Table Of Contents
Caveats for Cisco IOS Release 12.4
Open Caveats—Cisco IOS Release 12.4(21)
Resolved Caveats—Cisco IOS Release 12.4(21)
Resolved Caveats—Cisco IOS Release 12.4(19b)
Resolved Caveats—Cisco IOS Release 12.4(19a)
Resolved Caveats—Cisco IOS Release 12.4(19)
Resolved Caveats—Cisco IOS Release 12.4(18c)
Resolved Caveats—Cisco IOS Release 12.4(18b)
Resolved Caveats—Cisco IOS Release 12.4(18a)
Resolved Caveats—Cisco IOS Release 12.4(18)
Resolved Caveats—Cisco IOS Release 12.4(17b)
Resolved Caveats—Cisco IOS Release 12.4(17a)
Resolved Caveats—Cisco IOS Release 12.4(17)
Resolved Caveats—Cisco IOS Release 12.4(16b)
Resolved Caveats—Cisco IOS Release 12.4(16a)
Resolved Caveats—Cisco IOS Release 12.4(16)
Resolved Caveats—Cisco IOS Release 12.4(13f)
Resolved Caveats—Cisco IOS Release 12.4(13e)
Resolved Caveats—Cisco IOS Release 12.4(13d)
Resolved Caveats—Cisco IOS Release 12.4(13c)
Resolved Caveats—Cisco IOS Release 12.4(13b)
Resolved Caveats—Cisco IOS Release 12.4(13a)
Resolved Caveats—Cisco IOS Release 12.4(13)
Caveats for Cisco IOS Release 12.4
September 24, 2008
Cisco IOS Release 12.4(21)
Text Part Number OL-7656-13 Rev. B0
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.4, up to and including Cisco IOS Release 12.4(21). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact caveats-doc@cisco.com. For more information, see the "Obtaining Documentation and Submitting a Service Request" section on page 875.
Contents
•
Open Caveats—Cisco IOS Release 12.4(21)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•
•
Within the sections, the caveats are sorted by technology in alphabetical order. For example, Interfaces and Bridging caveats are listed separately from, and before, IP Routing Protocols caveats. The caveats are also sorted alphanumerically by caveat number.
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation and Submitting a Service Request" section on page 875.
For more information on caveats and features in Cisco IOS Release 12.4, refer to the following sources:
•
•
(If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
•
•
•
Note
The most recent release notes when this caveats document was published were Release Notes for
Cisco IOS Release 12.4, for Cisco IOS Release 12.4(21), on July 18, 2008.Open Caveats—Cisco IOS Release 12.4(21)
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(21). All the caveats listed in this section are open in Cisco IOS Release 12.4(21). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: TCP source ports that are used for connections that originate from a Cisco IOS platform may be chosen in a predictable manner.
Conditions: This symptom is observed for outbound TCP connections for which a particular source port is not required.
Workaround: There is no workaround.
•
Symptoms: It may take a long time for the IPSec router to detect that the CA server is down while trying to reach it for CRL retrieval.
Conditions: The symptom is observed on a LAN-to-LAN IPSec tunnel between two routers, where one router is configured for CRL checking.
Workaround: The situation may be slightly improved by lowering the "tcp synwait" value, for example: ip tcp synwait-time 5.
•
Symptoms: If a clear ip bgp neighbor address soft out command is issued for each iBGP neighbor with a 5+ second delay between them, the route will be cleared on the first iBGP neighbor but remains stuck on the other peers. Subsequent clear commands do not clear the remaining routes.
Conditions: The symptom is observed when a BGP route is advertised to iBGP neighbors residing under the same peer group. A filter list is then applied to deny the route from going out to the iBGP neighbors. A clear ip bgp neighbor address soft out command is issued to each of the iBGP neighbors with a 5+ second delay. The route gets cleared for the first iBGP neighbor but does not clear for the remaining peers.
Workaround: The route does not get stuck if the delay between the clear commands is removed.
•
Symptoms: A Cisco IOS VoIP gateway configured for IPIPGW (CUBE) functionality may crash.
Conditions: A gateway configured for IPIPGW functionality with the command allow-connections under voice service voip under rare conditions will crash while processing VoIP calls.
This has been found to occur in some scenarios where a single VoIP call loops (meaning the call is from the IPIPGW back to the same IPIPGW) through the IPIPGW.
When this occurs, the following error message may be noticed:
%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000
Workaround: Track down the source of the call looping and correct the problem there.
The other possible workaround is to introduce another termination point in the RTP packet flow beside the IPIPGW. For example, if interworking with Cisco Unified Communications Manager (Callmanager), a MTP resource may be used to prevent this loop.
•
Symptoms: Not all the NetMeeting sessions (h323) are obtained in the firewall when enabling the h323 protocol inspection.
Conditions: This is observed when inspection is done with double ACL configured.
Workaround: Applies to the following versions of NetMeeting:
–
–
–
–
–
–
–
–
–
–
–
–
–
NetMeeting uses the following IP ports to communicate with other meeting participants:
Port Purpose
-------------------------------------
389 Internet Locator Server [Transmission Control Protocol (TCP)]
522 User Location Server (TCP)
1503 T.120 (TCP)
1720 H.323 call setup (TCP)
1731 Audio call control (TCP)
Dynamic H.323 call control (TCP)
Dynamic H.323 streaming [Realtime Transport Protocol (RTP) over User
Datagram Protocol (UDP)]
To enable NetMeeting traffic, you must open a pinhole for these fixed TCP ports also with h323 inspection on the interface.
The workaround for this is:
1.
ip port-map user-NMAUX port tcp 522 1731 1503 description 'Port-map
configuration for NetMeeting'
2.
–
–
–
(Here LDAP (Lightweight Directory Access Protocol) is included for port 389.)
3.
Example configuration:--
fwodc1-2#sh run
Building configuration...
Current configuration : 2700 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname fwodc1-2
!
boot-start-marker
boot-end-marker
!
no logging console
enable password lab
!
no aaa new-model
!
!
ip cef
!
!
no ip domain lookup
ip host arf-sec11 223.255.249.16
ip inspect name test tcp
ip inspect name test udp
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
frame-relay switching
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no crypto engine onboard 0
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key letmein address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-des
!
crypto map test 10 ipsec-isakmp
set peer 10.0.0.1
set transform-set test
match address ipsec_acl
!
!
!
!
interface GigabitEthernet0/0
ip address 126.20.1.12 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.101.2 255.255.255.0
ip access-group 102 in
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
encapsulation frame-relay
clock rate 128000
no frame-relay inverse-arp
frame-relay intf-type dce
!
interface Serial0/0/1.587 point-to-point
ip address 10.0.0.2 255.0.0.0
ip access-group 101 out
ip inspect test in
ip virtual-reassembly
snmp trap link-status
frame-relay interface-dlci 587
crypto map test
!
router eigrp 100
network 10.0.0.0
network 192.168.101.0
no auto-summary
no eigrp log-neighbor-changes
no eigrp log-neighbor-warnings
!
ip default-gateway 126.20.1.1
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
ip access-list extended ipsec_acl
permit ip 192.168.101.0 0.0.0.255 192.168.1.0 0.0.0.255
!
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit icmp any any
access-list 101 permit eigrp any any
access-list 101 deny ip any any
access-list 102 permit udp any any eq isakmp
access-list 102 permit esp any any
access-list 102 permit ahp any any
access-list 102 permit icmp any any
access-list 102 permit eigrp any any
access-list 102 deny ip any any
access-list 110 permit tcp any any fragments
access-list 110 permit udp any any fragments
access-list 110 deny tcp any any
access-list 110 deny udp any any
access-list 110 permit ip any any
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
exec-timeout 0 0
speed 115200
line vty 0 4
login
!
exception core-file sisu-devtest/coredump/fwodc1-3.29738.core
exception dump 223.255.249.37
scheduler allocate 20000 1000
!
end
•
Symptoms: When IPv6 virtual fragmentation reassembly (VFR) is configured, IPV6 fragments are not transmitted across UUT.
Conditions: Occurs on routers running Cisco IOS Release 12.4(17) and Cisco IOS Release 12.4T.
Workaround: If VFR configuration is removed, fragments are passed as expected.
•
Symptoms: POTS/PRI calls cause phone to ring but have no voice.
Conditions: Occurred on a router configured for zone-based firewall (ZBF).
Workaround: Use Context-Based Access Control (CBAC) instead of ZBF.
•
Symptoms: EIGRP routes from the master to the switch do not propagate, causing EIGRP neighbor to flap.
Conditions: Before traffic starts, the routes are received correctly. Once traffic starts, neighbor starts flapping and EIGRP updates are not sent among switch and router.
Workaround: There is no workaround.
Further Problem Description: This issue is not being observed on Cisco IOS interim Releases 12.4(16.13)T and 12.4(16.5)T. The last passed release should be Cisco IOS interim Release 12.4(16.13)T while it is easily reproducible on release Cisco IOS interim Release 12.4(16.14)T1.
•
Symptoms: VIP where MCT3 is sitting may crash.
Conditions: Occurs when "micro reload" is issued on a Cisco 7500 router that is configured for dLFIoFR+QoS.
Workaround: There is no workaround.
•
Symptoms: A route introduced by Conditional Route Injection is not removed from the iBGP peer upon withdrawal.
Conditions: Consider this situation: Router B is a BGP router that has two eBGP peers, Router A and Router C. In a situation where RTR_A advertises a prefix and RTR_B injects a more specific prefix of it, the symptom is observed in two ways: 1. If RTR_A withdraws the advertised prefix, the more specific prefix is removed on RTR_B, but this withdrawal is not sent to RTR_A and RTR_C. 2. If the conditional route injection configuration is removed on RTR_B, the more specific prefix is removed on RTR_B, but this withdrawal is not sent to RTR_A and RTR_C.
Workaround: There is no workaround.
•
Symptoms: Recursive static routes are not being resolved. The show ipv6 rpf command does not show the recursion count in the RPF recursion count field.
Condition: This symptom occurs when nonlooping recursive IPv6 static mroutes are configured. This symptom is triggered when IPv6 is configured with PIM Sparse-Mode. The impact of this symptom is that Multicast traffic flow is affected.
Workaround: There is no workaround.
•
Symptoms: Reading flash can cause high CPU.
Conditions: Occurred on a Cisco AS5400 and Cisco AS5400XM running Cisco IOS Release 12.4(17).
Workaround: There is no workaround.
•
Symptoms: PVC configuration under ATM pt interface is lost on new standby.
Conditions: RPR+ is configured on Cisco 7500 router. Remove ATM pt interface on master, do a switchover and re-configure the ATM pt interface. The PVC config is not synced to new standby.
Workaround: There is no workaround.
•
Symptoms: Packets going out are not CEF (Cisco Express Forwarding) switched with dialer.
Conditions: The symptom is observed when the ip cef command is configured on NAS. The NAS is being checked for show ip cef. This may also occur for dialer rotary-group 1 configurations on the UUT.
Workaround: There is no workaround.
•
Symptoms: On a Hot Standby Router Protocol (HSRP) standby router, all accounting records for aaa accounting commands and aaa accounting system on the standby router of the HSRP pair are only available if those two commands are applied.
Conditions: AAA accounting is configured on a router pair running HSRP.
Workaround: Change the router to the active state before making changes that are to be logged.
Further Problem Description: The following message will appear when the debug aaa accounting command is executed and a record is suppressed:
*<time/date>: AAA/ACCT/CMD(00000003): Suppressed record
•
Symptoms: A Cisco router may crash multiple times due to a bus error with the following error message:
%SYS-3-MGDTIMER: Uninitialized timer, set_exptime, timer = 45BA0504.
-Process= "DLSw Background",
Conditions: The symptom is seen on a Cisco 7507 router that is running Cisco IOS Release 12.3(25).
Workaround: Verify that CEF is enabled and working correctly on all interfaces. This crash only occurs when packets are not being CEF-switched.
•
Symptoms: Tracebacks are seen after unconfiguration when using the clear ip nat translation * command.
Conditions: This traceback occurs with Cisco IOS c7200-js-mz.124-18a.fc2 image.
Workaround: There is no workaround.
•
Symptoms: An FXO port on a Cisco 2801 router may randomly become stuck in an off-hook state, displaying this error:
The TDM connection between the specified Analog/VWIC and the specified DSP has failed. %FLEXDSPRM-3-TDM_CONNECT: failed to connect voice-port (0/0/0) to dsp_channel (0/0/2)
Conditions: The symptoms are observed on an FXO port on a Cisco 2801 router that is running Cisco IOS Release 12.4(15)T1.
Workaround: The only workaround is to enter the shut command followed by the no shut command under the analog port.
•
Symptoms: The multicast may be limited to sending a packet size of 1480 bytes or less.
Conditions: The symptoms are seen on a Cisco 3800 series router that is running Cisco IOS Release 12.4(10). If the multicast sends packet sizes of 2000 bytes and then the clients send pings at 2000 bytes to the network for about 30 minutes, the clients then cannot receive any more than 1480 multicast bytes.
Workaround: Rebooting the router allows the wired and wireless clients to receive a packet stream of more than 1480 bytes.
•
Symptoms: When a Border Gateway Protocol (BGP) peer is brought down, some of the routes that were learned may not be removed. If around 200,000 routes are advertised from a neighbor and the BGP process on the neighbor is then stopped, all routes will be removed the first time. On the second time, however, around 20,000-80,000 routes may remain.
Conditions: The symptom occurs when the BGP process on the neighbor (that has advertised 200,000 routes or more) is brought down.
Workaround: There is no workaround.
•
Symptoms: Unable to ping the client from the reflector, with Send:Error in encapsulation.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(21).
Workaround: There is no workaround.
•
Symptoms: A router with output service policy and configured for CBWFQ, may crash during an end-to-end ping.
Conditions: The symptom occurs with a Cisco IOS c7200-js-mz.124-19.15 image. After applying output-service policy to the ethernet interface, the router will crash after receiving some packets during an end-to-end ping.
Workaround: There is no workaround.
Further Problem Description: This problem is not seen while using a Gigabit Ethernet interface.
•
Symptoms: Spurious accesses are seen when SNMP queries are performed on the router.
Conditions: This symptom occurs if SNMP queries like "snmpwalk -v2c 7.42.19.43 public .1.3.6.1.4.1.9.3.6.13.1" are performed on the router. Spurious accesses are seen.
Workaround: There is no workaround.
•
Symptoms: If the WAN connection is DOWN on the VGW, the Media Gateway Control Protocol (MGCP) fallback mode may not load. The gateway remains in "MGCP Fallback mode: Enabled/OFF" mode.
Conditions: The symptoms are seen with Cisco IOS Release 12.4(16).
Workaround: Shutdown the interface.
Further Problem Description: It is possible that the link goes up and down frequently. The call manager application tries to download the XML file from CCM+TFTP even when the link is down. This sets a flag. The flag prevents the fallback.
•
Symptoms: User-specific policy-based routes that are downloaded from the AAA server using Attribute 104 may not be installed.
Conditions: The symptom is seen if the policy-based routes are downloaded from the AAA server.
Workaround: Configure the policy-based routes locally.
•
Symptoms: When there is more then one BGP Router-Reflector (RR) being used for MVPN, if one of the RRs fails or manually removes a vpnv4 PE as a neighbor, the PEs who are RRC of other RRs will no longer see all the MDT groups from the other PEs.
Conditions: The symptom is seen in a MVPN environment where there are multiple BGP RRs.
Workaround: To resolve the missing MDTs, do a session clear or soft refresh on the remaining RR(s). The missing MDTS will be seen for all the missing PEs.
•
Symptoms: When IPv6 prefix delegation receives periodic RENEW message from a client, it may incorrectly bind the corresponding prefix for another client.
Conditions: The symptom is observed when IPv6 prefix delegation assigns a prefix to a client that is connected via a virtual access interface.
Workaround: There is no workaround.
•
Symptoms: On Cisco ISRs, calls may fail with the following error messages:
%C5510-1-C5510_CHPI_ERROR: cHPI error for pa_bay 0 pump 0 dsp 1.. (event [0x0021001c]) %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 1.
Conditions: The symptom is seen on a Cisco 3825 router that is running Cisco IOS Release 12.4(19).
Workaround: There is no workaround.
•
Symptoms: A call may fail because the 400 Setup failed for CRCX.
Conditions: It appears that the resource is busy, even though the customer has a lot of free DSP.
Workaround: Reload the router.
•
Symptoms: FTP/TFTP files may fail to transfer correctly. Users cannot connect to shared applications on a central site due to extreme slowness.
Conditions: The symptom occurs with an ATM connection on a Cisco 3845 router configured with an NM-1A-OC3-POM network module.
Workaround: There is no workaround.
Further Problem Description: This issue occurred when applying the proposed workaround for CSCsd73749 (tuning queue-depth to a value that provided optimal results). This resulted in 10 remote branches connected to a central site. After the configuration changes, all the sites were working except one. For that site, FTP and TFTP file transfers were failing, even though the ping is working.
•
Symptoms: On Cisco router acting as Home Agent, two bindings with different CoAs are getting added to the same tunnel resulting tunnel and binding mismatch.
Conditions: The symptom is seen on a Cisco router that is acting as Home Agent.
Workaround: There is no workaround.
•
Symptoms: Radio transmissions from LMR voice ports to PMCs may intermittently drop packets in the router.
Conditions: The symptom is seen where multiple PMC users monitoring the same stream cause more than three simultaneous RTP streams to be present on the LMR router.
Workaround: If customer is running PMC, turn off the keepalive on the PMCs.
•
Symptoms: SIP gateway crashes when a 302 response contains a contact header with the same IP address as that of SIP gateway.
Conditions: The crash occurs only when the 302 response contains a contact header with an IP address the same as that of the gateway IP address. The crash also occurs only when the IP address is mapped to a domain name exceeding the length of the IP address received in the contact header.
Workaround: Ensure that the IP address that is received in the 302 response is mapped to a domain name not exceeding the length of the IP address.
•
Symptoms: Router crashes while attempting OCSP revocation check.
Conditions: The symptom is seen on a Cisco router that is running Cisco IOS Release 12.4(21).
Workaround: There is no workaround.
•
Symptoms: IPv6 connected route for NAT/NVI will be deleted after the modem serial interface goes up, causing the NAT translation to fail.
Condition: The symptom is observed when using NAT-PT on modem serial interface. It is seen with a legacy dialer configuration.
Workaround: There is no workaround.
•
Symptoms: The signal of a Cisco 851w router may fluctuate.
Conditions: The symptom applies to different environments where multi-path is more of an issue.
Workaround: There is no workaround.
Further Problem Description: A spectrum analyzer shows that the router has a signal of -60(+/- 10)Db and that it stays at that level for about 7-10 seconds. It then drops by 40Db for 7-10 seconds before it restores itself to its original level.
•
Symptoms: A memory leak may occur when using the dot1x port-control force-authorized command.
Conditions: The symptom is observed on a Cisco 831 router that is running Cisco IOS Release 12.4.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload due to a bus error crash:
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x411E79C0
-Traceback= 0x411E79C0 0x411E8260 0x411D2C74 0x411D34F0 0x411D4B34
0x411D4CD8 0x423520C8 0x408BE970 0x408C25BC 0x408B7878 0x41215404 0x41231530
0x426D86F0 0x426CAFC8 0x42348C98 0x42348C7C
Conditions: The symptom is seen on a Cisco 2821 router that is running Cisco IOS Release 12.4(18). The crash appears to be triggered when the command no ccm-manager is entered.
Workaround: There is no workaround.
•
Symptoms: There may be no audio for incoming calls from the E1 side, and the following errors may be received during the setup phase of the call:
%C5510-1-C5510_CHPI_ERROR: cHPI error for pa_bay 0 pump 0 dsp 0. %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 0. %ISDN-6-DISCONNECT: Interface Serial0/1/0:6 disconnected from 2599, call lasted 15 seconds %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 0. %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 0. %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 0. %DSPRM-5-UPDOWN: DSP 2 in slot 0, changed state to up
Conditions: The conditions under which this symptom is observed are unknown.
Workaround: There is no workaround.
•
Symptoms: There may be irregular output policy-map counting with fragmentation after encryption.
Conditions: The symptoms are observed where QoS is used in combination with IPsec and the command crypto ipsec fragmentation after- encryption is entered.
Workaround: Do not use the crypto ipsec fragmentation after- encryption command.
Further Problem Description: Offered rate counter of show policy-map interface is large compared to show interface.
•
Symptoms: If either the command vlan-id dot1aq vlan-id or the command vlan-range dot1aq start-vlan-id end-vlan-id is configured on a main interface which is also configured for routing, and an ARP packet is sent to the router on the configured VLAN, then the router may send an ARP reply with a VLAN ID of zero.
Conditions: The symptoms are seen on a Cisco 2800 series and a Cisco 7200 series router when the command vlan-dot1q vlan-id is configured on the GigabitEthernet interface of a Cisco 2800 series router and encapsulation dot1q vlan- id is configured on the FastEthernet 2/1/2.1 interface.
Workaround: Change the Cisco 2800 series router's (CE) configuration to use a sub-interface for the vlan-id instead of using the vlan- dot1q vlan-id command on the main interface. With a sub-interface configured on the 2800, we can verify that the ARP packets are sent with proper VLAN ID.
•
Symptoms: A Cisco Catalyst 3750 switch may crash with an address error.
Conditions: The symptoms are most likely to occur when the TACACS+ server (ACS) sends an "authentication error" when ACS is configured, or when a request timeout occurs. There may be other AAA or TACACS related conditions that cause the symptom.
Workaround: There is no workaround.
•
Symptoms: On an incoming call from PSTN, the beginning of a conversation may intermittently be missed.
Conditions: The symptom is observed on a Cisco AS5800 that is controlled via MGCP, and is running Cisco IOS Release 12.4(13)e.
Workaround: There is no workaround.
•
Symptoms: There may be a memory leak when applying the command no pppoe enable.
Conditions: The symptom is observed on a Cisco 831 router that is running Cisco IOS Release 12.4(19).
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes.
Conditions: This symptom is observed on a Cisco 2801 router or Cisco 2811 router that is running Cisco IOS Release 12.4(13b) or Cisco IOS Release 12.4 (19b). The router crashes after receiving a malformed x25 packet.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400XM that is running Cisco IOS Release 12.4(9)T4 with the Cisco AS5x-FC module with the 5510 DSPs stays in the FW-DNLD state.
Conditions: The problem is seen after a DSP crash.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience a bus error crash:
%SYS-3-MGDTIMER: Previous timer has bad forward
linkage, timer = 20F0125C.
-Process= "IPSEC key engine", ipl= 4, pid= 167
-Traceback= 0x607426D4 0x6084C6CC
Address Error (load or instruction fetch)
exception, CPU signal 10, PC = 0x60812520
Conditions: This symptom is experienced on a Cisco 7206VXR (NPE-G1) that is running Cisco IOS Release 12.4(18a).
Workaround: There is no workaround.
•
Symptoms: Cisco AS5400 router crashes frequently with Cisco IOS Release 12.4 (19b) attempting to free memory for X28 component.
Conditions: This symptom is observed on a Cisco AS5400.
Workaround: There is no workaround.
•
Symptoms: Cisco 6500 with VPNSPA. When there are a large number of concurrent IPsec SAs being brought up, some IPsec SAs may not get enabled and show the status as:
"Status: Pending: outbound not enabled".
When this happens and there is a single IPSEC SA for a source/destination proxy, traffic will only get decrypted, and outbound traffic will not be encrypted, resulting in one-way communication.
This only seems to be a load related problem.
Conditions: This symptom occurs when a large number of IPSEC sessions are brought up concurrently.
Workaround:
1.
2.
3.
Further problem description: Here is an output snip of the show crypto ipsec sa command:
outbound esp sas:
spi: 0x1D769F82(494313346)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
conn id: 8052, flow_id: :6052, sibling flags 80000001, crypto
map: vpn1
sa timing: remaining key lifetime (k/sec): (4385848/2688)
IV size: 8 bytes
replay detection support: Y
Status: Pending: outbound not enabled.
•
Symptoms: Trying to remove the MFR bundle crashes the router.
Conditions: After OIR, remove the VIP (those VIP interfaces are members of MFR bundle). Try to remove the MFR bundle.
Workaround: There is no workaround.
Further Problem Description: The MFR bundle has one Channelized PA interface as a member. OIR remove that PA seated VIP and next try to remove the bundle using the no int MFR command. The router crashes.
•
Symptoms: A router that is running Cisco IOS Release 12.4(18) is crashing due to memory corruption in the same block pointer.
Conditions: This symptom is observed in a Cisco 2691 that is running Cisco IOS Release 12.4(18) and Cisco IOS Release 12.3(25).
Workaround: There is no workaround.
•
Symptoms: A router loses its default gateway during autoinstall.
Conditions: This issue was seen on Cisco IOS Release 12.4(15)T5, but should affect every Cisco IOS version.
Workaround:
1.
2.
event manager applet Check-Default-Route event syslog pattern
"CNS-3-TRANSPORT: CNS_HTTP_CONNECTION_FAILED"
action 1.0 cli command <CmdBold>enable<noCmdBold>
action 1.1 cli command <CmdBold>config term<noCmdBold>
action 1.2 cli command <CmdBold>interface GigabitEthernet0/0<noCmdBold>
action 1.3 cli command <CmdBold>shut<noCmdBold>
action 1.4 cli command <CmdBold>no shut<noCmdBold>
action 1.5 cli command <CmdBold>end<noCmdBold>
action 1.6 cli command <CmdBold>write<noCmdBold>
!
end
3. In network-confg, configure "ip address dhcp" for the interface which is supposed to get the default gateway from DHCP.
interface interface_name
ip address dhcp
end
•
Symptoms: QoS RTP statistics are not updated correctly for short call duration.
Conditions: Call flow:
PSTN ---(E1)---> AS5850 -(MGCP)----> Call Agent.
–
–
–
Workaround: Reduce ip rtcp report interval on the gateway and monitor the load.
•
Symptoms: Cisco IOS may take no actions against a Logical Link Control Type 2 (LLC2) packet with poll bit.
Conditions: This symptom occurs in rare situations.
Workaround: Reducing LLC2-T1 timer and/or LLC2-TPF timer on both LLC2 sides.
•
Symptoms: BGP does not originate routes when auto-summary is configured.
Conditions:
1.
2.
network 172.31.0.0 mask 255.255.192.0 or
network 172.31.0.0 mask 255.255.0.0
3.
network 172.31.195.213 mask 255.255.255.255
4.
Workaround:
1.
2.
3.
4.
Further Problem Description: Configuration example:
router bgp 65535
network 172.31.0.0 mask 255.255.255.192
network 172.31.195.213 mask 255.255.255.255
auto-summary
IGP route 172.31.195.213 is learned from RIP, OSPF, etc. The routes to be originated can be connected, or static routes too as long as they are configured after the initial BGP network statement processing.
Resolved Caveats—Cisco IOS Release 12.4(21)
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(21). All the caveats listed in this section are resolved in Cisco IOS Release 12.4(21). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: Non-initial fragments may be dropped by the reflexive ACL.
Conditions: The symptom is observed on a Cisco router that is running Cisco IOS Release 12.4.
Workaround: There is no workaround.
•
Symptoms: After a secondary image is loaded by Standby, "NVRAM Verification Failed" messages show up on Standby console resulting in lost startup and private configuration.
Conditions: The problem is seen only on a Cisco RSP platform that is running Cisco IOS 12.2SB versions.
Workaround: Issue the write memory command as soon as slave comes up.
•
Symptoms: A router crashes when unconfiguring a T1 controller with an interface configured for RTP priority.
Conditions: This symptom has been seen on a Cisco 7200 NPE-G1 router loaded with Cisco IOS interim Release 12.2(31.4.17)SB.
Workaround: Ensure that the ip rtp priority or ip rtp reserve command is removed before deleting the interface.
•
Symptoms: Execution of the show version or show hardware commands during traffic may result in packet drops.
Conditions: This symptom occurs when executing the show version or show hardware commands.
Workaround: There is no workaround.
Further Problem description: Disabling NETIO interrupts/executing interrupt handlings of higher priority than NETIO interrupts have always been a source of packet drops on Cisco 7200 (as is the case with other uni-processor systems, for example CSCed10454). The drops usually occur due to lack of descriptors.
The show version and its constituent functions make use functions which are implemented as exceptions, which are user generated exceptions of higher priority than any interrupts.
•
Symptoms: The PRE3 may not parse the startup configuration.
Conditions: This symptom is observed on a Cisco router that has dual RPs.
Workaround: There is no workaround.
•
Symptoms: Modifying class parameters in a service policy attached to a multilink may trigger a crash, if the show policy-map int command is issued.
Conditions: The problem is platform independent, but it has been seen on a Cisco 7200 router that is running Cisco IOS Interim Release 12.4(13.13)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router may experience a CPUHOG condition.
Conditions: This condition is observed when there is an increase of more than 2000 sessions established.
Workaround: There is no workaround.
•
Symptoms: A short CPU hog seen in the ATM PA Helper process when an interface flaps and the framing configuration is modified on the interface.
Conditions: This symptom is observed on a Cisco 7200 with a PA-A3-T3 adapter that is running Cisco IOS Release 12.2(25)S or 12.2(31)SB (and possibly other Cisco IOS releases).
Workaround: There is no workaround.
Further Problem Description: The CPU hog is enough to cause OSPF adjacencies (with fast hello) to go down on other unrelated interfaces. The same problem is seen if BFD is configured.
•
Symptoms: A Cisco 7500 router may pause indefinitely after an interface reset.
Conditions: This symptom is observed on a Cisco 7500 router that is configured with input QoS service policy together with Distributed Link Fragmentation and Interleaving over Leased Line. It occurs when the shutdown and no shutdown commands are used.
Workaround: There is no workaround.
Further Problem Description: This bug fix implements enhancement in scheduling QoS classes with bandwidth less than 1% of the link rate, same as CSCdz40273.
•
Symptoms: PIM dense mode interoperability issues are seen with Cisco and third party boxes.
Condition: This symptom is observed when PIM dense mode is in operation. After the multicast forwarder is decided, based on the assert mechanism, a prune is erroneously sent. Multicast stream ceases to flow.
Workaround: There is no workaround.
•
Symptoms: When you modify an ATM PVC by entering the pvc vpi/vci command, any subsequent modifications in the VC class that is assigned to this PVC do not take effect.
Conditions: This symptom is observed when the PVC is preconfigured with a VC class when the following events occur:
1) You make a configuration change in the PVC.
2) You change the configuration in the VC class.
The configuration change in the VC class does not take effect.
Workaround: First complete the configuration changes in the VC class. Then, change the configuration in the PVC.
•
Symptoms: A Versatile Interface Processor (VIP) may crash while configuring T1 or E1.
Conditions: This symptom is observed with a VIP in which a PA-MC-8T1E1 port adapter is installed that is configured with either a T1 or an E1 controller.
Workaround: There is no workaround.
•
Symptoms: A Sup720 Multicast-VPN (MVPN) PE router may not advertise its mdt prefix (BGP vp
Guest
