 Feedback
|
Table Of Contents
Caveats for Cisco IOS Release 12.3T
Resolved Caveats—Cisco IOS Release 12.3(14)T7
Resolved Caveats—Cisco IOS Release 12.3(14)T6
Resolved Caveats—Cisco IOS Release 12.3(14)T5
Resolved Caveats—Cisco IOS Release 12.3(14)T4
Resolved Caveats—Cisco IOS Release 12.3(14)T3
Resolved Caveats—Cisco IOS Release 12.3(14)T2
Resolved Caveats—Cisco IOS Release 12.3(14)T1
Open Caveats—Cisco IOS Release 12.3(14)T
Resolved Caveats—Cisco IOS Release 12.3(14)T
Resolved Caveats—Cisco IOS Release 12.3(11)T12
Resolved Caveats—Cisco IOS Release 12.3(11)T11
Resolved Caveats—Cisco IOS Release 12.3(11)T10
Resolved Caveats—Cisco IOS Release 12.3(11)T9
Resolved Caveats—Cisco IOS Release 12.3(11)T8
Resolved Caveats—Cisco IOS Release 12.3(11)T7
Resolved Caveats—Cisco IOS Release 12.3(11)T6
Resolved Caveats—Cisco IOS Release 12.3(11)T5
Resolved Caveats—Cisco IOS Release 12.3(11)T4
Resolved Caveats—Cisco IOS Release 12.3(11)T3
Resolved Caveats—Cisco IOS Release 12.3(11)T2
Resolved Caveats—Cisco IOS Release 12.3(11)T
Resolved Caveats—Cisco IOS Release 12.3(8)T11
Resolved Caveats—Cisco IOS Release 12.3(8)T10
Resolved Caveats—Cisco IOS Release 12.3(8)T9
Resolved Caveats—Cisco IOS Release 12.3(8)T8
Resolved Caveats—Cisco IOS Release 12.3(8)T7
Resolved Caveats—Cisco IOS Release 12.3(8)T6
Resolved Caveats—Cisco IOS Release 12.3(8)T5
Resolved Caveats—Cisco IOS Release 12.3(8)T4
Resolved Caveats—Cisco IOS Release 12.3(8)T3
Resolved Caveats—Cisco IOS Release 12.3(8)T1
Resolved Caveats—Cisco IOS Release 12.3(8)T
Resolved Caveats—Cisco IOS Release 12.3(7)T12
Resolved Caveats—Cisco IOS Release 12.3(7)T11
Resolved Caveats—Cisco IOS Release 12.3(7)T10
Resolved Caveats—Cisco IOS Release 12.3(7)T9
Resolved Caveats—Cisco IOS Release 12.3(7)T8
Resolved Caveats—Cisco IOS Release 12.3(7)T7
Resolved Caveats—Cisco IOS Release 12.3(7)T6
Resolved Caveats—Cisco IOS Release 12.3(7)T4
Resolved Caveats—Cisco IOS Release 12.3(7)T3
Resolved Caveats—Cisco IOS Release 12.3(7)T2
Resolved Caveats—Cisco IOS Release 12.3(7)T1
Resolved Caveats—Cisco IOS Release 12.3(7)T
Resolved Caveats—Cisco IOS Release 12.3(4)T11
Resolved Caveats—Cisco IOS Release 12.3(4)T10
Resolved Caveats—Cisco IOS Release 12.3(4)T9
Resolved Caveats—Cisco IOS Release 12.3(4)T8
Resolved Caveats—Cisco IOS Release 12.3(4)T7
Resolved Caveats—Cisco IOS Release 12.3(4)T6
Resolved Caveats—Cisco IOS Release 12.3(4)T4
Resolved Caveats—Cisco IOS Release 12.3(4)T3
Resolved Caveats—Cisco IOS Release 12.3(4)T2
Resolved Caveats—Cisco IOS Release 12.3(4)T1
Resolved Caveats—Cisco IOS Release 12.3(4)T
Resolved Caveats—Cisco IOS Release 12.3(2)T9
Resolved Caveats—Cisco IOS Release 12.3(2)T8
Resolved Caveats—Cisco IOS Release 12.3(2)T7
Resolved Caveats—Cisco IOS Release 12.3(2)T6
Resolved Caveats—Cisco IOS Release 12.3(2)T5
Resolved Caveats—Cisco IOS Release 12.3(2)T4
Resolved Caveats—Cisco IOS Release 12.3(2)T3
Resolved Caveats—Cisco IOS Release 12.3(2)T2
Resolved Caveats—Cisco IOS Release 12.3(2)T1
Resolved Caveats—Cisco IOS Release 12.3(2)T
Obtaining Documentation, Obtaining Support, and Security Guidelines
Caveats for Cisco IOS Release 12.3T
September 24, 2008
Cisco IOS Release 12.3(14)T7
Text Part Number: OL-4748-06 Rev. J1
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.3T, up to and including Release 12.3(14)T7. Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.
Because Cisco IOS Release 12.3T is based on Cisco IOS Release 12.3, many caveats that apply to Cisco IOS Release 12.3 also apply to Cisco IOS Release 12.3T. For information on severity 1 and 2 caveats in Cisco IOS Release 12.3, see the Caveats for Cisco IOS Release 12.3 document located on Cisco.com.
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•
The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.
•
Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation, Obtaining Support, and Security Guidelines" section.
For more information on caveats and features in Cisco IOS Release 12.3T, refer to the following sources:
•
•
•
•
•
Note
The most recent release notes when this caveats document was published were Release Notes for Cisco IOS Release 12.3T, for Cisco IOS Release 12.3(14)T on April 17, 2007.
Contents
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Resolved Caveats—Cisco IOS Release 12.3(14)T7
Cisco IOS Release 12.3(14)T7 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The IPSLA test packets returned by the IPSLA responder for the UDP jitter operation have ToS value of 0 instead of the value configured for the operation. Because of this, the two IPSLA UDP jitter operations between same source and responder routers with just the different ToS configurations will report the same round trip time even though the expected values are different.
Conditions: This symptom has been observed on the routers configured with an IP SLA User Datagram Protocol (UDP) jitter operation with microseconds precision and has the ToS value configured.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: POS interfaces may remain in the up/down state after the router has been reloaded.
Conditions: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.
Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.
IP Routing Protocols
•
Symptoms: A Cisco 7200 router that is performing NAT could drop IPSec packets.
Conditions: This symptom is observed on a Cisco 7200 router that is performing NAT functionality for IPSec transit packets. The router will NAT and forward the Inside to Outside IPSec (ESP) packets, but might drop the return IPSec packets from Outside to Inside.
Workaround: Disable NAT for IPSec.
Miscellaneous
•
Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.
Workaround: There is no workaround.
•
Symptoms: The FXSLS voice port is stuck in an on-hook state, and the digital signal processor (DSP) is not released.
Condition: This symptom occurs when the FXSLS user stays offhook at the end of the call after Cisco IOS software sends a Howler tone to the FXSLS port.
Workaround: There is no workaround.
•
Symptoms: Policing does not drop any packets after the packets are sent or received at a rate that is much higher than the committed information rate (CIR).
Conditions: This symptom is observed on a Cisco 7500 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: CEF may not be updated with a new path label that is received from the BGP peer.
If a router configured for BGP IPv4+labels multipath receives a BGP update that only changes the MPLS label for a non-bestpath multipath, the router fails to update the forwarding plane. This results in dropping or mis-branding the traffic.
Conditions: In a IPv4+labels multipath setup, if a label is changed for the non-bestpath multipath and that is the only change in the new update received from the neighbor, the new label will not be programmed in forwarding, hence there will be label inconsistency between the BGP and the forwarding tables.
Workaround: There is no workaround.
•
Symptoms: A large configuration in NVRAM on a primary or secondary RSP may become corrupted and the router may generate relevant warning messages during the execution of a copy system:running-config nvram: startup-config command.
When you erase NVRAM by entering the erase nvram command and then enter the copy system:running-config nvram: startup-config command, the router may crash.
Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.
Workaround: If the configuration file is significantly large, place a copy of the configuration file on a flash card or disk with ample space and enter the boot config slot0:startup-config command to force the startup configuration file to be read from the flash card.
When you enter the copy system:running-config nvram: startup-config command, the current running configuration is saved to the flash card or disk and the configuration is auto-synchronized to the corresponding flash card on the secondary RSP.
Caution: Do not remove the flash card while the boot config slot0:startup-config command is being executed.
•
Symptoms: An inconsistency may occur in the outlabel information that is used by BGP and MPLS forwarding.
Conditions: This symptom is observed when there are two route reflectors (RRs) that advertise the same route and when one of the routes is the best path. The symptom occurs when the following conditions are present:
–
–
This situation causes BGP to function with the new label but MPLS forwarding to function with the old label.
Workaround: Enter the clear ip route network command for the affected prefix.
•
Symptoms: Intermittent one-way audio (PSTN hears dead air) on inbound ISDN call through Cisco VoIP AS5850 gateway.
Conditions: This symptom has been observed to occur with inbound ISDN calls with outbound SIP calls towards a Cisco MeetingPlace server. Numerous calls which are transferred via SIP REFER contribute to the gateway get into this state.
Workaround: There is no workaround to prevent the gateway from getting into this state. Once in this state, reloading the gateway will help clear this condition for awhile.
•
Symptoms: The fix for busyout slot on the Cisco AS5400 platform causes build issues.
Conditions: This symptom is observed on a Cisco AS5400 platform.
Workaround: There is no workaround.
•
Symptoms: When you enter the show voice call status command five to six times in quick succession, the CPU use of a Cisco AS5850 reaches 99 percent. The Cisco AS5850 thereafter becomes very unstable in accepting incoming calls. This situation can be highly service-impacting under stress conditions.
Conditions: This symptom is observed on a Cisco AS5850 that is running a special image of Cisco IOS Release 12.3(11)T6 and occurs only when there are more than 900 H.323 voice calls.
Workaround: Do not enter the show voice call status command in a stress situation.
•
Symptoms: Incorrect outgoing labels are installed for BGP-IPv4 Multipath prefixes.
Conditions: This symptom has been observed anytime that a label changes from a BGP-IPv4 Multipath peer.
Workaround: Clearing the BGP neighbor should allow the correct labels to be installed.
•
Symptoms: The on-board FastEthernet 0/0 results in state "FastEthernet0/0 is up, line protocol is down" after a reload, power-up or a shutdown and no shutdown operation. This is verified when the FastEthernet 0/0 is connected to Telsey and Pirelli Media Converters in series.
This symptom is not present if the Cisco 1718 and Cisco 2950 routers are connected directly, without any media converters in between. This symptom may not be present using a media converter from other vendors.
Conditions: This symptom has been observed connecting the on-board port of a Cisco 17xx router running Cisco IOS Release 12.3(11)T to Telsey and Pirelli Media Converters in series, like:
1718(fa0/0)--Telsey MC ----------- Pirelli MC--(fa 0/1)2950
This symptom has also been observed with Cisco IOS Release 12.4(5), which is the latest available image for this platform.
Workaround: Replace the media converter with one from another vendor.
•
Symptoms: The BGP table and CEF forwarding table may have mismatched labels for prefixes that are learned from a remote PE router.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when an eBGP session flap or route flap occurs on the remote PE router. A new label for the prefix is learnt from the remote PE router, but forwarding may not be updated properly.
Workaround: There is no workaround. When the symptom has occurred, and to correct the situation, enter the clear ip route vrf vrf-name network command on the PE router that has mismatched labels.
•
Symptoms: The router crashes on busyout of a CT3 card.
Conditions: This symptom has been observed only after the router is booted with no T1 configuration on the T3 controller.
Workaround: There is no workaround.
•
Symptoms: The Media Gateway Control Protocol (MGCP) gateway hangs when getting voice calls from either the IP or the PSTN side in which a leg of the call is on a BRI Voice Interface Card (VIC). The gateway stops responding and does not process any traffic. The only way to bring the router back is to power-cycle it.
Conditions: This problem can be seen for every call over a BRI VIC/WIC if the router is running Cisco IOS Release 12.4(4)T1 or later releases, but it is not seen when the router is running Cisco IOS Release 12.4(4)T.
Workaround: For an MGCP GW with BRI interfaces, do not use the Cisco IOS release for later than Cisco IOS Release 12.4(4)T.
•
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•
Symptoms: The callee's phone rings continuously even after the caller goes on- hook.
Conditions: When the caller goes on-hook, the gateway receives idle and does not recognize the idle. The call does not get disconnected and the callee keeps hearing the ringing tone continuously.
Workaround: The callee has to pick up the phone for the call to be dropped.
•
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
Wide-Area Networking
•
Symptoms: A LAC does not send an Accounting-Start RADIUS record to a RADIUS server for a user session.
Conditions: This symptom is observed on a Cisco platform that functions as a LAC and that runs Cisco IOS Release 12.3(14)T1 when a switchover occurs from one LNS to another LNS while the user session is brought up.
Workaround: There is no workaround.
•
Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).
Workaround: There is no workaround.
•
Symptoms: Using the show caller full or show caller interface Virtual-Access XX full commands on a PPPoE client interface causes the router to unexpectedly reload.
Conditions: This symptom has been observed on routers using Cisco IOS Release 12.4(3.3) and later versions.
Workaround: Avoid using those commands.
•
Symptoms: A Cisco router configured for Virtual Private Dialup Network (VPDN) may unexpectedly reload with Bus Error.
Conditions: This symptom was observed on a Cisco7200VXR series router equipped with NPE-G1 processor card running Cisco IOS Release 12.3(14)T3.
Workaround: There is no workaround.
Further Problem Description: The crash was preceded by "SYS-2-INPUT_GETBUF: Bad getbuffer" error messages.
Resolved Caveats—Cisco IOS Release 12.3(14)T6
Cisco IOS Release 12.3(14)T6 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: Ping/Telnet may fail across a Network Address Translation (NAT) box when static NAT configuration is on.
Conditions: This symptom is observed with Cisco IOS Releases 12.4(3) and 12.4 (4)T.
Workaround: There is no workaround.
•
Symptoms: A router that is running Cisco IOS may crash unexpectedly.
Conditions: NAT must be enabled for this symptom to occur. The problem is seen when an application uses two well known ports: one for source and the other for destination. The outgoing translation is created, but on the return trip, using the previous source port as the destination, NAT may use the incorrect algorithm.
For example, if a PPTP session is initiated to the well known port 1723 from source port 21 (FTP), then the outgoing packet will create a FTP translation (we look at source information when going from in->out). When the packet is returned, we again look at the source information to know what kind of packet this is. In this case we have the source port will be 1723, and NAT will assume this is a PPTP packet. This will try to perform PPTP NAT operations on a data structure that NAT built for a FTP packet and may lead to a crash.
Workaround: There is no workaround.
•
Symptoms: One router (R2) may begin sending updates to another router (R1) before R2 has received the BGP prefix list from R1.
R1 does apply its inbound BGP prefix list so routes are denied if they need to be. However, R2 sends routes to R1 which are denied by R1.
Conditions: This symptom is observed when both routers have negotiated a BGP outbound route filter (ORF) and when R1 sends its BGP prefix list to R2.
Workaround: There is no workaround.
•
Symptoms: A (*,G) prune is not processed on a non-Designated Router (DR), causing a link that is shut down on a DR router to continue to receive multicast packets.
Conditions: This symptom is observed in a configuration with a DR router that has a link (link A) to a PIM neighbor and a backup router that has a link (link B) to another PIM neighbor. The symptom occurs when you shut down link A and bring up link B. The OIL of the DR router is Null on (S,G) but on its PIM neighbor, the OIL on (S, G) still points to the interface that is connected to the DR router, that is, to link A. The OIL on the PIM should be pruned immediately, but it takes three minutes before this occurs. This situation causes the DR router to continue to receive multicast packets until the OIL on the PIM is finally pruned.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.
Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.
Workaround: There is no workaround.
•
Symptoms: The router may not be able to detect busy and congestion on the cptone Japan voice-port configuration.
Conditions: This symptom is observed on Cisco 2600, Cisco 3660, and Cisco 3640 routers when the cptone command is configured for Japan.
Workaround: There is no workaround.
•
Symptoms: There is no QoS classification at a main interface when packets are switched from a GRE tunnel that also has a QoS policy enabled.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4 when a QoS policy is enabled on both the GRE tunnel and the main interface in the output direction. The symptom may also occur in other releases.
Workaround: Move the complete QoS configuration to the QoS policy on the main interface (that is, use an hierarchical policy).
•
Symptoms: Weighted Random Early Detection (WRED) does not match packets based on any marking done.
Conditions: This symptom has been observed when qos pre-classification (the qos pre-classify command) is turned on.
Workaround: Remove the qos pre-classify command.
•
Symptoms: Packets are not shaped when traffic shaping is configured on a tunnel interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(27)SBA but may also occur in other releases.
Workaround: Configure class-based shaping. If this is not an option, there is no workaround.
•
Symptoms: One or more VIP slot controllers reset.
Conditions: This symptom is observed on a Cisco 7500 series when the ip nbar protocol-discovery command is enabled. The symptom may not be platform-dependent and may also occur on other platforms in a similar configuration.
Workaround: Disable protocol discovery by entering the no ip nbar protocol-discovery command.
•
Symptoms: A Modular QoS CLI (MQC) CoS marking disappears after you reload a router and QoS does not work.
Conditions: This symptom is observed on a Cisco router when the policy map is configured with a class using CoS marking via the set cos command. After the router has reloaded, the CoS marking is still present in the configuration but does not appear in the output of the show policy-map interface command.
Workaround: Remove and re-apply the service policy on the main interface.
•
Symptoms: A router that is configured for QoS crashes because of a bus error.
Conditions: This symptom is observed when you bring up a session that has a policy map attached in both directions.
Workaround: There is no workaround.
•
Symptoms: A Cisco device that is running Cisco IOS software may drop traffic because the routing table and the CEF forwarding table are inconsistent.
Conditions: This problem is exposed when the routing table is reloaded by clearing the routing table or on a box that supports hardware forwarding resetting the forwarding complex, for example, PXF. This is a rare situation due to the prefix distribution and timing required to expose the condition.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 might not release all voice resources for an MGCP call after it is disconnected.
Conditions: This symptom is observed on both the Cisco AS5400 and Cisco AS5850 platforms but is not platform dependent. The symptom is associated with the simultaneous disconnection of a large number of calls.
Workaround: There is no workaround.
•
Symptoms: The packets are not switched correctly using the Fast Switching with IPSec tunnel protection feature.
Condition: This symptom has been observed in Cisco IOS Release 12.4(1b) when tunnel protection IPSec is configured and tunnel source interface has Fast- switching (but not CEF) configured.
Workaround: Use CEF switching.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: A Cisco Gateway that is running Session Initiation Protocol (SIP) calls might run out of processor memory due to hung SIP calls.
Conditions: Active and hung calls can be seen using the show sip-ua calls command. The following specific scenario will result in a hung call: 1) The gateway initiates an INVITE. 2) The gateway receives a 100/180 response. 3) The gateway sends a CANCEL. 4) The gateway receives the 200ok for the CANCEL. 5) The gateway receives an invalid final response for the INVITE (or no final response) and drops the message.
Each hung call will use a little more memory, and eventually the gateway will run out of memory.
Workaround: Downgrade to Cisco IOS Release 12.3(14)T3, Release 12.3(11)T6, Release 12.4(2)T1, or Release 12.4(1a).
•
Symptoms: QoS information disappears from a FlexWAN module or VIP that is configured with a distributed MFR interface.
Conditions: This symptom is observed after the FlexWAN module or VIP resets or after the interface flaps.
Workaround: Remove the service policy from the interface and reapply it to the interface.
•
Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.
Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.
Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.
•
Symptoms: A VIP that has a dMLFR configuration may crash when you enter the microcode reload global configuration command.
Conditions: This symptom is observed on a Cisco 7500 series when traffic flows through the VIP.
Workaround: There is no workaround.
•
Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.
The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in the show frame-relay pvc command show the packets correctly.
Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.
Workaround: There is no workaround.
•
Symptoms: The committed information rate (CIR) of policers is calculated incorrectly.
Conditions: This symptom is observed when Frame Relay Traffic Shaping (FRTS) is applied using Modular QoS CLI (MQC) (that is, it is applied on the shaper in the parent service policy) and when the classes of the child policy include percentage-based policers.
Workaround: There is no workaround.
•
Symptoms: All incoming packets on a Frame Relay Link have the DE bit set.
Conditions: This symptom is observed on a Cisco 2811 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 under normal traffic conditions.
Workaround: There is no workaround. Note that the symptom does not occur on a Cisco 1760 that runs Cisco IOS Release 12.3(10).
•
Symptoms: A Cisco IPSec router may restart because of a bus error.
Conditions: This symptom is observed when you remove a crypto map entry that includes the dynamic keyword in its definition, as in the following example:
router#show running
...
crypto map map-name 5 ipsec-isakmp dynamic dyn-map
...
router(config)#no crypto map map-name 5Workaround: Before you delete the crypto map entry that includes the dynamic keyword in its definition, manually configure all dynamic crypto maps that must be deleted to point to a nonexistent ACL, as in the following example:
router#show running
...
crypto dynamic-map dyn-map 5
...
router(config)#crypto dynamic-map dyn-map 5
router(config-crypto-map)#match address no-such-acl•
Symptoms: A router crashes because of a bus error when ICMP or UDP packets that are larger than 1393 bytes are transmitted through an IPSec tunnel.
Conditions: This symptom is observed when a policy map and crypto map are applied to the tunnel interface.
Workaround: Remove the policy map.
•
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml
•
Symptoms: When using a Cisco 3845 router with Cisco IOS Release 12.4 and entering the show ip inspect statistics command, the number for the half-open session keeps increasing, never decreasing. If it reaches the maximum, then no one can establish any new SSL sessions. It can cause a potential router crash.
Conditions: This symptom is observed on a Cisco 3845 router that is running Cisco IOS Release 12.4(1) but is not platform dependent. This has been seen when ICMP inspection is enabled with the ip inspect name name icmp.
Workaround: Increase the half-open session limit with the ip inspect max-incomplete high command.
•
Symptoms: There are two symptoms:
1. When a policy is attached to the incoming interface, an aggregate control- plane policing policy will not classify traffic correctly.
2. When a control-plane policing policy is attached to the aggregate path, a similar policy attached to the host, transit or cef-exception paths will not classify traffic correctly.
Conditions: This symptom has been observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4.
Workaround: Any existing interface policy would have to be removed for the aggregate control-plane policing policy to work. Any existing aggregate policing policy will have to removed for the host/cef-exception/transit path control-plane policing policy to work.
•
Symptoms: The SNMP process hangs while a QoS MIB object is queried.
Conditions: This symptom is observed when the execution of a QoS show command is in the "More" state while the QoS MIB object is queried. The SNMP process resumes when the show command is finished. Depending on the SNMP configuration, different symptoms may occur while the SNMP process is waiting for the QoS show command to finish.
Workaround: Do not leave the show policy-map command or the show class-map in the more state or prior to executing one of these commands issue the exec command term len 0 and after the show command is complete issue the exec command term len 24.
•
Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third party gateway. When the third party gateway sends T.38 open logical channel to the Cisco gateway, no open logical channel acknowledgement is sent by the Cisco gateway. After waiting for 30 seconds for T.38 open logical channel acknowledgement, the third party gateway closes its T.38 open logical channel.
Conditions: This happens when T.38 fax relay calls are originated or terminated on a Cisco gateway that is running Cisco IOS Release 12.3(4)T and later releases.
Workaround: There is no workaround.
•
Symptoms: A Voice Gateway crashes when running under a heavy voice call load.
Conditions: This symptom is observed on a Voice Gateway that is running Cisco IOS Release 12.3(11)T6. The gateway is under heavy voice call load with access to media/application documents residing on local gateway flash, http and tftp servers.
Workaround: The following is not quite a workaround:
call threshold global cpu-5sec low value high value
For example:
call threshold global cpu-5sec low 50 high 70
The CLI can ease the CPU load on the gateway by reducing the probability for a crash.
•
Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.
Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.3(11)T5. This symptom typically occurs when fax lines are configured on the FXS port.
Workaround: There is no workaround.
•
Symptoms: IKE negotiation will fail. Any tunnel that requires IKE to successfully negotiate a security association will not work.
Conditions: This symptom occurs when authentication for IKE is configured as RSA encryption (authentication rsa-encr).
Workaround: There is no workaround.
•
Symptoms: The following commands used for detecting memory leaks would crash the router which uses external memory such as the RPM-XF platforms.
show memory debug leaks
show memory debug leaks chunks
show memory debug leaks largest
show memory debug leaks summaryConditions: This symptom has been observed on the RPM-XF cards using Cisco IOS interim release 12.4(4.6).
Workaround: There is no workaround.
•
Symptoms: After loading "flash:c2600-entservicesk9-mz.123-11.T7.bin", the E1 controller is missing from the snmpwalk command of IF-MIB.
Conditions: This symptom has been observed on a Cisco2621XM.
Workaround: There is no workaround.
•
Symptoms: If a Media Gateway Control Protocol (MGCP) Create Connection (CRCX) request is received containing a request for a clear-channel codec, the Cisco 1760 router fails to find a matching codec, and the call fails.
Conditions: This symptom has been observed on a Cisco 1760 router.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS router configured with Cisco IOS IPS may reload after a new signature file (SDF) is loaded on the router.
Conditions: There are two ways to load a new signature file on the router. Conditions leading to the reload are different based on which method is used:
1. When using this method, no other conditions need to be met.
Execute the copy url ips- sdf command.
2. When using this method, the conditions necessary for a reload are when any global inspect parameters are configured in the Cisco IOS configuration.
a. Remove all configured ip ips sdf location commands.
b. Configure the ip ips sdf location url command.
c. Place the new signature file at the url argument.
d. Unconfigure ips from all interfaces.
e. Reconfigure ips on the appropriate interfaces.
Workaround: Use method 2 above to load the signature file with the following modifications.
a. Remove all configured ip ips sdf location commands.
b. Configure the ip ips sdf location url command.
c. Place the new signature file at the url argument.
d. Unconfigure ips from all interfaces
e. Unconfigure all global inspect parameters
f. Reconfigure ips on the appropriate interfaces
g. Reconfigure the global inspect parameters
•
Symptoms: PSTN is sending in an "*" and the router is reading it in as a "D". PSTN is also sending in a "#" and router is reading it in as an "*".
Conditions: This symptom has been observed on an MGCP T1-CAS gateway connected to Cisco CallManager doing MF and using Cisco IOS Release 12.3(8)T11, Release 12.3(11.T7), or Release 12.3(14)T4.
Workaround: There is no workaround.
•
Symptoms: The error message "Got WATCHDOG Interrupt from NM at slot x" is displayed, and CEM stops passing traffic.
Conditions: This symptom occurs when an adaptive clock is configured on the CEM.
Workaround: Disable adaptive clock or configure a different payload-size.
Further Problem Description: The problem is caused by a floating point exception that caused the firmware to crash.
•
Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.
The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in show frame-relay pvc show the packets correctly.
Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS gateway using Cisco IOS Release 12.3(8)T or later versions will use an ephemeral port to send a response to any SIP request. This may not work with port restricted NAT, which is expecting a response on the same connection as the one on which the request was sent and may drop the response.
Conditions: This symptom is observed on a Cisco IOS gateway with Cisco IOS Release 12.3(8)T or later releases and a port restricted NAT.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: A switch or router that is either configured with a PA-A3 ATM port adapter may eventually run out of memory. The leak occurs when the FlexWAN or VIP that contains the PA-A3 port adapter is removed from the switch or router and not re-inserted.
The output of the show processes memory command shows that the "ATM PA Helper" process does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.
Symptom 2: A switch or router that has certain PIM configurations may eventually run out of memory.
The output of the show processes memory command shows that the "PIM process" does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.
Condition 1: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.
Condition 2: This symptom observed on a Cisco 2811 and Cisco 3845 and occurs only in Cisco IOS Release 12.2(30)S, interim Release 12.4(2.10), and interim Release 12.4(2.10)T, or in any later releases.
Workaround 1: Either do not remove the PA-A3 ATM port adapter from the FlexWAN or VIP or re-insert the PA-A3 ATM port adapter promptly. The memory leak stops immediately when you re-insert the PA-A3 ATM port adapter.
Workaround 2: When the ip multicast-routing command is configured, enable at least one interface for PIM. When the ip multicast-routing vrf vrf-name command is configured, enter the ip vrf forwarding vrf-name command on at least one interface that has PIM enabled.
•
Symptoms: A Cisco AS5850 may restart because of a software forced crash preceded by the following error:
%SYS-6-STACKLOW: Stack for process VTSP running low, 0/12000Conditions: This symptom has been observed on Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: A standard ingress ACL for transit traffic does not function on an interface that is configured for MFR.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(11)T8 and that has an MFR bundle that is configured on a PA-MC-8TE1 port adapter. The symptom may also occur in other releases.
Workaround: There is no workaround.
Protocol Translation
•
Symptoms: You may not be able to download a complete file from an FTP during a V.120 session.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that runs Cisco IOS Release 12.2(15)ZK6 or Release 12.3(11)T5. The symptom could also occur in other releases such as Release 12.3 or Release 12.4.
Workaround: This problem can be circumvented by disabling the negotiation of multilink on the client adapter or the router. Alternatively, configuring ppp multilink queue depth fifo 10 on the Virtual-Template interface should allow for a successful FTP download.
Wide-Area Networking
•
Symptoms: Drops occur in a class in which the throughput does not oversubscribe the allocated bandwidth for the class.
Conditions: This symptom is observed when multilink Frame Relay is configured along with generic traffic shaping or Frame Relay traffic shaping and when several class maps are configured.
When one class map starts dropping packets because the throughput is greater than the allocated bandwidth (which is normal behavior), drops may also occur in another class map even though this class map is not oversubscribed. The root cause of this symptom is that the bundle is oversubscribed and tx rings are building up, causing excessive misordering that the receiver cannot handle.
Workaround: Configure a fancy queue on the bundle interface through which the traffic is sent.
•
Symptoms: A dialed circuit that carries a PPP connection over a tunnel between an LNS and a LAC is not dropped when the tunnel is reset.
Conditions: This symptom is observed when you enter the clear vpdn all command, when the LNS reloads, when the IP link between the LSN and LAC is disrupted, or when any other event occurs that causes the tunnel to be reset.
Workaround: There is no workaround.
•
Symptoms: Attempts to remove a PRI group fail.
Conditions: This symptom is observed when an NFAS group has group number 0 and when you attempt to remove a FAS PRI group.
Workaround: Shut down the NFAS group before you remove the FAS PRI group.
•
Symptoms: AAA method may fail on calls in the Cisco IOS 12.3(11)T releases.
Conditions: This symptom was observed on a Cisco AS5850 that was running Cisco IOS Release 12.3(11)T8 but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: ISDN NFAS failover issues are observed in Cisco IOS Release 12.3(11) T7. If the primary NFAS d-channel is bounced, the switch sees some of the b- channels in "remote busy" (RMB).
Conditions: This symptom only happens when the primary NFAS d-channel is bounced.
Workaround: There is no workaround.
•
Symptoms: If a PPPoE client session is timed out (e.g. due to a network outage), and a restart of the session is subsequently unsuccessful (e.g. because network outage persists or the PPPoE server has not timed out the prior session) and if the user then manually clears the session, then the router will no longer be able to bring up this session until a reload is performed.
Conditions: This symptom has been observed when the PPPoE session is unexpectedly interrupted with Cisco IOS Release 12.3(8)T8 or Release 12.3(11) T5. The next feature also needs to be configured.
pppoe-client dial-pool-number 1 dial-on-demand
Workaround: Use the following procedure:
1. Reload.
2. Do not configure the DDR feature for the PPPoE session. This problem is limited to PPPoE client sessions using the DDR feature.
Resolved Caveats—Cisco IOS Release 12.3(14)T5
Cisco IOS Release 12.3(14)T5 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When command accounting is enabled, Cisco IOS routers will send the full text of each command to the ACS server. Though this information is sent to the server encrypted, the server will decrypt the packet and log these commands to the logfile in plain text. Thus sensitive information like passwords will be visible in the server's log files.
Conditions: This problem happens only with command accounting enabled.
Workaround: Disable command accounting.
•
Symptoms: A memory leak may occur when you delete a RADIUS server group.
Conditions: This symptom is observed when the server is configured with a key.
Workaround: There is no workaround.
•
Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.
Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.
Workaround: There is no workaround.
•
Symptoms: Memory allocations fail on the gateway though there is enough free memory. If this failure happens in ISDN, the gateway crashes subsequently.
Conditions: This symptom has been observed when the H323 aaa accounting command is enabled.
Workaround: There is no workaround.
Further Problem Description: Memory allocations for a block of 3k bytes fail with memory fragmentation as the cause. When this failure occurs, there is approximately 20MB of free memory on a gateway with 220MB of processor memory.
IP Routing Protocols
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.
•
Symptoms: A router that is configured for Resource Reservation Protocol (RSVP) generates the following error messages on the console and then crashes:
%LINK-0-REENTER: Fatal reentrancy, level=3, intfc=FastEthernet0/1
-Process= "RSVP", ipl= 3, pid= 251
%SYS-6-STACKLOW: Stack for process RSVP running low, 0/24000Conditions: This symptom is observed when the ip rsvp bandwidth and service-policy output commands are configured on the same interface and when the policy map for the service policy is configured with the fair-queue command.
Workaround:
Option 1: Enter the ip rsvp resource-provider none command on the interface.
Option 2: Configure the ip rsvp bandwidth value command such that value is equal to the value displayed in the "Available Bandwidth" line of output in the show interfaceinterface display plus the value shown in the "allocated" column of the show ip rsvp int display.
Miscellaneous
•
Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.
Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml.
•
Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.
Workaround: There is no workaround.
•
Symptoms: Under some circumstances when eBGP flaps on the PE, packets from another VRF are forwarded to an incorrect interface.
Conditions: This symptom occurs when eBGP flaps on the PE.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•
Symptoms: When CRTP is enabled on a PPP over Frame Relay PVC via a policy-map configuration, the service policy on the PVC does not function properly because packets are not placed in the priority queue. The output of the show policy-map interface command does not show a class counter.
Conditions: This symptom is observed when you attach a policy map with CRTP on a virtual-template interface and then attach a policy map with a priority feature on the Frame relay PVC. Note that the symptom does not occur for a PPP over ATM PVC or PPP over Ethernet configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway that has the garbage detector (a tool that is used for debugging memory leaks) enabled may hang indefinitely.
Conditions: This symptom is observed when you enter the garbage detector-related show memory debug leaks command or show memory debug incremental leaks command.
Workaround: There is no workaround.
•
Symptoms: The maintenance mode on a Cisco AS5850 that is configured for RPR+ may not function.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T but is release- and platform-independent.
Workaround: There is no workaround.
•
Symptoms: When you enter the show crypto session command, tracebacks and %SYS-3-BADLIST_DESTROY error messages may be generated.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec and multiple crypto tunnels.
Workaround: There is no workaround.
•
Symptoms: When a branch router attempts to access the Internet via HTTP or TCP, the HTP or TCP session times out unexpectedly.
Conditions: This symptom is observed when the router at the headquarter has a Cisco IOS Firewall and resets the HTTP or TCP connection.
Workaround: Configure a GRE+IPSec connection between the branch router and the router at the headquarter.
Alternate Workaround: Disable the Cisco IOS Firewall on the router at the headquarter.
•
Symptoms: A Cisco router that contains the fix for CSCef84400 may experience a reload due to memory corruption in I/O memory when using telnet, reverse telnet, rsh or other vty based applicatoins such as accessing service-modules.
Conditions: This symptom is observed on a Cisco 2851, Cisco 3745, and Cisco 3845.
Workaround: There is no workaround.
•
This caveat consists of the two symptoms, two conditions, and two workarounds:
Symptom 1: After you have disabled MVPN on a VRF interface, the CPU use for the PIM process increases to 99 or 100 percent and remains at that level.
Condition 1: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases.
Workaround 1: Before you disable MVPN on the VRF interface, enable and then disable multicast routing by entering the ip multicast-routing vrf vrf-name global configuration command followed by the no ip multicast-routing vrf vrf-name global configuration command.
Symptom 2: A router that functions under stress and that is configured with a VRF interface may crash when an MDT group is removed from a remote PE router.
Condition 2: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases, and occurs only when there are frequent link flaps or other multicast topology changes that affect the VRF interface.
Workaround 2: There is no workaround.
•
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
•
Symptoms: A Cisco router may reload when removing a Frame Relay map from a dial interface.
Conditions: This symptom occurs when a dial (ISDN) interface is configured for Frame Relay encapsulation with a map that includes IP Header Compression.
Workaround: There is no workaround.
•
Symptoms: The FIB may be disabled or the output interface may be stuck on an A3 ATM port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM.
Workaround: Reload the microcode or perform an OIR to recover the A3 ATM port adapter.
•
Symptoms: A Cisco 2851 may crash at the tsp_search_voice_port function.
Conditions: This symptom is observed when the no ccm-manager mgcp command is entered very rapidly, for example, via an automated script.
Workaround: There is no workaround.
•
Symptoms: No more than 930 H.323 terminating calls can be brought up on a Cisco 5850 because socket allocation failures occur.
Conditions: This symptom is observed on a Cisco 5850 that functions as a TGW in RPR+ mode when H.323 slow start is enabled and when H.245 tunneling is disabled. Note that the symptom does not occur when H.245 tunneling is enabled or when the Cisco 5850 functions as an OGW.
Workaround: Configure H.245 tunneling and fast start by entering the following commands:
Router(config)# voice service voip Router(conf-voi-serv)#h323 Router(conf-serv-h323)#no h245 tunnel disable
•
Symptoms: A router that is configured for IPSec may reload because of a stack or program counter corruption.
Conditions: This symptom is observed on a Cisco router that uses a certificate with a very long subject name of several hundred bytes when the distinguished name (DN) is used as an ISAKMP identity. The symptom does not occur for shorter subject names (for example, 290 characters). In most environments, a subject name of 80 characters or less is common.
Workaround: Use certificates with a shorter subject name.
•
Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5850 may reset unexpectedly.
Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 that functions in RPR+ mode reloads unexpectedly because for each call an MGCP application holds an increasing amount of memory that is not freed up.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T7. The symptom could also occur in Release 12.4 or Release 12.4T.
Workaround: There is no workaround.
•
The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include:
–
–
There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml.
•
Symptoms: A disconnect event is not thrown or caught on a Cisco AS5400.
Conditions: This symptom is observed when the platform functions under a heavy load with a large number of calls that are disconnected from the gateway during VXML page execution. The disconnect event may not be thrown or get caught by the catch blocks of the root document.
Workaround: There is no workaround.
•
Symptoms: After a call is made between H.323 and SIP on the IPIPGW, executing the show call active voice command does not reflect the call leg information.
Conditions: This symptom occurs when doing SIP-H323 calls.
Workaround: There is no workaround.
•
Symptoms: After upgrading from Cisco IOS Release 12.3 mainline to Cisco IOS Release 12.3T, some information is not getting passed along correctly that is causing failures, for example third party Message Waiting Indication (MWI).
Conditions: This problem is seen when routers are upgraded to Cisco IOS 12.3T when QSIG signaling is used.
Workaround: Downgrade all routers involved to a version prior to Cisco IOS 12.3 (4)T.
•
Symptoms: A router does not attempt to autoinstall a software configuration via a Frame Relay WAN segment when it receives a response to a DHCP request on an Ethernet LAN, even though the DHCP server does not support autoinstall via TFTP.
Conditions: This symptom is observed when a software configuration is replaced on a failed remote router or installed on a new remote router. The router is connected to an existing Ethernet LAN and a Frame Relay WAN segment. You would expected that the router autoinstalls over the Frame Relay WAN segment because it is supposed to download the configuration from a central TFTP server. However, this does not occur.
When the router has a response to its DHCP request on the Ethernet LAN, it attempts to autoinstall over DHCP. Although the DHCP server does not support autoinstall over DHCP, the router does not attempt to autoinstall over the Frame Relay WAN segment.
Workaround: Prevent the DHCP server from responding to the router request or ensure that someone is physically present to disconnect the Ethernet LAN link from the router to force the router to autoinstall over the Frame Relay WAN segment. When the router has autoinstalled over the Frame Relay WAN segment, the router should be reconnected to the Ethernet LAN.
•
Symptoms: An IP phone line is not released for some calls between Cisco CallManagers.
Conditions: This symptom is observed when calls between the Cisco CallManagers are made via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) that is configured for H.323.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3825 or Cisco 3845 may display the following error message and traffic may be interrupted:
%SBETH-3-ERRINT: GigabitEthernet0/0, error interrupt, mac_status = 0x0000000000840000Conditions: This symptom is observed when multiple users that are connected to a downstream switch attempt to log into network resources across a WAN that traverses the router. The symptom is most likely to occur when AppleTalk is configured over a Gigabit Ethernet connection.
Workaround: There is no workaround.
•
Symptoms: Packets that enter on an interface that has the ssg direction downlink command enabled are not translated even though the ip nat inside is enabled.
Conditions: This symptom is observed on a Cisco router that is configured for SSG with the TP, TT, or TX type of service and that runs Cisco IOS Release 12.3(11)T4 or Release 12.3(14)T. The symptom may also occur in Release 12.3 but does not occur in Release 12.3(11)T3.
Note that when you disable the ssg direction downlink command on the interface, NAT works fine.
Workaround: There is no workaround.
•
Symptoms: A Cisco router shows ALIGN-3-TRACE traceback and DSPDUMP in log and spurious access counter if show align is not zero.
Conditions: This symptom occurs when error message is observed during stress calls.
Workaround: There is no workaround.
•
Symptoms: The User Adaptation Layer for a Digital Private Network Signaling System (DPNSS) path does not come up.
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as a gateway and that run Cisco IOS Release 12.3(14)T or Release 12.4. The DPNSS path is configured on a VWIC-2MFT-E1-DI Multiflex Voice/WAN interface card that is installed in an NM-HDV2 network module.
Workaround: There is no workaround.
•
Symptoms: A memory leak occurs on an originating gateway.
Conditions: This symptom is observed when Fast Start is enabled, when a call fails after the call proceeding has been received from a primary or alternate endpoint, and when the call falls back to the next alternate endpoint.
Workaround: There is no workaround.
Further Problem Description: The fast-start elements that are received in the call proceeding are freed only once for each call instead of being freed for each endpoint that is tried (assuming that the call falls back to alternate endpoints). This situation causes the memory leak.
•
Symptoms: An ATM interface is unexpectedly removed from an IMA group even though the ATM interface is still in the up/up state, causing T1 links to be disconnected.
Conditions: This symptom is observed on a Cisco 2600 series when you change the Cisco IOS software from Release 12.2(13)T8 to Release 12.3(12b).
Workaround: Re-add the ATM interface to the IMA group by removing and reconfiguring the IMA configuration on the ATM interface.
•
Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.
Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.
Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•
Symptoms: A Cisco 2651XM may not drop unicast Ethernet frames that are not destined for its MAC address.
Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP.
Workaround: Enter the standby use-bia command on the main interface.
•
Symptoms: A router may reload unexpectedly when the SSG queue for RADIUS requests that are in the waiting state becomes too large.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(14)T1 or Release 12.4(1a) and that is configured for SSG. When there is a large number of RADIUS requests or a connectivity problem between SSG and the RADIUS server, the SSG queue for RADIUS requests that are in the waiting state may become too large.
Workaround: There is no workaround.
•
Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5400 may reset unexpectedly.
Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.
Workaround: There is no workaround.
•
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when the stack for VTSP runs low in memory.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway.
Workaround: There is no workaround.
•
Symptoms: You cannot create a maximum session number for a DSPfarm profile conference.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T or Release 12.4(1a) when time slot 1 through 24 of the PRI group are configured before you attempt to create a maximum session number. The symptom occurs on an NM-HDV2 that has a PVDM2-64 installed.
Workaround: First configure a maximum session number for the DSPfarm profile conference, then configure time slot 1 through 24 of the PRI group.
Do not reload the gateway or enter the shutdown command for the DSPfarm profile after everything is properly configured because otherwise the PRI group would grasp all the DSP resources again.
•
Symptoms: A PPP may stay active after the idle-timer zeroes out. These might affect other services, which rely on the disconnect.
Conditions: This symptom was observed in a SSG setup, where the host object was disconnected whereas the PPP connection stayed up, leading to an incorrect re-direct.
Workaround: There is no workaround.
Further Problem Description: Was troubleshooted through the debug ssg events command, following the host idle-timeout/user idle-timeout in the output of the related virtual access interface.
•
Symptoms: Cisco AS5400 and AS5350 T1 CAS calls fail with "no users answer," and a traceback is seen at vtsp_tsp_call_setup_ind, along with the following error:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt levelConditions: This problem is seen when making CAS calls in Cisco AS5400 and AS5350 platforms.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A SegV exception crash may occur on a Cisco router that is configured for voice calls.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6a) or Release 12.3(9) but may not be platform-dependent.
Workaround: There is no workaround.
•
Symptoms: A router may crash while performing an SNMP walk on VPDN-related MIB Objects. SNMP get and set operations function fine.
Conditions: This symptom is observed on a Cisco router that is configured with MLP interfaces.
Workaround: Reload the router and do not perform an SNMP walk. Instead use get operations.
•
Symptoms: A Cisco 5850 reloads when an RLM group is unconfigured.
Conditions: This symptom is observed when you enter the no isdn rlm-group number command and when there are more than 31 NFAS members in the same NFAS group.
Workaround: Shut the primary interface, remove the NFAS members of the same NFAS group, and unconfigure the RLM group.
•
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
•
Symptoms: The B channel on an NFAS "none" group member may hang with its channel state set to PROPOSED, which you can see in the output of the show isdn service command.
Conditions: This symptom is observed when the first activity on an NFAS "none" member is an outgoing call. After the first incoming or outgoing call, the symptom does no longer occur.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(14)T4
Cisco IOS Release 12.3(14)T4 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•
Symptoms: When the local method is used at the beginning of a PPP authentication method list and when a user does not exist in the local database, failover to the next method in the method list does not occur. This situation prevents users that are listed in the database of a RADIUS or TACACS+ server from being authenticated.
Conditions: This symptom is observed on a Cisco router that is configured for AAA.
Workaround: Temporarily remove the local method from the beginning of the method list.
Interfaces and Bridging
•
Symptoms: ISDN is not properly established.
Conditions: This symptom is observed on a Cisco 7500 series that has distributed switching enabled via the ip cef distributed command.
Workaround: Disable distributed switching.
IP Routing Protocols
•
Symptoms: A router may stop receiving multicast traffic.
Conditions: This symptom is observed rarely during convergence when a router receives a Join message on an RPF interface and when a downstream router converges faster than the first router that receives the Join message.
In this situation, the router does not populate the RPF interface into the OIL (that is, the OIL remains null) because the old SP-tree has already been pruned by the downstream router. When the RPF interface of the router changes to the new path later, it does not trigger a Join message toward the multicast source until the router receives a next periodic Join message from the downstream router and populates the OIL. As a result, multicast traffic stops temporarily but no longer than the periodic Join message interval.
Workaround: There is no workaround.
•
Symptoms: When a switchport is detected at boot time, the IP subsystem initializes all ports that do not have an explicit IP configuration to the shutdown state. This can be seen when a router with an L2 switchport is started with no (IP) configuration on those ports.
Conditions: On a Layer (L2), or switched, port, an IP address is not meaningful, and therefore shutting it down is inappropriate.
Workaround: If an explicit no ip address configuration is put onto each switchport, IP will not place the ports into shutdown state.
Further Problem Description: IP should ignore L2 ports, as they don't exist at the same layer as IP.
The proper behavior, when not disabled by IP, is for switchports with no configuration to come up (i.e. no shutdown) and handle L2 traffic. In the presence of VLAN switching, they will default to being members of the native VLAN, i.e. VLAN 1.
A potential security implication is that if ports are connected with attached remote devices, these remote devices will now see traffic that was previously (implicited) blocked from reaching them.
•
Symptoms: A Cisco router may crash when it is reloaded with PIM traffic on the network.
Conditions: This symptom is observed on a Cisco 7200 series router with multicast enabled but is not platform dependent. Bootup is the most likely place where this will happen, but the router may crash anytime if an interface flap happens at the right time while receiving PIM traffic.
Workaround: There is no workaround.
•
Symptoms: A router terminates 102,000 VPNv4 routes but route reflectors (RRs) report only a a subset of the total.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that runs Cisco IOS Release 12.3(11)T4 when 204 routes are configured per VRF over 496 VPNs (one VPN has about 1000 routes). However, Cisco MGX RPM-PRs that function as RRs show that only 76245 routes are terminated on the Cisco MGX RPM-XF. The symptom is platform-independent and may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.
Conditions: This symptom occurs when using Port Address Translation (PAT).
Workaround: Use the clear ip nat translation * command.
•
Symptoms: Conditional advertisement of the default route via a route map does not work when you enter the neighbor default-originate command.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: Disable the route map entirely. If this is not an option, there is no workaround.
•
Symptoms: A router reloads because of a watchdog timeout when you perform an snmpwalk.
Conditions: This symptom is observed on a Cisco 7200 series but may be platform-independent. The traceback stack decode points to an EIGRP function although EIGRP is not configured on the router.
Possible Workaround: Configure a dummy EIGRP router process, for example one for which the network covers only a loopback interface, so that the snmpwalk does not cause the router to crash.
•
Symptoms: When you reset a BGP peer, some prefixes are missing.
Conditions: This symptom is observed on a Cisco MGX8850 RPM-XF that runs Cisco IOS Release 12.3(11)T. However, the symptom is platform-independent and may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error exception.
Conditions: This symptom has been observed on a router with Network Address Translation (NAT) enabled.
Workaround: There is no workaround.
•
Symptoms: IS-IS may not update redistributed BGP network changes.
Conditions: This symptom is observed when the network network-number command is enabled to introduce connected networks into a BGP topology and when, afterwards, BGP is redistributed into IS-IS. The symptom occurs after one of the interfaces that forms a network connection goes down and comes up again; the network re-enters the BGP topology but is no longer redistributed into IS-IS.
Workaround: There is no workaround.
•
Symptoms: RFC3550 states the following:
"For applications in which the RTP and RTCP destination port numbers are specified via explicit, separate parameters (using a signaling protocol or other means), the application MAY disregard the restrictions that the port numbers be even/odd and consecutive although the use of an even/odd port pair is still encouraged. The RTP and RTCP port numbers MUST NOT be the same since RTP relies on the port numbers to demultiplex the RTP data and RTCP control streams."
The Cisco IOS NAT SIP ALG gateways comply with the snippet from the RFC above. The Cisco IOS NAT SIP ALG gateways currently select the next available port+1 for SIP fixup in the NAT translations. The NAT gateway does not check for even and odd pair for RTP and RTCP port numbers. As a result, some issues can arise with SIP User Agents that are strictly following the encouraged even and odd pair for RTP and RTCP port numbers.
The Cisco IOS NAT SIP ALG gateways need a configurable parameter to enable even and odd pair port numbering for RTP and RTCP port numbers with SIP fixup or the gateways need to change to always follow the encouraged behavior of even and odd pair port numbering for RTP and RTCP port numbers with SIP fixup.
Conditions: This symptom has been observed when an application is supplied with an odd number for use as the RTP port.
Workaround: There is no workaround.
•
Symptoms: A BGP speaker may fail to send all of its prefixes to a neighbor if the neighbor sends a refresh request to the BGP speaker at the same time that the BGP speaker is generating updates to the neighbor. This situation causes the neighbor to miss some prefixes from its BGP table.
Conditions: This symptom may occur between any pair of BGP speakers.
A common scenario is that a VPNv4 PE router is reloaded and then fails to learn all prefixes from its route reflector (RR). In this configuration, the symptom occurs when the processing of a VRF configuration causes the PE router to automatically generate a route-refresh request to the RR, while the RR is still generating updates to the PE.
Workaround: There is no workaround.
•
Symptoms: When you enter the traceroute command from an IP address that is different from the address in the NAT default configuration, the incoming PAT sends the reply packets to the NAT default address that is defined in the NAT default configuration and not to the original source address from which the traceroute command was entered. Note that the outside PAT works fine.
Conditions: This symptom is platform-independent. NAT overload traffic and other TCP traffic is not affected.
Workaround: There is no workaround.
•
Symptoms: NAT H.323 does not create an entry in the NAT translation table even though debugging shows that NAT processes the packet correctly. This situation causes one-way voice for the called party, preventing them from hearing the calling party.
Conditions: This symptom is observed only when ICMP error messages are processed by NAT.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for NAT may crash because of a bus error.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(9a) but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an H.323 RAS messages that does not contain an IP address.
Workaround: Disable H.323 RAS in NAT by entering the no ip nat service ras command. If you must use H.323 RAS in NAT, there is no workaround.
•
Symptoms: When an IP phone that is located at a central site leaves a conference, a one-way voice condition occurs for the remaining two phones in the conference.
Conditions: This symptom is observed in a Hub-and-Spoke configuration in which both sites perform NAT when a voice conference is created by an IP phone that is located at a central site with two IP phones that are located at a remote site. NAT is configured on the hub and at the remote site, SCCP is the voice signaling protocol, and the conference occurs between the hub and the remote site.
Workaround: Enter the clear ip nat translation * command.
Miscellaneous
•
Symptoms: When the redundancy mode is changed from classic-split to RPR-plus through the command line interface (CLI), the peer Route Switch Controller (RSC) goes to the initial configuration setup dialogue.
Conditions: This symptom has been observed on a Cisco AS5850 universal gateway.
Workaround: Load the configurations with RPR-plus configured onto the startup configurations of both RSCs. The symptom will not be seen.
•
Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.
Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.
•
Symptoms: Resuming a call that was placed on hold fails on a Cisco CallManager.
Conditions: This symptom is observed when a Cisco CallManager that runs version 4.0 and that is not configured for Message Transport Protocol (MTP) is connected via an IPIPGW to another Cisco CallManager that runs version 4.0 and that is not configured for MTP.
The symptom occurs on the second Cisco CallManager because the IPIPGW sends an incorrect ICT version for the first Cisco CallManager to the second Cisco CallManager and because the IPIPGW drops the non-standard fields in the callproc, alert, and connect messages from the second Cisco CallManager to the first Cisco CallManager.
Workaround: Configure MTP.
•
Symptoms: A router that functions as an H.323 gateway crashes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when authentication is enabled.
Workaround: Enter the no memory lite command.
•
Symptoms: TCPClear sessions on a Cisco AS5850 may have throughput issues and slow response time. Conditions: This symptom was observed on a Cisco AS5850 with TCPclear sessions. Workaround: There is no workaround.
•
Symptoms: When you bring up and tear down SSG sessions quickly, a router may crash because of a bus error exception.
Conditions: This symptom is observed on a Cisco router that is configured for SSG when you use a tool that initializes the interface and quickly brings sessions back up while the old sessions are still being cleared.
Workaround: There is no workaround.
•
Symptoms: PPP forwarding may fail between two virtual access interfaces.
Conditions: This symptom is observed on a Cisco AS5850 but is not platform dependent.
Workaround: Disable PPP multilink on the asynchronous interfaces.
•
Symptoms: A Cisco 831 may display the following message on the console:
pktFlowLink() logic error, pMatch and pEmptySlotConditions: This symptom is observed very rarely after the router has been up for a long time. The functionalities of the router are not affected.
Workaround: There is no workaround.
•
Symptoms: A Cisco CallManager uses different versions of the G.729 codec when setting up Message Transfer Protocol (MTP) calls across intercluster trunks. The Cisco CallManager should set up the call legs with the same versions of the G.729 codec.
Conditions: This symptom is observed when a Cisco 3700 series that runs Cisco IOS Release 12.3(11)T2 connects to a Cisco CallManager that runs version 4.1.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.
Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.
Workaround: There is no workaround.
•
Symptoms: A policy map may be removed from an ATM PVC range configuration without a check for an exact match of the policy map name. This situation may cause the wrong policy map to be removed from the ATM PVC range configuration.
Conditions: This symptom is observed when you enter the no service-policy output policy-map-name command on a subinterface that is administratively shut down. Any policy map that is attached to this subinterface may be deleted, regardless of whether or not the name of the policy map that is removed matches with the name of the policy map that should be removed. The symptom occurs only in a PVC range configuration on ATM subinterfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 reloads when you enable the H.323 proxy.
Conditions: A reload may be seen if the OGW is trying to tunnel QSIG APDUs or other UUIEs.
Workaround: Disable proxy mode.
•
Symptoms: Web Cache Communication Protocol (WCCP) may fail.
Conditions: This symptom is observed on a router that is configured with IPSec, CBAC (that is, the ip inspect command is enabled), and NAT. One specific scenario in which WCCP fails is when a single interface is configured to terminate one or more IPSec tunnels and has the ip nat outside source command, ip inspect out command, and ip wccp web-cache redirect out command enabled.
Workaround: When the ip inspect out command is enabled on the WCCP-redirected interface but the ip inspect in command is not configured on the client interface, configure a WCCP redirect list that excludes the address of the WCCP-redirected interface.
•
Symptoms: If a spoke cannot complete IKE phase I because of a bad certificate, the failed IKE sessions may not be deleted on an IPSec/IKE responder. Such failed sessions may accumulate, eventually causing router instability. These failed sessions can be seen in the output of the show crypto isakmp sa | i MM command:
172.18.95.21 10.253.34.80 MM_KEY_EXCH 898 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 896 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 895 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 894 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 893 0 ACTIVE
...Conditions: These symptoms are observed when RSA signatures are used as the authentication method.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that is used for the IKE sessions or re-apply the crypto map to this interface.
•
Symptoms: The domain name does not appear in the accounting records.
Conditions: This symptom is observed when EzVPN clients use digital certifications that are terminated on a Cisco router and when RADIUS accounting is enabled.
Workaround: Use the accounting information that is available such as the Group-ID.
•
Symptoms: One-way audio or no audio may occur during a call that is made through a Cisco AS5400.
Conditions: This symptom is observed when the Cisco AS5400 functions as a terminating gateway and is connected to a Cisco 3600 series or Cisco 3800 series that functions as an originating gateway. All platforms run Cisco IOS Release 12.3(14)T. The symptom may also occur in later releases.
Workaround: Enter the playout-delay nominal 200 command on the voice port that is used for the call.
•
Symptoms: The HSRP feature does not work on the L3 switchport on NM-16/36ESW for the Cisco 2800 series and Cisco 3700 series routers. HSRP works correctly on the VLAN interface and onboard L3 interfaces.
Conditions: This symptom has been observed on the Cisco 2800 series and Cisco 3700 series routers.
Workaround: Use either of the following workarounds as necessary:
1.
or
2.
interface FastEthernet1/0
no switchport
ip address 10.116.216.2 255.255.255.0
standby use-bia
standby 2 ip 10.116.216.1
standby 2 preempt
end•
Symptoms: The output of the show resource user iosprocess brief command does show the resource owner (RO) and its usage by resource user (RU) but only for the first RU. Starting from the second RU, the ROs are displayed incorrectly, that is, only the buffer RO is shown. Other RO information such as CPU use are not displayed.
Conditions: This symptom is observed on a Cisco router that has the Embedded Resource Manager (ERM) enabled.
Workaround: Do not enter the show resource user iosprocess brief command. Rather, enter the show resource owner command as in the following example: show resource owner cpu user iosprocess. The output of this command shows the CPU use for the RO for all RUs in the "iosprocess" Resource User Type (RUT). Note that the symptom does not impact the functionality of the ERM or the router.
•
Symptoms: A VPN hub router may reload when you enter the clear crypto session remote ip-address command.
Conditions: This symptom is observed after a remote peer disconnects ungracefully (that is, the peer is suddenly powered-off or the LAN cable is disconnected) and immediately reconnects to the VPN hub router with a different public address.
Workaround: Do not enter the clear crypto session remote ip-address command. Rather, enter the clear crypto sa command.
•
Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.
Conditions: This symptom is observed when both the following conditions are present:
–
–
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CCSCeg43855. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Further Problem Description: When the error message is generated, a crash may also occur in the following configuration in which hub-n-spoke GRE tunnels are configured for IPSec and EIGRP: When the spokes have a primary hub and a backup hub (that is, a GRE tunnel to each) and when a switchover from the primary hub to the backup hub occurs multiple times, the spoke man crash. This particular situation is observed on a Cisco 1841 and Cisco 3825.
A workaround for this particular situation is to prevent multiple hub switchovers from occurring or to refrain from configuring GRE tunnels with IPSec and EIGRP.
•
Symptoms: The wrong IKE SA is deleted when the SA deletion is triggered by the idle timer.
Conditions: This symptom has been observed when the clients are behind a firewall or NAT device and their public address is set by Port Address Translation (PAT) to the same IP address as their LAN IP address.
Workaround: Use NAT instead of PAT.
•
Symptoms: A Cisco 7200 series or Cisco 7301 that is equipped with a VAM, VAM2 or VAM2+ accelerator may refuse a valid RSA key and generate an error message such as the following:
% Error in generating keys: did not validate % Key pair import failed.Conditions: This symptom is observed under rare circumstances when a valid RSA key is composed of unusually short or long prime numbers and coefficient.
When the VAM is deactivated during the importation of the RSA key, the router accepts the key but when the VAM, VAM2, or VAM2+ is inserted into the chassis, the router miscomputates the signature payload of the IKE/ISAKMP exchanges.
Workaround: Create a new RSA key.
Further Problem Description: The result of the wrong operation can be seen on the other side of the connection by activating the debug crypto engine and debug crypto isakmp commands. The following messages are related to the failure:
crypto_engine: public key verify
crypto_engine: public key verify, got error no available resources
ISAKMP:(0:2:HW:2): signature invalid!•
Symptoms: A spurious memory access is generated after you have entered the show running-config command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(13) when a range of PVCs is configured on an interface or subinterface.
Workaround: There is no workaround.
•
Symptoms: A VIP may pause indefinitely or quality of service (QoS) may not work as expected on an interface that is configured for distributed MLP (dMLP).
Conditions: This symptom is observed on a Cisco 7500 series when the VIP processes dMLP and LFI traffic.
Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•
Symptoms: A virtual-access interface flaps continuously.
Conditions: This symptom is observed Cisco 3745 router that functions in a PPPoA environment during normal working conditions.
Workaround: Disable keepalives on the dialer interface on the remote router.
•
Symptoms: Cisco Fax Relay calls both to and from computer-based fax devices fail. Calls to and from traditional fax machines work fine. Calls to and from computer-based fax devices via the PSTN instead of via a Cisco Fax Relay network work fine too.
Conditions: This symptom is observed on a Cisco 3700 series that is configured for Cisco Fax Relay and VoIP.
Workaround: There is no workaround.
•
Symptoms: The following error message is generated on a Cisco 7200 series that has Multilink PPP (MLP) configured on serial interfaces of a PA-MC-STM-1 port adapter:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T3 only when MLP is configured on the serial interfaces. The symptom may also occur in Release 12.3 or 12.4.
Workaround: Unconfigure MLP on the serial interfaces.
•
Symptoms: IP data traffic does not pass via MLP.
Conditions: This symptom is observed on a Cisco 3825 that runs the c3825-advsecurityk9-mz image of Cisco IOS Release 12.3(11)T3 when STAC compression on an AIM-COMPR4 fails.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash when you enter the dialplan-pattern command.
Conditions: This symptom is observed on a Cisco router that is configured with a high number of ephone-dns when you enter the dialplan-pattern command.
Workaround: There is no workaround.
•
Symptoms: Memory allocation (malloc) failures may occur on a Cisco router that functions as a gatekeeper and that runs an H.323 stack.
Conditions: This symptom is observed on the gatekeeper when gateways attempt to register a list of terminal aliases that consists of user names and H.323 IDs with the gatekeeper. The gatekeeper attempts to authenticate each terminal alias by allocating memory and sending an authentication request to the AAA server for each entry. Because the gatekeeper does not free the allocated memory when it receives a response from the AAA server, a memory allocation failure occurs eventually.
Workaround: There is no workaround.
•
Symptoms: The default port 1720 on an H.323 gatekeeper is used for H.225 Messaging. This fix allows users to configure H.225 listen port from 1 - 65535.
Conditions: This symptom is observed on an H.323 gatekeeper.
Workaround: There is no workaround.
•
Symptoms: An E1 controller on an MGCP trunking gateway reports Loss of Frames (LOF).
Conditions: This symptom is observed when you configure a Cisco 3660 as an MGCP trunking gateway.
Workaround: There is no workaround.
•
Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.
Workaround: Add another NM-HD-2VE and configure codec complexity medium.
•
Symptoms: The firewall performance of an NPE-G1 is below expectations, causing high CPU use.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(14)T1 and that is configured with an NPE-G1.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may display the following error messages and then reload because of a bus error:
HDLC32_RX_ISR_ERR: no particles available!
HDLC32_RX_ISR_ERR: no particles available!
HDLC32_RX_ISR_ERR: no particles available!
HDLC32_RX_ISR_ERR: no particles available!
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=64689BC0, count=0
-Traceback= 0x6100C244 0x604B9F4C 0x60955894 0x60959690 0x60AFCE14 0x60AFF7E4
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x0, pc=0x609560C0 , ra=0x609596BC , sp=0x6476BBF8
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x0, pc=0x609560C0 , ra=0x609596BC , sp=0x6476BBF8
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x609560C0
-Traceback= 0x609560C0 0x609596BC 0x60AFCE14 0x60AFF7E4Conditions: This symptom is observed on a Cisco router when you enter the channel group command to create a serial interface on an NM-HD or NM-HDV2 network module or on an onboard controller of an Integrated Services Router (ISR) such as a Cisco 2800 series or Cisco 3800 series.
Workaround: There is no workaround.
•
Symptoms: When a Turbo ACL classification table grows beyond a certain size, a memory allocation failure may occur or the router may crash.
If the router runs Cisco IOS Release 12.3, memory corruption may occur, causing the router to crash. If the router runs Cisco IOS Release 12.2S, an error message similar to the following may appear during a Turbo ACL compilation, the compilation will fail, and a recompilation is forced:
%SYS-2-CHUNKBADELESIZE: Chunk element size is more than 64k for TACL Block -Process= "TurboACL", ipl= 0, pid= 82These symptoms do not occur because of an out-of-memory condition.
Conditions: This symptom is observed on a Cisco router that is configured for Turbo ACL. The Cisco 10000 series is not affected.
Workaround: Monitor the output of the show access-lists compiled command and force the Turbo ACL tables to be cleared if a table is at risk of growing large enough to trigger the symptoms.
The tables that have significant sizes are the first and third tables shown next to "L1:" and the first table shown next to "L2:". When the number after the slash for one of these tables is greater than 16384 for the "L1" tables or greater than 32768 for the "L2" table, the table is already too large and the symptom may occur any moment.
When the number is in the range from 10924 to 16384 inclusive for the "L1" tables or the range from 21846 to 32768 inclusive for the "L2" tables, the table size will be too large on the next expansion. An expansion occurs when the number to the left of the slash reaches 90 percent of the value to the right of the slash. When the value to the left of the slash approaches 90 percent of the value to the right, enter the no access-list compiled command followed by the access-list compiled command to disable and re-enable Turbo ACL. Doing so causes the tables to be cleared and, therefore, delay the expansion. This workaround may be impractical when there is a high rate of incoming packets and when entries are added frequently to the tables.
Alternative Workaround: Disable Turbo ACL by entering the no access-list compiled command.
Note that neither of these workarounds are supported on a Cisco 7304 that is configured with an NSE-100: there is no workaround for this platform.
•
Symptoms: A router may crash when you make basic IPIPGW fax calls.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T6.
Workaround: There is no workaround.
•
Symptoms: A fax call that is made over a VoIP MGCP link may fail when both the originating and terminating gateways have the mgcp fax t38 gateway force command enabled.
Conditions: This symptom is observed on Cisco routers that run Cisco IOS Release 12.4 or interim Release 12.4(2.2)T.
Workaround: There is no workaround.
•
Symptoms: The logging buffer is full with strange messages such as "readreadread."
Conditions: This symptom is observed on a Cisco router with a 4-wire DSL WIC module that has the logging buffered debugging command enabled when an invalid message is accepted via the debug port TCP 1666.
Workaround: Configure buffer logging to the informational level or lower by entering the logging buffered informational command.
Access to the debug port can be blocked by deploying an interface access list that blocks access to the debug port TCP 1666 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document: http://www.cisco.com/warp/public/707/tacl.html
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document: http://www.cisco.com/warp/public/707/iacl.html
For information about using control plane policing to block access to the debug port, see the "Deploying Control Plane Policing White Paper:" http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html
Note that the symptom does not impact other applications and services.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: A Cisco platform that is configured for SSG may reload unexpectedly because of a bus error, and generate a crashinfo file that shows the following error message:
%ALIGN-1-FATAL: Corrupted program counterConditions: This symptom is observed when the no host overlap command is enabled and when users connect and disconnect.
Workaround: Remove the no host overlap command. If this is not an option, there is no workaround.
•
Symptoms: A Cisco 7301 that is configured for SSG may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when a user with an active session logs in again. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: When a dialer interface is configured as an endpoint for a IPSec+GRE tunnel, tracebacks with bad refcount may be generated.
Conditions: This symptom is observed on a Cisco 837 when router-generated packets such as routing updates are being switched.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.
Workaround: There is no workaround.
•
Symptoms: E1R2 SS7 calls fail to come up when more than one call is made with the following ISDN error:
ISDN Se1/6:15 SC **ERROR**: call_connect: call_id not found, rejecting call
ISDN **ERROR**: Module-CCPRI Function-CCPCC_CallConnected Error-Unknown
event received in message from L3 or Host: 4FConditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: Calls fail to connect when they are switched from the primary D channel to the backup D channel.
Conditions: This symptom is observed when you either unplug the cable or shut down the controller of the primary D channel.
Workaround: There is no workaround.
•
Symptoms: A signal-only call fails when an INVALID message is generated because a B-channel IDB is not found.
Conditions: This symptom is observed when ISDN PRI QSIG Voice Signaling is configured.
Workaround: There is no workaround.
•
Symptoms: Attempts to change a B-channel service state by entering the isdn service nfas-int number b_channel number {state {0 | 1 | 2} [hard | immediate | soft]} command appear to succeed but the service state does not change.
Conditions: This symptom is observed when a voice application uses a B-channel. The output of the show isdn service detail command shows a locale of ISDN_NEAR_END_APP.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series periodically shows incorrect adjacencies for the loopback address. The output of the show ip cef events ip-prefix command shows the following:
<ip-prefix>/32, version 8177, epoch 0, attached, connected
0 packets, 0 bytes
tag information set
local tag: implicit-null
via Loopback0, 0 dependencies
valid discard adjacencyConditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9b) and that is configured for PPP and CEF. However, the symptom maybe platform-independent.
Workaround: There is no workaround.
•
Symptoms: PPTP tunnels do not come up.
Conditions: This symptom is observed when VPDN is configured.
Workaround: There is no workaround.
•
Symptoms: On a leased line (non-dialup) serial connection that is configured for PPP encapsulation, the line protocol may not come back up when the connection is reset. The PPP LCP remains in the closed state, even though the link is up physically.
Conditions: This symptom is observed when an active PPP session is reset and when the underlying link is not simultaneously reset, that is, when PPP goes down but when the link does not go down physically. This situation would occur, for example, when a PPP session is terminated because of keepalive failures.
Workaround: There is no workaround.
•
Symptoms: A POS interface on a VIP4-80 that is configured for PPP goes down and remains down.
Conditions: This symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0S only when PPP receives an LCP PROTOCOL REJECT message for PAP or CHAP. The symptom may also occur in other releases.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected POS interface.
•
Symptoms: The CEF-Dialer feature fails to add an adjacency for a Virtual-Access1 CEF interface.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(14.10).
Workaround: There is no workaround.
•
Symptoms: None of the digits in INFO messages are passed to an ISDN switch.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11) or Release 12.3(11)T4 when overlap is configured and when the setup acknowledgement arrives late from the terminating switch after some of the INFO messages have already been received from the OGW. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: The output of the show pppoe session or show vpdn session command does not show PPPoEoA session details.
Conditions: This symptom is observed for a point-to-point ATM interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 5400HPX may crash when conditional debugging runs.
Conditions: This symptom is observed on a Cisco 5400HPX that runs Cisco IOS Release 12.3(11)T3 when ISDN globally unique identifier (GUID) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload with a software forced crash.
Conditions: This symptom occurs when configuring the isdn ie oli interface configuration command.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(14)T3
Cisco IOS Release 12.3(14)T3 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Closing an existing Telnet session may cause a router to crash.
Conditions: This symptom is platform-independent
Workaround: There is no workaround.
•
Symptoms: When you reload a router by entering the reload command, the router may unexpectedly enter the ROMmon mode and generate the following error message:
%SYS-5-RELOAD: Reload requested by console. Reload Reason:Reload command. monitor: command "boot" aborted due to user interrupt rommon 1 >Conditions: This symptom is observed only on a Cisco 7200 that is configured with an NPE-G1, and on UBR7246VXR with UBR-NPE-G1
Workaround: Enter the confreg 0x2002 command.
•
Symptoms: No "Accounting On" message is sent at boot up when an ADSL interface is used, however, this message is sent when a FastEthernet card is used.
Conditions: This symptom has been observed when the aaa accounting system default start-stop group ssg-proxy command is configured on the router.
Workaround: There is no workaround.
•
Symptoms: You cannot open a specific port on a Cisco IOS IP SLA responder.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(14)T1 or Release 12.4 when you attempt to open a specific port on the responder instead of using normal control protocol.
Workaround: Use normal control protocol.
Interfaces and Bridging
•
Symptoms: When you perform an Online Insertion and Removal (OIR) of an ATM port adapter, tracebacks are generated.
Conditions: This symptom is observed on a Cisco 7200 series when the ATM port adapter is up and has a VC configured.
Workaround: There is no workaround.
Further Problem Description: Tracebacks were seen on a Cisco 7200 platform when the ATM PA is removed and replaced online while traffic was still passing through ATM interface and the interface is oversubscribed.
•
Symptoms: The transmit rate is higher than the configured committed information rate (CIR), causing the network to drop frames.
Conditions: This symptom is observed only when traffic is process-switched and when software payload compression and header compression are configured.
Workaround: Enable either CEF or fast-switching. If process-switching must be used, add a compression adaptor and configure FRF9 data compression instead of packet-by-packet payload compression. You can enable FRF9 data compression in the following ways:
–
frame-relay payload-compression frf9 stac
–
frame-relay map ip ip-address dlci payload-compression frf9 stac
Further Problem Description: We do not recommend process-switching in combination with software payload compression because it is not possible to provide latency guarantees.
IP Routing Protocols
•
Symptoms: Calls may not complete because ResvConfirm messages are dropped. You can enter the debug ip rsvp messages command to track RSVP messages as they traverse routers.
Conditions: This symptom is observed when RSVP is configured for call admission control in a network with routers that do not have RSVP and a proxy ARP enabled. The symptom occurs because the RSVP-capable hop that sends the ResvConfirm messages uses the next RSVP-capable hop as the next IP hop for the packets and does not have the MAC address that is needed to encapsulate the IP packets for this next IP hop.
Workaround: Configure a static ARP entry that enables the router to properly encapsulate the packet by entering the arp ip-address hardware-address arpa command. The ip-address argument is the address of the next hop (that is visible via the RSVP debugs) for the ResvConfirm messages and the hardware-address argument is the MAC address of the interface of the next IP hop through which the ResvConfirm messages should be routed.
•
Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.
Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.
•
Symptoms: A router may reload because of a bus error when the NAT MIB is polled via SNMP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: Suboptimal routing occurs in an OSPF configuration or a routing loop occurs between two border routers that redistribute BGP into OSPF.
Conditions: These symptoms are observed when at least two border routers are connected via eBGP to another autonomous system, receive the same prefix over these connections, and redistribute the prefix into OSPF. Under certain conditions, for example when the eBGP session from the preferred BGP exit point to the eBGP peer flaps, the second router in the local autonomous system becomes the preferred path and redistributes the eBGP route into OSPF. When the eBGP session with the first router comes back up, the LSA should be flushed but this does not occur. This situation may create routing problems on other OSPF routers or, when BGP has a higher administrative distance than OSPF, routing loops between both border routers.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(5b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.
Workaround: There is no workaround.
•
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•
Symptoms: Various commands that include the virtual access keywords do not work as expected. For example, the show policy-map interface virtual-access2.1 produces no output even when there is policy map data associated with interface virtual-access2.1.
Conditions: This symptom is observed only on certain commands and only when these commands specify a virtual access interface.
Workaround: There is no workaround. However, the symptom is not service-affecting.
•
Symptoms: After a DSP restarts, RTP packets are not sent from the DSP to a trunk connection.
Conditions: This symptom is observed on a Cisco 7200 VXR router that runs Cisco IOS Release 12.3(10a) or Release 12.3(11)T when the connection trunk command is enabled.
Workaround: There is no workaround. To re-enable the DSP to send RTP packets, enter the enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the voice port that is associated with the DSP.
•
Symptoms: An encrypting router may send traffic that is locally originated (such as keepalive packets or routing update packets) out of order after the packets have been encrypted. Because of the anti-replay check failure, these packets are dropped on the receiving router.
Conditions: This symptom is observed when a multipoint GRE (mGRE) and IPSec tunnel is build between two routers.
Workaround: Turn off packet authentication for the configured IPSec transform.
Further Problem Description: On a Cisco 7200 series that functions as the receiving router, you can observe the symptom in the output of the show crypto ipsec sa detail or show pas isa interface command.
•
Symptoms: When a router has the moh-live dn-number out-call command enabled with 1234 for the dn-number argument and 9876 for the out-call argument, the outcall to an FXO port does not occur. Only when the router is manually placed into SRST mode does the outcall occur.
Conditions: This symptom is observed on a Cisco 2800 series that is configured as a MGCP gateway.
Workaround: Place the gateway into SRST mode, force the outcall to the live feed, then place the router back into MGCP mode.
Further Problem Description: This caveat is an enhancement to the MOH Live-Feed Support feature. The fix for this caveat ensures that MoH works in any configuration, not only when the router functions in SRST mode.
•
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)or
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid PacketConditions: This symptom is observed under rare circumstances on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Further Problem Description: HSP firmware version 2.3.1 was committed through CSCeg15422 to address the most common conditions that could result in PCI NULL writes that cause memory corruption. The fix for this caveat (CSCeg52468) implements HSP firmware version 2.3.2 to address additional conditions that could result in PCI NULL writes.
•
Symptoms: The following tracebacks may be generated when VFR handles fragmented packets:
%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 0 data 6472EE80 chunkmagic 0 chunk_freemagic 6484FA7C -Process= "IP Input", ipl= 4, pid= 60Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.11)T1. The symptom may also occur on a Cisco 2651XM.
Workaround: Disable virtual-reassembly using the "no ip virtual-reassembly" command.
•
Symptoms: MGCP calls fail with a fast busy signal. When you enter the debug mgcp packet command, the output indicates that the 400 Voice Call Setup failed.
Conditions: This symptom is observed when MGCP PRI backhaul is configured on a Cisco 2800 series that is configured with PVDM2 DSPs. Calls fail only after the router is reloaded. The symptom may also occur on a Cisco 3800 series that functions in the same configuration.
Workaround: Enter the following sequence of commands:
1.
2.
3.
4.
5.
•
Symptoms: Prioritized encrypted traffic is dropped.
Conditions: This symptom is observed when the Low Latency Queuing (LLQ) for IPSec Encryption Engines feature is enabled.
Workaround: Disable QOS preclassification on the crypto map.
•
Symptoms: Poor voice quality may be experienced as the default impedance selection may not yield the best ERL.
Conditions: This symptom has been observed when using the default impedance selection on a Cisco 2800 router.
Workaround: Use the test voice port [slot] /[subunit]/[port] inject-tone local sweep [sweep step] [high amplitude] [low amplitude] command to manually calibrate the best ERL.
•
Symptoms: When multicast is configured as part of a dial-peer configuration and you enter the shutdown command quickly followed by the no shutdown command on a voice port that is part of the dial-peer configuration, the router may generate tracebacks and may crash.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11)T4.
Workaround: There is no workaround.
•
Symptoms: The following error message may be generated when a Cisco AS5850 voice gateway boots:
Could not enable MACThis situation may prevent line cards from booting up and pings over the Fast Ethernet and Gigabit Ethernet interfaces may fail.
Conditions: This symptom is observed on a Cisco AS5850 voice gateway that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: Configuring an AUX port through a non-slotted notation such as "interface async 1" may not be possible on a Cisco 1841 and a Cisco 2801.
Conditions: This symptom is observed on a Cisco 1841 and Cisco 2801 that run Cisco IOS interim Release 12.3(11.9)T or a later release.
Workaround: Configure the AUX port through the slotted notation such as "interface async 0/0/0".
•
Symptoms: When a router detects "invalid identity" failures while decrypting IPsec packets, a memory leak occurs for the packet memory that is associated with these failed packets.
Conditions: This symptom is observed only when an "invalid identity" error occurs, which is an uncommon error that indicates that the originating router does not send packets according to what was originally negotiated. However, if there is another error that causes a "bad" decryption, the packet could be invalid and may also cause the symptom to occur.
Workaround: There is no workaround.
•
Symptoms: A router reloads unexpectedly when the show policy interface EXEC command is entered.
Conditions: This symptom is observed on a Cisco router when two users are connected to the router and simultaneously enter the show policy interface EXEC command.
Workaround: Ensure that only one user at a time enters the command.
•
Symptoms: Authentication, Authorization, and Accounting (AAA) for IKE fails with the following message when trying to begin session accounting:
ISAKMP AAA: Unable to allocate AAA User ID: no peerConditions: This error occurs when IKE accounting is configured in a site-to- site IPSec VPN. It will not occur when IKE accounting is configured in conjunction with mode configuration, XAUTH or EZVPN.
Workaround: There is no workaround.
•
Symptoms: A T.37 fax fails on a Cisco 2800 series because of clocking problems with a BRI. The fax that is sent or received via the BRI may be incomplete with cut pages or a part lost. About 40 to 50 percent of the faxes fail.
Conditions: This symptom is observed in the following topology:
A fax is sent from a fax machine via the PSTN to a BRI on a Cisco 2800 series. The Cisco 2800 series connects via an IP interface to an SMTP mail server.
Workaround: There is no workaround. Note that a fax that is sent via FXS instead of via a BRI goes through fine.
•
Symptoms: Tracebacks are generated on a Cisco AS5850 that is configured for analog and digital bulk calls.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with ERSCs and that functions under stress.
Workaround: There is no workaround. However, the symptom does not impact service because the calls are processed by the Cisco AS5850.
•
Symptoms: A router that is configured for GRE+IPSec tunnel protection and VRF drops packets that are larger than the size of the MTU of the tunnel interface. The router should fragment the packets.
Conditions: This symptom is observed on a Cisco 2600 series when the size of a (cleartext) packet is larger than 1434 bytes (which is the Ethernet MTU minus the IPSec overhead). However, the symptom is platform-independent and occurs with both software encryption and onboard hardware encryption engines.
Workaround: On the tunnel interface that is configured for GRE+IPsec tunnel protection and VRF, configure an MTU size that is smaller than the MTU size of the physical interface of the tunnel source minus the IPSec overhead, as in the following example:
interface tunnel0 ip mtu 1400(This example assumes that the physical interface of the tunnel source is an Ethernet interface with an MTU of 1500 bytes.)
•
Symptoms: Performing Telnet results in the session pausing indefinitely after accepting 13 characters or carriage returns.
Conditions: This symptom has been observed when performing a Telnet session through ATM PVC which is PPPoA but that a Telnet session through Fast Ethernet works fine.
Workaround: Avoid using Telnet session through ATM PVC which is PPPoA. Use Fast Ethernet for Telnet sessions if possible.
•
Symptoms: Before you start a BACD script, you cannot log out all agents from an ephone hunt group and activate the Do Not Disturb (DND) feature.
Conditions: This symptom is observed on a Cisco gateway that has an ephone hunt group configured.
Workaround: There is no workaround.
•
Symptoms: If a crypto map has RRI enabled and is applied to more than one interface, removing the map from one interface removes all active routes that are associated with other instances of this crypto map. In particular, this situation affects dialup termination and VPN connectivity on the same physical router. When you use a virtual template, the disconnection of one virtual-access interface that is spawned from the virtual template causes all routes for all other virtual-access interfaces to be removed.
Not all IKE and IPSec SAs on active connections are impacted, and when IPSec is rekeyed, routes are restored on the active interfaces.
Conditions: These symptoms are observed on a Cisco router under the following conditions:
–
–
–
–
Workaround: Do not remove a crypto map from an interface when there are active connections on other interfaces that use the same crypto map. First clear all SAs from the crypto map and then remove the interface.
•
Symptoms: A router may unexpectedly reload and generate the following error message:
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x60FB1F70Conditions: This symptom is observed on a Cisco 7200 series when one interface is configured for IP Header Compression (IPHC) and when another interface has a crypto map that includes the qos pre-classify command. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: You cannot bring up a serial interface of a channelized E1 or T1 port. The interface remains in the down/down state.
Conditions: This symptom is observed on a Cisco 3600 series.
Workaround: There is no workaround.
•
Symptoms: After an upgrade to Cisco IOS Release 12.3(11)T5 so that QoS could be configured on an IMA group in an ATM interface, the following error messages were generated:
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
-Traceback= 611D46E8 6002160C 61D4EF90 602C329C 602C6574 602C6D40 61D52170
61D54F2C 61D553E8 61D55784 61D6FF84 61D550EC 61D5516C 604818FC 6047E89C
6047E9C8
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 611D46E8 600177F4 6145DCB4 6145DDFC 6146B8E8 6146E174 616AB8B0
616ABB58 6205C598 62066DE0 6205C640 61D557F0 61D6FF84 61D550EC 61D5516C
604818FC
%SYS-2-MALLOCFAIL: Memory allocation of 19 bytes failed from 0x6145DCAC,
alignment 0
Pool: Processor Free: 139749528 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "<interrupt level>", ipl= 1, pid= 3
-Traceback= 611D46E8 60012958 6001822C 6145DCB4 6145DDFC 6146B8E8 6146E174
616AB8B0 616ABB58 6205C598 62066DE0 6205C640 61D557F0 61D6FF84 61D550EC
61D5516CConditions: This symptom has been observed on a Cisco 3745 router with the c3745-adventerprisek9-mz.123-11.T5 image installed and when configuring QoS on an IMA group in an ATM interface.
Workaround: There is no workaround.
•
Symptoms: When a voice call is made via the G726r16 or G726r24 codec via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) using H.323-to-SIP interworking, the following symptoms may occur:
–
–
Conditions: This symptom is observed when H.323 is configured to use a static payload type for the G726r16 or G726r24 codec and when SIP is configured to use a dynamic payload type for the G726r16 or G726r24 codec. This situation causes a mismatch of payload type for the G726r16 or G726r24 codec.
Workaround: There is no workaround.
•
Symptoms: A router crashes during a conference call.
Conditions: This symptom is observed on a Cisco 3700 series that is configured with a DSP Farm.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for SSG may reload when you configure a local service profile.
Conditions: This symptom is observed when the local service profile is configured with more than 150 service network entries.
Workaround: There is no workaround.
•
Symptoms: Auto-logon services do not automatically log on when you connect via a Service Selection Gateway (SSG).
Conditions: This symptom is observed when the user profile that is downloaded via the Access-Accept response from a RADIUS server contains a netmask (RADIUS attribute 9) that is smaller than 32 bits and when the SSG functions in PBHK mode.
Workaround: Increase the netmask bits in such a way that the bitwise and ampersand (&) operation between the netmask and the SSG PBHK source IP address results in an SSG PBHK source IP address without any alteration.
•
Symptoms: When AAA accounting is configured for an EZ-VPN server, the EZ-VPN server may stop sending periodic updates for an idle client. When the symptom occurs, the output of the show aaa sessions command shows that the user name is not available for the idle client. The user name appears to be lost.
Conditions: This symptom is observed on a Cisco 7200 series that functions as an EZ-VPN server and that runs Cisco IOS Release 12.3(8)T or a later release. The symptom may not be release-specific.
Workaround: Add an IPSec idle time of a shorter duration than the IPSec lifetime to enable idle clients to send stop records.
•
Symptoms: A Cisco 2800 series that is configured for encryption, CBAC, and IPS crashes and reloads during the inspect process.
Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS 12.3T when it functions under a heavy load of mixed application traffic and IP telephony traffic.
Workaround: There is no workaround.
•
Symptoms: A security gateway may crash when ISAKMP accounting is enabled at aggressive time intervals such as 1-minute updates.
Conditions: This symptom is observed when ISAKMP accounting is enabled at very frequent update intervals together with ISAKMP NAT-T.
Workaround: Use ISAKMP accounting timers with a longer duration.
•
Symptoms: A router that is configured for SSG intermittently resets itself and generates a spurious memory access.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T with a prepaid or proxy service that has an idle or session timeout configured in the service profile.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload because of a bus error when you enter a show atm command that accesses deleted VCs structures.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(12a).
Workaround: There is no workaround.
•
Symptoms: A DSMP-3-DSP_TIMEOUT error message may be generated when you place a fax call via a VoIP gateway.
Conditions: This symptom is observed when the fax call is torn down and the gateway attempts to obtain call statistic information from the DSP. The DSMP state in this case is S_DSMP_COLLECTING_STATS as displayed in the error message. The timeout occurs only when MGCP PRI-backhaul mode is enabled. The symptom does not occur in standalone mode.
The timeout itself does not impact the call for which it occurs because the timeout occurs at the end of the call while the call is being torn down and cleaned up. However, on some network modules, specifically, the 549 and 5421 DSP-based modules such as the NM-HDV and AIM network modules, when the timeout occurs, a DSP recovery mechanism is triggered and may impact other active calls on other channels on the same DSP as the one that reports the timeout. For this problem, caveat CSCsb14481 has been opened.
Although the timeout may occur on a 5510-based DSP network module such as the NM-HDV2 network module, the DSP itself does not appear to be reset so no impact to other active calls is observed.
To verify which DSP is currently in use on a gateway, enter the show voice dsp EXEC command.
Workaround: When MGCP PRI-backhaul is configured in a Cisco CallManager environment, you can disable Fax Relay on a gateway to prevent timeouts from occurring by entering the no ccm-manager fax protocol cisco global configuration command on the gateway.
Alternate Workaround: To prevent timeouts from occurring, configure the gateway to function in standalone mode.
•
Symptoms: When SSG functions in RADIUS proxy mode, SSG sends the RADIUS Framed IP Netmask Attribute value that it receives from a RADIUS server as the Framed IP Address Attribute value towards a GGSN or CSG downlink RADIUS client.
Conditions: This symptom is observed when the RADIUS Framed IP Netmask Attribute value is less then a 32-bit mask.
Workaround: Avoid using the RADIUS Framed IP Netmask Attribute or use a 32-bit mask value for it.
•
Symptoms: A Cisco Aironet AIR-AP1131AG-E-K9-P access point may not function because it does not receive power.
Conditions: This symptom is observed when an EtherSwitch NM-16ESW-PWR network module or EtherSwitch NMD-36ESW-PWR network module does not detect and supply power to the AIR-AP1131AG-E-K9-P access point.
Workaround: Use a power injector or external power supply.
•
Symptoms: A clicking sound is heard after each .wav audio file is played from a VoiceXML (VXML) document.
Conditions: This symptom occurs in Cisco IOS Release 12.3(14)T on a Cisco AS5400. The problem only occurs when there are multiple .wav files in a single VXML document that are concatenated together to play to the caller. A VXML document containing a single .wav file does not experience the problem.
Workaround: There is no workaround.
•
Symptoms: A DHCP client router has an old static route and a new static route concurrently. The output of the debug dhcp detail on the DHCP client router shows that the old static route is removed but that the routing table still contains the old static route. Also, the old static route is not removed after the static configuration is deleted.
Conditions: This symptom is observed when a DHCP server renews the DHCP address and the DHCP gateway.
Workaround: There is no workaround.
•
Symptoms: A call from an originating gateway (OGW) that is configured for SIP via an IPIPGW to a terminating gateway (TGW) that is configured for H.323 may fail when certain codecs are configured on the IPIPGW and H.323 TGW.
Conditions: This symptom is observed under either one of the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: Reload is caused by memory corruption.
Conditions: This symptom has been observed when the router is a Cisco IPSec gateway which implements XAUTH. One example of this situation is a Cisco EZVPN server.
Workaround: There is no workaround.
Further Problem Description: The problem occurs if the username given to XAUTH is exactly 7, 19 or 43 characters long (given a default configuration). The exact lengths which tickle the symptom may vary depending on the memory lite configuration.
•
A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, Cisco 1900 series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device.
Cisco is making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml.
•
Symptoms: A Cisco 3725 that is configured as an H.323 gateway does not provide three beeps for a tone-on-hold. Instead, it generates the no-circuit tone.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(14)T2 and that is not configured for Music on Hold.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(11)T5.
•
Symptoms: A Cisco 3800 series may not drop unicast Ethernet frames that are not destined for its MAC address.
Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP.
Workaround: Enter the standby use-bia command on the main interface.
•
Symptoms: A router may crash when a VPN tunnel is established.
Conditions: This symptom is observed on a Cisco router when an interface has both IPSec and the ip verify unicast reachable-via command enabled and when a hardware encryption engine is used for IPSec.
Workaround: Remove the ip verify unicast reachable-via command from the interface.
•
Symptoms: Active voice and fax calls may stop unexpectedly on a gateway, that is, either the call may drop or two-way audio may stop.
Conditions: This symptom is observed when a DSP recovery algorithm on the gateway is started in response to a DSMP-3-DSP_TIMEOUT error condition. The timeout may occur on one of the channels of the DSP, but the reset algorithm impacts other calls on other channels that are active on the same DSP.
Network modules with 549 and 5421 DSPs such as the NM-HDV and AIM-VOICE network modules are reset when this timeout occurs, causing other active voice and fax calls on other channels of the same DSP to be reset. Network modules that use 5510 DSPs such as the NM-HDV2 network module do not seem to be reset when this timeout occurs during statistics collection.
To verify which DSP is currently in use on a gateway, enter the show voice dsp EXEC command.
Workaround: Disable the DSP recovery algorithm by entering the test dsp recovery disable command. However, use this command with caution because disabling the auto-recovery mechanism prevents voice and fax calls from functioning properly when a DSP enters a valid non-responding state.
Further Problem Description: This fix for this caveat suppresses the resetting of the DSP when the timeout occurs under a statistics collection state as shown in the sample output below where the state is equal to S_DSMP_COLLECTING_STATS:
%DSMP-3-DSP_TIMEOUT: DSP timeout on DSP 1/5:4: event 0x6, DSMP timed out,
while waiting for statistics from the DSP. DSMP State =
S_DSMP_COLLECTING_STATSThe timeout may occur when an internal software error causes some invalid statistics to be polled, leading to the timeout. As an example, see caveat CSCsa72951.
Wide-Area Networking
•
Symptoms: As soon as the ISDN switch deactivates layer 2, the router immediately activates layer 2.
Conditions: This problem is seen in Cisco IOS Release 12.3(11)T2. It was not seen in Cisco IOS Release 12.3(11)T.
In the ISDN q921 debugs, the following can be seen:
Dec 10 13:48:17.558: ISDN BR0 Q921: User RX <- DISCp sapi=0 tei=65
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
....
Dec 10 13:48:17.562: ISDN BR0 Q921: User TX -> UAf sapi=0 tei=65
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^In 6 milliseconds, the router activated the layer 2. (This was not the case in Cisco IOS Release12.3(11)T.)
Workaround: There is no workaround. However, to get rid of the consecutive line up/down messages, the following can be configured on the interface level as a temporary workaround:
conf t
int bri x
no logging event link-status•
Symptoms: A Cisco router crashes when PVCs are deleted while the show pppoe session or show vpdn command is entered.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for PPP over Ethernet (PPPoE) when there are two concurrent Telnet sessions. PVCs are deleted via one Telnet session while the show pppoe session or show vpdn command is entered via the other Telnet session. The symptom is platform-independent.
Workaround: Do not delete PVCs via one session and enter the show pppoe session or show vpdn command via another session at the same time.
•
Symptoms: The asynchronous resources on a NAS may remain active after a VPDN setup because the LAC does not close the L2TP session on receipt of the L2TP Call Disconnect Notification (CDN) from the LNS.
Conditions: This symptom is observed on a NAS that is configured with digital modems when the L2TP session is abnormally aborted, for example, when the L2TP session is aborted before the LNS sends an LCP termination request to the dialin user.
Workaround: Manually free the asynchronous resources on the NAS by entering the clear line line-number command or ask the remote dialin user to disconnect the modem.
•
Symptoms: PPP does not establish new sessions.
Conditions: This symptom is observed on a Cisco router that is configured with full virtual-access interfaces when a PPP leak occurs.
Workaround: Reload the router and configure virtual-access subinterfaces instead of full virtual-access interfaces.
•
Symptoms: An LNS router crashes on establishing a large number of PPPoA L2TP sessions.
Conditions: This symptom is observed only when you establish sessions at a high rate. When you attempt to establish 8000 sessions, the router crashes shortly after 5000 sessions are established.
Workaround: Establish sessions at a low rate.
Resolved Caveats—Cisco IOS Release 12.3(14)T2
Cisco IOS Release 12.3(14)T2 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When T+ accounting or authorization is configured, many CPU cycles are consumed. The messages are not sent out, and the box is unusable.
Conditions: When T+ accounting/authentication/authorization is enabled with a faulty server, the server sends back unsolicited data when the socket is being set up. This symptom is observed on any Cisco IOS 12.3 release.
Workaround: Disable T+.
•
Symptoms: High CPU utilization may occur during the TPLUS process on a platform.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6c) and that is configured for TACACS.
Workaround: There is no workaround.
•
Symptoms: The operation result of an IP SLA jitter probe shows a high packet MIA that is equal to the jitter's number of packets minus one. In the responder router, the responder debug message shows many error packets.
Conditions: This symptom is observed when multiple jitter probes (either from the same router or from different routers) are configured to send packets to the same destination IP address and the same destination port number and when the responder is turned off for a short time and turned on again.
Workaround: To prevent the symptom from occurring, configure the jitter probe to use a unique destination port number.
Alternate Workaround: If the symptom has occurred, turn off the responder by entering the no rtr responder global configuration command, wait until all jitter probes report "No connection," and then turn on the responder by entering the rtr responder global configuration command.
IP Routing Protocols
•
Symptoms: When performing a snmpwalk on OSPF-MIB that supports the ospfExtLsdbTable, a router can crash. In other instances alignment errors are observed when you enter the show alignment command.
Conditions: These symptoms are observed on a Cisco platform that runs Open Shortest Path First (OSPF) and supports the ospfExtLsdbTable in OSPF-MIB.
Workaround: There is no workaround.
•
Symptoms: A router may continue to redistribute an eBGP route into EIGRP after the eBGP route is deleted or EIGRP may not redistribute an eBGP route after the eBGP route has been installed.
Conditions: This symptom is observed on a Cisco router that runs Cisco 12.0S, 12.2S, or 12.(18)SXD1 and that redistributes eBGP routes into EIGRP when the router functions in a multihoming environment.
The symptom occurs in a configuration with two PE routers that advertise routes via eBGP and a border router that is configured with a higher local preference than the PE routers when the eBGP route of the primary path is withdrawn and the route of the secondary path is installed.
Workaround: If a route is still redistributed into EIGRP after the eBGP route is deleted, clear the BGP peer from which the eBGP route used to be learned so EIGRP stops advertising the route.
If a route is not redistributed into EIGRP after an eBGP route is installed, clear the route so EIGRP starts advertising it. Another workaround is to enter the bgp redistribute-internal command to cause EIGRP to redistribute iBGP routes and to prevent EIGRP from failing to redistribute an updated BGP route.
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: A platform (that is, a switch or a router) may crash when you enter the ip routing command followed by the configure memory command and the no ip routing command multiple times. Multiple tracebacks may also be generated.
Conditions: The symptom is observed on a Cisco platform that functions as the master in a stacked environment and that is configured for OSPF. The symptom is more likely to occur when the platform functions under a heavy traffic load.
Workaround: Do not enter the ip routing command followed by the configure memory command and the no ip routing command multiple times.
•
Symptoms: On a PE router with a parallel path to a destination where one path is over the OSPF sham-link and the other path is over the backdoor link, traffic is not getting load balanced. Only a backdoor connection is being used to forward the traffic.
Conditions: This symptom occurs on a PE router where traffic is not getting load balanced.
Workaround: Configure OSPF metric in a way that sham-link path and backdoor paths do not have the same cost.
•
Symptoms: TE tunnels do not come up.
Conditions: This symptom is observed when a new loopback interface is created with an IP address on an MPLE TE head router that is configured with MPLS TE tunnels and when you reload the router. The symptom occurs because of a change in router ID.
Workaround: Shut down the newly created loopback interface, save the configuration, and reload the router.
•
Symptoms: A router reloads when you clear NAT entries from the NAT table.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T7 only when Stateful Network Address Translation (SNAT) is configured on the router.
Workaround: There is no workaround.
•
Symptoms: Tracebacks may occur when you enter an ipv6 prefix-list command and BGP is not enabled or when you enter an ipv6 prefix-list command after you have entered the no router bgp as-number global configuration command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(13) or Release 12.3(14)T.
Workaround: First enter the router bgp as-number global configuration command before you enter an ipv6 prefix-list command.
•
Symptoms: When BGP nexthop information for a prefix changes because of topology changes, BGP properly updates its path information and IP routing table entry but CEF may not update the corresponding CEF entry, causing a stale entry. This inconsistency between BGP and CEF may cause a connectivity problem.
Conditions: This symptom is observed when the nexthop information changes to an existing prefix entry in the BGP routing table. Typically, this occurs when the interface through which the prefix is learned goes down.
Workaround: Flush out the stale CEF entry by entering the clear ip bgp command or withdraw and readvertise the prefix by the source router, which enables the affected router to refresh the CEF entry.
Miscellaneous
•
Symptoms: A failed LDP session may still show up in the output of the show mpls ldp neighbors command as well as the new working session after the neighborship is re-established. The display of two sessions, one not working and one working to the same neighbor, may mislead the MPLS network operator.
Conditions: This symptom may occur after an LDP session has gone down and then re-established.
Workaround: There is no workaround.
•
Symptoms: A Cisco IP Phone connected behind a Cisco Router on a interface configured for Authentication Proxy may not get access to network resources as it cannot perform HTTP/FTP/Telnet based authentication.
Conditions: This symptom has been observed on a Cisco IP Phone connected behind a Cisco Router on a interface configured for Authentication Proxy.
Workaround: Add the Cisco IP Phone source IP as a deny entry in the Authentication Proxy Intercept ACL so that IP phone is bypassed from authentication. Also make sure that the interface ACL has a permit for the IP Phone.
•
Symptoms: An EZVPN tunnel does not come up and becomes stuck in the "VALID_CFG" state even though the tunnel is configured to come up automatically.
Conditions: This symptom is observed on a router that is rebooted with EZVPN enabled on an interface.
Workaround: Unconfigure and reconfigure EZVPN on the interface.
•
Symptoms: Modem relay over TCCS works fine when you save the configuration and reload the router. However, a modem call goes into pass-through mode when you enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.
Conditions: This symptom is observed on a Cisco 3700 series that functions as a voice gateway.
Workaround: After the router has booted, do not enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.
•
Symptoms: A router may not properly detect supervisory tones.
Conditions: This symptom is observed on a Cisco 3640 and Cisco 3660 and may also occur on other routers.
Workaround: There is no workaround.
•
Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.
Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.
Workaround: There is no workaround.
•
Symptoms: After a router is rebooted, a tunnel interface does not acquire the IP address of the async serial interface that is the tunnel source.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(8)T3.
Workaround: Enter the tunnel source interface-type interface-number command on the tunnel interface.
•
Symptoms: There may be a large latency in responding to EAPoUDP events from a host, causing the idle timer to expire and network access for users to be delayed.
Conditions: This symptom is observed on a Cisco router that is configured for Network Admission Control (NAC).
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for PPPoE may stop forwarding packets that need to be fragmented.
Conditions: This symptom is observed after a link flap occurs on the dialer interface or after you enter the clear interface command on the dialer interface.
To re-enable the affected packets to be forwarded, enter the no ip cef command followed by the ip cef command.
Possible Workaround: Enter the ip tcp adjust-mss 1400 command to force the maximum segment size (MSS) of the TCP SYN packets to be small enough to prevent the router from fragmenting the packets.
•
Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee
Workaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Cisco IOS Release 12.3, the fix is included in Cisco IOS Release 12.3 as a precaution.
•
Symptoms: A Cisco AS5850 reloads when it fetches a TDM connection object for a TDM hairpinned call. while handing over peer resources to the standby RSC.
Conditions: This symptom is observed when you enter the redundancy handover peer-resource command and when the Cisco AS5850 functions in the extra-load state.
Workaround: Clear all existing calls that use peer resources and mark the calls as busyout before you enter the redundancy handover peer-resource command.
•
Symptoms: A Cisco AS5850 reloads when you enter the redundancy handover peer-resources command to hand over the peer resources to the other RSC.
Conditions: This symptom is observed when the RSC that hands over the peer resources is in the "ACTIVE_EXTRALOAD" mode and when an SNMP trap is sent to obtain the card status.
Workaround: There is no workaround.
•
Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.
Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 reloads because of a bus error. Just before the crash, the following error messages are generated:
%SYS-3-BAD_RESET: Questionable reset of process 149 on tty123
%SYS-3-HARIKARI: Process Exec top-level routine exitedConditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(26) or Release 12.3(12) and that has an NM-2CE1T1-PRI network module that is configured for ISDN dial-in.
Workaround: There is no workaround.
•
Symptoms: The sockets associated with the TLS connections to the SRST gateway are not getting cleared when the switch link is down for the phones.
Conditions: When the ethernet connectivity between the ephone and the SRST router goes down, the sockets are not cleared. This happens when the ephone is not in the fall-back mode.
Workaround: There is no workaround.
•
Symptoms: When IP header compression is enabled on a PPPoATM or PPPoFR interface, compressed packets are not correctly classified by any QoS policy that has been applied to the supporting ATM or Frame Relay PVC.
Conditions: This symptom is observed when CRTP is enabled on the virtual-template interface via the service policy command or ip rtp header-compression command and when the IP RTP Priority feature is enabled in the PVC policy.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reloads because of a bus error at an address that falls just short of the I/O memory range such as address 0x4E7FD5B8, whereas the iomem address starts at 0x4E800000.
Conditions: This symptom is observed when the router has some of the following security feature commands enabled on one or more interfaces:
ip nbar protocol-discovery
ip virtual-reassembly
ip access-group in
ip access-group out
ip inspect in
ip inspect out
ip ips in
ip ips out
auto discovery qos
crypto map
Workaround: Remove the ip access-group out command.
•
Symptoms: When you enter the following commands on the Fast Ethernet port of an NM-16ESW network module, the router may crash:
ip dhcp client hostname
no switchport mode
switchport mode
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series in which an NM-16ESW network module is installed.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: A Service Selection Gateway (SSG) that is deployed in a GPRS access environment and that is configured for L2TP tunnel service with an extended autodomain may reload when duplicate GPRS PDP context create requests are sent.
Conditions: This symptom is observed when the PDP context create requests contain the static addressing, that is, the IP address of the MS instead of all zeros in the end user address field.
Workaround: There is no workaround. Note that for corporate access through a GPRS access-based solution using SSG, generally dynamic addressing is used. With dynamic addressing, the end-user address field is sent with all zeros and the corporate network provides the address, and the symptom does not occur.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series may crash when you configure the interface of an NM-16ESW.
Conditions: This symptom is observed when you enter the ip rsvp bandwidth command on FE port 1/10 of the NM-16ESW and then you enter the no switchport mode command followed by the switchport mode command.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.
Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.
•
Symptoms: A Cisco 2800 series that is configured for software or hardware encryption and CBAC may reload.
Conditions: This symptom is observed when IPSec SAs and CBAC sessions are established and when the traffic is blocked by an ACL on the outgoing WAN interface of a neighboring crypto router. When you send encrypted traffic from the neighboring crypto router to another router via the Cisco 2800 series, the Cisco 2800 series reloads.
Workaround: Permit the encrypted traffic on the outgoing interface of the neighboring crypto router.
•
Symptoms: High CPU utilization occurs on a Cisco AS5850.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T3 when dCEF is not applied to packets because of a slow start configuration.
Workaround: Remove the slow start configuration.
•
Symptoms: A Cisco router crashed when the name of the EEM TCL Policy is longer than 12 characters.
Conditions: This symptom is observed on a Cisco IOS software image if the user names an EEM TCL Policy with more than 12 characters.
Workaround: Name the EEM TCL Policy with no more than 12 characters.
•
Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.
Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:
- The initial codec for the call is negotiated as G.729.
- A reinvite message with a codec change to G.711ulaw is sent to the gateway.
- The gateway accepts the change with a 200 OK message but continues to send the call with codec G.729 in the RTP stream.
Workaround: Remove the fax pass-through configuration.
•
Symptoms: The WIC-DSU-T1-V2 card can get stuck and will not be able to detect any alarms, loopback events, etc.
Conditions: When this symptom occurs, the DSU-T1-V2 may still be able to pass traffic.
Workaround: Bring the card up again by issuing the clear service- module serial slot|port command.
•
Symptoms: NAT-PT stops working after a reload.
Conditions: This symptom occurs when the v6v4 static NAT configuration exists, and NAT-PT fails to install ARP entries due to the system not being yet fully initialized.
Workaround: Remove and then reconfigure the mapping.
•
Symptoms: A 4-port OC-12 POS Engine 2 line card may crash repeatedly when the Cisco 12000 series in which the line card is installed comes up after a software-forced crash has occurred on the router.
Conditions: This symptom is observed on a Cisco 12000 series that runs the c12kprp-p-mz image of a Cisco IOS interim release for Release 12.0(31)S, that is configured with two RPS, and that is configured for SSO. The symptom is more likely to occur when the ipv6 unicast-routing command is enabled.
Workaround: To diminish the chance that the symptom occurs, disable the ipv6 unicast-routing command.
•
Symptoms: EEM Tcl policies leak a significant amount of memory every time they run.
Conditions: This symptom occurs because the memory model that is currently implemented in Cisco IOS software that supports Tcl assumes a single threaded model in which global memory is not released when the Tcl script completes.
Workaround: There is no workaround.
•
Symptoms: Embedded Event Manager (EEM) does not pass the configured session CLI username in applet callbacks. If a customer is using TACACS authentication, EEM applets will not correctly interact with the CLI library.
EEM action CLI can cause a router to crash due to the TTY output buffers not being null terminated.
Conditions: If customers are using TACACS authentication, this symptom occurs upon triggering of the EEM applets that interact with the CLI through the Action "action <label> cli ...".
Workaround: See the following: 1) Disable TACACS authentication. or 2) Configure an EEM script to perform the same EEM actions upon the triggering of an event. 3) If crash occurs using action CLI in EEM applet, refer to workaround #2 above.
•
Symptoms: A Cisco platform reloads when you bring up bulk asynchronous and digital SS7/VPDN calls.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the in SDP library on an IPIPGW.
Conditions: This symptom is observed when a fax call is made between a platform that is configured for SIP and a platform that is configured for T.38 H.323.
Workaround: There is no workaround.
•
Symptoms: An error message similar to the following may be logged in a router:
*Dec 20 16:29:37.899: %FIB-2-IF_NUMBER_ILLEGAL: Attempt to create CEF interface
for unknown if with illegal if_number: 0 followed by a traceback.Conditions: This symptom occurs when the router creates virtual interfaces such as Loopback or Virtual.
Workaround: There is no workaround.
•
Symptoms: A bargeinable prompt aborts right after it starts playing, almost as if it is being barged in to.
Conditions: This symptom is observed in the following scenario with an application that requests DTMF input using two to four digits with an asterisk as the termination character:
- You let the prompt play (that is, you do not barge in).
- You enter "123*". The next prompt is a VXML Transfer element containing three .wav files (1.wav, 2.wav, and 3.wav).
- This prompt is bargeinable, but you do not barge in. You hear a brief "burp", but not the three .wav files.
- The final prompt is non-bargeinable TTS "Test Passed", which you hear just fine.
Workaround: Make the .wav files non-bargeinable.
•
Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.
Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.
Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.
•
Symptoms: An AIM that is installed in a Cisco 2851 or Cisco 3845 may time out when it receives non-multiples of a 64-bits public key from a third-party vendor router. This situation causes the router to crash rather than verifying the key.
The Cisco 2851 crashes because of a memory corruption. The Cisco 3845 crashes because of an "ALIGN-1-FATAL" bus error.
Conditions: This symptom is observed on a Cisco 2851 and Cisco 3845 that run Cisco IOS Release 12.3(11)T3.
Workaround: Ensure that the AIM receives multiples of the 64-bits public key.
Alternate Workaround: Disable the AIM hardware encryption by entering the no crypto engine aim 0 command. Doing so causes onboard encryption to occur.
•
Symptoms: SIP messages from Cisco IOS gateways fail to reach the remote endpoint. This is seen for UDP transport only.
Conditions: This symptom happens when interworking with a third party SIP device, which sends responses to SIP Requests to the source port of the request packet instead of sending them to the header port (5060). This is in violation of the RFC3261 rules for UDP (unreliable transports).
Workaround: There is no workaround.
•
Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.
Conditions: This symptom is observed for post-paid users.
Workaround: There is no workaround.
•
Symptoms: Service Selection Gateway (SSG) does not update tariff switch information to the users when the user logs in exactly at tariff switching time.
Conditions: This symptom is observed for postpaid users only.
Workaround: There is no workaround.
•
Symptoms: After fallback occurs from CCM to secure a Survivable Remote Site Telephony (SRST) gateway (GW), during full-consult transfer from a secure to nonsecure IP phone and then back to a secure IP phone, which are all in single line mode, one-way voice is heard. There is a loud noise on the other side.
Conditions: This symptom happens only when the transfer-system is full- consult, and there is a nonsecure to secure call transfer.
Workaround: Use IP phone with dual line.
•
Symptoms: The prompt file that is stored on an HTTP file server and that is invoked by a VXML document is not heard by a caller.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(12.12)T5 when a VXML document attempts to retrieve and render a wav file that is stored on an HTTP file server.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the processor memory pool of a router that runs encrypted traffic with an SA-VAM2.
Conditions: This symptom is observed when the SA-VAM2 encrypts traffic and when underlying "no buffer" conditions exist in the I/O particle pools for the encrypted packets.
Workaround: There is no workaround.
•
Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.
Wide-Area Networking
•
Symptoms: The CEF-Dialer feature fails to add an adjacency for a virtual-access1 CEF interface because the IP route is installed after the feature attempts to add the adjacency.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS Release 12.3 or interim Release 12.3(10.3)T.
Workaround: Configure a static host entry for the neighbor in the routing table, pointing to the Dialer interface:
ip route prefix mask 255.255.255.255 Dialer1
For the prefix mask argument, enter the IP address of the neighbor.
•
Symptoms: A LNS intermittently routes packets to an incorrect interface in the process-switching path, preventing some applications from working properly. These applications such as ARP, CBAC, and NAT depend on the first packet to go to process-switching for their initialization operation. Consequently, this situation may affect user connectivity to the Internet.
Conditions: This symptom is observed when the next-hop ISP router is connected via static routes and when there is no ARP entry on the LNS.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions as an L2TP Network Server (LNS) may drop sessions when multilink is enabled and negotiated on a forwarded inbound VPDN session.
Conditions: This symptom is observed when LCP renegotiation of proxy negotiations is disabled (which is the default) and when the multilink Endpoint Discriminator option that is advertised by the LAC does not match the Endpoint Discriminator on the LNS.
Workaround: Enable the LNS to renegotiate LCP when necessary by entering the lcp renegotiation on-mismatch VPDN group configuration command.
Alternate Workaround: Avoid the need to renegotiate by entering the ppp chap hostname or ppp multilink endpoint command to configure matching Endpoint Discriminators on the LAC and LNS.
Warning: Technically, the current behavior of the Cisco IOS software is correct. An LNS should not accept the results of a LAC proxy negotiation when the LAC negotiates values that do not accurately represent the LNS. A platform must be configured to either enable the LNS to renegotiate when necessary, or (if it is desired to avoid such renegotiations, which may be necessary to get around problematic client implementations) enable the LAC to negotiate adequately as a substitute for the LNS.
The fix for CSCsa78148 deliberately introduces the behavior that a mismatched multilink Endpoint Discriminator is ignored when the LNS is configured to terminate connections on mismatched conditions. This behavior is introduced to prevent the termination of a connection for a condition that is harmless for the majority of VPDN users. From a technical standpoint, this behavior is improper because it means that the VPDN clients have an invalid notion of the identity of the peer. This situation may pose problems for clients who have more than one multilink-capable link active at a time because the invalid Endpoint Discriminators may prevent links from being properly bundled at the client end. In such circumstances, enabling LCP renegotiation or ensuring that the LAC and LNS agree on negotiation parameters is the only valid option.
Resolved Caveats—Cisco IOS Release 12.3(14)T1
Cisco IOS Release 12.3(14)T1 is a rebuild release for Cisco IOS Release 12.3(14)T. The caveats in this section are resolved in Cisco IOS Release 12.3(14)T1 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Open Caveats—Cisco IOS Release 12.3(14)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(114)T. All the caveats listed in this section are open in Cisco IOS Release 12.3(14)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A NAS may reload after functioning for a couple of days in a high-call capacity scenario.
Conditions: This symptom is observed when the NAS is configured for AAA and connects to a RADIUS server.
Workaround: There is no workaround.
•
Symptoms: A platform reloads after you enter the aaa route download 2 command.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: The performance on a Cisco router that has the ip nat outside command enabled may be degraded.
Conditions: This symptom is observed on a Cisco 7200 series when you upgrade the router from Cisco IOS Release 12.3(4)T or a later 12.3T release.
Workaround: There is no workaround.
•
Symptoms: A Cisco router hangs and the console connectivity disappears. When you break the hanging process and enable the router to enter ROMmon, a stack dump is generated.
Conditions: This symptom is observed on a Cisco 7206 that runs Cisco IOS Release 12.3(8)T4 and that is configured for SSG to access gateway services for an ISPs that provides ADSL services.
Workaround: There is no workaround.
•
Symptoms: A router crashes when an RTR probe is configured.
Conditions: This symptom is observed when the RTR and the fallback system process are not synchronized. For each RTR probe, the fallback system creates a cache entry and keeps it for cache timeout. During the cache timeout, the fallback system process sends an event to RTR and frees the entry, but RTR sends an event after the cache entry is deleted.
Workaround: There is no workaround. Note that caveat CSCeg89043 fixes the problem from the fallback system process side but not the above-mentioned symptom.
•
Symptoms: A Cisco AS5350 may crash because of a software bus error.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(7)T7.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for AAA reloads because of a software-forced crash.
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(11)T3 and that is configured for SSG when SSG has a client with an extensible authentication protocol-subscriber identity module (EAP-SIM).
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: If the netConfigSet and hostConfigSet variables of the OLD-CISCO-SYS-MIB MIB are set, the corresponding commands may not be executed, and the following error messages and tracebacks may be generated:
%SYS-4-SNMP_NETCONFIGSET: SNMP netConfigSet request.
Loading configuration from 10.10.10.10
%SYS-3-TIMERNEG: Cannot start timer (0x545E1928) with negative offset (-1).
-Process= "SNMP ENGINE", ipl= 6, pid= 143
-Traceback= 502308BC 5022E3F8 50233358 501B0A24 501B298C 501C3618 501C3800 50259C00 50255290 5024F444 502574BC 502576FC 5017C4F4 508EBE04 508EBBBC 508D4D8C
%PARSER-4-BADCFG: Unexpected end of configuration file.Conditions: This symptom is platform independent.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A router that is configured for VLANs may generate a traceback during the "gext_next_swidb_from_vlan_bucket" process.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(8)T1 but may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: ISDN is not properly established.
Conditions: This symptom is observed on a Cisco 7500 series that has distributed switching enabled via the ip cef distributed command.
Workaround: Disable distributed switching.
•
Symptoms: When you perform an OIR of an ATM port adapter, tracebacks are generated.
Conditions: This symptom is observed on a Cisco 7200 series when the ATM port adapter is up and has a VC configured.
Workaround: There is no workaround.
•
Symptoms: When you enter the microcode reload command, an error message similar to the following and a traceback may be generated:
RSP-3-RESTART: interface Serial3/0/1/4:0, not transmitting
-Traceback= 404436B4 4044DE10Conditions: This symptom is observed on a Cisco 7500 that is configured with a E1, T1, E3, or T3 port adapter.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: When RSVP and IP Header Compression are configured on an interface, the show ip rsvp installed detail command shows a compression factor of 0, and some of the flow is being treated as non-conformant.
Conditions: This occurs when using RSVP and header compression on fast or CEF switched interfaces.
Workaround: Enter the ip rsvp flow-assist command on the outbound interface of the flow.
•
Symptoms: A router crashes after processing an H.323 or skinny VoIP call.
Conditions: This symptom is observed on a Cisco router that is configured to translate H.323 and skinny IP packets using Network Address Translation (NAT).
Workaround: There is no workaround.
•
Symptoms: Calls may not complete because ResvConfirm messages are dropped. You can enter the debug ip rsvp messages command to track RSVP messages as they traverse routers.
Conditions: This symptom is observed when RSVP is configured for call admission control in a network with routers that do not have RSVP and a proxy ARP enabled. The symptom occurs because the RSVP-capable hop that sends the ResvConfirm messages uses the next RSVP-capable hop as the next IP hop for the packets and does not have the MAC address that is needed to encapsulate the IP packets for this next IP hop.
Workaround: Configure a static ARP entry that enables the router to properly encapsulate the packet by entering the arp ip-address hardware-address arpa command. The ip-address argument is the address of the next hop (that is visible via the RSVP debugs) for the ResvConfirm messages and the hardware-address argument is the MAC address of the interface of the next IP hop through which the ResvConfirm messages should be routed.
•
Symptoms: A VRF ping fails to reach an OSPF neighbor interface.
Conditions: This symptom is observed when the platform on which the ping originates and the OSPF neighbor interface are connected via an OSPF sham link that is used for interconnecting traffic between two VPN sites.
Workaround: There is no workaround.
•
Symptoms: A router reloads when you clear NAT entries from the NAT table.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T7 only when Stateful Network Address Translation (SNAT) is configured on the router.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of a bus error exception. The crashinfo file shows an address error (a load or instruction fetch) and a spurious memory access.
Conditions: These symptoms are observed on a Cisco router that performs NAT on H.323 voice traffic.
Workaround: There is no workaround.
•
Symptoms: After the active HSRP router in a redundant network reloads, a Stateful NAT (SNAT) inconsistency occurs when the router that reloaded becomes active again after the preemption delay. This situation causes a TCP connectivity timeout.
Conditions: This symptom is observed in a configuration with SNAT failover and occurs only after the active HSRP router is reloaded (or crashes) and later becomes active once again.
Workaround: There is no workaround.
•
Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.
Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.
•
Symptoms: A router may reload because of a bus error when the NAT MIB is polled via SNMP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T2.
Workaround: None.
ISO CLNS
•
Symptoms: A memory leak may occur on a router that has the Multi-Topology IS-IS for IPv6 feature enabled and the router may reload.
Conditions: This symptom is platform-independent and release-independent.
Workaround: Disable the Multi-Topology IS-IS for IPv6 feature.
Miscellaneous
•
Symptoms: A Cisco 12000 series may reload when you enable Fast Reroute (FRR) on the headend of a tunnel.
Conditions: This symptom is observed when the tunnel carries Any Transport over Multiprotocol Label Switching (AToM) traffic.
Workaround: There is no workaround.
•
Symptoms: The SRC address and destination address for an RTP stream are the same for all calls between gateways, preventing load-balancing from functioning properly.
Conditions: This symptom is observed when RTP traffic is configured to be load-balanced among multiple links. In this situation, the SRC address or destination address should change, but neither is changed.
Workaround: Use multilink PPP.
First Alternate Workaround: Use PBR based on DSCP values that are set in the dial peer.
Second Alternate Workaround: Enter the source interface interface-name command to change the SRC address of the RTP streams.
•
Symptoms: Incoming or outgoing voice calls may encounter no-way audio on some specific channels.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a PRI voice gateway and that uses DSPs of an ATM AIM to place the voice calls.
Workaround: Reboot the voice gateway.
•
Symptoms: Resuming a call that was placed on hold fails on a Cisco CallManager.
Conditions: This symptom is observed when a Cisco CallManager that runs version 4.0 and that is not configured for Message Transport Protocol (MTP) is connected via an IPIPGW to another Cisco CallManager that runs version 4.0 and that is not configured for MTP.
The symptom occurs on the second Cisco CallManager because the IPIPGW sends an incorrect ICT version for the first Cisco CallManager to the second Cisco CallManager and because the IPIPGW drops the non-standard fields in the callproc, alert, and connect messages from the second Cisco CallManager to the first Cisco CallManager.
Workaround: Configure MTP.
•
Symptoms: An SS7 link-state goes into the "PROCESSOR_OUTAGE" state and the link does not recover.
Conditions: This symptom is observed on a link between two gateways when there are active calls in a configuration with multiple OPCs and when a switchover occurs.
Workaround: There is no workaround. Reload the gateways to bring the link back in service.
•
Symptoms: When the codec complexity is changed from flex mode to medium or high complexity mode, a maximum of six signaling channels can be assigned on each DSP in high-complexity mode or a maximum of eight signaling channels can be assigned on each DSP in medium-complexity mode.
If more than six signaling channels are assigned in flex mode and you change to high-complexity mode, the signaling channels beyond six are not reassigned to another DSP after the codec complexity change.
If more than eight signaling channels are assigned in flex mode and you change to medium-complexity mode, the signaling channels beyond eight are not reassigned to another DSP after the codec complexity change.
Conditions: This symptom is observed on a Cisco router that supports flexible DSPs.
Workaround: Use flex mode instead of medium or high complexity mode.
Alternate Workaround: Reload the router after the codec complexity change to enable the signaling channels to be assigned correctly.
•
Symptoms: A voice call fails on a router that is configured with an NM-HDV or NM-2VE network module.
Conditions: This symptom is observed when some of the dialed digits become lost in the call setup phase when FXS or FXO-melcas is configured over an E1 line.
Workaround: When you pick up the phone, wait for two seconds before you start dialing.
•
Symptoms: Disconnecting and reconnecting a Gigabit Ethernet cable on an RPM-XF may cause the TCP/IP connection to be lost on the VISM.
Conditions: This symptom is observed on an RPM-XF that runs Cisco IOS Release 12.2(11)YP or Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: The legacy command syntax to configure an authentication proxy may not function.
Conditions: This symptom is observed when an authentication proxy is configured along with Network Admission Control (NAC).
Workaround: Use the new command syntax to configure an authentication proxy.
•
Symptoms: Traffic does not flow after a switchover in RPR+ mode.
Conditions: This symptom is observed on a Cisco router when distributed LFI over ATM (dLFIoA), QoS, and RPR+ are configured.
Workaround: There is no workaround.
•
Symptoms: A router that functions as an H.323 gateway crashes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when authentication is enabled.
Workaround: Enter the no memory lite command.
•
Symptoms: The "its-CISCO.2.0.1.0.tcl" CCM Express IVR script assumes that a called number is busy when there is another active call connected via the IVR script on the same trunk. As a result, the IVR script plays the "en_dest_busy.au" busy message instead of the "en_welcome.au" welcome message.
Conditions: This symptom is observed for T1 CAS calls only.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Symptoms: A memory leak may occur in the IP RIB update process of a router.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.3(8)T.
Workaround: There is no workaround.
•
Symptoms: A standby RP may reboot when you enable or disable the ip rtp header-compression command on the active RP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T4.
Workaround: There is no workaround.
•
Symptoms: All IPSec sessions may be dropped from a Cisco 7200 series and the router generates the following error messages continuously:
%VPN_HW-1-ERROR: slot: 2 - ENOSPACE tx cmd 2 ring. Head 83, Tail 82, Used 255, buf 0 IPSECcard: an error coming back 0x1510Other symptoms that may occur during this time include the following:
–
–
Conditions: This symptom is observed on a Cisco 7200 series that is equipped with two VPN acceleration modules (SA-VAMs) that are configured for VRF-aware IPSec.
Workaround: There is no workaround. To temporarily clear the symptoms, reload the router.
•
Symptoms: A router crashes when you remove an ATM subinterface.
Conditions: This symptom is observed when the subinterface is configured with a LANE client that is configured for Multiprotocol over ATM (MPOA).
Workaround: There is no workaround.
•
Symptoms: IP inspection for SIP traffic fails.
Conditions: This symptom is observed when there is an access control list applied on an inside interface.
Workaround: There is no workaround.
•
Symptoms: An EZVPN tunnel does not come up and becomes stuck in the "VALID_CFG" state even though the tunnel is configured to come up automatically.
Conditions: This symptom is observed on a router that is rebooted with EZVPN enabled on an interface.
Workaround: Unconfigure and reconfigure EZVPN on the interface.
•
Symptoms: Modem relay over TCCS works fine when you save the configuration and reload the router. However, a modem call goes into pass-through mode when you enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.
Conditions: This symptom is observed on a Cisco 3700 series that functions as a voice gateway.
Workaround: After the router has booted, do not enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the trunked voice port.
•
Symptoms: When you send traffic via a VIP on a Cisco 7500 series, the VIP crashes because of memory corruption.
Conditions: This symptom is observed when the Cisco 7500 series is configured for dLFI over a leased line.
Workaround: There is no workaround.
•
Symptoms: A Cisco RPM-XF is reset by the PXM because of an SCM poll timeout. A PCI information file is generated in the bootflash memory just before the Cisco RPM-XF resets.
Conditions: This symptom is observed when a PCI error interrupt occurs along with SDRAM parity errors that are continuously serviced.
Workaround: There is no workaround.
•
Symptoms: All IPSec sessions may be dropped from a Cisco 7200 series and the router generates the following error messages continuously:
%VPN_HW-1-ERROR: slot: 2 - ENOSPACE tx cmd 2 ring. Head 83, Tail 82, Used 255, buf 0 IPSECcard: an error coming back 0x1510Other symptoms that may occur during this time include the following:
–
–
Conditions: This symptom is observed on a Cisco 7200 series that is equipped with two VPN acceleration modules 2 (SA-VAM2s).
Workaround: There is no workaround. To temporarily clear the symptoms, reload the router.
•
Symptoms: A Cisco RPM-XF resets when you enter the clear ip mroute * command repeatedly.
Conditions: This symptom is observed when the Cisco RPM-XF is configured for low speed.
Workaround: There is no workaround.
•
Symptoms: PIM neighbors continue to flap after you have reloaded microcode.
Conditions: This symptom is observed on a Cisco MGX 8850 series RPM-XF that runs Cisco IOS Release 12.3T.
Workaround: Enter the clear ip mroute * command to clear the symptoms.
•
Symptoms: A router may shown a warning message similar to the following:
%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000Conditions: This symptom is observed on a router that is configured for Cisco IOS Firewall.
Workaround: Configure a reduced maximum fragment, maximum reassembly, and timeout value in the ipv6 virtual-reassembly command, as in the following example:
ipv6 virtual-reassembly max-fragments 2 max-reassemblies 5 timeout 1
•
Symptoms: A ping from a home agent (HA) to a mobile access router (MR) fails with CEF is enabled on the foreign agent (FA).
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when the MR or the mobile node (MN) roams to another interface on the same FA.
Workaround: There is no workaround.
•
Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.
Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.
Workaround: There is no workaround.
•
Symptoms: After a router is rebooted, a tunnel interface does not acquire the IP address of the async serial interface that is the tunnel source.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(8)T3.
Workaround: Enter the tunnel source interface-type interface-number command on the tunnel interface.
•
Symptoms: A Cisco 3745 may display the following error message:
%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on Foreign Exchange Station 3/0/0. Msg id=00, Len=36Conditions: This symptom is observed on a Cisco 3745 that functions as a VoIP dial peer and that is configured with FXS ports that function in connection trunk mode and that are not configured for VAD.
Workaround: Configure VAD and reload the router.
•
Symptoms: When a router has the moh-live dn-number out-call command enabled with 1234 for the dn-number argument and 9876 for the out-call argument, the outcall to an FXO port does not occur. Only when the router is manually placed into SRST mode does the outcall occur.
Conditions: This symptom is observed on a Cisco 2800 series that is configured as a MGCP gateway.
Workaround: Place the gateway into SRST mode, force the outcall to the live feed, then place the router back into MGCP mode.
Further Problem Description: This caveat is an enhancement to the MOH Live-Feed Support feature. The fix for this caveat ensures that MoH works in any configuration, not only when the router functions in SRST mode.
•
Symptoms: A Cisco 831 may display the following message on the console:
pktFlowLink() logic error, pMatch and pEmptySlotConditions: This symptom is observed very rarely after the router has been up for a long time. The functionalities of the router are not affected.
Workaround: There is no workaround.
•
Symptoms: There may be a large latency in responding to EAPoUDP events from a host, causing the idle timer to expire and network access for users to be delayed.
Conditions: This symptom is observed on a Cisco router that is configured for Network Admission Control (NAC).
Workaround: There is no workaround.
•
Symptoms: A VIP on a Cisco 7500 series may crash.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoFR when traffic is sent through the VIP.
Workaround: There is no workaround.
•
Symptoms: An MPLS LSC fails to set up a cross connection between an XTagATM interface on an RPM and an XTagATM interface on an AXSME service module.
Conditions: This symptom is observed on a Cisco MGX 8850 that functions as an MPLS LSC but may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: A router reloads when you remove the ip address dhcp command.
Conditions: This symptom is observed when the interface on which the ip address dhcp command is configured is also configured to perform an IETF DDNS update.
Workaround: Do not update the IETF DDNS.
•
Symptoms: A Cisco 7500 series may crash when you enter the clear virtual-access command on a peer router.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM and that is connected to a Cisco 7200 series that functions as a peer router to the Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: The output of the show voice call summary command does not show the correct codec for a fax call.
Conditions: This symptom is observed on a Cisco router when the fax protocol t38 and the modem passthrough dial-peer configuration commands are enabled. The output of the show voice call summary command should show "14400" rather than "7200". However, the fax call goes through fine.
Workaround: There is no workaround.
•
Symptoms: There is no voice path.
Conditions: This symptom is observed when a call is hunted from one FXS POTS dial peer to another FXS POTS dial peer because there is no answer.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for Cisco CallManager Express (CME) crashes intermittently during a period of two to three weeks with a "TclEvalByteCodeFromObj" SegV exception.
Conditions: This symptom is observed under normal operation when the router functions without a high CPU load.
Workaround: There is no workaround.
•
Symptoms: The following tracebacks may be generated when VFR handles fragmented packets:
%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 0 data 6472EE80
chunkmagic 0 chunk_freemagic 6484FA7C
-Process= "IP Input", ipl= 4, pid= 60Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.11)T1. The symptom may also occur on a Cisco 2651XM.
Workaround: There is no workaround.
•
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-ERROR: slot: 0 - ENOSPACE tx cmd 2 ring. Head 235, Tail 234, Used 255, buf 0
IPSECcard: an error coming back 0x1510
%CRYPTO-3-CONNID_ALLOC_FAIL: Crypto engine failed to allocate a connection ID for negotiation from
10.0.0.1 to 10.0.0.2
%SYS-2-MALLOCFAIL: Memory allocation of 20000 bytes failed from 0x60021B4C, alignment 0
Pool: Processor Free: 6093876 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Crypto IKMP", ipl= 0, pid= 169 -Traceback= hex numbersConditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN-BPII-PLUS, AIM-VPN/EPII, AIM-VPN/EPII-PLUS, AIM-VPN/HPII or AIM-VPN/HPII-PLUS Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM).
Workaround: There is no workaround.
•
Symptoms: No IPS alerts are generated.
Conditions: This symptom is observed when an IPS rule is configured wit ACL logging. The symptom occurs because ACLs logging functions at process context only. For any IPS rule with ACL logging in the following configuration, the packets are not processed in fast path or CEF path:
access-list 100 permit any 192.168.1.0 0.0.0.255 log
ip ips name test list 100Workaround: Do not configure ACL logging. Instead, for example, enter the following command:
access-list 100 permit any 192.168.1.0 0.0.0.255
•
Symptoms: Path MTU discovery fails.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T5 and that is configured for PPP, HDLC, and miscellaneous features over a WAN tunnel that use IP as the transport protocol.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3640 may hang when you configure PRI signaling.
Conditions: This symptom is observed inconsistently on a Cisco 3640 that runs Cisco IOS Release 12.3(11)T3.
Workaround: There is no workaround. Power-cycle the router to bring it back up.
•
Symptoms: When the buffered calling name functionality is enabled, calls from an ISDN gateway to a SIP device do not reflect correct screening and presentation indicators (as set in Octect3A by the originating switch) in the Remote-Party-Id header of an outgoing INVITE message. In addition, the gateway does not include the calling number in the Remote-Party-Id.
Conditions: This symptom is observed for calls that come from the PSTN via an ISDN gateway to a SIP device when the buffered calling name functionality is enabled so that the gateway has to wait for an ISDN FACILITY message for the calling name information before it can send an INVITE message.
Workaround: Disable the buffered calling name functionality.
•
Symptoms: Some calls may go as modem-passthrough rather than modem-relay.
Conditions: This symptom is observed on a Cisco gateway either when a DSP does not detect a CM tone or when an ANSam tone is not received correctly.
Workaround: There is no workaround.
•
Symptoms: End-to-end connectivity is broken in a basic EoMPLS configuration even though the VC on a PE router in the UP state.
Conditions: This symptom is observed on a Cisco router that functions as a PE router in a configuration in which packets are sent from a CE router on one end, are processed correctly through the PE router, but fail to reach the CE router on the other end.
Workaround: Enter the shutdown command followed by the no shutdown command on the VC on the PE router.
•
Symptoms: Traffic, including cell-based MPLS traffic, may be affected (that is, traffic may be dropped, or its behavior may be modified) after you have modified a QoS policy map that is already attached to an interface by way of adding a new class or deleting an existing class.
Additionally, when a cell-based interface is affected by the above-mentioned symptom, traffic on other switch subinterfaces may also be affected even though the same policy map is not applied to these subinterfaces.
Conditions: These symptoms are observed on when the following conditions are present:
–
–
–
Workaround: To prevent the symptoms form occurring: enter the shutdown command on the interface before you modify the policy map. Enter the no shutdown command after you have modified the policy map.
Alternate Workaround: When the symptom has occurred and the interface is already affected, enter the shutdown command followed by the no shutdown command on all affected subinterfaces.
•
Symptoms: The transfer rate of data through a modem may be slightly less than the expected value of 1200 bytes/sec. The rate varies from 974 bytes/sec to 1122 bytes/sec.
Conditions: This symptom is observed when the modem sends the data over an AAL2 trunk of Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1.
Workaround: There is no workaround.
•
Symptoms: The CISCO-CDP-MIB is missing.
Conditions: This symptom is observed only on a Cisco 831.
Workaround: There is no workaround.
•
Symptoms: A Cisco 831 may run out of memory and reload.
Conditions: This symptom is observed on a Cisco 831 that is configured for DMVPN and other security features such as Cisco IOS firewall, NAT, and CBAC.
Workaround: There is no workaround.
•
Symptoms: Fragmented DNS packets fail.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1 when inside static NAT is configured.
Workaround: There is no workaround.
•
Symptoms: You cannot turn off the comfort noise that is generated by a DSP by entering the no comfort-noise voice-port configuration command.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway and that is a configured with a network module or DSP module that uses 5510 DSPs such as an NM-HD-2V, NM-HDV2, and PVDM.
Workaround: There is no workaround.
•
Symptoms: In a point-to-point connection setup, the ATM interface on a Cisco 3660 may become stuck, causing packets to be dropped.
Conditions: This symptom is observed under unique test conditions with a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.4)T1. The symptom is not reproducible with a manual configuration.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected ATM interface or recreate the PVC.
•
Symptoms: When IP header compression is enabled on a PPPoATM or PPPoFR interface, compressed packets are not correctly classified by any QoS policy that has been applied to the supporting ATM or Frame Relay PVC.
Conditions: This symptom is observed when CRTP is enabled on the virtual-template interface via the service policy command or ip rtp header-compression command and when the IP RTP Priority feature is enabled in the PVC policy.
Workaround: There is no workaround.
•
Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway that has the garbage detector (a tool that is used for debugging memory leaks) enabled may hang indefinitely.
Conditions: This symptom is observed when you enter the garbage detector-related show memory debug leaks command or show memory debug incremental leaks command.
Workaround: There is no workaround.
•
Symptoms: The output of the show call active fax brief command shows output even when a fax call over a connection trunk is switched back to voice mode. In addition, the output of the show call history fax brief command shows no call leg even when the last fax call is successful and the output may not be updated for a second call and subsequent calls. However, the is no impact on the success of the calls.
Conditions: This symptom is observed on a Cisco 3700 series that is configured for VoIP and fax.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reloads because of a bus error at an address that falls just short of the I/O memory range such as address 0x4E7FD5B8, whereas the iomem address starts at 0x4E800000.
Conditions: This symptom is observed when the router has some of the following security feature commands enabled on one or more interfaces:
ip nbar protocol-discovery
ip virtual-reassembly
ip access-group in
ip access-group out
ip inspect in
ip inspect out
ip ips in
ip ips out
auto discovery qos
crypto map
Workaround: Remove the ip access-group out command.
•
Symptoms: The maintenance mode on a Cisco AS5850 that is configured for RPR+ may not function.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open•
Symptoms: A router reloads when you connect a third-party USB card reader.
Conditions: This symptom is observed when you connect a third-party USB card reader to the USB ports of a Cisco 2851 and Cisco 3845. It does not matter whether or not there is compact flash card in the USB card reader.
Workaround: There is no workaround.
•
Symptoms: When you enter the following commands on the Fast Ethernet port of an NM-16ESW network module, the router may crash:
ip dhcp client hostname
no switchport mode
switchport mode
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series in which an NM-16ESW network module is installed.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: The DHCP interface address is not switched when you enter the ip dhcp smart-relay command.
Conditions: This symptom is observed on a Cisco platform that has the VRF-aware DHCP feature enabled.
Workaround: There is no workaround.
•
Symptoms: A Service Selection Gateway (SSG) that is deployed in a GPRS access environment and that is configured for L2TP tunnel service with an extended autodomain may reload when duplicate GPRS PDP context create requests are sent.
Conditions: This symptom is observed when the PDP context create requests contain the static addressing, that is, the IP address of the MS instead of all zeros in the end user address field.
Workaround: There is no workaround. Note that for corporate access through a GPRS access-based solution using SSG, generally dynamic addressing is used. With dynamic addressing, the end-user address field is sent with all zeros and the corporate network provides the address, and the symptom does not occur.
•
Symptoms: When MLP is configured and when the policy map of a CE router does not have a real-time class map configured in its output policy map, TCP packets are policed incorrectly. This situation may affect the traffic throughput.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that functions as a PE router and that runs Cisco IOS Release 12.3(11)T3 or releases later than Release 12.3(2)T6. The symptom occurs when TCP packets are sent via class-b data with 73 bytes of payload from a CE router to a PE router.
When the output policy map of the CE router does not have a real-time class map configured, the PE router shows that the 73-byte packet requires three ATM cells instead of just two ATM cells.
When the output policy map of the CE router does have a real-time class map configured, the PE router shows that the 73-byte packet requires two ATM cells, as it should be.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series may crash when you configure the interface of an NM-16ESW.
Conditions: This symptom is observed when you enter the ip rsvp bandwidth command on FE port 1/10 of the NM-16ESW and then you enter the no switchport mode command followed by the switchport mode command.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: A Cisco MGX RPM-XF resets because a PCI retry counter expires.
Conditions: This symptom is observed when a Galileo PCI interrupt is asserted on SAR command timeouts.
Workaround: There is no workaround.
•
Symptoms: The output queue of a Fast Ethernet back card of a Cisco MGX RPM-XF may be stuck at 40/40.
Conditions: This symptom is observed when the Cisco MGX RPM-XF runs Cisco IOS Release 12.3(2)XZ and when the interface of the Fast Ethernet back card is configured in half-duplex mode and is connected to a hub. This symptom may also occur in Release 12.3T.
Workaround: Clear the affected interface of the Fast Ethernet back card by entering the clear interface fastethernet slot/port command.
•
Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.
Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.
•
Symptoms: A Cisco 2800 series that is configured for software or hardware encryption and CBAC may reload.
Conditions: This symptom is observed when IPSec SAs and CBAC sessions are established and when the traffic is blocked by an ACL on the outgoing WAN interface of a neighboring crypto router. When you send encrypted traffic from the neighboring crypto router to another router via the Cisco 2800 series, the Cisco 2800 series reloads.
Workaround: Permit the encrypted traffic on the outgoing interface of the neighboring crypto router.
•
Symptoms: When an input policy is defined on a Cisco 7500 series, counters do not increment.
Conditions: This symptom is observed when dLFIoFR QoS is configured in the egress path on the router.
Workaround: There is no workaround.
•
Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.
Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:
–
–
–
Workaround: Remove the fax pass-through configuration.
•
Symptoms: The IPSec idle timer does not delete an inactive IKE SA.
Conditions: This symptom is observed when the timer expires. IPSec SAs are properly deleted but the IKE SA is left up.
Workaround: There is no workaround.
•
Symptoms: An H.323 modem call is dropped rather than processed via modem pass-through.
Conditions: This symptom is observed when modem relay is configured on both the originating gateway (OGW) and the terminating gateway (TGW), when the OGW is configured for high complexity, and when the TGW is configured with a modem card in which an NM-HDV network module is installed.
The expected behavior is that the modem call passes as a modem pass-through call because modem relay is not supported on a modem card.
Workaround: There is no workaround.
•
Symptoms: E1R2 SS7 calls fail and a traceback is generated on a Cisco AS5400.
Conditions: This symptom is observed on a Cisco AS5400 when you bring up more than one E1R2 SS7 call. However, when you bring up only a single call, the call is successful and stable for the call duration.
Workaround: There is no workaround.
•
Symptoms: A traceback is generated when multicast traffic is flowing.
Conditions: This symptom is observed when PIM is enabled on multiple interfaces and when the counters are cleared.
Workaround: There is no workaround.
•
Symptoms: There is no hornbook tone from a second ephone in a hunt group when the ringing of the first ephone in the hunt group times out and the call is forwarded to the second ephone.
Conditions: This symptom is observed when a TCL IVR application is configured on an incoming POTS dial peer.
Workaround: There is no workaround.
•
Symptoms: The IPSec Path Maximum Transmission Unit (PMTU) is not updated correctly when the IP MTU of the underlying physical interface is changed. When the IP MTU of the physical interface is changed to a smaller size, fragmentation may occur.
Conditions: These symptoms are observed when you configure a crypto map on tunnel interfaces that use the IP address of the physical interface as the tunnel source.
Workaround: There is no workaround. However, when the IP MTU of the physical interface is not changed, IPSec traffic should not be negatively affected.
•
Symptoms: A router may crash when a certificate server is removed while the certificate storage is inaccessible.
Conditions: This symptom is observed under the following conditions:
–
–
–
Workaround: Do not remove the Cisco IOS Certificate Server via one Telnet or console session while the Cisco IOS Certificate Server is busy processing a CLI in another Telnet or console session.
•
Symptoms: Configuring an AUX port through a non-slotted notation such as "interface async 1" may not be possible a Cisco 1841 and a Cisco 2801.
Conditions: This symptom is observed on a Cisco 1841 and Cisco 2801 that run Cisco IOS interim Release 12.3(11.9)T or a later release.
Workaround: Configure the AUX port through the slotted notation such as "interface async 0/0/0".
•
Symptoms: A gateway attempts to register with a gatekeeper more than once but fails, and the following error message and tracebacks are generated:
CCH323-2-GTWY_REGSTR_FAILED: Gateway egsin-3845-vw@cisco.com failed to register with Gatekeeper egsj-3745-gk even after 2 retriesConditions: This symptom is observed on a Cisco router that functions as an H.323 gateway when you manually shut down the interface through which the gatekeeper is reachable.
Workaround: There is no workaround.
•
Symptoms: The line protocol on a serial link stays down and input CRC errors are generated.
Conditions: This symptom is observed when a T1 WIC is connected to a 56K DSU WIC via a switch and mux, when the switch provides the clock, and when the network-clock-select command is enabled on the T1 WIC side to route the clock to the TDM backplane.
Workaround: There is no workaround.
•
Symptoms: Accounting does not start after a tunnel goes down and comes back up again.
Conditions: This symptom is observed when multiple clients are connected to a head-end router through a platform that is configured for NAT.
The tunnel interface should be down when clients try to re-key an IPSec SA and accounting should fail. After the permitted number of re-key attempts, the IKE SA and peer structures should be eliminated. However, when the tunnel interface goes up and IKE negotiation starts again, accounting should also start again.
Workaround: There is no workaround.
•
Symptoms: EEM Tcl policies leak a significant amount of memory every time they run.
Conditions: This symptom occurs because the memory model that is currently implemented in Cisco IOS software that supports Tcl assumes a single threaded model in which global memory is not released when the Tcl script completes.
Workaround: There is no workaround.
•
Symptoms: In a test in which an ACL is triggered by EzVPN, a tunnel does not come up for interesting traffic.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(12.12)T5.
Workaround: There is no workaround.
•
Symptoms: A T.37 fax fails on a Cisco 2800 series because of clocking problems with a BRI. The fax that is sent or received via the BRI may be incomplete with cut pages or a part lost. About 40 to 50 percent of the faxes fail.
Conditions: This symptom is observed in the following topology:
A fax is sent from a fax machine via the PSTN to a BRI on a Cisco 2800 series. The Cisco 2800 series connects via an IP interface to an SMTP mail server.
Workaround: There is no workaround. Note that a fax that is sent via FXS instead of via a BRI goes through fine.
•
Symptoms: A Cisco 3745 reloads when you enable the proxy.
Conditions: This symptom is observed on a Cisco 3745 that functions as a gatekeeper.
Workaround: Disable the proxy mode.
•
Symptoms: A crypto tunnel is in the DOWN state after a Cisco 7200 series crashes because of a valid freeblock memory corruption.
Conditions: This symptom is observed when you change the Cisco IOS software image on the Cisco 7200 series from Release 12.3(8)T4 to Release 12.3(8)T7.
Workaround: There is no workaround.
•
Symptoms: Labeled packets drop when a crypto map is applied on an egress interface.
Conditions: This symptom is observed when the egress interface is configured for MPLS.
Workaround: There is no workaround.
Further Problem Description: While generating labeled packets from the router on which the crypto map is applied, the output of the debug ip packet access-list-number command shows the following information:
IP: tableid=1, s=10.1.1.1 (local), d=10.1.2.1 (GigabitEthernet0/2),routed via FIB
IP: s=10.1.1.1 (local), d=10.1.2.1 (GigabitEthernet0/2), len 100,sending
IP: s=10.1.1.1 (local), d=10.1.2.1 (GigabitEthernet0/2), len 100,output crypto map check failed.•
Symptoms: A packet is dropped because of a CEF encapsulation failure.
Conditions: This symptom is observed when the packet passing through a GRE tunnel interface.
Workaround: Turn off CEF switching on the GRE tunnel interface.
•
Symptoms: A SAR ucode reload is not recorded.
Conditions: This symptom is observed on a Cisco MGX RPM-XF when you enter a command that causes a reload of the SAR microcode.
Workaround: Check the log for references to the SAR ucode reload.
•
Symptoms: A VIP may crash at "ct3sw_rx_interrupt" when dMLFR is configured on the RSP.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a channelized T3 port adapter.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that runs Cisco IOS Release 12.3T may reload when the ATM interfaces are swapped.
Conditions: This symptom is observed when an ATM IMA port adaptor is removed and a PA-A3 port adaptor is inserted in the same slot and when there is at least one PVC configured that has the inarp enabled.
Workaround: There is no workaround.
•
Symptoms: After you have reloaded a Cisco 3745 that is configured with ATM AIM cards and that has a startup configuration that includes BERT functionality, a software-forced reload may occur on the router and the router does not come up.
Conditions: The symptom is observed on a Cisco 3745 that runs Cisco IOS interim Release 12.3(12.12)T1 when the codecs that are included in the startup configuration are LLCC. The software-forced reload does not occur after you have reloaded the router with the default configuration, that is, when codec information is not included and when ATM AIM cards are not configured. The router crashes only when all the voice ports are initialized and ATM AIM cards are in use.
Workaround: There is no workaround.
•
Symptoms: Routers generate tracebacks during a test with call setup and random call failures.
Conditions: This symptom is observed on Cisco 7xxx routers when E1R2 signaling is configured and when line signaling is used for the analog service.
Workaround: There is no workaround.
•
Symptoms: A VWIC multiflex trunk controller that has the alarm trigger-blue command enabled may not come up.
Conditions: This symptom is observed when you boot a Cisco 3745 that runs Cisco IOS Release 12.3(7)T6.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected controller after the router has booted.
•
Symptoms: A Cisco router that is configured for SSG may reload when you configure a local service profile.
Conditions: This symptom is observed when the local service profile is configured with more than 150 service network entries.
Workaround: There is no workaround.
•
Symptoms: A TDM connect failure occurs and tracebacks are generated, causing voice call failures.
Conditions: This symptom is observed when Voice over IP (VoIP) is configured on a Cisco 7200 series and a Cisco 7500 series, when the signaling is E1 R2 analog with medium complexity, when you change the framing from CRC4 to non-CRC4 on the E1 controllers, and when you enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the E1 controllers of both the Cisco 7200 series and the Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: The PRI voice-call path confirmation may fail and a %DSMP-3-DSP_TIMEOUT message may be generated.
Conditions: This is symptom is observed on a Cisco 3660 while PRI voice calls are made.
Workaround: There is no workaround.
•
Symptoms: The G.728 codec calls fail on a SIP call leg of an IPIPGW.
Conditions: This symptom is observed when the G.728 codec is configured on the SIP leg and when a "ptime" translation error occurs.
Workaround: There is no workaround.
•
Symptoms: Though an active call disconnects, the SCCP connection is not torn down.
Conditions: This symptom is observed on a Cisco platform that functions as an IPIPGW only after you reload the router and test transcoding for the first time. The SCCP connection exists for a long duration or until you enter the no sccp command.
Workaround: Enter the no sccp command to tear down the SCCP connection.
•
Symptoms: A "Diagnostic Minor Error" may occur on a Multiprocessor WAN (MWAN) application module and processor 6 ("complex 0") may fail to come up on the MWAM application module. This situation causes only four processor to be up and one processor to remain inaccessible.
Conditions: This symptom is observed when the MWAN application module runs a GGSN image.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS IPv6 firewall may crash and generate the following error message:
%ALIGN-1-FATAL: Illegal access to a low addressConditions: This symptom is observed when you enter the clear ipv6 inspect all command while many TCP sessions are being created.
Workaround: Prevent that so many TCP sessions are created: limit the session creation rate to 200 sessions per minute by lowering the onemin threshold for the IPv6 firewall via the ipv6 inspect onemin high 200 command.
•
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•
Symptoms: A memory leak may occur in the in SDP library on an IPIPGW.
Conditions: This symptom is observed when a fax call is made between a platform that is configured for SIP and a platform that is configured for T.38 H.323.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform may unexpectedly reload while attempting to resequence an access list.
Conditions: This symptom is observed when you delete a few ACEs and then immediately enter the ip access-list resequence access-list-name starting-sequence-number increment command.
Workaround: There is no workaround.
•
Symptoms: When AAA accounting is configured for an EZ-VPN server, the EZ-VPN server may stop sending periodic updates for an idle client. When the symptom occurs, the output of the show aaa sessions command shows that the user name is not available for the idle client. The user name appears to be lost.
Conditions: This symptom is observed on a Cisco 7200 series that functions as an EZ-VPN server and that runs Cisco IOS Release 12.3(8)T or a later release. The symptom may not be release-specific.
Workaround: Add an IPSec idle time of a shorter duration than the IPSec lifetime to enable idle clients to send stop records.
•
Symptoms: A bargeinable prompt aborts right after it starts playing, almost as if it is being barged in to.
Conditions: This symptom is observed in the following scenario with an application that requests DTMF input using two to four digits with an asterisk as the termination character:
–
–
–
–
Workaround: Make the .wav files non-bargeinable.
•
Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.
Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.
Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.
•
Symptoms: A disconnect event is not thrown or caught on a Cisco AS5400.
Conditions: This symptom is observed when the platform functions under a heavy load with a large number of calls that are disconnected from the gateway during VXML page execution. The disconnect event may not be thrown or get caught by the catch blocks of the root document.
Workaround: There is no workaround.
•
Symptoms: A Cisco 837 may report a memory leak in the I/O pool caused by a buffer leak in the VeryBig buffer pool.
Conditions: This symptom is observed on a Cisco 837 that runs Cisco IOS Release 12.3(11)T2, that is configured for IPSec, and that receives SNMP pols from a server.
Workaround: Stop the SNMP pols that check the operational status (via the ifOperStatus object) and administrative status (via the ifAdminStatus object) of the interfaces on the router. Alternatively, temporarily disable SNMP on the router.
•
Symptoms: When a voice call is made, a spurious memory access may occur on a Cisco AS5400 or the Cisco AS5400 may reload unexpectedly because of a bus error.
Conditions: These symptoms are observed in the following Cisco IOS software releases:
–
–
Workaround: Enter the no voice-fastpath enable command to prevent the symptoms from occurring.
•
Symptoms: SSG subscribers that are connected on a downlink VRF are not able to access SSG open garden services.
Conditions: This symptom is observed when downstream traffic from the open garden service to the subscriber is routed using the global routing table and is dropped when it appears to be unroutable.
Workaround: Add a route to the subscriber IP address in the global routing table.
Alternate Workaround: Do not bind the interface to the open garden service as an uplink interface and enable VRF-based NAT to translate the subscriber IP address to a global IP address.
•
Symptoms: A Cisco 2800 series that is configured for encryption, CBAC, and IPS crashes and reloads during the inspect process.
Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS interim Release 12.3(12.12)T2 when it functions under a heavy load of mixed application traffic and IP telephony traffic.
Workaround: There is no workaround.
•
Symptoms: An AIM that is installed in a Cisco 2851 or Cisco 3845 may time out when it receives non-multiples of a 64-bits public key from a third-party vendor router. This situation causes the router to crash rather than verifying the key.
The Cisco 2851 crashes because of a memory corruption. The Cisco 3845 crashes because of an "ALIGN-1-FATAL" bus error.
Conditions: This symptom is observed on a Cisco 2851 and Cisco 3845 that run Cisco IOS Release 12.3(11)T3.
Workaround: Ensure that the AIM receives multiples of the 64-bits public key.
Alternate Workaround: Disable the AIM hardware encryption by entering the no crypto engine aim 0 command. Doing so causes onboard encryption to occur.
•
Symptoms: A Cisco router on which URL filtering is used may reload because of memory corruption.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(7)XR3 or interim Release 12.3(7.11)T.
Workaround: There is no workaround.
•
Symptoms: A security gateway may crash when ISAKMP accounting is enabled at aggressive time intervals such as 1-minute updates.
Conditions: This symptom is observed when ISAKMP accounting is enabled at very frequent update intervals together with ISAKMP NAT-T.
Workaround: Use ISAKMP accounting timers with a longer duration.
•
Symptoms: A router that is configured for SSG intermittently resets itself and generates a spurious memory access.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T with a prepaid or proxy service that has an idle or session timeout configured in the service profile.
Workaround: There is no workaround.
•
Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.
Conditions: This symptom is observed for post-paid users.
Workaround: There is no workaround.
•
Symptoms: IP data traffic does not pass via MLP.
Conditions: This symptom is observed on a Cisco 3825 that runs the c3825-advsecurityk9-mz image of Cisco IOS Release 12.3(11)T3 when STAC compression on an AIM-COMPR4 fails.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 may reload when an IP phone is placed on hold.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(11)T4.
Workaround: There is no workaround.
•
Symptoms: When calls are made from an IP phone to the PSTN and when the PSTN side transfers the call to another PSTN number, one-way audio occurs. The IP phone caller can hear the new PSTN callee, but the PSTN callee cannot hear the IP phone caller.
There is no pattern to the number of calls that fail, but eventually the router to which the IP phone is connected has CPU high utilization and crashes.
Conditions: This symptom is observed on a Cisco 2600XM that runs Cisco IOS Release 12.2(15)ZJ or Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: A severe memory leak occurs when accounting is enabled on a gatekeeper. When all memory has been consumed, the following error message is generated:
%AAA-3-ACCT_IOMEM_LOW: AAA ACCT process suspended: low I/O memoryAfter this message has been generated, you cannot enter any CLI command and calls fail. You must reload the router to recover the lost memory.
Conditions: This symptom is observed on a Cisco router that functions as a terminating gatekeeper and that is placed between a VoIP call generator and an originating gatekeeper that is also connected to a VoIP call generator. The symptom occurs after the following events have occurred:
–
–
–
Workaround: There is no workaround.
•
Symptoms: When calls come in from the PSTN while you manually shut down a BRI of a VIC2-BRI, the Cisco gateway activates ISDN layer 1. This is improper behavior.
Conditions: This symptom is observed on a Cisco gatekeeper that runs Cisco IOS Release 12.3(4)T6 or Release 12.3(11)T3, but could also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A router does not attempt to autoinstall a software configuration via a Frame Relay WAN segment when it receives a response to a DHCP request on an Ethernet LAN, even though the DHCP server does not support autoinstall via TFTP.
Conditions: This symptom is observed when a software configuration is replaced on a failed remote router or installed on a new remote router. The router is connected to an existing Ethernet LAN and a Frame Relay WAN segment. You would expected that the router autoinstalls over the Frame Relay WAN segment because it is supposed to download the configuration from a central TFTP server. However, this does not occur.
When the router has a response to its DHCP request on the Ethernet LAN, it attempts to autoinstall over DHCP. Although the DHCP server does not support autoinstall over DHCP, the router does not attempt to autoinstall over the Frame Relay WAN segment.
Workaround: Prevent the DHCP server from responding to the router's request or ensure that someone is physically present to disconnect the Ethernet LAN link from the router to force the router to autoinstall over the Frame Relay WAN segment. When the router has autoinstalled over the Frame Relay WAN segment, the router should be reconnected to the Ethernet LAN.
•
Symptoms: Pings from a PE router to the Ethernet interface of a CE router fail.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that functions as a PE router and that runs Cisco IOS Release 12.3(2)XZ. The symptom could also occur in Release 12.3T.
Workaround: Clear the IP route.
•
Symptoms: An E1 controller on an MGCP trunking gateway reports Loss of Frames (LOF).
Conditions: This symptom is observed when you configure a Cisco 3660 as an MGCP trunking gateway.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 gateway crashes and reboots at random.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T4 when you run a load test with a Customer Voice Portal (CVP) configuration for one to two hours and then stop the load test and place a single call using an IP phone.
Workaround: There is no workaround.
•
Symptoms: The prompt file that is stored on an HTTP file server and that is invoked by a VXML document is not heard by a caller.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(12.12)T5 when a VXML document attempts to retrieve and render a wav file that is stored on an HTTP file server.
Workaround: There is no workaround.
•
Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.
Workaround: Add another NM-HD-2VE and configure codec complexity medium.
•
Symptoms: When you enter the crypto ipsec client ezvpn command, the platform may crash because of memory corruption and error messages similar to the following may be generated:
validblock_diagnose, code = 10
current memory block, bp = 0x655B127C, memorypool type is Processor data check, ptr = 0x655B12A4
next memory block, bp = 0x655B13C4, memorypool type is Processor data check, ptr = 0x655B13EC
previous memory block, bp = 0x655B10CC, memorypool type is Processor data check, ptr = 0x655B10F4Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T3.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7301 may restart because of a bus error.
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(8)T5 and that is configured for IPSec.
Workaround: There is no workaround.
•
Symptoms: When SSG functions in RADIUS proxy mode, SSG sends the RADIUS Framed IP Netmask Attribute value that it receives from a RADIUS server as the Framed IP Address Attribute value towards a GGSN or CSG downlink RADIUS client.
Conditions: This symptom is observed when the RADIUS Framed IP Netmask Attribute value is less then a 32-bit mask.
Workaround: Avoid using the RADIUS Framed IP Netmask Attribute or use a 32-bit mask value for it.
•
Symptoms: An IP phone line is not released for some calls between Cisco CallManagers.
Conditions: This symptom is observed when calls between the Cisco CallManagers are made via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) that is configured for H.323.
Workaround: There is no workaround.
•
Symptoms: A router may crash because of an unexpected exception to CPUvector 1200.
Conditions: This symptom is observed on a low-end Cisco router such as a Cisco 2650 series that runs Cisco IOS Release 12.3(11)T3 when a basic QoS configuration such as CBWFQ is applied to a legacy dialer interface and when traffic is flowing through this interface.
Workaround: Remove the output service policy from the dialer interface before any traffic goes through the ISDN backup interface.
•
Symptoms: A Cisco 3745 may display the following error message:
%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on Foreign Exchange Station 3/0/0. Msg id=00, Len=36Conditions: This symptom is observed on a Cisco 3745 that functions as a VoIP dial peer and that is configured with FXS ports that function in connection trunk mode and that are not configured for VAD.
Workaround: Configure VAD and reload the router.
Further Problem Description: The above-mentioned information comes from the Release-note enclosure for caveat CSCeg49448. This caveat, CSCsa74911, documents (and corrects) a flaw within the DSP firmware that is observed only in conjunction with the occurrence of caveat CSCeg49448.
•
Symptoms: A Cisco 3825 may display the following error message and traffic is interrupted:
%SBETH-3-ERRINT: GigabitEthernet0/0, error interrupt, mac_status = 0x0000000000840000Conditions: This symptom is observed when multiple users that are connected to a downstream switch attempt to log into network resources across a WAN (traversing the router).
Workaround: There is no workaround.
•
Symptoms: DMVPN sessions fail.
Conditions: This symptom is observed when a Cisco 7200 series that is configured as a DMVPN hub runs out of memory.
Workaround: There is no workaround.
•
Symptoms: The line protocol goes down on an NM-1T3/E3 network module when 2 MB of traffic flows through the NM-1T3/E3 network module.
Conditions: This symptom is observed on a Cisco 3725 router that runs Cisco IOS Release 12.3(11)T3 and that functions as a PE router when the egress interface between the PE router and a CE router is a multilink interface on which an output service policy is configured. The actual E3 link can be configured with PPP or HDLC.
Workaround: Remove the service policy.
Wide-Area Networking
•
Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.
Workaround: There is no workaround.
•
Symptoms: A dialer backup with a serial interface as the primary interface and an ISDN interface as the backup interface fails.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(09.13)T.
Workaround: There is no workaround.
•
Symptoms: An ISDN backup in an MPLS core does not function with tag switching. Packet load-sharing does not occur.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T4 and that is configured with a dialer interface.
Workaround: There is no workaround.
•
Symptoms: A router may crash while performing an SNMP walk on VPDN-related MIB Objects. SNMP get and set operations function fine.
Conditions: This symptom is observed on a Cisco router that is configured with MLP interfaces.
Workaround: Reload the router and do not perform an SNMP walk. Instead use get operations.
•
Symptoms: E1R2 SS7 calls fail to come up when more than one call is made with the following ISDN error:
ISDN Se1/6:15 SC **ERROR**: call_connect: call_id not found, rejecting call ISDN **ERROR**: Module-CCPRI Function-CCPCC_CallConnected Error-Unknown event received in message from L3 or Host: 4FConditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: A router crashes when you enter the no dialer pool-member command on a BRI interface while the interface is up.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the BRI interface before you enter the no dialer pool-member command.
•
Symptoms: Calls fail to connect when they are switched from the primary D channel to the backup D channel.
Conditions: This symptom is observed when you either unplug the cable or shut down the controller of the primary D channel.
Workaround: There is no workaround.
•
Symptoms: A router reloads during the "dial_if" process when you send a packet with a large size.
Conditions: This symptom is observed when the ppp bap callback command is enabled.
Workaround: There is no workaround.
•
Symptoms: The isdn number called enbloc limit interface configuration command is ignored on a gateway is configured for ISDN.
Conditions: This symptom is observed on a Cisco gateway that has a VIC2-2BRI installed in an NM-HD-2V network module.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 that is configured for PPPoE relay may reload.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(7)T7.
Workaround: There is no workaround.
•
Symptoms: The Cisco-Avpair attribute does not have the expected value.
Conditions: This symptom is observed when a disconnect cause is not reported correctly after you have cleared PPPoE sessions with the CLI.
Workaround: There is no workaround.
•
Symptoms: PPTP tunnels do not come up.
Conditions: This symptom is observed when VPDN is configured.
Workaround: There is no workaround.
•
Symptoms: TBCT does not function.
Conditions: This symptom is observed when there are two T1 PRI links and you try to transfer a call through the second T1 PRI link.
Workaround: There is no workaround.
•
Symptoms: Drops occur in a class in which the throughput does not oversubscribe the allocated bandwidth for the class.
Conditions: This symptom is observed when multilink Frame Relay is configured along with generic traffic shaping or Frame Relay traffic shaping and when several class maps are configured.
When one class map starts dropping packets because the throughput is greater than the allocated bandwidth (which is normal behavior), drops may also occur in another class map even though this class map is not oversubscribed. The root cause of this symptom is that the bundle is oversubscribed and tx rings are building up, causing excessive misordering that the receiver cannot handle.
Workaround: Configure a fancy queue on the bundle interface through which the traffic is sent.
•
Symptoms: Calls may not go through an E1 or T1 trunk card on a Cisco platform.
Conditions: This symptom is observed after you have performed an OIR of the card.
Workaround: There is not workaround. To recover from the symptoms, reload the platform.
•
Symptoms: The output of the show interfaces multilink command on a Cisco 3845 shows output queue drops on an MLP bundle.
Conditions: This symptom is observed on a Cisco 3845 that runs Cisco IOS Release 12.3(11)T2 and that is configured with multiple WIC-2T cards when at least three 3 T1 links are up.
Workaround: There is no workaround.
•
Symptoms: A call is not placed in a PPP callback scenario after an earlier call went through fine.
Conditions: This symptom is observed when the call is placed through a dialer interface.
Workaround: Clear the dialer interface before each call. If this not an option, there is no workaround.
•
Symptoms: A LNS intermittently routes packets to an incorrect interface in the process-switching path, preventing some applications from working properly. These applications such as ARP, CBAC, and NAT depend on the first packet to go to process-switching for their initialization operation. Consequently, this situation may affect user connectivity to the Internet.
Conditions: This symptom is observed when the next-hop ISP router is connected via static routes and when there is no ARP entry on the LNS.
Workaround: There is no workaround.
•
Symptoms: The Frame Relay encapsulation may be automatically set to "Cisco" even if the encapsulation type is configured to be IETF.
Conditions: This symptom is observed on a Cisco router that has a Frame Relay interface when IP RTP compression is enabled.
Workaround: There is no workaround.
•
Symptoms: When PPP MRRU negotiation is configured in an VPDN scenario, PPP LCP does not accept an incoming CONFACK message at an LNS, causing a call to be disconnected.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T5.
Workaround: There is no workaround.
•
Symptoms: After an LNS failover has occurred, Acct-Start records are missing for L2TP sessions.
Conditions: This symptom is observed in a configuration in which a client connects to a LAC that is connected to two LNSs (LNS1 and LNS2). When a client attempts to establish a PPPoE session, the LAC attempts to bring up an L2TP tunnel to LNS1. When LNS1 fails to respond to the LAC, the LAC fails-over to LNS2, establishes an L2TP session, and forwards the PPP session. The symptom occurs in this fail-over scenario.
The LAC sends an Acct-Stop record when it sends a StopCCN record to LNS1, but no Acct-Start record is sent when the session is established with LNS2. An Acct-Start record should be sent when the session is established, but no Acct-Stop record should be sent when the fail-over occurs.
Workaround: There is no workaround.
•
Symptoms: An LNS router crashes on establishing a large number of PPPoA L2TP sessions.
Conditions: This symptom is observed only when you establish sessions at a high rate. When you attempt to establish 8000 sessions, the router crashes shortly after 5000 sessions are established.
Workaround: Establish sessions at a low rate.
•
Symptoms: A pure TDM call that originates from a PRI side and that is destined for a BRI side fails during the call setup.
Conditions: This symptom is observed only when the ISDN switch type is NI2 in the following topology:
[phone]----[PRI-OGW]----[PRI-BRI-GW]----[BRI-TGW]----[phone]Workaround: Configure any other switch type that NI2 on the BRI link.
•
Symptoms: Calls on B-channels of a trunk group that is configured on NFAS "none" group members time out, and the first channel remains in the proposed state.
Conditions: This symptom is observed only for a trunk group that is configured on controllers of NFAS "none" group members.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(14)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(14)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(14)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The snmp-server host host-address command supports only one host. Adding another host causes the existing host to be overwritten. In addition, when the snmp-server host host-address traps command is enabled, traps are sent to the host but the command does not show in the running configuration.
Conditions: These symptoms are platform-independent and are observed when you use the above-mentioned commands to configure more than one host or to configure the host to receive traps.
Workaround: There is no workaround.
•
Symptoms: A router may crash because of a bus error when the Cisco IOS Login Enhancement feature is enabled.
Conditions: This symptom is observed when the Cisco AutoSecure feature is already enabled.
Workaround: Do not enable the Cisco IOS Login Enhancement feature.
•
Symptoms: When running IP SLA jitter probe with reaction configuration, traps through syslog will not be generated for PacketLossSD.
Conditions: This happens in the normal operation itself.
Workaround: There is no workaround.
•
Symptoms: Because the mean opinion score (MOS) is monitored for the low score value, the threshold trap should be generated when the MOS reaches the falling threshold, but this does not occur.
Conditions: This symptom is observed when the traps are configured for the MOS parameter.
Workaround: There is no workaround. Note that the current implementation does not support monitoring the MOS score for low values (that is, a falling threshold value).
•
Symptoms: When running an SAA/IP SLA jitter operation, a high packet missing-in-action (PacketMIA) value is observed in the results provided for the jitter operation.
Conditions: This symptom is observed when running Cisco IOS Release 12.3T. When the symptom happens, jitter operation timer expiration is shown in the debug message.
Workaround: Configure the jitter operation timer to be much longer than the numberPaks interval.
Resolution: The fix for this caveat provides two new fields for the output of the show rtr command: "Busies: " and "PacketSkipped: ".
•
Symptoms: RTTMON traps are only supported for RTT and not for MOS. Only syslogs traps should be generated for MOS and not the RTTMON traps.
Conditions: This symptom is observed when MOS traps are configured. Only syslogs traps are supported for MOS. RTTMON traps are not supported. The symptom is observed in Cisco IOS software images that contain the fix for caveat CSCef96304.
Workaround: There is no workaround.
•
Symptoms: Several tty lines may become stuck in the "Carrier Dropped" modem state. You can verify this situation by entering the show line line-number EXEC command for an individual line. However, when you enter the show line EXEC command (that is, you do not enter a value for the line-number argument), the output shows that the same tty lines are active (that is, they are in the "*" state):
......
I 2/47 Digital modem - DialIn - - - 7 0 0/0 - Idle
I 2/48 Digital modem - DialIn - - - 7 0 0/0 - Idle
* 2/49 Digital modem - DialIn - - - 5 0 0/0 - Carrier Dropped
I 2/50 Digital modem - DialIn - - - 7 0 0/0 - Idle
I 2/51 Digital modem - DialIn - - - 13 0 0/0 - Idle
I 2/52 Digital modem - DialIn - - - 10 0 0/0 - Idle
......In addition, both the output of the show users EXEC command and the output of the show caller EXEC command do not show a user or caller name or show an incorrect user or caller name. The output of the show caller EXEC command does show that the service is "TTY."
Conditions: These symptoms are observed on a Cisco AS5400 that is configured for modem dialin with PPP and EXEC connectivity and for login authentication via a TACACS+ server.
Workaround: To clear the stuck line, enter the clear port slot/port EXEC command.
•
Symptoms: The following message may be generated on a Cisco RPM-XF:
%SYS-3-MEMLITE: Free lite called for non lite chunk by .0x 40E7F40C.Conditions: This symptom is observed on a Cisco RPM-XF when you boot the platform with Cisco IOS Release 12.3(11)T1. The symptom is also observed when the Cisco RPM-XF runs Release 12.3(11)T1 and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an Xtag interface.
Workaround: There is no workaround. However, you can limit the number of messages that are generated by entering the logging rate-limit command.
•
Symptoms: Traffic does not go properly through an IPSec tunnel: many packets are dropped.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1 or interim Release 12.3(12.12)T2 when software encryption is configured.
Workaround: Use hardware encryption.
•
Symptoms: When you enter the snmp-server host host-address public frame-relay isdn envmon cpu voice snmp global configuration command, the command is saved to the configuration as snmp-server host host-address public frame-relay isdn envmoncpu voice snmp. (Note that "envmon" and "cpu" are saved as "envmoncpu".) When you reload the platform, the command is removed from the configuration because its syntax is improper.
Conditions: This symptom is observed in Cisco IOS Release 12.3(11)T3 and is platform-independent.
Workaround: Enter the snmp-server host host-address public command to enable all the traps.
•
Symptoms: The following message may be generated on a Cisco RPM-XF:
%SYS-3-MEMLITE: Free lite called for non lite chunk by "0x 40E7F40C"Conditions: This symptom is observed on a Cisco RPM-XF when you boot the platform with Cisco IOS Release 12.3(11)T1. The symptom is also observed when the Cisco RPM-XF runs Release 12.3(11)T1 and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an Xtag interface.
Workaround: There is no workaround. However, you can limit the number of messages that are generated by entering the logging rate-limit command.
•
Symptoms: The NAS-Port attribute is incorrect (it is sent as "0") and the NAS port is missing from the Acct Session-Id attribute in RADIUS access requests and accounting requests for connections to a proxy SSG service.
Conditions: This symptom is observed when a PPPoEoE SSG user logs in to an SSG proxy service.
Workaround: There is no workaround.
•
Symptoms: A router crashes because of a SegV exception when you enter the show running-config command via a Telnet session into the router.
Conditions: This symptom is observed on a Cisco 828 that runs Cisco IOS interim Release 12.3(12.12)T3 and that is configured for AAA via a TACACS+ server.
Workaround: Enter the show running-config command on the console of the router.
•
Symptoms: NetFlow cache is not allocated on all port adapters, preventing egress NetFlow from functioning.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Configure ingress NetFlow on an interface of a port adapter that needs NetFlow cache for egress NetFlow.
EXEC and Configuration Parser
•
Symptoms: You cannot configure the atm pppatm passive command on both an ATM main interfaces or ATM subinterfaces.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-is-mz image of Cisco IOS interim Release 12.3(12.12)T1. The symptom also affects the Cisco 7301.
Workaround: There is no workaround.
•
Symptoms: When entering via SSH, view-based users are not authorized to access their view but are authorized according to their corresponding privilege level.
Conditions: This symptom is observed on a Cisco platform that is configured for Role Based Access Control (RBAC).
Workaround: There is no workaround.
•
Symptoms: A router reloads when you attempt to make a call.
Conditions: This symptom is observed after the SPE has been busied out.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A serial interface of a channelized E1, T1, E3, or T3 port adapter may continue to flap when fair queueing is disabled on the interface.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enable fair queueing on the interface.
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: When both VRF and non-VRF processes are configured and both processes have the redistribute command enabled, removal of the redistribute command from one process may also disable redistribution for the other process.
In certain rare cases this condition may also lead to a unexpected reload. This can occur when another routing protocol is attempting do perform certain redistribution operations the with the process that was unintentionally disabled, and this happens at the moment in which the redistribute command was removed.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(27)S or Release 12.3(4)T with redistribution enabled in VRF and non-VRF processes.
Workaround: Reconfigure the redistribute command for the process for which the command should not have been disabled.
•
Symptoms: A router may stop redistributing static routes into BGP.
Conditions: This symptom is observed when the static routes are inserted into the BGP table with a network statement that uses a route map that is configured with the match as-path route-map configuration command.
The symptom occurs because the match as-path route-map configuration command causes a non-BGP route to be denied.
Workaround: Do not use BGP-specific match statements when you source non-BGP routes.
•
Symptoms: Tracebacks that are related to spurious memory accesses may occur and the spurious memory accesses may increase over time. When multicast video streaming is viewed using an IP-TV viewer, this situation causes the browser to hang.
Conditions: This symptom is observed when NAT and multicast configuration on the same router.
Workaround: There is no workaround. To return the browser to normal operation, reload the router.
•
Symptoms: Multipath routes may become stale when the nexthop is unreachable, preventing a ping between two CE router from succeeding.
Conditions: This symptom is observed in a BGP environment when a multipath route is withdrawn.
Workaround: There is no workaround.
•
Symptoms: A router may crash and reload and generate the following error message:
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x609EE524Conditions: This symptom is observed on a router that runs OSPF and that is configured with incremental SPF (ISPF).
Workaround: Disable ISPF by entering the no ispf router configuration command.
•
Symptoms: BGP IPv4 label session continue to flap after an interface between two EBGP peers flaps.
Conditions: This symptom is observed when EBGP IPv4 with labels is configured between two BGP peers. The session comes up fine the first time after you reload one of the BGP peers. After you toggle an interface between the BGP peers, the EBGP session continues to flap because of malformed updates.
Workaround: There is no workaround.
•
Symptoms: When you configure a route map with a NAT feature, the CPU usage of the router may reach 99 percent, the router may reload unexpectedly, or both may occur.
Conditions: These symptoms are observed on a Multiprocessor WAN (MWAN) application module that is installed in a Cisco Catalyst 6000 series or a Cisco 7600 series. However, the symptom may be platform-independent.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: The output of the show bgp ipv6 neighbors ipv6-address | b ly: ipv6 unicast command does not show the peer information. The output provides "BGP IPv6" instead of "IPv6 Unicast" information. However, this is just a display problem and the functionality is not affected.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-js-mz image of Cisco IOS interim Release 12.3(10.3)T3. However, the symptom may not be platform-dependent.
Workaround: There is no workaround.
•
Symptoms: If an ASBR receives a withdraw message, it does not send the withdraw message to any peer, preventing an alternate route from functioning.
Conditions: This symptom is observed when MPLS VPN inter-AS is configured.
Workaround: There is no workaround. To recover from the symptom, enter the clear ip bgp * command on the ASBR.
•
Symptoms: A router that is configured for Optimized Edge Routing (OER) crashes after a %SYS-2-CHUNKBADREFCOUNT error message has been generated.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T when OER is enabled, when OER controls non-exact routes, and when a BGP update to a more exact router occurs.
Workaround: Route control using static routes is not affected by the symptom. To prevent the symptom from occurring in a situation with route control using BGP routes, configure OER to control only exact routes.
•
Symptoms: BGP fails to send an update or withdraw message to some peers when these peers have failed to converge properly after an earlier attempt.
Conditions: This symptom is observed on a Cisco router when you enter the clear ip bgp neighbor-address soft out command while BGP is in the middle of converging. The symptom does not occur when network traffic load is low and BGP has converged.
Workaround: To clear the error condition, enter the clear ip bgp neighbor-address soft out command again. Alternately, enter the clear ip bgp neighbor-address command (that is, without the soft out keyword).
•
Symptoms: Routing inconsistencies may occur in the RIB: routes may be missing from the RIB but may be present in the BGP table.
Conditions: This symptom is observed on a Cisco RPM-XF when the toaster processor crashes. However, the symptom may occur on any platform that has a toaster processor.
Workaround: Enter the clear ip route vrf vrf-name * command.
•
Symptoms: An inside client cannot make an FTP connection to an inside FTP server by using the global IP address of the server.
Conditions: This symptom is observed when a NAT virtual interface is configured on a Cisco router that is the default gateway for the FTP client and FTP server that are both located behind the router.
Workaround: Make a connection by using the local IP address of the FTP server.
•
Symptoms: When overlapping global addresses are configured and when there is a flow entry, the wrong entry may be matched.
Conditions: This symptom is observed on a Cisco platform that is configured for NAT when all five tuples, except the VRF ID, are the same for two flows.
Workaround: There is no workaround.
•
Symptoms: The implementation of IPv6 scope support in the Bootstrap Router (BSR) mechanism may cause interoperability problems.
Conditions: This symptom occurs because the specification of IPv6 scope support in the BSR mechanism has changed in the latest IETF draft: http://www.ietf.org/internet-drafts/draft-ietf-pim-sm-bsr-05.txt
Workaround: Do not use IPv6 scope support in the BSR mechanism.
•
Symptoms: A ping fails in the EXVPN client mode even when the tunnel is established.
Conditions: This symptom is observed only in EXVPN client mode and occurs because of NAT translations.
Workaround: There is no workaround.
•
Symptoms: Routes may still appear in the routing table even after the routes are removed from the BGP table.
Conditions: This symptom is observed on a Cisco platform that functions as a PE router when a CE router stops advertising a BGP route to the PE router. The BGP table reflects the route change but the routing table still indicates that the route is valid.
Workaround: There is no workaround.
•
Symptoms: When a fragmented packet flows from the inside to the outside via a NAT router, the first fragment is translated correctly, but subsequent fragments are transmitted without a destination address translation. This situation causes the communication to fail.
Conditions: This symptom is observed with a fragmented packet when both the source address and the destination address are translated, that is, inside and outside source translation is configured.
Note that the symptom does not occur with an unfragmented packet, or when a fragmented packet flows from the outside to the inside, or with a fragmented packet when either the source address or the destination address is translated.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: When a route map is configured, routes may not be filtered as you would expect them to be filtered.
Conditions: This symptom is observed on a Cisco router that is configured for BGP and that functions in an MPLS VPN environment.
Workaround: There is no workaround.
•
Symptoms: Routes are not redistributed into BGP and network statements to originate routes in BGP do not work.
Conditions: This symptom is observed when the redistribute static command is enabled.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Spurious memory accesses occur on a router that is configured with an NM-ESW-16 network module.
Conditions: This symptom is observed on a Cisco 3700 series during normal operation.
Workaround: There is no workaround.
•
Symptoms: The cisco.mgmt.cns.config-changed event message is not generated when atm pvc commands are configured.
Conditions: This symptom is observed when the CNS configuration notify agent is configured by the cns config notify command and when atm pvc commands are configured.
Workaround: There is no workaround.
•
Symptoms: A Tool Command Language (TCL) script that binds a server socket on the router causes the VTY line to lock up. The connected line locks up, and the script no longer responds to local or remote input.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(7)T but is platform-independent and software-independent.
Workaround: Reload the router to clear the VTY line. To prevent the symptom from occurring, do not user server sockets.
•
Symptoms: Fax relay does not function between H.323 networks with a transcoder.
Conditions: This symptom is observed during interworking between H.323 networks via a Cisco Multiservice IP-to-IP Gateway (IPIPGW).
Workaround: There is no workaround.
•
Symptoms: A router crashes because of a CPUHOG condition in the "Tcl Serv - ttyX" process.
Conditions: This symptom is observed when the router sources a multi-line TCL script that contains a "gets stdin <variable>" command and when you attempt to abort user input by entering Ctrl-c.
Workaround: Terminate user input with a carriage return (Enter) instead of by entering Ctrl-c.
•
Symptoms: When changing a route pattern or destination number, the trunk (or endpoint receiving a new destination number) may be unusable until the gateway is reset.
Conditions: This symptom is observed on a Cisco 3600 series that functions as a gateway.
Workaround: Via the gateway configuration panel, reset the gateway after changing the route pattern or destination number.
•
Symptoms: Some conference parties may not be heard and the conference bridge may become unregistered from a Cisco CallManager.
Conditions: This symptom is observed on a Cisco platform that functions as a conference bridge when one or more of the RTP streams that enter the router use RTP header-compression.
Workaround: Disable RTP header-compression.
•
Symptoms: An extensible authentication protocol-subscriber identity module (EAP-SIM) user cannot log off and reconnect when PBHK is enabled.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG Host Key when an EAP-SIM user logs off and refreshes his browser.
Workaround: There is no workaround.
•
Symptoms: The output of the show policy-map interface interface-name input command shows that more packets are received than the output of the show interfaces type number precedence command.
Conditions: This symptom is observed when traffic is sent between two routers that are configured for MLP and cRTP.
Workaround: There is no workaround.
•
Symptoms: A Cisco RPM-XF sends more data than it should according to the configuration of the priority policy-map class configuration command. Layer-2 policing does not seem to work properly.
Conditions: This symptom is observed when the traffic is sent on a real-time class and is compressed.
Workaround: There is no workaround.
•
Symptoms: DTMF relay stop functioning on a Cisco Multiservice IP-to-IP Gateways (IPIPGW). After DTMF relay works fine, it may start to work uninterruptedly from one side in either direction. When you send a DTMF signal from both directions, the DTMF relay stops functioning on the IPIPGW.
Conditions: This symptom is observed in the following topology:
An IP phone connects to a Cisco CallManager that connects to an IP2IPGW. The IP2IPGW connects to a gatekeeper that connects to a third-party vendor gateway. This gateway connects via MGCP to a VISM that connects via an E1 link to the PSTN.
Workaround: There is no workaround.
•
Symptoms: Conversion from H.323 H.245 alphanumeric characters to RFC-2833 DTMF may fail.
Conditions: This symptom is observed when the Cisco Multiservice IP-to-IP Gateway (IPIPGW) feature is enabled.
Workaround: There is no workaround.
•
Symptoms: A platform that is configured with an IPSec VPN Services Module reloads and generates tracebacks.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series and a Cisco 7600 series that process IPSec traffic when there are many (for example, 4000) IPSec tunnels.
Workaround: There is no workaround.
Further Problem Description: The symptom is caused by an internal race condition that occurs when you attempt to create another IPSec tunnel but run out of internal resources midway.
•
Symptoms: A Cisco MGX RPM-XF sends twice the number of packets that it receives to a connected CE router when Compressed Real-Time Protocol (CRTP) is configured and when the ToS value changes on a particular flow that is being compressed. The receiving CE router is not able to uncompress this traffic because the majority of this traffic is treated as errors.
Conditions: This symptom is observed when the Cisco MGX RPM-XF is configured to perform Segmentation and Reassembly (SAR)-based weighted fair queuing (WFQ).
Workaround: Ensure that a change of the ToS value does not occur during the life of a flow. For example, a Real-Time Protocol (RTP) stream does not have ToS value changes during the life of a flow.
•
Symptoms: A voice call fails on an NM-HDV module.
Conditions: This symptom is observed when the GSMEFR codec is configured by entering the dial-peer voice tag voip command followed by the codec gsmfr bytes 32 command.
Workaround: Change the payload size from 32 to 31 by entering the dial-peer voice tag voip command followed by the codec gsmfr bytes 31 command.
•
Symptoms: A feature board may reload after a switchover.
Conditions: This symptom is observed only on a Cisco platform that is configured for Nitro Interconnect Protocol (NIP).
Workaround: There is no workaround.
•
Symptoms: Dying Gasp support for a WIC-1SHDSLv2 does not function. When the CPE device in which the WIC-1SHDSLv2 is installed loses power, the WIC-1SHDSLv2 is supposed to give out Dying Gasp messages to the central office (CO) where the messages should be displayed. However, this does not occur.
Conditions: This symptom is observed when the CPE device in which the WIC-1SHDSLv2 is installed loses power.
Workaround: There is no workaround.
•
Symptoms: TCP connections may fail on a Cisco 7500 series.
Conditions: This symptom is observed when you enable TCP header compression on a channelized interface of a PA-2CT3 port adapter by entering the ip tcp header-compression command.
Workaround: Disable TCP header compression.
•
Symptoms: A default application fails to connect to a remote TGW during a dial-peer rotary.
Conditions: This symptom is observed in a configuration with two dial peers on an OGW that is configured with Cisco IP phones. When the first dial peer fails to connect to the TGW because the TGW has its interface shut down, the second dial peer, which is configured with a VXML application, attempts to connect to the TGW. However, this attempt fails because of an unexpected disconnection.
Workaround: There is no workaround.
•
Symptoms: Objects of the CISCO-ENTITY-EXT-MIB are not populated.
Conditions: This symptom is observed when you run an SNMP query for the CISCO-ENTITY-EXT-MIB on a a Cisco IAD2431.
Workaround: There is no workaround.
•
Symptoms: A platform that is configured for voice calls may crash or generate a traceback.
Conditions: This symptom is observed on a Cisco platform when RTSP play/record is used in an IVR application and occurs usually when multiple calls are placed.
Workaround: There is no workaround.
•
Symptoms: A watchdog timeout may occur on a Cisco 3845 and the router may reload. The following message is displayed before the router reloads:
Watch Dog Timeout Reset
Conditions: This symptom is observed when you repeatedly enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interfaces of an NM-2FE2W-V2 network module while traffic flows through these interfaces.
Workaround: There is no workaround.
•
Symptoms: Even when policy-based routing is configured on the interface, a router that boots may still reject the ip vrf receive command with the following error message:
% Need to enable Policy Based Routing on the interface firstConditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T and that is configured for VRF selection when the router boots after having been reloaded.
Workaround: Reapply the ip vrf receive command.
•
Symptoms: A PDSN reloads unexpectedly when you remove the cdma pdsn cluster member interface command without configuring the mandatory options for a cluster member such as the controller IP address and SPI.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T3, that functions as a PDSN running PDSN Release 1.2, and that acts as a member in a cluster environment.
Workaround: There is no workaround.
•
Symptoms: An MGCP gateway (GW) does not send a DLCX message with the proper reason code (E:) when an RTP loss occurs because the Ethernet interface through which the RTP transfer occurs on the GW is shut down.
Because the GW does not notify the CA about the RTP loss via a DLCX message with the proper reason code, the CA continues to send MGCP messages to the GW and vice versa in a normal way. However, these MGCP messages do not reach the GW or CA because the Ethernet interface on the GW is shut down, preventing the deletion of existing connections on the GW.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP GW and that has a single interface to the CA and terminating GW.
Workaround: Delete the connections on the MGCP GW manually through MGCP CLIs.
•
Symptoms: A Cisco platform does receive a CRCX request that contains DT/ans information but does not send an NTFY message to an MGCP call agent.
Conditions: This symptom is observed on a Cisco platform that is configured for voice xGCP.
Workaround: There is no workaround.
•
Symptoms: The AToM label holddown period is too short, and AToM traffic may be misdirected.
Conditions: AToM holds down its VC labels for 20 seconds before it releases them to the label manager. These labels are then available for allocation to other protocols or features such as LDP, TE, and MPLS VPNs. However, 20 seconds is not sufficient to guarantee that the AToM peer has properly deleted the entries and may cause AToM VC traffic to be misdirected by the protocol or features to which the freed AToM label is allocated.
Workaround: There is no workaround.
•
Symptoms: A CPU hog message is generated when you enter the show pppoe summary command.
Conditions: This symptom is observed when there are high-scaling unambiguous QinQ sessions and interfaces configured.
Workaround: There is no workaround.
•
Symptoms: An IP authentication proxy dynamic user access control list (ACL) may not be added to an interface ACL.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8)T. Note that the symptom does not occur in Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: NBAR-related messages continue to be generated.
Conditions: This symptom is observed on a router that is configured for DMVPN and NBAR.
Workaround: There is no workaround.
•
Symptoms: The configuration of the client-identifier command disappears from the running configuration of a DHCP server after a few days of uptime.
Conditions: This symptom is observed on a Cisco SOHO97 series that runs Cisco IOS Release 12.3(7)T1, 12.3(8)T, or 12.3(9.2)T and that functions as a DHCP server when a manual binding is configured with the update arp DHCP pool configuration command on the DHCP server and when the authorized arp command is configured on the interface to which the client is connected.
Workaround: Enter the copy startup-config running-config EXEC command.
Alternate Workaround: Use automatic bindings instead of manual bindings for DHCP clients.
•
Symptoms: An HSRP tracking configuration is not accepted when you re-enter the configuration after you first delete it.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.3T.
Workaround: Configure interface tracking by entering the track 100 interface e2/3 line-protocol command. Then, set the HSRP group to track the tracking object number by entering the standby 1 track 100 command.
•
Symptoms: A call fails in a VoIP topology that involves two IPIPGWs with the second IPIPGW enabling the rotary configuration.
Conditions: This symptom is observed when the fast start mode is configured on the first IPIPGW that is connected to the second IPIPGW and when the second IPIPGW goes through the rotary recovery mechanism.
Workaround: Configure the slow start mode on the first IPIPGW instead of the fast start mode.
•
Symptoms: A voice port may stop providing a dial tone and hang, and the following messages appear in the logs:
v4vip_send_cmd:No space in INBOX:free_space(0), cmd_length(3) for dev 0!!! v4vip_active_lo:fail to send SOP RTR cmd for port=0Conditions: This symptom is observed on a Cisco IAD2430 series.
Workaround: Reload the router.
•
Symptoms: Calls to a SIP gateway may fail.
Conditions: This symptom is observed on a Cisco router that functions as a SIP gateway when there are escape characters in the user portion of the Request-URI, as in the following example:
INVITE sip:929252175123%23%23@<ip address>:5060 SIP/2.0In this example, the escape character is %.
Workaround: Remove the escape characters from the user portion of the Request-URI.
•
Symptoms: The access control entries (ACEs) that are downloaded by the Network Admission Control (NAC) are inserted below the ACEs that are downloaded by the authentication proxy. This situation causes authentication difficulties.
Conditions: This symptom is observed when both an authentication proxy and NAC are configured on the same interface.
Workaround: Configure the Cisco ACS server that is used in the configuration in such a way that the authentication proxy does not download any ACEs. Only NAC should install the required ACEs for the session that is being authenticated.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: When several "ip sdf locations" configuration statements on a Cisco IOS IPS device are unconfigured and reconfigured in a new order, the new order does not take effect.
Conditions: This symptom happens specifically when signatures have actually been loaded from one of the configured locations.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: A Route Processor Module-XF (RPM-XF) stops passing traffic after a eBGP session to a connected CE router flaps.
Conditions: This symptom is observed in an MPLS VPN network when all of the following conditions are present:
–
–
–
Workaround: Configure a static VRF route for the subnet that is defined on the interface that connects the CE router and the PE router. Configure the next hop interface for the static route as "Null0" by entering the ip route vrf vrf-name prefix mask interface interface-number distance command with the following arguments:
–
–
–
–
Enabling the redistribute connected command under the BGP configuration on the CE router may reduce the probability of the symptom occurring. When the symptom has occurred, you can recover from the symptom by entering the clear ip route vrf vrf-name 0.0.0.0 0.0.0.0 command on the affected RPM-XF.
•
Symptoms: A SIP call transfer fails when the transferee (XEE) receives "IP:0.0.0.0" as the address to reach the transfer target (XTO). When the transfer is complete, there is no voice path between the XEE and the XTO.
Conditions: This symptom is observed in the following call transfer scenario:
–
–
–
Workaround: Enter the application session command under the VoIP dial peer to the FXS ports.
•
Symptoms: The test voice port inject-tone command may not function for an outgoing PRI call.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(7.2) or a later release.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 that functions as a CCME may crash during a test with 640 BHCAs.
Conditions: This symptom is observed when the test includes the following call types:
–
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: Multicast packets are not correctly classified by an input Quality of Service (QoS) policy, which causes police, set, and other QoS actions to fail on the multicast packets.
Conditions: This symptom is observed on a Cisco RPM-XF when an input QoS policy is configured on an interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series may reload unexpectedly during an IPSec packet transmission between two peers in transport mode using a multilink interface.
Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: The console port may hang during a high volume of SIP calls.
Conditions: This symptom is observed on a Cisco AS5400 that is configured with a new CPU that enables the platform to process a high volume of calls.
Workaround: There is no workaround. To recover the console port, reboot the Cisco AS5400.
•
Symptoms: An active RP crashes after you remove an event manager applet.
Conditions: This symptom is observed on a Cisco 12000 series that runs an interim release for Cisco IOS Release 12.0(30)S. However, this symptom is resolved in Release 12.0(30)S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Transcoding sessions are held up when you use transcoding with a CME.
Conditions: This symptom is observed on a Cisco platform when a transcoding resource is registered with a CME that runs Release 3.2 and when calls are made.
Workaround: Reload the CME.
•
Symptoms: The active router in an IPSec stateful failover pair may crash.
Conditions: This symptom is observed when the active router and the standby router run Cisco IOS Release 12.3(11)T and when the standby router requests a complete resynchronization of all IPSec state information from the active router, which occurs under the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series that functions as a voice gateway may reload when it processes voice traffic on a PVDM2-8 packet voice/fax digital signal processor (DSP) module.
Conditions: This symptom is observed when flex codec-complexity voice calls are processed and when the PVDM2-8 is installed in one of the following two locations in the router:
–
–
Workaround: Use high or medium codec-complexity. If you must use flex codec-complexity, ensure that the PVDM2-8 is not present in any of the above-mentioned slots.
•
Symptoms: The standby router in an IPSec stateful failover configuration does not have any standby IPSec SAs even though the active router has active IPSec SAs that should have been synchronized to the standby router. The output of the show crypto ipsec sa command shows the IPSec SAs on both the active and standby routers.
Conditions: This symptom is observed when the active router has more than one crypto map configured and these crypto maps use the same local virtual IP address. At least one of these crypto maps has IPSec stateful failover turned on and at least one of these crypto maps has IPSec stateful failover turned off. Stateful failover is enabled by entering the redundancy stateful command.
The most typical way of encountering this configuration is when a crypto map with stateful failover is applied to a physical interface and when a tunnel interface is configured either with a crypto map or with tunnel protection.
Workaround: Any of the following workarounds should work:
–
–
Further information: When you enable the debug crypto ipsec ha command on the active router and the following error message is generated, the symptom has occurred:
IPSec HA (crypto_ha_ipsec_notify_add_sa): Stateful HA with valid group un-available for this sadb•
Symptoms: A CME router may crash if the cable is unplugged from an ephone that is in conference. The symptom does not occur if you quickly unregister the ephone.
Conditions: This symptom is observed on a Cisco router that functions as a CME router and that runs Cisco IOS Release 12.3(8)Tx or interim Release 12.3(10.x)T.
Workaround: Reboot the CME router. If this is not an option, there is no workaround.
•
Symptoms: DTMF recognition via an external ASR server on an IP call leg using OOB DTMF relay does not function. (The digits do not reach the server).
Conditions: This symptom is observed during the recognition when an HTTP or TFTP prompt that is already loaded is used or when a TTS prompt from a different server than the ASR server is used. The DTMF relay that is configured on the IP dial peer is not in the RTP-NTE format.
Workaround: There is no workaround.
•
Symptoms: A Cisco 837 does not generate the correct value for the "entPhysicalSerialNum" SNMP object:
ENTITY-MIB::entPhysicalSerialNum.1 = STRING: CPU rev number 7Conditions: This symptom is observed on a Cisco 837 that runs Cisco IOS Release 12.3(8)T3. Note that this caveat is resolved in Release 12.3(11.02)T.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 837, the "entPhysicalClass" SNMP object (OID = .1.3.6.1.2.1.47.1.1.1.1.5) generates incorrect information:
ENTITY-MIB::entPhysicalClass.1 = INTEGER: module(9)The response should have been chassis(3)
Conditions: This symptom is observed Cisco 837 that runs Cisco IOS Release 12.3(8)T3. Note that this caveat is resolved in Release 12.3(11.02)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco access server may reload because of a bus error.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(8)T3 and that has the voice statistics max-storage-duration day 1 command configured.
Possible Workaround: Change the maximum storage duration day from one to two by entering the voice statistics max-storage-duration day 2 command.
Further Problem Description: This situation affects devices that use voice statistics with a CME configuration. If neither voice statistics nor a CME configuration is used, the symptom does not occur.
•
Symptoms: A watchdog timeout causes a router to crash. Just before the crash, CPU-HOG messages are logged for the IP input process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T3 and that has the ip audit command or the ip inspect command enabled.
Workaround: Remove the ip inspect command or the ip audit command from the configuration of the router.
•
Symptoms: A Segmentation SAR fatal error 0x4BD occurs. This error causes a reset of the data path SAR and the creation of a "sar_mxt4600_info" file in the bootflash.
Conditions: This symptom is observed when an IP Radio Access Network (IP-RAN) is enabled, when SAR-based QoS is enabled, when a VC tunnel has traffic on the high-priority Class of Service Queues (CoSQ), and when tail-dropping occurs on one of the low-priority CoSQs. The dynamic bandwidth feedback (DBF) update is triggered, which posts a "modify_channel" for the VC tunnel to the segmenter.
Workaround: There is no workaround.
•
Symptoms: An unsolicited notify message for a message waiting indicator (MWI) device is rejected by a platform that runs Cisco CallManager Express (CME).
Conditions: This symptom is observed when only the secondary number of an IP phone is registered to a Cisco BTS 10200 via SIP registration.
Workaround: Ensure that the primary number of the IP phone is registered to the Cisco BTS 10200 via SIP registration.
•
Symptoms: The MGX-RPM-1FE-CP RPM-PR back card is not recognized.
Conditions: This symptom is observed when the MGX-RPM-1FE-CP RPM-PR back card is inserted in a Cisco MGX2 chassis that is configured with an RPM-PR and a PXM45B controller card. The back card is shown as "Unknown."
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: When the gprs charging cdr-option no-partial-cdr-generation command is configured after open or closed CDRs already exists, the CDRs may have some incorrect fields with zero length and no value.
Conditions: This symptom is observed on a Cisco platform that functions as a GGSN.
Workaround: Do not change the CDR configuration when CDRs already exist in the memory. If you must change the CDR configuration, first clear all PDPs and CDRs.
•
Symptoms: QoS features such as traffic shaping may not work correctly when QoS preclassification is configured over an IPSec tunnel.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(8)T or a later release and that is configured with a hardware encryption VPN module.
Workaround: Use software encryption.
•
Symptoms: A router may crash when a mobile tunnel is configured together with QoS preclassification.
Conditions: This symptom is observed on a Cisco 3200 series that is roaming and that functions in reverse-tunnel mode.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.
Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series crashes when a third channel group is configured on an E1 or T1 interface of a VWIC that is installed in the native VWIC slot of the router and when the channel number is 16 for the E1 interface or 23 for the T1 interface.
Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(8)T4.
Workaround: You can configure a maximum of two channel groups on each E1 or T1 interface. A third channel group is not supported and should be rejected. Prevent the symptom from occurring by configuring the third channel group with a different number.
•
Symptoms: A new user cannot log in to a VPN server.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(10.1)T and that functions as a VPN server after you have added a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command.
Workaround: Do not add a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command. Rather, enter the crypto dynamic-map dynamic-map-name dynamic-seq-num command.
Alternate Workaround: Reload the VPN server.
•
Symptoms: IPSec stateful failover does not work correctly for IPSec tunnel protection. IKE and IPSec SAs for tunnel protection interfaces are not synchronized to the standby router. Stateful redundancy is not applied to the tunnel protection crypto maps. This situation can be observed by the lack of "Redundancy Settings" on a tunnel protection crypto map in the output of the show crypto map command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS interim release for Release 12.3(11)T (however, note that this caveat is resolved in Release 12.3(11)T) when the following conditions occur:
–
–
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: Context-based Access Control (CBAC) fails to pass H.245 packets through a router, and the following error message is generated:
Corrupted header, version number 3, reserved 7C, header size 101Conditions: This symptom is observed on a CIsco router when the ip inspect command is configured for H.323 in a configuration in which one gateway runs H.323 version 2 and is connected via the router to another gateway that runs H.323 version 4.
Workaround: Ensure that all gateways run H.323 version 4.
•
Symptoms: On a CME 3.1 system, a speed dial that is configured via the GUI for phone A may show up on the GUI interface of phone B when one of these phones has an 7914 add-on. However, the configuration does not show up in the running configuration.
Conditions: This symptom is observed when you configure speed dial via the GUI for a CME 3.1 system, and when the following configuration is present:
!
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203
!
ephone 2
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2
!
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3The speed dial configuration addition and modification on ephone 3 may be shown when you attempt to edit the configuration of ephone 2.
Workaround: If you move the ephone configuration of a 7940 or 7960 phone with a 7914 add-on away from the other phones, the symptom does not occur. The following shows the configuration set with the workaround applied to the above configurations:
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203One more ephone-dn for another 7914 (in case you need to add one more and wonder how the configuration would look):
ephone-dn 4 dual-line
number 7209This is the usual 7960 phone (7203):
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3This is the 7960 phone with the 7914 add-on which was ephone 2 before:
ephone 31
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2This is a new 7960 phone with a 7914 add-on:
ephone 38
mac-address 00AA.1234.ABCD
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:4The idea is to configure all the simple phones without any 7914 add-ons from ephone 1 to N (say, 1 to 30). Now, add the first phone with the 7914 add-on as ephone N+1 (31). The next phone with the 7914 add-on should be configured as ephone [(N+1)+7] (38) and so on (45, 52, 59, etc).
•
Symptoms: When Cisco Express Forwarding (CEF) is enabled, a Multiprocessor WAN Application Module (MWAM) processor may reload for certain types of traffic that cause IP fragmentation.
Conditions: This symptom is observed only on a Cisco platform that has an MWAM when you send downstream data with fragmented packets.
Workaround: Disable CEF.
•
Symptoms: A router crashes after multiple (attended or unattended) call transfer attempts.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for SIP.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS software image appears not to allow the configuration of the memory-size iomem 40 command. When an SLT is loaded with a configuration that contains this command, the following error is generated:
memory-size iomem 40
^
% Invalid input detected at '^' marker.Conditions: This symptom is observed only on a Cisco 2600XM. All multiple OPC scripts fail because the Cisco IOS software image does not allow the configuration of the memory-size iomem 40 command that is required for voice processing.
Workaround: There is no workaround.
Further Problem Description: All of the memory-size iomem command values are available: 10, 15, 20, 25, 30, 40, and 50.
When you configure the iomem-size percentage, upon booting, the router automatically finds the largest possible iomem-size percentage that works with the Cisco IOS software image and the amount of memory on the router. The automatically discovered configuration is set and used without any manual intervention. This behavior is not a change, this is the same functionality that exists already.
The memory-size iomem is a percentage of the amount of available memory in the router. When you increase the amount of SDRAM memory in the router from 128 MB to 256 MB, but keep the same memory-size iomem percentage, the amount of I/O memory that is allocated by the router is actually doubled.
This means that for a router with 128 MB of SDRAM memory, the memory-size iomem 40 command allocates approximately 50 MB of memory for use as IO memory.
For a router with 256 MB of SDRAM memory, the memory-size iomem 40 command allocates approximately 102 MB of memory for use as I/O memory. This may be too much memory set aside for use as I/O memory, so that even though the percentage may be reduced by the router, the actual amount of I/O memory that is allocated is the same or actually greater than that what would be allocated on a router with 128 MB of SDRAM memory.
For example:
The c2600-ipss7-mz image in a router with 128 MB SDRAM is able to set the memory-size iomem command to 40 percent, allocating approximately 50 MB of SDRAM memory for use as I/O memory. If this router is upgraded to 256 MB of SDRAM memory and reloaded with the same c2600-ipss7-mz image with the same memory-size iomem command set to 40 percent, the router attempts to allocate approximately 102 MB of SDRAM memory for use as I/O memory. This iomem percentage is too large, and is then reduced to 30 percent, but the amount of I/O memory that is allocated is approximately 77 MB, which is 27 MB greater than the amount of I/O memory that is allocated by the router that has 128 MB of SDRAM.
•
Symptoms: Upon resetting or reloading a Cisco 3700 series, the IP phones that are connected to an NMD-36-ESW no longer receive power from the internal power supply.
Conditions: This symptom is observed when a Cisco 3725 is configured with an NMD-36-ESW and when IP phones are directly connected to the NMD-36-ESW. The symptom may also occur on another Cisco 3700 series router, and it may also occur on a NM-16ESW.
Workaround: For the interfaces that do not receive power, enter the shutdown command followed by the no shutdown command on the interface of the NMD-36-ESW or disconnect and reconnect the FE cables that run between the NMD-36-ESW and the IP phones.
•
Symptoms: H.323 to H.323 transcoding does not function.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(1)T or a later release and that has the fix for CSCef53221 integrated. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef53221. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: Voice ports on an EM-8FXS, EM-6FXO, and EM-4BRI-NT/TE are not displayed.
Conditions: This symptom is observed on a Cisco 2800 series when you enter the show running-config command or the show voice port summary command.
Workaround: There is no workaround.
•
Symptoms: A virtual access (VA) interface flaps when you send traffic over a PPP interface.
Conditions: This symptom is observed on a Cisco RPM-XF when Internet Protocol Header Compression (IPHC) is configured on the PPP interface.
Workaround: There is no workaround.
•
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.
•
Symptoms: A cookie that is returned by an HTTP client is composed of name and value pairs; the value is double-quoted. However, most HTTP clients and servers do not double-quote the value.
Conditions: This symptom is observed on a Cisco AS5400 that is configured for VXML. However, the symptom may be platform-independent.
Workaround: There is no workaround. The fix for this caveat removes the double quotes for the value.
•
Symptoms: A software forced-reload may occur on a Cisco router that negotiates ISAKMP/IPSec security associations and that is configured as a spoke in a hub-spoke network.
Conditions: This symptom is observed after the router has booted and is in the process of building an ISAKMP/IPSec tunnel to the DMVPN hub.
Workaround: There is no workaround.
•
Symptoms: Traffic does not flow across Multilink PPP (MLP) links with the exception of traffic for which the outgoing service policy imposes "Absolute Priority."
Conditions: This symptom is observed when MLP is configured between two Cisco RPM-XF modules and when traffic originates from the route processor.
Workaround: There is no workaround.
•
Symptoms: When L2TPv3 tunnels are scaled and the IP Path MTU Discovery feature is enabled, a memory leak and crash may occur.
Conditions: This symptom is observed when multiple Xconnect statements are applied in conjunction with the IP Path MTU Discovery feature in the pseudowire class.
Workaround: Do not enable the IP Path MTU Discovery feature in an L2TPv3 configuration.
•
Symptoms: Small IP packets (less then 28 bytes) fail to be decrypted for IPSec and are dropped. This situation causes GRE keepalive probe replies to be dropped, and consequently, the GRE tunnel to enter the DOWN state.
Conditions: This symptom is observed when point-to-point GRE (p-pGRE) and IPsec use a crypto map and a transport mode with GRE keepalives. Note that IP packets that are less than 28 bytes in length that are decrypted for IPSec.
Workaround: There is no general workaround for IPSec. However, for p-pGRE and IPSec, including a configuration with GRE keepalives, either configure the tunnel key 1 command on the tunnel interface on both ends or disable keepalives by entering the no keepalive command on the tunnel interface.
Note: If you choose to use the tunnel key, you may want to reduce the tunnel IP MTU with 4 bytes compared to its current value or enter the ip tcp adjust-mss 1400 command on the remote-end router.
•
Symptoms: Cisco Optimized Edge Routing (OER) is not available on a Cisco 3640.
Conditions: This symptom is observed on a Cisco 3640 that runs the c3640-is-mz IP PLUS image of Cisco IOS Release 12.3(11)T.
Workaround: If your router has sufficient memory, use the c3640-js-mz image to run OER. Note that the symptom does not occur in Release 12.3(8)T4.
•
Symptoms: A call treatment only plays a busy tone instead of the audio file that is configured in the call treatment.
Conditions: This symptom is observed when call treatment is configured on a router that functions as a Cisco CallManager Express (CME) and when the call threshold is met.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may periodically hang.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for both distributed CEF and IP RTP header compression.
Workaround: Remove IP RTP header compression from the interface on which it is configured.
•
Symptoms: A virtual access (VA) interface flaps when sending traffic over a PPP interface.
Conditions: This symptom is observed on a Cisco RPM-XF when Internet Protocol Header Compression (IPHC) is configured on the PPP interface.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash may occur on a Cisco AS5400 because of a breakpoint exception.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T, that is configured for voice, and that has the logging facility enabled.
Workaround: There is no workaround.
•
Symptoms: A router may crash because of a SIGBUS error when you enter a typeahead Tcl command. For example, entering the typeahead show running-config command may cause the router to crash.
Conditions: This symptom occurs only when you enter the command via a vty session such as a Telnet session.
Workaround: Only enter a typeahead Tcl command via the console of the router.
•
Symptoms: A transcoding session may dangle even after the call is terminated.
Conditions: This symptom is observed on a router that has the Enhanced Conferencing and Transcoding for Voice Gateway Routers feature enabled.
Workaround: There is no workaround.
•
Symptoms: When a voice gateway is reset by a Cisco CallManager, the voice gateway may not reregister with the Cisco CallManager, even when the output of the show isdn statistics command indicates the following state:
MULTIPLE_FRAME_ESTABLISHED and L3 Protocol(s) = CCM-Manager.The above-mentioned state occurs when the voice gateway fails to send a restart message (RM) to the Cisco CallManager.
Conditions: This symptom is observed on a Cisco 3745 that functions as a voice gateway and that runs Cisco IOS Release 12.3(4)T6, 12.3(8)T3, or 12.3(8)T4.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the T1 controller of the interface that connects to the Cisco CallManager.
•
Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third-party gateway. When the third-party gateway sends an open logical channel to the Cisco gateway as the last step to switch the codec to T38, the Cisco gateway may not send an open logical channel acknowledgement. Instead, the Cisco gateway may terminate the call immediately.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway and that does not have any lengthy debug turned on.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router may crash when attempt to delete an image from disk0.
Conditions: This symptom is observed when disk0 contains an image of Cisco IOS interim Release 12.3(11.5)T or interim Release 12.3(11.6)T and you attempt to delete this image.
Workaround: Reload the router with different Cisco IOS image and then delete the image of Release 12.3(11.5)T or Release 12.3(11.6)T from disk0.
•
Symptoms: A router that is configured with a Layer 2 firewall may crash and report memory corruption.
Conditions: This symptom is observed on a Cisco 1700 series that is configured with a Layer 2 firewall and a WIC-4ESW on which a switch virtual interface (SVI) is configured in a bridge group. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: When IPSec tunnels are functioning in SSO mode, and shortly after the tunnels are established, the console of the standby router repeatedly displays the "error coming back 000F" error message and IPsec SAs are not synchronized.
Conditions: This symptom is observed when you build 500 IPSec tunnels in SSO mode on a Cisco 7200 series.
Workaround: Do not configure the IPSec tunnels to function in SSO mode.
•
Symptoms: After a grounding ring, the circuit may fail to detect an ensuing tip ground acknowledgement from the far end.
Conditions: This symptom is observed when placing outgoing calls with the FXO tip ground detect circuit present via a VIC2-2/4FXO, EM-HDA-6FXO, or EM-HDA-3FXS/4FXO.
Workaround: Use loopstart mode for FXO.
•
Symptoms: An RPM-XF corrupts the DSCP values of traffic passing through.
Conditions: This symptom is observed after an output service policy is applied and fails because of incorrect parameters. The following error message is generated when the policy map is applied and fails:
PE1(config-if-atm-vc)#service-policy output in_policy_forout
PE1(config-if-atm-vc)#
PE1(config-if-atm-vc)#
PE1(config-if-atm-vc)#
PE1(config-if-atm-vc)#end
"set-mpls-exp-imposition-transmit" is not allowed in an output service policy.
Service policy installation failed on VCWorkaround: Verify the validity of the service policy before you apply the output policy map.
•
Symptoms: A crashinfo file fails to be created when you enter the test crash command.
Conditions: This symptom is observed on a Cisco RPM-XF.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access is generated when SSG services are refreshed.
Conditions: This symptom is observed when two active SSG services that contain overlapping networks are refreshed and deleted.
Workaround: There is no workaround.
•
Symptoms: When call threshold is configured on a gateway, the gateway does not keep track properly of the calls. Once the threshold is met, the gateway does not allow any more calls, even if the high value is not yet met.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway.
Workaround: There is no workaround. To recover from the symptom, allow all calls to clear. Doing so allows you to place calls again.
•
Symptoms: A router may crash when an EZVPN tunnel is set up and you enter the show crypto isakmp key command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series that functions as a gateway GPRS support node (GGSN) may crash randomly while forwarding traffic.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(8)T4 under normal operating conditions.
Workaround: There is no workaround.
•
Symptoms: A Cisco RPM-XF crashes when the ATM encapsulation for a PVC is changed.
Conditions: This symptom is observed when an MLP session is configured over a PVC subinterface.
Workaround: Shut down the PVC subinterface, change the encapsulation, and bring up the PVC subinterface.
•
Symptoms: ESP frames are sent as protocol 50 (ESP) instead of the UDP protocol that is required for NAT-T. (The Internet Key Exchange security association [IKE SA] is correctly established.)
Conditions: This symptom is observed when one peer runs Cisco IOS Release 12.3(8)YA or Release 12.3(11)T and uses NAT-T version 7 and another peer runs NAT-T version 2 or 3.
Workaround: Remove NAT-T. Note that the symptom does not occur in Release 12.3(8)T4.
•
Symptoms: Transmit underruns or receive overruns may occur on a serial interface on the motherboard WICs of a Cisco 2691 or Cisco 3725 router.
Conditions: This symptom is most likely to occur when the traffic of the serial interfaces on the motherboard on a Cisco 2691 or Cisco 3725 router is process-switched rather than fast-switched.
Workaround: Do not use the WAN interface card (WIC) slot on the motherboard. Rather, use the serial interface on a 2-WAN card slot network module (NM-2W), a 1-port Fast Ethernet 2-WAN card slot network module (NM-1FE2W), or a 2-port Fast Ethernet 2-WAN card slot network module (NM-2FE2W).
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.
Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.
Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.
•
Symptoms: A router crashes when you delete a manual static Xconnect service with L2TPv3 encapsulation.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S but could also occur in other releases.
Workaround: Do not delete a manual static Xconnect service with L2TPv3 encapsulation.
•
Symptoms: IPSec HA support is missing from the crypto k9 images of a Cisco 7301.
Conditions: This symptom is observed on a Cisco 7301 router that runs a crypto k9 image of Cisco IOS Release 12.3(11)T.
Workaround: If this an option, use an IPSec HA-supported platform such as a Cisco 3725, Cisco 3745, or Cisco 7200 series. If this not an option, there is no workaround.
•
Symptoms: Multipath load balancing does not function properly.
Conditions: This symptom is observed on a Cisco RPM-XF when there are multiple paths configured for a destination. Pings to the destination over one of the paths only work when the other PPP link is in the shutdown state.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD2431 may not send PPTP traffic even though the PPTP tunnel is successfully authenticated and terminated on the Cisco IAD2431. When this situation occurs, the following error messages are generated:
%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed
Vi2.1 PPP: I pkt type 0x0021, datagramsize 64 link[ip]
%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed
Vi2.1 PPP: I pkt type 0x0021, datagramsize 64 link[ip]
%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed
Vi2.1 PPP: I pkt type 0x0021, datagramsize 422 link[ip]Conditions: This symptom is observed on a Cisco IAD2431 that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: Use of the HTTP GUI interface of Cisco CallManager Express (CCME) may cause instability on a Cisco IOS voice gateway: the T1 controllers on the gateway may become accessible, calls may not complete through the gateway, and the gateway may reload unexpectedly.
Conditions: This symptom is observed when you use the HTTP GUI interface of CCME to configure and maintain a VoIP gateway.
Workaround: Use the command line interface (CLI) to configure and maintain a CCME VoIP gateway. To prevent access via the HTTP GUI interface, Cisco recommends that you remove the access by entering the no ip http server global configuration command.
•
Symptoms: A router may reload when you enter the crypto map map-name command.
Conditions: This symptom is observed on Cisco router that runs Cisco IOS interim Release 12.3(11.7)T.
Workaround: There is no workaround.
•
Symptoms: Conference calls fail and tracebacks are generated.
Conditions: This symptom is observed on a Cisco router when the Enhanced Conferencing and Transcoding for Voice Gateway Routers feature is enabled.
Workaround: There is no workaround.
•
Symptoms: The following CLIs are blocked out:
–
–
–
The following CLIs can only be seen with the no allow-connection h323 to h323 command:
–
–
Conditions: This symptom refers to the following configuration:
voice service voip
allow-connection h323 to h323
h323
h225 id-passthru
...Workaround: Configure the impacted commands via voice-class configuration mode.
•
Symptoms: A router crashes when you delete an MPLS subinterface by entering the no interface command.
Conditions: This symptom is observed when the mpls ip command is configured on the same MPLS subinterface. For example, consider a router with the following configuration:
interface atm1/0.1 mpls
mpls ipWhen you enter the no interface atm1/0.1 mpls command, the router crashes.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for IVR may crash with a SegV exception.
Conditions: This symptom is observed on a Cisco 2600XM series that runs Cisco IOS Release 12.3(11)T. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: An L2TP tunnel may not be displayed when a static session is up.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.7)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may generate CCB playback errors and reload the secondary Route Switch Processor (RSP).
Conditions: This symptom is observed when there are channelized T3 port adapters installed in the router and when a channel-group parameter is configured before the channel group is created. To recover from the symptoms, reload the router.
Workaround: Configure the channel-group via the t1 t1-line-number channel-group channel-group-number timeslots list-of-timeslots command before you configure any options such as framing of FDL on the channel group.
•
Symptoms: A Cisco GGSN that runs Cisco IOS Release 12.3(8)T3 with GPRS software may reload when repetitive create PDP context requests are received for an existing PDP in the GGSN.
Conditions: This symptom is observed when the following sequence of events occurs:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: When a G.SHDSL version 2 (V2) WIC is installed in the first WIC slot of a router and a G.SHDSL version 1 (V1) WIC in the second WIC slot of the router, a ping over the G.SHDSL V1 WIC fails when the G.SHDSL V2 WIC has the default configuration.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: Enter the mode atm command for the controller of the DSL interface on the G.SHDSL V2 WIC.
•
Symptoms: The 64-bit counters in the output of a show policy- map command may not provide correct information.
Conditions: This symptom is observed on a Cisco RPM-XF.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when you enter the show call active voice command. After the crash, the output of the show version command may show a message similar to the following:
System returned to ROM by error - a SegV exception, PC 0x803D4DC8Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for voice.
Workaround: There is no workaround.
•
Symptoms: When you send multicast traffic over an IPSec tunnel, a memory leak may occur on a router.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when both IP CEF and hardware encryption are configured.
Workaround: Switch to software encryption for a while and then switch back to hardware encryption.
Alternate Workaround: Disable IP CEF.
•
Symptoms: A Cisco voice router crashes at boot time and enters into a crashloop until you recover it manually.
Conditions: This symptom is observed on a Cisco 2600XM, Cisco 2691, Cisco 3640, Cisco 3660, Cisco 3725, and Cisco 3745 that have an NM-2V installed with either a VIC-2BRI-NT/TE or a VIC-2BRI-ST/TE voice card and that run Cisco IOS interim Release 12.3(11.9)T or a later release.
Workaround: There is no workaround.
•
Symptoms: Hairpinned calls fail.
Conditions: This symptom is observed on a Cisco router that is configured with an NM-HDV2-2T1/E1 network module.
Workaround: There is no workaround.
•
Symptoms: A DMVPN tunnel (mGRE) may not fully initialize at startup. When you enter the no shutdown command on the tunnel interface, the platform may crash with a "tunnel_protection_setup_socket" error.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2SX but may also occur in Release 12.3 or Release 12.3T.
Workaround: Create a point-to-point GRE tunnel on the spokes (instead of via mGRE) and an mGRE tunnel on the hub. Note that you need an NHRP Next Hop Server (NHS) configuration in order for the hub to learn the spokes.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel interface in order for the tunnel to come up. However, after you have implemented the Alternate Workaround, the crash may still occur.
Further Problem Description: The crash occurs only on a spoke router or spoke switch, not on a hub router or hub switch. Furthermore, the crash is only observed on a Cisco Catalyst 6000 series and a Cisco 7600 series and may occur with any DMVPN configuration that uses mGRE tunnels.
•
Symptoms: All voice calls fail and the output of the show voice port summary command shows that all voice ports are in the down state:
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
========= == ============ ===== ==== ======== ======== ==
0/1:0 01 e&m-wnk up down idle idle y
0/1:1 02 e&m-wnk up down idle idle y
0/1:2 03 e&m-wnk up down idle idle yConditions: This symptom is observed on a Cisco 2600 series, Cisco 3660, and Cisco 3700 series that run Cisco IOS Release 12.3(11)T1 or Release 12.3(11)T2 and that are configured with an AIM-VOICE interface module that has DSPs that are configured for high complexity. The symptom occurs after you reload the router.
Workaround for Release 12.3(11)T1: Bring the voice ports to the up state by entering the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice ports.
Workaround for Release 12.3(11)T2: Remove the affected DS0 group and reconfigure it.
•
Symptoms: When you enter a timeout value shorter than 8 seconds on an IPHC-enabled interface, the value is not configured. Instead, a timeout value of 8 seconds is configured.
Conditions: This symptom is observed on a Cisco RPM-XF that is configured for IP RAN when you use the ppp iphc max-time seconds command to enter the timeout value on a virtual template in a multilink configuration.
Workaround: There is no workaround.
•
Symptoms: The MGX-RPM-1FE-CP RPM-PR back card is not recognized.
Conditions: This symptom is observed when the MGX-RPM-1FE-CP RPM-PR back card is inserted in a Cisco MGX2 chassis that is configured with an RPM-PR and a PXM45B controller card. The back card is shown as "Unknown."
Workaround: There is no workaround.
•
Symptoms: An MGCP gateway may respond with a "510 - protocol error" message to an Audit Connection (AUCX) message from the call agent. However, the gateway should respond as follows:
–
–
Conditions: This symptom is observed on a Cisco gateway that is configured for Media Gateway Control Protocol (MGCP).
Workaround: There is no workaround.
•
Symptoms: The clear line command may not function and does not cause a link to be dropped.
Conditions: This symptom is observed when you enter the clear line command for a WIC-1AM or WIC-2AM that is installed in an NM-2W network module.
Workaround: Enter the clear interface or the clear modem to cause the link to be dropped.
•
Symptoms: The cookie information of an HTTP user may be lost after the user disconnects.
Conditions: This symptom is observed on a Cisco AS5400 that is configured for VXML when an HTTP client retrieves a document and disconnects. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: Voice packets are not compressed when cRTP is configured with MQC on a serial interface that is configured for Frame Relay encapsulation.
Conditions: This symptom is observed on a Cisco 3725, Cisco 3745, and Cisco 7206.
Workaround: Disable CEF globally and disable fast switching on the serial interface.
•
Symptoms: A memory leak may occur for every single transcoding call.
Conditions: This symptom is observed on any Cisco platform that supports transcoding.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may crash when you run a TCL IVR application that performs media recording to a TFTP server.
Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.3T. Note that this release does not support media recording to a TFTP server.
Workaround: Configure media recording to an HTTP, RTSP, or ESMTP server, all of which are supported in Release 12.3T.
•
Symptoms: The max-users number-of-users and the max-logins number-of-users command do not function in an HA environment.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS release later than Release 12.3(4)T9 and that is configured for HA.
Workaround: There is no workaround.
•
Symptoms: Even though route cache is enabled and functioning by default, the output of the show running-config interface type number command shows the "no ip route-cache" message for an MLP interface that is up. When IP Header compression is configured for the MLP interface, the command output also shows the "no ip route-cache cef" message.
Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(11)T2 or an earlier release.
Workaround: There is no workaround. However, note that route cache does function even though the error messages suggest otherwise.
•
Symptoms: When you enter a test command such as the test voice driver command, the channel status may show as mismatched.
Conditions: Depending on the test command that you enter, this symptom is observed on a Cisco 2800 series and Cisco 3800 series or on a network module that has a TI-5510 DSP such as an NM-HD-2V or NM-HD-2VE network module.
Workaround: Do not enter a test command to troubleshoot network issues. Rather, enter the show voice dsp command or the show voice dsp detail command.
•
Symptoms: OSPFv3 neighbors may not come up when IPv6 IPSec is configured.
Conditions: This symptom is observed on a Cisco router that has more than one interface configured for OSPFv3 and IPv6 IPSec.
Workaround: Disable IPSec for IPv6 or configure only a single interface on the router for IPv6 IPSec.
•
Symptoms: When a Cisco CallManager Express (CCME) is configured for the longest-idle ephone hunt group, the call is not forwarded to the final number.
Conditions: This symptom is observed when a call that is made to the longest-idle ephone hunt-group pilot number is redirected on a busy signal or no answer signal from one Cisco IP phone directory number (ephone-dn) to another ephone-dn (from the configured ephone-dn list) until the call is answered. When none of the ephone-dns answers the call, the caller receives a fast-busy signal instead of the call being routed to the final number.
Workaround: There is no workaround.
•
Symptoms: There is no voice path when a call rotates from one dial peer to another dial peer.
Conditions: This symptom is observed on a Cisco Multiservice IP-to-IP Gateway (IPIPGW) when the Emptycapability feature is enabled globally to support different codecs and when the first outgoing dial peer receives a "no answer."
Workaround: There is no workaround.
•
Symptoms: TACSAS+ is not supported on a Cisco IAD2430.
Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: When the load interval is configured as 30 seconds, the clear counters command takes a long time (1 minute and 45 seconds) to clear the offered rate and the drop rate counters.
Conditions: This symptom is observed on a Cisco RPM-XF that processes IP traffic with a 200-byte packet size at the rate of 1000 bps.
Workaround: There is no workaround.
•
Symptoms: Upstream traffic does not reach a public data network (PDN), and the send and receive counters are incremented properly.
Conditions: This symptom is observed when you send process-switched packets upstream over a packet data protocol (PDP) link in a GPRS network.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD2431 shows in the output of the show version command as a Cisco IAD2400.
Conditions: This symptom is observed on a Cisco IAD2431 that runs Cisco IOS Release 12.3(11)T.
Workaround: Enter the no memory-size iomem 10 command.
•
Symptoms: When a call is blind-transferred from a CME IP phone to a PRI number, there is no ringback tone heard at the transferee.
Conditions: This symptom is observed when a Cisco 3700 series functions as a voice gateway in the following call scenario:
Party A calls party B (that uses a CME IP Phone). Party B blind-transfers the call to party C through a PRI interface. Party C receives the transferred call but party A does not hear the ringback tone.
Workaround: There is no workaround.
•
Symptoms: The caller ID name is not displayed when the name is greater than 15 characters.
Conditions: This symptom is observed on a Cisco platform that is configured for SIP when INFO messages are used to relay the caller ID name.
Workaround: There is no workaround.
•
Symptoms: No proper warning message is generated when a platform approaches its low-memory threshold.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: Caller ID presentation does not function because a Cisco VG224 does not reverse the line polarity.
Conditions: This symptom is observed on a Cisco VG224 that has the caller-id alerting line-reversal command enabled.
Workaround: There is no workaround.
•
Symptoms: A call transfer may fails.
Conditions: This symptom is observed on a Cisco router that functions as a Cisco CallManager Express (CME) when the transfer-pattern argument of the transfer-pattern transfer-pattern command is ".T" to allow the transfer of telephone calls from Cisco IP phones to phones other than Cisco IP phones.
Workaround: There is no workaround.
•
Symptoms: When there is a failure between two IPSec peers, DPD can detect that the communication fails. When there are multiple phase 2 SAs and DPD failures, phase 1 SAs are deleted, but only one phase 2 SA is deleted. This is improper behavior: all phase 2 SAs should be deleted.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec ISAKMP when there are multiple ACEs in a dynamic crypto ACL, causing multiple phase 2 SAs to be generated.
Workaround: Enter the clear crypto sa command.
Further Problem Description: If Reverse Route Injection is also configured, the corresponding route is not deleted.
•
Symptoms: A router that is configured for SSG may hang and crash.
Conditions: This symptom is observed when PBHK and idle timeout are enabled for PPP users and the router is busy.
Workaround: Disable idle timeout for all PPP users.
Alternate Workaround: Disable PBHK. If you do so, you may still observe a few non-aligned accesses but a crash will not occur.
•
Symptoms: A DSP farm profile cannot be configured.
Conditions: This symptom is observed on a Cisco 3700 series and Cisco 3800 series when a voice card does not have the dsp services dspfarm command enabled.
Workaround: Enter the dsp services dspfarm command on at least one voice card.
•
Symptoms: A Cisco AS5350 VoIP gateway leaks memory in the "CCSIP_SPI_CONTROL" process when it receives an "out-of-dialogue" NOTIFY, REGISTER, or OPTIONS request that is syntactically incorrect, for example, it has no contact header. In such a situation, the gateway rejects the request with a 4xx error response, but the output of the show processes memory command shows a memory leak in the CCSIP process.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(8)T or 12.3(11)T.
Workaround: Disable the "out-of-dialogue" NOTIFY, REGISTER, or OPTIONS request or ensure that the syntax of the request is correct.
•
Symptoms: A Cisco 2430 that runs an IVR TCL 2.0 script to play audio or music on incoming calls on a POTS leg may cause audio stuttering, cutoffs, looping, breakups, or a combination of these problems, causing menu options in a VXML script to be lost.
Conditions: This symptom is observed when more than five concurrent users listen to the audio or music stream. When an additional call occurs, the audio may start to break up, may stop completely, or may loop or stutter. The symptom occurs irrespective of whether the script and audio files are loaded from TFTP or from flash memory.
Workaround: There is no workaround.
•
Symptoms: Calls via a V.110 L2TP GSM application fail.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(2)T or a later release and that is configured for MGCP NAS. Debugs show PPP and CRC errors and corrupt asynchronous framing.
Workaround: There is no workaround.
•
Symptoms: A Cisco Catalyst 6500 series Communication Media Module (WS-CMM-SVC) may crash frequently.
Conditions: This symptom is observed on a Catalyst 6509 that is configured with a Supervisor Engine 720 that runs Cisco IOS Release 12.2(18)SXD2 while the WS-CMM-SVC runs Release 12.3(8)XY2. The symptom may also occur in Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 836 or Cisco 837 may reload because of a software-forced crash when you request a reload with an XML file via CNS.
Conditions: This symptom is observed with a CNS Configuration Engine version 1.4 that runs on an IE2115 server. The routers run Cisco IOS Release 12.3(8)YG. The symptom could also occur in Release 12.3.
Possible Workaround: Enter the scheduler max-task-time 50000 command.
•
Symptoms: When you enter the reload command on a router that is configured with an SHDSLv2 card, the router enters an endless loop.
Conditions: This symptom is observed only with SHDSLv2 cards on a Cisco router that runs a Cisco IOS Release later than interim Release 12.3(12.6)T.
Workaround: To recover the router from the loop, enter the send brk command to enable the router to enter ROMmon mode.
•
Symptoms: After a DSP crashes and recovers, voice calls through a backhauled PRI fail. Note that a regular PRI is not affected.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T6, that functions as a voice gateway, and that is configured with an NM-HDV2 and a PVDMII-24.
Workaround: Enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice port. Note that shutting down and bringing up the controller on the affected voice port does not bring the voice port back up.
•
Symptoms: In SRST mode, a phone does not completely register with a voice gateway, preventing SRST from functioning.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T3 when a service URL is associated with speed buttons.
Workaround: There is no workaround.
•
Symptoms: When a phone call is made and forwarded to a Cisco Unity Express Network Module (NM-CUE), choppy voice may occur on the IP phone(s) that are connected to the stacked Etherswitch modules. The symptom is observed for voice connections between the IP-phone(s) and the NM-CUE. The sound during calls between two IP phones is good.
Conditions: This symptom is observed when a 16-port Etherswitch module is stacked with a 36-port Etherswitch network module. This symptom does not occur when only a single Etherswitch module (either 16- or 36-port) is used.
Workaround: There is no workaround.
•
Symptoms: A fax to or from an FXS port does not go through as modem pass-through.
Conditions: The symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.12)T1 when modem pass-through is configured globally.
Workaround: There is no workaround.
•
Symptoms: DSP programming on a router fails, causing a BRI call to disconnect. The output of the debug voip vtsp session command shows "DSP programming failed".
Conditions This symptom is observed on a Cisco 2800 series, Cisco 3800 series, and any other router that uses Flex DSP resource management (DSPRM) when calls are made from a BRI or PRI to the PSTN and when the PSTN side sends a Call Proc message followed by a Call Alerting message.
Workaround: There is no workaround.
•
Symptoms: VIPs crash when GRE tunnels are configured in an MPLS VPN configuration. The interface names are not displayed in the output of the show adjacency detail command output because the name strings of the FIBIDBs are incorrectly allocated.
Conditions: These symptoms are observed when GRE tunnels are configured on MPLS PE routers. However, the incorrect allocation of the name strings of the FIBIDBs may occur on any platform.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway may reload at "h245_olc_out_sm".
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(7)T7 when the gateway receives a third-party RequestChannelClose message that has the reason field populated with "reopen".
Workaround: Ensure that the third-party gateway does not send a RequestChannelClose message with the reason field populated with "normal".
•
Symptoms: A router may reload when you lock or unlock an RSA key pair.
Conditions: This symptom is observed when you enter the crypto key lock rsa passphrase passphrase or crypto key unlock rsa passphrase passphrase EXEC command.
Workaround: Do not include the passphrase keyword and associated argument in the command. Neither include the optional name keyword and the associated key-name argument in the command because the router prompts for key name that you want to lock or unlock.
•
Symptoms: Packet statistics that are displayed under an L2 policy map are incorrect. The counters that show incorrect information are the "Conformed packets/bytes" and "Exceeded packets/bytes" counters.
Conditions: This symptom is observed on a Cisco MGX RPM-XF when a policy map is applied to any of its interfaces and when the affected counters cross the actual value of 4294967295.
Workaround: There is no workaround.
•
Symptoms: IPSec does not function when the ip route cache command is enabled.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T3 but may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may reload when a consultation call transfer is executed using a default session application.
Conditions: This symptom is observed on a Cisco voice gateway that is configured for IVR.
Workaround: There is no workaround.
•
Symptoms: A SSG does not return GPRS VSAs to a GGSN in an access-accept message.
Conditions: This symptom is observed when a RADIUS client such as a GGSN sends an extended auto-domain access request. The SSG should return the "gprs:charging-profile-index" and "csg:billing_plan" VSAs in the auto-domain profile to the GGSN when the no remove vsa cisco command is enabled on the SSG for the RADIUS client.
Workaround: There is no workaround.
•
Symptoms: When you enter the show controllers command on a Cisco 3xxx series router, the router either reloads because of a watchdog timeout or hangs. Note that the show controllers command is also part of the show technical-support command.
Even with the configuration register set to allow a break into rommon (0x2002), this facility remains unavailable when the router hangs. If this situation occurs, you must power-cycle the router to bring it up.
Conditions: This symptom is observed on a Cisco router when the following conditions are present:
–
–
Workaround: There is no workaround.
•
Symptoms: No traffic is sent from a Cisco 3825.
Conditions: This symptom is observed on a Cisco 3825 that runs Cisco IOS Release 12.3(11)T3 when traffic from a VPN that leaves through the global interface does not require encryption.
Workaround: Remove the crypto map from the global interface.
•
Symptoms: A Cisco MGX RPM-PR does not boot up.
Conditions: This symptom is observed when the Cisco MGX RPM-PR does not receive the boot acknowledgement from the PXM.
Workaround: There is no workaround.
•
Symptoms: You cannot run the Embedded Event Manager Tcl policy scripts.
Conditions: This symptom is observed in all Cisco IOS software images that contain the fix for caveat CSCeg07394. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg07394. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: An Embedded Event Manager TCL policy does not function.
Conditions: This symptom is observed on a Cisco IOS software image that contains the fix for caveat CSCeg07394. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg07394. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A file system fails to complete the dir command or a show command upon encountering a unrecognized file.
Conditions: This symptom is observed when there is a file of a type that is unrecognizable or not supported by the USB token file system.
Workaround: Format the USB token prior to its first use.
•
Symptoms: A Cisco 7200 VXR router that functions as a LAC crashes while handling PPPoA/L2TP and PPPoEoA/L2TP calls.
Conditions: This symptom is observed when you simulate some kind of DoS attack by sending PPPoEoA traffic from a large number of users that have incorrect user names.
Workaround: There is no workaround.
•
Symptoms: A memory allocation failure (MALLOCFAIL) message may be displayed when you enter the show vpdn command.
Conditions: This symptom is observed only when a very large number of L2TP sessions are active on the router.
Workaround: There is no workaround.
Further Problem Description: To properly generate the output of the show vpdn command, ensure that the router has sufficient contiguous memory: for 16,000 sessions, 64 MB is required; for 32,000 sessions, 128 MB is required.
•
Symptoms: A dual-tone multifrequency (DTMF) tone that is sent from a SIP gateway via a Cisco Multiservice IP-to-IP Gateways (IPIPGW) is not sent as NTE RTP packets to an H.323 gateway because the DTMF tone is received as inband voice by the IPIPGW. The output of the show call active voice command for the IPIPGW shows the DTMF type as RTP-NTE for both legs but the output of this command on the SIP gateway shows the DTMF type as inband voice.
Conditions: This symptom is observed when a call is made from a SIP gateway via an IPIPGW to an H.323 gateway.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 shows fluctuations in the CPU utilization and the CPU useage peaks frequently at 100 percent, as you can observe in the output of the show processes cpu command.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(8)T and that is configured with a control plane with a class map to drop matched packets.
Workaround: There is no workaround.
•
Symptoms: The following error message is displayed on a Cisco platform that has 128 MB RAM:
"%DSMP-3-INTERNAL: Internal Error : NO MEMORY"Conditions: This symptom is observed when an NM-HD-2VE network module is used as a hardware-based MTP to convert DTMF tones from out-of-band to in-band.
Workaround: There is no workaround.
•
Symptoms: After the idle timeout expires, SSG does not send a reauthorization request to the AAA server.
Conditions: This symptom is observed with a quota of zero and an idle timeout that is larger than zero.
Workaround: There is no workaround.
•
Symptoms: A watchdog timeout may occur when a router reads a cookie from an empty AIM slot.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: Compressed Real-Time Protocol (CRTP) or Compressed User Datagram Protocol (CUDP) traffic is not compressed. Many collisions occur and CID_IN_USE and timeout values are corrupted.
Conditions: These symptoms are observed on a Cisco RPM-XF when cUDP or cRTP traffic is running and when any of the following events occurs:
–
–
–
Workaround: Re-enter the clear int sw1 command or re-enter the shutdown command followed by the no shutdown command on the interface.
•
Symptoms: The Segmentation And Reassembly (SAR) engine on a Cisco RPM-XF shows buffer exhaustion, causing data drops.
Conditions: This symptom is observed when ATM SAR-based class-based weighted fair queueing (CBWFQ) is enabled and when policy maps are attached to outgoing PPPoA interfaces.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: Drop reset actions do not work for signatures.
Conditions: This symptom is observed when a Cisco IOS firewall is configured and when either CEF or Fast Path are enabled.
Workaround: Disable CEF or Fast Path. If this is not an option, there is no workaround.
•
Symptoms: Fax Relay and Fax Pass-Through fail with fallback using Named-Signaling Event (NSE) signaling.
Conditions: This symptom is observed on a Cisco router such as a Cisco 3600 series when Fax Relay or Fax Pass-Through is configured with fallback using an NSE configuration command. The fax fails in the following example topology:
The originating fax machine connects to the originating gateway (OGW) (a Cisco router) that connects via VoIP to the terminating gateway (TGW) (also a Cisco router). The TGW connects via a T1 PRI to the terminating fax machine.
In this example, the OGW has the following configuration:
Rtr-A(config)#voice service voip
Rtr-A(conf-voi-serv)#fax protocol pass g711u
Rtr-A(conf-voi-serv)#endIn this example, the TGW has the following configuration:
Rtr-B(config)#voice service voip
Rtr-B(conf-voi-serv)#fax protocol t38 nse force fallback pass g711u
Rtr-B(conf-voi-serv)#endWorkaround: Do not use NSE signaling.
•
Symptoms: SSG crashes when an accounting start packet is received for a RADIUS user.
Conditions: This symptom is observed when the accounting start packet has a different framed IP address than the stored IP address for an existing host.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic is punted to the RP, the CPU utilization is high, and the output of the show pxf cpu mroute vrf vrf-name command shows that the "No_FS" flag is set for a (S,G) entry and does not clear.
Conditions: This symptom is observed on a Cisco RPM-XF when you enter the clear ip mroute group command and a data MDT group for the group argument.
Workaround: Enter the clear ip mroute vrf * command.
•
Symptoms: A router that runs SSG in the SSG-Radius-Proxy mode may reload.
Conditions: This symptom is observed when an SSG RADIUS proxy client issues a request for login via an AutoDomain service that uses an L2TP tunnel and when the login is rejected because of a PPP authentication failure on the LNS.
Workaround: There is no workaround.
•
Symptoms: An EzVPN tunnel fails to come up on a dialer interface.
Conditions: This symptom is observed when both a crypto map and an EzVPN client configuration are applied on the dialer interface. The output of the show crypto map command shows that the same static or dynamic crypto map is applied multiple times on the cloned virtual-access interface.
Workaround: There is no workaround.
•
Symptoms: An end-to-end sweep ping fails across a dLFI bundle and the bundle flaps.
Conditions: This symptom is observed when dLFI is configured on a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A router that runs SSG may reload when SSG is configured as a RADIUS proxy and processes access requests from RADIUS clients.
Conditions: This symptom is observed when SSG is configured as a RADIUS proxy with a session identifier as the IP address and when SSG processes multiple simultaneous requests from RADIUS clients, all of which are assigned the same IP address.
Workaround: Ensure that different sessions receive different IP addresses or configure another attribute such as MSID to ensure that there is a unique attribute as the session identifier in an access request.
•
Symptoms: A router that runs SSG may reload when SSG is configured as a RADIUS proxy and processes retransmitted access requests from RADIUS clients.
Conditions: This symptom is observed when SSG is configured as a RADIUS proxy with a session identifier as the IP address and when SSG processes multiple simultaneous requests from RADIUS clients, all of which are assigned the same IP address and some of which are retransmitted.
Workaround: Ensure that different sessions receive different IP addresses or configure another attribute such as MSID to ensure that there is a unique attribute as the session identifier in an access request.
•
Symptoms: A spurious memory access occurs on an SSG when you run a MIB get request for the SSG service binding entries.
Conditions: This symptom is observed when an SSG service is bound to a next-hop IP address.
Workaround: There is no workaround.
•
Symptoms: The following error message is displayed on a router that is configured for SSG:
%SYS-3-BADLIST_DESTROY: Removed a non-empty listConditions: This symptom is observed while you unconfigure an SSG feature by entering the no ssg enable force-cleanup command on the router that has one or more instances of an SSG service binding configuration such as the ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).
Workaround: Before you unconfigure the SSG feature, unbind the SSG service by entering the no ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).
•
Symptoms: SSG does not create host objects in RADIUS proxy mode.
Conditions: This symptom is observed when SSG is configured in SSG proxy mode with the session identifier as IP.
Workaround: Use other parameters apart from IP as the session identifier. If this is not a practical option, there is no workaround.
•
Symptoms: IP phones that are connected to an NM-ESW-16 network module may reboot when the Ethernet cable of one of the IP phones is physically unplugged from the NM-ESW-16 network module.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(8)T3 or Release 12.3(11)T and that is configured with an NM-ESW-16 network module with a PPWR-DCARD-16ESW power board.
Workaround: There is no workaround.
•
Symptoms: The output of the show rpm iphc cids src-ip dest-ip src-udp-port dest-udp-port max-cids command does not show the CID values. Only zeros are seen in the command output.
Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(11)T1 when cRTP is configured.
Workaround: There is no workaround.
•
Symptoms: When you boot a router, a voice port remains in the BUSYOUT state, which can be observed in the output of the show voice call summary command.
Conditions: This symptom is observed when the T1 controller is configured as the DS0 group.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T1 controller to enable the voice port to change to the ONHOOK state and voice calls to be resumed.
•
Symptoms: When you enter the show policy-map interface interface-name output command for a switch subinterface, the drop rate counter always shows zero.
Conditions: This symptom is observed on a Cisco RPM-XF that is configured for SAR-based CBWFQ.
Workaround: Determine the drop rate from the number of exceeded packets in the output of the show policy-map interface interface-name output command.
•
Symptoms: "IP Input" and "ESM Logger" processes hold increasing amounts of memory.
Conditions: This symptom is observed when the Embedded Syslog Manager (ESM) is used to manipulate syslog messages and executes show commands to gather information that is required for syslog message modification. The probability that the symptom occurs increases with the number of times that a show command is executed by the TCL script.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway that runs a TCL IVR voice application may reload when the voice application is unconfigured or reloaded.
Conditions: This symptom is observed only when the voice application is unconfigured or reloaded while calls are still active for the voice application.
Workaround: Ensure there are no calls active for the voice application before you unconfigure or reload it.
•
Symptoms: A router that is configured with IPSec sessions reboots consistently at periodic intervals because of a bus error. The output of the show version command shows the following error message:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xXXXXXXXXConditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.8)T.
Workaround: There is no workaround.
•
Symptoms: Auto-logon services may not be activated for some RADIUS proxy users.
Conditions: This symptom is observed on a Cisco router that is configured for SSG, that has a RADIUS proxy enabled, and that has auto-domain enabled with the mode set to "extended" and without NAT. When a RADIUS proxy auto-domain user logs in with a proxy service as a primary service and one or more additional auto-logon services, the connection to the primary service is activated and the host is assigned an IP address from the service, but the connection to the other auto-logon services is not activated.
Workaround: There is no workaround.
•
Symptoms: Fax pass-through may fail.
Conditions: This symptom is observed on a gateway that is configured for fax pass-through or T.38 with fax pass-through as the fallback method after an initial call is established, the gateway detects a fax tone, and the gateway sends a re-Invite message with a new SDP message requesting to switch to fax pass-through. However, the "o" line in the new SDP message has the same version ID as the "o" line in the initial SDP request that was sent by the gateway. If the originating gateway does not indicate that it disabled silence suppression with a "silenceSuppression=off" attribute in its SDP answer, fax pass-through fails.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD2430 may become unresponsive to Telnet session and drop SIP registration because of a memory leak in the "CCSIP_SPI_CONTRO" process.
Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•
Symptoms: When you enter the show telephony-service all or show telephony-service command and when the locale is set to Japan, a spurious memory access is caused by the command, and the following error message and traceback are generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x80EA5400 reading 0x2D0 %
ALIGN-3-TRACE: -Traceback= 80EA5400 80EA3938 803C3090 803C58EC 80ECC3D4 80EE851C 809098F8 8090CD1C %ALIGN-3-TRACE: -Traceback= 80EA56C4 80EA3938 803C3090 803C58EC 80ECC3D4 80EE851C 809098F8 8090CD1CConditions: This symptom is observed on a Cisco router that runs Cisco IOS Release is 12.3(11)T, when Cisco CallManager Express is enabled, and when the user-locale JP or network-locale JP command is configured.
Workaround: There is no workaround.
•
Symptoms: A router reloads when you enter the hardware-address command.
Conditions: This symptom is observed on a Cisco router that is configured for Dynamic Host Configuration Protocol (DHCP).
Workaround: Edit the startup configuration to eliminate the configuration of the hardware-address command and reload the router with the modified startup configuration.
•
Symptoms: A Cisco router that is configured for SSG may hang or crash.
Conditions: This symptom is observed when upstream traffic is sent immediately after a host logs in and the system is busy.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: Packets may be stuck in the input queue of a Cisco 7200 series.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS interim Release 12.3(12.10) and that is configured with an NPE-G1.
Workaround: Reload the router to clear the input queue or increase the input queue beyond the default limit of 75 via the hold-queue length command.
•
Symptoms: 6PE traffic is dropped on a PE router.
Conditions: This symptom is observed when an IPv6 prefix is first learned by an OSPF IGP on a 6PE router but then no longer received by OSPF but iBGP on the 6PE router. The label information is properly updated in the RIB but not in the FIB.
Workaround: Clear the route to restore proper forwarding.
•
Symptoms: Redistributed BGP IPv6 unicast routes are not advertised to any BGP peer even though they are shown as the best path. The output of the show bgp ipv6 unicast ipv6-prefix command shows that the best path route is "Not advertised to any peer."
Conditions: This symptom is observed when BGP IPv6 is configured to redistribute a better (that is, numerically lower) distance route, for example, when the redistribute ospf address family configuration command is enabled with an administrative distance of 110.
The symptom normally occurs only for originating iBGP routes (for example, with an administrative distance of 200) because redistributing eBGP routes have a lower distance (for example, an administrative distance of 20).
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: An outgoing call attempt on a BRI voice port may fail with the reason "Mandatory information element missing." The ISDN Q.931 SETUP and RELEASE_COMP message exchange may look similar to the following:
Router#
ISDN BR3/0 Q931: Applying typeplan for sw-type 0x4 is 0x2 0x1, Calling num
1234567890
ISDN BR3/0 Q931: TX -> SETUP pd = 8 callref = 0x04
Bearer Capability i = 0x8090A2
Standard = CCITT
Transer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0x81
Keypad Facility i = '98765432'
Calling Party Number i = 0xA18083, '1234567890'
Plan:ISDN, Type:National
Shift to Codeset 6
Codeset 6 IE 0x23 i = 0x01
Locking Shift to Codeset 6
ISDN BR3/0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x84
Cause i = 0x81E0 - Mandatory information element missingConditions: This symptom is observed on a Cisco voice router that is configured with BRI voice ports and that runs a Cisco IOS interim release for Release 12.3(11)T. (Note, however, that this caveat is resolved in Release 12.3(11)T.) The symptom occurs typically when the outgoing Q.931 SETUP message from the BRI voice port carries a "Calling Party Number" IE.
Workaround: If this is an option, use voice translation rules on the originating voice gateway to suppress the "Calling Party Number" IE so that it is not sent in the outgoing ISDN Q.931 SETUP message on the terminating voice gateway.
•
Symptoms: A PPP over ATM circuit that is assigned to a multilink-group interface does not negotiate to use multilink.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(9.10)T or a later release. It is not present in Cisco IOS release trains other than 12.3T.
Workaround: There is no workaround. However, because the symptom is specific to configurations that assign the PPP connections to multilink-group interfaces, if there is no need to use multilink-group interfaces, the configurations may be adapted to employ virtual-access interfaces for bundles.
•
Symptoms: When a call from the VoIP side is configured for "presentation restricted," the isdn map address command may override the Calling line ID presentation/rejection (CLIP/CLIR) in the ISDN SETUP message to "presentation allowed."
Conditions: This symptom is observed when the isdn map address command is used to modify the ISDN plan and type.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway with a BRI interface may fail to include a bearer cap in the outgoing setup message for a SIGO call. This situation causes a QSIG supplementary services call to fail.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(8)T6 or interim Release 12.3(11)T2. The symptom does not occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: An LNS sends two accounting stop records when a client re-negotiates a PPP session.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1 and that functions as an LSN when VPDN multihop is configured.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: IPCP does not come up because it does not negotiate.
Conditions: This symptom is observed on a Cisco platform when certain AAA peruser attributes are downloaded from a RADIUS server. One example is an absolute timeout or idle timeout without any other peruser attributes; such as configuration causes PPP to stall before starting IPCP.
Workaround: Configure values on the platform rather than downloading them from the RADIUS server.
Resolved Caveats—Cisco IOS Release 12.3(11)T12
Cisco IOS Release 12.3(11)T12 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T12 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
•
Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.
Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.
Workaround is to disable on interfaces where CDP is not necessary.
IBM Connectivity
•
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml
IP Routing Protocols
•
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.
Miscellaneous
•
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.
•
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
Symptoms: When H323 call service stops, the router still listens on TCP port 1720 and completes connection attempts.
Conditions: This symptom occurs after H323 is disabled using the following configuration commands:
voice service voip h323 call service stop
Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document at http://www.cisco.com/warp/public/707/tacl.html
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document at http://www.cisco.com/warp/public/707/iacl.html.
For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper" at http://www.cisco.com/en/US/products/ps6642/products_white_paper0900aecd804fa16a.shtml.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
–
–
–
–
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
•
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•
Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.
Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.
Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:
config t
ip ssh version 1
endAlternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:
10.1.1.0/24 is a trusted network that
is permitted access to the router, all
other access is denied
access-list 99 permit 10.1.1.0 0.0.0.255
access-list 99 deny any
line vty 0 4
access-class 99 in
endFurther Problem Description:
For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:
For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:
http://www.cisco.com/warp/public/707/ssh.shtml
•
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the IOS FTP Client feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
•
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: When a reverse SSH session is established with valid authentication credentials, anyone can obtain unprivileged Telnet access to a system without being authenticated. This situation affects only reverse SSH sessions when a connection is made with the ssh -l userid :number ip-address command.
Conditions: This symptom is observed only when the Reverse SSH Enhancement is configured. This enhancement is documented at the following URL:
Workaround: Configure reverse SSH by entering the ip ssh port portnum rotary group command. This configuration is explained at the following URL:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_q_and_a_item09186a0080267e0f.shtml
•
Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.
There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.
•
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: When you reload a Cisco 2600 series, the router may hang.
Conditions: This symptom is observed on a Cisco 2600 series when you attempt to run the c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other releases.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–
–
–
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Resolved Caveats—Cisco IOS Release 12.3(11)T11
Cisco IOS Release 12.3(11)T11 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T11 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router allows logging into the root (or any other configured) view without prompting for a password.
Conditions: This symptom is observed when no method list is configured for login service.
Workaround: Configure a method list for the login service.
•
Symptoms: Users under specified conditions may be able to access privilege level 15 without entering a password.
Conditions: In Cisco IOS Release 12.3(7)T and later, which support Role-Based CLI Access, the use of the none keyword in the default login method list may allow users to enter root view mode (privilege level 15) without entering a password.
Example, if the customer configures:
aaa authentication login default group tacacs+ none
If the TACACS+ server is down, users are allowed to enter non-privileged mode. However, they can also enable into root view access through the enable view command without having to enter a password.
Workaround: The resolution of the DDTS puts authentication of the enable view command to the default enable method list.
Prior to software upgrade, a workaround is to ensure that the method none is not in the default login methods list.
Miscellaneous
•
Symptoms: Policing does not drop any packets after the packets are sent or received at a rate that is much higher than the committed information rate (CIR).
Conditions: This symptom is observed on a Cisco 7500 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
•
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
•
Symptoms: An analog or digital CAS port enters a state in which inbound or outbound calls, or both, may no longer function through the port.
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as gateways with analog or digital CAS ports that use PVDM2 DSP modules.
When this problem occurs, it impacts multiple ports that share the same signaling DSP. The output of the show voice dsp signaling EXEC command shows which DSP is used by a port for signaling. The symptom may occur more often for ports that use DSP 1 on the PVDM2 module for signaling.
Because this issue impacts the signaling channels, it has been seen that calls either will not connect at all through impacted ports or in some cases when multiple simultaneous calls are present on adjacent voice ports/timeslots, the call may connect momentarily before being disconnected.
If a problem occurs only on a single voice port, there is another problem, not this caveat (CSCse15025). PRI/BRI calls are not affected because PRI/BRI does not utilize the DSP for signaling purposes.
When the symptom occurs with either a VIC2-xFXO or EVM DID/FXS module, enter the terminal monitor command followed by the test voice port port- number si-reg-read 39 1 command for one of the affected ports. The output typically should be a single octet value for register 39. When the symptom occurs, information for Registers 40, 41, and 42 is presented and some of the registers show double- octet information. See the example output (2) below.
When the symptom occurs with FXS or analog E&M modules, enter the terminal monitor command followed by the test voice port port- number codec-debug 10 1 command for one of the affected ports. The output typically should be a single octet value for each register. See the example output (4) below.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reload the gateway to restore proper operation.
Further Problem Description: The changes in CSCse15025 includes changes in CSCsc11833 and CScsd90851. These changes have been shown to help mitigate this problem in the majority of cases.
There is a further detection and reset mechanism in CSCse15025 that will recover the DSP which is in this state. This mechanism will trigger immediately if the impacted voice port is an analog FXO port. For other voice ports, a delay in the detection will be present and it is possible to see the symptom of this problem before the recovery code triggers.
Note that the reset mechanism will cause any active calls utilizing the DSP in question to be dropped.
It is recommended if running with modules which can be impacted by this issue to upgrade to a release of software which contains the changes in CSCse15025. If the DSP is reset and the below output is seen, contact the TAC for further assistance. Note that this output is sent at debug level and it is recommended to enable either syslog or logging buffered on the gateway.
Logging buffered on the gateway is enabled through the global command logging buffered 50000 debug as an example to set the logging buffered to use 50K bytes of processor memory for logging. The output of the log can be seen with the exec command show log
----
Example output when detection and recovery code on gateway triggers:
*May 31 14:30:43.343: TDM pointers: 0100 0100 0115 0115. Deltas: 0001 0000.
*May 31 14:30:43.347: Received alarm indication from dsp(0/1)
0030 0000 0080 0000 0013 4100 2E2E 2F2E 2E2F 6D6F 6475 6C65 732F 7363 6865
6475 6C65 2F64 6562 7567 2E63 2833 3634 2900
*May 31 14:30:43.347: ../../modules/schedule/debug.c(364)
*May 31 14:30:43.347: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0,
changed state to Administrative Shutdown
*May 31 14:30:43.647: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1,
changed state to Administrative Shutdown
*May 31 14:30:43.947: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/2,
changed state to Administrative Shutdown
*May 31 14:30:44.247: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/3,
changed state to Administrative Shutdown
*May 31 14:30:48.147: Crash dump CLI may not be configured, not able to get
crash info, slot 0, dsp 1
*May 31 14:30:48.147: DSPDUMP - Recover slot 0 dsp 1
*May 31 14:30:48.147: DSPDUMP - ka sent 0, ka_cnt 51193, skip_ka 103079
*May 31 14:30:50.579: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed state to up
*May 31 14:30:50.947: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0,
changed state to up
*May 31 14:30:51.219: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1,
changed state to up
*May 31 14:30:51.371: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/2,
changed state to up
*May 31 14:30:51.523: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/3,
changed state to up
----Following are command output examples:
1.
For FXO ports, the value is usually 0x01 but for EVM FXS the value can be different. When you run the above-mentioned command, the expected output is that a single octet is displayed and only for register 39. (This command does not work for VIC-4FXS and VIC2-xFXS modules).
router#term mon
router#test voice port 0/3/3 si-reg-read 39 1
router#
Values read from SiLabs Codec connected to DSP 0, channel 11:
--------------------------------------------------------------
Register 39 = 0x012.
router#term mon
router#test voice port 0/3/3 si-reg-read 39 1
router#
Values read from SiLabs Codec connected to DSP 0, channel 11:
--------------------------------------------------------------
Register 39 = 0x5CB8
Register 40 = 0xFFFF
Register 41 = 0xFFFF
Register 42 = 0xFFFF3.
Values read from PEB2465 Codec connected to DSP 02 (channel 0):
---------------------------------------------------------------
Extended Register Values (XR4..XR1) = 00, CC, 50, 114.
Values read from PEB2x65 Codec connected to DSP 0, channel 1:
------------------------------------------------------------
Extended Register Values (XR4..XR1) = D001, B83C, 3FF1, 63AC•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
Resolved Caveats—Cisco IOS Release 12.3(11)T10
Cisco IOS Release 12.3(11)T10 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T10 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.
Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.
Workaround: There is no workaround.
•
Symptoms: Terminal window PPP clients may fail with Cisco Access servers.
Conditions: This symptom has been observed on Cisco AS5400 gateways and Cisco AS5800 servers.
Workaround: There is no workaround.
•
Symptoms: Active eRSC on a Cisco AS5850 gateway could hang after RPR+ failover, if the aaa accounting system command is configured.
Conditions: The symptom has been observed under the following conditions:
1.
2.
Workaround: There are two workarounds.
1.
2.
Interfaces and Bridging
•
Symptoms: POS interfaces may remain in the up/down state after the router has been reloaded.
Conditions: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.
Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.
Miscellaneous
•
Symptoms: MLP may fail or may be rejected on a PE router.
Conditions: The symptom is observed on a Cisco 7500 series that functions as a PE router after a connected CE router is reloaded with a different Cisco IOS software image that it ran before.
Workaround: Create a new multilink interface on the PE router or reload the VIP for the bundled physical interface on the PE router.
•
Symptoms: Context-based Access Control (CBAC) fails to pass H.245 packets through a router, and the following error message is generated:
Corrupted header, version number 3, reserved 7C, header size 101
Conditions: This symptom is observed on a Cisco router when the ip inspect command is configured for H.323 in a configuration in which one gateway runs H.323 version 2 and is connected via the router to another gateway that runs H.323 version 4.
Workaround: Ensure that all gateways run H.323 version 4.
•
Symptoms: After a DSP restarts, RTP packets are not sent from the DSP to a trunk connection.
Conditions: This symptom is observed on a Cisco 7200 VXR router that runs Cisco IOS Release 12.3(10a) or Release 12.3(11)T when the connection trunk command is enabled.
Workaround: There is no workaround. To re-enable the DSP to send RTP packets, enter the enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the voice port that is associated with the DSP.
•
Symptoms: The FXSLS voice port is stuck in an on-hook state, and the digital signal processor (DSP) is not released.
Condition: This symptom occurs when the FXSLS user stays offhook at the end of the call after Cisco IOS software sends a Howler tone to the FXSLS port.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur when an SNMP trap is sent to a VRF destination. The output of the show processes memory command shows that the memory that is held by the process that creates the trap increases, and eventually causes a MALLOC failure. When this situation occurs, you must reload the platform.
Conditions: This symptom is platform-independent and occurs in a configuration in which at least one VRF destination has the snmp-server host command enabled.
Workaround: Ensure that no VRF is associated with the snmp-server host command.
•
Symptoms: The packets are not switched correctly using the Fast Switching with IPSec tunnel protection feature.
Condition: This symptom has been observed in Cisco IOS Release 12.4(1b) when tunnel protection IPSec is configured and tunnel source interface has Fast- switching (but not CEF) configured.
Workaround: Use CEF switching.
•
Symptoms: A Cisco Gateway that is running Session Initiation Protocol (SIP) calls might run out of processor memory due to hung SIP calls.
Conditions: Active and hung calls can be seen using the show sip-ua calls command. The following specific scenario will result in a hung call:
1.
2.
3.
4.
5.
Each hung call will use a little more memory, and eventually the gateway will run out of memory.
Workaround: Change to Cisco IOS Release 12.3(14)T3, Release 12.3(11)T6, Release 12.4(2)T1, or Release 12.4(1a).
•
Symptoms: When removing the OSPF IPsec authentication configuration from CLI in IPV6, an alignment traceback will be seen pointing back to crypto_ikmp_peer_is_dead.
Conditions: This symptom occurs when OSPF IPsec authentication (IPV6) is configured and removed.
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes when you enter the fsck command for an ATA flash disk.
Conditions: This symptom is observed when the boot sector of the ATA flash disk is corrupted and when the router runs a release that is listed in the "First Fixed-in Version" field at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed58384. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Format the disk.
•
Symptoms: A large configuration in NVRAM on a primary or secondary RSP may become corrupted and the router may generate relevant warning messages during the execution of a copy system:running-config nvram: startup-config command.
When you erase NVRAM by entering the erase nvram command and then enter the copy system:running-config nvram: startup-config command, the router may crash.
Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.
Workaround: If the configuration file is significantly large, place a copy of the configuration file on a flash card or disk with ample space and enter the boot config slot0:startup-config command to force the startup configuration file to be read from the flash card.
When you enter the copy system:running-config nvram: startup-config command, the current running configuration is saved to the flash card or disk and the configuration is auto-synchronized to the corresponding flash card on the secondary RSP.
Caution: Do not remove the flash card while the boot config slot0:startup-config command is being executed.
•
Symptoms: Intermittent one-way audio (PSTN hears dead air) on inbound ISDN call through Cisco VoIP AS5850 gateway.
Conditions: This symptom has been observed to occur with inbound ISDN calls with outbound SIP calls towards a Cisco MeetingPlace server. Numerous calls which are transferred via SIP REFER contribute to the gateway get into this state.
Workaround: There is no workaround to prevent the gateway from getting into this state. Once in this state, reloading the gateway will help clear this condition for awhile.
•
Symptoms: An analog or digital CAS port gets into a state where inbound and/or outbound calls through the port may no longer work.
Conditions: This symptom has been seen on Cisco 2800 and Cisco 3800 gateways with analog or digital CAS ports.
It can take some time for the symptom to occur, but when it does occur, it impacts multiple ports which share the same signaling DSP. To see which DSP a port is using for signaling, check the output of the exec command show voice dsp. It has been observed to occur more often with those ports which are use DSP 1 on the PVDM2 module for signaling.
Since PRI does not utilize the DSP for signaling purposes, it is not impacted by this issue.
When the problem occurs and this is either on a VIC2-xFXO or EVM DID/FXS modem, run 'test voice port <port #> si-reg-read 39 1' on one of the impacted ports. You need to run 'terminal monitor' first to see the output. The output typically should be a single octet value for register 39. When the problem happens, information for Registers 40, 41 and 42 is presented as well and some of the registers show double-octet information. See example output below.
Workaround: There is no workaround to prevent this problem from occurring. Once in this state, a reload of the gateway is necessary to recover it.
Normal output:
For FXO ports, the value is usually 0x01 but for EVM FXS this can be different. The expected output is that a single octet is displayed and only for register 39 when running the command. This command will not work on VIC-4FXS/VIC2-xFXS modules.
router#term mon router#test voice port 0/3/3 si-reg-read 39 1 router#Values read from SiLabs Codec connected to DSP 0, channel 11:
Register 39 = 0x01Output when symptom occurs:
Note that the exact output for the register values will be different but when the problem happens, multiple information is displayed as shown.
router#term mon router#test voice port 0/3/3 si-reg-read 39 1 router#Values read from SiLabs Codec connected to DSP 0, channel 11:
Register 39 = 0x5CB8 Register 40 = 0xFFFF Register 41 = 0xFFFF Register 42 = 0xFFFF•
Symptoms: The fix for busyout slot on the Cisco AS5400 platform causes build issues.
Conditions: This symptom is observed on a Cisco AS5400 platform.
Workaround: There is no workaround.
•
Symptoms: When you enter the show voice call status command five to six times in quick succession, the CPU use of a Cisco AS5850 reaches 99 percent. The Cisco AS5850 thereafter becomes very unstable in accepting incoming calls. This situation can be highly service-impacting under stress conditions.
Conditions: This symptom is observed on a Cisco AS5850 that is running a special image of Cisco IOS Release 12.3(11)T6 and occurs only when there are more than 900 H.323 voice calls.
Workaround: Do not enter the show voice call status command in a stress situation.
•
Symptoms: Cisco VPN Client may see how all the manually configured backup servers are erased after connecting to a Cisco IOS EasyVPN concentrator.
Conditions: This symptom has been observed in an network-based IPSec VPN solution (ASWAN) when there is no backup-gateway configured (or downloaded via Radius) in the Cisco IOS VPN concentrator.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may restart because of a software forced crash preceded by the following error:
%SYS-6-STACKLOW: Stack for process VTSP running low, 0/12000Conditions: This symptom has been observed on Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2821 router may crash intermittently if the router switches Encapsulating Security Payload (ESP) packets.
Conditions: This symptom has been observed on a Cisco 2821 router when switching ESP packets.
Workaround: There is no workaround.
•
Symptoms: The on-board FastEthernet 0/0 results in state "FastEthernet0/0 is up, line protocol is down" after a reload, power-up or a shutdown and no shutdown operation. This is verified when the FastEthernet 0/0 is connected to Telsey and Pirelli Media Converters in series.
This symptom is not present if the Cisco 1718 and Cisco 2950 routers are connected directly, without any media converters in between. This symptom may not be present using a media converter from other vendors.
Conditions: This symptom has been observed connecting the on-board port of a Cisco 17xx router running Cisco IOS Release 12.3(11)T to Telsey and Pirelli Media Converters in series, like:
1718(fa0/0)--Telsey MC ----------- Pirelli MC--(fa 0/1)2950This symptom has also been observed with Cisco IOS Release 12.4(5), which is the latest available image for this platform.
Workaround: Replace the media converter with one from another vendor.
•
Symptoms: High CPU utilization occurs on a Cisco AS5850.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T3 when dCEF is not applied to packets because of an H.323 slow start configuration using the h323 call start {fast | slow} command.
Workaround: Remove the slow start configuration.
•
Symptoms: The free space on a flash disk of a router does not report the expected free space. Copying an image onto the flash disk may not be possible with this image in the router since the reported free space is smaller than the actual space. Three symptoms may be seen:
1.
2.
3.
Conditions: This symptom has been observed on a router loaded with Cisco IOS Release 12.3(11)T10.fc3 and occurs only in Cisco IOS Release 12.3(11)T10. No other branch or none of the earlier Cisco IOS Release 12.3(11)T releases are affected.
Workaround: Using the fsck command on the disk will solve the issue.
•
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
Wide-Area Networking
•
Symptoms: When a call is placed from the network side to a VoIP CPE that runs Cisco IOS Release 12.3(6c) and when the called party number is configured on a dial peer that points to a deactivated BRI, the VoIP CPE may release the incoming call to the VoIP leg with incorrect disconnection cause code 16 (normal call clearing) instead of cause code 34 (no circuit).
Conditions: This symptom is observed when the BRI is deactivated by a router that functions as a VoIP CPE and that runs Cisco IOS Release 12.3(6c). Note that a router that runs Release 12.2(11)T7 or Release 12.3(6b) sends the proper cause code 34.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform that functions as a MPLS VPN provider edge (PE) router that is configured as a multihop LNS and that switches L2TP tunnels from the global routing table into a customer VRF may select an incorrect VRF table to send the L2TP control packets to the customer LNS.
Conditions: This symptom is observed in the following scenario:
–
–
–
In this scenario, the L2TP control packets that are sent during the establishment of the second tunnel are sent within the VRF context of the first tunnel.
Workaround: Use unique source and/or destination addresses.
•
Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).
Workaround: There is no workaround.
•
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
•
Symptoms: If a PPPoE client session is timed out (e.g. due to a network outage), and a restart of the session is subsequently unsuccessful (e.g. because network outage persists or the PPPoE server has not timed out the prior session) and if the user then manually clears the session, then the router will no longer be able to bring up this session until a reload is performed.
Conditions: This symptom has been observed when the PPPoE session is unexpectedly interrupted with Cisco IOS Release 12.3(8)T8 or Release 12.3(11) T5. The next feature also needs to be configured.
pppoe-client dial-pool-number 1 dial-on-demand
Workaround: Use the following procedure:
1.
2.
This symptom is limited to PPPoE client sessions using the DDR feature.
Resolved Caveats—Cisco IOS Release 12.3(11)T9
Cisco IOS Release 12.3(11)T9 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When command accounting is enabled, Cisco IOS routers will send the full text of each command to the ACS server. Though this information is sent to the server encrypted, the server will decrypt the packet and log these commands to the logfile in plain text. Thus sensitive information like passwords will be visible in the server's log files.
Conditions: This problem happens only with command accounting enabled.
Workaround: Disable command accounting.
Interfaces and Bridging
•
Symptoms: When changing the encapsulation and exiting configuration mode on a serial interface on a Cisco 7500 router from HDLC to either PPP or Frame- Relay, the router may experience a cBus complex restart.
Conditions: This symptom has been observed in Cisco 7xxx routers using Cisco IOS Release 12.3(17).
Workaround: Manually configure an MTU value to set the maximum datagram size to what is required. However, this may affect routing protocols that require matching MTU values.
IP Routing Protocols
•
Symptoms: A router that is running Cisco IOS may crash unexpectedly.
Conditions: NAT must be enabled for this symptom to occur. The problem is seen when an application uses two well known ports: one for source and the other for destination. The outgoing translation is created, but on the return trip, using the previous source port as the destination, NAT may use the incorrect algorithm.
For example, if a PPTP session is initiated to the well known port 1723 from source port 21 (FTP), then the outgoing packet will create a FTP translation (we look at source information when going from in->out). When the packet is returned, we again look at the source information to know what kind of packet this is. In this case we have the source port will be 1723, and NAT will assume this is a PPTP packet. This will try to perform PPTP NAT operations on a data structure that NAT built for a FTP packet and may lead to a crash.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 router that is performing NAT could drop IPSec packets.
Conditions: This symptom is observed on a Cisco 7200 router that is performing NAT functionality for IPSec transit packets. The router will NAT and forward the Inside to Outside IPSec (ESP) packets, but might drop the return IPSec packets from Outside to Inside.
Workaround: Disable NAT for IPSec.
•
Symptoms: One router (R2) may begin sending updates to another router (R1) before R2 has received the BGP prefix list from R1.
R1 does apply its inbound BGP prefix list so routes are denied if they need to be. However, R2 sends routes to R1 which are denied by R1.
Conditions: This symptom is observed when both routers have negotiated a BGP outbound route filter (ORF) and when R1 sends its BGP prefix list to R2.
Workaround: There is no workaround.
Miscellaneous
•
Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.
Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml.
•
Symptoms: When changing a route pattern or destination number, the trunk (or endpoint receiving a new destination number) may be unusable until the gateway is reset.
Conditions: This symptom is observed on a Cisco 3600 series that functions as a gateway.
Workaround: Via the gateway configuration panel, reset the gateway after changing the route pattern or destination number.
•
Symptoms: BRI dial peers are down if one of the peers is configured with a VWIC-1MFT-T1.
Conditions: This symptom is observed on a Cisco router that is configured with a VWIC-1MFT-T1 and occurs because the outbound status for the dial peer is not updated correctly.
Workaround: Disable the dial-peer status checking during the outbound dial-peer matching by entering the no dial-peer outbound status-check pots global configuration command.
•
Symptoms: A Cisco 3745 that functions as a CCME may crash during a test with 640 BHCAs.
Conditions: This symptom is observed when the test includes the following call types:
–
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: The router may not be able to detect busy and congestion on the cptone Japan voice-port configuration.
Conditions: This symptom is observed on Cisco 2600, Cisco 3660, and Cisco 3640 routers when the cptone command is configured for Japan.
Workaround: There is no workaround.
•
Symptoms: There is no voice path between an IP phone and an MGCP FXS endpoint.
Conditions: This symptom is observed on a Cisco 3600 series when you disconnect a call on the IP phone and, after you hear the dial tone, dial another IP phone. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: The VAD state is not restored to the configured setting after a Voice Band Data (VBD) change occurs for the AAL2 trunk.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: There is no workaround.
•
Symptoms: When call threshold is configured on a gateway, the gateway does not keep track properly of the calls. Once the threshold is met, the gateway does not allow any more calls, even if the high value is not yet met.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway.
Workaround: There is no workaround. To recover from the symptom, allow all calls to clear. Doing so allows you to place calls again.
•
Symptoms: An EZVPN tunnel does not come up and becomes stuck in the "VALID_CFG" state even though the tunnel is configured to come up automatically.
Conditions: This symptom is observed on a router that is rebooted with EZVPN enabled on an interface.
Workaround: Unconfigure and reconfigure EZVPN on the interface.
•
Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.
Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.
Workaround: Upgrade to IP Communicator 1.1(3) or above, which ignores this incorrect packet.
•
Symptoms: A call transfer may fails.
Conditions: This symptom is observed on a Cisco router that functions as a Cisco CallManager Express (CME) when the transfer-pattern argument of the transfer-pattern transfer-pattern command is ".T" to allow the transfer of telephone calls from Cisco IP phones to phones other than Cisco IP phones.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•
Symptoms: When a router detects "invalid identity" failures while decrypting IPsec packets, a memory leak occurs for the packet memory that is associated with these failed packets.
Conditions: This symptom is observed only when an "invalid identity" error occurs, which is an uncommon error that indicates that the originating router does not send packets according to what was originally negotiated. However, if there is another error that causes a "bad" decryption, the packet could be invalid and may also cause the symptom to occur.
Workaround: There is no workaround.
•
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
•
Symptoms: A Modular QoS CLI (MQC) CoS marking disappears after you reload a router and QoS does not work.
Conditions: This symptom is observed on a Cisco router when the policy map is configured with a class using CoS marking via the set cos command. After the router has reloaded, the CoS marking is still present in the configuration but does not appear in the output of the show policy-map interface command.
Workaround: Remove and re-apply the service policy on the main interface.
•
Symptoms: A router that is configured for QoS crashes because of a bus error.
Conditions: This symptom is observed when you bring up a session that has a policy map attached in both directions.
Workaround: There is no workaround.
•
Symptoms: After the PXF engine crashes or reloads, some prefixes are no longer routable.
Conditions: This symptom is observed on a Cisco router after the PXF engine crashes or after you have entered the microcode reload pxf command.
Workaround: Initiate an RP switchover or reboot the router.
•
Symptoms: A Cisco AS5400 might not release all voice resources for an MGCP call after it is disconnected.
Conditions: This symptom is observed on both the Cisco AS5400 and Cisco AS5850 platforms but is not platform dependent. The symptom is associated with the simultaneous disconnection of a large number of calls.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: Media Gateway Control Protocol (MGCP) calls fail to land in timeslots 16-31 on E1 controllers.
Conditions: This symptom is observed in a Cisco AS5850 platform that is running a Cisco IOS Release 12.4(5) image. This symptom is not observed if OGW is a Cisco AS5400 platform. This was not observed in a Cisco IOS Release 12.4 (3.8) image. This may be service impacting as only half of the timeslots can be used for generating calls.
Workaround: There is no workaround.
•
Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.
Conditions: This symptom is observed when both of the following conditions are present:
–
–
This only occurs on Cisco IOS Release 12.3(11)T8.
Workaround: There is no workaround.
•
Symptoms: Conferencing DSPFarm profile is not getting associated/registered with Cisco CallManager (CCM).
Conditions: This symptom is observed in Cisco 3745 and Cisco 2811 routers with c5510 DSPs.
Workaround: There is no workaround.
•
Symptoms: Multilink bundles on a Cisco 7500 series may process-switch traffic instead of using dCEF, causing the CPU usage of the RSP to increase sharply and a CPU hog condition to occur.
Conditions: This symptom is observed when an RPR+ switchover occurs on a Cisco 7500 series that is configured for HA.(The switchover causes an MLP to flap.) However, the symptom may also occur on a Cisco 7500 series that has a single RP (so, without a switchover) when an MLP link flaps.
Workaround: There is no workaround. Note that the symptom does not occur when SSO is configured because the MLP state is maintained.
•
Symptoms: A VIP may pause indefinitely or quality of service (QoS) may not work as expected on an interface that is configured for distributed MLP (dMLP).
Conditions: This symptom is observed on a Cisco 7500 series when the VIP processes dMLP and LFI traffic.
Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.
The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in the show frame-relay pvc command show the packets correctly.
Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 that handles SIP voice calls may reload because of an address error.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for symmetric NAT and that is used to handle calls from the PSTN and forward them to a SIP network.
Workaround: There is no workaround.
•
The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include:
–
–
There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml.
•
Symptoms: A Cisco IPSec router may restart because of a bus error.
Conditions: This symptom is observed when you remove a crypto map entry that includes the dynamic keyword in its definition, as in the following example:
router#show running
...
crypto map map-name 5 ipsec-isakmp dynamic dyn-map
...
router(config)#no crypto map map-name 5Workaround: Before you delete the crypto map entry that includes the dynamic keyword in its definition, manually configure all dynamic crypto maps that must be deleted to point to a nonexistent ACL, as in the following example:
router#show running
...
crypto dynamic-map dyn-map 5
...
router(config)#crypto dynamic-map dyn-map 5
router(config-crypto-map)#match address no-such-acl•
Symptoms: A router crashes because of a bus error when ICMP or UDP packets that are larger than 1393 bytes are transmitted through an IPSec tunnel.
Conditions: This symptom is observed when a policy map and crypto map are applied to the tunnel interface.
Workaround: Remove the policy map.
•
Symptoms: CWM is not in synch with mgx-rpm-xf-512 in an MGX8850 shelf. No traps are sent from the RPM-XF card, show rpm trap ctrlblk on rpm- xf command shows the message:
task state = 8Conditions: This symptom has been observed with mgx-rpm-xf-512 running Cisco IOS Release 12.3(2)XZ in a Cisco MGX8850
Workaround: There is a manual procedure to change the task state back to 4 which will allow the traps to be sent.
•
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml
•
Symptoms: There are two symptoms:
1. When a policy is attached to the incoming interface, an aggregate control- plane policing policy will not classify traffic correctly.
2. When a control-plane policing policy is attached to the aggregate path, a similar policy attached to the host, transit or cef-exception paths will not classify traffic correctly.
Conditions: This symptom has been observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4.
Workaround: Any existing interface policy would have to be removed for the aggregate control-plane policing policy to work. Any existing aggregate policing policy will have to removed for the host/cef-exception/transit path control-plane policing policy to work.
•
Symptoms: The SNMP process hangs while a QoS MIB object is queried.
Conditions: This symptom is observed when the execution of a QoS show command is in the "More" state while the QoS MIB object is queried. The SNMP process resumes when the show command is finished. Depending on the SNMP configuration, different symptoms may occur while the SNMP process is waiting for the QoS show command to finish.
Workaround:
Do not leave the show policy-map command or the show class-map in the more state or prior to executing one of these commands issue the exec command term len 0 and after the show command is complete issue the exec command term len 24.
•
Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third party gateway. When the third party gateway sends T.38 open logical channel to the Cisco gateway, no open logical channel acknowledgement is sent by the Cisco gateway. After waiting for 30 seconds for T.38 open logical channel acknowledgement, the third party gateway closes its T.38 open logical channel.
Conditions: This happens when T.38 fax relay calls are originated or terminated on a Cisco gateway that is running Cisco IOS Release 12.3(4)T and later releases.
Workaround: There is no workaround.
•
Symptoms: A Voice Gateway crashes when running under a heavy voice call load.
Conditions: This symptom is observed on a Voice Gateway that is running Cisco IOS Release 12.3(11)T6. The gateway is under heavy voice call load with access to media/application documents residing on local gateway flash, http and tftp servers.
Workaround: The following is not quite a workaround:
call threshold global cpu-5sec low value high value
For example:
call threshold global cpu-5sec low 50 high 70
The CLI can ease the CPU load on the gateway by reducing the probability for a crash.
•
Symptoms: IKE negotiation will fail. Any tunnel that requires IKE to successfully negotiate a security association will not work.
Conditions: This symptom occurs when authentication for IKE is configured as RSA encryption (authentication rsa-encr).
Workaround: There is no workaround.
•
Symptoms: The following commands used for detecting memory leaks would crash the router which uses external memory such as the RPM-XF platforms.
show memory debug leaks
show memory debug leaks chunks
show memory debug leaks largest
show memory debug leaks summaryConditions: This symptom has been observed on the RPM-XF cards using Cisco IOS interim release 12.4(4.6).
Workaround: There is no workaround.
•
Symptoms: After loading "flash:c2600-entservicesk9-mz.123-11.T7.bin", the E1 controller is missing from the snmpwalk command of IF-MIB.
Conditions: This symptom has been observed on a Cisco2621XM.
Workaround: There is no workaround.
•
Symptoms: PSTN is sending in an "*" and the router is reading it in as a "D". PSTN is also sending in a "#" and router is reading it in as an "*".
Conditions: This symptom has been observed on an MGCP T1-CAS gateway connected to Cisco CallManager doing MF and using Cisco IOS Release 12.3(8)T11, Release 12.3(11)T7, or Release 12.3(14)T4.
Workaround: There is no workaround.
•
Symptoms: The error message "Got WATCHDOG Interrupt from NM at slot x" is displayed, and CEM stops passing traffic.
Conditions: This symptom occurs when an adaptive clock is configured on the CEM.
Workaround: Disable adaptive clock or configure a different payload-size.
Further Problem Description: The problem is caused by a floating point exception that caused the firmware to crash.
•
Symptoms: When performing the show policy-map interface MFR command, the counters do not increment.
The counters in show policy-map interface MFR do not increment for any type/class of service. Even the class-default shows 0 packets. The counters in show frame-relay pvc show the packets correctly.
Conditions: A map-class is configured under an MFR (FRF.16) bundle (sub- interface). This map-class consists of both an input and output service-policy.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS gateway using Cisco IOS Release 12.3(8)T or later versions will use an ephemeral port to send a response to any SIP request. This may not work with port restricted NAT, which is expecting a response on the same connection as the one on which the request was sent and may drop the response.
Conditions: This symptom is observed on a Cisco IOS gateway with Cisco IOS Release 12.3(8)T or later releases and a port restricted NAT.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: A switch or router that is either configured with a PA-A3 ATM port adapter may eventually run out of memory. The leak occurs when the FlexWAN or VIP that contains the PA-A3 port adapter is removed from the switch or router and not re-inserted.
The output of the show processes memory command shows that the "ATM PA Helper" process does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.
Symptom 2: A switch or router that has certain PIM configurations may eventually run out of memory.
The output of the show processes memory command shows that the "PIM process" does not have sufficient memory. The output of the show memory allocating-process totals command shows that the "Iterator" process holds the memory.
Condition 1: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.
Condition 2: This symptom observed on a Cisco 2811 and Cisco 3845 and occurs only in Cisco IOS Release 12.2(30)S, interim Release 12.4(2.10), and interim Release 12.4(2.10)T, or in any later releases.
Workaround 1: Either do not remove the PA-A3 ATM port adapter from the FlexWAN or VIP or re-insert the PA-A3 ATM port adapter promptly. The memory leak stops immediately when you re-insert the PA-A3 ATM port adapter.
Workaround 2: When the ip multicast-routing command is configured, enable at least one interface for PIM. When the ip multicast-routing vrf vrf-name command is configured, enter the ip vrf forwarding vrf-name command on at least one interface that has PIM enabled.
•
Symptoms: Ingress standard ACL for transit traffic is broken on MFR interface.
Conditions: This problem is found on a Cisco 7500 series router that is running Cisco IOS Release 12.3(11)T8 with MFR bundle over a PA-MC-8TE1 combo card.
Workaround: There is no workaround.
Protocol Translation
•
Symptoms: You may not be able to download a complete file from an FTP during a V.120 session.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that runs Cisco IOS Release 12.2(15)ZK6 or Release 12.3(11)T5. The symptom could also occur in other releases such as Release 12.3 or Release 12.4.
Workaround: This problem can be circumvented by disabling the negotiation of multilink on the client adapter or the router. Alternatively, configuring ppp multilink queue depth fifo 10 on the Virtual-Template interface should allow for a successful FTP download.
Wide-Area Networking
•
Symptoms: Incoming calls to a router may sporadically fail during the PPP IPCP phase, and the following message may appear in the output of the debug PPP command:
Update queued IPCP code[1] id[1]
Conditions: This symptom is observed when the router is configured to accept dialin calls.
Workaround: There is no workaround.
•
Symptoms: Attempts to remove a PRI group fail.
Conditions: This symptom is observed when an NFAS group has group number 0 and when you attempt to remove a FAS PRI group.
Workaround: Shut down the NFAS group before you remove the FAS PRI group.
•
Symptoms: AAA method may fail on calls in the Cisco IOS 12.3(11)T releases.
Conditions: This symptom was observed on a Cisco AS5850 that was running Cisco IOS Release 12.3(11)T8 but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: ISDN NFAS failover issues are observed in Cisco IOS Release 12.3(11) T7. If the primary NFAS d-channel is bounced, the switch sees some of the b- channels in "remote busy" (RMB).
Conditions: This symptom only happens when the primary NFAS d-channel is bounced.
Workaround: There is no workaround.
•
Symptoms: Using the show caller full or show caller interface Virtual-Access XX full commands on a PPPoE client interface causes the router to unexpectedly reload.
Conditions: This symptom has been observed on routers using Cisco IOS Release 12.4(3.3) and later versions.
Workaround: Avoid using those commands.
Resolved Caveats—Cisco IOS Release 12.3(11)T8
Cisco IOS Release 12.3(11)T8 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Closing an existing Telnet session may cause a router to crash.
Conditions: This symptom is platform-independent
Workaround: There is no workaround.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•
Symptoms: Memory allocations fail on the gateway though there is enough free memory. If this failure happens in ISDN, the gateway crashes subsequently.
Conditions: This symptom has been observed when the H323 aaa accounting command is enabled.
Workaround: There is no workaround.
Further Problem Description: Memory allocations for a block of 3k bytes fail with memory fragmentation as the cause. When this failure occurs, there is approximately 20MB of free memory on a gateway with 220MB of processor memory.
Interfaces and Bridging
•
Symptoms: One or more ATM PVCs stops transmitting packets.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-A3 or PA-A6-OC3 port adapter when the PVC is configured with CBR and when traffic with more than the configured CBR value passes.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router that is configured for NAT may crash because of a bus error.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(9a) but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an H.323 RAS messages that does not contain an IP address.
Workaround: Disable H.323 RAS in NAT by entering the no ip nat service ras command. If you must use H.323 RAS in NAT, there is no workaround.
Miscellaneous
•
Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(5b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.
Workaround: There is no workaround.
•
Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.
Workaround: There is no workaround.
•
Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.
Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.
•
Symptoms: A Cisco 7500 series may crash because of a bus error after applying a service policy to a subinterface.
Conditions: This symptom is observed when the Cisco 7500 series runs Cisco IOS Release 12.2(16c) or Release 12.3 when there are many interfaces and subinterfaces configured.
Workaround: Do not apply the service policy to the ATM subinterface. Rather, apply the service policy to the PVC directly.
•
Symptoms: When you enter the show policy-map interface command for one particular interface, the output shows the policing actions for other interfaces.
Conditions: This symptom is observed when policing is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.
Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.
Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.
•
Symptoms: A router may reload unexpectedly when you enter the show call active voice command. After the crash, the output of the show version command may show a message similar to the following:
System returned to ROM by error - a SegV exception, PC 0x803D4DC8Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for voice.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the VTSP process on a Cisco 3660. However, calls go through.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(10) and that it is configured with an ISDN BRI and for VoIP.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform that runs Cisco IOS Release 12.3(10) and that functions as a gatekeeper in an SS7 interconnect configuration may reject calls.
Conditions: This symptom is observed when the following conditions are present:
–
–
From this point on, the gatekeeper rejects new calls with an Admission Rejection (ARJ) message that indicates that the call capacity of the voice gateway is exceeded.
Workaround: Do not configure Trunk Group and RAI together. If this is not an option, there is no workaround.
•
Symptoms: ATM VC output tail drops occur on a Cisco MGX 8800 series RPM-XF. Resource error drops increase for resource number 6 or 7.
Conditions: This symptom is observed when the outgoing traffic is more than what the ATM VCs can handle. The Cisco MGX 8800 series RPM-XF has a FPGA revision of less than 16.
Workaround: Police the outgoing ATM traffic.
•
Symptoms: When a Cisco CallManager Express (CCME) is configured for the longest-idle ephone hunt group, the call is not forwarded to the final number.
Conditions: This symptom is observed when a call that is made to the longest-idle ephone hunt-group pilot number is redirected on a busy signal or no answer signal from one Cisco IP phone directory number (ephone-dn) to another ephone-dn (from the configured ephone-dn list) until the call is answered. When none of the ephone-dns answers the call, the caller receives a fast-busy signal instead of the call being routed to the final number.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.
Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.
Workaround: There is no workaround.
•
Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway that has the garbage detector (a tool that is used for debugging memory leaks) enabled may hang indefinitely.
Conditions: This symptom is observed when you enter the garbage detector-related show memory debug leaks command or show memory debug incremental leaks command.
Workaround: There is no workaround.
•
Symptoms: A router reloads unexpectedly when the show policy interface EXEC command is entered.
Conditions: This symptom is observed on a Cisco router when two users are connected to the router and simultaneously enter the show policy interface EXEC command.
Workaround: Ensure that only one user at a time enters the command.
•
This caveat consists of the two symptoms, two conditions, and two workarounds:
Symptom 1: After you have disabled MVPN on a VRF interface, the CPU use for the PIM process increases to 99 or 100 percent and remains at that level.
Condition 1: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases.
Workaround 1: Before you disable MVPN on the VRF interface, enable and then disable multicast routing by entering the ip multicast-routing vrf vrf-name global configuration command followed by the no ip multicast-routing vrf vrf-name global configuration command.
Symptom 2: A router that functions under stress and that is configured with a VRF interface may crash when an MDT group is removed from a remote PE router.
Condition 2: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases, and occurs only when there are frequent link flaps or other multicast topology changes that affect the VRF interface.
Workaround 2: There is no workaround.
•
Symptoms: A Cisco router may reload when removing a Frame Relay map from a dial interface.
Conditions: This symptom occurs when a dial (ISDN) interface is configured for Frame Relay encapsulation with a map that includes IP Header Compression.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 reaches 99% CPU and starts rejecting the calls upon issuing the show voice call status call- id command in quick successions. This can be highly service impacting. The box thereafter becomes very unstable in accepting the calls coming in. This happens only on stressing the box with more than 900+ calls.
Conditions: This symptom is seen on a Cisco AS5850 that is running a special build of 11-T6 image with 900+ H323 voice calls.
Workaround: Try to avoid giving this command under stressed conditions, but nevertheless this can be service impacting.
•
Symptoms: A VPN hub router may reload when you enter the clear crypto session remote ip-address command.
Conditions: This symptom is observed after a remote peer disconnects ungracefully (that is, the peer is suddenly powered-off or the LAN cable is disconnected) and immediately reconnects to the VPN hub router with a different public address.
Workaround: Do not enter the clear crypto session remote ip-address command. Rather, enter the clear crypto sa command.
•
Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.
Conditions: This symptom is observed when both the following conditions are present:
–
–
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CCSCeg43855. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Further Problem Description: When the error message is generated, a crash may also occur in the following configuration in which hub-n-spoke GRE tunnels are configured for IPSec and EIGRP: When the spokes have a primary hub and a backup hub (that is, a GRE tunnel to each) and when a switchover from the primary hub to the backup hub occurs multiple times, the spoke man crash. This particular situation is observed on a Cisco 1841 and Cisco 3825.
A workaround for this particular situation is to prevent multiple hub switchovers from occurring or to refrain from configuring GRE tunnels with IPSec and EIGRP.
•
Symptoms: A Cisco 2851 may crash at the tsp_search_voice_port function.
Conditions: This symptom is observed when the no ccm-manager mgcp command is entered very rapidly, for example, via an automated script.
Workaround: There is no workaround.
•
Symptoms: The wrong IKE SA is deleted when the SA deletion is triggered by the idle timer.
Conditions: This symptom has been observed when the clients are behind a firewall or NAT device and their public address is set by Port Address Translation (PAT) to the same IP address as their LAN IP address.
Workaround: Use NAT instead of PAT.
•
Symptoms: No more than 930 H.323 terminating calls can be brought up on a Cisco 5850 because socket allocation failures occur.
Conditions: This symptom is observed on a Cisco 5850 that functions as a TGW in RPR+ mode when H.323 slow start is enabled and when H.245 tunneling is disabled. Note that the symptom does not occur when H.245 tunneling is enabled or when the Cisco 5850 functions as an OGW.
Workaround: Configure H.245 tunneling and fast start by entering the following commands:
Router(config)# voice service voip
Router(conf-voi-serv)#h323
Router(conf-serv-h323)#no h245 tunnel disable•
Symptoms: A Cisco 7200 series or Cisco 7301 that is equipped with a VAM, VAM2 or VAM2+ accelerator may refuse a valid RSA key and generate an error message such as the following:
% Error in generating keys: did not validate % Key pair import failed.Conditions: This symptom is observed under rare circumstances when a valid RSA key is composed of unusually short or long prime numbers and coefficient.
When the VAM is deactivated during the importation of the RSA key, the router accepts the key but when the VAM, VAM2, or VAM2+ is inserted into the chassis, the router miscomputates the signature payload of the IKE/ISAKMP exchanges.
Workaround: Create a new RSA key.
Further Problem Description: The result of the wrong operation can be seen on the other side of the connection by activating the debug crypto engine and debug crypto isakmp commands. The following messages are related to the failure:
crypto_engine: public key verify
crypto_engine: public key verify, got error no available resources
ISAKMP:(0:2:HW:2): signature invalid!•
Symptoms: A router that is configured for IPSec may reload because of a stack or program counter corruption.
Conditions: This symptom is observed on a Cisco router that uses a certificate with a very long subject name of several hundred bytes when the distinguished name (DN) is used as an ISAKMP identity. The symptom does not occur for shorter subject names (for example, 290 characters). In most environments, a subject name of 80 characters or less is common.
Workaround: Use certificates with a shorter subject name.
•
Symptoms: Traffic does not pass over a connection between a Cisco AXSM-XG module and a Cisco MGX 8800 series RPM-XF after a graceful hardware migration of a redundant pair of AXSM/A, AXSM/B, or AXSM-E cards to AXSM-XG cards.
Conditions: This symptom is observed after the hardware migration for the connections that already existed between the AXSM/A, AXSM/B, or AXSM-E card and the RPM-XF before the hardware migration. The symptom does not occur for new connections that are added between the AXSM-XG and the RPM-XF after the hardware migration, nor does the symptom occur for hardware migrations of standalone (as opposed to redundant pairs of) AXSM/A, AXSM/B, or AXSM-E cards to AXSM-XG cards.
Workaround: After the hardware migration, delete and re-add the affected connections.
•
Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5850 may reset unexpectedly.
Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.
Workaround: There is no workaround.
•
Symptoms: The following error message and traceback are generated on a Cisco MGX 8800 series RPM-XF, and you cannot ping a destination:
%GENERAL-3-EREVENT:HWCEF: Failed to alloc Mtrie HW node
-Traceback= 4005B148 4005C398 4005C918 40066B5C 4028D634 4028DF6C 40294B84 4029AC5C 4063D470 40614C90Conditions: This symptom is observed when there are many summary routes advertised with continuos route updates and withdraws via BGP or IGP sessions. The symptom occurs because the PXF CEF memory for level 4 becomes exhausted.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 that functions in RPR+ mode reloads unexpectedly because for each call an MGCP application holds an increasing amount of memory that is not freed up.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T7. The symptom could also occur in Release 12.4 or Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: QoS information disappears from a FlexWAN module or VIP that is configured with a distributed MFR interface.
Conditions: This symptom is observed after the FlexWAN module or VIP resets or after the interface flaps.
Workaround: Remove the service policy from the interface and reapply it to the interface.
•
Symptoms: A VIP card having a dMLFR configuration on a Cisco 7500 series router may crash on entering the microcode reload command in the global configuration mode.
Conditions: This symptom has been observed on a Cisco 7500 series router with a VIP card having a dMLFR configuration when traffic is flowing at that point of time.
Workaround: There is no workaround.
•
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•
Symptoms: After a call is made between H.323 and SIP on the IPIPGW, executing the show call active voice command does not reflect the call leg information.
Conditions: This symptom occurs when doing SIP-H323 calls.
Workaround: There is no workaround.
•
Symptoms: All incoming packets on a Frame Relay Link have the DE bit set.
Conditions: This symptom is observed on a Cisco 2811 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 under normal traffic conditions.
Workaround: There is no workaround. Note that the symptom does not occur on a Cisco 1760 that runs Release 12.3(10).
•
Symptoms: A router does not attempt to autoinstall a software configuration via a Frame Relay WAN segment when it receives a response to a DHCP request on an Ethernet LAN, even though the DHCP server does not support autoinstall via TFTP.
Conditions: This symptom is observed when a software configuration is replaced on a failed remote router or installed on a new remote router. The router is connected to an existing Ethernet LAN and a Frame Relay WAN segment. You would expected that the router autoinstalls over the Frame Relay WAN segment because it is supposed to download the configuration from a central TFTP server. However, this does not occur.
When the router has a response to its DHCP request on the Ethernet LAN, it attempts to autoinstall over DHCP. Although the DHCP server does not support autoinstall over DHCP, the router does not attempt to autoinstall over the Frame Relay WAN segment.
Workaround: Prevent the DHCP server from responding to the router request or ensure that someone is physically present to disconnect the Ethernet LAN link from the router to force the router to autoinstall over the Frame Relay WAN segment. When the router has autoinstalled over the Frame Relay WAN segment, the router should be reconnected to the Ethernet LAN.
•
Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.
Workaround: Add another NM-HD-2VE and configure codec complexity medium.
•
Symptoms: A Cisco 3825/c3845 may display the following error message and traffic is interrupted:
%SBETH-3-ERRINT: GigabitEthernet0/0, error interrupt, mac_status = 0x0000000000840000Conditions: This symptom is observed when multiple users that are connected to a downstream switch attempt to log into network resources across a WAN (traversing the router).
Mostly Seen with Appletalk protocol over GE.
Workaround: There is no workaround.
•
Symptoms: Packets that enter on an interface that has the ssg direction downlink command enabled are not translated even though the ip nat inside is enabled.
Conditions: This symptom is observed on a Cisco router that is configured for SSG with the TP, TT, or TX type of service and that runs Cisco IOS Release 12.3(11)T4 or Release 12.3(14)T. The symptom may also occur in Release 12.3 but does not occur in Release 12.3(11)T3.
Note that when you disable the ssg direction downlink command on the interface, NAT works fine.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2651XM may not drop unicast Ethernet frames that are not destined for its MAC address.
Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP.
Workaround: Enter the standby use-bia command on the main interface.
•
Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5400 may reset unexpectedly.
Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.
Workaround: There is no workaround.
•
Symptoms: XFL: VC CoS queue size value is wrong for Early Packet Discard (EPD) based congestion management algorithm.
Conditions: With SAR based QoS, VC CoS queue size value is not updated properly. This occurs when congestion management algorithm is changed from Weighted Random Early Detection (WRED) to EPD.
Workaround: Enter the shut command followed by the no shut command on the subinterface or reprogram the affected CoSQ.
•
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when the stack for VTSP runs low in memory.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway.
Workaround: There is no workaround.
•
Symptoms: When a dialer interface is configured as an endpoint for a IPSec+GRE tunnel, tracebacks with bad refcount may be generated.
Conditions: This symptom is observed on a Cisco 837 when router-generated packets such as routing updates are being switched.
Workaround: There is no workaround.
•
Symptoms: XFL: CoSQ creation fails while switching between Weighted Random Early Detection (WRED) and Early Packet Discard (EPD).
Conditions: When the MAX 8 CoS queues are configured under a VC tunnel, and traffic is queued in the CoS queue, trying to switch the CoS queue congestion management policy results in SAR queue creation failure.
Workaround: Enter the shut command followed by the no shut command on the subinterface.
•
Symptoms: You cannot create a maximum session number for a DSPfarm profile conference.
Conditions: This symptom is observed on a a Cisco router that runs Cisco IOS Release 12.3(11)T or Release 12.4(1a) when time slot 1 through 24 of the PRI group are configured before you attempt to create a maximum session number. The symptom occurs on an NM-HDV2 that has a PVDM2-64 installed.
Workaround: First configure a maximum session number for the DSPfarm profile conference, then configure time slot 1 through 24 of the PRI group.
Do not reload the gateway or enter the shutdown command for the DSPfarm profile after everything is properly configured because otherwise the PRI group would grasp all the DSP resources again.
•
Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.
Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.3(11)T5. This symptom typically occurs when fax lines are configured on the FXS port.
Workaround: There is no workaround.
•
Symptoms: See the following:
–
–
Conditions: User may observe the following symptoms when this problem occurs:
–
–
Workaround: User may apply an inbound access-list to RPM-XF GE interface that prevents local VLAN forwarding:
ip access-list extended no-local-forwarding
permit ip any host 192.168.1.100
permit ip any host 192.168.1.255
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
!
interface GigabitEthernet 1/0
ip address 192.168.1.100 255.255.255.0
ip access-group no-local-forwarding in
!This access-list can stop traffic storms generated by RPM-XF. However, the access-list will not fix the odd behavior to "traceroute" program and may cause some operating systems to report "ping" to a target device is denied. Currently, there are no effective workarounds for "traceroute" or "ping".
•
Symptoms: Cisco AS5400 and AS5350 T1 CAS calls fail with "no users answer," and a traceback is seen at vtsp_tsp_call_setup_ind, along with the following error:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt levelConditions: This problem is seen when making CAS calls in Cisco AS5400 and AS5350 platforms.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.
Workaround: There is no workaround.
•
Symptoms: A small buffer leak may occur on a router that has a BRI interface that is in the "Layer 1 Down" state (that is, the interface is not able to establish ISDN Layer 1).
Conditions: This symptom is observed when there is an attempt to activate inactive BRI interfaces. During such an attempt, small buffers are allocated periodically to transmit unnumbered messages to establish the TEI that is to be used on the interface. The buffers cannot be transmitted because the ISDN Layer 1 protocol is down, causing the buffers to be enqueued and lost from the small buffer pool until ISDN Layer 1 becomes active. These enqueued buffers may leak from the small buffer pool, although technically this is not a leak because the buffers are in a queue.
Possible Workaround: Enter the isdn tei-negotiate first-call command.
•
Symptoms: A SegV exception crash may occur on a Cisco router that is configured for voice calls.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6a) or Release 12.3(9) but may not be platform-dependent.
Workaround: There is no workaround.
•
Symptoms: When you remove a policy map that is attached to a service policy or when you make changes in the CIR of a policy class, a router may produce spurious align messages and may crash.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(7.7) or Release 12.3(9) and that is configured for PPP.
Workaround: Do not to make any changes to the policy map or any changes that are related to QoS.
•
Symptoms: A memory leak may occur on a Cisco AS5350 or Cisco AS5400 that runs Cisco IOS Release when ISDN synchronous digital calls are made. This situation causes the platform to reload eventually.
Conditions: This symptom is observed in a rare situation during a stress test when ISDN sends a first RELEASE message, a connected switch returns a STATUS message, and ISDN sends a second RELEASE message. The first RELEASE message causes a memory leak.
Workaround: There is no workaround.
•
Symptoms: A router may crash when a PPP link joins a multilink PPP (MLP) bundle.
Conditions: This symptom is observed when a packet is forwarded to the multilink bundle interface when at the same time a new link joins an active bundle (that is, a bundle that is already running with at least one member link). The likelihood of the symptom occurring is rare, but increases when the system load increases or when the level of outbound traffic on the bundle increases.
Workaround: There is no workaround.
•
Symptoms: An MFR bundle may stay in the down state after redistributing bundle links. The output of the show frame-relay multilink command displays as cause code "inconsistent bundle."
Conditions: This symptom is observed when a Remove-Link message is lost.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected bundle.
•
Symptoms: A router may crash while performing an SNMP walk on VPDN-related MIB Objects. SNMP get and set operations function fine.
Conditions: This symptom is observed on a Cisco router that is configured with MLP interfaces.
Workaround: Reload the router and do not perform an SNMP walk. Instead use get operations.
•
Symptoms: When you set up PPPoA sessions in a stress situation, the following error message may be generated:
%IDMGR-3-INVALID_ID: bad id in id_to_ptrConditions: This symptom is observed on a Cisco 10000 series that is configured with about 22,000 active PPPoA sessions and that has a CPU usage of 99 percent. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: On a router that is configured for SLIP/PPP, spurious memory accesses may be reported in the output of the show alignment command.
Conditions: This symptom is observed after a SLIP/PPP test on an asynchronous modem.
Workaround: There is no workaround.
•
Symptoms: The asynchronous resources on a NAS may remain active after a VPDN setup because the LAC does not close the L2TP session on receipt of the L2TP Call Disconnect Notification (CDN) from the LNS.
Conditions: This symptom is observed on a NAS that is configured with digital modems when the L2TP session is abnormally aborted, for example, when the L2TP session is aborted before the LNS sends an LCP termination request to the dialin user.
Workaround: Manually free the asynchronous resources on the NAS by entering the clear line line-number command or ask the remote dialin user to disconnect the modem.
•
Symptoms: PPP does not establish new sessions.
Conditions: This symptom is observed on a Cisco router that is configured with full virtual-access interfaces when a PPP leak occurs.
Workaround: Reload the router and configure virtual-access subinterfaces instead of full virtual-access interfaces.
•
Symptoms: A dialed circuit that carries a PPP connection over a tunnel between an LNS and a LAC is not dropped when the tunnel is reset.
Conditions: This symptom is observed when you enter the clear vpdn all command, when the LNS reloads, when the IP link between the LSN and LAC is disrupted, or when any other event occurs that causes the tunnel to be reset.
Workaround: There is no workaround.
•
Symptoms: An outgoing Basic Rate Interface (BRI) call fails to activate the layer 1.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fix for caveat CSCsa66756. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa66756. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: The output of the show pppoe session or show vpdn session command does not show PPPoEoA session details.
Conditions: This symptom is observed for a point-to-point ATM interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 5850 reloads when an RLM group is unconfigured.
Conditions: This symptom is observed when you enter the no isdn rlm-group number command and when there are more than 31 NFAS members in the same NFAS group.
Workaround: Shut the primary interface, remove the NFAS members of the same NFAS group, and unconfigure the RLM group.
•
Symptoms: The B channel on an NFAS "none" group member may hang with its channel state set to PROPOSED, which you can see in the output of the show isdn service command.
Conditions: This symptom is observed when the first activity on an NFAS "none" member is an outgoing call. After the first incoming or outgoing call, the symptom does no longer occur.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(11)T7
Cisco IOS Release 12.3(11)T7 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.
Conditions: This symptom is observed when there are simultaneous Telnet requests.
Workaround: There is no workaround.
•
Symptoms: The configuration of the snmp-server host command overrides an existing entry.
Conditions: This symptom is observed when the snmp-server host command is used in conjunction with port numbers. When you configure multiple host entries with the same host address but with different port numbers, the existing entries are overridden.
Workaround: Do not configure multiple host entries with the same host address but with different port numbers.
•
Symptoms: Several tty lines may become stuck in the "Carrier Dropped" modem state. You can verify this situation by entering the show line line-number EXEC command for an individual line. However, when you enter the show line EXEC command (that is, you do not enter a value for the line-number argument), the output shows that the same tty lines are active (that is, they are in the "*" state):
......
I 2/47 Digital modem - DialIn - - - 7 0 0/0 - Idle
I 2/48 Digital modem - DialIn - - - 7 0 0/0 - Idle
* 2/49 Digital modem - DialIn - - - 5 0 0/0 - Carrier Dropped
I 2/50 Digital modem - DialIn - - - 7 0 0/0 - Idle
I 2/51 Digital modem - DialIn - - - 13 0 0/0 - Idle
I 2/52 Digital modem - DialIn - - - 10 0 0/0 - Idle
......In addition, both the output of the show users EXEC command and the output of the show caller EXEC command do not show a user or caller name or show an incorrect user or caller name. The output of the show caller EXEC command does show that the service is "TTY."
Conditions: These symptoms are observed on a Cisco AS5400 that is configured for modem dialin with PPP and EXEC connectivity and for login authentication via a TACACS+ server.
Workaround: To clear the stuck line, enter the clear port slot/port EXEC command.
•
Symptoms: When TACACS+ accounting or authorization is configured, many CPU cycles are consumed, messages are not sent, and the platform is unusable.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 when TACACS+ accounting, authentication, or authorization is enabled with a faulty server and when the server sends unsolicited data while the socket is being set up.
Workaround: Disable TACACS+.
•
Symptoms: The operation result of an IP SLA jitter probe shows a high packet MIA that is equal to the jitter's number of packets minus one. In the responder router, the responder debug message shows many error packets.
Conditions: This symptom is observed when multiple jitter probes (either from the same router or from different routers) are configured to send packets to the same destination IP address and the same destination port number and when the responder is turned off for a short time and turned on again.
Workaround: To prevent the symptom from occurring, configure the jitter probe to use a unique destination port number.
Alternate Workaround: If the symptom has occurred, turn off the responder by entering the no rtr responder global configuration command, wait until all jitter probes report "No connection," and then turn on the responder by entering the rtr responder global configuration command.
•
Symptoms: A memory leak may occur when you delete a RADIUS server group.
Conditions: This symptom is observed when the server is configured with a key.
Workaround: There is no workaround.
•
Symptoms: Although a RADIUS server is up and running, a router may not contact the RADIUS server during login authentication.
Conditions: This symptom is observed when the RADIUS server is declared dead and then, after an accounting-on record is sent, changes to the up state.
Workaround: Configure local authentication as a backup by entering the aaa authentication login default group radius local command and a local user name and password.
•
Symptoms: You cannot log on when a TACACS+ server is used for authentication. You get a message that authentication fails and you are asked again to enter your user name.
Conditions: This symptom is observed when you make a Telnet connection to a router that is configured for TACACS+ after you have entered you user name and your TACACS password.
Workaround: Configure the TACACS+ single connection option by entering the tacacs-server host host-name single-connection command.
Interfaces and Bridging
•
Symptoms: The transmit rate is higher than the configured committed information rate (CIR), causing the network to drop frames.
Conditions: This symptom is observed only when traffic is process-switched and when software payload compression and header compression are configured.
Workaround: Enable either CEF or fast-switching. If process-switching must be used, add a compression adaptor and configure FRF9 data compression instead of packet-by-packet payload compression. You can enable FRF9 data compression in the following ways:
–
frame-relay payload-compression frf9 stac
–
frame-relay map ip ip-address dlci payload-compression frf9 stac
Further Problem Description: We do not recommend process-switching in combination with software payload compression because it is not possible to provide latency guarantees.
IP Routing Protocols
•
Symptoms: A Cisco router may crash when it is reloaded with PIM traffic on the network.
Conditions: This symptom is observed on a Cisco 7200 series router with multicast enabled but is not platform dependent. Bootup is the most likely place where this will happen, but the router may crash anytime if an interface flap happens at the right time while receiving PIM traffic.
Workaround: There is no workaround.
•
Symptoms: Conditional advertisement of the default route via a route map does not work when you enter the neighbor default-originate command.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: Disable the route map entirely. If this is not an option, there is no workaround.
•
Symptoms: When you reset a BGP peer, some prefixes are missing.
Conditions: This symptom is observed on a Cisco MGX8850 RPM-XF that runs Cisco IOS Release 12.3(11)T. However, the symptom is platform-independent and may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.
Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.
•
Symptoms: A BGP speaker may fail to send all of its prefixes to a neighbor if the neighbor sends a refresh request to the BGP speaker at the same time that the BGP speaker is generating updates to the neighbor. This situation causes the neighbor to miss some prefixes from its BGP table.
Conditions: This symptom may occur between any pair of BGP speakers.
A common scenario is that a VPNv4 PE router is reloaded and then fails to learn all prefixes from its route reflector (RR). In this configuration, the symptom occurs when the processing of a VRF configuration causes the PE router to automatically generate a route-refresh request to the RR, while the RR is still generating updates to the PE.
Workaround: There is no workaround.
•
Symptoms: When you enter the traceroute command from an IP address that is different from the address in the NAT default configuration, the incoming PAT sends the reply packets to the NAT default address that is defined in the NAT default configuration and not to the original source address from which the traceroute command was entered. Note that the outside PAT works fine.
Conditions: This symptom is platform-independent. NAT overload traffic and other TCP traffic is not affected.
Workaround: There is no workaround.
•
Symptoms: Suboptimal routing occurs in an OSPF configuration or a routing loop occurs between two border routers that redistribute BGP into OSPF.
Conditions: These symptoms are observed when at least two border routers are connected via eBGP to another autonomous system, receive the same prefix over these connections, and redistribute the prefix into OSPF. Under certain conditions, for example when the eBGP session from the preferred BGP exit point to the eBGP peer flaps, the second router in the local autonomous system becomes the preferred path and redistributes the eBGP route into OSPF. When the eBGP session with the first router comes back up, the LSA should be flushed but this does not occur. This situation may create routing problems on other OSPF routers or, when BGP has a higher administrative distance than OSPF, routing loops between both border routers.
Workaround: There is no workaround.
•
Symptoms: NAT H.323 does not create an entry in the NAT translation table even though debugging shows that NAT processes the packet correctly. This situation causes one-way voice for the called party, preventing them from hearing the calling party.
Conditions: This symptom is observed only when ICMP error messages are processed by NAT.
Workaround: There is no workaround.
•
Symptoms: When an IP phone that is located at a central site leaves a conference, a one-way voice condition occurs for the remaining two phones in the conference.
Conditions: This symptom is observed in a Hub-and-Spoke configuration in which both sites perform NAT when a voice conference is created by an IP phone that is located at a central site with two IP phones that are located at a remote site. NAT is configured on the hub and at the remote site, SCCP is the voice signaling protocol, and the conference occurs between the hub and the remote site.
Workaround: Enter the clear ip nat translation * command.
Miscellaneous
•
Symptoms: On a Cisco 7500 series, all PVCs may suddenly enter the down state and remain in this state for about two minutes before they come back up. During the DLCI down state, the subinterface does not go down and no notifications are observed in the message log.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RPS4+ or an RSP8 and that runs the rsp-jsv-mz image of Cisco IOS Release 12.2(12i). In addition, the router is configured with an 8-port serial port adapter and an HSSI port adapter, is configured for Frame Relay, and has more than 450 PVCs/DLCIs. Note that the symptom may be platform-independent and may also occur on other Cisco platforms in a similar configuration.
Note. This is a timing issue and is not dependant on the number of VC's.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2691 may hang after crashing with the following error message:
%ERR-1-GT64120 (PCI-0): Fatal error, DMA out of range errorConditions: This symptom is observed when you boot the Cisco 2691.
Workaround: There is no workaround.
Further Problem Description: The symptom is only observed on a Cisco 2691.
•
Symptoms: TCPClear sessions on a Cisco AS5850 may have throughput issues and slow response time. Conditions: This symptom was observed on a Cisco AS5850 with TCPclear sessions. Workaround: There is no workaround.
•
Symptoms: A Cisco access server may reload because of a bus error.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(8)T3 and that has the voice statistics max-storage-duration day 1 command configured.
Possible Workaround: Change the maximum storage duration day from one to two by entering the voice statistics max-storage-duration day 2 command.
Further Problem Description: This situation affects devices that use voice statistics with a CME configuration. If neither voice statistics nor a CME configuration is used, the symptom does not occur.
•
Symptoms: A new user cannot log in to a VPN server.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(10.1)T and that functions as a VPN server after you have added a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command.
Workaround: Do not add a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command. Rather, enter the crypto dynamic-map dynamic-map-name dynamic-seq-num command.
Alternate Workaround: Reload the VPN server.
•
Symptoms: When you enter the show voice call summary command on a Cisco 5850, the CPU utilization increases up to 95 percent and causes Connection Admission Control (CAC) to become active and calls to drop. When the generation of the command output is complete, the CPU utilization is restored to its normal value.
Conditions: This symptom is observed on a Cisco 5850 that has a heavy incoming call load (40 cps) and that is configured for CAC.
Workaround: Do not enter the show voice call summary command.
•
Symptoms: A Cisco AS5850 looses all connectivity (ISDN, FE, and GE connectivity) and is only accessible via the console port. The "%DSIPPF-5-DS_KEEPALIVE_LOSS: DSIP Keepalive Loss" error message that is generated shortly after the connectivity is lost suggests that the cards in the chassis can no longer communicate with each other too.
Conditions: This symptom is observed after a few hours of normal operation.
Workaround: There is no workaround.
•
Symptoms: PPP forwarding may fail between two virtual access interfaces.
Conditions: This symptom is observed on a Cisco AS5850 but is not platform dependent.
Workaround: Disable PPP multilink on the async interfaces.
•
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may not forward traffic through a GRE tunnel.
Conditions: This symptom is observed on a Cisco 1604 that is configured for MLP and that connects to a Cisco AS5850 through a GRE tunnel over an ISDN connection.
Workaround: Disable MLP on the Cisco 1604.
•
Symptoms: An encrypting router may send traffic that is locally originated (such as keepalive packets or routing update packets) out of order after the packets have been encrypted. Because of the anti-replay check failure, these packets are dropped on the receiving router.
Conditions: This symptom is observed when a multipoint GRE (mGRE) and IPSec tunnel is build between two routers.
Workaround: Turn off packet authentication for the configured IPSec transform.
Further Problem Description: On a Cisco 7200 series that functions as the receiving router, you can observe the symptom in the output of the show crypto ipsec sa detail or show pas isa interface command.
•
Symptoms: After performing an OIR of a controller card, the controllers come up but the ISDN layers remain down. The output of the show isdn service command shows "outofservice" and the output of the show isdn status command shows that layer 1 is deactivated.
Conditions: This symptom is observed on a Cisco AS5850 and may impact the service.
Workaround: Reload the Cisco AS5850.
•
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)or
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid PacketConditions: This symptom is observed under rare circumstances on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Further Problem Description: HSP firmware version 2.3.1 was committed through CSCeg15422 to address the most common conditions that could result in PCI NULL writes that cause memory corruption. The fix for this caveat (CSCeg52468) implements HSP firmware version 2.3.2 to address additional conditions that could result in PCI NULL writes.
•
Symptoms: The following error message is generated during a voice stress test:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel
Conditions: This is symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•
Symptoms: The D channel in an SS7 Interconnect for Access Servers configuration goes down after you have performed an online removal and insertion (OIR) of a T3 card on which the primary NFAS interface is configured.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: Reload the Cisco AS5850.
•
Symptoms: A Cisco AS5350 VoIP gateway leaks memory in the "CCSIP_SPI_CONTROL" process when it receives an "out-of-dialogue" NOTIFY, REGISTER, or OPTIONS request that is syntactically incorrect, for example, it has no contact header. In such a situation, the gateway rejects the request with a 4xx error response, but the output of the show processes memory command shows a memory leak in the CCSIP process.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(8)T or 12.3(11)T.
Workaround: Disable the "out-of-dialogue" NOTIFY, REGISTER, or OPTIONS request or ensure that the syntax of the request is correct.
•
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: When CRTP is enabled on a PPP over Frame Relay PVC via a policy-map configuration, the service policy on the PVC does not function properly because packets are not placed in the priority queue. The output of the show policy-map interface command does not show a class counter.
Conditions: This symptom is observed when you attach a policy map with CRTP on a virtual-template interface and then attach a policy map with a priority feature on the Frame relay PVC. Note that the symptom does not occur for a PPP over ATM PVC or PPP over Ethernet configuration.
Workaround: There is no workaround.
•
Symptoms: Prioritized encrypted traffic is dropped.
Conditions: This symptom is observed when the Low Latency Queuing (LLQ) for IPSec Encryption Engines feature is enabled.
Workaround: Disable QOS preclassification on the crypto map.
•
Symptoms: When an input policy is defined on a Cisco 7500 series, counters do not increment.
Conditions: This symptom is observed when dLFIoFR QoS is configured in the egress path on the router.
Workaround: There is no workaround.
•
Symptoms: The following error message may be generated when a Cisco AS5850 voice gateway boots:
Could not enable MAC
This situation may prevent line cards from booting up and pings over the Fast Ethernet and Gigabit Ethernet interfaces may fail.
Conditions: This symptom is observed on a Cisco AS5850 voice gateway that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: Weighted Random Early Detection (WRED) does not match packets based on any marking done.
Conditions: This symptom has been observed when qos pre-classification (the qos pre-classify command) is turned on.
Workaround: Remove the qos pre-classify command.
•
Symptoms: A T.37 fax fails on a Cisco 2800 series because of clocking problems with a BRI. The fax that is sent or received via the BRI may be incomplete with cut pages or a part lost. About 40 to 50 percent of the faxes fail.
Conditions: This symptom is observed in the following topology:
A fax is sent from a fax machine via the PSTN to a BRI on a Cisco 2800 series. The Cisco 2800 series connects via an IP interface to an SMTP mail server.
Workaround: There is no workaround. Note that a fax that is sent via FXS instead of via a BRI goes through fine.
•
Symptoms: The PXF engine on a Cisco 8800 series MGX RPM-XF crashes and an error message similar to the following is generated:
%PXF-2-FAULT: T0 XCM2 Address Error: R1
The address error may also be R2, R3, and so on.
Conditions: This symptom is observed when there is bidirectional traffic that is either compressed or uncompressed by means of cRTP, IPHC, or TCP compression configurations.
Workaround: There is no workaround. However, after the crash, the PXF engine reloads and recovers by itself.
•
Symptoms: A router that is configured for GRE+IPSec tunnel protection and VRF drops packets that are larger than the size of the MTU of the tunnel interface. The router should fragment the packets.
Conditions: This symptom is observed on a Cisco 2600 series when the size of a (cleartext) packet is larger than 1434 bytes (which is the Ethernet MTU minus the IPSec overhead). However, the symptom is platform-independent and occurs with both software encryption and onboard hardware encryption engines.
Workaround: On the tunnel interface that is configured for GRE+IPsec tunnel protection and VRF, configure an MTU size that is smaller than the MTU size of the physical interface of the tunnel source minus the IPSec overhead, as in the following example:
interface tunnel0 ip mtu 1400
(This example assumes that the physical interface of the tunnel source is an Ethernet interface with an MTU of 1500 bytes.)
•
Symptoms: A router may unexpectedly reload and generate the following error message:
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x60FB1F70Conditions: This symptom is observed on a Cisco 7200 series when one interface is configured for IP Header Compression (IPHC) and when another interface has a crypto map that includes the qos pre-classify command. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: If a spoke cannot complete IKE phase I because of a bad certificate, the failed IKE sessions may not be deleted on an IPSec/IKE responder. Such failed sessions may accumulate, eventually causing router instability. These failed sessions can be seen in the output of the show crypto isakmp sa | i MM command:
172.18.95.21 10.253.34.80 MM_KEY_EXCH 898 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 896 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 895 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 894 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 893 0 ACTIVE
...
Conditions: These symptoms are observed when RSA signatures are used as the authentication method.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that is used for the IKE sessions or re-apply the crypto map to this interface.
•
Symptoms: When more than one voice calls is made, one-way voice occurs in the direction of a CE router to a PE router for one or more of the calls because the voice packets are not transmitted past the PE router. The output of the show ip rtp header-compression interface-type interface-number command shows many packet errors on the PE router.
Conditions: This symptom is observed on a Cisco 8800 series MGX RPM-XF that functions as a PE router and that is configured with a multilink interface that has compression enabled.
Workaround: There is no workaround.
•
Symptoms: The domain name does not appear in the accounting records.
Conditions: This symptom is observed when EzVPN clients use digital certifications that are terminated on a Cisco router and when RADIUS accounting is enabled.
Workaround: Use the accounting information that is available such as the Group-ID.
•
Symptoms: All platforms that support SRST may experience a crash due to memory corruption.
Conditions: This symptom occurs when using the translation- profile command in call-manager-fallback configuration mode.
Workaround: Use the translation command in call- manager-fallback configuration mode.
•
Symptoms: Unable to view PXF IPHC data structures on RPM-XF.
Conditions: This symptom occurs when IP Header Compression is enabled on multilink or virtual-access interfaces.
Workaround: There is no workaround.
•
Symptoms: You cannot bring up a serial interface of a channelized E1 or T1 port. The interface remains in the down/down state.
Conditions: This symptom is observed on a Cisco 3600 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX 8800 series RPM-XF does not monitor the queue size allocation to VCs to ensure that SAR buffer oversubscription does not occur.
Conditions: This symptom is observed when VC queue-depth and CoSQ queue-limit values are configured to override default queue sizes.
Workaround: There is no workaround.
•
Symptoms: An NM-ATM IMA T1/E1 network module configured with IMA bandwidth dynamic and QoS on IMA interface causes the following error messages to be generated:
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
-Traceback= 611D46E8 6002160C 61D4EF90 602C329C 602C6574 602C6D40 61D52170 61D54F2C 61D553E8 61D55784 61D6FF84 61D550EC 61D5516C 604818FC 6047E89C 6047E9C8
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -
Traceback= 611D46E8 600177F4 6145DCB4 6145DDFC 6146B8E8 6146E174 616AB8B0 616ABB58 6205C598 62066DE0 6205C640 61D557F0 61D6FF84 61D550EC 61D5516C 604818FC
%SYS-2-MALLOCFAIL: Memory allocation of 19 bytes failed from 0x6145DCAC, alignment 0
Pool: Processor Free: 139749528 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "<interrupt level>", ipl= 1, pid= 3
-Traceback= 611D46E8 60012958 6001822C 6145DCB4 6145DDFC 6146B8E8 6146E174 616AB8B0 616ABB58 6205C598 62066DE0 6205C640 61D557F0 61D6FF84 61D550EC 61D5516CConditions: When there are link flaps and bandwidth change taking place, the QoS configurations are ignored and deleted from IMA interface.
Workaround:
1. Do not use "IMA bandwidth dynamic" and QoS configurations together on IMA interface.
2. Configure "bandwidth <total bandwidth of all uni interface of that IMA interface" in IMA interface.
•
Symptoms: WRED threshold cell values may become undesirably high for a Cisco MGX 8800 series RPM-XF that is changed from a high-speed to a low-speed configuration.
Conditions: This symptom is observed when a high-speed RPM-XF with output policy maps that have WRED classes with high packet thresholds is converted to a low-speed RPM-XF by configuring SAR-based CBWFQ. This situation causes a conversion of the thresholds from packets to cells.
Workaround: Change the large cell thresholds manually to the appropriate values.
•
Symptoms: Ping fails after you enter the ip cef accounting interface configuration command.
Conditions: This symptom is observed on a Cisco MGX 8800 series RPM-XF that is configured for MPLS VRF.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected MPLS interface.
•
Symptoms: Traceback is seen at bitfield_destroy while making a T.38 fax call.
Conditions: This symptom is observed on a Cisco AS5350 router with E1R2 signaling.
Impact: The error warning message is prompted to show function bitfield_destroy is called at the interrupt level. No impact to memory pool due to dynamic bitfield is not allocated in the described scenario.
Workaround: There is no workaround.
•
Symptoms: A virtual-access interface flaps continuously.
Conditions: This symptom is observed Cisco 3745 router that functions in a PPPoA environment during normal working conditions.
Workaround: Disable keepalives on the dialer interface on the remote router.
•
Symptoms: A Cisco AS5xxx platform may reload unexpectedly with a bus error when you enter the show nextport session tty 4860 command.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 but may also occur on other AS5xxx platforms.
Workaround: Do not use invalid TTY lines (such as 4860) in the show nextport session tty command.
•
Symptoms: Cisco Fax Relay calls both to and from computer-based fax devices fail. Calls to and from traditional fax machines work fine. Calls to and from computer-based fax devices via the PSTN instead of via a Cisco Fax Relay network work fine too.
Conditions: This symptom is observed on a Cisco 3700 series that is configured for Cisco Fax Relay and VoIP.
Workaround: There is no workaround.
•
Symptoms: The "CallID not found" error message is generated several times, followed by a call failure.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Tcl IVR.
Workaround: There is no workaround.
•
Symptoms: An E1 controller on an MGCP trunking gateway reports Loss of Frames (LOF).
Conditions: This symptom is observed when you configure a Cisco 3660 as an MGCP trunking gateway.
Workaround: There is no workaround.
•
Symptoms: The User Adaptation Layer for a Digital Private Network Signaling System (DPNSS) path does not come up.
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as a gateway and that run Cisco IOS Release 12.3(14)T or Release 12.4. The DPNSS path is configured on a VWIC-2MFT-E1-DI Multiflex Voice/WAN interface card that is installed in an NM-HDV2 network module.
Workaround: There is no workaround.
•
Symptoms: A memory leak occurs on an originating gateway.
Conditions: This symptom is observed when Fast Start is enabled, when a call fails after the call proceeding has been received from a primary or alternate endpoint, and when the call falls back to the next alternate endpoint.
Workaround: There is no workaround.
Further Problem Description: The fast-start elements that are received in the call proceeding are freed only once for each call instead of being freed for each endpoint that is tried (assuming that the call falls back to alternate endpoints). This situation causes the memory leak.
•
Symptoms: A call from an originating gateway (OGW) that is configured for SIP via an IPIPGW to a terminating gateway (TGW) that is configured for H.323 may fail when certain codecs are configured on the IPIPGW and H.323 TGW.
Conditions: This symptom is observed under either one of the following conditions:
- The SIP OGW is configured for g.711u, the IPIPGW for g.711u for both connections, and the H.323 TGW for g.729r8. In this configuration, the SIP OGW continues to use g.711u as the negotiated codec and discards the g.729r8 codec that is sent by the H.323 TGW via OLC.
- The SIP OGW is configured for g.729r8, the IPIPGW for g.729r8 for both connections, and the H.323 TGW for g.711u. In this configuration, the SIP OGW continues to use g.729r8 as the negotiated codec and discards the g.711u codec that is sent by the H.323 TGW via OLC.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may display the following error messages and then reload because of a bus error:
HDLC32_RX_ISR_ERR: no particles available!
HDLC32_RX_ISR_ERR: no particles available!
HDLC32_RX_ISR_ERR: no particles available!
HDLC32_RX_ISR_ERR: no particles available!
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=64689BC0, count=0
-Traceback= 0x6100C244 0x604B9F4C 0x60955894 0x60959690 0x60AFCE14 0x60AFF7E4 %ALIGN-1-FATAL: Illegal access to a low address addr=0x0, pc=0x609560C0 , ra=0x609596BC , sp=0x6476BBF8
%ALIGN-1-FATAL: Illegal access to a low address addr=0x0, pc=0x609560C0 , ra=0x609596BC , sp=0x6476BBF8
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x609560C0
-Traceback= 0x609560C0 0x609596BC 0x60AFCE14 0x60AFF7E4Conditions: This symptom is observed on a Cisco router when you enter the channel group command to create a serial interface on an NM-HD or NM-HDV2 network module or on an onboard controller of an Integrated Services Router (ISR) such as a Cisco 2800 series or Cisco 3800 series.
Workaround: There is no workaround.
•
Symptoms: SuperACL process takes a long time to compile policy-maps.
Conditions: This symptom occurs when named ACLs are attached to policy-maps.
Workaround: There is no workaround.
•
A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, Cisco 1900 series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device.
Cisco is making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml.
•
Symptoms: A router may crash when you make basic IPIPGW fax calls.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T6.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3800 series may not drop unicast Ethernet frames that are not destined for its MAC address.
Conditions: This symptom is observed on a Cisco 3800 series that runs Cisco IOS Release 12.3(11)T5 or an earlier release or Release 12.3(14)T1 or an earlier release and that has subinterfaces that are configured for HSRP. The symptom may also occur on Release 12.4T.
Workaround: Enter the standby use-bia command on the main interface.
•
Symptoms: A router may crash when a VPN tunnel is established.
Conditions: This symptom is observed on a Cisco router when an interface has both IPSec and the ip verify unicast reachable-via command enabled and when a hardware encryption engine is used for IPSec.
Workaround: Remove the ip verify unicast reachable-via command from the interface.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: In an MPLS VPN environment, when you set up a Telnet session from a local CE or PE router to a remote CE router, the remote PE router crashes.
Conditions: This symptom is observed on a Cisco 8800 series MGX RPM-XF that runs Cisco IOS Release 12.3(11)T3 or a later release, including Release 12.4, that functions as a remote PE router, and that has a multilink connection to the remote CE router. The remote CE router is a Cisco 7200 series that runs Cisco IOS Release 12.1 and that has the bandwidth command enabled on a virtual-template interface.
Workaround: Upgrade the remote CE router to Cisco IOS Release 12.2 or a later release. If this is not an option and you must run Release 12.1 on the remote CE router, disable the bandwidth command.
•
Symptoms: During the CFNA process, the called party does not get a ringback tone but gets the speech path when connected.
Conditions: The topology is as followed:
PhoneA---(PSTN-DMS-)---FXO---CME----SystemX---PhoneC
|---IPphoneBSystemX+PhoneC could be
1- CCM+phoneC connected to CME via H.323,
2- CCM+QSigPBX+PhoneC connected to CME via H.323,
3- IPphoneC registered with CME
4- Another CME+IPphoneCIPphoneB has call forward noanswer to PhoneC. When call is made from PhoneA to IPphoneB and the call is not answered, before the call is forwarded, the ring back tone is heard at PhoneA. As soon as the call is forwarded, the ringbac tone stops and there is a silence until the call is answered. Once answered the speech is fine. Call forwarding works fine.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: The amount of free processor memory slowly decreases because the "IP input" process holds increasingly more memory. This situation finally leads to MALLOC failures and a crash.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6) or a later release, that is configured with dialer interfaces, and that is configured for large-scale dial-out (LSDO).
Workaround: When the amount of free processor memory becomes too low, reload the router when it least affects the service.
•
Symptoms: When a call from the VoIP side is configured for "presentation restricted," the isdn map address command may override the Calling line ID presentation/rejection (CLIP/CLIR) in the ISDN SETUP message to "presentation allowed."
Conditions: This symptom is observed when the isdn map address command is used to modify the ISDN plan and type.
Workaround: There is no workaround.
•
Symptoms: E1R2 SS7 calls fail to come up when more than one call is made with the following ISDN error:
ISDN Se1/6:15 SC **ERROR**: call_connect: call_id not found, rejecting call
ISDN **ERROR**: Module-CCPRI Function-CCPCC_CallConnected Error-Unknown
event received in message from L3 or Host: 4FConditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: Attempts to change a B-channel service state by entering the isdn service nfas-int number b_channel number {state {0 | 1 | 2} [hard | immediate | soft]} command appear to succeed but the service state does not change.
Conditions: This symptom is observed when a voice application uses a B-channel. The output of the show isdn service detail command shows a locale of ISDN_NEAR_END_APP.
Workaround: There is no workaround.
•
Symptoms: PPTP tunnels do not come up.
Conditions: This symptom is observed when VPDN is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes when PVCs are deleted while the show pppoe session or show vpdn command is entered.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for PPP over Ethernet (PPPoE) when there are two concurrent Telnet sessions. PVCs are deleted via one Telnet session while the show pppoe session or show vpdn command is entered via the other Telnet session. The symptom is platform-independent.
Workaround: Do not delete PVCs via one session and enter the show pppoe session or show vpdn command via another session at the same time.
•
Symptoms: On a leased line (non-dialup) serial connection that is configured for PPP encapsulation, the line protocol may not come back up when the connection is reset. The PPP LCP remains in the closed state, even though the link is up physically.
Conditions: This symptom is observed when an active PPP session is reset and when the underlying link is not simultaneously reset, that is, when PPP goes down but when the link does not go down physically. This situation would occur, for example, when a PPP session is terminated because of keepalive failures.
Workaround: There is no workaround.
•
Symptoms: The CEF-Dialer feature fails to add an adjacency for a Virtual-Access1 CEF interface.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(14.10).
Workaround: There is no workaround.
•
Symptoms: A Cisco 5400HPX may crash when conditional debugging runs.
Conditions: This symptom is observed on a Cisco 5400HPX that runs Cisco IOS Release 12.3(11)T3 when ISDN globally unique identifier (GUID) is configured.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(11)T6
Cisco IOS Release 12.3(11)T6 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization may occur during the TPLUS process on a platform.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6c) and that is configured for TACACS.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: ISDN is not properly established.
Conditions: This symptom is observed on a Cisco 7500 series that has distributed switching enabled via the ip cef distributed command.
Workaround: Disable distributed switching.
IP Routing Protocols
•
Symptoms: Tracebacks that are related to spurious memory accesses may occur and the spurious memory accesses may increase over time. When multicast video streaming is viewed using an IP-TV viewer, this situation causes the browser to hang.
Conditions: This symptom is observed when NAT and multicast configuration on the same router.
Workaround: There is no workaround. To return the browser to normal operation, reload the router.
•
Symptoms: In a VPNv4 network in which a multi-homed CE router advertises multiple paths for a prefix, a PE router may fail to withdraw the prefix previously advertised to another PE router when its best path changes from a non-imported path to an imported path because of a change in the import route map of the VRF.
Conditions: This symptom is observed in a topology in which a CE router connects to a PE router via two different VRFs.
Workaround: Remove the imported path either by unconfiguring the import route map of the VRF or by changing the import route target, withdraw the non-imported prefix from the CE router, and restore the import route map or import route target.
•
Symptoms: A router may stop receiving multicast traffic.
Conditions: This symptom is observed rarely during convergence when a router receives a Join message on an RPF interface and when a downstream router converges faster than the first router that receives the Join message.
In this situation, the router does not populate the RPF interface into the OIL (that is, the OIL remains null) because the old SP-tree has already been pruned by the downstream router. When the RPF interface of the router changes to the new path later, it does not trigger a Join message toward the multicast source until the router receives a next periodic Join message from the downstream router and populates the OIL. As a result, multicast traffic stops temporarily but no longer than the periodic Join message interval.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may not withdraw a BGP route from an iBGP peer.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(3) when the clear ip bgp neighbor-address soft out command is entered for one of the members of the peer group of which the Cisco 7200 series is a member and when some changes to the outbound policy are made to the same member of the peer group. This situation causes some prefixes to remain struck in the other members of the peer group.
The symptom is a very old behavior of the BGP peer group functionality: when one member of a peer group is cleared via either a hard reset or a soft reset and a policy change causes some of the prefixes to be withdrawn, inconsistencies may occur in the routes on the other members of the peer group.
Workaround: For peer groups and neighbors that are members of a peer group, do not enter the BGP neighbor-specific clear ip bgp neighbor-address soft out command or the clear ip bgp neighbor-address command. Rather, enter the peer group-specific clear ip bgp peer-group-name soft out command or the clear ip bgp peer-group-name command.
•
Symptoms: Border Gateway Protocol (BGP) could crash.
Conditions: This symptom occurs when the max-paths value is modified.
Workaround: There is no workaround.
•
Symptoms: A router terminates 102,000 VPNv4 routes but route reflectors (RRs) report only a a subset of the total.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that runs Cisco IOS Release 12.3(11)T4 when 204 routes are configured per VRF over 496 VPNs (one VPN has about 1000 routes). However, Cisco MGX RPM-PRs that function as RRs show that only 76245 routes are terminated on the Cisco MGX RPM-XF. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of a bus error when the NAT MIB is polled via SNMP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T2.
Workaround: None.
•
Symptoms: When a route map is configured, routes may not be filtered as you would expect them to be filtered.
Conditions: This symptom is observed on a Cisco router that is configured for BGP and that functions in an MPLS VPN environment.
Workaround: There is no workaround.
Further Problem Description: The symptom does not occur for redistributed route maps.
Miscellaneous
•
Symptoms: When the redundancy mode is changed from classic-split to RPR-plus through the command line interface (CLI), the peer Route Switch Controller (RSC) goes to the initial configuration setup dialogue.
Conditions: This symptom has been observed on a Cisco AS5850 universal gateway.
Workaround: Load the configurations with RPR-plus configured onto the startup configurations of both RSCs. The symptom will not be seen.
•
Symptoms: Resuming a call that was placed on hold fails on a Cisco CallManager.
Conditions: This symptom is observed when a Cisco CallManager that runs version 4.0 and that is not configured for Message Transport Protocol (MTP) is connected via an IPIPGW to another Cisco CallManager that runs version 4.0 and that is not configured for MTP.
The symptom occurs on the second Cisco CallManager because the IPIPGW sends an incorrect ICT version for the first Cisco CallManager to the second Cisco CallManager and because the IPIPGW drops the non-standard fields in the callproc, alert, and connect messages from the second Cisco CallManager to the first Cisco CallManager.
Workaround: Configure MTP.
•
Symptoms: When auto-reconnect is configured on an EzVPN server and an EzVPN client attempts to connect, failures may occur in AAA accounting.
The output of the debug crypto isakmp aaa command on the EzVPN server shows an error message such as the following:
ISAKMP AAA: Unable to send AAA Accounting Start %CRYPTO-4-IPSEC_AAA_START_FAILURE: IPSEC Accounting was unable to send start recordConditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or Release 12.3(8)T or a later release and that functions as an EzVPN server.
Workaround: There is no workaround.
•
Symptoms: A feature board may reload after a switchover.
Conditions: This symptom is observed only on a Cisco platform that is configured for Nitro Interconnect Protocol (NIP).
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX-RPM-PR crashes with a crashinfo file indicating that it failed to reset the ATMizer (SAR) chip.
Conditions: This symptom is observed when on a Cisco MGX 8850 in which an MGX-RPM-PR-512 is installed that runs Cisco IOS Release 12.2(15)T4e.
Workaround: There is no workaround.
•
Symptoms: A router that functions as an H.323 gateway crashes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when authentication is enabled.
Workaround: Enter the no memory lite command.
•
Symptoms: A router crashes intermittently with a SegV exception error.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(8)T or 12.3(8)T1 only when a service policy is applied to a Fast Ethernet subinterface and when the service policy has the set cos command enabled. However, the symptom is platform- independent and may also occur in Release 12.3.
Workaround: The router stopped crashing after removing: "service-policy out xxxx"
•
Symptoms: A gatekeeper may reload unexpectedly because of a bus error when you enter the show gatekeeper zone prefix all command.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS interim Release 12.3(9.12)T when the following conditions occur:
–
–
The symptom may occur in other releases.
Workaround: Configure the H.323 gateway to dynamically register a destination pattern that has at minimum a length of two digits.
•
Symptoms: A Cisco AS5850 that has call treatment configured may reload when a voice call is made.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS interim Release 12.3(9.13)T.
Workaround: There is no workaround.
•
Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.
Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.
Workaround: There is no workaround.
•
Symptoms: A recursive static default route may not have an outgoing MPLS label, causing all packets to be dropped.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) but may also occur in other releases.
Workaround: Add a nonrecursive static route to the BGP next-hop.
•
Symptoms: The output of the show policy interface command does not reflect modified bandwidth.
Conditions: This symptom is observed after you have modified the CBR on a PVC.
Workaround: Reconfigure the PVC.
•
Symptoms: A router that has a QoS policy map with the set cos command attached to an interface in the output direction may reload unexpectedly. The output of the show version command shows an error message similar to the following:
System returned to ROM by bus error at PC 0x60217AD8, address 0x800479The crashinfo may show information similar to the following:
Unexpected exception, CPU signal 10, PC = 0x60217AD8Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T4 but may also occur in Release 12.3.
Workaround: Remove the set cos command from the policy map.
•
Symptoms: A call treatment only plays a busy tone instead of the audio file that is configured in the call treatment.
Conditions: This symptom is observed when call treatment is configured on a router that functions as a Cisco CallManager Express (CME) and when the call threshold is met.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash may occur on a Cisco AS5400 because of a breakpoint exception.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T, that is configured for voice, and that has the logging facility enabled.
Workaround: There is no workaround.
•
Symptoms: A router may crash when an EZVPN tunnel is set up and you enter the show crypto isakmp key command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: All IPSec sessions may be dropped from a Cisco 7200 series and the router generates the following error messages continuously:
%VPN_HW-1-ERROR: slot: 2 - ENOSPACE tx cmd 2 ring. Head 83, Tail 82, Used 255, buf 0 IPSECcard: an error coming back 0x1510Other symptoms that may occur during this time include the following:
–
–
Conditions: This symptom is observed on a Cisco 7200 series that is equipped with two VPN acceleration modules (SA-VAMs) that are configured for VRF-aware IPSec.
Workaround: There is no workaround. To temporarily clear the symptoms, reload the router.
•
Symptoms: The ifAdminStatus MIB shows that subinterfaces are up when the main interface is shut down. This situation prevents SNMP from monitoring the proper status of the subinterfaces.
Conditions: This symptom is observed when an ATM main interface is shut down but its subinterfaces are not.
Workaround: Do not use the ifAdminStatus MIB. Rather, use the ifOperStatus MIB.
Further Problem Description: The fix for this caveat ensures that when the main interface is shut down, the ifAdminStatus MIB does show that the subinterfaces are down too, whether or not the individual subinterfaces have been shut down.
•
Symptoms: A Cisco 1760 that runs Cisco IOS Release 12.3(6c) may crash because of a SegV exception.
Conditions: This symptom is observed when the following conditions are present:
- A policy map is applied to a VLAN interface.
- The policy map includes the set cos command.
Workaround: Disable Layer 2 class of service (CoS) packet marking by entering the no set cos command.
•
Symptoms: A router that is configured to terminate ISAKMP IPSec tunnels may crash with a bus error.
Conditions: This symptom is observed when NAT-T and accounting are performed in main mode. The symptom occurs only when the clients are located behind a NAT device and when the two ISAKMP peers detect the NAT device.
Workaround: Disable accounting or use aggressive mode.
•
Symptoms: A router may not properly detect supervisory tones.
Conditions: This symptom is observed on a Cisco 3640 and Cisco 3660 and may also occur on other routers.
Workaround: There is no workaround.
•
Symptoms: A Cisco RPM-XF resets when you enter the clear ip mroute * command repeatedly.
Conditions: This symptom is observed when the Cisco RPM-XF is configured for low speed.
Workaround: There is no workaround.
•
Symptoms: PIM neighbors continue to flap after you have reloaded microcode.
Conditions: This symptom is observed on a Cisco MGX 8850 series RPM-XF that runs Cisco IOS Release 12.3T.
Workaround: Enter the clear ip mroute * command to clear the symptoms.
•
Symptoms: 20 percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: CPU Hog trace back is observed during call waiting with shared overlayed line.
Conditions: The symptom occurs when call waiting is on the shared overlay line.
Workaround: There is no workaround.
•
Symptoms: A router reloads when you configure a service policy.
Conditions: This symptom is observed when you attach a service policy to an interface and you change the interface bandwidth to a low value.
Workaround: Ensure that the changed interface bandwidth does not violate the bandwidth range or detach the service policy before you change the interface bandwidth.
•
Symptoms: A router that is configured for RIP and BGP may crash with the following error messages:
System returned to ROM by bus error at PC 0x0, address 0x0
The crashinfo reports the following:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388
Unexpected exception, CPU signal 10, PC = 0x0
-Traceback= 0 60BBD828 60BAC93C 60BAD790 61FE44C0 60BAD834 60B7C138Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9b) and that is configured for MPLS VPN when RIP is partially configured without a network statement and when BGP is redistributed into RIP.
Workaround: Ensure that RIP is configured correctly.
•
Symptoms: A Cisco 831 may display the following message on the console:
pktFlowLink() logic error, pMatch and pEmptySlot
Conditions: This symptom is observed very rarely after the router has been up for a long time. The functionalities of the router are not affected.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for PPPoE may stop forwarding packets that need to be fragmented.
Conditions: This symptom is observed after a link flap occurs on the dialer interface or after you enter the clear interface command on the dialer interface.
To re-enable the affected packets to be forwarded, enter the no ip cef command followed by the ip cef command.
Possible Workaround: Enter the ip tcp adjust-mss 1400 command to force the maximum segment size (MSS) of the TCP SYN packets to be small enough to prevent the router from fragmenting the packets.
•
Symptoms: There is no easy way to detect any PXF programming errors in multicast FIB. If multicast packets are dropped, a means to detect the programming inconsistency in multicast FIB input interfaces, if any, is needed that can be easily used.
Conditions: This symptom has been observed on the RPM-XF platform where PXF does the forwarding.
Workaround: Compare the output of show pxf cpu mroute command and show ip mroute command and check for any inconsistencies in the input interface information.
•
Symptoms: A Cisco AS5850 reloads when it fetches a TDM connection object for a TDM hairpinned call. while handing over peer resources to the standby RSC.
Conditions: This symptom is observed when you enter the redundancy handover peer-resource command and when the Cisco AS5850 functions in the extra-load state.
Workaround: Clear all existing calls that use peer resources and mark the calls as busyout before you enter the redundancy handover peer-resource command.
•
Symptoms: A Cisco AS5850 reloads when you enter the redundancy handover peer-resources command to hand over the peer resources to the other RSC.
Conditions: This symptom is observed when the RSC that hands over the peer resources is in the "ACTIVE_EXTRALOAD" mode and when an SNMP trap is sent to obtain the card status.
Workaround: There is no workaround.
•
Symptoms: There is no QoS classification at a main interface when packets are switched from a GRE tunnel that also has a QoS policy enabled.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4 when a QoS policy is enabled on both the GRE tunnel and the main interface in the output direction.
Workaround: Move the complete QoS configuration to the QoS policy on the main interface (that is, use an hierarchical policy).
•
Symptoms: There is no voice path.
Conditions: This symptom is observed when a call is hunted from one FXS POTS dial peer to another FXS POTS dial peer because there is no answer.
Workaround: Configure "voice call send-alert".
•
Symptoms: A Cisco CallManager uses different versions of the G.729 codec when setting up Message Transfer Protocol (MTP) calls across intercluster trunks. The Cisco CallManager should set up the call legs with the same versions of the G.729 codec.
Conditions: This symptom is observed when a Cisco 3700 series that runs Cisco IOS Release 12.3(11)T2 connects to a Cisco CallManager that runs version 4.1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 reloads because of a bus error. Just before the crash, the following error messages are generated:
%SYS-3-BAD_RESET: Questionable reset of process 149 on tty123 %SYS-3-HARIKARI: Process Exec top-level routine exitedConditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(26) or Release 12.3(12) and that has an NM-2CE1T1-PRI network module that is configured for ISDN dial-in.
Workaround: There is no workaround.
•
Symptoms: The sockets associated with the TLS connections to the SRST gateway are not getting cleared when the switch link is down for the phones.
Conditions: When the ethernet connectivity between the ephone and the SRST router goes down, the sockets are not cleared. This happens when the ephone is not in the fall-back mode.
Workaround: There is no workaround.
•
Symptoms: MGCP calls fail with a fast busy. Using the debug mgcp packet command indicates that the 400 Voice Call Setup failed.
Conditions: This symptom has been observed when MGCP PRI backhaul is done on Cisco 2800 series and Cisco 3800 series routers with PVDM2 DSPs. Calls fail only after a reload.
Workaround: 1. Use ccm-manager configuration commands. 2. Enter a shut command on the voice port or on the T1 controller. 3. Enter a no mgcp command and then enter a mgcp command. 4. Enter a no ccm-manager config command and then a ccm-manager config command, assuming you have the TFTP server defined. 5. After reloading, enter a write erase command. Add the configuration and save.
•
Symptoms: A Cisco gateway may reload unexpectedly because of a SegV exception at address PC 0x80FF6340.
Conditions: This symptom is observed when the gateway is configured for VoIP and fallback to an SNMP trap.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway may reload at "h245_olc_out_sm".
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(7)T7 when the gateway receives a third-party RequestChannelClose message that has the reason field populated with "reopen".
Workaround: Ensure that the third-party gateway does not send a RequestChannelClose message with the reason field populated with "normal".
•
Symptoms: There is no easy way to detect any PXF programming errors in multicast FIB's output interface list. Conditions: On RPM-XF platform, PXF does the forwarding. If multicast forwarding is affected, while debugging we need to detect the programming inconsistency in multicast FIB output interface list, if any. Workaround: Compare the output of the sh pxf cpu mroute and sh ip mroute commands and check for any inconsistencies in the outgoing interface list information.
•
Symptoms: Distributed Sessions Manager (DSM) is flooded with DSP stats messages.
Conditions: This symptom is observed when the event pool is out of events.
Workaround: There is no workaround.
•
Symptoms: A VAM2 fails to come up and generates the following error message:
MIPS not ready to send response (0xC0000000) after mbox_pass.Conditions: This symptom is observed only on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.3, 12.T, or 12.4.
Workaround: There is no workaround. Note that the symptom does not occur with other images such as the c7200-jk9o3s-mz image or the c7200-ik9s-mz image.
•
Symptoms: When IP header compression is enabled on a PPPoATM or PPPoFR interface, compressed packets are not correctly classified by any QoS policy that has been applied to the supporting ATM or Frame Relay PVC.
Conditions: This symptom is observed when CRTP is enabled on the virtual-template interface via the service policy command or ip rtp header-compression command and when the IP RTP Priority feature is enabled in the PVC policy.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reloads because of a bus error at an address that falls just short of the I/O memory range such as address 0x4E7FD5B8, whereas the iomem address starts at 0x4E800000.
Conditions: This symptom is observed when the router has some of the following security feature commands enabled on one or more interfaces:
–
–
–
–
–
–
–
–
–
–
Workaround: Remove the ip access-group out command.
•
Symptoms: A SSG does not return GPRS VSAs to a GGSN in an access-accept message.
Conditions: This symptom is observed when a RADIUS client such as a GGSN sends an extended auto-domain access request. The SSG should return the "gprs:charging-profile-index" and "csg:billing_plan" VSAs in the auto-domain profile to the GGSN when the no remove vsa cisco command is enabled on the SSG for the RADIUS client.
Workaround: There is no workaround.
•
Symptoms: The maintenance mode on a Cisco AS5850 that is configured for RPR+ may not function.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open•
Symptoms: Installation may experience poor voice quality.
Conditions: The current default impedance selection may not yield the best ERL for this setup. This new CLI will automatically calibrate impedance that yield the best ERL.
Workaround: Use test voice port x/y/z inject-tone local sweep <sweep step> <high amplitude> <low amplitude> to manually calibrate the best ERL. Before running this command, the echo cancellation command must manually be turned off.
•
Symptoms: When you enter the following commands on the Fast Ethernet port of an NM-16ESW network module, the router may crash:
ip dhcp client hostname
no switchport mode
switchport modeConditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series in which an NM-16ESW network module is installed.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: A Service Selection Gateway (SSG) that is deployed in a GPRS access environment and that is configured for L2TP tunnel service with an extended autodomain may reload when duplicate GPRS PDP context create requests are sent.
Conditions: This symptom is observed when the PDP context create requests contain the static addressing, that is, the IP address of the MS instead of all zeros in the end user address field.
Workaround: There is no workaround. Note that for corporate access through a GPRS access-based solution using SSG, generally dynamic addressing is used. With dynamic addressing, the end-user address field is sent with all zeros and the corporate network provides the address, and the symptom does not occur.
•
Symptoms: When multicast is configured as part of a dial-peer configuration and you enter the shutdown command quickly followed by the no shutdown command on a voice port that is part of the dial-peer configuration, the router may generate tracebacks and may crash.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11)T4.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series may crash when you configure the interface of an NM-16ESW.
Conditions: This symptom is observed when you enter the ip rsvp bandwidth command on FE port 1/10 of the NM-16ESW and then you enter the no switchport mode command followed by the switchport mode command.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: The output queue of a Fast Ethernet back card of a Cisco MGX RPM-XF may be stuck at 40/40.
Conditions: This symptom is observed when the Cisco MGX RPM-XF runs Cisco IOS Release 12.3(2)XZ and when the interface of the Fast Ethernet back card is configured in half-duplex mode and is connected to a hub. This symptom may also occur in Release 12.3T.
Workaround: Clear the affected interface of the Fast Ethernet back card by entering the clear interface fastethernet slot/port command.
•
Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.
Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.
•
Symptoms: A Cisco 2800 series that is configured for software or hardware encryption and CBAC may reload.
Conditions: This symptom is observed when IPSec SAs and CBAC sessions are established and when the traffic is blocked by an ACL on the outgoing WAN interface of a neighboring crypto router. When you send encrypted traffic from the neighboring crypto router to another router via the Cisco 2800 series, the Cisco 2800 series reloads.
Workaround: Permit the encrypted traffic on the outgoing interface of the neighboring crypto router.
•
Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.
Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:
- The initial codec for the call is negotiated as G.729.
- A reinvite message with a codec change to G.711ulaw is sent to the gateway.
- The gateway accepts the change with a 200 OK message but continues to send the call with codec G.729 in the RTP stream.
Workaround: Remove the fax pass-through configuration.
•
Symptoms: The IPSec idle timer does not delete an inactive IKE SA.
Conditions: This symptom is observed when the timer expires. IPSec SAs are properly deleted but the IKE SA is left up.
Workaround: There is no workaround.
•
Symptoms: A WIC-1DSU-T1-V2 WAN interface card may become stuck and may not detect any alarms or loopback events but may still be able to pass traffic.
Conditions: This symptom is platform-independent.
Workaround: Enter the clear service-module serial slot|port command.
•
Symptoms: A traceback is generated when multicast traffic is flowing.
Conditions: This symptom is observed when PIM is enabled on multiple interfaces and when the counters are cleared.
Workaround: There is no workaround.
•
Symptoms: Configuring an AUX port through a non-slotted notation such as "interface async 1" may not be possible a Cisco 1841 and a Cisco 2801.
Conditions: This symptom is observed on a Cisco 1841 and Cisco 2801 that run Cisco IOS interim Release 12.3(11.9)T or a later release.
Workaround: Configure the AUX port through the slotted notation such as "interface async 0/0/0".
•
Symptoms: NAT-PT stops working after a router is reloaded.
Conditions: This symptom is observed on a Cisco router that has a "v6v4" static NAT configuration when NAT-PT fails to install ARP entries because the router is not yet fully initialized.
Workaround: Remove and then reconfigure the mapping.
•
Symptoms: You cannot run the Embedded Event Manager Tcl policy scripts.
Conditions: This symptom is observed in all Cisco IOS software images that contain the fix for caveat CSCeg07394. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg07394. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: Policy-maps can be removed from the ATM PVC Range configuration without checking for an exact match of the policy-map name.
Conditions: If a no policy-map out command is executed on a subinterface while the subinterface is in Admin Shutdown state, any policy-map could be deleted regardless of whether the name of the policy- map name to be removed matches with the configured policy-map or not. This problem only occurs in the PVC Range configuration on ATM subinterfaces.
Workaround: There is no workaround.
•
Symptoms: Authentication, Authorization, and Accounting (AAA) for IKE fails with the following message when trying to begin session accounting:
ISAKMP AAA: Unable to allocate AAA User ID: no peerConditions: This error occurs when IKE accounting is configured in a site-to- site IPSec VPN. It will not occur when IKE accounting is configured in conjunction with mode configuration, XAUTH or EZVPN.
Workaround: There is no workaround.
•
Symptoms: A SAR ucode reload is not recorded.
Conditions: This symptom is observed on a Cisco MGX RPM-XF when you enter a command that causes a reload of the SAR microcode.
Workaround: Check the log for references to the SAR ucode reload.
•
Symptoms: Ping fails after you enter the ip cef accounting command.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that is configured for MPLS VRF.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected MPLS interface.
First Alternate Workaround: Reload the PXF engine by entering the microcode reload pxf command.
Second Alternate Workaround: Reload the RPM-XF.
•
Symptoms: You can change the milliseconds argument of the ip icmp rate-limit unreachable milliseconds command or the ip icmp rate-limit unreachable DF milliseconds command, but the new time limit does not take effect even though the configuration reflects the new time limit.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that runs a Cisco IOS Release 12.3(11)T5 or an earlier 12.3T release.
Workaround: There is no workaround.
•
Symptoms: The policy-map output counters are incorrect. They do not show the total number of packets, i.e., transmitted + dropped < input count.
Conditions: This symptom manifests when there is a congestion situation and is only seen for non-LLQ classes (excluding class-default). On RPM-XF, IPHC is configured on a multi-link interface with a policy-map having 4 classes (1 LLQ, 2 non-LLQ and 1 class-default). Traffic is coming in on all the classes and each class is having random/tail drops.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX RPM-PR resets because of the expiration of a watchdog timer.
Conditions: This symptom is observed when the Tx or Rx SAR of the RPM-PR crashes.
Workaround: There is no workaround.
•
Symptoms: The WRED threshold increases nine times from the configured value. If this situation occurs repeatedly, the WRED threshold configuration may eventually disappear.
Conditions: This symptom is observed on a Cisco MGX 8800 series that is configured with two RPM-XFs when XFL is configured on the active RPM-XF and a switchover occurs on the standby RPM-XF.
Workaround: There is no workaround.
•
Symptoms: When a voice call is made via the G726r16 or G726r24 codec via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) using H.323-to-SIP interworking, the following symptoms may occur:
–
–
Conditions: This symptom is observed when H.323 is configured to use a static payload type for the G726r16 or G726r24 codec and when SIP is configured to use a dynamic payload type for the G726r16 or G726r24 codec. This situation causes a mismatch of payload type for the G726r16 or G726r24 codec.
Workaround: There is no workaround.
•
Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.
Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.
Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.
•
Symptoms: A Cisco router that is configured for SSG may reload when you configure a local service profile.
Conditions: This symptom is observed when the local service profile is configured with more than 150 service network entries.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access occurs on an SSG when you run a MIB get request for the SSG service binding entries.
Conditions: This symptom is observed when an SSG service is bound to a next-hop IP address.
Workaround: There is no workaround.
•
Symptoms: The following error message is displayed on a router that is configured for SSG:
%SYS-3-BADLIST_DESTROY: Removed a non-empty listConditions: This symptom is observed while you unconfigure an SSG feature by entering the no ssg enable force-cleanup command on the router that has one or more instances of an SSG service binding configuration such as the ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).
Workaround: Before you unconfigure the SSG feature, unbind the SSG service by entering the no ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).
•
Symptoms: SSG does not create host objects in RADIUS proxy mode.
Conditions: This symptom is observed when SSG is configured in SSG proxy mode with the session identifier as IP.
Workaround: Use other parameters apart from IP as the session identifier. If this is not a practical option, there is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error exception.
Conditions: This symptom is observed on a router that is configured for Service Selection Gateway (SSG) and authentication, authorization, and accounting (AAA).
Workaround: There is no workaround.
•
Symptoms: A service policy may be removed when the bandwidth for the classes is configured in percentages and you change any interface-related bandwidth parameter.
Conditions: This symptom is observed on a Cisco 7200 series and lower-end routers.
Workaround: There is no workaround. You must re-apply the service policy to the interface.
•
Symptoms: The router may pause indefinitely in function aaa_req_set_context and will usually point to the peer structure.
Conditions: When the device is under heavy stress and AAA is used with crypto, the router may pause indefinitely.
Workaround: There is no workaround.
•
Symptoms: An SA-VAM2 stops processing all packets.
Conditions: This symptom is observed sporadically on a Cisco 7200 series that is configured with an NPE-G1 when the SA-VAM2 is configured for AES 192 or AES 256.
Workaround: Reset the SA-VAM2 by entering the no crypto engine accelerator command followed by crypto engine accelerator command. If the symptom persists, disable the SA-VAM2 by entering the no crypto engine accelerator command. Doing so causes the router to switch to software encryption.
•
Symptoms: A Cisco platform may unexpectedly reload while attempting to resequence an access list.
Conditions: This symptom is observed when you delete a few ACEs and then immediately enter the ip access-list resequence access-list-name starting-sequence-number increment command.
Workaround: There is no workaround.
•
Symptoms: When AAA accounting is configured for an EZ-VPN server, the EZ-VPN server may stop sending periodic updates for an idle client. When the symptom occurs, the output of the show aaa sessions command shows that the user name is not available for the idle client. The user name appears to be lost.
Conditions: This symptom is observed on a Cisco 7200 series that functions as an EZ-VPN server and that runs Cisco IOS Release 12.3(8)T or a later release. The symptom may not be release-specific.
Workaround: Add an IPSec idle time of a shorter duration than the IPSec lifetime to enable idle clients to send stop records.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•
Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.
Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.
Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.
•
Symptoms: A disconnect event is not thrown or caught on a Cisco AS5400.
Conditions: This symptom is observed when the platform functions under a heavy load with a large number of calls that are disconnected from the gateway during VXML page execution. The disconnect event may not be thrown or get caught by the catch blocks of the root document.
Workaround: There is no workaround.
•
Symptoms: An AIM that is installed in a Cisco 2851 or Cisco 3845 may time out when it receives non-multiples of a 64-bits public key from a third-party vendor router. This situation causes the router to crash rather than verifying the key.
The Cisco 2851 crashes because of a memory corruption. The Cisco 3845 crashes because of an "ALIGN-1-FATAL" bus error.
Conditions: This symptom is observed on a Cisco 2851 and Cisco 3845 that run Cisco IOS Release 12.3(11)T3.
Workaround: Ensure that the AIM receives multiples of the 64-bits public key.
Alternate Workaround: Disable the AIM hardware encryption by entering the no crypto engine aim 0 command. Doing so causes onboard encryption to occur.
•
Symptoms: After upgrading from Cisco IOS Release 12.3 mainline to Cisco IOS Release 12.3T, some information is not getting passed along correctly that is causing failures, for example third party Message Waiting Indication (MWI).
Conditions: This problem is seen when routers are upgraded to Cisco IOS 12.3T when QSIG signaling is used.
Workaround: Downgrade all routers involved to a version prior to Cisco IOS 12.3 (4)T.
•
Symptoms: The following error message is generated on a Cisco 7200 series that has Multilink PPP (MLP) configured on serial interfaces of a PA-MC-STM-1 port adapter:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T3 only when MLP is configured on the serial interfaces. The symptom may also occur in Release 12.3 or 12.4.
Workaround: Unconfigure MLP on the serial interfaces.
•
Symptoms: SIP messages from Cisco IOS gateways fail to reach the remote endpoint. This is seen for UDP transport only.
Conditions: This symptom happens when interworking with a third party SIP device, which sends responses to SIP Requests to the source port of the request packet instead of sending them to the header port (5060). This is in violation of the RFC3261 rules for UDP (unreliable transports).
Workaround: There is no workaround.
•
Symptoms: A security gateway may crash when ISAKMP accounting is enabled at aggressive time intervals such as 1-minute updates.
Conditions: This symptom is observed when ISAKMP accounting is enabled at very frequent update intervals together with ISAKMP NAT-T.
Workaround: Use ISAKMP accounting timers with a longer duration.
•
Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.
Conditions: This symptom is observed for post-paid users.
Workaround: There is no workaround.
•
Symptoms: IP data traffic does not pass via MLP.
Conditions: This symptom is observed on a Cisco 3825 that runs the c3825-advsecurityk9-mz image of Cisco IOS Release 12.3(11)T3 when STAC compression on an AIM-COMPR4 fails.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 may reload when an IP phone is placed on hold.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(11)T4.
Workaround: There is no workaround.
•
Symptoms: Service Selection Gateway (SSG) does not update tariff switch information to the users when the user logs in exactly at tariff switching time.
Conditions: This symptom is observed for postpaid users only.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash when using the dialplan- pattern command.
Conditions: This symptom is observed when a router is configured with a high number of ephone-dns and with the application of the dialplan- pattern command.
Workaround: There is no workaround.
•
Symptoms: Memory allocation (malloc) failures may occur on a Cisco router that functions as a gatekeeper and that runs an H.323 stack.
Conditions: This symptom is observed on the gatekeeper when gateways attempt to register a list of terminal aliases that consists of user names and H.323 IDs with the gatekeeper. The gatekeeper attempts to authenticate each terminal alias by allocating memory and sending an authentication request to the AAA server for each entry. Because the gatekeeper does not free the allocated memory when it receives a response from the AAA server, a memory allocation failure occurs eventually.
Workaround: There is no workaround.
•
Symptoms: The default Port 1720 on H.323 is used for H.225 Messaging. This fix allows users to configure H.225 listen Port from 1 - 65535.
Conditions: This symptom is observed on Port 1720 on H.323.
Workaround: There is no workaround.
•
Symptoms: The night service toggle code does not work properly with shared Directory Numbers (DNs).
Conditions: This symptom is observed when the DN is shared on multiple phones.
Workaround: There is no workaround.
•
Symptoms: Pings from a PE router to the Ethernet interface of a CE router fail.
Conditions: This symptom is observed on a Cisco MGX RPM-XF that functions as a PE router and that runs Cisco IOS Release 12.3(2)XZ. The symptom could also occur in Release 12.3T.
Workaround: Clear the IP route.
•
Symptoms: An IP phone line is not released for some calls between Cisco CallManagers.
Conditions: This symptom is observed when calls between the Cisco CallManagers are made via a Cisco Multiservice IP-to-IP Gateway (IPIPGW) that is configured for H.323.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the processor memory pool of a router that runs encrypted traffic with an SA-VAM2.
Conditions: This symptom is observed when the SA-VAM2 encrypts traffic and when underlying "no buffer" conditions exist in the I/O particle pools for the encrypted packets.
Workaround: There is no workaround.
•
Symptoms: The CPU utilization of a Cisco MGX series RPM-XF increases to 99 percent when a Gigabit Ethernet (GE) interface of a peer RPM-XF is shut down.
Conditions: This symptom is observed when two RPM-XFs are connected via a GE interface. The affected side of the connection is configured with a 2-port GE card and peer is configured with a 1-port GE card.
Workaround: There is no workaround.
•
A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, Cisco 1900 series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device.
Cisco is making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml.
•
Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.
Wide-Area Networking
•
Symptoms: FR links on 6-port channelized T3 and 2-port OC-3-channelized-to-DS1/E1 line cards may not recover when all of the links are removed and reconfigured for an MFR bundle. The same symptom may occur on serial interfaces.
Conditions: This symptom is observed when all links are removed from and re-added to the bundle while the bundle is briefly in a shut down state.
Workaround: To re-establish the bundles, enter the hw-module slot shelf-id/slot-number reload command. You can also delete and reconfigure the MFR interface or the serial interfaces. To prevent the symptom from occurring, wait a couple of seconds between entering the shutdown command and the no shutdown command when you remove and reconfigure the MFR bundle or serial interfaces.
•
Symptoms: Calls fail to connect when they are switched from the primary D channel to the backup D channel.
Conditions: This symptom is observed when you either unplug the cable or shut down the controller of the primary D channel.
Workaround: There is no workaround.
•
Symptoms: A signal-only call fails when an INVALID message is generated because a B-channel IDB is not found.
Conditions: This symptom is observed when ISDN PRI QSIG Voice Signaling is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series periodically shows incorrect adjacencies for the loopback address. The output of the show ip cef events ip-prefix command shows the following:
<ip-prefix>/32, version 8177, epoch 0, attached, connected 0 packets, 0 bytes tag information set local tag: implicit-null via Loopback0, 0 dependencies valid discard adjacency
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9b) and that is configured for PPP and CEF. However, the symptom maybe platform-independent.
Workaround: There is no workaround.
•
Symptoms: As soon as the ISDN switch deactivates layer 2, the router immediately activates layer 2.
Conditions: This problem is seen in Cisco IOS Release 12.3(11)T2. It was not seen in Cisco IOS Release 12.3(11)T.
In the ISDN q921 debugs, the following can be seen:
Dec 10 13:48:17.558: ISDN BR0 Q921: User RX <- DISCp sapi=0 tei=65
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
....
Dec 10 13:48:17.562: ISDN BR0 Q921: User TX -> UAf sapi=0 tei=65
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In 6 msec the router activated the layer 2. (This was not the case in Cisco
IOS Release12.3(11)T.)
Workaround: There is no workaround. However, to get rid of the consecutive line up/down messages, the following can be configured on the interface level as a temporary workaround:
conf t
int bri x
no logging event link-status•
Symptoms: A POS interface on a VIP4-80 that is configured for PPP goes down and remains down.
Conditions: This symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0S only when PPP receives an LCP PROTOCOL REJECT message for PAP or CHAP. The symptom may also occur in other releases.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected POS interface.
•
Symptoms: None of the digits in INFO messages are passed to an ISDN switch.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11) or Release 12.3(11)T4 when overlap is configured and when the setup acknowledgement arrives late from the terminating switch after some of the INFO messages have already been received from the OGW. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload with a software forced crash.
Conditions: This symptom occurs when configuring the isdn ie oli interface command.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(11)T5
Cisco IOS Release 12.3(11)T5 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3 cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1 cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2 cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3 cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4 cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1 cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1 cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2 cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3 cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4 cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5 cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Resolved Caveats—Cisco IOS Release 12.3(11)T4
Cisco IOS Release 12.3(11)T4 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router may crash because of a memory leak in the SAA/RTR process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10a) and that is configured for SAA/RTR.
Workaround: Do not perform a getmany command on the rttMonLatestRttOperEntry, rttMonCtrlAdminEntry, and rttMonEchoAdminEntry variable. Do not perform a getone command on the rttMonLatestRttOperAddress variable.
Interfaces and Bridging
•
Symptoms: On a Cisco 7x00 series that runs Cisco IOS Release 12.3 and that is equipped with an ATM PA-A3 port adapter, the SAR chip of the port adapter may crash or the interface may become stuck.
Conditions: This symptom is observed when there is a high-traffic load on the ATM PA-A3 port adapter and when many VCs are created, deleted, and modified continuously. The symptom may also occur in other releases.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: When you enter a show command that is related to NAT or you enter the show run command when there is a NAT configuration, the "%NAT: System busy. Try later" error message may be generated. In addition, "%SYS-2-NOBLOCK" messages may be generated and the CPU utilization may be very high in the IP Input process.
Conditions: These symptoms are observed on a Cisco 1750 that runs Cisco IOS Release 12.3(9) and that is configured for NAT with SIP traffic (the router is a gateway for IP phones).
Workaround: Reload the router.
•
Symptoms: Spurious memory accesses and tracebacks are generated on a Cisco 831.
Conditions: This symptom is observed when NAT/PAT is configured.
Workaround: There is no workaround.
•
Symptoms: When you configure a route map with a NAT feature, the CPU usage of the router may reach 99 percent, the router may reload unexpectedly, or both may occur.
Conditions: These symptoms are observed on a Multiprocessor WAN (MWAN) application module that is installed in a Cisco Catalyst 6000 series or a Cisco 7600 series. However, the symptom may be platform-independent.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: When interfaces flap, a Cisco router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when OSPF accesses a freed LSDB entry.
Workaround: There is no workaround.
•
Symptoms: A router may continue to redistribute an eBGP route into EIGRP after the eBGP route is deleted or EIGRP may not redistribute an eBGP route after the eBGP route has been installed.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S, Release 12.2S, or Release 12.(18)SXD1 and that redistributes eBGP routes into EIGRP when the router functions in a multihoming environment.
The symptom occurs in a configuration with two PE routers that advertise routes via eBGP and a border router that is configured with a higher local preference than the PE routers when the eBGP route of the primary path is withdrawn and the route of the secondary path is installed.
Workaround: If a route is still redistributed into EIGRP after the eBGP route is deleted, clear the BGP peer from which the eBGP route used to be learned so EIGRP stops advertising the route.
If a route is not redistributed into EIGRP after an eBGP route is installed, clear the route so EIGRP starts advertising it. Another workaround is to enter the bgp redistribute-internal command to cause EIGRP to redistribute iBGP routes and to prevent EIGRP from failing to redistribute an updated BGP route.
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: A platform (that is, a switch or a router) may crash when you enter the ip routing command followed by the configure memory command and the no ip routing command multiple times. Multiple tracebacks may also be generated.
Conditions: The symptom is observed on a Cisco platform that functions as the master in a stacked environment and that is configured for OSPF. The symptom is more likely to occur when the platform functions under a heavy traffic load.
Workaround: Do not enter the ip routing command followed by the configure memory command and the no ip routing command multiple times.
•
Symptoms: TE tunnels do not come up.
Conditions: This symptom is observed when a new loopback interface is created with an IP address on an MPLE TE head router that is configured with MPLS TE tunnels and when you reload the router. The symptom occurs because of a change in router ID.
Workaround: Shut down the newly created loopback interface, save the configuration, and reload the router.
•
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network.
Workaround: There is no workaround. Note that the symptom does not occur in Cisco IOS Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•
Symptoms: When BGP nexthop information for a prefix changes because of topology changes, BGP properly updates its path information and IP routing table entry but CEF may not update the corresponding CEF entry, causing a stale entry. This inconsistency between BGP and CEF may cause a connectivity problem.
Conditions: This symptom is observed when the nexthop information changes to an existing prefix entry in the BGP routing table. Typically, this occurs when the interface through which the prefix is learned goes down.
Workaround: Flush out the stale CEF entry by entering the clear ip bgp command or withdraw and readvertise the prefix by the source router, which enables the affected router to refresh the CEF entry.
•
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom is observed on EIGRP routes when using the shut command followed by the no shut command, but could affect other routing protocols.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: Packets may be dropped on the interface when NAT/IPSEC/IPS is configured on the same interface.
Conditions: If IPSec/NAT and CBAC or IPS/IDS is configured on the same interface and the packet gets punted by any of the features, then the packet may be dropped.
Workaround: Remove from the configuration the feature which punts the packet to process path.
Miscellaneous
•
Symptoms: All 32- and 64-bit counters are missing from the ifXTable of the IF-MIB.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3725 and Cisco 3745.
Workaround: There is no workaround.
•
Symptoms: After you reload a Cisco 7xxx series router, the vbr-nrt output-pcr output-scr output-mbs command or the ubr output-pcr command may be missing from the configuration of the IMA-group interface of a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Conditions: The symptom is observed when the vbr-nrt output-pcr output-scr output-mbs command or the ubr output-pcr command is configured on an IMA-group interface that also has minimum active links configured.
Workaround: There is no workaround.
•
Symptoms: In the RTSP server, the TCL IVR "media record" verb records in the RTSP server. After recording, "media play" plays the recorded audio-file from the RTSP server, and the playback voice quality is bad. (TCL is not the only script that can cause this problem. Another usage that can lead to the same symptom is the VXML script.)
Conditions: This symptom occurs when "media record" is the destination of the RTSP server with a codec of g711ulaw.
Workaround: Change the record codec from g711uLaw to g729r8, which appears to work fine.
•
Symptoms: The output queue of a MultiLink PPP (MLP) interface may appear to be wedged. IP connectivity over the MLP link may either be severely degraded or completely lost. MALLOCFAIL error messages may show up on console, and DSP timeout messages may also be seen under some circumstances.
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 2600-XM series, Cisco 2691, Cisco 3600 series, and Cisco 3700 series that have an MLP interface configured on an NM-HDV network module when VoIP traffic passes over this MLP interface. This VoIP traffic eventually causes the apparent output queue wedge.
If the NM-HDV network module is only used for MLP data connectivity, the MALLOCFAIL error messages may be observed. If the NM-HDV also terminates VoIP traffic, both MALLOCFAIL and DSP timeout error messages may be observed.
Workaround: Offload the MLP data connectivity from the NM-HDV to a different type of network module that is used specifically to provide data connectivity.
•
Symptoms: A line card may crash when a router forwards multicast traffic in an MVPN environment.
Conditions: This symptom is observed when the data multicast distribution tree (MDT) advertisements that were received by the router expire. This situation causes the router to stop decapsulating packets in the VRF context and causes the router to send packets only from the interfaces that are defined in the global table.
Workaround: There is no workaround.
•
Symptoms: An originating gateway (OGW) intermittently sends H.323 VoIP calls to the wrong destination.
Conditions: This symptom is observed on a Cisco AS5850 that functions as an OGW. The H.323 VoIP calls may be made through a gatekeeper or through a dial peer that points directly to a terminating gateway (TGW). The OGW fails to use the VoIP dial peer that points to the TWG and instead sends the call to another destination. The call shows up in the call details record (CDR) of the wrong partner.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that has a Calling Switching Module (CSM) may reload unexpectedly with a bus error exception.
Conditions: This symptom is observed in Cisco IOS Release 12.3 T but may also occur in Cisco IOS Release 12.3.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: The output of the show spe command shows SPE failures.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: A failed LDP session may still show up in the output of the show mpls ldp neighbors command as well as the new working session after the neighborship is re-established. The display of two sessions, one not working and one working to the same neighbor, may mislead the MPLS network operator.
Conditions: This symptom may occur after an LDP session has gone down and then re-established.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: An ISA encryption card is not activated when you boot the router.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T or interim Release 12.3(11.4) and that is configured with an NPE-400. Note that the symptom does not occur when the router is configured with an NPE-G1.
Workaround: There is no workaround.
•
Symptoms: Unnecessary failover occurs when a standby router is reloaded.
Conditions: Additional failovers occur when Mobile Wireless Router (MWR) redundancy is configured and the standby router is reloaded.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may not report its SNMP sysobjID. Instead, the router generates the following tracebacks:
%SNMP-3-BADOID: Attempt to generate an invalid object identifier
-Traceback= 611DD8EC 611DD76C 611DD560 61203F90 60EA7238 60EA721CThis situation prevents the router from being identified as a Cisco device, and network management applications are unable to manage the router.
Conditions: This symptom is observed on a Cisco 3660 (CISCO3660-MB-1FE) that runs a telco image.
Workaround: Run an enterprise image, which enables the device to be managed. If this is not an option, there is no workaround.
•
Symptoms: IEEE 802.1X Port-Based Authentication does not work on Ethernet switch port cards.
Conditions: This symptom applies to cards such as HWIC-4ESW, HWIC-9ESW, 16- port and 32-port ESW, and other router-based switch port cards
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the CCH323_CT process on a Cisco AS5300.
Conditions: This symptom is observed when the Cisco AS5300 is configured for H.323.
Workaround: There is no workaround.
•
Symptoms: DSPWare may be downloaded continuously, eventually causing a memory leak.
Conditions: This symptom is observed very rarely on a Cisco router that runs Cisco IOS Release 12.3, Release 12.3(7)T, or a later 12.3T release and that is configured with an NM-HDV when you download DSPWare to recover a DSP.
Workaround: There is no workaround.
•
Symptoms: A DMVPN tunnel may not fully initialize at startup. When you enter the no shutdown command on the tunnel interface, the router may crash.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SX but may also occur in Release 12.3 or Release 12.3T.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel interface in order for the tunnel to come up. Further Problem Description: This issue can occur with any DMVPN configuration using mGRE
•
Symptoms: A router crashes when you enter the audio-prompt load command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3, 12.3(11)T, or 12.3(11)XL and that is configured for interactive voice response (IVR).
Workaround: There is no workaround.
•
Symptoms: An NM-1T3/E3 network module sends an all 1s (ones) pattern when the clear channel T3 interface is shut down. This situation causes a remote framer to report an AIS and the remote end to send a RAI. The end result is that the link does not come up when the you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T3 interface of the NM-1T3/E3 network module.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(9).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface at the remote end.
•
Symptoms: When you add a VRF to a subinterface on a Cisco 7301, the IP connectivity may be lost.
Conditions: This symptom is observed on a Cisco 7301 that is configured with SFP GBICS for a Gigabit Ethernet connection. The symptom does not occur when you use RJ-45 connectors for a Fast Ethernet connection.
Workaround: There is no workaround.
•
Symptoms: When you perform a stress test on a Cisco 7200 series that processes H.323 voice calls, the following error message and traceback may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6241A498 reading 0x94
%ALIGN-3-TRACE: -Traceback= 6241A498 6241C788 623EB0F8 623ED694 00000000 00000000 00000000 00000000 DGK7201#Conditions: This symptom is observed when you make approximately 40 calls per second and when the directory gatekeeper (DGK) loader constantly sends LRQs to the DGKs to query a route server to obtain routes. Note, however, that the router continues to process calls normally.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5350 crashes when is receives and processes a fax from a third-party vendor mail client.
Conditions: This symptom is observed on a Cisco AS5350 that is configured for T.37 offramp fax.
Workaround: Use another mail client.
•
Symptoms: A Cisco 3600 series that functions as a voice gateway may crash, and (some of) the following error messages may be generated:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel <channel number>
%HPI-3-CODEC_NOT_LOADED: channel: <channel number> TSP PRI: tsp_cdb not found
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = VTSP.Conditions: This symptom is observed on a Cisco 3600 series that runs Cisco IOS Release 12.3(10) or 12.3(10a) but may not be platform-specific.
Workaround: There is no workaround.
•
Symptoms: A router may crash while completing an IKE Phase 2 exchange.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec ISAKMP when a peer sends a malformed IKE packet during quick mode negotiation.
Workaround: There is no workaround.
•
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--TransfereeWorkaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Release 12.3, the fix is included in Release 12.3 as a precaution.
•
Symptoms: Packet drops occur when the CPU utilization reaches 83% to 85% and is 10% higher than when using Cisco IOS Release 12.2(15)MC2a.
Conditions: This symptom has been observed when using eight T1 circuits with 96% voice usage.
Workaround: Lower the traffic rate for extreme cases in which high CPU utilization causes packet drops.
•
Symptoms: The bandwidth of an IMA group interface may be less than the combined bandwidth of its active member links that are up and operational.
Conditions: This symptom is observed on an IMA group interface of a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter that is installed in a Cisco 7xxx platform when the IMA group interface has more than one member link. The symptom occurs when you enter the shutdown interface configuration command quickly followed by the no shutdown interface configuration command on a member link (that is, the command sequence takes less than two seconds). When the member link comes up, the bandwidth of the IMA group interface is not increased.
Workaround: There is no workaround.
•
Symptoms: Packets are not switched out of a point-to-point GRE (p-pGRE) tunnel.
Conditions: This symptom is observed intermittently when CEF-switching is configured and when traffic is forwarded out a GRE tunnel interface and then the tunnel packets are forwarded out a BRI interface. Configuring compression, compress stac on the BRI interface will greatly increase how quickly the input queue will become wedged.
Temporary Workaround: Increase the input queue size on the GRE tunnel interface by entering the hold-queue size in command. However, doing so may only work temporarily and the router must be reloaded to clear the input queue.
Further Problem Description: The GRE tunnel interface input queue becomes wedged, but there are no packets in the input queue. Enter the show interfaces tunnel number command to verify if the symptom is occurring. If the input queue looks like the following output with the size larger than or equal to the maximum size and drops increasing, the symptom is occurring:
Input queue: 76/75/1234/0 (size/max/drops/flushes)You can also check if there are any packets in the input queue by entering the show buffers input-interface interface-type interface-number command.
•
Symptoms: A Cisco 3660 gateway may crash when a voice call is made.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when accounting is enabled.
Workaround: There is no workaround.
•
Symptoms: Fax pass-through may fail.
Conditions: This symptom is observed on a gateway that is configured for fax pass-through or T.38 with fax pass-through as the fallback method after an initial call is established, the gateway detects a fax tone, and the gateway sends a re-Invite message with a new SDP message requesting to switch to fax pass-through. However, the "o" line in the new SDP message has the same version ID as the "o" line in the initial SDP request that was sent by the gateway. If the originating gateway does not indicate that it disabled silence suppression with a "silenceSuppression=off" attribute in its SDP answer, fax pass-through fails.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: Dialer interfaces may report no SNMP counter increments and the ISDN channel may drop.
Conditions: This symptom is observed when MLP is configured on dialer interfaces on a Cisco router that runs a Cisco IOS release earlier than Release 12.1. Note that the dialer interface statistics increment correctly in Cisco IOS Release 12.1.
Workaround: There is no workaround. The fix for this caveat will be applied to Cisco IOS Release 12.2 and Release 12.3.
•
Symptoms: The CEF-Dialer feature fails to add an adjacency for a virtual-access1 CEF interface because the IP route is installed after the feature attempts to add the adjacency.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS Release 12.3 or interim Release 12.3(10.3)T.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Resolved Caveats—Cisco IOS Release 12.3(11)T3
Cisco IOS Release 12.3(11)T3 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Simple Network Management Protocol (SNMP) request sent to the loopback interface of a Cisco router will have the wrong source address in the reply.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: Send the SNMP request to the IP address of a physical interface instead.
•
Symptoms: The snmp-server host host-address command supports only one host. Adding another host causes the existing host to be overwritten. In addition, when the snmp-server host host-address traps command is enabled, traps are sent to the host but the command does not show in the running configuration.
Conditions: These symptoms are platform-independent and are observed when you use the above-mentioned commands to configure more than one host or to configure the host to receive traps.
Workaround: There is no workaround.
•
Symptoms: The following message may be generated on a Cisco RPM-XF:
%SYS-3-MEMLITE: Free lite called for non lite chunk by .0x 40E7F40C.Conditions: This symptom is observed on a Cisco RPM-XF when you boot the platform with Cisco IOS Release 12.3(11)T1. The symptom is also observed when the Cisco RPM-XF runs Release 12.3(11)T1 and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an Xtag interface.
Workaround: There is no workaround. However, you can limit the number of messages that are generated by entering the logging rate-limit command.
•
Symptoms: An SSG platform crashes because of a memory corruption.
Conditions: This symptom is observed when SSG processes prepaid RADIUS proxy users and is most likely to occur when a tunnel authentication failure for a prepaid RADIUS proxy user occurs.
Workaround: There is no workaround.
•
Symptoms: The following message may be generated on a Cisco RPM-XF:
%SYS-3-MEMLITE: Free lite called for non lite chunk by Ã0x 40E7F40CÃConditions: This symptom is observed on a Cisco RPM-XF when you boot the platform with Cisco IOS Release 12.3(11)T1. The symptom is also observed when the Cisco RPM-XF runs Release 12.3(11)T1 and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an Xtag interface.
Workaround: There is no workaround. However, you can limit the number of messages that are generated by entering the logging rate-limit command.
IP Routing Protocols
•
Symptoms: If an ASBR receives a withdraw message, it does not send the withdraw message to any peer, preventing an alternate route from functioning.
Conditions: This symptom is observed when MPLS VPN inter-AS is configured.
Workaround: There is no workaround. To recover from the symptom, enter the clear ip bgp * command on the ASBR.
•
Symptoms: A router that is configured for Optimized Edge Routing (OER) crashes after a %SYS-2-CHUNKBADREFCOUNT error message has been generated.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T when OER is enabled, when OER controls non-exact routes, and when a BGP update to a more exact router occurs.
Workaround: Route control using static routes is not affected by the symptom. To prevent the symptom from occurring in a situation with route control using BGP routes, configure OER to control only exact routes.
•
Symptoms: Routing inconsistencies may occur in the RIB: routes may be missing from the RIB but may be present in the BGP table.
Conditions: This symptom is observed on a Cisco RPM-XF when the toaster processor crashes. However, the symptom may occur on any platform that has a toaster processor.
Workaround: Enter the clear ip route vrf vrf-name * command.
•
Symptoms: Routes may still appear in the routing table even after the routes are removed from the BGP table.
Conditions: This symptom is observed on a Cisco platform that functions as a PE router when a CE router stops advertising a BGP route to the PE router. The BGP table reflects the route change but the routing table still indicates that the route is valid.
Workaround: There is no workaround.
•
Symptoms: When a fragmented packet flows from the inside to the outside via a NAT router, the first fragment is translated correctly, but subsequent fragments are transmitted without a destination address translation. This situation causes the communication to fail.
Conditions: This symptom is observed with a fragmented packet when both the source address and the destination address are translated, that is, inside and outside source translation is configured.
Note that the symptom does not occur with an unfragmented packet, or when a fragmented packet flows from the outside to the inside, or with a fragmented packet when either the source address or the destination address is translated.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Some conference parties may not be heard and the conference bridge may become unregistered from a Cisco CallManager.
Conditions: This symptom is observed on a Cisco platform that functions as a conference bridge when one or more of the RTP streams that enter the router use RTP header-compression.
Workaround: Disable RTP header-compression.
•
Symptoms: The output of the show policy-map interface interface-name input command shows that more packets are received than the output of the show interfaces type number precedence command.
Conditions: This symptom is observed when traffic is sent between two routers that are configured for MLP and cRTP.
Workaround: There is no workaround.
•
Symptoms: DTMF relay stop functioning on a Cisco Multiservice IP-to-IP Gateways (IPIPGW). After DTMF relay works fine, it may start to work uninterruptedly from one side in either direction. When you send a DTMF signal from both directions, the DTMF relay stops functioning on the IPIPGW.
Conditions: This symptom is observed in the following topology:
An IP phone connects to a Cisco CallManager that connects to an IP2IPGW. The IP2IPGW connects to a gatekeeper that connects to a third-party vendor gateway. This gateway connects via MGCP to a VISM that connects via an E1 link to the PSTN.
Workaround: There is no workaround.
•
Symptoms: TCP connections may fail on a Cisco 7500 series.
Conditions: This symptom is observed when you enable TCP header compression on a channelized interface of a PA-2CT3 port adapter by entering the ip tcp header-compression command.
Workaround: Disable TCP header compression.
•
Symptoms:
- Cisco AS5850 does not send NTFY to MGCP CallAgent.
- Cisco AS5850 does receive CRCX request with the DT/ans present in it but does not send NTFY to the call agent.
Conditions: This symptom can occur at any time and under no special conditions.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: A router crashes after multiple (attended or unattended) call transfer attempts.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T and that is configured for SIP.
Workaround: There is no workaround.
•
Symptoms: SIP calls are not completed because the gateway does not include the epid in its ACK even though it was in the "to" header of the response it is ACKing. The server also cannot treat the ACK as it would properly formatted messages.
Conditions: This symptom is observed when using Windows Messenger client software.
Workaround: There is no workaround.
•
Symptoms: Small IP packets (less then 28 bytes) fail to be decrypted for IPSec and are dropped. This situation causes GRE keepalive probe replies to be dropped, and consequently, the GRE tunnel to enter the DOWN state.
Conditions: This symptom is observed when point-to-point GRE (p-pGRE) and IPsec use a crypto map and a transport mode with GRE keepalives. Note that IP packets that are less than 28 bytes in length that are decrypted for IPSec.
Workaround: There is no general workaround for IPSec. However, for p-pGRE and IPSec, including a configuration with GRE keepalives, either configure the tunnel key 1 command on the tunnel interface on both ends or disable keepalives by entering the no keepalive command on the tunnel interface.
Note: If you choose to use the tunnel key, you may want to reduce the tunnel IP MTU with 4 bytes compared to its current value or enter the ip tcp adjust-mss 1400 command on the remote-end router.
•
Symptoms: A Cisco 7500 series may periodically hang.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for both distributed CEF and IP RTP header compression.
Workaround: Remove IP RTP header compression from the interface on which it is configured.
•
Symptoms: When a voice gateway is reset by a Cisco CallManager, the voice gateway may not reregister with the Cisco CallManager, even when the output of the show isdn statistics command indicates the following state:
MULTIPLE_FRAME_ESTABLISHED and L3 Protocol(s) = CCM-Manager.The above-mentioned state occurs when the voice gateway fails to send a restart message (RM) to the Cisco CallManager.
Conditions: This symptom is observed on a Cisco 3745 that functions as a voice gateway and that runs Cisco IOS Release 12.3(4)T6, 12.3(8)T3, or 12.3(8)T4.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the T1 controller of the interface that connects to the Cisco CallManager.
•
Symptoms: A Cisco 7500 series that is configured for encryption may fail to bring up the secondary Route Switch Processor (RSP) and may generate error messages that indicate that the uncompression of the image failed and that the compressed image needs a larger DRAM space.
Conditions: This symptom is observed on a Cisco 7500 series with dual RSPs.
Workaround: There is no workaround.
•
Symptoms: When IPSec tunnels are functioning in SSO mode, and shortly after the tunnels are established, the console of the standby router repeatedly displays the "error coming back 000F" error message and IPsec SAs are not synchronized.
Conditions: This symptom is observed when you build 500 IPSec tunnels in SSO mode on a Cisco 7200 series.
Workaround: Do not configure the IPSec tunnels to function in SSO mode.
•
Symptoms: An RPM-XF corrupts the DSCP values of traffic passing through.
Conditions: This symptom is observed after an output service policy is applied and fails because of incorrect parameters. The following error message is generated when the policy map is applied and fails:
PE1(config-if-atm-vc)#service-policy output in_policy_forout
PE1(config-if-atm-vc)#
PE1(config-if-atm-vc)#
PE1(config-if-atm-vc)#
PE1(config-if-atm-vc)#end
"set-mpls-exp-imposition-transmit" is not allowed in an output service policy. Service policy installation failed on VCWorkaround: Verify the validity of the service policy before you apply the output policy map.
•
Symptoms: A Cisco RPM-XF crashes when the ATM encapsulation for a PVC is changed.
Conditions: This symptom is observed when an MLP session is configured over a PVC subinterface.
Workaround: Shut down the PVC subinterface, change the encapsulation, and bring up the PVC subinterface.
•
Symptoms: A Cisco IAD2431 may not send PPTP traffic even though the PPTP tunnel is successfully authenticated and terminated on the Cisco IAD2431. When this situation occurs, the following error messages are generated:
%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed
Vi2.1 PPP: I pkt type 0x0021, datagramsize 64 link[ip]
%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed
Vi2.1 PPP: I pkt type 0x0021, datagramsize 64 link[ip]
%VPDN-3-IP_SWITCH_ERR: l2x ip switching vector not installed
Vi2.1 PPP: I pkt type 0x0021, datagramsize 422 link[ip]Conditions: This symptom is observed on a Cisco IAD2431 that runs Cisco IOS Release 12.3(11)T.
Workaround: There is no workaround.
•
Symptoms: A router may reload when you enter the crypto map map-name command.
Conditions: This symptom is observed on Cisco router that runs Cisco IOS interim Release 12.3(11.7)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for IVR may crash with a SegV exception.
Conditions: This symptom is observed on a Cisco 2600XM series that runs Cisco IOS Release 12.3(11)T. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: The 64-bit counters in the output of a show policy- map command may not provide correct information.
Condition: This symptom is observed on a Cisco RPM-XF.
Workaround: There is no workaround.
•
Symptoms: Load balancing of traffic works inconsistently if the traffic flow reaching the particular PE was already load balanced at a previous hop by another PE.
Conditions: The problem is seen only when Load balance needs to work in series, akin to the scenarios where you would see polarization effect of load balancing in play.
Workaround: There is no workaround.
•
Symptoms: All voice calls fail and the output of the show voice port summary command shows that all voice ports are in the down state:
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
========= == ============ ===== ==== ======== ======== ==
0/1:0 01 e&m-wnk up down idle idle y
0/1:1 02 e&m-wnk up down idle idle y
0/1:2 03 e&m-wnk up down idle idle yConditions: This symptom is observed on a Cisco 2600 series, Cisco 3660, and Cisco 3700 series that run Cisco IOS Release 12.3(11)T1 or Release 12.3(11)T2 and that are configured with an AIM-VOICE interface module that has DSPs that are configured for high complexity. The symptom occurs after you reload the router.
Workaround for Release 12.3(11)T1: Bring the voice ports to the up state by entering the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice ports.
Workaround for Release 12.3(11)T2: Remove the affected DS0 group and reconfigure it.
•
Symptoms: When you enter a timeout value shorter than 8 seconds on an IPHC-enabled interface, the value is not configured. Instead, a timeout value of 8 seconds is configured.
Conditions: This symptom is observed on a Cisco RPM-XF that is configured for IP RAN when you use the ppp iphc max-time seconds command to enter the timeout value on a virtual template in a multilink configuration.
Workaround: There is no workaround.
•
Symptoms: The clear line command may not function and does not cause a link to be dropped.
Conditions: This symptom is observed when you enter the clear line command for a WIC-1AM or WIC-2AM that is installed in an NM-2W network module.
Workaround: Enter the clear interface or the clear modem to cause the link to be dropped.
•
Symptoms: A memory leak may occur for every single transcoding call.
Conditions: This symptom is observed on any Cisco platform that supports transcoding.
Workaround: There is no workaround.
•
Symptoms: Important system and CPU register values are not dumped or stored into the crashinfo file if the router reloaded abnormally.
Conditions: This symptom is observed when a PCI SERR or Galileo interrupt is triggered and when the "PCI info" or crashinfo file is written to the bootflash.
Workaround: There is no workaround.
•
Symptoms: Even though route cache is enabled and functioning by default, the output of the show running-config interface type number command shows the "no ip route-cache" message for an MLP interface that is up. When IP Header compression is configured for the MLP interface, the command output also shows the "no ip route-cache cef" message.
Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(11)T2 or an earlier release.
Workaround: There is no workaround. However, note that route cache does function even though the error messages suggest otherwise.
•
Symptoms: You cannot make outgoing calls to the PSTN or receive incoming calls from the PSTN, and when you enter the test dsprm slot number command to display the DSP channel status of the voice port, the output shows the voice channel status is mismatched.
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that are configured with NM-2V, NM-HD-V2, or NM-HD-V2E network modules (which contain T1 C5510 DSPs).
Workaround: There is no workaround.
•
Symptoms: The RPM-XF card does not come up after reload and some tracebacks are observed.
Conditions: This symptom is observed when the router is reloaded with Cisco interim image version 12.3(11.6)PI6. This issue may also apply to Cisco IOS Releases 12.3(11)Tx.
Workaround: There is no workaround.
•
Symptoms: TACSAS+ is not supported on a Cisco IAD2430.
Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: When the load interval is configured as 30 seconds, the clear counters command takes a long time (1 minute and 45 seconds) to clear the offered rate and the drop rate counters.
Conditions: This symptom is observed on a Cisco RPM-XF that processes IP traffic with a 200-byte packet size at the rate of 1000 bps.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD2431 shows in the output of the show version command as a Cisco IAD2400.
Conditions: This symptom is observed on a Cisco IAD2431 that runs Cisco IOS Release 12.3(11)T.
Workaround: Enter the no memory-size iomem 10 command.
•
Symptoms: The caller ID name is not displayed when the name is greater than 15 characters.
Conditions: This symptom is observed on a Cisco platform that is configured for SIP when INFO messages are used to relay the caller ID name.
Workaround: There is no workaround.
•
Symptoms: No proper warning message is generated when a platform approaches its low-memory threshold.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 crashes because of a bus error and reloads.
Conditions: This symptom is observed when the Cisco AS5850 processes a call while the CPU utilization of the RSC and the line cards is very high because of call failures.
Workaround: There is no workaround.
•
Symptoms: The show policy interface intf input command shows more packets are received than the show interface intf precedence command.
Conditions: The symptom has been observed between two routers running MLPPP and cRTP.
Workaround: There is no workaround.
•
Symptoms: An extra accounting record not generated by SSG is sent for tunnel sessions.
Conditions: This symptom is observed when a Tunnel Connection Object is created.
Workaround: There is no workaround.
•
Symptoms: The Segmentation And Reassembly (SAR) engine on a Cisco RPM-XF shows buffer exhaustion, causing data drops.
Conditions: This symptom is observed when ATM SAR-based class-based weighted fair queueing (CBWFQ) is enabled and when policy maps are attached to outgoing PPPoA interfaces.
Workaround: There is no workaround.
•
Symptoms: H323-ss->IPIPGW-->SIP-CME DTMF negotiation fails due to the DTMF negotiation problem on the SIP side.
Conditions: The symptom occurs only when the terminating endpoint is SIP CME.
Workaround: There is no workaround.
•
Symptoms: SSG crashes when an accounting start packet is received for a RADIUS user.
Conditions: This symptom is observed when the accounting start packet has a different framed IP address than the stored IP address for an existing host.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic is punted to the RP, the CPU utilization is high, and the output of the show pxf cpu mroute vrf vrf-name command shows that the "No_FS" flag is set for a (S,G) entry and does not clear.
Conditions: This symptom is observed on a Cisco RPM-XF when you enter the clear ip mroute group command and a data MDT group for the group argument.
Workaround: Enter the clear ip mroute vrf * command.
•
Symptoms: CPU utilization is 99%.
Conditions: Multicast traffic is being punted to the RP and process switched.
Workaround: Multicast traffic is punted to RP to create state. For a finite but transient period, the CPU utilization can spike up if the multicast traffic volume being punted to the RP is very high. The CPU utilization comes down to normal once the multicast state has been established.
•
Symptoms: A router that runs SSG in the SSG-Radius-Proxy mode may reload.
Conditions: This symptom is observed when an SSG RADIUS proxy client issues a request for login via an AutoDomain service that uses an L2TP tunnel and when the login is rejected because of a PPP authentication failure on the LNS.
Workaround: There is no workaround.
•
Symptoms: Backup calls are not initiated after reload.
Conditions: With the dialer being a backup interface, a reload of the router doesn't move the dialer to backup mode though the primary interface is down. This happens on a Cisco 2800 router with QoS commands only.
Workaround: After reload, perform the shut command and the no shut command.
•
Symptoms: The output of the show rpm iphc cids src-ip dest-ip src-udp-port dest-udp-port max-cids command does not show the CID values. Only zeros are seen in the command output.
Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(11)T1 when cRTP is configured.
Workaround: There is no workaround.
•
Symptoms: When you boot a router, a voice port remains in the BUSYOUT state, which can be observed in the output of the show voice call summary command.
Conditions: This symptom is observed when the T1 controller is configured as the DS0 group.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T1 controller to enable the voice port to change to the ONHOOK state and voice calls to be resumed.
•
Symptoms: The dual-tone multifrequency (DTMF) signal is not heard on a terminating gateway (TGW) if any DTMF signal is sent during ringback.
For a SIP(RTP-NTE) to H323 (h245-alpha) via IPIPGW call, if any RTP-NTE packets are sent before the H323 Endpoint answers the call, digits sent subsequent to the answer are not heard on the H.323 Endpoint.
Conditions: The symptom has been observed in the following setup:
FXS --SIP GW -(rtp-nte)--IPIPGW -(h245-alpha)--H323GW --FXSMake a call from FXS on SIP to H323 GW FXS. When the phone is ringing, send some DTMF from the SIP Phone. Answer the call, any DTMF sent now, are not heard on the H323-FXS.
Workaround: With the dtmf-relay rtp-nte digit-drop h245- alphanumeric command configured on the incoming SIP dial-peer of IPIPGW, the RTP-NTE packets sent by the SIP GW are not forwarded. Only the OOB H245 events are sent to a terminating gateway (TGW), so DTMF is heard on TGW.
With the dtmf-relay rtp-nte digit-drop h245-alphanumeric command on the outgoing dial-peer pointing to the SIP gateway and:
–
–
So DTMF is heard on the TGW.
Sample Configuration:
dial-peer voice 1 voip
description OGW->TGW [H.323->H.323]
modem passthrough nse codec g711ulaw
voice-class codec 2
session protocol sipv2
incoming called-number 408....
dtmf-relay rtp-nte digit-drop h245-alphanumeric
no vad
!•
Symptoms: When you enter the show policy-map interface interface-name output command for a switch subinterface, the drop rate counter always shows zero.
Conditions: This symptom is observed on a Cisco RPM-XF that is configured for SAR-based CBWFQ.
Workaround: Determine the drop rate from the number of exceeded packets in the output of the show policy-map interface interface-name output command.
Wide-Area Networking
•
Symptoms: AAA authorization may fail due to applicable attributes not being recognized. This will cause authorization to fail for many features.
Conditions: This symptom has been observed with any use of MLP combined with AAA attributes with Cisco IOS Release 12.3(11)T3 or when using VPDN AAA authorization attributes.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(11)T2
Cisco IOS Release 12.3(11)T2 is a rebuild release for Cisco IOS Release 12.3(11)T. The caveats in this section are resolved in Cisco IOS Release 12.3(11)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When running IP SLA jitter probe with reaction configuration, traps through syslog will not be generated for PacketLossSD.
Conditions: This happens in the normal operation itself.
Workaround: There is no workaround.
•
Symptoms: Since the mean opinion score (MOS) is monitored for the low score value, the threshold trap should be generated when the MOS reaches the falling threshold.
Conditions: This behavior was observed when the traps were configured for the MOS parameter. Current implementation does not support monitoring the MOS score for low values, i.e., Falling threshold value.
Workaround: There is no workaround.
•
Symptoms: When running an SAA/IP SLA Jitter operation, a high PacketMIA (missing-in-action) value is observed in the results provided for the Jitter operation.
Conditions: This symptom has been observed when running Cisco IOS Release 12.3T. When the symptom happens, jitter operation timer expiration is shown in the debug message.
Workaround: Configure the Jitter operation timer to be much longer than numberPaks* interval.
Resolution: The fix provides new fields for show rtr command output: "Busies:" and "PacketSkipped:"
•
Symptoms: RTTMON traps are only supported for RTT and not for MOS. Only syslogs traps should be generated for MOS and not the RTTMON traps.
Conditions: This problem was occurring when MOS traps were configured. Only syslogs traps are supported for MOS. RTTMON traps are not supported. This was occurring due to the fix done by the DDTS CSCef96304.
Workaround: There is no workaround.
•
Symptoms: NetFlow cache is not allocated on all port adapters, preventing egress NetFlow from functioning.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Configure ingress NetFlow on an interface of a port adapter that needs NetFlow cache for egress NetFlow.
IP Routing Protocols
•
Symptoms: BGP IPv4 label session continue to flap after an interface between two EBGP peers flaps.
Conditions: This symptom is observed when EBGP IPv4 with labels is configured between two BGP peers. The session comes up fine the first time after you reload one of the BGP peers. After you toggle an interface between the BGP peers, the EBGP session continues to flap because of malformed updates.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The fax relay does not work as the regular gateways.
Conditions: This symptom has been observed when interworking between H.323 networks via the Cisco Multiservice IP-to-IP Gateway (IPIPGW).
Workaround: There is no workaround.
•
Symptoms: The RPM-XF sends twice the number of packets it receives to the connected CE when doing Compressed Real-Time Protocol (CRTP) and the TOS value changes on a particular flow that is being compressed. The receiving CE is not able to uncompress this traffic as majority of this traffic is being seen as errors.
Conditions: The RPM-XF is configured to do Segmentation and Reassembly (SAR) based Weighted Fair Queuing (WFQ).
Workaround: A Real-Time Protocol (RTP) stream does not have TOS value changes during the life of a flow. This change of TOS value during the life of a flow should be avoided.
•
Symptoms: On a Cisco AS5850 with an enhanced Route Switch Controller (RSC) that is configured to hair-pin incoming ISDN calls onto outgoing channel associated signaling (CAS) channels (or vice-versa), a Time Division Multiplexing (TDM) leak condition will be exhibited after a few hours.
Conditions: This symptom is observed in Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: STM1 flaps map be observed on a Cisco AS5850 access gateway.
Conditions: This symptom occurs when the debounce timer for Loss of Signal (LOS) and Loss of Frame (LOF) is ignored.
Workaround: There is no workaround.
•
Symptoms: Calls to a SIP gateway may fail.
Conditions: This symptom is observed on a Cisco router that functions as a SIP gateway when there are escape characters in the user portion of the Request-URI, as in the following example:
INVITE sip:929252175123%23%23@<ip address>:5060 SIP/2.0In this example, the escape character is %.
Workaround: Remove the escape characters from the user portion of the Request-URI.
•
Symptoms: A Cisco AS5850 that has a trunk-group that is provisioned to a third-party vendor switch can pass a COT request when this request is initiated by a Cisco BTS 10200 but fails when this request is initiated by the third-party vendor switch. This situation prevents you from configuring new trunks to the third-party vendor switch.
Conditions: This symptom is observed in a configuration with a Cisco BTS 10200 that runs software version 3.5 3 V03 and a Cisco AS5850 that runs Cisco IOS Release 12.3(2)T7 or Release 12.3(2)T3.
Workaround: There is no workaround.
Further Problem Description: Because the third-party vendor switch does not use the loopback COT, the 4W_TO_2W COT is required. When the CCR is received, the Cisco BTS 10200 sends the LPA, and then sends a CRCX with M:conttest to the Cisco AS5850. Then, the third-party vendor switch sends a 2010-Hz tone and searches for a 1780-Hz tone from the Cisco AS5850. Monitoring the T1 line reveals that the Cisco AS5850 does not send the 1780-Hz tone although it does receive the 2010-Hz tone from the third-party vendor switch. So either the CRCX with M:conttest is not implemented correctly on the Cisco AS5850, or the Cisco BTS 10200 should send a RQNT with S:T/co2 following the CRCX.
•
Symptoms: The Watchdog Timeout crashes the router. Right before the crash, CPU-HOG messages are logged for the IP input process.
Conditions: This symptom has been observed on a router running Cisco IOS Release 12.3(8)T3 and having ip audit command or ip inspect command configured.
Workaround: Remove ip inspect and ip audit commands from the router configuration.
•
Symptoms: Segmentation SAR fatal error 0x4BD is seen. This causes reset of the data path SAR and the creation of a sar_mxt4600_info file in the bootflash.
Conditions: IP Radio Access Network (IP-RAN) enabled, SAR-based QoS enabled, VC tunnel has traffic on the high priority Class of Service Queues (CoSQ) and is tail-dropping on one of the low priority CoSQs. Dynamic bandwidth feedback (DBF) update is triggered which posts a modify_channel for this VC tunnel to the Segmenter.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.
Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Symptoms: On a CME 3.1 system, a speed dial that is configured via the GUI for phone A may show up on the GUI interface of phone B when one of these phones has an 7914 add-on. However, the configuration does not show up in the running configuration.
Conditions: This symptom is observed when you configure speed dial via the GUI for a CME 3.1 system, and when the following configuration is present:
!
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203
!
ephone 2
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2
!
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3The speed dial configuration addition and modification on ephone 3 may be shown when you attempt to edit the configuration of ephone 2.
Workaround: If you move the ephone configuration of a 7940 or 7960 phone with a 7914 add-on away from the other phones, the symptom does not occur. The following shows the configuration set with the workaround applied to the above configurations:
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203One more ephone-dn for another 7914 (in case you need to add one more and wonder how the configuration would look):
ephone-dn 4 dual-line
number 7209This is the usual 7960 phone (7203):
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3This is the 7960 phone with the 7914 add-on which was ephone 2 before:
ephone 31
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2This is a new 7960 phone with a 7914 add-on:
ephone 38
mac-address 00AA.1234.ABCD
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:4The idea is to configure all the simple phones without any 7914 add-ons from ephone 1 to N (say, 1 to 30). Now, add the first phone with the 7914 add-on as ephone N+1 (31). The next phone with the 7914 add-on should be configured as ephone [(N+1)+7] (38) and so on (45, 52, 59, etc).
•
Symptoms: Multi-processor WAN Application Module (MWAM) processor may reload for certain type of traffic causing IP fragmentation and when Cisco Express Forwarding (CEF) enabled.
Conditions: This symptom is a MWAM platform specific issue. This symptom was observed when sending downstream data with more fragmented packets.
Workaround: Disable CEF.
•
Symptoms: A Cisco AS5850 with an ERSC board may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on a Cisco AS5850 series that is configured with an ERSC board. RSC boards are not affected.
Workaround: There is no workaround.
•
Symptoms: The image appears not to allow the configuration of the memory-size iomem 40 command. When loading the SLT with a configuration containing this command, the following error is received:
memory-size iomem 40 ^ % Invalid input detected at '^' marker.Conditions: This affects only the Cisco 2600XM platforms. All Multiple OPC scripts fail since the image will not allow the configuration of the memory-size iomem 40 command which is required for voice.
Workaround: There is no workaround.
Further Problem Description: Now all of the memory-size iomem command values are available: 10, 15, 20, 25, 30, 40, 50
When a user configured iomem-size percentage is configured, upon booting, the router will automatically find the biggest possible iomem-size percentage that will work with the image and the amount of memory in the router. That configuration will be set and used automatically without any customer intervention. This behavior is not a change, this is the same functionality that exists today.
The memory-size iomem is a percentage of the amount of available memory in the router. When increasing the amount of SDRAM memory in the router from 128 MB to 256 MB, while keeping the same memory- size iomem command percentage value, this will in effect double the amount of IO memory allocated by the system.
This means that for a router with 128 MB of SDRAM memory, the memory- size iomem 40 command will allocate approximately 50 MB of memory for use as IO memory.
For a router with 256 MB of SDRAM memory the memory-size iomem 40 command will allocate approximately 102 MB of memory for use as IO memory.
This may be too much memory set aside for IO memory, so that PERCENTAGE may be reduced by the system, but the actual AMOUNT of IO memory allocated will be at the same or actually greater that what would be allocated in a system with 128 MB of SDRAM memory.
For example:
The c2600-ipss7-mz image in a router with 128 MB SDRAM will be able to set the memory-size iomem command to 40%, allocating approximately 50 MB of SDRAM memory for IO memory. If that same router is upgraded to 256 MB of SDRAM memory, and it boots that same image with the same memory- size iomem to 40% configured, attempting to allocate approximately 102 MB of SDRAM memory for IO memory. That iomem percentage is too large, and will be reduced down to 30%, but the amount of IO memory allocated will be approximately 77 MB which is 27 MB greater than the amount of IO memory allocated by the system with 128 MB of SDRAM
•
Symptoms: The virtual access (VA) interface flaps when sending traffic over a Point-to-Point Protocol (PPP) interface.
Conditions: Internet Protocol Header Compression (IPHC) is configured on the interface.
Workaround: There is no workaround.
•
Symptoms: Traffic doesn't flow across the multilink point-to-point protocol (MLPPP) links but traffic for which outgoing service policy imposes "Absolute Priority" does not have a problem.
Conditions: This symptom was observed when MLPPP was configured between two XF's and when traffic was originating from the Route Processor.
Workaround: There is no workaround.
•
Symptoms: Cisco Optimized Edge Routing (OER) is not available on a Cisco 3640.
Conditions: This symptom is observed on a Cisco 3640 that runs the c3640-is-mz IP PLUS image of Cisco IOS Release 12.3(11)T.
Workaround: If your router has sufficient memory, use the c3640-js-mz image to run OER. Note that the symptom does not occur in Cisco IOS Release 12.3(8)T4.
•
Symptoms: The virtual access (VA) interface flaps when sending traffic over a Point-to-Point Protocol (PPP) interface.
Conditions: Internet Protocol Header Compression (IPHC) is configured on the interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third-party gateway. When the third-party gateway sends an open logical channel to the Cisco gateway as the last step to switch the codec to T38, the Cisco gateway may not send an open logical channel acknowledgement. Instead, the Cisco gateway may terminate the call immediately.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway and that does not have any lengthy debug turned on.
Workaround: There is no workaround.
•
Symptoms: After grounding Ring, the circuit may fail to detect an ensuing tip ground acknowledgement from the far end.
Conditions: This symptom has been observed when placing outgoing calls with the FXO tip ground detect circuit present in VIC2-2/4FXO, EM-HDA-6FXO and EM- HDA-3FXS/4FXO.
Workaround: Use loopstart mode for FXO.
•
Symptoms: The test crash command does not create a crashinfo file on the RPM-XF platform.
Conditions: RPM-XF Platform fails to create crashinfo file when the test crash command is executed.
Workaround: There is no workaround.
•
Symptoms: ESP frames are sent as protocol 50 (ESP) instead of the UDP protocol that is required for NAT-T. (The Internet Key Exchange security association [IKE SA] is correctly established.)
Conditions: This symptom is observed when one peer runs Cisco IOS Release 12.3(8)YA or Release 12.3(11)T and uses NAT-T version 7 and another peer runs NAT-T version 2 or 3.
Workaround: Remove NAT-T. Note that the symptom does not occur in Release 12.3(8)T4.
•
Symptoms: FAX calls made between two POTS legs may fail.
FAX--(FXS)1760(BRI)--PSTN--Analog line--FAX
The above scenario may fail in some routers and work in some others.
Conditions: This symptom has been observed when the FAX machines are trying to train.
Workaround: There is no workaround.
•
Symptoms: Transmit underruns or receive overruns may occur on a serial interface on the motherboard WICs of a Cisco 2691 or Cisco 3725 router.
Conditions: Most likely to happen when the traffic of the motherboard serial interfaces on a Cisco 2691 or Cisco 3725 router is process switched rather than fast switched.
Workaround: Do not use the WAN interface card (WIC) slot on the motherboard. Rather, use the serial interface on a 2-WAN card slot network module (NM-2W), a 1-port Fast Ethernet 2-WAN card slot network module (NM-1FE2W), or a 2-port Fast Ethernet 2-WAN card slot network module (NM-2FE2W).
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: IPSec HA support is missing from the Cisco 7301 platform crypto k9 images.
Conditions: This symptom has been observed on the Cisco 7301 router platform running Cisco IOS Release 12.3(11)T K9 image.
Workaround: Use an IPSec HA supported platform (Cisco 3725, Cisco 3745, or Cisco 7200 router).
•
Symptoms: Multipath load balancing is not working properly.
Conditions: There are multiple paths configured for a destination. But pings to the destination, over one of the path, only works when the other PPP link is in shutdown state.
Workaround: There is no workaround.
•
Symptoms: Use of Cisco CallManager Express (CCME) HTTP GUI interface may lead to Cisco IOS voice gateway instability.
Conditions: Using the CCME GUI interface to configure and maintain a VoIP gateway may cause unexpected results. The results can include symptoms such as T1 controllers being inaccessible, calls not completing through the gateway, and the gateway reloading unexpectedly.
Workaround: Use the command line interface (CLI) for configuring and maintaining a CCME VoIP gateway. To prevent access via the HTTP GUI interface, it is recommended that the access be removed through the no ip http server global configuration command.
•
Symptoms: The following CLIs are blocked out:
–
–
–
The following CLIs can only be seen with the no allow-connection h323 to h323 command:
–
–
Conditions: This symptom regards the commands in:
voice service voip
allow-connection h323 to h323
h323
h225 id-passthru
...
...Workaround: The impacted commands can still be configured from the voice class.
•
Symptoms: With traffic flowing through and if repeated shut and no shut commands are done on NM-2FE2W-V2 interfaces in a Cisco 3845 router, sometimes the router may experience watchdog timeout and reboot. The following message is displayed before rebooting:
*** Watch Dog Timeout Reset ***Conditions: So far, this is seen only when repeated shut and no shut commands are done on the NM-2FE2W- V2 interfaces with traffic flowing through all of them.
Workaround: There is no workaround.
•
Symptoms: Dual-tone multifrequency (DTMF) sent from a SIP gateway is not sent as RTP-NTE to the H.323 gateway because it is received as inband voice by the IP-to-IP gateway. The IP-to-IP gateway shows DTMF type as RTP-NTE for both legs from the output of the show call active voice. The output on SIP gateway shows DTMF type as inband voice.
Conditions: This symptom was observed when originating a call from a SIP gateway on an IP-to-IP gateway that is connecting an H.323 gateway to a SIP gateway.
Workaround: There is no workaround.
•
Symptoms: The following error message is displayed even with 128 MB RAM.
"%DSMP-3-INTERNAL: Internal Error : NO MEMORY"Conditions: This symptom has been observed when NM-HD-2VE is used as hardware MTP to convert DTMF from out of band to in-band.
Workaround: There is no workaround.
•
Symptoms: Compressed Real-Time Protocol (CRTP) or Compressed User Datagram Protocol (CUDP) traffic does not get compressed. Lots of collisions happen and cid_in_use and timeout values are corrupted.
Conditions: This symptom has been observed when CUDP or CRTP traffic is running and any of the following events happen:
–
–
–
Workaround: Enter the clear int sw1 command or enter the shut command followed by the no shut command on the interface.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: Fax Relay/passthrough fails with fallback configuration using NSE signalling. Fax state reached is S_CS_LOCAL_WAIT_MC_START.
Conditions: If Fax is configured with fallback using Named-Signaling Event (NSE) configuration command, it fails.
Sample topology:
Orig------(fxs)OrigGateway----VoIP-----TermGateway----T1 PRI----Term (Rtr-A) (Rtr-B)
Sample config on gateways which fails:
Rtr-A(config)#voice service voip
Rtr-A(conf-voi-serv)#fax protocol pass g711u
Rtr-A(conf-voi-serv)#end
Rtr-B(config)#voice service voip
Rtr-B(conf-voi-serv)#fax protocol t38 nse force fallback pass g711u
Rtr-B(conf-voi-serv)#endWorkaround: Configure without NSE configuration.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Wide-Area Networking
•
Symptoms: A PPP over ATM circuit that is assigned to a multilink-group interface does not negotiate to use multilink.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(9.10)T or a later release. It is not present in Cisco IOS release trains other than 12.3T.
Workaround: There is no workaround. However, because the symptom is specific to configurations that assign the PPP connections to multilink-group interfaces, if there is no need to use multilink-group interfaces, the configurations may be adapted to employ virtual-access interfaces for bundles.
Resolved Caveats—Cisco IOS Release 12.3(11)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(11)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(11)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A packet of disconnect (POD) does not delete the packet data protocol (PDP) when an Accounting Session ID is used as the identifier for the session.
Conditions: This symptom is observed on a Cisco router that functions as a gateway GPRS support node (GGSN) and that runs GGSN Release 4.0 or Release 5.0.
Workaround: There is no workaround.
•
Symptoms: A crashdump may occur during a two-call-per-second load test on a gateway, and the gateway may reload.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.3(7)T and that functions as a gateway when you run a two-call-per-second load test that uses H.323, VXML, and HTTP. The crash occurs after approximately 200,000 calls.
Workaround: There is no workaround.
•
Symptoms: When a Telnet connection to a router that is configured for secure login fails, memory corruption may occur on the router, and the router may reload.
Conditions: This symptom is observed when the login block-for seconds attempts tries within seconds command is enabled on the router and when a user enters an incorrect password for the tries argument.
When the Telnet connection fails, the router enters the quiet mode. When the router leaves the quiet mode, the router is able to accept Telnet connections. However, when the Telnet connections fails again, memory corruption occurs before the router enter the quite mode, and the router reloads.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: The output of the show running-configuration command for CLI views may be incorrect.
Conditions: This symptom is observed in a CLI views context when you unconfigure a command that has the all keyword defined such as the no commands configure include all line command or the no commands configure include all parser command in just one view, causing the command to be unconfigured in all other views. Also, when you reconfigure such a command in one view, the command is reconfigured in all other views that previously contained the command.
Workaround: There is no workaround.
•
Symptoms: The "Mismatch in include/include-exclusive mode" error message may be displayed. The output of the show running-config command may be incorrect for certain commands that include the all keyword.
Conditions: These symptoms are observed in a CLI views context. From the root view it is not possible to unconfigure certain commands that include the include-exclusive keyword such as the interface include-exclusive ip address command from any CLI view, and the "Mismatch in include/include-exclusive mode" error message may be displayed.
The output of the show running-config command may be incorrect for certain commands that include the all keyword. For example, when you configure the command exec include all debug command in one view, you unconfigure this command by entering the no command exec include debug command (that is, without the all keyword), and then you configure the command exec include debug (that is, again, without the all keyword) in the view, the command exec include debug command is displayed in the output of the show running-config command as the command exec include all debug command (that is, with the all keyword), and the functionality of the command is changed as if you had included the all keyword.
Workaround: There is no workaround.
•
Symptoms: A router crashes when asynchronous calls are terminated.
Conditions: This symptom is observed on a Cisco AS5400 and a Cisco AS5850. However, the symptom is platform-independent and may occur on any platform.
Workaround: There is no workaround.
•
Symptoms: A router reloads when you attempt to make a call.
Conditions: This symptom is observed after the SPE has been busied out.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may unexpectedly reload because of a software-forced crash that is due to a watchdog timeout.
Conditions: This symptom is observed in Cisco IOS Release 12.0(26)S1, Release 12.2 S, or Release 12.3(8)T when you enter the show list command.
Workaround: There is no workaround.
•
Symptoms: A serial interface of a channelized E1, T1, E3, or T3 port adapter may continue to flap when fair queueing is disabled on the interface.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enable fair queueing on the interface.
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no iSPF command.
•
Symptoms: On a Cisco AS5850 Universal Gateway, calls terminating on a dialer interface and joining an IGMP group may not receive traffic from the multicast source. The Cisco AS5850 sends traffic to only one of the calls at a time.
Conditions: This problem is seen only with calls terminating in a dialer interface. If the call comes up as a virtual-access or multilink PPP call, there is no problem.
Workaround: Perform the following actions: 1. Configure the dialer interface with the no ip mroute-cache command. 2. Remove virtual-profile if-needed, which will cause all calls to come through virtual profiles.
•
Symptoms: A router may crash and reload due to a bus error, and the following error message may appear:
Unexpected exception, CPU signal 10Conditions: This symptom is observed on a Cisco router that is running OSPF and that is configured for incremental SPF.
Workaround: Remove incremental SPF from the router by entering the router ospf process-id command followed by the no ospf command.
•
Symptoms: A memory leak occurs in the IP NAT WLAN process because the AAA UID is not freed.
Conditions: This symptom is observed when a race condition occurs in which the AAA UID is not saved in the WLAN NAT entry.
Workaround: There is no workaround.
•
Symptoms: H.245 messages are not correctly translated by NAT.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(5.5)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when a bgp debug command is enabled.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S, 12.2S, or 12.3T.
Workaround: There is no workaround.
•
Symptoms: A BGP prefix may receive or advertise incorrect label information.
Conditions: This symptom is observed on an MPeBGP session between ASBRs when there is more than one MPeBGP session configured.
Workaround: There is no workaround.
•
Symptoms: BGP may fail to reestablish a session when you remove a line card, PA, VIP, or module and replace it with a card of a different type. For example, the problem occurs when you remove a 1-port GE line card and replace it with a 3-port GE line card. However, if you replace the 1-port GE line card with another 1-port GE line card (or you just plug the same 1-port GE line card back in the chassis), the problem does not occur.
Conditions: This symptom is observed when the router one side of the BGP session is configured with the neighbor ip-address transport connection-mode active command and when a line card, PA, VIP, or module is changed on the router at the other side of the BGP session. Furthermore, the router at the other side of the BGP session is configured with the neighbor ip-address update-source interface command, and the interface argument refers to the interface on the line card, PA, VIP, or module that is changed.
Workaround: Disable and reenter the neighbor ip-address update-source command.
•
Symptoms: Protocol Independent Multicast (PIM) may not function after you have reloaded a router.
Conditions: This symptom is observed when a Cisco router that runs Cisco IOS Release 12.3(7)T does not save the ip pim command in the running configuration or the startup configuration.
Workaround: Manually re-enter the ip pim command after the router has reloaded.
•
Symptoms: A router reloads when 200 static IP users are connected and generate 1 Mb of data on a multipoint interface that has CEF enabled.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.3(7)T. However, the symptom may be platform-independent.
Workaround: Disable CEF.
•
Symptoms: Traffic that is processed by a router may be improperly routed to an ESP route.
Conditions: This symptom is observed when the ip nat inside source static esp local-ip interface Loopback0 command is enabled.
Workaround: There is no workaround.
•
Symptoms: The following message is observed: "System returned to ROM by error - a SegV exception, PC 0x80185424."
Conditions: It has been observed that the router crashes with this problem when there is a heavy load of NAT traffic. This issue happens randomly.
Workaround: There is no workaround.
•
Symptoms: Non-EIGRP originated routes are not supported. Furthermore, when a route is injected into mp-BGP from a connected, static, or any other IGP on the remote PE router where the same prefix is also learned via EIGRP (when a backdoor exists for that site), the route may constantly flap between EIGRP and BGP.
Conditions: These symptoms are observed when the EIGRP MPLS VPN PE-CE SoO feature is configured.
Workaround: Only inject EIGRP routes into mp-BGP for sites with a backdoor.
•
Symptoms: The BGP inbound update processing becomes slow and a high CPU utilization occurs for a long time.
Conditions: This symptom is observed when a large number of VRFs (more than 200) and prefixes (more than 220,000) are configured.
Workaround: There is no workaround.
•
Symptoms: There is one-way voice when calling from an H.323 gateway to an endpoint.
Conditions: This symptom is observed when NATing H.323 through a VRF.
Workaround: There is no workaround.
Further Problem Description: For inbound call legs, H.323 OLC and OLC ack embedded transport addresses are not translated by the NAT engine. This problem occurs only for inbound calls, that is, for calls that enter via an interface that has the ip nat outside command enabled.
•
Symptoms: A Cisco 7204VXR router with an NPE-400 network processing engine may experience high CPU utilization in the IP NAT Ager process.
Conditions: This symptom has been observed when a traffic stream containing a large proportion of fragmented packets is being NAT translated.
Workaround: There is no workaround.
Further Problem Description: This problem is more likely to happen when a large stream of zero fragment (IP Fragment Offset=0) packets are being translated.
•
Symptoms: When BGP receives an update with only a VPN label change, BGP may not update the TFIB with the new label information.
Conditions: This symptom is observed when BGP receives an update with only a VPN label change but without any nexthop changes.
When the symptom occurs, enter the clear ip route vrf vrf-name command to return to proper operation.
Workaround: There is no workaround.
•
Symptoms: When you enter the ping vrf command on a PE router, the PE router at the far end is not pinged.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series that run Cisco IOS interim Release 12.3(9.3)T.
Possible Workaround: Enter the clear ip route vrf vrf-name network command to remove the wrong entry from the routing table and to enable BGP to update the routing table.
•
Symptoms: An RP may crash during the BGP router process after BGP flaps several times.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr- p-mz image of a Cisco IOS interim Release of Release 12.0(29)S. However, this caveat is resolved in Release 12.0(29)S. This caveat is platform-independent and may occur on another platform that has an RP and that is configured for BGP.
Workaround: There is no workaround.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
•
Symptoms: A BGP update that is sent to a connected P router fails to report the martian next-hop log message when the next-hop field in the attribute of the BGP update is set to 255.255.255.255 (that is, all 1Ãs). The P router does deny the advertisement of the MP_REACH_NLRI attribute to the other PE routers, but there is no log message to indicate that it is denying the advertisement and why it does so.
Conditions: This symptom is observed during MP-BGP negative testing for the MP_REACH attribute.
Workaround: There is no workaround.
•
Symptoms: A slave RP that functions in SSO mode may reload unexpectedly when IS-IS is implemented on an MPLS LC-ATM interface.
Conditions: This symptom is observed when a dual-RP router is configured for IS-IS on an MPLS LC-ATM interface for the first time. Once the slave RP has reloaded, the symptom does not reoccur.
Workaround: There is no workaround.
•
Symptoms: A router crashes when you remove the peer-group members.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: There is no workaround.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround
•
Symptoms: NAT may change the IP length without modifying the UDP length for some H.225 traffic.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T, that is configured for PAT, and that processes H.225/H.323 RAS traffic.
Workaround: There is no workaround.
•
Symptoms: An MWAM processor that is running SSG software crashes.
Conditions: This symptom occurs when more than 5000 L2TP service connections are created.
Workaround: Disable logging console.
•
Symptoms: IPv6 multicast forwarding may stop.
Conditions: This symptom is observed when the no ipv6 multicast-routing and ipv6 multicast-routing global configuration commands are entered in quick succession.
Workaround: Enter the commands with some time in between.
ISO CLNS
•
Symptoms: The redistribution of routes from L1 into L2 or/and from L2 into L1 may not occur properly, and a learned IS-IS prefix may be missing.
Conditions: This symptom is observed under the following conditions:
–
–
Workaround: Enter the clear isis * or the clear ip route * command to restore the prefix. However, doing so clears all the routes and recalculates them again, which is a disruptive action.
Miscellaneous
•
Symptoms: A router crashes when an AAL1 CES connection is removed.
Conditions: This symptom is observed on a Cisco 3600 series and Cisco 3700 series.
Workaround: There is no workaround.
•
Symptoms: The throughput on a Cisco 1721 that is configured with an xDSL WIC is lower than what you would expect.
Conditions: This symptom is observed on a Cisco 1721 that runs Cisco IOS Release 12.2(13)ZH2 when there is more than one PVC configured and when the line rate is oversubscribed.
Workaround: Remove all PVCs except for one. Then, reconfigure the PVCs. Doing so allows the bandwidth to be shared equally among the PVCs until the router is reloaded.
•
Symptoms: A software-forced bus error due to corrupted program counters may occur on a Cisco AS5350.
Conditions: This symptom is observed on a Cisco AS5350 that runs the C5350-jk9s-m image of Cisco IOS Release 12.3(7)T when a crypto tunnel comes up.
Workaround: There is no workaround.
•
Symptoms: In the show process memory command output, the display of total and free memory may show more memory than is actually present in the main processor memory of the router. This is due to an undocumented change in the command output that also includes both processors and I/O memory pools in the amounts allocated by each process and the totals at the top of the output.
Conditions: This symptom is observed on all Cisco IOS platforms.
Workaround: Use the output of the show memory summary command to determine the individual amounts of total and free memory in each of the processor memory pools and the I/O memory pool.
•
Symptoms: A VRF configuration does not show up in the running configuration of an MWAN GGSN.
Conditions: This symptom is observed under the following conditions:
–
–
–
Workaround: Enter the mwam config-mode local command, re-add the VRF under the AAA group, and enter the write memory command to save the configuration to NVRAM. If the mwam config-mode supervisor command must be enabled, there is no workaround.
•
Symptoms: LCP negotiation may fail at LNS while trying to bring up a voluntary L2TP tunnel.
Conditions: This occurs on a Cisco router running a 12.3(4)T2 image.
Workaround: There is no workaround.
•
Symptoms: A Cisco Gateway GPRS support node (GGSN) has a very low data throughput.
Conditions: This symptom is observed while sending data through a PPP link that terminates on a GGSN that runs Packet Data Protocol (PDP) using Address and Control Field Compression (ACFC) or protocol field compression (PFC).
Workaround: Use non-ACFC/PFC PPP termination on the GGSN.
•
Symptoms: In the presence of an AIM-VPN card, an unexpected exception occurs and the router reloads:
Unexpected exception to CPUvector 1200, PC = 814792C4
-Traceback= 814792C4 814785AC 8146C974 8145CF94 8145D03C 81364210
813642EC 80058DE0 8005ACC0 8004D964 800DC4D0 80165990 801630AC
805453BC 8015457C 8015457C 8054547CConditions: This symptom is observed on a Cisco 2600 series, 3600 series, and 3700 series that run Cisco IOS Release 12.3(8)T and that are configured with an AIM-VPN/BP, NM-VPN/MP, or AIM-VPN/HP when QoS preclassification is enabled with the qos pre-classify command.
Workaround: Disable QoS preclassification.
•
Symptoms: Voice hunt may fail.
Conditions: This symptom is observed on an originating gateway (OGW) when the isdn overlap-receiving command is enabled, when the OGW has at least two dial peers that only partially match the called number, and when the terminating gateway (TGW) has dial peers that match the complete called number. For example, the symptom occurs when the OGW has two dial peers that match "destination-pattern 123" while the TGW has dial peers that match "destination-pattern 123456."
Workaround: Do not enable the isdn overlap-receiving command when voice hunt is enabled.
•
Symptoms: A "TDM: guido_port_dsp_connect: vic connect failed!" error is observed and is followed by a crash because of a SegV exception.
Conditions: This symptom is observed on a Cisco 2611XM CPE that runs Cisco IOS Release 12.3(4)T2 and that is configured with an NM-HD-2V.
Workaround: There is no workaround.
•
Symptoms: A Cisco router running GGSN software may not return the Control TEID in the create PDP response.
Conditions: This symptom is observed when the GGSN has already sent the control TEID for a PDP context before and it receives a create PDP request for the same existing PDP.
Workaround: There is no workaround.
•
Symptoms: L2TPv2 tunnels may not be set up for a "voluntary tunneling" case because L2TP control packets may be dropped at the UDP level.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T.
Workaround: Enter the vpdn enable command.
•
Symptoms: It may take 30 minutes before the output of the show pppoe session | include regular expression EXEC command is generated and the utilization of the CPU of the Route Processor is 99 percent while the command is being executed.
Conditions: This symptom is observed when a large number of sessions is active on a Cisco 10000 series that is configured for PTA or that functions as a LAC. However, the caveat is platform-independent.
Workaround: There is no workaround.
•
Symptoms: Memory fragmentation causes a router to reload.
Conditions: This symptom is observed on a Cisco AS5850 enhanced route switch controller (eRSC) that is running two B channel serial multilink calls, which causes a memory leak in Pool Manager.
Workaround: There is no workaround.
•
Symptoms: A segV exception may occur and the router may crash.
Conditions: This symptom is observed on a Cisco router when you enter the following command sequence:
config t
archive
path A
no path A
path B
Workaround: There is no workaround.
•
Symptoms: The outgoing VCCI that is programmed in the FIB/TFIB in the PXF for a prefix is wrong.
Conditions: This condition only occurs if the outgoing interface is a cell based interface. This might also occur under extreme stress conditions of xtag flaps/LDP flaps; or if the "cos-map" is modified in the configuration.
Workaround: When this happens, issue the clear ip route command for the affected prefix.
•
Symptoms: A call proceeding, alerting, or connect-back to the PSTN is not sent, causing a call to be disconnected due to a "Recovery on Timer Expiry."
Conditions: This symptom is observed when overlap receiving is configured on an ISDN interface and the destination is configured to forward all calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for Network Admission Control (IP admission) may crash.
Conditions: This symptom is observed when the interface access control list that is associated with the IP admission interface is modified or removed and you then clear the IP admission session entries by entering the clear eou all command or the clear ip admission cache command.
Workaround: Clear the IP admission cache entirely before modifying or removing the interface access control list.
•
Symptoms: A software-forced reload occurs when you remove the header-compression configuration from an interface.
Conditions: This symptom is observed when the following conditions are present on the interface:
–
–
Workaround: Shut down the interface during the reconfiguration.
•
Symptoms: Multicast traffic flows use default MDT instead of data MDT for some VRFs.
Conditions: This symptom is seen in a network with Cisco MGX 8850 platforms that have RPM-XF cards that run the rpmxf-p12-mz image of Cisco IOS Release 12.3 T. The Cisco MGX 8850 platforms run software release 4.0(11.201).
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for SSG may crash with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for SSG and that has PPP SSG users when there are IPCP renegotiations on an active PPP session and a new IP address is assigned to the session.
Workaround: Enter the ip address negotiated previous command on the client to prevent a new address from being assigned during the IPCP renegotiations.
•
Symptoms: A router might reload abnormally if the clear int sw1 command is executed multiple times while traffic is being passed through the switch interface.
Conditions: The RPM-XF card might reload unexpectedly while issuing the clear int sw1 commands and toggling mpls atm multi-vc on the MPLS subinterface. This happens only when these commands are executed continuously via a test script.
Workaround: There is no workaround.
•
Symptoms: A MGX-XF-UI management back card is not detected by a Cisco MGX 8850.
Conditions: This symptom is observed after a hardware upgrade to the MGX-XF-UI management back card. As a side effect of this hardware upgrade, the PXM and Cisco IOS software stop to recognize the MGX-XF-UI management back card in the chassis. When you perform an OIR, the PXM fails to generate the back card insertion trap, preventing the dspcds command from showing any back card present in the slot in which the back card is installed.
Workaround: There is no workaround.
•
Symptoms: A CPU hog condition may occur an Optimized Edge Routing (OER) Master Controller (MC) when 2500 prefixes are learned for a second time.
Conditions: This symptom is observed only when the prefixes are learned for a second time because each prefix is compared to the existing prefix.
Workaround: There is no workaround.
•
Symptoms: Priority voice packets are dropped when FTP traffic is sent to a multilink interface that is configured for NAT.
Conditions: This symptom is observed when the FTP traffic passes through a GRE/IPSec tunnel, when NAT is configured on WAN and LAN interfaces, and when the qos pre-classify command is enabled on the tunnel interface.
Workaround: There is no workaround.
•
Symptoms: Debugging a rewrite string is not easy.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) when Parallel Express Forwarding (PXF) forwarding fails while a debugging operation is performed. You may not be able to verify the string rewrite information of the PXF engine easily.
Workaround: Enter the show pxf cpu cef ip- prefix privileged EXEC command and the show pxf cpu rewrite rewrite-index privileged EXEC command to get the string rewrite information. Then, decipher the information.
•
Symptoms: When a tunnel is cleared and rebuilt, a router may delete both the old and the new DNS entries instead of only the old DNS entries.
Conditions: This symptom is observed when a Cisco 831 that is configured as an EZVPN client builds a tunnel to a Cisco VPN 3000 series concentrator.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic is not switched correctly.
Conditions: This symptom is observed on a Cisco RPM-XF that functions in an MVPN configuration with PXF enabled when the SAR reloads or when you enter the clear int sw1 command. The symptom occurs because the outgoing VCCI number for the mroute entry becomes incorrect, causing multicast traffic to be switched incorrectly.
Workaround: Reload the PXF module.
•
Symptoms: Memory fragmentation occurs when a large number of prefixes is controlled.
Conditions: This symptom is observed on a Cisco platform that functions as an OER border router.
Workaround: There is no workaround.
•
Symptoms: A Cisco IP Phone 7912 fails to download (or fails to use TFTP to download) its firmware from a Cisco CallManager Express 3.1 router
The output of the show ephone phone-load command shows the "CM-aborted-TCP" error message:
c1760#sh ephone phone-load
DeviceName CurrentPhoneload PreviousPhoneload LastReset
=====================================================================
..
SEP000F23C487D1 CP79120101SCCP030530B. CP79120101SCCP030530B. CM-aborted-TCP
..Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T and that is configured as a Cisco CallManager Express 3.1 when the following is configured:
telephony-service
load 7905 CP7905010200SCCP031023A
load 7912 CP7912010200SCCP031023A
max-ephones 30
max-dn 100
create cnf-files version-stamp 7960 Apr 05 2004 19:55:09
tftp-server flash:CP7905010200SCCP031023A.sbin
tftp-server flash:CP7912010200SCCP031023A.sbinWorkaround: Enter the load 7905 CP7912010200SCCP031023A.sbin command on the router and then reset only the Cisco IP Phone 7912. Note that the symptom does not occur in releases earlier than Release 12.3(7)T.
•
Symptoms: The "redial" softkey is not available on a Cisco IP Phone 7912G even after a call has been completed properly.
Conditions: This symptom is observed when the Cisco IP Phone 7912G is used with a Cisco 3725 that runs Cisco IOS Release 12.3(4)T4 and that is configured for SRST. Note that the symptom does not occur on a Cisco IP Phone 7960 because this phone does not connect to the router directly.
Workaround: There is no workaround. However, note that the redial key functions again after a call is made from the Cisco IP Phone 7912G and the callee does not answer the call.
•
Symptoms: A SAR on a DSL WIC may cause reduced throughput, an increase in delay, or both because the bandwidth that is configured for the VC may be corrupted.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: There is no workaround.
•
Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a gateway GPRS support node.
Workaround: Use the same method for authentication and authorization. There is no workaround for the memory leak.
•
Symptoms: The output drop counter of the show interface switch1 command is incorrect.
Conditions: This symptom is observed when PXF reloads and when the Switch1 interface has some output drops.
Workaround: There is no workaround.
•
Symptoms: A core dump may not be written to a TFTP server.
Conditions: This symptom is observed when the router crashes and attempts to write a core dump to the server and when the server is configured to only overwrite an existing file.
Workaround: Configure the server to automatically accept any new file name when a core dump occurs.
•
Symptoms: The configuration logger may log changes that were made to the running configuration by one user as if they were made by another user.
Conditions: This symptom is observed when two users are logged in via the same line and from the same IP address and occur when the very first user logs in, makes some changes to the running configuration, and logs out, and then the second user logs in, makes some changes to the running configuration, and logs out.
Workaround: There is no workaround.
•
Symptoms: A session does not come up when MSID is configured for authentication and when the service type in the Access Accept message is "outbound."
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T and that runs PDSN software release R1.2.
Workaround: Configure the service type in the RADIUS server as "Framed."
•
Symptoms: IPv6 over ISDN does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: When you perform an OIR of an STM-1 card on a Cisco AS5850, the last E1 controller (the 63rd) is not removed and some of the E1 controllers do not come up.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround. To return to normal operation, reload the Cisco AS5850.
•
Symptoms: The RPM-XF throughput is reduced when cRTP/cUDP packets are being transmitted from the RPM-XF.
Conditions: This symptom is observed when the RPM-XF is transmitting cRTP/cUDP packets. The reduction in throughput is evident only when the traffic rate of cRTP/cUDP is large and when the system is near its maximum throughput.
Workaround: Reduce the bandwidth used by cRTP/cUDP traffic either by reducing the number of cRTP interfaces provisioned on the RPM-XF or by reducing the bandwidth of the configured cRTP interfaces.
•
Symptoms: A router may reload upon deletion and reconfiguration of a policy map.
Conditions: This symptom is observed when you delete and reconfigure the policy map in quick succession on an interface.
Workaround: Allow some time between the deletion and the reconfiguration of the policy map.
•
Symptoms: When you send only a few packets over an ATM interface on which a service policy is configured, the "per dscp" counters reach extremely high and incorrect numbers (a few million or higher).
Conditions: This symptom is observed on a Cisco 800 series but may be platform-independent. Under normal working conditions, the "per dscp" counters are zero (only packets originating from the router are matched in the default queue).
Workaround: There is no workaround.
•
Symptoms: When SSG forwards accounting requests from a NAS to an AAA server and one packet is lost between SSG and the AAA server, SSG behaves improperly. SSG should update its internal Translation Table when it receives a retry packet from the NAS for the new RADIUS ID while the response from the AAA server is still pending. Furthermore, SSG should keep the state of the session in a grace period to be able to respond to retry packets of the NAS.
Conditions: This symptom is observed when the AAA server responds slow or when packet loss occurs between SSG and the AAA server.
Workaround: Enable the AAA server to respond in a timely manner, for example by configuring some form of priority queueing for the RADIUS packets in the network between SSG and the RADIUS server.
•
Symptoms: Incoming or outgoing voice calls may encounter no-way audio on some specific channels.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a PRI voice gateway and that uses DSPs of an ATM AIM to place the voice calls.
Workaround: Reboot the voice gateway.
•
Symptoms: The ciscoMemoryPoolType returns the wrong value for all memory types, except processor.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2 S, 12.3, or 12.3 T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1700 series may crash because of an address error.
Conditions: This symptom is observed on a Cisco 1700 series that runs the c1700-k9o3sy7-mz image of Cisco IOS Release 12.3(7)T and that has NBAR configured.
Workaround: There is no workaround.
•
Symptoms: Traffic that matches a priority class may be dropped for one single prefix. However, traffic that matches other classes may pass correctly.
Conditions: This symptom is observed when the MAC rewrite index that is associated with the affected prefix is 0xFFFFE. The output of the show pxf cpu cef prefix command displays the rewrite index (rw_index).
Workaround: If the outgoing interface for the affected prefix is an MPLS interface, enter the clear ip route prefix command.
•
Symptoms: A memory leak is seen in SSHv2.
Conditions: This symptom is observed when the client closes the connection after a key exchange and before user authentication occurs.
Workaround: Configure SSH1 by entering the ip ssh version 1 command.
•
Symptoms: After reloading a Cisco platform, one of the RPs may reload, or the following error message may be displayed:
%PARSER-4-BADCFG: Unexpected end of configuration file.Conditions: This symptom may be observed on any Cisco platform that is configured with dual RPs and that supports RPR+.
Workaround: There is no workaround.
•
Symptoms: A router may reload if removing the L2TP class is followed by removing the pseudowire class.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.0(28)S when both removals are done in a very short time via an auto test script and when the L2TP sessions are already established. This is a timing related issue. The symptom could also occur in other releases.
Workaround: Wait at least 1 second before you remove the pseudowire class.
•
Symptoms: If an outgoing Invite message is authenticated by a proxy at the end of a call, and if the caller disconnects before the callee disconnects, the gateway does not send a BYE message (although the call is properly disconnected).
Conditions: This symptom is observed when the initial Invite message from the gateway is authenticated by a proxy or server and the authentication credentials are configured on the POTS dial peer and not globally via the sip-ua command.
Workaround: Use a global authentication configuration via the sip-ua command.
•
Symptoms: An AGM crashes on bootup.
Conditions: This symptom is observed when the AGM runs the c4gwy-isx3-mz image of Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: Two routers that are connected via an IPSec tunnel may crash.
Conditions: This symptom is observed when you shut down the tunnel interface on one of the routers.
Workaround: There is no workaround.
•
Symptoms: A call comes in from a PSTN phone to a Cisco CallManager that routes the call to a route list that is answered by an IP phone. The IP phone user hits the transfer button once and dials another IP phone. Once the transfer button is pressed a second time, the PSTN caller hears a reorder tone. All devices are within the same region and are using G.711 codec.
Conditions: This symptom is observed with a Cisco IOS gateway running Cisco IOS Release 12.3(7)T and CallManager 4.0.1sr1.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access occurs.
Conditions: This symptom is observed when you use a DHCP configuration on a Cisco 7200 series that runs Cisco IOS Release 12.3(8)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload with a software-forced crash and display the following error message:
%SYS-2-FREEFREE: Attempted to free unassigned memoryConditions: This symptom is observed when NBAR and NAT are configured.
Workaround: Change the port mapping for RTSP by entering the ip nbar port rtsp tcp 65535 command to enable standard RTSP packets to be ignored by NBAR and not translated by NAT.
•
Symptoms: A Cisco 1700 series router running Cisco IOS Release 12.3(7)T exhibits an error: it cannot recognize a .vxml extension.
Conditions: This symptom occurs with ipvoice, entservicesk9, and spservicesk9 images.
Workaround: Use a "v8" voice image such as sv8y7, k9o3sv8y7, etc.
•
Symptoms: The show policy-map interface multilink interface-number output command shows incorrect counts for the DSCP value tabulation at the end of the command output when RTP header compression is enabled under the multilink interface.
Conditions: The incorrect counts are shown with the command only when RTP header compression is enabled. This is only a display issue. However, a missing functionality in the code (support for DSCP-based WRED with CRTP enabled) will affect traffic.
Workaround: There is no workaround.
•
Symptoms: There a various symptoms:
–
–
–
These symptoms are independent of the DSP version and signaling used.
Conditions: These symptoms occur with multichannel calls. Usually, the digits are lost followed by a DSP crash.
Workaround: Recreate the voice port or reload the router to restore proper operation.
•
Symptoms: Passive monitoring does not collect statistics for Optimized Edge Routing (OER)-monitored prefixes that do not have an exact match in the routing table on the OER Border Routers (BRs).
With the following configuration on the OER Master Controller (MC), the OER Top Talker (TT) on the BR learns by default prefixes of mask length 24:
–
(config-oer-mc)#mode monitor passive
–
(config-oer-mc-learn)#aggregation-type prefix-length
Before the OER MC controls these prefixes, the OER MC sends them to the BR for monitoring. The passive monitoring component on the BR is not able to collect any statistics for the prefixes that do not have /24 route in the routing table. This situation prevents any performance statistics from being send to the OER MC and these prefixes from being controlled. These symptoms also occur for configured prefixes that are not present in the routing table.
Conditions: These symptoms are observed on a Cisco OER MC Engine that runs Cisco IOS Release 12.3T.
Workarounds for learned prefixes:
–
(config-oer-mc-learn)#aggregation-type prefix-length 8
On the BR, TT learns the prefixes that have a mask length of either 8 or for which the mask length is found in the routing table, whichever is the greatest. This results in control of the prefixes that have a mask length that is greater than or equal to 8 in the routing table. The side effect is that prefix splitting is not possible.
–
(config-oer-mc-learn)#aggregate-type bgp
Doing so results in control of all prefixes for which BGP installs the routes in the BR routing table.
–
(config-oer-mc-learn)#aggregate-type non-bgp
Doing so results in control of all prefixes for which protocols other than BGP install the routes in the BR routing table.
Workaround for configured prefixes: Prefixes that are configured on the OER MC should be present in the BR routing tables. The symptom does not occur when the OER MC controls non-exact prefixes of mask lengths that are less than or equal to 32.
•
Symptoms: A Cisco router that runs GGSN Release 4.0 may reload when sessions are deleted from the GTP side.
Conditions: This symptom is observed when bidirectional traffic is sent on some PPP regeneration PDP contexts.
Workaround: Stop the traffic before the PDP context removal or clear the PPP regeneration session from the Gi side, that is, clear the corresponding hardware IDB.
•
Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected.
Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
Refer to the Security Advisory at the following URL for more details
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml
•
Symptoms: Internet Group Management Protocol (IGMP) snooping does not function with a 4- or 9-port Cisco EtherSwitch high-speed WAN interface card (HWIC) and an EtherSwitch (ESW) network module that are stacked.
Conditions: This symptom is observed on a Cisco 3800 series but is not platform-specific.
Workaround: There is no workaround.
•
Symptoms: RADIUS accounting start and stop records do not match for the NAS port attribute for SSG connection records for PPP users. The RADIUS accounting stop record for the NAS port attribute is a number in the range of 60000+n.
Conditions: This symptom is observed on a Cisco platform that runs SSG.
Workaround: Use the Cisco NAS port attribute.
•
Symptoms: In a router-on-a-stick configuration with a VPN server, the packet output to the VPN client is lost when encryption is used.
Conditions: This symptom is observed irrespective of whether hardware or software encryption is used.
Workaround: There is no workaround.
•
Symptoms: More than one IDS action causes a transition parse failure when you switch from the ip audit name audit-name command that includes the action keyword (and an action) to the new ip ips name ips-name command that was introduced in Cisco IOS Release 12.3(8)T.
In the following examples, the parser fails to process more than one audit action:
ip audit name <audit-name> info action alarm drop reset
^
% Invalid input detected at '^' marker.
ip audit name <audit-name> attack action alarm drop reset
^
% Invalid input detected at '^' marker.
%IPS Rule name <audit-name> is not definedWhen multiple actions are specified in the ip audit name audit-name command (that is, in the old IDS version) and you switch to the ip ips name command, there is a parse error that causes the ip ips name ips-name command to disappear from the configuration.
Conditions: This symptom is observed when the IDS version has a CLI that has been upgraded from the ip audit name audit-name command to ip ips ips-name command.
Workaround: Remove the multiple actions from the command. For example, the ip audit name audit-name info action alarm drop reset command becomes the ip ips name ips-name command.
See the documentation for Cisco IOS Release 12.3(8)T about details of specifying the action keyword with the new IDS functionality that was introduced in Cisco IOS Release 12.3(8)T.
•
Symptoms: Users may hear a crackling sound on inbound audio from the POTS leg of a call when using a VIC2-2FXO or VIC2-4FXO voice interface card in a Cisco 1751-V or 1760-V voice gateway.
Conditions: This symptom is observed when the c1751-V and c1760-V voice gateway also have a Voice/WAN interface card (VWIC) installed that is used for WAN connectivity via a serial channel-group interface. The symptom may also occur when the VWIC is used for voice termination or for TDM Drop & Insert functions, but the most commonly seen scenario is for use as a WAN connection.
Workaround: If the VWIC is used for WAN termination only, a WIC-1DSU-T1 card can be substituted to prevent the audio problems from occurring. If the VWIC is used for voice termination or for TDM Drop & Insert functions, there is no workaround.
•
Symptoms: When you suspend and resume the event manager scheduler and an applet tries to register, the registration fails with an error from the operating system.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S. However, the symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS H.323 gateway may experience high CPU utilization at the interrupt level, and a large number of alignment errors may be observed.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(7)T1, that functions as a gateway, and that connects on one side via a T1 PRI to the PSTN and on the other side via H.323 to a gatekeeper cluster. The gatekeepers run Cisco IOS Release 12.2(15)T11.
Workaround: There is no workaround.
•
Symptoms: Acknowledgements coming from a WIC may be lost, and the transmission may lock up. The missing acknowledgements may be recovered if the number of acknowledgements is more than one.
Conditions: This symptom is observed on a Cisco 2600 series that is configured with an ADSL or G.SHDSL WIC.
Workaround: If the transmission locks up, reset the interface. However, you can prevent the lock up from occurring by entering the tx-ring-limit ring- limit command on the PVC and by entering 24, 6, 5, or 2 for the ring- limit argument.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Conditions 1: This symptom is observed when the port-bundle host key feature is enabled on the SSG and when a PPP SSG user logs out and tries to log in again from an SESM.
Workaround 1: Restart the PPP session and to enable the user to log into services. Disable the port-map host key feature to enable a user to log in again from an SESM.
2.
Condition 2: This symptom is observed when an SSG user tries to log in with a valid user name and an incorrect password.
Workaround 2: There is no workaround.
3.
Condition 3: This symptom is observed when you unbind in a specific sequence the downlink interface after you have applied an ACL to an uplink interface.
Workaround 3: There is no workaround.
•
Symptoms: software forced crash dump is observed
Conditions: While configuring class and policy maps with no other additional config, RPMXF router.
Workaround: do not use policy map
•
Symptoms: A DSP download failure followed by a traceback occurs on a Cisco voice gateway.
Conditions: This symptom is observed when you attempt to configure the maximum number (100) of conference sessions with a TI 5510 DSP that is installed in an NM-HDV2 and when the DSPs on the motherboard of the router are populated.
Workaround: Configure less sessions than the maximum number, for example 90 or 95 sessions.
•
Symptoms: Packets that are sent by the Cisco AS5850 are corrupted.
Conditions: This symptom is observed on calls that are originated from the Cisco AS5850 if VLAN is configured and will cause the Cisco AS5850 to corrupt the packets sent by the Cisco AS5850.
Workaround: Do not configure VLANs if the Cisco AS5850 is originating the calls.
•
Symptoms: eBGP does not load balance traffic.
Conditions: This symptom is observed when iBGP is followed by the eBGP load balancing for the traffic using PXF.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco platform that is configured for SIP.
Conditions: This symptom is observed only when SIP debug filtering is enabled.
Workaround: Do not enable SIP debug filtering.
•
Symptoms: When a gateway switches the codec from a high bandwidth codec such as g711u to a low bandwidth codec such as g729, the gateway may drop the call.
Conditions: This symptom is observed when the gateway is registered with a gatekeeper, when the gateway sends a BRQ to the gatekeeper, and when the gateway receives a BCF from the gatekeeper.
Workaround: Prevent the gateway from sending a BRQ by entering the following commands:
voice service voip
h323
no ras brq
•
Symptoms: A busy tone is not heard when calling from IP to PSTN on E1R2.
Conditions: When calling from IP to PSTN that is connected through E1R2 on a Cisco AS5850, the user does not hear the busy tone when the called phone is busy. When the phone that is called is not busy, a ringback is heard, and the call is completed.
Workaround: There is no workaround.
•
Symptoms: A voice gateway that is configured for VoiceXML may crash.
Conditions: This symptom is observed on a Cisco voice gateway when the SIP Header/URL Support and Subscribe/Notify for External Triggers feature uses VoiceXML scripts.
Workaround: There is no workaround.
•
Symptoms: A Cisco GGSN that runs Release 4.0 may reload.
Conditions: This symptom is observed when you display PDP context by entering the show gprs gtp pdp tid command and when at the same time PDP context is deleted.
Workaround: There is no workaround.
•
Symptoms: A direct route status is reset to the default (off) after a router is reloaded.
Conditions: This symptom is observed after you enable preferred route and direct route on the router and you reload the router. After the router boots, direct route is disabled.
Workaround: Re-enable direct route under the PVC switch connection.
•
Symptoms: When the timeout thist 2 command is enabled on a gateway (GW), the disconnect process is not started by the GW after two seconds from the start of the transmission of the MGCP message from the GW to the CA. This situation prevents an endpoint that is in the disconnected state from re-establishing connectivity through the disconnect process.
Conditions: This symptom is observed when the CA does not respond to the MGCP messages from the GW and when the endpoint of the GW is in the disconnected state.
Workaround: There is no workaround.
•
Symptoms: A router crashes with a SegV exception when encryption and RBSC are combined.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T1 when the tunnel mode is RBSCP and when a crypto map is applied to the physical interface (that is, the tunnel source).
Workaround: Disable RBSCP when you use IPSec.
•
Symptoms: A GGSN reloads when it receives a new create request while it attempts to clear PDPs when a DHCP renew request failure occurs.
Conditions: This symptom is observed only when the DHCP server goes down or when the DHCP server slow down.
Workaround: There is no workaround.
•
Symptoms: Re-using a TEID too soon causes new calls to be deleted immediately.
Conditions: This symptom is observed on a Cisco router that is configured for General Packet Radio Service (GPRS) and that runs GGSN Release 4.0 when the following conditions occur:
–
–
The calls come from many different SGSNs.
Workaround: There is no workaround.
•
Symptoms: The policy-map output PKT counters and WRED output counters do not match when CRTP is on a multilink interface. In addition, the toaster dequeue count is also incorrect.
Conditions: This symptom is observed when CRTP is enabled on a multilink interface.
Workaround: There is no workaround.
•
Symptoms: After a router has booted, an ADSL or G.SHDSL interface may not pass traffic.
Conditions: This symptom is observed on a Cisco IAD2430 series that runs Cisco IOS Release 12.3(8)T and that is configured with an S.HDSL or ADSL WIC.
Workaround: Enter the shutdown command followed by the no shutdown command on ATM interface of the WIC.
•
Symptoms: An onramp fax call or T.38 fax relay may fail during processing on a NextPort card.
Conditions: This symptom is observed on A Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(9.3)T and that function as a NAS.
Workaround: There is no workaround.
•
Symptoms: An extensible authentication protocol-subscriber identity module (EAP-SIM) user cannot log off and reconnect when PBHK is enabled.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG Host Key when an EAP-SIM user logs off and refreshes his browser.
Workaround: There is no workaround.
•
Symptoms: An active RSC may crash when you enter the redundancy handover peer-resources command.
Conditions: This symptom is observed when a Cisco AS5850 runs in handover split mode and one RSC is in an extra-load mode.
Workaround: Enter the redundancy handover peer-resources command when there are no active calls on any resources that must to be handed over.
•
Symptoms: Packets that are received on an SVI interface and that go through the router over a GRE/IPSec tunnel may be dropped when CEF switching is configured.
Conditions: This symptom is observed on a Cisco 1711 and Cisco 1712 that have a fixed WIC-4ESW WIC and that run Cisco IOS Release 12.3(7)T.
Workarounds: Disable CEF switching or remove the crypto map from the interface tunnel and apply it again.
•
Symptoms: The following message may be generated repeatedly and the output queue of the Ethernet 0 interface may become stuck:
%LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Ethernet0Conditions: This symptom is observed on a Cisco 836 that runs Cisco IOS Release 12.3(2)XC or 12.3(7)T1 and that is configured for L2TP. The symptom is related to L2TP.
Temporary Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: IPSec negotiation fails when you attempt to create an IPSec tunnel with a crypto map. The output of the debug crypto ipsec command shows the following errors:
map_db_find_best did not find matching map IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address x.x.x.xConditions: This symptom is observed when the crypto map has an ACL with multiple entries and when the entry that matches the policy is not the first entry.
Workaround: Configure the crypto maps so that each crypto map has an ACL with a single entry.
•
Symptoms: A router may crash when you enter the show crypto map command.
Conditions: This symptom is observed rarely on a Cisco router that runs Cisco IOS Release 12.3(8)T.
Workaround: There is no workaround.
•
Symptoms: Existing policy attributes such as an ACL and a URL are not removed when they should be removed.
Conditions: This symptom is observed when revalidation of an EAPoUDP session fails.
Workaround: There is no workaround.
•
Symptoms: TACACS+ does not function, the TCP to the server is not established, and TACACS+ debugs are not displayed (only AAA debugs are displayed).
Conditions: These symptoms are observed on a Cisco VG200 but may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: An RP crashes after you remove the event manager applet.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(26)S or a later 12.0 S release when an EEM policy is removed from the configuration by entering the no event manager applet applet-name command while actions within the EEM policy are being executed. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may fail to load Channel Interface Processor (CIP) microcode.
Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS software image that includes the fix CSCin48638. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCin48638. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Remove the CIP or insert another CIP in the router.
•
Symptoms: A Cisco 7200 VXR router that simulates an L2TP access concentrator (LAC) may crash because of a memory leak in the SSS Manager process while handling PPPoA/L2TP and PPPoEoA/L2TP calls.
Conditions: This symptom is observed when you simulate some kind of DoS attack by generating a high number of PPPoEoA calls with the correct domain name but incorrect user names.
Workaround: There is no workaround.
•
Symptoms: The end-to-end delay between two platforms increases beyond what is normally expected.
Conditions: This symptom is observed on after a circuit emulation link goes down and comes back up.
Workaround: Enter the shutdown command followed by the no shutdown command on the circuit emulation link.
•
Symptoms: A Cisco AS5850 may reload due to a memory leak in the "TCL APP1" process.
Conditions: This symptom occurs when the router is configured to use TBCT TCL scripts that do not release the call leg resources when a TBCT call fails.
Workaround: There is no workaround.
•
Symptoms: Mid-call INVITEs that are initiated by a third party user agent server (UAS) may fail on the Cisco GW (UAC).
Conditions: The tag parameter in the From or To header of the INVITE message may be preceded with one or more leading white spaces.
Workaround: There is no workaround.
•
Symptoms: A router crashes when an IVR application is started via the call application session start command.
Conditions: This symptom is observed when the IVR application is first loaded via the call application voice load command.
Workaround: There is no workaround.
•
Symptoms: Network Admission Control (NAC) may not statically authenticate a Cisco IP phone.
Conditions: This symptom is observed on a Cisco platform when NAC is configured to identify a Cisco IP phone via CDP.
Workaround: Use static authentication that is based on MAC addresses.
•
Symptoms: The following message along with a traceback is seen on an RPM-XF in an MPLS-VPN network:
Assertion failure in ../toaster/rpmxf-rp/rpmxf_mpls.cConditions: The symptom is observed when VRF routes are recursive loadshared routes on the PE router. Some of the triggers that may cause the symptom are:
–
–
–
Workaround: Remove the dual IGP paths so that there are no recursive loadshared VRF routes. Enter the logging rate-limit all 1 except notifications command to reduce the number of assert messages that are logged.
•
Symptoms: Conferences that are hosted via a DSP may unexpectedly cease to function. The problem manifests itself in the timestamps of RTP streams. The statistics for the jitter buffers that terminate the RTP streams indicate abnormalities such as excessive jitter or discarded packets.
Conditions: This symptom is observed when the first conference (conference ID = 1) of a DSP is closed. The 32-bit RTP timestamps freeze for all RTP streams of the remaining conferences. When the first conference is reopened, the timestamps resume updating and any conferences that are still open resume operating normally.
Workaround: Open and then never close the first conference of a DSP.
•
Symptoms: The registration of Cisco router that functions as a gateway may swap from one backup Cisco CallManager (CCM) to another backup CCM after a switchover has occurred.
Conditions: This symptom is observed when the Cisco router functions as an MGCP gateway and when the primary CCM of a CCM cluster that also includes two backup CCMs stops functioning.
Workaround: There is no workaround.
•
Symptoms: Prefixes fail TFIB verification tests, that is, the output of the show pxf cpu tfib command reports error incorrectly. Also, a CPUHOG conditions may be observed in certain conditions.
Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.3(2)T6. The problem occurs if there is an eiBGP multipath for any given prefix. A CPUHOG condition occurs only if there is recursive loadsharing for the iBGP path in addition to eiBGP multipath.
Workaround: There is no workaround.
•
Symptoms: Conversion from H.323 H.245 alphanumeric characters to RFC-2833 DTMF may fail.
Conditions: This symptom is observed when the Cisco Multiservice IP-to-IP Gateway (IPIPGW) feature is enabled.
Workaround: There is no workaround.
•
Symptoms: After a calling party gets transferred, the calling party continues to hear ringback even after the destination answers.
Conditions: This symptom occurs when the transferrer does a consultation transfer at alert with the calling party. The transferred-to destination does not answer but has call forward no-answer configured to another destination (i.e. voice mail). When CFNA activates the forward, the destination (i.e. voice mail) answers, but the calling party continues to hear alerting.
Workaround: There is no workaround.
•
Symptoms: Traffic shaping fails in the presence of an ISA crypto accelerator card.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(8)T and that is configured with a VPN card (ISA) when generic traffic shaping is enabled by entering the traffic-shape group command.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for RTP header compression may crash with a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T or a later release, or Release 12.2 S.
Workaround: Disable RTP header compression.
•
Symptoms: An H.450-2 call transfer from a Cisco gateway to another Cisco platform may not go through.
Conditions: This symptom is observed on a Cisco gateway that runs a Cisco IOS software image that contains the fix for CSCin74482, which addresses improper encoding of the H.450 callIdentity field. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl bugid=CSCin74482. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: Memory corruption may occur when you enter the directory entry clear telephony-service configuration command.
Conditions: This symptom is observed when the directory entry clear telephony-service configuration command clears a preconfigured directory entry but the pointer is not removed. When the freed memory is allocated and written by some other process and when the directory entry clear telephony-service configuration command is reconfigured, a traverse through the directory link list could cause a bus error because the pointer could point to anything, including a non-RAM memory address.
Workaround: Do not enter the directory entry clear telephony-service configuration command to clear entries. Rather, enter the no directory entry command to remove the entries individually.
•
Symptoms: A Cisco router may reload when you configure the authentication proxy on the router while Network Admission Control is already running.
Conditions: This symptom is observed on a Cisco 831 but may be platform-independent.
Workaround: Enter the no ip admission auth-proxy-name command followed by the ip admission auth-proxy-name command.
•
Symptoms: MGCP endpoints do not properly reregister to a Cisco CallManager after a DSP crash occurs.
Conditions: This symptom is observed on a Cisco 2651XM and Cisco 3660 that are configured with an NM-HD-2V although the symptom may not be limited to these platforms or network module.
Workaround: If the DSPs are in a normal state, the MGCP registration can be reestablished by entering the shutdown command followed by the no shutdown command on the voice port that requires reregistration.
•
Symptoms: A Cisco router that is configured as a spoke in a DMVPN hub-spoke network shows tracebacks.
Conditions: This symptom is observed when Auth-proxy authentication is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured as a spoke in a hub-spoke network shows tracebacks.
Conditions: This symptom is observed when IPSec is configured, when a feature that uses NBAR is configured (for example, a firewall or IDS), and when packets are switched via CEF or fast-switching.
Workaround: There is no workaround.
•
Symptoms: SSG VPDN services and normal VPDN tunnels may not function together in some configurations.
Conditions: This symptom is observed when SSG is configured and when VPDN parameters are locally provisioned but VPDN tunnels are not established between the LAC and the LNS.
Workaround: Enter the aaa authorization network default group radius command.
•
Symptoms: The From header field and the To header field for non third-party registration requests are not identical.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(8)T or 12.3(8)T1.
Workaround: There is no workaround.
Further Problem Description: RFC 3261, section 10.2, states the following: From: The From header field contains the address-of-record of the person responsible for the registration. The value is the same as the To header field unless the request is a third-party registration.
•
Symptoms: A spoke in a DMVPN network drops its IPSec tunnels after some time.
Conditions: This symptom is observed after one to two days of proper operation.
Workaround: Enter the shutdown command followed by the no shutdown command on the IPSec tunnel interface.
•
Symptoms: When the ip auth-proxy command is enabled, a dynamic user access control list (ACL) is not added to the existing ACL on an interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8)T.
Workaround: There is no workaround.
•
Symptoms: A "CEIPNM-2-WATCHDOG" error may be displayed.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(8)T1 and that is configured with an NM-CEM-4TE1 and an NM-1GE when the NM-1GE is used as the middle IP connection.
Workaround: Use the FE interface for the middle IP connection.
•
Symptoms: A platform that is configured for voice calls may crash or generate a traceback.
Conditions: This symptom is observed on a Cisco platform when RTSP play/record is used in an IVR application and occurs usually when multiple calls are placed.
Workaround: There is no workaround.
•
Symptoms: Even when policy-based routing is configured on the interface, a router that boots may still reject the ip vrf receive command with the following error message:
% Need to enable Policy Based Routing on the interface firstConditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T and that is configured for VRF selection when the router boots after having been reloaded.
Workaround: Reapply the ip vrf receive command.
•
Symptoms: A router that is configured for SSS may crash with a memory corruption error.
Conditions: This symptom is observed on a router that functions as a VPDN LAC.
Workaround: There is no workaround.
•
Symptoms: An RSC may crash when you enter the redundancy handover peer-resources command on the active RSC to handover the resources to the standby RSC.
Conditions: This symptom is observed on a Cisco AS5850 that functions in handover split mode when file copy, delete, or format operations are in progress.
Workaround: Do not handover resources when file copy, delete, or format operations are in progress.
•
Symptoms: An MGCP gateway (GW) does not send a DLCX message with the proper reason code (E:) when an RTP loss occurs because the Ethernet interface through which the RTP transfer occurs on the GW is shut down.
Because the GW does not notify the CA about the RTP loss via a DLCX message with the proper reason code, the CA continues to send MGCP messages to the GW and vice versa in a normal way. However, these MGCP messages do not reach the GW or CA because the Ethernet interface on the GW is shut down, preventing the deletion of existing connections on the GW.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP GW and that has a single interface to the CA and terminating GW.
Workaround: Delete the connections on the MGCP GW manually through MGCP CLIs.
•
Symptoms: An IKE policy configured for 3DES is saved in NVRAM as DES.
Conditions: This symptom is observed when you enter the following sequence of commands:
router(config)#crypto isakmp policy 10
router(config-isakmp)#encr 3des
router(config-isakmp)#exit
router#show running
...
crypto isakmp policy 10Note that no encryption algorithm is listed for policy 10, which causes the policy to default to DES.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a voice gateway.
Conditions: This symptom is observed on a Cisco platform that functions as a voice gateway and that is configured with an analog WIC that is installed in a network module.
Workaround: There is no workaround.
•
Symptoms: A memory leak occurs on a Cisco 1760 that functions as a CCME and that is configured with 24 IP phones.
Conditions: This symptom is observed when you run test in which you make calls between the IP phones that are registered to the CCME and calls to PSTN phones, and when you use calling features such as third-party conference calls, call forward, call hold, and call transfer. Each time the test completes, the amount of available free memory decreases with 1-to-4 Mb. This lost memory is not recovered even after all IP phones are deregistered and the CCME sits idle.
Workaround: There is no workaround.
•
Symptoms: An IP authentication proxy dynamic user access control list (ACL) may not be added to an interface ACL.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8)T. Note that the symptom does not occur in Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: If a remote device uses a UDP port other than 500 as the source port for IKE negotiations, a Cisco platform does not correctly handle IKE negotiations during SPI recovery. SPI recovery works only if the remote device also uses UDP 500 as the source port for IKE negotiations. The problem seems to be that the Cisco platform does not send a QM_IDLE message.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(8)T.
Workaround: Use UDP port 500 on both sides for IKE negotiations.
•
Symptoms: An HSRP tracking configuration is not accepted when you re-enter the configuration after you first deleted it.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.3T.
Workaround: Configure interface tracking by entering the track 100 interface e2/3 line-protocol command. Then, set the HSRP group to track the tracking object number by entering the standby 1 track 100 command.
•
Symptoms: A voice port may stop providing a dial tone and hang, and the following messages appear in the logs:
v4vip_send_cmd:No space in INBOX:free_space(0), cmd_length(3) for dev 0!!! v4vip_active_lo:fail to send SOP RTR cmd for port=0Conditions: This symptom is observed on a Cisco IAD2430 series.
Workaround: Reload the router.
•
Symptoms: The output of the show interfaces command for a Cisco RPM-XF Gigabit Ethernet (GE) interface shows "unknown media type."
Conditions: This symptom is observed on a Cisco RPM-XF only when a copper GBIC SFP is inserted into the GE interface.
Workaround: There is no workaround.
•
Symptoms: When several "ip sdf locations" configuration statements on a Cisco IOS IPS device are unconfigured and reconfigured in a new order, the new order does not take effect.
Conditions: This symptom happens specifically when signatures have actually been loaded from one of the configured locations.
Workaround: There is no workaround.
•
Symptoms: A Route Processor Module-XF (RPM-XF) stops passing traffic after a eBGP session to a connected CE router flaps.
Conditions: This symptom is observed in an MPLS VPN network when all of the following conditions are present:
–
–
–
Workaround: Configure a static VRF route for the subnet that is defined on the interface that connects the CE router and the PE router. Configure the next hop interface for the static route as
"Null0" by entering the ip route vrf vrf-name prefix mask interface interface-number distance command with the following arguments:–
–
–
–
Enabling the redistribute connected command under the BGP configuration on the CE router may reduce the probability of the symptom occurring. When the symptom has occurred, you can recover from the symptom by entering the clear ip route vrf vrf-name 0.0.0.0 0.0.0.0 command on the affected RPM-XF.
•
Symptoms: Multicast packets are not correctly classified by an input Quality of Service (QoS) policy, which causes police, set, and other QoS actions to fail on the multicast packets.
Conditions: This symptom is observed on a Cisco RPM-XF when an input QoS policy is configured on an interface.
Workaround: There is no workaround.
•
Symptoms: Transcoding sessions are held up when you use transcoding with a CME.
Conditions: This symptom is observed on a Cisco platform when a transcoding resource is registered with a CME that runs Release 3.2 and when calls are made.
Workaround: Reload the CME.
•
Symptoms: The active router in an IPSec stateful failover pair may crash.
Conditions: This symptom is observed when the active router and the standby router run Cisco IOS Release 12.3(11)T and when the standby router requests a complete resynchronization of all IPSec state information from the active router, which occurs under the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptoms: The standby router in an IPSec stateful failover configuration does not have any standby IPSec SAs even though the active router has active IPSec SAs that should have been synchronized to the standby router. The output of the show crypto ipsec sa command shows the IPSec SAs on both the active and standby routers.
Conditions: This symptom is observed when the active router has more than one crypto map configured and these crypto maps use the same local virtual IP address. At least one of these crypto maps has IPSec stateful failover turned on and at least one of these crypto maps has IPSec stateful failover turned off. Stateful failover is enabled by entering the redundancy stateful command.
The most typical way of encountering this configuration is when a crypto map with stateful failover is applied to a physical interface and when a tunnel interface is configured either with a crypto map or with tunnel protection.
Workaround: Any of the following workarounds should work:
–
–
Further information: When you enable the debug crypto ipsec ha command on the active router and the following error message is generated, the symptom has occurred:
IPSec HA (crypto_ha_ipsec_notify_add_sa): Stateful HA with valid group un- available for this sadb•
Symptoms: DTMF recognition via an external ASR server on an IP call leg using OOB DTMF relay does not function. (The digits do not reach the server).
Conditions: This symptom is observed during the recognition when an HTTP or TFTP prompt that is already loaded is used or when a TTS prompt from a different server than the ASR server is used. The DTMF relay that is configured on the IP dial peer is not in the RTP-NTE format.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 1760 that is configured for IP Voice and that uses a PVDM-256k-20 as a transcoding resource, if you configure 10 as the maximum number of sessions, the DSP farm remains down.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(8)T3.
Workaround: Configure 8 as the maximum number of sessions or add an additional PVDM-256k-20 and configure 12 as the maximum number of sessions.
•
Symptoms: QoS features such as traffic shaping may not work correctly when QoS preclassification is configured over an IPSec tunnel.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(8)T or a later release and that is configured with a hardware encryption VPN module.
Workaround: Use software encryption.
•
Symptoms: IPSec stateful failover does not work correctly for IPSec tunnel protection. IKE and IPSec SAs for tunnel protection interfaces are not synchronized to the standby router. Stateful redundancy is not applied to the tunnel protection crypto maps. This situation can be observed by the lack of "Redundancy Settings" on a tunnel protection crypto map in the output of the show crypto map command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS interim release for Release 12.3(11)T (however, note that this caveat is resolved in Release 12.3(11)T) when the following conditions occur:
–
–
Workaround: There is no workaround.
•
Symptoms: An MFR interface that is configured on either an MC-4T+, MC-8TE1+, MC-STM1, or MC-2T3+ may enter up/down state.
Conditions: This symptom is observed when one of the member links of the MFR interface goes down while there is continuous bidirectional 64-byte traffic that uses less than half the bandwidth. The symptom occurs within 20 minutes after the traffic flow has started.
Workaround: Enter the shutdown command followed by the no shutdown command on the MFR interface.
Alternate Workaround: Reconfigure the MFR interface.
•
Symptoms: SSG crashes when permanent TCP redirection is configured after a captive portal has already sent a message to SSG that a user has web proxy settings.
Conditions: This symptom is observed when users with web proxy settings are redirected to a captive portal before permanent redirection is configured on a Cisco platform that runs SSG and when the SSG TCP redirection configuration is disabled during that time.
Workaround: Do not unconfigure SSG TCP redirection when there are active users.
•
Symptoms: A Cisco platform may reload unexpectedly when a SIP-based call is processed.
Conditions: This symptom is observed on a Cisco platform that runs VXML and Tcl applications.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for IP Header Compression (IPHC), may discard packets or unexpectedly reload following an I/O pool memory corruption.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T and occurs only when PPP Protocol Field Compression (PFC) and Address and Control Field Compression (ACFC) are also negotiated along with IPHC.
Workaround: Enter the ppp pfc remote reject and ppp acfc remote reject commands to disable (reject) the negotiation of PFC and ACFC. Alternatively, enter the no ip tcp header-compression to disable IPHC.
•
Symptoms: A nas-port attribute of an accounting record points to an SESM interface rather than to the interface of the host.
Conditions: This symptom occurs under rare race conditions where there are host route changes at the time of the host logon.
Workaround: There is no workaround.
•
Symptoms: An ATM interface fails to come up and constantly (in 5-second intervals) shows the following error message:
%DSLSAR-1-NO_SCC_CLK_ERR: ATM0/0: Interface is DOWN because the sum of the clock rate values for both the WICs in slots 0 and 1 exceeded maximum capacity. Please configure clock rates using clock rate command in interface mode such that the sum of clock rate on both the WICs does not exceed 196614 bps. For a DSL wic, please include aal5 and aal2 clock rate values while calculating the total.Conditions: This symptom is observed on a Cisco IAD2430 series that is configured with an ADSL WIC.
Workaround: There is no workaround.
•
Symptoms: An SSG crashes when you enter the show ssg interface command.
Conditions: This symptom is observed when a service that is bound to an interface has a service name that consists of more than 44 characters.
Workaround: Use services whose service names are shorter than 44 characters.
•
Symptoms: A high latency may occur for EAPoUDP/EAP messages, causing timeouts.
Conditions: This symptom is observed on a Cisco router when the CPU utilization is high.
Workaround: There is no workaround.
•
Symptoms: When access list control entries (ACEs) are downloaded from an Access Control Server (ACS) that is configured for AAA, the posture validation process always applies the ACE as "IP" even when the ACE has another protocol such as like "UDP" or "TCP". In addition, any port or port range that is specified in the ACS ACEs are ignored.
Conditions: These symptoms are observed on a Cisco router that downloads ACLs from an ACS for network admission control.
Workaround: There is no workaround.
•
Symptoms: SSG that is configured with a web proxy setting may hang during traffic redirection for a unauthenticated user.
Conditions: This symptom is observed on a Cisco platform that runs SSG under normal conditions that require a web proxy setting and that has the ssg tcp-redirect command is enabled.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco router that has the identity profile eapoudp and identity policy policy-name commands enabled.
Conditions: This symptom is observed when a host matches an entry in the exception list that has a policy associated with it.
Workaround: Perform the following two steps:
1.
2.
•
Symptoms: The memory in use may increase over time.
Conditions: This symptom is observed on a Cisco router that has active SSG tunnel services and users that are logging into and logging off the tunnel services.
Workaround: There is no workaround.
•
Symptoms: Connection interim accounting records are not send at the exact configured intervals.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG and that runs a Cisco IOS software image that includes the fix for CSCin72146. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCin72146. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: SSG crashes when overlapping users log on to the same proxy service.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG RADIUS proxy when overlapping users log on to the same proxy service.
Workaround: There is no workaround.
•
Symptoms: EZVPN crashes while reconnecting.
Conditions: This symptom is observed when EZVPN is in auto mode, is configured for split tunneling, and attempts to reconnect after the EZVPN connection went down because of IPSec SA expiration.
Workaround: Use manual mode or disable split tunneling.
•
Symptoms: Tracebacks may be generated during the configuration of the MGCP service type.
Conditions: This symptom is observed on a Cisco 3700 series. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash during startup with the following message:
SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE! %Software-forced reloadConditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS interim Release 12.3(9.8)T but may also occur on a Cisco 3600 series and Cisco 3700 series.
Workaround: There is no workaround.
Further Problem Description: The "INSUFFICIENT MEMORY" message at startup occurs because of an error in the ESWILP subsystem that attempts to allocate a large amount of memory and is not a suggestion to increase memory.
•
Symptoms: Downloading the contents of a named ACL from an ACS may pose a vulnerability to a network because an intruder may use the ACL name as the user name in PAP authentication.
Conditions: This symptom is observed on a Cisco platform that is configured for EAPoUDP.
Workaround: There is no workaround.
•
Symptoms: SESM account switching fails for a user.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG when a second user logs in through SESM.
Workaround: There is no workaround.
•
Symptoms: After the idle timeout expires, SSG does not send a reauthorization request to the AAA server.
Conditions: This symptom is observed with a quota of zero and an idle timeout that is larger than zero.
Workaround: There is no workaround.
•
Symptoms: An ACL that is applied to a packet that is received over a tunnel does not work.
Conditions: This symptom is observed when the ipv6 inspect command is enabled on a 6to4 tunnel.
Workaround: There is no workaround.
•
Symptoms: The following error message and traceback may be reported when distributed CEF is disabled:
%SYS-2-INTSCHED: 'idle' at level 2
-Process= "Exec", ipl= 2, pid= 3
-Traceback= 404C5E88 404AC1C0 406929A0 418C6B0C 418C6BFC 418C6E48 418C6F68 40855440 4085546C 4077659C 40777458 418C6E7C 418C6F68 40855440 4085546C 4077659CConditions: This symptom is observed when more than one instance of IP header compression is configured on a Frame Relay interface on a Cisco 7500 series that runs Cisco IOS Release 12.3(4)T, or a later 12.3 T release, or Release 12.2 S.
Workaround: There is no workaround.
•
Symptoms: 6PE is not present in following images:
c3745-advipservicesk9-mz
c3745-adventerprisek9-mz
c3725-advipservicesk9-mz
c3725-adventerprisek9-mzConditions: This symptom is observed in Cisco IOS Release 12.3(7)T and Release 12.3(8)T.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: A router crashes when you enter the isdn bind-l3 iua-backhaul dpnss command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(7.4)T.
Workaround: Change the configuration sequence as follows:
1.
2.
3.
•
Symptoms: A software-forced reload may occur on a router that has a dialer interface.
Conditions: This symptom is observed on a Cisco 7500 series when distributed switching is configured and when a PPPoE connection is established between two routers. The router with the dialer interface reloads when establishing a PPPoE connection. Note, however, that this caveat is platform-independent.
Workaround: There is no workaround.
•
Symptoms: When a RADIUS accounting record is sent for a PPTP Start, a Cisco NAS may not send the following RADIUS accounting record attributes:
–
–
–
Conditions: This symptom is observed in Cisco IOS Release 12.3(7.8)T.
Workaround: There is no workaround.
•
Symptoms: An outgoing call may not be billed correctly or routed correctly.
Conditions: This symptom is observed when the "international" ISDN type is overwritten with the "national" ISDN type.
Workaround: Configure the voice translation rule on the incoming POTS peer to change the international plan to, for example, the reserved plan, and create an outgoing translation rule to change the plan back to international, as is shown below:
voice translation-rule 200
rule 1 // // type reserved international plan isdn isdn
!
voice translation-rule 201
rule 1 // // type international reserved plan isdn isdn
!
!
voice translation-profile outgo
translate called 200
!
voice translation-profile inco
translate called 201Configure the translation profile "inco" on incoming POTS peer as an incoming rule:
translation-profile incoming incoConfigure the translation profile "outgo" on outgoing POTS peers as an outgoing rule to change the reserved plan back to the international plan and ISDN to ISDN:
translation-profile outgoing outgo•
Symptoms: A Cisco 7200 router reloads during a test of a VPDN template session limit.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(10.3)T.
Workaround: There is no workaround.
•
Symptoms: An outgoing call attempt on a BRI voice port may fail with the reason "Mandatory information element missing." The ISDN Q.931 SETUP and RELEASE_COMP message exchange may look similar to the following:
Router#
ISDN BR3/0 Q931: Applying typeplan for sw-type 0x4 is 0x2 0x1, Calling num
1234567890
ISDN BR3/0 Q931: TX -> SETUP pd = 8 callref = 0x04
Bearer Capability i = 0x8090A2
Standard = CCITT
Transer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0x81
Keypad Facility i = '98765432'
Calling Party Number i = 0xA18083, '1234567890'
Plan:ISDN, Type:National
Shift to Codeset 6
Codeset 6 IE 0x23 i = 0x01
Locking Shift to Codeset 6
ISDN BR3/0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x84
Cause i = 0x81E0 - Mandatory information element missingConditions: This symptom is observed on a Cisco voice router that is configured with BRI voice ports and that runs a Cisco IOS interim release for Release 12.3(11)T. (Note, however, that this caveat is resolved in Release 12.3(11)T.) The symptom occurs typically when the outgoing Q.931 SETUP message from the BRI voice port carries a "Calling Party Number" IE.
Workaround: If this is an option, use voice translation rules on the originating voice gateway to suppress the "Calling Party Number" IE so that it is not sent in the outgoing ISDN Q.931 SETUP message on the terminating voice gateway.
•
Symptoms: A Cisco router reloads when you enter the show vpdn session id local id hidden command.
Conditions: This symptom is observed on a Cisco 7200 series that functions as a LAC and/or LNS.
Workaround: Avoid entering the above-mentioned command.
•
Symptoms: An LNS sends two accounting stop records when a client re-negotiates a PPP session.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1 and that functions as an LSN when VPDN multihop is configured.
Workaround: There is no workaround.
•
Symptoms: RTP packets are compressed as NON-TCP packets rather than as RTP-COMP packets.
Conditions: This symptom is observed on a serial interface that is configured for PPP encapsulation via the encapsulation ppp command and that has RTP header compression enabled via the ip rtp header-compression iphc-format command.
Workaround: Do not use PPP encapsulation. Rather, use HDLC encapsulation by entering the encapsulation hdlc command.
Resolved Caveats—Cisco IOS Release 12.3(8)T11
Cisco IOS Release 12.3(8)T11 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T11 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Miscellaneous
•
Through normal software maintenance processes, Cisco is removing deprecated functionality. These changes have no impact on system operation or feature availability.
Resolved Caveats—Cisco IOS Release 12.3(8)T10
Cisco IOS Release 12.3(8)T10 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T10 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The operation result of an IP SLA jitter probe shows a high packet MIA that is equal to the jitter's number of packets minus one. In the responder router, the responder debug message shows many error packets.
Conditions: This symptom is observed when multiple jitter probes (either from the same router or from different routers) are configured to send packets to the same destination IP address and the same destination port number and when the responder is turned off for a short time and turned on again.
Workaround: To prevent the symptom from occurring, configure the jitter probe to use a unique destination port number.
Alternate Workaround: If the symptom has occurred, turn off the responder by entering the no rtr responder global configuration command, wait until all jitter probes report "No connection," and then turn on the responder by entering the rtr responder global configuration command.
IP Routing Protocols
•
Symptoms: H.245 messages are not correctly translated by NAT.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(5.5)T.
Workaround: There is no workaround.
•
Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.
Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.
Miscellaneous
•
Symptoms: When an interface that is configured with an IP address goes down while another interface is configured with the same IP address, traffic destined to this IP address may not be received by the interface that remains up.
Conditions: This symptom is observed when CEF is enabled.
Workaround: Flap the interface that is up. Doing so enables the interface to receive traffic for the IP address.
•
Symptoms: A Cisco router that has a service policy with a police action may reload because of a software-forced crash.
Conditions: This symptom is observed when you enter the no match dscp dscp-value or service-policy output policy-map-name command.
Workaround: There is no workaround.
•
Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.
Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.
•
Symptoms: A Cisco 7200 VXR router may hang.
Conditions: This symptom is observed on a Cisco 7200 VXR router that has a PA-MC-8TE1 and that is configured for IPSec encryption, either via tunnel protection or via a crypto map.
Workaround: Disable IPSec encryption.
•
Symptoms: A Cisco 7200 VXR router that simulates an L2TP access concentrator (LAC) may crash because of a memory leak in the SSS Manager process while handling PPPoA/L2TP and PPPoEoA/L2TP calls.
Conditions: This symptom is observed when you simulate some kind of DoS attack by generating a high number of PPPoEoA calls with the correct domain name but incorrect user names.
Workaround: There is no workaround.
•
Symptoms: Packets are process switched rather than fast switched.
Conditions: This symptom has been observed when CEF switching is configured with the ip cef command and header compression is enabled on a serial interface with the ip rtp header-compression command. This symptom has only been observed on a Cisco 7200 router when running a Cisco IOS Release 12.2S image.
Workaround: There is no workaround.
•
Symptoms: Downstream packets from an open garden service may not be properly process-switched. DNS packets are process-switched in SSG, so the DNS replies may not reach the client.
Conditions: This symptom occurs when an Internet service is bound to the same interface as the open garden service and when an unauthenticated user accesses open garden service.
Workaround: Use pass-through filters for downstream packets.
•
Symptoms: A router that is configured for SSS may crash with a memory corruption error.
Conditions: This symptom is observed on a router that functions as a VPDN LAC.
Workaround: There is no workaround.
•
Symptoms: A router may fail to advertise a prefix for which the network portion matches the major net. For example, when 10.0.0.0/8 is the major net, 10.0.0.0/16 is not advertised.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4) or a later release when the subnet between the two routers is in the same classful range as the advertised prefix of the advertising router.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•
Symptoms: A router may fail to advertise a major net route such as 10.0.0.0/8 to a RIP peer.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(3.3) or a later release when the route is redistributed from MP-IBGP into RIP and when the subnet connecting the RIP peer is in the classful range of the advertised major net. The symptom may also occur in other releases.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
For non-MPLS, this workaround does not work. A static route is recommended.
•
Symptoms: A new user cannot log in to a VPN server.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(10.1)T and that functions as a VPN server after you have added a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command.
Workaround: Do not add a new user by entering the crypto map map-name seq-num ipsec-isakmp dynamic dynamic-map-name command. Rather, enter the crypto dynamic-map dynamic-map-name dynamic-seq-num command.
Alternate Workaround: Reload the VPN server.
•
Symptoms: An encrypting router may send traffic that is locally originated (such as keepalive packets or routing update packets) out of order after the packets have been encrypted. Because of the anti-replay check failure, these packets are dropped on the receiving router.
Conditions: This symptom is observed when a multipoint GRE (mGRE) and IPSec tunnel is build between two routers.
Workaround: Turn off packet authentication for the configured IPSec transform.
Further Problem Description: On a Cisco 7200 series that functions as the receiving router, you can observe the symptom in the output of the show crypto ipsec sa detail or show pas isa interface command.
•
Symptoms: Some packet data protocol (PDP) contexts may not be deleted from a gateway GPRS support node (GGSN).
Conditions: This symptom is observed when an error occurs while PDP contexts are waiting for a delete response.
Workaround: If the PDP context exist in the Serving GPRS Support Node (SGSN), delete the PDP context from the SGSN. If the PDP context does not exist in the SGSN, there is no workaround.
•
Symptoms: A T.37 fax fails on a Cisco 2800 series because of clocking problems with a BRI. The fax that is sent or received via the BRI may be incomplete with cut pages or a part lost. About 40 to 50 percent of the faxes fail.
Conditions: This symptom is observed in the following topology:
A fax is sent from a fax machine via the PSTN to a BRI on a Cisco 2800 series. The Cisco 2800 series connects via an IP interface to an SMTP mail server.
Workaround: There is no workaround. Note that a fax that is sent via FXS instead of via a BRI goes through fine.
•
Symptoms: Packets are not shaped when traffic shaping is configured on a tunnel interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(27)SBA but may also occur in other releases.
Workaround: Configure class-based shaping. If this is not an option, there is no workaround.
•
Symptoms: You cannot bring up a serial interface of a channelized E1 or T1 port. The interface remains in the down/down state.
Conditions: This symptom is observed on a Cisco 3600 series.
Workaround: There is no workaround.
•
Symptoms: A router may generate "SYS-2-LINKED: Bad enqueue" error messages.
Conditions: This symptom is observed when both the following conditions are present:
–
–
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CCSCeg43855. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Further Problem Description: When the error message is generated, a crash may also occur in the following configuration in which hub-n-spoke GRE tunnels are configured for IPSec and EIGRP: When the spokes have a primary hub and a backup hub (that is, a GRE tunnel to each) and when a switchover from the primary hub to the backup hub occurs multiple times, the spoke man crash. This particular situation is observed on a Cisco 1841 and Cisco 3825.
A workaround for this particular situation is to prevent multiple hub switchovers from occurring or to refrain from configuring GRE tunnels with IPSec and EIGRP.
•
Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.
Workaround: Add another NM-HD-2VE and configure codec complexity medium.
•
Symptoms: A Cisco IPSec router may restart because of a bus error.
Conditions: This symptom is observed when you remove a crypto map entry that includes the dynamic keyword in its definition, as in the following example:
router#show running
...
crypto map map-name 5 ipsec-isakmp dynamic dyn-map
...
router(config)#no crypto map map-name 5Workaround: Before you delete the crypto map entry that includes the dynamic keyword in its definition, manually configure all dynamic crypto maps to point to a nonexistent ACL, as in the following example:
router#show running
...
crypto dynamic-map dyn-map 5
...
router(config)#crypto dynamic-map dyn-map 5
router(config-crypto-map)#match address no-such-acl•
Symptoms: A memory leak occurs on an originating gateway.
Conditions: This symptom is observed when Fast Start is enabled, when a call fails after the call proceeding has been received from a primary or alternate endpoint, and when the call falls back to the next alternate endpoint.
Workaround: There is no workaround.
Further Problem Description: The fast-start elements that are received in the call proceeding are freed only once for each call instead of being freed for each endpoint that is tried (assuming that the call falls back to alternate endpoints). This situation causes the memory leak.
•
A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, Cisco 1900 series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device.
Cisco is making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Wide-Area Networking
•
Symptoms: A Cisco router that has an ISDN interface as a backup for an ADSL port may exhibit spurious memory accesses and a high CPU utilization during interrupts.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(13)ZH2, Release 12.3, or Release 12.3T when an L2TP tunnel is up, when the BRI-U interface is disconnected and reconnected, and when the router attempt to re-enable the tunnel.
Workaround: There is no workaround.
•
Symptoms: PPTP tunnels do not come up.
Conditions: This symptom is observed when VPDN is configured.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(8)T9
Cisco IOS Release 12.3(8)T9 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: You may not be able to set the casnDisconnect object to "true" in the CISCO-AAA-SESSION-MIB.
Conditions: This symptom is observed only for Telnet sessions. The symptom does not occur for other sessions such as PPPoE sessions.
Workaround: Clear the Telnet session by using the tsClrTtyLine object.
•
Symptoms: When the radius-server retransmit 1 command is enabled on a NAS, the number of retransmit counts for a transaction with MS-IAS is more than the expected value.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(7.4).
Workaround: There is no workaround.
•
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used. The symptom may also occur in other releases.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco 7500 series may show a %SYS-3-CPUHOG error message when an ATM link on the router is flapped.
Conditions: This symptom is observed only when there are a lot of VCs on the ATM interface and when the VIP is oversubscribed.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may report spurious accesses when configured for Multilink PPP (MLPPP). This appears to be caused by fragmentation.
%ALIGN-3-SPURIOUS: Spurious memory access made at [hex] reading [hex] %ALIGN-3-TRACE: -Traceback=[hex]
Conditions: MLPPP must be configured for this symptom to occur.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may leave ATM PVCs up when the ATM interface is shut down.
Conditions: This symptom is observed on a Cisco 7500 series that has a PA-A3 when the CPU utilization of the VIPs is high.
Workaround: There is no workaround.
•
Symptoms: The show controllers t1 slot/port command may show only the current interval.
Conditions: This symptom is observed on a Cisco 7200 series when FDL is configured.
Workaround: There is no workaround.
Further Problem Description: When FDL is configured, the router updates the MIB data after checking for a valid local and remote MIB data interval that it receives from the T1 port adapter. During the remote MIB update, and if the received data interval is invalid, the router clears both the remote and the local data instead of clearing only the remote data and starting again.
•
Symptoms: Channelized interfaces on a channelized T3 line card or port adapter that is configured for Frame Relay encapsulation may be in the up/down state, and DLCIs are inactive.
Conditions: This symptom is observed when you reload a Cisco platform and when the interfaces were in the up/up state before you reloaded the platform.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller of either the T3 line card or port adapter on the Cisco platform or on the T3 line card or port adapter on the platform at the remote end.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the main interface on the Cisco platform.
IP Routing Protocols
•
Symptoms: Per-user access control lists disappear.
Conditions: This symptoms is observed on a Cisco platform when you enter the show ip access-lists command.
Workaround: There is no workaround.
•
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1. The ABR (call ABR X) has at least one non-backbone area (call area X) in common with one or more additional ABRs.
2. The ABRs are generating summary LSAs, on behalf of the Area X's two or more intra-area routes, into the backbone area and other areas. The two intra-area routes must be advertised as stub links from two different routers; i.e., one from ABR X, and the other from another router belonging to Area X.
3. The summary LSA IDs for the intra-area routes above, when ORed with the host bits of the corresponding masks, yield identical LSA IDs.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e., 10.10.10.128 | 0.0.0.127 = 10.10.10.255 10.10.10.0 | 0.0.0.255 = 10.10.10.255
Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: Previously suppressed prefixes are not automatically re-installed in an VRF table.
Condition: This symptom is observed when a VRF reaches the maximum route limit, when subsequent prefixes are suppressed, and when the suppressed condition is cleared. In this situation, previously suppressed prefixes should be automatically re-installed in the VRF table when the suppressed condition is cleared.
Workaround: Enter the clear ip bgp command.
•
Symptoms: A Cisco IOS Router running Border Gateway Protocol (BGP) and peering with other routers, under certain conditions may make the other peering routers reset their BGP sessions if it sends an as- path command with length equal or greater than 255.
Conditions: This symptom has been observed when a Cisco router receives a bgp update with an as-path length of 255.
Workaround: Use the bgp max-as limit command to limit the maximum as-path limit to a value less than 255. With this command, the router that receives the update with the excessive as-path will reject the prefix and record the event in the log.
Miscellaneous
•
Symptoms: A Cisco router may reload when you enter the show standby or show standby brief command.
Conditions: This symptom is observed on a Cisco Multiprocessor WAN Application Module MWAM) when multiple HSRP groups are configured and unconfigured in a loop while traffic for the HSRP groups is being processed. The symptom may be platform-independent.
However, a stress scenario in which many HSRP groups are configured and unconfigured while the show standby or show standby brief command is executed may be a rather uncommon scenario.
Workaround: Do not to enter the show standby or show standby brief command while configuration changes are being made.
•
Symptoms: An accounting stop record does not account for inbound CEF switched packets such as Acct-Input-Packets and Acct-Input-Octets.
Conditions: This problem only occurs for connections that are terminated onto a virtual-access interface.
Workaround: Disable CEF globally or per interface.
•
Symptoms: When the redundancy mode is changed from classic-split to RPR-plus through the command line interface (CLI), the peer Route Switch Controller (RSC) goes to the initial configuration setup dialogue.
Conditions: This symptom has been observed on a Cisco AS5850 universal gateway.
Workaround: Load the configurations with RPR-plus configured onto the startup configurations of both RSCs. The symptom will not be seen.
•
Symptoms: A Cisco AS5400 crashes.
Conditions: This symptom is observed when an NP60 DFC is hot-swapped (OIR'ed) with an NP108 DFC.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 series, all PVCs may suddenly enter the down state and remain in this state for about two minutes before they come back up. During the DLCI down state, the subinterface does not go down and no notifications are observed in the message log.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RPS4+ or an RSP8 and that runs the rsp-jsv-mz image of Cisco IOS Release 12.2(12i). In addition, the router is configured with an 8-port serial port adapter and an HSSI port adapter, is configured for Frame Relay, and has more than 450 PVCs/DLCIs. Note that the symptom may be platform-independent and may also occur on other Cisco platforms in a similar configuration.
Note. This is a timing issue and is not dependant on the number of VC's.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 does not fragment data packets.
Conditions: This symptom is observed when data packets enter the Cisco AS5850 through async (modem) interfaces and when the MTU on the egress Gigabit Ethernet interface is smaller than the ingress MTU or when L2F encapsulation overhead requires fragmentation. Async PPP sessions forwarded via L2TP are not affected by this problem.
Workaround: Increase the Gigabit Ethernet MTU to avoid fragmentation.
•
Symptoms: A child policy bandwidth calculation is wrongly mixed with the specified rate of an old parent policy.
Conditions: This symptom is observed after you have changed the configuration of a policy map in a hierarchical policy.
Workaround: Detach and reattach the policy map.
•
Symptoms: A URM that is configured as an LSC does not pass traffic. Xtags come up but traffic does not pass.
Conditions: This symptom is observed on a URM that runs Cisco IOS Release 12.3(6). The symptom does not occur on other software trains.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 may crash with a bus error at address 0xFFFFFFFF.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(6) only when facility messages are generated. The symptom may also occur on a Cisco 1700 series and Cisco 2600 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3700 series with an NM-1A-OC3, NM-1A-T3, or NM-1A-E3 network module with many VCs of the same class may reload because of a bus error.
Conditions: This symptom is observed when you configure more than 255 VCs of the same QoS type on the ATM interface, when traffic is processed on all VCs, and when a line error occurs.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may hang intermittently.
Conditions: This symptom is observed on a Cisco 831 router and occurs if the virtual auxiliary port functionality is used.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Symptom 1: Memory utilization may increase on a Cisco IOS gatekeeper that functions as an originating gatekeeper (OGK). You must reboot the gatekeeper to enable it to return to normal operating conditions.
Condition 1: This symptom is observed when the following conditions are present:
–
–
–
Workaround 1: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
2.
Symptom 2: Wrong CATs are sent to remote zones from a Cisco IOS gatekeeper that functions as an OGK.
Condition 2: This symptom is observed when the following conditions are present:
–
–
–
Workaround 2: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
3.
Symptom 3: A spurious memory access may occur on a Cisco IOS gatekeeper that functions as a directory gatekeeper (DGK).
Condition 3: This symptom is observed when the following conditions are present:
–
–
–
Workaround 3: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
•
Symptoms: A a software-forced reload may occur on a Cisco 7200 series.
Conditions: This symptom is observed when the Cisco 7200 series functions as a voice gatekeeper.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a Bus error exception.
Conditions: This was observed on a Cisco 7200 series router with an NPE-G1 that was actively passing traffic.
Workaround: There is no workaround.
•
Symptoms: A feature board may reload after a switchover.
Conditions: This symptom is observed only on a Cisco platform that is configured for Nitro Interconnect Protocol (NIP).
Workaround: There is no workaround.
•
Symptoms: DS0 channels may hang on a Cisco AS5400.
Conditions: This symptom is observed after running a VXML stress test for several hours.
Workaround: There is no workaround. To recover the channel, enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the affected controller.
•
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•
Symptoms: An NM-1T3/E3 network module sends an all 1s (ones) pattern when the clear channel T3 interface is shut down. This situation causes a remote framer to report an AIS and the remote end to send a RAI. The end result is that the link does not come up when the you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T3 interface of the NM-1T3/E3 network module.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(9).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface at the remote end.
Further Problem Description: This problem only occurs when the NM-1T3/E3 connects to a DS3 card in a 7600/12k router at the far end.
•
Symptoms: TACSAS+ is not supported on a Cisco IAD2430.
Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 831 may display the following message on the console:
pktFlowLink() logic error, pMatch and pEmptySlot
Conditions: This symptom is observed very rarely after the router has been up for a long time. The functionalities of the router are not affected.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for PPPoE may stop forwarding packets that need to be fragmented.
Conditions: This symptom is observed after a link flap occurs on the dialer interface or after you enter the clear interface command on the dialer interface.
To re-enable the affected packets to be forwarded, enter the no ip cef command followed by the ip cef command.
Possible Workaround: Enter the ip tcp adjust-mss 1400 command to force the maximum segment size (MSS) of the TCP SYN packets to be small enough to prevent the router from fragmenting the packets.
•
Symptoms: A Cisco AS5850 crashes because of a bus error and reloads.
Conditions: This symptom is observed when the Cisco AS5850 processes a call while the CPU utilization of the RSC and the line cards is very high because of call failures.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee
Workaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Cisco IOS Release 12.3, the fix is included in Cisco IOS Release 12.3 as a precaution.
•
Symptoms: A Cisco AS5850 reloads when it fetches a TDM connection object for a TDM hairpinned call. while handing over peer resources to the standby RSC.
Conditions: This symptom is observed when you enter the redundancy handover peer-resource command and when the Cisco AS5850 functions in the extra-load state.
Workaround: Clear all existing calls that use peer resources and mark the calls as busyout before you enter the redundancy handover peer-resource command.
•
Symptoms: A Cisco AS5850 reloads when you enter the redundancy handover peer-resources command to hand over the peer resources to the other RSC.
Conditions: This symptom is observed when the RSC that hands over the peer resources is in the "ACTIVE_EXTRALOAD" mode and when an SNMP trap is sent to obtain the card status.
Workaround: There is no workaround.
•
Symptoms: There is no QoS classification at a main interface when packets are switched from a GRE tunnel that also has a QoS policy enabled.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3T or Release 12.4 when a QoS policy is enabled on both the GRE tunnel and the main interface in the output direction.
Workaround: Move the complete QoS configuration to the QoS policy on the main interface (that is, use an hierarchical policy).
•
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: MGCP calls fail with a fast busy. Using the debug mgcp packet command indicates that the 400 Voice Call Setup failed.
Conditions: This symptom has been observed when MGCP PRI backhaul is done on Cisco 2800 series and Cisco 3800 series routers with PVDM2 DSPs. Calls fail only after a reload.
Workaround:
1. Use ccm-manager configuration commands.
2. Enter a shut command on the voice port or on the T1 controller.
3. Enter a no mgcp command and then enter a mgcp command.
4. Enter a no ccm-manager config command and then a ccm-manager config command, assuming you have the TFTP server defined.
5. After reloading, enter a write erase command. Add the configuration and save.
•
Symptoms: A Cisco gateway may reload at "h245_olc_out_sm".
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(7)T7 when the gateway receives a third-party RequestChannelClose message that has the reason field populated with "reopen".
Workaround: Ensure that the third-party gateway does not send a RequestChannelClose message with the reason field populated with "normal".
•
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•
Symptoms: Distributed Sessions Manager (DSM) is flooded with DSP stats messages.
Conditions: This symptom is observed when the event pool is out of events.
Workaround: There is no workaround.
•
Symptoms: A VAM2 fails to come up and generates the following error message:
MIPS not ready to send response (0xC0000000) after mbox_pass.Conditions: This symptom is observed only on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.3, 12.T, or 12.4.
Workaround: There is no workaround. Note that the symptom does not occur with other images such as the c7200-jk9o3s-mz image or the c7200-ik9s-mz image.
•
Symptoms: When CRTP is enabled on a PPP over Frame Relay PVC via a policy-map configuration, the service policy on the PVC does not function properly because packets are not placed in the priority queue. The output of the show policy-map interface command does not show a class counter.
Conditions: This symptom is observed when you attach a policy map with CRTP on a virtual-template interface and then attach a policy map with a priority feature on the Frame relay PVC. Note that the symptom does not occur for a PPP over ATM PVC or PPP over Ethernet configuration.
Workaround: There is no workaround.
•
Symptoms: A SSG does not return GPRS VSAs to a GGSN in an access-accept message.
Conditions: This symptom is observed when a RADIUS client such as a GGSN sends an extended auto-domain access request. The SSG should return the "gprs:charging-profile-index" and "csg:billing_plan" VSAs in the auto-domain profile to the GGSN when the no remove vsa cisco command is enabled on the SSG for the RADIUS client.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series may crash when you configure the interface of an NM-16ESW.
Conditions: This symptom is observed when you enter the ip rsvp bandwidth command on FE port 1/10 of the NM-16ESW and then you enter the no switchport mode command followed by the switchport mode command.
Workaround: Do not enter IP commands in switchport mode.
•
Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.
Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:
- The initial codec for the call is negotiated as G.729.
- A reinvite message with a codec change to G.711ulaw is sent to the gateway.
- The gateway accepts the change with a 200 OK message but continues to send the call with codec G.729 in the RTP stream.
Workaround: Remove the fax pass-through configuration.
•
Symptoms: A WIC-1DSU-T1-V2 WAN interface card may become stuck and may not detect any alarms or loopback events but may still be able to pass traffic.
Conditions: This symptom is platform-independent.
Workaround: Enter the clear service-module serial slot|port command.
•
Symptoms: Configuring an AUX port through a non-slotted notation such as "interface async 1" may not be possible a Cisco 1841 and a Cisco 2801.
Conditions: This symptom is observed on a Cisco 1841 and Cisco 2801 that run Cisco IOS interim Release 12.3(11.9)T or a later release.
Workaround: Configure the AUX port through the slotted notation such as "interface async 0/0/0".
•
Symptoms: NAT-PT stops working after a router is reloaded.
Conditions: This symptom is observed on a Cisco router that has a "v6v4" static NAT configuration when NAT-PT fails to install ARP entries because the router is not yet fully initialized.
Workaround: Remove and then reconfigure the mapping.
•
Symptoms: You cannot run the Embedded Event Manager Tcl policy scripts.
Conditions: This symptom is observed in all Cisco IOS software images that contain the fix for caveat CSCeg07394. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg07394. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 VXR router may hang.
Conditions: This symptom is observed on a Cisco 7200 VXR router that has a PA-MC-8TE1 and that is configured for IPSec encryption, either via tunnel protection or via a crypto map.
Workaround: Disable IPSec encryption.
•
Symptoms: A serial interface of a PA-MC-8TE1+ continues to process packets even after the interface is placed in the "ADMINDOWN" state. The counters in the output of the show interfaces serial command may continue to increment even if the serial interface is shut down.
Conditions: This symptom is observed on a serial interface of a PA-MC-8TE1+ when there is a channel-group configuration for the interface.
Workaround: Remove the channel-group configuration for the interface.
•
Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.
Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.
Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.
•
Symptoms: A spurious memory access occurs on an SSG when you run a MIB get request for the SSG service binding entries.
Conditions: This symptom is observed when an SSG service is bound to a next-hop IP address.
Workaround: There is no workaround.
•
Symptoms: The following error message is displayed on a router that is configured for SSG:
%SYS-3-BADLIST_DESTROY: Removed a non-empty list
Conditions: This symptom is observed while you unconfigure an SSG feature by entering the no ssg enable force-cleanup command on the router that has one or more instances of an SSG service binding configuration such as the ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).
Workaround: Before you unconfigure the SSG feature, unbind the SSG service by entering the no ssg bind service command (with the proper arguments that indicate a service name, IP address, interface type, and interface).
•
Symptoms: A Cisco router may reload unexpectedly with a bus error exception.
Conditions: This symptom is observed on a router that is configured for Service Selection Gateway (SSG) and authentication, authorization, and accounting (AAA).
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 gateway may crash when a voice call is made.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when accounting is enabled.
Workaround: There is no workaround.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•
Symptoms: After upgrading from Cisco IOS Release 12.3 mainline to Cisco IOS Release 12.3T, some information is not getting passed along correctly that is causing failures, for example third party Message Waiting Indication (MWI).
Conditions: This problem is seen when routers are upgraded to Cisco IOS 12.3T when QSIG signaling is used.
Workaround: Downgrade all routers involved to a version prior to Cisco IOS 12.3(4)T.
•
Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.
Conditions: This symptom is observed for post-paid users.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: When multiple dialout calls are triggered at virtually the same time on a Cisco AS5300 with a Large-Scale-Dial-Out (LSDO) configuration, the resulting accounting records may be either wrong or missing.
Condition: This symptom is observed in a stress test under lab conditions when the concurrent dialout attempts are made using the same E1 link and when the packets triggering the dialout arrive at the same time, causing two ISDN SETUP messages within a very short period, that is, within 5 to 10 msec.
Workaround: There is no workaround.
•
Symptoms: A syslog message may not be generated when a session limit is exceeded.
Conditions: This symptom is observed when the VPDN session limit is configured on a VPDN group or VPDN template on a LAC or LNS. If the no vpdn session-limit global configuration command is enabled, a syslog message is generated when the session limit is exceeded.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
Resolved Caveats—Cisco IOS Release 12.3(8)T8
Cisco IOS Release 12.3(8)T8 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Resolved Caveats—Cisco IOS Release 12.3(8)T7
Cisco IOS Release 12.3(8)T7 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom occurs on EIGRP routes when using the shut command followed by the no shut command.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Miscellaneous
•
Symptoms: A Cisco router that is configured for SSG may crash with a bus error.
Condition: This symptom is observed on a Cisco router that is configured for SSG and that has PPP SSG users when there are IPCP renegotiations on an active PPP session and a new IP address is assigned to the session.
Workaround: Enter the ip address negotiated previous command on the client to prevent a new address from being assigned during the IPCP renegotiations.
•
Symptoms: A Cisco 2691 may hang after crashing with the following error message:
%ERR-1-GT64120 (PCI-0): Fatal error, DMA out of range errorConditions: This symptom is observed when you boot the Cisco 2691.
Workaround: There is no workaround.
Further Problem Description: The symptom is only observed on a Cisco 2691.
•
Symptoms: A Cisco router may have a memory leak in the Crypto IKMP process.
Conditions: This symptom has been observed on Cisco routers running Cisco IOS Release 12.3(7.8)T when 2 sites initiate at the same time.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: A Cisco AS5850 that has a trunk-group that is provisioned to a third-party vendor switch can pass a COT request when this request is initiated by a Cisco BTS 10200 but fails when this request is initiated by the third-party vendor switch. This situation prevents you from configuring new trunks to the third-party vendor switch.
Conditions: This symptom is observed in a configuration with a Cisco BTS 10200 that runs software version 3.5 3 V03 and a Cisco AS5850 that runs Cisco IOS Release 12.3(2)T7 or Release 12.3(2)T3.
Workaround: There is no workaround.
Further Problem Description: Because the third-party vendor switch does not use the loopback COT, the 4W_TO_2W COT is required. When the CCR is received, the Cisco BTS 10200 sends the LPA, and then sends a CRCX with M:conttest to the Cisco AS5850. Then, the third-party vendor switch sends a 2010-Hz tone and searches for a 1780-Hz tone from the Cisco AS5850. Monitoring the T1 line reveals that the Cisco AS5850 does not send the 1780-Hz tone although it does receive the 2010-Hz tone from the third-party vendor switch. So either the CRCX with M:conttest is not implemented correctly on the Cisco AS5850, or the Cisco BTS 10200 should send a RQNT with S:T/co2 following the CRCX.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: Upon resetting or reloading a Cisco 3700 series, the IP phones that are connected to an NMD-36-ESW no longer receive power from the internal power supply.
Conditions: This symptom is observed when a Cisco 3725 is configured with an NMD-36-ESW and when IP phones are directly connected to the NMD-36-ESW. The symptom may also occur on another Cisco 3700 series router, and it may also occur on a NM-16ESW.
Workaround: For the interfaces that do not receive power, enter the shutdown command followed by the no shutdown command on the interface of the NMD-36-ESW or disconnect and reconnect the FE cables that run between the NMD-36-ESW and the IP phones.
•
Symptoms: SIP calls are not completed because the gateway does not include the epid in its ACK even though it was in the "to" header of the response it is ACKing. The server also cannot treat the ACK as it would properly formatted messages.
Conditions: This symptom is observed when using Windows Messenger client software.
Workaround: There is no workaround.
•
Symptoms: Transmit underruns or receive overruns may occur on a serial interface on the motherboard WICS of a Cisco 2691 or Cisco 3725 router.
Conditions: This symptom is most likely to occur when the traffic of the serial interfaces on the motherboard on a Cisco 2691 or Cisco 3725 router is process-switched rather than fast-switched.
Workaround: Do not use the WAN interface card (WIC) slot on the motherboard. Rather, use the serial interface on a 2-WAN card slot network module (NM-2W), a 1-port Fast Ethernet 2-WAN card slot network module (NM-1FE2W), or a 2-port Fast Ethernet 2-WAN card slot network module (NM-2FE2W).
•
Symptoms: The router pauses indefinitely at startup.
Conditions: This symptom is a side effect of the fix for CSCee81074. This symptom has been observed occasionally when the router is booting up. The symptom is in the memory allocation portion of the TCL component. If the image does not contain any components using TCL, this symptom will not occur.
Workaround: Do not use an image that contains TCL components, otherwise, there is no workaround.
•
Symptoms: Voice packets are not compressed when cRTP is configured with MQC on a serial interface that is configured for Frame Relay encapsulation.
Conditions: This symptom is observed on a Cisco 3725, Cisco 3745, and Cisco 7206.
Workaround: Disable CEF globally and disable fast switching on the serial interface.
•
Symptoms: 20 percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.
Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for SSG may hang and crash.
Conditions: This symptom is observed when PBHK and idle timeout are enabled for PPP users and the router is busy.
Workaround: Disable idle timeout for all PPP users.
Alternate Workaround: Disable PBHK. If you do so, you may still observe a few non-aligned accesses but a crash will not occur.
•
Symptoms: Calls via a V.110 L2TP GSM application fail.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(2)T or a later release and that is configured for MGCP NAS. Debugs show PPP and CRC errors and corrupt asynchronous framing.
Workaround: There is no workaround.
•
Symptoms: After a DSP crashes and recovers, voice calls through a backhauled PRI fail. Note that a regular PRI is not affected.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T6, that functions as a voice gateway, and that is configured with an NM-HDV2 and a PVDMII-24.
Workaround: Enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice port. Note that shutting down and bringing up the controller on the affected voice port does not bring the voice port back up.
•
Symptoms: When a phone call is made and forwarded to a Cisco Unity Express Network Module (NM-CUE), choppy voice may occur on the IP phone(s) that are connected to the stacked Etherswitch modules. The symptom is observed for voice connections between the IP-phone(s) and the NM-CUE. The sound during calls between two IP phones is good.
Conditions: This symptom is observed when a 16-port Etherswitch module is stacked with a 36-port Etherswitch network module. This symptom does not occur when only a single Etherswitch module (either 16- or 36-port) is used.
Workaround: There is no workaround.
•
Symptoms: When IP header compression is enabled on a PPPoATM or PPPoFR interface, compressed packets are not correctly classified by any QoS policy that has been applied to the supporting ATM or Frame Relay PVC.
Conditions: This symptom is observed when CRTP is enabled on the virtual-template interface via the service policy command or ip rtp header-compression command and when the IP RTP Priority feature is enabled in the PVC policy.
Workaround: There is no workaround.
•
Symptoms: TAPI cannot register to CCME.
Conditions: This symptom has been observed in Cisco IOS Release 12.3(8)T6. It has not been observed in Cisco IOS Release 12.3(8)T5.
Workaround: Change the Cisco IOS Release 12.3(8)T6 to Cisco IOS Release 12.3(8)T5.
•
Symptoms: IP phones that are connected to an NM-ESW-16 network module may reboot when the Ethernet cable of one of the IP phones is physically unplugged from the NM-ESW-16 network module.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(8)T3 or Release 12.3(11)T and that is configured with an NM-ESW-16 network module with a PPWR-DCARD-16ESW power board.
Workaround: There is no workaround.
•
Symptoms: When you boot a router, a voice port remains in the BUSYOUT state, which can be observed in the output of the show voice call summary command.
Conditions: This symptom is observed when the T1 controller is configured as the DS0 group.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T1 controller to enable the voice port to change to the ONHOOK state and voice calls to be resumed.
•
Symptoms: "IP Input" and "ESM Logger" processes hold increasing amounts of memory.
Conditions: This symptom is observed when the Embedded Syslog Manager (ESM) is used to manipulate syslog messages and executes show commands to gather information that is required for syslog message modification. The probability that the symptom occurs increases with the number of times that a show command is executed by the TCL script.
Workaround: There is no workaround.
•
Symptoms: The router may pause indefinitely in function aaa_req_set_context and will usually point to the peer structure.
Conditions: When the device is under heavy stress and AAA is used with crypto, the router may pause indefinitely.
Workaround: There is no workaround.
•
Symptoms: A DSP may hang when a SIP call uses DNS. The output of the show voice call summary command shows the following message:
S_WAIT_HOST_DISC S_TSP_WAIT_RELEASEConditions: This symptom is observed on a Cisco 1700 series that functions as a voice gateway and that is configured for DNS.
Workaround: Disable DNS.
•
Symptoms: A Cisco IAD2430 may become unresponsive to Telnet session and drop SIP registration because of a memory leak in the "CCSIP_SPI_CONTRO" process.
Conditions: This symptom is observed on a Cisco IAD2430 that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.
Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.
Possible Workaround 1: Do not install a WIC-1DSU-T1-V2. Rather, install a VWIC-1MFT-T1, on which the symptoms do no occur.
Possible Workaround 2: The symptoms may clear when you replace the in-house cabling with cat.5 cables.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: When a call from the VoIP side is configured for "presentation restricted," the isdn map address command may override the Calling line ID presentation/rejection (CLIP/CLIR) in the ISDN SETUP message to "presentation allowed."
Conditions: This symptom is observed when the isdn map address command is used to modify the ISDN plan and type.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(8)T6
Cisco IOS Release 12.3(8)T6 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: Traffic that is processed by a router may be improperly routed to an ESP route.
Conditions: This symptom is observed when the ip nat inside source static esp local-ip interface Loopback0 command is enabled.
Workaround: There is no workaround.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround
•
Symptoms: A router that is configured for Optimized Edge Routing (OER) crashes after a %SYS-2-CHUNKBADREFCOUNT error message has been generated.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(11)T when OER is enabled, when OER controls non-exact routes, and when a BGP update to a more exact router occurs.
Workaround: Route control using static routes is not affected by the symptom. To prevent the symptom from occurring in a situation with route control using BGP routes, configure OER to control only exact routes.
Miscellaneous
•
Symptoms: Packets that are sent by the Cisco AS5850 are corrupted.
Conditions: This symptom is observed on calls that are originated from the Cisco AS5850 if VLAN is configured and will cause the Cisco AS5850 to corrupt the packets sent by the Cisco AS5850.
Workaround: Do not configure VLANs if the Cisco AS5850 is originating the calls.
•
Symptoms: Some conference parties may not be heard and the conference bridge may become unregistered from a Cisco CallManager.
Conditions: This symptom is observed on a Cisco platform that functions as a conference bridge when one or more of the RTP streams that enter the router use RTP header-compression.
Workaround: Disable RTP header-compression.
•
Symptoms: A busy tone is not heard when calling from IP to PSTN on E1R2.
Conditions: When calling from IP to PSTN that is connected through E1R2 on a Cisco AS5850, the user does not hear the busy tone when the called phone is busy. When the phone that is called is not busy, a ringback is heard, and the call is completed.
Workaround: There is no workaround.
•
Symptoms: An active RSC may crash when you enter the redundancy handover peer-resources command.
Conditions: This symptom is observed when a Cisco AS5850 runs in handover split mode and one RSC is in an extra-load mode.
Workaround: Enter the redundancy handover peer-resources command when there are no active calls on any resources that must to be handed over.
•
Symptoms: A Cisco Optimized Edge Routing (OER) Border router crashed when it received a prefix control command from the master. From the crash information obtained at the time of the crash, the problem seem to be related to modification of the OER parent static routes database when there exists multiple static routes serving as parents with different nexthops.
Conditions: The crash happens only when OER tries to control prefixes using multiple static routes with different nexthops on the Border router.
Workaround: Shut OER before removing static routes which are parents to OER static routes.
•
Symptoms: An H.450-2 call transfer from a Cisco gateway to another Cisco platform may not go through.
Conditions: This symptom is observed on a Cisco gateway that runs a Cisco IOS software image that contains the fix for CSCin74482, which addresses improper encoding of the H.450 callIdentity field. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl bugid=CSCin74482. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A "CEIPNM-2-WATCHDOG" error may be displayed.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(8)T1 and that is configured with an NM-CEM-4TE1 and an NM-1GE when the NM-1GE is used as the middle IP connection.
Workaround: Use the FE interface for the middle IP connection.
•
Symptoms:
–
–
Conditions: This symptom can occur at any time and under no special conditions.
Workaround: There is no workaround.
•
Symptoms: A voice port may stop providing a dial tone and hang, and the following messages appear in the logs:
v4vip_send_cmd:No space in INBOX:free_space(0), cmd_length(3) for dev 0!!! v4vip_active_lo:fail to send SOP RTR cmd for port=0Conditions: This symptom is observed on a Cisco IAD2430 series.
Workaround: Reload the router.
•
Symptoms: On a Cisco AS5850 with an enhanced Route Switch Controller (RSC) that is configured to hair-pin incoming ISDN calls onto outgoing channel associated signaling (CAS) channels (or vice-versa), a Time Division Multiplexing (TDM) leak condition will be exhibited after a few hours.
Conditions: This symptom is observed in Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: STM1 flaps map be observed on a Cisco AS5850 access gateway.
Conditions: This symptom occurs when the debounce timer for Loss of Signal (LOS) and Loss of Frame (LOF) is ignored.
Workaround: There is no workaround.
•
Symptoms: Calls to a SIP gateway may fail.
Conditions: This symptom is observed on a Cisco router that functions as a SIP gateway when there are escape characters in the user portion of the Request-URI, as in the following example:
INVITE sip:929252175123%23%23@<ip address>:5060 SIP/2.0In this example, the escape character is %.
Workaround: Remove the escape characters from the user portion of the Request-URI.
•
Symptoms: Context-based Access Control (CBAC) fails to pass H.245 packets through a router, and the following error message is generated:
Corrupted header, version number 3, reserved 7C, header size 101Conditions: This symptom is observed on a CIsco router when the ip inspect command is configured for H.323 in a configuration in which one gateway runs H.323 version 2 and is connected via the router to another gateway that runs H.323 version 4.
Workaround: Ensure that all gateways run H.323 version 4.
•
Symptoms: On a CME 3.1 system, a speed dial that is configured via the GUI for phone A may show up on the GUI interface of phone B when one of these phones has an 7914 add-on. However, the configuration does not show up in the running configuration.
Conditions: This symptom is observed when you configure speed dial via the GUI for a CME 3.1 system, and when the following configuration is present:
!
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203
!
ephone 2
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2
!
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3The speed dial configuration addition and modification on ephone 3 may be shown when you attempt to edit the configuration of ephone 2.
Workaround: If you move the ephone configuration of a 7940 or 7960 phone with a 7914 add-on away from the other phones, the symptom does not occur. The following shows the configuration set with the workaround applied to the above configurations:
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203One more ephone-dn for another 7914 (in case you need to add one more and wonder how the configuration would look):
ephone-dn 4 dual-line
number 7209This is the usual 7960 phone (7203):
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3This is the 7960 phone with the 7914 add-on which was ephone 2 before:
ephone 31
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2This is a new 7960 phone with a 7914 add-on:
ephone 38
mac-address 00AA.1234.ABCD
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:4The idea is to configure all the simple phones without any 7914 add-ons from ephone 1 to N (say, 1 to 30). Now, add the first phone with the 7914 add-on as ephone N+1 (31). The next phone with the 7914 add-on should be configured as ephone [(N+1)+7] (38) and so on (45, 52, 59, etc).
•
Symptoms: A Cisco AS5850 with an ERSC board may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on a Cisco AS5850 series that is configured with an ERSC board. RSC boards are not affected.
Workaround: There is no workaround.
•
Symptoms: When a voice gateway is reset by a Cisco CallManager, the voice gateway may not reregister with the Cisco CallManager, even when the output of the show isdn statistics command indicates the following state:
MULTIPLE_FRAME_ESTABLISHED and L3 Protocol(s) = CCM-Manager.
The above-mentioned state occurs when the voice gateway fails to send a restart message (RM) to the Cisco CallManager.
Conditions: This symptom is observed on a Cisco 3745 that functions as a voice gateway and that runs Cisco IOS Release 12.3(4)T6, 12.3(8)T3, or 12.3(8)T4.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the T1 controller of the interface that connects to the Cisco CallManager.
•
Symptoms: A router that is configured with a Layer 2 firewall may crash and report memory corruption.
Conditions: This symptom is observed on a Cisco 1700 series that is configured with a Layer 2 firewall and a WIC-4ESW on which a switch virtual interface (SVI) is configured in a bridge group. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: After a grounding ring, the circuit may fail to detect an ensuing tip ground acknowledgement from the far end.
Conditions: This symptom is observed when placing outgoing calls with the FXO tip ground detect circuit present via a VIC2-2/4FXO, EM-HDA-6FXO, or EM-HDA-3FXS/4FXO.
Workaround: Use loopstart mode for FXO.
•
Symptoms: FAX calls made between two POTS legs may fail.
FAX--(FXS)1760(BRI)--PSTN--Analog line--FAXThe above scenario may fail in some routers and work in some others.
Conditions: This symptom has been observed when the FAX machines are trying to train.
Workaround: There is no workaround.
•
Symptoms: Use of the HTTP GUI interface of Cisco CallManager Express (CCME) may cause instability on a Cisco IOS voice gateway: the T1 controllers on the gateway may become accessible, calls may not complete through the gateway, and the gateway may reload unexpectedly.
Conditions: This symptom is observed when you use the HTTP GUI interface of CCME to configure and maintain a VoIP gateway.
Workaround: Use the command line interface (CLI) to configure and maintain a CCME VoIP gateway. To prevent access via the HTTP GUI interface, Cisco recommends that you remove the access by entering the no ip http server global configuration command.
•
Symptoms: The following CLIs are blocked out: h225 h245-address sync h225 h245-address facility h225 h245-address progress
The following CLIs can only be seen with the no allow- connection h323 to h323 command: h225 progress-indicator local-ringback h225 h245-address on-connect
Conditions: This symptom regards the commands in:
voice service voip allow-connection h323 to h323 h323 h225 id-passthru ... ...Workaround: The impacted commands can still be configured from the voice class.
•
Symptoms: A Cisco GGSN that runs Cisco IOS Release 12.3(8)T3 with GPRS software may reload when repetitive create PDP context requests are received for an existing PDP in the GGSN.
Conditions: This symptom is observed when the following sequence of events occurs:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: All voice calls fails and the output of the show voice port summary command shows that all voice ports are in the down state:
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
========= == ============ ===== ==== ======== ======== ==
0/1:0 01 e&m-wnk up down idle idle y
0/1:1 02 e&m-wnk up down idle idle y
0/1:2 03 e&m-wnk up down idle idle yConditions: This symptom is observed on a Cisco 2600 series, Cisco 3660, and Cisco 3700 series that run Cisco IOS Release 12.3(11)T1 or Release 12.3(11)T2 and that are configured with an AIM-VOICE interface module that has DSPs that are configured for high complexity. The symptom occurs after you reload the router.
Workaround for Release 12.3(11)T1: Bring the voice ports to the up state by entering the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice ports.
Workaround for Release 12.3(11)T2: Remove the affected DS0 group and reconfigure it.
•
Symptoms: Fax Relay and Fax Pass-Through fail with fallback using Named-Signaling Event (NSE) signaling.
Conditions: This symptom is observed on a Cisco router such as a Cisco 3600 series when Fax Relay or Fax Pass-Through is configured with fallback using an NSE configuration command. The fax fails in the following example topology:
The originating fax machine connects to the originating gateway (OGW) (a Cisco router) that connects via VoIP to the terminating gateway (TGW) (also a Cisco router). The TGW connects via a T1 PRI to the terminating fax machine.
In this example, the OGW has the following configuration:
Rtr-A(config)#voice service voip
Rtr-A(conf-voi-serv)#fax protocol pass g711u
Rtr-A(conf-voi-serv)#endIn this example, the TGW has the following configuration:
Rtr-B(config)#voice service voip
Rtr-B(conf-voi-serv)#fax protocol t38 nse force fallback pass g711u
Rtr-B(conf-voi-serv)#endWorkaround: Do not use NSE signaling.
Wide-Area Networking
•
Symptoms: When a RADIUS accounting record is sent for a PPTP Start, a Cisco NAS may not send the following RADIUS accounting record attributes:
–
–
–
Conditions: This symptom is observed in Cisco IOS Release 12.3(7.8)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router reloads when you enter the show vpdn session id local id hidden command.
Conditions: This symptom is observed on a Cisco 7200 series that functions as a LAC and/or LNS.
Workaround: Avoid entering the above-mentioned command.
•
Symptoms: An LNS sends two accounting stop records when a client re-negotiates a PPP session.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1 and that functions as an LSN when VPDN multihop is configured.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(8)T5
Cisco IOS Release 12.3(8)T5 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
Miscellaneous
•
Symptoms: A Cisco 7500 series multichannel T3 port adapter (PA-MC-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: When changing a route pattern or destination number, the trunk (or endpoint receiving a new destination number) may be unusable until the gateway is reset.
Conditions: This symptom is observed on a Cisco 3600 series that functions as a gateway.
Workaround: Via the gateway configuration panel, reset the gateway after changing the route pattern or destination number.
•
Symptoms: Users may hear a crackling sound on inbound audio from the POTS leg of a call when using a VIC2-2FXO or VIC2-4FXO voice interface card in a Cisco 1751-V or 1760-V voice gateway.
Conditions: This symptom is observed when the c1751-V and c1760-V voice gateway also have a Voice/WAN interface card (VWIC) installed that is used for WAN connectivity via a serial channel-group interface. The symptom may also occur when the VWIC is used for voice termination or for TDM Drop & Insert functions, but the most commonly seen scenario is for use as a WAN connection.
Workaround: If the VWIC is used for WAN termination only, a WIC-1DSU-T1 card can be substituted to prevent the audio problems from occurring. If the VWIC is used for voice termination or for TDM Drop & Insert functions, there is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: A Cisco 7500 series T3 port adapter (PA-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: Memory corruption may occur when you enter the directory entry clear telephony-service configuration command.
Conditions: This symptom is observed when the directory entry clear telephony-service configuration command clears a preconfigured directory entry but the pointer is not removed. When the freed memory is allocated and written by some other process and when the directory entry clear telephony-service configuration command is reconfigured, a traverse through the directory link list could cause a bus error because the pointer could point to anything, including a non-RAM memory address.
Workaround: Do not enter the directory entry clear telephony-service configuration command to clear entries. Rather, enter the no directory entry command to remove the entries individually.
•
Symptoms: When the ip auth-proxy command is enabled, a dynamic user access control list (ACL) is not added to the existing ACL on an interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8)T.
Workaround: There is no workaround.
•
Symptoms: Even when policy-based routing is configured on the interface, a router that boots may still reject the ip vrf receive command with the following error message:
% Need to enable Policy Based Routing on the interface firstConditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T and that is configured for VRF selection when the router boots after having been reloaded.
Workaround: Reapply the ip vrf receive command.
•
Symptoms: An RSC may crash when you enter the redundancy handover peer-resources command on the active RSC to handover the resources to the standby RSC.
Conditions: This symptom is observed on a Cisco AS5850 that functions in handover split mode when file copy, delete, or format operations are in progress.
Workaround: Do not handover resources when file copy, delete, or format operations are in progress.
•
Symptoms: An MGCP gateway (GW) does not send a DLCX message with the proper reason code (E:) when an RTP loss occurs because the Ethernet interface through which the RTP transfer occurs on the GW is shut down.
Because the GW does not notify the CA about the RTP loss via a DLCX message with the proper reason code, the CA continues to send MGCP messages to the GW and vice versa in a normal way. However, these MGCP messages do not reach the GW or CA because the Ethernet interface on the GW is shut down, preventing the deletion of existing connections on the GW.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP GW and that has a single interface to the CA and terminating GW.
Workaround: Delete the connections on the MGCP GW manually through MGCP CLIs.
•
Symptoms: An IP authentication proxy dynamic user access control list (ACL) may not be added to an interface ACL.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8)T. Note that the symptom does not occur in Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: The Type of Service bits are not set in the IP header for SIP signaling packets.
Conditions: This symptom is observed when the ip qos dscp number signaling dial-peer configuration command is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series that functions as a voice gateway may reload when it processes voice traffic on a PVDM2-8 packet voice/fax digital signal processor (DSP) module.
Conditions: This symptom is observed when flex codec-complexity voice calls are processed and when the PVDM2-8 is installed in one of the following two locations in the router:
–
–
Workaround: Use high or medium codec-complexity. If you must use flex codec-complexity, ensure that the PVDM2-8 is not present in any of the above-mentioned slots.
•
Symptoms: On a Cisco 1760 that is configured for IP Voice and that uses a PVDM-256k-20 as a transcoding resource, if you configure 10 as the maximum number of sessions, the DSP farm remains down.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(8)T3.
Workaround: Configure 8 as the maximum number of sessions or add an additional PVDM-256k-20 and configure 12 as the maximum number of sessions.
•
Symptoms: Encrypted ping traffic may fail on a Cisco router with an onboard crypto engine or with software encryption.
Conditions: This symptom is observed on a Cisco 2800 series when there is more than one access control list associated with the IPSec configuration and when IPSec SAs for more than one access control list fail to come up. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: QoS features such as traffic shaping may not work correctly when QoS preclassification is configured over an IPSec tunnel.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(8)T or a later release and that is configured with a hardware encryption VPN module.
Workaround: Use software encryption.
•
Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.
Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Symptoms: A Cisco gateway may fail to initiate a T.38 call to a third-party gateway. When the third-party gateway sends an open logical channel to the Cisco gateway as the last step to switch the codec to T38, the Cisco gateway may not send an open logical channel acknowledgement. Instead, the Cisco gateway may terminate the call immediately.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a gateway and that does not have any lengthy debug turned on.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: EZVPN crashes while reconnecting.
Conditions: This symptom is observed when EZVPN is in auto mode, is configured for split tunneling, and attempts to reconnect after the EZVPN connection went down because of IPSec SA expiration.
Workaround: Use manual mode or disable split tunneling.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Wide-Area Networking
•
Symptoms: A buffer leak may occur in the I/O memory of a router that is configured for redial.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T1 when a redial call attempt fails because a redial timeout occurs and when an incoming call connects to the same destination as the one for which the redial attempt fails. This situation is a timing problem. The symptom could occur in Release 12.3.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(8)T4
Cisco IOS Release 12.3(8)T4 is a rebuild release for Cisco IOS Release 12.3(8)T. The caveats in this section are resolved in Cisco IOS Release 12.3(8)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A bus error crash (that is, an illegal access to a low address) may occur in the RADIUS process.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1 and that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(3).
•
Symptoms: A router reloads unexpectedly when a tunnel password is downloaded via a RADIUS server.
Conditions: This symptom is observed when a tunnel password is configured in the RADIUS domain profile that is used to establish the tunnel and when the tunnel password string consists of more than 64 characters.
Workaround: Configure a tunnel password string that consists of less than 64 characters.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: The ifOperStatus SNMP object may return "Testing" when the CLI states Up/Up (Looped).
Condition 1: This symptom is observed when PPP encapsulation and loopback are configured.
Workaround 1: There is no workaround.
Symptom 2: The ifOperStatus SNMP object may return "DOWN."
Condition 2: This symptom is observed when HDLC encapsulation and the down-when-looped command are configured.
Workaround 2: There is no workaround.
IP Routing Protocols
•
Symptoms: NAT may change the IP length without modifying the UDP length for some H.225 traffic.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T, that is configured for PAT, and that processes H.225/H.323 RAS traffic.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Packets may be stuck in the input queue of a generic routing encapsulation (GRE) tunnel, and the following error messages and tracebacks may be generated:
%SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=817F9690, count=0
-Traceback= 80185464 8018666C 8018D7CC 803B0A44 8039E15C 8039F76C 8039D6D4 8039D8A4 8039DA70 801FD068 80200718
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=817F9690, count=0
-Traceback= 80182550 8018689C 8018D7CC 803B0A44 8039E15C 8039F76C 8039D6D4 8039D8A4 8039DA70 801FD068 80200718
%SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81A135F4, count=0
-Traceback= 80185464 8018666C 8018D7CC 803B0A44 8039E15C 8039F76C 8039D6D4 8039D8A4 8039DA70 801FD068 80200718Conditions: This symptom is observed on a Cisco 1720 that runs Cisco IOS Release 12.3(1a) or Release 12.3 T and that is configured for Dynamic Multipoint VPN (DMVPN), IP Security (IPSec), and Multipoint GRE. The symptom may occur when a packet buffer is released and when the input queue is not decremented.
Workaround: There is no workaround. Increasing the size of the hold queue of the tunnel interface by increasing the value of the length argument in the hold-queue length in interface configuration command may delay the occurrence of the symptom, but after a period of time, the input queue may fill up again. As a temporary workaround, reload the router until the symptom occurs again.
•
Symptoms: When RxLID is set to 16 or higher, IMA group remains in the down state and shows the NE but no FE in the group.
Conditions: This symptom is observed on an ATM-AIM that is running IMA.
Workaround: Use LID 15 or lower at the remote side.
•
Symptoms: On a Cisco 83X router with crypto engine accelerator enabled, the router fails to authenticate packets when AH authentication is used without any ESP in transport mode. The following logs can be seen on the console for every packet that fails.
%HIFN79XX-1-ERROR: chifn79xx_crypto_callback() toolkit return failure %HIFN79XX-1-PKTENGRET_ERROR: Hifn79xx PktEng Return Value = 0x10000, Hifn79xx_PktEngReturn_Overflow.
-Traceback= 80975F10 80984E60 809847B4 809820E8 80980C1C 80973C00 8017D968 801F4F1C 8017D8F0 801F4D7C 802E61D0 802E4D0C 802E50CC 802E5114 802F4360 802F6AF0Conditions: This only happens when ah-sha-hmac or ah-md5-hmac is used alone without any encryption in the transform set. It also happens only in transport mode. IPSec in Tunnel mode works fine with this transform set.
Workarounds: The following are only needed if using transport mode: 1. Use any ESP transforms along with the AH authentication. (or) 2. Use any ESP transforms without the AH authentication.
•
Symptoms: A Cisco IP Phone 7912 fails to download (or fails to use TFTP to download) its firmware from a Cisco CallManager Express 3.1 router
The output of the show ephone phone-load command shows the "CM-aborted-TCP" error message:
c1760#sh ephone phone-load
DeviceName CurrentPhoneload PreviousPhoneload LastReset
=====================================================================
..
SEP000F23C487D1 CP79120101SCCP030530B. CP79120101SCCP030530B. CM-aborted-TCP
..Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T and that is configured as a Cisco CallManager Express 3.1 when the following is configured:
telephony-service
load 7905 CP7905010200SCCP031023A
load 7912 CP7912010200SCCP031023A
max-ephones 30
max-dn 100
create cnf-files version-stamp 7960 Apr 05 2004 19:55:09
tftp-server flash:CP7905010200SCCP031023A.sbin
tftp-server flash:CP7912010200SCCP031023A.sbinWorkaround: Enter the load 7905 CP7912010200SCCP031023A.sbin command on the router and then reset only the Cisco IP Phone 7912. Note that the symptom does not occur in releases earlier than Release 12.3(7)T.
•
Symptoms: A SAR on a DSL WIC may cause reduced throughput, an increase in delay, or both because the bandwidth that is configured for the VC may be corrupted.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: There is no workaround.
•
Symptoms: IPv6 over ISDN does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: Incoming or outgoing voice calls may encounter no-way audio on some specific channels.
Conditions: This symptom is observed on a Cisco 2600 series that functions as a PRI voice gateway and that uses DSPs of an ATM AIM to place the voice calls.
Workaround: Reboot the voice gateway.
•
Symptoms: A Cisco router may reject an inbound SSH/Telnet connection.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6a) when the ip audit command is enabled on an interface of the router.
Workaround: In addition to the ip audit command, also enter the ip inspect inspection-name in command for TCP/UDP on the interface.
•
Symptoms: When the second backup Cisco CallManager (CCM) is down during active load testing, none of the active calls can be sustained.
Conditions: This symptom is observed in a configuration with a cluster of three CCMs: a primary CCM, a first backup CCM, and a second backup CCM. The CCMs run the wscmm-i6s-mz.cmm image of CCM version: 4.0(1).
Workaround: There is no workaround.
•
Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected.
Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
Refer to the Security Advisory at the following URL for more details
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml
•
Symptoms: Acknowledgements coming from a WIC may be lost, and the transmission may lock up. The missing acknowledgements may be recovered if the number of acknowledgements is more than one.
Conditions: This symptom is observed on a Cisco 2600 series that is configured with an ADSL or G.SHDSL WIC.
Workaround: If the transmission locks up, reset the interface. However, you can prevent the lock up from occurring by entering the tx-ring-limit ring-limit command on the PVC and by entering 24, 6, 5, or 2 for the ring-limit argument.
•
Symptoms: A software-forced reload may occur on an MGCP gateway that uses embedded messages in the MGCP protocol.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP gateway and is caused by the MGCP embedded message processing.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may fail to load Channel Interface Processor (CIP) microcode.
Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS software image that includes the fix CSCin48638. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCin48638. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Remove the CIP or insert another CIP in the router.
•
Symptoms: Mid-call INVITEs that are initiated by a third party user agent server (UAS) may fail on the Cisco GW (UAC).
Conditions: The tag parameter in the From or To header of the INVITE message may be preceded with one or more leading white spaces.
Workaround: There is no workaround.
•
Symptoms: A PXF exception may occur.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NSE-1 and on a Cisco 7401 when these platforms function as LNS L2TP tunnel endpoints under the following circumstances:
–
–
–
Workaround: Disable PXF by entering the no ip pxf command.
•
Symptoms: A router may crash.
Conditions: This symptom occurs if NM-CEM-4TE1 and NM-2CE1T1-PRI/NM-1CE1T1-PRI are used on the same router.
Workaround: Do not use NM-CEM-4TE1 and NM-2CE1T1-PRI/NM-1CE1T1-PRI on the same router.
•
Symptoms: A router that is configured for RTP header compression may crash with a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T or a later release, or Release 12.2 S.
Workaround: Disable RTP header compression.
•
Symptoms: The Cisco IOS SIP stack generates non-unique (duplicate) branch IDs in close succession.
Conditions: On receiving requests, which initiates a new dialog, with duplicate branch IDs, some third party UAs drop this request because that branch ID is already in use on an existing dialog. This causes calls to get dropped.
Workaround: There is no workaround.
•
Symptoms: The MGCP default setting for a minimum jitter buffer size is 4 ms; this setting degrades the voice quality until you configure the setting to be different via the mgcp playout command. It has always been this way in IOS, but MGCP has been using a fixed MGCP playout buffer instead of a dynamic buffer even though it was configured to use dynamic. During some recent IOS changes, it now uses dynamic playout buffer.
Conditions: This symptom is observed under normal operating conditions.
Workaround: Configure the nominal MGCP default setting for the minimum jitter buffer size to be the same as for H.323 and SIP gateways so that the setting for each individual gateway does not need to be changed via the mgcp playout command.
•
Symptoms: A Cisco router may reload when you configure the authentication proxy on the router while Network Admission Control is already running.
Conditions: This symptom is observed on a Cisco 831 but may be platform-independent.
Workaround: Enter the no ip admission auth-proxy-name command followed by the ip admission auth-proxy-name command.
•
Symptoms: A Cisco router that is configured as a spoke in a DMVPN hub-spoke network shows tracebacks.
Conditions: This symptom is observed when Auth-proxy authentication is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured as a spoke in a hub-spoke network shows tracebacks.
Conditions: This symptom is observed when IPSec is configured, when a feature that uses NBAR is configured (for example, a firewall or IDS), and when packets are switched via CEF or fast-switching.
Workaround: There is no workaround.
•
Symptoms: The From header field and the To header field for non third-party registration requests are not identical.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(8)T or 12.3(8)T1.
Workaround: There is no workaround.
Further Problem Description: RFC 3261, section 10.2, states the following: From: The From header field contains the address-of-record of the person responsible for the registration. The value is the same as the To header field unless the request is a third-party registration.
•
Symptoms: A spoke in a DMVPN network drops its IPSec tunnels after some time.
Conditions: This symptom is observed after one to two days of proper operation.
Workaround: Enter the shutdown command followed by the no shutdown command on the IPSec tunnel interface.
•
Symptoms: A Cisco 1700 series crashes when you enter the show controller ethernet command.
Conditions: This symptom is observed only when the Cisco 1700 series is configured with both an an Ethernet WIC and an ADSL or G.SHDSL WIC.
Workaround: There is no workaround.
•
Symptoms: If a remote device uses a UDP port other than 500 as the source port for IKE negotiations, a Cisco platform does not correctly handle IKE negotiations during SPI recovery. SPI recovery works only if the remote device also uses UDP 500 as the source port for IKE negotiations. The problem seems to be that the Cisco platform does not send a QM_IDLE message.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(8)T.
Workaround: Use UDP port 500 on both sides for IKE negotiations.
•
Symptoms: When a DSP is dead or does not function, the DSP is considered lost.
Conditions: This symptom is observed on Cisco 26xx and Cisco 3745 routers that are running Cisco IOS 12.3(8)T. There is no way to bring the DSP back to its normal functional state.
Workaround: There is no workaround.
•
Symptoms: When several "ip sdf locations" configuration statements on a Cisco IOS IPS device are unconfigured and reconfigured in a new order, the new order does not take effect.
Conditions: This symptom happens specifically when signatures have actually been loaded from one of the configured locations.
Workaround: There is no workaround.
•
Symptoms: A router may reload when you enter the show queue atm command.
Conditions: This symptom is observed on a Cisco 7200 series with an NSE-1 processor board and a Cisco 7401 when PXF is enabled. The symptom occurs when the show queue atm command is entered while traffic is flowing through an ATM PVC.
Workaround: Disable PXF globally by entering the no ip pxf command.
•
Symptoms: An SSG crashes when you enter the show ssg interface command.
Conditions: This symptom is observed when a service that is bound to an interface has a service name that consists of more than 44 characters.
Workaround: Use services whose service names are shorter than 44 characters.
•
Symptoms: A call may fail with MGCP error code 400 (Voice setup failed).
Conditions: This symptom is observed when call is made from a Cisco AGM that functions as an MGCP gateway and that is registered to a Cisco CallManager.
Workaround: There is no workaround.
•
Symptoms: Downloading the contents of a named ACL from an ACS may pose a vulnerability to a network because an intruder may use the ACL name as the user name in PAP authentication.
Conditions: This symptom is observed on a Cisco platform that is configured for EAPoUDP.
Workaround: There is no workaround.
•
Symptoms: 6PE is not present in following images:
c3745-advipservicesk9-mz
c3745-adventerprisek9-mz
c3725-advipservicesk9-mz
c3725-adventerprisek9-mzConditions: This symptom is observed in Cisco IOS Release 12.3(7)T and Release 12.3(8)T.
Workaround: There is no workaround.
•
Symptoms: MGCP links between a gateway and an EGW call agent fail may fail to come back into service.
Conditions: This symptom is observed when you change from Cisco IOS Release 12.3(4)T4 to Release 12.3(8)T. The gateway normally uses the bind address that is specified to respond to MGCP messages. After upgrading to Release 12.3(8)T, the MGCP bind control seems to be ignored and the gateway uses the best available interface IP address as the source address. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: PPP sessions may get stuck in the TERMSENT state.
Conditions: This symptom is observed on a Cisco platform that has a high CPU utilization.
Workaround: Clear the underlying layer (VPDN, PPPoA, or PPPoE).
•
Symptoms: If a Cisco 2651XM is connected to a one of the older iSDX DLI (DPNSS) line cards (rev 01 0r 04), the E1 link will continually reset and fail to enter into information transfer state.
Conditions: E1 link resets every 30 seconds when the Cisco 2651 responds to SABMR's from the switch.
Workarounds:
1. Replace the DLI card with Enhanced QSig card (1HAC50152AAF).
2. Running debugs while the link is restarting allows time for the older DLI cards to respond.
Note: Interworking with older DLI cards will need to be confirmed in later Cisco IOS images.
•
Symptoms: With PPP multilink over ATM configured in Cisco IOS, the router may reload with a bus error.
Conditions: This symptom is observed when the PPP over ATM link goes down and is removed from the multilink bundle.
Workaround: Increasing the keepalive interval or retry count, or disabling keepalives altogether, may help to avoid the problem by making it less likely that the PPP over ATM session goes down during periods of instability in the ATM network.
Resolved Caveats—Cisco IOS Release 12.3(8)T3
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(8)T3. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(8)T3. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Note
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: In a setup where there are multiple NM-HDVs with VWICs that are receiving clocks from different sources not in sync, slips continually increment after a power cycle.
Conditions: As long as the VWICs do not participate in network clocking, you should be able to have clocks on separate HDVs that are not in sync. This works as expected until the router is power cycled. Once power cycled, slips continually increment.
Workaround: Reload the router via CLI.
•
Symptoms: After a calling party gets transferred, the calling party continues to hear ringback even after the destination answers.
Conditions: This symptom occurs when the transferrer does a consultation transfer at alert with the calling party. The transferred-to destination does not answer but has call forward no-answer configured to another destination (i.e. voice mail). When CFNA activates the forward, the destination (i.e. voice mail) answers, but the calling party continues to hear alerting.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(8)T1
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(8)T1. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(8)T1. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: An IPv6 PIM neighbor may be down after changing the PIM configuration.
Conditions: This symptom is observed when the no ipv6 pim command is entered on some subinterfaces of a physical Ethernet interface and PIM is enabled on several subinterfaces of the same physical Ethernet interface.
Workaround: There is no workaround.
•
Symptoms: A router may crash while accessing an illegal low value that is received from a timer of a RADIUS server.
Conditions: This symptom is observed when there are retransmits for a proxy RADIUS server during the SSG user logon process.
Workaround: There is no workaround.
•
Symptoms: Console access to a router may not be available after booting up.
Conditions: This symptom is observed when the router does not have the aaa authentication login command enabled.
Workaround: Load a Cisco IOS software image in which this problem does not occur and use one of the following workarounds before loading the Cisco IOS software image in which the problem occurs:
–
–
•
Symptoms: Async PPP calls fail on a Cisco AS5850 when a Cisco IOS upgrade is performed from Cisco IOS Release 12.3(7)T to Cisco IOS Release 12.3(7)T1.
Conditions: This is seen on a Cisco AS5850 running Cisco IOS Release 12.3(7)T1 and only with async mode interactive. This issue can be service affecting and this is reproducible. The symptom may also occur in Cisco IOS Release 12.3.
Workaround: Though not a good solution, configuring async mode dedicated solves the problem.
•
Symptoms: AAA database memory is not released when the AAA ID is deallocated.
Conditions: This symptom is observed GGSN PPP context is opened or closed.
Workaround: There is no workaround.
•
Symptoms: A platform may pause indefinitely when the radius-server deadtime command is configured.
Conditions: This symptom is observed on a Cisco platform under the following conditions:
–
–
–
Workaround: There are three different workarounds:
–
–
–
IP Routing Protocols
•
Symptoms: On a Cisco AS5850 Universal Gateway, calls terminating on a dialer interface and joining an IGMP group may not receive traffic from the multicast source. The Cisco AS5850 sends traffic to only one of the calls at a time.
Conditions: This problem is seen only with calls terminating in a dialer interface. If the call comes up as a virtual-access or multilink PPP call, there is no problem.
Workaround: Perform the following actions: 1. Configure the dialer interface with the no ip mroute-cache command. 2. Remove virtual-profile if-needed, which will cause all calls to come through virtual profiles.
•
Symptoms: A router that is configured for multicast routing may reload due to a bus error.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software release that contains the fix for CSCec80252. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec80252. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: The following message is observed: "System returned to ROM by error - a SegV exception, PC 0x80185424."
Conditions: It has been observed that the router crashes with this problem when there is a heavy load of NAT traffic. This issue happens randomly.
Workaround: There is no workaround.
•
Symptoms: An MWAM processor that is running SSG software crashes.
Conditions: This symptom occurs when more than 5000 L2TP service connections are created.
Workaround: Disable logging console.
Miscellaneous
•
Symptoms: SSG only supports one class attribute rather than several of them, although a RADIUS client is supposed to put all class attributes that it receives in Access-Accept messages into Accounting-Request messages that it sends for a session. (See RFC2865/2866.)
Conditions: This symptom is observed on a Cisco platform that is configured as an SSG.
Workaround: There is no workaround.
•
Symptoms: ISDN overlap receiving may not function on a Cisco 2600 series.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6) when a custom Tool Command Language (Tcl) script is used.
Workaround: There is no workaround.
•
Symptoms: Cisco Gateway GPRS support node (GGSN) has very low data throughput while sending data through a Point to Point Protocol (PPP) that is terminating on GGSN Packet Data Protocol (PDP) using Address and Control Field Compression (ACFC) or protocol field compression (PFC).
Conditions: This symptom is observed on a Cisco Gateway GPSR support node.
Workaround: Use the non ACFC/PFC PPP termination on GGSN PDP.
•
Symptoms: In the presence of a AIM-VPN card, an Unexpected exception occurs and the router reloads:
Unexpected exception to CPUvector 1200, PC = 814792C4
-Traceback= 814792C4 814785AC 8146C974 8145CF94 8145D03C 81364210 813642EC 80058DE0 8005ACC0 8004D964 800DC4D0 80165990 801630AC 805453BC 8015457C 8015457C 8054547CConditions: This symptom is observed on all Cisco 2600, 3600 and 3700 series routers running Cisco IOS Release 12.3(8)T which make use of a VPN card (AIM- VPN/BP, NM- VPN/MP, AIM-VPN/HP) if qos pre-classification is enabled using qos pre-classify.
Workaround: Disable qos pre-classification.
•
Symptoms: A Cisco router running GGSN software does not return the Control TEID in the Create PDP response in certain cases.
Conditions: If GGSN has already sent the control TEID for a PDP context before, and it receives a create PDP request for the same existing PDP, it does not send the Control TEID in the create response.
Workaround: Currently there is no workaround.
•
Symptoms: One way voice path is seen for the conferences using the DSPs from the Gateway if the Ethernet interface is not specified under the CCM group.
Conditions: One way voice path may be seen for the IP Phone in the conference session if gateway has multiple Ethernet interfaces
Workaround: Use the command bind interface ethinterface x/y under sccp group abc.
•
Symptoms: Memory fragmentation causes a router to reload.
Conditions: This symptom is observed on a Cisco AS5850 enhanced route switch controller (eRSC) that is running two B channel serial multilink calls, which causes a memory leak in Pool Manager.
Workaround: There is no workaround.
•
Symptoms: A VoIP call with the required SETUP message is up but may be disconnected when the call initiator sends an H225 Q931 NOTIFY message.
Conditions: This symptom is observed during a test of the ISDN Calling Name Display feature.
Workaround: There is no workaround.
•
Symptoms: A call proceeding, alerting, or connect-back to the PSTN is not sent, causing a call to be disconnected due to a "Recovery on Timer Expiry."
Conditions: This symptom is observed when overlap receiving is configured on an ISDN interface and the destination is configured to forward all calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco router configured for Network Admission Control (IP admission) can crash when the interface access control list associated with IP admission interface is modified/removed followed by clearing of IP admission session entries with clear eou all or clear ip admission cache commands.
Workaround: Clear the IP admission cache entirely before modifying or removing the interface access control list.
•
Symptoms: A router may reload after sending some traffic during the PPPoE client authentication setup.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) when the clear pppoe all command is entered on the PPPoE client after both corresponding ATM and dialer interfaces have been shut down first.
Workaround: Do not enter the clear pppoe all command on the PPPoE client when the ATM and dialer interfaces are shut down.
•
Symptoms: A software-forced reload occurs when you remove the header-compression configuration from an interface.
Conditions: This symptom is observed when the following conditions are present on the interface:
–
–
Workaround: Shut down the interface during the reconfiguration.
•
Symptoms: When a DSPFARM is configured on a Cisco VG200, on every other conference calls there is only one-way audio.
When you enter the show sccp conn command on the DSPFARM, the output shows three users in the conference, the sessions are in the "sendrecv" state, and the IP addresses of the sessions are shown.
The output of the show dspfarm session command shows the same three users, but one DSP session is in the "recvonly" state and has an IP address of 0.0.0.0.
When the conference call works properly, the commands outputs show "sendrecv" as the state and the proper IP addresses of the sessions.
Conditions: This symptom is observed on a Cisco VG200 that runs Cisco IOS Release 12.3(6) and that is connected to a Cisco CallManager that runs software version 3.3.3 sr4a.
Workaround: There is no workaround.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed on a Cisco 7200vxr series that is configured with an NPE-G1 Network Processing Engine
Workaround: There is no workaround.
•
Symptoms: An EZVPN client crashes when the user hits the "return" key after the user name prompts.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or 12.3T.
Workaround: There is no workaround.
•
Symptoms: When 911 calls are done via MF signaling, calls placed to 911 intermittently fail.
Conditions: This symptom is observed in the following call flow:
A customer dials 911; the call agent sends a RQNT to a TGR (a Cisco AS5850) with call setup information; the TGR acknowledges with a 200 message. At this point no further messages are sent from the TGR.
In most cases a customer abandons the call and reattempts to dial 911 again, which will connect on a different trunk (trunk groups are set up for LRU in the call agent). The MGCP connection on the TGR hangs.
DSIP debug shows that after receiving a wink back from the agent, TGR immediately sends a loop open, which should not be the next event. The caller hears dead air during this entire series of events.
Workaround: There is no workaround.
•
Symptoms: All SWIDBs may be used.
Conditions: This symptom is observed when PPPoA sessions flap continuously.
Workaround: There is no workaround.
•
Symptoms: Malicious Call Identification (MCID) does not work because the digits are not being collected, causing the script to time out.
Conditions: This symptom is observed on a Cisco router that is configured for MCID with SIP as the VoIP protocol.
Workaround: There is no workaround.
•
Symptoms: If MGCP messages that are sent from a gateway are not acknowledged by the call agent, memory corruption may occur on the gateway. This situation may cause the gateway to crash, or unusual or strange behavior may occur.
Conditions: This symptom is observed when the following conditions are met:
–
–
–
Workaround: Increase the values of the number arguments in the max1 retries number and max2 retries number commands in the MGCP profile. The default values should be sufficient to avoid from symptom occurring.
•
Qsig call redirection works in Cisco IOS Release 12.2.23 code but is failing when using Cisco IOS Release 12.3.6 code.
Workaround: Use Cisco IOS Release 12.2.23 code.
•
Symptoms: Without a GKTMP server, calls are not routed based on the destination carrier ID in ARQ.
Conditions: This symptom is observed on a Cisco gatekeeper.
Workaround: Use a GKTMP server.
•
Symptoms: A Cisco 1700 series may crash because of an address error.
Conditions: This symptom is observed on a Cisco 1700 series that runs the c1700-k9o3sy7-mz image of Cisco IOS Release 12.3(7)T and that has NBAR configured.
Workaround: There is no workaround.
•
Symptoms: Music on Hold (MOH) does not work when a call passes through a Cisco Internet Service Node (ISN) for public switched telephone network (PSTN) calls.
Conditions: This symptom is observed on a Cisco 3725 that functions as an H.323 gateway and that runs an IP voice image of Cisco IOS Release 12.3(4)T in a configuration with a Cisco AS5850 gateway that runs Release 12.3(7)T.
Workaround: This workaround is needed in Cisco IOS Release 12.3(7)T or a later release. Perform the following steps:
1.
2.
voice service voip
h323
no ras brq•
Symptoms: TBCT may not work properly.
Conditions: This has been observed on a Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: Router crashes if EVM-HD is plugged into slot 1 on a Cisco 2800 router.
Conditions: This happens during system bootup.
Workaround: Don't insert EVM-HD in slot 1 on a Cisco 2800.
•
Symptoms: On a Cisco 3700 series router with an AIM-IMA configuration, the T1 controller operating in IMA mode stays in a down state when the circuit is taken down for testing.
Conditions: Problem happens on a consistent basis when the circuit is taken down for testing. The T1 controller shows "Receiver has remote alarm" when the problem happens.
Workaround: Put up a hardware loop on the T1 interface and drop it. Then connect the circuit back in and the T1 will stay up.
Further Problem Description: The problem is with ATM switches that send out RAI when ATM cell delineation is lost. If this occurs when the box is coming up from a cold start, the router will not connect the AIM to the WIC card so that ATM idle cells are sent on the T1 line.
•
Symptoms: On a Cisco 1700 when changing Foreign Exchange Office (FXO) (VIC2- 2FXO and VIC2-4FXO) impedance, the FXO registers stay unchanged. This is because the FXO codec register is unconfigured and can result with unexpected behaviors. We found CN & BZ CPtones failing to receive a call and we believe most of the CP tones will not work because this problem.
This issue may also contribute to some voice quality problems.
Conditions: When changing FXO (VIC2-2FXO and VIC2-4FXO) impedance, the FXO registers.
Workaround: There is no workaround.
•
Symptoms: A call comes in from a PSTN phone to a Cisco CallManager that routes the call to a route list that is answered by an IP phone. The IP phone user hits the transfer button once and dials another IP phone. Once the transfer button is pressed a second time, the PSTN caller hears a reorder tone. All devices are within the same region and are using G.711 codec.
Conditions: This symptom is observed with a Cisco IOS gateway running Cisco IOS Release 12.3(7)T and CallManager 4.0.1sr1.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload with a software forced crash when NBAR and NAT are configured. The following error message will be displayed:
%SYS-2-FREEFREE: Attempted to free unassigned memoryWorkaround: Change the port mapping for RTSP: config t ip nbar port rtsp tcp 65535. This will cause standard RTSP packets to be ignored by NBAR and not translated by NAT.
•
Symptoms: A Cisco 1700 series router running Cisco IOS Release 12.3(7)T exhibits an error: it cannot recognize a .vxml extension.
Conditions: This symptom occurs with ipvoice, entservicesk9, and spservicesk9 images.
Workaround: Use a "v8" voice image such as sv8y7, k9o3sv8y7, etc.
•
Symptoms: The voice port in the ATM-AIM-VOICE-30 module does not initialize properly and some of the voice port goes to wrong state. Sometime the voice port comes up. But, all dialed digits are not collected followed by dsp crash. This problem is independent of the DSP version and signaling used and impact only ATM-AIM-VOICE-30 module. Call does not go to first dsp on the module.
Conditions: This crash occurs with multi-channels calls. Usually, digits are lost followed by a DSP crash.
Workaround: There is no workaround. Need to re-create the voice-port or router require reload.
•
Symptoms: Passive monitoring does not collect statistics for Optimized Edge Routing (OER)-monitored prefixes that do not have an exact match in the routing table on the OER Border Routers (BRs).
With the following configuration on the OER Master Controller (MC), the OER Top Talker (TT) on the BR learns by default prefixes of mask length 24:
–
(config-oer-mc)#mode monitor passive
–
(config-oer-mc-learn)#aggregation-type prefix-length
Before the OER MC controls these prefixes, the OER MC sends them to the BR for monitoring. The passive monitoring component on the BR is not able to collect any statistics for the prefixes that do not have /24 route in the routing table. This situation prevents any performance statistics from being send to the OER MC and these prefixes from being controlled. These symptoms also occur for configured prefixes that are not present in the routing table.
Conditions: These symptoms are observed on a Cisco OER MC Engine that runs Cisco IOS Release 12.3T.
Workarounds for learned prefixes:
–
(config-oer-mc-learn)#aggregation-type prefix-length 8
On the BR, TT learns the prefixes that have a mask length of either 8 or for which the mask length is found in the routing table, whichever is the greatest. This results in control of the prefixes that have a mask length that is greater than or equal to 8 in the routing table. The side effect is that prefix splitting is not possible.
–
(config-oer-mc-learn)#aggregate-type bgp
Doing so results in control of all prefixes for which BGP installs the routes in the BR routing table.
–
(config-oer-mc-learn)#aggregate-type non-bgp
Doing so results in control of all prefixes for which protocols other than BGP install the routes in the BR routing table.
Workaround for configured prefixes: Prefixes that are configured on the OER MC should be present in the BR routing tables. The symptom does not occur when the OER MC controls non-exact prefixes of mask lengths that are less than or equal to 32.
•
Symptoms: The Cisco router running any GGSN R4.0 images and if bi-directional traffic is sent on some PPP Regeneration PDP Contexts, when the sessions are to be deleted from GTP side, the router could reload.
Workaround: Stop the traffic before the PDP Context removal, or clear the PPP Regeneration session from the Gi side, e.g. clear the corresponding HW IDB.
•
Symptoms: Internet Group Management Protocol (IGMP) snooping does not function with a 4- or 9-port Cisco EtherSwitch high-speed WAN interface card (HWIC) and an EtherSwitch (ESW) network module that are stacked.
Conditions: This symptom is observed on a Cisco 3800 series but is not platform-specific.
Workaround: There is no workaround.
•
Symptoms: Having both wic-B-S/T-v3 & wic-B-U-v2 creates a error message "Failed Identification Test".
Workaround: There is no work around for this problem.
•
Symptoms: When Cisco IOS-Firewall CBAC is configured, the router seems to have a software forced reload caused by one of the inspection processed.
Conditions: When router is part of a DMVPN hub-spoke and the router is connected to the central office over the Internet.
Workaround: not available
•
Symptoms: Radius Accounting Start and Stop records do not match for the nas port attribute for PPPoEoE Users. The Radius Accounting Stop record for the nas port attribute is a number in the range of 60000+n
Conditions: The incorrect nas port radius accounting information only occurs within an SSG environment
Workaround: Use attribute cisco nas port
•
Symptoms: When using a router-on-a-stick config with the VPN Server, packets output to the VPN Client are lost when using crypto.
Conditions: This occurs irrespective of HW or SW crypto used.
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses may occur on a Cisco 1700 series after you disable IPSec tunnel protection.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: More than one IDS action causes a transition parse failure when you switch from the ip audit name audit-name command that includes the action keyword (and an action) to the new ip ips name ips-name command that was introduced in Cisco IOS Release 12.3(8)T.
In the following examples, the parser fails to process more than one audit action:
ip audit name <audit-name> info action alarm drop reset
^% Invalid input detected at '^' marker.
ip audit name <audit-name> attack action alarm drop reset
^% Invalid input detected at '^' marker.
%IPS Rule name <audit-name> is not defined
When multiple actions are specified in the ip audit name audit-name command (that is, in the old IDS version) and you switch to the ip ips name command, there is a parse error that causes the ip ips name ips-name command to disappear from the configuration.
Conditions: This symptom is observed when the IDS version has a CLI that has been upgraded from the ip audit name audit-name command to ip ips ips-name command.
Workaround: Remove the multiple actions from the command. For example, the ip audit name audit-name info action alarm drop reset command becomes the ip ips name ips-name command.
See the documentation for Cisco IOS Release 12.3(8)T about details of specifying the action keyword with the new IDS functionality that was introduced in Cisco IOS Release 12.3(8)T.
•
Symptoms: In case of NM-HDV2 on c2800, if controller 1/0 is registered with a call-agent, and controller 1/0/0 is in "shutdown" state, then the end-point is not validated.
The same is seen for controller 1/1 and 1/0/1
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS H.323 gateway may experience high CPU utilization at the interrupt level, and a large number of alignment errors may be observed.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(7)T1, that functions as a gateway, and that connects on one side via a T1 PRI to the PSTN and on the other side via H.323 to a gatekeeper cluster. The gatekeepers run Cisco IOS Release 12.2(15)T11.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
Symptom 1: A PPP user is unable to log into services or a PPP SSG user is unable to log in from an SESM.
Conditions 1: This symptom is observed when the port-bundle host key feature is enabled on the SSG and when a PPP SSG user logs out and tries to log in again from an SESM.
Workaround 1: Restart the PPP session and to enable the user to log into services. Disable the port-map host key feature to enable a user to log in again from an SESM.
Symptom 2: Appropriate access-request and access-reject messages are not generated, which can be seen in the output of the show logging command.
Condition 2: This symptom is observed when an SSG user tries to log in with a valid user name and an incorrect password.
Workaround 2: There is no workaround.
Symptom 3: An SSG crashes.
Condition 3: This symptom is observed when you unbind in a specific sequence the downlink interface after you have applied an ACL to an uplink interface.
Workaround 3: There is no workaround.
•
Symptoms: DSP Download failure for Maximum Possible Conferencing Sessions i.e 100 sessions on a Cisco 2800 series gateway.
Conditions: DSP Download failure happens followed by a traceback if total limit of conference sessions is tried to be configured
Workaround: Configure less conference sessions i.e 90-95 Conference sessions when utilizing the 5510 DSPs from NM-HDV2 and DSPs populated on the motherboard for Conferencing
•
Symptoms: Currently MGCP quarantine mode gets updated with each incoming MGCP message independent of the fact that the message may not have Q-line. This behavior is recently committed and may cause regressions on customer sites. The legacy behavior is to ignore any updates to the MGCP quarantine mode when no Q-line is present in the MGCP message.
Conditions: All
Workaround: There is no workaround.
•
Symptoms: When gateway switch codec from high bandwidth codec (g711u for example) to low bandwidth codec (like g729), if the gateway registered with a gatekeeper and sends BRQ to gatekeeper, the gateway may drop the call when it gets BCF from the gatekeeper.
Workaround: Disable sending BRQ from the gateway by following config, voice service voip h323 no ras brq
•
Symptoms: Router can crash for SIP Protocol Header Passing when using VoiceXML.
Conditions: A Cisco Voice Gateway can crash when using SIP Subscribe and Notify, Protocol header Passing functionality using Voice XML Scripts.
Workaround: There is no workaround.
•
Symptoms: A router running IPSEC may reload due to a Bus Error.
Mar 14 02:51:54.047 UTC: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk headerIs seen just before the crash.
Conditions: The router must be running IPSEC
Workaround: Configure "no ip-virtual reassembly."
•
Symptoms: Cisco GGSN R4.0 reloads while displaying pdp context by show gprs gtp pdp tid command, at the same time when pdp context is deleted.
Workaround: There is no workaround.
•
Symptoms: GGSN reloads on receiving new create request while trying to clear pdps on DHCP renew request failure.
Conditions: This occurs only when DHCP sever goes down or DHCP server slow down causes this reload.
Workaround: There is no workaround.
•
Symptoms: Reusing TEID too soon on GGSN R4.0 caused new calls deleted immediately.
Workaround: There is no workaround.
•
Symptoms: Packets received on SVI interface and going through the router over GRE/IPsec tunnel may get dropped when cef switching is configured.
Conditions: This is observed on a 1711/1712 router which has fixed WIC-4ESW WIC and running Cisco IOS Release 12.3 (7)T image.
Workaround:
1. Upgrade to Cisco IOS Release 12.3(8)T.
2. Disable CEF switching.
3. crypto map is removed from interface Tunnel and applied again.
•
Symptoms: Existing policy attributes such as an ACL and a URL are not removed when they should be removed.
Conditions: This symptom is observed when revalidation of an EAPoUDP session fails.
Workaround: There is no workaround.
•
Symptoms: Conferences hosted by a dsp may unexpectedly cease to function. The problem manifests itself in the timestamps of rtp streams. The statistics for the jitter buffers that terminates the rtp streams will indicate abnormalities such as excessive jitter or discarded packets.
Conditions: The disruption is triggered by the closing the first conference (conference ID = 1) of a dsp. The 32bit rtp timestamps will then freeze for all rtp streams of the remaining conferences. When the first conference is reopened, the timestamps will resume updating and any conferences still open will resume operating normally.
Workaround: Open and then never close the first conference of a DSP.
•
Symptoms: Traffic shaping fails in the presence of an ISA crypto accelerator card.
Conditions: This symptom is observed on all Cisco 7200 series routers running Cisco IOS Release 12.3(8)T which make use of a VPN card (ISA) if generic traffic shaping is enabled using traffic-shape group.
Workaround: There is no workaround
•
Symptoms: Cisco router running Home Agent (HA) image may reload when the Mobile IP Registration Request message is rejected.
Conditions: The above symptom was observed in case when Mobile IP tunnel creation between Foreign Agent and Home Agent fails.
Workaround: There is no workaround.
•
Symptoms: Tracebacks are seen on a NAS when a voice call is disconnected.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that function as a NAS.
Workaround: There is no workaround.
•
Symptoms: An ATM interface fails to come up and constantly (in 5-second intervals) shows the following error message:
%DSLSAR-1-NO_SCC_CLK_ERR: ATM0/0: Interface is DOWN because the sum of the clock rate values for both the WICs in slots 0 and 1 exceeded maximum capacity. Please configure clock rates using clock rate command in interface mode such that the sum of clock rate on both the WICs does not exceed 196614 bps. For a DSL wic, please include aal5 and aal2 clock rate values while calculating the total.Conditions: This symptom is observed on a Cisco IAD2430 series that is configured with an ADSL WIC.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco router that has the identity profile eapoudp and identity policy policy-name commands enabled.
Conditions: This symptom is observed when a host matches an entry in the exception list that has a policy associated with it.
Workaround: Perform the following two steps:
1.
2.
•
Symptoms: Connection interim accounting records are not send at the exact configured intervals.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG and that runs a Cisco IOS software image that includes the fix for CSCin72146. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCin72146. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A PXF exception may occur on a Cisco 7200 series that is configured with an NSE-1 or on a Cisco 7401 that has PXF enabled when either of these platforms function as an LNS.
Conditions: This symptom is observed when an L2TP session is established over a VLAN subinterface that has ISL encapsulation enabled and when traffic is processed on this subinterface.
Workaround: Disable PXF by entering the no ip pxf command.
•
Symptoms: Tracebacks may be generated during the configuration of the MGCP service type.
Conditions: This symptom is observed on a Cisco 3700 series. However, the symptom is platform-independent.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: An LNS bringing up a maximum number of PPoEoA calls at the maximum rate may crash.
Conditions: This symptom is observed in Cisco IOS Release 12.3 T but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Route Switch Processor (RSP) may crash while Multilink PPP (MLP) is running.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5), that is equipped with a VIP4-80 and PA-A3 ATM port adapters, and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM).
Workaround: There is no workaround.
•
Symptoms: A11 sessions on a Cisco PDSN may be stuck in the "EST" establishing state, and PPP negotiation may stop progressing any further. This situation may cause the Cisco PDSN to run out of memory, preventing new PPP sessions (PDSN or otherwise) from being started, and possibly preventing other features from being used.
Conditions: This symptom is observed on a Cisco PDSN that runs Cisco IOS Release 12.3(7)T or a later release later after about 1 million sessions are established and closed.
Workaround: There is no workaround.
•
Symptoms: RTP packets are compressed as NON-TCP packets rather than as RTP-COMP packets.
Conditions: This symptom is observed on a serial interface that is configured for PPP encapsulation via the encapsulation ppp command and that has RTP header compression enabled via the ip rtp header-compression iphc-format command.
Workaround: Do not use PPP encapsulation. Rather, use HDLC encapsulation by entering the encapsulation hdlc command.
Resolved Caveats—Cisco IOS Release 12.3(8)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(8)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(8)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco router running Cisco IOS Release 12.3(7.2)T will not allow a user to enter the enable mode.
Conditions: This occurs if an enable secret is configured.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: Upon disconnection of a PAD, the following message is displayed:
Deleting login sessionConditions: This will be seen on Telnet LAT PAD or other connection making use of a tty. The message can affect the behavior of an application, especially when a PAD is sending this message and the start-stop DTE does not expect this.
Workaround: There is no workaround.
IBM Connectivity
•
Symptoms: When you enter the dlsw bridge-group group-number global configuration command, the following error messages and tracebacks may be generated:
%IDBINDEX_SYNC-3-UNKNOWN_TYPE: IDB type is unknown and cannot be synced: "",0 -Traceback= 4021FCAC 40220F58 4021FF10 4022122C 40455C90 40457D4C 41256D8C 412592B0 4125982C 40CC9D04 4125C6C8 4125B83C 4125B6A8 412620AC 41293FD4 4128A660
%IDBINDEX_SYNC-3-IDBINDEX_INITKEY: Cannot initialize IDB index table lookup key: "",0Conditions: This symptom is observed on a Cisco 7304 and a Cisco 7500 series that run Cisco IOS Release 12.2(20)S and that are configured for High Availability (HA).
Workaround: There is no workaround. However, the symptom is of a cosmetic nature. Data-link switching plus (DLSw+) functions properly.
Interfaces and Bridging
•
Symptoms: Packets that are tagged for IEEE 802.1Q VLAN may be dropped when bridged PPP links are configured for Bridge Control Protocol (BCP).
Conditions: This symptom is observed when a PPP link is configured to carry bridged Ethernet VLAN traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 (NSE-1) router with bidirectional PPPoA/l2tp traffic unexpectedly reloads.
Conditions: This is observed on a Cisco 7200 (NSE-1) router with bidirectional PPPoA/l2tp traffic when the user tries to remove an ATM interface. This defect happens only with NSE-1.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: BGP update generation may enter a deadlock.
Conditions: This symptom is observed when the RR configuration is changed.
Workaround: Remove the BGP process and add it back.
•
Symptoms: A Cisco router that runs Cisco IOS Release 12.3(5.13)T may reload because of a bus error. The output of the show version command may show the following:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xYYYYYYYYConditions: These symptoms occur when clear ip nat * is executed on the CLI.
Workaround: Do not perform clear ip nat *.
The following link provides general information about bus errors: http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.shtml
•
Symptoms: A memory leak occurs in the IP NAT WLAN process because the AAA UID is not freed.
Conditions: This symptom is observed when a race condition occurs in which the AAA UID is not saved in the WLAN NAT entry.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly with a bus error and/or display spurious memory access messages.
Conditions: This symptom is observed when the router is configured for OSPF and is actively learning OSPF routes dynamically.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when configuring ODR.
Conditions: This symptom occurs with Cisco IOS Release 12.3(7.4)T.
Workaround: There is no workaround.
•
Symptoms: IPv6 BGP may not reach the established state.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(26)S2 or Release 12.0(28)S. However, the symptom is not platform-specific.
Workaround: There is no workaround.
•
Symptoms: NHRP may cause a router to crash due to a memory corruption.
Conditions: This symptom occurs when running a Multipoint GRE interface.
Workaround: There is no workaround.
•
Symptoms: There is a significant performance degradation affecting VRF forwarding traffic that does not match for VRF NAT entries.
Conditions: VRF NAT and VRF forwarding are configured at the same interface. This symptom occurs as the number of VRF NAT pool configurations increase.
Workaround: There is no workaround.
•
Symptoms: "%PARSE_RC-3-PRC_SUBRCODE_RANGE: Parser Return Code state range error 0" messages are observed.
Conditions: This symptom occurs when ip unnumbered loopback x is executed under an interface.
Workaround: There is no workaround.
•
Symptoms: When configuring a new route-map for an interface, the new route-map cannot replace the existing route-map under that interface.
Conditions: The conditions under which this problem occurs are not known.
Workaround: Remove the original route-map on the interface first, then configure a new route-map.
ISO CLNS
•
Symptoms: The load-balancing ratio over Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels may not be the same ratio as the ratio that is configured on a Cisco router.
Conditions: This symptom is observed because the Intermediate System-to- Intermediate System (IS-IS) method for checking the bandwidth change of an MPLS TE tunnel is different between Cisco IOS Release 12.0 S and Release 12.3 T.
Workaround: There is no workaround.
•
Symptoms: A default route is not installed into the Border Gateway Protocol (BGP) routing table when the default-information originate command is configured in Connectionless Network Service Protocol (CLNS) address family configuration mode.
Conditions: This symptom has been observed only on routers that run Cisco IOS Release 12.3(4)T2 and are configured to run CLNS, Integrated Intermediate System-to-Intermediate System (IS-IS), and BGP.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Entering the no shut command on the PPP interface before VA goes down causes PXF to drop certain packets. This results in being unable to have a successful ping through routes involving such a PPPoA subinterface from a remote node. Arriving ICMP packets are dropped in PXF.
Conditions: This symptom occurs under a PPPoA subinterface if the shut and no shut commands are issued in succession such that no shut is completed before the associated virtual-access goes down.
Workaround: After a shut, wait for the associated virtual-access changed to go down before issuing no shut. If the symptom occurs, go to the subinterface, perform a shut, wait for the associated virtual-access to go down and then perform a no shut.
Further Problem Description: When the node is in this condition, pings originating from the local node and non-ICMP traffic appears to work correctly. Only pings from a remote node would fail.
•
Symptoms: Interim accounting update packets are sent for all the Active Services by SSG to the AAA server as per the "SSG accounting interval" configured. These packets need to be sent within a drift of 1 sec from the "Accounting Start" timestamp.
Conditions: This symptom was observed in SSG that over a period of time (5 to 10 hours) with an interval of 10 to 15 mins, the drift between Start to Interim was up to 10 seconds.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
This vulnerability was discovered during internal testing. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•
Symptoms: A Cisco voice gateway may reload while testing Tool Command Language (Tcl) interactive voice response (IVR) voice commands (verb testing).
Conditions: This symptom is observed on a Cisco 3660 that has a main memory size of 128MB. The symptom may not occur when the main memory size is increased from 128MB to 256MB.
Workaround: Increase the main memory size from 128MB to 256MB.
•
Symptoms: The service selection gateway (SSG) sends duplicate Acct-Session-Id in the SSG connection accounting record. The same session ID is used in the user accounting record.
Conditions: These symptoms have been observed in Cisco IOS software versions 12.2(16)B2 and 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: When you enter the write memory privileged EXEC command on a Cisco 7206VXR, a long delay may occur during the transfer of packets.
Conditions: This symptom is observed on a Cisco 7206VXR that is configured with a Network Processing Engine G-1 (NPE-G1), that is running Cisco IOS Release 12.2(18)S or a later release, and that is functioning as a Multiprotocol Label Switching (MPLS) provider edge (PE) router.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(14)S3.
•
Symptoms: The performance of a Cisco 7301 may be below what you would expect when traffic of more than 400k pps is sent.
Conditions: This symptom is observed on a Cisco 7301 that runs the c7301-is-mz image of Cisco IOS Release 12.3(4)T1. The performance of a Cisco 7301 that runs the c7301-js-mz image of the same release is much better.
Workaround: There is no workaround.
•
Symptoms: There is spurious memory access at atm_vcmode_subcommands.
Conditions: This occurs under the low memory conditions.
Workaround: There is no workaround.
•
Symptoms: Tracebacks and %DS_MODEM messages are observed.
Conditions: This occurs during tcpclear stress testing. This may be service impacting as new tcpclear call fails after few minutes of stress testing.
Workaround: There is no workaround.
•
Symptoms: When the NAT transparency feature is on, IPSec+NAT fails with bad packet refcount messages and tracebacks.
Conditions: These symptoms may be observed on Cisco 83x routers running 12.3T images and running IPSec tunnels with hardware crypto.
Workaround: Use software crypto engine or AIM.
•
Symptoms: A VoIP connection trunk that is configured between two voice gateways over an IP link with RTP header-compression (cRTP) enabled may flap periodically. Messages similar to the following may appear:
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is down
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is downConditions: This symptom is observed when two Cisco IOS voice gateways function in connection trunk mode and an IP link between the two gateways is configured for cRTP. On either side of this IP link, the Cisco IOS routers run Cisco IOS Release 12.3 T, such as Release 12.3(2)T or Release 12.3(4)T.
Workaround: Enter the ip rtp coalesce hidden global configuration command on both Cisco IOS routers to stabilize the connection trunk. Note that doing so may increase the CPU utilization. If the implementation of this workaround does not stabilize the trunk, unconfigure cRTP over the affected IP link.
•
Symptoms: A Cisco gateway may unexpectedly reload because of a software-forced crash when it builds a SIP ACK(nowledgement) or BYE message.
Conditions: This symptom is observed when the gateway receives a SIP response that contains a Record-Route header and a Contact header and when the length of the Contact header exceeds 128*n, in which "n" is the number of URLs in the Record-route header.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur as a result of entering the interface configuration command:
no ip rtp header-compression or no ip tcp header-compression
Conditions: This error will only occur when there is traffic running and being compressed in process switching mode on the interface being configured.
Workaround: Traffic will be prevented from flowing if the interface is shut down during reconfiguration, and the crash will not occur.
•
Symptoms: A Cisco 837 series router may encounter memory allocation failures in I/O memory.
Conditions: This symptom is observed on a Cisco 837 series router running Cisco IOS Software Release 12.3(2)XA.
Workaround: There is no workaround.
•
Symptoms: A Cisco router running gateway GPRS Support node software (GGSN) may reload under stress condition when a lot of dynamic PDP context create requests are sent at high rate with address allocation by (slow) external DHCP Server and authentication by RADIUS server.
Conditions: Only under stress condition.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 router may reload when dMLFR interface(s) is/are configured.
Conditions: This problem can occur only when distributed CEF switching is disabled globally on the router. The following command can cause this issue to occur:
Router(config)#no ip cef distributedWorkaround: Do not disable distributed CEF switching on the router, as dMLFR works only when distributed CEF switching is enabled.
•
Symptoms: On a Cisco 7600 router, the MWAM image may crash during boot if system uses the central config storage, "mwam config-mode supervisor".
Conditions: This may happen accidently if a user issues the command write erase followed by a reload or reset even while in mwam config-mode local. This is because the write erase/reload sequence puts the MWAM image into central configuration storage mode.
Workaround: When using images subject to this bug on an MWAM processor, keep them in mwam config-mode local. Avoid the write erase command. Use the erase nvram:startup-config command instead, which will not put the image in supervisor mode on reload.
Once the write erase/reload sequence has occurred, there is no recovery other than loading a version of the software that does not have this problem in order to put the image in local mode. After this, the Cisco IOS software can be reinstalled and will default to local mode.
•
Symptoms: A Cisco MGX 8800 series Route Processor Module XF (RPM-XF) may crash and generate the following error message:
No memory for XCM tempbuffer loggedConditions: This symptom is observed on an RPM-XF that functions as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when you enter the clear interface sw1 command multiple times on the RPM-XF.
Workaround: There is no workaround. The fix for this caveat is also integrated in images that support the Cisco 10000 series, such as Cisco IOS Release 12.0 S.
•
Symptoms: Xtag on the LSC connected to the congested PE may go down. This brings the OSPF and LDP adjacency down as well.
Conditions: This symptom occurs when there is congestion on the input process level queue.
Workaround: There is no workaround.
•
Symptoms: A router sets up calls using HC codec when making voice calls from CCM using g729ar8 (MC).
Conditions: This problem happens on platforms using 5510 DSP. If configured to use FLEX codec under voice card and when making a call from CCM using g729ar8 (MC), the router sets up the call using HC instead.
Workaround: There is no workaround.
•
Symptoms: The memory held by SSGCmdQueue process increases continuously when SESM users log on and log off.
Conditions: This happens in SSG deployments when SESM users logon and logoff.
Workaround: There is no workaround.
•
Symptoms: When you use the Network Registrar CLI to configure a host name by entering the sip-ua global configuration command at a sublevel, a gateway may fail to try the second and subsequent entries that are provided by the domain name server.
Conditions: This symptom is observed when the host name is configured by using the Network Registrar CLI and when the host server pointed to by the first IP address is down or not responding.
Workaround: There is no workaround.
•
Symptoms: SAR crash file does not contain event log information.
Conditions: This symptom always occurs.
Workaround: The event log information should be obtained from the syslog, if one is configured, or the show logging command needs to be executed after a SAR crash is noticed.
•
Symptoms: A Cisco router running 12.3T might reboot when the command sh cry ca timer is issued.
Conditions: These symptoms occur while there are enrollment requests with usage keys pending.
Workaround: There is no workaround.
•
Symptoms: Cisco IOS may reload when configuring a host-based preshared key.
Conditions: This reload occurs if the length of the <hostname> string in the crypto isakmp key <key-string> host <hostname> [no-xauth] configuration command is greater than or equal to 128 characters.
Workaround: There is no workaround, except to not configure a hostname longer than 127 characters.
Further Problem Description: This problem may cause buffer overflow, but it corrupts the heap and not the stack. So running arbitrary code is not possible.
•
Symptoms: H.450 consultation transfer may fail in Cisco CME.
Conditions: This failure may occur if the (XEE) transferee was a forwarded call.
Workaround: There is no workaround.
•
Symptoms: On a DHCPv6 server router, the static route installed for a delegated prefix stays in the routing table when the interface it points to is down.
Conditions: The interface on which a DHCPv6 server is enabled is down.
Workaround: Delete the static routes added to the DHCPv6 server manually with the exec mode command clear ipv6 route, or remove the corresponding bindings created by the server with the exec mode command clear ipv6 dhcp binding.
•
Symptoms: A Cisco 37x5 may reload with a software-forced-reload error.
Conditions: The above reload is possible when monitor echo-cancellation status via show voice call status command, while voice-port switches between voice and fax modes.
Workaround: There is no workaround.
•
Symptoms: On platforms which support OIR (Online Removal and Insertion) on NMs (Network modules), removing a HDV that was supplying DSP resources to another NM using DSP farm DSP sharing for voice may lead to router malfunctions due to dangling voice-ports that lose their DSPs.
Conditions: This happens when dspfarm is enabled in HDV and DSPs are allocated to other NMs through sharing and OIR removing or/and later insertion of a HDV card in a router.
Workaround: First remove the voice ports that are taking DSPs from HDV (through sharing) by performing the following steps:
1. Shutting the voice port.
2. Shutting the Controller.
3. Removing ds0-/pri-group.
•
Symptoms: The router stays in a down/down state, and the following errors are observed:
At reload:
%SERVICE_MODULE-0-INITWICFAILURE
When configuring:%SERVICE_MODULE-4-WICNOTREADYConditions: This has been observed on a Cisco 2691 with a WIC-1DSU-T1 V2 installed.
Workaround: Load Cisco IOS Release 12.3(1a).
•
Symptoms: L2TPv3 sessions do not recover after an interface flap of a core-facing interface in the ingress PE.
Conditions: This occurs with KA configured on both of the interfaces.
Workaround: There is no workaround.
•
Symptoms: Any calls placed over the controllers fail.
Conditions: This occurs after loading Cisco IOS Software Release 12.3(6.2)T1 on a Cisco AS5850 with a STM-1 interface. The STM-1 E1 controllers are configured for MGCP with PRI Backhaul, and some interfaces are set to Primary State OOS (PST=00S) on the MGCP Call Agent.
Workaround: There is currently no known workaround.
•
Symptoms: IP Header Compression (IPHC) does not work when configured on some form of channelized interface (CE3, CE1, CT3, CT1) that is attached to a VIP card on which distributed CEF is enabled. Under these conditions no compression takes place; the IPHC compression counters remain at zero.
Conditions: IPHC compression will not work when configured on a channelized Port Adapter attached to a Cisco 7500 series router.
Workaround: Use the command no ip cef distributed to disable distributed switching.
•
Symptoms: A Cisco RPM-XF reloads unexpectedly after displaying the following message:
*Feb 5 00:47:01.687: %GENERAL-5-NOTEVENT: Defragmenting PXF external column memoryConditions: This symptom is observed when the message is printed, and there are simple ACLs active.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1711 or 1712 router may crash when executing the show diag privileged EXEC command.
Conditions: This occurs with Cisco IOS Release 12.3T images.
Workaround: There is no workaround.
•
Symptoms: A VIP or FlexWAN may reload.
Conditions: This symptom is observed on a Cisco 7500 series or Cisco 7600 series when a service policy is attached to a multilink Frame Relay interface.
Workaround: There is no workaround.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
•
Symptoms: The voice class uri sip preference global configuration command causes a router to reload.
Workaround: There is no workaround.
•
Symptoms: An RSP may crash with tracebacks if protocol discovery or auto discovery QoS is disabled.
Workaround: Do not disable protocol-discovery or auto discovery qos once enabled.
•
Symptoms: A router may enter a processing loop. This results in CPUHOG messages and may cause the router to reload.
Conditions: This symptom is observed under some error conditions that are associated with configuring L2TPv3 tunnels (when the xconnect command is enabled).
Workaround: There is no workaround.
•
Symptoms: Incoming traffic is not being forwarded.
Conditions: With the WRED enabled on the output policy map, change the value of the exponential-weighting-constant.
Workaround: Enter the clear int sw1.
•
Symptoms: A "%SYS-2-INTSCHED: `sleep for' at level 4" traceback is observed.
Conditions: This symptom occurs when a periodic ping timeout in the control path writes an sar_mxt4400_info file in the bootflash and resets the control path.
Workaround: There is no workaround.
•
Symptoms: IPv6 multicast packets forwarded over ATM interfaces in routed bridged encapsulation are not received due to an incorrect MAC address in the RFC 1483 header.
Conditions: This problem affects all IPv6 multicast packets forwarded over ATM interfaces configured for IPv6 routed bridged encapsulation.
Workaround: There is no workaround.
•
Symptoms: On an MLPoATM link, an IP Header Compression (IPHC) configuration mismatch may occur between an RSP and a VIP.
To verify that the symptom occurs, enter the show ip rtp header-compression command on the RP and look at the number of seconds since the statistics were last updated. The output of this command may look as follows:
RTP/UDP/IP header compression statistics: Interface Virtual-Access8 (compression on, IPHC) Distributed fast switched: 976 seconds since line card sent last stats update Rcvd: 0 total, 0 compressed, 0 errors, 0 status msgs 0 dropped, 0 buffer copies, 0 buffer failures Sent: 0 total, 0 compressed, 0 status msgs, 0 not predicted 0 bytes saved, 0 bytes sent Connect: 16 rx slots, 16 tx slots, 0 misses, 0 collisions, 0 negative cache hits, 0 free contextsIf the statistics are not updated within the last 20 seconds, a configuration mismatch has occurred (that is, the line card is not notified of the IPHC update).
Conditions: This problem may occur when an MLPoATM virtual-access link is configured for IP header compression configured on a virtual-template via RSP.
Workaround: There is no workaround.
•
Symptoms: CPU hogs may show up on VIP logs and a VIP crash may occur.
Conditions: This symptom occurs when disabling auto discovery qos or protocol discovery.
Workaround: Disable protocol discovery before enabling/disabling auto discovery qos.
•
Symptoms: The exp bit on the topmost label is not changed when the set mpls exp topmost command is configured on the ingress interface of the P router.
Conditions: This occurs with the use of the set mpls exp topmost command on the ingress interface of the P router in a frame-based MPLS network.
Workaround: Use the same command on the PE router egress interface (towards the P router).
•
Symptoms: A Cisco AS5850 universal gateway may exhibit a small and gradual memory leak in the ISDN process with async calls.
Conditions: This occurs when the calls are brought up on ISDN trunks and the calls fail in the middle of call setup phase.
Workaround: There is no workaround.
•
Symptoms: Caller id does not work if caller-id alerting line-reversal is configured.
Conditions: This symptom has been observed on a Cisco IAD2430.
Workaround: There is no workaround.
•
Symptoms: Using http to load a file in Cisco IOS Release 12.3(7.3)T or after may cause the router to reload if the file failed to load.
Conditions: This condition will only occur if the file to be loaded is bad (for example, an incorrect filename or path which causes the http load to fail).
Workaround: There is no workaround.
•
Symptoms: When issuing the show pxf cpu rewrite verification x.x.x.x command, you receive an error message stating that the "Channel id in the Sar header is non-zero (x) for MVC".
Conditions: This symptom has been observed in a cell-based MPLS VPN network with multi-VC if the first label (IGP label) value is greater than 0xF.
Workaround: There is no workaround. Ignore this message and verify that the channel id is correct by executing the sh pxf cpu cef <prefix used to verify> and sh pxf cpu rewrite <rw_index>.
•
Symptoms: The password [encryption-type] password (L2TP) command is lacking the automatic encryption function for nvgen.
Conditions: This symptom is observed on a Cisco router when you attempt to configure the password that is used by a provider edge (PE) router for Layer 2 (L2) authentication.
Workaround: If you require the automatic encryption function for nvgen, perform the following steps:
1) Figure out the encrypted version of the text password, using the "username" and "service password-encryption" as a tool.
2) In the password [encryption-type] password (L2TP) command, enter 7 for the encryption-type argument and the encrypted version of the password for the password argument.
•
Symptoms: Checksum errors are reported on cRTP traffic streams.
Conditions: This symptom occurs under cRTP traffic flow.
Workaround: There is no workaround.
•
Symptoms: When RPR is enabled, after configuring an event manager policy to force a switchover, the switchover does not take place after the policy is triggered.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 83x router with hardware encryption fails to drop packets because of an anti-replay check.
Conditions: This issue is seen only with the hardware encryption. Anti-replay check with software encryption works.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error.
Conditions: This symptom was observed on a router with Session Initiation Protocol running.
Workaround: There is no workaround at this time.
•
Symptoms: Packets on cRTP-enabled PPPoA interfaces that match classes other than "class-default" will be dropped.
Conditions: ATM sar-based-cbwfq should be enabled, and an output service policy must be applied.
Workaround: Either disable atm sar-based-cbwfq or remove output service policy from the PPPoA interface.
•
Symptoms: An RPM-XF crashes while debugging the PXF using ftctrace.
Conditions: Traffic should be flowing on a cRTP enabled interface. The UDP packet data length should be 0.
Workaround: There is no workaround.
•
Symptoms: The ssh -l test 10.136.33.15 command causes a router to crash with the following bus error:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60ABDC4C, sp=0x65A1C980 %ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60ABDC4C, sp=0x65A1C980 Unexpected exception, CPU signal 10, PC = 0x0Conditions: This has been observed with a Cisco 3745 router in SSH (non-IPSec) images.
Workaround: There is no workaround.
•
Symptoms: Traffic is not forwarded through a newly added CBWFQ class.
Conditions: This problem occurs in cRTP-over-PPP encapsulation when you add a class map to a policy map that is already attached to the VC and when SAR-based CBWFQ is enabled.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: S,G entries are not being created in the core.
Conditions: This symptom occurs in a MVPN setup in a large MPLS network that includes dual P routers.
Workaround: There is no workaround.
•
Symptoms: The TCL IVR script aborts with the error, "Illegal Operation: Leg not incoming or in wrong state."
Conditions: This occurs with the following configuration: app-h450-transfer.2.0.x.x.tcl (BATOR) is configured on a terminating gateway with Cisco IOS Release 12.3(7.3)T. The terminating gateway must receive a CONNECT message from its endpoint.
Workaround: There is no workaround.
•
Symptoms: When making outbound calls, softkeys on IP phones are not updated (e.g Hold/Transfer or not shown). The call seems to be connected and both ends can talk to each other. Looking at the H.323 signaling, it seems the Q.931 Connect message is not being mapped to a H.225 connect (towards CallManager).
Conditions: This symptom occurs under CallManager integration with an H.323 Gateway that is running Cisco IOS Release 12.3(7)T.
Workaround: There is no workaround.
•
Symptoms: CEM channels configured with clock rates less than or equal to 12000 bps experience higher than expected delay. For example, a 2400 bps channel with a payload size of 13 bytes had a delay of 700 ms against an expected delay of approximately 130 ms.
Conditions: This is observed with CEM channels configured with clock rates less than or equal to 12000 bps.
Workaround: There is no workaround. Reducing the payload size would improve the situation at the expense of increased bandwidth requirement.
•
Symptoms: A Cisco 3745 SSG hangs when accepting http-proxy web-login users.
Conditions: This hang has only been observed during web-proxy users' logon to SSG.
Workaround: There is no workaround.
•
Symptoms: Alignment tracebacks are seen in the interrupt packet processing path.
Conditions: This symptom occurs when sending traffic at a high rate while the user activation is taking place.
Workaround: There is no workaround.
•
Symptoms: Protocols flap when the non-ATM (POS or GigE) interfaces are congested by high traffic.
Conditions: This symptom occurs under the following conditions:
1. A POS or GigE card is used, and control protocols such as LDP are configured over that interface.
2. The class-default queue on the interface is congested and dropping packets.Workaround: There is no workaround.
•
Symptoms: Any tunnel configured to be encrypted with the tunnel protection ipsec profile command will be down. The command disappears from the interface and it is not possible to reconfigure it.
Conditions: This occurs when migrating from Cisco IOS Release 12.3(4)T to 12.3(7)T with the ADVIPSERVICESK9 feature set. This issue does not affect Advanced Security or Advanced Enterprise Service feature sets.
Workaround: There is no workaround.
•
Symptoms: PXF buffers are leaked.
Conditions: The configuration is overloaded such that the limits of the system are exceeded. In particular, the queue sizes of the interfaces are defined such that the total number of packet descriptors required to support such a configuration exceeds 2M.
Workaround: Reduce the configuration.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
•
Symptoms: A router crashes when a call is disconnected.
Conditions: This symptom is observed when the trunk group command is configured and the call is either forked and the subsequent forked legs answers the call or the callee endpoint sends different tags in 18x and 200 OK to Invite messages.
Workaround: Remove the trunk group command. If the trunk group command cannot be removed, there is no workaround.
•
Symptoms: protocol pppovlan dot1q is removed on reload.
Conditions: This symptom has been observed with Cisco IOS Release 12.3(7.9)T. When configuring the command, saving to NVRAM and reloading the router, the command disappears from the configuration.
Workaround: Reconfigure the command again.
•
Symptoms: A SIP call does not get connected when the called party answers.
Conditions: This is observed when a SIP call originating in a gateway is forked to more than five locations and the phone that answers is sixth or higher in the fork list.
Workaround: There is no workaround.
•
Symptoms: If the outgoing Invite is authenticated by a proxy at the end of call, and if the caller disconnects before the callee, the gateway will not send out a BYE. The call will be disconnected though.
Conditions: The initial Invite from the gateway has to be authenticated by a proxy or server and the authentication credentials are configured on the (pots) dialpeer and not globally, under sip-ua
Workaround: Use global authentication configuration (under sip-ua).
•
Symptoms: AGM crashes on bootup.
Conditions: Booting the c4gwy-isx3-mz image causes the AGM to crash.
Workaround: There is no workaround.
•
Symptoms: A service login from a Subscriber Edge Services Manager (SESM) may fail if a Service Selection Gateway (SSG) user is a RADIUS proxy Autodomain user.
Conditions: This symptom is observed if the RADIUS proxy user logs into an Autodomain service and the SESM service login fails.
Workaround: Log into the Autodomain service by using the automatic login service that is defined in the user profile. Then log into SESM services.
•
Symptoms: BRI S/T WICs may go to "DEACTIVATED" state after entering the clear interface bri 0/0 command twice.
Conditions: This occurs on a Cisco 3640 or 2600 router running Cisco IOS Release 12.3(3.9)T2.
Workaround: There is no workaround.
•
Symptoms: A time drift in the interim accounting update was seen for SSG connection accounting packets.
Conditions: This symptom occurs with 10 Host Objects and Connection Accounting interval 300. After 4 days of testing, the time drift was seen in interim accounting update packets.
Workaround: There is no workaround.
•
Symptoms: The periodic DPD feature in IOS won't interoperate with VPN3000 devices. Regular, on-demand DPD will continue to work.
Workaround: There is no workaround.
•
Symptoms: The output of show crypto ipsec sa identity does not list the proxies protected by the crypto map.
Conditions: In the following conditions the proxies are not built.
–
–
–
The bug affects 12.3(4)T release and above.
Workaround: There is no workaround
•
Symptoms: Incorrect input counters are sent in SSG host and connection RADIUS accounting records.
Conditions: A SSG running 12.3(6.2)T2 or later versions with SSG accounting enabled can report incorrect input (downstream) counters in the accounting records for SSG host and connections.
Workaround: There is no workaround.
•
Symptoms: A Cisco GGSN router running Cisco IOS Release 12.3(2)XB2 may reload.
Conditions: This has been observed if TCP is used as the charging path protocol, when the no service gprs ggsn command is used to disable GPRS service.
Workaround: Use UDP as the charging path protocol.
•
Symptoms: Alternate request notifications for Hook-flash events will fail.
Conditions: This occurs when the MGCP gateway is running affected IOS images and the subscriber is using three-way calling and call waiting services.
Workaround: There is no workaround.
•
Symptoms: Unauthorized service users do not get redirected.
Conditions: This occurs under the following conditions:
–
–
–
Workaround: Either disable CEF or port-map.
•
Symptoms: GGSN crashes with memory corruption after unconfiguring and reconfiguring CGs.
Conditions: This occurs when CGs have been removed and reconfigured using maintenance mode when there are pending messages on the charging path.
Workaround: Do not unconfigure CG with pending messages on the path.
•
Symptoms: VJ header compression, though successfully negotiated with the peer during PPP, does not work for downstream data for a Mobile IP service when CEF switching is enabled on the box.
Conditions: This symptom occurs on a Cisco router running PDSN software 12.3(7)T version, for a Mobile IP service when CEF switching is enabled on the box.
Workaround: There is no workaround.
•
Symptoms: Accounting record NAS-port attribute points to SESM interface rather than the host's interface.
Conditions: This occurs under rare race conditions where there are host route changes at the time of host logon.
Workaround: There is no workaround.
•
Symptoms: Access control entries downloaded from ACS (AAA) against posture validation always applies the ACE as "ip" even if the ACE has other protocols like "UPD" or "TC". Apart from this, the IOS also ignores any port or port range specified in the ACS access list control entry.
Conditions: This symptom occurs when trying to download ACLs from ACS.
Workaround: There is no workaround.
•
Symptoms: The system may unexpectedly reload when distributed CEF (dCEF) is disabled.
Conditions: A Cisco 7500 series router that is configured to operate with distributed IP Header Compression (IPHC) may reload when dCEF is disabled.
Workaround: Before disabling dCEF, disable IPHC.
Wide-Area Networking
•
Symptoms: L2TPv2 tunnels with active PPPoX sessions may go down. When you enter the vpdn debug error command, you can see that the LAC or LNS is resending L2TP control messages that the other side does not acknowledge.
Conditions: This symptom is observed primarily in scaled environments with more than 10,000 PPPoX sessions over more than 500 L2TP tunnels.
Workaround: There is no workaround.
•
Symptoms: There is a CPUHOG at process = PPP IP Route, and the router reloads.
Conditions: The symptoms are observed on Cisco 7200 and RSP series routers running Cisco IOS Release 12.3(4)T1.
Workaround: There is no workaround.
•
Symptoms: PPP sessions are no longer accepted by a NAS. A PPP debug shows:
"IPCP: Peer address ... in use by ..."Conditions: The problem occurs if all the following conditions are met:
–
–
–
Workaround: Unconfigure the ppp ipcp address unique command.
•
Symptoms: A L2TP Network Server (LNS) configured in a virtual private dial network (VPDN) reloads after VPDN packet debugging is enabled.
Conditions: This symptom has been observed on a router that is running Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: A TCP connection fails to come up.
Conditions: This problem happens when the peer does confack for VJ header compression and does not configreq for VJ compression. PDSN should not have sent VJ compressed packets unless it acknowledged the peer's configreq for VJ compression. But is sending VJ compressed packets and causing the TCP connection to fail to come up.
Workaround: Either configure to reject VJ compression at the peer or unconfigure VJ compression at PDSN.
Resolved Caveats—Cisco IOS Release 12.3(7)T12
Cisco IOS Release 12.3(7)T12 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T12 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Miscellaneous
•
Through normal software maintenance processes, Cisco is removing deprecated functionality. These changes have no impact on system operation or feature availability.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Resolved Caveats—Cisco IOS Release 12.3(7)T11
Cisco IOS Release 12.3(7)T11 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T11 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When you configure the Per VRF AAA feature by using a remotely defined customer template, a Virtual Home Gateway (VHG) may fail to parse authentication, authorization, and accounting (AAA) attributes that it receives in an Access-Accept response from a RADIUS server.
Conditions: This symptom is observed when the virtual-template interface is configured to support virtual-access subinterfaces and when the VHG functions under a heavy traffic load.
Workaround: Disable the virtual-access subinterfaces by entering the no virtual-template subinterface global configuration command.
Alternate workaround: Enter the ntp disable interface configuration command on the virtual-template interface.
•
Symptoms: An SNMP trap configuration may be erased when you enter the snmp-server enable traps snmp global configuration command with any trap type followed by the snmp-server enable traps [syslog | entity] global configuration command.
Conditions: This symptom is observed on multiple Cisco platforms that run Cisco IOS Release 12.2 or Release 12.3.
For example, the symptom occurs when you enter the following configuration:
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps entity
Then you enter:
no snmp-server enable traps snmp authentication
no snmp-server enable traps syslog
or you enter:
no snmp-server enable traps snmp authentication
no snmp-server enable traps entity
At this point, the snmp-server enable traps snmp linkdown linkup coldstart warmstart command is no longer in the output of the show running-config command.
Workaround: Manually reconfigure the snmp-server enable traps snmp linkdown linkup coldstart warmstart command.
Alternate Workaround: First enter the no snmp-server enable traps syslog command or the no snmp-server enable traps entity command before you enter the no snmp-server enable traps snmp authentication command.
•
Symptoms: The session duration time reported in accounting packets may be wrong.
Conditions: This symptom is observed when you enter the show aaa user all command; the session time recorded in the accounting stop record is incorrect. This symptom is seen only when the aaa accounting session-duration ntp-adjusted command is enabled via the CLI.
Workaround: If this is an option, avoid using the aaa accounting session-duration ntp-adjusted command.
•
Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
More details can be found in the security advisory which posted at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml•
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Memory allocations fail on the gateway though there is enough free memory. If this failure happens in ISDN, the gateway crashes subsequently.
Conditions: This symptom has been observed when the H323 aaa accounting command is enabled.
Workaround: There is no workaround.
Further Problem Description: Memory allocations for a block of 3k bytes fail with memory fragmentation as the cause. When this failure occurs, there is approximately 20MB of free memory on a gateway with 220MB of processor memory.
Interfaces and Bridging
•
Symptoms: A Cisco 7500 series may show a %SYS-3-CPUHOG error message when an ATM link on the router is flapped.
Conditions: This symptom is observed only when there are a lot of VCs on the ATM interface and when the VIP is oversubscribed.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may report spurious accesses when configured for Multilink PPP (MLPPP). This appears to be caused by fragmentation.
%ALIGN-3-SPURIOUS: Spurious memory access made at [hex] reading [hex] %ALIGN-3-TRACE: -Traceback=[hex]Conditions: MLPPP must be configured for this symptom to occur.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may leave ATM PVCs up when the ATM interface is shut down.
Conditions: This symptom is observed on a Cisco 7500 series that has a PA-A3 when the CPU utilization of the VIPs is high.
Workaround: There is no workaround.
•
Symptoms: The show controllers t1 slot/port command may show only the current interval.
Conditions: This symptom is observed on a Cisco 7200 series when FDL is configured.
Workaround: There is no workaround.
Further Problem Description: When FDL is configured, the router updates the MIB data after checking for a valid local and remote MIB data interval that it receives from the T1 port adapter. During the remote MIB update, and if the received data interval is invalid, the router clears both the remote and the local data instead of clearing only the remote data and starting again.
•
Symptoms: Channelized interfaces on a channelized T3 line card or port adapter that is configured for Frame Relay encapsulation may be in the up/down state, and DLCIs are inactive.
Conditions: This symptom is observed when you reload a Cisco platform and when the interfaces were in the up/up state before you reloaded the platform.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller of either the T3 line card or port adapter on the Cisco platform or on the T3 line card or port adapter on the platform at the remote end.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the main interface on the Cisco platform.
IP Routing Protocols
•
Symptoms: Routes may not be deleted from the routing table correctly.
Conditions: This symptom is observed when variance is configured on a Cisco platform that runs EIGRP.
Workaround: Remove the erroneous routes by entering the clear ip route * command.
•
Symptoms: Per-user access control lists disappear.
Conditions: This symptoms is observed on a Cisco platform when you enter the show ip access-lists command.
Workaround: There is no workaround.
•
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions: 1. The ABR (call ABR X) has at least one non-backbone area (call area X) in common with one or more additional ABRs. 2. The ABRs are generating summary LSAs, on behalf of the Area X's two or more intra-area routes, into the backbone area and other areas. The two intra-area routes must be advertised as stub links from two different routers; i.e., one from ABR X, and the other from another router belonging to Area X. 3. The summary LSA IDs for the intra-area routes above, when ORed with the host bits of the corresponding masks, yield identical LSA IDs.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e., 10.10.10.128 | 0.0.0.127 = 10.10.10.255 10.10.10.0 | 0.0.0.255 = 10.10.10.255
Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•
Symptoms: When performing a snmpwalk on OSPF-MIB that supports the ospfExtLsdbTable, a router can crash. In other instances alignment errors are observed when you enter the show alignment command.
Conditions: These symptoms are observed on a Cisco platform that runs Open Shortest Path First (OSPF) and supports the ospfExtLsdbTable in OSPF-MIB.
Workaround: There is no workaround.
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: A Cisco 3600 series may crash while unconfiguring NFAS.
Conditions: This symptom is observed on a Cisco 3600 series that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error exception.
Conditions: This symptom has been observed on a router with Network Address Translation (NAT) enabled.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The IP multicast throughput in Cisco IOS Release 12.3(6)T is not as good as in Release 12.3(4)T.
Conditions: This symptom is observed when more than 130 kpps of traffic is sent. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Some E1 controllers on an STM-1 interface that are configured for MGCP call control may not be able to make calls because a Cisco PGW2200 that functions as the call agent may place the B channels for these E1 controllers in the "INTERFACE DISABLED" gateway state.
Conditions: This symptom is observed on a Cisco AS5850 when one or more adjacent E1 controllers on the STM-1 interface are configured for non-MGCP call control. The Cisco PGW2200 runs software version 9.3.2; the MGCP version is 0.1; SONET is configured for AU4 mapping; the controllers are configured as 3/0.1/1/1, 3/0.1/7/3, 3/0.2/1/1, 3/0.2/7/3, 3/0.3/1/1, and 3/0.3/7/3.
The following configuration is enabled on the Cisco AS5850:
backhaul-session-manager set set1 client nft group group1 set set1 session group group1 remote-ip remote-port local-ip local-port
controller SONET 3/0 au-4 1 tug-3 1 tug-2 1 e1 1 tug-2 2 e1 1 tug-2 6 e1 3 tug-2 7 e1 3
controller E1 3/0.1/1/1 pri-group timeslots 1-31 service mgcp
controller E1 3/0.1/2/1 pri-group timeslots 1-31
Workaround: Configure all E1 controllers on a TUG boundary for MGCP.
Alternate Workaround: Disable the non-MGCP E1 controllers.
•
Symptoms: A Cisco AS5300 may improperly generate a disconnect cause of 8A10 for any call leg. The proper disconnect cause should be 10.
Conditions: This symptom is observed on a Cisco AS5300 that runs and IP Plus image of Cisco IOS Release 12.3(5) and that is configured for E1 R2 signaling for Thailand. The symptom may not be platform-specific.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series with a VIP that has any type of ATM port adapter (PA) may crash with a bus error (sig 10) upon bootup. The VIP will ultimately come on line and the services are not impacted thereafter.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3 when ATM subinterfaces on the PA are configured for any QoS queueing feature (for example, shaping, LLQ, WRED, CFWFQ, fair-queueing, etc.) This symptom is not observed in 12.0S.
Workaround: There is no workaround.
Further Problem Description: This is a timing issue between ATM interfaces coming up and being fully configured (via IPC) for QoS on the PA. The higher the number of ATM subinterfaces/PVCs, the more likely is a chance that the router crashes. However, if only one subinterface/PVC is configured, there is still a potential problem; the router may not crash but QoS may not function.
•
Symptoms: The cpmISDNCfgBChanInUseForVoice objects are not counted by the cpmISDNCfgBChannelCalls object.
Conditions: This symptom is observed when the CISCO-POP-MGMT-MIB is polled for ISDN voice calls. The expected behavior is that voice calls on all ISDN B-channels should be counted by the cpmISDNCfgBChannelCalls object.
Workaround: There is no workaround.
•
Symptoms: An accounting stop record does not account for inbound CEF switched packets such as Acct-Input-Packets and Acct-Input-Octets.
Conditions: This problem only occurs for connections that are terminated onto a virtual-access interface.
Workaround: Disable CEF globally or per interface.
•
Symptoms: An H.323 call across a Cisco IP-to-IP H.323 gateway (GW) may not work correctly.
Conditions: This problem is observed in the following topology:
A third party H.323 GW connects to a Cisco IP-to-IP H.323 GW (a Cisco 3660) that connects to a Cisco GW (a Cisco 2600 series) that, in turn, connects to an FXS phone.
Calls from the FXS phone to the third party GW do not work intermittently. The Cisco IP-to-IP H.323 GW runs Cisco IOS Release 12.3(5). This problem happens only when the Alerting and Connect messages are received by the IP-to-IP H.323 GW very quickly in succession and when the Connect message has a Facility element.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 series, all PVCs may suddenly enter the down state and remain in this state for about two minutes before they come back up. During the DLCI down state, the subinterface does not go down and no notifications are observed in the message log.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RPS4+ or an RSP8 and that runs the rsp-jsv-mz image of Cisco IOS Release 12.2(12i). In addition, the router is configured with an 8-port serial port adapter and an HSSI port adapter, is configured for Frame Relay, and has more than 450 PVCs/DLCIs. Note that the symptom may be platform-independent and may also occur on other Cisco platforms in a similar configuration.
Note: This is a timing issue and is not dependant on the number of VCs.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 does not fragment data packets.
Conditions: This symptom is observed when data packets enter the Cisco AS5850 through async (modem) interfaces and when the MTU on the egress Gigabit Ethernet interface is smaller than the ingress MTU or when L2F encapsulation overhead requires fragmentation. Async PPP sessions forwarded via L2TP are not affected by this problem.
Workaround: Increase the Gigabit Ethernet MTU to avoid fragmentation.
•
Symptoms: A child policy bandwidth calculation is wrongly mixed with the specified rate of an old parent policy.
Conditions: This symptom is observed after you have changed the configuration of a policy map in a hierarchical policy.
Workaround: Detach and reattach the policy map.
•
Symptoms: A URM that is configured as an LSC does not pass traffic. Xtags come up but traffic does not pass.
Conditions: This symptom is observed on a URM that runs Cisco IOS Release 12.3(6). The symptom does not occur on other software trains.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 may crash with a bus error at address 0xFFFFFFFF.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(6) only when facility messages are generated. The symptom may also occur on a Cisco 1700 series and Cisco 2600 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3700 series with an NM-1A-OC3, NM-1A-T3, or NM-1A-E3 network module with many VCs of the same class may reload because of a bus error.
Conditions: This symptom is observed when you configure more than 255 VCs of the same QoS type on the ATM interface, when traffic is processed on all VCs, and when a line error occurs.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Symptom 1: Memory utilization may increase on a Cisco IOS gatekeeper that functions as an originating gatekeeper (OGK). You must reboot the gatekeeper to enable it to return to normal operating conditions.
Condition 1: This symptom is observed when the following conditions are present:
–
–
–
Workaround 1: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
2.
Symptom 2: Wrong CATs are sent to remote zones from a Cisco IOS gatekeeper that functions as an OGK.
Condition 2: This symptom is observed when the following conditions are present:
–
–
–
Workaround 2: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
3.
Symptom 3: A spurious memory access may occur on a Cisco IOS gatekeeper that functions as a directory gatekeeper (DGK).
Condition 3: This symptom is observed when the following conditions are present:
–
–
–
Workaround 3: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
•
Symptoms: A Cisco 7200 VXR router that simulates an L2TP access concentrator (LAC) may crash because of a memory leak in the SSS Manager process while handling PPPoA/L2TP and PPPoEoA/L2TP calls.
Conditions: This symptom is observed when you simulate some kind of DoS attack by generating a high number of PPPoEoA calls with the correct domain name but incorrect user names.
Workaround: There is no workaround.
•
Symptoms: Packets are process switched rather than fast switched.
Conditions: This symptom has been observed when CEF switching is configured with the ip cef command and header compression is enabled on a serial interface with the ip rtp header-compression command. This symptom has only been observed on a Cisco 7200 router when running a Cisco IOS Release 12.2S image.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series with high-speed serial interfaces such as HSSI interfaces or PA-2T3+ interfaces may reload unexpectedly.
Conditions: This symptom is observed after you have performed an OIR of the HSSI or PA-2T3+ port adapter while traffic was being processed.
Workaround: Stop the traffic while you perform the OIR or shut down the port adapter before you perform the OIR.
•
Symptoms: A router may crash when you enter the show template command.
Conditions: This symptom is observed on a Cisco router that has PPP sessions configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series that is configured for Distributed Link Fragmentation and Interleaving (DLFI) may cause delays.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a multilink interface after the router is reloaded.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface.
•
Symptoms: A router that is configured for SSS may crash with a memory corruption error.
Conditions: This symptom is observed on a router that functions as a VPDN LAC.
Workaround: There is no workaround.
•
Symptoms: A router may fail to advertise a prefix for which the network portion matches the major net. For example, when 10.0.0.0/8 is the major net, 10.0.0.0/16 is not advertised.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4) or a later release when the subnet between the two routers is in the same classful range as the advertised prefix of the advertising router.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•
Symptoms: A router may fail to advertise a major net route such as 10.0.0.0/8 to a RIP peer.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(3.3) or a later release when the route is redistributed from MP-IBGP into RIP and when the subnet connecting the RIP peer is in the classful range of the advertised major net. The symptom may also occur in other releases.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
For non-MPLS, this workaround does not work. A static route is recommended.
•
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•
Symptoms: You cannot bring up a serial interface of a channelized E1 or T1 port. The interface remains in the down/down state.
Conditions: This symptom is observed on a Cisco 3600 series.
Workaround: There is no workaround.
•
Symptoms: A VC that is configured on an IMA interface may remain in the inactive state.
Conditions: This symptom is observed when the VC is in the inactive state while the links come up. In this situation, the VC should enter the "up" state, but does not do so.
Workaround: Remove and reconfigure the VC.
Further Problem Description: If there is more then one member in a group, the problem does occur. Also, the problem occurs only on a Cisco 7500 series and not on a 7200 series.
•
Symptoms: A Cisco 7500 series or MSFC2 with a FlexWAN module may spontaneously reload.
Conditions: This problem mainly occurs when there are multiple FR DLCIs or ATM PVCs attached to the same virtual-template interface or the same multilink virtual-access interface and when one of the following conditions occurs:
–
–
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 that handles SIP voice calls may reload because of an address error.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for symmetric NAT and that is used to handle calls from the PSTN and forward them to a SIP network.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 gateway may crash when a voice call is made.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when accounting is enabled.
Workaround: There is no workaround.
•
Symptoms: When you make 21 calls and place one call on hold, the callee at the PSTN side does not hear the MoH.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3745 that run and IP voice image of Cisco IOS Release 12.3(7)T4 and that are configured with an NM-HD-2VE, a VWIC-1MFT-T1 or VWIC-2MFT-T1, codec complexity flex, and multicast MoH.
Workaround: Add another NM-HD-2VE and configure codec complexity medium.
•
Symptoms: A memory leak occurs on an originating gateway.
Conditions: This symptom is observed when fast start is enabled, when a call fails after the call proceeding has been received from a primary or alternate endpoint, and when the call falls back to the next alternate endpoint.
Workaround: There is no workaround.
Further Problem Description: The fast start elements that are received in the call proceeding are freed only once for each call instead of being freed for each endpoint that is tried (assuming that the call falls back to alternate endpoints). This situation causes the memory leak.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on Cisco 7200 and Cisco 7301 series routers that are configured with an NPE-G1 Network Processing Engine.
Workaround: There is no workaround.
•
A vulnerability exists in certain Cisco IOS software release trains running on the Cisco IAD2400 series, Cisco 1900 series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privileged access to the device.
Cisco is making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml.
Wide-Area Networking
•
Symptoms: When multiple dialout calls are triggered at virtually the same time on a Cisco AS5300 with a Large-Scale-Dial-Out (LSDO) configuration, the resulting accounting records may be either wrong or missing.
Condition: This symptom is observed in a stress test under lab conditions when the concurrent dialout attempts are made using the same E1 link and when the packets triggering the dialout arrive at the same time, causing two ISDN SETUP messages within a very short period, that is, within 5 to 10 msec.
Workaround: There is no workaround.
•
Symptoms: A second callback may not be initiated for an ISDN call.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)T5 or Release 12.3 when more than one dialer map is configured to the same remote name. The symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: There is a CPUHOG at process = PPP IP Route, and the router reloads.
Condition: The symptoms are observed on Cisco 7200 and RSP series routers running Cisco IOS Release 12.3(4)T1.
Workaround: There is no workaround.
•
Symptoms: A Cisco universal access server or universal gateway may be unable to terminate virtual-profile PPP calls on a virtual-access interfaces when virtual-template pre-cloning is enabled. PPP authentication may succeed and PPP may change the state to "FORWARDED," but LCP/NCP may never start on the virtual-access interface, causing a PPP timeout to occur on the client (usually after 30 seconds).
Conditions: This symptom is observed intermittently on a Cisco universal access server or universal gateway that run Cisco IOS Release 12.3(5) when SGBP/VPDN and virtual-profile calls share the same pre-cloned virtual-access interfaces.
Workaround: If this is an option from the point of view of performance, disable virtual-template pre-cloning.
Alternative Workaround: Use a different virtual-template interface for virtual-profile PPP calls.
•
Symptoms: An incoming POTS dial peer may ignored.
Condition: This symptom is observed when ISDN isdn overlap-receiving is enabled and when the port is not configured for the incoming POTS dial peer.
Workaround: Either configure the port for the incoming POTS dial peer or disable ISDN overlap-receiving.
•
Symptoms: A memory leak may occur for templates when the Per-VRF AAA feature is configured.
Conditions: This symptom is observed when a PPP session is cleared from the client side and occurs only on Cisco IOS software images in which the fix for caveat CSCin66024 is integrated.
Workaround: There is no workaround.
•
Symptoms: When you remove a policy map that is attached to a service policy or when you make changes in the CIR of a policy class, a router may produce spurious align messages and may crash.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(7.7) or Release 12.3(9) and that is configured for PPP.
Workaround: Do not to make any changes to the policy map or any changes that are related to QoS.
•
Symptoms: When you set up PPPoA sessions in a stress situation, the following error message may be generated:
%IDMGR-3-INVALID_ID: bad id in id_to_ptrConditions: This symptom is observed on a Cisco 10000 series that is configured with about 22,000 active PPPoA sessions and that has a CPU usage of 99 percent. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series periodically shows incorrect adjacencies for the loopback address. The output of the show ip cef events ip-prefix command shows the following:
<ip-prefix>/32, version 8177, epoch 0, attached, connected 0 packets, 0 bytes tag information set local tag: implicit-null via Loopback0, 0 dependencies valid discard adjacency
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9b) and that is configured for PPP and CEF. However, the symptom maybe platform-independent.
Workaround: There is no workaround.
•
Symptoms: PPTP tunnels do not come up.
Conditions: This symptom is observed when VPDN is configured.
Workaround: There is no workaround.
•
Symptoms: PPP does not establish new sessions.
Conditions: This symptom is observed on a Cisco router that is configured with full virtual-access interfaces when a PPP leak occurs.
Workaround: Reload the router and configure virtual-access subinterfaces instead of full virtual-access interfaces.
•
Symptoms: Templates remain bound to virtual-access interfaces even when all the PPP sessions are cleared. For example, when you enter the show template command after clearing all sessions, you see templates bound to non-existent virtual-access interfaces. This situation is associated with a memory leak.
Conditions: This happens when a large number of PPP sessions are brought up and torn down.
Workaround: There is no workaround.
•
Symptoms: When you enter the show template command, a router may crash.
Conditions: This symptom is observed during a stress test in which PPPoE sessions are flapped.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
Resolved Caveats—Cisco IOS Release 12.3(7)T10
Cisco IOS Release 12.3(7)T10 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T10 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: You may not be able to set the casnDisconnect object to "true" in the CISCO-AAA-SESSION-MIB.
Conditions: This symptom is observed only for Telnet sessions. The symptom does not occur for other sessions such as PPPoE sessions.
Workaround: Clear the Telnet session by using the tsClrTtyLine object.
IP Routing Protocols
•
Symptoms: An LNS with a VRF configuration does not send an echo reply when it receives a ping to loopback interface 0.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300, a Cisco 7200 series that is configured with an NPE-400, and a Cisco 7400 series.
Workaround: Wait about 20 minutes to enable the LNS to send an echo reply or enter the clear arp-cache command.
Miscellaneous
•
Symptoms: The CLI command show run would not show anything. This is due to a memory leakage in the router. The memory leak occurs at process CCH323_CT.
Conditions: This symptom occurs on a Cisco AS5350 that is running Cisco IOS Release 12.2(15)T5 in a SS7 solution environment acting as the originating and terminating gateway. The CLI command show proc mem shows process CCH323_CT holding lots of memory and not releasing it back. The show memory sum will show the free memory continuously decreases as the gateway continues to handle VoIP calls. After the free memory runs out, the router either hangs or crashes.
Workaround: The only way to recover the router is with a reload or power cycle.
•
Symptoms: When the redundancy mode is changed from classic-split to RPR-plus through the command line interface (CLI), the peer Route Switch Controller (RSC) goes to the initial configuration setup dialogue.
Conditions: This symptom has been observed on a Cisco AS5850 universal gateway.
Workaround: Load the configurations with RPR-plus configured onto the startup configurations of both RSCs. The symptom will not be seen.
•
Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•
Symptoms: The following error message may be generated when a Cisco AS5850 voice gateway boots:
Could not enable MACThis situation may prevent line cards from booting up and pings over the Fast Ethernet and Gigabit Ethernet interfaces may fail.
Conditions: This symptom is observed on a Cisco AS5850 voice gateway that runs Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.
Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:
–
–
–
Workaround: Remove the fax pass-through configuration.
•
Symptoms: The WIC-DSU-T1-V2 card can get stuck and will not be able to detect any alarms, loopback events, etc.
Conditions: When this symptom occurs, the DSU-T1-V2 may still be able to pass traffic.
Workaround: Bring the card up again by issuing the clear service- module serial slot|port command.
•
Symptoms: Weighted Random Early Detection (WRED) does not match packets based on any marking done.
Conditions: This symptom has been observed when qos pre-classification (the qos pre-classify command) is turned on.
Workaround: Remove the qos pre-classify command.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•
Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.
Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.
Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.
•
Symptoms: SSG uses a duplicate Acct-session-id (attribute 44) in a RADIUS accounting packet.
Conditions: This symptom is observed for post-paid users.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A L2TP Network Server (LNS) configured in a virtual private dial network (VPDN) reloads after VPDN packet debugging is enabled.
Conditions: This symptom has been observed on a router that is running Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: A process-switched L2TP packet is dropped on an LNS when the sessions are created into multiple VRFs. There is no problem with a CEF-switched session.
Conditions: This symptom is observed when one of the sessions is process-switched (for example, the UDP checksum is present) and when CEF switching is enabled.
Workaround: Disable CEF switching by entering the no ip route-cache cef interface configuration command on the virtual-template interface or enter the vpdn ip udp ignore checksum global configuration command.
•
Symptoms: A syslog message may not be generated when a session limit is exceeded.
Conditions: This symptom is observed when the VPDN session limit is configured on a VPDN group or VPDN template on a LAC or LNS. If the no vpdn session-limit global configuration command is enabled, a syslog message is generated when the session limit is exceeded.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(7)T9
Cisco IOS Release 12.3(7)T9 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Resolved Caveats—Cisco IOS Release 12.3(7)T8
Cisco IOS Release 12.3(7)T8 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Miscellaneous
•
Symptoms: A feature board may reload after a switchover.
Conditions: This symptom is observed only on a Cisco platform that is configured for Nitro Interconnect Protocol (NIP).
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•
Symptoms: When a voice gateway is reset by a Cisco CallManager, the voice gateway may not reregister with the Cisco CallManager, even when the output of the show isdn statistics command indicates the following state:
MULTIPLE_FRAME_ESTABLISHED and L3 Protocol(s) = CCM-Manager.The above-mentioned state occurs when the voice gateway fails to send a restart message (RM) to the Cisco CallManager.
Conditions: This symptom is observed on a Cisco 3745 that functions as a voice gateway and that runs Cisco IOS Release 12.3(4)T6, 12.3(8)T3, or 12.3(8)T4.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the T1 controller of the interface that connects to the Cisco CallManager.
•
Symptoms: Voice packets are not compressed when cRTP is configured with MQC on a serial interface that is configured for Frame Relay encapsulation.
Conditions: This symptom is observed on a Cisco 3725, Cisco 3745, and Cisco 7206.
Workaround: Disable CEF globally and disable fast switching on the serial interface.
•
Symptoms: 20 percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 crashes because of a bus error and reloads.
Conditions: This symptom is observed when the Cisco AS5850 processes a call while the CPU utilization of the RSC and the line cards is very high because of call failures.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 reloads when it fetches a TDM connection object for a TDM hairpinned call. while handing over peer resources to the standby RSC.
Conditions: This symptom is observed when you enter the redundancy handover peer-resource command and when the Cisco AS5850 functions in the extra-load state.
Workaround: Clear all existing calls that use peer resources and mark the calls as busyout before you enter the redundancy handover peer-resource command.
•
Symptoms: Calls via a V.110 L2TP GSM application fail.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(2)T or a later release and that is configured for MGCP NAS. Debugs show PPP and CRC errors and corrupt asynchronous framing.
Workaround: There is no workaround.
•
Symptoms: After a DSP crashes and recovers, voice calls through a backhauled PRI fail. Note that a regular PRI is not affected.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T6, that functions as a voice gateway, and that is configured with an NM-HDV2 and a PVDMII-24.
Workaround: Enter the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command on the affected voice port. Note that shutting down and bringing up the controller on the affected voice port does not bring the voice port back up.
•
Symptoms: A Cisco gateway may reload at "h245_olc_out_sm".
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.3(7)T7 when the gateway receives a third-party RequestChannelClose message that has the reason field populated with "reopen".
Workaround: Ensure that the third-party gateway does not send a RequestChannelClose message with the reason field populated with "normal".
•
Symptoms: "IP Input" and "ESM Logger" processes hold increasing amounts of memory.
Conditions: This symptom is observed when the Embedded Syslog Manager (ESM) is used to manipulate syslog messages and executes show commands to gather information that is required for syslog message modification. The probability that the symptom occurs increases with the number of times that a show command is executed by the TCL script.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Resolved Caveats—Cisco IOS Release 12.3(7)T7
Cisco IOS Release 12.3(7)T7 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms:
–
–
Conditions: This symptom can occur at any time and under no special conditions.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: A router that is configured with a Layer 2 firewall may crash and report memory corruption.
Conditions: This symptom is observed on a Cisco 1700 series that is configured with a Layer 2 firewall and a WIC-4ESW on which a switch virtual interface (SVI) is configured in a bridge group. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: After a grounding ring, the circuit may fail to detect an ensuing tip ground acknowledgement from the far end.
Conditions: This symptom is observed when placing outgoing calls with the FXO tip ground detect circuit present via a VIC2-2/4FXO, EM-HDA-6FXO, or EM-HDA-3FXS/4FXO.
Workaround: Use loopstart mode for FXO.
•
Symptoms: During Modem Pass Through (MPT) calls, ecan canceller NLP did not get disabled upon the gateway receiving a 2100Hz tone without phase reversal. This causes some low modulation client modem (V22bis) to fail to connect. In most cases, it should not affect MPT calls.
Conditions: This symptom is observed with Modem Pass Through calls that receive a 2100Hz answer back tone without phase reversal.
Workaround: Disable NLP via CLI command, but will affect voice calls quality.
•
Symptoms: A Cisco router that is configured for IP Header Compression (IPHC), may discard packets or unexpectedly reload following an I/O pool memory corruption.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T and occurs only when PPP Protocol Field Compression (PFC) and Address and Control Field Compression (ACFC) are also negotiated along with IPHC.
Workaround: Enter the ppp pfc remote reject and ppp acfc remote reject commands to disable (reject) the negotiation of PFC and ACFC. Alternatively, enter the no ip tcp header-compression to disable IPHC.
•
Symptoms: When you boot a router, a voice port remains in the BUSYOUT state, which can be observed in the output of the show voice call summary command.
Conditions: This symptom is observed when the T1 controller is configured as the DS0 group.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T1 controller to enable the voice port to change to the ONHOOK state and voice calls to be resumed.
Wide-Area Networking
•
Symptoms: An LNS sends two accounting stop records when a client re-negotiates a PPP session.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1 and that functions as an LSN when VPDN multihop is configured.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(7)T6
Cisco IOS Release 12.3(7)T6 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: One of the serial connections on Fast Ethernet (FE) interfaces stops passing traffic. The interfaces can either go into up/down state or may remain up/up but they do not pass any traffic.
Conditions: This symptom was observed when running IPSec over Generic Routing Encapsulation (GRE) tunnels on a Cisco 7500 router with Route Switch Processor (RSP4).
Workaround: Either remove the card and put it back in again or reboot the router.
•
Symptoms: The throughput for traffic across a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) may be lower than expected. For example, the throughput may be about 4 Mbps.
The output of the debug ipv6 cef drop privileged EXEC command shows that the packets are switched via Cisco Express Forwarding (CEF) from the interface that is enabled for IPv6 to the MPLS network, but does not show any packets that are forwarded from the MPLS network to the interface that is enabled for IPv6, which indicates that the packets from the MPLS network are process-switched rather than switched via CEF.
Conditions: This symptom is observed on a Cisco 7500 series that functions as a 6PE router and that is configured with 2-port Fast Ethernet port adapters.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the "dead process" on a Cisco router, and memory allocation failures (MALLOCFAIL) may be reported in the processor pool. The authentication, authorization, and accounting (AAA) User Identifier (UID) database may leak about 200,000 bytes for each failed EXEC call or vty session because of internal errors during the initiation process.
Conditions: This symptom is observed when EXEC Accounting and Network Accounting are enabled and when a failure occurs during an EXEC call or a vty session. The reasons for the EXEC call failure or vty session failure could be low processor memory on the Cisco router, an internal message processing error, or a timeout during the prompting for a username and password.
Workaround: If this is an option, disable EXEC Accounting and Network Accounting.
•
Symptoms: A VIP crash may cause memory exhaustion on an RSP, which in turn may cause the RSP to crash.
Conditions: This symptom is observed more frequently on routers with a high IDB count.
Workaround: There is no workaround.
•
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
•
Symptoms: DHCP accounting records are not sent to a RADIUS server.
Conditions: This symptom is observed when the aaa accounting delay-start command is configured.
Workaround: Disable the aaa accounting delay-start command. If this is not an option, there is no workaround.
•
Symptoms: When tunnelled sessions are flapped on an L2TP Access Concentrator (LAC) or an L2TP Network Server (LNS), sessions may be attempted to be established on the wrong tunnels.
Conditions: This error occurs when there is a high call rate and a high call volume.
Workaround: Enable the radius-server source-ports extended global configuration command.
IP Routing Protocols
•
Symptoms: When using Cisco CallManager and PAT on the CE router, no voice is observed if a call is made across CCM clusters and is transferred back to another phone on the same CCM, between the IP phones behind PAT.
Conditions: This symptom occurs when Cisco CallManager is configured for Static NAT. The IP phones registered to the CCM in the location are configured to use PAT. A call is made across the CCM cluster and transferred back to the cluster.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1600 series crashes with an "Unexpected exception to CPU vector 2" error.
Conditions: This symptom is observed when stateful NAT is configured with the redundancy in command.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for multicast routing may reload due to a bus error.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software release that contains the fix for CSCec80252. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec80252. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco 3745 that runs Cisco IOS Release 12.2(15)T2 or Release 12.3 may deplete the interrupt level stacks and report the following error messages in the syslog:
%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000 %SYS-6-STACKLOW: Stack for level DMA/Timer Interrupt running low, 0/9000 %SYS-6-STACKLOW: Stack for level PA Management Int Handler running low, 0/9000 %SYS-6-STACKLOW: Stack for level Console Uart running low, 0/9000
Interrupt level stacks:
Level Called Unused/Size Name
1 22321736 0/9000 Network interfaces
2 830757 0/9000 DMA/Timer Interrupt
3 453468 0/9000 PA Management Int Handler
4 5100 0/9000 Console Uart
5 0 7656/9000 External Interrupt
7 113396404 8600/9000 NMI Interrupt HandlerConditions: This symptom is observed when the BSTUN configuration is being updated.
Workaround: There is no workaround.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: An H.323 proxy may fail when a conference call between a PSTN user and IP phones users is initiated by an IP phone in a Cisco CallManager environment.
Conditions: This symptom is observed on a Cisco router that functions as a gatekeeper, that has the H.323 proxy enabled, and that runs Cisco IOS Release 12.3(5) in the following topology:
An IP phone connects to a Cisco CallManager that connects to the Cisco gatekeeper that has the H.323 proxy enabled. The Cisco gatekeeper connects to yet another gatekeeper that connects to a gateway that, in turn, connects to the PSTN.
All calls to and from the Cisco CallManager IP phone via the Cisco gatekeeper are proxied. The Cisco CallManager runs software version 3.3(3)SR3. The display IE delivery option is disabled in the H.225 trunk configuration in the Cisco CallManager administration web page. The H.225 trunk is controlled by one of the gatekeepers.
The symptom occurs in the following sequence of events:
1. A PSTN user calls IP phone (IP phone 1).
2. The user of IP phone 1 answers the call and the call is connected with two-way audio.
3. The user of IP phone 1 presses the "conference" button and calls another IP phone (IP phone 2).
4. The user of IP phone 2 answers the call and the call is connected with two-way audio.
5. The user of IP phone 1 presses the "conference" button again.
6. The H.323 proxy fails, causing the PSTN to be disconnected from the conference call.
7. The conference call continues between the user of IP phone 1 and the user of IP phone 2.
Workaround: Enable the "Display IE delivery" option in the H.225 trunk configuration Cisco CallManager administration web page.
Alternate Workaround: Disable the H.323 proxy on the Cisco gatekeeper.
•
Symptoms: A router may log a CPUHOG message that is caused by the CEF reloader process.
Conditions: This symptom is observed on a Cisco router when a VRF with more than 9000 routes is added to the configuration.
Workaround: There is no workaround.
•
Symptoms: L2TPv3 sessions do not recover after an interface flap of a core-facing interface in the ingress PE.
Conditions: This occurs with KA configured on both of the interfaces.
Workaround: There is no workaround.
•
Symptoms: A LAC sends incorrect connection speed information in the L2TP setup message to the LNS, which in turn gets forwarded to the AR RADIUS server for authentication.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3(6.2)T2. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform may reload unexpectedly when bulk calls are initiated while an SS7 configuration is being loaded.
Conditions: This symptom is only observed for SS7 configurations. Non-SS7 configurations are not affected.
Workaround: There is no workaround.
•
Symptoms: A router reloads when receiving IPX packets.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) and that is configured for IPX networking. The router may reload after named ACLs have been displayed.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 83X router with crypto engine accelerator enabled, the router fails to authenticate packets when AH authentication is used without any ESP in transport mode. The following logs can be seen on the console for every packet that fails.
%HIFN79XX-1-ERROR: chifn79xx_crypto_callback() toolkit return failure %HIFN79XX-1-PKTENGRET_ERROR: Hifn79xx PktEng Return Value = 0x10000, Hifn79xx_PktEngReturn_Overflow.
-Traceback= 80975F10 80984E60 809847B4 809820E8 80980C1C 80973C00 8017D968 801F4F1C 8017D8F0 801F4D7C 802E61D0 802E4D0C 802E50CC 802E5114 802F4360 802F6AF0Conditions: This only happens when ah-sha-hmac or ah-md5-hmac is used alone without any encryption in the transform set. It also happens only in transport mode. IPSec in Tunnel mode works fine with this transform set.
Workarounds: The following are only needed if using transport mode: 1. Use any ESP transforms along with the AH authentication. (or) 2. Use any ESP transforms without the AH authentication.
•
Symptoms: A SAR on a DSL WIC may cause reduced throughput, an increase in delay, or both because the bandwidth that is configured for the VC may be corrupted.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: There is no workaround.
•
Symptoms: A router may experience a memory leak when the LSR MIB is queried.
Conditions: This symptom is observed on a Cisco router running Cisco IOS Release 12.2(15)T10 but is software-independent.
Workaround: Disable the LSR MIB queries and reboot the device to reclaim the leaked memory.
•
Symptoms: A Cisco IOS router with a hardware crypto engine that is running generic routing encapsulation (GRE) over IPSec may hang.
Conditions: This symptom occurs if the tunnel source interface is unplugged or administratively shut down. The router will self-recover after its I/O memory pool is exhausted.
Workaround: Use software crypto engine by issuing the no crypto engine accelerator command.
•
Symptoms: When the Cisco IOS Firewall CBAC is configured, the router seems to have a software-forced reload caused by one of the inspections processed.
Conditions: This symptom is observed when the router is part of a DMVPN hub-spoke with a Cisco VoIP phone solution deployed on it and the router is connected to the central office over the Internet. The Cisco VoIP phone runs the SKINNY protocol.
Workaround: There is no workaround.
•
Symptoms: Acknowledgements coming from a WIC may be lost, and the transmission may lock up. The missing acknowledgements may be recovered if the number of acknowledgements is more than one.
Conditions: This symptom is observed on a Cisco 2600 series that is configured with an ADSL or G.SHDSL WIC.
Workaround: If the transmission locks up, reset the interface. However, you can prevent the lock up from occurring by entering the tx-ring-limit ring- limit command on the PVC and by entering 24, 6, 5, or 2 for the ring- limit argument.
•
Symptoms: After marking a high threshold, a call from a gateway that is registered with another gatekeeper is rejected because of Disconnect Cause 34 (no circuit/channel available) though there are channels available.
Conditions: This symptom is observed with a gatekeeper that is running Cisco IOS Release 12.3T or Release 12.3, and with any gateway (can be from Cisco or a third party) that supports RAI functionality.
Resource Availability Indicator (RAI) and the gatekeeper clustering function are used. The originating gateway and terminating gateway are registered with different gatekeepers.
Workaround: Register all gateways with a single gatekeeper.
•
Symptoms: A Cisco access server does not report digital/ISDN data calls in the output of the show controllers e1 call-counters command. Analog calls are correctly counted.
The SNMP representation of active DS0s within the CISCO-POP-MGMT-MIB is also affected by this problem: the cpmActiveDS0s OID no longer shows the total number of calls, but reports only the number of analog/modem calls.
Conditions: This symptom is observed on a Cisco access server that runs Cisco IOS interim Release 12.3(7.9) or a later release.
Workaround: To retrieve the number of digital data calls using a CLI command, enter the show caller summary EXEC command. There is no workaround for SNMP retrieval.
•
Symptoms: After a Cisco 7301 has crashed because of a parity error, the router may reload continuously with a "signal=10" bus error.
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(6a) but may also occur in other releases.
Workaround: There is no workaround.
Further Problem Description: This problem can affect any platform that uses create-on-demand ATM VCs, also known as Auto VCs.
•
Symptoms: A small memory leak may occur on a Cisco AS5xxx universal gateway that uses VXML ASR scripts.
Conditions: This symptom is observed when the VXML ASR grammar is already being defined while input is still being solicited after a no-input or no-match event.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash may occur on a gatekeeper that processes an incoming call.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.2(15)T13 and occurs only when a GKTMP server is configured for LRQ triggering.
Workaround: There is no workaround.
•
Symptoms: When 20 calls are brought up per second, the voice call setup may start to fail on a Cisco AS5850 that runs an MGCP application.
Conditions: This symptom is observed when you enter the show running-config command and the show voice call summary command while 20 calls are brought up per second.
Workaround: Do not enter show commands when many calls are brought up per second.
•
Symptoms: On a Cisco AS5850 with an enhanced Route Switch Controller (RSC) that is configured to hair-pin incoming ISDN calls onto outgoing channel associated signaling (CAS) channels (or vice-versa), a Time Division Multiplexing (TDM) leak condition will be exhibited after a few hours.
Conditions: This symptom is observed in Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: STM1 flaps map be observed on a Cisco AS5850 access gateway.
Conditions: This symptom occurs when the debounce timer for Loss of Signal (LOS) and Loss of Frame (LOF) is ignored.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5850 that is configured to use a backhaul session manager, the backhaul sessions may go down, causing the D-channels to go down too.
Conditions: This symptom is observed when 100 percent CPU utilization occurs on the Cisco AS5850 for 2 seconds or longer.
Workaround: Increase the RUDP retransmission time-out value to 1000 ms.
•
Symptoms: An IP phone user does not hear the PSTN caller, but the PSTN caller does hear the IP phone user. When you enable debugging, you can see that an H.225 CONNECT message that is received by the router is not relayed to the Q.931 call leg.
Conditions: This symptom is observed on a Cisco IOS voice gateway that is connected to a Cisco CallManager that is configured for H.323.
Workaround: If this is an option, use MGCP instead of H.323. You can also configure the application session command on all POTS dial peers, but doing so may disable some enhanced functionality in SRST mode.
•
Symptoms: A Cisco 2800 series or Cisco 3800 series that functions as a voice gateway may reload when it processes voice traffic on a PVDM2-8 packet voice/fax digital signal processor (DSP) module.
Conditions: This symptom is observed when flex codec-complexity voice calls are processed and when the PVDM2-8 is installed in one of the following two locations in the router:
- in a PVDM2 slot on the motherboard of the router.
- in a PVDM2 slot of an NM-HDV2 IP communications high-density digital voice/fax network module.
Workaround: Use high or medium codec-complexity. If you must use flex codec-complexity, ensure that the PVDM2-8 is not present in any of the above-mentioned slots.
•
Symptoms: A Cisco AS5850 that has a trunk-group that is provisioned to a third-party vendor switch can pass a COT request when this request is initiated by a Cisco BTS 10200 but fails when this request is initiated by the third-party vendor switch. This situation prevents you from configuring new trunks to the third-party vendor switch.
Conditions: This symptom is observed in a configuration with a Cisco BTS 10200 that runs software version 3.5 3 V03 and a Cisco AS5850 that runs Cisco IOS Release 12.3(2)T7 or Release 12.3(2)T3.
Workaround: There is no workaround.
Further Problem Description: Because the third-party vendor switch does not use the loopback COT, the 4W_TO_2W COT is required. When the CCR is received, the Cisco BTS 10200 sends the LPA, and then sends a CRCX with M:conttest to the Cisco AS5850. Then, the third-party vendor switch sends a 2010-Hz tone and searches for a 1780-Hz tone from the Cisco AS5850. Monitoring the T1 line reveals that the Cisco AS5850 does not send the 1780-Hz tone although it does receive the 2010-Hz tone from the third-party vendor switch. So either the CRCX with M:conttest is not implemented correctly on the Cisco AS5850, or the Cisco BTS 10200 should send a RQNT with S:T/co2 following the CRCX.
•
Symptoms: A Cisco 3725 that has an AIM slot populated may hang sporadically.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) or a later release.
Workaround: There is no workaround. To restore the router to normal operation, power-cycle the router.
•
Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.
Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.
Workaround: There is no workaround.
•
Symptoms: Calls are cleared properly but corresponding application instances may not be cleared. This situation causes a memory leak, and eventually, when the gateway runs out of memory, causes the gateway to crash.
Conditions: This symptom is observed on a Cisco AS5850 gateway that runs a TCL application that provides TBCT functionality when the Cisco AS5850 gateway interworks with a 5ESS switch.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Symptoms: When you enter the show voice call summary command on a Cisco AS5850, the CPU utilization increases up to 95 percent and causes Connection Admission Control (CAC) to become active and calls to drop. When the generation of the command output is complete, the CPU utilization is restored to its normal value.
Conditions: This symptom is observed on a Cisco AS5850 that has a heavy incoming call load (40 cps) and that is configured for CAC.
Workaround: Do not enter the show voice call summary command.
•
Symptoms: On a CME 3.1 system, a speed dial that is configured via the GUI for phone A may show up on the GUI interface of phone B when one of these phones has an 7914 add-on. However, the configuration does not show up in the running configuration.
Conditions: This symptom is observed when you configure speed dial via the GUI for a CME 3.1 system, and when the following configuration is present:
!
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203
!
ephone 2
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2
!
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3The speed dial configuration addition and modification on ephone 3 may be shown when you attempt to edit the configuration of ephone 2.
Workaround: If you move the ephone configuration of a 7940 or 7960 phone with a 7914 add-on away from the other phones, the symptom does not occur. The following shows the configuration set with the workaround applied to the above configurations:
ephone-dn 2 dual-line
number 7202
!
ephone-dn 3 dual-line
number 7203One more ephone-dn for another 7914 (in case you need to add one more and wonder how the configuration would look):
ephone-dn 4 dual-line
number 7209This is the usual 7960 phone (7203):
ephone 3
mac-address 000A.8A93.DCDF
speed-dial 1 7201 label "CEO"
speed-dial 2 7202 label "sec"
speed-dial 3 7203 label "me"
speed-dial 4 7204 label "CTO"
button 1s3This is the 7960 phone with the 7914 add-on which was ephone 2 before:
ephone 31
mac-address 000A.8A93.DCC3
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:2This is a new 7960 phone with a 7914 add-on:
ephone 38
mac-address 00AA.1234.ABCD
speed-dial 1 7201 label "VP-assitant"
speed-dial 2 +7203 label "Vice president"
speed-dial 6 7203 label "test1"
speed-dial 7 7201 label "test2"
type 7960 addon 1 7914
button 1:4The idea is to configure all the simple phones without any 7914 add-ons from ephone 1 to N (say, 1 to 30). Now, add the first phone with the 7914 add-on as ephone N+1 (31). The next phone with the 7914 add-on should be configured as ephone [(N+1)+7] (38) and so on (45, 52, 59, etc).
•
Symptoms: Spurious memory accesses occur on a gatekeeper during RAS communication for H.323 voice calls.
Conditions: This symptom is observed when the gatekeeper sends an LRQ for a voice call.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 with an ERSC board may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on a Cisco AS5850 series that is configured with an ERSC board. RSC boards are not affected.
Workaround: There is no workaround.
•
Symptoms: Use of Cisco CallManager Express (CCME) HTTP GUI interface may lead to Cisco IOS voice gateway instability.
Conditions: Using the CCME GUI interface to configure and maintain a VoIP gateway may cause unexpected results. The results can include symptoms such as T1 controllers being inaccessible, calls not completing through the gateway, and the gateway reloading unexpectedly.
Workaround: Use the command line interface (CLI) for configuring and maintaining a CCME VoIP gateway. To prevent access via the HTTP GUI interface, it is recommended that the access be removed through the no ip http server global configuration command.
•
Symptoms: A router may reload when a Tcl IVR verb test script runs.
Conditions: This symptom is observed when a Telnet connection is made through the Ethernet port instead of through the console port and when simultaneous calls are made using all the 23 channels. The symptom occurs only with an automated test script.
Workaround: There is no workaround.
•
Symptoms: The following tracebacks can occur on a Route Processor (RP) console:
04:24:32: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x619B6AD8 reading 0x10 04:24:32: %ALIGN-3-TRACE:
-Traceback= 619B6AD8 60EC5764 60EC58D0 60EDAC74 6037C6A8 6037C694 00000000 00000000Conditions: This problem is seen when a dLFIoATM interface flaps on a Cisco 7500 platform.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error after the following error message is displayed:
%ATMPA-3-BADVCD:ATM[int] bad vcd [number] packet -Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface.
Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface when a packet that contains a virtual circuit descriptor (VCD) that is out range is passed on to the ATM driver of the interface in order to be transmitted.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions as a PPPoX aggregator may crash because of a bus error.
Conditions: This symptom is observed in a highly scaled environment when many sessions are simultaneously established and torn down.
Workaround: There is no workaround.
•
Symptoms: A Cisco router running a Cisco IOS image may crash because of a bus error when it accesses an invalid address (0x0B0D0B0D).
Conditions: This symptom is occasionally observed when an MLP bundle containing virtual-access PPP links goes down.
Workaround: There is no workaround.
•
Symptoms: A router with a PPPoE configuration may crash because of a bus error at an illegal address.
Conditions: This symptom is observed when a PPP session is being established.
Workaround: There is no workaround.
•
Symptoms: When an E1 line is shut down by entering the shutdown command and a switchover from the active RP to the standby RP occurs, the E1 line that is shut down is still reported as being in service on the standby RP.
Conditions: This symptom is observed when SS7 is configured with RLM between a media gateway controller and a Cisco AS5850 universal gateway in RPR+ mode.
Workaround: Instead of the shutdown command, enter the service command to place the E1 line out of service.
•
Symptoms: PPP sessions may get stuck in the TERMSENT state.
Conditions: This symptom is observed on a Cisco platform that has a high CPU utilization.
Workaround: Clear the underlying layer (VPDN, PPPoA, or PPPoE).
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Resolved Caveats—Cisco IOS Release 12.3(7)T4
Cisco IOS Release 12.3(7)T4 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When downloading IP address pools via a Radius Server using Radius Attribute 217, Ascend-IP-Pool-Definition, the ending IP address of the address pool is incorrect. It seems that the translation from the Ascend max entries to a Cisco CLI attribute goes wrong.
See the following example:
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 19 "1 10.112.26.1 240"
Nov 6 11:26:49.696: RADIUS: Vendor, Ascend [26] 26
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 20 "5 10.112.26.242 10"
Nov 6 11:26:49.696: RADIUS(0000017C): Received from id 21648/217
Nov 6 11:26:49.696: AAA/PER-USER: mode = config; command = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.696: AAA/PER-USER: line = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.700: AAA/PER-USER: mode = config; command = [ ip local pool 5 10.112.26.242 10.128.59.6]
Nov 6 11:26:49.700: AAA/PER-USER: line = [ ip local pool 5 10.112.26.242 10.128.59.6]It is unclear where i.e. 10.128.59.6 comes from as it should be 10.112.26.252 (total of 10 addresses in the pool).
The NAS rightfully complains further about it in the debugs as follows:
Nov 6 11:26:49.704: PPP: Message from per-user configuration ...
Nov 6 11:26:49.704: %Bad IP range, 10.112.26.242-10.128.59.6Radius Attribute Translations and Cisco AV-pairs are handled as you would parser the command into the CLI.
Conditions: This seems to fail in about 1 out of 10 IP pool downloads from the Radius-Server.
Workaround: Use Cisco AV-pairs attributes to download IP address pool instead of Radius Attribute 217, Ascend-IP-Pool-Definition.
•
Symptoms: Users are unable to authenticate using RADIUS, or accounting is not sent to the RADIUS server. In addition, when you enter the debug radius command, the following information is generated:
RADIUS(00000049): sending %RADIUS-3-NOSERVERS: No Radius hosts configured. RADIUS/DECODE: parse response no app start; FAIL RADIUS/DECODE: parse response; FAILThe output of the show running-config command indicates that there are in fact RADIUS servers in the server group.
Conditions: These symptoms are observed after following these steps:
1. Remove and recreate a server group that is still referenced by one or more method lists, by entering the following commands:
no aaa group server radius XXXX aaa group sever radius XXXX server x.x.x.x ...2. Allow one of these method lists to be used, causing a transaction to be sent to a RADIUS or TACACS+ server in the server group.
3. Remove and re-add the radius-server host ... command lines for all authentication-capable (or accounting-capable if this group is used for accounting) servers in this server group.
Workaround: Remove all RADIUS or TACACS+ server configurations, remove all RADIUS or TACACS+ server group configurations, and remove all method lists. Then, reconfigure all of them.
Further problem description: If you enter the debug aaa sg-ref-count command before Step 2 of the Conditions, a debug message similar to the following one is generated:
AAA/SG: Server group ref count decoalesced sg_type for public group XXXX and is reduced by 2 to 0•
Symptoms: A VPN client cannot connect to a router that functions as an EzVPN server.
Conditions: This symptom is observed on a Cisco router that functions as an EzVPN server when the user name is not sent in the RADIUS authentication request for the VPN client, causing the authentication server to reject the VPN client.
Workaround: If this is an option, use local authentication.
Further Problem Description: The following error message appears in the debug output:
ISAKMP (0:1): FSM action returned error: 4
•
Symptoms: A router reloads unexpectedly when a tunnel password is downloaded via a RADIUS server.
Conditions: This symptom is observed when a tunnel password is configured in the RADIUS domain profile that is used to establish the tunnel and when the tunnel password string consists of more than 64 characters.
Workaround: Configure a tunnel password string that consists of less than 64 characters.
•
A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally. Services such as packet forwarding, routing protocols and all other communication to and through the device are not affected.
Cisco will make free software available to address this vulnerability. Workarounds, identified below, are available that protect against this vulnerability.
The Advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
Interfaces and Bridging
•
Symptoms: A router reloads unexpectedly when the firmware that runs in the SAR of a PA-A3 ATM port adapter crashes.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3 or Release 12.3 T. However, the symptom could occur on any platform that is configured with a PA-A3 ATM port adapter.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no iSPF command.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround
Miscellaneous
•
Symptoms: A Cisco router performing MPLS label imposition on IPv4 traffic may reload.
Conditions: This symptom is observed when the router attempts to forward traffic to a destination via a route that is newly learned, when the router forwards traffic via Cisco IOS software (that is, not via hardware acceleration), and when one of the following conditions is present:
- There are multiple routes to the destination.
- The ip cef accounting non-recursive command is enabled.
- CEF does not install a "cached adjacency" (as seen in the output of the show ip cef prefix command.)
The symptom affects the following Cisco IOS releases:
- Releases later than Release 12.0(22)S.
- Release 12.1 T and a special XT-release that is based on 12.1 T.
- Release earlier than Release 12.2 S.
- Releases later than Release 12.2(2)T.
- Release 12.3.
The symptom does NOT affect the following Cisco IOS releases:
- Release 12.1E - Release 12.2M
Possible Workaround: Avoid conditions that prevent a "valid cached adjacency" from being installed.
•
Symptoms: On an ASBR-PE, the TFIB may be missing a forwarding entry for a prefix that is learnt from a PE.
Conditions: This symptom is observed on an "ABSR-co-located PE" (that is, an ASBR that also functions as a PE router) when the PE functionality is removed by deconfiguring VRF, for example, by entering the no ip vrf vrf-name command.
Since this is a timing issue, it may occur in Cisco IOS Release 12.0 S, 12.2 S, 12.2 T, and 12.3.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may unexpectedly reload if IPv6 encounters a routing loop, and IPv6 CEF is enabled.
Conditions: This symptom occurs under the following conditions:
–
–
Router#show ipv6 route
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
B ::/0 [200/0]
via 2::2
C 1::/64 [0/0]
via ::, Ethernet0/0
L 1::2/128 [0/0]
via ::, Ethernet0/0
C 2::/64 [0/0]
via ::, Ethernet1/0
L 2::1/128 [0/0]
via ::, Ethernet1/0
B 2001::/16 [200/0]
via 2002::1
B 2002::/16 [200/0]
via 2001::1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0Note that 2001::/16 and 2002::/16 results in a recursion loop because 2001::/16 is accessible via 2002::/16 and 2002::/16 is accessible via 2001::/16.
Workaround: Disable IPv6 CEF using the global configuration command no ipv6 cef.
•
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
•
Symptoms: The tag forwarding table for a line card on Cisco platforms that have distributed (i.e. linecard based) forwarding, such as the Cisco 7500 Series and the Cisco 12000 Series, may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.
Conditions: This symptom is observed on Cisco platforms that have distributed (i.e. linecard based) forwarding in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link.
The problem is more likely to happen if the PE to CE link experiences quick flaps of an interface (i.e. goes down and come back up in a very small amount of time (e.g. 2 sec)). Although this can happen on any linecard, this situation is more likely to happen on the Engine 3(E3) channelized OC48 line cards due to its quick flapping behavior.
Note: There are additional prerequisites for this bug to happen. These are:
- The defect affects routers that are: (a) MPLS VPN PE routers or (b) routers that exchange labels for ipv4 BGP routes.
- For (a) there should be recursive routes on the PE that go over the PE-CE link (this could be either BGP learnt recursive routes or static recursive routes). Also, these recursive routes have the link's CE side IP address as their nexthop.
- There should be a less specific route to get to the nexthop (this can be a default route). This applies for (a) and (b).
Workaround: There is no workaround.
•
Symptoms: Several prefixes for nonredistributed and connected interfaces in different VRFs may be partially bound to the same MPLS VPN label, causing traffic that is bound for one or more of these VRFs to be disrupted.
Conditions: This symptom is observed on a Cisco router after the VRF interfaces have flapped.
Workaround: Clear the routes in the VRFs in sequence.
•
This caveat consists, of six separate symptoms, conditions, and workaround, of which the first three apply to all Cisco IOS releases and the last three apply only to Cisco IOS Release 12.3 T:
1) Symptoms: There are three symptoms:
- There may be a inconsistent or duplicate display of files between the show diskslot-number and dir diskslot-number commands.
- When a file is deleted from the CLI, the file may be deleted but a "No such file" message may be printed.
- One cluster may leak. Entering the fsck command truncates the original file and creates an orphan file for the leaked cluster.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC:" mode, as in the following example:
show version | append disk#:Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#vtp file new Setting device to store VLAN database at filename new. Router(config)#^Z
Workaround: There is no workaround.
2) Symptoms: The show diskslot-number and dir diskslot-number commands may show inconsistent information (such as inconsistent file sizes) when multiple images are copied.
Conditions: This symptom is observed when you make two copies of the image file to the disk by using two vtys and by entering the dir diskslot-number command at the same time.
Workaround: Do not enter the show diskslot-number and dir diskslot-number commands when multiple images are being copied.
3) Symptoms: There are two symptoms:
- The show diskslot-number and dir diskslot-number commands may show inconsistent information.
- Entering the fsck command may delete or truncate the valid files or create an orphan file for an unused cluster.
Conditions: This symptom is observed when you rename a directory that consists of many subdirectories or files.
Workaround: Reload the router.
4) Symptoms: There are two symptoms:
- There may be a duplicate entry for each file when you enter the show diskslot-number command.
- An snmpGet on a ciscoFlashFileSize object may enter a loop.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T after the router boots up.
Workaround: There is no workaround.
5) Symptoms: There are two symptoms:
- The show diskslot-number and dir diskslot-number commands may show inconsistent information.
- Entering the fsck command may delete or truncate the original file.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T when an application or a CLI command overwrites a file on the disk.
Workaround: Reload the router.
6) Symptoms: A router that runs Cisco IOS Release 12.3 T crashes.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC" mode and attempts to delete the file, as in the following example:
show version | append "disk0:redirect.out" and issuing delete disk0:disk0:redirect.out
Workaround: Reload the router and delete the file.
•
Symptoms: A Cisco AS 5400 reloads at "is_xcsp" when you enter the show users command for async calls.
Conditions: This symptom is observed on a Cisco AS5400 gateway that runs Cisco IOS Release 12.3 or 12.3(8)T.
Workaround: There is no workaround.
•
Symptoms: The Fast Ethernet output queue of a Cisco 1700 series may become wedged.
Conditions: This symptom is observed when Multilink PPP is enabled on the incoming serial interface via the ppp multilink fragment-delay delay-max command (with a delay of 10 ms), when there is a low link bandwidth (128 kb), and when there are large packet sizes (1343 bytes).
Workaround: Remove the ppp multilink fragment-delay delay-max command from Multilink PPP configuration.
Alternate Workaround: Disable fast switching on the Fast Ethernet interface.
•
Symptoms: On a Cisco AS5400 Voice Gateway, calls may fail when it is used as an Originating Gateway that is configured with g.clear codec and signalled by an MGCP call agent. NAK messages may also be seen.
Conditions: This symptom is observed on a Cisco AS5400 Voice Gateway.
Workaround: There is no workaround.
•
Symptoms: A NAS crashes when stress scripts are running and when bulk calls are made.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800 that are configured for T1 when scripts run that enter the shutdown command followed by the no shutdown command on controllers in digital callers and the clear modem all command in analog callers. The NAS is stressed with both analog and digital calls made from a traffic generator that sends 20 packets per second and the scripts run every 10 minutes.
Workaround: There is no workaround.
•
Symptoms: A Cisco IP Phone 7912 fails to download (or fails to use TFTP to download) its firmware from a Cisco CallManager Express 3.1 router
The output of the show ephone phone-load command shows the "CM-aborted-TCP" error message:
router#sh ephone phone-load
DeviceName CurrentPhoneload PreviousPhoneload LastReset
=====================================================================
..
SEP000F23C487D1 CP79120101SCCP030530B. CP79120101SCCP030530B. CM-aborted-TCP
..Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)T and that is configured as a Cisco CallManager Express 3.1 when the following is configured:
telephony-service
load 7905 CP7905010200SCCP031023A
load 7912 CP7912010200SCCP031023A
max-ephones 30
max-dn 100
create cnf-files version-stamp 7960 Apr 05 2004 19:55:09
tftp-server flash:CP7905010200SCCP031023A.sbin
tftp-server flash:CP7912010200SCCP031023A.sbinWorkaround: Enter the load 7905 CP7912010200SCCP031023A.sbin command on the router and then reset only the Cisco IP Phone 7912. Note that the symptom does not occur in releases earlier than Release 12.3(7)T.
•
Symptoms: All VIPs in a Cisco 7500 series restart as a consequence of a Cbus complex that is triggered by a stuck output. Just before the output becomes stuck, IPC timeout errors occur.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) in a dLFIoATM environment. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: IMA link status sticks in NE usable/usable while showing FE active/active.
Conditions: This happens when connecting an IMA module in a Cisco 3640 to a third party vendor switch.
Workaround: Administratively shut down the link and then bring it back.
•
Symptoms: IPv6 over ISDN does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: Without a GKTMP server, calls are not routed based on the destination carrier ID in ARQ.
Conditions: This symptom is observed on a Cisco gatekeeper.
Workaround: Use a GKTMP server.
•
Symptoms: Dynamic prefixes do not get updated by the gateway to the gatekeeper on reregistration due to failover.
Conditions: This has been observed when the gatekeepers are used as an HSRP pair with identical configurations for redundancy and when the gateway tries to re-register with an alternate gatekeeper or stand-by gatekeeper when the primary gatekeeper goes down or becomes unavailable.
Workaround: Manually shut the gatekeeper, or manually unregister the gateway and reregister. The URQ from the gatekeeper is needed.
•
Symptoms: You cannot execute the write memory or the dir filesystem command.
Conditions: This symptom is observed on a Cisco MGX 8850 that runs Cisco IOS Release 12.2(15)T4c and is populated with an MGX-RPM-PR-512 when the remote filesystem on the PXM45/B controller card is accessed. The symptom may also occur in Release 12.3.
Workaround: Switch over the PXM45/B controller card to the standby controller card.
•
Symptoms: On a Cisco router, the output of the execute-on slot number show ip cef prefix command may display the same imposed label twice for a recursive public route.
Conditions: This symptom is observed on a Cisco platform that supports distributed forwarding such as a Cisco 7500 series or a Cisco 12000 series when the neighbor name send-label command is configured under an IPv4 BGP address family on a VIP or line card and when one of the following actions occurs:
–
–
–
The symptom disappears after the affected prefix flaps.
Workaround: There is no non-impacting workaround, but you can enter the clear ip route prefix command or reset the BGP peer to solve the problem.
•
Symptoms: A public recursive route is not labeled.
Conditions: This symptom is observed on a Cisco router that functions as a BGP peer and that has the neighbor name send-label command enabled as part of an IPv4 address family, which is required for Inter-AS configurations. The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: There is no workaround. Note that the symptom does not occur if the neighbor name send-label command is enabled as part of an IPv4 address family VRF.
•
Symptoms: A Cisco AS5850 may reload with a software forced crash.
Conditions: This symptom is observed on a Cisco AS5850 that runs the c5850tb-p9-m image of Cisco IOS Release 12.3(2)T6. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: An active RSC may crash when you enter the redundancy handover peer-resources command.
Conditions: This symptom is observed when a Cisco AS5850 runs in handover split mode and one RSC is in an extra-load mode.
Workaround: Enter the redundancy handover peer-resources command when there are no active calls on any resources that must to be handed over.
•
Symptoms: RIP does not advertise a redistributed static route via an interface.
Conditions: This symptom is observed even when the split horizon mechanism is turned off on the interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may fail to load Channel Interface Processor (CIP) microcode.
Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS software image that includes the fix CSCin48638. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCin48638. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Remove the CIP or insert another CIP in the router.
•
Symptoms: A line card or port adapter may crash on an MPLS VPN PE router when the customer-facing interfaces are flapped.
Conditions: This symptom is observed when any of the following conditions are present:
–
–
The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: Avoid the above-mentioned conditions. For example, avoid the redistribute connected command in the BGP configuration of the CE router.
•
Symptoms: When you make a call via a Cisco AS5850, you may only hear one-way audio.
Conditions: This symptom is observed when the called party is behind a NAT gateway.
Workaround: There is no workaround.
•
Symptoms: Calls drop after 25 seconds.
Conditions: This symptom is observed on a Cisco AS5850 when the following commands are configured:
ip rtcp report interval 5001
gateway
timer receive-rtcp 5
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload because of a port management difficulty.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with an enhanced route switch controller (eRSC) and that has SNMP enabled.
Possible Workaround: Disable SNMP.
•
Symptoms: A SIGSM template does not work when the d[x] field is used to specify the maximum number of digits that need to be captured; the caller would have to enter x+1 digits in order for the call to go through correctly.
Conditions: This symptom is observed on a Cisco AS5850 when a signaling template is configured and when the maximum digit field is used.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for RTP header compression may crash with a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T or a later release, or Release 12.2 S.
Workaround: Disable RTP header compression.
•
Symptoms: Memory corruption may occur when you enter the directory entry clear telephony-service configuration command.
Conditions: This symptom is observed when the directory entry clear telephony-service configuration command clears a preconfigured directory entry but the pointer is not removed. When the freed memory is allocated and written by some other process and when the directory entry clear telephony-service configuration command is reconfigured, a traverse through the directory link list could cause a bus error because the pointer could point to anything, including a non-RAM memory address.
Workaround: Do not enter the directory entry clear telephony-service configuration command to clear entries. Rather, enter the no directory entry command to remove the entries individually.
•
Symptoms: A memory leak may occur on a voice gateway that is configured for SIP.
Conditions: This symptom is observed on a Cisco platform that functions as a voice gateway. The symptom occurs when the voice gateway originates a SIP call that uses UDP, when the "200 OK" response to an "Invite" message is retransmitted more than three times, and when an "ACK" message is sent in response to the "200 OK" response.
Workaround: Use TCP as the transport type.
•
Symptoms: An RSC may crash when you enter the redundancy handover peer-resources command on the active RSC to handover the resources to the standby RSC.
Conditions: This symptom is observed on a Cisco AS5850 that functions in handover split mode when file copy, delete, or format operations are in progress.
Workaround: Do not hand over resources when file copy, delete, or format operations are in progress.
•
Symptoms: A memory leak occurs on a Cisco 1760 that functions as a CCME and that is configured with 24 IP phones.
Conditions: This symptom is observed when you run test in which you make calls between the IP phones that are registered to the CCME and calls to PSTN phones, and when you use calling features such as third-party conference calls, call forward, call hold, and call transfer. Each time the test completes, the amount of available free memory decreases with 1-to-4 Mb. This lost memory is not recovered even after all IP phones are deregistered and the CCME sits idle.
Workaround: There is no workaround.
•
Symptoms: When a DSP is dead or does not function, the DSP is considered lost. There is no way to bring the DSP back to the normal functional state.
Conditions: This symptom can occur on Cisco 2600 series and Cisco 3745 routers running Cisco IOS Release 12.3(7)T.
Workaround: There is no workaround.
•
Symptoms: A voice port may stop providing a dial tone and hang, and the following messages appear in the logs:
v4vip_send_cmd:No space in INBOX:free_space(0), cmd_length(3) for dev 0!!! v4vip_active_lo:fail to send SOP RTR cmd for port=0Conditions: This symptom is observed on a Cisco IAD2430 series.
Workaround: Reload the router.
•
Symptoms: Calls to a SIP gateway may fail.
Conditions: This symptom is observed on a Cisco router that functions as a SIP gateway when there are escape characters in the user portion of the Request-URI, as in the following example:
INVITE sip:929252175123%23%23@<ip address>:5060 SIP/2.0In this example, the escape character is %.
Workaround: Remove the escape characters from the user portion of the Request-URI.
•
Symptoms: The gatekeeper does not route calls based on the ARQ call identifier.
Conditions: This symptom was observed with a third party application that is registered to a gatekeeper when attempting to use Trunk Group routing.
Workaround: There is no workaround.
•
Symptoms: High-speed modems may fail during a modem passthrough call.
Conditions: This symptom is observed when a high-speed modem is used for a modem passthrough call and when the dejitter buffer is configured to be too large or too small to accommodate the modem traffic.
Workaround: There is no workaround.
•
Symptoms: Multicast packets are not correctly classified by an input Quality of Service (QoS) policy, which causes police, set, and other QoS actions to fail on the multicast packets.
Conditions: This symptom is observed on a Cisco RPM-XF when an input QoS policy is configured on an interface.
Workaround: There is no workaround.
•
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: A Cisco AS5x00 may ignore a service-login attribute and start a PPP session. The Cisco AS5x00 may also start a PPP session when the RADIUS Access-Accept reply contains unknown (that is, unsupported) Framed-Protocol attributes.
Conditions: This symptom is observed when a client uses PAP for authentication.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reload with a bus error with the same address:
System was restarted by bus error at PC 0x606B2BE4, address 0xB0D0C11
Decodes indicate that a PPP problem may be the cause of the symptom.
Conditions: This problem is not platform dependent and may occur with any type of IP PPP connection. This problem is also most likely occur when there is a high volume of call connections and disconnections, for example, when an interface carrying multiple calls flaps.
Workaround: There is no workaround.
•
Symptoms: Prior to Cisco IOS Release 12.2(13)T, the maximum number of links in a multilink bundle was 255. Beginning with Cisco IOS Release 12.2(13)T, the limit was reduced to 64.
Conditions: This symptom is observed on all platforms. If the interface configuration command ppp multilink minimum is present in the configuration with a value greater than 64, the command will be removed from the configuration.
Workaround: There is no workaround.
•
Symptoms: An AAA unique ID may not be freed when a PPP session goes down.
Conditions: This symptom is observed for a legacy PPP session (serial interfaces) but not for a VPDN/PPPoX session.
Workaround: There is no workaround.
•
Symptoms: When a RADIUS accounting record is sent for a PPTP Start, a Cisco NAS may not send the following RADIUS accounting record attributes:
- Tunnel-Client-Endpoint (66) - Tunnel-Server-Endpoint (67) - Tunnel-Assignment-Id (82)
Conditions: This symptom is observed in Cisco IOS Release 12.3(7.8)T.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on a Cisco router that is configured for PPP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5).
Workaround: There is no workaround.
•
Symptoms: With PPP multilink over ATM configured in Cisco IOS, the router may reload with a bus error.
Conditions: This symptom is observed when the PPP over ATM link goes down and is removed from the multilink bundle.
Workaround: Increasing the keepalive interval or retry count, or disabling keepalives altogether, may help to avoid the problem by making it less likely that the PPP over ATM session goes down during periods of instability in the ATM network.
Resolved Caveats—Cisco IOS Release 12.3(7)T3
Cisco IOS Release 12.3(7)T3 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: An IPv6 PIM neighbor may be down after changing the PIM configuration.
Conditions: This symptom is observed when the no ipv6 pim command is entered on some subinterfaces of a physical Ethernet interface and PIM is enabled on several subinterfaces of the same physical Ethernet interface.
Workaround: There is no workaround.
•
Symptoms: A platform may reload when the aaa dnis map dnis-number authentication ppp group server-group-name command is entered.
Conditions: This symptom is observed when aaa dnis map commands are enabled.
Workaround: There is no workaround.
•
Symptoms: Async PPP calls fail on a Cisco AS5850 when an IOS upgrade is performed from 12.3(7)T to 12.3(7)T1.
Conditions: This is seen on a Cisco AS5850 running 12.3(7)T1 and only with async mode interactive. This issue can be service affecting and this is reproducible. The symptom may also occur in Release 12.3.
Workaround: Though not a good solution, configuring async mode dedicated solves the problem.
IP Routing Protocols
•
Symptoms: Previously suppressed prefixes are not automatically installed in the VRF.
Conditions: After VRF reaches max route limit, subsequent prefixes are being suppressed and not installed in the VRF table. After the suppress condition is cleared routes should be put into VRF without any manual intervention.
Workaround: Clear ip bgp.
•
Symptoms: The maximum-paths import number-of-paths command enables a VRF to import additional paths in addition to the bestpath. If the original path of the import path is withdrawn, wrong import paths may be purged. This situation may cause traffic disruption up to 15 seconds.
Conditions: This symptom is observed when the original path of the best import path is withdrawn and the import path is at the end of the path list (that is, the one learned the very first). In this situation, all import paths that are derived from other paths may be purged as well. If the imported net has only import paths, the net may not be reachable until other paths are reimported.
Workaround: Ensure that the import path is at the top of the path list or use the same route descriptor (RD) for all import paths.
•
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:3The entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
•
Symptoms: NAT may remove one byte in the "Entering passive mode" response from the server. This prevents some browsers from opening the data session.
Conditions: This symptom is observed when running Cisco IOS Release 12.3(7)T and later releases.
Workaround: There is no workaround.
•
Symptoms: The mGRE tunnels are not coming up correctly and not passing packets when the router is rebooted. Traceback messages are also seen.
Conditions: This symptom happens when running Cisco IOS Release 12.3(7)T2 and using mGRE and NHRP without IPSec encryption. (Cisco IOS Release 12.3(7)T1 and 12.3(8)T are okay.)
Workaround: There is no workaround. Doing the shut command followed by the no shut command of the mGRE tunnel interface will reset it so that it will work, but after a reboot it will fail again.
•
Symptoms: A router may traceback or crash when unconfiguring channel-group or deleting a subinterface.
Conditions: There are no specific conditions.
Workaround: There is no workaround.
•
Symptoms: An MWAM processor that is running SSG software crashes.
Conditions: This symptom occurs when more than 5000 L2TP service connections are created.
Workaround: Disable logging console.
Miscellaneous
•
Symptoms: When "S: Visual Message Waiting Indicator (VMWI)(+)" is sent to an endpoint that is off hook, and the phone is placed on-hook without making a call, the LED light on the phone does not go on.
Conditions: This symptom is observed on a Cisco 1700 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: On an MPLS label edge router that supports hardware-assisted forwarding (that is, platforms such as the Cisco Catalyst 6500 series, the Cisco 7600 series, the Cisco Catalyst 8540, and the Cisco 12000 series) with multiple outgoing MPLS paths, there could be an inconsistency between the hardware and software MPLS forwarding table.
Conditions: This symptom is observed when you enter the shutdown interface command followed by the no shutdown interface configuration command on one of the outgoing MPLS enabled interfaces or you enter the no mpls ldp interface command followed by the mpls ldp interface configuration command on one of the outgoing MPLS enabled interfaces on an MPLS label edge router that supports hardware-assisted forwarding with multiple outgoing MPLS paths.
Workaround: Enter the clear ip route command for the affected prefix to take down all the paths and ensure that the paths are rebuilt.
•
Symptoms: If a three-level hierarchy service policy is attached to two different interfaces and the policers are removed from the parent class, the policers for the child class are also removed.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: Detach the service policies from the interfaces, and then reattach them.
•
Symptoms: When configuring QoS on a Cisco 7200 series, the router may reload with a bus error. Specifically, the bus error occurs after having entered the no class name command on subinterfaces.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.2(17a). The symptom may also occur in other releases. This behavior is associated to the use of "payload-compression" and Weighted Random Early Detection (WRED) configurations.
Workaround: There is no workaround.
•
Symptoms: Xtag on the LSC connected to the congested PE may go down. This brings the OSPF and LDP adjacency down as well.
Conditions: This symptom occurs when there is congestion on the input process level queue.
Workaround: There is no workaround.
•
Symptoms: When a policy-map attached to a virtual-template is modified, the router may experience a crash.
Conditions: This symptom is observed when the policy-map is attached to the virtual-template interface via the service-policy command.
Workaround: There is no workaround.
•
Symptoms: From a local customer edge (CE) router, you may not be able to reach or ping some prefixes (subnets) on a remote CE router over an Multiprotocol Label Switching (MPLS) network.
Conditions: This symptom is observed in a cell-based MPLS network.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface that is connected to the local CE router. Doing so enables the Border Gateway Protocol (BGP) to run a scan again and repopulates the subnets in the Tag Forwarding Information Base (TFIB).
•
Symptoms: During an initial boot of a Cisco 7301 that has a PA-MC-8TE1+ or PA-MCX-8TE1-M in bay 0, an unexpected reload may occur.
Conditions: The symptom may occur irrespective of whether a regular Cisco IOS software image or a boot software image is present in the bootflash filesystem.
Workaround: Powercycle the Cisco 7301 and reboot platform. The problem only surfaces during the initial boot of the platform.
•
Symptoms: When RxLID is set to 16 or higher, IMA group remains in the down state and shows the NE but no FE in the group.
Conditions: This symptom is observed on an ATM-AIM that is running IMA.
Workaround: Use LID 15 or lower at the remote side.
•
Symptoms: The outgoing VCCI that is programmed in the FIB/TFIB in the PXF for a prefix is wrong.
Conditions: This condition only occurs if the outgoing interface is a cell based interface. This might also occur under extreme stress conditions of xtag flaps/LDP flaps; or if the "cos-map" is modified in the configuration.
Workaround: When this happens, issue the clear ip route command for the affected prefix.
•
Symptoms: Under the right conditions, a Cisco router may crash if a PA driver attempts convert an uncached iomem address to an cached iomem address.
Conditions: This symptom is observed on a Cisco 7200 NPE-G1 series.
Workaround: There is no workaround.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed on a Cisco 7200vxr series that is configured with an NPE-G1 Network Processing Engine
Workaround: There is no workaround.
•
Symptoms: A router might reload abnormally if the clear int sw1 command is executed multiple times while traffic is being passed through the switch interface.
Conditions: The RPM-XF card might reload unexpectedly while issuing the clear int sw1 commands and toggling mpls atm multi-vc on the MPLS subinterface. This happens only when these commands are executed continuously via a test script.
Workaround: There is no workaround.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Symptoms: Multicast traffic is not getting switched correctly.
Conditions: In MVPN setup, when sar reloads or "clear int sw1" command is executed, the outgoing VCCI number for the mroute entry becomes incorrect. Due to this multicast traffic is getting forwarded/switched.
Workaround: Reload the PXF module
•
Symptoms: If MGCP messages that are sent from a gateway are not acknowledged by the call agent, memory corruption may occur on the gateway. This situation may cause the gateway to crash, or unusual or strange behavior may occur.
Conditions: This symptom is observed when the following conditions are met:
–
–
–
Workaround: Increase the values of the number arguments in the max1 retries number and max2 retries number commands in the MGCP profile. The default values should be sufficient to avoid from symptom occurring.
•
Symptoms: A router might reload upon deletion/reapply of policy map.
Conditions: This symptom occurs when deleting and reconfiguring policy map quickly onto an interface. This may cause the router to get reloaded abnormally.
Workaround: Allow some time between configuring policy map and deletion.
•
Symptoms: A Cisco AS5300 may leak memory in the ISDN process.
Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•
Symptoms: The show policy interface multilink <int> output command shows incorrect counts for the DSCP value tabulation at the end of the command output when RTP header compression is enabled under the multilink interface.
Conditions: The incorrect counts are shown with the command only when RTP header compression is enabled. This is only a display issue. However, a missing functionality in the code (support for DSCP based WRED with CRTP enabled) will affect traffic.
Workaround: There is no workaround.
•
Symptoms: During SCR provisioning (changing the bandwidth) on the ePVCs, the RPM-PR (Route Processor Module) PE may crash.
Conditions: This symptom is observed when script based testing is used to change the bandwidth, and the one time crash occurs.
Workaround: Standby card will takeover and resume the operations.
•
Symptoms: PPP users are unable to log into services or PPP SSG user are unable to log in from SESM.
Conditions: When the port-bundle host key feature is enabled on the SSG, if a PPP SSG user logs out and tries to re-login from SESM, the user logon or service logon will fail.
Workaround: Restart the PPP session and user will be able to log into services. Relogin from SESM will also work if the port-map host-key feature is disabled.
•
Symptoms: A software-forced crash dump occurs.
Conditions: This symptom is observed on an RPM-XF router while configuring class and policy maps with no other additional configuration.
Workaround: Do not use policy map.
•
Symptoms: Packets that are sent by the Cisco AS5850 are corrupted.
Conditions: This symptom is observed on calls that are originated from the Cisco AS5850 if VLAN is configured and will cause the Cisco AS5850 to corrupt the packets sent by the Cisco AS5850.
Workaround: Do not configure VLANs if the Cisco AS5850 is originating the calls.
•
Symptoms: eBGP does not load balance traffic.
Conditions: This symptom is observed when iBGP is followed by the eBGP load balancing for the traffic using PXF.
Workaround: There is no workaround.
•
Symptoms: When a gateway switches the codec from a high bandwidth codec (i.e., g711u) to a low bandwidth codec (i.e., g729), if the gateway registered with a gatekeeper and sends a BRQ to the gatekeeper, the gateway may drop the call when it gets a BCF from the gatekeeper.
Conditions: This symptom is observed while running Cisco IOS Release 12.3(7)T.
Workaround: Disable sending a BRQ from the gateway by following configuration:
voice service voip
h323
no ras brq•
Symptoms: A busy tone is not heard when calling from IP to PSTN on E1R2.
Conditions: When calling from IP to PSTN that is connected through E1R2 on a Cisco AS5850, the user does not hear the busy tone when the called phone is busy. When the phone that is called is not busy, a ringback is heard, and the call is completed.
Workaround: There is no workaround.
•
Symptoms: Direct route status is reset to default (OFF) after router is reloaded.
Conditions: After enabling preferred route and direct route on the router, the router was intentionally reloaded to make sure that the configuration was not lost. After the reboot, directRoute was found disabled.
Workaround: Re-enable directRoute under the PVC switch connection.
•
Symptoms: The policy-map output PKT counters and WRED output counters do not match when CRTP is on a multilink interface. In addition, the toaster dequeue count is also incorrect.
Conditions: This symptom is observed when CRTP is enabled on a multilink interface.
Workaround: There is no workaround.
•
Symptoms: Packets received on an SVI interface and going through the router over GRE/IPsec tunnel may get dropped when CEF switching is configured.
Conditions: This symptom is observed on a Cisco 1711/1712 router which has fixed WIC-4ESW WIC and is running Cisco IOS Release 12.3(7)T.
Workarounds:
1. Upgrade to Cisco IOS Release 12.3(8)T.
2. Disable CEF switching.
3. Remove crypto map from interface tunnel and apply again.
•
Symptoms: A software-forced reload may occur on an MGCP gateway that uses embedded messages in the MGCP protocol.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP gateway and is caused by the MGCP embedded message processing.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload due to a memory leak in the process "TCL APP1".
Conditions: This symptom occurs when the router is configured to use TBCT TCL scripts which did not release call leg resource if TBCT call failed.
Workaround: There is no workaround.
•
Symptoms: Mid-call INVITEs that are initiated by a third party user agent server (UAS) may fail on the Cisco GW (UAC).
Conditions: The tag parameter in the From or To header of the INVITE message may be preceded with one or more leading white spaces.
Workaround: There is no workaround.
•
Symptoms: "Assertion failure in ../toaster/rpmxf-rp/rpmxf_mpls.c" message along with traceback is seen in an MPLS-VPN network on RPM-XF.
Conditions: VRF routes are recursive loadshared routes on the PE router. Some of the triggers are shown below:
-when the Route reflector is reset
-PE loses the BGP session with the Route Reflector
-some of the VRF routes are withdrawn.
It should be noted that the above triggers do not always cause the asserts.
Workaround:
-Remove the dual IGP paths so that we will not have recursive loadshared VRF routes.
-Configure "logging rate-limit all 1 except notifications" in order to reduce the amount of assert messages being logged.
•
Symptoms: An NPE-G1 may displays an erroneous parity error message.
Conditions: This symptom is observed on a Cisco 7200 series when the NPE-G1 receives an ECC/bus error.
Workaround: There is no workaround.
•
Symptoms: Prefixes fail tfib verification tests, i.e. "show pxf cpu tfib verify" which reports error incorrectly. Also, CPUHOG can be observed in certain conditions.
Conditions: This condition is seen on RPM-XF cards that are running Cisco IOS Release 12.3(2)T6 image. The problem occurs if there is an eiBGP multipath for any given prefix. CPUHOG occurs only if there is recursive loadsharing for the iBGP path in addition to having eiBGP multipath.
Workaround: There is no workaround.
•
Symptoms: A router may crash.
Conditions: This symptom occurs if NM-CEM-4TE1 and NM-2CE1T1-PRI/NM-1CE1T1-PRI are used on the same router.
Workaround: Do not use NM-CEM-4TE1 and NM-2CE1T1-PRI/NM-1CE1T1-PRI on the same router.
•
Symptoms: The CSCin74482 fix addresses improper encoding of the H.450 callIdentity field. Images with this fix will not interoperate with older images when doing an H.450-2 call transfer.
Conditions: This symptom is observed on gateways that are running older versions on Cisco IOS.
Workaround: There is no workaround.
•
Symptoms: Downstream packets from open garden service may not be properly process switched. DNS packets are process switched in SSG, so the DNS replies may not reach the client.
Conditions: This symptom occurs when an Internet service is bound to the same interface as the open garden service, and an unauthenticated user accesses open garden service.
Workaround: Use pass-thru filters for downstream packets.
•
Symptoms: The MGCP default setting for a minimum jitter buffer size is 4 ms; this setting degrades the voice quality until you configure the setting to be different via the mgcp playout command.
Conditions: This symptom is observed under normal operating conditions.
Workaround: Configure the nominal MGCP default setting for the minimum jitter buffer size to be the same as for H.323 and SIP gateways so that the setting for each individual gateway does not need to be changed via the mgcp playout command.
•
Symptoms: Modem passthrough calls fail with a "Playout Dejitter Mode value" error message and traceback, and a NAK message is generated.
Conditions: This symptom is observed on a Cisco AS5400 access server for every MPT call.
Workaround: There is no workaround.
•
Symptoms: A PXF exception may occur on a Cisco 7200 series that is configured with an NSE-1 or on a Cisco 7401 that has PXF enabled when either of these platforms function as an LNS.
Conditions: This symptom is observed when an L2TP session is established over a VLAN subinterface that has ISL encapsulation enabled and when traffic is processed on this subinterface.
Workaround: Disable PXF by entering the no ip pxf command.
•
Symptoms: 6PE is not present in following images:
c3745-advipservicesk9-mz
c3745-adventerprisek9-mz
c3725-advipservicesk9-mz
c3725-adventerprisek9-mzConditions: This symptom is observed in Cisco IOS Release 12.3(7)T and Release 12.3(8)T.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7204VXR in which an enhanced 1-port ATM OC-3c/STM-1 port adapter (PA-A3-OC3) is installed may reload unexpectedly because of a bus error. However, the cause of the symptom may be a segmentation and reassembly (SAR) chip failure that occurs because of an "Address Error (store) exception".
Conditions: This symptom is observed on a Cisco 7204VXR that is configured for Dynamic Bandwidth Selection (DBS) support when you attempt to modify the VC QoS parameters under high traffic conditions.
Workaround: Shut down the ATM interface before attempting to modify the VC QoS parameters.
•
Symptoms: After running stress scripts and dropping all calls, there are still active vaccess interfaces shown in the output of the show vtemplate command. If the debug ppp negotiation command is enabled, the debugs for the vaccess interfaces continue to repeat themselves.
Conditions: This symptom is observed on a Cisco AS5300 and Cisco AS5400 that run Cisco IOS Release 12.3(6) when the stress scripts automatically enter the shutdown command followed by the no shutdown command on the E1 controllers.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error.
Conditions: This symptom is observed on a Cisco router that has PPP configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Route Switch Processor (RSP) may crash while Multilink PPP (MLP) is running.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5), that is equipped with a VIP4-80 and PA-A3 ATM port adapters, and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(7)T2
Cisco IOS Release 12.3(7)T2 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Interfaces and Bridging
•
Symptoms: A Cisco 7200 (NSE-1) router with bidirectional PPPoA/l2tp traffic unexpectedly reloads.
Conditions: This is observed on a Cisco 7200 (NSE-1) router with bidirectional PPPoA/l2tp traffic when the user tries to remove an ATM interface. This defect happens only with NSE-1.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: Traffic that is processed by a router may be improperly routed to an ESP route.
Conditions: This symptom is observed when the ip nat inside source static esp local-ip interface Loopback0 command is enabled.
Workaround: There is no workaround.
•
Symptoms: The following message is observed: "System returned to ROM by error - a SegV exception, PC 0x80185424."
Conditions: It has been observed that the router crashes with this problem when there is a heavy load of NAT traffic. This issue happens randomly.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco voice gateway may reload while testing Tool Command Language (Tcl) interactive voice response (IVR) voice commands (verb testing).
Conditions: This symptom is observed on a Cisco 3660 that has a main memory size of 128 MB. The symptom may not occur when the main memory size is increased from 128 MB to 256 MB.
Workaround: Increase the main memory size from 128 MB to 256 MB.
•
Symptoms: The performance of a Cisco 7301 may be below what you would expect when traffic of more than 400k pps is sent.
Conditions: This symptom is observed on a Cisco 7301 that runs the c7301-is-mz image of Cisco IOS Release 12.3(4)T1. The performance of a Cisco 7301 that runs the c7301-js-mz image of the same release is much better.
Workaround: There is no workaround.
•
Conditions: A URM card may be in FAILED state on the IGX console, and the boot log may show the following information:
Press RETURN to get started!
%IPC-5-NULL: Dest_Seat Output_fails=0x1, seq = 1
-Traceback= 602790BC 60289DA8 6027D654
Router> 6027DD04 6027D95C 6027DE2C 602823F8 6027C870 6027CCB8 60278A70 602784F8 60456698 6045667C
%IPC-5-REGPORTFAIL: Registering Control Port Id=0x20003 timeout=0x6
-Traceback= 6027C8EC 6027CCB8 60278A70 602784F8 60456698 6045667C
%IPC-5-NULL: Dest_Seat Output_fails=0x7, seq = 1
-Traceback= 602790BC 60289DA8 6027D654 6027DD04 6027D95C 6027DE2C 602823F8
6027C870 6027C938 60456698 6045667C
%IPC-5-REGPORTFAIL: Registering Control Port Id=0x20003 timeout=0x6
-Traceback= 6027C8EC 6027C938 60456698 6045667C
%IPC-5-NULL: Dest_Seat Output_fails=0xD, seq = 1Conditions: This symptom is observed when you boot the URM.
Workaround: There is no workaround.
•
Symptoms: Incoming traffic is not being forwarded.
Conditions: This symptom is observed when WRED is enabled on the output policy map and when you change the value of the exponential-weighting-constant.
Workaround: Enter the clear int sw1 command.
•
Symptoms: A Cisco AS5850 universal gateway may exhibit a small and gradual memory leak in the ISDN process with async calls.
Conditions: This symptom occurs when the calls are brought up on ISDN trunks and the calls fail in the middle of the call setup phase.
Workaround: There is no workaround.
•
Symptoms: Memory fragmentation causes a router to reload.
Conditions: This symptom is observed on a Cisco AS5850 enhanced route switch controller (eRSC) that is running two B channel serial multilink calls, which causes a memory leak in Pool Manager.
Workaround: There is no workaround.
•
Symptoms: Traffic is not forwarded through a newly added CBWFQ class.
Conditions: This problem occurs in cRTP-over-PPP encapsulation when you add a class map to a policy map that is already attached to the VC and when SAR-based CBWFQ is enabled.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: A call proceeding, alerting, or connect-back to the PSTN is not sent, causing a call to be disconnected due to a "Recovery on Timer Expiry."
Conditions: This symptom is observed when overlap receiving is configured on an ISDN interface and the destination is configured to forward all calls.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload occurs when you remove the header-compression configuration from an interface.
Conditions: This symptom is observed when the following conditions are present on the interface:
–
–
Workaround: Shut down the interface during the reconfiguration.
•
Symptoms: Multicast traffic flows use default MDT instead of data MDT for some VRFs.
Conditions: This symptom is seen in a network with Cisco MGX 8850 platforms that have RPM-XF cards that run the rpmxf-p12-mz image of Cisco IOS Release 12.3 T. The Cisco MGX 8850 platforms run software release 4.0(11.201).
Workaround: There is no workaround.
•
Symptoms: A MGX-XF-UI management back card is not detected by a Cisco MGX 8850.
Conditions: This symptom is observed after a hardware upgrade to the MGX-XF-UI management back card. As a side effect of this hardware upgrade, the PXM and Cisco IOS software stop to recognize the MGX-XF-UI management back card in the chassis. When you perform an OIR, the PXM fails to generate the back card insertion trap, preventing the dspcds command from showing any back card present in the slot in which the back card is installed.
Workaround: There is no workaround.
•
Symptoms: A router crashes when a call is disconnected.
Conditions: This symptom is observed when the trunk group command is configured and the call is either forked and the subsequent forked legs answers the call or the callee endpoint sends different tags in 18x and 200 OK to Invite messages.
Workaround: Remove the trunk group command. If the trunk group command cannot be removed, there is no workaround.
•
Symptoms: Debugging a rewrite string is not easy.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) when Parallel Express Forwarding (PXF) forwarding fails while a debugging operation is performed. You may not be able to verify the string rewrite information of the PXF engine easily.
Workaround: Enter the show pxf cpu cef ip- prefix privileged EXEC command and the show pxf cpu rewrite rewrite-index privileged EXEC command to get the string rewrite information. Then, decipher the information.
•
Symptoms: A SIP call does not get connected when the called party answers.
Conditions: This is observed when a SIP call originating in a gateway is forked to more than five locations and the phone that answers is sixth or higher in the fork list.
Workaround: There is no workaround.
•
Symptoms: The output drop counter of the show interface switch1 command is incorrect.
Conditions: This symptom is observed when PXF reloads and when the Switch1 interface has some output drops.
Workaround: There is no workaround.
•
Symptoms: The RPM-XF throughput is reduced when cRTP/cUDP packets are being transmitted from the RPM-XF.
Conditions: This symptom is observed when the RPM-XF is transmitting cRTP/cUDP packets. The reduction in throughput is evident only when the traffic rate of cRTP/cUDP is large and when the system is near its maximum throughput.
Workaround: Reduce the bandwidth used by cRTP/cUDP traffic either by reducing the number of cRTP interfaces provisioned on the RPM-XF or by reducing the bandwidth of the configured cRTP interfaces.
•
Symptoms: A Cisco 1700 series may crash because of an address error.
Conditions: This symptom is observed on a Cisco 1700 series that runs the c1700-k9o3sy7-mz image of Cisco IOS Release 12.3(7)T and that has NBAR configured.
Workaround: There is no workaround.
•
Symptoms: Traffic that matches a priority class may be dropped for one single prefix. However, traffic that matches other classes may pass correctly.
Conditions: This symptom is observed when the MAC rewrite index that is associated with the affected prefix is 0xFFFFE. The output of the show pxf cpu cef prefix command displays the rewrite index (rw_index).
Workaround: If the outgoing interface for the affected prefix is an MPLS interface, enter the clear ip route prefix command.
•
Symptoms: A call comes in from a PSTN phone to a Cisco CallManager that routes the call to a route list that is answered by an IP phone. The IP phone user hits the transfer button once and dials another IP phone. Once the transfer button is pressed a second time, the PSTN caller hears a reorder tone. All devices are within the same region and are using G.711 codec.
Conditions: This symptom is observed with a Cisco IOS gateway running Cisco IOS Release 12.3(7)T and CallManager 4.0.1sr1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1700 series router running Cisco IOS Release 12.3(7)T exhibits an error: it cannot recognize a .vxml extension.
Conditions: This symptom occurs with ipvoice, entservicesk9, and spservicesk9 images.
Workaround: Use a "v8" voice image such as sv8y7, k9o3sv8y7, etc.
•
Symptoms: A Cisco IOS H.323 gateway may experience high CPU utilization at the interrupt level, and a large number of alignment errors may be observed.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(7)T1, that functions as a gateway, and that connects on one side via a T1 PRI to the PSTN and on the other side via H.323 to a gatekeeper cluster. The gatekeepers run Cisco IOS Release 12.2(15)T11.
Workaround: There is no workaround.
•
Symptoms: A nas-port attribute of an accounting record points to an SESM interface rather than to the interface of the host.
Conditions: This symptom occurs under rare race conditions where there are host route changes at the time of the host logon.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: PPP sessions are no longer accepted by a NAS. A PPP debug shows:
"IPCP: Peer address ... in use by ..."Conditions: The problem occurs if all the following conditions are met:
–
–
–
Workaround: Unconfigure the ppp ipcp address unique command.
•
Symptoms: A Cisco router reloads when you enter the show vpdn session id local id hidden command.
Conditions: This symptom is observed on a Cisco 7200 series that functions as a LAC and/or LNS.
Workaround: Avoid entering the above-mentioned command.
•
Symptoms: RTP packets are compressed as NON-TCP packets rather than as RTP-COMP packets.
Conditions: This symptom is observed on a serial interface that is configured for PPP encapsulation via the encapsulation ppp command and that has RTP header compression enabled via the ip rtp header-compression iphc-format command.
Workaround: Do not use PPP encapsulation. Rather, use HDLC encapsulation by entering the encapsulation hdlc command.
Resolved Caveats—Cisco IOS Release 12.3(7)T1
Cisco IOS Release 12.3(7)T1 is a rebuild release for Cisco IOS Release 12.3(7)T. The caveats in this section are resolved in Cisco IOS Release 12.3(7)T1 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Interfaces and Bridging
•
Symptoms: A Cisco 7200 series may reload unexpectedly when spurious memory accesses are generated.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3 when a packet that has Logical Link Control but no Subnetwork Access Protocol (SNAP) header (that is, an IEEE 802.2 packet) is received by a dot1q VLAN subinterface.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may crash.
Conditions: This symptom is observed after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command multiple times on different interfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that runs Cisco IOS Release 12.3(5.13)T may reload because of a bus error. The output of the show version command may show the following:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xYYYYYYYYConditions: These symptoms occur when clear ip nat * is executed on the CLI.
Workaround: Do not perform clear ip nat *.
The following link provides general information about bus errors: http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.shtml
Miscellaneous
•
Symptoms: Entering the no shut command on the PPP interface before VA goes down causes PXF to drop certain packets. This results in being unable to have a successful ping through routes involving such a PPPoA subinterface from a remote node. Arriving ICMP packets are dropped in PXF.
Conditions: This symptom occurs under a PPPoA subinterface if the shut and no shut commands are issued in succession such that no shut is completed before the associated virtual-access goes down.
Workaround: After a shut, wait for the associated virtual-access changed to go down before issuing no shut. If the symptom occurs, go to the subinterface, perform a shut, wait for the associated virtual-access to go down and then perform a no shut.
Further Problem Description: When the node is in this condition, pings originating from the local node and non-ICMP traffic appears to work correctly. Only pings from a remote node would fail.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A router may reload unexpectedly because of a bus error when it accesses a low address during the translation of TCP port 514.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5) and that is configured for Network Address Translation (NAT).
Workaround: Prevent the translation of TCP port 514.
•
Symptoms: When G.168 echo cancellation is enabled, a high echo level may occur during a call.
Conditions: This symptom is observed on a Cisco router that functions as an echo cancel point and that is configured with one of the following voice interface cards (VICs) when the non-linear processor (NLP) is disabled:
- 2-port Foreign Exchange Office (FXO) VIC (VIC2-2FXO)
- 4-port FXO VIC (VIC2-4FXO)
- 2-port Foreign Exchange Station (FXS) VIC (VIC2-2FXS)
Workaround: Enable the NLP.
•
Symptoms: When an ATA disk is formatted on a router that shares ATA-Monlib within its CPU family, any disk-related CLIs may log the following information:
PCMCIAFS-5-DIBERR: PCMCIA disk 0 is formatted from a different router or PC. A format in this router is required before an image can be booted from this deviceConditions: This symptom is observed on a Cisco router that shares ATA-Monlib within its CPU family such as a Cisco 6400 series NSP and a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A provider edge (PE) router may not be able to ping other PE routers or a label switch controller (LSC), nor may other platforms be able to ping the PE router.
Conditions: This symptom is observed on a Cisco MGX platform that is configured with a primary Route Processor Module PRemium (RPM-PR) that functions as a PE router and a secondary RPM.
Workaround: Reset the primary RPM to initiate a switchover to the secondary RPM. The symptom does not occur on the secondary RPM.
•
Symptoms: The caller ID may not be displayed.
Conditions: This symptom is observed when MGCP is configured on a Cisco IAD2420 series with FXS ports that have the cptone dk command enabled.
Workaround: There is no workaround.
•
Symptoms: The output queue of a Gigabit Ethernet port may become stuck, preventing traffic from leaving the interface.
Conditions: This symptom is observed on the Gigabit Ethernet port 0/1 (gig0/1) of a Network Processing Engine NPE-G1 (NPE-G1) that is installed in a Cisco 7200 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Reload the router.
•
Symptoms: ISDN overlap receiving may not function on a Cisco 2600 series.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6) when a custom Tool Command Language (Tcl) script is used.
Workaround: There is no workaround.
•
Symptoms: Tracebacks and %DS_MODEM messages are observed.
Conditions: This occurs during tcpclear stress testing. This may be service impacting as new tcpclear call fails after few minutes of stress testing.
Workaround: There is no workaround.
•
Symptoms: When the NAT transparency feature is on, IPSec+NAT fails with bad packet refcount messages and tracebacks.
Conditions: These symptoms may be observed on Cisco 83x routers running 12.3T images and running IPSec tunnels with hardware crypto.
Workaround: Use software crypto engine or AIM.
•
Symptoms: A VoIP connection trunk that is configured between two voice gateways over an IP link with RTP header-compression (cRTP) enabled may flap periodically. Messages similar to the following may appear:
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is down
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is downConditions: This symptom is observed when two Cisco IOS voice gateways function in connection trunk mode and an IP link between the two gateways is configured for cRTP. On either side of this IP link, the Cisco IOS routers run Cisco IOS Release 12.3 T, such as Release 12.3(2)T or Release 12.3(4)T.
Workaround: Enter the ip rtp coalesce hidden global configuration command on both Cisco IOS routers to stabilize the connection trunk. Note that doing so may increase the CPU utilization. If the implementation of this workaround does not stabilize the trunk, unconfigure cRTP over the affected IP link.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: An ISDN voice gateway may immediately disconnect a call even though a DISCONNECT message with an PI of "8" is received from the ISDN network. Proper behavior would be for the ISDN voice gateway to postpone the release of the call and keep the voice media for a while.
Conditions: This symptom observed on a Cisco router that runs Cisco IOS 12.3(3), 12.3(5), or a later release and that functions as an ISDN voice gateway when calls are initiated and then released from the ISDN network side. The voice gateway is configured with PRI and BRI interfaces and runs SIP and H.323 as the VoIP protocols.
Workaround: There is no workaround.
•
Symptoms: A Cisco 837 series router may encounter memory allocation failures in I/O memory.
Conditions: This symptom is observed on a Cisco 837 series router that is running Cisco IOS Software Release 12.3(2)XA.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: Input cell drops may occur on an ingress frame PVC that is configured on a switch interface. This situation may cause LDP/TDP/OSPF flaps.
Conditions: This symptom is observed when a lot of core traffic enters an ingress PVC that has a larger bandwidth then the egress PVC to which the traffic is routed.
Workaround: There is no workaround.
•
Symptoms: PPPoE session MIB does not work properly.
Conditions: This symptom has been observed in Cisco IOS Release 12.3(3.4) and later releases.
Workaround: There is no workaround.
•
Symptoms: The native Gigabit Ethernet ports of a Cisco 7200 series NPE-G1 or a Cisco 7301 may stop forwarding traffic.
Conditions: This symptom is observed in a stress situation when bursty traffic is received.
Workaround: There is no workaround.
•
Symptoms: SAR crash file does not contain event log information.
Conditions: This symptom always occurs.
Workaround: The event log information should be obtained from the syslog, if one is configured, or the show logging command needs to be executed after a SAR crash is noticed.
•
Symptoms: A "Spurious memory access" error message may be displayed and tracebacks may occur on a Cisco router.
Conditions: This symptom is observed on a Cisco router that functions as a LAC and that runs PPPoE.
Workaround: There is no workaround.
•
Symptoms: H.450 consultation transfer may fail in Cisco CME.
Conditions: This failure may occur if the (XEE) transferee was a forwarded call.
Workaround: There is no workaround.
•
Symptoms: An Easy VPN IPSec tunnel that is configured for RSA may not come up when XAuth is enabled.
Conditions: This symptom is observed on a tunnel that is configured between a Cisco 831 that functions as an Easy VPN remote client and a Cisco 1751 that functions as an Easy VPN server.
Workaround: Disable XAuth.
•
Symptoms: IPv6 multicast packets forwarded over ATM interfaces in routed bridged encapsulation are not received due to an incorrect MAC address in the RFC 1483 header.
Conditions: This problem affects all IPv6 multicast packets forwarded over ATM interfaces configured for IPv6 routed bridged encapsulation.
Workaround: There is no workaround.
•
Symptoms: The exp bit on the topmost label is not changed when the set mpls exp topmost command is configured on the ingress interface of the P router.
Conditions: This occurs with the use of the set mpls exp topmost command on the ingress interface of the P router in a frame-based MPLS network.
Workaround: Use the same command on the PE router egress interface (towards the P router).
•
Symptoms: Caller id does not work if caller-id alerting line-reversal is configured.
Conditions: This symptom has been observed on a Cisco IAD2430.
Workaround: There is no workaround.
•
Symptoms: The SFPs fail in SFP security checking.
Conditions: This symptom occurs when a 2-port Gigabit Ethernet card is used. The problem may also occur with a 2-port POS card if SFPs are used.
Workaround: There is no workaround.
•
Symptoms: When issuing the show pxf cpu rewrite verification x.x.x.x command, you receive an error message stating that the "Channel id in the Sar header is non-zero (x) for MVC."
Conditions: This symptom has been observed in a cell-based MPLS VPN network with multi-VC if the first label (IGP label) value is greater than 0xF.
Workaround: There is no workaround. Ignore this message and verify that the channel id is correct by executing the sh pxf cpu cef <prefix used toverify> and sh pxf cpu rewrite <rw_index>.
•
Symptoms: Checksum errors are reported on cRTP traffic streams.
Conditions: This symptom occurs under cRTP traffic flow.
Workaround: There is no workaround.
•
Symptoms: Connection addition fails between RPM-XF and MPSM.
Conditions: This symptom occurs if the master end of the connection is on XF and the other end's VPI > 255.
Workaround: There is no workaround.
•
Symptoms: You cannot delete a trustpoint, and the following error message is generated on the router:
% The trustpoint appears to be in use. Unable to remove this trustpointConditions: This symptom is observed after IKE negotiation; the trustpoint is locked.
Workaround: Reload the router and remove the trustpoint before IKE negotiation.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error.
Conditions: This symptom was observed on a router with Session Initiation Protocol running.
Workaround: There is no workaround at this time.
•
Symptoms: A Cisco IAD2420 series responds to a RQNT with "R: L/hd(N)" with a "519 161233591 No digit map available" answer, which causes the call agent to take the endpoint out of service.
Conditions: This symptom is observed in a normal call flow.
Workaround: There is no workaround.
•
Symptoms: Packets on cRTP-enabled PPPoA interfaces that match classes other than "class-default" will be dropped.
Conditions: ATM sar-based-cbwfq should be enabled, and an output service policy must be applied.
Workaround: Either disable atm sar-based-cbwfq or remove output service policy from the PPPoA interface.
•
Symptoms: A RPM-XF crashes while debugging the PXF using ftctrace.
Conditions: Traffic should be flowing on a cRTP enabled interface. The UDP packet data length should be 0.
Workaround: There is no workaround.
•
Symptoms: MPLS forwarding may stop.
Conditions: This symptom is observed under the following conditions:
- When you change a COS map or prefix map.
- When you change an IP access list.
Workaround: There is no workaround.
•
Symptoms: Stale MPLS COS per-route entries may be left behind.
Conditions: This symptom is observed after the route disappears from the routing table in cell mode multi-VC network.
Workaround: There is no workaround.
•
Symptoms: A Fast Ethernet 100BASE-TX port adapter on an RPM-PR may stop receiving burst traffic packets.
Conditions: This symptom is observed on a FE RPM-PR Backcard.
To identify this problem, the output of the show interface fastethernet command shows no input packets and all packets as overrun:
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 100000 bits/sec, 106 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 263523 overrun, 0 ignoredThe output of the show controllers command for the Fast Ethernet interface shows high numbers for "rx_fifo_overflow" and "throttled":
throttled=5352, enabled=5352, disabled=0 rx_fifo_overflow=434500, rx_no_enp=0, rx_state=0
Workaround: There is no workaround. To clear the symptom, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Fast Ethernet interface.
Further Problem Description: In the output of the show controllers command for the Fast Ethernet interface, locate the value for CFRV. If the last byte is either 0x20, 0x21, 0x22, or 0x23, the Fast Ethernet is susceptible to the symptom.
•
Symptoms: The ssh -l test 10.136.33.15 command causes a router to crash with the following bus error:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60ABDC4C, sp=0x65A1C980
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60ABDC4C, sp=0x65A1C980
Unexpected exception, CPU signal 10, PC = 0x0Conditions: This has been observed with a Cisco 3745 router.
Workaround: There is no workaround.
•
Symptoms: An uncorrectable ECC parity error may occur on a Cisco 7200 series that is configured with an NPE-G1.
Conditions: This symptom is observed rarely when you enter the show sysctlr or the show tech command on the NPE-G1.
Workaround: Do not enter the show sysctlr or the show tech command.
•
Symptoms: S,G entries are not being created in the core.
Conditions: This symptom occurs in a MVPN setup in a large MPLS network that includes dual P routers.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: When making outbound calls, softkeys on IP phones are not updated (e.g Hold/Transfer or not shown). The call seems to be connected and both ends can talk to each other. Looking at the H.323 signaling, it seems the Q.931 Connect message is not being mapped to a H.225 connect (towards CallManager).
Conditions: This symptom occurs under CallManager integration with an H.323 Gateway that is running Cisco IOS Release 12.3(7)T.
Workaround: There is no workaround.
•
Symptoms: CEM channels configured with clock rates less than or equal to 12000 bps experience higher than expected delay. For example, a 2400 bps channel with a payload size of 13 bytes had a delay of 700 ms against an expected delay of approximately 130 ms.
Conditions: This is observed with CEM channels configured with clock rates less than or equal to 12000 bps.
Workaround: There is no workaround. Reducing the payload size would improve the situation at the expense of increased bandwidth requirement.
•
Symptoms: A compressed packet from XF is rejected by the RPM-PR as a CRC error.
Conditions: The microcode was reloaded while passing traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 SSG hangs when accepting http-proxy web-login users.
Conditions: This hang has only been observed during web-proxy users logon to SSG.
Workaround: There is no workaround.
•
Symptoms: Alignment tracebacks are seen in the interrupt packet processing path.
Conditions: This symptom occurs when sending traffic at a high rate while the user activation is taking place.
Workaround: There is no workaround.
•
Symptoms: Protocols flap when the non-ATM (POS or GigE) interfaces are congested by high traffic.
Conditions: This symptom occurs under the following conditions:
1. A POS or GigE card is used, and control protocols such as LDP are configured over that interface.
2. The class-default queue on the interface is congested and dropping packets.
Workaround: There is no workaround.
•
Symptoms: Changing any IP access control list (ACL) may cause a walk of all LC-ATM prefixes.
Conditions: This symptom is observed on a router configured with an LC-ATM Multi-VC when the changed ACL is not related to the Multi-VC.
Workaround: There is no workaround.
•
Symptoms: A voice call may fail on an IP-to-IP gateway.
Conditions: This symptom is observed if a voice call is received with codec g723ar53 or g723ar63 capabilities.
Workaround: Use different codec on originating and terminating gateways if possible.
•
Symptoms: PXF buffers are leaked.
Conditions: The configuration is overloaded such that the limits of the system are exceeded. In particular, the queue sizes of the interfaces are defined such that the total number of packet descriptors required to support such a configuration exceeds 2M.
Workaround: Reduce the configuration.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed on a Cisco 7200vxr series that is configured with an NPE-G1 Network Processing Engine
Workaround: There is no workaround.
•
Symptoms: A Label Switch Controller (LSC) may reload unexpectedly with a software-forced crashed. An error similar to this one followed by a traceback can be seen:
%SYS-2-BADSHARE: Bad refcount in mem_lock, ptr=628371F8, count=0Conditions: This symptom is observed when you enter the show mpls atm-ldp bindings path command to display LVC path information while network changes such as interfaces flaps or prefix flaps are occurring.
Workaround: There is no workaround.
•
Symptoms: LC-ATM-enabled subinterface on a PE router stays in "not ready" state when viewing the LDP session to the LSC using the show mpls ldp discovery command. The shutdown interface command followed by the no shutdown interface command will not clear the problem when performed on either the LC-ATM subinterface on the PE or the Xtag interface on the connected LSC.
Conditions: The interface stays in "interface not LDP ready" state when there exists a stray LVC on the switch interface. The PE reaches this state after multiple LDP flaps.
Workaround: The condition may be cleared by entering the clear ip route prefix command where prefix is the local loopback address for the LC- ATM subinterface. This will cause all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, causing a brief customer outage. This workaround should only be used if no alternate path exists for MPLS traffic towards this device (i.e., a redundant LC-ATM subinterface). After using this workaround, user should confirm that the expected number of LVCs has been re- established with the output of the show mpls atm summary command. If bindings are not successfully re-established, repeat the clear ip route prefix command, or reload the router.
Reload of the router will remove the stray LVC and bring the LDP session on the PE's LC-ATM subinterface back to normal state.
•
Symptoms: Starting on Multicast traffic on the CE puts the PXF on the PE in a loop sometimes. LDP/BGP/OSPF all go down and there is no data continuity.
Conditions: The MAC rewrite index for an OIF of (S,G) entry is longer than 4 nibbles.
Workaround: Reload the card and verify if the indices are shorter than 4 nibbles.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
•
Symptoms: TCCS clear-channel codec calls may not go through. The trunks may be up but the signaling information may not be communicated.
Conditions: This symptom is observed only when a medium complex codec is configured.
Workaround: Use a high complex codec, or use stun encapsulation for the D-channel.
•
Symptoms: PPPoE sessions cannot be established on VCs that have received non-PPPoE SNAP encapsulated frames (like RBE).
Conditions: This symptom is observed on a Cisco platform that functions as a LAC, that runs Cisco IOS Release 12.3(4)T1, Release 12.3(7)T, or a later release, and that is configured with RBE and autoPPP encapsulation. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: The ISAKMP profile on a crypto map head may not take effect.
Conditions: This symptom is observed when the crypto map is not configured on any of the interfaces and you configure the ISAKMP profile on the crypto map head. This symptom occurs in Cisco IOS Release 12.3(5), Release 12.3(7)T, and later releases.
Workaround: Apply the crypto map on the interface and then configure the ISAKMP profile on the head.
•
Symptoms: VJ header compression though successfully negotiated with the peer during PPP does not work for downstream data for a Mobile IP service when CEF switching is enabled on the box.
Conditions: This symptom occurs on a Cisco router running PDSN software 12.3(7)T version, for a Mobile IP service when CEF switching is enabled on the box.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: L2TPv2 tunnels with active PPPoX sessions may go down. When you enter the vpdn debug error command, you can see that the LAC or LNS is resending L2TP control messages that the other side does not acknowledge.
Conditions: This symptom is observed primarily in scaled environments with more than 10,000 PPPoX sessions over more than 500 L2TP tunnels.
Workaround: There is no workaround.
•
Symptoms: A TCP connection fails to come up.
Conditions: This problem happens when the peer does confack for VJ header compression and does not configreq for VJ compression. PDSN should not have sent VJ compressed packets unless it acknowledged the peer's configreq for VJ compression. But is sending VJ compressed packets and causing the TCP connection to fail to come up.
Workaround: Either configure to reject VJ compression at the peer or unconfigure VJ compression at PDSN.
•
Symptoms: No busy tone may be heard on an IP phone.
Conditions: This symptom is observed when an IP phone calls a busy number on the PSTN and when the gateway receives a DISCONNECT message with a "Network Specific Facilities" IE from the PSTN but send a "Mandatory IE missing" message to the Cisco CallManager.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(7)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(7)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(7)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router may crash when an AAA user profile name of more than 63 characters is entered.
Conditions: With a long user profile name as described above, the router crashes when a show run command is entered.
Workaround: Use profile names of fewer than 70 characters.
•
Symptoms/Conditions: CDP functionality is not included in VG224 images.
Workaround: There is no workaround.
•
Symptoms: When the Service Assurance Agent (SSA) jitter probe is run with the codec option, Impairment/Calculated Planning Impairment Factor (ICPIF) and mean opinion score (MOS) calculations may not occur if there is packet loss in the network.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: It is not possible to configure cell-based Multiprotocol Label Switching (MPLS) because extended-port command arguments do not exist.
Conditions: This symptom is observed on Cisco Route Processor Module (RPM) and MGX RPM (RPM-XF) platforms when the extended-port interface configuration command is entered when trying to extend the XTag interface.
Workaround: There is no workaround.
IBM Connectivity
•
Symptoms: Asynchronous Point of Sale (APOS) to IP (APIP) conversion does not properly switch from the primary host to the alternate host when the primary host is unreachable.
Conditions: This symptom occurs when the APOS connection attempts do not succeed after sending out a "no carrier" string to the attached POS device until after the original active open times out, which occurs after 30 seconds.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco AS5850 may go into a loop and keep displaying the running configuration of the router. The console may not recover when you enter Ctrl- C. This may cause the console to become unavailable.
Conditions: This symptom is observed on a Cisco AS5850 when the do show running-config command is entered in router configuration mode.
Workaround: Exit router configuration mode prior to viewing the running configuration. Instead, enter the show running-config command in privileged EXEC mode.
•
Symptoms: A Cisco 7200 series router with an ATM-PA-A3-OC3/E3/DS3 port adapter reloads if IP Version 6 (IPv6) traffic is being received on an ATM interface during the booting of the Cisco 7200 series router.
Conditions: This symptom occurs only if IPv6 packets are being received on any ATM-PA-A3 port adapter on a Cisco 7200 series router.
Workaround: Shut down the ATM interface before reloading the router, and bring the interface up once the router has booted up.
IP Routing Protocols
•
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at '^' marker.
exit-address-family
^ % Invalid input detected at '^' marker.
exit-address-family
^ % Invalid input detected at '^' marker.The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom is not observed in Cisco IOS Release 12.3.
Workaround: Reenter the configuration that was present before the router reloaded.
•
Symptoms: A router may reload, or spurious access errors may occur on a Cisco router.
Conditions: This symptom is observed on all Cisco platforms when Border Gateway Protocol (BGP) IP version 6 (IPv6) is enabled.
Workaround: There is no workaround.
•
Symptoms: A router may experience a race condition that may cause the router to pause indefinitely when the router reloads.
Conditions: This symptom is observed on a Cisco router under the following conditions:
- A non-VPN routing/forwarding (VRF) Open Shortest Path First (OSPF) process is parsed.
- A VRF OSPF process is parsed, but no router ID is available for the process.
Workaround: There is no workaround.
•
Symptoms: Cisco IOS software changes in Network Address Translation (NAT) code may punt fragmented packets that are received on a NAT outside interface to process-switching paths. This may cause high CPU usage in an environment with many fragmented packets.
Conditions: This symptom is observed on any Cisco platform that is running Cisco IOS Release 12.3(3.9)T2 when the ip nat outside source global configuration command is configured on an interface.
Workaround: There is no workaround.
•
Symptoms: The Multiprotocol BGP (MBGP) feature does not function when a router is configured as a Border Gateway Protocol (BGP) route reflector.
Conditions: This symptom is observed when a BGP peer group has been enabled and then the MBGP feature is added.
Workaround: Reset the BGP peer group by removing the peer group configuration and adding it back.
•
Symptoms: Routes on a provider edge (PE) router may take almost 10 minutes to propagate through a network because Border Gateway Protocol (BGP) remains in read-only mode for a long period of time.
Conditions: This symptom is observed on a Cisco router that functions as a PE router and that is a BGP peer to other PE routers. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCeb54512. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Systems: When a "STATIC NAT" entry is created without the extendable keyword, the configuration stored in the NVRAM has an extendable keyword added to the NAT entry.
Conditions: This symptom is noticed only in Cisco IOS versions from 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience the following error messages:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt levelfollowed by
SYS-2-MALLOCFAIL: Memory allocation failedConditions: This occurs when the NAT MIB is polled via SNMP.
Workaround: There is no workaround.
•
Symptoms: A router will crash with memory corruption when the following commands are entered:
Interface commands:
ipv6 mld join-group <group> source-list <acl>
ipv6 en
no shutOr
Interface commands:
ipv6 mld static-group <group> source-list <acl>
ipv en
no shutglobal command:
ipv multicast-routingConditions: This happens when <acl> is not yet defined:
ipv6 mld join-group <group> souce-list <acl>
ipv6 mld static-group <group> source-list <acl>Workaround: Define the ACL first before configuring the mld static-group/join-group command.
Alternative workaround: Enable IPv6 and unshut the interface before configuring the mld join-group command. Or, enable IPv6 and unshut the interface and configure ipv6-multicast-routing before the mld static-group command.
•
Symptoms: A 2610XM may log the following message:
%SYS-2-INTSCHED: 'may_suspend' at level 3 -Process= "IP NAT Ager", ipl= 3, pid= 118 -Traceback= 80507F58 81310988 80CC14F8 80CD4F80 80CBAD30 80CBAD90 81321684 80CBB048 80504118 805085E0While reporting slowness on the network.
Conditions: This symptom is observed on a router configured with PAT, running 12.3(4)T with a high number of NAT entries (+2500).
Workaround: Not known at this time.
•
Symptoms: When the following CLI sequence is configured, the router may run into a race condition and crashes:
router ospf 100
router ospf 1000 vrf vrf name
then
no router ospf 100
router ospf 1000
no router ospf 1000
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(4)T and later releases. A configuration script with the above CLI sequence is run on the router.
Workaround: There is no workaround.
•
Symptoms: Entering the command neighbor x.x.x.x prefix-list XYZ out under address-family nsap may cause a crash.
Conditions: This applies to Cisco IOS Release 12.3T only.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) routes that are learned from an IS-IS interface may not be added back to a Routing Information Base (RIB).
Conditions: This symptom is observed on a Cisco router with an interface that is running IS-IS after you enter the shutdown interface configuration command followed quickly by the no shutdown interface configuration command.
Workaround: Enable "ip routing protocol purge interface" on the router.
•
Symptoms: A router may experience an unexpected exception and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address addr=0x8F8, pc=0x60ABEF00, ra=0x60ABEE74, sp=0x63943CF8Conditions: This symptom is observed on a Cisco router after the following global configuration commands are entered: router isis redistribute maximum-prefix threshold
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: If a Cisco router running Gateway GPRS Support node software (GGSN) receives a Create PDP context request with faulty IPCP options in protocol configuration options (PCO) information element, there is a possibility of a reload.
Workaround: There is no workaround for this problem.
Conditions: This is a rare circumstance and only encountered if such a malformed Create PDP context request is received by the GGSN. The PCO IE in the create request packet should have IPCP options with code as 0 and length as 0 for this problem to occur. This is a rare situation because SGSN would validate this information element before sending the create request to the GGSN.
•
Symptoms: The output from the show policy-map interface interface-name EXEC command does not display the correct dropped counters and drop rate.
Conditions: This symptom is observed when a policy map is applied to the subinterface of a Cisco MGX Route Processor Module (RPM-XF).
Workaround: Use the show hardware pxf cpu que interface privileged EXEC command to get the proper drop count.
•
Symptoms: If a Gigabit Ethernet (GE) interface back card has an initialization failure, further configuration on the card may cause the front card to reboot.
Conditions: This symptom is observed on a Cisco router if the GE back card initialization fails, and loading the startup configuration or manual configuration changes the uninitialized GigE back card configuration.
Workaround: There is no workaround.
•
Symptoms: When you add or configure a permanent virtual circuit (PVC) for a range of bandwidths, the actual bandwidth that is allocated is a value that is lower than requested. For example, if you add a PVC with a peak cell rate (PCR) equal to the sustainable cell rate (SCR) of 542,000 kbps, the effective rate is 500,000 kbps.
Conditions: This symptom is observed when the requested bandwidth does not match any entry in the internal table. The bandwidth is then rounded off to the nearest lower value.
Workaround: Add the PVC with a higher bandwidth. For example, add the PVC with a PCR value of 550,000 kbps to get the effective rate of 542,000 kbps.
•
Symptoms: Packet Data Serving Node (PDSN) sends a Link Control Protocol (LCP) Termreq after sending an A11 RP update. In a normal termination procedure of a session, an LCP Termreq should be sent followed by an A11 RP update.
Conditions: This symptom is observed when a session is torn down after PPP is up.
Workaround: There is no workaround.
•
Symptoms: MWAM processors are reloaded when receiving traffic at 100% CPU.
Conditions: This system has occurred while sending downstream traffic at 100% CPU on all 4 processors in a cluster.
Workaround: Reduce the CPU from 100% to 90%.
•
Symptoms: The IUA/SCTP configured gateway does not respond correctly to the Q.931 call setup messages sent by the Call Agent, and the call does not get connected.
Conditions: This symptom occurs when making a Q.931 call through an IUA/SCTP configured gateway.
Workaround: There is no workaround.
•
Symptoms: Small packets may be dropped when CEF is enabled. This situation may cause encryption or description failures for packets with a certain packet size.
Conditions: This symptom is observed when packets are switched on any interface via CEF or fast switching. The symptom affects packets with a small size (for example, 36 or 37 bytes).
Workaround: There is no workaround.
•
Symptoms: When header compression is configured on an interface that is in fast switching or Cisco Express Forwarding (CEF) mode, header compression does not occur.
Conditions: This symptom is observed only on certain T1 controllers because of a driver support issue.
Workaround: Configure process switching on the interface, and header compression does occur.
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: Interim accounting update packets are sent for all the Active Services by SSG to the AAA server as per the "SSG accounting interval" configured. These packets need to be sent within a drift of 1 sec from the "Accounting Start" timestamp.
Conditions: It was observed in SSG that over a period of time (5 - 10 hours) with an interval of 10-15 mins, the drift between Start to Interim was up to 10 secs.
Workaround: There is no workaround to this problem.
•
Symptoms: Voice calls are hung after several hours of a voice call stress test.
Conditions: This symptom is observed on a Cisco router in a voice call stress test of an extended duration (5 to 6 hours). The router is configured with Media Gateway Control Protocol (MGCP) channel-associated signaling (CAS) and has two Digital Signal 3 (DS3) port adapters that are full of voice calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 router reloads.
Conditions: The reload occurs during a warm reboot on a Cisco 3660 router that is running Cisco IOS Release 12.3(2)T2.
Workaround: Use cold reboot.
•
Symptoms: Ethernet over Multiprotocol Label Switching (EoMPLS) packet forwarding may stop.
Conditions: This symptom is observed when you configure an IP address on the EoMPLS interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the EoMPLS interface.
•
Symptoms/Conditions: If the connection to the LNS fails (due to LNS Reboot or redundant LNS-Failover) the SSG needs a long time to send L2TP HELLO packets to tear down control connection and reestablish the tunnel to the redundant LNS. During this period, quite a few L2TP-HELLOs are sent to LNS.
Workaround: There is no workaround.
•
Symptoms: The Alarm Interface Controller (AIC) network module is not recognized by a Cisco 3745 router.
Conditions: This symptom is observed on a Cisco 3745 router that is running the c3745-adventerprisek9-mz image of Cisco IOS Release 12.3(4)T. The AIC network module is recognized on a Cisco 3745 router that is running the c3745- sz-mz image of Cisco IOS Release 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: When Cisco IOS Firewall Session Initiation Protocol (SIP) inspection is configured, spurious memory access errors may be generated by the router when a SIP endpoint registers with an external proxy.
Conditions: This symptom is observed on a Cisco 3725 router or a Cisco 2691 router that is running a Cisco IOS Release 12.3(4)T adventerprisek9-mz image, but is not platform specific. Calls are not affected.
Workaround: There is no workaround. The defect has been corrected by eliminating improper memory access operations.
•
Symptoms: An audible noise is present when the phone goes off-hook on a Foreign Exchange Service (FXS) port.
Conditions: This symptom is observed for any call made to an FXS phone.
Workaround: Disable caller ID under the FXS voice port.
•
Symptoms: A Cisco router reloads when you perform a Parallel Express Forwarding (PXF) microcode reload.
Conditions: This symptom is observed when a large number of label virtual circuits (LVCs) are present in a cell-based Multiprotocol Label Switching (MPLS) network.
Workaround: There is no workaround.
•
Symptoms: The following error message appears on an MGX Route Processor Module (RPM-XF):
ERR: Error in traffic parameters (dcmp)
Conditions: This symptom is observed when setting up a connection with a slave- end switch interface in the down state with a variable bit rate (VBR)-type connection and a default maximum burst size (MBS). The error occurs because of MBS and random MBS (RMBS) problems.
Workaround: There is no workaround.
•
Symptoms: A Layer 2 Tunneling Protocol version 2 (L2TPv2) session is not established when voluntary tunneling is configured on a router.
Conditions: This symptom is observed when voluntary tunneling is configured on a client and a virtual private dial-up network (VPDN) is configured on a Cisco L2TP network server (LNS), and both the VPDN and LNS have corresponding usernames and passwords. The symptom may occur because the Subscriber Server Switch (SSS) Manager sends a client disconnect after it receives a response for an Xconnect L2TP service request.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 router doesn't allow more than 300 VRFs to be configured. The error message displayed is:
Router(config)# ip vrf v301 % Can't create VRF v301Conditions: 300 VRFs are already configured.
Workaround: There is no workaround.
•
Symptoms: A provider edge (PE) router may not execute a VPN routing/forwarding (VRF) ping to some prefixes of a remote customer edge (CE) router, and packets are not forwarded on the remote PE router.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) that has external/internal BGP (eiBGP) multipath load balancing enabled.
Workaround: Disable the toaster on the Cisco RPM-XF.
•
Symptoms: Corruption of packets may occur on a Cisco MGX Route Processor Module (RPM-XF).
Conditions: This symptom is observed when the RPM-XF is used to decompress IP Header Compression (IPHC) packets that contain IP options, and the configured maximum number of compression connections exceeds 256.
Workaround: Use the ip rtp compression-connections number interface configuration command to make the maximum number of compression connections less than or equal to 256.
•
Symptoms: After an Xtag flap, the tag control process cause high CPU utilization for a long time.
Conditions: This symptom has been observed when the Xtag interface goes down and comes up.
Workaround: There is no workaround.
•
Symptoms: No PPPoES sessions are created while testing for idbless_vlan_for_pppoe This occurs when protocol pppovlan dot1q 80 group groupname is enabled on the ATM subinterface and authentication is through the radius server.
Conditions: This problem is noticed in the following conditions. For PPPoEoVLAN over Ethernet media, if vlan-id dot1q <1-4095> is configured on the PPPoE server on the interface mode, and if the maximum number of PPPoE sessions as specified in the sessions per-vlan limit configuration under bba-group are requested from the client, then the maximum number of PPPoE sessions as per the configuration are established over a VLAN (802.1Q) with the specified <vlanid> for this interface.
It occurs while testing for dot.1Q encapsulated Ethernet frames being carried in RFC-1483 encapsulated ATM frames. There is a requirement to support PPPoE traffic from different LANs multiplexed over the same ATM PVC
Workaround: There is no workaround.
•
Symptoms: High CPU utilization is observed on a Cisco MGX Route Processor Module (RPM-XF).
Conditions: This symptom is observed on the RPM-XF under any of the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptoms: In a Cisco Packet Data Serving Node (PDSN), the crypto map under the physical interface may be removed when a mobile IP session is brought down. This may be verified by entering the show crypto map mymap EXEC command.
Conditions: This symptom is observed when the PDSN is configured for CLI-based IP Security (IPSec).
Workaround: There is no workaround.
•
Symptoms: High CPU utilization (97 percent to 100 percent) is observed on a provider edge (PE) RPM-XF router, in a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Conditions: This symptom is observed on an RPM-XF PE router when multiple virtual circuits (VCs) are configured. The label virtual circuit (LVC) between this PE and the remote PE is deleted because a Label Distribution Protocol (LDP) flap occurs on either this PE or the remote PE. The symptom can also be triggered if the MPLS subinterface is shut down on the local or remote PE. The local PE also has a memory leak in the MGX Route Processor Module (RPM-XF) class of service (CoS) bindings tree. Because of this leak, nodes (RPM-XF RP AVL nodes) are not removed from the tree when the VPN routing/forwarding (VRF) prefixes are removed. This results in extremely deep approved vendor list (AVL) trees.
Workaround: There is no workaround.
•
Symptoms: Traffic may not go through a Layer 2 Tunneling Protocol version 3 (L2TPv3) tunnel when the provider edge (PE) router to customer edge (CE) router connection is a Gigabit Ethernet (GE) VLAN.
Conditions: This symptom is observed on the GE ports of a Cisco G1 Network Processing Engine (NPE-G1). Traffic reaches the router as indicated by the GE interface counters but the traffic does not get switched.
Workaround: There is no workaround. Currently, the GE port of an NPE-G1 does not support L2TPv3.
•
Symptoms: High CPU utilization or CPUHOG messages may be observed on a Cisco router after an access list is applied or removed.
Conditions: This symptom is observed in a cell-based network where the provider edge (PE) router has over 700 label virtual circuits (LVCs) and stores more than 75,000 Border Gateway Protocol (BGP) prefixes. When the access list is configured to deny a few Interior Gateway Protocol (IGP) prefixes, high CPU utilization or CPUHOG messages may occur.
Workaround: There is no workaround.
•
Symptoms: The router unexpectedly reloads at sb_timer_intr_handler.
Conditions: This symptom is observed on a Cisco 7300 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: The output from the show interfaces tunnel 1 privileged EXEC command does not display any traffic statistics even though multicast (mcast) traffic is being received.
Conditions: This symptom is observed on an mcast-enabled Virtual Private Network (VPN) that is receiving mcast traffic. The amount of traffic being received is visible in the output of the show ip mroute privileged EXEC or user EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) Virtual Switch Interface (VSI) slave sends unused and reserved service categories in the VSI load information to the MPLS VSI master.
Conditions: The unused and reserved service categories information is always sent as part of the VSI load information in connection commit response and connection delete response.
Workaround: There is no workaround.
•
Symptoms: When a Cisco Internet Telephony Services (ITS) phone transfers a call to another ITS phone that has a call forward no answer (CFNA) transfer to Voicemail (VM) condition set up, the call transfer may be unsuccessful under certain conditions.
Conditions: The call transfer is unsuccessful if the CFNA timeout is too short and/or the transferrer does not commit the transfer immediately.
Workaround: Set the CFNA timeout to 10 seconds. The transferrer should hang up immediately (within a ring or two) after the call is transferred to the transferee.
•
Symptoms: A Cisco router with the SSG application may reload.
Conditions: This problem has been observed with a Cisco MSID access request and when the access accept from a AAA is delayed and/or the access response doesn't contain CDMA Realm.
Workaround: There is no workaround.
•
Symptoms: When a 16-port Asynchronous/Synchronous Network Module (NM-16A/S) card is inserted in the chassis of a Cisco 3745 router and the show tech command is issued, the router reloads.
Conditions: This symptom is observed on a Cisco 3745 router that is running Cisco IOS Release 12.3(2)T. When the NM-16A/S card is removed from the Cisco 3745 router and the show tech EXEC command is entered, the symptom is not observed.
Workaround: There is no workaround.
•
Symptoms: When a terminating gateway receives a "disconnect PI" message, it may not send the message along to the originating gateway.
Conditions: This symptom is observed when an enhanced session application is configured on the inbound dial peer of the terminating gateway.
Workaround: Configure "appl default.c.old" or a Tool Command Language (Tcl) interactive voice response (IVR) application (for example, "appl session").
•
Symptoms: A T1 controller configuration may be lost on a Cisco router.
Conditions: This symptom is observed when a user migrates to Release 12.3(4)T. The T1 controller is not the default controller in this Cisco IOS release.
Workaround: There is no workaround.
•
Symptoms: The facility message is dropped by the terminating gateway and is not received by the originating gateway.
Conditions: This symptom is observed when the enhanced default session application is configured on the incoming dial peer of the terminating gateway. The facility message arrives before the call connection is established.
Workaround: Instead of using the enhanced default session application, configure "default.c.old" or an interactive voice response (IVR) version 2.0 application such as "session."
•
Symptoms: The Ascend-Connect-Progress attribute was missing from the start record for the PPPoE test. There is no such problem for BRI-to-PRI and Async-to-PRI tests.
Conditions: This symptom is observed in Cisco IOS Release 12.3(4)T2.
Workaround: There is no workaround.
•
Symptoms: On 450 enabled endpoints, when transferring a local IP phone that is configured for CFNA to another phone or to VoiceMail, the transfer will be unsuccessful if transferor does not hang up immediately after the transfer.
Conditions: In the following configuration, the transfer will be unsuccessful if the CFNA timeout is very small and the XOR does not hang up (commit the transfer) immediately:
IP phone(xee)----IP phone(xor)----IP phone(CFNA to VM or another phone)Workaround: Increase the CFNA timeout to 10 seconds, and the XOR should commit the transfer after one ring (or as soon as possible).
•
Symptoms: A VIC-2BRI-NT/TE is unable to loopback.
Conditions: The loopback command under the interface BRI x/y fails to put the BRI interface into a loopback when a VIC2-2BRI-NT/TE is plugged into an NM-HD network module. This is observed in a 12.3(4)T2 image.
Workaround: There is no workaround.
•
Symptoms: A VIC2-2BRI-NT/TE on NM-HD responds to layer 1 activation slowly. This causes the failure of TTCN CPF4Tlayer2 test.
Conditions: This was observed in 12.2(3.9)T2 image.
Workaround: There is no workaround.
•
Symptoms: A call consultive transfer does not function correctly when a transferee (XEE) sends an on-hold invite message to the transfer target (XTO) after the XTO commits the transfer.
Conditions: This symptom is observed when a Session Initiation Protocol (SIP) IP phone acts as the transferrer (XOR) and the XEE sends the on-hold INVITE message to the XTO and the call transfer fails. The XTO sends a refer message to the XEE and receives the 202 (accepted) response message but does not receive a notify message.
Workaround: There is no workaround.
•
Symptoms: The following Virtual Switch Interface (VSI) traceback may be observed on a Cisco router:
Vsi Major Alert: VsiErr:TCB Buffer Allocation Error, 0x500EConditions: This symptom is observed on a Cisco router in certain error situations in which Transaction Control Blocks (TCBs) are not freed.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) may reload when you enter the show pxf cpu rewrite tree privileged EXEC command.
Conditions: This symptom is observed if Multiprotocol Label Switching (MPLS) prefixes that correspond to the tree being shown are removed when you enter the show pxf cpu rewrite tree privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A router may reload during a Session Initiation Protocol (SIP) call.
Conditions: This symptom is observed on all Cisco platforms that support SIP. The symptom is observed only when the debug ccsip events EXEC command is enabled.
Workaround: Do not enable the debug ccsip events EXEC command. If the command is enabled, disable it by entering the no debug ccsip events EXEC command.
•
Symptoms: When decompression of IP Header Compression (IPHC) packets occurs, some packets are dropped or context status messages are sent back to the compressor.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) when the compressed packets contain IP options and the packets use 16-bit IPHC IDs.
Workaround: Use the ip rtp compression-connections interface configuration command to set the maximum number of IPHC connections to no more than 256.
•
Symptoms: IP version 6 (IPv6) multicast traffic may be process-switched. This may impact the performance of the router.
Conditions: This symptom is observed on a Cisco router that is running the c7200-is-mz.123-3.9.T3 image of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A router reloads after the first dual tone multifrequency (DTMF) digit on an ephone has been pressed by the user.
Conditions: This symptom is observed in a Session Initiation Protocol (SIP) call. When the DTMF is generated, a notify request is sent. When the router receives the SIP 200 OK response for the notify request, the router reloads.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) switching is enabled on all interfaces, but the packets are not CEF-switched.
Conditions: This symptom is observed on a Cisco IAD2431 but may be observed on other Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: Traffic does not flow on a Cisco router that is configured with VPN routing/forwarding (VRF)-aware IP Security (IPSec) and that is enabled with a software crypto engine.
Conditions: This symptom is observed on a Cisco router and occurs because packets are dropped after encryption. The output from the debug ip cef drop EXEC command displays the following information:
CEF-Drop: Packet for 10.1.38.16 to null0Workaround: There is no workaround.
•
Symptoms: A Transmission Control Block (TCB) is incorrectly logged, and the following traceback error is displayed:
VsiErr: TCB Release ErrorConditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) when the connection request whose TCB is freed has an endpoint that is the same as a connection that is pending a commit or delete action.
Workaround: There is no workaround.
•
Symptoms: The following symptoms may occur:
–
NO DH public value–
Invalid Function Code, Error coming back 0x4–
NO DH public valueConditions: These symptoms are observed when the router is configured for many tunnels (over 500) or the router has been running for a long time with few tunnels. The D-H keys are leaked slowly for each IKE tunnel creation, and once they reach the limit of 5000 D-H leaks, none of the new negotiations succeed.
Workaround: Enter the no crypto engine accelerator global configuration command to reset the VAM or VAM2. Make sure the fix for caveat CSCec29962 is in the version of Cisco IOS software that you are running before you shut down and then reenable the VAM or VAM2.
Alternate Workaround: If you cannot reset the hardware, reload the router. This will help continue operations, but the symptom will occur again.
•
Symptoms: IKE Phase 1 does not get established on a Cisco 837 router configured for RSA signature authentication when the VPN crypto card is activated. The following syslog messages are observed:
%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id "id") unable to encrypt packet %HIFN79XX-3-CMD_ERR: Hifn 79XX command returned error: (0x10FF)Also a traceback might be seen.
Conditions: This has been observed with Cisco IOS Release 12.2(13)ZH2 and 12.3(2)T1
Workaround: Switching off the crypto card will resolve the issue.
•
Symptoms: A Cisco Packet Data Serving Node (PDSN) may reload when a call handoff is performed.
Conditions: This symptom is observed when a session with different A10 and A11 endpoints is handed off in such a manner that the A10 endpoint has moved to the existing A11 endpoint.
Workaround: There is no workaround.
•
Symptoms: You may not be able to debug a string rewrite difficulty.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) when Parallel Express Forwarding (PXF) forwarding fails while a debugging operation is performed. You may not be able to verify the string rewrite information of the PXF engine.
Workaround: Enter the show pxf cpu cef ip-prefix privileged EXEC command and the show pxf cpu rewrite rewrite-index privileged EXEC command to get the string rewrite information. Then, decipher the information.
•
Symptoms: A Cisco Packet Data Serving Node (PDSN) that is running a Cisco IOS Release 12.2(8)ZB8 image may drop large size generic routing encapsulation (GRE) packets (more than 512 bytes) if Cisco Express Forwarding (CEF) fast switching is turned on.
Conditions: This problem occurs when upstream GRE packets are Ethernet-padded. The show cdma pdsn statistics ahdlc command may show some "Invalid size" and "CRC error" counters being incremented because of this issue.
Workaround: There is no workaround.
•
Symptoms: The router crashes when an ESM (Embedded Syslog Manager) filter script uses the TCL extension "esm_errmsg <module_position>" with an incorrect module_position value.
Conditions: If the module_position variable does not reflect the actual position of the filter script in the ESM execution chain, this could cause an infinite loop, which ESM fails to abort.
Workaround: Correct the module_position value to reflect the actual module position in the ESM execution chain. This can be done automatically in the script by using the $::module_position global variable vs. hard-coding a value.
•
Symptoms: A Cisco gateway GPRS support node (GGSN) reloads when configuring and/or unconfiguring the default aggregate configuration using SNMP object cGgsnDefaultAggregRowStatus (defined in the CISCO-GGSN-MIB) and then reconfiguring the same.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(4)T but is not platform specific.
Workaround: There is no workaround.
•
Symptoms: A router that is configured to use the AUX port default line assignment, for example a router with an interface async N configuration, will lose any references to this interface and all commands configured under it at router boot time.
Conditions: This symptom is observed if an image from Cisco IOS Release 12.2(15)ZJ or an interim image from Cisco IOS Release 12.3(3.9)T2 and later releases is used on a Cisco router. Other Cisco IOS trains such as Cisco IOS Release 12.2 T and Cisco IOS Release 12.3 mainline are not affected.
In these affected Cisco IOS images, the AUX port is no longer assigned line N by default, but is assigned line N+8. For example, on a Cisco 2600 series router, the AUX port line assignment will change from 65 to 73. This can be verified in the output of the show line EXEC command.
This problem affects router platforms that support the Cisco Unity Express (CUE) Network Module.
Workaround: Reconfigure all commands that pertain to the interface async N configuration to use the interface async N+8 configuration instead.
•
Symptoms: A Cisco MXF Route Processor Module (RPM-XF) may unexpectedly reload when you delete the subinterface switch 1.1 by entering the no interface switch1.1 interface configuration command. An error message similar to the following message may be displayed:
System returned to ROM by bus error at PC 0x40096E4C, address 0xD0D0D61The following message may be observed in the crashinfo file:
%GENERAL-5-NOTEVENT: Deleting last sub-interfaceConditions: This symptom is observed on a Cisco RPM-XF when a Multiprotocol Label Switching (MPLS) subinterface is deleted.
Workaround: There is no workaround.
•
Symptoms: The configuration setting for long cable lengths adjusts only the output signal. For long cables, the receiver side may exhibit line code violations (LCVs) errors or enter the loss of signal (LOS) state.
Conditions: This symptom is observed on a Cisco IAD2430 that is running Cisco IOS Release 12.2(15)ZJ2 but is not platform specific.
Workaround 1: Increase the signal that comes into the receiver side. Workaround 2: Insert a CSU/DSU. Workaround 3: Download the Cisco IAD3420 c2430-is-mz image from Cisco IOS Release 12.3(4)T.
•
Symptoms: A Cisco 3660 router crashes when the test dsp device command is entered.
Conditions: This symptom has been observed when the test dsp device command is used with the restore option.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco IAD2430 under either of the following conditions:
- There are 24 active calls and a T1 connection is lost in a multilink bundle.
- A T1 connection is lost in a multilink bundle and then more than 20 calls are attempted.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
This vulnerability was discovered during internal testing. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•
Symptoms: A Virtual Switch Interface (VSI) may access a null pointer in a rare situation.
Conditions: This symptom is observed on a VSI slave on an ATM Services Module (AXSM) platform if a corrupted message is received. The symptom may also be observed on a Cisco MGX Route Processor Module (RPM-XF).
Workaround: There is no workaround.
•
Symptoms: The Per-Packet Load Balancing (PPLB) feature is not stable, and packets are sometimes lost.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF).
Workaround: There is no workaround.
•
Symptoms: A Cisco Route Processor Module (RPM) may reload because of a Virtual Switch Interface (VSI) task exception.
Conditions: This symptom is observed on an ATM Services Module (AXSM) in a large scale connection reroute environment. This symptom has not yet been observed on the Cisco MXF RPM (RPM-XF).
Workaround: There is no workaround.
•
Symptoms: When a Cisco AS5850 chassis is powering up, the configurations for FB are not loaded on one of the RPs. This problem can be seen on both RSC and ERSC.
Conditions: The Cisco AS5850 is reloaded with power up instead of a software reload.
Workaround: There are two possible workarounds for this issue:
1. After power up, perform a software reload on the side where problems are seen without saving the current configuration.
2. You can also use following command to reapply all startup configurations: copy startup-config running-config.
•
Symptoms: A Cisco 2600 series router may reload while trying to create IPSec tunnels.
Conditions: This symptom is observed on a Cisco 2600 series router that is running Cisco IOS Release 12.3(4)T and that uses a Virtual Private Network (VPN) encryption and hardware advanced integration module AIM-VPN/BPII. The crash may be observed during IPSec tunnel creation.
Workaround: Use software crypto.
•
Symptoms: The service selection gateway (SSG) sends duplicate Acct-Session-Id in the SSG connection accounting record. The same session ID is used in the user accounting record.
Conditions: These symptoms have been observed in Cisco IOS software versions 12.2(16)B2 and 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms/Conditions: A Cisco router will crash when the tclsh EXEC command is entered with any argument (tclsh alone will not cause the crash).
Workaround: Enter the tclsh command without any arguments.
•
Symptoms: Control plane policy fails to match Address Resolution Protocol (ARP) packets with the match protocol arp class-map configuration command when the ingress interface has Inter-Switch Link (ISL) or Dot1q encapsulation.
Conditions: This symptom occurs when a service policy is attached to the control plane in input direction.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur at crashdump and validblock on a Cisco 1760. CPUHOG tracebacks may also occur.
Conditions: These symptoms are observed on a Cisco 1760 that runs Cisco IOS Release 12.3 T when IPSec is configured.
Workaround: Use process switching. Note that the symptom does not occur in Release 12.3(2)T2 and earlier releases.
•
Symptoms: When RSA keys are deleted on a router, IKE/IPSec SAs are not deleted as expected between the router and another router. The root cause of this problem is that the clear crypto session does not work correctly.
Conditions: These symptoms appear in Cisco IOS Release 12.3(7)T.
Workaround: There is no workaround.
•
Cisco routers running Cisco Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
This bug is a complementary fix to CSCeb56909 which addresses this vulnerability.
More details can be found in the security advisory which is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml
•
Symptoms: The IP Input Process holds large amounts of memory. The show mem allocating-process shows many TCL and ESM entries for IP Input.
Conditions: ESM (Embedded Syslog Manager) is used under abnormally high logging conditions. The memory leak occurred in a test environment by logging every ACL denial, and pinging the denied interface in flood mode with 100,000+ packets.
Workaround: Do not use ESM if experiencing abnormally high syslog traffic.
•
Symptoms: The MWAM processor clock value (as displayed by the show clock command) will not sync up properly with the Supervisor clock.
Conditions: This condition exists in all versions of MWAM IOS software.
Workaround: There is no workaround.
Further Problem Description: MWAM processor does not support NTP. Since applications like SSG use the hardware clock for accounting records, it is very critical that the hardware clock is synced from a known stable source like a NTP server. Hence, NTP support is added on MWAM & is tracked by this defect. Please refer to the MWAM installation configuration guide on CCO for more information.
•
Symptoms: A router that is running Cisco IOS Release 12.3(4)T2 or a later release may not be able to use the ipv6 ospf authentication ipsec spi spi md5 key command. The following error message may be generated: "OSPFv3: Authentication was not enabled."
Conditions: This symptom is observed with the c1700-advsecurityk9-mz and c1700-adventerprisek9-mz images, but other images may be affected too.
Workaround: There is no workaround.
•
Symptoms: Reassembler multi-bit error causes a card crash.
Conditions: This problem occurs under the following conditions:
1. XF works as eLSR and is connected to dual LSCs (slot3/4) with MPLS i/f sw1.1 and sw1.2.
2. There are 250 spvcs with VRF enabled to CE.
3. There are 250 eBGP sessions to CE.
4. CE runs TGN and sends IP traffic through the 250 spvcs to remote CEs.
5. Input/output service policy is configured under 250 spvcs.
6. There are 60K VPNv4 routes.
7. Clear interface sw1 on PE.
Workaround: There is no workaround.
•
Symptoms: A conform action counter error is found for "mqc_police."
Conditions: This failure is observed in 12.3(7)T on the Cisco 7200 platform.
Workaround: There is no workaround.
•
Symptoms: The protocol may flap on a congested link fragmentation and interleaving (LFI) link.
Conditions: This symptom is observed on a Route Processor Module (RPM) when the priority queue (PQ) is congested.
Workaround: Do not congest the PQ LFI link.
•
Symptoms: A dequeued packet may have an incorrect length, which may cause a packet buffer leak or other unexpected behavior.
Conditions: This symptom is observed on a Cisco 8800 series MGX Route Processor Module (RPM-XF) when packet queues are not allocated on the address boundary of the queue size.
Workaround: There is no workaround.
•
Symptoms: A Home Agent (HA) may stop to receive de-registration requests for existing bindings if the total available memory in the processor is less than 10% of total memory.
Conditions: This symptom is observed on a Cisco router that functions as an HA when large number of bindings exist and the total memory used by the bindings is about 90% of total memory. At this point, Cisco router functioning as HA does not accept de-registration requests and does not delete the bindings.
Workaround: The clear ip mobile bindings all command can be used to delete all the existing bindings.
•
Symptoms: When you enter the clear interface switch1 user EXEC or privileged EXEC command, a protocol control information (PCI) bus timeout may occur.
Conditions: This symptom is observed on a Cisco 8800 MGX series Route Processor Module (RPM-XF) when a large amount of PCI bus activity occurs and when there are circuits that have flow configured per virtual circuit (VC).
Workaround: There is no workaround.
•
Symptoms: For 12.2T and 12.3, the following symptoms are observed: ACCOUNTING START/STOP messages for username and service name are seen correctly. RADIUS attributes containing CALLING and CALLED numbers are not seen.
For 12.3T, the following symptoms are observed: ACCOUNTING START/STOP messages for username only are seen but are not seen for service name. RADIUS attributes containing CALLING and CALLED numbers are seen correctly.
Conditions: These symptoms occur for dial-up PPP users.
Workaround: There is no workaround.
•
Symptoms: Trunk cards that are installed in a Cisco AS5850 may become stuck in the power-pending state and may not be able to boot properly.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with redundant Route Switch Controllers (RSCs) and that has health monitoring of the Forwarding Information Database (FIB) enabled when you reload software onto the RSC that is installed in slot 7.
Workaround: Reload the RSC that is installed in slot 6.
First Alternate Workaround: Reload software onto both the RSC that is installed in slot 7 and the RSC that is installed in slot 6.
Second Alternate Workaround: Switch the power of the Cisco AS5850 off and on.
Third Alternate Workaround: Disable health monitoring of the FIB.
•
Symptoms: A Cisco GGSN sends more than 1 CDR with the PDP Context session terminate cause.
Conditions: This is observed when a lot of data is being sent through the PDP Context while the PDP Context is being deleted. Cisco GGSN IOS 12.3(4)T and 12.3(2)XB have the issue.
Workaround: There is no workaround.
•
Symptoms: Incoming SIP REFER messages from the latitude server may not be understood by the AS5X00 series Voice Gateways. So far this is known to effect only the call transfer capability.
Conditions: The problem occurs if the SIP gateway receives a REFER request which has a user portion in the Refer-To header that exceeds 32 characters.
Workaround: There is no workaround.
•
Symptoms: A router reloads at sdb_add_string.
Conditions: This occurs under low memory conditions.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash may occur on a platform that functions as a gateway when the platform attempts to process an "INVITE" message that contains a "Call-Info" header with a URL other than a SIP or TEL URL.
Conditions: This symptom is observed on a Cisco AS5400HPX that runs Cisco IOS Release 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: The DFP manager reports the following errors:
5w5d: %CASA-4-SECURITY_FAIL: Incorrect security information in CASA packet.
%SLB_DFP-4-NO_PARSE: Agent 9.9.9.42:1111 - Could not parse message
%SLB_DFP-4-KEEP_ALV: Agent 9.9.9.44:1111 - Have not received keep aliveConditions: This happens when DFP is configured on the manager and agent. If the DFP passwords are not configured, the first two messages are not seen.
Further Problem Description: These error messages appear because DFP agent is not able to send keepalives or the DFP weights at a regular interval to the manager. The DFP connection bounces back and forth between "Connected" and "Failed" states.
Workaround: There is no workaround.
•
Symptoms: SSG may crash when there is a failure/timeout contacting SESM/RADIUS.
Conditions: It is observed on SSG running with SSG port-bundle host-key feature enabled.
Workaround: Disable port-bundle host key feature.
•
Symptoms: An RPM-XF reloads unexpectedly when the show ip access-lists command is executed.
Conditions: The symptom occurs when one or more policy maps have been configured before executing the show ip access-lists command.
Workaround: There is no workaround.
•
Symptoms: The hashing algorithm may be incorrect when multipath load balancing is configured in frame mode for both external Border Gateway Protocol (eBGP) and internal Border Gateway Protocol (iBGP).
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) that functions as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Workaround: There is no workaround.
•
Symptoms: When the NAT transparency feature is on, Ipsec+NAT fails with bad packet refcount messages and tracebacks.
Conditions: These symptoms may be observed on Cisco 83x routers running 12.3T images and running IPSec tunnels with hardware crypto.
Workaround: Use software crypto engine or AIM.
•
Symptoms: A Cisco gateway may unexpectedly reload because of a software-forced crash when it builds a SIP ACK(nowledgement) or BYE message.
Conditions: This symptom is observed when the gateway receives a SIP response that contains a Record-Route header and a Contact header and when the length of the Contact header exceeds 128*n, in which "n" is the number of URLs in the Record-route header.
Workaround: There is no workaround.
•
Symptoms: A memory leak may be observed after an input policy is applied to an ATM interface. After a period of time, all memory buffers are exhausted and packets cannot be punted to a Route Processor Module (RPM).
Conditions: This symptom is observed on an MGX RPM (RMP-XF) that acts as a provider (P) router in a frame-based Multiprotocol Label Switching (MPLS) network.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur as a result of entering the interface configuration command: no ip rtp header-compression or no ip tcp header-compression
Conditions: This error will only occur when there is traffic running and being compressed in Process Switching mode on the interface being configured.
Workaround: If the interface is shut down during reconfiguration then traffic will be prevented from flowing and the crash will not occur.
•
Symptoms: Incoming MPLS packets are not serviced by the right queues on ingress interfaces.
Conditions: Configure an input policy map on the RPM-XF with class maps matching against exp bit.
Workaround: There is no workaround.
•
Symptoms: Cisco Packet Data Service Node (PDSN) Router reloads when parsing an invalid Mobile IP Registration Request (RRQ) from a Base Station Subsystem (BSS).The RRQ contains an invalid Vendor Specific Attribute (VSA) for Mobile Station Identifier (MSID).
Conditions: The reload happens when a RRQ with the following invalid field is received: - The MSID in Accounting VSA is received with a wrong length field as one (1).
Workaround: There is no workaround.
•
Symptoms: A Cisco 8800 MGX series Route Processor Module (RPM-XF) may reload unexpectedly when a "NULL RD" error occurs.
Conditions: This symptom is observed when multicast is configured in conjunction with an output log access control list (ACL).
Workaround: Avoid output logging on interfaces that transmit multicast traffic.
•
Symptoms: A card with 2 POS up links crashes due to the high speed backplane bus error.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) that functions as hub router with 2 POS up links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 router may reload when dMLFR interface(s) is/are configured.
Conditions: This problem can occur only when distributed CEF switching is disabled globally on the router. The following command can cause this issue to occur:
Router(config)#no ip cef distributedWorkaround: Do not disable distributed CEF switching on the router, as dMLFR works only when distributed CEF switching is enabled.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: An automatic backcard removal event of a 2-port POS card occurred in the RPMXF card, and the RPMXF card rebooted.
Conditions: This symptom occurs when a 2-port OC-12 Packet-over-SONET card is used.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS device will enter a boot-time crash loop and refuse to come up. Error messages from the crash may include statements stating that there is a memory block corruption, even if there is ample memory installed on the IOS device.
Conditions: This symptom is observed on a Cisco IOS device on which IOS 12.3(6.1)T is loaded. All platforms and feature-sets are affected.
Workaround: There is no workaround.
•
Symptoms: When an EzVPN server is configured to authenticate users with RADIUS, and the router cannot connect to the RADIUS server, it will crash with an Unexpected Exception error when trying to authenticate a user.
Conditions: This can occur when the router cannot reach the RADIUS server's IP address, or when the RADIUS server is not configured to accept connections from the router.
Workaround: Set the RADIUS retransmit count to "1" with the configuration command radius-server retransmit 1.
•
Symptoms: Unable to configure pseudowire on a Virtual-PPP interface.
Conditions: This is observed on a Cisco router running the 12.3(5.13)T version of IOS.
Workaround: Configure no ip address under the interface where you want to configure xconnect.
•
Symptoms: The memory held by SSGCmdQueue process increases continuously when SESM users log on and log off.
Conditions: This happens in SSG deployments when SESM users logon and logoff.
Workaround: There is no workaround.
•
Symptoms: SAR crash file does not contain event log information.
Conditions: This symptom always occurs.
Workaround: The event log information should be obtained from the syslog, if one is configured, or the show logging command needs to be executed after a SAR crash is noticed.
•
Symptoms: A Cisco router running 12.3 T might reboot when the command show cry ca timer is issued.
Conditions: These symptoms occur while there are enrollment requests with usage keys pending.
Workaround: There is no workaround.
•
Symptoms: Cisco IOS may reload when configuring a host-based preshared key.
Conditions: This reload occurs if the length of the <hostname> string in the crypto isakmp key <key-string> host <hostname> [no-xauth] configuration command is greater than or equal to 128 characters.
Workaround: There is no workaround, except to not configure a hostname longer than 127 characters.
Further Problem Description: This problem may cause buffer overflow, but it corrupts the heap and not the stack. So running arbitrary code is not possible.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: When a Cisco gateway GPRS support node (GGSN) receives the routing area update to change the data address of the serving GPRS support node (SGSN), the downstream traffic for the PPP packet data protocol (PDP) interface may fail to reach the SGSN and traffic may be dropped.
Conditions: This symptom is observed on a Cisco GGSN that is running Cisco IOS Release 12.2(8)YW.
Workaround: There is no workaround.
•
Symptoms: A gateway GPRS support node (GGSN) may reload and display the following tracebacks:
0x60798124:free(0x6079809c)+0x88 0x60024680:gtp_gtpsock_free(0x60024658)+0x28 0x60025CDC:gtp_io_cleanup_gtpsock(0x60025ca0)+0x3c 0x600263D8:gtp_io_process_message(0x600260ec)+0x2ec 0x60026850:gtp_io_process(0x60026704)+0x14cSteps to reproduce:
1. Bring up the TCP connection with the primary CG.
2. Create a context
3. Shut the interfaces of both (primary and secondary) CGs connected to GGSN
4. Delete the context and wait for the TCP connection to expire.
Conditions: This crash happens in some images. It is a combination of events happening at the same time.
Workaround: There is no workaround.
•
Symptoms: With crypto configured on an interface, packets are not getting Cisco Express Forwarding switched (CEF-switched), but packets are getting fast- switched.
Conditions: This symptom is observed on a Cisco 837 router that is running Cisco IOS Release 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2691 router running 12.3(4)T may crash.
Conditions: This crash occurs while configuring the voice-port for trunking.
Workaround: There is no workaround.
•
Symptoms: The accounting of input and output bytes and/or packets for a service connection is not correct. Only upstream traffic for that service access is accounted for, whereas downstream traffic from that service would be accounted for another service connection.
Conditions: This symptom is observed when a user does autologon to two no-NAT/passthrough services.
Workaround: There is no workaround.
•
Symptoms: Packets may not take the quality of service (QoS) path because an extra 8 bytes are added to the content of the packet.
Conditions: This symptom is observed when distributed link fragmentation and interleaving (dLFI) over ATM QoS is configured on a Route Switch Processor (RSP) router.
Workaround: There is no workaround.
•
Symptoms: A Service Selection Gateway (SSG) reloads at ssg_search_conn.
Conditions: This symptom occurs when downstream traffic from a proxy NATed service is sent to an SSG host who is logged onto it. This happens after a host logs off a service and immediately the same or another host with same NATed IP address logs on to the proxy NATed service.
Workaround: There is no workaround.
•
Symptoms: Any new Access Requests from NAS (GGSN) are not processed by SSG when SSG_dummy_pool fills up.
Conditions: SSG_dummy_pool fills up when SSG is honoring an Acct-on/Accounting Off along with an accounting stop throttle configuration. Any new Access-Requests from NAS (GGSN) can create this condition.
Workaround: Unconfigure and then configure ssg radius-proxy or reload SSG to clean up this pool.
•
Symptoms: A memory leak is observed on a Cisco 3745 router.
Conditions: The memory leak is seen when a SSG subscriber accesses their SOHO and the user is logged on to a Tunnel service.
Workaround: There is no workaround.
•
Symptoms: A Cisco Gateway GPRS Support Node (GGSN) that is running a R4.0 image leaks memory after querying the following Simple Network Management Protocol (SNMP) MIBs:
-CISCO-GPRS-ACC-PT-MIB
-CISCO-GPRS-CHARGING-MIB
-CISCO-GTP-MIB
-CISCO-GGSN-MIB
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: The UUT crashes when the show ssh, with SSH debug on, is run while a SSHredder attack is initiated towards the UUT. The show ssh command is executed to check if the server connections are still on after the attack.
Conditions: This problem occurs while the SSHredder attack is going through, if the SSH debugs are enabled and show ssh command is executed after every attack packet.
The crash was observed on the following platforms:
1. Cisco 2651XM running c2600-adventerprisek9-mz.123-3.9.T6
2. Cisco 2691 running c2691-adventerprisek9-mz.123-3.9.T4
3. Cisco 3745 running c3745-adventerprisek9-mz.123-3.9.T6
Workaround: Disable SSH debugs and restrain from executing the show ssh after every attack packet.
•
Symptoms: SSG crashes when logging in HO.
Conditions: This occurs with CHAP authentication.
Workaround: Use only PAP authentication.
•
Symptoms: SSG crashes for proxy service authorization.
Conditions: SSG Crashes while trying to allocate memory for a proxy service authorization packet.
Workaround: There is no workaround.
•
Symptoms: Low end IOS routers can reload.
Conditions: This occurs when low end IOS routers with crypto accelerators are used in conjunction with CEF switching.
Workaround: Disable CEF switching.
•
Symptoms: A Cisco 3725 router running as IPIPGW may reload.
Conditions: This occurs while unconfiguring Acc-QOS audio on dial peer.
Workaround: There is no workaround.
•
Symptoms: A time drift in the interim accounting update was seen for SSG connection accounting packets.
Conditions: This symptom occurs with 10 Host Objects and Connection Accounting interval 300. After 4 days of testing, the time drift was seen in interim accounting update packets.
Workaround: There is no workaround.
•
Symptoms: The xDSL line fails to train.
Conditions: The xDSL line fails to train on reload on a Cisco 1700 series router that is running the 123-5.10.T image.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that functions as a PDSN, sessions may become stuck without a flow. The status (St) column in the output of the show cdma pdsn session br command may indicate "EST" for a very long time:
MSID PCF IP Address PSI Age St Flows Interface 0114112125 192.168.33.86 2302 01:30:51 EST 0Normally, a session remains in the "EST" state for only a few seconds.
Conditions: This symptom is likely to be observed when a Mobile Node (MN) does not respond to LCP CONFREQs messages from the PDSN and when the PCF sends an A11 Registration Request with a different GRE key for the same MN.
Workaround: Clear the stuck session by entering the clear cdma pdsn session msid number privileged EXEC command.
•
Symptoms: The output of show crypto ipsec sa identity does not list the proxies protected by the crypto map.
Conditions: In the following conditions the proxies are not built.
–
–
–
The bug affects 12.3(4)T release and above.
Workaround: There is no workaround
•
Symptoms: Incorrect input counters are sent in SSG host and connection RADIUS accounting records.
Conditions: A SSG running 12.3(6.2)T2 or later versions with SSG accounting enabled can report incorrect input (downstream) counters in the accounting records for SSG host and connections.
Workaround: There is no workaround.
•
Symptoms: %PXF-2-EXCEPTION: messages are observed on the console when L2TP downstream traffic is passing through.
Conditions: This symptom is observed on a Cisco 7200 with a NSE-1 processor board or Cisco 7401 platform (when these platforms functions as LNS) and when PXF is enabled. Rate-limit is configured on L2TP tunnel egress physical interface.
Workaround: Disable PXF with the no ip pxf.
•
Symptoms: The system may unexpected reload when distributed CEF is disabled.
Conditions: A Cisco 7500 router running Release 12.3(5.13)T configured to operate with distributed IP Header Compression (IPHC) may reload when dCEF is disabled.
Workaround: Before disabling distributed CEF, disable IP Header Compression.
Wide-Area Networking
•
Symptoms: L2TPv2 tunnels with active PPPoX sessions may go down. When you enter the vpdn debug error command, you can see that the LAC or LNS is resending L2TP control messages that the other side does not acknowledge.
Conditions: This symptom is observed primarily in scaled environments with more than 10,000 PPPoX sessions over more than 500 L2TP tunnels.
Workaround: There is no workaround.
•
Symptoms: A Layer 2 Tunneling Protocol (L2TP) tunnel may not be established between an L2TP network server (LNS) and an L2TP access concentrator (LAC).
Conditions: This symptom is observed if the LNS has VPN routing/forwarding (VRF) configured on its local virtual private dialup network (VPDN) group. This is a VPDN VRF symptom that may affect all Cisco platforms when VRF is used in conjunction with VPDN.
Workaround: Use RADIUS to set up the VPDN group with VRF.
•
Symptoms: A Multilink PPP over ATM (MLPoA) bundle that is configured by using a multilink interface may come up as a virtual-access interface, but the multilink interface may remain inactive as an MLP bundle.
Conditions: This symptom is observed after a bundle reset, which may be triggered by entering the clear interface user EXEC or privileged EXEC command for the multilink interface or for a virtual-access member.
Workaround: There is no workaround.
•
Symptoms: The message "STRING-DB-ERROR: Owner VPDN Session Type - Username no longer owns string with name ..." was displayed on the LNS router.
Conditions: Heavy traffic existed on the link at the time and PPP connections were seen to disconnect and reconnect.
Workaround: If the router continues to display the above, a restart of the router may be required.
•
Symptoms: UDP port 1701 (L2TP) may be opened by a port scan.
According to router log, the router does not send a "port unreachable" message for a packet that uses UDP 1701:
IP: s=10.1.1.2 (Ethernet1/1), d=10.1.1.1 (Ethernet1/1), len 28, rcvd 3 UDP src=0, dst=1701
IP: s=10.1.1.2 (Ethernet1/1), d=10.1.1.1 (Ethernet1/1), len 28, rcvd 3 UDP src=0, dst=1702 ICMP: dst (10.1.1.1) port unreachable sent to 10.1.1.2 IP: s=10.1.1.1 (local), d=10.1.1.2 (Ethernet1/1), len 56 , sending ICMP type=3, code=3Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(2)T1.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco universal access server when the ISDN process continues to allocate memory without freeing the memory. The "Name" column in the output of the show memory allocating-process totals may show the "ISDN name" as the process that allocates memory and does not free the memory.
Conditions: This symptom is observed on a Cisco universal access server on which the ISDN Calling Name feature is configured.
Workaround: There is no workaround.
•
Symptoms: A router that is running Cisco IOS Release 12.3(2)T2 or a later release may reload with a bus exception when an interface that is configured with the ppp multilink group interface configuration command either goes down or renegotiates the PPP Link Control Protocol (LCP).
Conditions: This symptom is observed when two different members of the same multilink group use different multilink endpoint discriminators or usernames. This is a configuration error, but in this instance it causes the router to erroneously create two bundles on the same group interface, and the router reloads when one of the bundles is brought down.
This symptom can occur, for instance, if an interface is being moved from one active multilink group to another, and the username is changed on the remote peer before the multilink group assignment is changed locally.
Workaround: Make sure that all interfaces that are assigned to a given multilink group are configured to supply the same username and endpoint discriminator on the remote peer. If an interface is moved from one multilink group to another, shut the interface down while it is being reconfigured.
Resolved Caveats—Cisco IOS Release 12.3(4)T11
Cisco IOS Release 12.3(4)T11 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T11 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: Fax pass-through may fail.
Conditions: This symptom is observed on a gateway that is configured for fax pass-through or T.38 with fax pass-through as the fallback method after an initial call is established, the gateway detects a fax tone, and the gateway sends a re-Invite message with a new SDP message requesting to switch to fax pass-through. However, the "o" line in the new SDP message has the same version ID as the "o" line in the initial SDP request that was sent by the gateway. If the originating gateway does not indicate that it disabled silence suppression with a "silenceSuppression=off" attribute in its SDP answer, fax pass-through fails.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(4)T10
Cisco IOS Release 12.3(4)T10 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T10 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router may crash when you enter the dir flash: command.
Conditions: This symptom is observed on a low-end router that uses a Compact Flash (CF) device when the root directory is nearly full with file entries.
Workaround: Keep the number of file entries in the root directory relatively small (less than 100).
Interfaces and Bridging
•
Symptoms: On a Cisco 7x00 series that runs Cisco IOS Release 12.3 and that is equipped with an ATM PA-A3 port adapter, the SAR chip of the port adapter may crash or the interface may become stuck.
Conditions: This symptom is observed when there is a high-traffic load on the ATM PA-A3 port adapter and when many VCs are created, deleted, and modified continuously. The symptom may also occur in other releases.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The following error message and tracebacks may be generated on a Cisco 3660 router that is configured with a Virtual Private Network High Performance advanced interface module (AIM-VPN/HP):
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=6344EB40, count=0 -Traceback= 60449944 61A9DCB4 61A9E000 61A9E898 61AA2CCC 61A96100 61A82EB8Conditions: This symptom is observed on a Cisco 3660 router that is running the c3660-ik9o3s-mz image of Cisco IOS Release 12.2(13)T but may also occur on other Cisco 3600 series routers that are running other Cisco IOS images.
Workaround: Disable compression.
•
Symptoms: A router that has the ip inspect interface configuration command enabled may drop a synchronize/acknowledge (SYN/ACK) reply instead of sending it.
Conditions: This symptom is observed when you originate a TCP connection from an interface on another router and when this interface does not have the ip inspect interface configuration command enabled.
The output of the debug ip packet detail privileged EXEC command indicates that the SYN/ACK reply is "dropped by inspect":
IP: s=192.168.128.16 (FastEthernet0.2), d=192.168.192.69 (FastEthernet0.3), len 48, dropped by inspect
TCP src=23, dst=3403, seq=143608234, ack=3669485014, win=5840 ACK SYNWorkaround: Remove the ip inspect interface configuration command from the interface of the router that is supposed to send the SYN/ACK reply.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
•
Symptoms: Cisco AS5850 does not send NTFY to MGCP CallAgent. - Cisco AS5850 does receive CRCX request with the DT/ans present in it but does not send NTFY to the call agent.
Conditions: This symptom can occur at any time and under no special conditions.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: A router may crash when you enter the dir flash: command.
Conditions: This symptom is observed on a low-end router that uses a Compact Flash (CF) device when the root directory is nearly full with file entries.
Workaround: Keep the number of file entries in the root directory relatively small (less than 100).
•
Symptoms: When a voice gateway is reset by a Cisco CallManager, the voice gateway may not reregister with the Cisco CallManager, even when the output of the show isdn statistics command indicates the following state:
MULTIPLE_FRAME_ESTABLISHED and L3 Protocol(s) = CCM-Manager.The above-mentioned state occurs when the voice gateway fails to send a restart message (RM) to the Cisco CallManager.
Conditions: This symptom is observed on a Cisco 3745 that functions as a voice gateway and that runs Cisco IOS Release 12.3(4)T6, 12.3(8)T3, or 12.3(8)T4.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the T1 controller of the interface that connects to the Cisco CallManager.
•
Symptoms: Mute calls may occur on a Cisco MGCP gateway. The output of the show mgcp connection command shows that the Connection Mode for the originating endpoint remains in a loopback (M=5) after answering the call:
Endpoint Call_ID(C) Conn_ID(I) (P)ort (M)ode ...
1. S7/DS1-0/31 C=3E,315,313 I=0x81 P=0,0 M=3 ...
2. S7/DS1-1/31 C=3E,313,315 I=0x80 P=0,0 M=5 ...
Conditions: This symptom is observed for a hairpin call with COT that is requested on the originating call leg from the PSTN side.
Workaround: Disable COT on the PSTN side.
•
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)
%SYS-2-GETBUF Bad getbuffer, bytes= 42565 -Process= "Crypto HW Proc", ipl= 0, pid= 87 -Traceback= hex numbers
or
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid PacketConditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying. SYS-2-GETBUF tracebacks are seen if Encapsulating Security Payload (ESP) wide-key Advanced Encryption Standard (AES) 192 or 256 is configured.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Alternate Workaround 1: If AES 192 or 256 is configured, use ESP AES 128-bit keys.
Alternate Workaround 2: If AES 192 or 256 is configured, use a Data Encryption Standard (DES) transform instead.
•
Symptoms: When random disconnect timer is initialized, the value should be greater than or equal to 1 second. But the random value is less than 1 second when tdinit configured command is 1 second. In this case, the random value must be 1 second.
Condition: This symptom has been observed when a random disconnect timer value is selected.
Workaround: There is no workaround.
•
Symptoms: "IP Input" and "ESM Logger" processes hold increasing amounts of memory.
Conditions: This symptom is observed when the Embedded Syslog Manager (ESM) is used to manipulate syslog messages and executes show commands to gather information that is required for syslog message modification. The probability that the symptom occurs increases with the number of times that a show command is executed by the TCL script.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: An L2TP LNS that is configured to perform Multichassis Multilink PPP (MMP) by using SGBP may not be able to bundle Multilink PPP (MLP) connections. The output of the debug sgbp queries command shows no SGBP queries after the connections have been authenticated.
Conditions: This symptom is observed when the MLP connections arrive on different LNS within the same stack group.
Workaround: Enter the sgbp ppp-forward command to enable forwarding of all PPP calls, not only of MLP calls. This workaround may cause some overhead as SGBP queries will also be sent for non-multilink connections.
Alternate Workaround: Enter the lcp renegotiate always command. This workaround may cause compatibility problems with older PPP clients.
Resolved Caveats—Cisco IOS Release 12.3(4)T9
Cisco IOS Release 12.3(4)T9 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: One of the serial connections on Fast Ethernet (FE) interfaces stops passing traffic. The interfaces can either go into up/down state or may remain up/up but they do not pass any traffic.
Conditions: This symptom was observed when running IPSec over Generic Routing Encapsulation (GRE) tunnels on a Cisco 7500 router with Route Switch Processor (RSP4).
Workaround: Either remove the card and put it back in again or reboot the router.
•
Symptoms: When downloading IP address pools via a Radius Server using Radius Attribute 217, Ascend-IP-Pool-Definition, the ending IP address of the address pool is incorrect. It seems that the translation from the Ascend max entries to a Cisco CLI attribute goes wrong.
See the following example:
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 19 "1 10.112.26.1 240"
Nov 6 11:26:49.696: RADIUS: Vendor, Ascend [26] 26
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 20 "5 10.112.26.242 10"
Nov 6 11:26:49.696: RADIUS(0000017C): Received from id 21648/217
Nov 6 11:26:49.696: AAA/PER-USER: mode = config; command = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.696: AAA/PER-USER: line = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.700: AAA/PER-USER: mode = config; command = [ ip local pool 5 10.112.26.242 10.128.59.6]
Nov 6 11:26:49.700: AAA/PER-USER: line = [ ip local pool 5 10.112.26.242 10.128.59.6]It is unclear where i.e. 10.128.59.6 comes from as it should be 10.112.26.252 (total of 10 addresses in the pool).
The NAS rightfully complains further about it in the debugs as follows:
Nov 6 11:26:49.704: PPP: Message from per-user configuration ...
Nov 6 11:26:49.704: %Bad IP range, 10.112.26.242-10.128.59.6Radius Attribute Translations and Cisco AV-pairs are handled as you would parser the command into the CLI.
Conditions: This seems to fail in about 1 out of 10 IP pool downloads from the Radius-Server.
Workaround: Use Cisco AV-pairs attributes to download IP address pool instead of Radius Attribute 217, Ascend-IP-Pool-Definition.
•
Symptoms: DHCP accounting records are not sent to a RADIUS server.
Conditions: This symptom is observed when the aaa accounting delay-start command is configured.
Workaround: Disable the aaa accounting delay-start command. If this is not an option, there is no workaround.
•
Symptoms: When tunnelled sessions are flapped on an L2TP Access Concentrator (LAC) or an L2TP Network Server (LNS), sessions may be attempted to be established on the wrong tunnels.
Conditions: This error occurs when there is a high call rate and a high call volume.
Workaround: Enable the radius-server source-ports extended global configuration command.
IP Routing Protocols
•
Symptoms: The maximum-paths import number-of-paths command enables a VRF to import additional paths in addition to the bestpath. If the original path of the import path is withdrawn, wrong import paths may be purged. This situation may cause traffic disruption up to 15 seconds.
Conditions: This symptom is observed when the original path of the best import path is withdrawn and the import path is at the end of the path list (that is, the one learned the very first). In this situation, all import paths that are derived from other paths may be purged as well. If the imported net has only import paths, the net may not be reachable until other paths are reimported.
Workaround: Ensure that the import path is at the top of the path list or use the same route descriptor (RD) for all import paths.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround
Miscellaneous
•
Symptoms: LocalMAC is always shown as 0000.0000.0000 on customer premises equipment (CPE), so the aggregator also shows 0000.0000.0000 as the remote MAC address.
Conditions: When using CPE (Cisco 2600 router, Cisco 3600 router, or Cisco 3700 router) as a PPPoE Client, show vpdn session command always shows locMAC as 0000.0000.0000. Since this is the MAC address sent to the aggregator (Cisco 3660 router) in our setup, the show vpdn session command on the aggregator also shows RemMac as 0000.0000.0000. Pings are going fine and PPPoE functions correctly.
Workaround: Configure the MAC address explicitly on the ATM interface.
•
Symptoms: When a Cisco router boots up, the following messages appear and the router is unusable:
Process= "MIPC Periodic Timer", ipl= 0, pid= 32
%PIF-3-READ_IMEM_ERROR: NULL response for READ_IMEM MIPC msg to , XPIF2 Process= "FDM Forwarding Stats Process", ipl= 0, pid= 35
%PIF-3-READ_PHY_ERROR: NULL response for PIF_PHY_REG_SEND_CMD MIPC msg to , XPIF2Conditions: This symptom is observed on a Cisco AS5850 gateway that has a Route Switch Controller (RSC) card with revision 8.9 or later, and that is running Cisco IOS Release 12.2(11)T4, Release 12.2(11)T9, Release 12.3(1), Release 12.3(1a), or Release 12.3(3a).
Workaround: Load a Cisco IOS software image other than those listed in the Conditions section above onto the Cisco AS5850. Then, reload the gateway with the new Cisco IOS software image without turning the power off and on.
•
Symptoms: When a Cisco AS5850 chassis is powering up, the configurations for FB are not loaded on one of the RPs. This problem can be seen on both RSC and ERSC.
Conditions: The Cisco AS5850 is reloaded with power up instead of a software reload.
Workaround: There are two possible workarounds for this issue:
1. After power up, perform a software reload on the side where problems are seen without saving the current configuration.
2. You can also use following command to reapply all startup configurations: copy startup-config running-config.
•
Symptoms: Several prefixes for nonredistributed and connected interfaces in different VRFs may be partially bound to the same MPLS VPN label, causing traffic that is bound for one or more of these VRFs to be disrupted.
Conditions: This symptom is observed on a Cisco router after the VRF interfaces have flapped.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: A Cisco AS5850 universal gateway may exhibit a small and gradual memory leak in the ISDN process with async calls.
Conditions: This symptom occurs when the calls are brought up on ISDN trunks and the calls fail in the middle of the call setup phase.
Workaround: There is no workaround.
•
Symptoms: Memory fragmentation causes a router to reload.
Conditions: This symptom is observed on a Cisco AS5850 enhanced route switch controller (eRSC) that is running two B channel serial multilink calls, which causes a memory leak in Pool Manager.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5400 Voice Gateway, calls may fail when it is used as an Originating Gateway that is configured with g.clear codec and signalled by an MGCP call agent. NAK messages may also be seen.
Conditions: This symptom is observed on a Cisco AS5400 Voice Gateway.
Workaround: There is no workaround.
•
Symptoms: When 911 calls are done via MF signaling, calls placed to 911 intermittently fail.
Conditions: This symptom is observed in the following call flow:
A customer dials 911; the call agent sends a RQNT to a TGR (a Cisco AS5850) with call setup information; the TGR acknowledges with a 200 message. At this point no further messages are sent from the TGR.
In most cases a customer abandons the call and reattempts to dial 911 again, which will connect on a different trunk (trunk groups are set up for LRU in the call agent). The MGCP connection on the TGR hangs.
DSIP debug shows that after receiving a wink back from the agent, TGR immediately sends a loop open, which should not be the next event. The caller hears dead air during this entire series of events.
Workaround: There is no workaround.
•
Symptoms: An active RSC may crash when you enter the redundancy handover peer-resources command.
Conditions: This symptom is observed when a Cisco AS5850 runs in handover split mode and one RSC is in an extra-load mode.
Workaround: Enter the redundancy handover peer-resources command when there are no active calls on any resources that must to be handed over.
•
Symptoms: When you make a call via a Cisco AS5850, you may only hear one-way audio.
Conditions: This symptom is observed when the called party is behind a NAT gateway.
Workaround: There is no workaround.
•
Symptoms: Calls drop after 25 seconds.
Conditions: This symptom is observed on a Cisco AS5850 when the following commands are configured:
ip rtcp report interval 5001
gateway
timer receive-rtcp 5
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload because of a port management difficulty.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with an enhanced route switch controller (eRSC) and that has SNMP enabled.
Possible Workaround: Disable SNMP.
•
Symptoms: A SIGSM template does not work when the d[x] field is used to specify the maximum number of digits that need to be captured; the caller would have to enter x+1 digits in order for the call to go through correctly.
Conditions: This symptom is observed on a Cisco AS5850 when a signaling template is configured and when the maximum digit field is used.
Workaround: There is no workaround.
•
Symptoms: When using a Cisco AS5850 that is running an MGCP application with 20 calls per second bring up rate, voice call setup may start to fail.
Conditions: This symptom occurs when issuing the show run and the show voice call summary commands while bringing up 20 calls per second.
Workaround: Avoid issuing the show commands during peak call bring up.
•
Symptoms: Calls after the 10th call are not compressed and bandwidth use doubles.
Conditions: This symptom is observed when class-based cRTP is enabled.
Workaround: Double the bandwidth if you make more than 10 calls.
•
Symptoms: On a Cisco AS5850 with an enhanced Route Switch Controller (RSC) that is configured to hair-pin incoming ISDN calls onto outgoing channel associated signaling (CAS) channels (or vice-versa), a Time Division Multiplexing (TDM) leak condition will be exhibited after a few hours.
Conditions: This symptom is observed in Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: STM1 flaps map be observed on a Cisco AS5850 access gateway.
Conditions: This symptom occurs when the debounce timer for Loss of Signal (LOS) and Loss of Frame (LOF) is ignored.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5850 that is configured to use a backhaul session manager, the backhaul sessions may go down, causing the D-channels to go down too.
Conditions: This symptom is observed when 100 percent CPU utilization occurs on the Cisco AS5850 for 2 seconds or longer.
Workaround: Increase the RUDP retransmission time-out value to 1000 ms.
•
Symptoms: High-speed modems may fail during a modem passthrough call.
Conditions: This symptom is observed when a high-speed modem is used for a modem passthrough call and when the dejitter buffer is configured to be too large or too small to accommodate the modem traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 that has a trunk-group that is provisioned to a third-party vendor switch can pass a COT request when this request is initiated by a Cisco BTS 10200 but fails when this request is initiated by the third-party vendor switch. This situation prevents you from configuring new trunks to the third-party vendor switch.
Conditions: This symptom is observed in a configuration with a Cisco BTS 10200 that runs software version 3.5 3 V03 and a Cisco AS5850 that runs Cisco IOS Release 12.3(2)T7 or Release 12.3(2)T3.
Workaround: There is no workaround.
Further Problem Description: Because the third-party vendor switch does not use the loopback COT, the 4W_TO_2W COT is required. When the CCR is received, the Cisco BTS 10200 sends the LPA, and then sends a CRCX with M:conttest to the Cisco AS5850. Then, the third-party vendor switch sends a 2010-Hz tone and searches for a 1780-Hz tone from the Cisco AS5850. Monitoring the T1 line reveals that the Cisco AS5850 does not send the 1780-Hz tone although it does receive the 2010-Hz tone from the third-party vendor switch. So either the CRCX with M:conttest is not implemented correctly on the Cisco AS5850, or the Cisco BTS 10200 should send a RQNT with S:T/co2 following the CRCX.
•
Symptoms: A Cisco 3725 that has an AIM slot populated may hang sporadically.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) or a later release.
Workaround: There is no workaround. To restore the router to normal operation, power-cycle the router.
•
Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.
Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.
Workaround: There is no workaround.
•
Symptoms: Calls are cleared properly but corresponding application instances may not be cleared. This situation causes a memory leak, and eventually, when the gateway runs out of memory, causes the gateway to crash.
Conditions: This symptom is observed on a Cisco AS5850 gateway that runs a TCL application that provides TBCT functionality when the Cisco AS5850 gateway interworks with a 5ESS switch.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Symptoms: Spurious memory accesses occur on a gatekeeper during RAS communication for H.323 voice calls.
Conditions: This symptom is observed when the gatekeeper sends an LRQ for a voice call.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 with an ERSC board may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on a Cisco AS5850 series that is configured with an ERSC board. RSC boards are not affected.
Workaround: There is no workaround.
•
Symptoms: When the calling number or the called number or both contains the * character, for example *67#1234567890, the call is rejected by the gateway and is released with cause code 63 (service or option not available). In the debugs the following message is generated before call is released:
H225Lib::is_valid_e164_number: Number has non-supported IA5 character - * cch323_ras_arj_notify:calledConditions: This symptom is observed on a Cisco platform that functions as a gateway in an H.323 VoIP network and that runs Cisco IOS Release 12.3(6c) or another release that contains the fix for CSCee07037. The symptom occurs only in gatekeeper-routed call scenarios, that is, RAS-based call flows.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee07037. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
The symptom does not occur with other characters such as #.
Workaround: There is no workaround.
•
Symptoms: Modem passthrough calls fail with a "Playout Dejitter Mode value" error message and traceback, and a NAK message is generated.
Conditions: This symptom is observed on a Cisco AS5400 access server for every MPT call.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: User Datagram Protocol (UDP) port 1985 (on which Hot Standby Router Protocol [HSRP] runs) may be opened by a port scan. This is improper behavior.
According to the router log, the router does not generate a message that indicates that UDP port 1985 cannot be reached, as it should do.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(2)T1 but may also occur in other releases.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: When a Session Initiation Protocol (SIP) server transfers a call through a gateway to a Cisco AS5300, the SIP server may add extra information in the redirected number.
Conditions: This symptom is observed on a Cisco SIP Proxy Server (CSPS) that transfers calls to a Cisco AS5300. The correct redirected number may be observed through the Cisco AS5300. The extra information may be viewed by using a sniffer trace or from the telco logs.
Workaround: There is no workaround.
•
Symptoms: When an E1 line is shut down by entering the shutdown command and a switchover from the active RP to the standby RP occurs, the E1 line that is shut down is still reported as being in service on the standby RP.
Conditions: This symptom is observed when SS7 is configured with RLM between a media gateway controller and a Cisco AS5850 universal gateway in RPR+ mode.
Workaround: Instead of the shutdown command, enter the service command to place the E1 line out of service.
•
Symptoms: An LNS sends two accounting stop records when a client re-negotiates a PPP session.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1 and that functions as an LSN when VPDN multihop is configured.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(4)T8
Cisco IOS Release 12.3(4)T8 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
Miscellaneous
•
Symptoms: IPv6 over ISDN does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T1.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for RTP header compression may crash with a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T or a later release, or Release 12.2 S.
Workaround: Disable RTP header compression.
•
Symptoms: Memory corruption may occur when you enter the directory entry clear telephony-service configuration command.
Conditions: This symptom is observed when the directory entry clear telephony-service configuration command clears a preconfigured directory entry but the pointer is not removed. When the freed memory is allocated and written by some other process and when the directory entry clear telephony-service configuration command is reconfigured, a traverse through the directory link list could cause a bus error because the pointer could point to anything, including a non-RAM memory address.
Workaround: Do not enter the directory entry clear telephony-service configuration command to clear entries. Rather, enter the no directory entry command to remove the entries individually.
•
Symptoms: An RSC may crash when you enter the redundancy handover peer-resources command on the active RSC to hand over the resources to the standby RSC.
Conditions: This symptom is observed on a Cisco AS5850 that functions in handover split mode when file copy, delete, or format operations are in progress.
Workaround: Do not hand over resources when file copy, delete, or format operations are in progress.
•
Symptoms: A memory leak occurs on a Cisco 1760 that functions as a CCME and that is configured with 24 IP phones.
Conditions: This symptom is observed when you run test in which you make calls between the IP phones that are registered to the CCME and calls to PSTN phones, and when you use calling features such as third-party conference calls, call forward, call hold, and call transfer. Each time the test completes, the amount of available free memory decreases with 1-to-4 Mb. This lost memory is not recovered even after all IP phones are deregistered and the CCME sits idle.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: A Cisco router reloads when you enter the show vpdn session id local id hidden command.
Conditions: This symptom is observed on a Cisco 7200 series that functions as a LAC and/or LNS.
Workaround: Avoid entering the above-mentioned command.
Resolved Caveats—Cisco IOS Release 12.3(4)T7
Cisco IOS Release 12.3(4)T7 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: Previously suppressed prefixes are not automatically installed in the VRF.
Conditions: After VRF reaches max route limit subsequent prefixes are being suppressed and not installed in the VRF table. After the suppress condition is cleared, routes should be put into VRF without any manual intervention.
Workaround: Clear ip bgp
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5850 Universal Gateway, calls terminating on a dialer interface and joining an IGMP group may not receive traffic from the multicast source. The Cisco AS5850 sends traffic to only one of the calls at a time.
Conditions: This problem is seen only with calls terminating in a dialer interface. If the call comes up as a virtual-access or multilink PPP call, there is no problem.
Workaround: Perform the following actions: 1. Configure the dialer interface with the no ip mroute-cache command. 2. Remove virtual-profile if-needed, which will cause all calls to come through virtual profiles.
•
Symptoms: When using Cisco CallManager and PAT on the CE router, no voice is observed if a call is made across CCM clusters and is transferred back to another phone on the same CCM, between the IP phones behind PAT.
Conditions: This symptom occurs when Cisco CallManager is configured for Static NAT. The IP phones registered to the CCM in the location are configured to use PAT. A call is made across the CCM cluster and transferred back to the cluster.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A cbus complex (which will bring down all the interfaces on the box for some time but the router will not reload) may be observed on a Cisco router when the following message appears on the serial interface:
%RSP-3-RESTART: interface Serial8/1/0/23:23, not transmittingConditions: This symptom occurs specifically on a Cisco 7500 series router when Multilink PPP (MLP) is configured on the serial interface and distributed Cisco Express Forwarding (dCEF) switching is enabled.
The problem occurs when multilink member links flap. It may be after a single flap or multiple flaps.
Workaround: There is no workaround.
Further Problem Description: The time-frame associated with Interfaces being down tied to a cbus complex depends on the number of VIPs/IPs (time taken for microcode download) and the type of PAs (time taken for VIP reload) present in those VIPs. All the interfaces will be come back up without any manual intervention.
•
Symptoms: A Cisco 3745 that runs Cisco IOS Release 12.2(15)T2 or Release 12.3 may deplete the interrupt level stacks and report the following error messages in the syslog:
%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000 %SYS-6-STACKLOW: Stack for level DMA/Timer Interrupt running low, 0/9000 %SYS-6-STACKLOW: Stack for level PA Management Int Handler running low, 0/9000 %SYS-6-STACKLOW: Stack for level Console Uart running low, 0/9000Interrupt level stacks:
Level Called Unused/Size Name
1 22321736 0/9000 Network interfaces
2 830757 0/9000 DMA/Timer Interrupt
3 453468 0/9000 PA Management Int Handler
4 5100 0/9000 Console Uart
5 0 7656/9000 External Interrupt
7 113396404 8600/9000 NMI Interrupt HandlerConditions: This symptom is observed when the BSTUN configuration is being updated.
Workaround: There is no workaround.
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: There are no ringbacks on Call Forward Busy and Call Forward All scenarios.
Conditions: This symptom occurs only when forwarding to a Foreign Exchange Station (FXS).
Workaround: There is no workaround.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: A FlexWAN or VIP in which a channelized port adaptor such as a PA-STM1 or PA-MC-8TE1+ is installed may reload continuously.
Conditions: This issue is seen when distributed LFI is configured on channelized serial interfaces and heavy traffic (close to line rate) occurs on these interfaces.
Workaround: There is no workaround.
•
Cisco routers running Cisco Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
This bug is a complementary fix to CSCeb56909 which addresses this vulnerability.
More details can be found in the security advisory which is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml
•
Symptoms: Packets are duplicated on the Provider Edge (PE) router. A packet is switched out once in the fast switching path and another time in the process path.
Conditions: This symptom is observed when the path between the source and the receiver goes through multiple PE routers, and all the PEs have fast-switching enabled.
Workaround: Unconfiguring ip mroute-cache from the interfaces solves the duplication.
•
Symptoms: FXO ports on a Cisco IAD2420 may cease to process inbound and outbound calls because a voice port is stuck in the "FXOGS_PARK" state.
Conditions: This symptom is observed on a Cisco IAD2420 voice gateway with FXO ports that runs Cisco IOS Release 12.2(15)T8, 12.3, or 12.3 T. The FXO ports are connected to the PSTN.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected voice port.
•
Symptoms: An H.323 proxy may fail when a conference call between a PSTN user and IP phones users is initiated by an IP phone in a Cisco CallManager environment.
Conditions: This symptom is observed on a Cisco router that functions as a gatekeeper, that has the H.323 proxy enabled, and that runs Cisco IOS Release 12.3(5) in the following topology:
An IP phone connects to a Cisco CallManager that connects to the Cisco gatekeeper that has the H.323 proxy enabled. The Cisco gatekeeper connects to yet another gatekeeper that connects to a gateway that, in turn, connects to the PSTN.
All calls to and from the Cisco CallManager IP phone via the Cisco gatekeeper are proxied. The Cisco CallManager runs software version 3.3(3)SR3. The display IE delivery option is disabled in the H.225 trunk configuration in the Cisco CallManager administration web page. The H.225 trunk is controlled by one of the gatekeepers.
The symptom occurs in the following sequence of events:
1. A PSTN user calls IP phone (IP phone 1).
2. The user of IP phone 1 answers the call and the call is connected with two-way audio.
3. The user of IP phone 1 presses the "conference" button and calls another IP phone (IP phone 2).
4. The user of IP phone 2 answers the call and the call is connected with two-way audio.
5. The user of IP phone 1 presses the "conference" button again.
6. The H.323 proxy fails, causing the PSTN to be disconnected from the conference call.
7. The conference call continues between the user of IP phone 1 and the user of IP phone 2.
Workaround: Enable the "Display IE delivery" option in the H.225 trunk configuration Cisco CallManager administration web page.
Alternate Workaround: Disable the H.323 proxy on the Cisco gatekeeper.
•
Symptoms: An alignment error may cause a Cisco router to reload unexpectedly.
Conditions: This symptom is observed under rare conditions (an "extreme corner case") on a MIPS-based Cisco platform or on a Versatile Interface Processor (VIP), port adapter, or line card that contains a MIPS processor. The symptom is not release-dependent and may occur in all Cisco IOS releases.
Workaround: There is no workaround.
Further Problem Description: All Cisco 7500 VIPs and Cisco 7200 NPEs use MIPS- based processors. The following are additional platforms that use MIPS processors:
Cisco 2691, 3620, 3631, 3640, 3660, 3725, 3745, 4500, 4500-M, 4700, 4700-M, AS5300, AS5400, AS5450, AS5800 router shelf, AS5800 system controller (3640 based), 7120, 7140, UBR7100, UBR7200 - all NPEs, 7301, 7304, 7400, 6500 MSFC, 6500 MSFC2, 7600 MSFC, 7600 MSFC2, 10000, UBR10012, 12000 GRP, and most (if not all) 12000 line cards.
•
Symptoms: During an initial boot of a Cisco 7301 that has a PA-MC-8TE1+ or PA-MCX-8TE1-M in bay 0, an unexpected reload may occur.
Conditions: The symptom may occur irrespective of whether a regular Cisco IOS software image or a boot software image is present in the bootflash filesystem.
Workaround: Powercycle the Cisco 7301 and reboot platform. The problem only surfaces during the initial boot of the platform.
•
Symptoms: The Fast Ethernet output queue of a Cisco 1700 series may become wedged.
Conditions: This symptom is observed when Multilink PPP is enabled on the incoming serial interface via the ppp multilink fragment-delay delay-max command (with a delay of 10 ms), when there is a low link bandwidth (128 kb), and when there are large packet sizes (1343 bytes).
Workaround: Remove the ppp multilink fragment-delay delay-max command from Multilink PPP configuration.
Alternate Workaround: Disable fast switching on the Fast Ethernet interface.
•
Symptoms: A call proceeding, alerting, or connect-back to the PSTN is not sent, causing a call to be disconnected due to a "Recovery on Timer Expiry."
Conditions: This symptom is observed when overlap receiving is configured on an ISDN interface and the destination is configured to forward all calls.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload occurs when you remove the header-compression configuration from an interface.
Conditions: This symptom is observed when the following conditions are present on the interface:
–
–
Workaround: Shut down the interface during the reconfiguration.
•
Symptoms: All SWIDBs may be used.
Conditions: This symptom is observed when PPPoA sessions flap continuously.
Workaround: There is no workaround.
•
Symptoms: After marking a high threshold, a call from a gateway that is registered with another gatekeeper is rejected because of Disconnect Cause 34 (no circuit/channel available) though there are channels available.
Conditions: This symptom is observed with a gatekeeper that is running Cisco IOS Release 12.3 T or Release 12.3, and with any gateway (can be from Cisco or a third party) that supports RAI functionality.
Resource Availability Indicator (RAI) and the gatekeeper clustering function are used. The originating gateway and terminating gateway are registered with different gatekeepers.
Workaround: Register all gateways with a single gatekeeper.
•
Symptoms: A software-forced reload may occur on an MGCP gateway that uses embedded messages in the MGCP protocol.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP gateway and is caused by the MGCP embedded message processing.
Workaround: There is no workaround.
•
Symptoms: RIP does not advertise a redistributed static route via an interface.
Conditions: This symptom is observed even when the split horizon mechanism is turned off on the interface.
Workaround: There is no workaround.
•
Symptoms: Mid-call INVITEs that are initiated by a third party user agent server (UAS) may fail on the Cisco GW (UAC).
Conditions: The tag parameter in the From or To header of the INVITE message may be preceded with one or more leading white spaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series with a multilink DLFI configuration may crash.
Conditions: This symptom is observed when an Ethernet packet is received on the RSP and is switched by the RSP to a DLFI multilink interface.
Workaround: There is no workaround.
•
Symptoms: A FlexWAN, enhanced FlexWAN, or Versatile Interface Processor that has a PA-MC-E3 or PA-MC-T3 installed may crash.
Conditions: This symptom is observed under rare conditions in a stress situation with dFLI and dCRTP configured.
Workaround: There is no workaround.
•
Symptoms: The following tracebacks can occur on a Route Processor (RP) console:
04:24:32: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x619B6AD8 reading 0x10 04:24:32: %ALIGN-3-TRACE:
-Traceback= 619B6AD8 60EC5764 60EC58D0 60EDAC74 6037C6A8 6037C694 00000000 00000000Conditions: This problem is seen when a dLFIoATM interface flaps on a Cisco 7500 platform.
Workaround: There is no workaround.
•
Symptoms: On an LFI over ATM interface, ping does not work.
Conditions: This occurs only when distributed LFI over ATM is configured on a Cisco 7500 platform.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7204VXR in which an enhanced 1-port ATM OC-3c/STM-1 port adapter (PA-A3-OC3) is installed may reload unexpectedly because of a bus error. However, the cause of the symptom may be a segmentation and reassembly (SAR) chip failure that occurs because of an "Address Error (store) exception".
Conditions: This symptom is observed on a Cisco 7204VXR that is configured for Dynamic Bandwidth Selection (DBS) support when you attempt to modify the VC QoS parameters under high traffic conditions.
Workaround: Shut down the ATM interface before attempting to modify the VC QoS parameters.
•
Symptoms: After running stress scripts and dropping all calls, there are still active vaccess interfaces shown in the output of the show vtemplate command. If the debug ppp negotiation command is enabled, the debugs for the vaccess interfaces continue to repeat themselves.
Conditions: This symptom is observed on a Cisco AS5300 and Cisco AS5400 that run Cisco IOS Release 12.3(6) when the stress scripts automatically enter the shutdown command followed by the no shutdown command on the E1 controllers.
Workaround: There is no workaround.
•
Symptoms: When the ppp timeout idle interface configuration command is configured, Termination Request (TERMREQ) packet is not sent after idle timeout.
Conditions: This symptom is observed in Cisco IOS Release 12.3(4)T2 and Release 12.3(5.5)T or later releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a bus error.
Conditions: This symptom is observed on a Cisco router that has PPP configured.
Workaround: There is no workaround.
•
Symptoms: When a RADIUS accounting record is sent for a PPTP Start, a Cisco NAS may not send the following RADIUS accounting record attributes:
–
–
–
Conditions: This symptom is observed in Cisco IOS Release 12.3(7.8)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Route Switch Processor (RSP) may crash while Multilink PPP (MLP) is running.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5), that is equipped with a VIP4-80 and PA-A3 ATM port adapters, and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(4)T6
Cisco IOS Release 12.3(4)T6 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T6 but may be open in previous Cisco IOS releases.
Note
The following information is provided for each caveat:
•
•
•
Interfaces and Bridging
•
Symptoms: The output of an snmpwalk for the entPhysicalDescr MIB on a PA-MC-8E1/120 may shows the PA-MC-8E1/120 as unknown.
Conditions: This symptom is observed on a Cisco 7500 series in which a PA-MC-8E1/120 in installed.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A VoIP connection trunk that is configured between two voice gateways over an IP link with RTP header-compression (cRTP) enabled may flap periodically. Messages similar to the following may appear:
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is down
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is downConditions: This symptom is observed when two Cisco IOS voice gateways function in connection trunk mode and an IP link between the two gateways is configured for cRTP. On either side of this IP link, the Cisco IOS routers run Cisco IOS Release 12.3 T, such as Release 12.3(2)T or Release 12.3(4)T.
Workaround: Enter the ip rtp coalesce hidden global configuration command on both Cisco IOS routers to stabilize the connection trunk. Note that doing so may increase the CPU utilization. If the implementation of this workaround does not stabilize the trunk, unconfigure cRTP over the affected IP link.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: H.450 consultation transfer may fail in Cisco CME.
Conditions: This failure may occur if the (XEE) transferee was a forwarded call.
Workaround: There is no workaround.
•
Symptoms: When making outbound calls, softkeys on IP phones are not updated (e.g Hold/Transfer or not shown). The call seems to be connected and both ends can talk to each other. Looking at the H.323 signaling, it seems the Q.931 Connect message is not being mapped to a H.225 connect (towards CallManager).
Conditions: This symptom occurs under CallManager integration with an H.323 Gateway that is running Cisco IOS Release 12.3(7)T.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
•
Symptoms: A SIP call does not get connected when the called party answers.
Conditions: This is observed when a SIP call originating in a gateway is forked to more than five locations and the phone that answers is sixth or higher in the fork list.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: PPP sessions are no longer accepted by a NAS. A PPP debug shows:
"IPCP: Peer address ... in use by ..."Conditions: The problem occurs if all the following conditions are met:
–
–
–
Workaround: Unconfigure the ppp ipcp address unique command.
Resolved Caveats—Cisco IOS Release 12.3(4)T4
Cisco IOS Release 12.3(4)T4 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The individual AAA periodic accounting update messages (Radius accounting messages with Acct-Status-Type=Watchdog) generated by an IOS gateway for each call leg (TDM and IP) of the same voice call may be sent to the Radius server more than 5 minutes apart due to the randomized timer algorithm used by the AAA message transmit function.
Conditions: The command aaa accounting update newinfo periodic is configured.
Workaround: There is no workaround.
•
Symptoms: CDP functionality is not supported.
Conditions: This symptom is observed on a Cisco VG224 voice gateway that runs an image of Cisco IOS Release 12.3 T or Release 12.3(4)XD.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.
Conditions: This symptom is observed on a Cisco router that receives excessive multicast control traffic.
Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.
•
Symptoms: Address Resolution Protocol (ARP) may not be triggered for an inside-local address destination after the outside-to-inside translation is performed correctly, causing packets to be dropped because the adjacency remains gleaned.
Conditions: This symptom is observed on a Cisco router when the Multi-VRF feature is configured and when you configure a customer edge (CE) router to perform Network Address Translation (NAT).
Workaround: Perform a ping from the router to the CE router to trigger ARP and to populate the adjacency table.
•
Symptoms: A Cisco router that is configured for SIP NAT may not be able to process authentication messages from a third-party SIP gateway that performs SIP proxy authentication.
Conditions: This symptom is observed in a Call Hold/Resume procedure.
Workaround: There is no workaround.
•
Symptoms: T.38 fax calls between a Cisco router and a third-party gateway may fail.
Conditions: This symptom is observed when two third-party gateways are connected via a Cisco router that runs SIP NAT. The T.38 fax calls fail from one of the third-party gateways to the Cisco router and vice versa.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: If a three-level hierarchy service policy is attached to two different interfaces and the policers are removed from the parent class, the policers for the child class are also removed.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: Detach the service policies from the interfaces, and then reattach them.
•
Symptoms: A Cisco router may fail to send a ping from its local tunnel interface that has Virtual Private Network (VPN) routing and forwarding (VRF) enabled to a remote end.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(1) when both the ip route-cache cef and the ip nat outside interface configuration commands are enabled on the physical multilink interface on which the tunnel is configured. The symptom may also occur in other releases.
Workaround: Disable the high-speed switching cache for IP routing on the physical multilink interface by entering the no ip route-cache cef interface configuration command.
•
Symptoms: Subinterfaces that are not configured for policing may randomly drop packets.
Conditions: This symptom is observed when modular QoS CLI (MQC) class-based policing is configured on an Inter-Switch Link (ISL) subinterface and when there are other ISL subinterfaces that are not configured for policing.
Possible Workaround: Remove the quality of service (QoS) policy with class-based policing from the ISL subinterface.
•
Symptoms: A label controlled ATM (LC-ATM) interface may have extra LVCs for one prefix; the output of the show mpls atm-ldp bindings network mask privileged EXEC command displays two destination entries for the same prefix. For one of these destination entries, all LVCs are in the active state. For the other destination entry, all LVCs are in bindwait state.
Data forwarding to the destination does go through the active LVCs and works fine.
Conditions: This symptom is observed when Multi-VC mode enabled on the LC-ATM interface and when quick route flapping occurs for a while.
Workaround: Enter the clear ip route network mask EXEC command.
•
Symptoms: A software-forced reload may occur on a Cisco 7200 series after an OIR of a PA-2T3+ port adaptor.
Conditions: This symptom is observed when traffic enters through the interface of the port adapter.
Workaround: Shut down the interface of the port adapter before you perform an OIR.
•
Symptoms: When a router is up for over 49 days, autosense may no longer work; the router may no longer detect encapsulation changes between MUX and SNAP.
Conditions: This symptom is observed on a Cisco platform that functions in a PPP-over-ATM (PPPoA) environment when the Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs feature is enabled.
Workaround: Change the encapsulation to another encapsulation type such as MUX and then back to the Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs feature.
•
Symptoms: A Cisco router may reload unexpectedly when you enter the ip rtp reserve interface configuration command on an interface that is congested.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3, 12.3 B, or 12.3 T and that is configured for Real-Time Transport Protocol (RTP).
Workaround: Shut down the interface before you enter the command. Enable the interface after you have entered the command.
•
Symptoms: One-way audio may occur during a phone call: a user on the public switched telephone network (PSTN) side may not hear a Cisco IP SoftPhone user.
The output of debug command and sniffer traces do not indicate any packets drops, and when you listen to the sniffer trace, there seems to be two-way audio.
Symptoms: This symptom is observed when the Cisco IP SoftPhone calls the PSTN via a Cisco VG200 series that runs Cisco IOS Release 12.2(15)T7, 12.3, or 12.3 T.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(11)T2.
•
Symptoms: When multiple dial peers are configured with different translation rules that are used one the same call, the authentication, authorization, and accounting (AAA) accounting records do not show accurate information of the translated called number.
Conditions: This symptom is observed on a Cisco AS5350 and a Cisco AS5400 when the outbound dial peers have translation rules configured and when multiple dial peers are used for and outbound call because of dial-peer hunting. The symptom does not occur on a Cisco AS5300.
Workaround: Analyze the call by using the correct number that is contained in the gw-final-xlated-cgn vendor-specific attribute (VSA) that is part of the stop record for the RADIUS server.
Further Problem Description: When a universal gateway such as a Cisco AS5350 or Cisco AS5400 receives a call via time-division multiplexing (TDM), and this call needs to be forwarded via Voice over IP (VoIP), the universal gateway tries the first dial peer, which translates the called number and adds a prefix to it. When this call does not go through, the universal gateway tries a second dial peer via dial-peer hunting. This second dial peer translates the number and adds a different prefix to it.
There is a start and stop record for each dial peer:
–
–
Although the number is translated and properly sent, the AAA records are incorrectly populated.
•
Symptoms: A router may reload when the police policy-map class configuration command is enabled under a policy map.
Conditions: This symptom has been observed rarely and is not easily reproduced.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series that functions as a provider edge (PE) router may fail to receive an Internet Control Message Protocol (ICMP) echo message on a Multilink PPP (MLP) ingress interface.
Conditions: This symptom is observed on a Cisco 7500 series when Virtual Private Network (VPN) routing/forwarding (VRF) is configured on the MLP interface.
Workaround: There is no workaround.
•
Symptoms: A gateway that receives a mid-call invite message with a missing contact header may respond with a "400 Bad Request" message, causing the call to be terminated. This is improper behavior.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(15)T, 12.3, or 12.3 T.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may reload while testing Tool Command Language (Tcl) interactive voice response (IVR) voice commands (verb testing).
Conditions: This symptom is observed on a Cisco 3660 that has a main memory size of 128MB. The symptom may not occur when the main memory size is increased from 128MB to 256MB.
Workaround: Increase the main memory size from 128MB to 256MB.
•
Symptoms: A router that is running Cisco IOS Release 12.3(4)T2 or a later release may not be able to use the ipv6 ospf authentication ipsec spi spi md5 key command. The following error message may be generated: "OSPFv3: Authentication was not enabled."
Conditions: This symptom is observed with the c1700-advsecurityk9-mz and c1700-adventerprisek9-mz images, but other images may be affected too.
Workaround: There is no workaround.
•
Symptoms: Trunk cards that are installed in a Cisco AS5850 may become stuck in the power-pending state and may not be able to boot properly.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with redundant Route Switch Controllers (RSCs) and that has health monitoring of the Forwarding Information Database (FIB) enabled when you reload software onto the RSC that is installed in slot 7.
Workaround: Reload the RSC that is installed in slot 6.
First Alternate Workaround: Reload software onto both the RSC that is installed in slot 7 and the RSC that is installed in slot 6.
Second Alternate Workaround: Switch the power of the Cisco AS5850 off and on.
Third Alternate Workaround: Disable health monitoring of the FIB.
•
Symptoms: A gatekeeper that is configured for H.323 version 4 (H.323v4) may not insert service IDs in an Admission Rejection (ARJ) message to an H.323v4 gateway.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that receives service IDs from a route server but does not include the service IDs in the ARJ message to the H.323v4 gateway.
Workaround: There is no workaround.
•
Symptoms: The performance of a Cisco 7301 may be below what you would expect when traffic of more than 400k pps is sent.
Conditions: This symptom is observed on a Cisco 7301 that runs the c7301-is-mz image of Cisco IOS Release 12.3(4)T1. The performance of a Cisco 7301 that runs the c7301-js-mz image of the same release is much better.
Workaround: There is no workaround.
•
Symptoms: A caller may hear the ringback tone of a Cisco 7912 IP phone, but the Cisco 7912 IP phone may not ring. However, outgoing calls on the Cisco 7912 IP phone work fine.
Conditions: This symptom is observed when the Cisco 7912 IP phone is configured for "max-dn XX dual-line" under call-manager-fallback and for SRST.
Workaround: Remove the dual line from the "max dn" configuration of the Cisco 7912 IP phone.
•
Symptoms: You may not be able to make outgoing calls through a Cisco IOS gateway that is connected to the PSTN across an E1 R2 digital signaling circuit.
The "OUT STATUS" field in the output of the show voice port summary EXEC command indicates that an E1 R2 channel is stuck in the "clearback" state. During this state, the administrative and operational status of the E1 R2 channel is "UP/UP." As such, users cannot make outgoing calls to the PSTN across this E1 R2 channel. The "IN STATUS" field in the output of the of show voice port summary EXEC command indicates that the same E1 R2 channel is in "idle" state.
Conditions: This symptom is observed on a Cisco IOS gateway that runs Cisco IOS Release 12.3(4)T1 and that is configured for E1 R2 Signaling. The symptom does not occur in Release 12.3.
Problem sequence:
1) A PSTN user calls an IP phone user.
2) The call is connected with two-way audio.
3) The IP phone user disconnects the call.
4) Debugs of the Cisco IOS gateway show that the "CLEAR_BWD" is sent but in reality the "IDLE" signal is sent.
5) The PSTN switch responds with the "IDLE" signal.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur as a result of entering the interface configuration command:
no ip rtp header-compression or no ip tcp header-compression
Conditions: This error will only occur when there is traffic running and being compressed in process switching mode on the interface being configured.
Workaround: Traffic will be prevented from flowing if the interface is shut down during reconfiguration, and the crash will not occur.
•
Symptoms: At 12 cps, the following message is displayed on a V4 gatekeeper:
ASSERT failed: line 9900 in file ../mm/gk/gk_rassrv_util.cConditions: This symptom is observed when an external server is using the GKTMP interface to communicate with the gatekeeper and when the gatekeeper is configured with "send-cisco-circuit-info."
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions as a PE router may crash.
Conditions: This symptom is observed when traffic is switched through a multilink interface on which a QoS service policy is configured that includes a set command and when the multilink interface flaps (goes down and comes back up). The symptom occurs at random and depends on the traffic pattern.
Workaround: There is no workaround.
•
Symptoms: An incorrect instruction may be executed on a Cisco AS5350 or Cisco AS5400 when low address ranges in the memory are accessed with the show memory command. When some of the CP0 registers are updated, the instruction cache is flushed while the instruction in the pipeline may be loading the instruction cache. This situation may cause an incorrect instruction to be executed.
Conditions: These symptoms are observed only when low address ranges in the memory that should not be viewed with the show memory command are accessed.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 may stop accepting calls and generate the following error message:
Endpt in transient stateConditions: This symptom is observed after an attempt to relay a fax on a Cisco AS5300 that runs Cisco IOS Release 12.3(4)T1 or Release 12.3(5a) and that is configured for MGCP.
Workaround: There is no workaround.
•
Symptoms: Packets that are larger than the MTU of an interface that faces a network core may be dropped.
Conditions: This symptom is observed when the vpdn enable command is not enabled but L2x communication is still required, that is, in an Xconnect-only configuration.
Workaround: Enter the vpdn enable command.
•
Symptoms: On a Cisco AS5850 using E1 trunks, the debounce-time rai time-interval command does not work.
Conditions: This command is only supported on Cisco AS5850 E1 trunks.
Workaround: There is no workaround.
•
Symptoms: When you use the Network Registrar CLI to configure a host name by entering the sip-ua global configuration command at a sublevel, a gateway may fail to try the second and subsequent entries that are provided by the domain name server.
Conditions: This symptom is observed when the host name is configured by using the Network Registrar CLI and when the host server pointed to by the first IP address is down or not responding.
Workaround: There is no workaround.
•
Symptoms: The calling-station ID field of an access-request message that is sent to a RADIUS server may be corrupted; a character in the calling-station ID may be removed. For example, if the calling-station ID is "cisco.bookworm" or "cisco/bookworm", the calling-station ID that is sent in the access-request message is "ciscobookworm". This situation is not limited to a dot or a forward slash.
Conditions: This symptom is observed on a Cisco AS5400HPX that runs Cisco IOS Release 12.3(2) or a later release, or Release 12.3(4)T2.
Workaround: Try to avoid unusual characters such as a dot or a forward slash in a calling-station ID.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: IPv6 multicast packets forwarded over ATM interfaces in routed bridged encapsulation are not received due to an incorrect MAC address in the RFC 1483 header.
Conditions: This problem affects all IPv6 multicast packets forwarded over ATM interfaces configured for IPv6 routed bridged encapsulation.
Workaround: There is no workaround.
•
Symptoms: A PPPoE connection may not be established.
Conditions: This symptom is observed when an encapsulation configuration change occurs dynamically.
Workaround: Reboot the router on the LAC side or avoid an autoconfiguration from PPPoA to PPPoE.
•
Symptoms: A PPPoEoA session may fail to come up on a router on a user side. PPPoE profiles are used for establishing the PPPoE session. When the router receives a "CONFREQ" message from the LNS, the session goes down and cannot be reestablished.
Conditions: This symptom is observed on any Cisco platform that runs Cisco IOS Release 12.3 or Release 12.3(4)T2. The symptom does not occur in Release 12.3(4)T1.
Workaround: Although the following is not a good workaround, it can be used. Use VPDN groups instead of BBA profiles. Normal PPPoEoA sessions using VPDN group can be established, but with some overhead. When a PPPoE session is initiated, it does not come up at the first attempt, but the PPPoE client somehow reinitiates the session.
Alternate Workaround: Remove the "lcp renegotiation always" configuration from the LNS and use BBA groups.
•
Symptoms: %PXF-2-EXCEPTION messages are observed on the console when L2TP downstream traffic is passing through.
Conditions: This symptom is observed on a Cisco 7200 with a NSE-1 processor board or Cisco 7401 platform (when these platforms functions as LNS) and when PXF is enabled. Rate-limit is configured on L2TP tunnel egress physical interface.
Workaround: Disable PXF by entering the no ip pxf command.
•
Symptoms: A Cisco gateway displays the following error message when a call agent sends a Modify Connection (MDCX) request:
%HPI-3-CODEC_NOT_LOADED: channel:3:0 (63) DSP ID:0x1342, command failed as codec not loadedConditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: The system may unexpectedly reload when distributed CEF (dCEF) is disabled.
Conditions: A Cisco 7500 series router that is configured to operate with distributed IP Header Compression (IPHC) may reload when dCEF is disabled.
Workaround: Before disabling dCEF, disable IPHC.
Resolved Caveats—Cisco IOS Release 12.3(4)T3
Cisco IOS Release 12.3(4)T3 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco router that is configured as a Packet Data Serving Node (PDSN) may send attribute 45 twice in the accounting records.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-c6is-mz or c7200-c5is-mz image of Cisco IOS Release 12.3(4)T1 and that functions as a PDSN when it sends accounting records (start, stop, and interim).
Workaround: There is no workaround. A script may be written on some RADIUS servers to screen duplicate attributes such as attribute 45.
Miscellaneous
•
Symptoms: A Cisco platform that is configured for CME/SRST may reload unexpectedly because of a SIGTRAP exception.
Conditions: This symptom is observed on a Cisco 1760, Cisco 2600 series, and Cisco 3725, but is platform independent. The symptom may occur on any platform that is configured for CME/SRST. The symptom may occur in Release 12.3 T and earlier releases.
Workaround: There is no workaround.
•
Symptoms: Small packets may be dropped when CEF is enabled. This situation may cause encryption or description failures for packets with a certain packet size.
Conditions: This symptom is observed when packets are switched on any interface via CEF or fast switching. The symptom affects packets with a small size (for example, 36 or 37 bytes).
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur at crashdump and validblock on a Cisco 1760. CPUHOG tracebacks may also occur.
Conditions: These symptoms are observed on a Cisco 1760 that runs Cisco IOS Release 12.3 T when IPSec is configured.
Workaround: Use process switching. Note that the symptom does not occur in Release 12.3(2)T2 and earlier releases.
•
Symptoms: A software-forced crash may occur on a platform that functions as a gateway when the platform attempts to process an "INVITE" message that contains a "Call-Info" header with a URL other than a SIP or TEL URL.
Conditions: This symptom is observed on a Cisco AS5400HPX that runs Cisco IOS Release 12.3(4)T.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A Cisco gateway may unexpectedly reload because of a software-forced crash when it builds a SIP ACK(nowledgement) or BYE message.
Conditions: This symptom is observed when the gateway receives a SIP response that contains a Record-Route header and a Contact header and when the length of the Contact header exceeds 128*n, in which "n" is the number of URLs in the Record-route header.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: An incorrect instruction may be executed on a Cisco AS5350 or Cisco AS5400 when low address ranges in the memory are accessed with the show memory command. When some of the CP0 registers are updated, the instruction cache is flushed while the instruction in the pipeline may be loading the instruction cache. This situation may cause an incorrect instruction to be executed.
Conditions: These symptoms are observed only when low address ranges in the memory that should not be viewed with the show memory command are accessed.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may crash when the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command is entered via a script.
Conditions: This symptom is observed when a script configures the router for VoFR (via a T1 connection) with FXS LoopStart signaling.
Workaround: Do not use a script. Rather, enter the configuration manually.
•
Symptoms: PPPOA sessions may not come up.
Conditions: This symptom is observed on a Cisco router when CEF or PXF is enabled and when the encapsulation is changed while no VC is defined.
Workaround: Create a VC and then change the encapsulation.
•
Symptoms: On a Cisco router that functions as a PDSN, sessions may become stuck without a flow. The status (St) column in the output of the show cdma pdsn session br command may indicate "EST" for a very long time:
MSID PCF IP Address PSI Age St Flows Interface
0114112125 192.168.33.86 2302 01:30:51 EST 0Normally, a session remains in the "EST" state for only a few seconds.
Conditions: This symptom is likely to be observed when a Mobile Node (MN) does not respond to LCP CONFREQs messages from the PDSN and when the PCF sends an A11 Registration Request with a different GRE key for the same MN.
Workaround: Clear the stuck session by entering the clear cdma pdsn session msid number privileged EXEC command.
Wide-Area Networking
•
Symptoms: L2TPv2 tunnels with active PPPoX sessions may go down. When you enter the vpdn debug error command, you can see that the LAC or LNS is resending L2TP control messages that the other side does not acknowledge.
Conditions: This symptom is observed primarily in scaled environments with more than 10,000 PPPoX sessions over more than 500 L2TP tunnels.
Workaround: There is no workaround.
•
Symptoms: Control messages may be dropped and a session may become stuck in the "wt-rep" state.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 T when a large number of VPDN sessions is configured and when the tunnel ID is exchanged with the session ID.
Workaround: There is no workaround.
•
Symptoms: UDP port 1701 (L2TP) may be opened by a port scan.
According to router log, the router does not send a "port unreachable" message for a packet that uses UDP 1701:
IP: s=10.1.1.2 (Ethernet1/1), d=10.1.1.1 (Ethernet1/1), len 28, rcvd 3 UDP src=0, dst=1701
IP: s=10.1.1.2 (Ethernet1/1), d=10.1.1.1 (Ethernet1/1), len 28, rcvd 3 UDP src=0, dst=1702 ICMP: dst (10.1.1.1) port unreachable sent to 10.1.1.2 IP: s=10.1.1.1 (local), d=10.1.1.2 (Ethernet1/1), len 56 , sending ICMP type=3, code=3Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(2)T1.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco universal access server when the ISDN process continues to allocate memory without freeing the memory. The "Name" column in the output of the show memory allocating-process totals may show the "ISDN name" as the process that allocates memory and does not free the memory.
Conditions: This symptom is observed on a Cisco universal access server on which the ISDN Calling Name feature is configured.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(4)T2
Cisco IOS Release 12.3(4)T2 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The throughput for traffic across a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) may be lower than expected. For example, the throughput may be about 4 Mbps.
The output of the debug ipv6 cef drop privileged EXEC command shows that the packets are switched via Cisco Express Forwarding (CEF) from the interface that is enabled for IPv6 to the MPLS network, but does not show any packets that are forwarded from the MPLS network to the interface that is enabled for IPv6, which indicates that the packets from the MPLS network are process-switched rather than switched via CEF.
Conditions: This symptom is observed on a Cisco 7500 series that functions as a 6PE router and that is configured with 2-port Fast Ethernet port adapters.
Workaround: There is no workaround.
•
Symptoms: A PC that is running Cisco Dialout/EZ software may halt data transfer.
Conditions: This symptom is observed with Cisco Dialout/EZ software that is running on a PC and a modem that is attached to a Cisco AS5300 that is running Cisco IOS software. The Cisco IOS software may lower the Data Set Ready (DSR) Data Carrier Detect (DCD) with a Clear To Send (CTS) message to the PC side. This causes the PC to halt data transfer.
Workaround: There is no workaround.
•
Symptoms: A Cisco Virtual Home Gateway (VHG) may fail to download authentication, authorization, and accounting (AAA) attributes that contain remote virtual templates.
Conditions: This symptom is observed when the Per VRF AAA feature is configured by using a remotely defined customer template on a RADIUS server.
Workaround: There is no workaround.
•
Symptoms: Protocol translation sessions that require RADIUS authentication may fail to propagate class-attribute or state-attribute information in subsequent authentication and accounting packets.
Conditions: This symptom is observed in Cisco IOS Release 12.2 T, 12.3, and 12.3 T.
Workaround: There is no workaround.
•
Symptoms: Authorization that is based on a dialed number identification service (DNIS) may not function, causing a second RADIUS authorization request to be sent.
Conditions: This symptom is observed when DNIS-based RADIUS method lists are enabled with authorization by entering the following commands:
–
–
After authentication has occurred, another authorization request is sent, which is rejected by the RADIUS server. This second authorization request contains a service type that is set to outbound. After authentication has occurred, no further authorization request should be sent for the same session because all authorization information has already been received during the RADIUS authentication phase.
Workaround: Do not enter the aaa dnis map enable global configuration command but use another type of authentication.
•
Symptoms: When the ip radius source-interface global configuration command is configured on a PPP over Ethernet (PPPoE) server, the interface address may not be set in the RADIUS NAS-IP-Address [4] attribute.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(2), 12.3(2)T, 12.3(3)B, or 12.3(4)T, that functions as a PPPoE server, and that has the radius-server attribute nas-port format format global configuration command enabled with the value d for the format argument.
Workaround: Do not use value d for the format argument. Rather, use another value to configure the network access server (NAS) port.
Alternate Workaround: Enter the radius-server attribute 4 nrp global configuration command.
Interfaces and Bridging
•
Symptoms: When a Cisco router reloads, the ATM permanent virtual circuit (PVC) status remains inactive (INAC) even though the ATM subinterface is in an UP/UP state. The following message may also be displayed when you enter the debug atm errors privileged EXEC command:
ATM(ATMx/x/x):point-to-point interface does not have a VCDConditions: This symptom is observed on a Cisco 7500 series router with a PA-A3 port adapter.
Workaround: Enter the no shutdown interface configuration command on the ATM interface.
IP Routing Protocols
•
Symptoms: A Cisco router may pause indefinitely because of a bus error, and the following error message may appear:
System returned to ROM by bus error at PC 0x60B5F1C0, address 0xEF4321E5Conditions: This symptom is observed on a Multiprotocol Label Switching (MPLS) provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that processes external link-state advertisements (LSAs) may generate spurious memory access tracebacks or reload unexpectedly.
Conditions: This symptom is observed on a Cisco router that runs Open Shortest Path First version 3 (OSPFv3).
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when you remove network commands.
Conditions: This symptom is observed on a Cisco router that has the router ospf global configuration command enabled.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco router that runs a Routing with Resource Reservation (RRR) loadbalancing test may reload unexpectedly.
Conditions: This symptom is observed under rare circumstances when you disable tunnels that have the ip load-sharing per-destination interface configuration command enabled and when other tests are run before the RRR loadbalancing test is run.
Workaround: There is no workaround.
•
Symptoms: An interface of an 8-port multichannel E1 port adapter (PA-MC-8E1) may start to flap and may finally pause indefinitely with the output queue stuck. The output of the show interfaces privileged EXEC command may show information similar to the following:
Serial1/1:1 is up, line protocol is up
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (120 sec)
Last input 00:00:03, output 04:14:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952
Queueing strategy: weighted fair
Output queue: 30/4000/64/21855 (size/max total/threshold/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
43903807 packets input, 3646461183 bytes, 0 no buffer
Received 0 broadcasts, 321 runts, 0 giants, 0 throttles
5160 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored, 2945 abort
42026998 packets output, 2185017012 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
31 carrier transitions
no alarm present
Timeslot(s) Used:1-31, subrate: 64Kb/s, transmit delay is 0 flagsThe following traceback may be observed in the router log:
%LINK-4-TOOBIG: Interface Serial60:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55EC
%LINK-4-TOOBIG: Interface Serial20:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55ECConditions: This symptom is observed on a Cisco router after a few weeks of normal operation.
Workaround: There is no workaround.
•
Symptoms: When polling the cbQosREDClassStatsTable of the CISCO-CLASS-BASED- QOS-MIB, spurious memory accesses may occur on a Cisco 2600 series, Cisco 3600 series, or Cisco 7200 series. A Cisco 3640 router may also reboot. The spurious memory accesses may be reproduced when polling the above-mentioned table via Simple Network Management Protocol (SNMP).
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 7200 series that run Cisco IOS Release 12.2(8)T, Release 12.3, or Release 12.3 T.
Workaround: Prevent the router from answering to queries on the cbQosREDClassStatsTable by implementing the following SNMP view in the router configuration:
snmp-server view qos internet included
snmp-server view qos 1.3.6.1.4.1.9.9.166.1.20.1 excluded
snmp-server community
stringview qos ro•
Symptoms: When the create on-demand ATM PVC range configuration or ATM PVC-in-range configuration command is enabled for a permanent virtual circuit (PVC) and this PVC becomes active, the following message may be displayed:
%ATM-5-UPDOWN: Interface ATM3/0/0, Changing autovc 1/32 to UPAn "Auto VC" of this type becomes active when a cell is detected with the appropriate virtual channel identifier (VCI) and virtual path identifier (VPI). Before becoming active, the virtual circuit (VC) does not consume significant system resources or detract from system VC scalability. After a configurable period of inactivity, the VC may enter the "down" state with a similar message and free up system resources for other VCs.
With a large number of VCs (in the tens of thousands on some platforms), the churn rate of VCs (that is, VCs going up and down) may cause so many of these log messages that the console may become unusable and other important log messages may be missed. In extreme cases, the processing and displaying of these messages may consume significant processing cycles on the system CPU.
Conditions: These symptoms are observed when the create on-demand command is enabled in any command mode or when "Auto VCs" are active.
Workaround: Change the console logging level to a relatively high level to avoid the many "Auto VC" notification messages, which are level 5 notification messages. The console logging level must be reduced to level 4 (warnings) to avoid these messages. Because this is a relatively high logging level, the system log should be checked occasionally to ensure that no important messages are missed.
Note
•
Symptoms: External Border Gateway Protocol (eBGP) multipath load sharing may not use all of the available BGP paths.
Conditions: This symptom is observed when all of the eBGP routes for the prefix that are affected are locally imported from another VPN routing/forwarding (VRF). As a result, a local label is not associated with the prefix in the imported VRF. This behavior prevents all BGP paths from being used.
Workaround: Have at least one eBGP route for the prefix learned directly from an eBGP peer, instead of importing the route from another VRF. This forces the creation of a local label, and as a result, all BGP paths are used.
•
Symptoms: On a Cisco router, output queue packet drops may occur on the priority queue of an E1 serial interface on a 1-port multichannel E3 port adapter (PA-MC-E3), after which the E1 serial interface becomes congested.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.1(18)E. However, the symptom is not specific to the platform or the Cisco IOS software release but specific to the port adapter.
Workaround: Enter the tx-ring-limit interface configuration command to increase the value of the drivers that are transmitted on the queue. For additional information, refer to the document at the following location:
http://www.cisco.com/warp/public/121/txringlimit_6142.html
•
Symptoms: A Cisco router may reload unexpectedly because of a software condition when you enter the show interfaces virtual-access number [configuration] EXEC command.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2(17). The symptom may occur also in other releases.
Workaround: Do not enter the show interfaces virtual-access number [configuration] EXEC command.
•
Symptoms: A linkUp trap may not be generated on a Cisco router.
Conditions: This symptom is observed on a Cisco 3600 series that runs Cisco IOS Release 12.2(17) but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An interface of a Cisco router may not be able to receive traffic that is destined for an address that is configured on the router.
Conditions: This symptom is platform independent and occurs only when there is a route in a different VPN routing and forwarding instance (VRF) that is attached or connected to the interface. This may occur when the route has been exported from one VRF to another or when a static route in a VRF points to the interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: A Cisco router may continue to send 64-bit counters in authentication, authorization, and accounting (AAA) records when it no longer should do so. These counters may also be invalid.
Conditions: This symptom is observed for certain TCP-Clear connections.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that has an interface with an output service policy attached may reload unexpectedly.
Conditions: This symptom is observed on a Cisco router when the bandwidth interface configuration command or the fair-queue interface configuration command is configured in the policy map that is attached via the service-policy router configuration command and when traffic is flowing through the interface at a fast rate. The router reloads under any of the following conditions:
–
–
–
In all three situations, a service policy that is configured with the bandwidth or fair-queue command is attached to the interface.
Workaround: Shut down the interface before entering the above commands. Enable the interface again after you have entered the commands.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, when you enter the ping vrf EXEC command toward a directly connected interface of a neighboring provider edge (PE) router, the ping may fail.
Conditions: This symptom is observed on a Cisco router when you ping an aggregate route.
Workaround: Select options when you enter the ping vrf EXEC command. Doing so enables the ping to be successful.
•
Symptoms: When a gateway that is in Media Gateway Control Protocol (MGCP) fallback mode reloads, no calls can be made, nor can calls be received. When the gateway comes up again, all controllers including a serial controller are automatically shut down. When you turn off auto configuration and reload the router again, you can make calls, but you still cannot receive calls.
Conditions: These symptoms are observed on a Cisco 3745 that functions as a gateway and that runs MGCP.
Workaround: There is no workaround.
•
Symptoms: Data packets may be punted to the process path when user logon and logoff activity occurs.
Conditions: This symptom is observed in all of the Service Selection Gateway (SSG) images of Cisco IOS software under heavy load conditions.
Workaround: There is no workaround.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A Cisco Catalyst 4224 Access Gateway Switch may reload with a segmentation violation (SegV) exception when a Tool Command Language (Tcl) interactive voice response (IVR) script is used.
Conditions: This symptom is observed on a Cisco Catalyst 4224 Access Gateway Switch that is running Cisco IOS Release 12.2(15)T5, Release 12.3, or Release 12.3 B.
Workaround: There is no workaround.
•
Symptoms: A 1-port multichannel STM-1 port adapter (PA-MC-STM-1) may report huge numbers of degraded minutes on an E1 controller. For example, after 15 minutes of operation since startup, 35,000,000 degraded minutes may be reported and these values may increase every second. Code violations may also be reported.
Conditions: These symptoms are observed on a Cisco router in which a PA-MC-STM-1 is installed.
Workaround: There is no workaround. However, the traffic is not affected, and the symptom is of a cosmetic nature.
•
Symptoms: A Foreign Exchange Office (FXO) port on a Cisco 3600 series may lock up and not process any calls.
To determine if the port is locked up, enter the show voice port summary EXEC command and look for a port that is in the "up, up, idle, on-hook" state, as in the following example:
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
========= == ============ ===== ==== ======== ======== ==
2/0/0 -- fxo-ls up up idle on-hook yConditions: This symptom is observed when the port processes a moderate traffic load.
Workaround: Enter the shutdown port configuration command followed by no shutdown port configuration command on the affected port.
•
Symptoms: All packets that enter a router through a Multiprotocol Label Switching (MPLS) over Multilink PPP (MLP) interface may be switched via process switching instead of via Cisco Express Forwarding (CEF) switching.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route/Switch Processor (RSP) and that has CEF enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco terminating gateway (TGW) may fail to send the correct generic transparency descriptor (GTD) for calls that are reattempted when a glare condition occurs. The TGW attempts to set up the connection by sending an NI2-SETUP message. When this message does not go through, the TGW reattempts to set up the connection and sends another NI2-SETUP message. However, the format of the second setup message is not the same as the format of the first setup message.
Conditions: This symptom is observed when a Cisco platform that functions as a TGW sends an NI2-SETUP message to a Cisco PGW 2200 Softswitch. The public switched telephone network (PSTN) on the egress side sends an Initial Address Message (IAM) in response, and this IAM causes a glare condition. The Cisco PGW 2200 Softswitch sends a message with cause value 15 to the TGW because it is configured to do in the NI2 DISC message. Because the TGW is configured to reattempt the call upon receiving a message with cause value 15, the TGW sends a second NI2-SETUP message to the Cisco PGW 2200 Softswitch.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may reload when one of the physical multilink member interfaces is shut down while traffic passes through the interface of the multilink member.
Conditions: This symptom is observed on a Cisco 7500 series and is specific to a tag switching configuration (and not to a VPN routing/forwarding [VRF] configuration) on a multilink interface that is based on Versatile Interface Processor (VIP) channels or serial interfaces in the distributed mode. For example, the symptom may occur only if a provider (P)-to-provider edge (PE) link is implemented over the multilink interface.
Workaround: First, shut down the Multilink PPP (MLP) interface. Then, shut down the MLP physical subinterface as needed.
•
Symptoms: A Cisco gateway may respond to a Notification Request (RQNT) with a cause code of 400 (transaction not executed: transient error).
Conditions: This symptom is observed on a Cisco gateway when it receives a Delete Connection (DLCX) and responds back with a 250 cause code. The gateway may then receive an RQNT from the call agent, and the gateway responds with a 400 cause code.
Workaround: There is no workaround.
•
Symptoms: A Network Processing Engine G-1 (NPE-G1) may forward unicast IP packets that have a Layer 2 multicast MAC address.
Conditions: This symptom is observed on an NPE-G1 that is installed in a Cisco 7200 series.
Workaround: Create an access control list (ACL) to filter the packets.
Alternate Workaround: Configure a static multicast MAC address mapping to the ports of the connected Layer 2 switch.
•
Symptoms: A terminating gateway rejects incoming Voice over IP (VoIP) calls that carry Field Compatibility Information (FDC) national calling party category (CPC) information in the generic transparency descriptor (GTD) message.
Conditions: This symptom is observed on an H.323 version 4 (V4) Cisco gateway that terminates T1 channel-associated signaling (CAS). Calls that originate from Signaling System 7 (SS7) and R2 trunks that carry national CPC vales are affected.
Workaround: There is no workaround.
•
Symptoms: An originating gateway (OGW) may incorrectly insert the calling number information element (IE) in an H.225 call setup message to the terminating gateway (TGW).
Conditions: This symptom is observed on a Cisco AS5400 that functions as an OGW. The symptom occurs only for calls from an H.323-Version 4 OGW to an H.323-Version 2 TGW when the following conditions are present:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Cisco 2691XM router that is configured as an H.323 gatekeeper may reload when the gatekeeper functionality is shut down and when the dynamic zone prefix gatekeeper configuration command is configured.
Conditions: This symptom is observed on a Cisco 2691XM that is running Cisco IOS Release 12.2(15)T5 or Release 12.3(2)T when the dynamic zone prefix gatekeeper configuration command is enabled by default on both the gateway and the gatekeeper, and when the following conditions occur:
–
–
For example:
This symptom is observed when the gateway and the gatekeeper have the following configurations (the same destination pattern and zone prefix):
Gateway configuration (with dynamic prefix registration enabled):
dial-peer voice 1 pots
destination-pattern 385....Gatekeeper configuration:
zone prefix zone-1 385....gw-priority 10 GW1The symptom is not observed when the gateway and the gatekeeper have the following configurations (the destination pattern and the zone prefix are different):
Gateway configuration (with dynamic prefix registration enabled):
dial-peer voice 1 pots
destination-pattern 555....Gatekeeper configuration:
zone prefix zone-1 385.... gw-priority 10 GW1Workaround: Disable the dynamic zone prefixes on both the gateway and the gatekeeper.
For information on how to disable dynamic zone prefixes, refer to the following URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09 186a00801541bc.html
•
Symptoms: When you enter the dir, cd, or pwd EXEC command, the command may not have any effect. In the error message that is generated when the command fails, the path may be truncated.
Conditions: This symptom is observed in Cisco IOS Release 12.3 and Release 12.3 T.
Workaround: Enter the command with the full path, for example, enter the dir disk0:/dir/file-url command instead of the dir disk0: file-url command.
•
Symptoms: A Cisco gateway that runs a voice extensible markup language (VXML) application may pause indefinitely.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(13)T9 or Release 12.3(3a) but may occur also in other releases. The symptom occurs when the gateway is placed in HTTP streaming mode by entering the ivr prompt streamed all global configuration command or the ivr prompt streamed http global configuration command and when one of the following conditions is present:
–
For example: <prompt cisco-vcrprompt="true"> <audio src="http://px1-sun/audio/DUCF_33_httpg711ulaw.au"/> <audio src="http://px1-sun/audio/DUCF_33_httpg711ulaw.au"/> </prompt>–
Workaround: Turn off HTTP streaming by entering the no ivr prompt streamed http global configuration command or the ivr prompt streamed none global configuration command.
Alternate Workaround: Turn off HTTP caching by entering the http client cache memory pool 0 global configuration command.
•
Symptoms: A Cisco router may fail to switch traffic downstream towards a user via Cisco Express Forwarding (CEF).
Conditions: This symptom is observed on a Cisco router that terminates both PPP over Ethernet (PPPoE) and PPP over ATM (PPPoA) sessions when different virtual templates are used for these two types of sessions and when subinterfaces are enabled. The symptom may affect only a part of the subscribers.
Workaround: Use only one virtual template for both PPPoE and PPPoA sessions.
First Alternate Workaround: Disable the subinterfaces.
Second Alternate Workaround: Disable CEF.
•
Symptoms: A Cisco 7200 series pauses indefinitely in the middle of a link control protocol (LCP) negotiation. The PPP over ATM (PPPoATM) session receives a "Sending Acct Event [Reneg]" message and terminates the LCP phase. The remote peer renegotiates another PPP session and uses the same PPP ID. This causes a continuous LCP state for that user.
Conditions: This symptom is observed on a Cisco 7200 series that is configured for PPPoATM and that runs Cisco IOS Release 12.2(15)T9. The symptom may occur also in other releases.
Workaround: There is no workaround.
•
Symptoms: R2 International Telecommunication Union (ITU) base variants do not apply the correct mapping for the following two ISDN or ISDN User Part (ISUP) cause values (CVs):
CV#04 - Send Special Information Tone
CV#28 - Invalid Number Format (Address Incomplete)Conditions: This symptom is observed on Cisco gateways that are configured with ISDN and Redundant Link Manager (RLM) and that have R2-ITU trunks.
Workaround: There is no workaround.
•
Symptoms: Some PPP sessions may not come up and become stuck in the link control protocol (LCP) negotiation state.
Conditions: This symptom is observed on a Cisco 6400 series Node Route Processor (NRP). A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec49097. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A Cisco Session Initiation Protocol (SIP) gateway does not use calling information that is contained in the Remote-Party-ID header. A traceback may be observed and the following error is displayed in the output of the debug ccsip error privileged EXEC command:
sippmh_parse_remote_party_id: syntax error in Remote-Party -ID headerConditions: This symptom is observed on a Cisco SIP gateway that runs Cisco IOS Release 12.2(13)T and occurs when the gateway receives an initial INVITE message with a Remote-Party-ID header that contains the "other" parameters in the header. The symptom may occur also in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 may pause for 20 to 30 seconds when an attached modem is power cycled. During this period, the router cannot be reached via the console.
Conditions: This symptom is observed on rare occasions on a Cisco 3745 that has a 2-port Serial WAN Interface Card (WIC-2T) or 2-port asynchronous/synchronous WAN Interface Card (WIC-2A/S) installed in its native WIC slot when the modem that is attached to the WIC-2T or WIC-2A/S is power cycled. The symptom is not observed when the WIC is installed in the NM2FE2W WIC slot of the Cisco 3745, nor is the symptom observed on a Cisco 3725.
Workaround: Install the WIC-2T or WIC-2A/S in the NM2FE2W WIC slot of the Cisco 3745.
•
Symptoms: Some virtual circuit (VC) information is missing in the Simple Network Management Protocol (SNMP) MIB object cAal5VccEntry from the output of the snmpwalk router configuration command. The ATM VCs 0/100, 0/200 and 0/500 exist on the router but are missing in the MIB.
Conditions: This symptom is observed on a Cisco 7513 router that is running a special image of Cisco IOS Release 12.2(15)T5. The symptom may occur also in other releases.
Workaround: Enter the show atm vc privileged EXEC command on the same device to obtain a complete list of all the VCs.
•
Symptoms: A Cisco AS5300 may reload unexpectedly while voice extensible markup language (VXML) is being processed.
Conditions: This symptom is observed when Cisco AS5300 is configured with four E1 interfaces. The symptom does not occur when the Cisco AS5300 is configured with only two E1 interfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7400 series may not recognize its Gigabit Ethernet interface.
Conditions: This symptom is observed on a Cisco 7400 series that runs a Cisco IOS software release that is listed in the "First Fixed-in Version" field at the following location:
http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec86327.
Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: Entering the shutdown interface configuration command followed by the no shutdown interface configuration command on an Gigabit Ethernet interface may prevent customer edge-to-customer edge (CE-to-CE) pings from going through.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) is configured in VLAN mode on the Gigabit Ethernet interface of a Network Processing Engine G1 (NPE-G1) on a Cisco 7200 series.
Workaround: Configure EoMPLS in VLAN mode on a port adapter such as a Gigabit Ethernet or Fast Ethernet port adapter.
•
Symptoms: A Cisco 7206VXR may reload when there is a high E1 PRI call load.
Conditions: This symptom is observed on a Cisco 7206VXR that runs the c7200-is-mz image of Cisco IOS Release 12.3(3) or Cisco IOS Release 12.3(2)T.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload, and the following error message may be logged:
%RSP-2-QAERROR: reused or zero link errorAfter the message has been logged, all VIPs in the router may reload.
Conditions: These symptoms are observed on a Cisco 7500 series that runs Cisco IOS Release 12.2 T, 12.3, or 12.3 T, and that has the service single-slot-reload-enable global configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: A T.37 off-ramp fax call may disconnect without a T.30 data communications network (DCN). The fax is received correctly, but the call does not disconnect properly. The following error message is displayed:
T.30 flow error: DCN signal not received before session end.Conditions: This symptom is observed on a Cisco AS5350 router during fax off-ramp call testing.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7500 series may reload with a bus error when you attempt to access a Versatile Interface Processor (VIP) by entering the if-con command.
Conditions: This symptom is observed on a Cisco 7500.
Workaround: Instead of the if-con command, enter the show controllers vip slot-number tech-support EXEC command.
•
Symptoms: A network access server (NAS) that runs Microsoft CHAP (MS-CHAP) or Microsoft CHAP version 2 (MS-CHAPv2) may reload unexpectedly.
Conditions: This symptom is observed on a Cisco AS5400 that functions as a NAS but may be platform independent.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(4)T1
Cisco IOS Release 12.3(4)T1 is a rebuild release for Cisco IOS Release 12.3(4)T. The caveats in this section are resolved in Cisco IOS Release 12.3(4)T1 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When authorization is defined under the aaa dnis map dnis-number authorization network group server-group-name global configuration command, a Cisco router sends an access request for the user to the RADIUS server with service outbound. The RADIUS server refuses the authorization with an "authentication failure" message, and the user is disconnected.
Conditions: This symptom is observed after an upgrade to Cisco IOS Release 12.3, Release 12.3 B, or Release 12.3 T when a specific authentication, authorization, and accounting (AAA) dialed number identification service (DNIS) for authorization is configured, as in the following example:
aaa dnis map enable
aaa dnis map 999999 authorization network group my_groupWorkaround: Suppress the authorization under the aaa dnis map dnis-number authorization network group server-group-name global configuration command, and use the main AAA authorization.
IBM Connectivity
•
Symptoms: Asynchronous Point of Sale (APOS) to IP (APIP) conversion does not properly switch from the primary host to the alternate host when the primary host is unreachable.
Conditions: This symptom occurs when the APOS connection attempts do not succeed after sending out a "no carrier" string to the attached POS device until after the original active open times out, which occurs after 30 seconds.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco 7200 series router with an ATM-PA-A3-OC3/E3/DS3 port adapter reloads if IP Version 6 (IPv6) traffic is being received on an ATM interface during the booting of the Cisco 7200 series router.
Conditions: This symptom occurs only if IPv6 packets are being received on any ATM-PA-A3 port adapter on a Cisco 7200 series router.
Workaround: Shut down the ATM interface before reloading the router, and bring the interface up once the router has booted up.
IP Routing Protocols
•
Symptoms: A Cisco router that is configured with Network Address Translation (NAT) does not tear down the NAT entry for H.245 messages after the call is terminated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(2)T.
Workaround: Reduce the NAT TCP timeout value to time out the unnecessary entry faster.
Miscellaneous
•
Symptoms: A Cisco router may reload because of a protocol control information (PCI) parity error, boot up, and then reload again when it dumps the PCI bridge registers.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: Packet Data Serving Node (PDSN) sends a Link Control Protocol (LCP) Termreq after sending an A11 RP update. In a normal termination procedure of a session, an LCP Termreq should be sent followed by an A11 RP update.
Conditions: This symptom is observed when a session is torn down after PPP is up.
Workaround: There is no workaround.
•
Symptoms: All of the extended Multiprotocol Label Switching (MPLS) ATM (XTagATM) interfaces may flap on a label switch controller (LSC).
Conditions: This symptom is observed when an edge label switch router (LSR) resets or when ATM Services (AXSM) trunks flap.
Workaround: There is no workaround.
•
Symptoms: Traffic from a customer premises equipment (CPE) that travels from a Multiprotocol Label Switching (MPLS) environment to an IPv6 environment may not be switched via Cisco Express Forwarding (CEF.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) pauses indefinitely when a Multiprotocol Label Switching (MPLS) subinterface is being removed.
Conditions: This symptom is observed on a Cisco RPM-XF that is running an rpmxf-p12-mz image of Cisco IOS Release 12.3, Release 12.3 B, or Release 12.3 T when an MPLS subinterface is being removed, even though there is no traffic on the subinterface.
Workaround: Shut down the MPLS subinterface before removing it.
•
Symptoms: The Cisco 7200 series boothelper image for Cisco IOS Release 12.2(14)S2 may reload unexpectedly, and the router may return to the ROM monitor (ROMmon) mode.
Conditions: This symptom is observed when you install a 2-port Token Ring Inter-Switch Link 100BASE-TX port adapter (PA-2FEISL-TX) or a 1-port ATM Enhanced OC-3 Packet-over-SONET (POS) port adapter in a Cisco 7200 series Network Processing Engine G-1 (NPE-G1) and you reload, reset, or power up the router with the boothelper image.
Workaround: Remove the PA-2FEISL-TX or 1-port ATM Enhanced OC-3 POS port adapter when you reload, reset, or power up the router with the boothelper image. Once the router has booted up, you can reinstall the port adapters.
•
Symptoms: A Cisco AS5850 reloads when digital signal processor (DSP) timeouts occur, and the following error messages appear:
%DIAL5-3-MSG:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x601F4AA4 reading 0x24
%ALIGN-3-TRACE: -Traceback= 601F4AA4 601F79BC 60215FB0 601B0B1C 00000000 00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 601F4AAC 601F79BC 60215FB0 601B0B1C 00000000 00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 601F4AB0 601F79BC 60215FB0 601B0B1C 00000000 00000000 00000000 00000000
%DIAL5-3-MSG:
%NP_BS-3-NO_KEEPALIVE: NextPort module 5/1/0 failed to respond to keepalive message
%DIAL5-3-MSG:
%NP_MM-3-MODULE_CRASH: Module Crash detected 5/1/0: state = 8, cause code = 1
%FB-6-OIR: Card in slot 5 removed
%DSIPPF-5-DS_KEEPALIVE_LOSS: DSIP Keepalive Loss from shelf 0 slot 5
%OIR-6-REMCARD: Card removed from slot 5, interfaces disabled
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6083A9CC reading 0x24
%ALIGN-3-TRACE: -Traceback= 6083A9CC 60848068 6084CCE0 60816F70 60819540 6081D674 602BCBD8 602C3BD8
%ALIGN-3-TRACE: -Traceback= 608151C0 608155A0 608473E4 6084807C 6084CCE0 60816F70 60819540 6081D674
%SYS-3-CPUHOG: Task ran for 2212 msec (8/7), process = Crash writer, PC = 601ED890.
-Traceback= 601ED898 60210564 60360AF4 6020CE7C 601186D4 601190A8 6011892C 60118C68 602150B0 601839C4 60183BCC 601D1604 601D15F0Conditions: This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(11)T9 but may also occur on other releases.
Workaround: Replace the faulty NextPort card in the router.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1 and that is running Cisco IOS Release 12.2(14)S3.
Workaround: There is no workaround.
•
Symptoms: The Alarm Interface Controller (AIC) network module is not recognized by a Cisco 3745 router.
Conditions: This symptom is observed on a Cisco 3745 router that is running Cisco IOS Release 12.3(4)T image c3745-adventerprisek9-mz. However, the AIC network module is seen on a Cisco 3745 router that is running Cisco IOS Release 12.3(4)T image c3745-jsx-mz.
Workaround: There is no workaround.
•
Symptoms: When Cisco IOS Firewall Session Initiation Protocol (SIP) inspection is configured, spurious memory access errors may be generated by the router when a SIP endpoint registers with an external proxy.
Conditions: This symptom is observed on a Cisco 3725 router or a Cisco 2691 router that is running a Cisco IOS Release 12.3(4)T adventerprisek9-mz image, but is not platform specific. Calls are not affected.
Workaround: There is no workaround. The defect has been corrected by eliminating improper memory access operations.
•
Symptoms: The router unexpectedly reloads at sb_timer_intr_handler.
Conditions: This symptom is observed on a Cisco 7300 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when you delete an IPv6 reflexive access control list (ACL) while an ACL that is defined in the name argument of the evaluate name access-list command continues to reference the deleted reflexive ACL.
Conditions: This symptom occurs when a traffic flow matches the ACL that is defined in the name argument of the evaluate name access-list command.
Workaround: First disable the evaluate name access-list command before you delete the reflexive ACL.
•
Symptoms: A Cisco router with a VPN Accelerator Module 2 (VAM2) may not be fully compliant with the Federal Information Processing Standards specifications for power-up self tests. There is no loss of functionality (FIPS-140-2). There are no operational symptoms that are apparent.
Conditions: This symptom is observed on a Cisco 7200 series with a G1 Network Processing Engine (NPE-G1) and a VAM2 that is enabled for IP Security (IPSec) acceleration.
Workaround: There is no workaround.
•
Symptoms: A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that is running distributed Cisco Express Forwarding (dCEF) may have high memory usage and memory allocation failures when dCEF is disabled and then reenabled.
Conditions: This symptom is observed on a PE router that has a large number of VPN routes (over 30,000) in a VPN routing/forwarding (VRF) table when CEF is disabled and then reenabled.
Further Problem Description: View the output of the show processes memory EXEC command to verify that the CEF process memory usage increases.
Workaround: Reload the router.
•
Symptoms: An L2TP access concentrator (LAC) may reload when it clears a PPP over Ethernet (PPPoE) session.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: An incorrect MAC encapsulation string in a Multiprotocol Label Switching (MPLS) forwarding table on a provider edge (PE) router causes traffic to go down.
Conditions: This symptom is observed on a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) that rebuilds the MPLS forwarding table after traffic stops on a PE router.
Workaround: Enter the clear ip route network EXEC command on the PE router that has the traffic problem.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface command on the MPLS interfaces of the problem PE.
•
Symptoms: ATM binding is not used by the Tag Forwarding Information Base (TFIB) Cisco Express Forwarding (CEF) table for some prefixes of remote provider edge (PE) routers on a PE router.
Conditions: This symptom is observed on a Cisco Route Processor Module (RPM-PR) in a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Workaround: Enter the clear ip route network EXEC command.
•
Symptoms: The CPU usage on a Cisco AS5850 may be close to 100 percent with a moderate number of voice calls with any Voice over IP (VoIP) device that uses the User Datagram Protocol (UDP) checksum (for example, Cisco Analog Telephone Adapter [ATA] devices and the Cisco 7900 series IP phones).
Conditions: This symptom is observed on a Cisco AS5850 when VoIP devices that use the UDP checksum are installed in a client network as a VoIP gateway that uses the Session Initiation Protocol (SIP) and has the ip udp checksum dial-peer configuration command enabled. This causes the Cisco AS5850 to punt packets to the Route Switch Controller (RSC) and have high CPU usage at the RSC with only a moderate number of calls.
Workaround: Disable the UDP checksum option in the client network by entering the no ip udp checksum dial-peer configuration command. If this is not possible, there is no workaround.
•
Symptoms: A router that is running a Cisco IOS crypto k8 or k9 image may experience tracebacks as follows:
crypto_adjacency_unlock
crypto_tunnel_adj_unlock
crypto_drop_packetOr, the router may experience a memory corruption reload with a corrupting pattern listed in the corrupting_pattern enclosure.
Conditions: This symptom can happen with normal operation, but it is more likely to be triggered by the clear crypto sa EXEC command or when a crypto access control list (ACL) is configured while crypto traffic is flowing through the IPSec tunnel.
Workaround: There is no workaround.
•
Symptoms: The Cisco AS5xxx series routers that are equipped with the Bt8370 T1/E1 framer will bring down the controller immediately upon receiving an alarm indication signal (AIS).
Conditions: This symptom occurs when noisy line conditions that last less than 2 seconds can result in T1s going down, or outages or cable problems that last for less than 2 seconds can bring down the controller.
Workaround: There is no workaround. The fix is available in Cisco IOS Release 12.3.
•
Symptoms: A Cisco Packet Data Serving Node (PDSN) that is running a Cisco IOS Release 12.2(08)ZB08 image may drop large size generic routing encapsulation (GRE) packets (more than 512 bytes) if Cisco Express Forwarding (CEF) fast switching is turned on.
Conditions: This problem occurs when upstream GRE packets are Ethernet-padded. The show cdma pdsn statistics ahdlc command may show some "Invalid size" and "CRC error" counters being incremented because of this issue.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3600 series or Cisco 3700 series may reload because of an unexpected exception.
Conditions: This symptom is observed on Cisco 3600 series and Cisco 3700 series that run Cisco IOS Release 12.3(3) and that are configured with a DES/3DES/AES VPN Encryption and Compression Module (AIM-VPN/EPII or AIM-VPN/HPII). The symptom may occur during Internet Security Association and Key Management Protocol (ISAKMP) tunnel negotiation in all of the following conditions:
–
–
–
Workaround: For the first and second conditions there are no workarounds. For the third condition, match the IKE SA lifetimes on both peers.
•
Symptoms: When cptone CN (China) is configured on a voice port, the user cannot hear the message waiting indicator (MWI). If you enter the debug mgcp privileged EXEC command, you can observe that the message has been sent to the Integrated Access Device (IAD).
Conditions: This symptom is observed on a Cisco IAD 2421 and Cisco IAD2430 but may also be observed on other Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway GPRS support node (GGSN) reloads when configuring and/or unconfiguring the default aggregate configuration using SNMP object cGgsnDefaultAggregRowStatus (defined in the CISCO-GGSN-MIB) and then reconfiguring the same.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(4)T but is not platform specific.
Workaround: There is no workaround.
•
Symptoms: A router that is configured to use the AUX port default line assignment, for example a router with an interface async N configuration, will lose any references to this interface and all commands configured under it at router boot time.
Conditions: This symptom is observed if an image from Cisco IOS Release 12.2(15)ZJ or an interim image from Cisco IOS Release 12.3(3.9)T2 and later releases is used on a Cisco router. Other Cisco IOS trains such as Cisco IOS Release 12.2 T and Cisco IOS Release 12.3 mainline are not affected.
In these affected Cisco IOS images, the AUX port is no longer assigned line N by default, but is assigned line N+8. For example, on a Cisco 2600 series router, the AUX port line assignment will change from 65 to 73. This can be verified in the output of the show line EXEC command.
This problem affects router platforms that support the Cisco Unity Express (CUE) Network Module.
Workaround: Reconfigure all commands that pertain to the interface async N configuration to use the interface async N+8 configuration instead.
•
Symptoms: In a Large Scale Network Testing (LSNT) network, memory is not deallocated correctly.
Conditions: This symptom is observed on Cisco MXF Route Processor Module (RPM-XF) cards that are running YP4 images of Cisco IOS software where the approved vendor list (AVL) memory allocation and deallocation for a prefix of a Class of Service (CoS) index 0 value is not handled correctly.
Workaround: There is no workaround.
•
Symptoms: Foreign Exchange Office (FXO) ground-start voice ports on a Cisco IOS voice gateway may cease to permit outbound calls from the gateway to the connected voice switch. The output of the show voice port summary command will show that the voice port is in an UP/UP ONHOOK state; the proper idle state for the port should be UP/DORMANT ONHOOK.
Conditions: This symptom may be observed on any Cisco IOS voice gateway with FXO ground-start voice ports. Outbound calls from the gateway to the connected voice switch will function properly until an inbound call is made to the port. Once this inbound call is completed, the port may be stuck in the UP/UP ONHOOK state.
Workaround: To recover the voice port, issue the shutdown command followed by the no shutdown command under the appropriate port in voice-port configuration mode.
•
Symptoms: A Cisco MXF Route Processor Module (RPM-XF) may unexpectedly reload when you delete the subinterface switch 1.1 by entering the no interface switch1.1 interface configuration command. An error message similar to the following message may be displayed:
System returned to ROM by bus error at PC 0x40096E4C, address 0xD0D0D61The following message may be observed in the crashinfo file:
%GENERAL-5-NOTEVENT: Deleting last sub-interfaceConditions: This symptom is observed on a Cisco RPM-XF when a Multiprotocol Label Switching (MPLS) subinterface is deleted.
Workaround: There is no workaround.
•
Symptoms: A Cisco router does not recognize a WIC-1B-1S/T card with EEPROM version 4.
Conditions: This symptom is observed on the chassis of a Cisco 1720 router that is running Cisco IOS Release 12.3(3).
Workaround: Use a WIC-1B-1S/T card with EEPROM version 1, or run Cisco IOS Release 12.2(11)T9.
•
Symptoms: The set command will not work if used in a non-leaf level in a hierarchical policy.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(3).
Workaround: There is no workaround.
•
Symptoms: The node of a local Label Switch Controller (LSC) that is part of a Multiprotocol Label Switching (MPLS) cell-based network may observe the following symptoms:
- The local provider edge (PE) router cannot ping the remote customer edge (CE) router.
- The remote PE router cannot ping the local CE router.
- The local PE router can ping the remote CE router with type of service (ToS) equal to 0xe0.
- The remote PE router can ping the local CE router with ToS equal to 0xe0.
- A ping with the route record option does not work in either direction.
- A ping with the trace route option does work.
Conditions: These symptoms are observed on the LSC of a Cisco MGX Route Processor Module (MGX-PRM-PR-512) that is running Cisco IOS Release 12.2(15) T4a.
Workaround: From the node of the local LSC that is observing the symptoms, enter the clear ip route network EXEC command.
•
Symptoms: The configuration setting for long cable lengths adjusts only the output signal. For long cables, the receiver side may exhibit line code violations (LCVs) errors or enter the loss of signal (LOS) state.
Conditions: This symptom is observed on a Cisco IAD2430 that is running Cisco IOS Release 12.2(15)ZJ2 but is not platform specific.
Workaround 1: Increase the signal that comes into the receiver side.
Workaround 2: Insert a CSU/DSU.
Workaround 3: Download the Cisco IAD3420 c2430-is-mz image from Cisco IOS Release 12.3(4)T.
•
Symptoms: The no-answer keyword in the voice hunt no-answer global configuration command may not function properly.
This situation may prevent dial-peer hunting from occurring when an outgoing call is disconnected because there is no answer.
Conditions: This symptom is observed on a Cisco platform that functions as a terminating gateway (TGW), that has the voice hunt no-answer global configuration command enabled, and that is configured with two dial peers for the same destination pattern. The symptom may also occur on an IP-to-IP gateway.
Workaround: Configure the default.c.old' application on the TGW.
•
Symptoms: It is not possible to change to the default value of 64 milliseconds (ms) when you enter the echo-cancel coverage voice-port configuration command.
Conditions: This symptom is observed when the following steps are taken to change to the default value (64) of the echo-cancel coverage voice-port configuration command.
–
–
–
–
–
–
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Control plane policy fails to match Address Resolution Protocol (ARP) packets with the match protocol arp class-map configuration command when the ingress interface has Inter-Switch Link (ISL) or Dot1q encapsulation.
Conditions: This symptom occurs when a service policy is attached to the control plane in input direction.
Workaround: There is no workaround.
•
Symptoms: When running BSTUN with Asynchronous Security Protocol (ASP), if you use the no encapsulation bstun interface configuration command, configured line parameters will be overwritten. Speed is reset to 9600. Data bits are set to 8, and stop bits are set to 1.
Conditions: This symptom is observed on a Cisco 3700 series router but is not platform specific.
Workaround: Reenter the no encapsulation bstun interface configuration command.
•
Symptoms: The segmentation and reassembly (SAR) chip may reload unexpectedly, and the following error message is displayed:
ATMPA-3-SARCRASH: ATM11/0/0: SAR0 Chip Crashdump:Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S or Release 12.3 and that is configured with an inverse multiplexing over ATM (IMA) port adapter. The symptom may occur when the Versatile Interface Processor (VIP) in which the SAR is installed reloads unexpectedly.
Workaround: There is no workaround.
•
Symptoms: Some sessions may not come up with aa15snap encapsulation.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(3)B but is not platform specific.
The problem can occur at any time but is most likely to happen under conditions of heavy stress (when the system is trying to bring up thousands of sessions in as little time as possible.) Conditions that lead to short-term session flaps, for example, when OAM is running with a relatively short period, are most likely to expose the problem.
Workaround: Short of eliminating all potential sources of session flaps while sessions are initializing, there is no workaround.
•
Symptoms: With crypto configured on an interface, packets are not getting Cisco Express Forwarding switched (CEF-switched), but packets are getting fast-switched.
Conditions: This symptom is observed on a Cisco 837 router that is running Cisco IOS Release 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: The accounting of input and output bytes and/or packets for a service connection is not correct. Only upstream traffic for that service access is accounted for, whereas downstream traffic from that service would be accounted for another service connection.
Conditions: This symptom is observed when a user does autologon to two no-NAT/passthrough services.
Workaround: There is no workaround.
•
Symptoms: A router reloads when accounting and authorization filters are modified.
Conditions: If authorization and accounting filters are already defined in a server group, any attempts to change these will cause the router to reload.
Workaround: Remove the filter and add a new filter instead of just changing the filter.
•
Symptoms: A Service Selection Gateway (SSG) reloads at ssg_search_conn.
Conditions: This symptom occurs when downstream traffic from a proxy NATed service is sent to an SSG host who is logged onto it. This happens after a host logs off a service and immediately the same or another host with same NATed IP address logs on to the proxy NATed service.
Workaround: There is no workaround.
•
Symptoms: A Cisco Gateway GPRS Support Node (GGSN) that is running a R4.0 image leaks memory after querying the following Simple Network Management Protocol (SNMP) MIBs:
–
CISCO-GPRS-ACC-PT-MIB–
CISCO-GPRS-CHARGING-MIB–
CISCO-GTP-MIB–
CISCO-GGSN-MIBConditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router with an NSE-1 processor board or a Cisco 7401 platform, where the system acts as Layer 2 Tunnel Protocol (L2TP) network server (LNS) (L2TP termination endpoint), may reload.
Conditions: This symptom occurs with Parallel Express Forwarding (PXF) on IP-to-L2TP downstream traffic, when the shutdown command is issued followed by the no shutdown command on the physical interface toward the L2TP access concentrator (LAC) router, or when the clear adjacency command is issued.
Workaround: Disable PXF using the no ip pxf command.
•
Symptoms: A reload occurs during high-load IPv6 multicast forwarding. This is due to a corrupted redzone in the packet memory.
Conditions: This symptom is observed only on the i82543-based Ethernet family of controllers during high-load IP version 6 (IPv6) multicast forwarding.
Workaround: Disable IPv6 multicast.
•
Symptoms: A Cisco 7200 NPE-G1 series router may run into high CPU utilization and drop some unicast packets when there is a lot of multicast replication.
Conditions: This symptom can occur when more than 300 packets are replicated for one packet.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A router may experience a memory leak in the vtemplate background process. This symptom may be confirmed by entering the show processes memory EXEC command to monitor memory usage.
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.2(13)T5.
Workaround: There is no workaround.
•
Symptoms: In any Cisco IOS release, when a user adds the ppp ipcp address unique command to an interface with PPP encapsulation, call rates (sessions per second) are reduced by at least a factor of 3, and excessive CPU utilization occurs.
Conditions: This symptom is observed on routers that aggregate PPP sessions.
Workaround: Issue the no ppp ipcp address unique command.
•
Symptoms: When an attempt is made to bring up a Layer 2 Tunneling Protocol (L2TP) session, the L2TP tunnel may be rejected by an L2TP network server (LNS) and a spurious memory access may occur.
Conditions: This symptom is observed if the "group session-limit" parameter is in the default configuration of the virtual private dial-up network (VPDN) template and the global VPDN session limit is set to any value as shown in the following example:
vpdn-template
group session-limit 2Also, this symptom will be seen only when the VPDN template is configured after an L2TP tunnel/session has been set up.
The output of the show vpdn history failure EXEC command displays the following message:
Failure type: Exceeded configured VPDN maximum session limitWorkaround: Configure the VPDN template along with the group session limit before setting up the tunnel for those sessions and not after L2TP tunnel setup. Alternately, if the VPDN template is configured after the session has been set up, before bringing up a new tunnel and/or session again, remove the VPDN template and configure it again.
Resolved Caveats—Cisco IOS Release 12.3(4)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(4)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms Executing an snmpwalk command on loopback interfaces does not yield any results.
Conditions This symptom is observed on a Cisco 12000 series router.
Workaround Execute the snmpwalk command on the physical interfaces instead.
•
Symptoms: A Simple Network Management Protocol (SNMP) request sent to the loopback interface of a Cisco router will have the wrong source address in the reply.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: Send the SNMP request to the IP address of a physical interface instead.
•
Symptoms: The snmp-server drop vrf-traffic global configuration command used to drop Simple Network Management Protocol (SNMP) packets received on VPN routing/forwarding (VRF) interfaces is not available.
Conditions: This symptom is observed in all releases of Cisco IOS software.
Workaround: There is no workaround
•
Symptoms: A Cisco Catalyst 4000 Access Gateway Module may reload when using HTTP to copy images from a TFTP server.
Conditions: This symptom is observed in the c4gwy-isx3-mz image of Cisco IOS Release 12.3(4)T.
Workaround: There is no workaround.
•
Symptoms: A warm reboot may fail on a Cisco router because of a decompression failure.
Conditions: This symptom is observed on all Cisco platforms that are running certain releases of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: When the Service Assurance Agent (SAA) jitter probe is run with the codec option, Impairment/Calculated Planning Impairment Factor (ICPIF) and mean opinion score (MOS) calculations may not occur if there is packet loss in the network.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: It is not possible to configure cell-based Mulitprotocol Label Switching (MPLS) because extended-port command arguments do not exist.
Conditions: This symptom is observed on Cisco Route Processor Module (RPM) and MGX RPM (RPM-XF) platforms when the extended-port interface configuration command is entered when trying to extend the XTag interface.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may reload.
Conditions: This symptom is observed on a Cisco router that is transparently bridging an Ethernet frame over a PPP over ATM (PPPoATM) interface.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may reload when you add Border Gateway Protocol (BGP) neighbor statements to the configuration.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S when BGP neighbors are added by using a script that adds the BGP neighbors at a much faster rate than manual addition, and when a large BGP table is already present on the router before the script adds the BGP neighbors.
Workaround: There is no workaround.
•
Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.
Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.
Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.
•
Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.
Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.
Conditions: This symptom may occur under any of the following six conditions when BGP is converging:
1. When non-peer-group peer sessions flap or when the clear ip bgp address privileged EXEC command is entered several times for a non-peer-group peer.
2. When the clear ip bgp * soft out privileged EXEC command is entered repeatedly in rapid succession.
3. When peers are moved in or out of peer groups.
4. When routers that are configured with unicast assured forwarding (AF) and AF only are reloaded.
5. When all members of a peer group are cleared by performing either a hard reset or a soft reset. In this situation, only the peer group is affected.
6. When some routes are advertised to or withdrawn from the router while the router is converging, some peers in a peer group may not receive all the updates.
Workaround: There is no workaround for conditions 1 through 5.
To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.
•
Symptoms: Even though no Border Gateway Protocol (BGP) updates are sent between router peers, a router may send BGP withdraw messages to its peers.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(24)S or Release 12.0(25)S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) may send incomplete updates to the peer routers, and some routers may not send full routes to their peer routers. This behavior may cause some routes to be missing from the peer.
Conditions: This symptom is observed when a slow BGP peer in a peer group comes up while BGP is in the process of sending updates to the peer routers. This symptom is not platform specific.
Workaround: Enter the clear ip bgp peer- address soft out EXEC command to clear this condition. Avoid using a peer group if possible.
•
Symptoms: When the dmzlink-bw command is enabled on a Cisco router, the router may reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.3(1.9)T2.
Workaround: There is no workaround.
•
Symptoms: The Border Gateway Protocol (BGP) converge time scale test may fail on a Cisco router that has a large number of BGP neighbors.
Conditions: This symptom is observed on a Cisco 7200 series that is running the c7200-js-mz image of Cisco IOS Release 12.3(1.9)T3 when the router has a large number of BGP neighbors.
Workaround: There is no workaround.
•
Symptoms: A memory leak occurs in the IP input process on a Cisco router when H.323 calls are run through Network Address Translation (NAT).
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(2)T2 and that is configured with NAT.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) routes may not be recognized.
Conditions: This symptom is observed when the match ip next-hop route-map configuration command is configured with an access control list (ACL) that matches a particular route.
Workaround: There is no workaround.
•
Symptoms: Enabling IP version 6 (IPv6) multicast routing by entering the ipv6 multicast-routing global configuration command may cause memory corruption. This situation may eventually cause the router to reload.
Conditions: This symptom is observed on a Cisco 7200 series but may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: A router may reload, or spurious access errors may occur on a Cisco router.
Conditions: This symptom is observed on all Cisco platforms when Border Gateway Protocol (BGP) IP version 6 (IPv6) is enabled.
Workaround: There is no workaround.
•
Symptoms: Cisco IOS software changes in Network Address Translation (NAT) code may punt fragmented packets that are received on a NAT outside interface to process-switching paths. This may cause high CPU usage in an environment with many fragmented packets.
Conditions: This symptom is observed on any Cisco platform that is running Cisco IOS Release 12.3(3.9)T2 when the ip nat outside global configuration command is configured on an interface.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: A router may experience an unexpected exception and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address addr=0x8F8, pc=0x60ABEF00, ra=0x60ABEE74, sp=0x63943CF8Conditions: This symptom is observed on a Cisco router after the following global configuration commands are entered:
router isis
redistribute maximum-prefix threshold
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The show ip cef vrf vpn exact-route [source-addr] [destn-addr] EXEC command is not supported under Parallel Express Forwarding (PXF).
Conditions: This symptom is observed on a Cisco router when the multipath feature has been enabled using Cisco Express Forwarding (CEF).
Workaround: There is no workaround.
•
Symptoms: The following objects are not supported in the ENTITY-MIB:
–
–
–
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: The values of the objects listed above can be displayed by entering the show c7200 privileged EXEC command or the show diag EXEC command.
•
Symptoms: A Cisco router may occasionally reload because of parser cache manipulation.
Conditions: This symptom is observed on a Cisco router when many virtual access interfaces are created on the router or are recreated after they have been deleted from the router.
Workaround: The router may not reload if you use the no parser cache global configuration command; however, after you have entered this command, the creation and deletion of virtual access interfaces may slow down and configuration processing in general may also slow down.
•
Symptoms: Input errors may be observed with the show interface switch1 privileged EXEC command when a police policy is applied to the output of the interface.
Conditions: This symptom is observed only with policies that are police-type policies as shown in the following example:
Router#show policy-map mvpn
Policy Map mvpn
Class mul
police cir 10000 bc 1500
conform-action transmit
exceed-action drop
Router#show class-map mul
Class Map match-all mul (id 18)
Match ip dscp cs1Workaround: There is no workaround until this caveat is fixed. The problem is actually in the reporting. The police drops are not really input errors; they are input drops. Disregard the input errors. No harm will come with this reporting. The problem is only in how to interpret the errors. The fix for this caveat is to not update the input errors with input drops in the segmentation and reassembly (SAR) because input drops include the toaster drops at this time.
•
Symptoms: A Cisco 12000 series may reload while the CPU utilization is high.
Conditions: This symptom is observed when you reload the microcode onto a line card and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on some interfaces.
Workaround: There is no workaround.
•
Symptoms: The following tracebacks may occur when you boot up a router:
%SYS-3-CPUHOG: Task ran for 3100 msec (87338/197), process = TC-ATM Proc, PC = 40B2EAE8.
-Traceback= 40B2EAF0 40B30BA0Conditions: This symptom is observed on a Cisco MGX 8850 Route Processor Module (RPM-XF) during bootup. If this symptom is observed, the RPM-XF card may not respond for a while and the user is unable to "cc" to this card because the CPU hogs all cycles. When the card does not respond, the Label Distribution Protocol (LDP) Open Shortest Path First (OSPF) route may go down with CPUHOG errors and tracebacks logged.
Workaround: There is no workaround.
•
Symptoms: The quality of service (QoS) policing function does not work accurately and correctly for ATM, serial, and Multilink PPP (MLP) link fragmentation and interleaving (LFI) interfaces. The function does not police to the line rate.
Conditions: This symptom is observed on a Cisco Route Processor Module (RPM- XF) router when Committed Access Rate (CAR) or Absolute Priority Queue (APQ) is configured.
Workaround: There is no workaround.
•
Symptoms: A router may reload while it is booting up if Gateway General Packet Radio Service (GPRS) signaling packets are continuously sent to the Gn interface.
Conditions: This symptom is observed when the Gateway GPRS Support Node (GGSN) is being reloaded on the router.
Workaround: There is no workaround.
•
Symptoms: The "next_hop ip addr" field is always 0.0.0.0 in the output of Parallel Express Forwarding (PXF) specific commands, whereas meaningful values are displayed in the output of the show pxf cpu cef vrf vpn ip- addr EXEC command.
Conditions: This symptom is observed in the output of the show pxf cpu cef [ip-addr] and show pxf cpu cef vrf [vpn] [ip-addr] EXEC commands that display next_hop information.
Workaround: There is no workaround.
•
Symptoms: A router may pause indefinitely and CPU usage may go to 100 percent when all Service Selection Gateway (SSG)-related information is cleared from the router by entering the no ssg enable force interface configuration command.
Conditions: This symptom is observed if the ssg bind direction downlink interface configuration command is configured on the virtual template of a Cisco 10000 series.
Workaround: Reboot the router.
•
Symptoms: If a reload occurs on a Cisco router that has interrupts disabled, the crashinfo file may take a long time to write because error messages like the following are generated each time a write is attempted:
SYS-2_INTSCHEDConditions: This symptom is observed on a Cisco router when interrupts are disabled and a software reload occurs.
Workaround: There is no workaround.
•
Symptoms: Traffic may be blocked when Distributed Multilink Frame Relay (DMFR) is configured.
Conditions: This symptom is observed when the traffic is switched from the input interface by using fast switching rather than Cisco Express Forwarding (CEF).
Workaround: Configure CEF or distributed CEF (dCEF) on the input interface.
•
Symptoms: A ping from a Label Switch Controller (LSC) to an Edge Label Switch Router (ELSR) fails.
Conditions: This symptom is observed if the ELSR is configured not to create a label virtual circuit (LVC) toward the LSC and the shutdown followed by the no shutdown interface configuration commands are performed on the Multiprotocol Label Switching (MPLS) interface of the ELSR.
Workaround: Reload Parallel Express Forwarding (PXF) using the micro reload pxf command.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) may reload when a permanent virtual circuit (PVC) is removed from any switch subinterface using the no pvc switch subinterface configuration command.
Conditions: This symptom is observed only if the ip pim command is also configured under the same switch subinterface configuration when the PVC is removed.
Workaround: Unconfigure ip pim by using the no ip pim command before removing the PVC from the switch subinterface.
•
Symptoms: When multicast IP version 6 (IPv6) Cisco Express Forwarding (CEF) is enabled, packets (greater than or equal to 232 bytes) that are forwarded may be corrupted.
Conditions: This symptom is observed on all Cisco platforms during normal multicast CEF software forwarding.
Workaround: Use process space forwarding.
•
Symptoms: A data packet that has a size that exceeds the maximum transmission unit (MTU) of a core-facing interface on a provider edge (PE) router may fail.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when Layer 2 Tunnel Protocol Version 3 (L2TPv3) is used with the Xconnect service and when the MTU of the customer-facing interface is larger than the MTU of the core-facing interface.
Workaround: Ensure that the MTU of the core-facing interface is equal to or larger than the MTU of the customer-facing interface.
•
Symptoms: After extended remote digital terminal (RDT) testing, an onboard Analog Voice Module (AVM) fails to download the enhanced digital signal processor (EDSP) PRAM firmware during bootup.
Conditions: This symptom is observed on a Cisco IAD2430 router that has an AVM.
Workaround: Reboot the router again.
•
Symptoms: A direct memory access (DMA) engine that sends packets to a digital signal processor (DSP) sometimes locks up after reboot and fails to send the packets.
Conditions: This symptom is observed in a test environment after many hours of remote digital terminal (RDT) testing.
Workaround: Reboot the router.
•
Symptoms: A Cisco router that is running gateway GPRS support node (GGSN) software may reload because of access to an illegal address. This occurs when the GPRS tunneling protocol (GTP) attempts to send out a response message, and during this time, the packet data protocol (PDP) context is cleared on the GGSN.
Conditions: This symptom occurs only in extremely rare situations when the GGSN initiates a PDP delete and before the actual deletion occurs, a create is received. This symptom cannot be recreated easily.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway GPRS support node (GGSN) may reload when it processes a duplicate DHCP notification.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A router fails with the following error when the interface dialer 0 global configuration command is entered:
%ALIGN-1-FATAL: Illegal access to a low address addr=0xC8, pc=0x60598C5C, ra=0x60598C24, sp=0x6283DAC8Conditions: This symptom is observed on a Cisco IAD2430.
Workaround: There is no workaround.
•
Symptoms: A Cisco 831 router cannot get an IP address from a DHCP server that resides on the provider network that assigns the IP address.
Conditions: This symptom is observed on a Cisco 831 router but may occur on other Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: When the Cisco GPRS tunneling protocol (GTP) receives a Transport Protocol Data Unit (TPDU), it decapsulates it from the IP, User Datagram Protocol (UDP), and GTP headers and tries to route the inner IP payload away. It does not validate the length field inside of the IP packet. When the indicated length is longer than what the other length fields indicate, memory corruption may occur.
Conditions: This symptom is observed in the Cisco gateway GPRS support node (GGSN) software version 3.1 of Cisco IOS Release 12.2(8)YY2 and in the GGSN version 4.0 of Cisco IOS Release 12.2(8)YW1.
Workaround: There is no workaround.
•
Symptoms: Buffer leaks occur when Multiprotocol Label Switching (MPLS) traffic is passed. This causes complete buffer depletion and eventually all traffic is dropped. There is no online tool available that provides information on the cause of the buffer leak.
Conditions: This symptom is observed on the toaster Cobalt. Many types of packets are passed, and it is necessary to determine the exact type of packet that causes the leak.
Workaround: Use the show pxf cpu buffers-leaked EXEC command to determine the exact type of packets that cause the leak. Use of this command impacts traffic because traffic is stopped to gather data; traffic restarts once the data has been gathered.
•
Symptoms: A Cisco gateway GPRS support node (GGSN) may reload under stress conditions that involve packet data protocol (PDP) context creation with dynamic address allocation and RADIUS authentication.
Conditions: This symptom is observed in a test environment on a GGSN under the following conditions:
–
–
In the above situation, a rare race condition between the timing of these two failure notifications may trigger the reload.
Workaround: There is no workaround.
•
Symptoms: The Cisco IOS Telephony Services version 3.0 (Cisco ITSv3) intercom feature does not function.
Conditions: This symptom is observed in Cisco ITSv3. The caller is automatically placed on hold and cannot get out of the hold mode. There is no voice path in either direction.
Workaround: There is no workaround.
•
Symptoms: When the Service Selection Gateway (SSG) is configured to do session identification (SessionID) with framed IP in a RADIUS proxy mode, the SSG is unable to proxy the access requests from the network access server (NAS) whenever the NAS reuses the RADIUS packet ID.
Conditions: This symptom is observed on the SSG when the NAS gateway GPRS support node (GGSN) sends more than 255 access requests at a rate of 10 or more requests per second. The symptom is not observed at slower request rates from the NAS.
Workaround: Use session identification with mobile station identifier (MSID) on the SSG in the RADIUS proxy configuration.
•
Symptoms: A Cisco 1760 router may reload in a test environment when the voluntary lan feature is tested.
Conditions: This symptom is observed on a Cisco 1760 router that is running Cisco IOS Release 12.3(1.9)T2.
Workaround: There is no workaround.
•
Symptoms: The quality of service (QoS) policing function does not work accurately and correctly for cRTP (Compressed Real Time Protocol) interfaces. The function does not police to the line rate.
Conditions: This symptom is observed on a Cisco Route Processor Module (RPM- XF) router when Committed Access Rate (CAR) or Absolute Priority Queue (APQ) is configured.
Workaround: There is no workaround.
•
Symptoms: The following error message may be displayed on an MGX Route Processor Module (RPM-XF) when IP Header Compression (IPHC) is configured on a multilink interface:
An error occurred during the configuration attemptConditions: This symptom is observed only when multilink interfaces that are not already active are being configured.
Workaround: There is no workaround. The error message may be ignored. It is incorrect, and the IPHC configuration is actually applied.
•
Symptoms: When header compression is configured on an interface that is in fast switching or Cisco Express Forwarding (CEF) mode, header compression does not occur.
Conditions: This symptom is observed only on certain T1 controllers because of a driver support issue.
Workaround: Configure process switching on the interface and header compression does occur.
•
Symptoms: When voice traffic is generated on a Cisco router, a digital signal processor (DSP) counter does not show any packets are transmitted, but packets are transmitted on the ATM side.
Conditions: This symptom is observed on a Cisco 3660 (originating) router with Voice over ATM adaptation layer 2 (VoAAL2) calls on a T1 Inverse Multiplexing ATM (T1-IMA) module. The voice traffic appears to fail on the channel-associated signaling (CAS) side.
Workaround: There is no workaround.
•
Symptoms: When Xconnect is configured on the first unit under test (UUT), the remote UUT gets one or more zombie tunnels. Sometimes the zombie tunnels are not torn down properly and subsequent test cases fail.
Conditions: This symptom is observed on a UUT Cisco router with an Xconnect configuration.
Workaround: There is no workaround.
•
Symptoms: 911 operator calls fail during operator callback.
Conditions: This symptom is observed on a Cisco AS5850 voice gateway with Media Gateway Control Protocol (MGCP) Feature Group-D Operator Services (FGD-OS) calls.
Workaround: There is no workaround.
•
Symptoms: If you enter the show vpdn or the show ppoe session EXEC command on a Cisco router, CPUHOG errors may occur.
Conditions: This symptom is observed on a Cisco router that has active PPP over Ethernet (PPPoE) sessions.
Workaround: There is no workaround.
•
Symptoms: A Virtual Switch Interface (VSI) does not program the Switch Field Programmable Gate Array (SWFPGA) correctly for the control virtual circuit (VC).
Conditions: This symptom is observed when all of the following conditions occur:
–
–
–
–
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Xtag interface.
Further Information Provided: When the Processor Switch Module (PXM) changes the logical channel number (LCN) for a connection (because of a deletion and then readdition), this remote information is not updated on the SWFPGA. To correct this issue, we detect that the remote LCN on the PXM has changed for the local LCN on the router. In this situation, we delete and then readd the connection in the hardware.
•
Symptoms: The ifTable on the Route Processor Module (RPM-PR) contains the following entries for the Switch1 interface that do not appear in the ifTable on the RPM-XF:
–
–
Conditions: This symptom is observed in Cisco IOS Release 12.2(15)T4a when a query is made on the ifTable of the RPM-PR and RPM-XF.
Workaround: There is no workaround.
•
Symptoms: The wireless LAN (WLAN) reconnect feature does not function correctly for public wireless LAN (PWLAN) users.
Conditions: This symptom is observed when the PWLAN user performs an Extensible Authentication Protocol (EAP) SIM authentication and logs in. The WLAN reconnect feature is then configured on the Service Selection Gateway (SSG), and the user logs off. An Acct-Status-Query is sent from the Subscriber Edge Services Manager (SESM), and the user is logged in again. The user has three automatic login services and is able to log in to the tunnel service but is unable to log in to the pass-through or proxy service.
Workaround: There is no workaround.
•
Symptoms: The following error message is displayed on a Cisco router that is configured with Multilink PPP (MLP):
%SBETH-3-ERRINT: GigabitEthernet6/7, error interrupt, mac_status = 0x0000000000050087Conditions: This symptom is observed in a test environment on a Cisco router that has 720 two-link MLP bundles with an aggregate traffic rate of 55 packets per second (pps). No offload server is used.
Workaround: There is no workaround.
•
Symptoms: A Cisco router with the unix-p-ms image of Cisco IOS software may reload.
Conditions: This symptom is observed on all Cisco platforms with a Layer 2 Tunneling Protocol version 3 (L2TPv3) session established.
Workaround: There is no workaround.
•
Symptoms: On an MGX Route Processor Module (RPM-XF), the maximum values that are configured with the ingress-percentage-bandwidth and egress-percentage-bandwidth interface configuration commands are changed.
Conditions: This symptom is observed on an RPM-XF that is configured for Multiprotocol Label Switching (MPLS) partitions. Private Network-to-Network Interface (PNNI) partitions are not affected.
Workaround: Manually enter the desired values using Simple Network Management Protocol (SNMP) or use the command-line interface (CLI).
•
Symptoms: If the incorrect source and destination buffer addresses are output to cobalt and a Frame Trace Card (FTC) trace is running, an MGX Route Processor Module (RPM-XF) may reload.
Conditions: This symptom is observed on a Cisco RPM-XF. The FTC trace reads the data located at the source address. If the source address is incorrect, a bus error may cause the RPM-XF to reload.
Workaround: There is no workaround.
•
Symptoms: A permanent virtual circuit (PVC) resets after a service policy is applied. Connectivity is lost for approximately one minute.
Conditions: This symptom is observed on a Cisco 1721 router with an asymmetric digital subscriber line (ADSL) WAN interface card (WIC).
Workaround: There is no workaround.
•
Symptoms: A Cisco 1000 Edge Switch Router (ESR) that operates as a broadband aggregator may have a memory leak.
Conditions: This symptom is observed on a Cisco 1000 ESR that has many PPP over Ethernet (PPPoE) sessions that connect and disconnect (churn).
Workaround: There is no workaround.
•
Symptoms: Routing protocols may flap and congest interfaces enabled with IP Header Compression (IPHC).
Conditions: This symptom is observed in a test environment on link enabled with Compressed Real-Time Protocol (CRTP) when User Datagram Protocol (UDP) traffic is sent to congest the queue, and the Open Shortest Path First (OSPF) protocol is running. This symptom may also be observed in the case of weighted random early detection (WRED) drops as well.
Workaround: There is no workaround.
•
Symptoms: When a service policy is modified, all traffic that goes out of an ATM switch interface may stop.
Conditions: This symptom is observed when 200 Multilink interfaces are configured and the same service policy is applied to all of the interfaces. A Border Gateway Protocol (BGP) session is established over each of the interfaces and a segmentation and reassembly (SAR)-based Class-Based Weighted Fair Queueing (CBWFQ) is enabled. The traffic may stop if the service policy is modified while data traffic is running through the Multilink interfaces.
Workaround: There is no workaround
•
Symptoms: If the Cisco Health Monitor (HM) reloads the active or standby Route Switch Controller (RSC) card, the HM may not supply sufficient information to the console to determine why the reload occurs.
Conditions: This symptom is observed on a Cisco AS5850 and particularly affects the classic-split, handover-split, and RPR redundancy modes. This symptom is particularly observed when a continual reloading of the standby RSC cannot be easily diagnosed without the fix for this caveat.
Workaround: There is no workaround.
•
Symptoms: Voice calls are hung after several hours of a voice call stress test.
Conditions: This symptom is observed on a Cisco router in a voice call stress test of an extended duration (5 to 6 hours). The router is configured with Media Gateway Control Protocol (MGCP) channel-associated signaling (CAS) and has two Digital Signal 3 (DS3) port adapters that are full of voice calls.
Workaround: There is no workaround.
•
Symptoms: The neighbor ip-address send-label address family configuration command may not function properly for an IP version 6 (IPv6) Border Gateway Control (BGP) neighbor that is part of a BGP peer group in an IPv6 address family; the functionality of the send-label keyword may not be advertised to the peers.
Conditions: This symptom is observed when you use BGP peer groups with a provider edge (PE) router that is running IPv6 in a Multiprotocol Label Switching (MPLS) environment (referred to as a 6PE router).
Workaround: Enter the neighbor ip-address send-label address family configuration command for the IPv6 BGP neighbor before you make the IPv6 BGP neighbor part of the BGP peer group in the IPv6 address family.
•
Symptoms: The MAC rewrite index for VPN routing and forwarding (VRF) prefixes keeps changing in Parallel Express Forwarding (PXF).
Conditions: This symptom is observed if dual Label Switch Controllers (LSCs) are configured on a Cisco Edge Label Switch Router (ELSR) and two internal Border Gateway Protocol (iBGP) paths exist for the VRF prefixes. In addition, at least one multilink interface should be in the up state.
Workaround: There is no workaround.
•
Symptoms: The radius-server unique-ident global configuration command does not attach the unique identifier to the RADIUS accounting package.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A Service Selection Gateway (SSG) may log-off the host entry when a mobile node handoff occurs.
Conditions: This symptom is observed in a Code Division Multiple Access (CDMA) environment if the accounting-start record reaches the SSG before the accounting-stop record reaches the SSG. The SSG does not correlate the correct order of these out-of-order accounting packets.
Workaround: There is no workaround.
•
Symptoms: When VLAN encapsulation is configured on the egress interfaces, no traffic can be sent over the egress interfaces.
Conditions: This symptom is observed on all Cisco platforms that have VLAN encapsulation configured.
Workaround: There is no workaround.
•
Symptoms: The Cisco Net-GX crypto card does not encrypt or decrypt packets with the geo_t_pi2 image of Cisco IOS software.
Conditions: This symptom is observed on a Cisco Net-GX crypto card.
Workaround: There is no workaround.
•
Symptoms: A Cisco gatekeeper rejects an AccessRequest with multiple addresses.
Conditions: This symptom is observed with a Cisco gatekeeper that receives AccessRequests from a third-party video interactive gateway.
Workaround: There is no workaround.
•
Symptoms: The Compressed Real-Time Protocol (CRTP) stream is not decompressed correctly and the full packet header is punted to the Route Processor (RP). Packets are dropped because of an IP version mismatch.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) when it sends RTP traffic with a continuity check (cc) bit or an M bit set from a customer edge (CE) router across the RPM-XF to a remote CE. There is a T1 semi-permanent virtual circuit (SPVC) between the CE and the RPM- XF, and the CRTP feature is enabled on the RPM-XF.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur when a semi- permanent virtual circuit (SPVC) enabled with VPN routing and forwarding (VRF) is converted to a Multilink PPP (MLP) link.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module that is configured with VRF.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XR) reloads when the show pxf cpu mroute vrf privileged EXEC command is issued.
Conditions: The symptom is observed if the mroutes are cleared (by way of a Cisco IOS command-line interface [CLI] command or automatically by way of a timeout) before the show command completes execution.
Workaround: There is no workaround; however, even though there is no workaround to eliminate the symptom, the risk may be minimized by issuing the terminal length 0 CLI command before the show command in question is used. This will disable the automore feature, and will decrease the time spent executing the show command.
•
Symptoms: The front card of a Cisco MGX Route Processor Module (RPM-XF) remains in the initiation state because of interrupt errors from a 2-port Gigabit Ethernet (GE) back card.
Conditions: This symptom is observed on a Cisco RPM-XF during an upgrade of Cisco IOS software to the rpmxf-p12-js.030731 image.
Workaround: There is no workaround.
•
Symptoms: A Tool Command Language (Tcl) script that binds a server socket on the router causes a VTY line lockup. The connected line locks up, and the script server no longer responds to local or remote input.
Conditions: This symptom is observed on any Cisco platform that runs Cisco IOS software.
Workaround: Reload the router to clear the VTY line. To avoid this symptom, do not use server sockets.
•
Symptoms: The number of packets displayed in the output of the show policy-map interface interface-name EXEC command is twice the number of packets actually sent out. The counter is being updated by both the Route Processor (RP) and Parallel Express Forwarding (PXF).
Conditions: This symptom is observed on a Cisco RPM-XF card with a service policy attached on a multilink interface.
Workaround: Look at PXF statistics using the show pxf cpu statistics qos interface EXEC command.
•
Symptoms: Simple Network Management Protocol (SNMP) values that are retrieved by the snmpget command may be inconsistent compared to the SNMP values that are shown on an interface.
Conditions: This symptom is observed on a Cisco 12000 series that runs in a Multiprotocol Label Switching (MPLS) environment when you use SNMP to retrieve various counter values from a Packet-over-SONET (POS) interface.
Workaround: There is no workaround.
•
Symptoms: Cisco Survivable Remote Site Telephony (SRST) version 3.0 does not start streaming multicast music on hold (MOH) from Flash memory until at least one phone has opened a TCP connection to the IP address and port specified by the ip source-address telephony-service configuration command. This prevents the SRST gateway from being used as a local MOH resource during normal Call Collection Manager (CCM) operation because IP phones do not open a TCP connection to the SRST gateway if there are two or more CCMs available.
Conditions: This symptom is observed in Cisco IOS Release 12.2(15)ZJ1.
Workaround: The following workarounds are available:
–
–
–
•
Symptoms: Approximately 30 to 90 seconds after a switchover, a newly active Enhanced Route Switch Controller (ERSC) experiences memory exhaustion and reloads itself or the peer ERSC reloads. Once the reload is underway, the symptom goes away and the system behaves correctly. The reloaded ERSC also boots without any problems.
Typically, messages similar to those below appear on the console of the newly active ERSC immediately before it reloads:
%HA_CLIENT-3-NO_CF_BUFFER: The RM HA client failed to get a buffer (len=32) from CF (rc=7); checkpointing failed -Traceback= 20B34BC8 20B35EFC 20B3638C 20B369FC 20B36D00 20B36E04 20221414 202213F8
%HA_CLIENT-3-NO_CF_BUFFER: The TTY HA client failed to get a buffer (len=84) from CF (rc=7); checkpointing failed -Traceback= 21291730 21291860 212919A4 2016BC80 20187800
%SYS-2-MALLOCFAIL: Memory allocation of 4276 bytes failed from 0x201C9FF4, alignment 32 Pool: I/O Free: 4008 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate poolConditions: This symptom is observed on a Cisco AS5850 access server that is running Cisco IOS Release 12.3(2)T. The symptom occurs when the system is running in Route Processor Redundancy plus (RPR+) mode, resource pooling is enabled, and a customer profile is configured on the ERSC.
Workaround: There is no workaround.
•
Symptoms: The Caller ID (CLID) feature is not available on calls sent to a Foreign Exchange Station (FXS) on a Cisco IAD2430.
Conditions: This symptom is observed on a Cisco IAD2430 that acts as an H.323 voice gateway. A call that originates in the public switched telephone network (PSTN) comes in to the Voice over IP (VoIP) network. The call terminates in one FXS port in the Cisco IAD2430. The port is configured to send CLID to a CLID display, but nothing is displayed.
The same CLID display does function correctly on a Cisco IAD2610 with an FXS and the CLID feature enabled.
Workaround: There is no workaround.
•
Symptoms: The private configuration key that is configured with the key config-key 1 global configuration command cannot be removed using the no form of the command (no key config-key 1).
Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series that is on a dial interface may unexpectedly reload.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(13)T3, Release 12.2(13)T5, Release 12.2(15)T5, Release 12.3(1a), or Release 12.3(2)T and that has IP header compression configured.
Workaround: Remove TCP and Real-Time Protocol (RTP) header compression from all dial interfaces by entering the no ip tcp header-compression and the ip rtp header-compression interface configuration commands.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) may lose communications with a Label Switch Controller (LSC) and all configured connections.
Conditions: This symptom is observed on a Cisco RPM-XF that is configured with Multilink PPP (MLP), link fragmentation and interleaving (LFI), and Compressed Real-Time Protocol (CRTP). There is no heavy traffic running through the node. The output of the show pxf cpu context EXEC command indicates that the feedback statistics on existing packets are increasing but no new packets are being processed.
Workaround: Reload the Parallel Express Forwarding (PXF) microcode on the RPM-XF.
•
Symptoms: A CPU is busy with logging too many messages in the log and on the console for Transmission Control Block (TCB) buffer allocation failures.
Conditions: This symptom is observed in a test environment when a script that does continuous Label Distribution Protocol (LDP) flaps is running.
Workaround: There is no workaround.
•
Symptoms: A terminating gateway selects an incorrect codec even though it has the order of codec that it should select defined in its Voice over IP (VoIP) dial peer. The terminating gateway is unable to match any incoming calling number as expected.
Conditions: This symptom is observed when a call is made between two Cisco gateways. The originating gateway has a voice class with the G711ulaw, G711alaw, and G729r8 codecs selected in that order. The terminating gateway has the 711ulaw codec defined under its VoIP dial peer, but it selects the G729 codec.
Workaround: Use the "incoming called-number" feature under the VoIP dial peer.
•
Symptoms: An IP Header Compression (IPHC)-enabled interface goes down after sending out a few compressed packets.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) if the packets that are sent out are User Datagram Protocol (UDP) packets with a UDP length of less than 12 and if the top two bits of the first byte of the UDP payload are set to binary 01.
Workaround: There is no workaround.
•
Symptoms: Real-Time Protocol (RTP) packets may be corrupted after passing through an IP Header Compression (IPHC)-enabled link.
Conditions: This symptom is observed because packet corruption occurs if several RTP packets that are identical in all fields except for the RTP synchronization source (SSRC) field are passed through the link.
Workaround: There is no workaround.
•
Symptoms: When firewall inspection tests are performed, the test reports that the ip inspect parser help is not functioning in a particular image of Cisco IOS software.
Conditions: This symptom is observed on a Cisco 2600 series that is acting as a unit under test (UUT, and that is running the c2600-adventerprisek9-mz image or the c2600-advipservicesk9-mz image of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 with a Synchronous Transport Module 1 (STM1) card may reload if an online insertion and removal (OIR) is performed on the STM1 card.
Conditions: This symptom is observed on a Cisco AS5850 that has an STM1 card and that is configured for Non-Facility Associated Signaling (NFAS).
Workaround: There is no workaround.
•
Symptoms: Under certain configurations, CPUHOG messages are observed on a super access control list (ACL) process when the MGX Route Processor Module (RPM-XF) card is initialized.
Conditions: This symptom is observed on an RPM-XF card that has more than 1000 policy maps configured.
Workaround: There is no workaround.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptoms: An audible noise is present when the phone goes off-hook on a Foreign Exchange Service (FXS) port.
Conditions: This symptom is observed for any call made to an FXS phone.
Workaround: Disable caller ID under the FXS voice port.
•
Symptoms: The processing of packets on a control path takes too long.
Conditions: This symptom is observed on a Virtual Switch Interface (VSI) that uses the control path to communicate with other VSI slaves.
Workaround: There is no workaround.
•
Symptoms: A Layer 2 Tunneling Protocol version 2 (L2TPv2) session does not establish when voluntary tunneling is configured on a router.
Conditions: This symptom is observed when voluntary tunneling is configured on a client and a virtual private dial-up network (VPDN) is configured on a Cisco L2TP network server (LNS), and both the VPDN and LNS have corresponding usernames and passwords. The symptom may occur because the Subscriber Server Switch (SSS) Manager sends a client disconnect after it receives a response for an Xconnect L2TP service request.
Workaround: There is no workaround.
•
Symptoms: A router with a variable bit rate nonreal time (VBR-nrt) virtual circuit (VC) may reload.
Conditions: This symptom is observed on all Cisco platforms when a VBR-nrt VC is created when the available bandwidth becomes zero.
Workaround: There is no workaround.
•
Symptoms: In a Cisco Packet Data Serving Node (PDSN), the crypto map under the physical interface may be removed when a mobile IP session is brought down. This may be verified by entering the show crypto map mymap EXEC command.
Conditions: This symptom is observed when the PDSN is configured for CLI-based IP Security (IPSec).
Workaround: There is no workaround.
•
Symptoms: When a 16-port Asynchronous/Synchronous Network Module (NM-16A/S) card is inserted in the chassis of a Cisco 3745 router, and the show tech-support privileged EXEC command is entered, the router reloads.
Conditions: This symptom is observed on a Cisco 3745 router that is running Cisco IOS Release 12.3(2)T. When the NM-16A/S card is removed from the Cisco 3745 router and the show tech-support privileged EXEC command is entered, the symptom is not observed.
Workaround: There is no workaround.
•
Symptoms: When a terminating gateway receives a "disconnect PI" message, it may not send the message along to the originating gateway.
Conditions: This symptom is observed when an enhanced session application is configured on the inbound dial peer of the terminating gateway.
Workaround: Configure "appl default.c.old" or a Tool Command Language (Tcl) interactive voice response (IVR) application (for example, "appl session").
•
Symptoms: A T1 controller configuration may be lost on a Cisco router.
Conditions: This symptom may be observed when a user migrates to Cisco IOS Release 12.3(4)T. The T1 controller is not the default controller in this release of Cisco IOS.
Workaround: There is no workaround.
•
Symptoms: The facility message is dropped by the terminating gateway and is not received by the originating gateway.
Conditions: This symptom is observed when the enhanced default session application is configured on the incoming dial peer of the terminating gateway. The facility message arrives before the call connection is established.
Workaround: Instead of using the enhanced default session application, configure "default.c.old" or a Tool Command Language (Tcl) interactive voice response (IVR) 2.0 application such as "session."
•
Symptoms: A call consultive transfer does not function correctly when a transferee (XEE) sends an on-hold invite message to the transfer target (XTO) after the XTO commits the transfer.
Conditions: This symptom is observed when a Session Initiation Protocol (SIP) IP phone acts as the transferrer (XOR) and the XOR sends the on-hold INVITE message to the XTO and the call transfer fails. The XTO sends a refer message to the XEE and receives the 202 (accepted) response message but does not receive a notify message.
Workaround: There is no workaround.
•
Symptoms: A router may reload during a Session Initiation Protocol (SIP) call.
Conditions This symptom is observed on all Cisco platforms that support SIP. The symptom is observed only when the debug ccsip events EXEC command is enabled.
Workaround: Do not enable the debug ccsip events EXEC command. If the command is enabled, disable it by entering the no debug ccsip events EXEC command.
•
Symptoms: IP version 6 (IPv6) multicast traffic may be process-switched. This may impact the performance of the router.
Conditions: This symptom is observed on a Cisco router that is running the c7200-is-mz.123-3.9.T3 image of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A router reloads after the first dual tone multifrequency (DTMF) digit on an ephone has been pressed by the user.
Conditions: This symptom is observed in a Session Initiation Protocol (SIP) call. When the DTMF is generated, a notify request is sent. When the router receives the SIP 200 OK response for the notify request, the router reloads.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) switching is enabled on all interfaces, but the packets are not CEF-switched.
Conditions: This symptom is observed on a Cisco IAD2431 but may be observed on other Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: Traffic does not flow on a Cisco router that is configured with VPN routing/forwarding (VRF)-aware IP Security (IPSec) and that is enabled with a software crypto engine.
Conditions: This symptom is observed on a Cisco router and occurs because packets are dropped after encryption. The output from the debug ip cef drop EXEC command displays the following information:
CEF-Drop: Packet for 10.1.38.16 to null0Workaround: There is no workaround.
•
Symptoms: The following symptoms may occur:
–
NO DH public value–
Invalid Function Code, Error coming back 0x4–
NO DH public valueConditions: These symptoms are observed when the router is configured for many tunnels (over 500) or the router has been running for a long time with few tunnels. The D-H keys are leaked slowly for each IKE tunnel creation, and once they reach the limit of 5000 D-H leaks, none of the new negotiations succeed.
Workaround: Enter the no crypto engine accelerator global configuration command to reset the VAM or VAM2. Make sure the fix for caveat CSCec29962 is in the version of Cisco IOS software that you are running before you shut-down and then reenable the VAM or VAM2.
Alternate Workaround: If you cannot reset the hardware, reload the router. This will help continue operations, but the symptom will occur again.
•
Symptoms: A Cisco Packet Data Serving Node (PDSN) may reload when a call handoff is made.
Conditions: This symptom is observed when a session with different A10 and A11 endpoints is handed off in such a manner that the A10 endpoint has moved to the existing A11 endpoint.
Workaround: There is no workaround.
•
Symptoms: When a Cisco gateway GPRS support node (GGSN) receives the routing area update to change the data address of the serving GPRS support node (SGSN), the downstream traffic for the PPP packet data protocol (PDP) interface may fail to reach the SGSN and traffic may be dropped.
Conditions: This symptom is observed on a Cisco GGSN that is running Cisco IOS Release 12.2(8)YW.
Workaround: There is no workaround.
•
Symptoms: A PPP user with a structured username (for example, user@domain) is not able to log on to a Cisco router.
Conditions: This symptom is observed on a Cisco router that has Service Selection Gateway (SSG) enabled and that is running the SSG image of Cisco IOS Release 12.3(1.x)T.
Workaround: There is no workaround.
•
Symptoms: When local forwarding is enabled on a Service Selection Gateway (SSG), the router may reload.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(15)B with SSG enabled. Local forwarding is also enabled in SSG.
Workaround: There is no workaround.
•
Symptoms: The Service Selection Gateway (SSG) does not activate the extensible authentication protocol subscriber identity module (EAP-SIM) user after the SIM authentication has occurred successfully.
Conditions: This symptom is observed in the SSG image of Cisco IOS Release 12.2(16)B when Access Point (AP) accounting is enabled.
Workaround: Disable AP accounting.
•
Symptoms: The channel-group number timeslots range controller configuration command may not be accepted when it is configured under an E1 or T1 controller. The following error message may be displayed:
%Channel-group is not supported by this AIM module 636 %Insufficient resources to create channel groupConditions: This symptom is observed on a Cisco 3660 router that is configured with an Advanced Integration Module (AIM-VOICE) module in AIM0 and an AIM-ATM- DSP module in AIM1.
Workaround: Configure the channel-group number timeslots range aim 1 controller configuration command first, unconfigure the command, and then configure the channel-group number timeslots range controller configuration command.
•
Symptoms: A Cisco router may reload because of a memory allocation failure.
Conditions: This symptom may be observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A user cannot log in to the proxy service. After the proxy service profile is downloaded and installed, the login fails with a Service Selection Gateway (SSG) access-reject message when the user tries to log in to the service.
Conditions: This symptom is observed only in the g4js feature set of Cisco IOS software when the user logs in to SSG and then the SSG user logs in to the proxy service.
The following example is a typical configuration that causes this symptom:
Typical Configuration
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa session-id common
!
!
ssg enable
ssg accounting interval 60
ssg default-network 10.1.1.1 255.255.255.255
ssg service-password <some_service_password>
ssg radius-helper auth-port 1645 acct-port 1646
ssg radius-helper key cisco
!
!
!
!
!
radius-server host 9.2.36.253 auth-port 1645 acct-port 1646
radius-server key <radius_key>
radius-server vsa send accounting
radius-server vsa send authentication
!Following are sample RADIUS profiles of a typical user profile and a typical service profile that may encounter this symptom:
User Profile
user = user1 {
profile_id = 562
set server current-failed-logins = 1
profile_cycle = 8
radius=6510-SSG-v1.1 {
check_items= {
2=<some_user_password>
31=654321
}
reply_attributes= {
9,250="NProxy_serv1"
9,250="NProxy_serv2"
9,253="QT15"
}
}
}Service Profile
user = Proxy_serv1{
profile_id = 830
profile_cycle = 1
radius=6510-SSG-v1.1 {
check_items= {
2=<some_service_password>
}
reply_attributes= {
9,251="TX"
9,251="MC"
9,251="R10.11.11.0;255.255.255.0"
}
}
}Workaround: There is no workaround.
•
Symptoms: During user authentication on a Service Selection Gateway (SSG), two calling station IDs are sent in the Access-Request response.
Conditions: This symptom is observed when an SSG host logs in through the Subscriber Edge Services Manager (SESM) with a valid Mobile Station International PSTN/ISDN (MSISDN) value. The host is connected to the SSG through a bridged interface, and SSG has an Address Resolution Protocol (ARP) entry for the user's IP address. Both the MSISDN and the MAC address are sent as calling-station-id attributes in the Access-Request response for host authentication.
Workaround: There is no workaround.
•
Symptoms: An accounting start record is not sent when a mobile user registers for the first time with the Home Agent (HA) accounting agent.
Conditions: This symptom is observed on a Cisco router that has the HA accounting feature enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3631 router may not recognize an Advanced Integration Module (AIM) ATM card that is plugged into it.
Conditions: This symptom is observed on a Cisco 3631 router that is running Cisco IOS Release 12.3(3.1)T.
Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) values for entity, vendor type, and card type are incorrect for the Cisco Intrusion Detection System Network Module (NM-CIDS). Cisco View identifies the NM-CIDS as a Content Engine Network Module (NM-CE).
Conditions: This symptom is observed when the NM-CIDS module is installed and is queried for SNMP entity, vendor type, and card type values.
Workaround: There is no workaround.
•
Symptoms: The console of a Service Selection Gateway (SSG) may pause indefinitely if the port map length is configured.
Conditions: This symptom is observed if there are source IP addresses already configured when you enter the ssg port-map length 6 global configuration command.
Workaround: There is no workaround.
•
Symptoms: A router with the Service Selection Gateway (SSG) RADIUS proxy feature enabled may reload when a RADIUS proxy user tries to log in.
Conditions: This symptom is observed on a Cisco SSG enabled with the RADIUS proxy feature for the Packet Data Serving Node (PDSN). If the SSG does not receive the realm in the Access-Accept response from the authentication, authorization, and accounting (AAA) server, the SSG may reload when processing the Access-Accept response.
Workaround: Make sure that the correct realm vendor-specific attribute (VSA) is present in the response.
•
Symptoms: New RADIUS proxy users may not be able to log in after the Service Selection Gateway (SSG) receives 1000 access rejects for previous RADIUS proxy users from an authentication, authorization, and accounting (AAA) server.
Conditions: This symptom is observed in the SSG images of Cisco IOS Release 12.3(1a).
Workaround: There is no workaround.
•
Symptoms: The RADIUS proxy feature does not function correctly.
Conditions: This symptom is observed in a Service Selection Gateway (SSG) image of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: Packets may not take the quality of service (QoS) path because an extra 8 bytes are added to the content of the packet.
Conditions: This symptom is observed when distributed link fragmentation and interleaving (dLFI) over ATM QoS is configured on a Route Switch Processor (RSP) router.
Workaround: There is no workaround.
•
Symptoms: When IP Header Compression (IPHC) is configured on a Cisco router that has a High-Speed Serial Interface (HSSI), PPP WAN encapsulation, and distributed Cisco Express Forwarding (dCEF), the following error message may be observed in the error log:
%FS_IPHC-3-SEQ_ERROR: Received out of sequence IPC messageConditions: This symptom is observed on a Cisco 7500 series that has an HSSI interface and that has IPHC configured.
Workaround: There is no workaround.
•
Symptoms: During the configuration of the Virtual Router Redundancy Protocol (VRRP) on a Cisco router, it may be possible to change the VRRP virtual IP address to the same value as the interface IP address.
Conditions: This symptom is observed on all Cisco platforms when VRRP object tracking is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may unexpectedly reload and display the following error:
Unexpected exception, CPU signal 10, PC = 0x416BF418Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.3(3.7)T and that has been configured with IP Header Compression (IPHC) on a distributed multilink interface. The error occurs only if distributed Cisco Express Forwarding (dCEF) is disabled by entering the no ip cef global configuration command or the no ip cef distributed global configuration command while the interface is operational.
Workaround: Ensure that the multilink interface is disabled (shut down) prior to disabling dCEF.
Wide-Area Networking
•
Symptoms: Tunnels disappear with the nosession-timeout value set to never when there are no sessions present.
Conditions: This symptom is observed when tunnels are configured with the nosession-timeout value set to never by entering the l2tp tunnel nosession-timeout never VPDN group configuration command.
Workaround: Do not set the nosession-timeout value to never. Set the timeout value to a value in seconds (for example, 30 seconds) by entering the l2tp timeout no-session 30 VPDN group configuration command. This will cause all tunnels to go away after 30 seconds without sessions.
•
Symptoms: Spurious memory access and tracebacks may be seen at l2f_add_aaa_tunnel_acct,l2x_get_caller_id for L2F tunnels when the show vpdn session packets EXEC command is executed. The router may reload if this command is issued and there are more L2F sessions.
Conditions: This symptom is observed on a Cisco access server for L2F sessions. The symptom is not observed for L2TP tunnels. The symptom may impact service.
Workaround: There is no workaround.
•
Symptoms: The virtual private dial-up network (VPDN) debug commands do not function correctly in Cisco IOS Release 12.3 T.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: Data forwarding through a Cisco router that acts as a Layer 2 Tunneling Protocol (L2TP) tunnel switch may fail with non-Cisco L2TP access concentrators (LACs).
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(2)T or a later release.
Workaround: There is no workaround.
•
Symptoms: A router may reload when Serial Line Internet Protocol (SLIP) is configured on a virtual interface, and then PPP is configured on the same interface.
Conditions: This symptom is observed on the virtual interface of a Layer 2 Tunneling Protocol (L2TP) network server (LNS).
Workaround: There is no workaround.
•
Symptoms: A router that is running Cisco IOS Release 12.3(2)T2 or a later release may reload with a bus exception when an interface that is configured with the ppp multilink group interface configuration command either goes down or renegotiates the PPP Link Control Protocol (LCP).
Conditions: This symptom is observed when two different members of the same multilink group use different multilink endpoint discriminators or usernames. This is a configuration error, but in this instance it causes the router to erroneously create two bundles on the same group interface, and the router reloads when one of the bundles is brought down.
This symptom can occur, for instance, if an interface is being moved from one active multilink group to another, and the username is changed on the remote peer before the multilink group assignment is changed locally.
Workaround: Make sure that all interfaces that are assigned to a given multilink group are configured to supply the same username and endpoint discriminator on the remote peer. If an interface is moved from one multilink group to another, shut the interface down while it is being reconfigured.
Resolved Caveats—Cisco IOS Release 12.3(2)T9
Cisco IOS Release 12.3(2)T9 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When tunnelled sessions are flapped on an L2TP Access Concentrator (LAC) or an L2TP Network Server (LNS), sessions may be attempted to be established on the wrong tunnels.
Conditions: This error occurs when there is a high call rate and a high call volume.
Workaround: Enable the radius-server source-ports extended global configuration command.
IP Routing Protocols
•
Symptoms: A Cisco router may reload unexpectedly when you enter a show command that is related to IP multicast.
Conditions: This symptom is observed on a Cisco router that has remained at the "more" prompt for a long period of time.
Workaround: There is no workaround. If the user tries to avoid leaving a show command at a --More-- prompt for a long time, chance of running into this issue is very small. Also, if the router does not have directly connected receivers nor igmp join configured (e.g. core routers), this bug would not cause harm.
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: A Cisco 1600 series crashes with an "Unexpected exception to CPU vector 2" error.
Conditions: This symptom is observed when stateful NAT is configured with the redundancy in command.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A router that is configured with VPN routing and forwarding (VRF) aware IP security (IPSec) does not route packets in the given VRF; instead, the packets are routed using the default routing table.
Conditions: This symptom is observed on a Cisco router if Cisco Express Forwarding (CEF) is enabled, and if there is a subinterface configured with VRF aware IPSec and another subinterface configured with VRF.
Workaround: Turn off CEF switching on the IPSec aggregator.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
•
Symptoms: An alignment error may cause a Cisco router to reload unexpectedly.
Conditions: This symptom is observed under rare conditions (an "extreme corner case") on a MIPS-based Cisco platform or on a Versatile Interface Processor (VIP), port adapter, or line card that contains a MIPS processor. The symptom is not release-dependent and may occur in all Cisco IOS releases.
Workaround: There is no workaround.
Further Problem Description: All Cisco 7500 VIPs and Cisco 7200 NPEs use MIPS- based processors. The following are additional platforms that use MIPS processors:
Cisco 2691, 3620, 3631, 3640, 3660, 3725, 3745, 4500, 4500-M, 4700, 4700-M, AS5300, AS5400, AS5450, AS5800 router shelf, AS5800 system controller (3640 based), 7120, 7140, UBR7100, UBR7200 - all NPEs, 7301, 7304, 7400, 6500 MSFC, 6500 MSFC2, 7600 MSFC, 7600 MSFC2, 10000, UBR10012, 12000 GRP, and most (if not all) 12000 line cards.
•
Symptoms: A Cisco router that is running the latest Cisco IOS Release 12.3T code will crash if it initiates a SIP call from an FXS interface towards a third party application (UA), and the calling party hangs up. A software forced crash will follow immediately.
Conditions: This problem is observed on a Cisco 3660 router that is running Cisco IOS Release 12.3(4)T3. It has also been observed in Cisco IOS Release 12.2(23).
Workaround: There is no workaround.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed on a Cisco 7200vxr series that is configured with an NPE-G1 Network Processing Engine
Workaround: There is no workaround.
•
Symptoms: A router that is configured for RTP header compression may crash with a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T or a later release, or Release 12.2 S.
Workaround: Disable RTP header compression.
•
Symptoms: A software-forced crash may occur on a gatekeeper that processes an incoming call.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.2(15)T13 and occurs only when a GKTMP server is configured for LRQ triggering.
Workaround: There is no workaround.
•
Symptoms: When using a Cisco AS5850 that is running an MGCP application with 20 calls per second bring up rate, voice call setup may start to fail.
Conditions: This symptom occurs when issuing the show run and the show voice call summary commands while bringing up 20 calls per second.
Workaround: Avoid issuing the show commands during peak call bring up.
•
Symptoms: Calls after the 10th call are not compressed and bandwidth use doubles.
Conditions: This symptom is observed when class-based cRTP is enabled.
Workaround: Double the bandwidth if you make more than 10 calls.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time, possibly generating CPUHOG errors and causing a watchdog crash. Other processes on the router may fail because these processes do not receive the CPU bandwidth that they require. Consequently, the following difficulties may occur:
- Routes may time out.
- Tunnels may go down.
- Accessing the router via a Telnet connection to a network port may become impossible.
- The command-line interface (CLI) via the console line may become quite slow to respond.
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed on a Cisco 7300 series when the MPLS-LSR-MIB MIB is enabled, when you query the object mplsXCIndexNext, and when there are more than 1,000 Multiprotocol Label Switching (MPLS) labels active. However, the symptoms are platform-independent.
Workaround: Perform the following steps:
1. Shut down interfaces to bring the total count of active MPLS labels down to far below 1,000.
2. Disable the MPLS-LSR-MIB MIB by entering the following sequence of commands:
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server view nolsrmib iso include
3. Modify each defined community string to include the view nolsrmib keywords. For example, define the "public" community string by entering the following command:
snmp-server community public view nolsrmib ro
4. Enter the no shutdown interface configuration command on all the interfaces that you shut down in Step 1.
•
Symptoms: On a Cisco AS5850 with an enhanced Route Switch Controller (RSC) that is configured to hair-pin incoming ISDN calls onto outgoing channel associated signaling (CAS) channels (or vice-versa), a Time Division Multiplexing (TDM) leak condition will be exhibited after a few hours.
Conditions: This symptom is observed in Cisco IOS Release 12.3T.
Workaround: There is no workaround.
•
Symptoms: STM1 flaps map be observed on a Cisco AS5850 access gateway.
Conditions: This symptom occurs when the debounce timer for Loss of Signal (LOS) and Loss of Frame (LOF) is ignored.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5850 that is configured to use a backhaul session manager, the backhaul sessions may go down, causing the D-channels to go down too.
Conditions: This symptom is observed when 100 percent CPU utilization occurs on the Cisco AS5850 for 2 seconds or longer.
Workaround: Increase the RUDP retransmission time-out value to 1000 ms.
•
Symptoms: High-speed modems may fail during a modem passthrough call.
Conditions: This symptom is observed when a high-speed modem is used for a modem passthrough call and when the dejitter buffer is configured to be too large or too small to accommodate the modem traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco access server that terminates virtual-profile calls with per-user access control lists (ACLs) does not remove all per-user ACLs when calls are terminated. This situation may cause the memory of the access server to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco access server that runs a Cisco IOS Release that contains the fix for CSCee01688.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•
Symptoms: A Cisco AS5850 that has a trunk-group that is provisioned to a third-party vendor switch can pass a COT request when this request is initiated by a Cisco BTS 10200 but fails when this request is initiated by the third-party vendor switch. This situation prevents you from configuring new trunks to the third-party vendor switch.
Conditions: This symptom is observed in a configuration with a Cisco BTS 10200 that runs software version 3.5 3 V03 and a Cisco AS5850 that runs Cisco IOS Release 12.3(2)T7 or Release 12.3(2)T3.
Workaround: There is no workaround.
Further Problem Description: Because the third-party vendor switch does not use the loopback COT, the 4W_TO_2W COT is required. When the CCR is received, the Cisco BTS 10200 sends the LPA, and then sends a CRCX with M:conttest to the Cisco AS5850. Then, the third-party vendor switch sends a 2010-Hz tone and searches for a 1780-Hz tone from the Cisco AS5850. Monitoring the T1 line reveals that the Cisco AS5850 does not send the 1780-Hz tone although it does receive the 2010-Hz tone from the third-party vendor switch. So either the CRCX with M:conttest is not implemented correctly on the Cisco AS5850, or the Cisco BTS 10200 should send a RQNT with S:T/co2 following the CRCX.
•
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 does not create a voice port for a controller that is configured for external signaling beyond the first TUG-3 on an STM1 card.
Conditions: This symptom is observed in a configuration in which a Cisco AS5850 is configured for external signaling via the DS0 group on a controller. Voice ports are not created for controllers beyond the first TUG-3 on an STM1 card.
Workaround: There is no workaround.
•
Symptoms: Calls are cleared properly but corresponding application instances may not be cleared. This situation causes a memory leak, and eventually, when the gateway runs out of memory, causes the gateway to crash.
Conditions: This symptom is observed on a Cisco AS5850 gateway that runs a TCL application that provides TBCT functionality when the Cisco AS5850 gateway interworks with a 5ESS switch.
Workaround: There is no workaround.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•
Symptoms: When you enter the show voice call summary command on a Cisco AS5850, the CPU utilization increases up to 95 percent and causes Connection Admission Control (CAC) to become active and calls to drop. When the generation of the command output is complete, the CPU utilization is restored to its normal value.
Conditions: This symptom is observed on a Cisco AS5850 that has a heavy incoming call load (40 cps) and that is configured for CAC.
Workaround: Do not enter the show voice call summary command.
•
Symptoms: Spurious memory accesses occur on a gatekeeper during RAS communication for H.323 voice calls.
Conditions: This symptom is observed when the gatekeeper sends an LRQ for a voice call.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 with an ERSC board may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed only on a Cisco AS5850 series that is configured with an ERSC board. RSC boards are not affected.
Workaround: There is no workaround.
•
Symptoms: When the calling number or the called number or both contains the * character, for example *67#1234567890, the call is rejected by the gateway and is released with cause code 63 (service or option not available). In the debugs the following message is generated before call is released:
H225Lib::is_valid_e164_number: Number has non-supported IA5 character - * cch323_ras_arj_notify:calledConditions: This symptom is observed on a Cisco platform that functions as a gateway in an H.323 VoIP network and that runs Cisco IOS Release 12.3(6c) or another release that contains the fix for CSCee07037. The symptom occurs only in gatekeeper-routed call scenarios, that is, RAS-based call flows. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee07037. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected. The symptom does not occur with other characters such as #.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: When the Cisco Call Connection Manager (CCM) resets a Media Gateway Control Protocol (MGCP)-controlled gateway, some Foreign Exchange Office (FXO) cards remain shut down.
Conditions: This symptom is observed on Cisco 2651XM and Cisco 3745 routers that run Cisco IOS Release 12.2(15)T5. CCM sends an extensible markup language (XML) configuration file to the gateway, but some commands are not processed by the routers. The symptom may also occur in other releases.
Workaround: Enter the no shutdown interface configuration command on the FXO cards.
•
Symptoms: A router may reload unexpectedly while you disable label distribution protocol (LDP) on an interface.
Conditions: This symptom is observed on a router that has several interfaces that are configured for LDP when you disable LDP on all interfaces and when there is still one open TCP connection that is passively used by LDP while you disable LDP on the last interface.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A router always reports an E=69 error code for a Challenge Handshake Authentication Protocol (CHAP) Access-Reject response by the RADIUS server instead of the error code that is sent by the RADIUS server.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(4)T or Release 12.3(5).
Workaround: There is no workaround.
•
Symptoms: A call may cause the following error messages, after which calls may pause indefinitely:
%DIAL0-3-MSG:
%DS_TDM-3-NO_RECOMB_BUS_DS0: Slot 0: no free Recombination bus DS0s left;
connection not madeConditions: This symptom is observed on a Cisco platform that functions in a stress environment.
Workaround: There is no workaround. To recover from the symptom, reload the platform.
Resolved Caveats—Cisco IOS Release 12.3(2)T8
Cisco IOS Release 12.3(2)T8 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0 -Process= "CDP Protocol", ipl= 0, pid= 42 -Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, Cisco IOS Release 12.2 S, Cisco IOS Release 12.3, or Cisco IOS Release 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: Data calls may not be authenticated with authentication, authorization, and accounting (AAA) on a Cisco AS5850.
Conditions: This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.3(1.7).
Workaround: There is no workaround.
•
Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is:
Reloading a faulty Cisco IP conference station 7935 or 7936 may cause a connected Cisco switch or router to reload. A CDP message may appear on the terminal, such as the following one:
%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex).
Conditions: This symptom is observed when an empty "version" field exists in the output of the show cdp entry * command for at least one entry.
Workaround: Disable CDP by entering the no cdp run global configuration command.
First Alternate Workaround: Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) has or have an empty "version" field in the output of the show cdp entry * command.
Second Alternate Workaround: Disconnect the Cisco 7935 or 7936 phone, in the case of the specific symptom that is described above.
•
Symptoms: When downloading IP address pools via a Radius Server using Radius Attribute 217, Ascend-IP-Pool-Definition, the ending IP address of the address pool is incorrect. It seems that the translation from the Ascend max entries to a Cisco CLI attribute goes wrong.
See the following example:
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 19 "1 10.112.26.1 240"
Nov 6 11:26:49.696: RADIUS: Vendor, Ascend [26] 26
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 20 "5 10.112.26.242 10"
Nov 6 11:26:49.696: RADIUS(0000017C): Received from id 21648/217
Nov 6 11:26:49.696: AAA/PER-USER: mode = config; command = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.696: AAA/PER-USER: line = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.700: AAA/PER-USER: mode = config; command = [ ip local pool 5 10.112.26.242 10.128.59.6]
Nov 6 11:26:49.700: AAA/PER-USER: line = [ ip local pool 5 10.112.26.242 10.128.59.6]It is unclear where i.e. 10.128.59.6 comes from as it should be 10.112.26.252 (total of 10 addresses in the pool).
The NAS rightfully complains further about it in the debugs as follows:
Nov 6 11:26:49.704: PPP: Message from per-user configuration ...
Nov 6 11:26:49.704: %Bad IP range, 10.112.26.242-10.128.59.6Radius Attribute Translations and Cisco AV-pairs are handled as you would parser the command into the CLI.
Conditions: This seems to fail in about 1 out of 10 IP pool downloads from the Radius-Server.
Workaround: Use Cisco AV-pairs attributes to download IP address pool instead of Radius Attribute 217, Ascend-IP-Pool-Definition.
•
Symptoms: Depending upon configuration, issuing The show cdp entry * protocol command may cause a reload of the device.
Conditions: This symptom occurs on Cisco products that are speaking CDP with configurable interface MTU.
Workaround: Disable CDP, avoid issuing the command under given circumstances, or upgrade to a fixed version of software.
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
IP Routing Protocols
•
Symptoms: A Resource Reservation Protocol (RSVP) reservation may be torn down when a routing change occurs.
Conditions: This symptom is observed on a Cisco router that is configured for Voice over IP (VoIP).
Workaround: There is no workaround.
•
Symptoms: For each data packet that is handled on a Cisco router, spurious memory accesses may occur at addresses 0x1D and 0x22. When the traffic rate is high, the console may become unresponsive, and the router may pause until the call is cleared. The output of the show alignment EXEC command displays the following information:
Total Spurious Accesses 3984, Recorded 8
Address Count Traceback 1D 775 0x610CFA2C 0x60420754 0x60432D98 24 775 0x610CFA38 0x60420754 0x60432D98 3 775 0x610CFCF4 0x60420754 0x60432D98 3 775 0x610B5D5C 0x610CFD20 0x60420754 0x60432D98 22 221 0x610CFA2C 0x60429D48 0x60432D98 24 221 0x610CFA38 0x60429D48 0x60432D98 8 221 0x610CFCF4 0x60429D48 0x60432D98 8 221 0x610B5D5C 0x610CFD20 0x60429D48 0x60432D98Conditions: This symptom is observed on a Cisco router that has a single physical interface that is configured for Resource Reservation Protocol (RSVP) over ATM switched virtual circuits (SVCs) on one subinterface and RSVP over ATM permanent virtual connections (PVCs) on another subinterface. The symptom is related to a timing difficulty because the symptom occurs only when the PVC is set up after the SVC.
Workaround: There is no workaround.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround
Miscellaneous
•
Symptoms: A Cisco router may reload when a subdirectory is created on an Advanced Technology Attachment (ATA) Flash disk.
Conditions: This symptom is observed when the ATA Flash disk space that is allocated to the subdirectory contains data from previously deleted files.
When a subdirectory is created or extended, it is given space on the ATA Flash disk. If this space contains zeros, the symptom does not occur. However, if the space was previously used, the space does contain data bytes from the previous file, and these data bytes may confuse the file system. This situation may cause the router to reload.
Workaround: Do not create subdirectories on the ATA Flash disk.
•
Symptoms: Data packets may be punted to the process path when user logon and logoff activity occurs.
Conditions: This symptom is observed in all of the Service Selection Gateway (SSG) images of Cisco IOS software under heavy load conditions.
Workaround: There is no workaround.
•
Symptoms: A router that is running RIPng may crash after receiving a malformed RIPng packet causing a Denial of Service (DoS) on the device. Such malformed packets can normally be sent locally. However, if the ipv6 debug rip command is enabled on a system then the crash can also be triggered remotely. RIP for IPv4 is not affected by this vulnerability.
Conditions: This symptom can occur on RIPng and if the ipv6 debug rip command is enabled.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for quality of service (QoS) may reload unexpectedly because of a segmentation violation (SegV) exception.
Conditions: This symptom was observed on a Cisco 2600 series that runs the c2600-telco-mz image of Cisco IOS Release 12.3(1a). This can be seen on other IOS-based routers.
Possible Workaround: Disable QoS.
•
Symptoms: A NAS crashes when stress scripts are running and when bulk calls are made.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800 that are configured for T1 when scripts run that enter the shutdown command followed by the no shutdown command on controllers in digital callers and the clear modem all command in analog callers. The NAS is stressed with both analog and digital calls made from a traffic generator that sends 20 packets per second and the scripts run every 10 minutes.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload with a software forced crash.
Conditions: This symptom is observed on a Cisco AS5850 that runs the c5850tb-p9-m image of Cisco IOS Release 12.3(2)T6. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: An active RSC may crash when you enter the redundancy handover peer-resources command.
Conditions: This symptom is observed when a Cisco AS5850 runs in handover split mode and one RSC is in an extra-load mode.
Workaround: Enter the redundancy handover peer-resources command when there are no active calls on any resources that must to be handed over.
•
Symptoms: A software-forced reload may occur on an MGCP gateway that uses embedded messages in the MGCP protocol.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP gateway and is caused by the MGCP embedded message processing.
Workaround: There is no workaround.
•
Symptoms: When you make a call via a Cisco AS5850, you may only hear one-way audio.
Conditions: This symptom is observed when the called party is behind a NAT gateway.
Workaround: There is no workaround.
•
Symptoms: Calls drop after 25 seconds.
Conditions: This symptom is observed on a Cisco AS5850 when the following commands are configured:
ip rtcp report interval 5001
gateway
timer receive-rtcp 5
Workaround: There is no workaround.
•
Symptoms: A SIGSM template does not work when the d[x] field is used to specify the maximum number of digits that need to be captured; the caller would have to enter x+1 digits in order for the call to go through correctly.
Conditions: This symptom is observed on a Cisco AS5850 when a signaling template is configured and when the maximum digit field is used.
Workaround: There is no workaround.
•
Symptoms: The MGCP default setting for a minimum jitter buffer size is 4 ms; this setting degrades the voice quality until you configure the setting to be different via the mgcp playout command. It has always been this way in IOS, but MGCP has been using a fixed MGCP playout buffer instead of a dynamic buffer even though it was configured to use dynamic. During some recent IOS changes, it now uses dynamic playout buffer.
Conditions: This symptom is observed under normal operating conditions.
Workaround: Configure the nominal MGCP default setting for the minimum jitter buffer size to be the same as for H.323 and SIP gateways so that the setting for each individual gateway does not need to be changed via the mgcp playout command.
•
Symptoms:
RSC may crash when the redundancy handover peer-resources is issued at the active RSC to handover the resources to the standby RSC.
Conditions: This happens in handover split mode if file copy/delete/format operations are in progress
Workaround: Do not handover resources when file copy/delete operations are in progress
TCP/IP Host-Mode Services
•
Symptoms: User Datagram Protocol (UDP) port 1985 (on which Hot Standby Router Protocol [HSRP] runs) may be opened by a port scan. This is improper behavior.
According to the router log, the router does not generate a message that indicates that UDP port 1985 cannot be reached, as it should do.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(2)T1 but may also occur in other releases.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Wide-Area Networking
•
Symptoms: When a router running Cisco IOS Release 12.0S, Cisco IOS Release 12.1, Cisco IOS Release 12.2, or Cisco IOS Release 12.2T receives a multilink packet with Protocol Field Compression (PFC) applied, the packet is not interpreted correctly, and is subsequently rejected. The following debug messages appear in the debug trace when the debug ppp negotiation command is enabled:
MLP: I UNKNOWN(192) [Not negotiated] id 0 len 0 LCP: O PROTREJ [Open] id 2 len 95 protocol MLPConditions: This symptom is observed when the router requests PFC during Link Control Protocol (LCP) negotiations and the peer applies PFC to its outbound packets. PFC is enabled by default on asynchronous serial interfaces, it is disabled by default on other interfaces.
Workaround: In Cisco IOS Release 12.2 and 12.2T, PFC can be disabled using the ppp pfc local forbid interface configuration command. In Release 12.0S and 12.1, there is no workaround.
•
Symptoms: With PPP multilink over ATM configured in Cisco IOS, the router may reload with a bus error.
Conditions: This symptom is observed when the PPP over ATM link goes down and is removed from the multilink bundle.
Workaround: Increasing the keepalive interval or retry count, or disabling keepalives altogether, may help to avoid the problem by making it less likely that the PPP over ATM session goes down during periods of instability in the ATM network.
Resolved Caveats—Cisco IOS Release 12.3(2)T7
Cisco IOS Release 12.3(2)T7 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Attributes 42 and 43 may be of value "zero" in Connection STOP records.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that run Cisco IOS Release 12.3 or Release 12.3(4)T4 when a TCP-clear call is disconnected by the caller. For call disconnects by the NAS, the values are proper.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: Previously suppressed prefixes are not automatically installed in the VRF table.
Conditions: This symptom is observed after the VRF table reaches the maximum route limit. Subsequent prefixes are suppressed and not installed in the VRF table. After the suppress condition is cleared, routes are entered into the VRF table without any manual intervention.
Workaround: Enter the clear ip bgp command.
•
Symptoms: When using Cisco CallManager and PAT on the CE router, no voice is observed if a call is made across CCM clusters and is transferred back to another phone on the same CCM, between the IP phones behind PAT.
Conditions: This symptom occurs when Cisco CallManager is configured for Static NAT. The IP phones registered to the CCM in the location are configured to use PAT. A call is made across the CCM cluster and transferred back to the cluster.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for SIP NAT may not be able to process authentication messages from a third-party SIP gateway that performs SIP proxy authentication.
Conditions: This symptom is observed in a Call Hold/Resume procedure.
Workaround: There is no workaround.
•
Symptoms: T.38 fax calls between a Cisco router and a third-party gateway may fail.
Conditions: This symptom is observed when two third-party gateways are connected via a Cisco router that runs SIP NAT. The T.38 fax calls fail from one of the third-party gateways to the Cisco router and vice versa.
Workaround: There is no workaround.
•
Symptoms: Previously suppressed prefixes are not automatically installed in the VRF.
Conditions: After the VRF reaches max route limit, subsequent prefixes are being suppressed and not installed in the VRF table. After the suppressed condition is cleared, routes should be put into VRF without any manual intervention.
Workaround: Use the clear ip bgp command.
•
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:3The entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
Miscellaneous
•
Symptoms: On an MPLS label edge router that supports hardware-assisted forwarding (that is, platforms such as the Cisco Catalyst 6500 series, the Cisco 7600 series, the Cisco Catalyst 8540, and the Cisco 12000 series) with multiple outgoing MPLS paths, there could be an inconsistency between the hardware and software MPLS forwarding table.
Conditions: This symptom is observed when you enter the shutdown interface command followed by the no shutdown interface configuration command on one of the outgoing MPLS enabled interfaces or you enter the no mpls ldp interface command followed by the mpls ldp interface configuration command on one of the outgoing MPLS enabled interfaces on an MPLS label edge router that supports hardware-assisted forwarding with multiple outgoing MPLS paths.
Workaround: Enter the clear ip route command for the affected prefix to take down all the paths and ensure that the paths are rebuilt.
•
Symptoms: If a three-level hierarchy service policy is attached to two different interfaces and the policers are removed from the parent class, the policers for the child class are also removed.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: Detach the service policies from the interfaces, and then reattach them.
•
Symptoms: VLAN class of service (CoS) bits may not be set for outgoing Multiprotocol Label Switching (MPLS) packets, although the modular QoS CLI (MQC) may indicate so.
Conditions: This symptom is observed on a Cisco 7200 series or Cisco 7500 series that runs Cisco IOS Release 12.2, Release 12.3, or Release 12.3 B when CoS marking is applied to a VLAN subinterface. Note that traffic that is generated by the router itself receives the correct CoS for all classes.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload unexpectedly during a service-policy configuration.
Conditions: This symptom is observed when you attach a level 2 policy map as a child of a level 1 policy map and when the level 1 policy map is already attached to an interface.
Workaround: Create a level 3 policy map, and attach it to the interface.
•
Symptoms: The main High-Speed Serial Interface (HSSI) interface flaps when you enter the map-class frame-relay global configuration command on a subinterface.
Conditions: This symptom is observed only when map class contains both traffic shaping and Random Early Detection (RED).
Workaround: Use only traffic shaping under the map-class.
•
Symptoms: When configuring QoS on a Cisco 7200 series, the router may reload with a bus error. Specifically, the bus error occurs after having entered the no class name command on subinterfaces.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.2(17a). The symptom may also occur in other releases. This behavior is associated to the use of "payload-compression" and Weighted Random Early Detection (WRED) configurations.
Workaround: There is no workaround.
•
Symptoms: An incoming call may be rejected when the service that is defined in the name argument of the resource-pool profile service name global configuration command is applied to the customer profile.
Conditions: This symptom is observed on a Cisco AS5300 and a Cisco AS5400 that are configured for R2 channel-associated signaling (CAS).
Workaround: Remove the service from the resource-pool profile service name global configuration command.
•
Symptoms: An H.323 proxy may fail when a conference call between a PSTN user and IP phones users is initiated by an IP phone in a Cisco CallManager environment.
Conditions: This symptom is observed on a Cisco router that functions as a gatekeeper, that has the H.323 proxy enabled, and that runs Cisco IOS Release 12.3(5) in the following topology:
An IP phone connects to a Cisco CallManager that connects to the Cisco gatekeeper that has the H.323 proxy enabled. The Cisco gatekeeper connects to yet another gatekeeper that connects to a gateway that, in turn, connects to the PSTN.
All calls to and from the Cisco CallManager IP phone via the Cisco gatekeeper are proxied. The Cisco CallManager runs software version 3.3(3)SR3. The display IE delivery option is disabled in the H.225 trunk configuration in the Cisco CallManager administration web page. The H.225 trunk is controlled by one of the gatekeepers.
The symptom occurs in the following sequence of events:
1. A PSTN user calls IP phone (IP phone 1).
2. The user of IP phone 1 answers the call and the call is connected with two-way audio.
3. The user of IP phone 1 presses the "conference" button and calls another IP phone (IP phone 2).
4. The user of IP phone 2 answers the call and the call is connected with two-way audio.
5. The user of IP phone 1 presses the "conference" button again.
6. The H.323 proxy fails, causing the PSTN to be disconnected from the conference call.
7. The conference call continues between the user of IP phone 1 and the user of IP phone 2.
Workaround: Enable the "Display IE delivery" option in the H.225 trunk configuration Cisco CallManager administration web page.
Alternate Workaround: Disable the H.323 proxy on the Cisco gatekeeper.
•
Symptoms: A Layer 2 Tunneling Protocol (L2TP) network server (LNS) may not remove a per-user access control list (ACL) from the configuration. This situation may cause the memory of the LNS to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco router that functions as an LNS in a Large-Scale Dial-Out (LSDO) configuration when a per-user ACL is present in the RADIUS profile of the user.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•
Symptoms: The outgoing VCCI that is programmed in the FIB/TFIB in the PXF for a prefix is wrong.
Conditions: This condition only occurs if the outgoing interface is a cell based interface. This might also occur under extreme stress conditions of xtag flaps/LDP flaps; or if the "cos-map" is modified in the configuration.
Workaround: When this happens, issue the clear ip route command for the affected prefix.
•
Symptoms: On a Cisco AS5400 Voice Gateway, calls may fail when it is used as an Originating Gateway that is configured with g.clear codec and signalled by an MGCP call agent. NAK messages may also be seen.
Conditions: This symptom is observed on a Cisco AS5400 Voice Gateway.
Workaround: There is no workaround.
•
Symptoms: In some cases, issuing the clear interface switch 1 command in rapid succession, may cause RPM-XF to stop communicating with PXM controller card. This scenario may also cause control VCs and all other protocols to go down.
Conditions: This symptom occurs when the clear interface switch 1 command is executed back to back multiple times.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload occurs when you remove the header-compression configuration from an interface.
Conditions: This symptom is observed when the following conditions are present on the interface:
–
–
Workaround: Shut down the interface during the reconfiguration.
•
Symptoms: A router might reload abnormally if the clear int sw1 command is executed multiple times while traffic is being passed through the switch interface.
Conditions: The RPM-XF card might reload unexpectedly while issuing the clear int sw1 commands and toggling mpls atm multi-vc on the MPLS subinterface. This happens only when these commands are executed continuously via a test script.
Workaround: There is no workaround.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
•
Symptoms: All SWIDBs may be used.
Conditions: This symptom is observed when PPPoA sessions flap continuously.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic is not getting switched correctly.
Conditions: In MVPN setup, when sar reloads or "clear int sw1" command is executed, the outgoing VCCI number for the mroute entry becomes incorrect. Due to this multicast traffic is getting forwarded/switched.
Workaround: Reload the PXF module
•
Symptoms: IMA link status sticks in NE usable/usable while showing FE active/active.
Conditions: This happens when connecting an IMA module in a Cisco 3640 to a third party vendor switch.
Workaround: Administratively shut down the link and then bring it back.
•
Symptoms: A router might reload upon deletion/reapply of policy map.
Conditions: This symptom occurs when deleting and reconfiguring policy map quickly onto an interface. This may cause the router to get reloaded abnormally.
Workaround: Allow some time between configuring policy map and deletion.
•
Symptoms: IPv6 QoS traffic management fails.
Conditions: This issue has been observed on various interfaces (ATM, ethernet, and serial interfaces).
Workaround: There is no workaround.
•
Symptoms: The show policy interface multilink int output command shows incorrect counts for the DSCP value tabulation at the end of the command output when RTP header compression is enabled under the multilink interface.
Conditions: The incorrect counts are shown with the command only when RTP header compression is enabled. This is only a display issue. However, a missing functionality in the code (support for DSCP based WRED with CRTP enabled) will affect traffic.
Workaround: There is no workaround.
•
Symptoms: During SCR provisioning (changing the bandwidth) on the ePVCs, the RPM-PR (Route Processor Module) PE may crash.
Conditions: This symptom is observed when script based testing is used to change the bandwidth, and the one time crash occurs.
Workaround: Standby card will take over and resume the operations.
•
Symptoms: eBGP does not load balance traffic.
Conditions: This symptom is observed when iBGP is followed by the eBGP load balancing for the traffic using PXF.
Workaround: There is no workaround.
•
Symptoms: The policy-map output PKT counters and WRED output counters do not match when CRTP is on a multilink interface. In addition, the toaster dequeue count is also incorrect.
Conditions: This symptom is observed when CRTP is enabled on a multilink interface.
Workaround: There is no workaround.
•
Symptoms: "Assertion failure in ../toaster/rpmxf-rp/rpmxf_mpls.c" message along with traceback is seen in an MPLS-VPN network on RPM-XF.
Conditions: VRF routes are recursive loadshared routes on the PE router. Some of the triggers are shown below: -when the Route reflector is reset -PE loses the BGP session with the Route Reflector -some of the VRF routes are withdrawn.
It should be noted that the above triggers do not always cause the asserts.
Workaround:
–
–
•
Symptoms: Prefixes fail tfib verification tests, i.e. "show pxf cpu tfib verify" which reports error incorrectly. Also, CPUHOG can be observed in certain conditions.
Conditions: This condition is seen on RPM-XF cards that are running Cisco IOS Release 12.3(2)T6 image. The problem occurs if there is an eiBGP multipath for any given prefix. CPUHOG occurs only if there is recursive loadsharing for the iBGP path in addition to having eiBGP multipath.
Workaround: There is no workaround.
•
Symptoms: Modem passthrough calls fail with a "Playout Dejitter Mode value" error message and traceback, and a NAK message is generated.
Conditions: This symptom is observed on a Cisco AS5400 access server for every MPT call.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: The "change password" feature may not work when using Cisco Secure and Windows Client.
Conditions: This symptom occurs when the client times out and sends multiple change password requests before it gets a response for the first request.
Workaround: There is no workaround.
•
Symptoms: After running stress scripts and dropping all calls, there are still active vaccess interfaces shown in the output of the show vtemplate command. If the debug ppp negotiation command is enabled, the debugs for the vaccess interfaces continue to repeat themselves.
Conditions: This symptom is observed on a Cisco AS5300 and Cisco AS5400 that run Cisco IOS Release 12.3(6) when the stress scripts automatically enter the shutdown command followed by the no shutdown command on the E1 controllers.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Route Switch Processor (RSP) may crash while Multilink PPP (MLP) is running.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5), that is equipped with a VIP4-80 and PA-A3 ATM port adapters, and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(2)T6
Cisco IOS Release 12.3(2)T6 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Route Switch Processor (RSP) that is acting as a slave may have complete packet switching activity interrupted for several minutes. This situation may cause the RSP to permanently pause.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(12d).
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: A Cisco Virtual Home Gateway (VHG) may fail to download authentication, authorization, and accounting (AAA) attributes that contain remote virtual templates.
Conditions: This symptom is observed when the Per VRF AAA feature is configured by using a remotely defined customer template on a RADIUS server.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
Interfaces and Bridging
•
Symptoms: The output of an snmpwalk for the entPhysicalDescr MIB on a PA-MC-8E1/120 may shows the PA-MC-8E1/120 as unknown.
Conditions: This symptom is observed on a Cisco 7500 series in which a PA-MC-8E1/120 in installed.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.
Conditions: This symptom is observed on a Cisco router that receives excessive multicast control traffic.
Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.
•
Symptoms: A router may reload unexpectedly because of a bus error when it accesses a low address during the translation of TCP port 514.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5) and that is configured for Network Address Translation (NAT).
Workaround: Prevent the translation of TCP port 514.
•
Symptoms: On a Cisco AS5850 Universal Gateway, calls terminating on a dialer interface and joining an IGMP group may not receive traffic from the multicast source. The Cisco AS5850 sends traffic to only one of the calls at a time.
Conditions: This problem is seen only with calls terminating in a dialer interface. If the call comes up as a virtual-access or multilink PPP call, there is no problem.
Workaround: Perform the following actions: 1. Configure the dialer interface with the no ip mroute-cache command. 2. Remove virtual-profile if-needed, which will cause all calls to come through virtual profiles.
•
Symptoms: When the debug ip pim auto-rp command is enabled on a Cisco 7500 series, the router crashes when it receives an AutoRP message.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-isv-mz image of Cisco IOS Release 12.2(15)T7 or 12.2(15)T9. The symptom may also occur in Release 12.3 or 12.3 T.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Entering the no shut command on the PPP interface before VA goes down causes PXF to drop certain packets. This results in being unable to have a successful ping through routes involving such a PPPoA subinterface from a remote node. Arriving ICMP packets are dropped in PXF.
Conditions: This symptom occurs under a PPPoA subinterface if the shut and no shut commands are issued in succession such that no shut is completed before the associated virtual-access goes down.
Workaround: After a shut, wait for the associated virtual-access changed to go down before issuing no shut. If the symptom occurs, go to the subinterface, perform a shut, wait for the associated virtual-access to go down and then perform a no shut.
Further Problem Description: When the node is in this condition, pings originating from the local node and non-ICMP traffic appears to work correctly. Only pings from a remote node would fail.
•
Symptoms: V.22B modem connections may not work reliably over modem pass-through.
Conditions: This symptom is observed on V.22B modems when a pair of voice gateways have digital voice ports that are driven by different clock sources. High-speed modem connections (V.32, v32bis) are not affected by this condition.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer), and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, the attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain a TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml, and it describes this vulnerability as it applies to Cisco products that do not run Cisco IOSÆ software.
A companion advisory that describes this vulnerability for products that run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml.
•
Symptoms: A cbus complex (which will bring down all the interfaces on the box for some time but the router will not reload) may be observed on a Cisco router when the following message appears on the serial interface:
%RSP-3-RESTART: interface Serial8/1/0/23:23, not transmittingConditions: This symptom occurs specifically on a Cisco 7500 series router when Multilink PPP (MLP) is configured on the serial interface and distributed Cisco Express Forwarding (dCEF) switching is enabled.
The problem occurs when multilink member links flap. It may be after a single flap or multiple flaps.
Workaround: There is no workaround.
Further Problem Description: The time-frame associated with Interfaces being down tied to a cbus complex depends on the number of VIPs/IPs (time taken for microcode download) and the type of PAs (time taken for VIP reload) present in those VIPs. All the interfaces will be come back up without any manual intervention.
•
Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.
Conditions: This symptom is observed on a Cisco 3640 that runs Cisco IOS Release 12.2(15)T or Release 12.3 and that is configured with a high-density analog voice network module (NM-HDA). This symptom typically occurs when fax lines are configured on the FXS port.
Workaround: Reboot the router.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) router that is configured as an Edge Label Switch Router (ELSR) may reload when deleting Multiprotocol Label Switching (MPLS) type subinterfaces.
Conditions: This symptom is observed on a Cisco RPM-XF when you remove the routes, and stray label virtual circuits (LVCs) are not removed; then when you delete the MPLS subinterfaces, the RPM-XF may be reset.
Workaround: There is no workaround.
Additional Information: Added code to check on the status of subinterface IDB status before the subinterface queues are removed, and TVCs are removed.
•
Symptoms: E1 R2 calls may fail on a Cisco router.
Conditions: This symptom is observed on a Cisco AS5850 router that is running Cisco IOS Release 12.3(2)T.
Workaround: There is no workaround.
•
Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.
Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.
Workaround: There is no workaround.
•
Symptoms: When a Cisco router boots up, the following messages appear and the router is unusable:
Process= "MIPC Periodic Timer", ipl= 0, pid= 32
%PIF-3-READ_IMEM_ERROR: NULL response for READ_IMEM MIPC msg to , XPIF2 Process= "FDM Forwarding Stats Process", ipl= 0, pid= 35
%PIF-3-READ_PHY_ERROR: NULL response for PIF_PHY_REG_SEND_CMD MIPC msg to , XPIF2Conditions: This symptom is observed on a Cisco AS5850 gateway that has a Route Switch Controller (RSC) card with revision 8.9 or later, and that is running Cisco IOS Release 12.2(11)T4, Release 12.2(11)T9, Release 12.3(1), Release 12.3(1a), or Release 12.3(3a).
Workaround: Load a Cisco IOS software image other than those listed in the Conditions section above onto the Cisco AS5850. Then, reload the gateway with the new Cisco IOS software image without turning the power off and on.
•
Symptoms: A Cisco IAD2420 may reload unexpectedly when a watchdog timeout occurs in the voice telephony service provider (VTSP) process.
Conditions: This symptom is observed during normal processing of calls in the local-bypass mode.
Workaround: There is no workaround.
•
Symptoms: A Cisco Media Gateway Control Protocol (MGCP) gateway may be unregistered by a Cisco CallManager.
Conditions: This symptom is observed on a Cisco router that functions as a gateway and that runs Cisco IOS Release 12.2 T, Release 12.3, or Release 12.3 T when the T1 channel-associated signaling (CAS) and PRI backhaul is configured.
Following is an example of the sequence of events that cause the symptom to occur:
1) The Cisco CallManager tears down an active call on the gateway by sending an MGCP delete connection (DLCX) request.
2) The gateway sends a "200 OK" response to the MGCP DLCX request.
3) The Cisco CallManager sends an MGCP Request Notify (RQNT) response to the gateway with "DT/sup" and "D/[0-9ABCD*#]" as the requested events to be notified.
4) The gateway receives the MGCP RQNT request but does not immediately send a "200 OK" response to the MGCP RQNT request.
5) The Cisco CallManager retransmits the MGCP RQNT request four more times at a frequency of one request per 3 seconds.
6) The Cisco CallManager unregisters the gateway because it does not receive any response to its MGCP RQNT request.
7) After 20 seconds, the gateway sends an MGCP notify (NTFY) message with "DT/rlc" as the notified event.
8) Subsequently, the gateway sends a "200 OK" response to the MGCP RQNT request.
9) The gateway does not receive any response to its MGCP requests because the Cisco CallManager has unregistered the gateway.
Workaround: Do not use MGCP. Rather, use H.323.
•
Symptoms: Incorrect tags may be imposed after a route has flapped.
Conditions: This symptom is observed on a Cisco router that functions in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.
Workaround: There is no workaround.
•
Symptoms: Analog recEive and transMit (E&M) ports may become stuck intermittently. When the symptom occurs, the following error message is displayed:
%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on recEive And transMit 3/0/1. Msg id=48, Len=38In addition, the output of the show voice call summary EXEC command indicates that the voice-port state is "EM_PARK_IDLE."
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(15)T5 and that has an analog E&M port to connect to a PBX. Note that the symptom does not occur in Release 12.2(15)T1. The symptom may occur in Release 12.3.
Workaround: Reload the Cisco gateway.
•
Symptoms: A VIP may reload when an SSO occurs on an RP.
Conditions: This problem occurs intermittently when distributed MLP is configured on the router.
Workaround: There is no workaround.
•
Symptoms: A provider edge (PE) router may not be able to ping other PE routers or a label switch controller (LSC), nor may other platforms be able to ping the PE router.
Conditions: This symptom is observed on a Cisco MGX platform that is configured with a primary Route Processor Module PRemium (RPM-PR) that functions as a PE router and a secondary RPM.
Workaround: Reset the primary RPM to initiate a switchover to the secondary RPM. The symptom does not occur on the secondary RPM.
•
Symptoms: A buffer leak may occur in the Multilink PPP (MLP) header pool on a Versatile Interface Processor (VIP). The speed of the leak depends on the rate of traffic that is flowing between the interface of the VIP and the interface on the other end. The leak may eventually cause memory allocation failures (MALLOCFAIL) on the VIP and may result in memory fragmentation.
Conditions: This symptom is observed on a Cisco 7500 series when all of the following conditions are present:
–
–
–
–
Workaround: Stop the leak by removing fancy queueing from the VIP interface.
Alternate Workaround: Move the MLP interfaces to a different VIP that does not have an interface that performs fancy queueing.
•
Symptoms: On the Cisco RPM-XF router, there is no way to know which external Border Gateway Protocol (eBGP) path is chosen when there are multiple VRF interfaces to the VPN prefix.
Conditions: This symptom is observed when eBGP load balancing is configured across VRF interfaces.
Workaround: There is no workaround on the node itself. To extract this information, one can look at the connected CE interfaces to see which one is receiving the packets.
•
Symptoms: A VoIP connection trunk that is configured between two voice gateways over an IP link with RTP header-compression (cRTP) enabled may flap periodically. Messages similar to the following may appear:
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is down
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is up
%HTSP-5-UPDOWN: Trunk port(channel) [2/0:0(1)] is downConditions: This symptom is observed when two Cisco IOS voice gateways function in connection trunk mode and an IP link between the two gateways is configured for cRTP. On either side of this IP link, the Cisco IOS routers run Cisco IOS Release 12.3 T, such as Release 12.3(2)T or Release 12.3(4)T.
Workaround: Enter the ip rtp coalesce hidden global configuration command on both Cisco IOS routers to stabilize the connection trunk. Note that doing so may increase the CPU utilization. If the implementation of this workaround does not stabilize the trunk, unconfigure cRTP over the affected IP link.
•
Symptoms: At 12 cps, the following message is displayed on a V4 gatekeeper:
ASSERT failed: line 9900 in file ../mm/gk/gk_rassrv_util.cConditions: This symptom is observed when an external server is using the GKTMP interface to communicate with the gatekeeper and when the gatekeeper is configured with "send-cisco-circuit-info."
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: Input cell drops may occur on an ingress frame PVC that is configured on a switch interface. This situation may cause LDP/TDP/OSPF flaps.
Conditions: This symptom is observed when a lot of core traffic enters an ingress PVC that has a larger bandwidth then the egress PVC to which the traffic is routed.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may use an incorrect codec payload value (that is different from the configured value) during media transmission after the call is transferred to a new endpoint.
Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.2(15)T9 or Release 12.3 and that is configured to use H.323 as the VoIP protocol. The symptom occurs when the remote endpoint sends an H.245 EmptyCapabilitySet (ECS) message to initiate the call transfer (H.323 Version 4, Section 8.4.6) after the initial call establishment and then sends an H.245 OpenLogicalChannel (OLC) message before sending a new H.245 TerminalCapabilitySet (TCS) message.
Workaround: There is no workaround.
•
Symptoms: On the Cisco RPM-XF router, the PXF does not increment the correct drop code when dropping packets.
Conditions: In Frame-based network, MPLS forwarding table on P was incorrect. For the incoming label, when the action is Untagged, which should be tagged, the incoming packet after disposition was not an IP packet. The packet is dropped, but the wrong drop code (bad_drop_code) is incremented.
Workaround: There is no workaround.
•
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these VRFs.
Conditions: This symptom can occur on a Cisco router that runs Cisco IOS Releases 12.2, 12.2T, 12.0S, 12.3 after the VRF interfaces have flapped. The symptom may occur in all code levels of these releases.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tagswitching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Symptoms: From a local customer edge (CE) router, you may not be able to reach or ping some prefixes (subnets) on a remote CE router over an Multiprotocol Label Switching (MPLS) network.
Conditions: This symptom is observed in a cell-based MPLS network.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface that is connected to the local CE router. Doing so enables the Border Gateway Protocol (BGP) to run a scan again and repopulates the subnets in the Tag Forwarding Information Base (TFIB).
•
Symptoms: Incoming traffic is not being forwarded.
Conditions: With the WRED enabled on the output policy map, change the value of the exponential-weighting-constant.
Workaround: Enter the clear int sw1.
•
Symptoms: On a Cisco IOS VoIP gateway, a memory leak may occur in the context of the VTSP process.
Conditions: This symptom is observed when there are low memory conditions and when translation rules are configured.
Workaround: Reload the gateway.
•
Symptoms: The exp bit on the topmost label is not changed when the set mpls exp topmost command is configured on the ingress interface of the P router.
Conditions: This occurs with the use of the set mpls exp topmost command on the ingress interface of the P router in a frame-based MPLS network.
Workaround: Use the same command on the PE router egress interface (towards the P router).
•
Symptoms: A Cisco AS5850 universal gateway may exhibit a small and gradual memory leak in the ISDN process with async calls.
Conditions: This occurs when the calls are brought up on ISDN trunks and the calls fail in the middle of call setup phase.
Workaround: There is no workaround.
•
Symptoms: When issuing the show pxf cpu rewrite verification x.x.x.x command, you receive an error message stating that the "Channel id in the Sar header is non-zero (x) for MVC."
Conditions: This symptom has been observed in a cell-based MPLS VPN network with multi-VC if the first label (IGP label) value is greater than 0xF.
Workaround: There is no workaround. Ignore this message and verify that the channel id is correct by executing the sh pxf cpu cef <prefix used to verify> and sh pxf cpu rewrite <rw_index>.
•
Symptoms: On a Cisco IOS VoIP gateway, a memory leak may occur in the context of the H.323 process.
Conditions: This symptom is observed when there are low memory conditions and when translation rules are configured.
Workaround: Reload the gateway.
•
Symptoms: Checksum errors are reported on cRTP traffic streams.
Conditions: This symptom occurs under cRTP traffic flow.
Workaround: There is no workaround.
•
Symptoms: A router may reload due to a bus error when processing VTSP.
Conditions: This symptom is when the router is configured for voice.
Workaround: There is no workaround.
•
Symptoms: Memory fragmentation caused a router to reload.
Conditions: This symptom is observed on a Cisco AS5850 enhanced route switch controller (eRSC) that is running two B channel serial multilink calls, which causes a memory leak in Pool Manager.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD2420 series responds to a RQNT with "R: L/hd(N)" with a "519 161233591 No digit map available" answer, which causes the call agent to take the endpoint out of service.
Conditions: This symptom is observed in a normal call flow.
Workaround: There is no workaround.
•
Symptoms: Packets on cRTP-enabled PPPoA interfaces that match classes other than "class-default" will be dropped.
Conditions: ATM sar-based-cbwfq should be enabled, and an output service policy must be applied.
Workaround: Either disable atm sar-based-cbwfq or remove output service policy from the PPPoA interface.
•
Symptoms: A RPM-XF crashes while debugging the PXF using ftctrace.
Conditions: Traffic should be flowing on a cRTP enabled interface. The UDP packet data length should be 0.
Workaround: There is no workaround.
•
Symptoms: A router with VOIP configured may experience a memory leak in VTSP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)T10. The symptom may also occur in Release 12.3 and 12.3 T.
Workaround: There is no workaround.
•
Symptoms: MPLS forwarding may stop.
Conditions: This symptom is observed under the following conditions:
- When you change a COS map or prefix map.
- When you change an IP access list.
Workaround: There is no workaround.
•
Symptoms: Stale MPLS COS per-route entries may be left behind.
Conditions: This symptom is observed after the route disappears from the routing table in cell mode multi-VC network.
Workaround: There is no workaround.
•
Symptoms: A Fast Ethernet 100BASE-TX port adapter on an RPM-PR may stop receiving burst traffic packets.
Conditions: This symptom is observed on a FE RPM-PR Backcard.
To identify this problem, the output of the show interface fastethernet command shows no input packets and all packets as overrun:
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 100000 bits/sec, 106 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 263523 overrun, 0 ignoredThe output of the show controllers command for the Fast Ethernet interface shows high numbers for "rx_fifo_overflow" and "throttled":
throttled=5352, enabled=5352, disabled=0 rx_fifo_overflow=434500, rx_no_enp=0, rx_state=0
Workaround: There is no workaround. To clear the symptom, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Fast Ethernet interface.
Further Problem Description: In the output of the show controllers command for the Fast Ethernet interface, locate the value for CFRV. If the last byte is either 0x20, 0x21, 0x22, or 0x23, the Fast Ethernet is susceptible to the symptom.
•
Symptoms: Traffic is not forwarded through a newly added CBWFQ class.
Conditions: This problem occurs in cRTP-over-PPP encapsulation when you add a class map to a policy map that is already attached to the VC and when SAR-based CBWFQ is enabled.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: S,G entries are not being created in the core.
Conditions: This symptom occurs in a MVPN setup in a large MPLS network that includes dual P routers.
Workaround: There is no workaround.
•
Symptoms: A compressed packet from XF is rejected by the RPM-PR as a CRC error.
Conditions: The microcode was reloaded while passing traffic.
Workaround: There is no workaround.
•
Symptoms: Protocols flap when the non-ATM (POS or GigE) interfaces are congested by high traffic.
Conditions: This symptom occurs under the following conditions:
1. A POS or GigE card is used, and control protocols such as LDP are configured over that interface.
2. The class-default queue on the interface is congested and dropping packets.
Workaround: There is no workaround.
•
Symptoms: Changing any IP access control list (ACL) may cause a walk of all LC-ATM prefixes.
Conditions: This symptom is observed on a router configured with an LC-ATM Multi-VC when the changed ACL is not related to the Multi-VC.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic flows use default MDT instead of data MDT for some VRFs.
Conditions: This symptom is seen in a network with Cisco MGX 8850 platforms that have RPM-XF cards that run the rpmxf-p12-mz image of Cisco IOS Release 12.3 T. The Cisco MGX 8850 platforms run software release 4.0(11.201).
Workaround: There is no workaround.
•
Symptoms: When an LC-ATM switch subinterface is created and then deleted on an RPM-PR, the index for the current subinterface for the "LVC Stuck Check Feature" is changed in such a way that the "LVC Stuck" information for an existing LC-ATM is overwritten when a new LC-ATM is added.
The "LVC Stuck Check Feature" information can be checked with the debug atmdx health_chk_stats EXEC command.
Conditions: This symptom is observed on an RPM-PR with an existing LC-ATM interface.
Workaround: There is no workaround.
•
Symptoms: PXF buffers are leaked.
Conditions: The configuration is overloaded such that the limits of the system are exceeded. In particular, the queue sizes of the interfaces are defined such that the total number of packet descriptors required to support such a configuration exceeds 2M.
Workaround: Reduce the configuration.
•
Symptoms: A Label Switch Controller (LSC) may reload unexpectedly with a software-forced crashed. An error similar to this one followed by a traceback can be seen:
%SYS-2-BADSHARE: Bad refcount in mem_lock, ptr=628371F8, count=0Conditions: This symptom is observed when you enter the show mpls atm-ldp bindings path command to display LVC path information while network changes such as interfaces flaps or prefix flaps are occurring.
Workaround: There is no workaround.
•
Symptoms: LC-ATM-enabled subinterface on a PE router stays in "not ready" state when viewing the LDP session to the LSC using the show mpls ldp discovery command. The shutdown interface command followed by the no shutdown interface command will not clear the problem when performed on either the LC-ATM subinterface on the PE or the Xtag interface on the connected LSC.
Conditions: The interface stays in "interface not LDP ready" state when there exists a stray LVC on the switch interface. The PE reaches this state after multiple LDP flaps.
Workaround: The condition may be cleared by entering the clear ip route prefix command where prefix is the local loopback address for the LC- ATM subinterface. This will cause all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, causing a brief customer outage. This workaround should only be used if no alternate path exists for MPLS traffic towards this device (i.e., a redundant LC-ATM subinterface). After using this workaround, user should confirm that the expected number of LVCs has been re- established with the output of the show mpls atm summary command. If bindings are not successfully re-established, repeat the clear ip route prefix command, or reload the router.
Reload of the router will remove the stray LVC and bring the LDP session on the PE's LC-ATM subinterface back to normal state.
•
Symptoms: Starting on Multicast traffic on the CE puts the PXF on the PE in a loop sometimes. LDP/BGP/OSPF all go down and there is no data continuity
Conditions: The MAC rewrite index for an OIF of (S,G) entry is longer than 4 nibbles.
Workaround: Reload the card and verify if the indices are shorter than 4 nibbles.
•
Symptoms: When 911 calls are done via MF signaling, calls placed to 911 intermittently fail.
Conditions: This symptom is observed in the following call flow:
A customer dials 911; the call agent sends a RQNT to a TGR (a Cisco AS5850) with call setup information; the TGR acknowledges with a 200 message. At this point no further messages are sent from the TGR.
In most cases a customer abandons the call and reattempts to dial 911 again, which will connect on a different trunk (trunk groups are set up for LRU in the call agent). The MGCP connection on the TGR hangs.
DSIP debug shows that after receiving a wink back from the agent, TGR immediately sends a loop open, which should not be the next event. The caller hears dead air during this entire series of events.
Workaround: There is no workaround.
•
Symptoms: Debugging a rewrite string is not easy.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) when Parallel Express Forwarding (PXF) forwarding fails while a debugging operation is performed. You may not be able to verify the string rewrite information of the PXF engine easily.
Workaround: Enter the show pxf cpu cef ip- prefix privileged EXEC command and the show pxf cpu rewrite rewrite-index privileged EXEC command to get the string rewrite information. Then, decipher the information.
•
Symptoms: The show interface Switch1 output drop counter is incorrect.
Conditions: This symptom is observed when a PXF reloads when the Switch1 has some output drops.
Workaround: There is no workaround.
•
Symptoms: Inbound ISDN B-channels through a Cisco IOS VoIP gateway may get hung in an S_WAIT_STATS state.
Conditions: This symptom is observed when the calling party hangs up the call prior to the called H.323 call leg being answered and when the called H.323 device not send back an H.225 Release_Complete message. This occurs when placing calls from a Cisco IOS gateway to a Cisco CallManager.
Workaround: There is no workaround.
•
Symptoms: SAR buffers are getting filled up quickly.
Conditions: This symptom is seen on a Cisco MGX8850 with RPM-XF cards that are running Cisco IOS Release 12.3 images. The Tag circuits are usually the source of the exhaustion, as they are defined as UBR VCs.
Workaround: There is no workaround.
•
Symptoms: RPM-XF throughput is reduced when cRTP/cUDP packets are being transmitted from RPM-XF.
Conditions: RPM-XF should be transmitting cRTP/cUDP packets. The reduction in throughput is evident only when the traffic rate of cRTP/cUDP is large and the system is nearing its maximum throughput.
Workaround: Reduce the bandwidth used by cRTP/cUDP traffic by either reducing the number of cRTP interfaces provisioned on this RPM-XF or reducing the bandwidth of the configured cRTP interfaces.
•
Symptoms: Traffic that matches "priority" class may be dropped for one single prefix. However, traffic matching to other classes pass correctly.
Conditions: The MAC rewrite index associated for the affected prefix will be 0xFFFFE. The show pxf cpu cef prefix command displays the rewrite index (rw_index).
Workaround: If the outgoing interface for the affected prefix is an MPLS interface, execute the clear ip route prefix command.
•
Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).
Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.
Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.
•
Symptoms: TCCS clear-channel codec calls may not go through. The trunks may be up but the signaling information may not be communicated.
Conditions: This symptom is observed only when a medium complex codec is configured.
Workaround: Use a high complex codec, or use stun encapsulation for the D-channel.
•
Symptoms: "Calling Party Number" is not seen in the ISDN setup message on the terminating gateway while verifying whether the remote party ID information is properly passed to the Q931 interface.
Conditions: This symptom occurs when there is calling party information coming from the SIP leg and privacy is not set.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series with a multilink DLFI configuration may crash.
Conditions: This symptom is observed when an Ethernet packet is received on the RSP and is switched by the RSP to a DLFI multilink interface.
Workaround: There is no workaround.
•
Symptoms: A FlexWAN, enhanced FlexWAN, or Versatile Interface Processor that has a PA-MC-E3 or PA-MC-T3 installed may crash.
Conditions: This symptom is observed under rare conditions in a stress situation with dFLI and dCRTP configured.
Workaround: There is no workaround.
•
Symptoms: The following tracebacks can occur on a Route Processor (RP) console:
04:24:32: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x619B6AD8 reading 0x10
04:24:32: %ALIGN-3-TRACE:
-Traceback= 619B6AD8 60EC5764 60EC58D0 60EDAC74 6037C6A8 6037C694 00000000 00000000Conditions: This problem is seen when a dLFIoATM interface flaps on a Cisco 7500 platform.
Workaround: There is no workaround.
•
Symptoms: When you save a configuration first to the standby Performance Routing Engine (PRE) and then to the active PRE, the configuration may not be saved and the following error message may be generated:
startup-config file open failed (Device or resource busy)Conditions: This symptom is observed on a Cisco 10000 series and c7500, that is configured with redundant PREs and that runs Cisco IOS Release 12.0(26)S. The symptom may also occur in other Cisco IOS releases.
Workaround: There is no workaround.
•
Symptoms: On an LFI over ATM interface, ping does not work.
Conditions: This occurs only when distributed LFI over ATM is configured on a Cisco 7500 platform.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: For digital Multilink PPP (MLP) calls, IP Control Protocol (IPCP) negotiation does not occur if the multilink virtual-template router configuration command is not present. The router may reload after the calls are cleared, and a new call is made.
Conditions: This symptom is observed on a Cisco access server.
Workaround: Configure the router with the multilink virtual-template router configuration command.
•
Symptoms: A Cisco router may reload when the required keyword is included in the ppp encrypt mppe interface configuration command.
Conditions: This symptom is observed on a Cisco router when you clear a Point-to-Point Tunneling Protocol (PPTP) session or when you enter the clear interface type number EXEC command and the ppp encrypt mppe required interface configuration command is already configured.
Workaround: Remove the required keyword from the ppp encrypt mppe interface configuration command.
•
Symptoms: Software interface description blocks (IDBs) may become exhausted after an interface flaps repeatedly.
Conditions: This symptom is observed under the following conditions:
- PPP sessions go down.
- The same PPP sessions come back up and make use of a new IDB rather than the previously used IDB.
- A virtual-access interface is used rather than a virtual-access subinterface.
Workaround: There is no workaround.
•
Symptoms: When an E1 line is shut down by entering the shutdown command and a switchover from the active RP to the standby RP occurs, the E1 line that is shut down is still reported as being in service on the standby RP.
Conditions: This symptom is observed when SS7 is configured with RLM between a media gateway controller and a Cisco AS5850 universal gateway in RPR+ mode.
Workaround: Instead of the shutdown command, enter the service command to place the E1 line out of service.
Resolved Caveats—Cisco IOS Release 12.3(2)T5
Cisco IOS Release 12.3(2)T5 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A PC that is running Cisco Dialout/EZ software may halt data transfer.
Conditions: This symptom is observed with Cisco Dialout/EZ software that is running on a PC and a modem that is attached to a Cisco AS5300 that is running Cisco IOS software. The Cisco IOS software may lower the Data Set Ready (DSR) Data Carrier Detect (DCD) with a Clear To Send (CTS) message to the PC side. This causes the PC to halt data transfer.
Workaround: There is no workaround.
•
Symptoms: The individual AAA periodic accounting update messages (Radius accounting messages with Acct-Status-Type=Watchdog) generated by an IOS gateway for each call leg (TDM and IP) of the same voice call may be sent to the Radius server more than 5 minutes apart due to the randomized timer algorithm used by the AAA message transmit function.
Conditions: The command aaa accounting update newinfo periodic is configured.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Packet transmission over a serial channel-group interface that is part of a backhaul trunk may be slow.
Conditions: This symptom is observed only on a channel-group interface and occurs irrespective of whether or not the interface is configured for Low Latency Queueing (LLQ) for large packet sizes.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions as a voice gateway may reload unexpectedly after a series of calls that include call transfers and diverted calls have been processed.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3640 when you use a third-party vendor protocol convertor to translate and provide a tunnel for Digital Private Network Signaling System (DPNSS) traffic over Q Signaling (QSIG). The symptom is not platform specific.
Workaround: There is no workaround.
•
Symptoms: When polling the cbQosREDClassStatsTable of the CISCO-CLASS-BASED- QOS-MIB, spurious memory accesses may occur on a Cisco 2600 series, Cisco 3600 series, or Cisco 7200 series. A Cisco 3640 router may also reboot. The spurious memory accesses may be reproduced when polling the above-mentioned table via Simple Network Management Protocol (SNMP).
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 7200 series that run Cisco IOS Release 12.2(8)T, Release 12.3, or Release 12.3 T.
Workaround: Prevent the router from answering to queries on the cbQosREDClassStatsTable by implementing the following SNMP view in the router configuration:
snmp-server view qos internet included
snmp-server view qos 1.3.6.1.4.1.9.9.166.1.20.1 excluded
snmp-server community string view qos ro
•
Symptoms: A digital signal processor (DSP) may time out on a Cisco IAD2420 series because of a Host Port Interface (HPI) error.
Conditions: This symptom is observed on a Cisco IAD2420 series that is running Cisco IOS Release 12.2(11)T4 every time a call is placed or received.
Workaround: Use the command-line interface (CLI) to issue the following command to the DSPs that have a timeout symptom:
[no] voice dsp waitstate ws dsp_id
where ws is in the range of 1 to 3 with 1 being the default and dsp_id is a 1-based DSP number. The recommended ws value to set in this particular case is 2. Do not set the ws value higher than 2. The issuance of the CLI command will not take effect until the next DSP reset occurs either through an automatic mechanism or through test commands.
•
Symptoms: A Cisco 6400 series Node Route Processor 2 (NRP2) may reload.
Conditions: This symptom is observed when the Cisco 6400 series NRP2 is running Cisco IOS Release 12.2(13)T1 and the Service Selection Gateway (SSG) is enabled.
Workaround: There is no workaround.
•
Symptoms: After a "%VTSP-3-DSP_TIMEOUT" error message is generated, the affected digital signal processor (DSP) may not automatically recover.
Conditions: This symptom is observed on a Cisco IAD2420 series, but may not be platform specific.
Workaround: There is no workaround. To recover the affected DSP, reload the router.
•
Symptoms: The show align command may generate a memory spurious access error.
Conditions: This symptom occurs when TCL IVR scripts are used in the voice gateway.
Workaround: There is no workaround.
•
Symptoms: A digital signal processor (DSP) resource and a time-division multiplexing (TDM) time slot may not be released after a fax call has disconnected, causing RADIUS accounting packets to continue to be sent for this call. This condition eventually triggers a long-duration alarm in a Cisco BTS 10200 Softswitch.
Conditions: This symptom is observed on a Cisco AS5400 but may also occur on other Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco 6400 series Node Route Processor 1 (NRP1) during the installation of per-user access control lists (ACLs) that are downloaded from a RADIUS server.
Conditions: This symptom is observed on a Cisco 6400 series NRP1 that is running Cisco IOS Release 12.2(13)T and that is configured for PPP over Ethernet (PPPoE) when there is a high-call setup rate and the CPU utilization of the NRP1 exceeds 70 percent. The symptom may be platform independent.
Workaround: Disable the per-user ACLs.
Alternate Workaround: Decrease the call setup rate.
•
Symptoms: A Cisco platform that is configured for CME/SRST may reload unexpectedly because of a SIGTRAP exception.
Conditions: This symptom is observed on a Cisco 1760, Cisco 2600 series, and Cisco 3725, but is platform independent. The symptom may occur on any platform that is configured for CME/SRST. The symptom may occur in Release 12.3 T and earlier releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.
Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.
Workaround: There is no workaround.
•
Symptoms: When a voice interactive response (IVR) application that runs on a Cisco gateway turns on the connect event interception feature during call setup, the call setup fails because IVR applications cannot receive the "ev_setup_done" event that contains the results of the setup.
Conditions: This symptom is observed on a Cisco gateway when a call setup is placed with the connect event that is being intercepted.
Workaround: Turn off the connect event interception feature.
•
Symptoms: A one-way voice path may occur on the second media stream of a Session Initiation Protocol (SIP) media-forked call.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image, that functions as a SIP gateway, and that processes a SIP media-forked call. The initial media stream has a two-way voice path, but when a second media stream is added to the call, the added stream has only a one-way voice path.
Workaround: There is no workaround.
•
Symptoms: When a Cisco router is performing tag imposition, it may reload because of a bus error.
Conditions: This symptom is observed when you create a new generic routing encapsulation (GRE) tunnel after the router has booted up and when GRE packets are received through this GRE tunnel and forwarded as Multiprotocol Label Switching (MPLS) packets.
Workaround: Enter the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command on the newly-created GRE tunnel interface.
•
Symptoms: When a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) is switching traffic, low performance may occur. The output of the show alignment EXEC command displays spurious memory accesses (one per packet) at a low address (around 17).
Conditions: This symptom is observed on the 6PE router when an IP version 4 (IPv4) output feature is configured on any interface or when an IPv4 input feature is configured on the MPLS interface that is used by 6PE traffic. Enter the show mpls interfaces [interface] [detail] privileged EXEC command, and check the output for the presence of the phrase "MPLS feature vector."
Workaround: Ensure that on the 6PE router, no IPv4 output feature is configured on any interface and that no input feature is configured on an MPLS interface on which 6PE traffic is traversing.
•
Symptoms: An interface of a Cisco router may not be able to receive traffic that is destined for an address that is configured on the router.
Conditions: This symptom is platform independent and occurs only when there is a route in a different VPN routing and forwarding instance (VRF) that is attached or connected to the interface. This may occur when the route has been exported from one VRF to another or when a static route in a VRF points to the interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: A call setup failure may occur for high-delay links with a round-trip time greater than 300 milliseconds.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2(16) but may also occur in other releases.
The call fallback subsystem hard-codes the amount of time it will wait for the response to probes to 300 milliseconds. The probes fail if the round-trip time is more than 300 milliseconds, even though the network is a high-bandwidth network.
Workaround: There is no workaround.
•
Symptoms: During an onramp fax call, a Cisco router may take up to 40 seconds to clear a channel.
Conditions: This symptom is observed on a Cisco 2600 series when the fax call was terminated during the fax negotiation. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: In a T.38 fax relay test environment, the accounting records display an 8 second difference in the disconnection time between the IP leg and the telephony leg of the call.
Conditions: This symptom is observed when an originating fax machine loses power or its connection while a fax is being transmitted.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that has an interface with an output service policy attached may reload unexpectedly.
Conditions: This symptom is observed on a Cisco router when the bandwidth interface configuration command or the fair-queue interface configuration command is configured in the policy map that is attached via the service-policy router configuration command and when traffic is flowing through the interface at a fast rate. The router reloads under any of the following conditions:
- The interface has the ip rsvp bandwidth interface configuration command configured, and the router reloads when you enter the no ip rsvp bandwidth interface configuration command.
- The interface does not have the ip rsvp bandwidth interface configuration command configured, and you enter the ip rsvp bandwidth interface configuration command.
- You enter the ip rtp reserve lowest-udp-port range-of-ports interface configuration command.
In all three situations, a service policy that is configured with the bandwidth or fair-queue command is attached to the interface.
Workaround: Shut down the interface before entering the above commands. Enable the interface again after you have entered the commands.
•
Symptoms: A call setup to an IP network may be delayed or rejected.
Conditions: This symptom is observed when a Tool Command Language (Tcl) interactive voice response (IVR) application attempts to set up a call without specifying the incoming leg. A call setup without an incoming call leg results in an H.225 "setup" message or Registration, Admission, and Status (RAS) protocol admission message with zeros in the callIdentifier field.
Workaround: Set up a call with an incoming leg.
Alternate Workaround: Assuming that the generated globally unique identification (GUID) does not affect the billing system or the remote endpoint, enter the set callinfo TCL IVR API command to generate a new conference ID and call ID.
•
Symptoms: When the radius-server attribute 8 include-in-access- req global configuration command is entered on a RADIUS server, attribute 8 (Framed-IP-Address) is not included in the access request.
Conditions: This symptom is observed on a RADIUS server that is running Cisco IOS Release 12.2(15)T5.
Workaround: There is no workaround.
•
Symptoms: When a gateway that is in Media Gateway Control Protocol (MGCP) fallback mode reloads, no calls can be made, nor can calls be received. When the gateway comes up again, all controllers including a serial controller are automatically shut down. When you turn off auto configuration and reload the router again, you can make calls, but you still cannot receive calls.
Conditions: This symptom is observed on a Cisco 3700 series that functions as a gateway when all Cisco CallManagers (including the primary and the backup Cisco CallManager) are down, when the TFTP server is still up, and when the gateway is reloaded. This situation causes an E1 or T1 controllers to be shut down. This caveat is platform independent and may occur on another Cisco router that functions as a gateway.
Workaround: Enter the no shutdown controller configuration command on the affected E1 or T1 controller.
•
Symptoms: A Cisco Catalyst 4224 Access Gateway Switch may reload with a segmentation violation (SegV) exception when a Tool Command Language (Tcl) interactive voice response (IVR) script is used.
Conditions: This symptom is observed on a Cisco Catalyst 4224 Access Gateway Switch that is running Cisco IOS Release 12.2(15)T5, Release 12.3, or Release 12.3 B.
Workaround: There is no workaround.
•
Symptoms: A Foreign Exchange Office (FXO) port on a Cisco 3600 series may lock up and not process any calls.
To determine if the port is locked up, enter the show voice port summary EXEC command and look for a port that is in the "up, up, idle, on-hook" state, as in the following example:
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
========= == ============ ===== ==== ======== ======== ==
2/0/0 -- fxo-ls up up idle on-hook yConditions: This symptom is observed when the port processes a moderate traffic load.
Workaround: Enter the shutdown port configuration command followed by no shutdown port configuration command on the affected port.
•
Symptoms: A Cisco terminating gateway (TGW) may fail to send the correct generic transparency descriptor (GTD) for calls that are reattempted when a glare condition occurs. The TGW attempts to set up the connection by sending an NI2-SETUP message. When this message does not go through, the TGW reattempts to set up the connection and sends another NI2-SETUP message. However, the format of the second setup message is not the same as the format of the first setup message.
Conditions: This symptom is observed when a Cisco platform that functions as a TGW sends an NI2-SETUP message to a Cisco PGW 2200 Softswitch. The public switched telephone network (PSTN) on the egress side sends an Initial Address Message (IAM) in response, and this IAM causes a glare condition. The Cisco PGW 2200 Softswitch sends a message with cause value 15 to the TGW because it is configured to do in the NI2 DISC message. Because the TGW is configured to reattempt the call upon receiving a message with cause value 15, the TGW sends a second NI2-SETUP message to the Cisco PGW 2200 Softswitch.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when you enter the ip rtp reserve interface configuration command on an interface that is congested.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.3 B and that is configured for Real-Time Transport Protocol (RTP).
Workaround: Shut down the interface before you enter the command. Enable the interface after you have entered the command.
•
Symptoms: A Cisco router (router 1) with a digital modem is connected over a public switched telephone network (PSTN) to another router (router 2) with a digital modem. Router 1 is configured to check the basic connectivity to router 2. When router 1 tries to ping router 2, router 1 reloads.
Conditions: This symptom is observed on a Cisco 3725 router with a digital modem that is configured to test the digital modem connectivity between the two routers.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with a Multilink PPP (MLP) interface, the available processor memory may decrease rapidly because of a memory leak.
Conditions: This symptom is observed when the MLP interface flaps repeatedly.
Workaround: There is no workaround. You must resolve the cause of the flapping MPL interface.
Further Problem Description: A Qos config is the key to cause this memory leak. The problem won't happen without a qos configuration. Note - If PPP multilink interleave is configured, then this configuration will trigger qos memory allocation.
•
Symptoms: A gateway does not send an H.225 progress (PROG) Information Element (IE) when it receives an ISDN call proceeding (callp) with a progress indicator (PI).
Conditions: This symptom is observed when an ISDN public switched telephone network (PSTN) switch returns a callp message with a PI IE in response to the setup message from the terminating gateway. The callp does not trigger any H.225 message from the terminating gateway to the originating gateway.
Workaround: There is no workaround.
•
Symptoms: A router may reload with a bus error, and the following message appears:
PC 0x616F0B80, address 0x3C.Conditions: This symptom is observed on a Cisco 3660 router that has low memory.
Workaround: There is no workaround.
•
Symptoms: One-way audio may occur during a phone call: a user on the public switched telephone network (PSTN) side may not hear a Cisco IP SoftPhone user.
The output of debug command and sniffer traces do not indicate any packets drops, and when you listen to the sniffer trace, there seems to be two-way audio.
Symptoms: This symptom is observed when the Cisco IP SoftPhone calls the PSTN via a Cisco VG200 series that runs Cisco IOS Release 12.2(15)T7 or Release 12.3.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(11)T2.
•
Symptoms: When multiple dial peers are configured with different translation rules that are used one the same call, the authentication, authorization, and accounting (AAA) accounting records do not show accurate information of the translated called number.
Conditions: This symptom is observed on a Cisco AS5350 and a Cisco AS5400 when the outbound dial peers have translation rules configured and when multiple dial peers are used for and outbound call because of dial-peer hunting. The symptom does not occur on a Cisco AS5300.
Workaround: Analyze the call by using the correct number that is contained in the gw-final-xlated-cgn vendor-specific attribute (VSA) that is part of the stop record for the RADIUS server.
Further Problem Description: When a universal gateway such as a Cisco AS5350 or Cisco AS5400 receives a call via time-division multiplexing (TDM), and this call needs to be forwarded via Voice over IP (VoIP), the universal gateway tries the first dial peer, which translates the called number and adds a prefix to it. When this call does not go through, the universal gateway tries a second dial peer via dial-peer hunting. This second dial peer translates the number and adds a different prefix to it.
There is a start and stop record for each dial peer:
- The start record for the first dial peer contains the called station ID with the translated number and the first prefix, and there a stop record for the first dial peer.
- There is a start record for the second dial peer, but it contains the called station ID with the prefix of the first dial peer.
Although the number is translated and properly sent, the AAA records are incorrectly populated.
•
Symptoms: A Cisco gateway that runs a voice extensible markup language (VXML) application may pause indefinitely.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(13)T9 or Release 12.3(3a) but may also occur in other releases. The symptom occurs when the gateway is placed in HTTP streaming mode by entering the ivr prompt streamed all global configuration command or the ivr prompt streamed http global configuration command and when one of the following conditions is present:
–
For example:
<prompt cisco-vcrprompt="true"> <audio src="http://px1-sun/audio/DUCF_33_httpg711ulaw.au"/> <audio src="http://px1-sun/audio/DUCF_33_httpg711ulaw.au"/> </prompt>–
Workaround: Turn off HTTP streaming by entering the no ivr prompt streamed http global configuration command or the ivr prompt streamed none global configuration command.
Alternate Workaround: Turn off HTTP caching by entering the http client cache memory pool 0 global configuration command.
•
Symptoms: A router may reload when the police policy-map class configuration command is enabled under a policy map.
Conditions: This symptom has been observed rarely and is not easily reproduced.
Workaround: There is no workaround.
•
Symptoms: The MAXIMUM MTU with Df set across an L2TP MPLS VPN is 1460(df set); any ping larger than 1460 failed. In this case, the physical layer MTU is 1500.
Conditions: This issue is observed on LES platforms when the router is performing MPLS operations as well as acting as a L2TP Network Server (LNS). The received MPLS packet is dropped while trying to inject into the L2TP tunnel. This issue is observed only in LES platforms like the Cisco 3600 series routers and the Cisco 4500 series routers.
Workaround: Besides the issue with 1460 bytes and above ping packets with DF bit set, the traffic of packets between 1460 and 1500 bytes can be made possible, by fragmenting the tagged packets before the transmission.
Configure mpls mtu 1450 on the router in the MPLS cloud before the MPLS packet reaches the router that injects the packet into the L2TP tunnel.
•
Symptoms: R2 International Telecommunication Union (ITU) base variants do not apply the correct mapping for the following two ISDN or ISDN User Part (ISUP) cause values (CVs):
- CV#04 - Send Special Information Tone
- CV#28 - Invalid Number Format (Address Incomplete)
Conditions: This symptom is observed on Cisco gateways that are configured with ISDN and Redundant Link Manager (RLM) and that have R2-ITU trunks.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series that functions as a provider edge (PE) router may fail to receive an Internet Control Message Protocol (ICMP) echo message on a Multilink PPP (MLP) ingress interface.
Conditions: This symptom is observed on a Cisco 7500 series when Virtual Private Network (VPN) routing/forwarding (VRF) is configured on the MLP interface.
Workaround: There is no workaround.
•
Symptoms: A gateway that receives a mid-call invite message with a missing contact header may respond with a "400 Bad Request" message, causing the call to be terminated. This is improper behavior.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(15)T, 12.3, or 12.3 T.
Workaround: There is no workaround.
•
Symptoms: Tag entries may be missing on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed on a Cisco 7500 series that has distributed Cisco Express Forwarding (dCEF) enabled.
Workaround: Enter the clear cef linecard user EXEC or privileged EXEC command.
•
Symptoms: Reassembler multi-bit error causes a card crash.
Conditions: This problem occurs under the following conditions:
1. XF works as eLSR and is connected to dual LSCs (slot3/4) with MPLS i/f sw1.1 and sw1.2.
2. There are 250 spvcs with VRF enabled to CE.
3. There are 250 eBGP sessions to CE.
4. CE runs TGN and sends IP traffic through the 250 spvcs to remote CEs.
5. Input/output service policy is configured under 250 spvcs.
6. There are 60K VPNv4 routes.
7. Clear interface sw1 on PE.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 may reload unexpectedly while voice extensible markup language (VXML) is being processed.
Conditions: This symptom is observed when Cisco AS5300 is configured with four E1 interfaces. The symptom does not occur when the Cisco AS5300 is configured with only two E1 interfaces.
Workaround: There is no workaround.
•
Symptoms: A gatekeeper that is configured for H.323 version 4 (H.323v4) may not insert service IDs in an Admission Rejection (ARJ) message to an H.323v4 gateway.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that receives service IDs from a route server but does not include the service IDs in the ARJ message to the H.323v4 gateway.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error when Session Initiation Protocol (SIP) calls are cancelled.
Conditions: This symptom is observed on a Cisco router while Real-Time Transport Protocol (RTP) statistics for the cancelled SIP calls are being updated.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when packets are tag switched.
Conditions: This symptom is observed when a Bridge-Group Virtual Interface (BVI) is created after the router has booted up, when IP packets are received through the BVI, and when these IP packets are forwarded as Multiprotocol Label Switching (MPLS) packets through another interface.
Workaround: Disable tag switching on the BVI interface by entering the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command.
•
Symptoms: A Route Processor Module-PRemium 512 (RPM-PR-512) may crash. The crashinfo file may show segmentation and reassembly (SAR) autorecovery messages and indicate that the SAR ATM processing unit (APU) has stalled.
Conditions: This symptom is observed on a Cisco MGX8850 when SAR autorecovery is enabled. When SAR autorecovery is disabled and the SAR APU stalls, the RPM-PR-512 does not crash but is reset by the Processor Switch Module 45 (PXM-45).
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur as a result of entering the interface configuration command:
no ip rtp header-compression or no ip tcp header-compression
Conditions: This error will only occur when there is traffic running and being compressed in process switching mode on the interface being configured.
Workaround: Traffic will be prevented from flowing if the interface is shut down during reconfiguration, and the crash will not occur.
•
Symptoms: Incoming MPLS packets are not serviced by the right queues on ingress interfaces.
Conditions: Configure an input policy map on the RPM-XF with class maps matching against exp bit.
Workaround: There is no workaround.
•
Symptoms: A card with 2 POS up links crashes due to the high speed backplane bus error.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) that functions as hub router with 2 POS up links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Workaround: There is no workaround.
•
Symptoms: An automatic backcard removal event of a 2-port POS card occurred in the RPMXF card, and the RPMXF card rebooted.
Conditions: This symptom occurs when a 2-port OC-12 Packet-over-SONET card is used.
Workaround: There is no workaround.
•
Symptoms: An RPM-XF that functions as an PE router may crash.
Conditions: This symptom is observed when traffic is switched through a multilink interface on which a QoS service policy is configured that includes a set command and when the Multilink interface flaps. (goes down and comes back up). The symptom occurs at random and depends on the traffic pattern.
Workaround: There is no workaround.
•
Symptoms: An incorrect instruction may be executed on a Cisco AS5350 or Cisco AS5400 when low address ranges in the memory are accessed with the show memory command. When some of the CP0 registers are updated, the instruction cache is flushed while the instruction in the pipeline may be loading the instruction cache. This situation may cause an incorrect instruction to be executed.
Conditions: These symptoms are observed only when low address ranges in the memory that should not be viewed with the show memory command are accessed.
Workaround: There is no workaround.
•
Symptoms: When running SIP calls on a Cisco IOS gateway under load/stress, the user is recommended not to use the show sip calls command. However, if the command is given, it can possibly lead to a gateway crash due to memory corruption. The crash may not be seen immediately after giving the command. Instead, it may happen a few minutes or hours later.
Conditions: The following conditions need to be satisfied for memory corruption to happen: 1) SIP calls are running, and there is a heavy load of call setups and tear downs. 2) Run the show sip calls command. 3) Continue with heavy load of SIP calls. 4) May see a memory corruption and crash on the gateway after sometime.
Note that step (4) is not always going to happen. It will more likely happen if there are competing processes, for example ISDN, SNMP, and others, requesting fresh memory.
Workaround: Do not use the show sip calls command for viewing call status for SIP calls when there is call traffic. Instead use the show call active voice command for generic call related information.
•
Symptoms: A Cisco MGX 8800 series Route Processor Module XF (RPM-XF) may crash and generate the following error message:
No memory for XCM tempbuffer loggedConditions: This symptom is observed on an RPM-XF that functions as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when you enter the clear interface sw1 command multiple times on the RPM-XF.
Workaround: There is no workaround.
•
Symptoms: Xtag on the LSC connected to the congested PE may go down. This brings the OSPF and LDP adjacency down as well.
Conditions: This symptom occurs when there is congestion on the input process level queue.
Workaround: There is no workaround.
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5850 using E1 Trunks, the debounce-time rai time-interval command does not work.
Conditions: This command is only supported on Cisco AS5850 E1 Trunks.
Workaround: There is no workaround.
•
Symptoms: SAR crash file does not contain event log information.
Conditions: This symptom always occurs.
Workaround: The event log information should be obtained from the syslog, if one is configured, or the show logging command needs to be executed after a SAR crash is noticed.
•
Symptoms: During periods of high Session Initiation Protocol (SIP) call volumes, a router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed on a Cisco AS5300 series universal gateway when a SIP call is cancelled due to a 408 Request Timeout response received for a SIP PRovisional ACKnowledgement (PRACK) message.
Workaround: There is no workaround.
•
Symptoms: A Cisco RPM-XF reloads unexpectedly after displaying the following message:
*Feb 5 00:47:01.687: %GENERAL-5-NOTEVENT: Defragmenting PXF external column memoryConditions: This symptom is observed when the message is printed, and there are simple ACLs active.
Workaround: There is no workaround.
•
Symptoms: A "%SYS-2-INTSCHED: `sleep for' at level 4" traceback is observed.
Conditions: This symptom occurs when a periodic ping timeout in the control path writes an sar_mxt4400_info file in the bootflash and resets the control path.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: The SFPs fail in SFP security checking.
Conditions: This symptom occurs when a 2-port Gigabit Ethernet card is used. The problem may also occur with a 2-port POS card if SFPs are used.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7206VXR may reload when there is a high E1 PRI call load.
Conditions: This symptom is observed on a Cisco 7206VXR that runs the c7200-is-mz image of Cisco IOS Release 12.3(3) or Cisco IOS Release 12.3(2)T.
Workaround: There is no workaround.
•
Symptoms: A provider edge (PE) router may reload when packets are forwarded while a remote Virtual Private Network (VPN) prefix is being reresolved.
Conditions: This symptom is observed when the MPLS VPN-Inter-AS-IPv4 BGP Label Distribution feature is configured for option 4, that is, for a non-VPN transit provider and a multi-hop external Border Gateway Protocol (eBGP) connection between route reflectors (RRs).
Workaround: For the exchange of PE loopback addresses between autonomous systems, do not use eBGP with IPv4 label distribution. Rather, configure redistribution into Interior Gateway Protocol (IGP) or static routes.
•
Symptoms: A T.37 off-ramp fax call may disconnect without a T.30 data communications network (DCN). The fax is received correctly, but the call does not disconnect properly. The following error message is displayed:
T.30 flow error: DCN signal not received before session end.Conditions: This symptom is observed on a Cisco AS5350 router during fax off- ramp call testing.
Workaround: There is no workaround.
•
Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).
For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.
•
Symptoms: A Cisco 7200 series may crash when the shutdown voice-port configuration command followed by the no shutdown voice-port configuration command is entered via a script.
Conditions: This symptom is observed when a script configures the router for VoFR (via a T1 connection) with FXS LoopStart signaling.
Workaround: Do not use a script. Rather, enter the configuration manually.
•
Symptoms: The system may unexpectedly reload when distributed CEF (dCEF) is disabled.
Conditions: A Cisco 7500 series router that is configured to operate with distributed IP Header Compression (IPHC) may reload when dCEF is disabled.
Workaround: Before disabling dCEF, disable IPHC.
Resolved Caveats—Cisco IOS Release 12.3(2)T4
Cisco IOS Release 12.3(2)T4 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: The output from the show policy-map interface interface-name EXEC command does not display the correct dropped counters and drop rate.
Conditions: This symptom is observed when a policy map is applied to the subinterface of a Cisco MGX Route Processor Module (RPM-XF).
Workaround: Use the show hardware pxf cpu que interface interface privileged EXEC command to get the proper drop count.
•
Symptoms: When you add or configure a permanent virtual circuit (PVC) for a range of bandwidths, the actual bandwidth that is allocated is a value that is lower than requested. For example, if you add a PVC with a peak cell rate (PCR) equal to the sustainable cell rate (SCR) of 542,000 kilobits per second (kbps), the effective rate is 500,000 kbps.
Conditions: This symptom is observed when the requested bandwidth does not match any entry in the internal table. The bandwidth is then rounded off to the nearest lower value.
Workaround: Add the PVC with a higher bandwidth. For example, add the PVC with a PCR value of 550,000 kbps to get the effective rate of 542,000 kbps.
•
Symptoms: The Alarm Interface Controller (AIC) network module is not recognized by a Cisco 3745 router.
Conditions: This symptom is observed on a Cisco 3745 router that is running the c3745-adventerprisek9-mz image of Cisco IOS Release 12.3(4)T. The AIC network module is recognized on a Cisco 3745 router that is running the c3745-sz-mz image of Release 12.3(4)T.
Workaround: There is no workaround.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptoms: A Cisco router reloads when you execute a Parallel Express Forwarding (PXF) microcode reload.
Conditions: This symptom is observed when a large number of label virtual circuits (LVCs) are present in a cell-based Multiprotocol Label Switching (MPLS) network.
Workaround: There is no workaround.
•
Symptoms: You may not be able to debug a string rewrite difficulty.
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) when Parallel Express Forwarding (PXF) forwarding fails while a debugging operation is performed. You may not be able to verify the string rewrite information of the PXF engine.
Workaround: Enter the show pxf cpu cef ip-prefix privileged EXEC command and the show pxf cpu rewrite rewrite-index privileged EXEC command to get the string rewrite information. Then, decipher the information.
•
Symptoms: Traffic is not forwarded by a line card in a multiple virtual circuit (VC) setup.
Conditions: This symptom may be observed when one of the following actions occurs through the command-line interface (CLI:
–
–
–
–
–
Workaround: Enter the clear ip route * EXEC command.
•
Symptoms: The Per-Packet Load Balancing (PPLB) feature is not stable and packets are sometimes lost.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF).
Workaround: There is no workaround.
•
Symptoms: The protocol may flap on a congested link fragmentation and interleaving (LFI) link.
Conditions: This symptom is observed on a Route Processor Module (RPM) when the priority queue (PQ) is congested.
Workaround: Do not congest the PQ LFI link.
•
Symptoms: A dequeued packet may have an incorrect length, which may cause a packet buffer leak or other unexpected behavior.
Conditions: This symptom is observed on a Cisco 8800 series MGX Route Processor Module (RPM-XF) when packet queues are not allocated on the address boundary of the queue size.
Workaround: There is no workaround.
•
Symptoms: When you enter the clear interface switch1 user EXEC or privileged EXEC command, a protocol control information (PCI) bus timeout may occur.
Conditions: This symptom is observed on a Cisco 8800 MGX series Route Processor Module (RPM-XF) when a large amount of PCI bus activity occurs and when there are circuits that have flow configured per virtual circuit (VC).
Workaround: There is no workaround.
•
Symptoms: Trunk cards that are installed in a Cisco AS5850 may become stuck in the power-pending state and may not be able to boot properly.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with redundant RSCs and that has health monitoring of the forwarding information database (FIB) enabled when you reload software onto the Route Switch Controller (RSC) that is installed in slot 7.
Workaround: Reload the RSC that is installed in slot 6.
First Alternate Workaround: Reload software onto both the RSC that is installed in slot 7 and the RSC that is installed in slot 6.
Second Alternate Workaround: Switch the power of the Cisco AS5850 off and on.
Third Alternate Workaround: Disable health monitoring of the FIB.
•
Symptoms: The hashing algorithm may be incorrect when multipath load balancing is configured in frame mode for both external Border Gateway Protocol (eBGP) and internal Border Gateway Protocol (iBGP).
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module (RPM-XF) that functions as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A memory leak may be observed after an input policy may is applied to an ATM interface. After a period of time, all memory buffers are exhausted and packets cannot be punted to a Route Processor Module (RPM).
Conditions: This symptom is observed on an MGX RPM (RMP-XF) that acts as a P router in a frame-based Multiprotocol Label Switching (MPLS) network.
Workaround: There is no workaround.
•
Symptoms: A Cisco 8800 MGX series Route Processor Module (RPM-XF) may reload unexpectedly when a "NULL RD" error occurs.
Conditions: This symptom is observed when multicast is configured in conjunction with an output log access control list (ACL).
Workaround: Avoid output logging on interfaces that transmit multicast traffic.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Wide-Area Networking
•
Symptoms: Spurious memory access and tracebacks may be observed when the show vpdn session packets EXEC command is executed. In addition, the router may reload if this command is issued after approximately thirty Layer 2 Forwarding Protocol (L2F) sessions have been established.
Conditions: This symptom is observed on a Cisco access server for L2F sessions. The symptom is not observed for Layer 2 Tunneling Protocol (L2TP) sessions.
Workaround: There is no workaround.
•
Symptoms: Some ISDN channels on a Cisco AS5850 may remain in the out-of-service state.
Conditions: This symptom is observed on a Cisco AS5850 that has the Redundant Link Manager (RLM) enabled when you reload the Route Switch Processor (RSC) that functions in classic-split mode and that is installed in slot 7.
Workaround: In the RLM configuration, configure the "force-down" timeout to be 60 seconds by entering rlm group group-number global configuration command followed by the timer force-down 60 RLM configuration command.
Resolved Caveats—Cisco IOS Release 12.3(2)T3
Cisco IOS Release 12.3(2)T3 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: A Cisco MGX 8850 Route Processor Module-PRemium (RPM-PR) may log the following traceback error:
%ATMPA-3-BADPARTICLE: Switch1: bad rx particle 0x61CA8040 flags 0x00000001 index 9937 Traceback= 6007968C 6008F404 60E844F0 60E815F4 60D80BF4 60D8E8A4 6009CF94 600B56ECConditions: This symptom occurs in the following configuration:
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require. Consequently, the following difficulties may occur:
–
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, when you query the mplsXCTable or a MIB walk occurs, and when there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.
Workaround: Perform the following steps:
1. Shut down interfaces to bring the total count of active MPLS labels down to far below 10,000.
2. Disable the MPLS-LSR-MIB MIB by entering the following sequence of commands:
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server view nolsrmib iso include
3. Modify each defined community string to include the view nolsrmib keywords. For example, define the "public" community string by entering the following command:
snmp-server community public view nolsrmib ro
4. Enter the no shutdown interface configuration command on all the interfaces that you shut down in Step 1.
•
Symptoms: When a heartbeat failure occurs on an Edge Label Switch Router (ELSR), the Route Processor Module (RPM-PR) is reset by the Processor Switch Module (PXM).
Conditions: This symptom is observed in a Large Scale Network Test (LSNT) environment under the following network conditions:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: External/internal BGP (eiBGP) multipath load sharing may not use all of the available Border Gateway Protocol (BGP) paths.
Conditions: This symptom is observed when all of the eBGP routes for the prefix that are affected are locally imported from another VPN routing/forwarding (VRF). As a result, a local label is not associated with the prefix in the imported VRF. This behavior prevents all BGP paths from being used.
Workaround: Have at least one eBGP route for the prefix learned directly from an eBGP peer, instead of importing the route from another VRF. This forces the creation of a local label, and as a result, all BGP paths are used.
•
Symptoms: A Cisco AS5850 router may have high CPU usage in the IP input process because voice packets are punted from the line cards to the Route Switch Controller (RSC) card. To verify this symptom, enter the show interface type number stat EXEC command. The following output from the show interface command indicates that the entry for packets out (Pkts Out) in the "Distributed cache" field is 0.
Router#show interface g6/0 stat
GigabitEthernet6/0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 752 56786 25 3267
Route cache 0 0 3120 666090
Distributed cache 3019 644372 0 0
Total 3771 701158 3145 669357Conditions: This symptom is observed on a Cisco AS5850 that handles voice calls. The symptom is not observed on the Cisco AS5850 with modem calls.
Workaround: There is no workaround.
•
Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.
Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.
To clear the symptom, reload the router.
Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.
•
Symptoms: When you enter the show pxf cpu subblocks interface privileged EXEC command, versatile traffic-management system (VTMS) information for the to-RP link is not displayed. An "invalid input detected" error message is displayed.
Conditions: This symptom is observed on a Cisco router when you enter the show pxf cpu subblocks interface privileged EXEC command. "RP" is currently not supported as an interface name in this command.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform that functions as a gateway may report a "destination out of order" cause code for a call that is disconnected in a normal way.
Conditions: This symptom is observed when an H.245 TCP connection close request (FIN) reaches the gateway before the H.225 release complete message (RLC), which causes the gateway to assume that the H.245 connection is terminated and to tear down the call with a "destination out of order" cause code. This situation may occur with semi-routed gatekeeper signalling, when the H.225 connection runs via a gatekeeper and the H.245 connection runs directly between the gateway and the third-party vendor endpoint. This situation may also occur when a race condition occurs between the FIN and the RLC.
Workaround: Ensure that the third-party vendor endpoint sends an end session command (an H.245 message) before tearing down the H.245 connection.
•
Symptoms: All of the extended Multiprotocol Label Switching (MPLS) ATM (XTagATM) interfaces may flap on a label switch controller (LSC).
Conditions: This symptom is observed when an edge label switch router (LSR) resets or when ATM Services (AXSM) trunks flap.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you enter the show ip cef non-recursive detail EXEC command.
Conditions: This symptom is observed when any show command attempts to display information about tag rewrite entries while the tag rewrite entries are being deleted by route updates.
Workaround: Do not enter any show command to display tag rewrite entries when many route updates occur.
•
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
–
–
–
Workaround: There is no workaround.
•
Symptoms: In a Large Scale Network Testing (LSNT) environment, a transmit path segmentation and reassembly (SAR) component reloads and then the Route Processor Module (RPM) reloads.
Conditions: This symptom is observed on a Cisco router that has a transmit path SAR component and a Revision 4 RPM and that is running Cisco IOS Release 12.2(15)T4a under stress conditions with a high rate of traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway may respond to a Notification Request (RQNT) with a cause code of 400 (transaction not executed: transient error).
Conditions: This symptom is observed on a Cisco gateway when it receives a Delete Connection (DLCX) and responds back with a 250 cause code. The gateway may then receive an RQNT from the call agent, and the Cisco gateway responds with a 400 cause code.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization or CPUHOG messages may be observed on a Cisco router after an access list is applied or removed.
Conditions: This symptom is observed in a cell-based network where the provider edge (PE) router has over 700 label virtual circuits (LVCs) and stores more than 75,000 Border Gateway Protocol (BGP) prefixes. When the access list is configured to deny a few Interior Gateway Protocol (IGP) prefixes, high CPU utilization or CPUHOG messages may occur.
Workaround: There is no workaround.
•
Symptoms: The output from the show interfaces tunnel 1 privileged EXEC command does not display any traffic statistics even though multicast (mcast) traffic is being received.
Conditions: This symptom is observed on an mcast-enabled Virtual Private Network (VPN) that is receiving mcast traffic. The amount of traffic being received is visible in the output of the show ip mroute privileged EXEC or user EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) Virtual Switch Interface (VSI) slave sends unused and reserved service categories in the VSI load information to the Multiprotocol Label Switching (MPLS) VSI master.
Conditions: This symptom is observed on a Cisco RPM-XF when VSI interface load information is sent. The unused and reserved service categories information is sent in the connection commit response and connection delete response.
Workaround: There is no workaround.
•
Symptoms: set commands that are used with a service policy can cause a router to reload in some circumstances. The set cos policy-map class configuration command can cause reloads in addition to other set commands.
Conditions: This symptom may be observed with configurations that have a service policy with the set command on the interface in combination with one or all of the following three configurations:
–
–
–
Under these circumstances, configuration changes of the set-based policy map can cause the router to reload.
Workaround: There is no workaround.
•
Symptoms: When a 16-port Asynchronous/Synchronous Network Module (NM-16A/S) card is inserted in the chassis of a Cisco 3745 router, and the show tech-support privileged EXEC command is entered, the router reloads.
Conditions: This symptom is observed on a Cisco 3745 router that is running Cisco IOS Release 12.3(2)T. When the NM-16A/S card is removed from the Cisco 3745 router and the show tech-support privileged EXEC command is entered, the symptom is not observed.
Workaround: There is no workaround.
•
Symptoms: The following Virtual Switch Interface (VSI) traceback may be observed on a Cisco router:
Vsi Major Alert: VsiErr:TCB Buffer Allocation Error, 0x500EConditions: This symptom is observed on a Cisco router in certain error situations in which Transmission Control Blocks (TCBs) are not freed.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) may reload when you enter the show pxf cpu rewrite tree privileged EXEC command.
Conditions: This symptom is observed if Multiprotocol Label Switching (MPLS) prefixes that correspond to the tree being shown are removed when you enter the show pxf cpu rewrite tree privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: After the switchcc command is entered on the Processor Switch Modules (PXM) on an MGX node, the segmentation and reassembly (SAR) autorecovery feature is invoked for the Route Processor Module (RPM-PR) cards.
Conditions: This symptom is observed after the switchcc command is entered and if the poll port open request on any one of the RPM-PR cards times out. The poll port open request can time out if the SAR engine or CPU on the RPM-PR is really busy and drops poll port open requests that come from the PXM.
Workaround: There is no workaround.
•
Symptoms: An incorrect MAC encapsulation string in a Multiprotocol Label Switching (MPLS) forwarding table on a provider edge (PE) router causes traffic to go down.
Conditions: This symptom is observed on a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) that rebuilds the MPLS forwarding table after traffic stops on a PE router.
Workaround: Enter the clear ip route network EXEC command on the PE router that has the traffic problem.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface command on the MPLS interfaces of the problem PE.
•
Symptoms: When decompression of IP Header Compression (IPHC) packets occurs, some packets are dropped or context status messages are sent back to the compressor.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) when the compressed packets contain IP options and the packets use 16-bit IPHC IDs.
Workaround: Use the ip rtp compression-connections interface configuration command to set the maximum number of IPHC connections to no more than 256.
•
Symptoms: ATM binding is not used by the Tag Forwarding Information Base (TFIB) Cisco Express Forwarding (CEF) table for some prefixes of remote provider edge (PE) routers on a PE router.
Conditions: This symptom is observed on a Cisco Route Processor Module (RPM-PR) in a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Workaround: Enter the clear ip route network EXEC command.
•
Symptoms: The CPU usage on a Cisco AS5850 may be close to 100 percent with a moderate number of voice calls with any Voice over IP (VoIP) device that uses the User Datagram Protocol (UDP) checksum (for example, Cisco Analog Telephone Adapter [ATA] devices and the Cisco 7900 series IP phones).
Conditions: This symptom is observed on a Cisco AS5850 when VoIP devices that use UDP checksum are installed in a client network as a peer Voice over IP (VoIP) gateway that uses Session Initiation Protocol (SIP) and has the ip udp checksum dial-peer configuration command enabled. This causes the Cisco AS5850 to punt packets to the Route Switch Controller (RSC) and have high CPU usage at the RSC with only a moderate number of calls.
Workaround: Disable the UDP checksum option in the client network by entering the no ip udp checksum dial-peer configuration command. If this is not possible, there is no workaround.
•
Symptoms: A Transmission Control Block (TCB) is incorrectly logged, and the following traceback error is displayed:
VsiErr: TCB Release ErrorConditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) when the connection request whose TCB is freed has an endpoint that is the same as a connection that is pending a commit or delete action.
Workaround: There is no workaround.
•
Symptoms: In a Large Scale Network Testing (LSNT) network, memory is not deallocated correctly.
Conditions: This symptom is observed on Cisco MXF Route Processor Module (RPM-XF) cards that are running YP4 images of Cisco IOS software where the approved vendor list (AVL) memory allocation and deallocation for a prefix of a Class of Service (CoS) index 0 value is not handled correctly.
Workaround: There is no workaround.
•
Symptoms: A Cisco MXF Route Processor Module (RPM-XF) may unexpectedly reload when you delete the subinterface switch 1.1 by entering the no interface switch1.1 interface configuration command. An error message similar to the following message may be displayed:
System returned to ROM by bus error at PC 0x40096E4C, address 0xD0D0D61The following message may be observed in the crashinfo file:
%GENERAL-5-NOTEVENT: Deleting last sub-interfaceConditions: This symptom is observed on a Cisco RPM-XF when a Multiprotocol Label Switching (MPLS) subinterface is deleted.
Workaround: There is no workaround.
•
Symptoms: The node of a local Label Switch Controller (LSC) that is part of a Multiprotocol Label Switching (MPLS) cell-based network may observe the following symptoms:
–
–
–
–
–
–
Conditions: These symptoms are observed on the LSC of a Cisco MGX Route Processor Module (MGX-PRM-PR-512) that is running Cisco IOS Release 12.2(15)T4a.
Workaround: From the node of the local LSC that is observing the symptoms, enter the clear ip route network EXEC command.
•
Symptoms: It is not possible to change to the default value of 64 milliseconds (ms) when you enter the echo-cancel coverage voice-port configuration command.
Conditions: This symptom is observed when the following steps are taken to change to the default value (64) of the echo-cancel coverage voice-port configuration command.
–
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Virtual Switch Interface (VSI) may access a null pointer in a rare situation.
Conditions: This symptom is observed on a VSI slave on an ATM Services Module (AXSM) platform if a corrupted message is received. The symptom may also be observed on a Cisco MGX Route Processor Module (RPM-XF).
Workaround: There is no workaround.
•
Symptoms: A Cisco Route Processor Module (RPM) may reload because of a Virtual Switch Interface (VSI) task exception.
Conditions: This symptom is observed on an ATM Services Module (AXSM) in a large scale connection reroute environment. This symptom has not yet been observed on the Cisco MXF RPM (RPM-XF).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(2)T2
Cisco IOS Release 12.3(2)T2 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The snmp-server drop vrf-traffic command-line interface (CLI) command used to drop Simple Network Management Protocol (SNMP) packets received on VPN routing/forwarding (VRF) interfaces is not available.
Conditions: This symptom is observed in all releases of Cisco IOS software.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A segmentation and reassembly (SAR) crash dump does not show valid debug information.
Conditions: This symptom is observed when there is a SAR crash and there is incorrect register dumps that are logged for SAR0 and SAR1.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.
Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.
Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.
•
Symptoms: Border Gateway Protocol (BGP) may send incomplete updates to the peer routers, and some routers may not send full routes to their peer routers. This behavior may cause some routes to be missing from the peer.
Conditions: This symptom is observed when a slow BGP peer in a peer group comes up while BGP is in the process of sending updates to the peer routers. This symptom is not platform specific.
Workaround: Enter the clear ip bgp peer- address soft out EXEC command to clear this condition. Avoid using a peer group if possible.
Miscellaneous
•
Symptoms: If a Gigabit Ethernet (GigE) interface back card has an initialization failure, further configuration on the card may cause the front card to reboot.
Conditions: This symptom is observed on a Cisco router if the GigE back card initialization fails, and loading the startup configuration or manual configuration changes the uninitialized GigE back card configuration, then the MGX Route Processor Module front card may reboot.
Workaround: There is no workaround.
•
Symptoms: Input errors may be observed with the show interface switch1 privileged EXEC command when a police policy is applied to the output of the interface.
Conditions: This symptom is observed only with policies that are police-type policies as shown in the following example:
Router#show policy-map mvpn
Policy Map mvpn
Class mul
police cir 10000 bc 1500
conform-action transmit
exceed-action drop
Router#
Router#show class-map mul
Class Map match-all mul (id 18)
Match ip dscp cs1Workaround: There is no workaround until this caveat is fixed. The problem is actually in the reporting. The police drops are not really input errors; they are input drops. Disregard the input errors. No harm will come with this reporting. The problem is only in how to interpret the errors.
Further Problem Description: The fix for this caveat is to not update the input errors with input drops in the segmentation and reassembly (SAR) because input drops include the toaster drops at this time.
•
Symptoms: A Cisco router pauses indefinitely when Cisco Express Forwarding (CEF) is disabled and there is traffic from one of the ports on a 16-port EtherSwitch or a 36-port EtherSwitch.
Conditions: This symptom is observed on a Cisco 3660 router or a Cisco 3700 series that is running Cisco IOS Release 12.3(1) with IP security (IPSec) configured, and uses an Advanced Integration Module (AIM) card for encryption.
Workaround: Enable CEF globally.
Alternate Workaround: Disable the AIM card.
•
Symptoms: H.323 vendor-specific attributes (VSAs) are absent on a RADIUS server.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(1.7) when T.37 off-ramp calls occur.
Workaround: There is no workaround.
•
Symptoms: A Route Processor (RP) queue builds up. This causes the Operation, Administration, and Maintenance (OAM) feature to time out and Tag Distribution Protocol (TDP) and Open Shortest Path First (OSPF) to start flapping. The queue build-up lasts about 27 seconds. The symptom may reoccur after 5 to 30 minutes.
Conditions: This symptom is rarely observed. Having more interfaces configured on the system increases the possibility of the symptom occurring.
Further Problem Description: The cause of the symptom is a Parallel Express Forwarding (PXF) hardware issue where the second time does not immediately increment even after the fractional timer rolls over. A solution is to increase the tolerance of the next send time being ahead of the current time to 1 second.
Workaround: Use the microcode reload pxf global configuration command to reload the PXF microcode.
•
Symptoms: A linkUp trap may not be generated on a Cisco router.
Conditions: This symptom is observed on a Cisco 3620 router that is running Cisco IOS Release 12.2(17).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of memory corruption.
Conditions: This symptom is observed on a Cisco 7200 series with a Network Service Engine 1 (NSE-1) processor board or a Cisco 7401 router that acts as a Layer 2 Tunneling Protocol session endpoint system. Parallel Express Forwarding (PXF) is turned on and the per-user rate limit configuration has been downloaded from an authentication, authorization, and accounting (AAA) server that has a high traffic rate (about 120 Mbps) and a high CPU load (about 70 percent). The symptom occurs as the sessions go up and down when the users log on and off.
Workaround: There is no workaround.
•
Symptoms: The output from the show diag EXEC command indicates that a voice interface card (VIC-1J1) is an unknown card.
Conditions: This symptom is observed on a Cisco router that has a VIC-1J1.
Workaround: There is no workaround.
•
Symptoms: When a service policy is modified, all traffic that goes out of an ATM switch interface may stop.
Conditions: This symptom is observed when 200 Multilink interfaces are configured and the same service policy is applied to all of the interfaces. A Border Gateway Protocol (BGP) session is established over each of the interfaces and a segmentation and reassembly (SAR)-based Class-Based Weighted Fair Queueing (CBWFQ) is enabled. The traffic may stop if the service policy is modified while data traffic is running through the Multilink interfaces.
Workaround: There is no workaround.
•
Symptoms: Voice calls are hung after several hours of a voice call stress test.
Conditions: This symptom is observed on a Cisco router in a voice call stress test of an extended duration (5 to 6 hours). The router is configured with Media Gateway Control Protocol (MGCP) channel-associated signaling (CAS) and has two digital signal 3 (DS3) port adapters that are full of voice calls.
Workaround: There is no workaround.
•
Symptoms: Network authorizations may fail for locally authenticated sessions.
Conditions: This symptom is observed for network authorizations for PPP sessions if the user is authenticated locally and the authorization method list contains the radius keyword.
Workaround: Use separate lists for local and RADIUS authorization.
•
Symptoms: A Cisco Route Processor Module (RPM) may reload when segmentation and reassembly (SAR) autorecovery feature is enabled and the oam-pvc manage 0 command is entered for the permanent virtual circuits (PVCs).
Conditions: This symptom is observed on an RPM with the SAR autorecovery feature enabled.
Workaround: Specify the Operation, Administration, and Maintenance (OAM) management frequency instead of using the oam-pvc manage 0 command.
•
Symptoms: A label may not be assigned for a peer provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7500 series and a Cisco 12000 series in a Virtual Private Network (VPN) configuration with multiple route reflectors (RRs) and label controlled ATM (LC-ATM) links between PE routers.
Workaround: There is no workaround.
•
Symptoms: The number of packets displayed in the output of the show policy-map interface interface-name EXEC command is twice the number of packets actually sent out. The counter is being updated by both the Route Processor (RP) and Parallel Express Forwarding (PXF).
Conditions: This symptom is observed on a Cisco RPM-XF card with a service policy attached on a Multilink interface.
Workaround: Look at PXF statistics using the show pxf cpu statistics qos interface EXEC command.
•
Symptoms: The CNS event agent does not detect when the connection to the server breaks.
Conditions: This symptom is observed when the CNS event agent service is configured by the cns event keepalive configuration command.
Workaround: There is no workaround.
•
Symptoms: Virtual Switch Interface (VSI) packet drops occur in a Parallel Express Forwarding (PXF) queue.
Conditions: This symptom is observed when xtags flap and cause a large number of label virtual circuits (LVCs) to be rerouted.
Further Problem Description: As part of the solution to this problem, the VSI window size to the controller has been reduced to throttle the incoming bursts from the controller. The VSI channel's bandwidth and queue depth in segmentation and reassembly (SAR) has been increased. VSI message queue depth has also been increased to minimize message drops.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) reloads when the microcode reload pxf privileged EXEC command is entered.
Conditions: This symptom is observed when the Parallel Express Forwarding (PXF) firmware file name that is provided is not actually PXF firmware. The symptom does not occur with valid file names.
Workaround: Make sure that the PXF firmware file name used in the command is valid.
•
Symptoms: A Cisco 7200 series that is on a dial interface may unexpectedly reload.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(13)T3, Release 12.2(13)T5, Release 12.2(15)T5, Release 12.3(1a), or Release 12.3(2)T and that has IP header compression configured.
Workaround: Remove TCP and Real-Time Protocol (RTP) header compression from all dial interfaces by entering the no ip rtp header-compression and no ip tcp header-compression interface configuration commands.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) may lose communications with a Label Switch Controller (LSC) and all configured connections.
Conditions: This symptom is observed on a Cisco RPM-XF that has Multilink PPP (MLP), link fragmentation and interleaving (LFI), and Compressed Real-Time Protocol (CRTP) configured. There is no heavy traffic running through the node. The output of the show pxf cpu context EXEC command indicates that the feedback statistics on existing packets are increasing but no new packets are being processed.
Workaround: Reload the Parallel Express Forwarding (PXF) microcode on the RPM-XF.
•
Symptoms: A Simple Network Management Protocol (SNMP) provision request with a peak cell rate (PCR) above 599000 cells per second (cps) fails.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) that uses Cisco WAN Manager (CWM) ConnProxy agent for an SNMP provision request, and it is only applicable by way of MIB sets.
Workaround: Use the command-line interface (CLI) to provision SNMP requests.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) pauses indefinitely when a Multiprotocol Label Switching (MPLS) subinterface is being removed.
Conditions: This symptom is observed on a Cisco RPM-XF that is running an rpmxf-p12-mz image of Cisco IOS Release 12.3(3.2)T when an MPLS subinterface is being removed, even though there is no traffic on the subinterface.
Workaround: Shut down the MPLS subinterface before removing it.
•
Symptoms: A Cisco AS5850 reloads when digital signal processor (DSP) timeouts occur and the following error messages appear:
%DIAL5-3-MSG:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x601F4AA4 reading 0x24
%ALIGN-3-TRACE: -Traceback= 601F4AA4 601F79BC 60215FB0 601B0B1C 00000000 00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 601F4AAC 601F79BC 60215FB0 601B0B1C 00000000 00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 601F4AB0 601F79BC 60215FB0 601B0B1C 00000000 00000000 00000000 00000000
%DIAL5-3-MSG:
%NP_BS-3-NO_KEEPALIVE: NextPort module 5/1/0 failed to respond to keepalive message
%DIAL5-3-MSG: Aug 20 14:33:25.824: %NP_MM-3-MODULE_CRASH: Module Crash detected 5/1/0: state = 8, cause code = 1
%FB-6-OIR: Card in slot 5 removed Aug 20 09:35:07.899 CDT: %DSIPPF-5-DS_KEEPALIVE_LOSS: DSIP Keepalive Loss from shelf 0 slot 5
%OIR-6-REMCARD: Card removed from slot 5, interfaces disabled %ALIGN-3-SPURIOUS: Spurious memory access made at 0x6083A9CC reading 0x24
%ALIGN-3-TRACE: -Traceback= 6083A9CC 60848068 6084CCE0 60816F70 60819540 6081D674 602BCBD8 602C3BD8
%ALIGN-3-TRACE: -Traceback= 608151C0 608155A0 608473E4 6084807C 6084CCE0 60816F70 60819540 6081D674
%SYS-3-CPUHOG: Task ran for 2212 msec (8/7), process = Crash writer, PC = 601ED890.
-Traceback= 601ED898 60210564 60360AF4 6020CE7C 601186D4 601190A8 6011892C 60118C68 602150B0 601839C4 60183BCC 601D1604 601D15F0Conditions: This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(11)T9.
Workaround: Replace the faulty NextPort card in the router.
•
Symptoms: The CPU is busy with logging too many messages in the log and on the console for Transmission Control Block (TCB) buffer allocation failures.
Conditions: This symptom is observed in a test environment when running a script that does continuous Label Distribution Protocol (LDP) flaps.
Workaround: There is no workaround.
•
Symptoms: An IP Header Compression (IPHC)-enabled interface goes down after sending out a few compressed packets.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) if the packets that are sent out are User Datagram Protocol (UDP) packets with a UDP length of less than 12 and the top two bits of the first byte of the UDP payload are set to binary 01.
Workaround: There is no workaround.
•
Symptoms: Real-Time Protocol (RTP) packets may be corrupted after passing through an IP Header Compression (IPHC)-enabled link.
Conditions: This symptom is observed because packet corruption occurs if several RTP packets are passed through the link which are identical in all fields except for the RTP synchronization source (SSRC) field.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 with a Synchronous Transport Module 1 (STM1) card may reload if an online insertion and removal (OIR) is performed on the STM1 card.
Conditions: This symptom is observed on a Cisco AS5850 that has an STM1 card and is configured for Non-Facility Associated Signaling (NFAS).
Workaround: There is no workaround.
•
Symptoms: Under certain configurations, CPUHOG messages are observed on a super access control list (ACL) process when the MGX Route Processor Module (RPM-XF) card is initialized.
Conditions: This symptom is observed on an RPM-XF that has more than 1000 policy maps configured.
Workaround: There is no workaround.
•
Symptoms: A Compressed Real-Time Protocol (CRTP) decompressor gives the incorrect IP identification.
Conditions: This symptom is observed on an MGX Route Processor Module (RPM-XF) because a random IP identification is generated before compression occurs.
Workaround: There is no workaround.
•
Symptoms: The change in the time stamp field for compression and decompression of Real-Time Transport Protocol (RTP)/User Datagram Protocol (UDP) packet headers (cRTP/cUDP) is not compatible with other third party software.
Conditions: This symptom is observed with Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: Virtual private dial-up network (VPDN) authorizations fail to send a request for domain authorization to the RADIUS servers.
Conditions: This symptom is observed for PPP connections that begin on an EXEC connection with VPDN turned on for the user.
Workaround: Use PPP connections instead of EXEC connections.
•
Symptoms: The following error message appears on an MGX Route Processor Module (RPM-XF):
ERR: Error in traffic parameters (dcmp)Conditions: This symptom is observed when setting up a connection with a slave-end switch interface in the down state with a variable bit rate (VBR)-type connection and a default Maximum Burst Size (MBS). The error occurs because of MBS and random MBS (RMBS) problems.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS Release 12.3(3.9) when authorization is defined under the aaa dnis map dnis-number authorization network group server-group-name global configuration command, a Cisco router sends an access request for the user to the RADIUS with service outbound. The RADIUS refuses the authorization with an "authentication failure" message and the user is disconnected.
Conditions: This symptom is observed after an upgrade to Cisco IOS Release 12.3(3.9) when a specific authentication, authorization, and accounting (AAA) dialed number identification service (DNIS) for authorization is configured, as in the following example:
aaa dnis map enable aaa dnis map 999999 authorization network group my_groupWorkaround: Suppress the authorization under the aaa dnis map dnis-number authorization network group server-group-name global configuration command and use the main AAA authorization.
•
Symptoms: Corruption of packets may occur on a Cisco MXF Route Processor Module (RPM-XF).
Conditions: This symptom is observed when the RPM-XF is used to decompress IP Header Compression (IPHC) packets that contain IP options, and the configured maximum number of compression connections exceeds 256.
Workaround: Use the ip rtp compression-connections number interface configuration command to make the maximum compression connections less than or equal to 256.
•
Symptoms: High CPU utilization is observed on a Cisco router.
Conditions: This symptom is observed under any of the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptoms: High CPU utilization (97 percent interrupt usage out of 100 percent total usage) is observed on a provider edge (PE) router in a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN).
Conditions: This symptom is observed on an RPM-XF PE router when multiple virtual circuits (VCs) are configured. The label virtual circuit (LVC) between this PE and the remote PE is deleted because a Label Distribution Protocol (LDP) flap occurs on either this PE or the remote PE. The symptom can also be triggered if the MPLS subinterface is shut down on the local or remote PE. The local PE also has a memory leak in the MGX Route Processor Module (RPM-XF) class of service (CoS) bindings tree. Because of this leak, nodes (RPM-XF RP AVL nodes) are not removed from the tree when the VPN routing/forwarding (VRF) prefixes are removed. This results in extremely deep approved vendor list (AVL) trees.
Workaround: There is no workaround.
•
Symptoms: Virtual access interfaces stop processing input packets and are eventually reset on a Cisco MGX Route Processor Module (RPM-XF).
Conditions: This symptom occurs for packets that are punted to the Route Processor (RP) and are then fast switched. The interface stops processing input packets once the number of the packets received by the RP exceeds the input hold queue size.
Depending on the packet type, Parallel Express Forwarding (PXF) or process switching may occur instead of fast switching. In these cases, the symptom does not occur.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: It is not possible to configure the Easy Virtual Private Network (VPN) remote feature on a Cisco router.
Conditions: This symptom is observed on a Cisco 2691 router that is running the c2691-adventerprisek9-mz image of Cisco IOS software.
Workaround: Use the classic 2691 k9 image of Cisco IOS software.
•
Symptoms: A Cisco 7500 series may unexpectedly reload and display the following error message:
Unexpected exception, CPU signal 10, PC = 0x416BF418Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.3(3.7)T, and that has been configured with IP Header Compression (IPHC) on a distributed Multilink interface. The error occurs only if distributed Cisco Express Forwarding (CEF) is disabled by entering the no ip cef global configuration command or the no ip cef distributed global configuration command while the interface is operational.
Workaround: Be sure that the Multilink interface is disabled (shut down) before you disable CEF.
Wide-Area Networking
•
Symptoms: A Cisco router may reload when a Multilink interface is unconfigured.
Conditions: This symptom is observed on a Cisco 3640, Cisco 3660, or Cisco 3745 router that is running Cisco IOS Release 12.3(3.6)T.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(2)T1
Cisco IOS Release 12.3(2)T1 is a rebuild release for Cisco IOS Release 12.3(2)T. The caveats in this section are resolved in Cisco IOS Release 12.3(2)T1 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms Executing an snmpwalk command on loopback interfaces does not yield any results.
Conditions This symptom is observed on a Cisco 12000 series router.
Workaround Execute the snmpwalk command on the physical interfaces instead.
IP Routing Protocols
•
Symptoms: If IP version 6 (IPv6) multicast routing is enabled using the ipv6 multicast-routing router configuration command, memory corruption may occur. This may also cause the router to reload sometime in the future.
Conditions: This symptom is observed on a Cisco router that has IPv6 multicast-routing enabled.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The following tracebacks may occur when you boot up a router:
%SYS-3-CPUHOG: Task ran for 3100 msec (87338/197), process = TC-ATM Proc, PC = 40B2EAE8.
-Traceback= 40B2EAF0 40B30BA0Conditions: This symptom is observed on a Cisco MGX 8850 Route Processor Module (RPM-XF) during bootup. If this symptom is observed, the RPM-XF card may not respond for a while and the user is unable to "cc" to this card because the CPU hogs all cycles. When the card does not respond, the Label Distribution Protocol (LDP) Open Shortest Path First (OSPF) route may go down with CPUHOG errors and tracebacks logged.
Workaround: There is no workaround.
•
Symptoms: PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA) sessions that go down may cause a leak of full virtual-access interfaces. The symptom is not observed with configurations that use virtual-access subinterfaces.
Conditions: This symptom is observed with PPPoE or PPPoA sessions that clear because of the PPP protocol going down (because of a termination request [TERMREQ] from a peer router or a PPP keepalive failure). The leaked virtual-access interfaces are not reused for new sessions. This results in the creation of new virtual-access interfaces for new sessions.
Workaround: There is no workaround.
•
Symptoms: When a remote Label Switch Controller (LSC) is performing 1:N redundant switchovers, the local provider edge (PE) router may have some tailend label virtual circuits (LVCs) created for the remote PEs after a 1:N failover occurs.
Conditions: This symptom is observed on an MGX Route Processor Module (RPM-PR) that has a 1:N redundant card and has Label Switch Controller (LSC) hot redundancy configured, and 1:N redundant switchovers have been performed for a few times on a PE router.
Workaround: On the local PE router, use the clear ip route prefix EXEC command.
•
Symptoms: A ping from a Label Switch Controller (LSC) to an Edge Label Switch Router (ELSR) fails.
Conditions: This symptom is observed if the ELSR is configured not to create a label virtual circuit (LVC) toward the LSC and the shutdown followed by the no shutdown interface configuration commands are performed on the Multiprotocol Label Switching (MPLS) interface of the ELSR.
Workaround: Reload Parallel Express Forwarding (PXF) using the micro reload pxf command.
•
Symptoms: An STM-1 trunk card may not communicate properly with the Route Switch Controller (RSC) when path tracing for the 64/16-byte format (j1) is configured using the overhead j1 length {16 | 64} {receive- message | transmit-message} message SONET controller configuration command.
The following error message may be generated when the STM-1 trunk card boots up:
%FIB-3-FIBDISABLE: Fatal error, slot <number>: No window message, LC to RP IPC is non-operationalWhen you enter the execute-on slot slot- number privileged EXEC command, the command may fail to execute for the STM-1 trunk and the following error message may be generated:
%DSIP-6-NIP_SEND_BUF: DSIP send data failed, slot 2 nip client id 0
No response from remote hostConditions: These symptoms are observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(15)T or a later release.
Workaround: There is no workaround.
•
Symptoms: After a Cisco AS5850 router is reloaded, the first 911 call sends two KP tones to mark the beginning of the Automatic Number Identification (ANI) and the Digital Number Identification Service (DNIS) digits, instead of one KP tone.
Conditions: This symptom is observed after the Cisco AS5850 has been reloaded or after Media Gateway Control Protocol (MGCP) has been explicitly restarted by issuing the no mgcp router configuration command followed by the mgcp router configuration command. The symptom will not occur again until MGCP is restarted again.
Workaround: There is no workaround.
•
Symptoms: If a session is preauthenticated by use of a preauthorization configuration, virtual private dial-up networks (VPDNs) fail to authorize a tunnel via RADIUS.
Conditions: This symptom is observed for tunnel users who are preauthenticated using Calling Line ID (CLID) dialed number identification service (DNIS). Once they are authenticated, subsequent tunnel authorization fails when a request is sent to RADIUS.
Workaround: Authorize the tunnels locally or avoid preauthorization, if possible.
•
Symptoms: When a Cisco router tries to produce a RADIUS packet, the following error message is displayed:
%AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowedThe error message is followed by a traceback and is displayed even if the packet contains only a small number of attributes that are not large enough to overflow the temporary buffer used to construct the packet.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2.
Workaround: There is no workaround.
•
Symptoms: The quality of service (QoS) policing function does not work accurately and correctly for cRTP (Compressed Real Time Protocol) interfaces. The function does not police to the line rate.
Conditions: This symptom is observed on a Cisco Route Processor Module (RPM- XF) router when Committed Access Rate (CAR) or Absolute Priority Queue (APQ) is configured.
Workaround: There is no workaround.
•
Symptoms: A Reliability, Availability, and Serviceability (RAS) server does not allocate the IP addresses to the dial-in clients when the user profile on the Access Control Server (ACS) contains a pool name "addr-pool=foo." If this pool is not defined locally, the subsequent request to the ACS fails.
Conditions: This symptom is observed on a Cisco RAS server that is running Cisco IOS Release 12.3(2.1) when the authorization profile contains an IP pool name that is not configured locally.
Workaround: Configure the IP address pool locally.
•
Symptoms: 911 operator calls fail during operator callback.
Conditions: This symptom is observed on a Cisco AS5850 voice gateway with Media Gateway Control Protocol (MGCP) Feature Group-D Operator Services (FGD-OS) calls.
Workaround: There is no workaround.
•
Symptoms: The ifTable on the Route Processor Module (RPM-PR) contains the following entries for the Switch1 interface that do not appear in the ifTable on the RPM-XF:
–
–
Conditions: This symptom is observed in Cisco IOS Release 12.2(15)T4a when a query is made on the ifTable of the RPM-PR and RPM-XF.
Workaround: There is no workaround.
•
Symptoms: On an MGX Route Processor Module (RPM-XF), the maximum values that are configured with the ingress-percentage-bandwidth and egress-percentage-bandwidth interface configuration commands are changed.
Conditions: This symptom is observed on an RPM-XF that is configured for Multiprotocol Label Switching (MPLS) partitions. Private Network-to-Network Interface (PNNI) partitions are not affected.
Workaround: Manually enter the desired values using Simple Network Management Protocol (SNMP) or use the command-line interface (CLI).
•
Symptoms: If the incorrect source and destination buffer addresses are output to cobalt and a Frame Trace Card (FTC) trace is running, an MGX Route Processor Module (RPM-XF) may reload.
Conditions: This symptom is observed on a Cisco RPM-XF. The FTC trace reads the data located at the source address. If the source address is incorrect, a bus error may cause the RPM-XF to reload.
Workaround: There is no workaround.
•
Symptoms: Routing protocols may flap and congest interfaces enabled with IP Header Compression (IPHC).
Conditions: This symptom is observed in a test environment on link enabled with Compressed Real-Time Protocol (CRTP) when User Datagram Protocol (UDP) traffic is sent to congest the queue, and the Open Shortest Path First (OSPF) protocol is running. This symptom may also be observed in the case of weighted random early detection (WRED) drops as well.
Workaround: There is no workaround.
•
Symptoms: If the Cisco Health Monitor (HM) reloads the active or standby Route Switch Controller (RSC) card, the HM may not supply sufficient information to the console to determine why the reload occurs.
Conditions: This symptom is observed on a Cisco AS5850 and particularly affects the classic-split, handover-split, and RPR redundancy modes. This symptom is particularly observed when a continual reloading of the standby RSC cannot be easily diagnosed without the fix for this caveat.
Workaround: There is no workaround.
•
Symptoms: The MAC rewrite index for VPN routing and forwarding (VRF) prefixes keeps changing in Parallel Express Forwarding (PXF).
Conditions: This symptom is observed if dual Label Switch Controllers (LSCs) are configured on a Cisco Edge Label Switch Router (ELSR) and two internal Border Gateway Protocol (iBGP) paths exist for the VRF prefixes. In addition, at least one multilink interface should be in the up state.
Workaround: There is no workaround.
•
Symptoms: A device is unable to authenticate itself to the PPP peer using local authentication if the interface is not configured with authentication parameters (username and password).
Conditions: This symptom is observed if the peer requests that the device authenticate itself and the corresponding protocol configuration is not present on the interface (for example, ppp pap sent-username or ppp chap password). The session is not established.
Workaround: Enable ppp pap sent-username or ppp chap password on the interface.
Alternate Workaround: Use T+ for mutual bidirectional authentication.
•
Symptoms: A Cisco AS5850 router with a channelized T3 port adapter (CT3) controller shows the incorrect D channel interface name.
Conditions: This symptom is observed on a Cisco AS5850 router that is configured with a CT3 controller and that is running Cisco IOS Release 12.3(2)T or Release 12.3(3).
Workaround: There is no workaround.
•
Symptoms: When VLAN encapsulation is configured on the egress interfaces, no traffic can be sent over the egress interfaces.
Conditions: This symptom is observed on all Cisco platforms that have VLAN encapsulation configured.
Workaround: There is no workaround.
•
Symptoms: A standby Enhanced Route Switch Controller (ERSC) reloads when a multichannel STM-1 port adapter car is configured.
Conditions: This symptom is observed on a Cisco ERSC when the extsig mgcp controller configuration command is entered.
Workaround: Save the configuration and reload the router.
•
Symptoms: The Compressed Real-Time Protocol (CRTP) stream is not decompressed correctly and the full packet header is punted to the Route Processor (RP). Packets are dropped because of an IP version mismatch.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module (RPM-XF) when it sends RTP traffic with a continuity check (cc) bit or an M bit set from a customer edge (CE) router across the RPM-XF to a remote CE. There is a T1 semi-permanent virtual circuit (SPVC) between the CE and the RPM-XF, and the CRTP feature is enabled on the RPM-XF.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur when a semi- permanent virtual circuit (SPVC) enabled with VPN routing and forwarding (VRF) is converted to a Multilink PPP (MLP) link.
Conditions: This symptom is observed on a Cisco MGX Route Processor Module that is configured with VRF.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XR) reloads when the show pxf cpu mroute vrf privileged EXEC command is issued.
Conditions: The symptom is observed if the mroutes are cleared (by way of a Cisco IOS command-line interface [CLI] command or automatically by way of a timeout) before the show command completes execution.
Workaround: There is no workaround; however, even though there is no workaround to eliminate the symptom, the risk may be minimized by issuing the terminal length 0 CLI command before the show command in question is used. This will disable the automore feature, which will decrease the time spent executing the show command.
•
Symptoms: The front card of a Cisco MGX Route Processor Module (RPM-XF) remains in the init state because of interrupt errors from a 2-port Gigabit Ethernet (GE) back card.
Conditions: This symptom is observed on a Cisco RPM-XF during an upgrade of Cisco IOS software to the rpmxf-p12-js.030731 image.
Workaround: There is no workaround.
•
Symptoms: Approximately 30 to 90 seconds after a switchover, a newly active Enhanced Route Switch Controller (ERSC) experiences memory exhaustion and reloads itself or the peer ERSC reloads. Once the reload is underway, the symptom goes away and the system behaves correctly. The reloaded ERSC also boots without any problems.
Typically, messages similar to those below appear on the console of the newly active ERSC immediately before it reloads:
%HA_CLIENT-3-NO_CF_BUFFER: The RM HA client failed to get a buffer (len=32) from CF (rc=7); checkpointing failed -Traceback= 20B34BC8 20B35EFC 20B3638C 20B369FC 20B36D00 20B36E04 20221414 202213F8
%HA_CLIENT-3-NO_CF_BUFFER: The TTY HA client failed to get a buffer (len=84) from CF (rc=7); checkpointing failed -Traceback= 21291730 21291860 212919A4 2016BC80 20187800
%SYS-2-MALLOCFAIL: Memory allocation of 4276 bytes failed from 0x201C9FF4, alignment 32 Pool: I/O Free: 4008 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate poolConditions: This symptom is observed on a Cisco AS5850 access server that is running Cisco IOS Release 12.3(2)T. The symptom occurs when the system is running in Route Processor Redundancy plus (RPR+) mode, resource pooling is enabled, and a customer profile is configured on the ERSC.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: The output of the show interfaces type number privileged EXEC command continues to display the negotiated IP address even when the call is dropped and the IP address is reclaimed in the peer pool. There is not a problem with the call or subsequent calls on the link, but the output of the show interfaces command should indicate that the IP address will be negotiated instead of displaying the negotiated IP address assigned by the peer during the prior call.
Conditions: This symptom is observed when the peer is configured to dial in to the network access server (NAS) and to obtain an IP address through IP Control Protocol (IPCP) negotiations with the NAS. The NAS is configured with pools of IP addresses to be allocated to the peer when the peers generate a PPP call to the NAS. The NAS is also configured to authenticate the peer through RADIUS.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(2)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(2)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.3(2)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco router may reload at the bulk_kill_file function.
Conditions: This symptom is observed on all Cisco routers that are running Cisco IOS Release 12.3(1.3)T and that have the Simple Network Management Protocol (SNMP) bulk transfer feature enabled.
Workaround: There is no workaround.
•
Symptoms: All Simple Network Management Protocol (SNMP) set operations may fail on a Cisco AS5400 with the error message "NO_ACCESS_ERROR."
Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.3(1.3)T. The symptom is not observed on a Cisco AS5300 that is running the same release of Cisco IOS software.
Workaround: Use SNMP version 1 (SNMPv1) to perform the SNMP set operations.
IP Routing Protocols
•
Symptoms: A Cisco 10720 Internet router may reload and report a bus error exception (SIG=10) in the crashinfo file.
Conditions: This symptom is observed on a Cisco 10720 that is configured for Open Shortest Path First (OSPF) Incremental Shortest Path First (ISPF).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may show a memory leak due to an Enhanced Interior Gateway Routing Protocol (EIGRP) process. If the router is redistributing EIGRP into other protocols, the leak may be observed in the redistributed protocol as well.
Conditions: This symptom is observed on a Cisco router that is running EIGRP.
Workaround: There is no workaround.
•
Symptoms: A Network Address Translation (NAT) configuration causes a Cisco router to reload because of H.225 messages.
Conditions: This symptom is observed on a Cisco router that has the generic transparency descriptor (GTD) enabled by default. The caveat CSCdw86807 committed a GTD feature that has increased the setup TPKT length over the default maximum segment size (MSS) of 536 bytes. This results in TPKT fragmentation, which is not supported by NAT.
Workaround: Because the GTD feature is enabled by default, disable the GTD feature using the no isdn gtd D channel interface configuration command. This removes the TPKT extra length to work with the current NAT restriction of not providing support for application fragmented packets and the default MSS.
•
Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.
Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.
Conditions: This symptom may occur under any of the following six conditions when BGP is converging:
1. When non-peer-group peer sessions flap or when the clear ip bgp address privileged EXEC command is entered several times for a non-peer-group peer.
2. When the clear ip bgp * soft out privileged EXEC command is entered repeatedly in rapid succession.
3. When peers are moved in or out of peer groups.
4. When routers that are configured with unicast assured forwarding (AF) and AF only are reloaded.
5. When all members of a peer group are cleared by performing either a hard reset or a soft reset. In this situation, only the peer group is affected.
6. When some routes are advertised to or withdrawn from the router while the router is converging, some peers in a peer group may not receive all the updates.
Workaround: There is no workaround for conditions 1 through 5.
To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.
•
Symptoms: A Cisco router may continually pause and then reload.
Conditions: This symptom is observed if the Open Shortest Path First (OSPF) algorithm is configured on the router.
Workaround: Configure the router with the no router ospf router configuration command.
•
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at '^' marker.
exit-address-family
^ % Invalid input detected at '^' marker.
exit-address-family
^ % Invalid input detected at '^' marker.The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom is not observed in Cisco IOS Release 12.3.
Workaround: Reenter the configuration that was present before the router reloaded.
Miscellaneous
•
Symptoms: Some digital signal processors (DSPs) may periodically display the following message on the console and pause indefinitely:
%VTSP-3-DSP_TIMEOUT: DSP timeout on event 6: DSP ID=0x1: DSP error stats, chnl info(4, 7, 0)Conditions: This symptom is observed on a digital Foreign Exchange Office Loop Start (FXOLS) to analog Foreign Exchange Station Loop Start (FXSLS) connection trunk network that has the FXOLS voice ports configured on a Cisco 7200 router that has a 2-port T1, E1 enhanced digital voice plus port adapter (PA-VXB-2TE1+) or a 2-port T1, E1, high capacity, enhanced digital voice port plus adapter (PA-VXC-2TE1+). The analog FXSLS voice ports are provided by a voice network module that has voice interface card (VIC) slots (NM-1V or NM-2V) on a Cisco 2600 or Cisco 3600 router.
This symptom is triggered when compressed Real-Time Transport Protocol (cRTP) is configured on a WAN link that exists between the two voice gateways, when a connection trunk is configured for voice services, and when fast switching is enabled on the interface that has cRTP configured.
Workaround: Stop using cRTP or disable fast-switching on the WAN interface by entering the no ip route-cache interface configuration command. This symptom does not occur if process-switched cRTP is used.
The fix for this caveat is applied via the ip rtp coalesce global configuration command in Cisco IOS images. Fast switching can remain enabled on the cRTP interfaces. The new ip rtp coalesce global configuration command will not increase the CPU load appreciably above normal fast switching cRTP levels.
•
Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.
Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Packets are punted up to the process level despite the fact that fast switching is enabled in both the global table and the VPN routing/forwarding (VRF) table of a Cisco router.
Conditions: This symptom is observed when a Multicast Virtual Private Network (MVPN) is configured with fast switching on the egress provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: The show ip cef vrf vpn exact-route [source-addr] [destn-addr] EXEC command is not supported under Parallel Express Forwarding (PXF).
Conditions: This symptom is observed on a Cisco router when the multipath feature has been enabled using Cisco Express Forwarding (CEF).
Workaround: There is no workaround.
•
Symptoms: A Cisco 1710 router may sometimes pause during bootup when the Fast Ethernet interface is up.
Conditions: This symptom is observed only in rare situations.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B.
Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers.
Workaround: There is no workaround.
•
GRE implementation of Cisco IOS is compliant with RFC2784 and RFC2890 and backward compatible with RFC1701.
As an RFC compliancy this DDTS adds the check for bits 4-5 (0 being the most significant) of GRE header.
This issue does not cause any problem for router operation.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: The quality of service (QoS) policing function does not work accurately and correctly for ATM, serial, and Multilink PPP (MLP) link fragmentation and interleaving (LFI) interfaces. The function does not police to the line rate.
Conditions: This symptom is observed on a Cisco Route Processor Module (RPM-XF) router when Committed Access Rate (CAR) or Absolute Priority Queue (APQ) is configured.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: A traceback message may be observed when the shutdown atm interface configuration command is used.
Conditions: This symptom is observed on a Cisco Route Switch Processor (RSP) that is running Cisco IOS Release 12.3(16.05)PI1a.
Workaround: There is no workaround.
•
Symptoms: A Cisco router reloads on the serial interface when the frame-relay class name interface configuration command is used.
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: The "next_hop ip addr" field is always 0.0.0.0 in the output of Parallel Express Forwarding (PXF) specific commands, whereas meaningful values are displayed in the output of the show pxf cpu cef vrf vpn ip-addr EXEC command.
Conditions: This symptom is observed in the output of the show pxf cpu cef [ip-addr] and show pxf cpu cef vrf [vpn] [ip-addr] EXEC commands that display next_hop information.
Workaround: There is no workaround.
•
Symptoms: The input queue of an Engine 1 (E1) WAN interface of a Cisco router may become filled and wedge the interface. After the input wedge, the router does not receive any traffic on the WAN link until the router is rebooted. Data with a frame size of 128 bytes that is sent at a very high rate of 5 Mbps in both upstream and downstream directions results in the E1 input queue wedge.
Conditions: This symptom is observed on a Cisco 831 router that is running Cisco IOS Release 12.2(8)YN, Release 12.2(11)YV, or Release 12.2(11)ZG and that is configured with IP security (IPSec) and a generic routing encapsulation (GRE) tunnel configuration.
Workaround: There is no workaround. The router must be rebooted in order to pass traffic again.
•
Symptoms: When the Xconnect Layer 2 Tunneling Protocol version 3 (L2TPv3) Path MTU Discovery (PMTUD) feature is used, the wrong Path MTU (PMTU) is advertised.
Conditions: This symptom is observed on a Cisco router that acts as a customer edge (CE) router and that is enabled with the Xconnect L2TPv3 PMTUD feature.
Workaround: There is no workaround.
•
Symptoms: A Label Distribution Protocol (LDP) interface flaps because of traffic congestion and affects the data throughput on a Cisco Route Processor Module-PRemium (RPM-PR) that acts as an Edge Label Switch Router (ELSR). This behavior results in many input errors, cyclic redundancy check (CRC) errors, and output drops being observed on ELSR interface 1.
Conditions: These symptoms are observed on a Cisco RPM-PR when it acts as an ELSR in a large-scale cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network that has 400 label virtual circuits (LVCs) per Label Switch Controller (LSC) and a dual LSC configuration. Traffic causes congestion on all 200 plus egress permanent virtual circuits (PVCs) on the ELSR. The RPM-PR is in a state of severe traffic congestion.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) may reload when a permanent virtual circuit (PVC) is removed from any switch subinterface using the no pvc switch subinterface configuration command.
Conditions: This symptom is observed only if the ip pim command is also configured under the same switch subinterface configuration when the PVC is removed.
Workaround: Unconfigure ip pim by using the no ip pim command before removing the PVC from the switch subinterface.
•
Symptoms: The IP input process may have abnormally high CPU utilization and eventually causes calls to be rejected.
Conditions: This symptom is observed when the loopback command-line interface (CLI) h323-gateway voip bind src addr command is used with the Cisco gatekeeper.
Workaround: There is no workaround.
•
Symptoms: When multicast IP version 6 (IPv6) Cisco Express Forwarding (CEF) is enabled, packets (greater than or equal to 232 bytes) that are forwarded may be corrupted.
Conditions: This symptom is observed on all Cisco platforms during normal multicast CEF software forwarding.
Workaround: Use process space forwarding.
•
Symptoms: A memory leak may occur with only one Enhanced Route Switch Controller (ERSC) in Route Processor Redundancy Plus (RPR+) mode under heavy load conditions.
Conditions: This symptom is observed with ISDN calls on an active ERSC in RPR+ mode.
Workaround: There is no workaround.
•
Symptoms: The line console configuration of configuring stopbits is not saved and retrieved correctly when the router is reloaded.
Conditions: This symptom is observed on all Cisco 820 series, Cisco 830 series, and Cisco SOHO series routers.
Workaround: There is no workaround.
•
Symptoms: There may be a leak in the authentication, authorization, and accounting (AAA) debug process.
Conditions: This symptom is observed when conditional debugging is enabled with virtual profiles.
Workaround: There is no workaround.
•
Symptoms: The subvirtual-access interface is not shown in the output of the show vpdn EXEC command. The format of the show vpdn output is also changed.
Conditions: This symptom is observed on an L2TP network server (LNS) when the length of the username is not between 20 and 40 characters.
Workaround: There is no workaround. Make sure the length of the username is between 20 and 40 characters.
•
Symptoms: In a test environment, an active Enhanced Route Switch Controller (ERSC) reloaded after 30 minutes. No error message was displayed.
Conditions: This symptom was observed on an ERSC with 3220 virtual profile digital calls, 11 packets per second (pps) of upstream traffic, and 44 pps of downstream traffic.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: The same local label is allocated to two different prefixes. The prefixes may be learned by two different routing protocols. A Cisco Express Forwarding (CEF) entry for these two prefixes will show the same local label. Local labels in the Border Gateway Protocol (BGP) or Label Distribution Protocol (LDP) database will show the same label for the prefix depending on how the route was learned. Multiprotocol Label Switching (MPLS) forwarding entries will have only one entry matching the last prefix that used this local label. There will not be any entry for the other prefix in the MPLS forwarding table. This results in a possible connectivity failure to that prefix.
Conditions: This symptom is observed in Cisco IOS releases that have a fix for CSCdx74321. Any version of Cisco IOS software that does not include the fix for CSCdx74321 will not have this symptom.
The symptom occurs in routers that have both BGP IP v4 labels and LDP configured in the default routing table. When a particular route is learned by BGP IPv4 labels and via Interior Gateway Protocol (IGP) (for example, Open Shortest Path First [OSPF] or Intermediate System-to-Intermediate System [ISIS]), and the BGP route gets installed in the Routing Information Base (RIB) replacing the IGP route because of any routing change, this symptom may be triggered.
Workaround: Reallocate the local label for the first prefix that does not have an MPLS forwarding entry. If that prefix is BGP learned, use the clear ip bgp EXEC command to fix the symptom. If that prefix is IGP learned and LDP owns the local label, clearing the symptom is more difficult. The no mpls ip global configuration command followed by the mpls ip global configuration command may be issued on the router to restart LDP, which reallocates the local label. If the route can be removed from IGP and then relearned, LDP will reallocate the local label and fix this symptom.
•
Symptoms: When two or more phone calls (Foreign Exchange Office [FXO] or BRI) are set as "hold" and "hold" or "resume" is repeated by one of the calls, an input queue wedge may occur.
Conditions: This symptom is observed on a Cisco voice gateway that is running Cisco IOS Release 12.2(15)T1 and that has multicast for Music on Hold (MOH) configured.
Workaround: Enable Protocol Independent Multicast (PIM) on the voice gateway.
Alternate Workaround: Use unicast MOH.
Second Alternate Workaround: Reboot the router. The clear interface EXEC command and the shutdown followed by the no shutdown interface configuration commands do not clear the input queue wedge.
•
Symptoms: Only 140 PRI interfaces may be configured on a Cisco Enhanced Route Switch Controller (ERSC).
Conditions: This symptom is observed on a Cisco ERSC.
Workaround: There is no workaround.
•
Symptoms: The line protocol on a customer edge (CE) router does not come back after Layer 2 tunneling via a pseudowire over IP (Xconnect) is configured on both provider edge (PE) routers. The deletion and readdition of Xconnect will bring the line protocol back up; however, there is no end-to-end connectivity.
Conditions: This symptom is observed on a Cisco router that is configured with Layer 2 Tunneling Protocol version 3 (L2TPv3) over PPP.
Workaround: There is no workaround.
•
Symptoms: When a Gigabit Ethernet (GE) back card is not properly inserted, the dspcds command shows the card as "ACTIVE" and allows addred commands while the GE is in an uninitialized state. The following error messages and tracebacks may be displayed:
%GE-3-INTERNAL: GE internal error, HW init failed. Backcard may need to be reseated -Traceback= 401CA3A8 401CA604 401CCA1C 40407350 403C4AFC 402EDAB4 402EDC9C 403A1 1D0 403A11BC
%GE-3-INITFAIL: GE initialization failed, GigabitEthernet1 /0
`-Traceback= 401CA474 401CA604 401CCA1C 40407350 403C4AFC 402EDAB4 402EDC9C 403A1 1D0 403A11BCConditions: This symptom is observed on a Cisco GE back card.
Workaround: There is no workaround. The GE back card must be reseated, replaced, or removed.
•
Symptoms: Buffer leaks occur when Multiprotocol Label Switching (MPLS) traffic is passed. This causes complete buffer depletion and eventually all traffic is dropped. There is no online tool available that provides information on the cause of the buffer leak.
Conditions: This symptom is observed on the toaster Cobalt. Many types of packets are passed, and it is necessary to determine the exact type of packet that causes the leak.
Workaround: Use the command-line interface (CLI) show pxf cpu buffers-leaked command to determine the exact type of packets that cause the leak. Use of this command impacts traffic because traffic is stopped to gather data; traffic restarts once the data has been gathered.
•
Symptoms: When the integrated Signaling Link Terminal (SLT) functionality is running on a Cisco AS5350 or Cisco AS5400, the Signaling System 7 (SS7) links will not come into service. Using an SS7 analyzer indicates that Link Status Signal Units (LSSUs) are not being transmitted from the Cisco AS5350 or Cisco AS5400 to the SS7 network.
Conditions: This symptom is observed when an 8-port (8PRI) board that contains the D4 version of the MPC860 processor is used. The version of the MPC860 may be verified by using the show chassis slot detail EXEC command. If the board hardware version is 4.0 or greater, this symptom will occur.
Workaround: Use an 8PRI board with a board hardware version less than 4.0.
•
Symptoms: The following error message may be displayed on an MGX Route Processor Module (RPM-XF) when IP Header Compression (IPHC) is configured on a multilink interface:
An error occurred during the configuration attemptConditions: This symptom is observed only when multilink interfaces that are not already active are being configured.
Workaround: There is no workaround. The error message may be ignored. It is incorrect, and the IPHC configuration is actually applied.
•
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.
•
Symptoms: A Cisco gateway may reload when Tool Command Language (TCL) applications are repeatedly configured and unconfigured.
Conditions: This symptom is observed on a Cisco gateway.
Workaround: There is no workaround.
•
Symptoms: When crypto is configured on a Cisco router, the input queue is not cleared. A ping does not go through after 70 packets.
Conditions: This symptom is observed on a Cisco 837 router that is running Cisco IOS Release 12.3(1.3)T and that is configured with PPP over ATM (PPPoATM) encapsulation. The symptom is not observed with PPP over Ethernet (PPPoE), mux IP, or Subnetwork Access Protocol (SNAP) encapsulations.
Workaround: There is no workaround.
•
Symptoms: When IP Header Compression (IPHC) is configured on a Cisco router that has a High-Speed Serial Interface (HSSI), PPP WAN encapsulation, and distributed Cisco Express Forwarding (dCEF), the following error message may be observed in the error log:
%FS_IPHC-3-SEQ_ERROR: Received out of sequence IPC messageConditions: This symptom is observed on a Cisco 7500 series that has an HSSI interface and that has IPHC configured.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Layer Two Tunneling Protocol (L2TP) network server (LNS) reloads when the L2TP tunnels are cleared from the L2TP access concentrator (LAC) if there are any dial-out sessions not yet established.
Conditions: This symptom is observed on a Cisco LNS that is running Cisco IOS Release 12.3 T.
Workaround: Verify that all dial-out sessions of an L2TP tunnel are established before clearing the tunnels.
•
Symptoms: A unit under test (UUT) router may reload after the l2tp security crypto-profile l2tp router configuration command is entered.
Conditions: The symptom may be observed on a Cisco 7100 series and a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: A virtual private dialup network (VPDN) modem call is set up successfully, but the traffic for the call is punted to the Route Switch Controller (RSC). It is expected that the traffic will be switched with distributed Cisco Express Forwarding (dCEF), but in this case the traffic is fast-switched.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
