Table Of Contents
Caveats for Cisco IOS Release 12.4
Resolved Caveats—Cisco IOS Release 12.4(25b)
Resolved Caveats—Cisco IOS Release 12.4(25a)
Open Caveats—Cisco IOS Release 12.4(25)
Resolved Caveats—Cisco IOS Release 12.4(25)
Resolved Caveats—Cisco IOS Release 12.4(23b)
Resolved Caveats—Cisco IOS Release 12.4(23a)
Resolved Caveats—Cisco IOS Release 12.4(23)
Resolved Caveats—Cisco IOS Release 12.4(21a)
Resolved Caveats—Cisco IOS Release 12.4(21)
Resolved Caveats—Cisco IOS Release 12.4(19b)
Resolved Caveats—Cisco IOS Release 12.4(19a)
Resolved Caveats—Cisco IOS Release 12.4(19)
Resolved Caveats—Cisco IOS Release 12.4(18e)
Resolved Caveats—Cisco IOS Release 12.4(18c)
Resolved Caveats—Cisco IOS Release 12.4(18b)
Resolved Caveats—Cisco IOS Release 12.4(18a)
Resolved Caveats—Cisco IOS Release 12.4(18)
Resolved Caveats—Cisco IOS Release 12.4(17b)
Resolved Caveats—Cisco IOS Release 12.4(17a)
Resolved Caveats—Cisco IOS Release 12.4(17)
Resolved Caveats—Cisco IOS Release 12.4(16b)
Resolved Caveats—Cisco IOS Release 12.4(16a)
Resolved Caveats—Cisco IOS Release 12.4(16)
Resolved Caveats—Cisco IOS Release 12.4(13f)
Resolved Caveats—Cisco IOS Release 12.4(13e)
Resolved Caveats—Cisco IOS Release 12.4(13d)
Resolved Caveats—Cisco IOS Release 12.4(13c)
Resolved Caveats—Cisco IOS Release 12.4(13b)
Resolved Caveats—Cisco IOS Release 12.4(13a)
Resolved Caveats—Cisco IOS Release 12.4(13)
Caveats for Cisco IOS Release 12.4
September 23, 2009
Cisco IOS Release 12.4(25b)
Text Part Number OL-7656-15 Rev. E0
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.4, up to and including Cisco IOS Release 12.4(25b). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact caveats-doc@cisco.com. For more information, see the "Obtaining Documentation and Submitting a Service Request" section on page 946.
Contents
•
Resolved Caveats—Cisco IOS Release 12.4(25b)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•
•
Within the sections, the caveats are sorted by technology in alphabetical order. For example, Interfaces and Bridging caveats are listed separately from, and before, IP Routing Protocols caveats. The caveats are also sorted alphanumerically by caveat number.
The following information is provided for each caveat:
•
•
•
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation and Submitting a Service Request" section on page 946.
For more information on caveats and features in Cisco IOS Release 12.4, refer to the following sources:
•
(If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
•
•
•
Note
The most recent release notes when this caveats document was published were Release Notes for
Cisco IOS Release 12.4, for Cisco IOS Release 12.4(25), on April 24, 2009.Resolved Caveats—Cisco IOS Release 12.4(25b)
Cisco IOS Release 12.4(25b) is a rebuild release for Cisco IOS Release 12.4(25). The caveats in this section are resolved in Cisco IOS Release 12.4(25b) but may be open in previous Cisco IOS releases.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when the show ip bgp neighbors x.x.x.x paths ^([^7][^0][^1][^8]|.|..|...|.....)+_7018_ command is issued.
Workaround: There is no workaround.
•
Symptoms: Abnormal ISAKMP traffic causes an alignment error and traceback on the device.
Conditions: This symptom is observed when a malformed IKE packet is sent to the router that is running an affected version of Cisco IOS software. The router functionality is not affected by this and continues to function normally.
The following is an example of an alignment traceback:
%ALIGN-3-TRACE: -Traceback= 0x437E53B0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
Workaround: There is no workaround.
•
Symptoms: Console port can lock up after 10-15 minutes. Telnet sessions fail.
Conditions: Occurs when terminal server is connected to router's console port.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured for NAT VPN routing/forwarding (VRF), ip nat inside source commands might get corrupted at bootup time in the running config even though they are perfectly fine in the startup config. The corruption can be observed in the following form (but not only):
ip nat inside source list [ACL] pool [pool-name] vrf [vrf-name] match-in-vrf overload vrf [vrf-name]
The "vrf [vrf-name]" after overload should not be there.
Conditions: This symptom was observed on a Cisco 3845 running Cisco IOS Release 12.4(18.3)T and configured with NAT VRF, but it can be observed on other platforms and Cisco IOS versions.
Workaround: Remove and re-configure the affected VRFs. The problem might re-appear after bootup.
•
Symptoms: The following error is received:
%Error parsing filename (No such device)
Conditions: This symptom is observed when the copy run disk0:test command is executed.
Workaround: Use a "/" as in copy run disk0:/test.
•
Symptoms: One-way audio is observed after use of TCL [connection create] command.
Conditions: Occurs with TCL application playing media in incoming_leg and leg setup without bridging incoming leg [leg setup $dnis callInfo].
Workaround: There is no workaround.
•
Symptoms: A router crashes with the following error:
%SYS-6-STACKLOW: Stack for process NHRP running low, 0/6000
Conditions: The symptom is seen on routers that are running Dynamic Multipoint VPN (DMVPN) when a routing loop occurs while an NHRP resolution request is received by the router. If the routing loop leads to a tunnel recursion (where the route to the tunnel endpoint address points out of the tunnel itself) the crash may be seen.
Workaround: Use PBR for locally-generated traffic to force the GRE packet out of the physical interface, which prevents the lookup that can lead to the recursion. For example (note: the interfaces and IPs will need to be changed to the appropriate values):
interface Tunnel97
...
tunnel source POS6/0
...interface POS6/0
ip address 10.2.0.1 255.255.255.252ip local policy route-map Force-GRE
ip access-list extended Force-GRE
permit gre host 10.2.0.1 anyroute-map Force-GRE permit 10
match ip address Force-GRE
set interface POS6/0•
Symptoms: A Cisco router that is running NAT may corrupt the IP header checksum for some RTSP packets.
Conditions: This symptom is observed when the RTSP connection goes through NAT, "OPTION" or "DESCRIBE" messages are sent, and the NAT translation used has a differing number of characters for the private and public IP addresses of the server.
Workaround:
1) Configure the no-payload command for the NAT translation. This will stop the corruption, but will also cause all deep packet NATing to stop, which can cause other issues.
2) Use a port other than 554 for the RTSP steam. This will stop the corruption, but will also stop the router from NATing the embedded IP addresses in the RTSP packets. Depending on the specific implementation of RTSP, this may or may not stop the stream from working.
3) Change your NAT translation such that the private and public IP addresses have the same number of characters. For instance 192.168.0.1 has 11 characters, and 172.16.100.200 has 14 characters.
•
Symptoms: Reverse Route Injection (RRI) is not working as expected with VPN routing/forwarding (VRF) aware IPSec. Routes are created but may not be removed, leaving them stranded in the routing tables.
Conditions: This symptom occurs on routers that are running Cisco IOS Release 12.4 Mainline.
Workaround: There is no workaround.
•
Symptoms: A Cisco ASR 1000 may crash with certain malformed IKE packets.
Conditions: This symptom is observed on a Cisco ASR 1000 that is configured for IPSec VPN with digital certificates.
Workaround: There is no workaround.
•
Symptoms: The ip nat inside source ... match-in-vrf command is not working without the overload option.
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(15)T8 or another affected release.
Workaround: There is no workaround.
•
Symptoms: When an ATM interface on a WIC1-ADSL comes back up after a flap, under some undefined circumstances, it may be observed that none of the configured PVCs forward traffic.
Conditions: Specific conditions are still under investigation.
Workaround: Perform a shut/no shut on the interface or power-cycle the router.
•
Symptoms: A router reloads with a bus error and no tracebacks.
Conditions: Unknown at this time.
Workaround: There is no workaround.
•
Symptoms: Packet drops are seen in the network when a Cisco IOS application sends full-length segments along with TCP options.
Conditions: This issue is seen only in topologies where a Cisco IOS device is communicating with a non-IOS peer or with a Cisco IOS device on which this defect has been fixed.
Workaround: Reset the ip mtu command to a lower value. Any value lower than the advertised MSS from the peer should always work.
•
Symptoms: Watchdog reset seen with combination of NPEG1+PA-POS-1OC3/PA-POS-2OC3.
Conditions: The symptom is observed on a Cisco 7200 series router and Cisco 7301 router with an NPEG1 processor.
Workaround: Change the MDL of operation to PULL using the dma enable pull model command.
•
Symptoms: Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers.
The Cisco Security Response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Conditions: See the "Additional Information" section in the posted response for further details.
Workarounds: See the "Workaround" section in the posted response for further details.
•
Symptoms: An outgoing call from an IP phone to PSTN through ISDN PRI fails on a channel due to a DSP allocation failure (not enough DSPs to support the call). Subsequent calls through that same channel continue to fail with "resource unavailable" cause value equal to 47 even after DSP resources have been made available to handle the call.
Conditions: The symptom occurs on a router running Cisco IOS Release 12.4(15)T8 or higher. The call must first fail with a legitimate DSP allocation error. Any call made through the same channel as the failed call will also fail.
DSP allocation failures on gateway can be checked through the use of the exec command show voice dsp group all. The last line of the show command output includes a counter for "DSP resource allocation failure."
This issue can be seen also in some cases upon bootup. When a gateway is reloaded, system resources will come up with slightly different timing. If, for example, a PRI interface comes up before the DSP resources have fully initialized, there may be a similar failure.
Workaround:
1. Reload the router to clear the channel. If a reload cannot be done, busy out the channel with the failed calls using the isdn busy b_channel command under the serial interface.
2. If this issue is due to oversubscription of the DSP resources, change the configuration to meet the DSP resources available on the gateway. Further information can be found with the CCO "DSP Calculator" at http://www.cisco.com/pcgi-bin/Support/DSP/cisco_prodsel.pl.
3. If the issue is related to timing issues upon reload, shutdown the voice-port in question before reloading the gateway. When the gateway comes back up, take the voice-port out of shutdown.
•
Symptoms: High CPU usage is observed on a Cisco 2821 router. An increase of almost 10 percent in CPU utilization is observed with every voice call.
Conditions: This symptom is observed when an AIM compression card is present on the motherboard (specifically AIM-COMPR2-V2).
Workaround: Remove the AIM compression card from the motherboard.
•
Symptoms: Calls on an MGCP gateway negotiating the g729br8 codec may fail to have audio in one or both directions.
Conditions: This occurs on MGCP gateways with the fix for CSCsu66759 when the g729br8 codec is being negotiated.
Workaround: Any of the following will be sufficient to get around this issue:
1. Configure the gateway for static payload type using the following commands on the gateway:
mgcp behavior g729-variants static-pt
mgcp behavior dynamically-change-codec-pt disable2. Disable g729br8 from being negotiated for this call. If CUCM is involved, this is done with the service parameter "Strip G.729 Annex B (Silence Suppression) from Capabilities."
3. Use a Cisco IOS code on the gateway which does not contain the fix for CSCsu66759 (Cisco IOS Release 12.4(22)T and below).
•
Symptoms: A router that is running Cisco IOS or Cisco IOS XE may unexpectedly reload due to a watchdog timeout when there is a negotiation problem between crypto peers. The following error will appear repeatedly in the log leading up to the crash:
.Mar 1 02:59:58.119: ISAKMP: encryption... What? 0?
Conditions: When a malformed payload (Transform payload with vpi length =0) is received and the debug crypto isakmp command is enabled, the error messages are repeatedly seen leading up to the crash.
Workaround: Remove this debug command.
•
Symptoms: Layer 2 tunneled traffic stops working when PIM is configured.
Conditions: This symptom is observed when following conditions are met:
–
–
–
Workaround: This issue is not seen in 12.4T. You can switch to the T train; there are no known workarounds at this point.
•
Symptoms: High CPU utilization occurs when editing the ACL entries on a router running the c7301-ik9s-mz.124-23 image. The problem does not exist in the c7301-ik9s-mz.123-23 image.
Conditions: Occurs when two Cisco 7301 routers are configured for VPN redundancy. The crypto dynamic-map command is configured with match address to match crypto ACL that has 215 ACL entries. There are 1300 IPSec tunnels. The active router is running 7301-ik9s-mz.124-23, and the standby router is running c7301-ik9s-mz.123-23.
The HIGH CPU problem is reported only on the router that is running 7301-ik9s-mz.124-23:
CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 95%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
148 1085948 1402983 774 98.49% 97.28% 93.63% 0 Crypto IKMP
149 44592 86808 513 0.00% 0.00% 0.00% 0 IPSEC keyengine
The following steps reveal the problem:
–
–
–
Workaround: Shift the tunnels over to the standby VPN by lowering the HSRP priority manually in the problematic router.
•
Symptoms: Calls via an MGCP gateway that is registered to a Cisco Unified Communications Manager (CUCM) fail immediately with a codec negotiation error.
Conditions: This symptom is observed when a CUCM is configured to use the G729 codec for the MGCP gateway.
Workaround: Use the G729 AnnexB codec between the MGCP gateway and the CUCM.
•
Symptoms: This is a rarely occurring crash when ssg portmap and Transparent Auto Logon (TAL) are enabled together on a PPP session.
Conditions: There is a timing issue that leads to a crash when ssg portmap and TAL are enabled together and when the PPP connection is terminated at the same time.
Workaround: There is no workaround when both features are present in the configuration. It can be avoided when only one feature is present.
Further Problem Description: When a session is being re-authenticated because of TAL and the PPP session is terminated at that time and also if it so happens that the connection has been idle for a while, then, because of timing issues in data structures, a situation might arise that can lead to a router crash.
The solution will be available in the next release.
•
Symptoms: TTY sessions not accessible after reverse SSH session to the same TTY port results in failed authentication.
Conditions: Occurred on a router running Cisco IOS Release 12.4(24)T and configured with TTY lines accessed using reverse SSH Version 2. Issue also affects SSH version 1 and affects VTY lines.
Workaround: Reload the router.
•
Symptoms: Attaching or removing a service policy flaps the Gigabit Ethernet interface.
Conditions: This symptom is observed only with a Cisco 3845 NM-1GE.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash occurs after a show user command is performed.
Conditions: The crash occurs after the user performs a show user command and then presses the key for next page. It is observed on a Cisco 3845 that is running Cisco IOS Release 12.4(21a).
Workaround: Do not perform a show user command.
•
Symptoms: Memory leaks occur for SIP calls in a SIP gateway.
Conditions: Occurs with regular SIP calls from PSTN through SIP voice gateway.
Workaround: There is no workaround.
•
Symptoms: Gateway crashes due to lack of memory.
Conditions: Memory leak occurs in RTCP while processing calls. Due to lack of memory, the gateway crashes.
Workaround: There is no workaround.
•
Symptoms: A router with dynamic NAT for unicast and multicast traffic crashes after ip nat inside source list is deleted.
Conditions: Router crashes when there is unicast and multicast traffic and only when unicast and multicast traffic uses the same NAT rule.
Workaround: Use separate NAT rule for unicast and multicast traffic.
•
Symptoms: A Cisco 5850 crashed 2 minutes after the card in slot 5 crashed.
Conditions: This symptom was observed on a Cisco 5850 with Cisco IOS Release 12.4(25).
Workaround: There is no workaround.
•
Symptoms: A traceback may occur.
Conditions: This symptom is observed after a crypto map is removed and reapplied.
Workaround: Use software encryption.
•
Symptom: A traceback is seen when SNAT is unconfigured from the active router.
Conditions: This symptom is observed on Cisco routers that are running a Cisco IOS Release 12.4(25)M0.3 image.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(25a)
Cisco IOS Release 12.4(25a) is a rebuild release for Cisco IOS Release 12.4(25). The caveats in this section are resolved in Cisco IOS Release 12.4(25a) but may be open in previous Cisco IOS releases.
•
Symptoms: BGP convergence is very slow, and CPU utilization at BGP router process can reach 100% during the convergence at aggregation router. During normal operation, if BGP prefixes included in the aggregation flap, it will also produce high CPU utilization.
This issue shows the following tendencies:
1) The more of the component prefixes belonging to the aggregate-address entry, the slower the convergence at aggregation router. 2) The more of the duplicated aggregation component prefixes for aggregate- address entry, the slower convergence at aggregation router.
Conditions: Any releases would be affected if "aggregate-address" is configured, and routing updates involving aggregate components are received every few seconds.
Workaround: Remove the "aggregate-address".
•
Symptoms: There is an intermittent crash with four "conferencing and transcoding" cards installed.
Conditions: This crash is due to an initialization problem in ms_ac_dsprm during bootup.
Workaround: Do not configure no sccp, sccp or lower the number of act "conferencing and transcoding" cards.
•
Symptoms: EzVPN router might loose its IPSec connection due to three consecutive missed keepalives.
Conditions: Occurs when ISAKAMP keepalives are configured with EzVPN.
Workaround: Disable keepalives.
•
Symptoms: Router crashes when auto qos voip is configured on ATM-PVCs. It does not crash when auto qos voip trust or auto qos voip are configured on any interface.
Conditions: Occurs when auto qos voip is configured the first time on any ATM-PVC.
Workaround: Configure auto qos voip on any interface, such as a serial interface, and then configure auto qos voip on the ATM-PVC. Use auto qos voip trust if it is suitable for the network.
Further Problem Description: If auto qos exists in the startup configuration then the issue is not seen. It is seen only when it is configured on a ATM interface of a router which is up and running.
•
Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml
•
Symptoms: If a T1/E1 controller on NM-CEM-4TE1 CEoIP module is configured for clock source internal so that it gets its clocking reference from the TDM backplane of a Cisco 2800 or 3800 Integrated Services Router (ISR), and the CEM T1/E1 controller flaps DOWN and then UP, the NM-CEM-4TE1 may cease being synchronized to the TDM backplane. Measurement and comparison of the clocking between the TDM backplane and the CEM T1/E1 shows that timing slips are occurring.
Conditions: This behavior may be observed on a Cisco 2800 or 3800 ISR which has been installed with a NM-CEM-4TE1 CEoIP module, and is running a Cisco IOS release from the 12.4 mainline train. The CEM T1/E1 controller is set for clock source internal.
Workaround: Two workarounds are known:
1.
2.
•
Symptoms: NSAP address family cannot be configured.
router bgp 1 address-family nsap <---- cannot be configured
Conditions: This symptom occurs on initial configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.4(25) may crash due to SSH.
Conditions: This symptom occurs when SSH is enabled on the router. An attempt to access the router via SSH is made.
Workaround: Do not use SSH. Disable SSH on the router by removing the RSA keys:
"crypto key zeroize rsa"
Further Problem Description: This issue has not been seen in Cisco IOS Release 12.4(23) and earlier releases. It also has not been seen in Cisco IOS Release 12.4T images.
•
Symptoms: On a Cisco IOS router with IPSec configured, if the IP address on an interface where the crypto map is applied to changes, then the crypto map configuration will disappear from the interface.
Conditions: This problem only occurs when there is an address change on the crypto map interface.
Workaround: Manually re-apply the crypto map after the IP address change on the interface.
•
Symptoms: Doing reverse SSH to a TTY line, which is busy, causes the terminal server to crash.
Conditions: This issue is encountered in a Cisco 3845 router that is running Cisco IOS Release 12.4(23).
Workaround: There is no workaround.
Open Caveats—Cisco IOS Release 12.4(25)
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(25). All the caveats listed in this section are open in Cisco IOS Release 12.4(25). This section describes severity 1 and 2 caveats and select severity 3 caveats.
•
Symptoms: On a Cisco router, BGP peers may still initially come back up, wait for the timeout, and then stay down.
Additionally, after the RP has experienced an out-of-memory event, other problems may be experienced. For example if a malloc failure occurs while processing a BGP update, then router may report that the update was malformed and send a BGP notification. BGP may stop processing and sending updates, or alternatively may just stop sending updates. BGP may produce spurious memory accesses or the router may unexpectedly reload due to BGP.
Conditions: Occurs when the RP lacks sufficient memory.
Workaround: There is no workaround.
•
Symptoms: A router that is running Cisco IOS software may mistakenly fail a CRC check on files in NVRAM.
Conditions: This symptom has been observed with large files, such as large startup configurations.
Workaround: There is no workaround.
•
Symptoms: Unable to obtain low latency for priority traffic while LLQ is configured.
Conditions: This is happening while LLQ is configured with IPsec and IPSec-GRE tunnels.
Workaround: There is no workaround.
•
Symptoms: Console port can lock up after 10-15 minutes. Telnet sessions fail.
Conditions: Occurs when terminal server is connected to router's console port.
Workaround: There is no workaround.
•
Symptoms: Cyclic redundancy check (CRC) errors increment on Cisco 2800 router.
Conditions: Occurs during normal operation.
Workaround: There is no workaround.
•
Symptoms: The following errors are logged:
Sep 21 05:07:25: %ISDN-4-ISDN_UNEXPECTED_EVENT: INVALID INPUT: Occurred at ../isdn/isdnif_modem.c:99 Sep 21 05:07:25: %SYS-2-QCOUNT: Bad dequeue 62D74734 count -1 -Process= "ISDN", ipl= 4, pid= 162 -Traceback= 0x6046769C 0x605B2E64 0x60158F0C 0x600B2204 0x600B2238 0x600B220C Sep 21 05:07:25: %ISDN-4-ISDN_UNEXPECTED_EVENT: INVALID INPUT: Occurred at ../isdn/isdnif_modem.c:99 Sep 21 05:07:25: %SYS-2-QCOUNT: Bad dequeue 62D74734 count -1 -Process= "ISDN", ipl= 4, pid= 162 -Traceback= 0x6046769C 0x605B2E64 0x60158F0C 0x600B2204 0x600B2238 0x600B220C Sep 21 05:07:25: %ISDN-4-ISDN_UNEXPECTED_EVENT: INVALID INPUT: Occurred at ../isdn/isdnif_modem.c:99 Sep 21 05:07:25: %SYS-2-QCOUNT: Bad dequeue 62D74734 count -1 -Process= "ISDN", ipl= 4, pid= 162 -Traceback= 0x6046769C 0x605B2E64 0x60158F0C 0x600B2204 0x600B2238 0x600B220C Sep 21 05:07:25: %ISDN-4-ISDN_UNEXPECTED_EVENT: INVALID INPUT: Occurred at ../isdn/isdnif_modem.c:99 Sep 21 05:07:28: %SYS-2-QCOUNT: Bad dequeue 62D74734 count -1 -Process= "ISDN", ipl= 4, pid= 162 -Traceback= 0x6046769C 0x605B2E64 0x60158F0C 0x600B2204 0x600B2238 0x600B220C Sep 21 05:07:28: %ISDN-4-ISDN_UNEXPECTED_EVENT: INVALID INPUT: Occurred at ../isdn/isdnif_modem.c:99 Sep 21 05:07:28: %SYS-2-QCOUNT: Bad dequeue 62D74734 count -1 -Process= "ISDN", ipl= 4, pid= 162 -Traceback= 0x6046769C 0x605B2E64 0x60158F0C 0x600B2204 0x600B2238 0x600B220C Sep 21 05:07:28: %ISDN-4-ISDN_UNEXPECTED_EVENT: INVALID INPUT: Occurred at ../isdn/isdnif_modem.c:99 Sep 21 05:07:28: %SYS-2-QCOUNT: Bad dequeue 62D74734 count -1 -Process= "ISDN", ipl= 4, pid= 162 -Traceback= 0x6046769C 0x605B2E64 0x60158F0C 0x600B2204 0x600B2238 0x600B220CConditions: Occurs when ISDN is enabled.
Workaround: There is no workaround.
•
Symptom: Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers.
The Cisco Security Response is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Conditions: See "Additional Information" section in the posted response for further details.
Workaround: See "Workaround" section in the posted response for further details.
•
Symptoms: ASR Router goes down.
Conditions: Occurs when kron policy is configured and SCP is used.
Workaround: Use regular SCP.
•
Symptoms: Version: disk2:c7200-adventerprisek9-mz.124-22.T on KSs and GMs:
Oct 26 18:41:50: %GDOI-5-KS_SEND_MCAST_REKEY: Sending Multicast Rekey for group DGVPN-ALPHA from address 10.32.178.56 to 239.192.1.190 with seq # 23 Oct 26 18:41:50: %SYS-3-MGDTIMER: Uninitialized timer, set_exptime, timer = 20A64C70. -Process= "Crypto IKMP", ipl= 0, pid= 201, -Traceback= 0x6147CC48 0x62E75F4C 0x6392E05C 0x6392E300 0x63B25A70 0x63B25AF8 0x639308FC 0x63855544 0x6392F794 0x638100F4 0x638144E4Conditions: KS2, CE1, and m-gm are connected to PE1. s-gm is connected to PE2. PE1 and PE are in MPLS cloud.
Lower the priority of KS1 and change the primary KS role from KS1 to KS2 by entering the clear crypto gdoi ks coop role command in KS1. KS2 becomes the primary. Tracebacks are seen in the KS2.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running NAT may corrupt the IP header checksum for some RTSP packets.
Conditions: This symptom is observed when the RTSP connection goes through NAT, "OPTION" or "DESCRIBE" messages are sent, and the NAT translation used has a differing number of characters for the private and public IP addresses of the server.
Workaround:
1) Configure the no-payload command for the NAT translation. This will stop the corruption, but will also cause all deep packet NAT to stop, which can cause other issues.
2) Use a port other than 554 for the RTSP steam. This will stop the corruption, but will also stop the router from NAT the embedded IP addresses in the RTSP packets. Depending on the specific implementation of RTSP, this may or may not stop the stream from working.
3) Change your NAT translation such that the private and public IP addresses have the same number of characters. For instance 192.168.0.1 has 11 characters, and 172.16.100.200 has 14 characters.
•
Symptoms: After some time (days to months), all inbound and outbound calls through gateway fail with CCAPI cause 102. Calling party (PSTN or VoIP side) hear fast busy. When failure occurs, all calls, inbound and outbound fail. No R2 signaling is observed on inbound or outbound calls
Conditions: Observed with Cisco IOS Release 12.4.12c.
Topology: UCM/IP phones --- ip/h323 --- 5350 --- E1R2
No changes to network or gateway between incidents.
Workaround: Reboot gateway resolves issue for some time, issue returns after days or months.
•
Symptoms: The ip nat inside source ... match-in-vrf command is not working without the overload option.
Conditions: Occurs on a router running Cisco IOS Release 12.4(15)T8.
Workaround: There is no workaround.
•
Symptoms: When an ATM interface on a WIC1-ADSL comes back up after a flap, under some undefined circumstances, it may be observed that none of the configured PVCs forward traffic.
Conditions: Specific conditions are still under investigation.
Workaround: Perform a shut/no shut on the interface or power cycle the router.
•
Symptoms: Router reloads with a bus error and no tracebacks.
Conditions: Unknown at this time.
Workaround: There is no workaround.
•
Symptoms: Switch port (Fa2 - Fa9) on Cisco 1812 pads an extra byte.
Conditions: Occurs when Cisco 1812 receives the packet with padding byte.
Workaround: There is no workaround.
•
Symptoms: Service policy in suspend mode.
Conditions: The dLFIoATM feature is configured on a Cisco 7500 and an attempt is made to attach policy to VT. The VT bandwidth is more than the required bandwidth of the policy.
Workaround: There is no workaround.
•
Symptoms: Continuous DSP crash on Cisco 2801 router.
Conditions: Occurs on routers running Cisco IOS Release 12.4(23.15)PI10 and Cisco IOS Release 12.4(23.15)T5.
Workaround: There is no workaround.
•
Symptoms: Router crashes due to memory corruption in TPLUS process.
Conditions: Occurs during normal operations.
Workaround: There is no workaround.
•
Symptoms: Routing Information Base (RIB) and Cisco Express Forwarding (CEF) miss Open Shortest Path First (OSPF) external routes.
Conditions: Occurs when OSPF changes over to second path because first path interface is down.
Workaround: Enter the clear ip route x.x.x.x command.
•
Symptoms: After disabling SSH, an alternate SSH port is still enabled on the router.
Conditions: Occurs on routers that have been configured to use a port other than Port 22 for SSH.
Workaround: Do not configure alternate SSH ports.
•
Symptoms: If a T1/E1 controller on NM-CEM-4TE1 CEoIP module is configured for clock source internal so that it gets its clocking reference from the TDM backplane of a Cisco 2800 or 3800 Integrated Services Router (ISR), and the CEM T1/E1 controller flaps DOWN and then UP, the NM-CEM-4TE1 may cease being synchronized to the TDM backplane. Measurement and comparison of the clocking between the TDM backplane and the CEM T1/E1 shows that timing slips are occurring.
Conditions: This behavior may be observed on a Cisco 2800 or 3800 ISR which has been installed with a NM-CEM-4TE1 CEoIP module, and is running an IOS release from the 12.4 mainline train. The CEM T1/E1 controller is set for clock source internal.
Workaround: Two workarounds are known:
(1) Manually set clock source line and then clock source internal under the CEM T1/E1 controller. The CEM T1/E1 controller and the TDM backplane will be in synchronization from this point forward until the next T1/E1 flap.
(2) This behavior is not known to affect Cisco IOS Release 12.4T release. If Cisco IOS Release 12.4T can be deployed, use a current release of this train.
•
Symptoms: High CPU utilization occurs when editing the ACL entries on a router running the c7301-ik9s-mz.124-23 image. The problem does not exist in the c7301-ik9s-mz.123-23 image.
Conditions: Occurs when two Cisco 7301 routers are configured for VPN redundancy. crypto dynamic-map is configured with match address to match crypto ACL that has 215 ACL entries. There are 1300 IPSec tunnels. Active router is running 7301-ik9s-mz.124-23, and standby router is running c7301-ik9s-mz.123-23.
The HIGH CPU problem is reported only on the router that is running 7301-ik9s-mz.124-23:
CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 95%PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process148 1085948 1402983 774 98.49% 97.28% 93.63% 0 Crypto IKMP149 44592 86808 513 0.00% 0.00% 0.00% 0 IPSEC keyengineThe following steps reveal the problem:
* There is a named ACL configured in the VPN router which defines the interesting traffic criteria for the establishment of the IPSec tunnel.
* Enter configuration mode and add or remove entries from the named ACL.
* Exit configuration mode. CPU utilization goes up to 99% momentarily on the router running Cisco IOS Release 12.3. After 4 seconds it returns to normal. On the router running Cisco IOS Release 12.4, CPU utilization stays high and affects router operations.
Workaround: Shift the tunnels over to the standby VPN by lowering the HSRP priority manually in the problematic router.
•
Symptoms: Stateful Fail-over of Network Address Translation (SNAT) in primary/backup mode does not converge.
Conditions: Occurs after a no shut interface following a router reload, and then configure SNAT on the primary router.
Workaround: Perform a shut/no shut of the SNAT interface on the primary router.
•
Symptoms: CPUHOG occurs due to tag control and crash in "atm_get_vc or atm_getvcnum".
Conditions: Occurs on a Cisco 7500 with mpls atm multi-vc or tag-switching atm multi-vc configured.
Workaround: There is no workaround.
•
Symptoms: Stateful fail-over of network address translation (SNAT) in primary/backup mode does not converge when TCP connect is shut down and then turned back on.
Conditions: It is seen with SNAT in primary/backup mode. Before the following conditions, both primary/backup routers is fully converged once.
1. Shutdown the SNAT interface of primary router and reload the primary router. Perform a shutdown on the SNAT interface of the primary router.
2. Shutdown the interface of the switch between SNAT routers. After 5 minutes, the SNAT peer is down. Enter no shutdown on the interface of the switch.
Workaround: Perform shut/no shut on the SNAT interface of the primary router.
•
Symptoms: Reverse SSH session to TTY line with failed authentication results in occupied VTY line that will not clear.
Conditions: Occurs on a router running Cisco IOS Release 12.4(23) and earlier releases and with modem TTY lines configured to be accessed via reverse SSH session.
Workaround: Configure the router to use reverse telnet instead of reverse SSH. To clear a hung line, reload the router. If possible, run Cisco IOS Release 12.4T on the router to avoid the issue.
Resolved Caveats—Cisco IOS Release 12.4(25)
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(25). All the caveats listed in this section are resolved in Cisco IOS Release 12.4(25). This section describes severity 1 and 2 caveats and select severity 3 caveats.
•
Symptom: The IP Input Process holds large amounts of memory. The show mem allocating-process shows many TCL and ESM entries for IP Input.
Condition: ESM (Embedded Syslog Manager) is used under abnormally high logging conditions. The memory leak occurred in a test environment by logging every ACL denial, and pinging the denied interface in flood mode with 100,000+ packets.
Workaround: Do not use ESM if experiencing abnormally high syslog traffic.
•
Symptoms: The output counters for a Multilink Frame Relay (MFR) bundle interface may not be updated correctly.
Conditions: Occurs after the same interface is deleted and recreated.
Workaround: There is no workaround.
•
Symptoms: Using a 3725 with an AIM-ATM/VWIC-2MFT-T1 combo, running the following IOS releases may result in ATM PVCs configured with VCIs greater than 255 to fail.
Conditions: Occurs when using a Cisco 3725 with AIM-ATM, VWIC-2MFT-T1, and the c3725-jsx-mz.123-14.T2 image with an HDLC channel-group configured on 1/2 VWIC ports with the other port using the AIM-ATM SAR.
Workaround: Use VCIs less than 255 or remove Channel-Group sharing VWIC with AIM-ATM.
•
Symptoms: An Address Error exception occurs after Uninitialized timer in TPLUS process.
Conditions: This is a platform independent (AAA) issue. It may be seen with a large number of sessions while accounting is configured with a T+ server.
Workaround: Disable accounting, or use RADIUS accounting instead of a T+ server.
•
Symptoms: When reloading a router (lsnt-ap-pe1, Cisco 7500 platform) with Cisco IOS interim Release 12.0(31.4)S1 from any Cisco IOS Release 12.0(28)S4b image, several IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP and traceback occur in the standby log.
Conditions: This symptom has been observed on a Cisco 7500 router platform with MVPN.
Workaround: There is no workaround.
•
Symptoms: When IPsec SAs flap, traffic loss may occur during the IPsec and IKE rekey.
Conditions: This symptom is observed on a Cisco 7600 series that runs Cisco IOS Release 12.2(33)SRA when there is a large number of IKE and IPsec SAs (that is, more than 2000 IKE SAs and 4000 IPsec SAs) and when RSA signature authentication is configured.
Workaround: Reduce the number of IKE and IPsec SAs.
•
Symptoms: A MWAM-SSG processor may reload automatically with the following error message:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0 , ra=0x21A8C118 , sp=0x45E7D7D0
Conditions: The symptom is observed with MWAM in a Cisco 7600 series router that is running Cisco IOS Release 12.4(3b).
Workaround: There is no workaround.
•
Symptoms: Devices running Cisco IOS may reload with the error message "System returned to ROM by abort at PC 0x0" when processing SSHv2 sessions. A switch crashes. We have a script running that will continuously ssh-v2 into the 3560 then close the session normally. If the vty line that is being used by SSHv2 sessions to the device is cleared while the SSH session is being processed, the next time an ssh into the device is done, the device will crash.
Conditions: This problem is platform independent, but it has been seen on Cisco Catalyst 3560, Cisco Catalyst 3750 and Cisco Catalyst 4948 series switches. The issue is specific to SSH version 2, and its seen only when the box is under brute force attack. This crash is not seen under normal conditions.
Workaround: There are mitigations to this vulnerability: For Cisco IOS, the SSH server can be disabled by applying the command crypto key zeroize rsa while in configuration mode. The SSH server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only way to completely disable the SSH server.
Access to the SSH server on Cisco IOS may also be disabled via removing SSH as a valid transport protocol. This can be done by reapplying the transport input command with "ssh" removed from the list of permitted transports on VTY lines while in configuration mode. For example: line vty 0 4 transport input telnet end
If SSH server functionality is desired, access to the server can be restricted to specific source IP addresses or blocked entirely using Access Control Lists (ACLs) on the VTY lines as shown in the following URL:
More information on configuring ACLs can be found on the Cisco public website: /en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
•
Symptoms: Cisco 2600XM router runs out of memory while trying to boot large images.
Conditions: This defect produces crashes under two scenarios:
1. ) During loading of large images, such as a c2600-adventerprisek9-mz.
2. ) During reload where router goes into ROMMon.
Workaround: There is no workaround.
•
Symptoms: A Standby router will reload with the following error message:
02:05:27: Config Sync: Line-by-Line sync verifying failure on command: cbr 2000 due to parser return error
Conditions: This issue is seen when CBR service category is configured on VC on CEoP IMA i/f.
Workaround: There is no workaround.
•
Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may cause a traffic outage.
Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled when a script adds and deletes ATM subinterfaces on a regular basis.
Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot be deleted, delete the subinterface, and then create a dummy subinterface that will pull the configuration that could not be deleted. Then recreate the first subinterface with a new configuration.
•
Symptoms: Router crashes when the mobile router-service roam priority command is entered.
Conditions: Crash is observed during unconfiguration after verifying for generic routing encapsulation.
Workaround: There is no workaround.
•
Symptoms: A multicast source address may not get translated if the Network Address Translation (NAT) outside the interface is a GRE tunnel.
Conditions: The symptom is observed when using NAT to translate a multicast source address for multicast traffic over a tunnel interface. The static NAT translation of the multicast source address does not work.
Workaround: Turn off CEF globally on the router.
Alternate workaround: Turn off the mroute-cache on the NAT inside the interface.
•
Symptoms: A BGP neighbor may send a notification reporting that it received an invalid BGP message with a length of 4097 or 4098 bytes.
Conditions: The problem can be seen for pure IPv4 BGP sessions (no MP-BGP in use) when the router that is running the affected software generates a large number of withdraws in a short time period and fills an entire BGP update message (up to 4096 bytes normally) completely with withdraws. Because of a counting error, the router that is running the affected software can generate an update message that is 1 or 2 bytes too large when formatting withdraws close to the 4096 size boundary.
Workaround: The issue is not seen when multiple address families are being exchanged between BGP neighbors.
•
Symptoms: A CPU may hang and give traceback during boot up.
Conditions: The crash is the result of a race condition caused by the order of operations in console_init().
Workaround: There is no workaround.
•
Symptoms: Spurious access or a router crash may be seen when a crytpo key is removed.
Conditions: The crypto key was not generated in the router. When we try to remove the unconfigured crypto key, the spurious access may be seen.
Workaround: There is no workaround.
•
Symptoms: PVC does not come up after removing vc-class from it.
Conditions: This issue happens only when vc-class with constant bit rate (CBR) is configured on the main interface, and another vc-class is applied to the VC. This occurs under the following scenario:
1.Boot the router afresh.
2.Apply a vc-class (class1) to the ATM interface.
3.Configure PVCs with the range command.
4.Apply another vc-class (class2) under the range-pvc configuration.
5.Remove the vc-class (class2) from under the range-pvc configuration.
After this step the PVCs are expected to come up having attributes of vc-class class1. The PVCs do not come up and stay in inactive mode.
Workaround: There is no workaround.
•
Symptoms: Traceback seen while doing Telnet with SSH enabled.
Conditions: Occurs when SSH is enabled on a Cisco 7200 router.
Workaround: There is no workaround.
•
Symptoms: Multicast data loss may be observed while changing the PIM mode of MDT-data groups in all core routers.
Conditions: The symptom is observed while changing the PIM mode of MDT-data groups from "Sparse" to "SSM" or "SSM" to "Sparse" in all core routers in a Multicast Virtual Private Network (MVPN).
Workaround: Using the command clear ip mroute MDT-data group will resolve the issue.
•
Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at the following link /en/US/products/products_security_advisory09186a0080a9042f.shtml
•
Symptoms: A Catalyst 6500 or a Cisco 7600 may reload unexpectedly. Additionally, this single bug can affect T train platforms on limited releases as detailed below.
Conditions: Occurs when NetFlow is configured on one of the following:
* Cisco 7600 running Cisco IOS Release 12.2(33)SRC. * Catalyst 6500 running Cisco IOS Release 12.2SXH.
Workaround: Disable NetFlow. This is done with the following commands:
no ip flow ingress no ip flow egress no ip route-cache flow
Enter the appropriate command for each subinterface for which NetFlow is currently configured.
Other Notes:
12.4(23) is affected by this bug. The fix is in releases thereafter for 12.4.
The 12.2SRC and 12.2SXH code trains are affected. The specific versions affected are 12.2(33)SXH, 12.2(33)SXH1, 12.2(33)SXH2, 12.2(33)SXH2a, 12.2(33)SRC, and 12.2(33)SRC1
The issue is fixed in the two affected code trains from the 12.2SXH3 and 12.2SRC2 releases onwards. However, for the SXH train, Cisco would recommend the use of SXH4 due to bug CSCso71955
The following release trains do not have this issue; 12.2(18)SXF, 12.2(33)SRA, 12.2(33)SRB, 12.2(33)SXI and all other release trains after those affected.
•
Symptoms: MSFC crashes with RedZone memory corruption.
Conditions: This problem is seen when processing an Auto-RP packet and NAT is enabled.
Workaround: There is no workaround.
•
Symptoms: Memory leak was found after voice stress testing on a Cisco 3845.
Conditions: Occurred on router configured for E1, Direct Inward Dial (DID), G.711, and voice activity detection (VAD). Testing was performed for 2 hours, and call duration was 60 seconds.
Workaround: There is no workaround.
•
Symptoms: 1. If dampening is enabled on a router, and identical updates of a IPv4 prefix carrying label information are received, these updates are not treated as identical and dampening penalty is set for the route. 2. If dampening is enabled on a router, and identical updates of a IPv4 multicast prefix are received, these updates are not treated as identical and dampening penalty is set for the route.
Conditions: The symptom is observed when dampening is enabled and: 1. Identical updates of a IPv4 prefix are received. The updates should be carrying MPLS Label information; or 2. Identical updates of a IPv4-multicast prefix are received.
Workaround: There is no workaround.
•
Symptoms: Output drops can be observed on GE/FE interface on a Cisco 2800 router.
Conditions: Problem is observed when NAT is enabled while router is configured to pass multicast traffic.
Workaround: There is no workaround.
•
Symptoms: EIGRP may lose some routes from stub neighbors in a DMVPN setup.
Conditions: If EIGRP graceful restart happens on an interface and the interface update queue is busy, then it may lose some routes from the stub neighbors on that interface.
For example, issuing the below commands can trigger this issue:
clear ip eigrp vrf abc as-number neighbors interface Wait 30 seconds clear ip eigrp vrf abc as-number neighbors interface soft
Workaround: Use the clear ip eigrp vrf abc neighbors command to fix the problem.
Another workaround is that graceful restart can be turned off by the no eigrp graceful-restart command under the router or the address-family command. This will cause the symptom to go away but will revert back to hard resetting peers on configuration changes or the clear ip eigrp neighbor soft command.
•
Symptoms: A switchover takes more time on a Cisco 7500 router.
Conditions: This symptom is observed when RPR+ is configured on the Cisco 7500.
Workaround: There is no workaround.
•
Symptoms: Upon reload, static routes pointing to MLPPP interfaces do not get inserted in the RIB.
Example: ip route 172.16.2.2 255.255.255.255 multilink22
Conditions: Occurs in a router running Cisco IOS Release 12.2(33)SRC1.
Workaround: Reconfigure the static routes being affected, or simply configure copy run start to initialize the routes.
•
Symptoms: An ISAKMP SA is not deleted as expected after removing the RSA key.
Conditions: The issue is seen when the user tries to clear the ISAKMP SAs by issuing the clear crypto session command on an IKE SA that has multiple IPSEC SAs.
Workaround: Use the clear crypto sa and clear crypto is commands.
•
Symptoms: Changing any of the parameters of a route-map does not take effect.
Conditions: Occurs when using a BGP aggregate-address with an advertise map.
Workaround: Delete the aggregate-address statement and then put it back for the change to take effect.
•
Symptoms: When the main ATM interface MTU has an explicit non-default value (something other than 4470), then the subinterfaces may not save (shown with the show run command) the explicit MTU configuration of the default (4470) even though the command is expected.
Conditions: The symptoms are observed only for the ATM MTU value 4470. This unexpected behavior is not seen for any other value (less than or more than 4470 within allowed ATM MTU values).
Workaround: Upon reload, manually (explicitly) configure MTU 4470. You can configure an IP MTU under the ATM interface instead of an ATM MTU.
•
Symptoms: A Cisco router that is running a PfR Master Controller crashes under stress.
Conditions: This symptom is observed when traffic with more than 2000 prefixes with about 500 unreachable prefixes is flowing through the router.
Workaround: Minimize the number of prefixes learned during an interval. The default of 100 should be sufficient.
oer master learn prefixes 100
•
Symptoms: cdpCacheAddress(OID:1.3.6.1.4.1.9.9.23.1.2.1.1.4) MIB is not showing GLOBAL_UNICAST address.
Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(15)T7.
Workaround: There is no workaround.
•
Symptoms: When a port becomes active the endpoints stay in "Not Ready" state and the RSIP message is not sent.
Conditions: The symptoms are observed when a new E1/T1 is configured with new DS0 groups controlled by MGCP. It is observed only during initial configuration.
Workaround: Remove the entire configuration under the controller before reloading/configuring a new set. After the problem occurs, the only workaround is to reload router.
•
Symptoms: When a user configures the exception flash all disk1:core1 command, the resulting coredump pathname becomes "disk1:core1:ram1-7206-2-coreiomem.Z". The presence of the ":" following core1 is bogus since ":" is a reserved character used to delimit device and partitions. And "core1" is not a valid partition identifier.
A reasonable interpretation of "core1" would be as an existing subdirectory, not as the first 5 characters of a core file name.
Conditions: Occurs when user configures the exception flash all disk1:core1 command.
Workaround: Copy the core dump to "disk1:" instead of "disk1:core1". Use "exception flash all disk1:"
•
Symptoms: An ISR router may crash with the following error message: %ALIGN-1-FATAL: Corrupted program counter
Conditions: The symptoms are observed on a Cisco 2811 and 2801 router. The trigger has not yet been identified.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1800 series router may stop passing traffic on FastEthernet interface 0/1 when FastEthernet interface 0/0 is administratively shut down using the interface configuration command shutdown. When FastEthernet 0/0 is shutdown, the following message is displayed:
%GT96K_FE-5-LATECOLL: Late Collision on int FastEthernet0/0Conditions: The symptoms are observed with FastEthernet 0/0 on a Cisco 1841 router and when the device at the far end of interface FastEthernet 0/0 is configured manually to speed 10 or 100.
Workaround: Configure the far-end device to auto-negotiate the speed with the 1800 router.
Further Problem Description: This problem does not occur when pulling out cable and re-inserting in FastEthernet 0/0. It also does not occur when FastEthernet 0/1 is reversed to FastEthernet 0/0.
•
Symptoms: IGMP v3 reports are discarded.
Conditions: Occurs on Cisco 7200 router running Cisco IOS Release 12.4(20)T2.
Workaround: There is no workaround.
•
Symptoms: A class map with an interface defined is lost in the new standby.
Conditions: Configure a Cisco 7500 for RPR+ mode. Configure a class map with an input interface. Do an OIR remove the slot, and then a switchover. OIR Insert the slot in the new master. The new standby will not have the match statement for the input interface.
Workaround: Reload the standby once again.
•
Symptoms: Customer seeing memory corruption crash on his device while doing NAT protocol translation from IPv4 to IPv6
Conditions: System was restarted by error - an unknown failure
Workaround: Apply the following to the configuration:
no ipv6 nat service dns
Note that there will not be IP address translation in DNS packets going between IPv6 and IPv4 network.
•
Symptoms: Renaming a directory gives error message.
Conditions: This happens on a Cisco router running Cisco IOS Release 12.4(20)T1.fc2 image
Workaround: There is no workaround.
•
Symptoms: TCL scripts and policies attempting to work with open files and sockets simultaneously may not operate properly. One symptom is the vwait command may fail by reporting "would wait forever".
Conditions: Occurs when a TCL script opens both a file and a client or server socket simultaneously.
Workaround: Open and close files and sockets separately. Avoid having them open simultaneously.
•
Symptoms: A Cisco 7500 router crashes.
Conditions: IMA interface is configured with three and four members each. Attach service policy to an IMA pt interface. Now try to remove the IMA pt interface.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 with an HA setup, the "show controller t3" command is showing framing as M23 on the active and as C-bit on the standby. So the "loopback remote" configuration is rejected on the active and is accepted on the standby.
Conditions: This symptom is observed when the "show controller t3 1/1/0" command is issued.
Workaround: There is no workaround.
Further Problem Description: Because of the framing mismatch, the standby might crash due to sync issues.
•
Symptoms: A Cisco 7500 series router may crash.
Conditions: The symptom is observed when trying to access the VIP console when it is about to crash.
Workaround: There is no workaround.
•
Symptoms: Spurious memory access traceback is seen.
Conditions: The symptom is observed when an MGCP Gateway tries to defer a Request Notification (RQNT) without the requested/signal event.
Workaround: There is no workaround.
•
Symptoms: Label Forwarding Information Base (LFIB) shows incorrect information for Global BGP prefix after route flap. LFIB/FIB shows prefix as having a tag when it should be not. Routing table is correct.
Conditions: Occurred on a Cisco 12000 router running Cisco IOS Release 12.0(33)S1.
Workaround: Enter the clear ip route command.
•
Symptoms: The following error message is displayed if the DSU bandwidth is configured with a value other than the default of 44210 for T3 on an NM-1T3/E3 module:
dsxpnm_gt96k_abort_tx_mpsc:Aborting Tx mpsc failedConditions: The symptom is observed when the DSU bandwidth is changed to a value other than the default of 44210. It mostly occurs with values below 1000.
Workaround: Leave the DSU bandwidth at the default of 44210.
•
Symptoms: A Cisco 10000 series router may crash every several minutes.
Conditions: The symptom is observed with a Cisco 10000 series router that is running Cisco IOS Release 12.2(31)SB13.
Workaround: Use Cisco IOS Release 12.2(31)SB11.
•
Symptoms: NSF restart may be terminated and OSPF NBR may flap during RP switchover. The debug ip ospf adj command shows the following message: OSPF: Bad request received.
Conditions: The symptoms are observed when the links are broadcast networks and the restarting router is DR. It is seen when "nsf cisco" is configured and when some neighbors finish OOB resync much sooner than others.
Workaround: Use the nsf ietf command.
Alternate workaround: Configure routers so that the restarting router is not DR (use ospf network type point-to-point or priority 0).
•
Symptoms: If router is configured as follows:
router ospf 1 ... passive-interface Loopback0And later is enabled LDP/IGP synchronization using command
Router(config)#router ospf 1 Router(config-router)# mpls ldp sync Router(config-router)#^ZMPLS LDP/IGP synchronization will be allowed on interface loopback too.
Router#sh ip ospf mpls ldp in Loopback0 Process ID 1, Area 0 LDP is not configured through LDP autoconfig LDP-IGP Synchronization : Required < ---- NOK Holddown timer is not configured Interface is upIf the clear ip ospf proc command is entered, LDP will keep the interface down. Down interface is not included in the router LSA, therefore IP address configured on loopback is not propagated. If some application like BGP or LDP use the loopback IP address for the communication, application will go down too.
Conditions: Occurs when interface configured as passive. Note: all interface types configured as passive are affected, not only loopbacks.
Workaround: Do not configure passive loopback under OSPF. Problem only occurs during reconfiguration.
The problem will not occur if LDP/IGP sync is already in place and: - router is reloaded with image with fix for CSCsk48227 - passive-interface command is removed/added
•
Symptoms: VIP may crash on a Cisco 7500 series router.
Conditions: The symptom is observed when Distributed Link Fragmentation and Interleaving over Leased Lines (dLFIoLL) or Distributed Link Fragmentation and Interleaving over ATM (dLFIoATM) is configured and "ip flow egre" is configured on multilink or VT.
Workaround: There is no workaround.
•
Symptoms: When removing PA-MC-8TE1+ from the chassis, the router has an unexpected system reload. This reload happens when you remove the port adapter and the router is running the Cisco IOS bootloader image. Also happens when the port adapter is removed after the router finishes loading the Cisco IOS bootloader image and before it loads the complete Cisco IOS Software image.
Conditions: This occurs on a Cisco 7200 VXR NPE-G2 Series Routers on the Cisco IOS bootloader image from the Cisco IOS Release 12.4(4)XD.
Workaround: Remove PA-MC-8TE1+ when the complete Cisco IOS Software Image finishes loading.
•
Symptoms: A device running FTP to transmit the DHCP database may experience a file descriptor leak that results in errors such as:
ROUTER#show runOR
ROUTER#show start Using XXXX out of XXXX bytes %Error opening nvram:/startup-config (Bad file number)OR
ROUTER#dir nvram: Directory of nvram:/ %Error opening nvram:/ (File table overflow) XXXX bytes total (XXXX bytes free)Conditions: Occurs when the router is configured to use FTP to transmit the DHCP database:
ip dhcp database ftp://XXXX:XXXX@X.X.X.X/XXXXAnd the FTP server becomes unreachable. The file descriptor leak can be viewed in the output of show file descriptors:
ROUTER-B#show file descriptors File Descriptors:FD Position Open PID Path 0 0 0302 145 ftp://X.X.X.X/DHCP 1 0 0302 145 ftp://X.X.X.X/DHCP 2 0 0302 145 ftp://X.X.X.X/DHCP 3 0 0302 145 ftp://X.X.X.X/DHCP 4 0 0302 145 ftp://X.X.X.X/DHCP 5 0 0302 145 ftp://X.X.X.X/DHCP 6 0 0302 145 ftp://X.X.X.X/DHCP 7 0 0302 145 ftp://X.X.X.X/DHCP 8 0 0302 145 ftp://X.X.X.X/DHCP 9 0 0302 145 ftp://X.X.X.X/DHCP <snip>Workaround: Ensure that the FTP server does not become unreachable for more than 128 total minutes, as there are only 128 file descriptors. In the event that all 128 file descriptors are leaked, a reboot is required to recover.
•
Symptoms: EIGRP routes are not tagged with matching distribute-list source of route-map.
Conditions: Problem is observed where the route-map is applied to a specific interface. When the route-map is applied globally without the specific interface things appear to work fine.
Workaround: There is no workaround.
•
Symptoms: PIM packets may be processed on interfaces which PIM is not explicitly configured.
Conditions: Unknown at this time.
Workarounds: Create an ACL to drop PIM packets to such interfaces.
•
Symptoms: The router's async line used for reverse SSHv2 might hang after a failed authentication and not recover unless the router is rebooted. The router log displays: %SYS-3-HARIKARI: Process SSH Process top-level routine exited
Conditions: The symptom is observed on a router that is running Cisco IOS Release 12.4 with async lines.
Workaround: Use the traditional way of using reverse SSH with the use of rotaries.
•
Symptoms: A router remains in the init_process state when parsing the configuration.
Conditions: The symptom is observed when an IPv6 multicast group joins without MLD configured. When the groups unjoin, the system suspends.
Workaround: Configure MLD.
•
Symptoms: Junk values are being displayed on the router when characters/commands are inputted. For example, enter "enable", it shows "na^@^@"; enter "show version", it shows "h ^v^@e^@^r^@^@^@^@^@".
Conditions: The symptoms are observed with Cisco IOS Release 12.4(23.2)T.
Workaround: There is no workaround.
Further Problem Description: The CLI function is not affected by the junk values.
•
Symptoms: The ip rip advertise command might be lost from the interface.
Conditions: This symptom occurs in any of the following three cases:
1. The interface flaps. 2. The clear ip route command is issued. 3. The no network <prefix> command and then the network <prefix> command are issued for the network corresponding to the interface.
Workaround: Configure the timers basic command under the address-family under rip.
•
Symptoms: Cisco 7200 NPEG2 router crashes while displaying the interface output for onboard gigabit ethernet using the show interface gig0/x command.
Conditions: Occurs when a CBWFQ QoS policy is attached to the onboard gigabitethernet interface.
Workaround: There is no workaround.
•
Symptoms: The show logging command displays messages such as the following:
<date>: %ATM_AIM-5-CELL_ALARM_UP: Interface ATM<if ID> lost cell delineation. <date>: %ATM_AIM-5-CELL_ALARM_DOWN: Interface ATM<if ID> regained cell delineation.The link may go down and then recover automatically.
Conditions: This symptom is observed under ordinary operation. There is no apparent trigger. The physical line is known to be good.
Workaround: There is no workaround.
•
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.
•
Symptoms: SXP is set up between two devices but fails to initialize.
Conditions: This symptom is observed when SXP is set up between two devices.
Workaround: There is no workaround.
•
Symptoms: A router that is running Cisco IOS Release 12.4 with QoS configured with a parent and child policy may experience a reset due to a software-forced crash displaying one of the following messages:
%SYS-2-FREEFREE: Attempted to free unassigned memory at XXXXXXXX, alloc XXXXXXXX, dealloc XXXXXXXXOR
%SYS-6-BLKINFO: Corrupted magic value in in-use block blk XXXXXXXX, words XX, alloc XXXXXXXX, Free, dealloc XXXXXXXX, rfcnt XConditions: The reset is triggered by a configuration change tied to QoS and has been seen while changing one of the following:
-An access-list referenced by the map-class. -The DSCP/Precedence values being set by the service-policy. -Removing the service-policy from the interface. -Altering the shaping parameters within the service-policy.
Workaround: Other than avoid making changes to the QoS outside of a maintenance window, there is no workaround.
•
Symptoms: The primary router may crash continually.
Conditions: The symptom is observed with two Cisco 3825 routers with the same software and hardware and with a situation where one is working as a primary router and the other as a secondary. The issue is seen only with voice traffic. It is observed when running Cisco IOS Release 12.4(20)T (with this release the primary router crashes very frequently) and also with Cisco IOS Release 12.4(20)T1.
Workaround: There is no workaround.
•
Symptoms: VRRP virtual MAC address is stored as a dynamic, instead of static, entry after a reload.
Conditions: The symptom is observed when VRRP is configured on an SVI with xconnect pseudowire:
interface Vlan X ip address 10.0.0.1 255.255.255.0 vrrp 2 ip 10.0.0.254 xconnect vfi VRRP_3201Workaround: Use the shutdown followed by the no shutdown commands on the SVI (VLAN interface).
•
Symptoms: BGP router filters outbound routes to the peers when doing soft reset with specifying peer address using the clear ip bgp ip-addr soft out command. However, the routes to be filtered are not deleted from the routing table on the BGP peer router.
Conditions: The symptom happens when removing and then reapplying an outbound route-map. When issuing the clear ip bgp neighbor-address soft out command for each peer in an update-group after applying the outbound route-map filtering policy. The withdraw for filtered prefixes is sent to the first peer specified in soft reset, but the next peers in the same update-group do not withdraw the routes.
Workaround: Perform a hard BGP reset using the clear ip bgp ip-addr command.
•
Symptoms: When a dspfarm profile still has active calls, if the user manually shuts down the dspfarm profile, the router will crash.
Conditions: The user manually shuts down a dspfarm profile when it is still in use with active calls. This includes the case where a dspfarm profile is manually shut down after a DSP crash occurs to the dspfarm service but the endpoint phones have not yet finished hanging up.
Workaround: Do not shut down a dspfarm profile if it is still in use by active calls. Besides, if a DSP crash occurs, hang up all the phones using that dspfarm service and wait until the DSP sessions are released before manually shutting down the dspfarm profile.
•
Symptoms: A Cisco router may reload due to a bus error.
Conditions: This symptom has been experienced on a Cisco router that is running Cisco IOS Release 12.4(15)T7 and that is configured with NAT.
Workaround: There is no workaround.
•
Symptoms: A router may crash while configuring snmp mib community-map comm engineid with a long word.
Conditions: The symptom is observed with a Cisco 7200 series router that is running Cisco IOS Release 12.4(24)T.
Workaround: There is no workaround.
•
Symptoms: There may be a crash following a warning of an uninitialized timer.
Conditions: Pushing configuration to the device from a CE has been demonstrated to cause this. However, this does not always cause a crash.
Workaround: There is no workaround.
Further Problem Description: Configuration via interactive CLI is not subject to this fault.
•
The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client feature.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml.
•
Symptoms: Running a post-dial delay operation with reaction configuration may cause a router to crash after removing the operation.
Conditions: The symptom is observed when using a post-dial delay operation with reaction configuration.
Workaround: Do not use reaction configuration for post-dial delay.
•
Symptoms: VIC2 BRI Layer 2 will not come up after boot up.
Conditions: The symptom is observed with VIC2-2BRI-NT/TE cards.
Workaround: There is no workaround.
•
Symptoms: When DDNS is disabled on the router which is configured as the DHCP server, it sends option 81 in the DHCP ACK message with the N flag bit set to 1. However, the DHCP client fails to understand this and will not undertake a PTR update.
Conditions: The issue is seen with a third-party vendor DNS server and a Cisco IOS DHCP server.
Workaround: There is no workaround.
Further Problem Description: The issue is not seen with the 12.3 code as it does not support DDNS and hence does not reply back with Option 81 in the DHCP ACK.
•
Symptoms: The CBAC (ip inspect) commands are missing.
Conditions: The symptom is observed with Cisco IOS interim Release 12.4(23.5) CLI.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1721 reloads due to a bus error.
Conditions: The symptom is observed on a Cisco 1721 which is configured for AAA and is running Cisco IOS Release 12.4(16a), 12.4(16b) and 12.4(21). This is a platform independent issue and can possibly be seen on other platforms.
Workaround: There is no workaround.
•
Symptoms: EIGRP fails to send updates via the dialer when the ATM interface is flapped.
Conditions: The symptom is observed in a PPPoATM setup with cloned virtual-access subinterfaces and an EIGRP neighbor established over that PPPoATM connection. When the ATM interface carrying the PVC in use for the PPPoATM session is shutdown and reenabled after the EIGRP neighbor and PPPoATM session have timed out, we see a problem with reestablishing the EIGRP neighborship.
Workaround: In global configuration mode, use the following command: no virtual-template subinterface. This instructs the router to clone only the main interfaces, not the virtual-access subinterfaces.
•
Symptoms: While lrq forward-queries is configured, the gatekeeper blasting does not work as expected.
Conditions: This symptom is observed when lrq forward-queries is configured.
Workaround: There is no workaround.
•
Symptoms: A router reloads when DTMF digits are dialed out while making an MGCP call.
Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.4(23.5).
Workaround: No workaround is known.
•
Symptoms: A Cisco device that is running Cisco IOS Release 12.3(7)T or later Cisco IOS code may see an increase in CPU usage when upgrading from a previous image.
Conditions: NAT must be enabled for the contributing factor described here to be applicable. RTSP and MGCP NAT ALG support was added, which requires NBAR. However, there is no way to disable it if that feature code is not needed.
Workaround: There is no workaround.
•
Symptoms: Ping fails in HWIC-2T and WIC-2T when the physical mode is changed to "Async" from "Sync" with PPP encapsulation.
Conditions: The symptom is observed when the initial configuration is in Sync mode as shown:
interface Serial0/1/0 ip address x.x.x.x 255.0.0.0 encapsulation ppp end
Then the configuration is changed to Async mode:
Current configuration: 123 bytes ! interface Serial0/1/0 physical-layer async ip address x.x.x.x 255.0.0.0 encapsulation slip async mode dedicated end
Workaround: Toggling the encapsulation to PPP sometimes fixes the issue. This may have to be done multiple times until the interface comes up.
•
Symptoms: The router is not getting pruned after shutting the interface. The pruned flag is not getting set even after waiting for long time.
Conditions: Happens with a Cisco 7200 router running Cisco IOS Release 12.4(24)T.
Workaround: There is no workaround.
•
Symptoms: Upon entering the configuration command no network 0.0.0.0 0.0.0.0 under the eigrp router configuration mode, all the EIGRP routes that were redistributed get withdrawn.
Conditions: The symptom is observed when using explicit network prefixes as well as network 0.0.0.0/32 which includes unspecified, directly connected networks to enable EIGRP on various interfaces of a router. These EIGRP routes are also redistributed into BGP. In such a case, on entering the configuration command no network 0.0.0.0 0.0.0.0 under the eigrp router configuration mode, all the EIGRP routes that were redistributed get withdrawn. For example:
router eigrp 1 network 10.0.0.0 network 0.0.0.0 Rt130#sh ip eigrp topo EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.1.1)Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia StatusP 10.1.1.1/32, 1 successors, FD is 128256 via Connected, Loopback1 P 10.1.1.0/24, 1 successors, FD is 281600 via Connected, Ethernet1/0 P 10.147.204.64/26, 1 successors, FD is 281600 via Connected, Ethernet0/2 P 10.147.204.0/26, 1 successors, FD is 281600 via Connected, Ethernet0/0In the above configuration, network 10.0.0.0/24 is explicitly included under EIGRP by the network 10.0.0.0 configuration. The other networks (13, 20 etc) are included by the network 0.0.0.0 configuration. If EIGRP routes are redistributed into BGP, the three networks 10, 13 and 20 can be seen by BGP. On doing a no network 0.0.0.0 0.0.0.0, we would expect the redistribution of networks 13 and 20 to stop while network 10 continues to get redistributed. However, all the networks 10, 13 as well as 20 do not get redistributed into BGP.
Workaround: Clear the IP route and reload to allow the networks to get in the BGP table.
•
Symptoms: A VTY session may get stuck after some extended pings are done and the CPU process may go high.
Conditions: The symptom is observed when an extended ping with CLNS is done and the command is left incomplete until the VTY session times out.
Workaround: Issue can be prevented by not leaving the extended ping clns command incomplete for long time in the VTY session.
•
Symptoms: A Cisco 7500 series router configured with distributed or non-distributed CEF and WCCP, may redirect WCCP bypass packets back to the cache device resulting in a loop for this traffic.
Conditions: The symptom is observed with a Cisco 7500 series router with distributed or non-distributed CEF and WCCP.
Workaround: Disable CEF.
•
Symptoms: Clearing the SSH sessions from a VTY session may cause the router to crash.
Conditions: The symptom is observed when a Cisco 7300 series router is configured for SSH and then an SSH session is connected. If the SSH session is cleared every two seconds using a script, the symptom is observed.
Workaround: There is no workaround.
•
Symptoms: When "no aaa new-model" is configured, authentication happens through the local even when tacacs is configured. This happens for the exec users under VTY configuration.
Conditions: Configure "no aaa new-model", configure login local under line VTY 0 4 and configure login tacacs under line VTY 0 4.
Workaround: There is no workaround.
•
Symptoms: Router crashes.
Conditions: Occurs while configuring serial interface for insufficient MTU.
Workaround: There is no workaround.
•
Symptoms: A first fragmented packet is matched unexpectedly by PBR when the router fragment the packets to transfer over a GRE tunnel.
Conditions: The symptom is observed under the following conditions:
- The router needs fragmentation to transport packets over the GRE tunnel. - when using the match statement for input interface on route-map of PBR and the interface matches with the GRE tunnel which is used for the output packet.
The router needs the fragmentation to transfer over the GRE tunnel.
Workaround: Disable fast-switching and configure "no ip route-cache" on the GRE tunnel.
Alternate workaround: Use "match ip address" instead of "match interface" on policy-map AND deny GRE packets on the ACL of the "match ip address" clause.
•
Symptoms: An 0.0.0.0 binding with a 0 minute lease gets created and subsequently removed on the DHCP unnumbered relay.
Conditions: The DHCP client sends a DHCPINFORM with ciaddr set to its address, but giaddr is empty. The relay fills in giaddr with its IP address and the server replies to giaddr. Since the DHCPACK is in response to DHCPINFOM, the lease-time option is absent. Relay receives the DHCPACK and tries to process it normally leading to the route addition.
Workaround: There is no workaround.
Further Problem Description: This behavior can indirectly have a negative impact on the system by triggering other applications to be called because the routing table change is triggered by such DHCP requests. Examining "debug ip routing" for 0.0.0.0/32 reveals 0.0.0.0/32 route flapping.
•
Symptoms: Clearing of NAT translation either manually or automatically through timeout results in crash.
Conditions: Occurs when a dynamic translation mapping is removed while traffic is running.
Workaround: Stop traffic before removing dynamic NAT translation.
•
Symptoms: A router may write a crashinfo that lacks the normal command logs, crash traceback, crash context, or memory dumps.
Conditions: This might be seen in a memory corruption crash depending on precisely how the memory was corrupted.
Workaround: There is no workaround.
•
Symptoms: A router may crash and the following traceback may be seen:
Traceback= 0x6141BE68 0x6141CF74 0x6141E3F0 0x619D2A04 0x619D3150 0x619F8950 0x633C68D8 0x633C68BCConditions: The symptoms are observed on a Cisco 3825/3725 with WIC/HWIC ADSL/SHDSL cards and when the atm video aesa default command is executed on the ATM interface. It is seen with the c3825-adventerprisek9-mz.124-21.14.T1 and c3825-adventerprisek9-mz.124-23.7.T images.
Workaround: There is no workaround.
•
Symptoms: Traceback may be seen in relay.
Conditions: The symptom is observed in an unnumbered scenario when the client releases the address.
Workaround: There is no workaround.
•
Symptoms: The System Activity (SYS ACT) LED may keep blinking even though there are no configurations or traffic.
Conditions: The symptom is observed on a Cisco 2800 series router with an NM-16A/S, which is connected to another device through a CAB-SS-X21MT. The problem is only seen on a couple random ports on a few random modules.
Workaround: Use RS-232 cables instead of X.21 cables.
•
Symptoms: If HTSP is NULL, using it to reference other data members will cause a traceback or may cause the router to crash.
Conditions: The symptom occurs when the condition enters into an offhook state and HTSP is NULL. It is very rare for HTSP to be NULL and is only detected by SA.
Workaround: There is no workaround.
•
Symptom:
High CPU utilization after receives a ARP packet with protocol type as 0x1000.
Conditions: This problem occurs on SUP32 running 12.2(33)SXI. This problem may also occur on SUP720. The problem is only seen when you have bridge-group CLI being used which lead to arp pkts with protocol types as 0x1000 being bridged. The problem does not apply for IP ARP packets.
Workaround: Filter the ARP packet. The device Config should have bridge-group creation first; followed by interface specific bridge-group options.
Additional-Info.
This problem is now isolated to command ordering in the startup-config file. bridge <> command is saved before bridge-group <> command (which is run in the interface-config mode) is saved. The linking of IDB to bridge structure is not happening correctly and some check fails in the bridge code that lets the packet to be processed again and again instead of being dropped.
If bridge-group <> command is removed in the startup-config and only applied after bridge <> command is run, problem will go away. Please use this workaround until a fix is put in.
•
Symptoms: A router crashes when users try to access the "vc-class" at same time.
Conditions: The symptom is observed if an attempt is made to configure and remove the same vc-class using the different VTY or console terminals. The crash may be seen if one terminal has removed the class but it remains in another one. Under standard recommended IOS configuration procedure this issue will not be seen.
Workaround: There is no workaround.
•
Symptoms: A Cisco Communication Media Module (CMM) may leak memory in the chunk manager.
Conditions: The symptom appears to be triggered by calls that disconnect prematurely.
Workaround: There is no workaround.
Further Problem Description: Though this problem is seen and reported on CMM, it may occur on any IOS gateway supporting voice (28xx, 38xx, 5xxx).
•
Symptoms: A router may crash due to a bus error after displaying the following error messages:
%DATACORRUPTION-1-DATAINCONSISTENCY: copy error, %ALIGN-1-FATAL: Illegal access to a low address < isdn function decoded>Conditions: The symptom is observed on a Cisco 3825 router that is running Cisco IOS Release 12.4(22)T with ISDN connections.
Workaround: There is no workaround.
Further Problem Description: When copying the ISDN incoming call number for an incoming call from Layer2, the length of the call number was somehow exceeding the maximum allocated buffer size (80). PBX has pumped a Layer2 information frame with call number exceeding the maximum number length limit. It leads to memory corruption and a crash.
•
Symptoms: A router may reload or crash at resource_owner_set_user_context while adding and removing MTU in the ATM main interface and subinterface.
Conditions: The symptom is observed when the command no mtu on the ATM subinterface modifies the minimum MTU size to zero.
Workaround: Set the MTU size of the subinterface to a default value or the value of the main interface's MTU instead of using no mtu.
Further Problem Description: The command no mtu on the ATM subinterface will modify the MTU size to zero. It should inherit the default value or value from the main interface if the main interface has an MTU value set. This issue does not affect any functionality of MTU.
•
Symptoms: The standby router may crash.
Conditions: The symptom is observed when two IMA interfaces are configured on a Cisco 7500 series router along with HA RPR+ mode. When you try to unconfigure the ima-group from the first member of IMA interfaces, the crash will occur.
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes.
Conditions: This symptom is observed if the frame-relay be 1 command is issued under "map-class frame-relay <name>" configuration.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly.
Conditions: The symptom is observed when configuring "auto qos/discovery" on the ATM SVC.
Workaround: There is no workaround.
•
Symptoms: A fax relay call may fail.
Conditions: The symptom is observed with an MGCP Gateway Controlled T38 fax-relay call. MGCP is configured for CA control T38. The output of the command show call active voice brief will give the remote address to be 0.0.0.0. When this happens, all fax packets on the ingress gateway are dropped.
Workaround: Use Cisco IOS Release 12.4(15)T7.
•
Symptoms: Too many IPC error messages are seen.
Conditions: The symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.4 with dLFIoLL configuration. The standby router cannot be accessed when the router is HA setup.
Workaround: There is no workaround.
•
Symptoms: A router may crash.
Conditions: The symptoms are observed when trying to configure the command translate lat <word> ppp <ip> max-users 4294967295 and check it in the running configuration.
Workaround: There is no workaround.
•
Symptoms: Service policy disappears after removing and attaching to other class-maps under the same policy-map.
Conditions: The symptom is observed with a router that is running Cisco IOS Release 12.4(23.10)T.
Workaround: There is no workaround.
•
Symptoms: Traceback may be observed on a Cisco 3845 MGCP gateway.
Conditions: The symptom is observed with a Cisco 3845 MGCP gateway during an SNMP walk.
Workaround: There is no workaround.
Further Problem Description: In order to set isdnBearerOperStatus during an SNMP walk, false-busy out condition of B channel is checked. In order to check the false-busy status for all interfaces, DSL information is extracted from the idb list. The idb list for the particular DSL can be NULL with a bulk SNMP query, and it is not checked for NULL before accessing. In this scenario, isdnBearerOperStatus should have only default value which is D_isdnBearerOperStatus_idle.
•
Symptoms: A Cisco 3845 router that is running Cisco IOS Release 12.4(13) may bounce the frames (which are not destined for itself) on the same interface that receives them.
Conditions: The symptom is observed if there is bridging configured on an ethernet subinterface in the following way:
ip cef!bridge irb!interface GigabitEthernet0/1no ip addressno sh!!interface GigabitEthernet0/1.100encapsulation dot1Q 100ip address x.x.x.x x.x.x.xno ip redirectsno ip unreachablesno ip proxy-arpip rip advertise 10!interface GigabitEthernet0/1.509encapsulation dot1Q 101bridge-group 1Workaround: If the command bridge-group 1 is removed from the sub-interface, it will behave as expected.
•
Symptoms: The atmPreviouslyFailedPVclTimeStamp returns a non-zero value when the VC is brought DOWN for the first time.
Conditions: This issue is seen on router that is running Cisco IOS Release 12.4(24)T.
Workaround: There is no workaround.
•
Symptoms: A router may loses all its free memory and crash.
Conditions: The symptom is observed when the voice mail system sends a notification to the gateway regarding the availability of any voice messages. The memory leaks occurs in CDAPI_RawS.
Workaround: Use the command signalling forward none under the global configuration "voice service voip".
•
Symptoms: Packet drops and/or delays are observed when sending traffic over a multilink bundle interface.
Conditions: This symptom may occur during periods of bursty traffic.
Workaround: Increase the amount of data that a multilink will queue to a member link at any given time using the interface configuration command ppp multilink queue depth qos (default = 2). This command may be configured on the serial interfaces or, if the interface is a multilink group member, it may be configured on the multilink interface. For example:
interface Multilink1 ppp multilink queue depth qos 3
•
Symptoms: Dynamic NAT entries are not timing out properly
Conditions: Occurs even after timer expired.
Workaround: There is no workaround.
•
Symptoms: The following messages may be seen when bringing up a WIC-1DSU-T1-V2:
%SERVICE_MODULE-4-WICNOTREADY: (with traceback) and/orWARNING - timeslots command not accepted by service-module % Service module configuration command failed: LOCK OBTAIN TIMEOUT.Conditions: The symptom is observed with a Cisco 3825 and a 3845 router where WIC-1DSU-T1-V2 or HWIC-1DSU-T1 is present in one or more WIC/HWIC slots and one WIC-1DSU-T1-V2 is in any of the NM slots. In this setup, the problem will be seen on the highest number WIC/HWIC slot where WIC-1DSU-T1-V2 or HWIC-1DSU-T1 is present.
Workaround: Use WIC-1DSU-T1-V2 in either WIC slots or NM slots (not in both).
Alternate workaround: Use Cisco IOS Release prior to 12.4(15)T7.
•
Symptoms: A crash may occur upon disabling ccm-manager fallback.
Conditions: The symptom is observed when disabling and enabling MGCP application and ccm-manager fallback in quick succession.
Workaround: There is no workaround.
•
Symptoms: A router crash may be seen at ip_mcast_address_lookup when issuing the show ip igmp ssm-mapping multicast group on an SSM-mapping enabled router which makes use of DNS lookup for source list.
Conditions: The symptom is observed on a Cisco 7200 series router that is running Cisco IOS release 12.4(23.10)T.
Workaround: There is no workaround.
•
Symptoms: A router may crash with a segmentation violation (SegV) exception in MPLS code.
Conditions: The symptom is observed when "ip route-cache flow" is configured on an MPLS interface.
Workaround: There is no workaround.
•
Symptom: A Cisco 5850 may crash.
Conditions: The symptom is observed on a Cisco 5850 that is running Cisco IOS Release 12.4(23).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router may lose connectivity to the SDH link.
Conditions: The symptom is observed under the following conditions:
1. The Cisco 12416 router receives a PAIS Alarm from the Optical Network. 2. The interfaces go down and up and the ALARM is cleared from the Cisco 12416 router side. 3. The Cisco 7200 series router loses connectivity. 4. The Cisco 12416 router interface POS is still UP, but the ping fails. 5. After interface is shutdown and re-enabled, it is in serial UP but protocol DOWN from the Cisco 12416 router side. 6. The link is recovered when the fiber is disconnected and reconnected from the Cisco 7200 series router side.
Workaround: Disconnect and re-connect the fibers from the Cisco 7200 series router side.
•
Symptoms: PVCs are not in the desired state when the interface is down and, when verifying, the translation entry is deleted.
Conditions: The symptom is observed on a Cisco router when the show x25 vc 1 command is used. No output is given.
Workaround: There is no workaround.
•
Symptoms: Upon unconfiguring "channel-group" in one controller, the ping fails in another controller.
Conditions: The symptom is observed when a controller is configured and then unconfigured with "channel-group".
Workaround: Configure "channel-group" again.
•
Symptoms: No flows are seen in the protocol-port aggregation cache. Essentially, the feature is not working.
Conditions: The symptom is observed with a Cisco 7200 series router that is running Cisco IOS Release 12.4(24) onwards.
Workaround: There is no workaround.
•
Symptoms: FTP copy fails, giving the error message "Incorrect Login/Password".
Conditions: The symptom is observed when copying a file using FTP and using the username and password in the command itself.
Workaround: Set FTP username/password in router using the ip ftp command.
•
Symptoms: A router configured with BGP may generate IPRT-3-NDB_STATE_ERROR log messages. An additional symptom when bgp suppress-inactive is configured is that the router CPU usage may get close to 100%.
Conditions: When both BGP and an IGP are advertising the same prefix, the error condition may occur. When in addition bgp suppress-inactive is configured high CPU usage by BGP may be seen.
Workaround: Removing the bgp suppress-inactive configuration should eliminate the high CPU problem. Removing either the BGP or IGP conflicting routes from the system should clear both symptoms.
•
Symptoms: PKI daemon is stuck in DNS resolution attempt for the hostname used in the CDP.
Conditions: The symptom is observed when using name resolution for automatic actions taken by the router during non-interactive sessions (CRL download using name in CDP URI). This issue has been seen to occur only on a Cisco Catalyst 6500 running Cisco IOS SXH software.
Workaround: There is no workaround.
•
Symptoms: Executing the commands show ip bgp version recent 1 or show ip bgp version 1 from EXEC mode may cause the device to crash.
Conditions: The symptom is observed in affected images that have support for BGP.
Workaround: Use AAA command authorization to prevent the use of these commands.
Further Problem Description: A note regarding BGP Looking Glasses for IPv4/IPv6, Traceroute & BGP Route Servers:
Per http://www.bgp4.as/looking-glasses, BGP Looking Glass servers are computers on the Internet running one of a variety of publicly available Looking Glass software implementations. A Looking Glass server (or LG server) is accessed remotely for the purpose of viewing routing info. Essentially, the server acts as a limited, read-only portal to routers of whatever organization is running the lg server. Typically, publicly accessible looking glass servers are run by ISPs or NOCs.
Public Looking Glass servers running an affected version of Cisco IOS are specially susceptible to this bug because they provide unauthenticated public access to Cisco IOS devices. Because of this, operators of BGP Looking Glass servers are encouraged to use AAA to prevent execution of the commands mentioned above that are known to crash Cisco IOS.
•
Symptoms: Modem pass-through calls failing while handshaking
Conditions: Problem appeared after upgrade from Cisco IOS Release 12.3(26) Cisco IOS Release to 12.4(23)
Workaround: There is no workaround.
•
Symptoms: A router may crash after receiving DNS TCP queries.
Conditions: The symptom is observed on a router with "ip dns server" configured.
Workaround: There is no workaround.
•
Symptoms: EIGRP commands may disappear from the interface configuration.
Conditions: The symptom is observed on Cisco routers that are running Cisco IOS Release 12.4T and following an interface flap.
Workaround: There is no workaround.
•
Symptoms: Cisco 2821 got bus error crash even though there was no configuration change or hardware change.
Conditions: Happens while running an internal image with potential fix for CSCsv20948 and CSCsw44230.
Workaround: There is no workaround.
•
Symptoms: The standby reloads on a Cisco 7500 series router.
Conditions: The symptom is observed when IMA PA is configured on a Cisco 7500 series router and where RPR+ is configured. It is seen when an OIR is done on the VIP where IMA PA is sitting.
Workaround: There is no workaround.
•
Symptoms: Catalyst 6000 running modular Cisco IOS 12.2(33)SXH4 may crash with NAT configuration.
Conditions: Occurs when running modular IOS with NAT deployment. Crash only happening in production, and NAT translation is required for crash to occur.
Workaround: Run non-modular Cisco IOS Release 12.2(33)SXH4.
•
Symptoms: A specific configuration of "ip casa" followed by a subsequent use of the command show running-config can cause the router to go into an infinite loop and hang.
Conditions: The symptom is observed when "ip casa" is configured and you enter into config-casa mode. The command show running-config will cause the router to hang.
Workaround: There is no workaround.
Further Problem Description: This issue is specific to the usage of ip casa. If you do not use casa, you are not vulnerable to the issue described here.
•
Symptoms: Spurious memory access and alignment error observed when removing policy-map from interface under certain configuration sequence.
Conditions: The problem is seen on Cisco routers running Cisco IOS Release 12.4(18e).
Workaround: There is no workaround.
•
Symptoms: Calls fail intermittently with cause "47: no resource available" error.
Conditions: Occurs when router is under load test.
Workaround: There is no workaround.
•
Symptoms: Router crashes at SCCP SPI functions when handling events from STCAPP.
Conditions: This is a corner case that occurs rarely. Only if STCAPP unregisters its SCCP device (forced by a DSP problem, in this case) while the corresponding voice-port is still active (having some internal event in the SCCP SPI queue to be processed after the unregistration), the crash can occur.
Workaround: There is no workaround.
•
Symptoms: Cisco 837 experiences failure of LAN ports after power cycle. If the LAN port is set to 100/Full, the connection to the other device cannot be reestablished.
Conditions: Occurs on a router running either Cisco IOS Release 12.3 or 12.4.
Workaround: Set the LAN port to duplex and speed Auto/Auto.
•
Symptoms: Cisco AS5850 running an internal image based on Cisco IOS Release 12.4(23) may crash unexpectedly.
Conditions: Occurs during normal operation.
Workaround: There is no workaround.
•
Symptoms: Multiple issues are seen on multicast NAT. NAT is adding the number of dynamic entry statistics for every new multicast packet, even though there is already an existing NAT flow entry. This causes the number of dynamic entries to be inconsistent with the output from show ip nat trans. Also, dynamic NAT entries cannot be deleted with clear ip nat trans *. Finally, every fragmented multicast packet creates a separate NAT entry.
Conditions: Occurs when ip pim sparse-dense-mode is configured on the interfaces with NAT overload.
Workaround: There is no workaround.
•
Symptoms: A voice gateway placing ISDN calls will exhibit a memory leak. The effects of this memory leak can be seen with the show process memory command. It shows that the amount of memory the ISDN process is holding continues to increase without being released.
Conditions: The symptom is observed on a voice gateway that is processing ISDN calls on a PRI interface. Switchtype is set to be primary-QSIG and the calls that leak memory are QSIG-GF (connection-oriented calls) and not regular voice calls. Such calls are typically used when implementing supplementary services such as MWI.
Workaround: There is no workaround.
•
Symptoms: ISKMP debug messages from all peers are shown in the terminal monitor enable tty/vty's even though debug crypto condition peer ipv4 x.x.x.x is set.
Conditions: Use peer IP-based debug condition.
Workaround: There is no workaround.
•
Symptoms: Router may experience problem while erasing flash when running Cisco IOS Release 12.4(24.6a).
Conditions: It occurs when changing from high-end to low-end file system, or from low-end to high-end file system.
Workaround: There is no workaround.
•
Symptoms: Router crashes when configuring wlccp authentication-server client after the client has been removed by another user.
Conditions: Occurs after configuring a wlccp authentication-server client and before reconfigure another user in another console removes the same.
Workaround: There is no workaround.
•
Symptoms: L2TP Tunnel will not come up.
Conditions: Occurs during normal operation.
Workaround: There is no workaround.
•
Symptoms: Cisco 3845 reloads at cm_destroy_connection while changing mode ATM AIM 0 to CAS.
Conditions: Occurs while switching a Cisco 3845 with an existing connection.
Workaround: There is no workaround.
•
Symptoms: Cisco 2811 experiences invalid checksum over SCP on SSH version 2.
Conditions: Occurs on a Cisco 2811 with flash type file system.
Workaround: There is no workaround.
•
Symptoms: "ifDescr" not populated for WS-SVC-CMM.
Conditions: Occurs when performing SNMP walk.
Workaround: There is no workaround.
•
Symptoms: In MVPN set up, the show ip pim rp mapping command and show ip rpf command take a long time to display. the output, and multicast ping not going fine
Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(24.6a).
Workaround: There is no workaround.
•
Symptoms: Use of the summary-prefix<prefix> not-advertise does not suppress the prefix.
Conditions: Occurs on routers running Cisco IOS Release 12.4(24.1) and beyond.
Workaround: Enter the clear ipv6 ospf process command.
•
Symptoms: Using secure copy (SCP) between Cisco routers may cause compatibility issues.
Conditions: Occurs when using SCP SSH version 2 between a Cisco 1800 and Cisco 2800.
Workaround: There is no workaround.
•
Symptoms: Router crash and traceback seen @PKI_BindSessionTrustPoint while the traffic flow is initiated between test routers after applying the crypto map.
Conditions: Apply the crypto map on the routers and try to ping. At this point the router crashes.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience a spurious access, a crash, or a hang when doing a no match class-map under a class map configuration. The spurious access is the most likely one to be seen.
Conditions: This can occur when the match class-map statement does not exist under the class map.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload due to a bus error. The error indicates trying to read address 0x0b0d0b**, where ** is around 29.
Conditions: This has been experienced on a Cisco 2800 series router running Cisco IOS Release 12.4(24)T. The router must be configured with NAT, and SIP traffic is passed through the NAT router.
Workaround: Enter the following commands:
* no ip nat service sip tcp port 5060
* no ip nat service sip udp port 5060
Or
* ip nat translation timeout never
•
Symptoms: The clear ip nat tr * command removes corresponding static NAT entries from the running configuration, but removing static NAT running configuration does not remove the corresponding NAT cache.
Conditions: Occurs when NAT commands are entered while router is processing around 1 Mb/s NAT traffic.
Workaround: Stop the network traffic while configuring NAT.
•
Symptoms:
Case 1: All NAT multicast data packets are processed by software.
Case 2. Spurious memory access occurs.
Conditions:
Case 1. NAT with static port entry, or dynamic overload configuration.
Case 2. Configure ip nat dynamic nat rule with an undefined NAT pool.
Workaround:
Case 1: Configure NAT as static entry without port, or dynamic non-overload.
Case 2: Configure with defined pool.
•
Symptoms: Router reloads at "atm_update_bundle_counters".
Conditions: Occurs during normal operation.
Workaround: There is no workaround.
•
Symptoms: Voice/SIP (ef) packets are not marking in the ingress/egress when NAT is enabled on the interface.
Conditions: Occurs when NAT is enabled.
Workaround: Remove NAT from the configuration.
Resolved Caveats—Cisco IOS Release 12.4(23b)
Cisco IOS Release 12.4(23b) is a rebuild release for Cisco IOS Release 12.4(23). The caveats in this section are resolved in Cisco IOS Release 12.4(23b) but may be open in previous Cisco IOS releases.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when the show ip bgp neighbors x.x.x.x paths ^([^7][^0][^1][^8]|.|..|...|.....)+_7018_ command is issued.
Workaround: There is no workaround.
•
Symptoms: The following messages may be seen when bringing up a WIC-1DSU-T1-V2:
%SERVICE_MODULE-4-WICNOTREADY: (with traceback)and/or
WARNING - timeslots command not accepted by service-module % Service module configuration command failed: LOCK OBTAIN TIMEOUT.Conditions: This symptom is observed with a Cisco 3825 and Cisco 3845 router where a WIC-1DSU-T1-V2 or a HWIC-1DSU-T1 is present in one or more WIC/HWIC slots and one WIC-1DSU-T1-V2 is in any of the NM slots. In this setup, the problem will be seen on the highest number WIC/HWIC slot where the WIC-1DSU-T1-V2 or HWIC-1DSU-T1 is present.
Workaround: Use the WIC-1DSU-T1-V2 in either WIC slots or NM slots (but not in both).
Alternate Workaround: Downgrade to an earlier release that does not have the support for HWIC-1DSU-T1.
•
Symptoms: Router reloads with a bus error and no tracebacks.
Conditions: Unknown at this time.
Workaround: There is no workaround.
•
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated attacker to cause a denial of service (DoS) condition on an affected device when the Cisco Unified Border Element feature is enabled. Cisco has released free software updates that address this vulnerability. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml.
•
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.
•
Symptoms: TTY sessions not accessible after reverse SSH session to the same TTY port results in failed authentication.
Conditions: Occurred on a router running Cisco IOS Release 12.4(24)T and configured with TTY lines accessed using reverse SSH version 2. Issue also affects SSH version 1 and affects VTY lines.
Workaround: Reload the router.
•
The H.323 implementation in Cisco IOS Software contains a vulnerability that can be exploited remotely to cause a device that is running Cisco IOS Software to reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate the vulnerability apart from disabling H.323 if the device that is running Cisco IOS Software does not need to run H.323 for VoIP services. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-h323.shtml.
•
Symptoms: Doing reverse SSH to a TTY line, which is busy, causes the terminal server to crash.
Conditions: This issue is encountered in a Cisco 3845 router that is running Cisco IOS Release 12.4(23).
Workaround: There is no workaround.
•
Symptoms: The clear interface atm5/ima command makes the ATM PVC inactive.
Conditions: This symptom occurs on a Cisco 7200 router that is running Cisco IOS interim Release 12.4(24.6)T8.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash occurs after a show user command is performed.
Conditions: The crash occurs after the user performs a show user command and then presses the key for next page. It is observed on a Cisco 3845 that is running Cisco IOS Release 12.4(21a).
Workaround: Do not perform a show user command.
•
Symptoms: A Cisco 5850 crashed 2 minutes after card in slot 5 crashed.
Conditions: This symptom was observed on a Cisco 5850 with Cisco IOS Release 12.4(25).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(23a)
Cisco IOS Release 12.4(23a) is a rebuild release for Cisco IOS Release 12.4(23). The caveats in this section are resolved in Cisco IOS Release 12.4(23a) but may be open in previous Cisco IOS releases.
•
Symptoms: An Address Error exception occurs after Uninitialized timer in TPLUS process.
Conditions: This is a platform independent (AAA) issue. It may be seen with a large number of sessions while accounting is configured with a T+ server.
Workaround: Disable accounting, or use RADIUS accounting instead of a T+ server.
•
Symptoms: Devices running Cisco IOS may reload with the error message "System returned to ROM by abort at PC 0x0" when processing SSHv2 sessions. A switch crashes. We have a script running that will continuously ssh-v2 into the 3560 then close the session normally. If the vty line that is being used by SSHv2 sessions to the device is cleared while the SSH session is being processed, the next time an ssh into the device is done, the device will crash.
Conditions: This problem is platform independent, but it has been seen on Cisco Catalyst 3560, Cisco Catalyst 3750 and Cisco Catalyst 4948 series switches. The issue is specific to SSH version 2, and its seen only when the box is under brute force attack. This crash is not seen under normal conditions.
Workaround: There are mitigations to this vulnerability: For Cisco IOS, the SSH server can be disabled by applying the command crypto key zeroize rsa while in configuration mode. The SSH server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only way to completely disable the SSH server.
Access to the SSH server on Cisco IOS may also be disabled via removing SSH as a valid transport protocol. This can be done by reapplying the transport input command with "ssh" removed from the list of permitted transports on VTY lines while in configuration mode. For example: line vty 0 4 transport input telnet end
If SSH server functionality is desired, access to the server can be restricted to specific source IP addresses or blocked entirely using Access Control Lists (ACLs) on the VTY lines as shown in the following URL:
More information on configuring ACLs can be found on the Cisco public website: http://www.cisco.com/warp/public/707/confaccesslists.html
•
Symptoms: Cisco 2600XM router runs out of memory while trying to boot large images.
Conditions: This defect produces crashes under two scenarios:
1.) During loading of large images, such as a c2600-adventerprisek9-mz.
2.) During reload where router goes into ROMMon.
Workaround: There is no workaround.
•
Symptoms: A BGP neighbor may send a notification reporting that it received an invalid BGP message with a length of 4097 or 4098 bytes.
Conditions: The problem can be seen for pure IPv4 BGP sessions (no MP-BGP in use) when the router that is running the affected software generates a large number of withdraws in a short time period and fills an entire BGP update message (up to 4096 bytes normally) completely with withdraws. Because of a counting error, the router that is running the affected software can generate an update message that is 1 or 2 bytes too large when formatting withdraws close to the 4096 size boundary.
Workaround: The issue is not seen when multiple address families are being exchanged between BGP neighbors.
•
Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at the following link /en/US/products/products_security_advisory09186a0080a9042f.shtml
•
Symptoms: A Catalyst 6500 or a Cisco 7600 may reload unexpectedly. Additionally, this single defect can affect T train platforms on limited releases as detailed below.
Conditions: Occurs when NetFlow is configured on one of the following:
–
–
Workaround: Disable NetFlow. This is done with the following commands:
–
–
–
Enter the appropriate command for each subinterface for which NetFlow is currently configured.
Other Notes: 12.4(23) is affected by this ddts. The fix is in releases thereafter for 12.4.
The 12.2SRC and 12.2SXH code trains are affected. The specific versions affected are
–
–
–
–
–
–
The issue is fixed in the two affected code trains from the 12.2SXH3 and 12.2SRC2 releases onwards. However, for the SXH train, Cisco would recommend the use of SXH4 due to ddts CSCso71955
The following release trains do not have this issue; 12.2(18)SXF, 12.2(33)SRA, 12.2(33)SRB, 12.2(33)SXI and all other release trains after those affected.
•
Symptoms: MSFC crashes with Red Zone memory corruption.
Conditions: This problem is seen when processing an Auto-RP packet and NAT is enabled.
Workaround: There is no workaround.
•
Symptoms: 1. If dampening is enabled on a router, and identical updates of a IPv4 prefix carrying label information are received, these updates are not treated as identical and dampening penalty is set for the route. 2. If dampening is enabled on a router, and identical updates of a IPv4 multicast prefix are received, these updates are not treated as identical and dampening penalty is set for the route.
Conditions: The symptom is observed when dampening is enabled and: 1. Identical updates of a IPv4 prefix are received. The updates should be carrying MPLS Label information; or 2. Identical updates of a IPv4-multicast prefix are received.
Workaround: There is no workaround.
•
Symptoms: EIGRP may lose some routes from stub neighbors in a DMVPN setup.
Conditions: If EIGRP graceful restart happens on an interface and the interface update queue is busy, then it may lose some routes from the stub neighbors on that interface.
For example, issuing the below commands can trigger this issue:
clear ip eigrp vrf abc as-number neighbors interface Wait 30 seconds clear ip eigrp vrf abc as-number neighbors interface soft
Workaround: Use the clear ip eigrp vrf abc neighbors command to fix the problem.
Another workaround is that graceful restart can be turned off by the no eigrp graceful-restart command under the router or the address-family command. This will cause the symptom to go away but will revert back to hard resetting peers on configuration changes or the clear ip eigrp neighbor soft command.
•
Symptoms: A switchover takes more time on a Cisco 7500 router.
Conditions: This symptom is observed when RPR+ is configured on the Cisco 7500.
Workaround: There is no workaround.
•
Symptoms: An ISAKMP SA is not deleted as expected after removing the RSA key.
Conditions: The issue is seen when the user tries to clear the ISAKMP SAs by issuing the clear crypto session command on an IKE SA that has multiple IPSEC SAs.
Workaround: Use the clear crypto sa and clear crypto is commands.
•
Symptoms: A Cisco router that is running a PfR Master Controller crashes under stress.
Conditions: This symptom is observed when traffic with more than 2000 prefixes with about 500 unreachable prefixes is flowing through the router.
Workaround: Minimize the number of prefixes learned during an interval. The default of 100 should be sufficient.
oer master learn prefixes 100
•
Symptoms: cdpCacheAddress(OID:1.3.6.1.4.1.9.9.23.1.2.1.1.4) MIB is not showing GLOBAL_UNICAST address.
Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(15)T7.
Workaround: There is no workaround.
•
Symptoms: An ISR router may crash with the following error message: %ALIGN-1-FATAL: Corrupted program counter
Conditions: The symptoms are observed on a Cisco 2811 and 2801 router. The trigger has not yet been identified.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1800 series router may stop passing traffic on FastEthernet interface 0/1 when FastEthernet interface 0/0 is administratively shut down using the interface configuration command shutdown. When FastEthernet 0/0 is shutdown, the following message is displayed:
%GT96K_FE-5-LATECOLL: Late Collision on int FastEthernet0/0Conditions: The symptoms are observed with FastEthernet 0/0 on a Cisco 1841 router and when the device at the far end of interface FastEthernet 0/0 is configured manually to speed 10 or 100.
Workaround: Configure the far-end device to auto-negotiate the speed with the 1800 router.
Further Problem Description: This problem does not occur when pulling out cable and re-inserting in FastEthernet 0/0. It also does not occur when FastEthernet 0/1 is reversed to FastEthernet 0/0.
•
Symptoms: IGMP v3 reports are discarded.
Conditions: Occurs on Cisco 7200 router running Cisco IOS Release 12.4(20)T2.
Workaround: There is no workaround.
•
Symptoms: Renaming a directory gives error message.
Conditions: This happens on a Cisco router running Cisco IOS Release 12.4(20)T1.fc2 image
Workaround: There is no workaround.
•
Symptoms: TCL scripts and policies attempting to work with open files and sockets simultaneously may not operate properly. One symptom is the vwait command may fail by reporting "would wait forever".
Conditions: Occurs when a TCL script opens both a file and a client or server socket simultaneously.
Workaround: Open and close files and sockets separately. Avoid having them open simultaneously.
•
Symptoms: Spurious memory access traceback is seen.
Conditions: The symptom is observed when an MGCP Gateway tries to defer a Request Notification (RQNT) without the requested/signal event.
Workaround: There is no workaround.
•
Symptoms: Label Forwarding Information Base (LFIB) shows incorrect information for Global BGP prefix after route flap. LFIB/FIB shows prefix as having a tag when it should be not. Routing table is correct.
Conditions: Occurred on a Cisco 12000 router running Cisco IOS Release 12.0(33)S1.
Workaround: Enter the clear ip route command.
•
Symptoms: A Cisco 10000 series router may crash every several minutes.
Conditions: The symptom is observed with a Cisco 10000 series router that is running Cisco IOS Release 12.2(31)SB13.
Workaround: Use Cisco IOS Release 12.2(31)SB11.
•
Symptoms: When removing PA-MC-8TE1+ from the chassis, the router has an unexpected system reload. This reload happens when you remove the port adapter and the router is running the Cisco IOS bootloader image. Also happens when the port adapter is removed after the router finishes loading the Cisco IOS bootloader image and before it loads the complete Cisco IOS Software image.
Conditions: This occurs on a Cisco 7200 VXR NPE-G2 Series Routers on the Cisco IOS bootloader image from the Cisco IOS Release 12.4(4)XD.
Workaround: Remove PA-MC-8TE1+ when the complete Cisco IOS Software Image finishes loading.
•
Symptoms: The router's async line used for reverse SSHv2 might hang after a failed authentication and not recover unless the router is rebooted. The router log displays:
%SYS-3-HARIKARI: Process SSH Process top-level routine exitedConditions: The symptom is observed on a router that is running Cisco IOS Release 12.4 with async lines.
Workaround: Use the traditional way of using reverse SSH with the use of rotaries.
•
Symptoms: The ip rip advertise command might be lost from the interface.
Conditions: This symptom occurs in any of the following three cases:
1. The interface flaps. 2. The clear ip route command is issued. 3. The no network <prefix> command and then the network <prefix> command are issued for the network corresponding to the interface.
Workaround: Configure the timers basic command under the address-family under rip.
•
Symptoms: Cisco 7200 NPEG2 router crashes while displaying the interface output for onboard gigabit ethernet using the show interface gig0/x command.
Conditions: Occurs when a CBWFQ QoS policy is attached to the onboard gigabitethernet interface.
Workaround: There is no workaround.
•
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.
•
Symptoms: SXP is set up between two devices but fails to initialize.
Conditions: This symptom is observed when SXP is set up between two devices.
Workaround: There is no workaround.
•
Symptoms: A router that is running Cisco IOS Release 12.4 with QoS configured with a parent and child policy may experience a reset due to a software-forced crash displaying one of the following messages:
%SYS-2-FREEFREE: Attempted to free unassigned memory at XXXXXXXX, alloc XXXXXXXX, dealloc XXXXXXXXOR
%SYS-6-BLKINFO: Corrupted magic value in in-use block blk XXXXXXXX, words XX, alloc XXXXXXXX, Free, dealloc XXXXXXXX, rfcnt XConditions: The reset is triggered by a configuration change tied to QoS and has been seen while changing one of the following:
-An access-list referenced by the map-class. -The DSCP/Precedence values being set by the service-policy. -Removing the service-policy from the interface. -Altering the shaping parameters within the service-policy.
Workaround: Other than avoid making changes to the QoS outside of a maintenance window, there is no workaround.
•
Symptoms: The primary router may crash continually.
Conditions: The symptom is observed with two Cisco 3825 routers with the same software and hardware and with a situation where one is working as a primary router and the other as a secondary. The issue is seen only with voice traffic. It is observed when running Cisco IOS Release 12.4(20)T (with this release the primary router crashes very frequently) and also with Cisco IOS Release 12.4(20)T1.
Workaround: There is no workaround.
•
Symptoms: BGP router filters outbound routes to the peers when doing soft reset with specifying peer address using the clear ip bgp ip-addr soft out command. However, the routes to be filtered are not deleted from the routing table on the BGP peer router.
Conditions: The symptom happens when removing and then reapplying an outbound route-map. When issuing the clear ip bgp neighbor-address soft out command for each peer in an update-group after applying the outbound route-map filtering policy. The withdraw for filtered prefixes is sent to the first peer specified in soft reset, but the next peers in the same update-group do not withdraw the routes.
Workaround: Perform a hard BGP reset using the clear ip bgp ip-addr command.
•
Symptoms: When a dspfarm profile still has active calls, if the user manually shuts down the dspfarm profile, the router will crash.
Conditions: The user manually shuts down a dspfarm profile when it is still in use with active calls. This includes the case where a dspfarm profile is manually shut down after a DSP crash occurs to the dspfarm service but the endpoint phones have not yet finished hanging up.
Workaround: Do not shut down a dspfarm profile if it is still in use by active calls. Besides, if a DSP crash occurs, hang up all the phones using that dspfarm service and wait until the DSP sessions are released before manually shutting down the dspfarm profile.
•
The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS SCP client feature.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml.
•
Symptoms: When DDNS is disabled on the router which is configured as the DHCP server, it sends option 81 in the DHCP ACK message with the N flag bit set to 1. However, the DHCP client fails to understand this and will not undertake a PTR update.
Conditions: The issue is seen with a third-party vendor DNS server and a Cisco IOS DHCP server.
Workaround: There is no workaround.
Further Problem Description: The issue is not seen with the 12.3 code as it does not support DDNS and hence does not reply back with Option 81 in the DHCP ACK.
•
Symptoms: A Cisco 1721 reloads due to a bus error.
Conditions: The symptom is observed on a Cisco 1721 which is configured for AAA and is running Cisco IOS Release 12.4(16a), 12.4(16b) and 12.4(21). This is a platform independent issue and can possibly be seen on other platforms.
Workaround: There is no workaround.
•
Symptoms: A Cisco device that is running Cisco IOS Release 12.3(7)T or later Cisco IOS code may see an increase in CPU usage when upgrading from a previous image.
Conditions: NAT must be enabled for the contributing factor described here to be applicable. RTSP and MGCP NAT ALG support was added, which requires NBAR. However, there is no way to disable it if that feature code is not needed.
Workaround: There is no workaround.
•
Symptoms: Ping fails in HWIC-2T and WIC-2T when the physical mode is changed to "Async" from "Sync" with PPP encapsulation.
Conditions: The symptom is observed when the initial configuration is in Sync mode as shown:
interface Serial0/1/0ip address x.x.x.x 255.0.0.0encapsulation pppendThen the configuration is changed to Async mode:
Current configuration: 123 bytesinterface Serial0/1/0physical-layer asyncip address x.x.x.x 255.0.0.0encapsulation slipasync mode dedicatedendWorkaround: Toggling the encapsulation to PPP sometimes fixes the issue. This may have to be done multiple times until the interface comes up.
•
Symptoms: Upon entering the configuration command no network 0.0.0.0 0.0.0.0 under the eigrp router configuration mode, all the EIGRP routes that were redistributed get withdrawn.
Conditions: The symptom is observed when using explicit network prefixes as well as network 0.0.0.0/32 which includes unspecified, directly connected networks to enable EIGRP on various interfaces of a router. These EIGRP routes are also redistributed into BGP. In such a case, on entering the configuration command no network 0.0.0.0 0.0.0.0 under the eigrp router configuration mode, all the EIGRP routes that were redistributed get withdrawn. For example:
router eigrp 1
network 10.0.0.0
network 0.0.0.0
Rt130#sh ip eigrp topo
EIGRP-IPv4 Topology Table for AS(1)/ID(10.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status
P 10.1.1.1/32, 1 successors, FD is 128256
via Connected, Loopback1
P 10.1.1.0/24, 1 successors, FD is 281600
via Connected, Ethernet1/0
P 10.147.204.64/26, 1 successors, FD is 281600
via Connected, Ethernet0/2 P 10.147.204.0/26, 1 successors, FD is 281600
via Connected, Ethernet0/0
In the above configuration, network 10.0.0.0/24 is explicitly included under EIGRP by the network 10.0.0.0 configuration. The other networks (13, 20 etc) are included by the network 0.0.0.0 configuration. If EIGRP routes are redistributed into BGP, the three networks 10, 13 and 20 can be seen by BGP. On doing a no network 0.0.0.0 0.0.0.0, we would expect the redistribution of networks 13 and 20 to stop while network 10 continues to get redistributed. However, all the networks 10, 13 as well as 20 do not get redistributed into BGP.
Workaround: Clear the IP route and reload to allow the networks to get in the BGP table.
•
Symptoms: Clearing the SSH sessions from a VTY session may cause the router to crash.
Conditions: The symptom is observed when a Cisco 7300 series router is configured for SSH and then an SSH session is connected. If the SSH session is cleared every two seconds using a script, the symptom is observed.
Workaround: There is no workaround.
•
Symptoms: When "no aaa new-model" is configured, authentication happens through the local even when tacacs is configured. This happens for the exec users under vty configuration.
Conditions: Configure "no aaa new-model", configure login local under line vty 0 4 and configure login tacacs under line vty 0 4.
Workaround: There is no workaround.
•
Symptoms: Router crashes.
Conditions: Occurs while configuring serial interface for insufficient MTU.
Workaround: There is no workaround.
•
Symptoms: An 0.0.0.0 binding with a 0 minute lease gets created and subsequently removed on the DHCP unnumbered relay.
Conditions: The DHCP client sends a DHCPINFORM with ciaddr set to its address, but giaddr is empty. The relay fills in giaddr with its IP address and the server replies to giaddr. Since the DHCPACK is in response to DHCPINFOM, the lease-time option is absent. Relay receives the DHCPACK and tries to process it normally leading to the route addition.
Workaround: There is no workaround.
Further Problem Description: This behavior can indirectly have a negative impact on the system by triggering other applications to be called because the routing table change is triggered by such DHCP requests. Examining "debug ip routing" for 0.0.0.0/32 reveals 0.0.0.0/32 route flapping.
•
Symptoms: Clearing of NAT translation either manually or automatically through timeout results in crash.
Conditions: Occurs when a dynamic translation mapping is removed while traffic is running.
Workaround: Stop traffic before removing dynamic NAT translation.
•
Symptoms: Traceback may be seen in relay.
Conditions: The symptom is observed in an unnumbered scenario when the client releases the address.
Workaround: There is no workaround.
•
Symptom:
High CPU utilization after receives a ARP packet with protocol type as 0x1000.
Conditions: This problem occurs on SUP32 running 12.2(33)SXI. This problem may also occur on SUP720. The problem is only seen when you have bridge-group CLI being used which lead to arp pkts with protocol types as 0x1000 being bridged. The problem does not apply for IP ARP packets.
Workaround: Filter the ARP packet. The device Config should have bridge-group creation first; followed by interface specific bridge-group options.
Additional-Info.
This problem is now isolated to command ordering in the startup-config file. bridge <> command is saved before bridge-group <> command (which is run in the interface-config mode) is saved. The linking of IDB to bridge structure is not happening correctly and some check fails in the bridge code that lets the packet to be processed again and again instead of being dropped.
If bridge-group <> command is removed in the startup-config and only applied after bridge <> command is run, problem will go away. Please use this workaround until a fix is put in.
•
Symptoms: A Cisco Communication Media Module (CMM) may leak memory in the chunk manager.
Conditions: The symptom appears to be triggered by calls that disconnect prematurely.
Workaround: There is no workaround.
Further Problem Description: Though this problem is seen and reported on CMM, it may occur on any IOS gateway supporting voice (28xx, 38xx, 5xxx).
•
Symptoms: A router may crash due to a bus error after displaying the following error messages:
%DATACORRUPTION-1-DATAINCONSISTENCY: copy error, %ALIGN-1-FATAL: Illegal access to a low address < isdn function decoded>Conditions: The symptom is observed on a Cisco 3825 router that is running Cisco IOS Release 12.4(22)T with ISDN connections.
Workaround: There is no workaround.
Further Problem Description: When copying the ISDN incoming call number for an incoming call from Layer2, the length of the call number was somehow exceeding the maximum allocated buffer size (80). PBX has pumped a Layer2 information frame with call number exceeding the maximum number length limit. It leads to memory corruption and a crash.
•
Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features:
1. Crafted HTTPS packet will crash device - Cisco Bug ID CSCsk62253. 2. SSLVPN sessions cause a memory leak in the device - Cisco Bug ID CSCsw24700.
Cisco has released free software updates that address these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.
This advisory is posted at the following link: /en/US/products/products_security_advisory09186a0080a96c1f.shtml
•
Symptoms: A fax relay call may fail.
Conditions: The symptom is observed with an MGCP Gateway Controlled T38 fax-relay call. MGCP is configured for CA control T38. The output of the command show call active voice brief will give the remote address to be 0.0.0.0. When this happens, all fax packets on the ingress gateway are dropped.
Workaround: Use Cisco IOS Release 12.4(15)T7.
•
Symptoms: Packet drops and/or delays are observed when sending traffic over a multilink bundle interface.
Conditions: This symptom may occur during periods of bursty traffic.
Workaround: Increase the amount of data that a multilink will queue to a member link at any given time using the interface configuration command ppp multilink queue depth qos (default = 2). This command may be configured on the serial interfaces or, if the interface is a multilink group member, it may be configured on the multilink interface. For example:
interface Multilink1 ppp multilink queue depth qos 3
•
Symptoms: Dynamic NAT entries are not timing out properly
Conditions: Occurs even after timer expired.
Workaround: There is no workaround.
•
Symptoms: A router crash may be seen at ip_mcast_address_lookup when issuing the show ip igmp ssm-mapping multicast group on an SSM-mapping enabled router which makes use of DNS lookup for source list.
Conditions: The symptom is observed on a Cisco 7200 series router that is running Cisco IOS release 12.4(23.10)T.
Workaround: There is no workaround.
•
Symptom: A Cisco 5850 may crash.
Conditions: The symptom is observed on a Cisco 5850 that is running Cisco IOS Release 12.4(23).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router may lose connectivity to the SDH link.
Conditions: The symptom is observed under the following conditions:
1. The Cisco 12416 router receives a PAIS Alarm from the Optical Network. 2. The interfaces go down and up and the ALARM is cleared from the Cisco 12416 router side. 3. The Cisco 7200 series router loses connectivity. 4. The Cisco 12416 router interface POS is still UP, but the ping fails. 5. After interface is shutdown and re-enabled, it is in serial UP but protocol DOWN from the Cisco 12416 router side. 6. The link is recovered when the fiber is disconnected and reconnected from the Cisco 7200 series router side.
Workaround: Disconnect and re-connect the fibers from the Cisco 7200 series router side.
•
Symptoms: A router configured with BGP may generate IPRT-3-NDB_STATE_ERROR log messages. An additional symptom when bgp suppress-inactive is configured is that the router CPU usage may get close to 100%.
Conditions: When both BGP and an IGP are advertising the same prefix, the error condition may occur. When in addition bgp suppress-inactive is configured high CPU usage by BGP may be seen.
Workaround: Removing the bgp suppress-inactive configuration should eliminate the high CPU problem. Removing either the BGP or IGP conflicting routes from the system should clear both symptoms.
•
Symptoms: Executing the commands show ip bgp version recent 1 or show ip bgp version 1 from EXEC mode may cause the device to crash.
Conditions: The symptom is observed in affected images that have support for BGP.
Workaround: Use AAA command authorization to prevent the use of these commands.
Further Problem Description: A note regarding BGP Looking Glasses for IPv4/IPv6, Traceroute & BGP Route Servers:
Per http://www.bgp4.as/looking-glasses, BGP Looking Glass servers are computers on the Internet running one of a variety of publicly available Looking Glass software implementations. A Looking Glass server (or LG server) is accessed remotely for the purpose of viewing routing info. Essentially, the server acts as a limited, read-only portal to routers of whatever organization is running the lg server. Typically, publicly accessible looking glass servers are run by ISPs or NOCs.
Public Looking Glass servers running an affected version of Cisco IOS are specially susceptible to this bug because they provide unauthenticated public access to Cisco IOS devices. Because of this, operators of BGP Looking Glass servers are encouraged to use AAA to prevent execution of the commands mentioned above that are known to crash Cisco IOS.
•
Symptoms: Modem pass-through calls failing while handshaking
Conditions: Problem appeared after upgrade from Cisco IOS Release 12.3(26) Cisco IOS Release to 12.4(23)
Workaround: There is no workaround.
•
Symptoms: Router crash due to Address Error:
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0xXXXXXXXX
Conditions: This has been seen on Cisco routers running 12.4T and 12.4 images with SIP traffic.
Workaround: There is no workaround.
•
Symptoms: Catalyst 6000 running modular Cisco IOS 12.2(33)SXH4 may crash with NAT configuration.
Conditions: Occurs when running modular IOS with NAT deployment. Crash only happening in production, and NAT translation is required for crash to occur.
Workaround: Run non-modular Cisco IOS Release 12.2(33)SXH4.
•
Symptoms: Calls fail intermittently with cause "47: no resource available" error.
Conditions: Occurs when router is under load test.
Workaround: There is no workaround.
•
Symptoms: Cisco AS5850 running an internal image based on Cisco IOS Release 12.4(23) may crash unexpectedly.
Conditions: Occurs during normal operation.
Workaround: There is no workaround.
•
Symptoms: Multiple issues are seen on multicast NAT. NAT is adding the number of dynamic entry statistics for every new multicast packet, even though there is already an existing NAT flow entry. This causes the number of dynamic entries to be inconsistent with the output from show ip nat trans. Also, dynamic NAT entries cannot be deleted with clear ip nat trans *. Finally, every fragmented multicast packet creates a separate NAT entry.
Conditions: Occurs when ip pim sparse-dense-mode is configured on the interfaces with NAT overload.
Workaround: There is no workaround.
•
Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml
•
Symptoms: Cisco 2811 experiences invalid checksum over SCP on SSH version 2.
Conditions: Occurs on a Cisco 2811 with flash type file system.
Workaround: There is no workaround.
•
Symptoms: Using secure copy (SCP) between Cisco routers may cause compatibility issues.
Conditions: Occurs when using SCP SSH version 2 between a Cisco 1800 and Cisco 2800.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload due to a bus error. The error indicates trying to read address 0x0b0d0b**, where ** is around 29.
Conditions: This has been experienced on a Cisco 2800 series router running Cisco IOS Release 12.4(24)T. The router must be configured with NAT, and SIP traffic is passed through the NAT router.
Workaround: Enter the following commands:
* no ip nat service sip tcp port 5060
* no ip nat service sip udp port 5060
Or
* ip nat translation timeout never
•
Symptoms: The clear ip nat tr * commandremoves corresponding static NAT entries from the running configuration, but removing static NAT running configuration does not remove the corresponding NAT cache.
Conditions: Occurs when NAT commands are entered while router is processing around 1 Mb/s NAT traffic.
Workaround: Stop the network traffic while configuring NAT.
•
Symptoms:
Case 1: All NAT multicast data packets are processed by software.
Case 2. Spurious memory access occurs.
Conditions:
Case 1. NAT with static port entry, or dynamic overload configuration.
Case 2. Configure ip nat dynamic nat rule with an undefined NAT pool.
Workaround:
Case 1: Configure NAT as static entry without port, or dynamic non-overload.
Case 2: Configure with defined pool.
•
Symptoms: Router reloads at "atm_update_bundle_counters".
Conditions: Occurs during normal operation.
Workaround: There is no workaround.
•
Symptoms: Voice/SIP (ef) packets are not marking in the ingress/egress when NAT is enabled on the interface.
Conditions: Occurs when NAT is enabled.
Workaround: Remove NAT from the configuration.
•
Symptoms: The show version command shows the reload reason as "power-on".
Conditions: Occurs on a Cisco AS5850 configured for HOS mode when it is rebooted with a time lag.
Workaround: There is no workaround.
•
Symptoms: Memory leaks occur for SIP calls in a SIP gateway.
Conditions: Occurs with regular SIP calls from PSTN through SIP voice gateway.
Workaround: There is no workaround.
•
Symptoms: Gateway crashes due to lack of memory.
Conditions: Memory leak occurs in RTCP while processing calls. Due to lack of memory, the gateway crashes.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(23)
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(23). All the caveats listed in this section are resolved in Cisco IOS Release 12.4(23). This section describes severity 1 and 2 caveats and select severity 3 caveats.
•
Symptoms: The VLAN-ID is not propagated in the NAS Port ID field when the PPPoE over VLAN call is up.
Conditions: The symptom is observed when using both configurations (main interface and sub-interface) for PPPoE over VLAN. The NAS Port ID value shows correctly while using the sub-interface configuration but incorrectly when using the main interface. The main interface used for PPPoE over VLAN is shown below:
interface Ethernet1/0
no ip address
vlan-id dot1q 4
pppoe enable group global
exit-vlan-config
The expected NAS Port ID is 1/0/0/4 but 1/0/0/0 is received.
Workaround: There is no workaround.
Further Problem Description: This will impact AAA as this information should be updated by PPP to AAA.
•
Symptoms: The router may display CPUHOG errors and/or reload when you enter the no ipv6 multicast-routing global configuration command.
Conditions: This symptom is observed with configurations that include large numbers of dot1q subinterfaces.
Workaround: There is no workaround.
•
Symptoms: DHCP Relay crashes while sending a DHCP offer to the client with binding as relay binding. (0.0.0.0).
Conditions:
1.
2.
Workaround: Disable smart-relay functionality if enabled. Use numbered relay instead of unnumbered relay.
•
Symptoms: Compared to other Cisco IOS software releases, unusually high CPU usage may occur in the BGP router process on a Cisco 7600 series that runs Cisco IOS Release 12.2(33)SRB1.
Conditions: This symptom is observed when BGP is learning routes from the RIB, even if redistribution is not directly configured under BGP. (Redistribution from other routing protocols to BGP can exacerbate the CPU usage.)
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.4(13b) might unexpectedly reload with a bus error.
Conditions: This symptom happens during normal operation with NAT configured.
Workaround: There is no workaround.
•
Symptoms: BGP convergence is very slow, and CPU utilization at the BGP Router process is always near 100 percent during the convergence at the aggregation router. This issue obviously shows the following tendencies:
1.
2.
Conditions: Any release would be affected if "aggregate-address" is configured and routing updates are received every few seconds.
Workaround: Remove the "aggregate-address".
Further Problem Description: If you configure "aggregate-address" lines after BGP convergence has been achieved, the BGP process only holds about 60 or 80 percent of the CPU for about 1 minute. However, if you do peer reset after "aggregate-address" entries have been configured, the convergence time is about 32 minutes (it is about 6 minutes if "aggregate-address" entries are removed).
•
Symptoms: A memory leak may occur in the "BGP Router" process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(26)S6, that is configured for BGP, and that has the bgp regexp deterministic command enabled.
Workaround: Disable the bgp regexp deterministic command.
•
Symptoms: When reloading a router (lsnt-ap-pe1, Cisco 7500 platform) with Cisco IOS interim Release 12.0(31.4)S1 from any Cisco IOS Release 12.0(28)S4b image, several IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP and traceback occur in the standby log.
Conditions: This symptom has been observed on a Cisco 7500 router platform with MVPN.
Workaround: There is no workaround.
•
Symptoms: When you perform an OIR of an ATM line card, a CPUHOG condition may occur in the "BGP Event" process.
Conditions: This symptom is observed when the ATM line card is configured with about 15,000 /32 routes.
Workaround: There is no workaround.
Further Problem Description: The ATM line card connects to about 15,000 different gateways, each of which is covered by its own /32 route. In addition, there is a less specific route that covers everything. The symptom occurs when BGP attempts to remove a large number of these tracked entries without suspending any.
•
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
•
Symptoms: Password information may be displayed in a syslog message as follows:
%SYS-5-CONFIG_I: Configured from scp://userid:password@10.1.1.1/config.txt by console
Conditions: This symptom is observed when using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB; selection of ConfigCopyProtocol of SCP or FTP may result in the password being exposed in a syslog message.
Workaround: When using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB, use the ConfigCopyProtocol of RCP to avoid exposure of the password.
•
Symptoms: A Cisco IOS VoIP gateway configured for IPIPGW (CUBE) functionality may crash.
Conditions: A gateway configured for IPIPGW functionality with the command allow-connections under voice service voip under rare conditions will crash while processing VoIP calls.
This has been found to occur in some scenarios where a single VoIP call loops (meaning the call is from the IPIPGW back to the same IPIPGW) through the IPIPGW.
When this occurs, the following error message may be noticed:
%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000
Workaround:
The workaround is to track down the source of the call looping and correct the problem there.
The other possible workaround is to introduce another termination point in the RTP packet flow beside the IPIPGW. For example, if interworking with Cisco Unified Communications Manager (CallManager) a MTP resource may be used to prevent this loop.
•
Symptoms: A router that has a Cisco IOS firewall enabled may crash because of a breakpoint exception after the following error message has been generated:
%SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 66596A90.
-Process= "IP VFR proc and %SYS-2-BADSHARE: Bad refcount in pak_enqueue
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(7) or Release 12.4.(12) when the ip virtual-reassembly command is enabled on an interface.
Workaround: Disable the virtual fragment reassembly (VFR) configuration on the interface by entering the no ip virtual- reassembly command.
•
Symptoms: Not all the Netmeeting sessions (h323) are obtained in the firewall when enabling the h323 protocol inspection.
Conditions: This is observed when inspection is done with double ACL configured.
Workaround: This workaround applies to the following versions of Netmeeting:
–
–
–
–
–
–
–
–
–
–
–
–
–
(http://support.microsoft.com/kb/158623#appliesto)
NetMeeting uses the following IP ports to communicate with other meeting participants:
Port Purpose
-------------------------------------
389 Internet Locator Server [Transmission Control Protocol (TCP)]
522 User Location Server (TCP)
1503 T.120 (TCP)
1720 H.323 call setup (TCP)
1731 Audio call control (TCP)
Dynamic H.323 call control (TCP)
Dynamic H.323 streaming [Realtime Transport Protocol (RTP) over User
Datagram Protocol (UDP)]
To enable NetMeeting traffic, you must open a pinhole for these fixed TCP ports also with h323 inspection on the interface.
So the workaround for this is:
1.
ip port-map user-NMAUX port tcp 522 1731 1503 description "Port-map configuration for NetMeeting"
2.
ip inspect name test h323
ip inspect name test user-NMAUX
ip inspect name test ldap
(Here Lightweight Directory Access Protocol (LDAP) is included for port 389.)
3.
Example configuration:
fwodc1-2#sh run
Building configuration...
Current configuration : 2700 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname fwodc1-2
!
boot-start-marker
boot-end-marker
!
no logging console
enable password lab
!
no aaa new-model
!
!
ip cef
!
!
no ip domain lookup
ip inspect name test tcp
ip inspect name test udp
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
frame-relay switching
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no crypto engine onboard 0
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key letmein address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-des
!
crypto map test 10 ipsec-isakmp
set peer 10.0.0.1
set transform-set test
match address ipsec_acl
!
!
!
!
interface GigabitEthernet0/1
ip address 192.168.101.2 255.255.255.0
ip access-group 102 in
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
encapsulation frame-relay
clock rate 128000
no frame-relay inverse-arp
frame-relay intf-type dce
!
interface Serial0/0/1.587 point-to-point
ip address 10.0.0.2 255.0.0.0
ip access-group 101 out
ip inspect test in
ip virtual-reassembly
snmp trap link-status
frame-relay interface-dlci 587
crypto map test
!
router eigrp 100
network 10.0.0.0
network 192.168.101.0
no auto-summary
no eigrp log-neighbor-changes
no eigrp log-neighbor-warnings
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
ip access-list extended ipsec_acl
permit ip 192.168.101.0 0.0.0.255 192.168.1.0 0.0.0.255
!
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit icmp any any
access-list 101 permit eigrp any any
access-list 101 deny ip any any
access-list 102 permit udp any any eq isakmp
access-list 102 permit esp any any
access-list 102 permit ahp any any
access-list 102 permit icmp any any
access-list 102 permit eigrp any any
access-list 102 deny ip any any
access-list 110 permit tcp any any fragments
access-list 110 permit udp any any fragments
access-list 110 deny tcp any any
access-list 110 deny udp any any
access-list 110 permit ip any any
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
exec-timeout 0 0
speed 115200
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end
•
Symptoms: A PE that is part of a confederation and that has received a VPNv4 prefix from an internal and an external confederation peer, may assign a local label to the prefix despite the fact that the prefix is not local to this PE and that the PE is not changing the BGP next-hop.
Conditions: The symptoms are observed when receiving the prefix via two paths from confederation peers.
Workaround: There is no workaround.
Further Problem Description: Whether or not the PE will chose to allocate a local label depends on the order that the multiple paths for this VPNv4 prefix are learned. The immediate impact is that the local label allocated takes up memory in the router as the router will populate the LFIB with the labels.
•
Symptoms: Under specific conditions, the new standby supervisor engine may reset repeatedly after a redundancy switchover.
Conditions: The symptom is observed after a redundancy switchover following the below configuration sequence on the active supervisor:
1.
2.
3.
Workaround: Enable frame-relay switching on the active and reset the standby.
•
Symptoms: Router displays following error message and reloads:
Jun 18 06:12:23.008: event flooding: code 10 arg0 0 arg1 0 arg2 0
%SYS-3-OVERRUN: Block overrun at E5D8310 (red zone 00000000) -Traceback=
0x6080CEB0 0x60982108 0x60982EC0 0x6098511C 0x609853BC
%SYS-6-MTRACE: mallocfree: addr, pc
662B5B1C,608A6F3C 0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6
662B5B1C,608A6F3C 0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6
%SYS-6-MTRACE: mallocfree: addr, pc
662B5B1C,608A6F3C 0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6
662B5B1C,608A6F3C 0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6
%SYS-6-BLKINFO: Corrupted redzone blk E5D8310, words 6088, alloc 61FE2638,
InUse, dealloc 80000000, rfcnt 1 -Traceback= 0x6080CEB0 0x609681D4 0x6098211C
0x60982EC0 0x6098511C 0x609853BC
%SYS-6-MEMDUMP: 0xE5D8310: 0xAB1234CD 0xFFFE0000 0x0 0x63894208
%SYS-6-MEMDUMP: 0xE5D8320: 0x61FE2638 0xE5DB2D0 0xE5D8144 0x800017C8
%SYS-6-MEMDUMP: 0xE5D8330: 0x1 0x0 0x1 0x64B53478
%Software-forced reload
Conditions: This symptom occurred on a Cisco 7200 running the c7200-ik9s-mz.124-7a.bin image.
Workaround: There is no workaround.
•
Symptoms: QoS takes ATM interface default bandwidth for all calculation even when vbr-nrt is set.
Conditions: Occurs on a Cisco 7500 router configured for ATM+QoS.
Workaround: There is no workaround.
•
Symptoms: The interface output rate (214 Mb/s) is greater than the interface line rate (155 Mb/s).
Conditions: This symptom is observed with a Cisco 7600/7500/7200-NPE400 and below. That is, PA-POS-2OC3/1OC3 (PULL mode).
Workaround: There is no workaround.
Further Problem Description: From the Ixia, packets are transmitted at 320 Mb/s. On the UUT (Cisco 7600), the outgoing interface (POS-Enhanced Flexwan) shows the output rate as 200 Mb/s. But the interface bandwidth is 155 Mb/s.
•
Symptoms: A 4000 virtual-template (VT) takes high CPU during system load configuration.
Conditions: Occurs when 4000 VT interfaces are loaded from TFTP to running configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router with Eng5 line cards may not pass traffic when acting as an Autonomous System Border Router (ASBR) in an Inter-AS VPN Option B configuration.
Conditions: Occurs when VPN routing/forwarding (VRF) is removed from the ASBR. The MPLS labels advertised on the eBGP peering for the VPNv4 prefixes are not programmed in the line cards, so traffic is dropped. The label for a prefix can be seen on the route processor, but not on the line cards. This occurs when there are numerous prefixes in the BGP and with PRP2 with Eng5 line cards.
Workaround: Disable and enable the affected prefix. This updates the labels on the line cards.
•
Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory.
This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml.
•
Symptoms: A router may crash.
Conditions: The symptoms are very rare, but if it occurs it will be seen during ISSU runversion.
Workaround: There is no workaround.
•
Symptoms: A route introduced by Conditional Route Injection is not removed from the iBGP peer upon withdrawal.
Conditions: Consider this situation: Router B is a BGP router that has two eBGP peers, Router A and Router C. In a situation where RTR_A advertises a prefix and RTR_B injects a more specific prefix of it, the symptom is observed in two ways:
1.
2.
Workaround: There is no workaround.
•
Symptoms: Hub in VPN routing/forwarding (VRF) drops ingress multicast when Cisco Express Forwarding (CEF) is enabled on Dynamic Multipoint VPN (DMVPN) tunnel.
Conditions: This happens on a Cisco 7200 router running Cisco IOS Release 12.4(17.9)T.
Workaround: There is no workaround.
•
Symptoms: Recursive static routes are not being resolved. The show ipv6 rpf command does not show the recursion count in the RPF recursion count field.
Condition: This symptom occurs when nonlooping recursive IPv6 static mroutes are configured. This symptom is triggered when IPv6 is configured with PIM Sparse-Mode. The impact of this symptom is that Multicast traffic flow is affected.
Workaround: There is no workaround.
•
Symptoms: A router crashes. Prior to the crash, the log file contains numerous messages indicating:
SYS-3-CPUHOG: Task is running for (2004)msecs, more than (2000)msecs (2/2),process = IP NAT Ager.
Conditions: This symptom is observed on a router with NAT enabled.
Workaround: There is no workaround.
Further Problem Description: The fix for this defect caused a new bug: CSCso62511. Ensure that you have the fix for CSCso62511 in addition to this defect if you are encountering this problem.
•
Symptoms: Router crashes due to IPv6 multicast routing.
Conditions: This happens after applying multicast routing configurations, and again while unconfiguring.
Workaround: There is no workaround.
•
Symptoms: When sf/ami/56 is configured, the protocol interface is down at both ends.
Conditions: The symptoms are observed when we configure speed 56, framing sf and linecode ami at both ends, as shown:
service-module t1 timeslots all speed 56
service-module t1 framing sf
service-module t1 linecode ami
This causes the protocol to be down and an increased error count at both ends.
Workaround: Change the speed to 64 and then configure again to 56. The protocol will then be up and ping is OK.
•
Symptoms: Executing a show flash command causes high CPU.
Conditions: This symptom is typically seen when there are more then 500 files on the flash.
Workaround: There is no workaround.
•
Symptoms: When a VPN routing/forwarding (VRF) is deleted through the CLI, the VRF deletion never completes on the standby RP, and the VRF cannot be reconfigured at a later time.
Conditions: This symptom is observed when BGP is enabled on the router.
Workaround: There is no workaround.
•
Symptoms: A memory leak may be observed on the standby node.
Conditions: The symptom is observed only when broadcast accounting is configured in the standby node. The memory leak is verified by using the show processes memory | i AAA ACCT command.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2950 switch or any Cisco router may crash unexpectedly.
Conditions: This symptom occurs under the following scenario:
–
–
–
–
Workaround: Disable CDP.
•
Symptoms: Router may experience mwheel CPUHOG condition.
Conditions: This condition is observed on Cisco router while clearing all L2TP sessions when there are more than 2500 sessions with multicast traffic flowing on the sessions.
Workaround: There is no workaround.
•
Symptoms: The show ppp multilink statistics are not updated on a Cisco 7500 router.
Conditions: This symptom is observed when dLFIoLL+SSO is configured on the Cisco 7500 router and a switchover is performed.
Workaround: There is no workaround.
•
Symptoms: Router reload is seen in the network with a traceback when the show aaa user all command is executed.
Conditions: This symptom occurs when the command is executed with 2k or more sessions in progress.
Workaround: Do not enter the show aaa user all command.
Further Problem Description: This is more like a timing or race condition, which could occur with a large number of sessions.
The show command outputs data from General DataBase which is typically a hash table for each session. However, it does not lock the table during the display for each session. When we have a large number of sessions, the output process may take more than one pass. Meantime if we clear the session, we free the memory associated with that session's General DB. Now, pointers the show command is using, point to a freed memory resulting in a reference to a bad pointer. The output process has to sleep (suspend) a moment, and the crash occurs.
•
Symptoms: High CPU can be seen on Cisco AS5400XM after given uptime.
Conditions: Occurs after 2-3 weeks uptime. CPU usage increases because of "Background Loade" process.
Workaround: Reload the access server.
•
Symptoms: A Cisco AS5850 that is configured as a SIP gateway may crash unexpectedly when running a high volume of SIP calls.
Conditions: This symptom is observed on the Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: On a gateway configured for ISDN Non-Facility Associated Signaling (NFAS) with a primary and backup D channel, both the primary and backup D channel interfaces may be marked "OUT OF SERVICE" if the gateway sends the first "in-service" message during a D channel switchover.
Conditions: This symptom occurs only when the gateway sends the first ISDN service message indicating that it is bringing the backup D channel in service. If the peer sends the message first, the switchover is completed successfully.
Workaround: There is no workaround.
•
Symptoms: When the cm-manager config server <ip address> is used, router fails to configure or misconfigures the gateway voice ports. This results in non-functional voice ports.
Conditions: Occurred on a Cisco 3845 running the c3845-advipservicesk9-mz.124-13d.bin image. Example of the errors follow:
voice-port 1/0/0
signal unknown <--- should have been default loop start
ring frequency unknown <--- should have been default ring freq
timing hookflash-in 400 20
shutdown <--- should have been no shut
In addition, PRI E1 trunks fail with no dial tone yet there is no indication why. The Cisco OS configuration looks OK.
Workaround: Do not use these commands. Configure the MGCP gateway manually.
•
Symptoms: A router running Cisco IOS may unexpectedly reload.
Conditions: This is specific to platforms with powerpc processors, such as the npe-g2 and 2600xm series routers. It requires either the legacy rate-limit config or MQC style policer configured on an interface.
Workaround: There is no workaround.
•
Symptoms: When a non-DC router is removed from a DC enabled area and the area becomes DC enabled, some of the LSAs are not refreshed correctly with DoNotAge (DNA) bits set. Crash may happen when customer deploys iptivia probes in the network. Fixed in CRS.
Conditions: The symptom is observed when a router without DC capability is removed from a DC enabled area.
Workaround: Use the clear ip ospf command.
•
Symptoms: When configuring ATM PVCs, under the PVC syntax you can provide a handle to describe the PVC. If this handle starts with "00" (zero zero) then the command will fail.
Conditions: The symptom is observed when configuring ATM PVCs and where the PVC handle starts with "00".
Workaround: Do not use handles that start with "00".
•
Symptoms: Policy on MFR interface stays in suspend mode after a shut/no shut even though required bandwidth is available.
Conditions: Occurs with a QoS policy attached to MFR interface on a Cisco 7500 router.
Workaround: There is no workaround.
•
Symptoms: The router keeps reloading and complaining about unavailability of memory.
Conditions: This symptom is observed if the router is directly connected to a DHCP server or if an attack is made by flooding DHCP replies.
Workaround: There is no workaround.
•
Symptoms: You may observe a problem which the OSPF neighbor is down after switch-over in spite of using OSPF Non-Stop Forwarding (NSF).
Conditions: This occurs with the following conditions:
–
–
–
Workaround: Change the OSPF config to "nsf ietf" and change the OSPF interface to "broadcast".
•
Symptoms: The command hold-queue length in cannot be configured for port-channel interface.
Conditions: The symptom is observed with a Cisco 7600 series router after upgrading to Cisco IOS Release 12.2(33)SRC.
Workaround: There is no workaround.
Further Problem Description: Queueing is not supported for port-channel with a Cisco 7600 series router. The hold-queue is a legacy queueing command and is not supported.
•
Symptoms: On a Hot Standby Router Protocol (HSRP) standby router, all accounting records for aaa accounting commands and aaa accounting system on the standby router of the HSRP pair are available only if those two commands are applied.
Conditions: AAA accounting is configured on a router pair that is running HSRP.
Workaround: Change the router to the active state before making changes that are to be logged.
Further Problem Description: The following message will appear when the debug aaa accounting command is executed and a record is suppressed:
*<time/date>: AAA/ACCT/CMD(00000003): Suppressed record
•
Symptoms: Tracebacks are seen after unconfiguration when using the clear ip nat translation * command.
Conditions: This traceback occurs with the c7200-js-mz.124-18a.fc2 image.
Workaround: There is no workaround.
•
Symptoms: Ping fails from reflector during internal testing.
Conditions: The goal of the test is to verify the successful termination of PPP/PPPoE over ATM sessions on router's ATM interface using auto sensing. It is performed with auth_pap, process switch, and keepalive disabled. This has a functional impact as the virtual access entry is not getting added to the routing table after doing clear ip route.
Workaround: There is no workaround.
•
Symptoms: Paths with same next-hop may be marked as being multipath.
Conditions: The symptom is observed when multipath is configured and when using RRs in the environment.
Workaround: There is no workaround.
•
Symptoms: BGP peers are stuck with table versions of 0. BGP peers do not announce any routes to neighbors.
Conditions: Whenever the interfaces flap with online insertion and removal (OIR) multiple times, all of the BGP peers using such interfaces for peering connections encounter this issue.
Workaround: Delete and reconfigure the neighbor.
•
Symptoms: Device crashes while debugging Border Gateway Protocol (BGP) IPv6 unicast updates entering the clear bgp ipv6 uni * command.
Conditions: Debugging must be on to see the crash
Workaround: Use the no debug bgp ipv6 unicast update command to turn off BGP IPv6 unicast updates debugging.
•
Symptoms: Policy-map outputs are not seen in standby router. The policy is attached to the VC in the standby, but no output is seen.
Conditions: The symptom is observed when an ATM PVC is created and a service policy is attached to the PVC.
Workaround: There is no workaround.
•
Symptoms: On a CMM running Cisco IOS Release 12.4.13b with an ACT Module, several DSPs may get reset because of heartbeat errors and may cause the calls to fail. The following messages will be displayed on the console, and traceback messages may also appear:
Apr 3 11:59:09: ac_mtrDsp_ev(slot 0 dspId 1 heartBeat 0CDC8D38) reset[hbErr 0]
Apr 10 10:54:41: ac_mtrDsp_ev(slot 1 dspId 2 heartBeat 10718287) reset[hbErr 0]
Apr 10 10:54:41: ac_mtrDsp_ev(slot 2 dspId 1 heartBeat 107178F7) reset[hbErr 0]
Apr 10 10:54:56: ac_mtrDsp_ev(slot 2 dspId 1 heartBeat 0000058D) reset[hbErr 0]
Apr 10 10:54:56: ac_mtrDsp_ev(slot 1 dspId 2 heartBeat 000005BF) reset[hbErr 0]
Apr 10 10:55:12: %SCHED-2-EDISMSCRIT: Critical/high priority process MS_AC Dsprm Main may not dismiss.
-Process= "MS_AC Dsprm Main", ipl= 0, pid= 38
Conditions: This symptom is observed under normal working conditions and occurs because of unknown reasons.
Workaround: There is no workaround.
•
Symptoms: Traceback is seen after unconfiguring the tunnel interface.
Conditions: The symptom is seen when using Ipv4 multicast PIM tunnels where the route to the Rendez-Vous Point (RP) is via another tunnel interface. If this tunnel interface was unconfigured, then there is a race condition between:
1.
2.
Workaround: There is no workaround.
•
Symptoms: The local PE is sending graft messages even after receiving data from the remote PE on an MVPN network.
Conditions: This symptom is observed when the graft-ack messages are lost in transit (could be due to misconfiguration/ACL, etc.).
Workaround: Fix the misconfiguration so that graft-ack messages are forwarded as expected.
•
Symptoms: A Cisco 870 router will process and forward packets received with a multicast MAC address even though it should not, such as when the interface controller does not own the multicast MAC address.
Conditions: This was observed on a Cisco 878 Router running Cisco IOS Release 12.4(15)T4.
Workaround: Make sure the switch connecting to the Cisco 870 does not send packets with multicast MAC addresses that should not be received by the Cisco 870.
•
Symptoms: Spurious accesses are seen when SNMP queries are performed on the router.
Conditions: This symptom occurs if SNMP queries like "snmpwalk -v2c 7.42.19.43 public .1.3.6.1.4.1.9.3.6.13.1" are performed on the router. Spurious accesses are seen.
Workaround: There is no workaround.
•
Symptoms: Traffic engineering (TE) tunnel is not coming up in MPLS TE.
Condition: Occurs when both Ethernet Over MPLS (EoMPLS) and MPLS TE are configured on the router.
Workaround: There is no workaround.
•
Symptoms: A Cisco Communication Media Module (CMM) with an Adhoc Conferencing and Transcoding (ACT) port adaptor module configured for MTP/XCODING may get into a state where further attempts to utilize DSP resources in a transcoding profile may fail.
Conditions: Under rare conditions, a CMM module used for MTP/XCODING may see the DSP resource on the module become unresponsive. When this occurs, a DSP recovery algorithm on the CMM module will be invoked to attempt to recover the DSP resource.
This algorithm may in some circumstances leave the associated transcoding resource in a state where further calls to invoke these resources will fail.
When the DSP recovery mechanism is invoked, the following message at debug level will be logged:
ac_mtrDsp_ev(slot 2 dspId 1 heartBeat 0000058D) reset[hbErr 0]
If the recovery mechanism fails to properly recover the resources, there will be hung calls seen in the output of the show mediacard connection command (0 packets tx/rx will be displayed).
Further calls that attempt to use this resource will see OpenReceiveChannel failures as displayed in the output of the show sccp statistics command.
An example of this is below:
CMM-01# show mediacard connection
Id Type Slot/ RPort SPort RxPkts TxPkts Remote-Ip
DSP/Ch
25 xcode 2/4/23 18300 22684 0 0 172.16.175.160
26 xcode 2/4/24 16710 22540 0 0 172.16.175.116
CMM-01# show sccp statistics
SCCP Application Service(s) Statistics:
Profile Identifier: 1, Service Type: Transcoding
TCP packets rx 1676, tx 443
Unsupported pkts rx 0, Unrecognized pkts rx 0
Register tx 1, successful 1, rejected 0, failed 0
KeepAlive tx 25, successful 25, failed 0
OpenReceiveChannel rx 412, successful 398, failed 24
CloseReceiveChannel rx 412, successful 398, failed 14
StartMediaTransmission rx 412, successful 398, failed 14
StopMediaTransmission rx 412, successful 380, failed 0
Reset rx 0, successful 0, failed 0
MediaStreamingFailure rx 0
Switchover 0, Switchback 0
Workaround: Work to prevent the DSP from becoming unresponsive.
•
Symptoms: User can only configure a maximum of 500 SWMTP sessions per profile.
Conditions: This symptom is observed when using SWMTP.
Workaround: Configure multiple SWMTP profiles.
•
Symptoms: Only one RELEASE message is seen on a DHCPv6 when the server is shut, even though multiple messages are expected.
Conditions: The symptom occurs on Cisco 7200 series router that is running Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: NM-CEM-4TE1 modules installed in Cisco 3845 routers running 12.411T or 12.4.15T3 codes with nine TS CEM groups configured have alignment issues. When the issue occurs, all show cem commands do not show any problems with the cards or CEM groups.
Conditions: This symptom is observed on an NM-CEM-4TE1 module installed in Cisco 3845 routers with nine TS groups configured and connected to another vendor PBX.
Workaround:
1.
2.
Further Problem Description: The issue can be observed with more details using a WAN analyzer between the CEM card and the PBX. There you can see that the traffic is entering through a specific TS and leaving through a different TS.
•
Symptoms: If the WAN connection is DOWN on the VGW, the Media Gateway Control Protocol (MGCP) fallback mode may not load. The gateway remains in "MGCP Fallback mode: Enabled/OFF" mode.
Conditions: This symptom is observed with Cisco IOS Release 12.4(16).
Workaround: Shut down the interface.
Further Problem Description: It is possible that the link goes up and down frequently. The call manager application tries to download the XML file from CCM+TFTP even when the link is down. This sets a flag. The flag prevents the fallback.
•
Symptoms: In Cisco IOS software that is running the Border Gateway Protocol (BGP), the router may reload if BGP show commands are executed while the BGP configuration is being removed.
Conditions: This problem may happen only if the BGP show command is started and suspended by auto-more before the BGP-related configuration is removed, and if the BGP show command is continued (for example by pressing the SPACE bar) after the configuration has been removed. This bug affects BGP show commands related to VPNv4 address family. In each case the problem only happens if the deconfiguration removes objects that are being utilized by the show command. Removing unrelated BGP configuration has no effect.
This bug is specific to MPLS-VPN scenarios (CSCsj22187 fixes this issue for other address-families).
Workaround: Terminate any paused BGP show commands before beginning operations to remove BGP-related configuration. Pressing "q" to abort suspended show commands, rather SPACE to continue them, may avoid problems in some scenarios.
•
Symptoms: Unable to ping IP address of session target. Packets of certain sizes (between 57 and ~63 bytes, depending on the type of packet) are corrupted when using a tunnel over a PPP multilink interface. EIGRP packets were within this range and so were dropped and caused the route to the IP address being pinged not to be added.
Conditions: Issue may be related to encryption or Network Address Translation (NAT).
Workaround: Disable or increase the value of ppp multilink fragmentation.
•
Symptoms: Standby router keeps reloading in RPR+ mode.
Conditions: The symptom is observed when distributed Link Fragmentation and Interleaving over Leased Lines (dLFIoLL) is configured on MC-STM1 and MTU size is changed on multilink members.
Workaround: Change MTU back to 1500.
•
Symptoms: All CAS voice calls fail on a Cisco AS5850 box. This failure is not seen on PRI calls.
Conditions: This symptom is observed for CAS calls but not for PRI calls.
Workaround: There is no workaround.
•
Symptoms: A switch reloads when the distance bgp command is configured under ipv6 address family.
Conditions: This symptom is observed on a Cisco 3560 that is running Cisco IOS Release 12.2(44)SE2. The same symptom is also seen on a Cisco 3750. The following commands are issued:
router bgp <>
address-family ipv6 unicast
distance bgp <> <>
The router subsequently reloads because of an Instruction access Exception.
Workaround: There is no workaround. BGP/ipv6 is not supported on such platforms.
•
Symptoms: When IPv6 prefix delegation receives periodic RENEW message from a client, it may incorrectly bind the corresponding prefix for another client.
Conditions: The symptom is observed when IPv6 prefix delegation assigns a prefix to a client that is connected via a virtual access interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5350 or Cisco AS5350XM that is running Cisco IOS Release 12.4(15)T5 will drop incoming VPN traffic larger than 512 bytes when the traffic is destined for a dialer interface.
Conditions: Conditions where problem is seen:
–
–
–
Conditions where problem is not seen:
–
–
–
Workaround: There is no workaround.
•
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.
•
Symptoms: The caller ID transmission may fail from FXS port to FXO port.
Conditions: The symptoms are observed when the sub-command caller- id is configured under "voice-port x/y".
Workaround: There is no workaround.
•
Symptoms: A router may crash when the IP address/mask is changed on the interface.
Conditions: The symptom occurs if EIGRP authentication is enabled.
Workaround: Disable authentication.
Further Problem Description: When the authentication is removed from the interface, the crash does not occur on changing the mask.
•
Symptoms: When configuring "is-type level-1" under "router isis", the following error message may be received:
% Ambiguous command: "is-type level-1"
Conditions: The symptom is observed when configuring "is-type level-1" under "router isis".
Workaround: There is no workaround.
•
Symptoms: A PA-POS-2OC3 experiences an output stuck condition.
Conditions: This issue is sporadic in nature and is sometimes seen with QoS configurations although QoS is not the cause of the issue. The issue is due to an extra interrupt, which is confusing the driver if it expires before the FIFO reaches the low point. For example, if the FIFO goes full but is filled with large packets, then it is possible that the no traffic timer will expire before the tx packets have emptied. It is a communication issue between the hardware and the driver code.
Workaround: There is no workaround.
•
Symptoms: Radio transmissions from LMR voice ports to PMCs may intermittently drop packets in the router.
Conditions: The symptom is seen where multiple PMC users monitoring the same stream cause more than three simultaneous RTP streams to be present on the LMR router.
Workaround: If customer is running PMC, turn off the keepalive on the PMCs.
•
Symptoms: Router crashes while attempting OCSP revocation check.
Conditions: The symptom is seen on a Cisco router that is running Cisco IOS Release 12.4(21).
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur when using the dot1x port-control force-authorized command.
Conditions: The symptom is observed on a Cisco 831 router that is running Cisco IOS Release 12.4.
Workaround: There is no workaround.
•
Symptoms: Router may not boot up and the following error message may be shown: program section linked to illegal address
Conditions: The symptoms are observed on a Cisco 820 series router and a Cisco 828 router that is running Cisco IOS Release 12.4(21).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload due to a bus error crash:
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x411E79C0
-Traceback= 0x411E79C0 0x411E8260 0x411D2C74 0x411D34F0 0x411D4B34 0x411D4CD8 0x423520C8 0x408BE970 0x408C25BC 0x408B7878 0x41215404 0x41231530 0x426D86F0 0x426CAFC8 0x42348C98 0x42348C7C
Conditions: The symptom is seen on a Cisco 2821 router that is running Cisco IOS Release 12.4(18). The crash appears to be triggered when the command no ccm-manager is entered.
Workaround: There is no workaround.
•
Symptoms: Traceback occurs while testing AAA Authentication and Asynchronous Call (ACQ) feature.
Conditions: Occurs on a Cisco 3745 running Cisco IOS Release 12.4 and Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: A router crashes after a long RSA key string is entered.
Conditions: This symptom is observed when a very long hex string is entered.
Workaround: Break the entry into shorter strings.
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) tries to access invalid memory address and may cause router to stop working.
Conditions: Occurs when a switch over happens and standby router becomes active.
Workaround: There is no workaround.
•
Symptoms: If either the command vlan-id dot1aq vlan-id or the command vlan-range dot1aq start-vlan-id end-vlan-id is configured on a main interface which is also configured for routing, and an ARP packet is sent to the router on the configured VLAN, then the router may send an ARP reply with a VLAN ID of zero.
Conditions: The symptoms are seen on a Cisco 2800 series and a Cisco 7200 series router when the command vlan-dot1q vlan-id is configured on the GigabitEthernet interface of a Cisco 2800 series router and encapsulation dot1q vlan- id is configured on the FastEthernet 2/1/2.1 interface.
Workaround: Change the Cisco 2800 series router's (CE) configuration to use a sub-interface for the VLAN-ID instead of using the vlan- dot1q vlan-id command on the main interface. With a sub-interface configured on the 2800, we can verify that the ARP packets are sent with proper VLAN ID.
•
Symptoms: An MWAM processor Gigabit Ethernet interface stops processing traffic.
Conditions: This symptom is observed at a high rate of incoming traffic.
Workaround: Restart the interface (enter the shutdown command followed by the no shutdown command) to restore traffic forwarding.
•
Symptoms: SSL connection over L2TP IPSec tunnel does not work. Checksum errors on the Change Cipher Spec messages coming from the server.
Conditions: This has been seen on a Cisco 7200 running Cisco IOS Release 12.4(15)T5 and the ADVENTERPRISEK9-M image. A Cisco 2821 with the same version and feature set was not affected.
Workaround: Use a router other than the Cisco 7200 for this task, or disable IPSec and only use SSL over L2TP.
•
Symptoms: A Cisco IOS device may reload with an address error or have alignment errors and tracebacks such as %ALIGN-3-SPURIOUS or %ALIGN-3-TRACE
Conditions: The symptoms are most likely to occur when the TACACS+ server (ACS) sends an "authentication error" when ACS is configured, or when a request timeout occurs. There may be other AAA or TACACS related conditions that cause the symptom.
Workaround: There is no workaround.
•
Symptoms: The transform-set assigned to a crypto map may be truncated.
Conditions: The symptom is observed with a transform-set when configured manually via CLI and when assigned a name greater than three characters.
Workaround: Limit transform-set name to three characters or less.
•
Symptoms: Loopbacks, Null0, and other non-Point-to-Point interfaces are not allowed in a route-map set command because of the changes introduced with caveat CSCsk63775.
Conditions: This symptom is observed with Cisco IOS Release 12.4(18) or a later release. Upgrading to Cisco IOS Release 12.4(18) or a later release may break the existing network.
Workaround: Use Cisco IOS Release 12.4(17) or an earlier release.
•
Symptoms: Cannot enable AutoQoS on ATM subinterface.
Conditions: This happens on a Cisco 3800 router that is running Cisco IOS Release 12.4(15)T6.
Workaround: There is no workaround.
•
Symptoms: On an incoming call from PSTN, the beginning of a conversation may intermittently be missed.
Conditions: The symptom is observed on a Cisco AS5800 that is controlled via MGCP, and is running Cisco IOS Release 12.4(13)e.
Workaround: There is no workaround.
•
Symptoms: There may be a memory leak when the no pppoe enable command is applied.
Conditions: This symptom is observed on a Cisco 831 router.
Workaround: There is no workaround.
•
Symptoms: Packets are hardware-switched after applying IP precedence. The expected behavior here is that packets are software-processed when "ip precedence" is applied over "ip next-hop" because applying a policy over the other wipes the adjacencies that were already established.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SX or Release 12.2SR.
Workaround: There is no workaround.
•
Symptoms: Router emits traceback after the source-bridge ping 4095 15 4095 vmac xxxx.xxxx.xxxx command is entered.
Conditions: Happens after configuring the command source-bridge ring-group xxxx and try source-bridge ping 4095 15 4095 vmac xxxx.xxxx.xxxx.
Workaround: There is no workaround.
•
Symptoms: Cisco AS5400 router crashes frequently with Cisco IOS Release 12.4 (19b) attempting to free memory for X28 component.
Conditions: This symptom is observed on a Cisco AS5400.
Workaround: There is no workaround.
•
Symptoms: Causes router to reload following a SNMP get operation.
Conditions: Only occurs when a DHCP operation is configured with option-82 parameters.
Workaround: Do not query MIB objects relating to the DHCP operation configured with option-82
•
Symptoms: Trying to remove the MFR bundle crashes the router.
Conditions: After OIR, remove the VIP (those VIP interfaces are members of MFR bundle). Try to remove the MFR bundle.
Workaround: There is no workaround.
Further Problem Description: The MFR bundle has one Channelized PA interface as a member. OIR remove that PA seated VIP and next try to remove the bundle using the no int MFR command. The router crashes.
•
Symptoms: Hub router may crash after establishing 250 or more IPSec tunnels.
Conditions: The symptom is observed with 250 or more DMVPN tunnels with traffic flowing in them. It is seen when a QoS service policy is associated with the spokes which are up.
Workaround: There is no workaround.
•
Symptoms: QoS RTP statistics are not updated correctly for a short call duration.
Conditions: Call flow:
PSTN ---(E1)---> AS5850 -(MGCP)----> Call Agent.
–
–
–
Workaround: Reduce the ip rtcp report interval value on the gateway, and monitor the load.
•
Symptoms: Memory chunk allocated for LDP-IGP Sync may leak.
Conditions: The symptom is observed on a router with a dual link to its neighbor. LDP and LDP Graceful Restart are enabled on both routers. When LDP is disabled and re-enabled globally on the neighbor router, a small memory leak occurs on this router.
To verify the memory leak, on Router 1, enable memory leak debug with the set memory debug incremental starting-time command. On Router 2, disable LDP globally with the no mpls ip. Wait for LDP session go down, then re-enable LDP. On Router 1, the memory chunk leak for LDP should be seen with the sh mem debug leaks chunks command.
Workaround: There is no workaround.
•
Symptoms: Autoinstall process does not run correctly with a BOOTP or DHCP server in same LAN. Because of the problem, the configuration file may not be downloaded using TFTP from the network during autoinstall.
Conditions: The symptoms are observed with a Cisco 7200 series router that is running Cisco IOS Release 12.4(21.06)T01. It is observed with a BOOTP server and when the DHCP client and TFTP server are in same LAN. The client is configured to obtain an IP address for an interface (using the ip address dhcp command) and then the DHCP client configuration is copied to TFTP. The autoinstall process is started using "write erase and reload". It shows that no BOOTP information is received. The DHCP client downloads the hostname.confg file from TFTP. As a result, the configuration (using the ip address dhcp command) is missing on the interface.
Workaround: There is no workaround.
•
Symptoms: A router crashes if the zone cluster local command is configured with a cluster ID that is an empty string.
Conditions: This symptom is observed when the local cluster ID and the local zone associated with the cluster are an empty string and when the no service alignment detection command is configured.
Workaround: Configure the local cluster ID and the local zone associated with the cluster with a nonempty string. Also, configure the service alignment detection command to prevent the crash.
•
Symptoms: A router may log SCHED-3-STUCKMTMR for Dampening process, after which point all dampened interfaces will be permanently dampened from a routing-protocol viewpoint.
Conditions: This symptom is observed when multiple interfaces are configured with dampening feature.
Workaround: There is no workaround.
•
Symptoms: The system reloads.
Conditions: The symptom is observed when a dynamic crypto map is added to the existing GETVPN crypto map with a different sequence.
Workaround: There is no workaround.
•
Symptoms: A device reloads with a bus error and may display the following message:
CMD: ' aggregate-address 224.0.0.0 224.0.0.0 attribute-map GCI-aggregations
suppress-map Suppress-ESNAK' 16:19:05 GMT Wed Jun 18 2008
16:19:06 GMT Wed Jun 18 2008: Address Error (load or instruction fetch)
exception, CPU signal 10, PC = 0x60CDD444
Conditions: The symptoms are observed on a device configured with Border Gateway Protocol (BGP).
Workaround: There is no workaround.
•
Symptoms: The standby router crashes.
Conditions: This symptom is observed when a service-policy map is removed from a VC.
Workaround: There is no workaround.
•
Symptoms: A memory leak is observed in the CCH323_CT process when a load test is performed.
Conditions: This symptom is observed with Cisco IOS Release 12.4(18b) but not with Cisco IOS Release 12.4(19b).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may display the following traceback: %SYS-2-GETBUF
Conditions: The symptom occurs when ACLs are configured on the WAN interfaces of the router. When outbound packets fail and are dropped on an outbound ACL, a traceback is generated. If the packets are stopped or the ACLs removed, the tracebacks stop. The problem is seen with the VSA accelerator, but not seen when software crypto is used.
Workaround: There is no workaround.
•
Symptoms: Device Reloads after EIGRP adjacency changes.
Conditions: Occurs on a Cisco Catalyst 3560 running Cisco IOS Release 12.2(44)SE. This has been observed on several other devices also. At this stage, the root cause has not been found.
Workaround: There is no workaround.
•
Symptoms: Spurious memory and traceback is observed on a Cisco 5850 upon a gateway crash.
Conditions: The problem is seen when a gateway is handling voice and fax calls.
Workaround: There is no workaround.
•
Symptoms: Fast switching of multicast packets may not occur on the interface of a PE router. All multicast packets are forwarded in process switching.
Conditions: The symptom is observed after the interface is changed from a forwarding interface of one VRF to another VRF.
Workaround: There is no workaround.
•
Symptoms: A crash occurs.
Conditions: The crash is caused by a ping across an ISATAP tunnel. The symptom is observed only in Cisco IOS Release 12.4(15)T7 on the Cisco 7200 (it is not known to affect other platforms), since the crash is dependent on the Cisco IOS memory map (which varies with each image).
Workaround: There is no workaround.
•
Symptoms: EIGRP may lose some routes from stub neighbors in a DMVPN setup.
Conditions: If EIGRP graceful restart happens on an interface and the interface update queue is busy, then it may lose some routes from the stub neighbors on that interface.
For example, issuing the below commands can trigger this issue:
clear ip eigrp vrf abc as-number neighbors interface Wait 30 seconds clear ip eigrp vrf abc as-number neighbors interface soft
Workaround: Use the clear ip eigrp vrf abc neighbors command to fix the problem.
Another workaround is that graceful restart can be turned off by the no eigrp graceful-restart command under the router or the address-family command. This will cause the symptom to go away but will revert back to hard resetting peers on configuration changes or the clear ip eigrp neighbor soft command.
•
Symptoms: WIC-2AM-V2 and WIC-1AM-V2 card is recognized but the ping functionality may be broken.
Conditions: The symptoms are observed with a back-to-back connection of WIC-2AM-V2 and WIC-1AM-V2 modules with a third-party vendor connector.
Workaround: There is no workaround.
Further Problem Description: The problem is due to a prior checkin which made the state of the device dependent on the physical connection of the cable. This code was interfering with the software state machine which internally maintains the state of the machine.
•
Symptoms: Router is crashing while configuring "connect word voice-port 7/0:0 t1 7/0" and tracebacks can be observed.
Conditions: The symptoms are observed on a Cisco 5400 platform when configuring "connect word voice-port 7/0:0 t1 7/0".
Workaround: There is no workaround.
•
Symptoms: A router may crash when traffic is triggered between peers.
Conditions: The symptom is observed when two IPSec flows under each IKE SA are configured. If one IPSec flow is kept idle for each IKE SA and traffic is triggered between the peers, the router will crash.
Workaround: Do not configure the idle-timer for crypto ipsec security- association.
•
Symptoms: The following traceback may be seen after loading Cisco IOS Release 12.4(21):
%SYS-2-INTSCHED: 'sleep for' at level 2 -Process= "Init"
Conditions: The symptom is observed on a Cisco RSP8 (R7000) processor or a Cisco RSP16 (R7000A) processor that is running Cisco IOS Release 12.4(21).
Workaround: There is no workaround.
•
Symptoms: A router may experience a corner case crash if an IPv6 OSPF router is removed from the configuration.
Conditions: The following conditions must be met before router is removed from the configuration to experience the system crash:
–
–
Workaround: Ensure that when the IPv6 router is configured it runs properly (if it does not start, there is a warning printed on the console advising what action to take).
•
Symptoms: Dialer watch on the Cisco 3845 router makes the backup link of PPP multilink on the PRI port which is connected to BRI 4 port of peer router through ISDN net. If one out of four BRI ports is shut down on the peer router, the dialer watch does not keep the backup link up without resetting the idle timer at the expiration of idle timeout though the primary link remains down, causing the other three ports to be disconnected.
Conditions: This symptom occurs only when the BRI port which contains B-ch that became link up first is shut down. This symptom does not occur even if the other BRI ports are shut down.
Workaround: There is no workaround.
•
Symptoms: Callers that use a caller-ID length of 15 characters or greater cannot call out of analog MGCP ports.
Example:
MGCP Packet received from --->
CRCX 132 AALN/S0/SU1/0@nicmatth-ipipgw MGCP 0.1
C: A000000001000026000000F5
X: 23
L: p:20, a:PCMU, s:off, t:b8
M: recvonly
R: L/hd
S: L/rg, L/ci(08/08/15/44,1002,This is my long name)
Q: process,loop
<---
MGCP Packet sent to --->
510 132 unsupported caller id length
Conditions: The BELLCORE standards support only 15 characters, and the MGCP gateway disconnects the call because of unsupported caller-ID length and displays the following message:
510 unsupported caller id length.
Workaround: Configure a caller ID less then 15 character, or use the port with SCCP or H323 to prevent this. Also, the following cptones are not affected: "FR", "DE", "NO", "IT", "ES", "ZA", "TR", "GB", "AT".
•
Symptoms: A router may crash when entering the isdn test call command.
Conditions: The symptom is observed when the BRI interface is up.
Workaround: There is no workaround.
•
Symptoms: Service policy is missing from the running-configuration after a device is reloaded.
Conditions: The symptom is observed when the service policy contains a "police rate percent" that is 13% or less, and is applied to an MLPPP interface. It is observed with Cisco IOS Release 12.4(8c) and Release 12.4T.
Workaround: Use any one of the following:
1.
2.
3.
4.
•
Symptoms: A router reloads continuously on switching off one of the redundant power supplies.
Conditions: This symptom occurs when a router reloads continuously on switching off one of the redundant power supplies.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router may crash.
Conditions: The symptom is observed when we try to bring up the ATM-IMA interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running a PfR Master Controller crashes under stress.
Conditions: This symptom is observed when traffic with more than 2000 prefixes with about 500 unreachable prefixes is flowing through the router.
Workaround: Minimize the number of prefixes learned during an interval. The default of 100 should be sufficient.
oer master learn prefixes 100
•
Symptoms: T.38 fax call not terminating audio properly.
Conditions: RE-INVITE from SIP Fax application changes connection IP address in SDP. PGW sends changed IP address in MDCX to GW. GW responds with 200 acknowledging this change. GW still sends audio to IP address where original call terminated.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7206VXR router may crash periodically. An error message similar to the following (using the show version command) may be seen: System returned to ROM by bus error at PC 0x605663D8, address 0xFFFFFFF4
Conditions: The symptoms are observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.4(16). It is observed when MPLS-aware Netflow is configured along with ip flow-capture mac-addresses.
Workaround: De-configure ip flow-capture mac-addresses.
Further Problem Description: This issue is also seen with Cisco IOS Release 12.4(21).
•
Symptoms: IGMP v3 reports are discarded.
Conditions: Occurs on Cisco 7200 router running Cisco IOS Release 12.4(20)T2.
Workaround: There is no workaround.
•
Symptoms: A router reloads.
Conditions: Under certain crypto configurations with NetFlow also configured, the router will reload when required to fragment CEF-switched traffic on a Cisco 7200 router.
Workaround: There is no workaround.
•
Symptoms: TCL scripts and policies attempting to work with open files and sockets simultaneously may not operate properly. One symptom is the vwait command may fail by reporting "would wait forever".
Conditions: Occurs when a TCL script opens both a file and a client or server socket simultaneously.
Workaround: Open and close files and sockets separately. Avoid having them open simultaneously.
•
Symptoms: In Cisco IOS Release 12.4(20)T and 12.4(15)T7, IKE Phase 1 is not flushed by DPD (although IKE Phase 2 is correctly deleted). This can be verified by using the following commands: show crypto isakmp sa then show crypto ipsec sa
Conditions: The symptom is observed when the IPSec end node is behind NAT and DPD is configured. It is seen when the last IKE Phase 2 SA is deleted.
Workaround: Use Cisco IOS Releases up to 12.4(15)T6.
•
Symptoms: If connected routes are optimized using PfR, there will be a routing loop.
Conditions: This symptom can occur if, for some reason, PfR is learning connected routes or if the user has configured them.
Workaround: Create an oer-map with a prefix-list that contains the prefixes with the IP addresses of the connected routes (the next hops). Set the set observe mode in the oer-map.
•
Symptoms: When DDNS is disabled on the router, which is configured as the DHCP server, it sends option 81 in the DHCP ACK message with the N flag bit set to 1. But the DHCP Client fails to understand this and does not do PTR update. The issue is seen with a DNS server and a Cisco IOS DHCP server.
Condition: The issue is not seen with the Cisco IOS Release 12.3 code as it does not support DDNS and does not reply back with Option 81 in the DHCP ACK.
Work around: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(21a)
Cisco IOS Release 12.4(21a) is a rebuild release for Cisco IOS Release 12.4(21). The caveats in this section are resolved in Cisco IOS Release 12.4(21a) but may be open in previous Cisco IOS releases.
•
Symptoms: A Cisco AS5850 that is configured as a SIP gateway may crash unexpectedly when running a high volume of SIP calls.
Conditions: This symptom is observed on the Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: Tracebacks are seen after unconfiguration when using the clear ip nat translation * command.
Conditions: This traceback occurs with the c7200-js-mz.124-18a.fc2 image.
Workaround: There is no workaround.
•
Symptoms: If the WAN connection is DOWN on the VGW, the Media Gateway Control Protocol (MGCP) fallback mode may not load. The gateway remains in "MGCP Fallback mode: Enabled/OFF" mode.
Conditions: This symptom is observed with Cisco IOS Release 12.4(16).
Workaround: Shut down the interface.
Further Problem Description: It is possible that the link goes up and down frequently. The call manager application tries to download the XML file from CCM+TFTP even when the link is down. This sets a flag. The flag prevents the fallback.
•
Symptoms: There may be a memory leak when the no pppoe enable command is applied.
Conditions: This symptom is observed on a Cisco 831 router.
Workaround: There is no workaround.
•
Symptoms: A router may log SCHED-3-STUCKMTMR for Dampening process, after which point all dampened interfaces will be permanently dampened from a routing-protocol viewpoint.
Conditions: This symptom is observed when multiple interfaces are configured with dampening feature.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(21)
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(21). All the caveats listed in this section are resolved in Cisco IOS Release 12.4(21). This section describes severity 1 and 2 caveats and select severity 3 caveats.
•
Symptoms: Non-initial fragments may be dropped by the reflexive ACL.
Conditions: The symptom is observed on a Cisco router that is running Cisco IOS Release 12.4.
Workaround: There is no workaround.
•
Symptoms: After a secondary image is loaded by Standby, "NVRAM Verification Failed" messages show up on Standby console resulting in lost startup and private configuration.
Conditions: The problem is seen only on a Cisco RSP platform that is running Cisco IOS 12.2SB versions.
Workaround: Issue the write memory command as soon as slave comes up.
•
Symptoms: A router crashes when unconfiguring a T1 controller with an interface configured for RTP priority.
Conditions: This symptom has been seen on a Cisco 7200 NPE-G1 router loaded with Cisco IOS interim Release 12.2(31.4.17)SB.
Workaround: Ensure that the ip rtp priority or ip rtp reserve command is removed before deleting the interface.
•
Symptoms: Execution of the show version or show hardware commands during traffic may result in packet drops.
Conditions: This symptom occurs when executing the show version or show hardware commands.
Workaround: There is no workaround.
Further Problem description: Disabling NETIO interrupts/executing interrupt handlings of higher priority than NETIO interrupts have always been a source of packet drops on Cisco 7200 (as is the case with other uni-processor systems, for example CSCed10454). The drops usually occur due to lack of descriptors.
The show version and its constituent functions make use functions which are implemented as exceptions, which are user generated exceptions of higher priority than any interrupts.
•
Symptoms: The PRE3 may not parse the startup configuration.
Conditions: This symptom is observed on a Cisco router that has dual RPs.
Workaround: There is no workaround.
•
Symptoms: Modifying class parameters in a service policy attached to a multilink may trigger a crash, if the show policy-map int command is issued.
Conditions: The problem is platform independent, but it has been seen on a Cisco 7200 router that is running Cisco IOS Interim Release 12.4(13.13)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router may experience a CPUHOG condition.
Conditions: This condition is observed when there is an increase of more than 2000 sessions established.
Workaround: There is no workaround.
•
Symptoms: A short CPU hog seen in the ATM PA Helper process when an interface flaps and the framing configuration is modified on the interface.
Conditions: This symptom is observed on a Cisco 7200 with a PA-A3-T3 adapter that is running Cisco IOS Release 12.2(25)S or 12.2(31)SB (and possibly other Cisco IOS releases).
Workaround: There is no workaround.
Further Problem Description: The CPU hog is enough to cause OSPF adjacencies (with fast hello) to go down on other unrelated interfaces. The same problem is seen if BFD is configured.
•
Symptoms: A Cisco 7500 router may pause indefinitely after an interface reset.
Conditions: This symptom is observed on a Cisco 7500 router that is configured with input QoS service policy together with Distributed Link Fragmentation and Interleaving over Leased Line. It occurs when the shutdown and no shutdown commands are used.
Workaround: There is no workaround.
Further Problem Description: This bug fix implements enhancement in scheduling QoS classes with bandwidth less than 1% of the link rate, same as CSCdz40273.
•
Symptoms: PIM dense mode interoperability issues are seen with Cisco and third party boxes.
Condition: This symptom is observed when PIM dense mode is in operation. After the multicast forwarder is decided, based on the assert mechanism, a prune is erroneously sent. Multicast stream ceases to flow.
Workaround: There is no workaround.
•
Symptoms: When you modify an ATM PVC by entering the pvc vpi/vci command, any subsequent modifications in the VC class that is assigned to this PVC do not take effect.
Conditions: This symptom is observed when the PVC is preconfigured with a VC class when the following events occur:
1) You make a configuration change in the PVC.
2) You change the configuration in the VC class.
The configuration change in the VC class does not take effect.
Workaround: First complete the configuration changes in the VC class. Then, change the configuration in the PVC.
•
Symptoms: A Versatile Interface Processor (VIP) may crash while configuring T1 or E1.
Conditions: This symptom is observed with a VIP in which a PA-MC-8T1E1 port adapter is installed that is configured with either a T1 or an E1 controller.
Workaround: There is no workaround.
•
Symptoms: A Sup720 Multicast-VPN (MVPN) PE router may not advertise its mdt prefix (BGP vpnv4 RD-type 2) after reloading.
Conditions: This symptom is observed on a Sup720 MVPN PE router.
Workaround: Use the clear ip bgp command after reloading.
•
Symptoms: The clear ipv6 pim topology command may crash the router.
Conditions: The symptom is observed when using the clear ipv6 pim topology command on the router with 30,000 (S, G) multicast (mroute) state.
Workaround: Do not use clear ipv6 pim topology when the router has 30,000 mroute state. Rather, wait for three or more minutes for the mroute state to timeout and the router will remove the entry from the mroute table.
•
Symptoms: A Cisco 2800 router running zone-based firewall and URL filtering may reload.
Conditions: Occurs when URL filtering is unconfigured or reconfigured under the policy map during periods of high traffic.
Workaround: There is no workaround.
•
Symptoms: A PIM hello message may not reach the neighbor.
Conditions: This symptom is observed on a Cisco router when an interface comes up and a PIM hello message is triggered.
Workaround: Decrease the hello timer for PIM hello messages.
Further Problem Description: The symptom occurs because the PIM hello message is sent before the port can actually forward IP packets. IGP manages to get its neighborship up but PIM does not, causing RPF to change to the new neighbor and causing blackholing to occur for up to 30 seconds.
•
Symptoms: While using HTTP based authproxy authentication for large number of sessions, it is possible for some sessions to get stuck in unauthenticated state.
Conditions: The problem is seen when large number of users(200+) try to login to the network with a burst rate of 5 sessions/second.
Workaround: There is no complete workaround for this problem. But the customers can try the following. a) Identify the sessions that are in INIT state using show ip auth- proxy cache command. b) Clear the sessions using clear ip auth-proxy command. ) Identify the TCP sessions associated with the above users by using the show tcp brief command, and clearing the TCB by using the clear tcp tcb Address identified using the show tcp brief command. By using the above workaround the customers can ask the users to try to login again, and if the load on the box is not significant then it is possible for the user to complete the authentication.
•
Symptoms: A Cisco 7200 router crashes upon execution of a sequence of permit commands under "ipv6 access-list testipv6" subconfiguration mode.
Conditions: This symptom is observed on a Cisco 7200 router that is loaded with a Cisco IOS Release 12.4(13.13)T3 image.
Workaround: There is no workaround.
•
Symptoms: An incorrect NAS port ID is found while testing IDBless VLAN for PPPoE.
Conditions: The symptom is observed on a Cisco 7200 router.
Workaround: There is no workaround.
•
Symptoms: An alignment error (i.e., spurious memory access) that causes tracebacks such as "ipnat_nbss_is_special_packet" may be observed on a Cisco router.
Conditions: The symptoms are observed with a certain packet format, not yet identified. It is specific to the NetBios Session Service (NBSS) protocol.
Workaround: There is no workaround.
•
Symptoms: A Traffic Engineering (TE) tunnel does not re-optimize to explicit path after an MTU change.
Conditions: The TE tunnel is operating via explicit path. The MTU on outgoing interface is changed. OSPF is flapped, and it does not come up as there is MTU mismatch (MTU is not changed on peer router). Meanwhile the TE re- optimizes to a dynamic path-option as expected. Now the MTU is reverted back to the previous value, and the OSPF adjacency comes up. The TE tunnel does not re-optimize to explicit path. Manual re-optimization of the TE tunnel fails as well, and the TE tunnel sticks to the dynamic path.
Workaround: Enter the shutdown command followed by the no shutdown command on the particular interface.
•
Symptoms: Invalid updates to the system clock are allowed on the Cisco IOS command line interface (CLI).
Conditions: The symptoms are observed when a user attempts to configure the set end of summer-time earlier than the start of summer-time:
Router(config)#clock summer-time PDT date 11 mar 2007 2:00 ?
<1-31> Date to end
MONTH Month to end
Router(config)#$r-time PDT date 11 mar 2007 2:00 11 march 2007 00:00 60
Workaround: Do not pass invalid arguments to the clock summer- time command on the Cisco IOS CLI.
•
Symptoms: A router may crash when the clear ip bgp command is entered.
Conditions: Occurs on devices running BGP and configured as a route reflector client with conditional route injection configured.
Workaround: Unconfigure conditional route injection.
•
Symptoms: A router may crash when QoS is enabled.
Conditions: This symptom is seen with IMA ATM interfaces on Cisco 7500 and Cisco 7200. Occurs when ATM and serial interfaces have QoS configurations as output/input policy and when peer is reloaded/or write memory is done. This is specific to IMA .
Workaround: There is no workaround.
•
Symptoms: A secondary processor may crash when one is copying a file onto a subdirectoy in a slavedisk from the master and at the same time renames the subdirectory and then deletes the file from the slave console.
Conditions: This symptom is observed on a Cisco router that has an ATA file system.
Workaround: Do not rename the subdirectory and delete the file when it is being copied to the subdirectory.
•
Symptoms: A Cisco router may reload unexpectedly due to a bus error crash.
Conditions: The symptoms can be observed when the router is running Voice XML.
Workaround: There is no workaround.
•
Symptoms: A router crashes when configuring auto QoS on an ATM subinterface. The following error message is produced:
"%SYS-6-STACKLOW: Stack for process Exec running low"
Conditions: The symptom occurs when AutoQoS Discovery is enabled for untrust mode, and also when AutoQoS Discovery is enabled for trusted DSCP.
Workaround: There is no workaround.
•
Symptom: When an IMA group subinterface (atm1/ima1.14016) is configured before a no shut is done on the IMA group interface, the maximum value VBR-NRT peak cell rate (PCR) option is displayed as 1536/1920(T1/E1) instead of 1523/1904.
Conditions: Occurs when IMA group subinterface is configured before assigning ATM interface to the IMA group.
Workaround: Configure the IMA group interface first and then configure image group sub- interface.
•
Symptoms: On a Cisco router, OSPF might go into a loop during SPF calculation, causing high CPU utilization and rendering the router inaccessible.
Conditions: This symptom occurs when router LSAs with a link metric disallowed by RFC 2328 are present in the network (note that Cisco routers do not originate such LSAs) and when the network is unstable (link flapping during the SPF calculation).
Workaround: To fix the problem, reload the router. To prevent the problem, manually configure a link metric according to RFC 2328.
Important Note: CSCsk36324 caused MPLS TE defect CSCsl18176 and has been backed out under defect CSCsl18176. A new fix for this issue will be committed under defect CSCsl32318.
•
Symptoms: The inside interface of a Cisco router running EZVPN may become unresponsive when sending ICMP messages from a remote VPN client connection.
Conditions: Occurs when LZS compression is used on a Windows Vista client.
Workaround: Disable LZS compression.
•
Symptoms: Memory allocation failed atm_vpivci_to_vc error occurs and device crashes.
Conditions: Occurs while configuring for ATM-AutoVC or with incoming ATM traffic.
Workaround: There is no workaround.
•
Symptoms: Link-state advertisement (LSA Type 3) may not get flushed from the database when the route is suppose to be included as LSA Type 5.
Conditions: This symptom is observed when an LSA is changed from type 3 to type 5 on a Cisco router. This is a timing problem between OSPF and BGP. Routes redistributed into OSPF are shown as Type 3 LSAs when the sh ip ospf process-id database command is entered, even after the removal of the network command under the router which is advertising these routes. These routes are to be learned via Type 5 LSAs. This problem exists in all branches except Cisco IOS Release 12.2S.
Workaround: Configuring the PE routers in different domains using the domain-id A.B.C.D command can solve the issue.
•
Symptoms: Syslog displays password when copying the configuration via FTP.
Conditions: This symptom occurs when copying via FTP. The Syslog message displays the password given by the user as part of syntax of FTP copy.
Workaround: There is no workaround.
•
Symptoms: A Media Gateway Control Protocol (MGCP) gateway may return a 524 or 510 error code with the reason as "invalid local connection option" for a valid "L:" parameter in a CRCX message.
Conditions: The symptoms can be observed on a router that is running Cisco IOS Interim Release 12.4(17.4)T1 or later, when the debug mgcp parser command with verbose tracelevel is disabled.
Workaround: Enable debug mgcp parser with verbose tracelevel.
•
Symptoms: Spurious or misaligned memory access can be seen at atm_nvgen_static_map.
Conditions: The symptoms can be observed when an SVC is configured on an ATM interface and when executing the command show running- config.
Workaround: There is no workaround.
•
Symptoms: A cbs3120 switch may crash during license installation, while reloading the slave switch that is being installed with license.
Conditions: The symptoms are observed when: 1. Installing up to 10 licenses in one file on Slave 4 in one vty session. 2. Reloading Slave 4 while installing the license on another vty session.
Workaround: There is no workaround.
Further Problem Description: The issue is related to Inter-Process Communication (IPC). The crash is due to accessing an already freed port info. But the crash may be prevented by adding a check atcipc_notify_session_closure.
•
Symptoms: When EIGRP goes down, BGP installs the major network in the routing table. When EIGRP comes up again, it installs the subnet routes in the routing table, while the BGP major network remains in the routing table. Also, the BGP local source route is not installed in BGP table.
Conditions: Occurs on routers running Cisco IOS Release 12.4(10b) and 12.4(13c) Enterprise Services images.
Workaround: Reconfigure the network command
•
Symptoms: Router crashes after IPX routing is enabled.
Conditions: Problem happens only if an interface which has IPX network configuration is deleted after disabling IPX routing.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience the following errors:
%TCP-2-INVALIDTCB: Invalid TCB pointer: 0x476292F0 -Process=
"Skinny Socket Server", ipl= 0, pid= 260 -Traceback= 0x41259724 0x41A50418
0x41A54754 0x41A28134 0x41A2AFA4 0x41A2F30C 0x4095AB80 0x4095B5F4 0x423CD6E4
0x423CD6C8
%TCP-2-INVALIDTCB: Invalid TCB pointer: 0x476292F0 -Process=
"Skinny Socket Server", ipl= 0, pid= 260 -Traceback= 0x41259724 0x41A50418
0x41A54754 0x41A28134 0x41A2AF24 0x41A2F30C 0x4095ABA4 0x4095B5F4 0x423CD6E4
0x423CD6C8
Phones that are running over secure channels will have registration problems.
Conditions: This symptom occurs on a Cisco 2821 router that is running Cisco IOS Release 12.4(18).
Workaround: There is no workaround.
•
Symptom:
The following error messages are seen Memory allocation failed atm_vpivci_to_vc with subsequent device crash.
Conditions: Observed with incoming ATM traffic.
Workaround: None.
•
Symptoms: The Bootstrap Router message (BSM), with RP information and holdtime of zero, creates a group-mapping state when the RP information does not exist.
Conditions: The symptoms are observed in internal negative testing in an IPv6 multicast environment. Trigger is when a packet with an RP holdtime of zero is sent.
Workaround: There is no workaround.
•
Symptoms: Routers that are running Cisco IOS Release 12.4(13b) and Release 12.4(16) may crash when the show crypto pki timers command is executed.
Conditions: This symptom is observed under a narrow set of conditions. Offending conditions occur when certificates are issued Certificate Distribution Point formatted in URL format. Certain other unknown circumstances must also occur.
Workaround: Avoid using the show crypto pki timers command.
•
Symptoms: Under a high load of multicast traffic, a Cisco router may unexpectedly reload due to a CPU vector 300 or bus error.
Conditions: This symptom has been observed only in environments where more than 10 tunnels have been configured on the same device using multicast over these tunnels.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload with the following symptoms:
%SYS-3-MGDTIMER: NZ prev pointer but not running, timer = 64C37818. -
Process= "IP Input", ipl= 4, pid= 66 -Traceback= 0x60746048 0x6084EA34 0x6084F14C 0x62333AD8
0x62337C70 0x62306494 0x623068B0 0x60A40654 0x60A416F8 0x60A41778 0x60A41964 Oct 31
22:55:48.894: %SYS-3-MGDTIMER: Setting zero expiration time, timer = 64132350. -Process= "IPSEC
key engine", ipl= 4, pid= 150 -Traceback= 0x60746048 0x6084E9A8 0x6084FA18
22:55:48 zulu Wed Oct 31 2007: Address Error (load or instruction fetch) exception, CPU signal 10, PC =
0x60815B08
0x60815B08 0x6084FCA4 0x622B2E54 0x622B39C4
Conditions: Occurred on a Cisco 7206VXR running Cisco IOS Release 12.4(16).
Workaround: There is no workaround.
•
Symptoms: WebVPN hangs after a few days of working. When this happens, no WebVPN connections are active and no new connections can be established. The debug ip tcp transaction command shows connection queue limit reached: port 443 errors. The show tcp brief command displays many sessions in SYNRCVD and TIMEWAIT states. Problem is recovered either by reload or by entering the clear tcp tcb * command. There are few stale sessions in CLOSED state left after clearing TCP.
Conditions: Issue seen in Cisco IOS Release 12.4.15T and Cisco IOS Release 12.4.15T1 when WebVPN is configured. The issue is intermittent and happens after few days or weeks of working.
Workaround: To restore TCP connectivity, issue clear tcp tcb * or reload the router. Note that this will clear all TCP sessions on the router.
•
Symptom: GPRS tunneling protocol (GTPv1) periodic interim accounting records are not sent out by device.
Conditions: Occurs when using GTPv1 PDP together with AAA periodic interim accounting configuration.
Workaround: None.
•
Symptoms: WS-C6506-E with WS-SVC-IPSEC-1 keeps crashing with error %SYS-3-CPUHOG: Task is running for (126000)msec This is a CPU HOG SW forced crash.
Conditions: The symptoms can be observed under stress conditions and when ipsec-isakmp is enabled.
Workaround: There is no workaround.
Further information: This is a day one bug that just surfaced. The customer found this under heavy stress conditions. The node list is getting corrupted, hence will iterate through the list indefinitely causing the CPU hog.
•
Symptoms: Interfaces remain down after using the clear service module command on an interface with the loopback remote command initiated. Also the show service- module command may show ambiguous output.
Conditions: The symptoms can be observed when the loopback line or loopback dte commands are initiated and cancelled before initiating the loopback remote full command.
Workaround: Reload the router.
Further Problem Description: Procedure HWIC-1DSU-T1-------------------HWIC-1DSU-T1
1.
2.
3.
4.
5.
•
Guest
