to send packets to the same destination IP address and the same destination port number and when the responder is turned off for a short time and turned on again.

Workaround: To prevent the symptom from occurring, configure the jitter probe to use a unique destination port number.

Alternate Workaround: If the symptom has occurred, turn off the responder by entering the no rtr responder global configuration command, wait until all jitter probes report "No connection," and then turn on the responder by entering the rtr responder global configuration command.

IP Routing Protocols

CSCef11304

Symptoms: When performing a snmpwalk on OSPF-MIB that supports the ospfExtLsdbTable, a router can crash. In other instances alignment errors are observed when you enter the show alignment command.

Conditions: These symptoms are observed on a Cisco platform that runs Open Shortest Path First (OSPF) and supports the ospfExtLsdbTable in OSPF-MIB.

Workaround: There is no workaround.

CSCeg07725

Symptoms: A router may continue to redistribute an eBGP route into EIGRP after the eBGP route is deleted or EIGRP may not redistribute an eBGP route after the eBGP route has been installed.

Conditions: This symptom is observed on a Cisco router that runs Cisco 12.0S, 12.2S, or 12.(18)SXD1 and that redistributes eBGP routes into EIGRP when the router functions in a multihoming environment.

The symptom occurs in a configuration with two PE routers that advertise routes via eBGP and a border router that is configured with a higher local preference than the PE routers when the eBGP route of the primary path is withdrawn and the route of the secondary path is installed.

Workaround: If a route is still redistributed into EIGRP after the eBGP route is deleted, clear the BGP peer from which the eBGP route used to be learned so EIGRP stops advertising the route.

If a route is not redistributed into EIGRP after an eBGP route is installed, clear the route so EIGRP starts advertising it. Another workaround is to enter the bgp redistribute-internal command to cause EIGRP to redistribute iBGP routes and to prevent EIGRP from failing to redistribute an updated BGP route.

CSCeg19442

Symptoms: A router that is configured with the OSPF routing protocol may reload.

Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.

Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.

CSCeg35811

Symptoms: A platform (that is, a switch or a router) may crash when you enter the ip routing command followed by the configure memory command and the no ip routing command multiple times. Multiple tracebacks may also be generated.

Conditions: The symptom is observed on a Cisco platform that functions as the master in a stacked environment and that is configured for OSPF. The symptom is more likely to occur when the platform functions under a heavy traffic load.

Workaround: Do not enter the ip routing command followed by the configure memory command and the no ip routing command multiple times.

CSCeg41363

Symptoms: On a PE router with a parallel path to a destination where one path is over the OSPF sham-link and the other path is over the backdoor link, traffic is not getting load balanced. Only a backdoor connection is being used to forward the traffic.

Conditions: This symptom occurs on a PE router where traffic is not getting load balanced.

Workaround: Configure OSPF metric in a way that sham-link path and backdoor paths do not have the same cost.

CSCeg52889

Symptoms: TE tunnels do not come up.

Conditions: This symptom is observed when a new loopback interface is created with an IP address on an MPLE TE head router that is configured with MPLS TE tunnels and when you reload the router. The symptom occurs because of a change in router ID.

Workaround: Shut down the newly created loopback interface, save the configuration, and reload the router.

CSCeg72254

Symptoms: A router reloads when you clear NAT entries from the NAT table.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T7 only when Stateful Network Address Translation (SNAT) is configured on the router.

Workaround: There is no workaround.

CSCeg89682

Symptoms: Tracebacks may occur when you enter an ipv6 prefix-list command and BGP is not enabled or when you enter an ipv6 prefix-list command after you have entered the no router bgp as-number global configuration command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(13) or Release 12.3(14)T.

Workaround: First enter the router bgp as-number global configuration command before you enter an ipv6 prefix-list command.

CSCeh07809

Symptoms: When BGP nexthop information for a prefix changes because of topology changes, BGP properly updates its path information and IP routing table entry but CEF may not update the corresponding CEF entry, causing a stale entry. This inconsistency between BGP and CEF may cause a connectivity problem.

Conditions: This symptom is observed when the nexthop information changes to an existing prefix entry in the BGP routing table. Typically, this occurs when the interface through which the prefix is learned goes down.

Workaround: Flush out the stale CEF entry by entering the clear ip bgp command or withdraw and readvertise the prefix by the source router, which enables the affected router to refresh the CEF entry.

Miscellaneous

CSCef59507

Symptoms: A failed LDP session may still show up in the output of the show mpls ldp neighbors command as well as the new working session after the neighborship is re-established. The display of two sessions, one not working and one working to the same neighbor, may mislead the MPLS network operator.

Conditions: This symptom may occur after an LDP session has gone down and then re-established.

Workaround: There is no workaround.

CSCef72756

Symptoms: A Cisco IP Phone connected behind a Cisco Router on a interface configured for Authentication Proxy may not get access to network resources as it cannot perform HTTP/FTP/Telnet based authentication.

Conditions: This symptom has been observed on a Cisco IP Phone connected behind a Cisco Router on a interface configured for Authentication Proxy.

Workaround: Add the Cisco IP Phone source IP as a deny entry in the Authentication Proxy Intercept ACL so that IP phone is bypassed from authentication. Also make sure that the interface ACL has a permit for the IP Phone.

CSCeg06220

Symptoms: An EZVPN tunnel does not come up and becomes stuck in the "VALID_CFG" state even though the tunnel is configured to come up automatically.

Conditions: This symptom is observed on a router that is rebooted with EZVPN enabled on an interface.

Workaround: Unconfigure and reconfigure EZVPN on the interface.

CSCeg15000

Symptoms: Modem relay over TCCS works fine when you save the configuration and reload the router. However, a modem call goes into pass-through mode when you enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.

Conditions: This symptom is observed on a Cisco 3700 series that functions as a voice gateway.

Workaround: After the router has booted, do not enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.

CSCeg20412

Symptoms: A router may not properly detect supervisory tones.

Conditions: This symptom is observed on a Cisco 3640 and Cisco 3660 and may also occur on other routers.

Workaround: There is no workaround.

CSCeg38778

Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.

Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.

Workaround: There is no workaround.

CSCeg39560

Symptoms: After a router is rebooted, a tunnel interface does not acquire the IP address of the async serial interface that is the tunnel source.

Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(8)T3.

Workaround: Enter the tunnel source interface-type interface-number command on the tunnel interface.

CSCeg54615

Symptoms: There may be a large latency in responding to EAPoUDP events from a host, causing the idle timer to expire and network access for users to be delayed.

Conditions: This symptom is observed on a Cisco router that is configured for Network Admission Control (NAC).

Workaround: There is no workaround.

CSCeg55584

Symptoms: A Cisco router that is configured for PPPoE may stop forwarding packets that need to be fragmented.

Conditions: This symptom is observed after a link flap occurs on the dialer interface or after you enter the clear interface command on the dialer interface.

To re-enable the affected packets to be forwarded, enter the no ip cef command followed by the ip cef command.

Possible Workaround: Enter the ip tcp adjust-mss 1400 command to force the maximum segment size (MSS) of the TCP SYN packets to be small enough to prevent the router from fragmenting the packets.

CSCeg62088

Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.

Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).

Workaround: There is no workaround.

CSCeg63430

Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.

Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:

Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee

Workaround: Enable MTP or the Cisco CallManager.

Further Problem Description: Although the symptom is not observed in Cisco IOS Release 12.3, the fix is included in Cisco IOS Release 12.3 as a precaution.

CSCeg64669

Symptoms: A Cisco AS5850 reloads when it fetches a TDM connection object for a TDM hairpinned call. while handing over peer resources to the standby RSC.

Conditions: This symptom is observed when you enter the redundancy handover peer-resource command and when the Cisco AS5850 functions in the extra-load state.

Workaround: Clear all existing calls that use peer resources and mark the calls as busyout before you enter the redundancy handover peer-resource command.

CSCeg64679

Symptoms: A Cisco AS5850 reloads when you enter the redundancy handover peer-resources command to hand over the peer resources to the other RSC.

Conditions: This symptom is observed when the RSC that hands over the peer resources is in the "ACTIVE_EXTRALOAD" mode and when an SNMP trap is sent to obtain the card status.

Workaround: There is no workaround.

CSCeg76294

Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.

Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.

Workaround: There is no workaround.

CSCeg84558

Symptoms: A Cisco 3745 reloads because of a bus error. Just before the crash, the following error messages are generated:

%SYS-3-BAD_RESET: Questionable reset of process 149 on tty123
%SYS-3-HARIKARI: Process Exec top-level routine exited

Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(26) or Release 12.3(12) and that has an NM-2CE1T1-PRI network module that is configured for ISDN dial-in.

Workaround: There is no workaround.

CSCeg87604

Symptoms: The sockets associated with the TLS connections to the SRST gateway are not getting cleared when the switch link is down for the phones.

Conditions: When the ethernet connectivity between the ephone and the SRST router goes down, the sockets are not cleared. This happens when the ephone is not in the fall-back mode.

Workaround: There is no workaround.

CSCeh06736

Symptoms: When IP header compression is enabled on a PPPoATM or PPPoFR interface, compressed packets are not correctly classified by any QoS policy that has been applied to the supporting ATM or Frame Relay PVC.

Conditions: This symptom is observed when CRTP is enabled on the virtual-template interface via the service policy command or ip rtp header-compression command and when the IP RTP Priority feature is enabled in the PVC policy.

Workaround: There is no workaround.

CSCeh10646

Symptoms: A router may unexpectedly reloads because of a bus error at an address that falls just short of the I/O memory range such as address 0x4E7FD5B8, whereas the iomem address starts at 0x4E800000.

Conditions: This symptom is observed when the router has some of the following security feature commands enabled on one or more interfaces:

ip nbar protocol-discovery

ip virtual-reassembly

ip access-group in

ip access-group out

ip inspect in

ip inspect out

ip ips in

ip ips out

auto discovery qos

crypto map

Workaround: Remove the ip access-group out command.

CSCeh17995

Symptoms: When you enter the following commands on the Fast Ethernet port of an NM-16ESW network module, the router may crash:

ip dhcp client hostname

no switchport mode

switchport mode

Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series in which an NM-16ESW network module is installed.

Workaround: Do not enter IP commands in switchport mode.

CSCeh19106

Symptoms: A Service Selection Gateway (SSG) that is deployed in a GPRS access environment and that is configured for L2TP tunnel service with an extended autodomain may reload when duplicate GPRS PDP context create requests are sent.

Conditions: This symptom is observed when the PDP context create requests contain the static addressing, that is, the IP address of the MS instead of all zeros in the end user address field.

Workaround: There is no workaround. Note that for corporate access through a GPRS access-based solution using SSG, generally dynamic addressing is used. With dynamic addressing, the end-user address field is sent with all zeros and the corporate network provides the address, and the symptom does not occur.

CSCeh21680

Symptoms: A Cisco 2800 series or Cisco 3800 series may crash when you configure the interface of an NM-16ESW.

Conditions: This symptom is observed when you enter the ip rsvp bandwidth command on FE port 1/10 of the NM-16ESW and then you enter the no switchport mode command followed by the switchport mode command.

Workaround: Do not enter IP commands in switchport mode.

CSCeh24075

Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.

Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.

CSCeh24202

Symptoms: A Cisco 2800 series that is configured for software or hardware encryption and CBAC may reload.

Conditions: This symptom is observed when IPSec SAs and CBAC sessions are established and when the traffic is blocked by an ACL on the outgoing WAN interface of a neighboring crypto router. When you send encrypted traffic from the neighboring crypto router to another router via the Cisco 2800 series, the Cisco 2800 series reloads.

Workaround: Permit the encrypted traffic on the outgoing interface of the neighboring crypto router.

CSCeh24815

Symptoms: High CPU utilization occurs on a Cisco AS5850.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T3 when dCEF is not applied to packets because of a slow start configuration.

Workaround: Remove the slow start configuration.

CSCeh25105

Symptoms: A Cisco router crashed when the name of the EEM TCL Policy is longer than 12 characters.

Conditions: This symptom is observed on a Cisco IOS software image if the user names an EEM TCL Policy with more than 12 characters.

Workaround: Name the EEM TCL Policy with no more than 12 characters.

CSCeh25459

Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.

Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:

- The initial codec for the call is negotiated as G.729.

- A reinvite message with a codec change to G.711ulaw is sent to the gateway.

- The gateway accepts the change with a 200 OK message but continues to send the call with codec G.729 in the RTP stream.

Workaround: Remove the fax pass-through configuration.

CSCeh30146

Symptoms: The WIC-DSU-T1-V2 card can get stuck and will not be able to detect any alarms, loopback events, etc.

Conditions: When this symptom occurs, the DSU-T1-V2 may still be able to pass traffic.

Workaround: Bring the card up again by issuing the clear service- module serial slot|port command.

CSCeh33913

Symptoms: NAT-PT stops working after a reload.

Conditions: This symptom occurs when the v6v4 static NAT configuration exists, and NAT-PT fails to install ARP entries due to the system not being yet fully initialized.

Workaround: Remove and then reconfigure the mapping.

CSCeh35411

Symptoms: A 4-port OC-12 POS Engine 2 line card may crash repeatedly when the Cisco 12000 series in which the line card is installed comes up after a software-forced crash has occurred on the router.

Conditions: This symptom is observed on a Cisco 12000 series that runs the c12kprp-p-mz image of a Cisco IOS interim release for Release 12.0(31)S, that is configured with two RPS, and that is configured for SSO. The symptom is more likely to occur when the ipv6 unicast-routing command is enabled.

Workaround: To diminish the chance that the symptom occurs, disable the ipv6 unicast-routing command.

CSCeh41997

Symptoms: EEM Tcl policies leak a significant amount of memory every time they run.

Conditions: This symptom occurs because the memory model that is currently implemented in Cisco IOS software that supports Tcl assumes a single threaded model in which global memory is not released when the Tcl script completes.

Workaround: There is no workaround.

CSCeh45653

Symptoms: Embedded Event Manager (EEM) does not pass the configured session CLI username in applet callbacks. If a customer is using TACACS authentication, EEM applets will not correctly interact with the CLI library.

EEM action CLI can cause a router to crash due to the TTY output buffers not being null terminated.

Conditions: If customers are using TACACS authentication, this symptom occurs upon triggering of the EEM applets that interact with the CLI through the Action "action <label> cli ...".

Workaround: See the following: 1) Disable TACACS authentication. or 2) Configure an EEM script to perform the same EEM actions upon the triggering of an event. 3) If crash occurs using action CLI in EEM applet, refer to workaround #2 above.

CSCeh50570

Symptoms: A Cisco platform reloads when you bring up bulk asynchronous and digital SS7/VPDN calls.

Conditions: This symptom is observed on a Cisco AS5850.

Workaround: There is no workaround.

CSCsa45066

Symptoms: A memory leak may occur in the in SDP library on an IPIPGW.

Conditions: This symptom is observed when a fax call is made between a platform that is configured for SIP and a platform that is configured for T.38 H.323.

Workaround: There is no workaround.

CSCsa49566

Symptoms: An error message similar to the following may be logged in a router:

*Dec 20 16:29:37.899: %FIB-2-IF_NUMBER_ILLEGAL: Attempt to create CEF interface
for unknown if with illegal if_number: 0 followed by a traceback.

Conditions: This symptom occurs when the router creates virtual interfaces such as Loopback or Virtual.

Workaround: There is no workaround.

CSCsa53127

Symptoms: A bargeinable prompt aborts right after it starts playing, almost as if it is being barged in to.

Conditions: This symptom is observed in the following scenario with an application that requests DTMF input using two to four digits with an asterisk as the termination character:

- You let the prompt play (that is, you do not barge in).

- You enter "123*". The next prompt is a VXML Transfer element containing three .wav files (1.wav, 2.wav, and 3.wav).

- This prompt is bargeinable, but you do not barge in. You hear a brief "burp", but not the three .wav files.

- The final prompt is non-bargeinable TTS "Test Passed", which you hear just fine.

Workaround: Make the .wav files non-bargeinable.

CSCsa55375

Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.

Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.

Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.

CSCsa59667

Symptoms: An AIM that is installed in a Cisco 2851 or Cisco 3845 may time out when it receives non-multiples of a 64-bits public key from a third-party vendor router. This situation causes the router to crash rather than verifying the key.

The Cisco 2851 crashes because of a memory corruption. The Cisco 3845 crashes because of an "ALIGN-1-FATAL" bus error.

Conditions: This symptom is observed on a Cisco 2851 and Cisco 3845 that run Cisco IOS Release 12.3(11)T3.

Workaround: Ensure that the AIM receives multiples of the 64-bits public key.

Alternate Workaround: Disable the AIM hardware encryption by entering the no crypto engine aim 0 command. Doing so causes onboard encryption to occur.

CSCsa62681

Symptoms: SIP messages from Cisco IOS gateways fail to reach the remote endpoint. This is seen for UDP transport only.

Conditions: This symptom happens when interworking with a third party SIP device, which sends responses to SIP Requests to the source port of the request packet instead of sending them to the header port (5060). This is in violation of the RFC3261 rules for UDP (unreliable transports).

Workaround: There is no workaround.

CSCsa65656

Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.

Conditions: This symptom is observed for post-paid users.

Workaround: There is no workaround.

CSCsa68004

Symptoms: Service Selection Gateway (SSG) does not update tariff switch information to the users when the user logs in exactly at tariff switching time.

Conditions: This symptom is observed for postpaid users only.

Workaround: There is no workaround.

CSCsa68768

Symptoms: After fallback occurs from CCM to secure a Survivable Remote Site Telephony (SRST) gateway (GW), during full-consult transfer from a secure to nonsecure IP phone and then back to a secure IP phone, which are all in single line mode, one-way voice is heard. There is a loud noise on the other side.

Conditions: This symptom happens only when the transfer-system is full- consult, and there is a nonsecure to secure call transfer.

Workaround: Use IP phone with dual line.

CSCsa71596

Symptoms: The prompt file that is stored on an HTTP file server and that is invoked by a VXML document is not heard by a caller.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(12.12)T5 when a VXML document attempts to retrieve and render a wav file that is stored on an HTTP file server.

Workaround: There is no workaround.

CSCsa78779

Symptoms: A memory leak may occur in the processor memory pool of a router that runs encrypted traffic with an SA-VAM2.

Conditions: This symptom is observed when the SA-VAM2 encrypts traffic and when underlying "no buffer" conditions exist in the I/O particle pools for the encrypted packets.

Workaround: There is no workaround.

CSCuk56412

Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.

Wide-Area Networking

CSCef58201

Symptoms: The CEF-Dialer feature fails to add an adjacency for a virtual-access1 CEF interface because the IP route is installed after the feature attempts to add the adjacency.

Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS Release 12.3 or interim Release 12.3(10.3)T.

Workaround: Configure a static host entry for the neighbor in the routing table, pointing to the Dialer interface:

ip route prefix mask 255.255.255.255 Dialer1

For the prefix mask argument, enter the IP address of the neighbor.

CSCeh32353

Symptoms: A LNS intermittently routes packets to an incorrect interface in the process-switching path, preventing some applications from working properly. These applications such as ARP, CBAC, and NAT depend on the first packet to go to process-switching for their initialization operation. Consequently, this situation may affect user connectivity to the Internet.

Conditions: This symptom is observed when the next-hop ISP router is connected via static routes and when there is no ARP entry on the LNS.

Workaround: There is no workaround.

CSCsa78148

Symptoms: A Cisco router that functions as an L2TP Network Server (LNS) may drop sessions when multilink is enabled and negotiated on a forwarded inbound VPDN session.

Conditions: This symptom is observed when LCP renegotiation of proxy negotiations is disabled (which is the default) and when the multilink Endpoint Discriminator option that is advertised by the LAC does not match the Endpoint Discriminator on the LNS.

Workaround: Enable the LNS to renegotiate LCP when necessary by entering the lcp renegotiation on-mismatch VPDN group configuration command.

Alternate Workaround: Avoid the need to renegotiate by entering the ppp chap hostname or ppp multilink endpoint command to configure matching Endpoint Discriminators on the LAC and LNS.

Warning: Technically, the current behavior of the Cisco IOS software is correct. An LNS should not accept the results of a LAC proxy negotiation when the LAC negotiates values that do not accurately represent the LNS. A platform must be configured to either enable the LNS to renegotiate when necessary, or (if it is desired to avoid such renegotiations, which may be necessary to get around problematic client implementations) enable the LAC to negotiate adequately as a substitute for the LNS.

The fix for CSCsa78148 deliberately introduces the behavior that a mismatched multilink Endpoint Discriminator is ignored when the LNS is configured to terminate connections on mismatched conditions. This behavior is introduced to prevent the termination of a connection for a condition that is harmless for the majority of VPDN users. From a technical standpoint, this behavior is improper because it means that the VPDN clients have an invalid notion of the identity of the peer. This situation may pose problems for clients who have more than one multilink-capable link active at a time because the invalid Endpoint Discriminators may prevent links from being properly bundled at the client end. In such circumstances, enabling LCP renegotiation or ensuring that the LAC and LNS agree on negotiation parameters is the only valid option.

Resolved Caveats—Cisco IOS Release 12.3(14)T1

Cisco IOS Release 12.3(14)T1 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T1 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Miscellaneous

CSCsa81379

NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.

If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.

The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.

Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.

Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):

cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6

Open Caveats—Cisco IOS Release 12.3(14)T

This section describes possibly unexpected behavior by Cisco IOS Release 12.3(114)T. All the caveats listed in this section are open in Cisco IOS Release 12.3(14)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCeg09005

Symptoms: A NAS may reload after functioning for a couple of days in a high-call capacity scenario.

Conditions: This symptom is observed when the NAS is configured for AAA and connects to a RADIUS server.

Workaround: There is no workaround.

CSCeg24855

Symptoms: A platform reloads after you enter the aaa route download 2 command.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T2.

Workaround: There is no workaround.

CSCeh01791

Symptoms: The performance on a Cisco router that has the ip nat outside command enabled may be degraded.

Conditions: This symptom is observed on a Cisco 7200 series when you upgrade the router from Cisco IOS Release 12.3(4)T or a later 12.3T release.

Workaround: There is no workaround.

CSCeh02841

Symptoms: A Cisco router hangs and the console connectivity disappears. When you break the hanging process and enable the router to enter ROMmon, a stack dump is generated.

Conditions: This symptom is observed on a Cisco 7206 that runs Cisco IOS Release 12.3(8)T4 and that is configured for SSG to access gateway services for an ISPs that provides ADSL services.

Workaround: There is no workaround.

CSCeh20434

Symptoms: A router crashes when an RTR probe is configured.

Conditions: This symptom is observed when the RTR and the fallback system process are not synchronized. For each RTR probe, the fallback system creates a cache entry and keeps it for cache timeout. During the cache timeout, the fallback system process sends an event to RTR and frees the entry, but RTR sends an event after the cache entry is deleted.

Workaround: There is no workaround. Note that caveat CSCeg89043 fixes the problem from the fallback system process side but not the above-mentioned symptom.

CSCsa64024

Symptoms: A Cisco AS5350 may crash because of a software bus error.

Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(7)T7.

Workaround: There is no workaround.

CSCsa66299

Symptoms: A router that is configured for AAA reloads because of a software-forced crash.

Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(11)T3 and that is configured for SSG when SSG has a client with an extensible authentication protocol-subscriber identity module (EAP-SIM).

Workaround: There is no workaround.

EXEC and Configuration Parser

CSCin22321

Symptoms: If the netConfigSet and hostConfigSet variables of the OLD-CISCO-SYS-MIB MIB are set, the corresponding commands may not be executed, and the following error messages and tracebacks may be generated:

%SYS-4-SNMP_NETCONFIGSET: SNMP netConfigSet request.
Loading configuration from 10.10.10.10

%SYS-3-TIMERNEG: Cannot start timer (0x545E1928) with negative offset (-1).
-Process= "SNMP ENGINE", ipl= 6, pid= 143
-Traceback= 502308BC 5022E3F8 50233358 501B0A24 501B298C 501C3618 501C3800 50259C00 50255290 5024F444 502574BC 502576FC 5017C4F4 508EBE04 508EBBBC 508D4D8C

%PARSER-4-BADCFG: Unexpected end of configuration file.

Conditions: This symptom is platform independent.

Workaround: There is no workaround.

Interfaces and Bridging

CSCef01100

Symptoms: A router that is configured for VLANs may generate a traceback during the "gext_next_swidb_from_vlan_bucket" process.

Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(8)T1 but may be platform-independent.

Workaround: There is no workaround.

CSCef44950

Symptoms: ISDN is not properly established.

Conditions: This symptom is observed on a Cisco 7500 series that has distributed switching enabled via the ip cef distributed command.

Workaround: Disable distributed switching.

CSCeh17935

Symptoms: When you perform an OIR of an ATM port adapter, tracebacks are generated.

Conditions: This symptom is observed on a Cisco 7200 series when the ATM port adapter is up and has a VC configured.

Workaround: There is no workaround.

CSCsa46510

Symptoms: When you enter the microcode reload command, an error message similar to the following and a traceback may be generated:

RSP-3-RESTART: interface Serial3/0/1/4:0, not transmitting
-Traceback= 404436B4 4044DE10

Conditions: This symptom is observed on a Cisco 7500 that is configured with a E1, T1, E3, or T3 port adapter.

Workaround: There is no workaround.

IP Routing Protocols

CSCec85835

Symptoms: When RSVP and IP Header Compression are configured on an interface, the show ip rsvp installed detail command shows a compression factor of 0, and some of the flow is being treated as non-conformant.

Conditions: This occurs when using RSVP and header compression on fast or CEF switched interfaces.

Workaround: Enter the ip rsvp flow-assist command on the outbound interface of the flow.

CSCee94934

Symptoms: A router crashes after processing an H.323 or skinny VoIP call.

Conditions: This symptom is observed on a Cisco router that is configured to translate H.323 and skinny IP packets using Network Address Translation (NAT).

Workaround: There is no workaround.

CSCef21601

Symptoms: Calls may not complete because ResvConfirm messages are dropped. You can enter the debug ip rsvp messages command to track RSVP messages as they traverse routers.

Conditions: This symptom is observed when RSVP is configured for call admission control in a network with routers that do not have RSVP and a proxy ARP enabled. The symptom occurs because the RSVP-capable hop that sends the ResvConfirm messages uses the next RSVP-capable hop as the next IP hop for the packets and does not have the MAC address that is needed to encapsulate the IP packets for this next IP hop.

Workaround: Configure a static ARP entry that enables the router to properly encapsulate the packet by entering the arp ip-address hardware-address arpa command. The ip-address argument is the address of the next hop (that is visible via the RSVP debugs) for the ResvConfirm messages and the hardware-address argument is the MAC address of the interface of the next IP hop through which the ResvConfirm messages should be routed.

CSCeg51291

Symptoms: A VRF ping fails to reach an OSPF neighbor interface.

Conditions: This symptom is observed when the platform on which the ping originates and the OSPF neighbor interface are connected via an OSPF sham link that is used for interconnecting traffic between two VPN sites.

Workaround: There is no workaround.

CSCeg72254

Symptoms: A router reloads when you clear NAT entries from the NAT table.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T7 only when Stateful Network Address Translation (SNAT) is configured on the router.

Workaround: There is no workaround.

CSCeg73618

Symptoms: A router may reload because of a bus error exception. The crashinfo file shows an address error (a load or instruction fetch) and a spurious memory access.

Conditions: These symptoms are observed on a Cisco router that performs NAT on H.323 voice traffic.

Workaround: There is no workaround.

CSCeh22169

Symptoms: After the active HSRP router in a redundant network reloads, a Stateful NAT (SNAT) inconsistency occurs when the router that reloaded becomes active again after the preemption delay. This situation causes a TCP connectivity timeout.

Conditions: This symptom is observed in a configuration with SNAT failover and occurs only after the active HSRP router is reloaded (or crashes) and later becomes active once again.

Workaround: There is no workaround.

CSCsa54937

Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.

Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.

Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.

CSCsa55555

Symptoms: A router may reload because of a bus error when the NAT MIB is polled via SNMP.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T2.

Workaround: None.

ISO CLNS

CSCed36743

Symptoms: A memory leak may occur on a router that has the Multi-Topology IS-IS for IPv6 feature enabled and the router may reload.

Conditions: This symptom is platform-independent and release-independent.

Workaround: Disable the Multi-Topology IS-IS for IPv6 feature.

Miscellaneous

CSCeb37966

Symptoms: A Cisco 12000 series may reload when you enable Fast Reroute (FRR) on the headend of a tunnel.

Conditions: This symptom is observed when the tunnel carries Any Transport over Multiprotocol Label Switching (AToM) traffic.

Workaround: There is no workaround.

CSCec70525

Symptoms: The SRC address and destination address for an RTP stream are the same for all calls between gateways, preventing load-balancing from functioning properly.

Conditions: This symptom is observed when RTP traffic is configured to be load-balanced among multiple links. In this situation, the SRC address or destination address should change, but neither is changed.

Workaround: Use multilink PPP.

First Alternate Workaround: Use PBR based on DSCP values that are set in the dial peer.

Second Alternate Workaround: Enter the source interface interface-name command to change the SRC address of the RTP streams.

CSCee27522

Symptoms: Incoming or outgoing voice calls may encounter no-way audio on some specific channels.

Conditions: This symptom is observed on a Cisco 2600 series that functions as a PRI voice gateway and that uses DSPs of an ATM AIM to place the voice calls.

Workaround: Reboot the voice gateway.

CSCee42932

Symptoms: Resuming a call that was placed on hold fails on a Cisco CallManager.

Conditions: This symptom is observed when a Cisco CallManager that runs version 4.0 and that is not configured for Message Transport Protocol (MTP) is connected via an IPIPGW to another Cisco CallManager that runs version 4.0 and that is not configured for MTP.

The symptom occurs on the second Cisco CallManager because the IPIPGW sends an incorrect ICT version for the first Cisco CallManager to the second Cisco CallManager and because the IPIPGW drops the non-standard fields in the callproc, alert, and connect messages from the second Cisco CallManager to the first Cisco CallManager.

Workaround: Configure MTP.

CSCee61505

Symptoms: An SS7 link-state goes into the "PROCESSOR_OUTAGE" state and the link does not recover.

Conditions: This symptom is observed on a link between two gateways when there are active calls in a configuration with multiple OPCs and when a switchover occurs.

Workaround: There is no workaround. Reload the gateways to bring the link back in service.

CSCee91324

Symptoms: When the codec complexity is changed from flex mode to medium or high complexity mode, a maximum of six signaling channels can be assigned on each DSP in high-complexity mode or a maximum of eight signaling channels can be assigned on each DSP in medium-complexity mode.

If more than six signaling channels are assigned in flex mode and you change to high-complexity mode, the signaling channels beyond six are not reassigned to another DSP after the codec complexity change.

If more than eight signaling channels are assigned in flex mode and you change to medium-complexity mode, the signaling channels beyond eight are not reassigned to another DSP after the codec complexity change.

Conditions: This symptom is observed on a Cisco router that supports flexible DSPs.

Workaround: Use flex mode instead of medium or high complexity mode.

Alternate Workaround: Reload the router after the codec complexity change to enable the signaling channels to be assigned correctly.

CSCee96499

Symptoms: A voice call fails on a router that is configured with an NM-HDV or NM-2VE network module.

Conditions: This symptom is observed when some of the dialed digits become lost in the call setup phase when FXS or FXO-melcas is configured over an E1 line.

Workaround: When you pick up the phone, wait for two seconds before you start dialing.

CSCef05018

Symptoms: Disconnecting and reconnecting a Gigabit Ethernet cable on an RPM-XF may cause the TCP/IP connection to be lost on the VISM.

Conditions: This symptom is observed on an RPM-XF that runs Cisco IOS Release 12.2(11)YP or Release 12.3T.

Workaround: There is no workaround.

CSCef08263

Symptoms: The legacy command syntax to configure an authentication proxy may not function.

Conditions: This symptom is observed when an authentication proxy is configured along with Network Admission Control (NAC).

Workaround: Use the new command syntax to configure an authentication proxy.

CSCef28439

Symptoms: Traffic does not flow after a switchover in RPR+ mode.

Conditions: This symptom is observed on a Cisco router when distributed LFI over ATM (dLFIoA), QoS, and RPR+ are configured.

Workaround: There is no workaround.

CSCef28975

Symptoms: A router that functions as an H.323 gateway crashes.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when authentication is enabled.

Workaround: Enter the no memory lite command.

CSCef32838

Symptoms: The "its-CISCO.2.0.1.0.tcl" CCM Express IVR script assumes that a called number is busy when there is another active call connected via the IVR script on the same trunk. As a result, the IVR script plays the "en_dest_busy.au" busy message instead of the "en_welcome.au" welcome message.

Conditions: This symptom is observed for T1 CAS calls only.

Workaround: There is no workaround.

CSCef67682

Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.

The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:

interface Ethernet0/0

ipv6 traffic-filter nofragments in

!

ipv6 access-list nofragments

deny ipv6 any <my address1> undetermined-transport

deny ipv6 any <my address2> fragments

permit ipv6 any any

This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.

This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.

We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.

CSCef72135

Symptoms: A memory leak may occur in the IP RIB update process of a router.

Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.3(8)T.

Workaround: There is no workaround.

CSCef73519

Symptoms: A standby RP may reboot when you enable or disable the ip rtp header-compression command on the active RP.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T4.

Workaround: There is no workaround.

CSCef96035

Symptoms: All IPSec sessions may be dropped from a Cisco 7200 series and the router generates the following error messages continuously:

%VPN_HW-1-ERROR: slot: 2 - ENOSPACE tx cmd 2 ring. Head 83, Tail 82, Used 255, buf 0 IPSECcard: an error coming back 0x1510

Other symptoms that may occur during this time include the following:

High CPU utilization during the "Crypto Delete Manager" process.

An I/O memory allocation failure during the "Crypto Delete Manager" process.

Conditions: This symptom is observed on a Cisco 7200 series that is equipped with two VPN acceleration modules (SA-VAMs) that are configured for VRF-aware IPSec.

Workaround: There is no workaround. To temporarily clear the symptoms, reload the router.

CSCeg00531

Symptoms: A router crashes when you remove an ATM subinterface.

Conditions: This symptom is observed when the subinterface is configured with a LANE client that is configured for Multiprotocol over ATM (MPOA).

Workaround: There is no workaround.

CSCeg03088

Symptoms: IP inspection for SIP traffic fails.

Conditions: This symptom is observed when there is an access control list applied on an inside interface.

Workaround: There is no workaround.

CSCeg06220

Symptoms: An EZVPN tunnel does not come up and becomes stuck in the "VALID_CFG" state even though the tunnel is configured to come up automatically.

Conditions: This symptom is observed on a router that is rebooted with EZVPN enabled on an interface.

Workaround: Unconfigure and reconfigure EZVPN on the interface.

CSCeg15000

Symptoms: Modem relay over TCCS works fine when you save the configuration and reload the router. However, a modem call goes into pass-through mode when you enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.

Conditions: This symptom is observed on a Cisco 3700 series that functions as a voice gateway.

Workaround: After the router has booted, do not enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.

CSCeg15200

Symptoms: When you send traffic via a VIP on a Cisco 7500 series, the VIP crashes because of memory corruption.

Conditions: This symptom is observed when the Cisco 7500 series is configured for dLFI over a leased line.

Workaround: There is no workaround.

CSCeg23176

Symptoms: A Cisco RPM-XF is reset by the PXM because of an SCM poll timeout. A PCI information file is generated in the bootflash memory just before the Cisco RPM-XF resets.

Conditions: This symptom is observed when a PCI error interrupt occurs along with SDRAM parity errors that are continuously serviced.

Workaround: There is no workaround.

CSCeg23765

Symptoms: All IPSec sessions may be dropped from a Cisco 7200 series and the router generates the following error messages continuously:

%VPN_HW-1-ERROR: slot: 2 - ENOSPACE tx cmd 2 ring. Head 83, Tail 82, Used 255, buf 0 IPSECcard: an error coming back 0x1510

Other symptoms that may occur during this time include the following:

High CPU utilization during the "Crypto Delete Manager" process.

An I/O memory allocation failure during the "Crypto Delete Manager" process.

Conditions: This symptom is observed on a Cisco 7200 series that is equipped with two VPN acceleration modules 2 (SA-VAM2s).

Workaround: There is no workaround. To temporarily clear the symptoms, reload the router.

CSCeg24938

Symptoms: A Cisco RPM-XF resets when you enter the clear ip mroute * command repeatedly.

Conditions: This symptom is observed when the Cisco RPM-XF is configured for low speed.

Workaround: There is no workaround.

CSCeg27043

Symptoms: PIM neighbors continue to flap after you have reloaded microcode.

Conditions: This symptom is observed on a Cisco MGX 8850 series RPM-XF that runs Cisco IOS Release 12.3T.

Workaround: Enter the clear ip mroute * command to clear the symptoms.

CSCeg30639

Symptoms: A router may shown a warning message similar to the following:

%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000

Conditions: This symptom is observed on a router that is configured for Cisco IOS Firewall.

Workaround: Configure a reduced maximum fragment, maximum reassembly, and timeout value in the ipv6 virtual-reassembly command, as in the following example:

ipv6 virtual-reassembly max-fragments 2 max-reassemblies 5 timeout 1

CSCeg32948

Symptoms: A ping from a home agent (HA) to a mobile access router (MR) fails with CEF is enabled on the foreign agent (FA).

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when the MR or the mobile node (MN) roams to another interface on the same FA.

Workaround: There is no workaround.

CSCeg38778

Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.

Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.

Workaround: There is no workaround.

CSCeg39560

Symptoms: After a router is rebooted, a tunnel interface does not acquire the IP address of the async serial interface that is the tunnel source.

Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(8)T3.

Workaround: Enter the tunnel source interface-type interface-number command on the tunnel interface.

CSCeg49448

Symptoms: A Cisco 3745 may display the following error message:

%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on Foreign Exchange Station 3/0/0. Msg id=00, Len=36

Conditions: This symptom is observed on a Cisco 3745 that functions as a VoIP dial peer and that is configured with FXS ports that function in connection trunk mode and that are not configured for VAD.

Workaround: Configure VAD and reload the router.

CSCeg50651

Symptoms: When a router has the moh-live dn-number out-call command enabled with 1234 for the dn-number argument and 9876 for the out-call argument, the outcall to an FXO port does not occur. Only when the router is manually placed into SRST mode does the outcall occur.

Conditions: This symptom is observed on a Cisco 2800 series that is configured as a MGCP gateway.

Workaround: Place the gateway into SRST mode, force the outcall to the live feed, then place the router back into MGCP mode.

Further Problem Description: This caveat is an enhancement to the MOH Live-Feed Support feature. The fix for this caveat ensures that MoH works in any configuration, not only when the router functions in SRST mode.

CSCeg53478

Symptoms: A Cisco 831 may display the following message on the console:

pktFlowLink() logic error, pMatch and pEmptySlot

Conditions: This symptom is observed very rarely after the router has been up for a long time. The functionalities of the router are not affected.

Workaround: There is no workaround.

CSCeg54615

Symptoms: There may be a large latency in responding to EAPoUDP events from a host, causing the idle timer to expire and network access for users to be delayed.

Conditions: This symptom is observed on a Cisco router that is configured for Network Admission Control (NAC).

Workaround: There is no workaround.

CSCeg56162

Symptoms: A VIP on a Cisco 7500 series may crash.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoFR when traffic is sent through the VIP.

Workaround: There is no workaround.

CSCeg63036

Symptoms: An MPLS LSC fails to set up a cross connection between an XTagATM interface on an RPM and an XTagATM interface on an AXSME service module.

Conditions: This symptom is observed on a Cisco MGX 8850 that functions as an MPLS LSC but may be platform-independent.

Workaround: There is no workaround.

CSCeg64786

Symptoms: A router reloads when you remove the ip address dhcp command.

Conditions: This symptom is observed when the interface on which the ip address dhcp command is configured is also configured to perform an IETF DDNS update.

Workaround: Do not update the IETF DDNS.

CSCeg67264

Symptoms: A Cisco 7500 series may crash when you enter the clear virtual-access command on a peer router.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM and that is connected to a Cisco 7200 series that functions as a peer router to the Cisco 7500 series.

Workaround: There is no workaround.

CSCeg69312

Symptoms: The output of the show voice call summary command does not show the correct codec for a fax call.

Conditions: This symptom is observed on a Cisco router when the fax protocol t38 and the modem passthrough dial-peer configuration commands are enabled. The output of the show voice call summary command should show "14400" rather than "7200". However, the fax call goes through fine.

Workaround: There is no workaround.

CSCeg72075

Symptoms: There is no voice path.

Conditions: This symptom is observed when a call is hunted from one FXS POTS dial peer to another FXS POTS dial peer because there is no answer.

Workaround: There is no workaround.

CSCeg76309

Symptoms: A Cisco router that is configured for Cisco CallManager Express (CME) crashes intermittently during a period of two to three weeks with a "TclEvalByteCodeFromObj" SegV exception.

Conditions: This symptom is observed under normal operation when the router functions without a high CPU load.

Workaround: There is no workaround.

CSCeg78036

Symptoms: The following tracebacks may be generated when VFR handles fragmented packets:

%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 0 data 6472EE80
chunkmagic 0 chunk_freemagic 6484FA7C
-Process= "IP Input", ipl= 4, pid= 60

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.11)T1. The symptom may also occur on a Cisco 2651XM.

Workaround: There is no workaround.

CSCeg78445

Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:

%VPN_HW-1-ERROR: slot: 0 - ENOSPACE tx cmd 2 ring. Head 235, Tail 234, Used 255, buf 0
IPSECcard: an error coming back 0x1510

%CRYPTO-3-CONNID_ALLOC_FAIL: Crypto engine failed to allocate a connection ID for negotiation from
10.0.0.1 to 10.0.0.2

%SYS-2-MALLOCFAIL: Memory allocation of 20000 bytes failed from 0x60021B4C, alignment 0
Pool: Processor Free: 6093876 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool

-Process= "Crypto IKMP", ipl= 0, pid= 169 -Traceback= hex numbers

Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN-BPII-PLUS, AIM-VPN/EPII, AIM-VPN/EPII-PLUS, AIM-VPN/HPII or AIM-VPN/HPII-PLUS Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM).

Workaround: There is no workaround.

CSCeg79590

Symptoms: No IPS alerts are generated.

Conditions: This symptom is observed when an IPS rule is configured wit ACL logging. The symptom occurs because ACLs logging functions at process context only. For any IPS rule with ACL logging in the following configuration, the packets are not processed in fast path or CEF path:

access-list 100 permit any 192.168.1.0 0.0.0.255 log
ip ips name test list 100

Workaround: Do not configure ACL logging. Instead, for example, enter the following command:

access-list 100 permit any 192.168.1.0 0.0.0.255

CSCeg80092

Symptoms: Path MTU discovery fails.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T5 and that is configured for PPP, HDLC, and miscellaneous features over a WAN tunnel that use IP as the transport protocol.

Workaround: There is no workaround.

CSCeg80794

Symptoms: A Cisco 3640 may hang when you configure PRI signaling.

Conditions: This symptom is observed inconsistently on a Cisco 3640 that runs Cisco IOS Release 12.3(11)T3.

Workaround: There is no workaround. Power-cycle the router to bring it back up.

CSCeg80858

Symptoms: When the buffered calling name functionality is enabled, calls from an ISDN gateway to a SIP device do not reflect correct screening and presentation indicators (as set in Octect3A by the originating switch) in the Remote-Party-Id header of an outgoing INVITE message. In addition, the gateway does not include the calling number in the Remote-Party-Id.

Conditions: This symptom is observed for calls that come from the PSTN via an ISDN gateway to a SIP device when the buffered calling name functionality is enabled so that the gateway has to wait for an ISDN FACILITY message for the calling name information before it can send an INVITE message.

Workaround: Disable the buffered calling name functionality.

CSCeg83188

Symptoms: Some calls may go as modem-passthrough rather than modem-relay.

Conditions: This symptom is observed on a Cisco gateway either when a DSP does not detect a CM tone or when an ANSam tone is not received correctly.

Workaround: There is no workaround.

CSCeg84512

Symptoms: End-to-end connectivity is broken in a basic EoMPLS configuration even though the VC on a PE router in the UP state.

Conditions: This symptom is observed on a Cisco router that functions as a PE router in a configuration in which packets are sent from a CE router on one end, are processed correctly through the PE router, but fail to reach the CE router on the other end.

Workaround: Enter the shutdown command followed by the no shutdown command on the VC on the PE router.

CSCeg84573

Symptoms: Traffic, including cell-based MPLS traffic, may be affected (that is, traffic may be dropped, or its behavior may be modified) after you have modified a QoS policy map that is already attached to an interface by way of adding a new class or deleting an existing class.

Additionally, when a cell-based interface is affected by the above-mentioned symptom, traffic on other switch subinterfaces may also be affected even though the same policy map is not applied to these subinterfaces.

Conditions: These symptoms are observed on when the following conditions are present:

A policy map "p" is configured with more than class.

A particular class "y" is removed from "p" explicitly through the no class y command or implicitly by removing all the class-map actions under class "y".

For all classes under "p", including the "class-default" that is configured for "police" and that follows class "y" prior to its removal, the matching traffic is treated with the "exceed" action.

Workaround: To prevent the symptoms form occurring: enter the shutdown command on the interface before you modify the policy map. Enter the no shutdown command after you have modified the policy map.

Alternate Workaround: When the symptom has occurred and the interface is already affected, enter the shutdown command followed by the no shutdown command on all affected subinterfaces.

CSCeg85117

Symptoms: The transfer rate of data through a modem may be slightly less than the expected value of 1200 bytes/sec. The rate varies from 974 bytes/sec to 1122 bytes/sec.

Conditions: This symptom is observed when the modem sends the data over an AAL2 trunk of Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1.

Workaround: There is no workaround.

CSCeg86251

Symptoms: The CISCO-CDP-MIB is missing.

Conditions: This symptom is observed only on a Cisco 831.

Workaround: There is no workaround.

CSCeg86900

Symptoms: A Cisco 831 may run out of memory and reload.

Conditions: This symptom is observed on a Cisco 831 that is configured for DMVPN and other security features such as Cisco IOS firewall, NAT, and CBAC.

Workaround: There is no workaround.

CSCeg90657

Symptoms: Fragmented DNS packets fail.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1 when inside static NAT is configured.

Workaround: There is no workaround.

CSCeh02746

Symptoms: You cannot turn off the comfort noise that is generated by a DSP by entering the no comfort-noise voice-port configuration command.

Conditions: This symptom is observed on a Cisco router that functions as a voice gateway and that is a configured with a network module or DSP module that uses 5510 DSPs such as an NM-HD-2V, NM-HDV2, and PVDM.

Workaround: There is no workaround.

CSCeh02842

Symptoms: In a point-to-point connection setup, the ATM interface on a Cisco 3660 may become stuck, causing packets to be dropped.

Conditions: This symptom is observed under unique test conditions with a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.4)T1. The symptom is not reproducible with a manual configuration.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected ATM interface or recreate the PVC.

CSCeh06736

Symptoms: When IP header compression is enabled on a PPPoATM or PPPoFR interface, compressed packets are not correctly classified by any QoS policy that has been applied to the supporting ATM or Frame Relay PVC.

Conditions: This symptom is observed when CRTP is enabled on the virtual-template interface via the service policy command or ip rtp header-compression command and when the IP RTP Priority feature is enabled in the PVC policy.

Workaround: There is no workaround.

CSCeh08363

Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.

Workaround: There is no workaround.

CSCeh09198

Symptoms: A Cisco gateway that has the garbage detector (a tool that is used for debugging memory leaks) enabled may hang indefinitely.

Conditions: This symptom is observed when you enter the garbage detector-related show memory debug leaks command or show memory debug incremental leaks command.

Workaround: There is no workaround.

CSCeh09820

Symptoms: The output of the show call active fax brief command shows output even when a fax call over a connection trunk is switched back to voice mode. In addition, the output of the show call history fax brief command shows no call leg even when the last fax call is successful and the output may not be updated for a second call and subsequent calls. However, the is no impact on the success of the calls.

Conditions: This symptom is observed on a Cisco 3700 series that is configured for VoIP and fax.

Workaround: There is no workaround.

CSCeh10646

Symptoms: A router may unexpectedly reloads because of a bus error at an address that falls just short of the I/O memory range such as address 0x4E7FD5B8, whereas the iomem address starts at 0x4E800000.

Conditions: This symptom is observed when the router has some of the following security feature commands enabled on one or more interfaces:

ip nbar protocol-discovery

ip virtual-reassembly

ip access-group in

ip access-group out

ip inspect in

ip inspect out

ip ips in

ip ips out

auto discovery qos

crypto map

Workaround: Remove the ip access-group out command.

CSCeh14446

Symptoms: The maintenance mode on a Cisco AS5850 that is configured for RPR+ may not function.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCeh15949

Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.

Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.

Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.

Further Problem Description: An example of this caveat is shown below.

When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.

Topology:

RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1

Router_RPM09_XF#show running-config
Building configuration...

Current configuration : 1190 bytes

!

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

!

hostname Router_RPM09_XF

!

boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker

interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto

access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any

Router_RPM09_XF#show ip access-list 101

Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#

The information below shows that the access list does not function:

Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open

CSCeh16214

Symptoms: A router reloads when you connect a third-party USB card reader.

Conditions: This symptom is observed when you connect a third-party USB card reader to the USB ports of a Cisco 2851 and Cisco 3845. It does not matter whether or not there is compact flash card in the USB card reader.

Workaround: There is no workaround.

CSCeh17995

Symptoms: When you enter the following commands on the Fast Ethernet port of an NM-16ESW network module, the router may crash:

ip dhcp client hostname

no switchport mode

switchport mode

Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series in which an NM-16ESW network module is installed.

Workaround: Do not enter IP commands in switchport mode.

CSCeh18650

Symptoms: The DHCP interface address is not switched when you enter the ip dhcp smart-relay command.

Conditions: This symptom is observed on a Cisco platform that has the VRF-aware DHCP feature enabled.

Workaround: There is no workaround.

CSCeh19106

Symptoms: A Service Selection Gateway (SSG) that is deployed in a GPRS access environment and that is configured for L2TP tunnel service with an extended autodomain may reload when duplicate GPRS PDP context create requests are sent.

Conditions: This symptom is observed when the PDP context create requests contain the static addressing, that is, the IP address of the MS instead of all zeros in the end user address field.

Workaround: There is no workaround. Note that for corporate access through a GPRS access-based solution using SSG, generally dynamic addressing is used. With dynamic addressing, the end-user address field is sent with all zeros and the corporate network provides the address, and the symptom does not occur.

CSCeh21290

Symptoms: When MLP is configured and when the policy map of a CE router does not have a real-time class map configured in its output policy map, TCP packets are policed incorrectly. This situation may affect the traffic throughput.

Conditions: This symptom is observed on a Cisco MGX RPM-XF that functions as a PE router and that runs Cisco IOS Release 12.3(11)T3 or releases later than Release 12.3(2)T6. The symptom occurs when TCP packets are sent via class-b data with 73 bytes of payload from a CE router to a PE router.

When the output policy map of the CE router does not have a real-time class map configured, the PE router shows that the 73-byte packet requires three ATM cells instead of just two ATM cells.

When the output policy map of the CE router does have a real-time class map configured, the PE router shows that the 73-byte packet requires two ATM cells, as it should be.

Workaround: There is no workaround.

CSCeh21680

Symptoms: A Cisco 2800 series or Cisco 3800 series may crash when you configure the interface of an NM-16ESW.

Conditions: This symptom is observed when you enter the ip rsvp bandwidth command on FE port 1/10 of the NM-16ESW and then you enter the no switchport mode command followed by the switchport mode command.

Workaround: Do not enter IP commands in switchport mode.

CSCeh22476

Symptoms: A Cisco MGX RPM-XF resets because a PCI retry counter expires.

Conditions: This symptom is observed when a Galileo PCI interrupt is asserted on SAR command timeouts.

Workaround: There is no workaround.

CSCeh22616

Symptoms: The output queue of a Fast Ethernet back card of a Cisco MGX RPM-XF may be stuck at 40/40.

Conditions: This symptom is observed when the Cisco MGX RPM-XF runs Cisco IOS Release 12.3(2)XZ and when the interface of the Fast Ethernet back card is configured in half-duplex mode and is connected to a hub. This symptom may also occur in Release 12.3T.

Workaround: Clear the affected interface of the Fast Ethernet back card by entering the clear interface fastethernet slot/port command.

CSCeh24075

Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.

Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.

CSCeh24202

Symptoms: A Cisco 2800 series that is configured for software or hardware encryption and CBAC may reload.

Conditions: This symptom is observed when IPSec SAs and CBAC sessions are established and when the traffic is blocked by an ACL on the outgoing WAN interface of a neighboring crypto router. When you send encrypted traffic from the neighboring crypto router to another router via the Cisco 2800 series, the Cisco 2800 series reloads.

Workaround: Permit the encrypted traffic on the outgoing interface of the neighboring crypto router.

CSCeh25009

Symptoms: When an input policy is defined on a Cisco 7500 series, counters do not increment.

Conditions: This symptom is observed when dLFIoFR QoS is configured in the egress path on the router.

Workaround: There is no workaround.

CSCeh25459

Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.

Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:

The initial codec for the call is negotiated as G.729.

A reinvite message with a codec change to G.711ulaw is sent to the gateway.

The gateway accepts the change with a 200 OK message but continues to send the call with codec G.729 in the RTP stream.

Workaround: Remove the fax pass-through configuration.

CSCeh26757

Symptoms: The IPSec idle timer does not delete an inactive IKE SA.

Conditions: This symptom is observed when the timer expires. IPSec SAs are properly deleted but the IKE SA is left up.

Workaround: There is no workaround.

CSCeh28729

Symptoms: An H.323 modem call is dropped rather than processed via modem pass-through.

Conditions: This symptom is observed when modem relay is configured on both the originating gateway (OGW) and the terminating gateway (TGW), when the OGW is configured for high complexity, and when the TGW is configured with a modem card in which an NM-HDV network module is installed.

The expected behavior is that the modem call passes as a modem pass-through call because modem relay is not supported on a modem card.

Workaround: There is no workaround.

CSCeh30001

Symptoms: E1R2 SS7 calls fail and a traceback is generated on a Cisco AS5400.

Conditions: This symptom is observed on a Cisco AS5400 when you bring up more than one E1R2 SS7 call. However, when you bring up only a single call, the call is successful and stable for the call duration.

Workaround: There is no workaround.

CSCeh30818

Symptoms: A traceback is generated when multicast traffic is flowing.

Conditions: This symptom is observed when PIM is enabled on multiple interfaces and when the counters are cleared.

Workaround: There is no workaround.

CSCeh31934

Symptoms: There is no hornbook tone from a second ephone in a hunt group when the ringing of the first ephone in the hunt group times out and the call is forwarded to the second ephone.

Conditions: This symptom is observed when a TCL IVR application is configured on an incoming POTS dial peer.

Workaround: There is no workaround.

CSCeh32315

Symptoms: The IPSec Path Maximum Transmission Unit (PMTU) is not updated correctly when the IP MTU of the underlying physical interface is changed. When the IP MTU of the physical interface is changed to a smaller size, fragmentation may occur.

Conditions: These symptoms are observed when you configure a crypto map on tunnel interfaces that use the IP address of the physical interface as the tunnel source.

Workaround: There is no workaround. However, when the IP MTU of the physical interface is not changed, IPSec traffic should not be negatively affected.

CSCeh32430

Symptoms: A router may crash when a certificate server is removed while the certificate storage is inaccessible.

Conditions: This symptom is observed under the following conditions:

A Cisco IOS Certificate Server is busy processing a CLI such as the clock set command that was entered via a Telnet or console session.

The CLI prompt has not returned.

In another Telnet or console session, the Cisco IOS Certificate Server is removed by entering the no crypto pki server server-label command.

Workaround: Do not remove the Cisco IOS Certificate Server via one Telnet or console session while the Cisco IOS Certificate Server is busy processing a CLI in another Telnet or console session.

CSCeh32576

Symptoms: Configuring an AUX port through a non-slotted notation such as "interface async 1" may not be possible a Cisco 1841 and a Cisco 2801.

Conditions: This symptom is observed on a Cisco 1841 and Cisco 2801 that run Cisco IOS interim Release 12.3(11.9)T or a later release.

Workaround: Configure the AUX port through the slotted notation such as "interface async 0/0/0".

CSCeh33519

Symptoms: A gateway attempts to register with a gatekeeper more than once but fails, and the following error message and tracebacks are generated:

CCH323-2-GTWY_REGSTR_FAILED: Gateway egsin-3845-vw@cisco.com failed to register with Gatekeeper egsj-3745-gk even after 2 retries

Conditions: This symptom is observed on a Cisco router that functions as an H.323 gateway when you manually shut down the interface through which the gatekeeper is reachable.

Workaround: There is no workaround.

CSCeh36391

Symptoms: The line protocol on a serial link stays down and input CRC errors are generated.

Conditions: This symptom is observed when a T1 WIC is connected to a 56K DSU WIC via a switch and mux, when the switch provides the clock, and when the network-clock-select command is enabled on the T1 WIC side to route the clock to the TDM backplane.

Workaround: There is no workaround.

CSCeh37340

Symptoms: Accounting does not start after a tunnel goes down and comes back up again.

Conditions: This symptom is observed when multiple clients are connected to a head-end router through a platform that is configured for NAT.

The tunnel interface should be down when clients try to re-key an IPSec SA and accounting should fail. After the permitted number of re-key attempts, the IKE SA and peer structures should be eliminated. However, when the tunnel interface goes up and IKE negotiation starts again, accounting should also start again.

Workaround: There is no workaround.

CSCeh41997

Symptoms: EEM Tcl policies leak a significant amount of memory every time they run.

Conditions: This symptom occurs because the memory model that is currently implemented in Cisco IOS software that supports Tcl assumes a single threaded model in which global memory is not released when the Tcl script completes.

Workaround: There is no workaround.

CSCeh42080

Symptoms: In a test in which an ACL is triggered by EzVPN, a tunnel does not come up for interesting traffic.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(12.12)T5.

Workaround: There is no workaround.

CSCeh42852

Symptoms: A T.37 fax fails on a Cisco 2800 series because of clocking problems with a BRI. The fax that is sent or received via the BRI may be incomplete with cut pages or a part lost. About 40 to 50 percent of the faxes fail.

Conditions: This symptom is observed in the following topology:

A fax is sent from a fax machine via the PSTN to a BRI on a Cisco 2800 series. The Cisco 2800 series connects via an IP interface to an SMTP mail server.

Workaround: There is no workaround. Note that a fax that is sent via FXS instead of via a BRI goes through fine.

CSCeh43717

Symptoms: A Cisco 3745 reloads when you enable the proxy.

Conditions: This symptom is observed on a Cisco 3745 that functions as a gatekeeper.

Workaround: Disable the proxy mode.

CSCeh43768

Symptoms: A crypto tunnel is in the DOWN state after a Cisco 7200 series crashes because of a valid freeblock memory corruption.

Conditions: This symptom is observed when you change the Cisco IOS software image on the Cisco 7200 series from Release 12.3(8)T4 to Release 12.3(8)T7.

Workaround: There is no workaround.

CSCeh43773

Symptoms: Labeled packets drop when a crypto map is applied on an egress interface.

Conditions: This symptom is observed when the egress interface is configured for MPLS.

Workaround: There is no workaround.

Further Problem Description: While generating labeled packets from the router on which the crypto map is applied, the output of the debug ip packet access-list-number command shows the following information:

IP: tableid=1, s=10.1.1.1 (local), d=10.1.2.1 (GigabitEthernet0/2),routed via FIB

IP: s=10.1.1.1 (local), d=10.1.2.1 (GigabitEthernet0/2), len 100,sending

IP: s=10.1.1.1 (local), d=10.1.2.1 (GigabitEthernet0/2), len 100,output crypto map check failed.

CSCeh44066

Symptoms: A packet is dropped because of a CEF encapsulation failure.

Conditions: This symptom is observed when the packet passing through a GRE tunnel interface.

Workaround: Turn off CEF switching on the GRE tunnel interface.

CSCeh46004

Symptoms: A SAR ucode reload is not recorded.

Conditions: This symptom is observed on a Cisco MGX RPM-XF when you enter a command that causes a reload of the SAR microcode.

Workaround: Check the log for references to the SAR ucode reload.

CSCin68433

Symptoms: A VIP may crash at "ct3sw_rx_interrupt" when dMLFR is configured on the RSP.

Conditions: This symptom is observed on a Cisco 7500 series that is configured with a channelized T3 port adapter.

Workaround: There is no workaround.

CSCin79522

Symptoms: A Cisco router that runs Cisco IOS Release 12.3T may reload when the ATM interfaces are swapped.

Conditions: This symptom is observed when an ATM IMA port adaptor is removed and a PA-A3 port adaptor is inserted in the same slot and when there is at least one PVC configured that has the inarp enabled.

Workaround: There is no workaround.

CSCin82582

Symptoms: After you have reloaded a Cisco 3745 that is configured with ATM AIM cards and that has a startup configuration that includes BERT functionality, a software-forced reload may occur on the router and the router does not come up.

Conditions: The symptom is observed on a Cisco 3745 that runs Cisco IOS interim Release 12.3(12.12)T1 when the codecs that are included in the startup configuration are LLCC. The software-forced reload does not occur after you have reloaded the router with the default configuration, that is, when codec information is not included and when ATM AIM cards are not configured. The router crashes only when all the voice ports are initialized and ATM AIM cards are in use.

Workaround: There is no workaround.

CSCin83380

Symptoms: Routers generate tracebacks during a test with call setup and random call failures.

Conditions: This symptom is observed on Cisco 7xxx routers when E1R2 signaling is configured and when line signaling is used for the analog service.

Workaround: There is no workaround.

CSCin84542

Symptoms: A VWIC multiflex trunk controller that has the alarm trigger-blue command enabled may not come up.

Conditions: This symptom is observed when you boot a Cisco 3745 that runs Cisco IOS Release 12.3(7)T6.

Workaround: Enter the shutdown command followed by the no shutdown command on the affected controller after the router has booted.

CSCin87258

Symptoms: A Cisco router that is configured for SSG may reload when you configure a local service profile.

Conditions: This symptom is observed when the local service profile is configured with more than 150 service network entries.

Workaround: There is no workaround.

CSCin87746

Symptoms: A TDM connect failure occurs and tracebacks are generated, causing voice call failures.

Conditions: This symptom is observed when Voice over IP (VoIP) is configured on a Cisco 7200 series and a Cisco 7500 series, when the signaling is E1 R2 analog with medium complexity, when you change the framing from CRC4 to non-CRC4 on the E1 controllers, and when you enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the E1 controllers of both the Cisco 7200 series and the Cisco 7500 series.

Workaround: There is no workaround.

CSCin87783

Symptoms: The PRI voice-call path confirmation may fail and a %DSMP-3-DSP_TIMEOUT message may be generated.

Conditions: This is symptom is observed on a Cisco 3660 while PRI voice calls are made.

Workaround: There is no workaround.

CSCin89146

Symptoms: The G.728 codec calls fail on a SIP call leg of an IPIPGW.

Conditions: This symptom is observed when the G.728 codec is configured on the SIP leg and when a "ptime" translation error occurs.

Workaround: There is no workaround.

CSCin89236

Symptoms: Though an active call disconnects, the SCCP connection is not torn down.

Conditions: This symptom is observed on a Cisco platform that functions as an IPIPGW only after you reload the router and test transcoding for the first time. The SCCP connection exists for a long duration or until you enter the no sccp command.

Workaround: Enter the no sccp command to tear down the SCCP connection.

CSCin89831

Symptoms: A "Diagnostic Minor Error" may occur on a Multiprocessor WAN (MWAN) application module and processor 6 ("complex 0") may fail to come up on the MWAM application module. This situation causes only four processor to be up and one processor to remain inaccessible.

Conditions: This symptom is observed when the MWAN application module runs a GGSN image.

Workaround: There is no workaround.

CSCsa42585

Symptoms: A Cisco IOS IPv6 firewall may crash and generate the following error message:

%ALIGN-1-FATAL: Illegal access to a low address

Conditions: This symptom is observed when you enter the clear ipv6 inspect all command while many TCP sessions are being created.

Workaround: Prevent that so many TCP sessions are created: limit the session creation rate to 200 sessions per minute by lowering the onemin threshold for the IPv6 firewall via the ipv6 inspect onemin high 200 command.

CSCsa44556

Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.

Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.

Workaround: Reload the gatekeeper after you have made the configuration changes.

CSCsa45066

Symptoms: A memory leak may occur in the in SDP library on an IPIPGW.

Conditions: This symptom is observed when a fax call is made between a platform that is configured for SIP and a platform that is configured for T.38 H.323.

Workaround: There is no workaround.

CSCsa50971

Symptoms: A Cisco platform may unexpectedly reload while attempting to resequence an access list.

Conditions: This symptom is observed when you delete a few ACEs and then immediately enter the ip access-list resequence access-list-name starting-sequence-number increment command.

Workaround: There is no workaround.

CSCsa52821

Symptoms: When AAA accounting is configured for an EZ-VPN server, the EZ-VPN server may stop sending periodic updates for an idle client. When the symptom occurs, the output of the show aaa sessions command shows that the user name is not available for the idle client. The user name appears to be lost.

Conditions: This symptom is observed on a Cisco 7200 series that functions as an EZ-VPN server and that runs Cisco IOS Release 12.3(8)T or a later release. The symptom may not be release-specific.

Workaround: Add an IPSec idle time of a shorter duration than the IPSec lifetime to enable idle clients to send stop records.

CSCsa53127

Symptoms: A bargeinable prompt aborts right after it starts playing, almost as if it is being barged in to.

Conditions: This symptom is observed in the following scenario with an application that requests DTMF input using two to four digits with an asterisk as the termination character:

You let the prompt play (that is, you do not barge in).

You enter "123*". The next prompt is a VXML Transfer element containing three .wav files (1.wav, 2.wav, and 3.wav).

This prompt is bargeinable, but you do not barge in. You hear a brief "burp", but not the three .wav files.

The final prompt is non-bargeinable TTS "Test Passed", which you hear just fine.

Workaround: Make the .wav files non-bargeinable.

CSCsa55375

Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.

Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.

Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.

CSCsa57147

Symptoms: A disconnect event is not thrown or caught on a Cisco AS5400.

Conditions: This symptom is observed when the platform functions under a heavy load with a large number of calls that are disconnected from the gateway during VXML page execution. The disconnect event may not be thrown or get caught by the catch blocks of the root document.

Workaround: There is no workaround.

CSCsa57841

Symptoms: A Cisco 837 may report a memory leak in the I/O pool caused by a buffer leak in the VeryBig buffer pool.

Conditions: This symptom is observed on a Cisco 837 that runs Cisco IOS Release 12.3(11)T2, that is configured for IPSec, and that receives SNMP pols from a server.

Workaround: Stop the SNMP pols that check the operational status (via the ifOperStatus object) and administrative status (via the ifAdminStatus object) of the interfaces on the router. Alternatively, temporarily disable SNMP on the router.

CSCsa57869

Symptoms: When a voice call is made, a spurious memory access may occur on a Cisco AS5400 or the Cisco AS5400 may reload unexpectedly because of a bus error.

Conditions: These symptoms are observed in the following Cisco IOS software releases:

The spurious memory access is observed on a Cisco AS5400 that runs interim Release 12.3(12.12)T2 during an eight-hour stress test.

The unexpected reload is observed on a Cisco AS5400 that runs interim Release 12.3(12.5).

Workaround: Enter the no voice-fastpath enable command to prevent the symptoms from occurring.

CSCsa59315

Symptoms: SSG subscribers that are connected on a downlink VRF are not able to access SSG open garden services.

Conditions: This symptom is observed when downstream traffic from the open garden service to the subscriber is routed using the global routing table and is dropped when it appears to be unroutable.

Workaround: Add a route to the subscriber IP address in the global routing table.

Alternate Workaround: Do not bind the interface to the open garden service as an uplink interface and enable VRF-based NAT to translate the subscriber IP address to a global IP address.

CSCsa59549

Symptoms: A Cisco 2800 series that is configured for encryption, CBAC, and IPS crashes and reloads during the inspect process.

Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS interim Release 12.3(12.12)T2 when it functions under a heavy load of mixed application traffic and IP telephony traffic.

Workaround: There is no workaround.

CSCsa59667

Symptoms: An AIM that is installed in a Cisco 2851 or Cisco 3845 may time out when it receives non-multiples of a 64-bits public key from a third-party vendor router. This situation causes the router to crash rather than verifying the key.

The Cisco 2851 crashes because of a memory corruption. The Cisco 3845 crashes because of an "ALIGN-1-FATAL" bus error.

Conditions: This symptom is observed on a Cisco 2851 and Cisco 3845 that run Cisco IOS Release 12.3(11)T3.

Workaround: Ensure that the AIM receives multiples of the 64-bits public key.

Alternate Workaround: Disable the AIM hardware encryption by entering the no crypto engine aim 0 command. Doing so causes onboard encryption to occur.

CSCsa60934

Symptoms: A Cisco router on which URL filtering is used may reload because of memory corruption.

Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(7)XR3 or interim Release 12.3(7.11)T.

Workaround: There is no workaround.

CSCsa63019

Symptoms: A security gateway may crash when ISAKMP accounting is enabled at aggressive time intervals such as 1-minute updates.

Conditions: This symptom is observed when ISAKMP accounting is enabled at very frequent update intervals together with ISAKMP NAT-T.

Workaround: Use ISAKMP accounting timers with a longer duration.

CSCsa64885

Symptoms: A router that is configured for SSG intermittently resets itself and generates a spurious memory access.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T with a prepaid or proxy service that has an idle or session timeout configured in the service profile.

Workaround: There is no workaround.

CSCsa65656

Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.

Conditions: This symptom is observed for post-paid users.

Workaround: There is no workaround.

CSCsa66255

Symptoms: IP data traffic does not pass via MLP.

Conditions: This symptom is observed on a Cisco 3825 that runs the c3825-advsecurityk9-mz image of Cisco IOS Release 12.3(11)T3 when STAC compression on an AIM-COMPR4 fails.

Workaround: There is no workaround.

CSCsa66702

Symptoms: A Cisco 3660 may reload when an IP phone is placed on hold.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(11)T4.

Workaround: There is no workaround.

CSCsa67469

Symptoms: When calls are made from an IP phone to the PSTN and when the PSTN side transfers the call to another PSTN number, one-way audio occurs. The IP phone caller can hear the new PSTN callee, but the PSTN callee cannot hear the IP phone caller.

There is no pattern to the number of calls that fail, but eventually the router to which the IP phone is connected has CPU high utilization and crashes.

Conditions: This symptom is observed on a Cisco 2600XM that runs Cisco IOS Release 12.2(15)ZJ or Release 12.3(11)T2.

Workaround: There is no workaround.

CSCsa69625

Symptoms: A severe memory leak occurs when accounting is enabled on a gatekeeper. When all memory has been consumed, the following error message is generated:

%AAA-3-ACCT_IOMEM_LOW: AAA ACCT process suspended: low I/O memory

After this message has been generated, you cannot enter any CLI command and calls fail. You must reload the router to recover the lost memory.

Conditions: This symptom is observed on a Cisco router that functions as a terminating gatekeeper and that is placed between a VoIP call generator and an originating gatekeeper that is also connected to a VoIP call generator. The symptom occurs after the following events have occurred:

You configure gatekeeper-based accounting.

You make interzone calls by using the VoIP callgenerator.

You make calls at a rate of two calls per second for more than hour, after which the memory if fully consumed.

Workaround: There is no workaround.

CSCsa70038

Symptoms: When calls come in from the PSTN while you manually shut down a BRI of a VIC2-BRI, the Cisco gateway activates ISDN layer 1. This is improper behavior.

Conditions: This symptom is observed on a Cisco gatekeeper that runs Cisco IOS Release 12.3(4)T6 or Release 12.3(11)T3, but could also occur in other releases.

Workaround: There is no workaround.

CSCsa70040

Symptoms: A router does not attempt to autoinstall a software configuration via a Frame Relay WAN segment when it receives a response to a DHCP request on an Ethernet LAN, even though the DHCP server does not support autoinstall via TFTP.

Conditions: This symptom is observed when a software configuration is replaced on a failed remote router or installed on a new remote router. The router is connected to an existing Ethernet LAN and a Frame Relay WAN segment. You would expected that the router autoinstalls over the Frame Relay WAN segment because it is supposed to download the configuration from a central TFTP server. However, this does not occur.

When the router has a response to its DHCP request on the Ethernet LAN, it attempts to autoinstall over DHCP. Although the DHCP server does not support autoinstall over DHCP, the router does not attempt to autoinstall over the Frame Relay WAN segment.

Workaround: Prevent the DHCP server from responding to the router's request or ensure that someone is physically present to disconnect the Ethernet LAN link from the router to force the router to autoinstall over the Frame Relay WAN segment. When the router has autoinstalled over the Frame Relay WAN segment, the router should be reconnected to the Ethernet LAN.

CSCsa71055

Symptoms: Pings from a PE router to the Ethernet interface of a CE router fail.

Conditions: This symptom is observed on a Cisco MGX RPM-XF that functions as a PE router and that runs Cisco IOS Release 12.3(2)XZ. The symptom could also occur in Release 12.3T.

Workaround: Clear the IP route.

CSCsa71310

Symptoms: An E1 controller on an MGCP trunking gateway reports Loss of Frames (LOF).

Conditions: This symptom is observed when you configure a Cisco 3660 as an MGCP trunking gateway.

Workaround: There is no workaround.

CSCsa71410

Symptoms: A Cisco AS5400 gateway crashes and reboots at random.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T4 when you run a load test with a Customer Voice Portal (CVP) configuration for one to two hours and then stop the load test and place a single call using an IP phone.

Workaround: There is no workaround.

CSCsa71596

Symptoms: The prompt file that is stored on an HTTP file server and that is invoked by a VXML document is not heard by a caller.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(12.12)T5 when a VXML document attempts to retrieve and render a wav file that is stored on an HTTP file server.

Workaround: There is no workaround.

CSCsa71612

Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.

Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.

Workaround: Add another NM-HD-2VE and configure codec complexity medium.

CSCsa72114

Symptoms: When you enter the crypto ipsec client ezvpn command, the platform may crash because of memory corruption and error messages similar to the following may be generated:

validblock_diagnose, code = 10

current memory block, bp = 0x655B127C, memorypool type is Processor data check, ptr = 0x655B12A4

next memory block, bp = 0x655B13C4, memorypool type is Processor data check, ptr = 0x655B13EC

previous memory block, bp = 0x655B10CC, memorypool type is Processor data check, ptr = 0x655B10F4

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T3.

Workaround: There is no workaround.

CSCsa73120

Symptoms: A Cisco 7301 may restart because of a bus error.

Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(8)T5 and that is configured for IPSec.

Workaround: There is no workaround.

CSCsa73438

Symptoms: When SSG functions in RADIUS proxy mode, SSG sends the RADIUS Framed IP Netmask Attribute value that it receives from a RADIUS server as the Framed IP Address Attribute value towards a GGSN or CSG downlink RADIUS client.

Conditions: This symptom is observed when the RADIUS Framed IP Netmask Attribute value is less then a 32-bit mask.

Workaround: Avoid using the RADIUS Framed IP Netmask Attribute or use a 32-bit mask value for it.

CSCsa73842

Symptoms: An IP phone line is not released for some calls between Cisco CallManagers.

Conditions: This symptom is observed when calls between the Cisco CallManagers are made via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) that is configured for H.323.

Workaround: There is no workaround.

CSCsa74386

Symptoms: A router may crash because of an unexpected exception to CPUvector 1200.

Conditions: This symptom is observed on a low-end Cisco router such as a Cisco 2650 series that runs Cisco IOS Release 12.3(11)T3 when a basic QoS configuration such as CBWFQ is applied to a legacy dialer interface and when traffic is flowing through this interface.

Workaround: Remove the output service policy from the dialer interface before any traffic goes through the ISDN backup interface.

CSCsa74911

Symptoms: A Cisco 3745 may display the following error message:

%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on Foreign Exchange Station 3/0/0. Msg id=00, Len=36

Conditions: This symptom is observed on a Cisco 3745 that functions as a VoIP dial peer and that is configured with FXS ports that function in connection trunk mode and that are not configured for VAD.

Workaround: Configure VAD and reload the router.

Further Problem Description: The above-mentioned information comes from the Release-note enclosure for caveat CSCeg49448. This caveat, CSCsa74911, documents (and corrects) a flaw within the DSP firmware that is observed only in conjunction with the occurrence of caveat CSCeg49448.

CSCsa74930

Symptoms: A Cisco 3825 may display the following error message and traffic is interrupted:

%SBETH-3-ERRINT: GigabitEthernet0/0, error interrupt, mac_status = 0x0000000000840000

Conditions: This symptom is observed when multiple users that are connected to a downstream switch attempt to log into network resources across a WAN (traversing the router).

Workaround: There is no workaround.

CSCsa75758

Symptoms: DMVPN sessions fail.

Conditions: This symptom is observed when a Cisco 7200 series that is configured as a DMVPN hub runs out of memory.

Workaround: There is no workaround.

CSCsa76035

Symptoms: The line protocol goes down on an NM-1T3/E3 network module when 2 MB of traffic flows through the NM-1T3/E3 network module.

Conditions: This symptom is observed on a Cisco 3725 router that runs Cisco IOS Release 12.3(11)T3 and that functions as a PE router when the egress interface between the PE router and a CE router is a multilink interface on which an output service policy is configured. The actual E3 link can be configured with PPP or HDLC.

Workaround: Remove the service policy.

Wide-Area Networking

CSCea75722

Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.

Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.

Workaround: There is no workaround.

CSCed32688

Symptoms: A dialer backup with a serial interface as the primary interface and an ISDN interface as the backup interface fails.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(09.13)T.

Workaround: There is no workaround.

CSCef74089

Symptoms: An ISDN backup in an MPLS core does not function with tag switching. Packet load-sharing does not occur.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T4 and that is configured with a dialer interface.

Workaround: There is no workaround.

CSCeg03958

Symptoms: A router may crash while performing an SNMP walk on VPDN-related MIB Objects. SNMP get and set operations function fine.

Conditions: This symptom is observed on a Cisco router that is configured with MLP interfaces.

Workaround: Reload the router and do not perform an SNMP walk. Instead use get operations.

CSCeg20283

Symptoms: E1R2 SS7 calls fail to come up when more than one call is made with the following ISDN error:

ISDN Se1/6:15 SC **ERROR**: call_connect: call_id not found, rejecting call ISDN **ERROR**: Module-CCPRI Function-CCPCC_CallConnected Error-Unknown event received in message from L3 or Host: 4F

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCeg21014

Symptoms: A router crashes when you enter the no dialer pool-member command on a BRI interface while the interface is up.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the BRI interface before you enter the no dialer pool-member command.

CSCeg22171

Symptoms: Calls fail to connect when they are switched from the primary D channel to the backup D channel.

Conditions: This symptom is observed when you either unplug the cable or shut down the controller of the primary D channel.

Workaround: There is no workaround.

CSCeg27091

Symptoms: A router reloads during the "dial_if" process when you send a packet with a large size.

Conditions: This symptom is observed when the ppp bap callback command is enabled.

Workaround: There is no workaround.

CSCeg53839

Symptoms: The isdn number called enbloc limit interface configuration command is ignored on a gateway is configured for ISDN.

Conditions: This symptom is observed on a Cisco gateway that has a VIC2-2BRI installed in an NM-HD-2V network module.

Workaround: There is no workaround.

CSCeg74644

Symptoms: A Cisco 3660 that is configured for PPPoE relay may reload.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(7)T7.

Workaround: There is no workaround.

CSCeg80474

Symptoms: The Cisco-Avpair attribute does not have the expected value.

Conditions: This symptom is observed when a disconnect cause is not reported correctly after you have cleared PPPoE sessions with the CLI.

Workaround: There is no workaround.

CSCeg82698

Symptoms: PPTP tunnels do not come up.

Conditions: This symptom is observed when VPDN is configured.

Workaround: There is no workaround.

CSCeg86590

Symptoms: TBCT does not function.

Conditions: This symptom is observed when there are two T1 PRI links and you try to transfer a call through the second T1 PRI link.

Workaround: There is no workaround.

CSCeg88174

Symptoms: Drops occur in a class in which the throughput does not oversubscribe the allocated bandwidth for the class.

Conditions: This symptom is observed when multilink Frame Relay is configured along with generic traffic shaping or Frame Relay traffic shaping and when several class maps are configured.

When one class map starts dropping packets because the throughput is greater than the allocated bandwidth (which is normal behavior), drops may also occur in another class map even though this class map is not oversubscribed. The root cause of this symptom is that the bundle is oversubscribed and tx rings are building up, causing excessive misordering that the receiver cannot handle.

Workaround: Configure a fancy queue on the bundle interface through which the traffic is sent.

CSCeh03079

Symptoms: Calls may not go through an E1 or T1 trunk card on a Cisco platform.

Conditions: This symptom is observed after you have performed an OIR of the card.

Workaround: There is not workaround. To recover from the symptoms, reload the platform.

CSCeh10070

Symptoms: The output of the show interfaces multilink command on a Cisco 3845 shows output queue drops on an MLP bundle.

Conditions: This symptom is observed on a Cisco 3845 that runs Cisco IOS Release 12.3(11)T2 and that is configured with multiple WIC-2T cards when at least three 3 T1 links are up.

Workaround: There is no workaround.

CSCeh27202

Symptoms: A call is not placed in a PPP callback scenario after an earlier call went through fine.

Conditions: This symptom is observed when the call is placed through a dialer interface.

Workaround: Clear the dialer interface before each call. If this not an option, there is no workaround.

CSCeh32353

Symptoms: A LNS intermittently routes packets to an incorrect interface in the process-switching path, preventing some applications from working properly. These applications such as ARP, CBAC, and NAT depend on the first packet to go to process-switching for their initialization operation. Consequently, this situation may affect user connectivity to the Internet.

Conditions: This symptom is observed when the next-hop ISP router is connected via static routes and when there is no ARP entry on the LNS.

Workaround: There is no workaround.

CSCeh36774

Symptoms: The Frame Relay encapsulation may be automatically set to "Cisco" even if the encapsulation type is configured to be IETF.

Conditions: This symptom is observed on a Cisco router that has a Frame Relay interface when IP RTP compression is enabled.

Workaround: There is no workaround.

CSCeh41120

Symptoms: When PPP MRRU negotiation is configured in an VPDN scenario, PPP LCP does not accept an incoming CONFACK message at an LNS, causing a call to be disconnected.

Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T5.

Workaround: There is no workaround.

CSCin86831

Symptoms: After an LNS failover has occurred, Acct-Start records are missing for L2TP sessions.

Conditions: This symptom is observed in a configuration in which a client connects to a LAC that is connected to two LNSs (LNS1 and LNS2). When a client attempts to establish a PPPoE session, the LAC attempts to bring up an L2TP tunnel to LNS1. When LNS1 fails to respond to the LAC, the LAC fails-over to LNS2, establishes an L2TP session, and forwards the PPP session. The symptom occurs in this fail-over scenario.

The LAC sends an Acct-Stop record when it sends a StopCCN record to LNS1, but no Acct-Start record is sent when the session is established with LNS2. An Acct-Start record should be sent when the session is established, but no Acct-Stop record should be sent when the fail-over occurs.

Workaround: There is no workaround.

CSCin86951

Symptoms: An LNS router crashes on establishing a large number of PPPoA L2TP sessions.

Conditions: This symptom is observed only when you establish sessions at a high rate. When you attempt to establish 8000 sessions, the router crashes shortly after 5000 sessions are established.

Workaround: Establish sessions at a low rate.

CSCsa54870

Symptoms: A pure TDM call that originates from a PRI side and that is destined for a BRI side fails during the call setup.

Conditions: This symptom is observed only when the ISDN switch type is NI2 in the following topology:

[phone]----[PRI-OGW]----[PRI-BRI-GW]----[BRI-TGW]----[phone]

Workaround: Configure any other switch type that NI2 on the BRI link.

CSCsa66756

Symptoms: Calls on B-channels of a trunk group that is configured on NFAS "none" group members time out, and the first channel remains in the proposed state.

Conditions: This symptom is observed only for a trunk group that is configured on controllers of NFAS "none" group members.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.3(14)T

This section describes possibly unexpected behavior by Cisco IOS Release 12.3(14)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(14)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCee72249

Symptoms: The snmp-server host host-address command supports only one host. Adding another host causes the existing host to be overwritten. In addition, when the snmp-server host host-address traps command is enabled, traps are sent to the host but the command does not show in the running configuration.

Conditions: These symptoms are platform-independent and are observed when you use the above-mentioned commands to configure more than one host or to configure the host to receive traps.

Workaround: There is no workaround.

CSCef52072

Symptoms: A router may crash because of a bus error when the Cisco IOS Login Enhancement feature is enabled.

Conditions: This symptom is observed when the Cisco AutoSecure feature is already enabled.

Workaround: Do not enable the Cisco IOS Login Enhancement feature.

CSCef90051

Symptoms: When running IP SLA jitter probe with reaction configuration, traps through syslog will not be generated for PacketLossSD.

Conditions: This happens in the normal operation itself.

Workaround: There is no workaround.

CSCef96304

Symptoms: Because the mean opinion score (MOS) is monitored for the low score value, the threshold trap should be generated when the MOS reaches the falling threshold, but this does not occur.

Conditions: This symptom is observed when the traps are configured for the MOS parameter.

Workaround: There is no workaround. Note that the current implementation does not support monitoring the MOS score for low values (that is, a falling threshold value).

CSCeg13677

Symptoms: When running an SAA/IP SLA jitter operation, a high packet missing-in-action (PacketMIA) value is observed in the results provided for the jitter operation.

Conditions: This symptom is observed when running Cisco IOS Release 12.3T. When the symptom happens, jitter operation timer expiration is shown in the debug message.

Workaround: Configure the jitter operation timer to be much longer than the numberPaks interval.

Resolution: The fix for this caveat provides two new fields for the output of the show rtr command: "Busies: " and "PacketSkipped: ".

CSCeg15136

Symptoms: RTTMON traps are only supported for RTT and not for MOS. Only syslogs traps should be generated for MOS and not the RTTMON traps.

Conditions: This symptom is observed when MOS traps are configured. Only syslogs traps are supported for MOS. RTTMON traps are not supported. The symptom is observed in Cisco IOS software images that contain the fix for caveat CSCef96304.

Workaround: There is no workaround.

CSCeg52893

Symptoms: Several tty lines may become stuck in the "Carrier Dropped" modem state. You can verify this situation by entering the show line line-number EXEC command for an individual line. However, when you enter the show line EXEC command (that is, you do not enter a value for the line-number argument), the output shows that the same tty lines are active (that is, they are in the "*" state):

......

I 2/47 Digital modem - DialIn - - - 7 0 0/0 - Idle

I 2/48 Digital modem - DialIn - - - 7 0 0/0 - Idle

* 2/49 Digital modem - DialIn - - - 5 0 0/0 - Carrier Dropped

I 2/50 Digital modem - DialIn - - - 7 0 0/0 - Idle

I 2/51 Digital modem - DialIn - - - 13 0 0/0 - Idle

I 2/52 Digital modem - DialIn - - - 10 0 0/0 - Idle

......

In addition, both the output of the show users EXEC command and the output of the show caller EXEC command do not show a user or caller name or show an incorrect user or caller name. The output of the show caller EXEC command does show that the service is "TTY."

Conditions: These symptoms are observed on a Cisco AS5400 that is configured for modem dialin with PPP and EXEC connectivity and for login authentication via a TACACS+ server.

Workaround: To clear the stuck line, enter the clear port slot/port EXEC command.

CSCeg64393

Symptoms: The following message may be generated on a Cisco RPM-XF:

%SYS-3-MEMLITE: Free lite called for non lite chunk by .0x 40E7F40C.

Conditions: This symptom is observed on a Cisco RPM-XF when you boot the platform with Cisco IOS Release 12.3(11)T1. The symptom is also observed when the Cisco RPM-XF runs Release 12.3(11)T1 and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an Xtag interface.

Workaround: There is no workaround. However, you can limit the number of messages that are generated by entering the logging rate-limit command.

CSCeg77984

Symptoms: Traffic does not go properly through an IPSec tunnel: many packets are dropped.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1 or interim Release 12.3(12.12)T2 when software encryption is configured.

Workaround: Use hardware encryption.

CSCeh16064

Symptoms: When you enter the snmp-server host host-address public frame-relay isdn envmon cpu voice snmp global configuration command, the command is saved to the configuration as snmp-server host host-address public frame-relay isdn envmoncpu voice snmp. (Note that "envmon" and "cpu" are saved as "envmoncpu".) When you reload the platform, the command is removed from the configuration because its syntax is improper.

Conditions: This symptom is observed in Cisco IOS Release 12.3(11)T3 and is platform-independent.

Workaround: Enter the snmp-server host host-address public command to enable all the traps.

CSCsa41963

Symptoms: The following message may be generated on a Cisco RPM-XF:

%SYS-3-MEMLITE: Free lite called for non lite chunk by "0x 40E7F40C"

Conditions: This symptom is observed on a Cisco RPM-XF when you boot the platform with Cisco IOS Release 12.3(11)T1. The symptom is also observed when the Cisco RPM-XF runs Release 12.3(11)T1 and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an Xtag interface.

Workaround: There is no workaround. However, you can limit the number of messages that are generated by entering the logging rate-limit command.

CSCsa50572

Symptoms: The NAS-Port attribute is incorrect (it is sent as "0") and the NAS port is missing from the Acct Session-Id attribute in RADIUS access requests and accounting requests for connections to a proxy SSG service.

Conditions: This symptom is observed when a PPPoEoE SSG user logs in to an SSG proxy service.

Workaround: There is no workaround.

CSCsa64398

Symptoms: A router crashes because of a SegV exception when you enter the show running-config command via a Telnet session into the router.

Conditions: This symptom is observed on a Cisco 828 that runs Cisco IOS interim Release 12.3(12.12)T3 and that is configured for AAA via a TACACS+ server.

Workaround: Enter the show running-config command on the console of the router.

CSCuk50062

Symptoms: NetFlow cache is not allocated on all port adapters, preventing egress NetFlow from functioning.

Conditions: This symptom is observed on a Cisco 7500 series.

Workaround: Configure ingress NetFlow on an interface of a port adapter that needs NetFlow cache for egress NetFlow.

EXEC and Configuration Parser

CSCeg60079

Symptoms: You cannot configure the atm pppatm passive command on both an ATM main interfaces or ATM subinterfaces.

Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-is-mz image of Cisco IOS interim Release 12.3(12.12)T1. The symptom also affects the Cisco 7301.

Workaround: There is no workaround.

CSCeg87083

Symptoms: When entering via SSH, view-based users are not authorized to access their view but are authorized according to their corresponding privilege level.

Conditions: This symptom is observed on a Cisco platform that is configured for Role Based Access Control (RBAC).

Workaround: There is no workaround.

CSCin81468

Symptoms: A router reloads when you attempt to make a call.

Conditions: This symptom is observed after the SPE has been busied out.

Workaround: There is no workaround.

Interfaces and Bridging

CSCee85457

Symptoms: A serial interface of a channelized E1, T1, E3, or T3 port adapter may continue to flap when fair queueing is disabled on the interface.

Conditions: This symptom is observed on a Cisco 7500 series.

Workaround: Enable fair queueing on the interface.

IP Routing Protocols

CSCec22723

Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.

Conditions: This symptom is observed when iSPF is configured under OSPF.

Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.

CSCed46066

Symptoms: When both VRF and non-VRF processes are configured and both processes have the redistribute command enabled, removal of the redistribute command from one process may also disable redistribution for the other process.

In certain rare cases this condition may also lead to a unexpected reload. This can occur when another routing protocol is attempting do perform certain redistribution operations the with the process that was unintentionally disabled, and this happens at the moment in which the redistribute command was removed.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(27)S or Release 12.3(4)T with redistribution enabled in VRF and non-VRF processes.

Workaround: Reconfigure the redistribute command for the process for which the command should not have been disabled.

CSCef08797

Symptoms: A router may stop redistributing static routes into BGP.

Conditions: This symptom is observed when the static routes are inserted into the BGP table with a network statement that uses a route map that is configured with the match as-path route-map configuration command.

The symptom occurs because the match as-path route-map configuration command causes a non-BGP route to be denied.

Workaround: Do not use BGP-specific match statements when you source non-BGP routes.

CSCef18838

Symptoms: Tracebacks that are related to spurious memory accesses may occur and the spurious memory accesses may increase over time. When multicast video streaming is viewed using an IP-TV viewer, this situation causes the browser to hang.

Conditions: This symptom is observed when NAT and multicast configuration on the same router.

Workaround: There is no workaround. To return the browser to normal operation, reload the router.

CSCef28184

Symptoms: Multipath routes may become stale when the nexthop is unreachable, preventing a ping between two CE router from succeeding.

Conditions: This symptom is observed in a BGP environment when a multipath route is withdrawn.

Workaround: There is no workaround.

CSCef33035

Symptoms: A router may crash and reload and generate the following error message:

TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x609EE524

Conditions: This symptom is observed on a router that runs OSPF and that is configured with incremental SPF (ISPF).

Workaround: Disable ISPF by entering the no ispf router configuration command.

CSCef34586

Symptoms: BGP IPv4 label session continue to flap after an interface between two EBGP peers flaps.

Conditions: This symptom is observed when EBGP IPv4 with labels is configured between two BGP peers. The session comes up fine the first time after you reload one of the BGP peers. After you toggle an interface between the BGP peers, the EBGP session continues to flap because of malformed updates.

Workaround: There is no workaround.

CSCef58137

Symptoms: When you configure a route map with a NAT feature, the CPU usage of the router may reach 99 percent, the router may reload unexpectedly, or both may occur.

Conditions: These symptoms are observed on a Multiprocessor WAN (MWAN) application module that is installed in a Cisco Catalyst 6000 series or a Cisco 7600 series. However, the symptom may be platform-independent.

Workaround: There is no workaround.

CSCef60659

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCef64928

Symptoms: The output of the show bgp ipv6 neighbors ipv6-address | b ly: ipv6 unicast command does not show the peer information. The output provides "BGP IPv6" instead of "IPv6 Unicast" information. However, this is just a display problem and the functionality is not affected.

Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-js-mz image of Cisco IOS interim Release 12.3(10.3)T3. However, the symptom may not be platform-dependent.

Workaround: There is no workaround.

CSCef81489

Symptoms: If an ASBR receives a withdraw message, it does not send the withdraw message to any peer, preventing an alternate route from functioning.

Conditions: This symptom is observed when MPLS VPN inter-AS is configured.

Workaround: There is no workaround. To recover from the symptom, enter the clear ip bgp * command on the ASBR.

CSCef89807

Symptoms: A router that is configured for Optimized Edge Routing (OER) crashes after a %SYS-2-CHUNKBADREFCOUNT error message has been generated.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T when OER is enabled, when OER controls non-exact routes, and when a BGP update to a more exact router occurs.

Workaround: Route control using static routes is not affected by the symptom. To prevent the symptom from occurring in a situation with route control using BGP routes, configure OER to control only exact routes.

CSCeg30291

Symptoms: BGP fails to send an update or withdraw message to some peers when these peers have failed to converge properly after an earlier attempt.

Conditions: This symptom is observed on a Cisco router when you enter the clear ip bgp neighbor-address soft out command while BGP is in the middle of converging. The symptom does not occur when network traffic load is low and BGP has converged.

Workaround: To clear the error condition, enter the clear ip bgp neighbor-address soft out command again. Alternately, enter the clear ip bgp neighbor-address command (that is, without the soft out keyword).

CSCeg54375

Symptoms: Routing inconsistencies may occur in the RIB: routes may be missing from the RIB but may be present in the BGP table.

Conditions: This symptom is observed on a Cisco RPM-XF when the toaster processor crashes. However, the symptom may occur on any platform that has a toaster processor.

Workaround: Enter the clear ip route vrf vrf-name * command.

CSCeg81061

Symptoms: An inside client cannot make an FTP connection to an inside FTP server by using the global IP address of the server.

Conditions: This symptom is observed when a NAT virtual interface is configured on a Cisco router that is the default gateway for the FTP client and FTP server that are both located behind the router.

Workaround: Make a connection by using the local IP address of the FTP server.

CSCeg89246

Symptoms: When overlapping global addresses are configured and when there is a flow entry, the wrong entry may be matched.

Conditions: This symptom is observed on a Cisco platform that is configured for NAT when all five tuples, except the VRF ID, are the same for two flows.

Workaround: There is no workaround.

CSCeh24147

Symptoms: The implementation of IPv6 scope support in the Bootstrap Router (BSR) mechanism may cause interoperability problems.

Conditions: This symptom occurs because the specification of IPv6 scope support in the BSR mechanism has changed in the latest IETF draft: http://www.ietf.org/internet-drafts/draft-ietf-pim-sm-bsr-05.txt

Workaround: Do not use IPv6 scope support in the BSR mechanism.

CSCin83829

Symptoms: A ping fails in the EXVPN client mode even when the tunnel is established.

Conditions: This symptom is observed only in EXVPN client mode and occurs because of NAT translations.

Workaround: There is no workaround.

CSCsa40588

Symptoms: Routes may still appear in the routing table even after the routes are removed from the BGP table.

Conditions: This symptom is observed on a Cisco platform that functions as a PE router when a CE router stops advertising a BGP route to the PE router. The BGP table reflects the route change but the routing table still indicates that the route is valid.

Workaround: There is no workaround.

CSCsa44862

Symptoms: When a fragmented packet flows from the inside to the outside via a NAT router, the first fragment is translated correctly, but subsequent fragments are transmitted without a destination address translation. This situation causes the communication to fail.

Conditions: This symptom is observed with a fragmented packet when both the source address and the destination address are translated, that is, inside and outside source translation is configured.

Note that the symptom does not occur with an unfragmented packet, or when a fragmented packet flows from the outside to the inside, or with a fragmented packet when either the source address or the destination address is translated.

Workaround: There is no workaround.

CSCsa59600

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCuk54787

Symptoms: When a route map is configured, routes may not be filtered as you would expect them to be filtered.

Conditions: This symptom is observed on a Cisco router that is configured for BGP and that functions in an MPLS VPN environment.

Workaround: There is no workaround.

CSCuk54975

Symptoms: Routes are not redistributed into BGP and network statements to originate routes in BGP do not work.

Conditions: This symptom is observed when the redistribute static command is enabled.

Workaround: There is no workaround.

Miscellaneous

CSCec64079

Symptoms: Spurious memory accesses occur on a router that is configured with an NM-ESW-16 network module.

Conditions: This symptom is observed on a Cisco 3700 series during normal operation.

Workaround: There is no workaround.

CSCed57925

Symptoms: The cisco.mgmt.cns.config-changed event message is not generated when atm pvc commands are configured.

Conditions: This symptom is observed when the CNS configuration notify agent is configured by the cns config notify command and when atm pvc commands are configured.

Workaround: There is no workaround.

CSCee07889

Symptoms: A Tool Command Language (TCL) script that binds a server socket on the router causes the VTY line to lock up. The connected line locks up, and the script no longer responds to local or remote input.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(7)T but is platform-independent and software-independent.

Workaround: Reload the router to clear the VTY line. To prevent the symptom from occurring, do not user server sockets.

CSCee42210

Symptoms: Fax relay does not function between H.323 networks with a transcoder.

Conditions: This symptom is observed during interworking between H.323 networks via a Cisco Multiservice IP-to-IP Gateway (IPIPGW).

Workaround: There is no workaround.

CSCee42846

Symptoms: A router crashes because of a CPUHOG condition in the "Tcl Serv - ttyX" process.

Conditions: This symptom is observed when the router sources a multi-line TCL script that contains a "gets stdin <variable>" command and when you attempt to abort user input by entering Ctrl-c.

Workaround: Terminate user input with a carriage return (Enter) instead of by entering Ctrl-c.

CSCee50408

Symptoms: When changing a route pattern or destination number, the trunk (or endpoint receiving a new destination number) may be unusable until the gateway is reset.

Conditions: This symptom is observed on a Cisco 3600 series that functions as a gateway.

Workaround: Via the gateway configuration panel, reset the gateway after changing the route pattern or destination number.

CSCee59791

Symptoms: Some conference parties may not be heard and the conference bridge may become unregistered from a Cisco CallManager.

Conditions: This symptom is observed on a Cisco platform that functions as a conference bridge when one or more of the RTP streams that enter the router use RTP header-compression.

Workaround: Disable RTP header-compression.

CSCee68905

Symptoms: An extensible authentication protocol-subscriber identity module (EAP-SIM) user cannot log off and reconnect when PBHK is enabled.

Conditions: This symptom is observed on a Cisco platform that is configured for SSG Host Key when an EAP-SIM user logs off and refreshes his browser.

Workaround: There is no workaround.

CSCee69405

Symptoms: The output of the show policy-map interface interface-name input command shows that more packets are received than the output of the show interfaces type number precedence command.

Conditions: This symptom is observed when traffic is sent between two routers that are configured for MLP and cRTP.

Workaround: There is no workaround.

CSCee79904

Symptoms: A Cisco RPM-XF sends more data than it should according to the configuration of the priority policy-map class configuration command. Layer-2 policing does not seem to work properly.

Conditions: This symptom is observed when the traffic is sent on a real-time class and is compressed.

Workaround: There is no workaround.

CSCee83614

Symptoms: DTMF relay stop functioning on a Cisco Multiservice IP-to-IP Gateways (IPIPGW). After DTMF relay works fine, it may start to work uninterruptedly from one side in either direction. When you send a DTMF signal from both directions, the DTMF relay stops functioning on the IPIPGW.

Conditions: This symptom is observed in the following topology:

An IP phone connects to a Cisco CallManager that connects to an IP2IPGW. The IP2IPGW connects to a gatekeeper that connects to a third-party vendor gateway. This gateway connects via MGCP to a VISM that connects via an E1 link to the PSTN.

Workaround: There is no workaround.

CSCee87309

Symptoms: Conversion from H.323 H.245 alphanumeric characters to RFC-2833 DTMF may fail.

Conditions: This symptom is observed when the Cisco Multiservice IP-to-IP Gateway (IPIPGW) feature is enabled.

Workaround: There is no workaround.

CSCee93511

Symptoms: A platform that is configured with an IPSec VPN Services Module reloads and generates tracebacks.

Conditions: This symptom is observed on a Cisco Catalyst 6000 series and a Cisco 7600 series that process IPSec traffic when there are many (for example, 4000) IPSec tunnels.

Workaround: There is no workaround.

Further Problem Description: The symptom is caused by an internal race condition that occurs when you attempt to create another IPSec tunnel but run out of internal resources midway.

CSCee94544

Symptoms: A Cisco MGX RPM-XF sends twice the number of packets that it receives to a connected CE router when Compressed Real-Time Protocol (CRTP) is configured and when the ToS value changes on a particular flow that is being compressed. The receiving CE router is not able to uncompress this traffic because the majority of this traffic is treated as errors.

Conditions: This symptom is observed when the Cisco MGX RPM-XF is configured to perform Segmentation and Reassembly (SAR)-based weighted fair queuing (WFQ).

Workaround: Ensure that a change of the ToS value does not occur during the life of a flow. For example, a Real-Time Protocol (RTP) stream does not have ToS value changes during the life of a flow.

CSCee96362

Symptoms: A voice call fails on an NM-HDV module.

Conditions: This symptom is observed when the GSMEFR codec is configured by entering the dial-peer voice tag voip command followed by the codec gsmfr bytes 32 command.

Workaround: Change the payload size from 32 to 31 by entering the dial-peer voice tag voip command followed by the codec gsmfr bytes 31 command.

CSCef00308

Symptoms: A feature board may reload after a switchover.

Conditions: This symptom is observed only on a Cisco platform that is configured for Nitro Interconnect Protocol (NIP).

Workaround: There is no workaround.

CSCef02173

Symptoms: Dying Gasp support for a WIC-1SHDSLv2 does not function. When the CPE device in which the WIC-1SHDSLv2 is installed loses power, the WIC-1SHDSLv2 is supposed to give out Dying Gasp messages to the central office (CO) where the messages should be displayed. However, this does not occur.

Conditions: This symptom is observed when the CPE device in which the WIC-1SHDSLv2 is installed loses power.

Workaround: There is no workaround.

CSCef09948

Symptoms: TCP connections may fail on a Cisco 7500 series.

Conditions: This symptom is observed when you enable TCP header compression on a channelized interface of a PA-2CT3 port adapter by entering the ip tcp header-compression command.

Workaround: Disable TCP header compression.

CSCef12917

Symptoms: A default application fails to connect to a remote TGW during a dial-peer rotary.

Conditions: This symptom is observed in a configuration with two dial peers on an OGW that is configured with Cisco IP phones. When the first dial peer fails to connect to the TGW because the TGW has its interface shut down, the second dial peer, which is configured with a VXML application, attempts to connect to the TGW. However, this attempt fails because of an unexpected disconnection.

Workaround: There is no workaround.

CSCef17536

Symptoms: Objects of the CISCO-ENTITY-EXT-MIB are not populated.

Conditions: This symptom is observed when you run an SNMP query for the CISCO-ENTITY-EXT-MIB on a a Cisco IAD2431.

Workaround: There is no workaround.

CSCef20305

Symptoms: A platform that is configured for voice calls may crash or generate a traceback.

Conditions: This symptom is observed on a Cisco platform when RTSP play/record is used in an IVR application and occurs usually when multiple calls are placed.

Workaround: There is no workaround.

CSCef21150

Symptoms: A watchdog timeout may occur on a Cisco 3845 and the router may reload. The following message is displayed before the router reloads:

Watch Dog Timeout Reset

Conditions: This symptom is observed when you repeatedly enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interfaces of an NM-2FE2W-V2 network module while traffic flows through these interfaces.

Workaround: There is no workaround.

CSCef21965

Symptoms: Even when policy-based routing is configured on the interface, a router that boots may still reject the ip vrf receive command with the following error message:

% Need to enable Policy Based Routing on the interface first

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T and that is configured for VRF selection when the router boots after having been reloaded.

Workaround: Reapply the ip vrf receive command.

CSCef25623

Symptoms: A PDSN reloads unexpectedly when you remove the cdma pdsn cluster member interface command without configuring the mandatory options for a cluster member such as the controller IP address and SPI.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T3, that functions as a PDSN running PDSN Release 1.2, and that acts as a member in a cluster environment.

Workaround: There is no workaround.

CSCef28503

Symptoms: An MGCP gateway (GW) does not send a DLCX message with the proper reason code (E:) when an RTP loss occurs because the Ethernet interface through which the RTP transfer occurs on the GW is shut down.

Because the GW does not notify the CA about the RTP loss via a DLCX message with the proper reason code, the CA continues to send MGCP messages to the GW and vice versa in a normal way. However, these MGCP messages do not reach the GW or CA because the Ethernet interface on the GW is shut down, preventing the deletion of existing connections on the GW.

Conditions: This symptom is observed on a Cisco platform that functions as an MGCP GW and that has a single interface to the CA and terminating GW.

Workaround: Delete the connections on the MGCP GW manually through MGCP CLIs.

CSCef29028

Symptoms: A Cisco platform does receive a CRCX request that contains DT/ans information but does not send an NTFY message to an MGCP call agent.

Conditions: This symptom is observed on a Cisco platform that is configured for voice xGCP.

Workaround: There is no workaround.

CSCef30689

Symptoms: The AToM label holddown period is too short, and AToM traffic may be misdirected.

Conditions: AToM holds down its VC labels for 20 seconds before it releases them to the label manager. These labels are then available for allocation to other protocols or features such as LDP, TE, and MPLS VPNs. However, 20 seconds is not sufficient to guarantee that the AToM peer has properly deleted the entries and may cause AToM VC traffic to be misdirected by the protocol or features to which the freed AToM label is allocated.

Workaround: There is no workaround.

CSCef31712

Symptoms: A CPU hog message is generated when you enter the show pppoe summary command.

Conditions: This symptom is observed when there are high-scaling unambiguous QinQ sessions and interfaces configured.

Workaround: There is no workaround.

CSCef34501

Symptoms: An IP authentication proxy dynamic user access control list (ACL) may not be added to an interface ACL.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8)T. Note that the symptom does not occur in Release 12.3(7)T1.

Workaround: There is no workaround.

CSCef35072

Symptoms: NBAR-related messages continue to be generated.

Conditions: This symptom is observed on a router that is configured for DMVPN and NBAR.

Workaround: There is no workaround.

CSCef35404

Symptoms: The configuration of the client-identifier command disappears from the running configuration of a DHCP server after a few days of uptime.

Conditions: This symptom is observed on a Cisco SOHO97 series that runs Cisco IOS Release 12.3(7)T1, 12.3(8)T, or 12.3(9.2)T and that functions as a DHCP server when a manual binding is configured with the update arp DHCP pool configuration command on the DHCP server and when the authorized arp command is configured on the interface to which the client is connected.

Workaround: Enter the copy startup-config running-config EXEC command.

Alternate Workaround: Use automatic bindings instead of manual bindings for DHCP clients.

CSCef36231

Symptoms: An HSRP tracking configuration is not accepted when you re-enter the configuration after you first delete it.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.3T.

Workaround: Configure interface tracking by entering the track 100 interface e2/3 line-protocol command. Then, set the HSRP group to track the tracking object number by entering the standby 1 track 100 command.

CSCef37097

Symptoms: A call fails in a VoIP topology that involves two IPIPGWs with the second IPIPGW enabling the rotary configuration.

Conditions: This symptom is observed when the fast start mode is configured on the first IPIPGW that is connected to the second IPIPGW and when the second IPIPGW goes through the rotary recovery mechanism.

Workaround: Configure the slow start mode on the first IPIPGW instead of the fast start mode.

CSCef39878

Symptoms: A voice port may stop providing a dial tone and hang, and the following messages appear in the logs:

v4vip_send_cmd:No space in INBOX:free_space(0), cmd_length(3) for dev 0!!! v4vip_active_lo:fail to send SOP RTR cmd for port=0

Conditions: This symptom is observed on a Cisco IAD2430 series.

Workaround: Reload the router.

CSCef41066

Symptoms: Calls to a SIP gateway may fail.

Conditions: This symptom is observed on a Cisco router that functions as a SIP gateway when there are escape characters in the user portion of the Request-URI, as in the following example:

INVITE sip:929252175123%23%23@<ip address>:5060 SIP/2.0

In this example, the escape character is %.

Workaround: Remove the escape characters from the user portion of the Request-URI.

CSCef41501

Symptoms: The access control entries (ACEs) that are downloaded by the Network Admission Control (NAC) are inserted below the ACEs that are downloaded by the authentication proxy. This situation causes authentication difficulties.

Conditions: This symptom is observed when both an authentication proxy and NAC are configured on the same interface.

Workaround: Configure the Cisco ACS server that is used in the configuration in such a way that the authentication proxy does not download any ACEs. Only NAC should install the required ACEs for the session that is being authenticated.

CSCef43691

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCef44104

Symptoms: When several "ip sdf locations" configuration statements on a Cisco IOS IPS device are unconfigured and reconfigured in a new order, the new order does not take effect.

Conditions: This symptom happens specifically when signatures have actually been loaded from one of the configured locations.

Workaround: There is no workaround.

CSCef44225

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCef44699

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCef45767

Symptoms: A Route Processor Module-XF (RPM-XF) stops passing traffic after a eBGP session to a connected CE router flaps.

Conditions: This symptom is observed in an MPLS VPN network when all of the following conditions are present:

A CE routers advertises a default route or a summarized route to a PE router.

Either eiBGP or IBGP load-balancing is configured for the default or summarized routes.

The interface between the CE router and the PE router flaps.

Workaround: Configure a static VRF route for the subnet that is defined on the interface that connects the CE router and the PE router. Configure the next hop interface for the static route as "Null0" by entering the ip route vrf vrf-name prefix mask interface interface-number distance command with the following arguments:

For the prefix argument, enter the subnet for the link between the PE and CE routers.

For the mask argument, enter the mask for the subnet.

For the interface interface-number argument, enter the value "Null0" (for the next hop interface).

For the distance argument, enter an administrative distance that is large enough to prevent the static route from being imported into the routing table under normal conditions.

Enabling the redistribute connected command under the BGP configuration on the CE router may reduce the probability of the symptom occurring. When the symptom has occurred, you can recover from the symptom by entering the clear ip route vrf vrf-name 0.0.0.0 0.0.0.0 command on the affected RPM-XF.

CSCef45970

Symptoms: A SIP call transfer fails when the transferee (XEE) receives "IP:0.0.0.0" as the address to reach the transfer target (XTO). When the transfer is complete, there is no voice path between the XEE and the XTO.

Conditions: This symptom is observed in the following call transfer scenario:

A SIP phone calls an FXS port across VoIP.

The SIP phone starts a call transfer to another FXS port across the VoIP.

The SIP phone commits the transfer.

Workaround: Enter the application session command under the VoIP dial peer to the FXS ports.

CSCef46295

Symptoms: The test voice port inject-tone command may not function for an outgoing PRI call.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(7.2) or a later release.

Workaround: There is no workaround.

CSCef47647

Symptoms: A Cisco 3745 that functions as a CCME may crash during a test with 640 BHCAs.

Conditions: This symptom is observed when the test includes the following call types:

Third-party conference calls between IP phones.

Third-party conference calls between IP phones and PSTN (ISDN PRI) phones.

Callhold between IP phones and PSTN (ISDN PRI) phones.

Blind call transfers between IP phones and PSTN (ISDN PRI) phones.

Call forward calls between IP phones.

Normal direct calls between IP phones and PSTN (ISDN PRI) phones.

Workaround: There is no workaround.

CSCef47721

Symptoms: Multicast packets are not correctly classified by an input Quality of Service (QoS) policy, which causes police, set, and other QoS actions to fail on the multicast packets.

Conditions: This symptom is observed on a Cisco RPM-XF when an input QoS policy is configured on an interface.

Workaround: There is no workaround.

CSCef48674

Symptoms: A Cisco 2800 series may reload unexpectedly during an IPSec packet transmission between two peers in transport mode using a multilink interface.

Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCef51520

Symptoms: The console port may hang during a high volume of SIP calls.

Conditions: This symptom is observed on a Cisco AS5400 that is configured with a new CPU that enables the platform to process a high volume of calls.

Workaround: There is no workaround. To recover the console port, reboot the Cisco AS5400.

CSCef52144

Symptoms: An active RP crashes after you remove an event manager applet.

Conditions: This symptom is observed on a Cisco 12000 series that runs an interim release for Cisco IOS Release 12.0(30)S. However, this symptom is resolved in Release 12.0(30)S. The symptom may also occur in other releases.

Workaround: There is no workaround.

CSCef52577

Symptoms: Transcoding sessions are held up when you use transcoding with a CME.

Conditions: This symptom is observed on a Cisco platform when a transcoding resource is registered with a CME that runs Release 3.2 and when calls are made.

Workaround: Reload the CME.

CSCef52633

Symptoms: The active router in an IPSec stateful failover pair may crash.

Conditions: This symptom is observed when the active router and the standby router run Cisco IOS Release 12.3(11)T and when the standby router requests a complete resynchronization of all IPSec state information from the active router, which occurs under the following conditions:

The standby router reboots.

The standby router is configured for IPSec stateful failover for the first time.

You enter the clear crypto sa command or the clear crypto session command on the standby router.

Workaround: There is no workaround.

CSCef52639

Symptoms: A Cisco 2800 series or Cisco 3800 series that functions as a voice gateway may reload when it processes voice traffic on a PVDM2-8 packet voice/fax digital signal processor (DSP) module.

Conditions: This symptom is observed when flex codec-complexity voice calls are processed and when the PVDM2-8 is installed in one of the following two locations in the router:

in a PVDM2 slot on the motherboard of the router.

in a PVDM2 slot of an NM-HDV2 IP communications high-density digital voice/fax network module.

Workaround: Use high or medium codec-complexity. If you must use flex codec-complexity, ensure that the PVDM2-8 is not present in any of the above-mentioned slots.

CSCef52822

Symptoms: The standby router in an IPSec stateful failover configuration does not have any standby IPSec SAs even though the active router has active IPSec SAs that should have been synchronized to the standby router. The output of the show crypto ipsec sa command shows the IPSec SAs on both the active and standby routers.

Conditions: This symptom is observed when the active router has more than one crypto map configured and these crypto maps use the same local virtual IP address. At least one of these crypto maps has IPSec stateful failover turned on and at least one of these crypto maps has IPSec stateful failover turned off. Stateful failover is enabled by entering the redundancy stateful command.

The most typical way of encountering this configuration is when a crypto map with stateful failover is applied to a physical interface and when a tunnel interface is configured either with a crypto map or with tunnel protection.

Workaround: Any of the following workarounds should work:

Enable stateful failover on all crypto maps that use the same local virtual IP address.

Change the local IP address on the non-stateful failover maps/interfaces to an address other than the virtual IP address that is used for stateful failover crypto maps.

Further information: When you enable the debug crypto ipsec ha command on the active router and the following error message is generated, the symptom has occurred:

IPSec HA (crypto_ha_ipsec_notify_add_sa): Stateful HA with valid group un-available for this sadb

CSCef53221

Symptoms: A CME router may crash if the cable is unplugged from an ephone that is in conference. The symptom does not occur if you quickly unregister the ephone.

Conditions: This symptom is observed on a Cisco router that functions as a CME router and that runs Cisco IOS Release 12.3(8)Tx or interim Release 12.3(10.x)T.

Workaround: Reboot the CME router. If this is not an option, there is no workaround.

CSCef54306

Symptoms: DTMF recognition via an external ASR server on an IP call leg using OOB DTMF relay does not function. (The digits do not reach the server).

Conditions: This symptom is observed during the recognition when an HTTP or TFTP prompt that is already loaded is used or when a TTS prompt from a different server than the ASR server is used. The DTMF relay that is configured on the IP dial peer is not in the RTP-NTE format.

Workaround: There is no workaround.

CSCef55992

Symptoms: A Cisco 837 does not generate the correct value for the "entPhysicalSerialNum" SNMP object:

ENTITY-MIB::entPhysicalSerialNum.1 = STRING: CPU rev number 7

Conditions: This symptom is observed on a Cisco 837 that runs Cisco IOS Release 12.3(8)T3. Note that this caveat is resolved in Release 12.3(11.02)T.

Workaround: There is no workaround.

CSCef56010

Symptoms: On a Cisco 837, the "entPhysicalClass" SNMP object (OID = .1.3.6.1.2.1.47.1.1.1.1.5) generates incorrect information:

ENTITY-MIB::entPhysicalClass.1 = INTEGER: module(9)

The response should have been chassis(3)

Conditions: This symptom is observed Cisco 837 that runs Cisco IOS Release 12.3(8)T3. Note that this caveat is resolved in Release 12.3(11.02)T.

Workaround: There is no workaround.

CSCef56571

Symptoms: A Cisco access server may reload because of a bus error.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(8)T3 and that has the voice statistics max-storage-duration day 1 command configured.

Possible Workaround: Change the maximum storage duration day from one to two by entering the voice statistics max-storage-duration day 2 command.

Further Problem Description: This situation affects devices that use voice statistics with a CME configuration. If neither voice statistics nor a CME configuration is used, the symptom does not occur.

CSCef58083

Symptoms: A watchdog timeout causes a router to crash. Just before the crash, CPU-HOG messages are logged for the IP input process.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T3 and that has the ip audit command or the ip inspect command enabled.

Workaround: Remove the ip inspect command or the ip audit command from the configuration of the router.

CSCef59257

Symptoms: A Segmentation SAR fatal error 0x4BD occurs. This error causes a reset of the data path SAR and the creation of a "sar_mxt4600_info" file in the bootflash.

Conditions: This symptom is observed when an IP Radio Access Network (IP-RAN) is enabled, when SAR-based QoS is enabled, when a VC tunnel has traffic on the high-priority Class of Service Queues (CoSQ), and when tail-dropping occurs on one of the low-priority CoSQs. The dynamic bandwidth feedback (DBF) update is triggered, which posts a "modify_channel" for the VC tunnel to the segmenter.

Workaround: There is no workaround.

CSCef60064

Symptoms: An unsolicited notify message for a message waiting indicator (MWI) device is rejected by a platform that runs Cisco CallManager Express (CME).

Conditions: This symptom is observed when only the secondary number of an IP phone is registered to a Cisco BTS 10200 via SIP registration.

Workaround: Ensure that the primary number of the IP phone is registered to the Cisco BTS 10200 via SIP registration.

CSCef60537

Symptoms: The MGX-RPM-1FE-CP RPM-PR back card is not recognized.

Conditions: This symptom is observed when the MGX-RPM-1FE-CP RPM-PR back card is inserted in a Cisco MGX2 chassis that is configured with an RPM-PR and a PXM45B controller card. The back card is shown as "Unknown."

Workaround: There is no workaround.

CSCef61610

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCef62287

Symptoms: When the gprs charging cdr-option no-partial-cdr-generation command is configured after open or closed CDRs already exists, the CDRs may have some incorrect fields with zero length and no value.

Conditions: This symptom is observed on a Cisco platform that functions as a GGSN.

Workaround: Do not change the CDR configuration when CDRs already exist in the memory. If you must change the CDR configuration, first clear all PDPs and CDRs.

CSCef64175

Symptoms: QoS features such as traffic shaping may not work correctly when QoS preclassification is configured over an IPSec tunnel.

Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(8)T or a later release and that is configured with a hardware encryption VPN module.

Workaround: Use software encryption.

CSCef64251

Symptoms: A router may crash when a mobile tunnel is configured together with QoS preclassification.

Conditions: This symptom is observed on a Cisco 3200 series that is roaming and that functions in reverse-tunnel mode.

Workaround: There is no workaround.

CSCef64362

Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.

Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.

Workaround: There is no workaround.

CSCef66226

Symptoms: A Cisco 2800 series crashes when a third channel group is configured on an E1 or T1 interface of a VWIC that is installed in the native VWIC slot of the router and when the channel number is 16 for the E1 interface or 23 for the T1 interface.

Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(8)T4.

Workaround: You can configure a maximum of two channel groups on each E1 or T1 interface. A third channel group is not supported and should be rejected. Prevent the symptom from occurring by configuring the third channel group with a different number.

CSCef67196

Symptoms: A new user cannot log in to a VPN server.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(10.1)T and that functions as a VPN server after you have added a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command.

Workaround: Do not add a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command. Rather, enter the crypto dynamic-map dynamic-map-name dynamic-seq-num command.

Alternate Workaround: Reload the VPN server.

CSCef68196

Symptoms: IPSec stateful failover does not work correctly for IPSec tunnel protection. IKE and IPSec SAs for tunnel protection interfaces are not synchronized to the standby router. Stateful redundancy is not applied to the tunnel protection crypto maps. This situation can be observed by the lack of "Redundancy Settings" on a tunnel protection crypto map in the output of the show crypto map command.

Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS interim release for Release 12.3(11)T (however, note that this caveat is resolved in Release 12.3(11)T) when the following conditions occur:

Both IPSec stateful failover and the tunnel protection command are configured on a tunnel interface.

The IPSec profile that is used in the tunnel protection command contains the redundancy stateful command.

Workaround: There is no workaround.

CSCef68324

Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.

Cisco has made free software available to address this vulnerability for all affected customers.

More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.

CSCef68975

Symptoms: Context-based Access Control (CBAC) fails to pass H.245 packets through a router, and the following error message is generated:

Corrupted header, version number 3, reserved 7C, header size 101

Conditions: This symptom is observed on a CIsco router when the ip inspect command is configured for H.323 in a configuration in which one gateway runs H.323 version 2 and is connected via the router to another gateway that runs H.323 version 4.

Workaround: Ensure that all gateways run H.323 version 4.

CSCef71290

Symptoms: On a CME 3.1 system, a speed dial that is configured via the GUI for phone A may show up on the GUI interface of phone B when one of these phones has an 7914 add-on. However, the configuration does not show up in the running configuration.

Conditions: This symptom is observed when you configure speed dial via the GUI for a CME 3.1 system, and when the following configuration is present:

!

ephone-dn 2 dual-line

number 7202

!

ephone-dn 3 dual-line

number 7203

!

ephone 2

mac-address 000A.8A93.DCC3

speed-dial 1 7201 label "VP-assitant"

speed-dial 2 +7203 label "Vice president"

speed-dial 6 7203 label "test1"

speed-dial 7 7201 label "test2"

type 7960 addon 1 7914

button 1:2

!

ephone 3

mac-address 000A.8A93.DCDF

speed-dial 1 7201 label "CEO"

speed-dial 2 7202 label "sec"

speed-dial 3 7203 label "me"

speed-dial 4 7204 label "CTO"

button 1s3

The speed dial configuration addition and modification on ephone 3 may be shown when you attempt to edit the configuration of ephone 2.

Workaround: If you move the ephone configuration of a 7940 or 7960 phone with a 7914 add-on away from the other phones, the symptom does not occur. The following shows the configuration set with the workaround applied to the above configurations:

ephone-dn 2 dual-line

number 7202

!

ephone-dn 3 dual-line

number 7203

One more ephone-dn for another 7914 (in case you need to add one more and wonder how the configuration would look):

ephone-dn 4 dual-line

number 7209

This is the usual 7960 phone (7203):

ephone 3

mac-address 000A.8A93.DCDF

speed-dial 1 7201 label "CEO"

speed-dial 2 7202 label "sec"

speed-dial 3 7203 label "me"

speed-dial 4 7204 label "CTO"

button 1s3

This is the 7960 phone with the 7914 add-on which was ephone 2 before:

ephone 31

mac-address 000A.8A93.DCC3

speed-dial 1 7201 label "VP-assitant"

speed-dial 2 +7203 label "Vice president"

speed-dial 6 7203 label "test1"

speed-dial 7 7201 label "test2"

type 7960 addon 1 7914

button 1:2

This is a new 7960 phone with a 7914 add-on:

ephone 38

mac-address 00AA.1234.ABCD

speed-dial 1 7201 label "VP-assitant"

speed-dial 2 +7203 label "Vice president"

speed-dial 6 7203 label "test1"

speed-dial 7 7201 label "test2"

type 7960 addon 1 7914

button 1:4

The idea is to configure all the simple phones without any 7914 add-ons from ephone 1 to N (say, 1 to 30). Now, add the first phone with the 7914 add-on as ephone N+1 (31). The next phone with the 7914 add-on should be configured as ephone [(N+1)+7] (38) and so on (45, 52, 59, etc).

CSCef71485

Symptoms: When Cisco Express Forwarding (CEF) is enabled, a Multiprocessor WAN Application Module (MWAM) processor may reload for certain types of traffic that cause IP fragmentation.

Conditions: This symptom is observed only on a Cisco platform that has an MWAM when you send downstream data with fragmented packets.

Workaround: Disable CEF.

CSCef74473

Symptoms: A router crashes after multiple (attended or unattended) call transfer attempts.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for SIP.

Workaround: There is no workaround.

CSCef74873

Symptoms: A Cisco IOS software image appears not to allow the configuration of the memory-size iomem 40 command. When an SLT is loaded with a configuration that contains this command, the following error is generated:

memory-size iomem 40

^

% Invalid input detected at '^' marker.

Conditions: This symptom is observed only on a Cisco 2600XM. All multiple OPC scripts fail because the Cisco IOS software image does not allow the configuration of the memory-size iomem 40 command that is required for voice processing.

Workaround: There is no workaround.

Further Problem Description: All of the memory-size iomem command values are available: 10, 15, 20, 25, 30, 40, and 50.

When you configure the iomem-size percentage, upon booting, the router automatically finds the largest possible iomem-size percentage that works with the Cisco IOS software image and the amount of memory on the router. The automatically discovered configuration is set and used without any manual intervention. This behavior is not a change, this is the same functionality that exists already.

The memory-size iomem is a percentage of the amount of available memory in the router. When you increase the amount of SDRAM memory in the router from 128 MB to 256 MB, but keep the same memory-size iomem percentage, the amount of I/O memory that is allocated by the router is actually doubled.

This means that for a router with 128 MB of SDRAM memory, the memory-size iomem 40 command allocates approximately 50 MB of memory for use as IO memory.

For a router with 256 MB of SDRAM memory, the memory-size iomem 40 command allocates approximately 102 MB of memory for use as I/O memory. This may be too much memory set aside for use as I/O memory, so that even though the percentage may be reduced by the router, the actual amount of I/O memory that is allocated is the same or actually greater than that what would be allocated on a router with 128 MB of SDRAM memory.

For example:

The c2600-ipss7-mz image in a router with 128 MB SDRAM is able to set the memory-size iomem command to 40 percent, allocating approximately 50 MB of SDRAM memory for use as I/O memory. If this router is upgraded to 256 MB of SDRAM memory and reloaded with the same c2600-ipss7-mz image with the same memory-size iomem command set to 40 percent, the router attempts to allocate approximately 102 MB of SDRAM memory for use as I/O memory. This iomem percentage is too large, and is then reduced to 30 percent, but the amount of I/O memory that is allocated is approximately 77 MB, which is 27 MB greater than the amount of I/O memory that is allocated by the router that has 128 MB of SDRAM.

CSCef75224

Symptoms: Upon resetting or reloading a Cisco 3700 series, the IP phones that are connected to an NMD-36-ESW no longer receive power from the internal power supply.

Conditions: This symptom is observed when a Cisco 3725 is configured with an NMD-36-ESW and when IP phones are directly connected to the NMD-36-ESW. The symptom may also occur on another Cisco 3700 series router, and it may also occur on a NM-16ESW.

Workaround: For the interfaces that do not receive power, enter the shutdown command followed by the no shutdown command on the interface of the NMD-36-ESW or disconnect and reconnect the FE cables that run between the NMD-36-ESW and the IP phones.

CSCef75430

Symptoms: H.323 to H.323 transcoding does not function.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(1)T or a later release and that has the fix for CSCef53221 integrated. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef53221. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround.

CSCef75563

Symptoms: Voice ports on an EM-8FXS, EM-6FXO, and EM-4BRI-NT/TE are not displayed.

Conditions: This symptom is observed on a Cisco 2800 series when you enter the show running-config command or the show voice port summary command.

Workaround: There is no workaround.

CSCef75758

Symptoms: A virtual access (VA) interface flaps when you send traffic over a PPP interface.

Conditions: This symptom is observed on a Cisco RPM-XF when Internet Protocol Header Compression (IPHC) is configured on the PPP interface.

Workaround: There is no workaround.

CSCef77013

Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.

Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.

CSCef79000

Symptoms: A cookie that is returned by an HTTP client is composed of name and value pairs; the value is double-quoted. However, most HTTP clients and servers do not double-quote the value.

Conditions: This symptom is observed on a Cisco AS5400 that is configured for VXML. However, the symptom may be platform-independent.

Workaround: There is no workaround. The fix for this caveat removes the double quotes for the value.

CSCef79443

Symptoms: A software forced-reload may occur on a Cisco router that negotiates ISAKMP/IPSec security associations and that is configured as a spoke in a hub-spoke network.

Conditions: This symptom is observed after the router has booted and is in the process of building an ISAKMP/IPSec tunnel to the DMVPN hub.

Workaround: There is no workaround.

CSCef80169

Symptoms: Traffic does not flow across Multilink PPP (MLP) links with the exception of traffic for which the outgoing service policy imposes "Absolute Priority."

Conditions: This symptom is observed when MLP is configured between two Cisco RPM-XF modules and when traffic originates from the route processor.

Workaround: There is no workaround.

CSCef81501

Symptoms: When L2TPv3 tunnels are scaled and the IP Path MTU Discovery feature is enabled, a memory leak and crash may occur.

Conditions: This symptom is observed when multiple Xconnect statements are applied in conjunction with the IP Path MTU Discovery feature in the pseudowire class.

Workaround: Do not enable the IP Path MTU Discovery feature in an L2TPv3 configuration.

CSCef81595

Symptoms: Small IP packets (less then 28 bytes) fail to be decrypted for IPSec and are dropped. This situation causes GRE keepalive probe replies to be dropped, and consequently, the GRE tunnel to enter the DOWN state.

Conditions: This symptom is observed when point-to-point GRE (p-pGRE) and IPsec use a crypto map and a transport mode with GRE keepalives. Note that IP packets that are less than 28 bytes in length that are decrypted for IPSec.

Workaround: There is no general workaround for IPSec. However, for p-pGRE and IPSec, including a configuration with GRE keepalives, either configure the tunnel key 1 command on the tunnel interface on both ends or disable keepalives by entering the no keepalive command on the tunnel interface.

Note: If you choose to use the tunnel key, you may want to reduce the tunnel IP MTU with 4 bytes compared to its current value or enter the ip tcp adjust-mss 1400 command on the remote-end router.

CSCef81616

Symptoms: Cisco Optimized Edge Routing (OER) is not available on a Cisco 3640.

Conditions: This symptom is observed on a Cisco 3640 that runs the c3640-is-mz IP PLUS image of Cisco IOS Release 12.3(11)T.

Workaround: If your router has sufficient memory, use the c3640-js-mz image to run OER. Note that the symptom does not occur in Release 12.3(8)T4.

CSCef82962

Symptoms: A call treatment only plays a busy tone instead of the audio file that is configured in the call treatment.

Conditions: This symptom is observed when call treatment is configured on a router that functions as a Cisco CallManager Express (CME) and when the call threshold is met.

Workaround: There is no workaround.

CSCef83130

Symptoms: A Cisco 7500 series may periodically hang.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for both distributed CEF and IP RTP header compression.

Workaround: Remove IP RTP header compression from the interface on which it is configured.

CSCef84005

Symptoms: A virtual access (VA) interface flaps when sending traffic over a PPP interface.

Conditions: This symptom is observed on a Cisco RPM-XF when Internet Protocol Header Compression (IPHC) is configured on the PPP interface.

Workaround: There is no workaround.

CSCef84121

Symptoms: A software-forced crash may occur on a Cisco AS5400 because of a breakpoint exception.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T, that is configured for voice, and that has the logging facility enabled.

Workaround: There is no workaround.

CSCef84400

Symptoms: A router may crash because of a SIGBUS error when you enter a typeahead Tcl command. For example, entering the typeahead show running-config command may cause the router to crash.

Conditions: This symptom occurs only when you enter the command via a vty session such as a Telnet session.

Workaround: Only enter a typeahead Tcl command via the console of the router.

CSCef84623

Symptoms: A transcoding session may dangle even after the call is terminated.

Conditions: This symptom is observed on a router that has the Enhanced Conferencing and Transcoding for Voice Gateway Routers feature enabled.

Workaround: There is no workaround.

CSCef85266

Symptoms: When a voice gateway is reset by a Cisco CallManager, the voice gateway may not reregister with the Cisco CallManager, even when the output of the show isdn statistics command indicates the following state:

MULTIPLE_FRAME_ESTABLISHED and L3 Protocol(s) = CCM-Manager.

The above-mentioned state occurs when the voice gateway fails to send a restart message (RM) to the Cisco CallManager.

Conditions: This symptom is observed on a Cisco 3745 that functions as a voice gateway and that runs Cisco IOS Release 12.3(4)T6, 12.3(8)T3, or 12.3(8)T4.

Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the T1 controller of the interface that connects to the Cisco CallManager.

CSCef85823

Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third-party gateway. When the third-party gateway sends an open logical channel to the Cisco gateway as the last step to switch the codec to T38, the Cisco gateway may not send an open logical channel acknowledgement. Instead, the Cisco gateway may terminate the call immediately.

Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway and that does not have any lengthy debug turned on.

Workaround: There is no workaround.

CSCef86948

Symptoms: A Cisco 7500 series router may crash when attempt to delete an image from disk0.

Conditions: This symptom is observed when disk0 contains an image of Cisco IOS interim Release 12.3(11.5)T or interim Release 12.3(11.6)T and you attempt to delete this image.

Workaround: Reload the router with different Cisco IOS image and then delete the image of Release 12.3(11.5)T or Release 12.3(11.6)T from disk0.

CSCef88350

Symptoms: A router that is configured with a Layer 2 firewall may crash and report memory corruption.

Conditions: This symptom is observed on a Cisco 1700 series that is configured with a Layer 2 firewall and a WIC-4ESW on which a switch virtual interface (SVI) is configured in a bridge group. The symptom may be platform-independent.

Workaround: There is no workaround.

CSCef89947

Symptoms: When IPSec tunnels are functioning in SSO mode, and shortly after the tunnels are established, the console of the standby router repeatedly displays the "error coming back 000F" error message and IPsec SAs are not synchronized.

Conditions: This symptom is observed when you build 500 IPSec tunnels in SSO mode on a Cisco 7200 series.

Workaround: Do not configure the IPSec tunnels to function in SSO mode.

CSCef90148

Symptoms: After a grounding ring, the circuit may fail to detect an ensuing tip ground acknowledgement from the far end.

Conditions: This symptom is observed when placing outgoing calls with the FXO tip ground detect circuit present via a VIC2-2/4FXO, EM-HDA-6FXO, or EM-HDA-3FXS/4FXO.

Workaround: Use loopstart mode for FXO.

CSCef91218

Symptoms: An RPM-XF corrupts the DSCP values of traffic passing through.

Conditions: This symptom is observed after an output service policy is applied and fails because of incorrect parameters. The following error message is generated when the policy map is applied and fails:

PE1(config-if-atm-vc)#service-policy output in_policy_forout

PE1(config-if-atm-vc)#

PE1(config-if-atm-vc)#

PE1(config-if-atm-vc)#

PE1(config-if-atm-vc)#end

"set-mpls-exp-imposition-transmit" is not allowed in an output service policy.

Service policy installation failed on VC

Workaround: Verify the validity of the service policy before you apply the output policy map.

CSCef91468

Symptoms: A crashinfo file fails to be created when you enter the test crash command.

Conditions: This symptom is observed on a Cisco RPM-XF.

Workaround: There is no workaround.

CSCef94442

Symptoms: A spurious memory access is generated when SSG services are refreshed.

Conditions: This symptom is observed when two active SSG services that contain overlapping networks are refreshed and deleted.

Workaround: There is no workaround.

CSCef94604

Symptoms: When call threshold is configured on a gateway, the gateway does not keep track properly of the calls. Once the threshold is met, the gateway does not allow any more calls, even if the high value is not yet met.

Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway.

Workaround: There is no workaround. To recover from the symptom, allow all calls to clear. Doing so allows you to place calls again.

CSCef94731

Symptoms: A router may crash when an EZVPN tunnel is set up and you enter the show crypto isakmp key command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCef94974

Symptoms: A Cisco 7200 series that functions as a gateway GPRS support node (GGSN) may crash randomly while forwarding traffic.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(8)T4 under normal operating conditions.

Workaround: There is no workaround.

CSCef95597

Symptoms: A Cisco RPM-XF crashes when the ATM encapsulation for a PVC is changed.

Conditions: This symptom is observed when an MLP session is configured over a PVC subinterface.

Workaround: Shut down the PVC subinterface, change the encapsulation, and bring up the PVC subinterface.

CSCef95695

Symptoms: ESP frames are sent as protocol 50 (ESP) instead of the UDP protocol that is required for NAT-T. (The Internet Key Exchange security association [IKE SA] is correctly established.)

Conditions: This symptom is observed when one peer runs Cisco IOS Release 12.3(8)YA or Release 12.3(11)T and uses NAT-T version 7 and another peer runs NAT-T version 2 or 3.

Workaround: Remove NAT-T. Note that the symptom does not occur in Release 12.3(8)T4.

CSCef97752

Symptoms: Transmit underruns or receive overruns may occur on a serial interface on the motherboard WICs of a Cisco 2691 or Cisco 3725 router.

Conditions: This symptom is most likely to occur when the traffic of the serial interfaces on the motherboard on a Cisco 2691 or Cisco 3725 router is process-switched rather than fast-switched.

Workaround: Do not use the WAN interface card (WIC) slot on the motherboard. Rather, use the serial interface on a 2-WAN card slot network module (NM-2W), a 1-port Fast Ethernet 2-WAN card slot network module (NM-1FE2W), or a 2-port Fast Ethernet 2-WAN card slot network module (NM-2FE2W).

CSCeg00277

Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.

Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.

This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml

CSCeg01543

Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.

Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.

Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.

CSCeg01740

Symptoms: A router crashes when you delete a manual static Xconnect service with L2TPv3 encapsulation.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S but could also occur in other releases.

Workaround: Do not delete a manual static Xconnect service with L2TPv3 encapsulation.

CSCeg02238

Symptoms: IPSec HA support is missing from the crypto k9 images of a Cisco 7301.

Conditions: This symptom is observed on a Cisco 7301 router that runs a crypto k9 image of Cisco IOS Release 12.3(11)T.

Workaround: If this an option, use an IPSec HA-supported platform such as a Cisco 3725, Cisco 3745, or Cisco 7200 series. If this not an option, there is no workaround.

CSCeg02681

Symptoms: Multipath load balancing does not function properly.

Conditions: This symptom is observed on a Cisco RPM-XF when there are multiple paths configured for a destination. Pings to the destination over one of the paths only work when the other PPP link is in the shutdown state.

Workaround: There is no workaround.

CSCeg03052

Symptoms: A Cisco IAD2431 may not send PPTP traffic even though the PPTP tunnel is successfully authenticated and terminated on the Cisco IAD2431. When this situation occurs, the following error messages are generated:

%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed

Vi2.1 PPP: I pkt type 0x0021, datagramsize 64 link[ip]

%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed

Vi2.1 PPP: I pkt type 0x0021, datagramsize 64 link[ip]

%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed

Vi2.1 PPP: I pkt type 0x0021, datagramsize 422 link[ip]

Conditions: This symptom is observed on a Cisco IAD2431 that runs Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCeg03707

Symptoms: Use of the HTTP GUI interface of Cisco CallManager Express (CCME) may cause instability on a Cisco IOS voice gateway: the T1 controllers on the gateway may become accessible, calls may not complete through the gateway, and the gateway may reload unexpectedly.

Conditions: This symptom is observed when you use the HTTP GUI interface of CCME to configure and maintain a VoIP gateway.

Workaround: Use the command line interface (CLI) to configure and maintain a CCME VoIP gateway. To prevent access via the HTTP GUI interface, Cisco recommends that you remove the access by entering the no ip http server global configuration command.

CSCeg04293

Symptoms: A router may reload when you enter the crypto map map-name command.

Conditions: This symptom is observed on Cisco router that runs Cisco IOS interim Release 12.3(11.7)T.

Workaround: There is no workaround.

CSCeg05374

Symptoms: Conference calls fail and tracebacks are generated.

Conditions: This symptom is observed on a Cisco router when the Enhanced Conferencing and Transcoding for Voice Gateway Routers feature is enabled.

Workaround: There is no workaround.

CSCeg05544

Symptoms: The following CLIs are blocked out:

h225 h245-address sync

h225 h245-address facility

h225 h245-address progress

The following CLIs can only be seen with the no allow-connection h323 to h323 command:

h225 progress-indicator local-ringback

h225 h245-address on-connect

Conditions: This symptom refers to the following configuration:

voice service voip

allow-connection h323 to h323

h323

h225 id-passthru

...

Workaround: Configure the impacted commands via voice-class configuration mode.

CSCeg06154

Symptoms: A router crashes when you delete an MPLS subinterface by entering the no interface command.

Conditions: This symptom is observed when the mpls ip command is configured on the same MPLS subinterface. For example, consider a router with the following configuration:

interface atm1/0.1 mpls

mpls ip

When you enter the no interface atm1/0.1 mpls command, the router crashes.

Workaround: There is no workaround.

CSCeg06731

Symptoms: A Cisco router that is configured for IVR may crash with a SegV exception.

Conditions: This symptom is observed on a Cisco 2600XM series that runs Cisco IOS Release 12.3(11)T. The symptom may be platform-independent.

Workaround: There is no workaround.

CSCeg08282

Symptoms: An L2TP tunnel may not be displayed when a static session is up.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.7)T.

Workaround: There is no workaround.

CSCeg08629

Symptoms: A Cisco 7500 series may generate CCB playback errors and reload the secondary Route Switch Processor (RSP).

Conditions: This symptom is observed when there are channelized T3 port adapters installed in the router and when a channel-group parameter is configured before the channel group is created. To recover from the symptoms, reload the router.

Workaround: Configure the channel-group via the t1 t1-line-number channel-group channel-group-number timeslots list-of-timeslots command before you configure any options such as framing of FDL on the channel group.

CSCeg08927

Symptoms: A Cisco GGSN that runs Cisco IOS Release 12.3(8)T3 with GPRS software may reload when repetitive create PDP context requests are received for an existing PDP in the GGSN.

Conditions: This symptom is observed when the following sequence of events occurs:

1. A successful create PDP request occurs and a PDP is created.

2. A second create PDP request is received for the same PDP, requesting a DNS address. Because of an error in the protocol configuration option (PCO), this create PDP request is rejected.

3. A third create PDP request is received without a PCO.

Workaround: There is no workaround.

CSCeg09811

Symptoms: When a G.SHDSL version 2 (V2) WIC is installed in the first WIC slot of a router and a G.SHDSL version 1 (V1) WIC in the second WIC slot of the router, a ping over the G.SHDSL V1 WIC fails when the G.SHDSL V2 WIC has the default configuration.

Conditions: This symptom is observed on a Cisco 3700 series.

Workaround: Enter the mode atm command for the controller of the DSL interface on the G.SHDSL V2 WIC.

CSCeg10138

Symptoms: The 64-bit counters in the output of a show policy- map command may not provide correct information.

Conditions: This symptom is observed on a Cisco RPM-XF.

Workaround: There is no workaround.

CSCeg10255

Symptoms: A router may reload unexpectedly when you enter the show call active voice command. After the crash, the output of the show version command may show a message similar to the following:

System returned to ROM by error - a SegV exception, PC 0x803D4DC8

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for voice.

Workaround: There is no workaround.

CSCeg12134

Symptoms: When you send multicast traffic over an IPSec tunnel, a memory leak may occur on a router.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when both IP CEF and hardware encryption are configured.

Workaround: Switch to software encryption for a while and then switch back to hardware encryption.

Alternate Workaround: Disable IP CEF.

CSCeg12592

Symptoms: A Cisco voice router crashes at boot time and enters into a crashloop until you recover it manually.

Conditions: This symptom is observed on a Cisco 2600XM, Cisco 2691, Cisco 3640, Cisco 3660, Cisco 3725, and Cisco 3745 that have an NM-2V installed with either a VIC-2BRI-NT/TE or a VIC-2BRI-ST/TE voice card and that run Cisco IOS interim Release 12.3(11.9)T or a later release.

Workaround: There is no workaround.

CSCeg15855

Symptoms: Hairpinned calls fail.

Conditions: This symptom is observed on a Cisco router that is configured with an NM-HDV2-2T1/E1 network module.

Workaround: There is no workaround.

CSCeg15922

Symptoms: A DMVPN tunnel (mGRE) may not fully initialize at startup. When you enter the no shutdown command on the tunnel interface, the platform may crash with a "tunnel_protection_setup_socket" error.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2SX but may also occur in Release 12.3 or Release 12.3T.

Workaround: Create a point-to-point GRE tunnel on the spokes (instead of via mGRE) and an mGRE tunnel on the hub. Note that you need an NHRP Next Hop Server (NHS) configuration in order for the hub to learn the spokes.

Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel interface in order for the tunnel to come up. However, after you have implemented the Alternate Workaround, the crash may still occur.

Further Problem Description: The crash occurs only on a spoke router or spoke switch, not on a hub router or hub switch. Furthermore, the crash is only observed on a Cisco Catalyst 6000 series and a Cisco 7600 series and may occur with any DMVPN configuration that uses mGRE tunnels.

CSCeg17082

Symptoms: All voice calls fail and the output of the show voice port summary command shows that all voice ports are in the down state:

IN OUT

PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC

========= == ============ ===== ==== ======== ======== ==

0/1:0 01 e&m-wnk up down idle idle y

0/1:1 02 e&m-wnk up down idle idle y

0/1:2 03 e&m-wnk up down idle idle y

Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3660, and Cisco 3700 series that run Cisco IOS Release 12.3(11)T1 or Release 12.3(11)T2 and that are configured with an AIM-VOICE interface module that has DSPs that are configured for high complexity. The symptom occurs after you reload the router.

Workaround for Release 12.3(11)T1: Bring the voice ports to the up state by entering the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice ports.

Workaround for Release 12.3(11)T2: Remove the affected DS0 group and reconfigure it.

CSCeg17274

Symptoms: When you enter a timeout value shorter than 8 seconds on an IPHC-enabled interface, the value is not configured. Instead, a timeout value of 8 seconds is configured.

Conditions: This symptom is observed on a Cisco RPM-XF that is configured for IP RAN when you use the ppp iphc max-time seconds command to enter the timeout value on a virtual template in a multilink configuration.

Workaround: There is no workaround.

CSCeg17630

Symptoms: The MGX-RPM-1FE-CP RPM-PR back card is not recognized.

Conditions: This symptom is observed when the MGX-RPM-1FE-CP RPM-PR back card is inserted in a Cisco MGX2 chassis that is configured with an RPM-PR and a PXM45B controller card. The back card is shown as "Unknown."

Workaround: There is no workaround.

CSCeg17982

Symptoms: An MGCP gateway may respond with a "510 - protocol error" message to an Audit Connection (AUCX) message from the call agent. However, the gateway should respond as follows:

To an AUCX message with no RequestedInfo (F:), a valid connection ID (I:), and a valid endpoint ID, the gateway should respond with a "200" message.

To an AUCX message with no RequestedInfo (F:), a valid connection ID (I:), but an invalid or unknown endpoint ID, the gateway should respond with a "500" message.

Conditions: This symptom is observed on a Cisco gateway that is configured for Media Gateway Control Protocol (MGCP).

Workaround: There is no workaround.

CSCeg18548

Symptoms: The clear line command may not function and does not cause a link to be dropped.

Conditions: This symptom is observed when you enter the clear line command for a WIC-1AM or WIC-2AM that is installed in an NM-2W network module.

Workaround: Enter the clear interface or the clear modem to cause the link to be dropped.

CSCeg18639

Symptoms: The cookie information of an HTTP user may be lost after the user disconnects.

Conditions: This symptom is observed on a Cisco AS5400 that is configured for VXML when an HTTP client retrieves a document and disconnects. However, the symptom is platform-independent.

Workaround: There is no workaround.

CSCeg21929

Symptoms: Voice packets are not compressed when cRTP is configured with MQC on a serial interface that is configured for Frame Relay encapsulation.

Conditions: This symptom is observed on a Cisco 3725, Cisco 3745, and Cisco 7206.

Workaround: Disable CEF globally and disable fast switching on the serial interface.

CSCeg21998

Symptoms: A memory leak may occur for every single transcoding call.

Conditions: This symptom is observed on any Cisco platform that supports transcoding.

Workaround: There is no workaround.

CSCeg23275

Symptoms: A Cisco voice gateway may crash when you run a TCL IVR application that performs media recording to a TFTP server.

Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.3T. Note that this release does not support media recording to a TFTP server.

Workaround: Configure media recording to an HTTP, RTSP, or ESMTP server, all of which are supported in Release 12.3T.

CSCeg28309

Symptoms: The max-users number-of-users and the max-logins number-of-users command do not function in an HA environment.

Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS release later than Release 12.3(4)T9 and that is configured for HA.

Workaround: There is no workaround.

CSCeg28876

Symptoms: Even though route cache is enabled and functioning by default, the output of the show running-config interface type number command shows the "no ip route-cache" message for an MLP interface that is up. When IP Header compression is configured for the MLP interface, the command output also shows the "no ip route-cache cef" message.

Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(11)T2 or an earlier release.

Workaround: There is no workaround. However, note that route cache does function even though the error messages suggest otherwise.

CSCeg32865

Symptoms: When you enter a test command such as the test voice driver command, the channel status may show as mismatched.

Conditions: Depending on the test command that you enter, this symptom is observed on a Cisco 2800 series and Cisco 3800 series or on a network module that has a TI-5510 DSP such as an NM-HD-2V or NM-HD-2VE network module.

Workaround: Do not enter a test command to troubleshoot network issues. Rather, enter the show voice dsp command or the show voice dsp detail command.

CSCeg33405

Symptoms: OSPFv3 neighbors may not come up when IPv6 IPSec is configured.

Conditions: This symptom is observed on a Cisco router that has more than one interface configured for OSPFv3 and IPv6 IPSec.

Workaround: Disable IPSec for IPv6 or configure only a single interface on the router for IPv6 IPSec.

CSCeg33863

Symptoms: When a Cisco CallManager Express (CCME) is configured for the longest-idle ephone hunt group, the call is not forwarded to the final number.

Conditions: This symptom is observed when a call that is made to the longest-idle ephone hunt-group pilot number is redirected on a busy signal or no answer signal from one Cisco IP phone directory number (ephone-dn) to another ephone-dn (from the configured ephone-dn list) until the call is answered. When none of the ephone-dns answers the call, the caller receives a fast-busy signal instead of the call being routed to the final number.

Workaround: There is no workaround.

CSCeg39241

Symptoms: There is no voice path when a call rotates from one dial peer to another dial peer.

Conditions: This symptom is observed on a Cisco Multiservice IP-to-IP Gateway (IPIPGW) when the Emptycapability feature is enabled globally to support different codecs and when the first outgoing dial peer receives a "no answer."

Workaround: There is no workaround.

CSCeg40630

Symptoms: TACSAS+ is not supported on a Cisco IAD2430.

Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3T.

Workaround: There is no workaround.

CSCeg47178

Symptoms: When the load interval is configured as 30 seconds, the clear counters command takes a long time (1 minute and 45 seconds) to clear the offered rate and the drop rate counters.

Conditions: This symptom is observed on a Cisco RPM-XF that processes IP traffic with a 200-byte packet size at the rate of 1000 bps.

Workaround: There is no workaround.

CSCeg50001

Symptoms: Upstream traffic does not reach a public data network (PDN), and the send and receive counters are incremented properly.

Conditions: This symptom is observed when you send process-switched packets upstream over a packet data protocol (PDP) link in a GPRS network.

Workaround: There is no workaround.

CSCeg50406

Symptoms: A Cisco IAD2431 shows in the output of the show version command as a Cisco IAD2400.

Conditions: This symptom is observed on a Cisco IAD2431 that runs Cisco IOS Release 12.3(11)T.

Workaround: Enter the no memory-size iomem 10 command.

CSCeg52461

Symptoms: When a call is blind-transferred from a CME IP phone to a PRI number, there is no ringback tone heard at the transferee.

Conditions: This symptom is observed when a Cisco 3700 series functions as a voice gateway in the following call scenario:

Party A calls party B (that uses a CME IP Phone). Party B blind-transfers the call to party C through a PRI interface. Party C receives the transferred call but party A does not hear the ringback tone.

Workaround: There is no workaround.

CSCeg55700

Symptoms: The caller ID name is not displayed when the name is greater than 15 characters.

Conditions: This symptom is observed on a Cisco platform that is configured for SIP when INFO messages are used to relay the caller ID name.

Workaround: There is no workaround.

CSCeg57104

Symptoms: No proper warning message is generated when a platform approaches its low-memory threshold.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T2.

Workaround: There is no workaround.

CSCeg61162

Symptoms: Caller ID presentation does not function because a Cisco VG224 does not reverse the line polarity.

Conditions: This symptom is observed on a Cisco VG224 that has the caller-id alerting line-reversal command enabled.

Workaround: There is no workaround.

CSCeg67106

Symptoms: A call transfer may fails.

Conditions: This symptom is observed on a Cisco router that functions as a Cisco CallManager Express (CME) when the transfer-pattern argument of the transfer-pattern transfer-pattern command is ".T" to allow the transfer of telephone calls from Cisco IP phones to phones other than Cisco IP phones.

Workaround: There is no workaround.

CSCeg68557

Symptoms: When there is a failure between two IPSec peers, DPD can detect that the communication fails. When there are multiple phase 2 SAs and DPD failures, phase 1 SAs are deleted, but only one phase 2 SA is deleted. This is improper behavior: all phase 2 SAs should be deleted.

Conditions: This symptom is observed on a Cisco router that is configured for IPSec ISAKMP when there are multiple ACEs in a dynamic crypto ACL, causing multiple phase 2 SAs to be generated.

Workaround: Enter the clear crypto sa command.

Further Problem Description: If Reverse Route Injection is also configured, the corresponding route is not deleted.

CSCeg72444

Symptoms: A router that is configured for SSG may hang and crash.

Conditions: This symptom is observed when PBHK and idle timeout are enabled for PPP users and the router is busy.

Workaround: Disable idle timeout for all PPP users.

Alternate Workaround: Disable PBHK. If you do so, you may still observe a few non-aligned accesses but a crash will not occur.

CSCeg73626

Symptoms: A DSP farm profile cannot be configured.

Conditions: This symptom is observed on a Cisco 3700 series and Cisco 3800 series when a voice card does not have the dsp services dspfarm command enabled.

Workaround: Enter the dsp services dspfarm command on at least one voice card.

CSCeg73744

Symptoms: A Cisco AS5350 VoIP gateway leaks memory in the "CCSIP_SPI_CONTROL" process when it receives an "out-of-dialogue" NOTIFY, REGISTER, or OPTIONS request that is syntactically incorrect, for example, it has no contact header. In such a situation, the gateway rejects the request with a 4xx error response, but the output of the show processes memory command shows a memory leak in the CCSIP process.

Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(8)T or 12.3(11)T.

Workaround: Disable the "out-of-dialogue" NOTIFY, REGISTER, or OPTIONS request or ensure that the syntax of the request is correct.

CSCeg73956

Symptoms: A Cisco 2430 that runs an IVR TCL 2.0 script to play audio or music on incoming calls on a POTS leg may cause audio stuttering, cutoffs, looping, breakups, or a combination of these problems, causing menu options in a VXML script to be lost.

Conditions: This symptom is observed when more than five concurrent users listen to the audio or music stream. When an additional call occurs, the audio may start to break up, may stop completely, or may loop or stutter. The symptom occurs irrespective of whether the script and audio files are loaded from TFTP or from flash memory.

Workaround: There is no workaround.

CSCeg77587

Symptoms: Calls via a V.110 L2TP GSM application fail.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(2)T or a later release and that is configured for MGCP NAS. Debugs show PPP and CRC errors and corrupt asynchronous framing.

Workaround: There is no workaround.

CSCeg78279

Symptoms: A Cisco Catalyst 6500 series Communication Media Module (WS-CMM-SVC) may crash frequently.

Conditions: This symptom is observed on a Catalyst 6509 that is configured with a Supervisor Engine 720 that runs Cisco IOS Release 12.2(18)SXD2 while the WS-CMM-SVC runs Release 12.3(8)XY2. The symptom may also occur in Release 12.3T.

Workaround: There is no workaround.

CSCeg78458

Symptoms: A Cisco 836 or Cisco 837 may reload because of a software-forced crash when you request a reload with an XML file via CNS.

Conditions: This symptom is observed with a CNS Configuration Engine version 1.4 that runs on an IE2115 server. The routers run Cisco IOS Release 12.3(8)YG. The symptom could also occur in Release 12.3.

Possible Workaround: Enter the scheduler max-task-time 50000 command.

CSCeg79652

Symptoms: When you enter the reload command on a router that is configured with an SHDSLv2 card, the router enters an endless loop.

Conditions: This symptom is observed only with SHDSLv2 cards on a Cisco router that runs a Cisco IOS Release later than interim Release 12.3(12.6)T.

Workaround: To recover the router from the loop, enter the send brk command to enable the router to enter ROMmon mode.

CSCeg81698

Symptoms: After a DSP crashes and recovers, voice calls through a backhauled PRI fail. Note that a regular PRI is not affected.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T6, that functions as a voice gateway, and that is configured with an NM-HDV2 and a PVDMII-24.

Workaround: Enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice port. Note that shutting down and bringing up the controller on the affected voice port does not bring the voice port back up.

CSCeg81870

Symptoms: In SRST mode, a phone does not completely register with a voice gateway, preventing SRST from functioning.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T3 when a service URL is associated with speed buttons.

Workaround: There is no workaround.

CSCeg82704

Symptoms: When a phone call is made and forwarded to a Cisco Unity Express Network Module (NM-CUE), choppy voice may occur on the IP phone(s) that are connected to the stacked Etherswitch modules. The symptom is observed for voice connections between the IP-phone(s) and the NM-CUE. The sound during calls between two IP phones is good.

Conditions: This symptom is observed when a 16-port Etherswitch module is stacked with a 36-port Etherswitch network module. This symptom does not occur when only a single Etherswitch module (either 16- or 36-port) is used.

Workaround: There is no workaround.

CSCeg85709

Symptoms: A fax to or from an FXS port does not go through as modem pass-through.

Conditions: The symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1 when modem pass-through is configured globally.

Workaround: There is no workaround.

CSCeg87507

Symptoms: DSP programming on a router fails, causing a BRI call to disconnect. The output of the debug voip vtsp session command shows "DSP programming failed".

Conditions This symptom is observed on a Cisco 2800 series, Cisco 3800 series, and any other router that uses Flex DSP resource management (DSPRM) when calls are made from a BRI or PRI to the PSTN and when the PSTN side sends a Call Proc message followed by a Call Alerting message.

Workaround: There is no workaround.

CSCeg87892

Symptoms: VIPs crash when GRE tunnels are configured in an MPLS VPN configuration. The interface names are not displayed in the output of the show adjacency detail command output because the name strings of the FIBIDBs are incorrectly allocated.

Conditions: These symptoms are observed when GRE tunnels are configured on MPLS PE routers. However, the incorrect allocation of the name strings of the FIBIDBs may occur on any platform.

Workaround: There is no workaround.

CSCeh00270

Symptoms: A Cisco gateway may reload at "h245_olc_out_sm".

Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(7)T7 when the gateway receives a third-party RequestChannelClose message that has the reason field populated with "reopen".

Workaround: Ensure that the third-party gateway does not send a RequestChannelClose message with the reason field populated with "normal".

CSCeh02312

Symptoms: A router may reload when you lock or unlock an RSA key pair.

Conditions: This symptom is observed when you enter the crypto key lock rsa passphrase passphrase or crypto key unlock rsa passphrase passphrase EXEC command.

Workaround: Do not include the passphrase keyword and associated argument in the command. Neither include the optional name keyword and the associated key-name argument in the command because the router prompts for key name that you want to lock or unlock.

CSCeh05540

Symptoms: Packet statistics that are displayed under an L2 policy map are incorrect. The counters that show incorrect information are the "Conformed packets/bytes" and "Exceeded packets/bytes" counters.

Conditions: This symptom is observed on a Cisco MGX RPM-XF when a policy map is applied to any of its interfaces and when the affected counters cross the actual value of 4294967295.

Workaround: There is no workaround.

CSCeh09360

Symptoms: IPSec does not function when the ip route cache command is enabled.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T3 but may be platform-independent.

Workaround: There is no workaround.

CSCeh10980

Symptoms: A Cisco voice gateway may reload when a consultation call transfer is executed using a default session application.

Conditions: This symptom is observed on a Cisco voice gateway that is configured for IVR.

Workaround: There is no workaround.

CSCeh12839

Symptoms: A SSG does not return GPRS VSAs to a GGSN in an access-accept message.

Conditions: This symptom is observed when a RADIUS client such as a GGSN sends an extended auto-domain access request. The SSG should return the "gprs:charging-profile-index" and "csg:billing_plan" VSAs in the auto-domain profile to the GGSN when the no remove vsa cisco command is enabled on the SSG for the RADIUS client.

Workaround: There is no workaround.

CSCeh13450

Symptoms: When you enter the show controllers command on a Cisco 3xxx series router, the router either reloads because of a watchdog timeout or hangs. Note that the show controllers command is also part of the show technical-support command.

Even with the configuration register set to allow a break into rommon (0x2002), this facility remains unavailable when the router hangs. If this situation occurs, you must power-cycle the router to bring it up.

Conditions: This symptom is observed on a Cisco router when the following conditions are present:

The router has an NM-16A network module installed.

The router is configured with one or more async interfaces that are configured on the NM-16A network module.

Workaround: There is no workaround.

CSCeh22179

Symptoms: No traffic is sent from a Cisco 3825.

Conditions: This symptom is observed on a Cisco 3825 that runs Cisco IOS Release 12.3(11)T3 when traffic from a VPN that leaves through the global interface does not require encryption.

Workaround: Remove the crypto map from the global interface.

CSCeh31306

Symptoms: A Cisco MGX RPM-PR does not boot up.

Conditions: This symptom is observed when the Cisco MGX RPM-PR does not receive the boot acknowledgement from the PXM.

Workaround: There is no workaround.

CSCeh34089

Symptoms: You cannot run the Embedded Event Manager Tcl policy scripts.

Conditions: This symptom is observed in all Cisco IOS software images that contain the fix for caveat CSCeg07394. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg07394. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround.

CSCeh35434

Symptoms: An Embedded Event Manager TCL policy does not function.

Conditions: This symptom is observed on a Cisco IOS software image that contains the fix for caveat CSCeg07394. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg07394. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround.

CSCeh37039

Symptoms: A file system fails to complete the dir command or a show command upon encountering a unrecognized file.

Conditions: This symptom is observed when there is a file of a type that is unrecognizable or not supported by the USB token file system.

Workaround: Format the USB token prior to its first use.

CSCin65900

Symptoms: A Cisco 7200 VXR router that functions as a LAC crashes while handling PPPoA/L2TP and PPPoEoA/L2TP calls.

Conditions: This symptom is observed when you simulate some kind of DoS attack by sending PPPoEoA traffic from a large number of users that have incorrect user names.

Workaround: There is no workaround.

CSCin66200

Symptoms: A memory allocation failure (MALLOCFAIL) message may be displayed when you enter the show vpdn command.

Conditions: This symptom is observed only when a very large number of L2TP sessions are active on the router.

Workaround: There is no workaround.

Further Problem Description: To properly generate the output of the show vpdn command, ensure that the router has sufficient contiguous memory: for 16,000 sessions, 64 MB is required; for 32,000 sessions, 128 MB is required.

CSCin73697

Symptoms: A dual-tone multifrequency (DTMF) tone that is sent from a SIP gateway via a Cisco Multiservice IP-to-IP Gateways (IPIPGW) is not sent as NTE RTP packets to an H.323 gateway because the DTMF tone is received as inband voice by the IPIPGW. The output of the show call active voice command for the IPIPGW shows the DTMF type as RTP-NTE for both legs but the output of this command on the SIP gateway shows the DTMF type as inband voice.

Conditions: This symptom is observed when a call is made from a SIP gateway via an IPIPGW to an H.323 gateway.

Workaround: There is no workaround.

CSCin78987

Symptoms: A Cisco 3660 shows fluctuations in the CPU utilization and the CPU useage peaks frequently at 100 percent, as you can observe in the output of the show processes cpu command.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(8)T and that is configured with a control plane with a class map to drop matched packets.

Workaround: There is no workaround.

CSCin79413

Symptoms: The following error message is displayed on a Cisco platform that has 128 MB RAM:

"%DSMP-3-INTERNAL: Internal Error : NO MEMORY"

Conditions: This symptom is observed when an NM-HD-2VE network module is used as a hardware-based MTP to convert DTMF tones from out-of-band to in-band.

Workaround: There is no workaround.

CSCin81217

Symptoms: After the idle timeout expires, SSG does not send a reauthorization request to the AAA server.

Conditions: This symptom is observed with a quota of zero and an idle timeout that is larger than zero.

Workaround: There is no workaround.

CSCin81377

Symptoms: A watchdog timeout may occur when a router reads a cookie from an empty AIM slot.

Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3T.

Workaround: There is no workaround.

CSCin81496

Symptoms: Compressed Real-Time Protocol (CRTP) or Compressed User Datagram Protocol (CUDP) traffic is not compressed. Many collisions occur and CID_IN_USE and timeout values are corrupted.

Conditions: These symptoms are observed on a Cisco RPM-XF when cUDP or cRTP traffic is running and when any of the following events occurs:

You enter the clear int sw1 command.

You enter the shutdown command followed by the no shutdown command on the switch interface.

The max_cid or timeout values for IPHC are modified.

Workaround: Re-enter the clear int sw1 command or re-enter the shutdown command followed by the no shutdown command on the interface.

CSCin81995

Symptoms: The Segmentation And Reassembly (SAR) engine on a Cisco RPM-XF shows buffer exhaustion, causing data drops.

Conditions: This symptom is observed when ATM SAR-based class-based weighted fair queueing (CBWFQ) is enabled and when policy maps are attached to outgoing PPPoA interfaces.

Workaround: There is no workaround.

CSCin82407

Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.

Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.

This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml

CSCin82872

Symptoms: Drop reset actions do not work for signatures.

Conditions: This symptom is observed when a Cisco IOS firewall is configured and when either CEF or Fast Path are enabled.

Workaround: Disable CEF or Fast Path. If this is not an option, there is no workaround.

CSCin82878

Symptoms: Fax Relay and Fax Pass-Through fail with fallback using Named-Signaling Event (NSE) signaling.

Conditions: This symptom is observed on a Cisco router such as a Cisco 3600 series when Fax Relay or Fax Pass-Through is configured with fallback using an NSE configuration command. The fax fails in the following example topology:

The originating fax machine connects to the originating gateway (OGW) (a Cisco router) that connects via VoIP to the terminating gateway (TGW) (also a Cisco router). The TGW connects via a T1 PRI to the terminating fax machine.

In this example, the OGW has the following configuration:

Rtr-A(config)#voice service voip

Rtr-A(conf-voi-serv)#fax protocol pass g711u

Rtr-A(conf-voi-serv)#end

In this example, the TGW has the following configuration:

Rtr-B(config)#voice service voip

Rtr-B(conf-voi-serv)#fax protocol t38 nse force fallback pass g711u

Rtr-B(conf-voi-serv)#end

Workaround: Do not use NSE signaling.

CSCin84370

Symptoms: SSG crashes when an accounting start packet is received for a RADIUS user.

Conditions: This symptom is observed when the accounting start packet has a different framed IP address than the stored IP address for an existing host.

Workaround: There is no workaround.

CSCin84419

Symptoms: Multicast traffic is punted to the RP, the CPU utilization is high, and the output of the show pxf cpu mroute vrf vrf-name command shows that the "No_FS" flag is set for a (S,G) entry and does not clear.

Conditions: This symptom is observed on a Cisco RPM-XF when you enter the clear ip mroute group command and a data MDT group for the group argument.

Workaround: Enter the clear ip mroute vrf * command.

CSCin85511

Symptoms: A router that runs SSG in the SSG-Radius-Proxy mode may reload.

Conditions: This symptom is observed when an SSG RADIUS proxy client issues a request for login via an AutoDomain service that uses an L2TP tunnel and when the login is rejected because of a PPP authentication failure on the LNS.

Workaround: There is no workaround.

CSCin85992

Symptoms: An EzVPN tunnel fails to come up on a dialer interface.

Conditions: This symptom is observed when both a crypto map and an EzVPN client configuration are applied on the dialer interface. The output of the show crypto map command shows that the same static or dynamic crypto map is applied multiple times on the cloned virtual-access interface.

Workaround: There is no workaround.

CSCin86322

Symptoms: An end-to-end sweep ping fails across a dLFI bundle and the bundle flaps.

Conditions: This symptom is observed when dLFI is configured on a Cisco 7500 series.

Workaround: There is no workaround.

CSCin87008

Symptoms: A router that runs SSG may reload when SSG is configured as a RADIUS proxy and processes access requests from RADIUS clients.

Conditions: This symptom is observed when SSG is configured as a RADIUS proxy with a session identifier as the IP address and when SSG processes multiple simultaneous requests from RADIUS clients, all of which are assigned the same IP address.

Workaround: Ensure that different sessions receive different IP addresses or configure another attribute such as MSID to ensure that there is a unique attribute as the session identifier in an access request.

CSCin87071

Symptoms: A router that runs SSG may reload when SSG is configured as a RADIUS proxy and processes retransmitted access requests from RADIUS clients.

Conditions: This symptom is observed when SSG is configured as a RADIUS proxy with a session identifier as the IP address and when SSG processes multiple simultaneous requests from RADIUS clients, all of which are assigned the same IP address and some of which are retransmitted.

Workaround: Ensure that different sessions receive different IP addresses or configure another attribute such as MSID to ensure that there is a unique attribute as the session identifier in an access request.

CSCin87464

Symptoms: A spurious memory access occurs on an SSG when you run a MIB get request for the SSG service binding entries.

Conditions: This symptom is observed when an SSG service is bound to a next-hop IP address.

Workaround: There is no workaround.

CSCin87560

Symptoms: The following error message is displayed on a router that is configured for SSG:

%SYS-3-BADLIST_DESTROY: Removed a non-empty list

Conditions: This symptom is observed while you unconfigure an SSG feature by entering the no ssg enable force-cleanup command on the router that has one or more instances of an SSG service binding configuration such as the ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).

Workaround: Before you unconfigure the SSG feature, unbind the SSG service by entering the no ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).

CSCin89165

Symptoms: SSG does not create host objects in RADIUS proxy mode.

Conditions: This symptom is observed when SSG is configured in SSG proxy mode with the session identifier as IP.

Workaround: Use other parameters apart from IP as the session identifier. If this is not a practical option, there is no workaround.

CSCsa40490

Symptoms: IP phones that are connected to an NM-ESW-16 network module may reboot when the Ethernet cable of one of the IP phones is physically unplugged from the NM-ESW-16 network module.

Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(8)T3 or Release 12.3(11)T and that is configured with an NM-ESW-16 network module with a PPWR-DCARD-16ESW power board.

Workaround: There is no workaround.

CSCsa40567

Symptoms: The output of the show rpm iphc cids src-ip dest-ip src-udp-port dest-udp-port max-cids command does not show the CID values. Only zeros are seen in the command output.

Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(11)T1 when cRTP is configured.

Workaround: There is no workaround.

CSCsa41459

Symptoms: When you boot a router, a voice port remains in the BUSYOUT state, which can be observed in the output of the show voice call summary command.

Conditions: This symptom is observed when the T1 controller is configured as the DS0 group.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T1 controller to enable the voice port to change to the ONHOOK state and voice calls to be resumed.

CSCsa45197

Symptoms: When you enter the show policy-map interface interface-name output command for a switch subinterface, the drop rate counter always shows zero.

Conditions: This symptom is observed on a Cisco RPM-XF that is configured for SAR-based CBWFQ.

Workaround: Determine the drop rate from the number of exceeded packets in the output of the show policy-map interface interface-name output command.

CSCsa45335

Symptoms: "IP Input" and "ESM Logger" processes hold increasing amounts of memory.

Conditions: This symptom is observed when the Embedded Syslog Manager (ESM) is used to manipulate syslog messages and executes show commands to gather information that is required for syslog message modification. The probability that the symptom occurs increases with the number of times that a show command is executed by the TCL script.

Workaround: There is no workaround.

CSCsa46455

Symptoms: A Cisco gateway that runs a TCL IVR voice application may reload when the voice application is unconfigured or reloaded.

Conditions: This symptom is observed only when the voice application is unconfigured or reloaded while calls are still active for the voice application.

Workaround: Ensure there are no calls active for the voice application before you unconfigure or reload it.

CSCsa51612

Symptoms: A router that is configured with IPSec sessions reboots consistently at periodic intervals because of a bus error. The output of the show version command shows the following error message:

System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xXXXXXXXX

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.8)T.

Workaround: There is no workaround.

CSCsa51662

Symptoms: Auto-logon services may not be activated for some RADIUS proxy users.

Conditions: This symptom is observed on a Cisco router that is configured for SSG, that has a RADIUS proxy enabled, and that has auto-domain enabled with the mode set to "extended" and without NAT. When a RADIUS proxy auto-domain user logs in with a proxy service as a primary service and one or more additional auto-logon services, the connection to the primary service is activated and the host is assigned an IP address from the service, but the connection to the other auto-logon services is not activated.

Workaround: There is no workaround.

CSCsa53698

Symptoms: Fax pass-through may fail.

Conditions: This symptom is observed on a gateway that is configured for fax pass-through or T.38 with fax pass-through as the fallback method after an initial call is established, the gateway detects a fax tone, and the gateway sends a re-Invite message with a new SDP message requesting to switch to fax pass-through. However, the "o" line in the new SDP message has the same version ID as the "o" line in the initial SDP request that was sent by the gateway. If the originating gateway does not indicate that it disabled silence suppression with a "silenceSuppression=off" attribute in its SDP answer, fax pass-through fails.

Workaround: There is no workaround.

CSCsa54117

Symptoms: A Cisco IAD2430 may become unresponsive to Telnet session and drop SIP registration because of a memory leak in the "CCSIP_SPI_CONTRO" process.

Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3(11)T2.

Workaround: There is no workaround.

CSCsa54608

The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.

Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.

Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.

Only devices running certain versions of Cisco IOS are affected.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.

CSCsa58622

Symptoms: When you enter the show telephony-service all or show telephony-service command and when the locale is set to Japan, a spurious memory access is caused by the command, and the following error message and traceback are generated:

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x80EA5400 reading 0x2D0 %

ALIGN-3-TRACE: -Traceback= 80EA5400 80EA3938 803C3090 803C58EC 80ECC3D4 80EE851C 809098F8 8090CD1C %ALIGN-3-TRACE: -Traceback= 80EA56C4 80EA3938 803C3090 803C58EC 80ECC3D4 80EE851C 809098F8 8090CD1C

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release is 12.3(11)T, when Cisco CallManager Express is enabled, and when the user-locale JP or network-locale JP command is configured.

Workaround: There is no workaround.

CSCsa59690

Symptoms: A router reloads when you enter the hardware-address command.

Conditions: This symptom is observed on a Cisco router that is configured for Dynamic Host Configuration Protocol (DHCP).

Workaround: Edit the startup configuration to eliminate the configuration of the hardware-address command and reload the router with the modified startup configuration.

CSCsa61378

Symptoms: A Cisco router that is configured for SSG may hang or crash.

Conditions: This symptom is observed when upstream traffic is sent immediately after a host logs in and the system is busy.

Workaround: There is no workaround.

CSCsa61864

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCsa62111

Symptoms: Packets may be stuck in the input queue of a Cisco 7200 series.

Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS interim Release 12.3(12.10) and that is configured with an NPE-G1.

Workaround: Reload the router to clear the input queue or increase the input queue beyond the default limit of 75 via the hold-queue length command.

CSCuk56024

Symptoms: 6PE traffic is dropped on a PE router.

Conditions: This symptom is observed when an IPv6 prefix is first learned by an OSPF IGP on a 6PE router but then no longer received by OSPF but iBGP on the 6PE router. The label information is properly updated in the RIB but not in the FIB.

Workaround: Clear the route to restore proper forwarding.

CSCuk56028

Symptoms: Redistributed BGP IPv6 unicast routes are not advertised to any BGP peer even though they are shown as the best path. The output of the show bgp ipv6 unicast ipv6-prefix command shows that the best path route is "Not advertised to any peer."

Conditions: This symptom is observed when BGP IPv6 is configured to redistribute a better (that is, numerically lower) distance route, for example, when the redistribute ospf address family configuration command is enabled with an administrative distance of 110.

The symptom normally occurs only for originating iBGP routes (for example, with an administrative distance of 200) because redistributing eBGP routes have a lower distance (for example, an administrative distance of 20).

Workaround: There is no workaround.

Wide-Area Networking

CSCef53268

Symptoms: An outgoing call attempt on a BRI voice port may fail with the reason "Mandatory information element missing." The ISDN Q.931 SETUP and RELEASE_COMP message exchange may look similar to the following:

Router#

ISDN BR3/0 Q931: Applying typeplan for sw-type 0x4 is 0x2 0x1, Calling num

1234567890

ISDN BR3/0 Q931: TX -> SETUP pd = 8 callref = 0x04

Bearer Capability i = 0x8090A2

Standard = CCITT

Transer Capability = Speech

Transfer Mode = Circuit

Transfer Rate = 64 kbit/s

Channel ID i = 0x81

Keypad Facility i = '98765432'

Calling Party Number i = 0xA18083, '1234567890'

Plan:ISDN, Type:National

Shift to Codeset 6

Codeset 6 IE 0x23 i = 0x01

Locking Shift to Codeset 6

ISDN BR3/0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x84

Cause i = 0x81E0 - Mandatory information element missing

Conditions: This symptom is observed on a Cisco voice router that is configured with BRI voice ports and that runs a Cisco IOS interim release for Release 12.3(11)T. (Note, however, that this caveat is resolved in Release 12.3(11)T.) The symptom occurs typically when the outgoing Q.931 SETUP message from the BRI voice port carries a "Calling Party Number" IE.

Workaround: If this is an option, use voice translation rules on the originating voice gateway to suppress the "Calling Party Number" IE so that it is not sent in the outgoing ISDN Q.931 SETUP message on the terminating voice gateway.

CSCef54681

Symptoms: A PPP over ATM circuit that is assigned to a multilink-group interface does not negotiate to use multilink.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(9.10)T or a later release. It is not present in Cisco IOS release trains other than 12.3T.

Workaround: There is no workaround. However, because the symptom is specific to configurations that assign the PPP connections to multilink-group interfaces, if there is no need to use multilink-group interfaces, the configurations may be adapted to employ virtual-access interfaces for bundles.

CSCef68953

Symptoms: When a call from the VoIP side is configured for "presentation restricted," the isdn map address command may override the Calling line ID presentation/rejection (CLIP/CLIR) in the ISDN SETUP message to "presentation allowed."

Conditions: This symptom is observed when the isdn map address command is used to modify the ISDN plan and type.

Workaround: There is no workaround.

CSCeg87685

Symptoms: A Cisco gateway with a BRI interface may fail to include a bearer cap in the outgoing setup message for a SIGO call. This situation causes a QSIG supplementary services call to fail.

Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(8)T6 or interim Release 12.3(11)T2. The symptom does not occur in Release 12.3.

Workaround: There is no workaround.

CSCin73980

Symptoms: An LNS sends two accounting stop records when a client re-negotiates a PPP session.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1 and that functions as an LSN when VPDN multihop is configured.

Workaround: There is no workaround.

CSCsa52807

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.

CSCsa56443

Symptoms: IPCP does not come up because it does not negotiate.

Conditions: This symptom is observed on a Cisco platform when certain AAA peruser attributes are downloaded from a RADIUS server. One example is an absolute timeout or idle timeout without any other peruser attributes; such as configuration causes PPP to stall before starting IPCP.

Workaround: Configure values on the platform rather than downloading them from the RADIUS server.

Resolved Caveats—Cisco IOS Release 12.3(11)T12

Cisco IOS Release 12.3(11)T12 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T12 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCsc64976

A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

CSCse85200

Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.

Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.

Workaround is to disable on interfaces where CDP is not necessary.

IBM Connectivity

CSCsf28840

A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

There are workarounds available for this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml

IP Routing Protocols

CSCec12299

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.

Workarounds are available to help mitigate this vulnerability.

This issue is triggered by a logic error when processing extended communities on the PE device.

This issue cannot be deterministically exploited by an attacker.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.

CSCin95836

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.

Miscellaneous

CSCef77013

Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.

Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.

CSCsb12598

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml

Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsb93407

Symptoms: When H323 call service stops, the router still listens on TCP port 1720 and completes connection attempts.

Conditions: This symptom occurs after H323 is disabled using the following configuration commands:

voice service voip h323 call service stop

Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.

For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document at http://www.cisco.com/warp/public/707/tacl.html

For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document at http://www.cisco.com/warp/public/707/iacl.html.

For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper" at http://www.cisco.com/en/US/products/ps6642/products_white_paper0900aecd804fa16a.shtml.

CSCsd81407

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsd85587

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

The vulnerable cryptographic library is used in the following Cisco products:

Cisco IOS, documented as Cisco bug ID CSCsd85587

Cisco IOS XR, documented as Cisco bug ID CSCsg41084

Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348

Cisco Firewall Service Module (FWSM) CSCsi97695

This vulnerability is also being tracked by CERT/CC as VU#754281.

Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.

Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml

CSCsd92405

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml

Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsd95616

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.

CSCse24889

Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.

Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.

Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:

config t

ip ssh version 1

end

Alternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:

10.1.1.0/24 is a trusted network that

is permitted access to the router, all

other access is denied

access-list 99 permit 10.1.1.0 0.0.0.255

access-list 99 deny any

line vty 0 4

access-class 99 in

end

Further Problem Description:

For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cntrl_acc_vtl_ps6441_TSD_Products_Configuration_Guide_Chapter.html

For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:

http://www.cisco.com/warp/public/707/ssh.shtml

CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCse68138

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsg16908

Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.

The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.

This vulnerability does not apply to the IOS FTP Client feature.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.

CSCsg40567

Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.

Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.

Workaround: Disable the ip http secure server command.

CSCsg70474

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsg96319

Symptoms: When a reverse SSH session is established with valid authentication credentials, anyone can obtain unprivileged Telnet access to a system without being authenticated. This situation affects only reverse SSH sessions when a connection is made with the ssh -l userid :number ip-address command.

Conditions: This symptom is observed only when the Reverse SSH Enhancement is configured. This enhancement is documented at the following URL:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_rev_ssh_enhanmt_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Workaround: Configure reverse SSH by entering the ip ssh port portnum rotary group command. This configuration is explained at the following URL:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_q_and_a_item09186a0080267e0f.shtml

CSCsh58082

Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.

There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.

Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi60004

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsi84017

Symptoms: When you reload a Cisco 2600 series, the router may hang.

Conditions: This symptom is observed on a Cisco 2600 series when you attempt to run the c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other releases.

Workaround: There is no workaround.

TCP/IP Host-Mode Services

CSCse05736

Symptoms: A router that is running RCP can be reloaded by a specific packet.

Conditions: This symptom is seen under the following conditions:

The router must have RCP enabled.

The packet must come from the source address of the designated system configured to send RCP packets to the router.

The packet must have a specific data content.

Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.

Resolved Caveats—Cisco IOS Release 12.3(11)T11

Cisco IOS Release 12.3(11)T11 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T11 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCej30903

Symptoms: A router allows logging into the root (or any other configured) view without prompting for a password.

Conditions: This symptom is observed when no method list is configured for login service.

Workaround: Configure a method list for the login service.

CSCsa43465

Symptoms: Users under specified conditions may be able to access privilege level 15 without entering a password.

Conditions: In Cisco IOS Release 12.3(7)T and later, which support Role-Based CLI Access, the use of the none keyword in the default login method list may allow users to enter root view mode (privilege level 15) without entering a password.

Example, if the customer configures:

aaa authentication login default group tacacs+ none

If the TACACS+ server is down, users are allowed to enter non-privileged mode. However, they can also enable into root view access through the enable view command without having to enter a password.

Workaround: The resolution of the DDTS puts authentication of the enable view command to the default enable method list.

Prior to software upgrade, a workaround is to ensure that the method none is not in the default login methods list.

Miscellaneous

CSCej87817

Symptoms: Policing does not drop any packets after the packets are sent or received at a rate that is much higher than the committed information rate (CIR).

Conditions: This symptom is observed on a Cisco 7500 series router but is not platform dependent.

Workaround: There is no workaround.

CSCek26492

Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

CSCek37177

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.

This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers.

This issue is documented as Cisco bug ID CSCek37177.

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml

CSCsc72722

Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.

Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.

Workaround: There is no workaround.

CSCse15025

Symptoms: An analog or digital CAS port enters a state in which inbound or outbound calls, or both, may no longer function through the port.

Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as gateways with analog or digital CAS ports that use PVDM2 DSP modules.

When this problem occurs, it impacts multiple ports that share the same signaling DSP. The output of the show voice dsp signaling EXEC command shows which DSP is used by a port for signaling. The symptom may occur more often for ports that use DSP 1 on the PVDM2 module for signaling.

Because this issue impacts the signaling channels, it has been seen that calls either will not connect at all through impacted ports or in some cases when multiple simultaneous calls are present on adjacent voice ports/timeslots, the call may connect momentarily before being disconnected.

If a problem occurs only on a single voice port, there is another problem, not this caveat (CSCse15025). PRI/BRI calls are not affected because PRI/BRI does not utilize the DSP for signaling purposes.

When the symptom occurs with either a VIC2-xFXO or EVM DID/FXS module, enter the terminal monitor command followed by the test voice port port- number si-reg-read 39 1 command for one of the affected ports. The output typically should be a single octet value for register 39. When the symptom occurs, information for Registers 40, 41, and 42 is presented and some of the registers show double- octet information. See the example output (2) below.

When the symptom occurs with FXS or analog E&M modules, enter the terminal monitor command followed by the test voice port port- number codec-debug 10 1 command for one of the affected ports. The output typically should be a single octet value for each register. See the example output (4) below.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reload the gateway to restore proper operation.

Further Problem Description: The changes in CSCse15025 includes changes in CSCsc11833 and CScsd90851. These changes have been shown to help mitigate this problem in the majority of cases.

There is a further detection and reset mechanism in CSCse15025 that will recover the DSP which is in this state. This mechanism will trigger immediately if the impacted voice port is an analog FXO port. For other voice ports, a delay in the detection will be present and it is possible to see the symptom of this problem before the recovery code triggers.

Note that the reset mechanism will cause any active calls utilizing the DSP in question to be dropped.

It is recommended if running with modules which can be impacted by this issue to upgrade to a release of software which contains the changes in CSCse15025. If the DSP is reset and the below output is seen, contact the TAC for further assistance. Note that this output is sent at debug level and it is recommended to enable either syslog or logging buffered on the gateway.

Logging buffered on the gateway is enabled through the global command logging buffered 50000 debug as an example to set the logging buffered to use 50K bytes of processor memory for logging. The output of the log can be seen with the exec command show log

----

Example output when detection and recovery code on gateway triggers:

*May 31 14:30:43.343: TDM pointers: 0100 0100 0115 0115. Deltas: 0001 0000.

*May 31 14:30:43.347: Received alarm indication from dsp(0/1)

0030 0000 0080 0000 0013 4100 2E2E 2F2E 2E2F 6D6F 6475 6C65 732F 7363 6865

6475 6C65 2F64 6562 7567 2E63 2833 3634 2900

*May 31 14:30:43.347: ../../modules/schedule/debug.c(364)

*May 31 14:30:43.347: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0,

changed state to Administrative Shutdown

*May 31 14:30:43.647: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1,

changed state to Administrative Shutdown

*May 31 14:30:43.947: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/2,

changed state to Administrative Shutdown

*May 31 14:30:44.247: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/3,

changed state to Administrative Shutdown

*May 31 14:30:48.147: Crash dump CLI may not be configured, not able to get

crash info, slot 0, dsp 1

*May 31 14:30:48.147: DSPDUMP - Recover slot 0 dsp 1

*May 31 14:30:48.147: DSPDUMP - ka sent 0, ka_cnt 51193, skip_ka 103079

*May 31 14:30:50.579: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed state to up

*May 31 14:30:50.947: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0,

changed state to up

*May 31 14:30:51.219: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1,

changed state to up

*May 31 14:30:51.371: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/2,

changed state to up

*May 31 14:30:51.523: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/3,

changed state to up

----

Following are command output examples:

1. Following is an example of normal output for FXO and EVM FXS ports.

For FXO ports, the value is usually 0x01 but for EVM FXS the value can be different. When you run the above-mentioned command, the expected output is that a single octet is displayed and only for register 39. (This command does not work for VIC-4FXS and VIC2-xFXS modules).

router#term mon

router#test voice port 0/3/3 si-reg-read 39 1

router#

Values read from SiLabs Codec connected to DSP 0, channel 11:

--------------------------------------------------------------

Register 39 = 0x01

2. Following is an example of output for FXO and EVM FXS ports that indicates that the symptom has occurred. Note that the exact output for the register values is different, but when the symptom occurs, different lines with information are displayed as shown below:

router#term mon

router#test voice port 0/3/3 si-reg-read 39 1

router#

Values read from SiLabs Codec connected to DSP 0, channel 11:

--------------------------------------------------------------

Register 39 = 0x5CB8

Register 40 = 0xFFFF

Register 41 = 0xFFFF

Register 42 = 0xFFFF

3. Following is an example of normal output for FXS and analog E&M modules. The values that are listed in a normal case may be different, but only four registers of a single octet should be displayed.

Values read from PEB2465 Codec connected to DSP 02 (channel 0):

---------------------------------------------------------------

Extended Register Values (XR4..XR1) = 00, CC, 50, 11

4. Following is an example of output for FXS and analog E&M modules that indicates that the symptom has occurred.

Values read from PEB2x65 Codec connected to DSP 0, channel 1:

------------------------------------------------------------

Extended Register Values (XR4..XR1) = D001, B83C, 3FF1, 63AC

CSCse68355

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsf04754

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml

Resolved Caveats—Cisco IOS Release 12.3(11)T10

Cisco IOS Release 12.3(11)T10 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T10 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCeh65692

Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.

Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.

Workaround: There is no workaround.

CSCej18051

Symptoms: Terminal window PPP clients may fail with Cisco Access servers.

Conditions: This symptom has been observed on Cisco AS5400 gateways and Cisco AS5800 servers.

Workaround: There is no workaround.

CSCsb30875

Symptoms: Active eRSC on a Cisco AS5850 gateway could hang after RPR+ failover, if the aaa accounting system command is configured.

Conditions: The symptom has been observed under the following conditions:

1. RPR+ failover occurred.

2. Console connection window closed & reopened to the newly active eRSC after failover.

Workaround: There are two workarounds.

1. The eRSC hang will not happen if no attempt is made to close and reopen the console session with newly active eRSC after failover.

2. Remove the aaa accounting system command from the configuration.

Interfaces and Bridging

CSCei68284

Symptoms: POS interfaces may remain in the up/down state after the router has been reloaded.

Conditions: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.

Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.

Miscellaneous

CSCee28332

Symptoms: MLP may fail or may be rejected on a PE router.

Conditions: The symptom is observed on a Cisco 7500 series that functions as a PE router after a connected CE router is reloaded with a different Cisco IOS software image that it ran before.

Workaround: Create a new multilink interface on the PE router or reload the VIP for the bundled physical interface on the PE router.

CSCef68975

Symptoms: Context-based Access Control (CBAC) fails to pass H.245 packets through a router, and the following error message is generated:

Corrupted header, version number 3, reserved 7C, header size 101

Conditions: This symptom is observed on a Cisco router when the ip inspect command is configured for H.323 in a configuration in which one gateway runs H.323 version 2 and is connected via the router to another gateway that runs H.323 version 4.

Workaround: Ensure that all gateways run H.323 version 4.

CSCeg15065

Symptoms: After a DSP restarts, RTP packets are not sent from the DSP to a trunk connection.

Conditions: This symptom is observed on a Cisco 7200 VXR router that runs Cisco IOS Release 12.3(10a) or Release 12.3(11)T when the connection trunk command is enabled.

Workaround: There is no workaround. To re-enable the DSP to send RTP packets, enter the enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the voice port that is associated with the DSP.

CSCeh30975

Symptoms: The FXSLS voice port is stuck in an on-hook state, and the digital signal processor (DSP) is not released.

Condition: This symptom occurs when the FXSLS user stays offhook at the end of the call after Cisco IOS software sends a Howler tone to the FXSLS port.

Workaround: There is no workaround.

CSCeh85133

Symptoms: A memory leak may occur when an SNMP trap is sent to a VRF destination. The output of the show processes memory command shows that the memory that is held by the process that creates the trap increases, and eventually causes a MALLOC failure. When this situation occurs, you must reload the platform.

Conditions: This symptom is platform-independent and occurs in a configuration in which at least one VRF destination has the snmp-server host command enabled.

Workaround: Ensure that no VRF is associated with the snmp-server host command.

CSCej13460

Symptoms: The packets are not switched correctly using the Fast Switching with IPSec tunnel protection feature.

Condition: This symptom has been observed in Cisco IOS Release 12.4(1b) when tunnel protection IPSec is configured and tunnel source interface has Fast- switching (but not CEF) configured.

Workaround: Use CEF switching.

CSCej42804

Symptoms: A Cisco Gateway that is running Session Initiation Protocol (SIP) calls might run out of processor memory due to hung SIP calls.

Conditions: Active and hung calls can be seen using the show sip-ua calls command. The following specific scenario will result in a hung call:

1. The gateway initiates an INVITE.

2. The gateway receives a 100/180 response.

3. The gateway sends a CANCEL.

4. The gateway receives the 200ok for the CANCEL.

5. The gateway receives an invalid final response for the INVITE (or no final response) and drops the message.

Each hung call will use a little more memory, and eventually the gateway will run out of memory.

Workaround: Change to Cisco IOS Release 12.3(14)T3, Release 12.3(11)T6, Release 12.4(2)T1, or Release 12.4(1a).

CSCek01162

Symptoms: When removing the OSPF IPsec authentication configuration from CLI in IPV6, an alignment traceback will be seen pointing back to crypto_ikmp_peer_is_dead.

Conditions: This symptom occurs when OSPF IPsec authentication (IPV6) is configured and removed.

Workaround: There is no workaround.

CSCin80221

Symptoms: A Cisco router crashes when you enter the fsck command for an ATA flash disk.

Conditions: This symptom is observed when the boot sector of the ATA flash disk is corrupted and when the router runs a release that is listed in the "First Fixed-in Version" field at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed58384. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: Format the disk.

CSCsa86572

Symptoms: A large configuration in NVRAM on a primary or secondary RSP may become corrupted and the router may generate relevant warning messages during the execution of a copy system:running-config nvram: startup-config command.

When you erase NVRAM by entering the erase nvram command and then enter the copy system:running-config nvram: startup-config command, the router may crash.

Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.

Workaround: If the configuration file is significantly large, place a copy of the configuration file on a flash card or disk with ample space and enter the boot config slot0:startup-config command to force the startup configuration file to be read from the flash card.

When you enter the copy system:running-config nvram: startup-config command, the current running configuration is saved to the flash card or disk and the configuration is auto-synchronized to the corresponding flash card on the secondary RSP.

Caution: Do not remove the flash card while the boot config slot0:startup-config command is being executed.

CSCsb76671

Symptoms: Intermittent one-way audio (PSTN hears dead air) on inbound ISDN call through Cisco VoIP AS5850 gateway.

Conditions: This symptom has been observed to occur with inbound ISDN calls with outbound SIP calls towards a Cisco MeetingPlace server. Numerous calls which are transferred via SIP REFER contribute to the gateway get into this state.

Workaround: There is no workaround to prevent the gateway from getting into this state. Once in this state, reloading the gateway will help clear this condition for awhile.

CSCsc11833

Symptoms: An analog or digital CAS port gets into a state where inbound and/or outbound calls through the port may no longer work.

Conditions: This symptom has been seen on Cisco 2800 and Cisco 3800 gateways with analog or digital CAS ports.

It can take some time for the symptom to occur, but when it does occur, it impacts multiple ports which share the same signaling DSP. To see which DSP a port is using for signaling, check the output of the exec command show voice dsp. It has been observed to occur more often with those ports which are use DSP 1 on the PVDM2 module for signaling.

Since PRI does not utilize the DSP for signaling purposes, it is not impacted by this issue.

When the problem occurs and this is either on a VIC2-xFXO or EVM DID/FXS modem, run 'test voice port <port #> si-reg-read 39 1' on one of the impacted ports. You need to run 'terminal monitor' first to see the output. The output typically should be a single octet value for register 39. When the problem happens, information for Registers 40, 41 and 42 is presented as well and some of the registers show double-octet information. See example output below.

Workaround: There is no workaround to prevent this problem from occurring. Once in this state, a reload of the gateway is necessary to recover it.

Normal output:

For FXO ports, the value is usually 0x01 but for EVM FXS this can be different. The expected output is that a single octet is displayed and only for register 39 when running the command. This command will not work on VIC-4FXS/VIC2-xFXS modules.

router#term mon router#test voice port 0/3/3 si-reg-read 39 1 router#

Values read from SiLabs Codec connected to DSP 0, channel 11:

Register 39 = 0x01

Output when symptom occurs:

Note that the exact output for the register values will be different but when the problem happens, multiple information is displayed as shown.

router#term mon router#test voice port 0/3/3 si-reg-read 39 1 router#

Values read from SiLabs Codec connected to DSP 0, channel 11:

Register 39 = 0x5CB8 Register 40 = 0xFFFF Register 41 = 0xFFFF Register 42 = 0xFFFF

CSCsc12098

Symptoms: The fix for busyout slot on the Cisco AS5400 platform causes build issues.

Conditions: This symptom is observed on a Cisco AS5400 platform.

Workaround: There is no workaround.

CSCsc20149

Symptoms: When you enter the show voice call status command five to six times in quick succession, the CPU use of a Cisco AS5850 reaches 99 percent. The Cisco AS5850 thereafter becomes very unstable in accepting incoming calls. This situation can be highly service-impacting under stress conditions.

Conditions: This symptom is observed on a Cisco AS5850 that is running a special image of Cisco IOS Release 12.3(11)T6 and occurs only when there are more than 900 H.323 voice calls.

Workaround: Do not enter the show voice call status command in a stress situation.

CSCsc32414

Symptoms: Cisco VPN Client may see how all the manually configured backup servers are erased after connecting to a Cisco IOS EasyVPN concentrator.

Conditions: This symptom has been observed in an network-based IPSec VPN solution (ASWAN) when there is no backup-gateway configured (or downloaded via Radius) in the Cisco IOS VPN concentrator.

Workaround: There is no workaround.

CSCsc51183

Symptoms: A Cisco AS5850 may restart because of a software forced crash preceded by the following error:

%SYS-6-STACKLOW: Stack for process VTSP running low, 0/12000

Conditions: This symptom has been observed on Cisco IOS Release 12.3(11)T.

Workaround: There is no workaround.

CSCsc68262

Symptoms: A Cisco 2821 router may crash intermittently if the router switches Encapsulating Security Payload (ESP) packets.

Conditions: This symptom has been observed on a Cisco 2821 router when switching ESP packets.

Workaround: There is no workaround.

CSCsc80670

Symptoms: The on-board FastEthernet 0/0 results in state "FastEthernet0/0 is up, line protocol is down" after a reload, power-up or a shutdown and no shutdown operation. This is verified when the FastEthernet 0/0 is connected to Telsey and Pirelli Media Converters in series.

This symptom is not present if the Cisco 1718 and Cisco 2950 routers are connected directly, without any media converters in between. This symptom may not be present using a media converter from other vendors.

Conditions: This symptom has been observed connecting the on-board port of a Cisco 17xx router running Cisco IOS Release 12.3(11)T to Telsey and Pirelli Media Converters in series, like:

1718(fa0/0)--Telsey MC ----------- Pirelli MC--(fa 0/1)2950

This symptom has also been observed with Cisco IOS Release 12.4(5), which is the latest available image for this platform.

Workaround: Replace the media converter with one from another vendor.

CSCsd16883

Symptoms: High CPU utilization occurs on a Cisco AS5850.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T3 when dCEF is not applied to packets because of an H.323 slow start configuration using the h323 call start {fast | slow} command.

Workaround: Remove the slow start configuration.

CSCsd28975

Symptoms: The free space on a flash disk of a router does not report the expected free space. Copying an image onto the flash disk may not be possible with this image in the router since the reported free space is smaller than the actual space. Three symptoms may be seen:

1. Disk free space can be wrong in dir or show file system output.

2. Writing on the disk can fail with a "End-of-file error" message.

3. Reading from the disk can fail with a "Failed Sector Read" message.

Conditions: This symptom has been observed on a router loaded with Cisco IOS Release 12.3(11)T10.fc3 and occurs only in Cisco IOS Release 12.3(11)T10. No other branch or none of the earlier Cisco IOS Release 12.3(11)T releases are affected.

Workaround: Using the fsck command on the disk will solve the issue.

CSCsd40334

Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml

Wide-Area Networking

CSCef56356

Symptoms: When a call is placed from the network side to a VoIP CPE that runs Cisco IOS Release 12.3(6c) and when the called party number is configured on a dial peer that points to a deactivated BRI, the VoIP CPE may release the incoming call to the VoIP leg with incorrect disconnection cause code 16 (normal call clearing) instead of cause code 34 (no circuit).

Conditions: This symptom is observed when the BRI is deactivated by a router that functions as a VoIP CPE and that runs Cisco IOS Release 12.3(6c). Note that a router that runs Release 12.2(11)T7 or Release 12.3(6b) sends the proper cause code 34.

Workaround: There is no workaround.

CSCeg11451

Symptoms: A Cisco platform that functions as a MPLS VPN provider edge (PE) router that is configured as a multihop LNS and that switches L2TP tunnels from the global routing table into a customer VRF may select an incorrect VRF table to send the L2TP control packets to the customer LNS.

Conditions: This symptom is observed in the following scenario:

One tunnel between the multihop LNS and the customer LNS is established within the VRF.

A second tunnel is in the process of being established to a different customer LNS in a different VRF.

Both tunnels use the same VPDN source address and the same VPDN destination address (because two different VRFs are involved, addresses may overlap).

In this scenario, the L2TP control packets that are sent during the establishment of the second tunnel are sent within the VRF context of the first tunnel.

Workaround: Use unique source and/or destination addresses.

CSCei00766

Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).

Workaround: There is no workaround.

CSCsa55747

Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.

Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.

Workaround: There is no workaround.

CSCsc49637

Symptoms: If a PPPoE client session is timed out (e.g. due to a network outage), and a restart of the session is subsequently unsuccessful (e.g. because network outage persists or the PPPoE server has not timed out the prior session) and if the user then manually clears the session, then the router will no longer be able to bring up this session until a reload is performed.

Conditions: This symptom has been observed when the PPPoE session is unexpectedly interrupted with Cisco IOS Release 12.3(8)T8 or Release 12.3(11) T5. The next feature also needs to be configured.

pppoe-client dial-pool-number 1 dial-on-demand

Workaround: Use the following procedure:

1. Reload.

2. Do not configure the DDR feature for the PPPoE session.

This symptom is limited to PPPoE client sessions using the DDR feature.

Resolved Caveats—Cisco IOS Release 12.3(11)T9

Cisco IOS Release 12.3(11)T9 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T9 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCed09685

Symptoms: When command accounting is enabled, Cisco IOS routers will send the full text of each command to the ACS server. Though this information is sent to the server encrypted, the server will decrypt the packet and log these commands to the logfile in plain text. Thus sensitive information like passwords will be visible in the server's log files.

Conditions: This problem happens only with command accounting enabled.

Workaround: Disable command accounting.

Interfaces and Bridging

CSCsc64115

Symptoms: When changing the encapsulation and exiting configuration mode on a serial interface on a Cisco 7500 router from HDLC to either PPP or Frame- Relay, the router may experience a cBus complex restart.

Conditions: This symptom has been observed in Cisco 7xxx routers using Cisco IOS Release 12.3(17).

Workaround: Manually configure an MTU value to set the maximum datagram size to what is required. However, this may affect routing protocols that require matching MTU values.

IP Routing Protocols

CSCei93982

Symptoms: A router that is running Cisco IOS may crash unexpectedly.

Conditions: NAT must be enabled for this symptom to occur. The problem is seen when an application uses two well known ports: one for source and the other for destination. The outgoing translation is created, but on the return trip, using the previous source port as the destination, NAT may use the incorrect algorithm.

For example, if a PPTP session is initiated to the well known port 1723 from source port 21 (FTP), then the outgoing packet will create a FTP translation (we look at source information when going from in->out). When the packet is returned, we again look at the source information to know what kind of packet this is. In this case we have the source port will be 1723, and NAT will assume this is a PPTP packet. This will try to perform PPTP NAT operations on a data structure that NAT built for a FTP packet and may lead to a crash.

Workaround: There is no workaround.

CSCek10384

Symptoms: A Cisco 7200 router that is performing NAT could drop IPSec packets.

Conditions: This symptom is observed on a Cisco 7200 router that is performing NAT functionality for IPSec transit packets. The router will NAT and forward the Inside to Outside IPSec (ESP) packets, but might drop the return IPSec packets from Outside to Inside.

Workaround: Disable NAT for IPSec.

CSCsb54823

Symptoms: One router (R2) may begin sending updates to another router (R1) before R2 has received the BGP prefix list from R1.

R1 does apply its inbound BGP prefix list so routes are denied if they need to be. However, R2 sends routes to R1 which are denied by R1.

Conditions: This symptom is observed when both routers have negotiated a BGP outbound route filter (ORF) and when R1 sends its BGP prefix list to R2.

Workaround: There is no workaround.

Miscellaneous

CSCed94829

Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.

Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml.

CSCee50408

Symptoms: When changing a route pattern or destination number, the trunk (or endpoint receiving a new destination number) may be unusable until the gateway is reset.

Conditions: This symptom is observed on a Cisco 3600 series that functions as a gateway.

Workaround: Via the gateway configuration panel, reset the gateway after changing the route pattern or destination number.

CSCef36944

Symptoms: BRI dial peers are down if one of the peers is configured with a VWIC-1MFT-T1.

Conditions: This symptom is observed on a Cisco router that is configured with a VWIC-1MFT-T1 and occurs because the outbound status for the dial peer is not updated correctly.

Workaround: Disable the dial-peer status checking during the outbound dial-peer matching by entering the no dial-peer outbound status-check pots global configuration command.

CSCef47647

Symptoms: A Cisco 3745 that functions as a CCME may crash during a test with 640 BHCAs.

Conditions: This symptom is observed when the test includes the following call types:

Third-party conference calls between IP phones.

Third-party conference calls between IP phones and PSTN (ISDN PRI) phones.

Callhold between IP phones and PSTN (ISDN PRI) phones.

Blind call transfers between IP phones and PSTN (ISDN PRI) phones.

Call forward calls between IP phones.

Normal direct calls between IP phones and PSTN (ISDN PRI) phones.

Workaround: There is no workaround.

CSCef67842

Symptoms: The router may not be able to detect busy and congestion on the cptone Japan voice-port configuration.

Conditions: This symptom is observed on Cisco 2600, Cisco 3660, and Cisco 3640 routers when the cptone command is configured for Japan.

Workaround: There is no workaround.

CSCef82593

Symptoms: There is no voice path between an IP phone and an MGCP FXS endpoint.

Conditions: This symptom is observed on a Cisco 3600 series when you disconnect a call on the IP phone and, after you hear the dial tone, dial another IP phone. However, the symptom is platform-independent.

Workaround: There is no workaround.

CSCef93751

Symptoms: The VAD state is not restored to the configured setting after a Voice Band Data (VBD) change occurs for the AAL2 trunk.

Conditions: This symptom is observed on a Cisco 3700 series.

Workaround: There is no workaround.

CSCef94604

Symptoms: When call threshold is configured on a gateway, the gateway does not keep track properly of the calls. Once the threshold is met, the gateway does not allow any more calls, even if the high value is not yet met.

Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway.

Workaround: There is no workaround. To recover from the symptom, allow all calls to clear. Doing so allows you to place calls again.

CSCeg06220

Symptoms: An EZVPN tunnel does not come up and becomes stuck in the "VALID_CFG" state even though the tunnel is configured to come up automatically.

Conditions: This symptom is observed on a router that is rebooted with EZVPN enabled on an interface.

Workaround: Unconfigure and reconfigure EZVPN on the interface.

CSCeg38778

Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.

Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.

Workaround: Upgrade to IP Communicator 1.1(3) or above, which ignores this incorrect packet.

CSCeg67106

Symptoms: A call transfer may fails.

Conditions: This symptom is observed on a Cisco router that functions as a Cisco CallManager Express (CME) when the transfer-pattern argument of the transfer-pattern transfer-pattern command is ".T" to allow the transfer of telephone calls from Cisco IP phones to phones other than Cisco IP phones.

Workaround: There is no workaround.

CSCeh01182

Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.

Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.

Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.

Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.

CSCeh35823

Symptoms: When a router detects "invalid identity" failures while decrypting IPsec packets, a memory leak occurs for the packet memory that is associated with these failed packets.

Conditions: This symptom is observed only when an "invalid identity" error occurs, which is an uncommon error that indicates that the originating router does not send packets according to what was originally negotiated. However, if there is another error that causes a "bad" decryption, the packet could be invalid and may also cause the symptom to occur.

Workaround: There is no workaround.

CSCeh73049

Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.

Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.

This vulnerability is present in all versions of Cisco IOS that support the tclsh command.

Workaround: This advisory with appropriate workarounds is posted at

http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml

CSCei05553

Symptoms: A Modular QoS CLI (MQC) CoS marking disappears after you reload a router and QoS does not work.

Conditions: This symptom is observed on a Cisco router when the policy map is configured with a class using CoS marking via the set cos command. After the router has reloaded, the CoS marking is still present in the configuration but does not appear in the output of the show policy-map interface command.

Workaround: Remove and re-apply the service policy on the main interface.

CSCei33351

Symptoms: A router that is configured for QoS crashes because of a bus error.

Conditions: This symptom is observed when you bring up a session that has a policy map attached in both directions.

Workaround: There is no workaround.

CSCei62952

Symptoms: After the PXF engine crashes or reloads, some prefixes are no longer routable.

Conditions: This symptom is observed on a Cisco router after the PXF engine crashes or after you have entered the microcode reload pxf command.

Workaround: Initiate an RP switchover or reboot the router.

CSCei82163

Symptoms: A Cisco AS5400 might not release all voice resources for an MGCP call after it is disconnected.

Conditions: This symptom is observed on both the Cisco AS5400 and Cisco AS5850 platforms but is not platform dependent. The symptom is associated with the simultaneous disconnection of a large number of calls.

Workaround: There is no workaround.

CSCej20505

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCej50928

Symptoms: Media Gateway Control Protocol (MGCP) calls fail to land in timeslots 16-31 on E1 controllers.

Conditions: This symptom is observed in a Cisco AS5850 platform that is running a Cisco IOS Release 12.4(5) image. This symptom is not observed if OGW is a Cisco AS5400 platform. This was not observed in a Cisco IOS Release 12.4 (3.8) image. This may be service impacting as only half of the timeslots can be used for generating calls.

Workaround: There is no workaround.

CSCej80209

Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.

Conditions: This symptom is observed when both of the following conditions are present:

The router generates traffic such as routing updates that are encrypted via IPSec, and the traffic (packets) is process-switched after encryption.

The router is configured with a hardware crypto accelerator.

This only occurs on Cisco IOS Release 12.3(11)T8.

Workaround: There is no workaround.

CSCin82833

Symptoms: Conferencing DSPFarm profile is not getting associated/registered with Cisco CallManager (CCM).

Conditions: This symptom is observed in Cisco 3745 and Cisco 2811 routers with c5510 DSPs.

Workaround: There is no workaround.

CSCin87776

Symptoms: Multilink bundles on a Cisco 7500 series may process-switch traffic instead of using dCEF, causing the CPU usage of the RSP to increase sharply and a CPU hog condition to occur.

Conditions: This symptom is observed when an RPR+ switchover occurs on a Cisco 7500 series that is configured for HA.(The switchover causes an MLP to flap.) However, the symptom may also occur on a Cisco 7500 series that has a single RP (so, without a switchover) when an MLP link flaps.

Workaround: There is no workaround. Note that the symptom does not occur when SSO is configured because the MLP state is maintained.

CSCin89043

Symptoms: A VIP may pause indefinitely or quality of service (QoS) may not work as expected on an interface that is configured for distributed MLP (dMLP).

Conditions: This symptom is observed on a Cisco 7500 series when the VIP processes dMLP and LFI traffic.

Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

CSCin97815

Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.

The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in the show frame-relay pvc command show the packets correctly.

Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.

Workaround: There is no workaround.

CSCsa41747

Symptoms: A Cisco AS5300 that handles SIP voice calls may reload because of an address error.

Conditions: This symptom is observed on a Cisco AS5300 that is configured for symmetric NAT and that is used to handle calls from the PSTN and forward them to a SIP network.

Workaround: There is no workaround.

CSCsa53334

The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include:

Fragmented IP packets may be used to evade signature inspection.

IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service.

There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml.

CSCsa73120

Symptoms: A Cisco IPSec router may restart because of a bus error.

Conditions: This symptom is observed when you remove a crypto map entry that includes the dynamic keyword in its definition, as in the following example:

router#show running

...

crypto map map-name 5 ipsec-isakmp dynamic dyn-map

...

router(config)#no crypto map map-name 5

Workaround: Before you delete the crypto map entry that includes the dynamic keyword in its definition, manually configure all dynamic crypto maps that must be deleted to point to a nonexistent ACL, as in the following example:

router#show running

...

crypto dynamic-map dyn-map 5

...

router(config)#crypto dynamic-map dyn-map 5

router(config-crypto-map)#match address no-such-acl

CSCsa82945

Symptoms: A router crashes because of a bus error when ICMP or UDP packets that are larger than 1393 bytes are transmitted through an IPSec tunnel.

Conditions: This symptom is observed when a policy map and crypto map are applied to the tunnel interface.

Workaround: Remove the policy map.

CSCsb01513

Symptoms: CWM is not in synch with mgx-rpm-xf-512 in an MGX8850 shelf. No traps are sent from the RPM-XF card, show rpm trap ctrlblk on rpm- xf command shows the message:

task state = 8

Conditions: This symptom has been observed with mgx-rpm-xf-512 running Cisco IOS Release 12.3(2)XZ in a Cisco MGX8850

Workaround: There is a manual procedure to change the task state back to 4 which will allow the traps to be sent.

CSCsb11124

The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml

CSCsb42374

Symptoms: There are two symptoms:

1. When a policy is attached to the incoming interface, an aggregate control- plane policing policy will not classify traffic correctly.

2. When a control-plane policing policy is attached to the aggregate path, a similar policy attached to the host, transit or cef-exception paths will not classify traffic correctly.

Conditions: This symptom has been observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4.

Workaround: Any existing interface policy would have to be removed for the aggregate control-plane policing policy to work. Any existing aggregate policing policy will have to removed for the host/cef-exception/transit path control-plane policing policy to work.

CSCsb51663

Symptoms: The SNMP process hangs while a QoS MIB object is queried.

Conditions: This symptom is observed when the execution of a QoS show command is in the "More" state while the QoS MIB object is queried. The SNMP process resumes when the show command is finished. Depending on the SNMP configuration, different symptoms may occur while the SNMP process is waiting for the QoS show command to finish.

Workaround:

Do not leave the show policy-map command or the show class-map in the more state or prior to executing one of these commands issue the exec command term len 0 and after the show command is complete issue the exec command term len 24.

CSCsb54961

Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third party gateway. When the third party gateway sends T.38 open logical channel to the Cisco gateway, no open logical channel acknowledgement is sent by the Cisco gateway. After waiting for 30 seconds for T.38 open logical channel acknowledgement, the third party gateway closes its T.38 open logical channel.

Conditions: This happens when T.38 fax relay calls are originated or terminated on a Cisco gateway that is running Cisco IOS Release 12.3(4)T and later releases.

Workaround: There is no workaround.

CSCsb67539

Symptoms: A Voice Gateway crashes when running under a heavy voice call load.

Conditions: This symptom is observed on a Voice Gateway that is running Cisco IOS Release 12.3(11)T6. The gateway is under heavy voice call load with access to media/application documents residing on local gateway flash, http and tftp servers.

Workaround: The following is not quite a workaround:

call threshold global cpu-5sec low value high value

For example:

call threshold global cpu-5sec low 50 high 70

The CLI can ease the CPU load on the gateway by reducing the probability for a crash.

CSCsb77885

Symptoms: IKE negotiation will fail. Any tunnel that requires IKE to successfully negotiate a security association will not work.

Conditions: This symptom occurs when authentication for IKE is configured as RSA encryption (authentication rsa-encr).

Workaround: There is no workaround.

CSCsc09246

Symptoms: The following commands used for detecting memory leaks would crash the router which uses external memory such as the RPM-XF platforms.

show memory debug leaks
show memory debug leaks chunks
show memory debug leaks largest
show memory debug leaks summary

Conditions: This symptom has been observed on the RPM-XF cards using Cisco IOS interim release 12.4(4.6).

Workaround: There is no workaround.

CSCsc13844

Symptoms: After loading "flash:c2600-entservicesk9-mz.123-11.T7.bin", the E1 controller is missing from the snmpwalk command of IF-MIB.

Conditions: This symptom has been observed on a Cisco2621XM.

Workaround: There is no workaround.

CSCsc21674

Symptoms: PSTN is sending in an "*" and the router is reading it in as a "D". PSTN is also sending in a "#" and router is reading it in as an "*".

Conditions: This symptom has been observed on an MGCP T1-CAS gateway connected to Cisco CallManager doing MF and using Cisco IOS Release 12.3(8)T11, Release 12.3(11)T7, or Release 12.3(14)T4.

Workaround: There is no workaround.

CSCsc28333

Symptoms: The error message "Got WATCHDOG Interrupt from NM at slot x" is displayed, and CEM stops passing traffic.

Conditions: This symptom occurs when an adaptive clock is configured on the CEM.

Workaround: Disable adaptive clock or configure a different payload-size.

Further Problem Description: The problem is caused by a floating point exception that caused the firmware to crash.

CSCsc31082

Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.

The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in show frame-relay pvc show the packets correctly.

Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.

Workaround: There is no workaround.

CSCsc41913

Symptoms: A Cisco IOS gateway using Cisco IOS Release 12.3(8)T or later versions will use an ephemeral port to send a response to any SIP request. This may not work with port restricted NAT, which is expecting a response on the same connection as the one on which the request was sent and may drop the response.

Conditions: This symptom is observed on a Cisco IOS gateway with Cisco IOS Release 12.3(8)T or later releases and a port restricted NAT.

Workaround: There is no workaround.

CSCsc44237

This caveat consists of two symptoms, two conditions, and two workarounds:

Symptom 1: A switch or router that is either configured with a PA-A3 ATM port adapter may eventually run out of memory. The leak occurs when the FlexWAN or VIP that contains the PA-A3 port adapter is removed from the switch or router and not re-inserted.

The output of the show processes memory command shows that the "ATM PA Helper" process does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.

Symptom 2: A switch or router that has certain PIM configurations may eventually run out of memory.

The output of the show processes memory command shows that the "PIM process" does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.

Condition 1: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.

Condition 2: This symptom observed on a Cisco 2811 and Cisco 3845 and occurs only in Cisco IOS Release 12.2(30)S, interim Release 12.4(2.10), and interim Release 12.4(2.10)T, or in any later releases.

Workaround 1: Either do not remove the PA-A3 ATM port adapter from the FlexWAN or VIP or re-insert the PA-A3 ATM port adapter promptly. The memory leak stops immediately when you re-insert the PA-A3 ATM port adapter.

Workaround 2: When the ip multicast-routing command is configured, enable at least one interface for PIM. When the ip multicast-routing vrf vrf-name command is configured, enter the ip vrf forwarding vrf-name command on at least one interface that has PIM enabled.

CSCsc54584

Symptoms: Ingress standard ACL for transit traffic is broken on MFR interface.

Conditions: This problem is found on a Cisco 7500 series router that is running Cisco IOS Release 12.3(11)T8 with MFR bundle over a PA-MC-8TE1 combo card.

Workaround: There is no workaround.

Protocol Translation

CSCei15942

Symptoms: You may not be able to download a complete file from an FTP during a V.120 session.

Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that runs Cisco IOS Release 12.2(15)ZK6 or Release 12.3(11)T5. The symptom could also occur in other releases such as Release 12.3 or Release 12.4.

Workaround: This problem can be circumvented by disabling the negotiation of multilink on the client adapter or the router. Alternatively, configuring ppp multilink queue depth fifo 10 on the Virtual-Template interface should allow for a successful FTP download.

Wide-Area Networking

CSCeg04511

Symptoms: Incoming calls to a router may sporadically fail during the PPP IPCP phase, and the following message may appear in the output of the debug PPP command:

Update queued IPCP code[1] id[1]

Conditions: This symptom is observed when the router is configured to accept dialin calls.

Workaround: There is no workaround.

CSCej45061

Symptoms: Attempts to remove a PRI group fail.

Conditions: This symptom is observed when an NFAS group has group number 0 and when you attempt to remove a FAS PRI group.

Workaround: Shut down the NFAS group before you remove the FAS PRI group.

CSCej73049

Symptoms: AAA method may fail on calls in the Cisco IOS 12.3(11)T releases.

Conditions: This symptom was observed on a Cisco AS5850 that was running Cisco IOS Release 12.3(11)T8 but is not platform dependent.

Workaround: There is no workaround.

CSCsb89292

Symptoms: ISDN NFAS failover issues are observed in Cisco IOS Release 12.3(11) T7. If the primary NFAS d-channel is bounced, the switch sees some of the b- channels in "remote busy" (RMB).

Conditions: This symptom only happens when the primary NFAS d-channel is bounced.

Workaround: There is no workaround.

CSCsc17673

Symptoms: Using the show caller full or show caller interface Virtual-Access XX full commands on a PPPoE client interface causes the router to unexpectedly reload.

Conditions: This symptom has been observed on routers using Cisco IOS Release 12.4(3.3) and later versions.

Workaround: Avoid using those commands.

Resolved Caveats—Cisco IOS Release 12.3(11)T8

Cisco IOS Release 12.3(11)T8 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T8 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCds33629

Symptoms: Closing an existing Telnet session may cause a router to crash.

Conditions: This symptom is platform-independent

Workaround: There is no workaround.

CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.

CSCin90842

Symptoms: Memory allocations fail on the gateway though there is enough free memory. If this failure happens in ISDN, the gateway crashes subsequently.

Conditions: This symptom has been observed when the H323 aaa accounting command is enabled.

Workaround: There is no workaround.

Further Problem Description: Memory allocations for a block of 3k bytes fail with memory fragmentation as the cause. When this failure occurs, there is approximately 20MB of free memory on a gateway with 220MB of processor memory.

Interfaces and Bridging

CSCin86098

Symptoms: One or more ATM PVCs stops transmitting packets.

Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-A3 or PA-A6-OC3 port adapter when the PVC is configured with CBR and when traffic with more than the configured CBR value passes.

Workaround: There is no workaround.

IP Routing Protocols

CSCsb13988

Symptoms: A router that is configured for NAT may crash because of a bus error.

Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(9a) but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an H.323 RAS messages that does not contain an IP address.

Workaround: Disable H.323 RAS in NAT by entering the no ip nat service ras command. If you must use H.323 RAS in NAT, there is no workaround.

Miscellaneous

CSCed66010

Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.

Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(5b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.

Workaround: There is no workaround.

CSCee32365

Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.

Workaround: There is no workaround.

CSCee41831

Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.

Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.

Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.

CSCef44913

Symptoms: A Cisco 7500 series may crash because of a bus error after applying a service policy to a subinterface.

Conditions: This symptom is observed when the Cisco 7500 series runs Cisco IOS Release 12.2(16c) or Release 12.3 when there are many interfaces and subinterfaces configured.

Workaround: Do not apply the service policy to the ATM subinterface. Rather, apply the service policy to the PVC directly.

CSCef89078

Symptoms: When you enter the show policy-map interface command for one particular interface, the output shows the policing actions for other interfaces.

Conditions: This symptom is observed when policing is enabled.

Workaround: There is no workaround.

CSCeg01543

Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.

Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.

Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.

CSCeg10255

Symptoms: A router may reload unexpectedly when you enter the show call active voice command. After the crash, the output of the show version command may show a message similar to the following:

System returned to ROM by error - a SegV exception, PC 0x803D4DC8

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for voice.

Workaround: There is no workaround.

CSCeg12719

Symptoms: A memory leak may occur in the VTSP process on a Cisco 3660. However, calls go through.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(10) and that it is configured with an ISDN BRI and for VoIP.

Workaround: There is no workaround.

CSCeg27467

Symptoms: A Cisco platform that runs Cisco IOS Release 12.3(10) and that functions as a gatekeeper in an SS7 interconnect configuration may reject calls.

Conditions: This symptom is observed when the following conditions are present:

The voice gateway is configured with trunk groups and has the Resource Availability Indicator (RAI) threshold enabled.

When the high threshold value is reached, the voice gateway sends a RAI message with the AlmostOutOfResources field set to "TRUE" to the gatekeeper.

From this point on, the gatekeeper rejects new calls with an Admission Rejection (ARJ) message that indicates that the call capacity of the voice gateway is exceeded.

Workaround: Do not configure Trunk Group and RAI together. If this is not an option, there is no workaround.

CSCeg32227

Symptoms: ATM VC output tail drops occur on a Cisco MGX 8800 series RPM-XF. Resource error drops increase for resource number 6 or 7.

Conditions: This symptom is observed when the outgoing traffic is more than what the ATM VCs can handle. The Cisco MGX 8800 series RPM-XF has a FPGA revision of less than 16.

Workaround: Police the outgoing ATM traffic.

CSCeg33863

Symptoms: When a Cisco CallManager Express (CCME) is configured for the longest-idle ephone hunt group, the call is not forwarded to the final number.

Conditions: This symptom is observed when a call that is made to the longest-idle ephone hunt-group pilot number is redirected on a busy signal or no answer signal from one Cisco IP phone directory number (ephone-dn) to another ephone-dn (from the configured ephone-dn list) until the call is answered. When none of the ephone-dns answers the call, the caller receives a fast-busy signal instead of the call being routed to the final number.

Workaround: There is no workaround.

CSCeg82614

Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.

Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.

Workaround: There is no workaround.

CSCeh08363

Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.

Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.

Workaround: There is no workaround.

CSCeh09198

Symptoms: A Cisco gateway that has the garbage detector (a tool that is used for debugging memory leaks) enabled may hang indefinitely.

Conditions: This symptom is observed when you enter the garbage detector-related show memory debug leaks command or show memory debug incremental leaks command.

Workaround: There is no workaround.

CSCeh40183

Symptoms: A router reloads unexpectedly when the show policy interface EXEC command is entered.

Conditions: This symptom is observed on a Cisco router when two users are connected to the router and simultaneously enter the show policy interface EXEC command.

Workaround: Ensure that only one user at a time enters the command.

CSCeh61467

This caveat consists of the two symptoms, two conditions, and two workarounds:

Symptom 1: After you have disabled MVPN on a VRF interface, the CPU use for the PIM process increases to 99 or 100 percent and remains at that level.

Condition 1: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases.

Workaround 1: Before you disable MVPN on the VRF interface, enable and then disable multicast routing by entering the ip multicast-routing vrf vrf-name global configuration command followed by the no ip multicast-routing vrf vrf-name global configuration command.

Symptom 2: A router that functions under stress and that is configured with a VRF interface may crash when an MDT group is removed from a remote PE router.

Condition 2: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases, and occurs only when there are frequent link flaps or other multicast topology changes that affect the VRF interface.

Workaround 2: There is no workaround.

CSCei02275

Symptoms: A Cisco router may reload when removing a Frame Relay map from a dial interface.

Conditions: This symptom occurs when a dial (ISDN) interface is configured for Frame Relay encapsulation with a map that includes IP Header Compression.

Workaround: There is no workaround.

CSCei31970

Symptoms: A Cisco AS5850 reaches 99% CPU and starts rejecting the calls upon issuing the show voice call status call- id command in quick successions. This can be highly service impacting. The box thereafter becomes very unstable in accepting the calls coming in. This happens only on stressing the box with more than 900+ calls.

Conditions: This symptom is seen on a Cisco AS5850 that is running a special build of 11-T6 image with 900+ H323 voice calls.

Workaround: Try to avoid giving this command under stressed conditions, but nevertheless this can be service impacting.

CSCei37299

Symptoms: A VPN hub router may reload when you enter the clear crypto session remote ip-address command.

Conditions: This symptom is observed after a remote peer disconnects ungracefully (that is, the peer is suddenly powered-off or the LAN cable is disconnected) and immediately reconnects to the VPN hub router with a different public address.

Workaround: Do not enter the clear crypto session remote ip-address command. Rather, enter the clear crypto sa command.

CSCei41674

Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.

Conditions: This symptom is observed when both the following conditions are present:

The router generates traffic such as routing updates that are encrypted via IPSec and the traffic (packets) is process-switched after encryption.

The router is configured with a hardware crypto accelerator.

A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CCSCeg43855. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround.

Further Problem Description: When the error message is generated, a crash may also occur in the following configuration in which hub-n-spoke GRE tunnels are configured for IPSec and EIGRP: When the spokes have a primary hub and a backup hub (that is, a GRE tunnel to each) and when a switchover from the primary hub to the backup hub occurs multiple times, the spoke man crash. This particular situation is observed on a Cisco 1841 and Cisco 3825.

A workaround for this particular situation is to prevent multiple hub switchovers from occurring or to refrain from configuring GRE tunnels with IPSec and EIGRP.

CSCei42842

Symptoms: A Cisco 2851 may crash at the tsp_search_voice_port function.

Conditions: This symptom is observed when the no ccm-manager mgcp command is entered very rapidly, for example, via an automated script.

Workaround: There is no workaround.

CSCei44586

Symptoms: The wrong IKE SA is deleted when the SA deletion is triggered by the idle timer.

Conditions: This symptom has been observed when the clients are behind a firewall or NAT device and their public address is set by Port Address Translation (PAT) to the same IP address as their LAN IP address.

Workaround: Use NAT instead of PAT.

CSCei46509

Symptoms: No more than 930 H.323 terminating calls can be brought up on a Cisco 5850 because socket allocation failures occur.

Conditions: This symptom is observed on a Cisco 5850 that functions as a TGW in RPR+ mode when H.323 slow start is enabled and when H.245 tunneling is disabled. Note that the symptom does not occur when H.245 tunneling is enabled or when the Cisco 5850 functions as an OGW.

Workaround: Configure H.245 tunneling and fast start by entering the following commands:

Router(config)# voice service voip
Router(conf-voi-serv)#h323
Router(conf-serv-h323)#no h245 tunnel disable

CSCei50425

Symptoms: A Cisco 7200 series or Cisco 7301 that is equipped with a VAM, VAM2 or VAM2+ accelerator may refuse a valid RSA key and generate an error message such as the following:

% Error in generating keys: did not validate % Key pair import failed.

Conditions: This symptom is observed under rare circumstances when a valid RSA key is composed of unusually short or long prime numbers and coefficient.

When the VAM is deactivated during the importation of the RSA key, the router accepts the key but when the VAM, VAM2, or VAM2+ is inserted into the chassis, the router miscomputates the signature payload of the IKE/ISAKMP exchanges.

Workaround: Create a new RSA key.

Further Problem Description: The result of the wrong operation can be seen on the other side of the connection by activating the debug crypto engine and debug crypto isakmp commands. The following messages are related to the failure:

crypto_engine: public key verify
crypto_engine: public key verify, got error no available resources
ISAKMP:(0:2:HW:2): signature invalid!

CSCei51322

Symptoms: A router that is configured for IPSec may reload because of a stack or program counter corruption.

Conditions: This symptom is observed on a Cisco router that uses a certificate with a very long subject name of several hundred bytes when the distinguished name (DN) is used as an ISAKMP identity. The symptom does not occur for shorter subject names (for example, 290 characters). In most environments, a subject name of 80 characters or less is common.

Workaround: Use certificates with a shorter subject name.

CSCei59221

Symptoms: Traffic does not pass over a connection between a Cisco AXSM-XG module and a Cisco MGX 8800 series RPM-XF after a graceful hardware migration of a redundant pair of AXSM/A, AXSM/B, or AXSM-E cards to AXSM-XG cards.

Conditions: This symptom is observed after the hardware migration for the connections that already existed between the AXSM/A, AXSM/B, or AXSM-E card and the RPM-XF before the hardware migration. The symptom does not occur for new connections that are added between the AXSM-XG and the RPM-XF after the hardware migration, nor does the symptom occur for hardware migrations of standalone (as opposed to redundant pairs of) AXSM/A, AXSM/B, or AXSM-E cards to AXSM-XG cards.

Workaround: After the hardware migration, delete and re-add the affected connections.

CSCei61814

Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5850 may reset unexpectedly.

Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.

Workaround: There is no workaround.

CSCei72576

Symptoms: The following error message and traceback are generated on a Cisco MGX 8800 series RPM-XF, and you cannot ping a destination:

%GENERAL-3-EREVENT:HWCEF: Failed to alloc Mtrie HW node
-Traceback= 4005B148 4005C398 4005C918 40066B5C 4028D634 4028DF6C 40294B84 4029AC5C 4063D470 40614C90

Conditions: This symptom is observed when there are many summary routes advertised with continuos route updates and withdraws via BGP or IGP sessions. The symptom occurs because the PXF CEF memory for level 4 becomes exhausted.

Workaround: There is no workaround.

CSCei75294

Symptoms: A Cisco AS5850 that functions in RPR+ mode reloads unexpectedly because for each call an MGCP application holds an increasing amount of memory that is not freed up.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T7. The symptom could also occur in Release 12.4 or Release 12.4T.

Workaround: There is no workaround.

CSCin79691

Symptoms: QoS information disappears from a FlexWAN module or VIP that is configured with a distributed MFR interface.

Conditions: This symptom is observed after the FlexWAN module or VIP resets or after the interface flaps.

Workaround: Remove the service policy from the interface and reapply it to the interface.

CSCin91381

Symptoms: A VIP card having a dMLFR configuration on a Cisco 7500 series router may crash on entering the microcode reload command in the global configuration mode.

Conditions: This symptom has been observed on a Cisco 7500 series router with a VIP card having a dMLFR configuration when traffic is flowing at that point of time.

Workaround: There is no workaround.

CSCsa44556

Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.

Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.

Workaround: Reload the gatekeeper after you have made the configuration changes.

CSCsa60223

Symptoms: After a call is made between H.323 and SIP on the IPIPGW, executing the show call active voice command does not reflect the call leg information.

Conditions: This symptom occurs when doing SIP-H323 calls.

Workaround: There is no workaround.

CSCsa68001

Symptoms: All incoming packets on a Frame Relay Link have the DE bit set.

Conditions: This symptom is observed on a Cisco 2811 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 under normal traffic conditions.

Workaround: There is no workaround. Note that the symptom does not occur on a Cisco 1760 that runs Release 12.3(10).

CSCsa70040

Symptoms: A router does not attempt to autoinstall a software configuration via a Frame Relay WAN segment when it receives a response to a DHCP request on an Ethernet LAN, even though the DHCP server does not support autoinstall via TFTP.

Conditions: This symptom is observed when a software configuration is replaced on a failed remote router or installed on a new remote router. The router is connected to an existing Ethernet LAN and a Frame Relay WAN segment. You would expected that the router autoinstalls over the Frame Relay WAN segment because it is supposed to download the configuration from a central TFTP server. However, this does not occur.

When the router has a response to its DHCP request on the Ethernet LAN, it attempts to autoinstall over DHCP. Although the DHCP server does not support autoinstall over DHCP, the router does not attempt to autoinstall over the Frame Relay WAN segment.

Workaround: Prevent the DHCP server from responding to the router request or ensure that someone is physically present to disconnect the Ethernet LAN link from the router to force the router to autoinstall over the Frame Relay WAN segment. When the router has autoinstalled over the Frame Relay WAN segment, the router should be reconnected to the Ethernet LAN.

CSCsa71612

Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.

Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.

Workaround: Add another NM-HD-2VE and configure codec complexity medium.

CSCsa74930

Symptoms: A Cisco 3825/c3845 may display the following error message and traffic is interrupted:

%SBETH-3-ERRINT: GigabitEthernet0/0, error interrupt, mac_status = 0x0000000000840000

Conditions: This symptom is observed when multiple users that are connected to a downstream switch attempt to log into network resources across a WAN (traversing the router).

Mostly Seen with Appletalk protocol over GE.

Workaround: There is no workaround.

CSCsa86291

Symptoms: Packets that enter on an interface that has the ssg direction downlink command enabled are not translated even though the ip nat inside is enabled.

Conditions: This symptom is observed on a Cisco router that is configured for SSG with the TP, TT, or TX type of service and that runs Cisco IOS Release 12.3(11)T4 or Release 12.3(14)T. The symptom may also occur in Release 12.3 but does not occur in Release 12.3(11)T3.

Note that when you disable the ssg direction downlink command on the interface, NAT works fine.

Workaround: There is no workaround.

CSCsb10341

Symptoms: A Cisco 2651XM may not drop unicast Ethernet frames that are not destined for its MAC address.

Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP.

Workaround: Enter the standby use-bia command on the main interface.

CSCsb34344

Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5400 may reset unexpectedly.

Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.

Workaround: There is no workaround.

CSCsb34361

Symptoms: XFL: VC CoS queue size value is wrong for Early Packet Discard (EPD) based congestion management algorithm.

Conditions: With SAR based QoS, VC CoS queue size value is not updated properly. This occurs when congestion management algorithm is changed from Weighted Random Early Detection (WRED) to EPD.

Workaround: Enter the shut command followed by the no shut command on the subinterface or reprogram the affected CoSQ.

CSCsb37645

Symptoms: A router may crash during a basic H.323 call with carrier ID routing.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).

Workaround: There is no workaround.

CSCsb42859

Symptoms: A router may reload unexpectedly when the stack for VTSP runs low in memory.

Conditions: This symptom is observed on a Cisco router that functions as a voice gateway.

Workaround: There is no workaround.

CSCsb46264

Symptoms: When a dialer interface is configured as an endpoint for a IPSec+GRE tunnel, tracebacks with bad refcount may be generated.

Conditions: This symptom is observed on a Cisco 837 when router-generated packets such as routing updates are being switched.

Workaround: There is no workaround.

CSCsb47438

Symptoms: XFL: CoSQ creation fails while switching between Weighted Random Early Detection (WRED) and Early Packet Discard (EPD).

Conditions: When the MAX 8 CoS queues are configured under a VC tunnel, and traffic is queued in the CoS queue, trying to switch the CoS queue congestion management policy results in SAR queue creation failure.

Workaround: Enter the shut command followed by the no shut command on the subinterface.

CSCsb50143

Symptoms: You cannot create a maximum session number for a DSPfarm profile conference.

Conditions: This symptom is observed on a a Cisco router that runs Cisco IOS Release 12.3(11)T or Release 12.4(1a) when time slot 1 through 24 of the PRI group are configured before you attempt to create a maximum session number. The symptom occurs on an NM-HDV2 that has a PVDM2-64 installed.

Workaround: First configure a maximum session number for the DSPfarm profile conference, then configure time slot 1 through 24 of the PRI group.

Do not reload the gateway or enter the shutdown command for the DSPfarm profile after everything is properly configured because otherwise the PRI group would grasp all the DSP resources again.

CSCsb72138

Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.

Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.3(11)T5. This symptom typically occurs when fax lines are configured on the FXS port.

Workaround: There is no workaround.

CSCsb74429

Symptoms: See the following:

User may experience network delay or hiccup when there are RPM-XF GE cards in the network.

User may occasionally observe traceroute program take an extra hop via RPM- XF GE card, when it should not.

Conditions: User may observe the following symptoms when this problem occurs:

When there is at least one RPM-XF GE card with another IP device that does not speak actively in the same VLAN, traceroute program sometimes shows the route to that device may take an extra hop through the RPM-XF GE card.

Intermittent traffic storms may occur when there are 3 or more RPM-XF GE cards in the same VLAN.

Workaround: User may apply an inbound access-list to RPM-XF GE interface that prevents local VLAN forwarding:

ip access-list extended no-local-forwarding

permit ip any host 192.168.1.100

permit ip any host 192.168.1.255

deny ip any 192.168.1.0 0.0.0.255

permit ip any any

!

interface GigabitEthernet 1/0

ip address 192.168.1.100 255.255.255.0

ip access-group no-local-forwarding in

!

This access-list can stop traffic storms generated by RPM-XF. However, the access-list will not fix the odd behavior to "traceroute" program and may cause some operating systems to report "ping" to a target device is denied. Currently, there are no effective workarounds for "traceroute" or "ping".

CSCsb90264

Symptoms: Cisco AS5400 and AS5350 T1 CAS calls fail with "no users answer," and a traceback is seen at vtsp_tsp_call_setup_ind, along with the following error:

%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

Conditions: This problem is seen when making CAS calls in Cisco AS5400 and AS5350 platforms.

Workaround: There is no workaround.

Wide-Area Networking

CSCea75722

Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.

Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.

Workaround: There is no workaround.

CSCed32146

Symptoms: A small buffer leak may occur on a router that has a BRI interface that is in the "Layer 1 Down" state (that is, the interface is not able to establish ISDN Layer 1).

Conditions: This symptom is observed when there is an attempt to activate inactive BRI interfaces. During such an attempt, small buffers are allocated periodically to transmit unnumbered messages to establish the TEI that is to be used on the interface. The buffers cannot be transmitted because the ISDN Layer 1 protocol is down, causing the buffers to be enqueued and lost from the small buffer pool until ISDN Layer 1 becomes active. These enqueued buffers may leak from the small buffer pool, although technically this is not a leak because the buffers are in a queue.

Possible Workaround: Enter the isdn tei-negotiate first-call command.

CSCee85138

Symptoms: A SegV exception crash may occur on a Cisco router that is configured for voice calls.

Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6a) or Release 12.3(9) but may not be platform-dependent.

Workaround: There is no workaround.

CSCee93835

Symptoms: When you remove a policy map that is attached to a service policy or when you make changes in the CIR of a policy class, a router may produce spurious align messages and may crash.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(7.7) or Release 12.3(9) and that is configured for PPP.

Workaround: Do not to make any changes to the policy map or any changes that are related to QoS.

CSCef26648

Symptoms: A memory leak may occur on a Cisco AS5350 or Cisco AS5400 that runs Cisco IOS Release when ISDN synchronous digital calls are made. This situation causes the platform to reload eventually.

Conditions: This symptom is observed in a rare situation during a stress test when ISDN sends a first RELEASE message, a connected switch returns a STATUS message, and ISDN sends a second RELEASE message. The first RELEASE message causes a memory leak.

Workaround: There is no workaround.

CSCef48558

Symptoms: A router may crash when a PPP link joins a multilink PPP (MLP) bundle.

Conditions: This symptom is observed when a packet is forwarded to the multilink bundle interface when at the same time a new link joins an active bundle (that is, a bundle that is already running with at least one member link). The likelihood of the symptom occurring is rare, but increases when the system load increases or when the level of outbound traffic on the bundle increases.

Workaround: There is no workaround.

CSCef82683

Symptoms: An MFR bundle may stay in the down state after redistributing bundle links. The output of the show frame-relay multilink command displays as cause code "inconsistent bundle."

Conditions: This symptom is observed when a Remove-Link message is lost.

Workaround: Enter the shutdown command followed by the no shutdown command on the affected bundle.

CSCeg03958

Symptoms: A router may crash while performing an SNMP walk on VPDN-related MIB Objects. SNMP get and set operations function fine.

Conditions: This symptom is observed on a Cisco router that is configured with MLP interfaces.

Workaround: Reload the router and do not perform an SNMP walk. Instead use get operations.

CSCeg15184

Symptoms: When you set up PPPoA sessions in a stress situation, the following error message may be generated:

%IDMGR-3-INVALID_ID: bad id in id_to_ptr

Conditions: This symptom is observed on a Cisco 10000 series that is configured with about 22,000 active PPPoA sessions and that has a CPU usage of 99 percent. However, the symptom is platform-independent.

Workaround: There is no workaround.

CSCeg43407

Symptoms: On a router that is configured for SLIP/PPP, spurious memory accesses may be reported in the output of the show alignment command.

Conditions: This symptom is observed after a SLIP/PPP test on an asynchronous modem.

Workaround: There is no workaround.

CSCeh18018

Symptoms: The asynchronous resources on a NAS may remain active after a VPDN setup because the LAC does not close the L2TP session on receipt of the L2TP Call Disconnect Notification (CDN) from the LNS.

Conditions: This symptom is observed on a NAS that is configured with digital modems when the L2TP session is abnormally aborted, for example, when the L2TP session is aborted before the LNS sends an LCP termination request to the dialin user.

Workaround: Manually free the asynchronous resources on the NAS by entering the clear line line-number command or ask the remote dialin user to disconnect the modem.

CSCeh62257

Symptoms: PPP does not establish new sessions.

Conditions: This symptom is observed on a Cisco router that is configured with full virtual-access interfaces when a PPP leak occurs.

Workaround: Reload the router and configure virtual-access subinterfaces instead of full virtual-access interfaces.

CSCei11919

Symptoms: A dialed circuit that carries a PPP connection over a tunnel between an LNS and a LAC is not dropped when the tunnel is reset.

Conditions: This symptom is observed when you enter the clear vpdn all command, when the LNS reloads, when the IP link between the LSN and LAC is disrupted, or when any other event occurs that causes the tunnel to be reset.

Workaround: There is no workaround.

CSCei13743

Symptoms: An outgoing Basic Rate Interface (BRI) call fails to activate the layer 1.

Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fix for caveat CSCsa66756. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa66756. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround.

CSCei16649

Symptoms: The output of the show pppoe session or show vpdn session command does not show PPPoEoA session details.

Conditions: This symptom is observed for a point-to-point ATM interface.

Workaround: There is no workaround.

CSCei21549

Symptoms: A Cisco 5850 reloads when an RLM group is unconfigured.

Conditions: This symptom is observed when you enter the no isdn rlm-group number command and when there are more than 31 NFAS members in the same NFAS group.

Workaround: Shut the primary interface, remove the NFAS members of the same NFAS group, and unconfigure the RLM group.

CSCsa66756

Symptoms: The B channel on an NFAS "none" group member may hang with its channel state set to PROPOSED, which you can see in the output of the show isdn service command.

Conditions: This symptom is observed when the first activity on an NFAS "none" member is an outgoing call. After the first incoming or outgoing call, the symptom does no longer occur.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.3(11)T7

Cisco IOS Release 12.3(11)T7 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T7 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCeg15044

Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.

Conditions: This symptom is observed when there are simultaneous Telnet requests.

Workaround: There is no workaround.

CSCeg41120

Symptoms: The configuration of the snmp-server host command overrides an existing entry.

Conditions: This symptom is observed when the snmp-server host command is used in conjunction with port numbers. When you configure multiple host entries with the same host address but with different port numbers, the existing entries are overridden.

Workaround: Do not configure multiple host entries with the same host address but with different port numbers.

CSCeg52893

Symptoms: Several tty lines may become stuck in the "Carrier Dropped" modem state. You can verify this situation by entering the show line line-number EXEC command for an individual line. However, when you enter the show line EXEC command (that is, you do not enter a value for the line-number argument), the output shows that the same tty lines are active (that is, they are in the "*" state):

......

I 2/47 Digital modem - DialIn - - - 7 0 0/0 - Idle

I 2/48 Digital modem - DialIn - - - 7 0 0/0 - Idle

* 2/49 Digital modem - DialIn - - - 5 0 0/0 - Carrier Dropped

I 2/50 Digital modem - DialIn - - - 7 0 0/0 - Idle

I 2/51 Digital modem - DialIn - - - 13 0 0/0 - Idle

I 2/52 Digital modem - DialIn - - - 10 0 0/0 - Idle

......

In addition, both the output of the show users EXEC command and the output of the show caller EXEC command do not show a user or caller name or show an incorrect user or caller name. The output of the show caller EXEC command does show that the service is "TTY."

Conditions: These symptoms are observed on a Cisco AS5400 that is configured for modem dialin with PPP and EXEC connectivity and for login authentication via a TACACS+ server.

Workaround: To clear the stuck line, enter the clear port slot/port EXEC command.

CSCeg52924

Symptoms: When TACACS+ accounting or authorization is configured, many CPU cycles are consumed, messages are not sent, and the platform is unusable.

Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 when TACACS+ accounting, authentication, or authorization is enabled with a faulty server and when the server sends unsolicited data while the socket is being set up.

Workaround: Disable TACACS+.

CSCeg64124

Symptoms: The operation result of an IP SLA jitter probe shows a high packet MIA that is equal to the jitter's number of packets minus one. In the responder router, the responder debug message shows many error packets.

Conditions: This symptom is observed when multiple jitter probes (either from the same router or from different routers) are configured to send packets to the same destination IP address and the same destination port number and when the responder is turned off for a short time and turned on again.

Workaround: To prevent the symptom from occurring, configure the jitter probe to use a unique destination port number.

Alternate Workaround: If the symptom has occurred, turn off the responder by entering the no rtr responder global configuration command, wait until all jitter probes report "No connection," and then turn on the responder by entering the rtr responder global configuration command.

CSCeh64791

Symptoms: A memory leak may occur when you delete a RADIUS server group.

Conditions: This symptom is observed when the server is configured with a key.

Workaround: There is no workaround.

CSCin81985

Symptoms: Although a RADIUS server is up and running, a router may not contact the RADIUS server during login authentication.

Conditions: This symptom is observed when the RADIUS server is declared dead and then, after an accounting-on record is sent, changes to the up state.

Workaround: Configure local authentication as a backup by entering the aaa authentication login default group radius local command and a local user name and password.

CSCsa53912

Symptoms: You cannot log on when a TACACS+ server is used for authentication. You get a message that authentication fails and you are asked again to enter your user name.

Conditions: This symptom is observed when you make a Telnet connection to a router that is configured for TACACS+ after you have entered you user name and your TACACS password.

Workaround: Configure the TACACS+ single connection option by entering the tacacs-server host host-name single-connection command.

Interfaces and Bridging

CSCei08289

Symptoms: The transmit rate is higher than the configured committed information rate (CIR), causing the network to drop frames.

Conditions: This symptom is observed only when traffic is process-switched and when software payload compression and header compression are configured.

Workaround: Enable either CEF or fast-switching. If process-switching must be used, add a compression adaptor and configure FRF9 data compression instead of packet-by-packet payload compression. You can enable FRF9 data compression in the following ways:

On a point-to-point interface, enter the following command in interface configuration mode:

frame-relay payload-compression frf9 stac

On a multipoint interface, enter the following command in interface configuration mode:

frame-relay map ip ip-address dlci