Table Of Contents
Resolved Caveats—Cisco IOS Release 12.4(9)T7
Resolved Caveats—Cisco IOS Release 12.4(9)T6
Resolved Caveats—Cisco IOS Release 12.4(9)T5
Resolved Caveats—Cisco IOS Release 12.4(9)T4
Resolved Caveats—Cisco IOS Release 12.4(9)T3
Resolved Caveats—Cisco IOS Release 12.4(9)T2
Resolved Caveats—Cisco IOS Release 12.4(9)T1
Resolved Caveats—Cisco IOS Release 12.4(9)T
Resolved Caveats—Cisco IOS Release 12.4(6)T11
Resolved Caveats—Cisco IOS Release 12.4(6)T10
Resolved Caveats—Cisco IOS Release 12.4(6)T9
Resolved Caveats—Cisco IOS Release 12.4(6)T8
Resolved Caveats—Cisco IOS Release 12.4(6)T7
Resolved Caveats—Cisco IOS Release 12.4(6)T6
Resolved Caveats—Cisco IOS Release 12.4(6)T5
Resolved Caveats—Cisco IOS Release 12.4(6)T4
Resolved Caveats—Cisco IOS Release 12.4(6)T3
Resolved Caveats—Cisco IOS Release 12.4(6)T2
Resolved Caveats—Cisco IOS Release 12.4(6)T1
Resolved Caveats—Cisco IOS Release 12.4(6)T
Resolved Caveats—Cisco IOS Release 12.4(4)T8
Resolved Caveats—Cisco IOS Release 12.4(4)T7
Resolved Caveats—Cisco IOS Release 12.4(4)T6
Resolved Caveats—Cisco IOS Release 12.4(4)T5
Resolved Caveats—Cisco IOS Release 12.4(4)T4
Resolved Caveats—Cisco IOS Release 12.4(4)T3
Resolved Caveats—Cisco IOS Release 12.4(4)T2
Resolved Caveats—Cisco IOS Release 12.4(4)T1
Resolved Caveats—Cisco IOS Release 12.4(4)T
Resolved Caveats—Cisco IOS Release 12.4(2)T6
Resolved Caveats—Cisco IOS Release 12.4(2)T5
Resolved Caveats—Cisco IOS Release 12.4(2)T4
Resolved Caveats—Cisco IOS Release 12.4(2)T3
Resolved Caveats—Cisco IOS Release 12.4(2)T2
Resolved Caveats—Cisco IOS Release 12.4(2)T1
Resolved Caveats—Cisco IOS Release 12.4(2)T
Obtaining Documentation and Submitting a Service Request
Resolved Caveats—Cisco IOS Release 12.4(9)T7
Cisco IOS Release 12.4(9)T7 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms—A description of what is observed when the caveat occurs.
•
•
Basic System Services
•
Symptoms: "Enqueue to process level" message is seen in logs.
Conditions: This symptom has been observed in Cisco IOS Release 12.4T and 12.4 (4)XD2. No debugs are enabled.
Workaround: There is no workaround.
•
Cisco IOS emits the %DATACORRUPTION-1-DATAINCONSISTENCY error message whenever it detects an inconsistency in its internal data structures.
A traceback appears after the error message. This traceback is encountered with long URLs.
It is important to note that this error message does not imply that packet data is corrupted. However, it does provide an early indicator of other conditions that can eventually lead to poor system performance or a Cisco IOS restart.
IP Routing Protocols
•
Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may cause a traffic outage.
Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled when a script adds and deletes ATM subinterfaces on a regular basis.
Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot be deleted, delete the subinterface, and then create a dummy subinterface that will pull the configuration that could not be deleted. Then recreate the first subinterface with a new configuration.
•
Symptoms: A router may reload unexpectedly when a routing event causes multicast boundary to be configured on a Reverse Path Forwarding (RPF) interface.
Conditions: This symptom is observed on a Cisco platform that is configured for PIM.
Workaround: Remove multicast boundary from the configuration.
•
Symptoms: A PIM hello message may not reach the neighbor.
Conditions: This symptom is observed on a Cisco router when an interface comes up and a PIM hello message is triggered.
Workaround: Decrease the hello timer for PIM hello messages.
Further Problem Description: The symptom occurs because the PIM hello message is sent before the port can actually forward IP packets. IGP manages to get its neighborship up but PIM does not, causing RPF to change to the new neighbor and causing blackholing to occur for up to 30 seconds.
•
Symptoms: The MPLS labels for packets that are forwarded via CEF and MPLS over a BGP route may not match the labels in the BGP table, which may lead to traffic loss.
Conditions: This problem occurs under certain circumstances and timing conditions.
Workaround: When the symptom occurs, enter the clear ip route command for the prefix in the VRF.
•
Symptoms: When the BGP session between a Route Reflector (RR) and PE router flaps, the RR may no longer send some routes to the PE router.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that integrates the fix for caveat CSCsi85222. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi85222. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the clear ip bgp * all in command on the PE router to retrieve all routes from the RR.
•
Symptoms: A traceback is seen at ipnat_dns_fix_resou.
Conditions: This symptom is observed when DNS traffic traverses the router and NAT is configured.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A router may crash when you attach a VC class to an ATM bundle.
Conditions: This symptom is observed on a Cisco 7200 series but is platform-independent.
Workaround: There is no workaround.
•
Symptoms: A router crashes with crypto tunnels with large transfers such that they cause IP fragmentation.
Conditions: Large pings.
Workaround: There is no workaround.
Further Problem Description: The underlying code has been modified to address this and other issues. It is unlikely that the same conditions that can cause the crash still exist.
•
Symptoms: Fast Ethernet interface 4 may not come up if Cisco Discovery Protocol (CDP) is disabled on that interface. The interface may get stuck in the "Initializing" phase.
Conditions: This symptom is observed when a Cisco 871 router is upgraded to a Cisco IOS Release 12.4(11.1)T image.
Workaround: The interface can be brought up by executing the shutdown command, followed by the no shutdown command, on Fast Ethernet interface 4 or by enabling CDP on the interface. Enabling CDP will work across reboots, whereas the shutdown/no shutdown method must be done after every reboot.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.
•
Symptoms: Conditional default origination into RIPv2 does not work correctly in the following scenarios:
1.
2.
The deault behavior can be seen at the following link:
http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_rip.html#wp1011008
Conditions: This symptom is observed if the default-information originate route-map map-name router RIP configuration command is used in order to generate a default route only when the watched network is present.
Workaround: There is no workaround.
•
Cisco IOS software configured for Cisco IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device.
Cisco has released free software updates that address this vulnerability.
A mitigation for this vulnerability is available. See the "Workarounds" section of the advisory for details.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml.
•
Symptoms: Having a configuration similar to the following:
interface Dialer1 ip address <ip add> <mask>
encapsulation frame-relay
dialer pool 1
dialer remote-name <other_end>
dialer string 0
dialer string oe_tn
dialer caller oe_tn
dialer max-call 1
dialer-group 1
frame-relay map ip <addr> <oe_dlci> broadcast
frame-relay interface-dlci <loc_dlci>
frame-relay ip tcp header-compression
no shutdownAnd entering in the following will crash the device:
interface Dialer1
shutdown
no interface Dialer1Conditions: Removing the Dialer interface configuration while having IPHC configured on that interface will crash the platform. This is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(16.5).
Workaround: Remove any IPHC CLI from the Dialer interface prior to deleting the Dialer interface from the configuration.
•
Symptoms: A Cisco IOS router that is running ZPF (Zone-based Policy Firewall) intermittently drops ESP packets even when it is configured to pass them. This causes traffic over an IPsec VPN tunnel through this router to fail intermittently, although the tunnel is up and phase 1 (isakmp) and phase 2 (ipsec) SAs have been established. If the router is configured to log dropped packets, it will log a %FW-6-DROP_PKT syslog message for these packets.
Conditions: This symptom is observed on a Cisco IOS router that is enabled with ZPF (Zone-based Policy Firewall) and that is configured to pass the ESP traffic based on a "match access-group" policy, where the access list has entries to permit the ESP traffic specifically from one host to another.
For example:
class-map type inspect match-any cm-esp
match access-group 100policy-map type inspect in2out
class type inspect cm-esp
passaccess-list 100 permit esp host 10.0.0.2 host 10.1.1.2
access-list 100 permit esp host 10.1.1.2 host 10.0.0.2
Workaround: Configure the access list so that the source is "any," for example:
access-list 100 permit esp any host 10.1.1.2
access-list 100 permit esp any host 10.0.0.2
First Alternate Workaround: Use the classic Cisco IOS firewall instead of ZPF; that is, use "ip inspect."
Further Problem Description: If an explicit deny rule is added to the above example, for example:
access-list 100 permit esp host 10.0.0.2 host 10.1.1.2
access-list 100 permit esp host 10.1.1.2 host 10.0.0.2
access-list 100 deny esp any any
Then the show access-list command will indicate that the dropped packets are hitting the deny rule, although they should match one of the permit rules:
Router# show access-lists 100
Extended IP access list 100
10 permit esp host 10.0.0.2 host 10.1.1.2 (999 matches)
20 permit esp host 10.1.1.2 host 10.0.0.2 (999 matches)
30 deny ip any any (1 match)
•
Symptoms: When running double authentication crypto configurations (ah encap and esp encap auth together) and passing large packet data that requires fragmentation, errored packets can be observed.
Conditions: This symptom has been observed only on routers with AIM-VPN-PLUS AIM cards installed. Routers that support this AIM are the Cisco 1800, Cisco 2600, Cisco 2800, Cisco 3700, and Cisco 3800 routers.
Workaround: Do not use ESP and AH double authentication. You can use the no crypto engine accel command in the configuration to run encryption in the SW engine.
•
Symptoms: A Cisco AS5850 responds with a 500 Endpoint Unknown to a CRCX for an endpoint on a channelized T3 card. The endpoint otherwise responds normally to AUEP command.
Conditions: This symptom is observed on a Cisco AS5850 that is controlled via MGCP, and the endpoint naming t3 command is configured on the router in either global MGCP configuration or MGCP profile.
Workaround: Do not configure the endpoint naming t3 command. Use t1 endpoint naming instead.
•
Symptoms: Performing the snmpwalk on the ipRouteTable MIB may cause high CPU and reloads.
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(13b) or later releases.
Workaround: Create a view that excludes the ipRouteTable:
snmp-server view cutdown 1.3.6.1.2.1.4.21 exclude
snmp-server view cutdown internet included
snmp-server community <comm> view cutdown ROThis view restricts the objects that the NMS can poll. It excludes access to the ipRouteTable, but allows access to the other MIBs.
•
Symptoms: A router that is running Cisco IOS software may reload unexpectedly.
Conditions: This symptom is observed when running show commands on an exec session that has been established through one of the integrated modems on a WIC-AM or WIC-2AM.
Workaround: There is no workaround.
•
Symptoms: The following message is seen on the router:
*Aug 6 16:34:47.188: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x8005EC50, -Traceback= 0x809971F4 0x809B9C2C 0x809DD8A4 0x8005EC50 0x800651E4 0x800652A8 0x809E42D4 0x809C4A38 0x800652EC 0x809C4BA0 0x809E42D4 0x80A0854C 0x800DB8C0 0x800DEE48
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400HPX crashes due to a bus error as indicated by show version "System returned to ROM by bus error at PC 0x61728370, address 0xB0D0B45."
Just before the crash the following error message is seen:
%SYS-2-NOTQ: unqueue didn't find 674D6D40 in queue 3C -Process= "MGCP Application", ipl= 0, pid= 170
Conditions: This symptom is observed on a Cisco AS5400HPX.
Workaround: There is no workaround.
•
Symptoms: A router crashes while a service policy is being attached, detached, or modified across a virtual template under traffic.
Conditions: This symptom is observed on a Cisco 7200 or Cisco 7301 router that is configured with MLPPP over FR on channelized interfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly with a software forced crash.
Conditions: This symptom is observed when the FXS port is configured with a DN and the gateway is being reset by CallManager 4.2.
Workaround: There is no workaround.
•
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml
•
Symptoms: A Cisco 7200 NPE-G2 router with a VSA encryption card, terminating IPSec EasyVPN Dynamic Virtual Tunnel Interfaces, exhibits high CPU utilization during IKE and IPSec rekeys, potentially causing some tunnels to go down.
Conditions: This symptom is observed on a Cisco 7200-G2 router with a VSA card, acting as an IPSec HUB, terminating EasyVPN DVTI remote-access IPSec tunnels into VRFs. At high tunnel scale (more than 1000 tunnels), the CPU can spike close to 100 percent during IKE and/or IPSec rekey, potentially causing traffic and tunnels to drop.
Workaround: Do not use more than 1000 RA EasyVPN DVTI tunnels on a Cisco 7200. Or switch to Legacy EasyVPN tunnels (with dynamic crypto maps).
•
Symptoms: The MPLS forwarding table has an untagged outgoing entry for a VPNv4 prefix in a CSC case.
Conditions: This is an LDP/IGP (OSPF etc.) based CSC-PE. The VPNv4 prefix shall have a local/redistributed (PE-CE OSPF etc.) path as well as an iBGP path. If the CE path is toggled and then there is a LABEL ONLY change from the iBGP neighbor, the issue will be seen. BGP will end up programming "Untagged" for the local/redistributed prefix, overwriting what is given by LDP.
Workaround: There is no real workaround. To clear the problem, issue a clear ip route command for the vrf-prefix in question. If there are redundant paired PEs, make sure to clear the problem on both routers with the clear ip route command.
•
Symptoms: T38 negotiation is failing for an incoming UPDATE request that has a T38 offer.
Conditions: This symptom occurs when the voice gateway is running Cisco IOS Release 12.4(15)T and is processing incoming Session Initiation Protocol (SIP) calls. When the SIP call is active and an UPDATE request is received that contains a T38 offer, the UPDAE request is rejected. The switchover from voice to fax fails.
Workaround: Fax over T38 works fine when midcall INVITE is used for T38 negotiation.
•
Symptoms: A voice gateway may modify the Presentation Indicator (PI) field when processing a voice call.
Conditions: The voice gateway is running Cisco IOS Release 12.4(9)T5 and processing incoming Session Initiation Protocol (SIP) calls. An incoming SIP call that has its PI field Oct 3a set to 0xA0 or to any other value is changed to 0x00 for no apparent reason when it is forwarded to the Telephony call leg.
Workaround: There is no workaround.
•
Symptoms: When Enhanced Compressed Real-Time Transport Protocol (ECRTP) is configured and when multiple packet drops occur, cRTP packets may stop being sent, and only cUDP packets are sent instead. Because cUDP packets are nearly as large as uncompressed packets, compression becomes completely inefficient.
Conditions: This symptom is observed on a Cisco router when ECRTP is configured on an interface and when a few packet drops occur, as in the following configuration example:
interface Serial2/0
ip address x.x.x.x x.x.x.x
ip rtp header-compression ietf
ip header-compression recoverable-loss 1
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(9)T6
Cisco IOS Release 12.4(9)T6 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: SNMP over IPv6 does not function.
Conditions: This symptom is observed on a Cisco router that integrates the fix for caveat CSCsg02387. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsg02387. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Use SNMP over IPv4.
•
Symptoms: Memory corruption occurs when a "| include" is used with a CLI command. An already in-use block gets freed and causes this corruption.
Conditions: This symptom can happen with any usage when a "| include" is used with a CLI command. It was found using a script for IPSec that resulted in "Crash on OIR of IPSec SLC module."
Workaround: There is no work around. It is a programming defect.
Further Problem Description: It is a rare corner case memory corruption when a block gets freed even when it is in use. It is caught by a script under stress testing conditions which results in such a rare condition.
While using CLI and "| include" it is rare to get such a corruption. If it happens, it will lead to box reload.
IP Routing Protocols
•
Symptoms: When there are link flaps in the network, various PE routers receive the following error message:
%BGP-3-INVALID_MPLS: Invalid MPLS label (1) received in update for prefix 155:14344:10.150.3.22/32 from 10.2.2.1
Or, a local label is not programmed into the forwarding table for a sourced BGP VPNv4 network.
Conditions: These symptoms are observed when an iBGP path for a VPNv4 BGP network is present, and then a sourced path for the same route distinguisher (RD) and prefix is brought up.
Workaround: Remove the iBGP path. Note that when the sourced path comes up first, the symptoms do not occur.
Alternate Workaround: Use different RDs with the different PE routers. When the RD and prefix do not match exactly between the iBGP path and the sourced path, the symptoms do not occur.
•
Symptoms: The TTL of a CNAME will be zeroed on a DNS reply after passing through a Cisco router that is configured for Network Address Translation (NAT).
Conditions: This symptom is observed on a Cisco router that is configured for NAT that is running Cisco IOS Release 12.4 or 12.4T. Only CNAME records are affected.
Workaround: Use static NAT translations with the keyword "no-payload".
•
Symptoms: Router tracebacks and then crashes during deconfiguration (removal) of VRF. The following message was seen prior to crash:
-Process= "IP RIB Update", ipl= 3, pid= 68
-Traceback= 609538D8 60D1B8B4 612B2838 612588C8 61258CD4 6125E61C 6125ED04 6125EF30 61261CDC 6125A14C 61265A08 6126BE10 6097CF00 609547D8 609548B8Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x609538FC
Conditions: No specific conditions are known to cause this fault.
Workaround: There is no workaround.
•
Symptoms: The system crashes when the show ipv6 ospf lsdb- radix hidden command is entered.
Workaround: Do not enter the show ipv6 ospf lsdb-radix command.
Miscellaneous
•
Symptoms: The output of show running-config command does not show a correct parent-child relationship between the control plane and its underlying service policy.
Conditions: This symptom is observed on a Cisco router that has control-plane features such as policing and port-filtering enabled.
Workaround: There is no workaround.
•
Symptoms: An RSP may crash when you enter the clear counters command.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.4 when you enter the clear counters command after the termination of voice calls that were made with PA-VXC-2TE1 port adapters.
Workaround: There is no workaround.
•
Symptoms: A router may reload or a leak memory may occur when UDP malformed packets are sent to port 2517.
Conditions: This symptom is observed on a Cisco router that functions as a VoIP dial peer and that is configured for H.323.
Workaround: There is no workaround.
•
Symptoms: RTP packets get transmitted when the mode is recvOnly and inactive.
Conditions: The problem occurs on a Cisco 3800 platform that is running Cisco IOS interim Release 12.4(13.9).
Workaround: There is no workaround.
•
Symptoms: If an access control list (ACL) is used for a destination only prefix, a fatal error is declared and shuts down optimized edge routing (OER). For destination only traffic classes, prefix-list should be used, not ACL or access control entry (ACE).
Conditions: This behavior is observed on Cisco IOS Release 12.4(11)T and later releases at this time.
Workaround: Use prefix list instead of ACL/ACE for destination only traffic classes. For example: - use prefix list for a traffic class 100.1.1.0/24 - use ACE for traffic class 100.1.1.0/24 DSCP af11
•
Symptoms: When a bidir PIM, with no directly connected receivers, router has to change its RPF interface to the RP, multicast traffic could be lost for up to 60 seconds.
Conditions: This symptom occurs if the connection to the first RP is lost and the middle router changes its RPF for its bidir upstream interface. The middle router then restarts the election process on all DF interfaces, and purges the interface point in the leaf router out its OI @L. That interface will only get repopulated upon a periodic state refresh from the leaf router because the leaf router does not have an RPF change and therefore has no reason to send a triggered Join.
Workaround: There is no workaround.
•
Symptoms: There is a memory corruption crash due to the following:
%SYS-3-BADFREEMAGIC: Corrupt free block ...
Conditions: This symptom is observed on Cisco IOS Release 12.4T with QoS enabled.
Workaround: There is no workaround.
•
Symptoms: A spurious access error occurs in tfib_post_table_change_sanity_check () function.
Conditions: This symptom occurs if route is deleted. ROUTE_DOWN event is triggered in tfib_post_table_change() function which in turn calls tfib_post_table_sanity_check(). In that function, spurious access is reported, as the only path of route is down.
Workaround: There is no workaround.
•
Symptoms: IMA group interface does not come up after the reload.
Conditions: This symptom is observed on a Cisco 2811 router with ATM interface that is using VWIC2-2MFT-T1/E1 connected to MGX AUSUM card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the IMA interface.
•
Symptoms: Before sending initial Invite, a Cisco gateway is doing DNS SRV query which gives the actual server name where SIP service is running. And then DNS A query for this server gives IP address of Proxy Server. So initial call is established through this SIP-proxy server. After getting SIP Refer message, to initiate call-transfer with Transfer-to location as Domain-Name, SIP-gateway is doing just DNS A Record Query for Refer-to Host which is returning an IP address where SIP is not running. This causes Transfer Failure.
Conditions: This symptom is observed on a Cisco 2800 series router but is not platform dependent. The Transfer-target address received in Refer is a FQDN (with default port -5060 OR no port).
Workaround: There is no workaround.
•
Symptoms: A router that is running NHRP leaks memory when many incomplete cache entries are created. The incomplete cache entries can be verified by typing the show ip nhrp command and looking for "type incomplete". The memory leaked can be seen by examining the output of the show chunk command and looking for "NHRP Cache".
Conditions: This symptom could occur when traffic to nonexistent or non- responding addresses are forwarded by the router over the DMVPN/NHRP cloud.
Workaround: There is no workaround.
•
Symptom: On ATM interface, if tx-ring-limit were set to 1 with heavy traffics then the interface might get wedged. Throughput performance is degraded due to many packets got dropped.
Condition: Set tx-ring-limit to 1 under atm interface with heavy burst traffics.
Workaround: Recommend minimal tx-ring-limit is 2 under this circumstance.
•
Symptoms: Compressed Real-Time Protocol (cRTP) shows errors and Low Latency Queuing (LLQ) shows drops from default queue although there is no traffic to match it.
Conditions: This problem can be seen under load of MPPP bundle of several serial interfaces with LLQ and cRTP enabled.
Workaround: There is no workaround.
•
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.
The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this bug.
The Security Advisory for this issue is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml.
Resolved Caveats—Cisco IOS Release 12.4(9)T5
Cisco IOS Release 12.4(9)T5 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When tuning particle clone, F/S, and header pools after these were made configurable via CSCuk47328, the commands may be lost on a reload.
Conditions: If the device is reloaded the commands are not parsed on a reload and this results in the defaults being active. This may result in traffic loss if the increased buffers were needed to enable greater forwarding performance for the specific network design.
Workaround: Configure an applet to enter the buffer values again after a reload. A sample applet would be:
event manager applet add-bufferevent syslog occurs 1 pattern ".*%SYS-5-RESTART: System restarted --.*"action 1.0 cli command "enable"action 2.0 cli command "configure terminal"action 3.0 cli command "buffers particle-clone 16384"action 4.0 cli command "buffers header 4096"action 5.0 cli command "buffers fastswitching 8192"action 6.0 syslog msg "Reinstated buffers command"•
Symptoms: A router may hand or crash because of memory corruption when HTTP is being accessed.
Conditions: This symptom is observed on a Cisco router when IPS is enabled. Other conditions may trigger the symptom too.
Workaround: When IPS triggers the symptom, disable IPS.
•
Symptoms: Authentication with Security Device Manager (SDM) 2.3.3 fails, preventing you from logging into the router through HTTPS, HTTP, SSH, Telnet, console, or any management application.
Conditions:This symptom is observed on a Cisco router that is "fresh out of the box" and affects the following routers:
–
–
–
–
–
–
–
Workaround: For extensive information and a workaround, see the following Field Notice:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
IP Routing Protocols
•
Symptoms: A router running Cisco IOS may unexpectedly reload. The crashes can be very different in nature, but the crashinfo should show the IP Input process as the currently running process:
---- Partial decode of process block ----Pid 84: Process "IP Input" stack 0x46C3C080 savedsp 0x46758540Conditions: This is seen when the router is configured for NAT and receives a fragmented skinny packet that it needs to reassemble and translate.
Workaround: Prevent the router from receiving a fragmented skinny packet by ensuring the path MTU between the call manager server and the router is large enough. Usually skinny packets aren't larger than 800 bytes.
•
Symptoms: A router that is configured for static NAT translations may lose its external/global ARP entry for a NAT address.
Conditions: This symptom is observed when traffic flows run across the router, for example, when the client is outside and server is inside, and when static NAT translation is used for periods of about two minutes.
Workaround: Configure a route map that matches the static NAT translation, and apply the static NAT entry by entering either one of the following commands:
- ip nat inside source static tcp local-ip local-port global-ip global-port route-map name reversible- ip nat inside source static local-ip global-ip route-map name reversible•
Symptoms: A few seconds after OSPF adjacencies come up, a router crashes because of a bus error.
Conditions: This symptom is observed on a Cisco router that functions as an ISR that is configured for OSPF.
Workaround: Add area 0 in the OSPF VRF processes.
Alternate Workaround: Enter the no capability transit command in the OSPF VRF processes.
Miscellaneous
•
Symptoms: The running configuration may not be accessible after you have copied a small file to the running configuration.
Conditions: This symptom is observed on a Cisco router that has an ATA file system after you have rebooted the router.
Workaround: Reboot the router once more.
•
Symptoms: A router using IPSec reloads immediately after exhausting the memory.
Conditions: This symptom occurs when a memory allocation request fails while processing an IPSec update, usually while creating an IPSec tunnel.
Workaround: There is no workaround.
Further Problem Description: This symptom occurs when updating the IPSec classification data structures.
•
Symptoms: The native Gigabit Ethernet (GE) interface on an NPE-G1 card may reset unexpectedly.
Conditions: This symptom is observed on a Cisco 7200 series when the underrun counter for the native GE interface increments continuously. You can verify the underrun counter in the output of the show interfaces gigabitethernet slot/port command.
Workaround: There is no workaround.
•
Symptoms: IKE negotiation fails with a wrong group preshared key.
Conditions: This symptom is observed on a Cisco router that has an eight character key such as "cisco123" that is defined under the EzVPN group configuration and occurs after you have entered the password encryption aes command.
Workaround: To prevent the symptom from occurring, do not use an eight character key under the EzVPN group. After the symptom has occurred, re-enter the group and key.
•
Symptoms: "%VPA-3-TSBUSY:VPA" and other error messages may be generated intermittently, and calls may fail.
Conditions: This symptom is observed on a Cisco 7206VRX that is configured with multiple VXC voice port adaptors.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the "Crypto IKMP" process.
Conditions: This symptom is observed when you use certificates for IKE authentication.
Workaround: Use preshared keys for IKE authentication.
•
Symptoms: When the OER BGP Inbound Optimization feature is configured and when route control is enforced, route control does not prepend autonomous systems or communities. Rather, router control prepends the same autonomous systems or communities to all external OER interfaces.
Conditions: This symptom is observed on a Cisco router when OER manages inside prefixes that are either learned or configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 5400XM router reloads unexpectedly during stress.
Conditions: This symptom has been seen during the stress of TDM-IP H.323 calls and SIP-SIP transcoding calls being run simultanesously.
Workaround: There is no workaround.
•
Symptoms: When you associate and then disassociate a VRF from a tunnel source interface, a DMVPN spoke may crash.
Conditions: This symptom is observed only when a VRF is configured on a tunnel interface.
Workaround: There is no workaround.
•
A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml.
•
Symptoms: One-way audio may occur and DTMF digits may not function.
Conditions: This symptom is observed on a Cisco gateway such as a Cisco AS5400 after a SIP transfer has occurred.
Workaround: Enter the no voice-fastpath disable command to resolve the one-way audio issue. There is no workaround for the DTMF issue.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•
Symptoms: There are several symptoms:
1.
...
Input Queue Full Error = 50
Output Queue Full Error = 2811
...2.
Conditions: This symptom is observed on a Cisco 850 series, Cisco 870 series, Cisco 1800 series, and Cisco 1810 series.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reboot the router to clear the faulty condition.
•
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack sy stems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
•
Symptoms: A Cisco 7961 router with a Cisco 7914 sidecar gets the display into a stuck state if a second call arrives while the first call is in progress of call transfer. The phone display is stuck on connected "Active call" even though the first call had been transfered.
This same symptom is found with the following scenario:
1.
2.
3.
4.
5.
Conditions: This symptom has been observed with a Cisco 7961 router with a Cisco 7914 sidecar configured with shared or overlay lines when a second call arrives on the same shared lines.
Workaround: Reset the IP phone to clear the phone.
•
Symptoms: A router may reset and generate a crashinfo file when memory that was allocated by a dead process is freed by another process.
Conditions: This symptom is observed on an RPM-XF-512 that runs Cisco IOS Release 12.4T but is not platform-specific.
Workaround: There is no workaround.
•
Symptoms: A Cisco router can experience a memory corruption crash related to encryption.
Conditions: This symptom has been observed when the memory lite global configuration command is disabled.
Workaround: Enable the memory allocation lite (malloc_lite) feature by using the memory lite command.
•
Symptoms: When you reload a Cisco 2600 series, the router may hang.
Conditions: This symptom is observed on a Cisco 2600 series when you attempt to run the c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: SSG memory is leaking in Cisco IOS Release 12.4(13b).
Conditions: This symptom occurs when the RADIUS proxy feature is used. Leaking could be triggered on the following call flow scenario:
1.
2.
3.
4.
5.
6.
7.
8.
Workaround: There is no workaround.
•
Symptoms: Incoming traffic from LAN is not correctly marked. The same traffic is not correctly enqueued when sent to the DSL interface.
Conditions: Enable QoS by means of class-map and policy-map commands.
Workaround: A software update is needed.
•
Symptoms: A router may crash when both a WIC-1AM or WIC-2AM and PVDMs are installed in the chassis.
Conditions: This symptom is observed when the modem interfaces are in the up/up state, that is, calls do not have to be in process for the symptom to occur.
Workaround: Remove the WIC-1AM or WIC-2AM from router and use only PVDMs.
•
Symptoms: A "SIP UPDATE" message from a Cisco CallManager or SIP Proxy Server with a "Cseq" value of 0 may be rejected or considered invalid by a Cisco gateway.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.4(9)T4 or a later release and that is connected to a SIP endpoint.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.4(9)T3.
•
Symptoms: Packets in traffic queues that are below their configured threshold may be dropped.
Conditions: This symptom is observed on a Cisco 877 and Cisco 1801 that run Cisco IOS Release 12.4(9)T3 when one of the queues trespasses its threshold. Note the following scenarios:
–
–
–
Workaround: There is no workaround.
Further Problem Description: Note that the symptom does not occur on a Cisco 878 and Cisco 1803.
•
Symptom: Ezvpn hardware client will not attempt to connect to the same peer or the next peer after QUICK MODE failure during IKE
Conditions: Ezvpn hardware client will remain in SS_OPEN state after the failure of QUICK MODE
Workaround: Clear the ezvpn session
•
Symptoms: Phone A believes that its offer (in first INVITE) is not answered yet, but that is wrong because UPDATE is for the second leg where the SDP answer is already sent in a 183 Session Progress.
Conditions: Call forwarding scenario. Call comes in from PSTN to a SIP, and forwarded to a another SIP Phone.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: H.323 calls on a Cisco IOS VoIP gateway may fail after the gateway has processed about 54,500 calls.
Conditions: This symptom is observed when H.323 uses TCP to transport signaling messages. When the Cisco IOS gateway must generate a unique port for the local TCP session, this port is selected from a range of open ports. When the number of times that an unique TCP session is created for the same IP address on the gateway exceeds 54,500, further attempts to create a local TCP port fail and calls are not completed.
The symptom occurs for H.323 calls only when a separate TCP session is established for the H.245 session. When H.245 tunneling is enabled or no H.245 session is established, the symptom does not occur for H.323 calls.
When the debug ip tcp transaction command is enabled on the gateway, the "TCP: Ran out of ports for network 0" debug output is generated when the symptom occurs.
Enabling debugs on a Cisco IOS gateway should always be done with caution to minimize impact to the performance of the router. As a minimum, ensure that logging to the console is changed from the default behavior of the debug level to, for example, an informational level.
Workaround: After the symptom has occurred, reload the Cisco IOS VoIP gateway. To prevent the symptom from occurring, ensure that for H.323 call processing all H.323 devices have H.245 tunneling enabled. This may not always be possible: for example, H.245 tunneling on Cisco CallManager is not supported.
Wide-Area Networking
•
Symptoms: A router may crash while establishing a PPP session.
Conditions: This symptom is observed when the ppp reliable-link interface configuration command is enabled on an interface that is bound to a dialer profile.
Workaround: Disable the ppp reliable-link interface configuration command, save the configuration, and reload the router. Disabling the command without reloading the router is not sufficient.
•
Symptoms: A Non-Facility Associated Signaling (NFAS) configuration with a back-to back PRI connection may fail and an "L3_GetUser_NLCB EVENT 0X2 No NLCB 2" error message may be generated, that is, a ping from the client to the router mail fail.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(13.11) when an interface is configured as a dialer interface. The symptom may also affect Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: A router crashes while sending large control packets between client and L2TP Network Server (LNS) in L2TP callback scenario.
Conditions: This symptom happens with a Cisco 7200 router that is running Cisco IOS interim Release 12.4(13.13)T1.
Workaround: There is no workaround.
•
Symptoms: A terminating gateway (TGW) that is configured for Cisco ISDN Interconnect for Voice Gateways Solution may crash.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(15.6) and that functions as a TGW with all PRI switch types from the user to the network side. The symptom occurs when the isdn test call interf ace interface-number dialing-string command is entered at the platform on which the call is initiated, when the originating gateway (OGW) is configured for the National ISDN (primary-ni) switch type, and when the TGW is c onfigured for the NT DMS-100 (primary-dms100) switch type. The symptom may also affect Release 12.4T.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(9)T4
Cisco IOS Release 12.4(9)T4 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The MIB object rttMonLatestRttOperTime returns a value of 0.
Conditions: This symptom occurs for IPSLA RTP operation only irrespective of whether the operation succeeds or fails.
Workaround: There is no workaround.
•
Symptoms: A router crashes while executing the type slm frame-relay interface command.
Conditions: This symptom has been observed with a Cisco 7200 router loaded with Cisco IOS interim Release 12.4(13.2)T.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Route Reflector (RR) does not withdraw a prefix that redistributes itself even if this prefix is removed from the BGP table.
Condition: This symptom is observed on a Cisco router that functions as an RR that advertises two of the same prefixes with different Route Distinguishers (RDs) when one of these prefixes redistributes itself and when the other prefix is a route that is learned from an RR client via iBGP.
Workaround: There is no workaround.
•
Symptoms: These symptoms have been observed:
–
–
–
Conditions: These symptoms have been observed with DMVPN set up.
Workaround: Disable CEF on the hub.
•
Symptoms: In Cisco IOS software that is running the Border Gateway Protocol (BGP), BGP may advertise a connected prefix that has been removed from the routing table, and cause using that prefix to get dropped. The advertisement may happen during a reload if IP Event Dampening is configured on the interface and suppresses the interface because of flapping during the reload. The problem may continue until the interface is unsuppressed, which depends on the nature of the flapping that occurs and on the parameters used to configure the dampening. In some releases, the problem may be corrected by a BGP scan. An outage of about one minute is not unreasonable.
Conditions: The symptom may happen if the BGP configuration includes a network command for the connected prefix. It requires an unlikely timing of events which is more likely to be observed with large configurations, and when the interface is configured to use small carrier delay timer. The symptom was observed in a configuration with about 1100 lines and with the carrier-delay msec 0 command configured on the interface in question.
Workaround: If the interface can be configured to filter out link outages during the restart then the IP Event Dampening suppression can be avoided. Configuring the carrier-delay msec 100 command on the interface may achieve this in some cases.
•
Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority. This is an error because only IP Precedence 6 packets should be classified as priority packets by SPD.
Conditions: This symptom has been observed on a Cisco router running Cisco IOS Release 12.2(18) and later.
Workaround: Use ACLs to block invalid IP Control packets from reaching the control plane.
Miscellaneous
•
Symptoms: A traceback may be generated when packets are transmitted over a basic IPSec connection between two peers in transmission mode and tunnel mode using multilink interfaces.
Conditions: This symptom is observed on a Cisco 3845 router that runs Cisco IOS Release 12.4(5).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience memory leaks in the Crypto IKMP process when using certificates for Internet Security Association and Key Management Protocol (ISAKMP) for peer authentication.
Conditions: This symptom has been observed on Cisco IOS Release 12.2(18)SXE5 and Release 12.4(9)T2. This symptom is platform independent.
Workaround: There is no workaround to prevent the leak and the only way to recover is to reboot the device.
•
Symptoms: A Cisco gatekeeper may experience a traceback and DSMP time out while testing H.323 Testcall, Silent call detection, and long call duration detection features.
Conditions: This symptom has been observed on a Cisco gatekeeper with Cisco IOS Release 12.4 while testing H.323 Testcall, Silent call detection, and long call duration detection features.
Workaround: There is no workaround.
•
Symptoms: After a router is booted or reloaded, a PVC bundle configuration that is established under an IMA interface is lost.
Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(11)T7 or Release 12.3(14)T7 and that has the service-policy output command enabled on the PVC bundle. The symptom may also affect Release 12.4 and Release 12.4T.
Workaround: Disable the service-policy output command on the PVC bundle.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: With IPv6, IPSec is non-functional. All crypto-related functions would be completely affected.
Conditions: This symptom has been observed when using IPv6.
Workaround: There is no workaround.
•
Symptoms: On a Cisco IOS router configured with GRE over IPSec or Virtual Tunnel Interface (VTI) configuration, this Access Control List (ACL) is bypassed if there is an ACL on the tunnel interface.
Conditions: This symptom occurs when there is another ACL configured on the outbound physical interface where the IPSec tunnel is terminated.
Workaround: Apply the ACL outbound on the protected LAN interface instead of the tunnel interface.
•
Symptoms: When using MTP on a Cisco IOS router, there could be RTP ports and rtpspi callegs hanging. Over time, the hanging RTP ports can accumulate and cause the router to run out of RTP ports, so MTP calls will fail.
Conditions: This symptom has been observed when using software MTP for supplementary services or when there is a high number of calls per second (CPS).
Workaround: Reload the router to release hanging ports.
•
Symptoms: A Cisco IOS router with DSPRM crashes with an out of buffer error under load.
Conditions: This symptom has been observed on a Cisco 2811 chassis with NM-HDV2 having four T1 connections, PVDM2-64 (4 DSP), and 768 MB RAM. With this setup, create 96 SIP G.729 dial-peers, make calls and start sending voice traffic. Also, create 96 multicast G.711 dialpeers and start traffic.
Workaround: There is no workaround.
•
Symptoms: When a router that has the ssg intercept dhcp command enabled receives a DHCP packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM), the router may unexpectedly reload because of a bus error.
Conditions: This symptom is observed on a Cisco router that functions as an SSG with PBHK enabled, when a host has received an IP address that is associated with a service (via the "J" Service-Info attribute), has logged out from the SESM, and then renews its IP address.
Workaround: There is no workaround.
•
Symptoms: A router is crashing due to memory corruption with following message:
%SYS-3-OVERRUN: Block overrun at 3F379450 (red zone 2A2A2A2A)Conditions: This symptom has been observed on a Cisco 2800 router running Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: The radius-server, which is used for accounting, is marked dead.
Conditions: When radius extended source ports is used, the new extended ports may potentially overlap with UDP port range of other applications. An example of this is when the router is also seeing UDP packets for RTP such as in an IP-to-IP Gateway setup.
Workaround: Remove the radius-server source-ports extended command from the configuration.
•
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•
Symptoms: If the authenticate register command is configured under the voice register global command, CME SIP failed to registered.
Conditions: The authenticate register command is configured under the voice register global command, when CME is acting as a registrar.
Workaround: Disable the authenticate register command under the voice register global command.
Further Problem Description: In registrar functionality, CME challenges an inbound register request with a 401 response. If the authenticate register command is configured under the voice register global command, the Registering Endpoint then ends a Register Request with Credentials. The Gateway Stack is not processing this request and is dropping it.
•
Symptoms: A VSI session man become stuck in the "RESYNC_UNDERWAY" state, preventing LVC connections from being set up. This situation is not cleared automatically, and error messages are not flushed, as is shown in the output of the show controller vsi session command.
Conditions: This symptom is observed on a Cisco router that functions as a Label Switch Controller (LSC).
Workaround: There is no workaround.
•
Symptoms: Hung SIP calls legs are seen on the voice gateway.
Conditions: Hung legs can be seen when outgoing SIP calls are not answered and the terminating UA does not send the final response for INVITE.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a router that is configured for SSG when unsupported 3GPP attributes are received by SSG.
Conditions: This symptom is observed when SSG is configured to function in RADIUS proxy mode.
Workaround: Ensure that the unsupported 3GPP attributes are removed by filtering them before a RADIUS packet is received by SSG.
•
Symptoms: A Cisco 7200 series router may crash during boot time or while writing or erasing configuration at flow_def_master_list_lookup.
Conditions: This symptom has been observed on Cisco 7200-NPEG1 and 7200-NPEG2 routers at bootup. The symptom has also been observed when trying to write or erase configuration from memory or trying to execute the show running- config command.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: In Cisco IOS software that is running the Bidirectional Forwarding Detection (BFD) protocol, attempts to remove BFD sessions may fail.
Conditions: The symptom has been observed after the maximum number of supported sessions has been configured. The maximum number is 128 in most but not all releases.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: When asynchronous serial interfaces are used as member links in multilink PPP bundles, the router may crash due to memory corruption.
Conditions: This problem can occur under conditions where multilink fragmentation is done, and where the bundle includes at least one member link that is an asynchronous interface.
Workaround: Disable fragmentation on the bundle interface for any bundle that may include asynchronous links as members. Alternatively, if the use of multilink is not a requirement, disable multilink on the asynchronous interfaces.
•
Symptoms: The output of the show isdn active command may show disconnected calls.
Conditions: This symptom is observed on a Cisco router when analog modem calls are made after a normal ISDN digital call has been made.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(9)T3
Cisco IOS Release 12.4(9)T3 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router hangs on a regular basis producing the following traceback:
%SYS-2-NOTQ: unqueue didn't find 0 in queue 82E19A74
-Process= "<interrupt level>", ipl= 2
-Traceback= 0x80836CE8 0x814DC7F0 0x814EBE5C 0x816DF1F0 0x816DF2A8 0x816DEF74
0x816DE8D4 0x80076750 0x8072CFA0 0x8072D10C 0x803B128C 0x80143E5C 0x801383B4
0x8013AB0C 0x8013D6E0 0x8037DF44
Conditions: This symptom is observed on a router that is acting as an EzVPN Client. From the traceback, it seems that the BVI interface is involved in the crash.
Workaround: Disable bridging or HW encryption.
•
Symptoms: A memory leak may occur in the Entity MIB API process.
Conditions: This symptom is observed when an entity is registered with the same name as an entity that is already registered.
Workaround: There is no workaround.
•
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
•
Symptoms: The tacacs-server directed-request command appears in the running configuration when is should be disabled. When you disable the command by entering no tacacs-server directed-request and reload the router, the command appears to be enabled once more.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that integrates the fix for CSCsa45148, which disables the tacacs-server directed-request command by default.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa45148. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Temporary Workaround: Each time after you have reloaded the router, disable the command by entering no tacacs-server directed-request.
•
Symptoms: Cisco IOS may restart when receiving a crafted TACACS+ msg-auth-response-get-user packet after it sends out an initial TACACS+ recv-auth-start packet.
Conditions: This symptom has been observed with TACACS+ packets.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly send an ARP request from all its active interfaces to the nexthop of the network of an SNMP server.
Conditions: This symptom is observed on a Cisco router that has the snmp-server host command enabled after any of the following actions occur:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A TLB exception may occur on a Cisco platform that functions as a PE router in an MPLS environment, and the following error message may be generated:
TLB (load or instruction fetch) exception, CPU signal 10 (BadVaddr : DEADBEF3)
Conditions: This symptom is observed on a Cisco platform when TACACs accounting and authorization is enabled and when the TACACs server is reachable through the global routing table.
Workaround: Disable AAA. Is this not an option, there is no workaround.
IBM Connectivity
•
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml
IP Routing Protocols
•
Symptoms: EIGRP specific Extended Community 0x8800 is corrupted and shown as 0x0:0:0.
Conditions: EIGRP specific Extended Community 0x8800 is corrupted when received over IPv4 EBGP session. Typical scenario is an Inter-AS:
ASBR/PE-1 ----vrf2vrf--- ASBR/PE-2
Workaround: Disable propagation of extended communities across ASs.
•
Symptoms: Two or more UDP NAT translations that relate to different requests may be assigned port numbers with the same inside global IP address.
Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(11)T9, Release 12.4, or Release 12.4T when more than one IP phone attempts to register through a router that is configured for NAT Overload.
Workaround: There is no workaround.
•
Symptoms: A default route that is defined by the neighbor default-originate command may be ignored by the BGP neighbor.
Conditions: This symptom is observed on a Cisco router after a route flap in the network causes the default route to be relearned.
Workaround: Manually clear the BGP neighbor to enable the router to correctly relearn the default route.
•
Symptoms: Enabling NAT outside on the public interface terminates the VPN connection as GREoverIPSEC. Inbound ACL applied on the public interface starts to drop decrypted GRE traffic.
Conditions: This symptom has been observed with the use of IP NAT outside on the public VPN interface.
Workaround: There are 2 workarounds:
1.
ip nat inside source static 171.16.68.5 171.16.68.5
It is not a scalable workaround but may work for some deployments.
2.
•
Symptoms: NAT configurations are not removed.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4 or Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: New or flapping IGP routes may be injected into BGP even though no corresponding network statements exist.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(22) or a later release when the auto-summary command is enabled for BGP.
Workaround: Enter the no auto-summary command.
•
Symptoms: Connectivity is lost through a router that is running NAT where double NAT is occurring.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(8a) doing NAT, PBR and Firewall feature set. Under certain conditions, traffic could be double natted when it does not need to be.
Workaround: Remove Firewall configuration on router.
Further Problem Description: Syslogs and show NAT translation will show double natted on traffic that is not making it through the router.
•
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.
Miscellaneous
•
Symptoms: Gatekeeper Rejects new registration requests from CUCM or other H.323 endpoints with RRJ reason of duplicateAlias. Attempting to clear this stale registration fails with "No such local endpoint is registered, clear failed." message.
Conditions: CUCM H.225 trunks register to a gatekeeper (GK) cluster. GK1 and GK2 are members of the GK cluster. CUCM registers first to GK1 then fails over to GK2. This registration at GK2 sends an alternate registration to GK1. However, because of network issues, the unregistered indication does not reach GK1.
Once the H.225 trunk attempts to register with GK1, it gets rejected because the alternate registration is still present, and there is no way to clear it out.
10.9.20.3 34273 10.9.20.3 32853 SJC-LMPVA-GK-1 H323-GW A
ENDPOINT-ID: 450FC24400000000 VERSION: 5 AGE: 1618993 secs
SupportsAnnexE: FALSE
g_supp_prots: 0x00000050
H323-ID: SJC-LMPVA-Trunk_4
Workaround: Reset the gatekeeper with the shutdown command followed by the no shutdown command, or reboot the Cisco IOS GK.
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.
•
Symptoms: A router that is configured with a virtual template may reload unexpectedly.
Conditions: This symptom is observed on a Cisco router on which a session that uses a virtual-template is terminated and occurs when the session is cleared from a DSL CPE router that is the peer router for the connection.
Workaround: There is no workaround.
•
Symptoms: When a CEF initialization failure occurs, an ATM PVC that is configured for OAM may not pass traffic even though the PVC link status is up:
Router#show ip interface brief | include ATM
ATM3/0/0 unassigned YES manual up up
ATM3/0/0.100 unassigned YES unset up up
ATM3/0/0.300 10.1.1.1 YES manual up up
ATM3/0/0.999 unassigned YES unset up up
Router#show cef interface brief | include ATM
ATM3/0/0 unassigned up dCEF
ATM3/0/0.100 unassigned down dCEF
ATM3/0/0.300 10.1.1.1 down dCEF
ATM3/0/0.999 unassigned down dCEF
Router#show ip cef | include 10.1.1.
10.1.1.0/30 attached ATM3/0/0.300
When CEF fails to initialize the ATM PVC, atm3/0/0.300, no /32 receive entries are created. Traffic that is destined for the IP address of the subinterface is dropped.
Conditions: This symptom is observed on a Cisco router and occurs only when PAM is configured on the PVC.
Workaround: To prevent the symptom from occurring, do not configure OAM on the PVC. When the symptom has occurred, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected ATM subinterface. After the workaround has been applied, the output of the show ip cef command shows the following:
Router#show ip cef | include 10.1.1.
10.1.1.0/30 attached ATM3/0/0.300
10.1.1.0/32 receive
10.1.1.1/32 receive
10.1.1.3/32 receive
•
Symptoms: Under heavy stress, few tdm assertion failures are seen.
Conditions: This symptom is seen with SS7 with more than 50 calls per second.
Workaround: There is no workaround.
•
Symptoms: When you enter the redundancy switch-activity force command on the active eRSC of a Cisco AS5850 while incoming VoIP H.323 calls and outgoing CAS calls are being processed, the standby eRSC does become the active eRSC and processes the calls but soon afterwards may crash at "csm_enter_idle_state."
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.4(9)T and that functions in RPR+ mode. The symptom may also affect Release 12.4.
Workaround: There is no workaround.
Further Problem Description: The symptom does not occur when PRI calls are being processed.
•
Symptoms: A Cisco AS5400HPX that is running Cisco IOS Release 12.3(11)T7 may crash with IO Memory corruption.
Conditions: The crash may occur when polling for ccrpCPVGEntry, and resource pooling is enabled on the Gateway.
Workaround: Disable SNMP polling for ccrpCPVGEntry.
•
Symptoms: In the redundancy environment, when DHCP subsystem encounters an error and message buffer (e,g. SCTP buffer) used for communicating with the redundant peer is not released properly, the memory remains consumed. Subsequently, low memory condition is encountered.
Conditions: This condition is encountered when buffers used in SR are not released properly.
Workaround: There is no workaround.
•
Symptoms: You may be able to configure a minimum receive interval as short as 1 ms, which may cause problems on the router.
Conditions: This symptom is observed on a Cisco router that supports Bidirectional Forwarding Detection (BFD). Note that a minimum receive interval shorter than 50 ms is not supported in Cisco IOS software images.
Workaround: Configure a minimum receive interval of 50 ms or longer.
•
Symptoms: An error message indicating memory leak and pending transmission for IPC messages is displayed as follows:
*Dec 3 01:31:31.792: %IPC-5-WATERMARK: 25642 messages pending in xmt for the
port Primary RFS
Server Port(10000.C) from source sea
t 2150000
*Dec 3 01:32:01.489: %SYS-2-MALLOCFAIL: Memory allocation of 4268 bytes
failed from 0x9F32944,
alignment 32
Conditions: This issue is triggered from fix of the DDTS CSCeb05456. So, this DDTS is applicable only if your Cisco IOS image has integrated the fix of CSCeb05456.
Workaround: Periodically, reload the router so that the IPC buffer pool will be reinitialized.
Further Problem Description: The CSCeb05456 fix failed to release the IPC buffer whenever it could not access the NVRAM device. If number of such denied access is increased, then proportionate amount of IPC buffer is not free, depletes the IPC buffer pool. If this trend continues beyond the threshold level, router will crash.
•
Symptoms: The following error messages may be generated on a gateway that functions in a configuration in which 80 channels are processed by a VXML Server, and the call may be dropped:
//-1//HTTPC:/httpc_streaming_create: attempt to create a session with id 699 while this id is in use //2144684/0BCEFBA9AA28/VXML:/vxml_media_done:
CALL_ERROR; fail with vapp error 2, protocol_status_code=0
//2144684/0BCEFBA9AA28/VXML:/vxml_media_done:
CALL_ERROR; *** error.badfetch.http.0 event is thrown
Conditions: This symptom is observed rather rarely on a Cisco AS5400 gateway when the HTTP client session IDs range from 1 to 2048 because of the socket limit per Cisco IOS process. The error messages are generated when the HTTP client attempts to create a new session with the same ID as an old session that is still in use. In this situation, only a benign warning message should be generated, and the call should be accepted. If an HTTP streaming session remains in use for a long time and the traffic load of the gateway is high, the symptom is more likely to occur.
Workaround: Configure an event handler as in the following example:
<catch event="error.badfetch.http.0">
<!-- Actual event handler goes in here -->
</catch>
If this is not an option, the symptom may be mitigated by disabling IVR streaming mode via the ivr prompt streamed none command.
•
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
•
Symptoms: When a first MGCP NAS package call is cleared by the clear interface dialer command, no further calls are possible from the dialer into the NAS.
Conditions: This happens only when the clear interface dialer command is issued in the dialer to clear the call. If the call is cleared in any other form the issue does not arise.
Workaround: Avoid clearing calls using the clear interface dialer command instead one can clear the serial interface.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.3(19) may crash due to a Watch Dog timeout while running the RIP routing protocol.
Conditions: The router may crash due to a Watch Dog timeout if an interface changes state at the exact same time a RIP route learned on that interface is being replaced with a better metric redistributed route. For example, RIP has learned the 192.168.1.0 network from Fast Ethernet 1/0. If RIP learns the 192.168.1.0 network from a redistributed protocol that has a better metric, then the RIP route will be removed. If, during this time the Fast Ethernet 1/0 interface goes down, then the router may potentially crash due to a Watch Dog timeout.
Workaround: There is no workaround.
•
Symptoms: The Cisco 3200 router FastEthernet to Switched virtual interface (SVI) performance is less when compared to the performance of previous releases.
Conditions: The router is configured with plain IP CEF.
Workaround: There is no workaround.
•
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
–
–
–
–
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note
•
Symptoms: Voice traffic is dropped in one direction due to IPHC IPCRC error.
Conditions: This problem is found some time after the voice call has been established. When the problem is occurring, the logs show IPHC error messages.
Workaround: Use process switching.
•
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•
Symptoms: A Cisco AS5850-ERSC gateway reboots continuously with the message:
Bundled Rommon and FPGA versions are different from
the current system version. Updating the system.
This might take a while
System reload is required before upgrade can be done.
Rebooting the system ..
!
Conditions: This symptom has been observed when a Cisco AS5850-ERSC gateway is running Cisco IOS interim Release 12.4(7.24)T.COMP.
Workaround: Boot to ROM monitor mode and enter the following commands:
SKIP_UPGRADE=1
sync
This step skips the upgrade process. To revert back, enter the following commands:
unset SKIP_UPGRADE
sync
•
Symptoms: Malformed SSH packets may cause a memory leak.
Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after malformed SSH packets have been received.
Workaround: There is no workaround.You can reduce the number of locations that can connect to the router using vty access-lists:
An example of a VTY access-list can be found here:
access-list 2 permit 10.1.1.0 0.0.0.255
access-list 2 deny any
line vty 0 4
access-class 2 in
end
More information on configuring vty access-lists can be found here:
http://www.cisco.com/warp/public/707/confaccesslists.html
•
Symptoms: A router that is configured for DMVPN may reload because of a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4T. The symptom could occur in Release 12.4.
Workaround: There is no workaround.
•
Symptoms: T38 fax calls fail when they come inbound through DID Analog ports. In the debug h245 asn1, there is no OLCAck sent back towards the fax server.
Conditions: This symptom was only reproduced on analog ports. PRI works with the same configuration.
Workaround: Send the fax call through a PRI.
•
Symptoms: Periodic high CPU utilization on CMM modules which can cause performance issues such as poor voice quality, missed control and registration MGCP messages, slow response to command line interface.
The show process cpu history command will display spikes of 100% utilization on the gateway even during hours where low activity is present.
"%ALIGN-3-CORRECT: Alignment correction made at 0x601504F4 reading 0x2225F84A" error messages will be recorded when the CMM gateway is rebooted. This can be seen in the show log command if logging buffered is enabled on the gateway. When this problem occurs, the output of the show alignment command will display a high and increasing count value for the same address.
Conditions: This symptom occurs when the CMM module is using Cisco IOS Release 12.4(8) or later releases, and the Catalyst 6000 supervisor module is a SUP720 that is running Native IOS.
Workaround: There is no workaround.
•
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•
Symptoms: DMVPN debugs displayed even if they are not turned on explicitly.
Conditions: When a user issues the debug dmvpn all crypto ? command, DMVPN debugs are enabled.
Workaround: Use the undebug all command to turn off the debugs.
•
Symptoms: A second PRI link gets deactivated, with no ability to process incoming and outgoing calls, when the second one is remotely, physically, manually (CLI command) deactivated.
Conditions: This symptom occurs when the first PRI is type primary-net5, and the second PRI is type primary-qsig. Deactivate the second PRI remotely or locally by physically disconnecting the cable or issuing the shutdown command under the corresponding E1 controller.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: A Cisco IOS router may experience an unexpected reload.
Conditions: This problem occurs when the router has IPS (Intrusion Prevention Systems) configured, and one or more attack signatures has the denyFlowInline action enabled.
Workaround: Do not enable the denyFlowInline action for any IPS signatures.
•
Symptoms: Active eRSC reloads with traceback when first (PRI/SS7) call is made.
Conditions: This issue is seen on a Cisco 5850TB that is working with Cisco IOS Release 12.4(11)T. The gateway comes up with this image, when first (PRI/SS7) call is made, the active eRSC reloads unexpectedly with traceback. This reload is seen for both H323 and SIP calls.
Similar issue is seen in Cisco AS5400 when a MGCP-SIP call is made.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: A memory leak occurs in the middle buffers after all onboard DSPRM pools are depleted.
Conditions: This symptom is observed on a Cisco 3800 series router that runs Cisco IOS Release 12.4(7b) with support for CVP survivability.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform crashes due to a chunk memory leak and generates the following error messages and tracebacks:
%DSMP-3-INTERNAL: Internal Error : NO MEMORY
-Traceback= 0x601C66D4 0x61596938 0x61579DB0 0x61279508 0x6127C34C 0x6127DB50
0x6127F6BC
%DSMP-3-INTERNAL: Internal Error : NO MEMORY
-Traceback= 0x601C66D4 0x61596938 0x61579DB0 0x61279508 0x6127C34C 0x6127DB50
0x6127F6BC
%MARVEL_HM-3-HM_RULES_RELOAD: Health Monitor causing a reload due to
Fragmented processor_memory, Free processor_memory = 10402472
bytes, Largest processor_memory block = 522632 bytes
Conditions: This symptom is observed on a Cisco AS5850 when there is a chunk memory leak. However, the symptom is platform-independent and relates to the Distributed Stream Media Processor (DSMP).
Workaround: There is no workaround.
•
Symptoms: A Cisco 3845 router unexpectedly reloads with bus error as seen in the show version when enabling DSP mini logger (voice dsp <slot> command history enable).
Conditions: This symptom is observed on a Cisco 3845 router that is running Cisco IOS Release 12.4 with conferencing enabled on the DSP slot that minilogger is being turned on for.
Workaround: Disable conferencing on that slot, if possible.
•
Symptoms: A VPN 3002 client cannot form an IKE session with a Cisco IOS VPN hub over TCP encapsulation (cTCP). The hub will fail in processing AM1 packet sent by the VPN client.
Conditions: This symptom is observed on a Cisco IOS VPN hub over TCP encapsulation.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 gateway may change its RTP sequence numbers after receiving an MDCX command The RTP Stream SSRC is always the same, but the sequence number seems to be randomly initiated again.
Conditions: This symptom occurs when MGCP receives a modification request from PGW for echo cancellation three seconds after the call is established.
Workaround: There is no workaround.
•
The Intrusion Prevention System (IPS) feature set of Cisco IOSÆ contains several vulnerabilities. several vulnerabilities. These include:
several vulnerabilities. These include:
* Fragmented IP packets may be used to evade signature inspection.
* IPS signatures utilizing the regular expression feature of the ATOMIC.TCP
signature engine may cause a router to crash resulting in a denial of
service.
There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml
•
Symptoms: A RIP route is learned from a RIP neighbor via a dialer interface (or other virtual interface type). When the neighbor disconnects and the interface goes down, the RIP route is removed from the RIP database. However, the RIP route remains in the routing table.
Conditions:
–
–
–
–
Workaround: Use the clear ip route command to remove the affected routes from the routing table.
•
Symptoms: NAS pkg asynchronous calls fail after a redundancy switchover has occurred, and the following error message is generated:
Modems unavailable
Conditions: This symptom is observed on a Cisco AS5850 that functions in RPR+ mode. This situation may impact service.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the redundancy switchover command a couple of times to restore the Cisco AS5850 to normal operation.
•
Symptoms: A router crashes because of memory corruption with the following message:
%SYS-3-OVERRUN: Block overrun at E73C97D0 (red zone 55555555).
Conditions: This symptom occurs on a Cisco 1800 router that is running Cisco IOS Release 12.4T images and has a HWIC-ADSL-B/ST card.
Workaround: There is no workaround.
•
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•
Symptoms: A Security Device Event Exchange (SDEE) subscription request that does not contain an action is interpreted as an individual request rather than a subscription request.
Conditions: This symptom is observed on a Cisco router that is configured with the Cisco IOS Intrusion Prevention System (IPS).
Workaround: Ensure that the "action=get" action is contained in the subscription GET request.
•
Symptoms: The SIP Gateway will crash when handling calls involving DTMF relay.
Conditions: Following is the scenario that is causing the crash: sip-notify and sip-kpml are configured as DTMF relay mechanisms on both Cisco IOS Gateway and CCM. When a call is coming in from CCM onto the GW, because of a bug (CSCse72749), GW negotiates the DTMF mechanism as sip-notify whereas CCM negotiates the DTMF relay mechanism as sip-kpml. Subsequently, CCM sends subscribe request for KPML. GW accepts the KPML subscription and starts the respective KPML timers. Now when the call is terminated, Cisco IOS GW is cleaning up the data structures without stopping the KPML timers since the negotiated DTMF relay on Cisco IOS GW is sip-notify.
Workaround 1: Migrate to a Cisco IOS version which has CSCse72749 fix integrated.
Workaround 2: Enable either sip-notify or sip-kpml on the Cisco IOS GW (do not enable both).
•
Symptoms: Cisco IOS Firewall ALG and AIC features may not work properly in the CEF path.
Conditions: A Cisco router that is running Cisco IOS Release 12.4(9)T and later releases does not work when Cisco IOS Firewall is enabled in CEF path.
Workaround: Disable CEF switching path.
Further Problem Description: The problem occurs due to FW not handling particle chain properly.
•
Symptoms: Cisco 851 and 871 routers have no way to remotely upgrade the ROMMON firmware image.
Conditions: Cisco IOS versions for the Cisco 851 and 871 routers did not provide a mechanism to remotely upgrade the ROMMON firmware image.
Workarounds: Cisco IOS Release 12.4(11)T1 for the Cisco 851 and 871 router introduces the command upgrade rom-monitor file which allows the ROMMON firmware image to be remotely upgraded. Please consult this link for more information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tcf_r/cf_13ht.htm#wp1032550
•
Symptoms: When an ATM (that is, a cash machine, not a WAN platform) is connected to a switch service module, significant packet loss may occur.
Conditions: This symptom is observed on a Cisco 2800 series router.
Workaround: Change the Ethernet speed to 10 Mbps at both ends.
•
Symptoms: After heavy traffic on a VTI interface with HW encryption (about 15 Mb/s), the queue of the interface is stuck.
When the symptom happens, Input/Output Queue Full Error of "show crypto engine accelerator statistic" is increased.
Conditions: This symptom is observed on a router that is running Cisco IOS Releases 12.4(6)T2, 12.4(6)T5, or 12.4(9)T1 that use HW encryption.
Workaround: There is no workaround.
•
Symptoms: Memory leak is seen in "CCSIP_TCP_SOCKET" process when KPML based DTMF relay is used on a SIP gateway.
Conditions: This symptom is observed when KPML based DTMF relay is used in SIP calls.
Workaround: Use other DTMF relay mechanisms (sip-notify, rtp-nte) to avoid the memory leak.
•
Symptoms: When a user configures the no telephony- service command, router crashes at running configuration generation.
Conditions: This symptom is highly unreproducible, but there is a potential race condition between the running configuration generation and the no telephony-service command.
Workaround: There is no workaround.
•
Symptoms: On a Cisco PE router that has the ip flow egress command enabled on an interface that connects to a CE router, the traffic streams that are destined for the CE router may not be captured.
Conditions: This symptom is observed when the MPLS interface is a multilink interface.
Workaround: Enter the mpls netflow egress command on the interface that connects the PE router to the CE router to enable the traffic streams to be captured by NetFlow. Once the traffic streams are being captured you can remove this command.
•
Symptoms: Looking at the ifIndex table from Cisco IOS shows that ifindex=6 points to the Async18 interface.
Running the Cisco IOS command:
r-sft-b.s05555.us#sh snmp mib ifmib ifindex returns the following
output:
(SORTED BY Ifindex)
GigabitEthernet0/0: Ifindex 1
GigabitEthernet0/1: Ifindex 2
Null0: Ifindex 3
T1 0/0/0: Ifindex 4
T1 0/0/1: Ifindex 5
Async18: Ifindex 6
Async0/1/0: Ifindex 7
recEive and transMit 0/3/0: Ifindex 8
recEive and transMit 0/3/1: Ifindex 9
Foreign Exchange Office 1/0/0: Ifindex 10
Foreign Exchange Office 1/0/1: Ifindex 11
Foreign Exchange Office 1/0/2: Ifindex 12
Foreign Exchange Office 1/0/3: Ifindex 13
Foreign Exchange Office 1/1/0: Ifindex 14
Foreign Exchange Office 1/1/1: Ifindex 15
Foreign Exchange Office 1/1/2: Ifindex 16
Foreign Exchange Office 1/1/3: Ifindex 17
Foreign Exchange Office 2/0/0: Ifindex 18
Foreign Exchange Office 2/0/1: Ifindex 19
Foreign Exchange Office 2/0/2: Ifindex 20
Foreign Exchange Office 2/0/3: Ifindex 21
Foreign Exchange Office 2/1/0: Ifindex 22
Foreign Exchange Office 2/1/1: Ifindex 23
Foreign Exchange Office 2/1/2: Ifindex 24
Foreign Exchange Office 2/1/3: Ifindex 25
Serial0/0/0:0: Ifindex 26
Loopback0: Ifindex 27
GigabitEthernet0/0.20: Ifindex 28
GigabitEthernet0/0.30: Ifindex 29
GigabitEthernet0/0.40: Ifindex 30
GigabitEthernet0/0.50: Ifindex 31
GigabitEthernet0/0.51: Ifindex 32
GigabitEthernet0/0.52: Ifindex 33
GigabitEthernet0/0.70: Ifindex 34
GigabitEthernet0/0.160: Ifindex 35
GigabitEthernet0/0.1000: Ifindex 36
Serial0/0/0:0.811: Ifindex 37
grabbing just the Async interfaces:
r-sft-b.s05555.us#sh snmp mib ifmib ifindex | inc As
Async0/1/0: Ifindex = 7
Async18: Ifindex = 6
Confirming that Async18 is tied to Tty 0/1/0 (Async 0/1/0) port.
r-sft-b.s05555.us#sh line
Tty Line Typ Tx/Rx A Modem Roty AccO AccI Uses Noise
Overruns Int
* 0 0 CTY - - - - - 0 0 0/0
-
1 1 AUX 9600/9600 - - - - - 0 0 0/0
-
0/1/0 18 TTY 115200/115200- inout - - - 0 0 0/0
-
578 578 VTY - - - - - 0 0 0/0
-
579 579 VTY - - - - - 0 0 0/0
-
580 580 VTY - - - - - 0 0 0/0
-
581 581 VTY - - - - - 0 0 0/0
-
582 582 VTY - - - - - 0 0 0/0
-
Line(s) not in async mode -or- with no hardware support:
2-17, 19-577
When you run an SNMP walk on .1.3.6.1.2.1.2.2.1.2 (ifIndex) The Async
interface is skipped:
<snip>
IF-MIB 1.3.6.1.2.1.2.2.1.2.5 ifDescr.5 T1 0/0/1
IF-MIB 1.3.6.1.2.1.2.2.1.2.7 ifDescr.7 Async0/1/0
<snip>
So the interface is indexed on the router but the snmpwalk/snmpget does not seem to return the value.
Test was run with snmpv2 whereas the customer was running snmpv3. This test was run with and without the CME configuration. Both do not return Async18 interface ifIndex 6.
Conditions: This symptom is observed on a Cisco 3825 router that is running Cisco IOS Release 12.4(4)XC5.
Workaround: There is no workaround.
•
Symptoms: A spoke may be unable to connect or reconnect to a hub because there may not be a crypto socket.
Conditions: This symptom is observed in a DMVPN Hub-to-Spoke environment.
Workaround: Remove the static NHRP entry from the tunnel interface that connects the spoke to the hub, and reapply the static NHRP entry.
•
Symptoms: In a dial backup scenario with backup EzVPN over an asynchronous or dialer interface, EzVPN fails to kickoff the asynchronous or dialer interface intermittently. Dial backup EzVPN cannot be brought up always. It works intermittently.
IKE request packet in failure cases is dropped with the following error:
*Oct 5 07:39:22.187: EZVPN(backup): New State: READY
*Oct 5 07:39:22.187: EZVPN(backup): Current State: READY
*Oct 5 07:39:22.187: EZVPN(backup): Event: CONNECT
*Oct 5 07:39:22.187: EZVPN(backup): No state change
*Oct 5 07:39:22.187: ISAKMP:(0):receive null address from sa_req (local
0.0.0.0, remote 10.175.161.41)
*Oct 5 07:39:22.191: ISAKMP: Error while processing SA request: Failed to
initialize SA
*Oct 5 07:39:22.191: ISAKMP: Error while processing KMI message 0, error 2.
*Oct 5 07:40:03.551: ISAKMP:(2018):purging SA., sa=841CC6D0, delme=841CC6D0
Conditions: This symptom occurs in a dial backup scenario with backup EzVPN over an asynchronous or dialer interface
Workaround: There is no workaround.
•
Symptoms: EzVPN leaks some memory with the fix of CSCsg94570. It can take a long time for the box to run out of memory causing a reload.
Conditions: This symptom is observed when EzVPN leaks memory.
Workaround: There is no workaround.
•
Symptoms: A router may crash when the configured route limit is exceeded. When this situation occurs, the following error message is generated:
%MROUTE-4-ROUTELIMIT (x1): [int] routes exceeded multicast route-limit of
[dec] - VRF [chars]
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Multicast VPN but is platform-independent.
Workaround: There is no workaround.
•
Symptoms: In a DMVPN setup with spoke having overlapping ISAKMP profiles and DPD enabled, IKE quick mode fails due to ISAKMP profile mismatch. After IKE SA expiry, the IKE SA rekey triggered by ISAKMP keepalives does not use any ISAKMP profile while initiating the SA. With overlapping ISAKMP profiles present, the IKE SA might end up attaching to the incorrect ISAKMP profile instead of the one configured on the corresponding tunnel interface and the one used by original IKE SA, subsequently causing the quick mode to fail due to profile mismatch. The only way to bring them out from that stage is by clearing Phase 1 SA.
Conditions: This symptom occurs during DMVPN testing.
Workaround: There is no workaround.
•
Symptoms: When Cisco Tunneling Control Protocol (CTCP) is enabled on a Cisco IOS VPN hub without any crypto maps configured, CTCP sessions can be formed and leaked if any VPN clients try to connect over CTCP.
Conditions: This symptom occurs when Cisco Tunneling Control Protocol (CTCP) is enabled on a Cisco IOS VPN hub without any crypto maps configured.
Workaround: Disable CTCP when no crypto maps are configured.
•
Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.
There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.
•
Symptoms: When acct-stop is received for a non-radius-proxy (normal IP) user, the router configured for SSG crashes.
Conditions: This symptom occurs because SSG should be configured in radius- proxy mode. The ssg wlan reconnect command should also be configured.
Workaround: There is no workaround.
•
Symptoms: A router that is configured as an EasyVPN client is not able to auto connect to the EasyVPN server using its saved Xauth username/password.
Conditions: This symptom is observed when the router is powered-up or when the ISAKMP re-keying happens.
Workaround: Manually execute the crypto ipsec client ezvpn xauth command in the router console and enter the respective username/password.
TCP/IP Host-Mode Services
•
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–
–
–
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
•
Symptoms: In Cisco IOS Release 12.4(9)T, the TCP stops accepting new connections after a few days of SSLVPN running in the router. The debug ip tcp transaction command shows the error with connection queue limit reached. When the problem happens, the show tcp bri all command shows five connections in CLOSED state.
Conditions: This symptom is observed in Cisco IOS Release 12.4(9)T.
Workaround: Enter the clear tcp tcb * command. This command will clear all the TCP connections on the router.
Wide-Area Networking
•
Symptoms: The router crashes while it receives an incoming pad call through the TTY line.
Conditions: This symptom has been observed only when the pad call comes through the TTY line, but not when it comes through the serial interface.
Workaround: There is no workaround.
•
Symptoms: An L2TPv3 session is established when voluntary tunneling is configured and both peers have corresponding configurations. However, after you configure a pseudowire on a virtual PPP interface on one of the peers, the session on this peer is up but the line protocol is down, an a "virtual-PPP1 is up, line protocol is down" error message is generated.
Conditions: This symptom is observed when the virtual PPP interface is first deleted via the no interface virtual-ppp number command and then reconfigured via the interface virtual-ppp number command before you configure a pseudowire on the virtual PPP interface.
Workaround: Before you configure a pseudowire on the virtual PPP interface, ensure that the virtual PPP interface has never been unconfigured via the no interface virtual-ppp number configuration command.
•
Symptoms: A ping may be dropped in a PPP callback scenario.
Conditions: This symptom is observed on a Cisco router when Multilink PPP (MLP) and the dialer load-threshold command are enabled.
Workaround: There is no workaround.
•
Symptoms: When Multilink PPP (MLP) is enabled for a PPP over Ethernet (PPPoE) session, outbound packets are incorrectly sent without PPPoE headers. This situation causes packets to be dropped.
Conditions: This symptom is observed in Cisco IOS Release 12.4 on all software-forwarding routers and affects only packets that are not multilink-encapsulated (when the bundle has only a single link).
Workaround: Enter the ppp multilink fragment delay interface configuration command to force multilink headers to be applied to all outbound packets.
Alternate Workaround: Disable MLP.
•
Symptoms: During a test of B-Channel Maintenance Procedure (BCAC), incoming SERVICE message is not printed with correct channel
Conditions: This symptom is observed in SERV collision and SETUP collision.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when you configure more multilink interfaces than the maximum number that the router can support. The router should not reload but should generate an error message.
Conditions: This symptom is observed on any Cisco router that imposes a limit on the number of multilink interfaces.
Workaround: Do not exceed the maximum number of multilink interfaces.
•
Symptoms: A Cisco router hangs after 5 to 10 minutes of passing async traffic over a dialer interface.
Conditions: normal
Workaround: There is no workaround. A reboot is required to recover.
•
Symptoms: The queuing mode on multilink interfaces erroneously defaults to fair-queuing instead of FIFO, causing distributed Cisco Express Forwarding (dCEF) to fail.
Conditions: This symptom is observed on a Cisco 7500 series and occurs for all multilink interfaces. However, the symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: In L2TP dialout, fail over with limit and priority options specified gives incorrect output of the show vpdn command, making the limit option unusable.
Conditions: This happens when limit and priority options enabled on the LNS and the ping is made from LNS to the two LACs to check for the working of limit option. Here the session should be the same as that of the limit, but the session is more than the limit specified.
Workaround: There is no workaround.
•
Symptoms: When a T.37 onramp call is made, the following error message may be generated:
%CSM-3-NO_VDEV: No modems associated
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS interim Release 12.4(10.7). The symptom may not be platform-specific.
Workaround: There is no workaround.
•
Symptoms: A PSTN Gateway unexpectedly restarts due to a lack of memory. Overtime memory utilization increases, and the show processes memory sorted command indicates that the ISDN process is allocating an increased amount of memory.
Conditions: This leak occurs when a SETUP message with Display IE is received.
Workaround: There is no workaround.
•
Symptoms: A router crashes during an online insertion and removal (OIR) of a multilink interface.
Conditions: This symptom is observed on a Cisco 7200 series that is configured for MLP and PPP.
Workaround: Shut down the multilink interface before you perform an OIR.
•
Symptoms: When a BRI interface flaps rapidly, ISDN Layer 1 detects a link down state, but Layer 2 and Layer 3 may remain in the active state during the transition. This situation may cause the BRI interface to become stuck, and subsequent incoming and outgoing calls to be rejected.
Conditions: This symptom is observed when a cable is pulled out and put back rapidly.
Workaround: Enter the clear interface command on the affected BRI interface.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the affected BRI interface.
•
Symptoms: A software forced crash occurs with memory corruption in processor pool memory.
Conditions: This symptom is observed when an unusually long Calling Name, which is more than 70 characters long, in the received Facility IE causes the crash.
Workaround: There is no workaround.
•
Symptoms: For normal ISDN call and disconnecting the call, a DISCONNECT message will be issued. The contents of this DISCONNECT message will be replaced with the one that is explicitly configured. This configured message has an invalid facility component and hence the receiving side should send facility reject component which is not seen here (missing).
Conditions: This symptom happens with Cisco IOS Interim Release 12.4(12.15)T. This is happening only for Interface PRI. This is seen for Cisco IOS Release 12.4 mainline & Release 12.4T.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(9)T2
Cisco IOS Release 12.4(9)T2 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router crashes when the casnDisconnect object is set to "true" for a PPPoE session.
Conditions: This symptom is observed on a Cisco 10000 series when you attempt to terminate the PPPoE session through SNMP by using the casnDisconnect object of the CISCO-AAA-SESSION-MIB.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash due to a bus error while removing the ip flow egress command from an interface.
Conditions: The router must have the ip flow egress command previously configured on the interface.
Workaround: There is no workaround.
•
Symptoms: %RADIUS-3-NOSERVERS messages are logged after a reload in Cisco IOS Release 12.3(18). At this time, the RADIUS accounting tickets are not generated.
Conditions: This symptom has been observed on a Cisco AS5300 gateway.
Workaround: Enter into configuration mode and change the order of the servers under the server group.
EXEC and Configuration Parser
•
Symptoms: A router may reject the creation of virtual Token Ring interface with any interface number from 0 to 9 and allow only the creation of virtual Token Ring interface with an interface number that is equal to or greater than 10.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(9.16) or a later release or Release 12.4(9.15)T or a later release.
Workaround: Manually configure the virtual Token Ring interface with a an interface number that is equal to or greater than 10.
IP Routing Protocols
•
Symptoms: A router may crash when you disable the ipv6 multicast-routing command.
Conditions: This symptom is observed when you enable and disable the ipv6 multicast-routing command multiple times while IPv6 Multicast traffic is being processed.
Workaround: There is no workaround.
•
Symptoms: A traceback has been seen on this release.
Conditions: The symptom has been observed on Cisco IOS interim Release 12.4(04) T1fc2.
Workaround: There is no workaround.
•
Symptoms: A network and host-based configuration download over serial HDLC with an IP address obtained via SLARP fails.
Conditions: This symptom has been observed with a router that has no startup- configuration (after using the write erase command) but is staged for autoinstall over a serial link. An IP address is obtained, but the download fails with the following error message:
%Error opening tftp://255.255.255.255/network-confg (Socket error)
%Error opening tftp://255.255.255.255/cisconet.cfg (Socket error)
Without this feature, router deployment with automatic configuration download at remote sites over serial interface is not possible.
Workaround: Use another method of autoinstall if possible, or pre- configure the router before deployment.
•
Symptoms: A crash is seen with %ALIGN-1-FATAL after showing %SYS-2- CHUNKEXPANDFAIL and %SYS-2-MALLOCFAIL repeatedly.
Conditions: This symptom is observed on a Cisco 3725 router that is running Cisco IOS Release 12.4(5a) with the c3725-advipservicesk9-mz image that is running IPSec VPN.
Workaround: There is no workaround.
•
Symptoms: Connections fail through a router that uses CBAC. The pre-gen session is created, and the download or transfer begins. The pre-gen session times out and gets deleted from the router. Since the full session never gets established, the connection then times out on the host.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(8) and using CBAC outbound on the outside interface when policy based routing is applied.
Workaround: There is no workaround.
Further Problem Description: This symptom is first seen in Cisco IOS Interim Release 12.4(7.24).
•
Symptoms: The memory consumption by the Chunk Manager process increases over time.
Conditions: This behavior is observed on certain occasions when NAT is configured. When NVI with VRF is set in the system, the memory leaks rapidly. When NAT with VRF is set in the system, plus there is embedded address translation needed or skinny protocol traffic, the memory leaks in a slow pace.
Workaround: There is no workaround.
•
Symptoms: A label mismatch may occur between the CEF table and the BGP table, and a new label may not be installed into the CEF table.
Conditions: This symptom is observed after a BGP flap has occurred on a Cisco router that is configured or MPLS VPN but that does not function in an inter-autonomous system and that does not have multiple VRFs.
Workaround: There is no workaround. After the symptom has occurred, enter the clear ip route command for the affected VRF.
•
Symptoms: A router running Cisco IOS may unexpectedly reload. The crashes can be very different in nature, but the crashinfo should show the IP Input process as the currently running process:
---- Partial decode of process block ----
Pid 84: Process "IP Input" stack 0x46C3C080 savedsp 0x46758540
Conditions: This is seen when the router is configured for NAT and receives a fragmented skinny packet that it needs to reassemble and translate.
Workaround: Prevent the router from receiving a fragmented skinny packet by ensuring the path MTU between the call manager server and the router is large enough. Usually skinny packets aren't larger than 800 bytes.
•
Symptoms: The router will display SYS-2-MALLOCFAIL messages on the console, and various protocols will operate erratically as a result of a low memory condition.
Conditions: When a router has to duplicate incoming IPv4 multicast packets for transmission on multiple interfaces, and one of those interfaces is a GRE tunnel operating in GRE IPv6 mode, then memory used to duplicate that packet stream will not be freed. As a result, the router will soon exhaust all available memory.
Workaround: The router will not exhaust memory if packets do not need to be duplicated (for example, if they enter on one interface and only exit the box through another interface), or if they do not need to duplicate to a tunnel interface that is running GRE over IPv6 (for example, tunnel mode GRE IPv4 does not have this problem).
•
Symptoms: Error messages are seen such as the following example:
%NHRP-3-PAKREPLY: Receive Resolution Reply packet with error - insufficient resources(5) and data packets that should be taking a direct spoke-spoke tunnel are taking the spoke-hub-spoke path.
Conditions: This symptom has been observed in a DMVPN Phase 3 Network when building or refreshing a spoke-spoke tunnel.
Workaround: See the Further Problem Description for how to manually see and clear the problem. The fix for CSCsd74859 "DMVPN Phase 3: Network NHRP mappings are not refreshed when being used" will help reduce the occurrence.
Further Problem Description: Use the show ip nhrp command to look for NHRP mapping entries that are covered by an NHRP network mapping entry in the table.
Example:
Network mapping:
192.168.13.0/24 via 10.0.0.13, Tunnel0 created 00:02:51, expire 00:07:08
Type: dynamic, Flags: router nat
NBMA address: 172.16.3.1
Incomplete mapping covered by above network mapping
192.168.13.70/32, Tunnel0 created 00:02:51, expire 00:00:13
Type: incomplete, Flags: negative
Cache hits: 61
192.168.13.72/32, Tunnel0 created 00:02:51, expire 00:00:13
Type: incomplete, Flags: negative
Cache hits: 16
If this example indicates the symptom is present. Clearing the incomplete
mappings clears the symptom, but it can easily come back.
Example:
clear ip nhrp 192.168.13.70
•
Symptoms: On Cisco IOS interim Release 12.4(9.16)T when running a DMVPN configuration with dual hub routers and with OSPF as the IGP, the router may experience a crash as NHRP attempts to send a NHRP resolution request.
Conditions: This symptom has been observed on routers with Cisco IOS interim Release 12.4(9.16)T when running a DMVPN configuration with dual hub routers and with OSPF as the IGP.
Workaround: There is no workaround.
•
Symptoms: A router running Cisco IOS may unexpectedly reload. The crashes can be very different in nature, but the crashinfo should show the IP Input process as the currently running process:
---- Partial decode of process block ----
Pid 84: Process "IP Input" stack 0x46C3C080 savedsp 0x46758540
Conditions: This is seen when the router is configured for NAT and receives a fragmented skinny packet that it needs to reassemble and translate.
Workaround: Prevent the router from receiving a fragmented skinny packet by ensuring the path MTU between the call manager server and the router is large enough. Usually skinny packets aren't larger than 800 bytes.
ISO CLNS
•
Symptoms: Locally advertised networks that are configured for the NSAP address- family under BGP will not be readvertised once they have been cleared from the BGP table.
Conditions: Once the clear bgp nsap unicast * command has been issued, the networks will no longer appear in the output of the show bgp nsap unicast command.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Cisco CallManager controlled MGCP gateways configuration download function always configures "mgcp fax t38 inhibit". If this is changed manually in the Cisco IOS CLI, the configuration download facility will change it back to "mgcp fax t38 inhibit".
This DDTS removes the code that automatically configures this line.
If customers are using CCM MGCP fax relay between gateways that are running older Cisco IOS versions, and the Cisco IOS 12.4T version with this change, the fax connections originating from the gateways that are running previous Cisco IOS versions and terminating on the Cisco IOS Release 12.4T gateway will fail unless "mgcp fax t38 inhibit" is configured on the Cisco IOS Release 12.4T gateway.
If all gateways in the customer network are running the new Cisco IOS 12.4T version with this fix, then they may configure whichever mode as desired.
With the fix to CSCec16597, the configuration utility will neither add nor remove this CLI statement.
Conditions: There are no conditions.
Workaround: Use the following command to enable and disable Cisco fax relay:
[no] ccm-manager fax protocol cisco
•
Symptoms: An AAA server does not authenticate.
Conditions: This symptom is observed on a Cisco platform that functions as an AAA server and that runs Cisco IOS Release 12.3(13) when you dial up using Microsoft callback through an asynchronous line. Dialup through an ISDN modem works fine.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS router running Cisco IOS Release 12.4 may experience per packet memory leak due to pak subblock leak in Process memPool (not in IO mem pool). The symptom is: "show proc mem 1" output seeing the first allocator's memory count is keep growing, and never decrease.
Conditions: The leak is observed with BVI (Bridge-group Virtual Interface) interface configured with crypto ipsec tunnels. Specifically when the router is doing decryption, then send the decrypted packet to BVI interface.
Workaround: Shut down any BVI (Bridge-group Virtual Interface) that is being used in a router with the crypto ipsec command configured.
•
Symptoms: No QoS service policy can be applied to the VLAN interface.
Conditions: This symptom has been observed when the service- policy command was blocked for all VLAN interfaces under all conditions.
Workaround: There is no workaround.
•
Symptoms: Path confirmation fails for voice calls on a Cisco AS5850. One-way audio may occur with manual phones.
Conditions: These symptoms are observed on a Cisco AS5850 that processes MGCP, H.323, and SIP calls.
Workaround: There is no workaround.
•
Symptoms: Forced target probing functionality in OER is affected.
Conditions: This symptom has been observed when the policy changes and only following a particular scenario in which learned prefixes are deleted and new policies take into effect.
Workaround: There is no workaround.
•
Symptoms: A Cisco GGSN running Cisco GGSN Release R5.2 may reload with a bus error while creating a PDP.
Conditions: This symptom has been observed in the following conditions.
1.
2.
3.
4.
Workaround: Use a non-transparent mode APN.
•
Symptoms: Dialer idle timer is not reset by interesting traffic on ISDN NON- MLPP, Async MLPPP, Async PBR user sessions.
Conditions: This symptom is found on a Cisco AS5850 that is running Cisco IOS Release 12.4(7b). Problem may occur with involvement of virtual profiles.
Workaround: There is no workaround.
•
Symptoms: A modem autoconfiguration fails.
Conditions: This symptom is observed in an asynchronous call.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for SSG may reload unexpectedly.
Conditions: This symptom is observed when both the Transparent Auto-Logon (TAL) and Port-Bundle Host-Key (PBHK) SSG features are enabled and when it takes a long time before the AAA server responds.
Workaround: There is no workaround.
•
Symptoms: A Cisco GGSN crashes while executing the show gprs gtp pdp tid tid command under condition of multiple PDP creates and deletes.
Conditions: This symptom has been observed when multiple PDPs are created and deleted.
Workaround: There is no workaround.
•
Symptoms: The user information Layer 1 protocol may be included in the outgoing bearer capability and may be set to either G711 u-law or G711 A-law. Some PBXs may refuse the call because of this mismatch in the bearer capability.
Conditions: This symptom is observed when a call is made from H.323 to ISDN with unrestricted digital information bearer capability.
Workaround: There is no workaround.
•
Symptoms: Tracebacks may be seen when issuing the clear pppoe all command while unconfiguring the virtual circuit (VC).
Conditions: This symptom is observed when a Cisco router crashes when the PPPOE session is cleared by issuing the clear pppoe all command.
Workaround: There is no workaround.
•
Symptoms: The serial link goes down.
Condition: When T1/E1 controller is configured with channel-group, the Serial link goes down so the cem interface would not come up.
Workaround: There is no workaround.
•
Symptoms: Application code accessing an already free'ed block caused the malloc failures on Cisco 7200 router.
Conditions: This symptom has been observed when QoS malloc failure on a Cisco 7200 router occurs.
Workaround: There is no workaround.
•
Symptoms: In Cisco Gateway GPRS Support Node (GGSN) running Cisco GGSN Release 5.2 or Release 6.0 software, all categories of the service-aware PDP might go into IDLE state upon receiving a duplicate PDP create request.
Conditions: This symptom has been observed when a Cisco GGSN gets a duplicate Create PDP request for the existing service-aware PDP.
Workaround: There is no workaround.
•
Symptoms: Mallocfail error messages and tracebacks are seen on the Cisco 1802W router due to normal particle pool memory leaks.
Conditions: This symptom has been seen on a Cisco 1802W router that is running Cisco IOS Release 12.4(6)T with the command "qos pre-classify" enabled under the virtual tunnel interface.
Workaround: Disable the HW encryption, or disable "qos pre-classify".
•
Symptoms: With PPP multilink configured on serial links on PA-MCX-8TE1,the following error message may be seen:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0
Conditions: With PPP multilink configured on serial links on PA-MCX-8TE1 and when traffic is flowing, the following error message may be seen:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0
Workaround: There is no workaround.
•
Symptoms: An IP phone display remains stuck at "Enter Number" for the duration of an outgoing call to the PSTN.
Conditions: This symptom is observed when the IP phone runs CME version 3.3 and is connected to a BRI ISDN interface on a Cisco router that runs Cisco IOS Release 12.4. When you enable the debug isdn q931 command, the following message is displayed in response to an outgoing setup message:
ISDN BR0/2/0 Q931: RX <- SETUP_ACK pd = 8 callref = 0x83
Channel ID i = 0x89
Progress Ind i = 0x8288 - In-band info or appropriate now available
Workaround: Prevent the Telco from sending the following information in the setup_ack message:
Progress Ind i = 0x8288 - In-band" information or appropriate now available
Note that the symptom does not occur in Cisco IOS Release 12.3(11)T10 and with CME version 3.2.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: A memory leak may occur in the CEF Scanner process of a Cisco 7200 VXR router that has an NPE-G1 processor when a virtual-template interface is configured to perform CEF load balancing on a per-packet basis instead of a per-destination basis.
Conditions: This symptom is observed on a 7204VXR that functions as an LNS and that runs the c7200-js-mz image of Cisco IOS Release 12.3(15) or the 7200-js-mz image of Cisco IOS Release 12.3(19). The symptom may also occur in other releases.
Workaround: Use the default CEF load balancing on a per-destination basis. If you need to configure loadbalancing on a per-packet basis, disable IP CEF accounting by entering the no ip cef accounting per-prefix non-recursive command.
•
Symptoms: Speed dial line buttons disappear from CME phones after a router reload.
Conditions: This symptom has been observed when the speed dial buttons are configured under an ephone template which is applied to the affected phone. The CME is reloaded.
Workaround: Remove and reapply the ephone template through the ephone commands after the router reloads.
•
Symptoms: MGCP IOS Gateway sees the following:
%PARSER-4-BADCFG: Unexpected end of configuration file.
and then:
config term router(UNKNOWN-MODE)
Or, the show running-config command output is only 5 bytes.
Conditions: This symptom occurs under the following conditions:
–
–
–
–
Workaround: Add the no ccm-manager config command.
•
Symptoms: A router that is configured for distributed CEF may reload because of a bus error.
Conditions: This symptom is observed on a distributed router such as a Cisco AS5850 or Cisco 7500 series that runs Cisco IOS Release 12.4.
Workaround: There is no workaround.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.
•
Symptoms: A router that is configured for Real-Time Protocol (RTP) may generate CPUHOG events and a traceback similar to the following:
%SYS-3-CPUHOG: Task is running for (128000)msecs, more than (2000)msecs
(951/33),process = VOIP_RTCP.
-Traceback= 0x60EA5A78 0x60EA5C5C 0x614AD39C 0x614B55BC 0x614B59A0
Alternatively, the router may unexpectedly reload and generate the following error message and traceback:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = VOIP_RTCP. -
Traceback= 0x60EA5A58 0x60EA5C5C 0x614AD39C 0x614B55BC 0x614B59A0
%Software-forced reload
Preparing to dump core...
Conditions: This symptom is observed on a Cisco router that receives a badly formatted RTP Control Protocol (RTCP) packet.
Workaround: There is no workaround.
Further Problem Description: Typically, the badly formatted RTCP packet is produced by a device that does not conform to the RFC 3550 standard.
•
Symptoms: A Cisco Systems 7200 series router may encounter a block overrun with Redzone corruption, and subsequently crash if Turbo ACL is configured and the following command is entered:
clear eou all
Error messages similar to the following will be output, with associated tracebacks:
%SYS-3-OVERRUN: Block overrun at <address> (red zone <value>)
%SYS-6-BLKINFO: Corrupted redzone blk <address>
Conditions: This symptom is observed on a Cisco 7200 series router running Cisco IOS Release 12.4 that is configured for Turbo ACL and when the following command is entered:
clear eou all
Workaround: Disable Turbo ACL by entering the following command:
no access-list compiled
•
Symptoms: Spurious memory access made at ike_profile_remove
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS 12.4(6)T3, when there is at least one ike or ipsec sa and the profile is removed using the CLI with debug crypto isakmp turned on.
Workaround: Turn off crypto isakmp debugs or clear all the crypto sessions and then remove the isakmp profile.
•
Symptoms: Media Gateway Control Protocol (MGCP) FXS/FXO port and Cisco IOS T1CAS resets during Hookflash transfer with CCM being the call agent.
Conditions: This condition is seen when two consecutive RQNT messages with S: rel event is received at the Cisco IOS gateway. In this condition, the second RQNT message will not be acknowledged by the Cisco IOS gateway. This results in reset of all the MGCP endpoints on the Cisco IOS gateway.
Workaround: There is no workaround.
•
Symptoms: The router may reload when it receives XML.
Conditions: This symptom has been observed when Cisco IOS had been configured to receive XML. A line similar to <lica:request xmlns:lica="http://www.website.com/LA"> is in the XML. That is a XML namespace is being declared.
Workaround: There is no workaround.
•
Symptoms: When you re-insert a PA-MC-8TE1+ port adapter in the same slot of a Cisco 7200 series via an OIR, the serial interface may enter the Down/Down state. When you enter the shutdown command followed by the no shutdown command on the T1 or E1 controller, the serial interface may transition to the Up/Down state, still preventing traffic from passing.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.4(7) or a later release.
Workaround: Reload the router.
•
Symptoms: Cisco IOS H.323 gateway may disconnect a transfer from 3rd party H.323 gateways after generating the an error message similar to the one below:
%VOICE_IEC-3-GW: H323: Internal Error (Software Error): IEC=1.1.180.5.13.36 on callID 111
Conditions: Observed on 3845 running 12.4Mainline and 12.4T release
Workaround: There is no workaround.
•
Symptoms: RADIUS packets may be dropped or extra memory may be allocated when RADIUS packets are sent.
Conditions: These symptoms are observed on a Cisco platform that is configured for SSG when a RADIUS packet with a length of more than 1024 bytes is sent.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD 2430 IAD crashes on Cisco IOS Release 12.4(4)T2. Traceback decodes indicate memory corruption. The following events may also appear in the log:
%SYS-3-BADMAGIC: Corrupt block at %SYS-6-MTRACE: mallocfree: addr, pc
%SYS-6-BLKINFO: Corrupted magic value in in-use block %SYS-6-MEMDUMP:
Conditions: The router crashes where the decodes indicate check heaps as the source with any or all of the following also included in decode:
crashdump validblock validate_memory checkheaps checkheaps_process
Workaround: There is no workaround.
•
Symptoms: Three-way calls that involve a third-party vendor SIP server and Cisco IAD2400 series Integrated Access Devices may not work.
Conditions: This symptom is observed in Cisco IOS Release 12.4(9)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload due to a bus error.
Conditions: This symptom is observed after the following command is issued:
no x25 map compressedtcp a.d.c.d ip e.f.g.h [ options ]
This may cause an Address Error (load or instruction fetch) exception, CPU signal 10.
Workaround: There is no workaround.
•
Symptoms: Using 'boot flash' or boot tftp crashes router.
Conditions: This symptom has been observed with Cisco IOS interim Release 12.4(7.24)T on a Cisco 3845 router.
Workaround: There are three possible workarounds:
Method 1: If using an older image, i.e. 12.3(11)T, is acceptable, use it.
Method 2: If necessary to use 'boot flash', use 'boot flash:' instead.
Method 3: If necessary to use "boot tftp", copy the image to flash and use "boot flash:".
•
Symptoms: Software-forced crash (SFC) occurs due to memory corruption.
Conditions: The crash has been seen on a Cisco 7600 router running Cisco IOS Release 12.2(18)SXF5. This happens if the router is acting as an EZVPN sever and xauth is enabled when the crypto session is brought down.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reload after reporting "Unexpected timer" errors similar to:
Aug 6 17:29:16.908 GMT: %SIP-3-BADPAIR: Unexpected timer 19 (SIP_TIMER_NOTIFY_RECEIVE_DIGIT) in state 10 (STATE_DEAD) substate 0 (SUBSTATE_NONE)
Conditions: The router must be configured for SIP.
Workaround: There is no workaround.
•
Symptoms: EasyVPN negotiation fails when using EasyVPN with VTI. A %CRYPTO-6- IKMP_MODE_FAILURE will be printed to the console.
Conditions: This symptom has been observed when using EasyVPN with VTI.
Workaround: Remove VTI from the EasyVPN configuration.
•
Symptoms: The calls coming from the CMM MTP has one-way audio when a call transfer is done on the other side.
Conditions: This symptom is observed when CMM is configured as MTP/XCode and running Cisco IOS Release 12.4(7b).
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: Entering the Command Line Interface command show mpls ldp graceful-restart may lead to a router restart.
Conditions: The router will restart if the command output has a Down Neighbor Database entry that entry expires by reaching the reconnect timeout limit when output is printing the neighbor Address list. The router will also restart upon continuing the Command Line Interface output page if the string "--More--" within the context of displaying addresses.
Workaround: Avoid entering show mpls ldp graceful-restart when a graceful-restart database entry is about to expire. If console output is paged at "--More--" entry in the address list context, and the Down Neighbor Database entry may have expired, type the letter "Q" to abort any more output of addresses.
•
Symptoms: The Cisco Communication Media Module (CMM) crashes when processing the UnsubscribeDtmf message.
Conditions: This symptom is observed when CMM XCODE/MTP is using Cisco IOS Release 12.4(8a) and RFC2833.
Workaround: There is no workaround.
•
Symptoms: HWIC-1GE-SFP may experience an issue where the Gig Ethernet interface is "stuck" in a Line UP/Protocol Down state. While in this state, the interface will not pass traffic. Clearing the interface or manually disabling/enabling will clear the condition. This symptom does not occur when 1000BASE-T SFP is used.
Conditions: A Loss of Signal (for example, unplugging the cable) may cause the interface to become stuck in a Line UP/Protocol Down state.
Workaround: Clearing the interface or manually shutting it down, then bringing it back up will clear the problem.
•
Symptoms: An MPLS LDP peer on a default VRF resets when a VRF interface goes down.
Conditions: This symptom is observed on a Cisco router when the VRF interface is configured with a subnetwork address that overlaps with the default router ID.
Workaround: Reconfigure the VRF interface address so it does not overlap with the default router ID.
•
Symptoms: A Cisco 3845 or Cisco 3825 router with AIM-VPN/HPII-PLUS(EPII-PLUS) may show the following symptoms:
1.
2.
3.
4.
Conditions: This failure is seen on the Cisco 2600, Cisco 2800, Cisco 3600, Cisco 3700, Cisco 3800, and Cisco 1800 series routers that are configured with an AIM-VPNII or AIM-VPNII PLUS Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM).
Workaround: Avoid running the show crypto engine accel ring packet command.
•
Symptoms: A VRF may become stuck in the "Delete Pending" state.
Conditions: This symptom is observed on a Cisco router that is configured for MPLS VPN and Half-Duplex VRF (HDVRF) when you delete the VRF and then associate it with an interface before it is completely deleted.
Workaround: To ensure that the VRF is properly deleted, enter the shutdown interface configuration command on the interface with which the VRF is associated or remove the interface with which the VRF is associated.
•
Symptoms: WCCP service redirection does not work.
Conditions: WCCP redirection is configured on a router where the traffic being redirected enters an interface in a security zone.
Workaround: Remove zone assignment from requests's ingress interface.
•
Symptoms: A Cisco AS5400XM gateway sees a lot of DSM errors:
%DSM-3-INTERNAL: Internal Error : No DSM handle provided
along with a traceback
Conditions: Occurs if using as Cisco AS5xxxXM gateway with the AS-5x-FC DSPs and an NFAS PRI and trying to configure (or unconfigure) input gain or output attenuation under the voice-port for the NFAS PRI with the latest 12.4T interim IOS.
Workaround: There is no workaround.
Further Problem Description: If using Cisco IOS Release 12.4.9T1 or earlier, the symptom causes an unexpected reload of the Cisco AS5xxxXM gateway with a bus error.
•
Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
The Cisco IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the Cisco IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the Cisco IOS FTP Client feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
•
A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml.
TCP/IP Host-Mode Services
•
Symptoms: A Cisco 2800 series router crashes whenever the connection to the URL filter server is reset due to network congestion or a warm or cold reload.
Conditions: This symptom has been observed when the router is running URL filtering with an external Websense or N2H2 server.
Workaround: There is no workaround for cold or warm reload. If the crash occurs due to network congestion or WAN reset, remove the condition that cause the connection to the URL filter to flap.
•
Symptoms: HTTP errors occur while accessing a Win2003 Web Server.
Conditions: This symptom has been observed with a Cisco IOS Voice gateway running Cisco IOS Release 12.4(6)T accessing a Win2003 HTTP web server under heavy load. Cisco IOS Voice has ip http client connection persistent disabled.
Workaround: There are two possible workarounds:
1.
2.
•
Symptoms: CPUHOG can occur when running lots of BGP connections.
Conditions: This symptom has been observed with RPM images during Service Provider testing of BGP running Cisco IOS Release 12.4(6)T.
Workaround: There is no workaround, though the symptom was quickly found and repaired.
Wide-Area Networking
•
Symptoms: Some supplementary services does not work because of QSIG rose_decode_facilityIE problem
Conditions: This symptom has been seen in Cisco IOS Release 12.4(5.13)XC because of memory leak DDTS committed.
Workaround: There is no workaround.
•
Symptoms: When the ppp multilink endpoint mac lan-interface command or the ppp multilink endpoint ip ip-address command is configured, the router may unexpectedly reload if the multilink interface goes to the DOWN state, for example, when a PVC virtual circuit is unconfigured.
Conditions: This symptom is observed on a Cisco router that is configured for Multilink PPP.
Workaround: There is no workaround. Do not use these configuration commands in Cisco IOS Releases 12.3, 12.4 or 12.2SB without a fix for this DDTS.
•
Symptoms: A router may reload while executing the show ppp multilink command.
Conditions: This symptom is observed when a multilink bundle goes down while the output is being generated.
Workaround: There is no workaround.
•
Symptoms: Router crashes shortly after changing encapsulation from fr -> hdlc.
Conditions: IPS configured on a map and an interface. First remove IPS from the map and then from the interface. Change the encapsulation.
Workaround: Remove the interface IPHC configuration first.
•
Symptoms: When a BBA group that is associated with a live PPPoE session is removed, the session is not cleared.
Conditions: This symptom is observed with either a named or a global BBA group.
Workaround: There is no workaround.
•
Symptoms: On Cisco LAC software running Cisco IOS Release 12.3(14)T, when the fragmented data traffic is received on the LAC over the L2TP tunnel, the IP layer reassembles the packet and routes the packet on the wrong interface instead of consuming the L2TP data traffic locally.
Conditions: This symptom has been seen when fragmented L2TP data traffic is received on the LAC from the LNS over the L2TP tunnel.
Workaround: There is no workaround.
•
Symptoms: Individual B-channels on the primary T1 in the NFAS group sometimes go OOS for no reason.
Conditions: This symptom is observed when connected to a Cisco PGW that is running Cisco IOS Release 9.3(2). The Cisco AS5400 is connected to the Cisco PGW that is running RLM in the Signaling/Nailed mode.
Also, sometimes ISDN service goes OOS, and also channel states goes to 5 which is maintenance pending.
Workaround: When this happens, put ISDN service can be put back in service manually for individual CIC, but channel state cannot manually be put back in service unless the whole serial interface is bounced. This cannot be done when there is other traffic on the other b-channels.
•
Symptoms: The ISDN Layer-2 status may become "TEI_ASSIGNED" and may remain in this state even when you enter the clear interface command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4, Release 12.4(2)XA1, or Release 12.4(6)T and occurs under the following conditions:
–
–
–
–
Workaround: Reload the router.
Alternate Workaround: Disconnect and connect the cable on the U reference point (between the Telco and the DSU) and enter either one of the following command combinations instead of the clear interface bri 0 command:
–
–
•
Symptoms: When a PPPoE server receives a second PADI from a client (that is, a PADI with the same unique client ID), the PPPoE server may send a PADS with an unknown MAC address.
Conditions: This symptom is observed on a Cisco platform that functions as a PPPoE server that has established a PPPoE session with a client and occurs while PPP LCP negotiation is in progress.
Workaround: There is no workaround.
•
Symptoms: BRI Layer 2 remains in the ESTABLISH_AWAITING_TEI state instead of entering the MULTIPLE_FRAME_ESTABLISHED state.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(9.19a).
Workaround: There is no workaround.
•
Symptoms: Layer2 will be in the down state for the basic-qsig switch type.
Conditions: This symptom has been observed for the basic-qsig switch type in Cisco 3700 routers.
Workaround: Bring the BRI interface UP by changing the switch-type from basic- qsig to basic-net3.
•
Symptoms: Unconfiguring the isdn service b_channel command is not taking effect. The command is not removed from the running configuration.
Conditions: This symptom occurs when configuring the isdn service b_channel command to a state other than the default value of 0 on the ISDN D channel.
Workaround: To remove the command, shut down the T1/E1 controller first and then unconfigure the command under the D channel serial interface.
•
Symptoms: A router may reload when a multilink bundle goes down while packets are flowing.
Conditions: This symptom is observed on a router that is configured for Multilink PPP (MLP) with hardware compression.
Workaround: There is no workaround.
•
Symptoms: Primary and backup NFAS interfaces may transition from WAIT to OOS even after receiving "in-service" message from the PSTN.
Conditions: This symptom is observed on a Cisco AS5400XM that is running several Cisco IOS Release 12.4 mainline and Release 12.4T .
Workaround: There is no workaround.
•
Symptoms: QSIG (ISO) call back (ring back) fails between a Cisco 3745 router and a Cisco 1760 router.
Conditions: The call back fails.
Workaround: There is no workaround.
•
Symptoms: Layer2 of BRI interfaces is not coming up, and it is in the "NOT Activated" state.
Conditions: This issue is seen in Cisco IOS interim Release 12.4(11.1)T.
Workaround: There is no workaround.
•
Symptoms: When a PPP Multilink session is established over ISDN on a router running Cisco IOS version 12.2SB, IPCP fails to negotiate. When debug ppp negotiation is enabled, it shows that IPCP packets from the peer are not processed. The output of show interface for the ISDN D channel interface shows that the input queue limit is 0.
Conditions: This symptom is observed when the ISDN BRI or PRI interface is not configured as part of a dialer rotary-group or dialer pool, and RADIUS is used to assign the multilink bundle to a VRF.
Workaround: Use the dialer rotary-group command to assign the ISDN interface to a dialer.
Resolved Caveats—Cisco IOS Release 12.4(9)T1
Cisco IOS Release 12.4(9)T1 is a rebuild release for Cisco IOS Release 12.4(9)T. The caveats in this section are resolved in Cisco IOS Release 12.4(9)T1 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The TACACS+ AV addr=255.255.255.254 will not be processed correctly with Cisco IOS interim Release 12.4(5.8)T or later.
Conditions: The symptom has been seen in testing Tacacs+ while the same scenario works fine with Radius.
Workaround: There is no workaround.
•
Symptoms: A RADIUS progress code is incorrectly reported for a call that fails at IPCP. The progress code reports that the Link Control Protocol (LCP) is the open state.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.4(3a) and that is configured for AAA.
Workaround: There is no workaround.
•
Symptoms: RADIUS server authentication may not function for dialup and PPP clients.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(7) and that has the radius-server retry method round-robin command enabled.
Workaround: Disable the radius-server retry method round-robin command. Note that the symptom does not occur in Release 12.3 or Release 12.3T.
•
Symptoms: An %AAA-3-ACCT_LOW_MEM_TRASH error message is generated when a low-memory condition occurs. When this situation occurs, a memory leak may occur in AAA data.
Conditions: This symptom is observed when an interface flaps and causes a very large number of sessions to go down simultaneously, in turn generating a very large number of accounting stop records. In this situation, the I/O memory may be held for a long time when accounting records are send and when an AAA server is slow or unreachable.
Workaround: There is no workaround.
•
Symptoms: Reverse Telnet may not function.
Conditions: This symptom is observed when AAA authentication is enabled for the asynchronous line over which you attempt to establish a reverse Telnet connection. The AAA authentication prompt takes the console output as input for the AAA authentication process, causing a login failure for reverse Telnet.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 router crashes with ipsla_rtp_cfg test after starting ip sla schedule with Cisco IOS Interim Release 12.4(7.18)T.
Conditions: The router will crash after issuing the below configuration:
config terminal
controller T1 1/0
ds0-group 0 timeslots 1 type none
ds0-group 1 timeslots 2 type none
ds0-group 2 timeslots 3 type none
ip sla 1
voip rtp 10.10.10.1 source-voice 1/0:1 codec g711u
timeout 10000
exit
ip sla sch 1 star now life 300
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router reloads unexpectedly while configuring BGP access list.
Conditions: This symptom is observed on a Cisco 7206VXR (NPE-G1) processor (revision A). The following commands serve as an example that causes router to reload unexpectedly:
config t
router bgp 100
neighbor EXTERNAL route-map MAP3 out
address-family ipv4 multicast
neighbor EXTERNAL route-map MAP3 out
!
ip as-path access-list 1 deny ^$
ip as-path access-list 2 permit ^(700)+(_1123)|_2374$|^(_700)+(_2374)+
(_1123)+$
ip as-path access-list 3 permit _3400_
ip as-path access-list 4 permit ^(700)+(_3400)|_1123$|^700$|_23\[0-9\]$
!
route-map MAP3 permit 10
match as-path 1
!
route-map MAP3 deny 20
match as-path 2
!
route-map MAP3 permit 30
match as-path 3
!
route-map MAP3 permit 40
match as-path 4
set metric 300
end
Workaround: There is no workaround.
•
Symptoms: A router crashes during the AAA authentication process for interfaces that are configured for PPP.
Conditions: This symptom is observed on a Cisco router when the memory is exhausted. For example, the symptom may occur on a router that attempts to bring up more PPP sessions while its memory usage is already higher than 99 percent of the capacity because of existing configuration and sessions.
Workaround: There is no workaround.
•
Symptoms: SNMPv3 informs are not sent out after a device reload.
Conditions: This symptom is observed when SNMPv3 informs have been configured, and the device is reloaded.
Workaround: Re-enter any of the snmp-server host commands.
IP Routing Protocols
•
Symptoms: The interface-type and interface-number arguments in the distribute-list address family configuration command do not function.
Conditions: This symptom is observed on a Cisco platform that integrates the fix for caveat CSCea59206. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea59206. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Further Problem Description: The fix for CSCed84633 re-enables the interface-type and interface-number arguments in the distribute-list address family configuration command for both VRF interfaces and non-VRF interfaces.
•
Symptoms: A Cisco router may experience a software-forced crash.
Conditions: This symptom is observed on a Cisco router that is configured for secure NAT (SNAT), NAT Stateful Failover, and HSRP.
Workaround: There is no workaround.
•
Symptoms: NAT Virtual Interface (NVI) per VPN routing/forwarding (VRF) is broken from inside to outside. The router shows CEF drops for the destination prefix existing for a route for this prefix on VRF table.
Conditions: This symptom has been observed on Cisco IOS Release 12.3(14)T6 and Interim Release 12.4(7.20)T.
Workaround: Configure static translation for the destination prefix to itself.
•
Symptoms: bgp ipv4 session could not be up.
Conditions: This symptom occurs on Cisco IOS interim Release 12.4(9.15)T only.
Workaround: There is no workaround
•
Symptoms: A ping or a Telnet connection from an inside gateway to an outside gateway through a router that is configured for NAT may fail because of an error in the NAT table lookup process.
Conditions: This symptom is observed on a Cisco router when the preserve-port keyword is not configured in the ip nat service command and occurs whether or not NAT Overload is configured.
Workaround: There is no workaround.
•
Symptoms: The BGP table version remains stuck at 1, and the router may crash.
Conditions: This symptom is observed when you enter the clear bgp ipv4 uni * command for IPv4 or the clear bgp ipv6 uni * command for IPv6. The symptom may also occur when you enter the clear bgp nsap uni * command for an ATM network service access point (NSAP) address family.
Workaround: Enter the clear ip bgp * command to clear the sessions, purge the BGP table, and prevent the router from crashing.
•
This caveats consists of two symptoms, two conditions, and two workarounds:
Symptom 1: A DMVPN tunnel may flap at regular intervals. The NHRP cache entry at the hub expires a long time before its expiration time.
Condition 1: These symptoms are observed on a Cisco router that runs Cisco IOS Release 12.4 when the DMVPN tunnel is up and when you enter the show ip nhrp brief and clear ip nhrp commands. When the tunnel comes up again (because of the NHRP registration by the spoke), the NHRP cache entry expires a long time before its expiration time.
Workaround 1: Do not enter the show ip nhrp brief command.
Symptom 2: A DMVPN tunnel may flap at regular intervals. The NHRP cache entry at the hub expires a long time before its expiration time.
Condition 2: These symptoms are observed on a Cisco router that runs Cisco IOS Release 12.4(6)T or a later release and occurs without any specific action.
Workaround 2: There is no workaround.
•
Symptoms: When a First Hop Router receives (S,G) stream for an Embedded RP group, it might crash while trying to send register packets.
Conditions: This symptom has been observed when trying to send register packets.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: A Cisco router that is configured for RPR or RPR+ may reload its standby RP when a configuration change is made to IS-IS.
The reload of the standby RP is proceeded by the following error messages:
%HA-3-SYNC_ERROR: Parser no match.
%HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1).
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.4. Note, however, that the symptom is platform-independent for Release 12.4 and its derivatives. Any of the IS-IS global configuration commands may trigger the symptom. Following are a few examples of these IS-IS global configuration commands:
- is-type level-2-only
- lsp-gen-interval level-2 5 50 100
- redistribute eigrp
Workaround: There is no workaround.
•
Symptoms: A router that is configured for redistribution into ISO-IGRP may crash.
Conditions: This symptom is observed when the configuration is nvgened.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A router crashes when you remove an Embedded Event Manager (EEM) applet.
Conditions: This symptom is observed on a Cisco 12000 series that runs an interim release for Cisco IOS Release 12.0(32)S but is not platform- and release-dependent. This symptom occurs under the rare occasion that the EEM applet is removed while EEM is attempting to trigger the applet for execution.
Workaround: Perform the following three steps:
1.
2.
3.
•
Symptoms: Unable to send EEM type system SNMP trap notifications.
Conditions: This symptom occurs when users want to send EEM SNMP system type trap notifications upon triggering of a policy.
Workaround: In EEM applet mode if a user desires an SNMP notification upon event trigger, they should specify it as an action by using the action snmp-trap command. In EEM TCL policies, use the action_snmp_trap TCL command.
•
Symptoms: A recursive pattern scan loop can occur when the Embedded Event Manager (EEM) CLI ED attempts to scan for patterns provided by action CLI commands.
Conditions: This issue occurs when an applet contains a CLI event that is scanning for a pattern that is given as a CLI command in one of its actions. See the following example:
event manager applet one
event cli pattern "show version" sync yes
action 1 cli command "show version"
In this example, the action being performed causes the event to trigger in a loop.
Workaround: Do not use an action CLI command containing a pattern that matches the CLI event pattern.
•
Symptoms: A Cisco AS5350 may reload because of a bus error (SIG=10).
Conditions: This symptom is observed when SNMP is configured and when SNMP queries are made into the Cisco AS5350.
Workaround: Disable SNMP or stop polling the router.
•
Symptoms: When you deploy VoIP using PVDM2 / 5510 DSP modules, a hissing sound may be heard before the ringback tone starts on the calling side.
Conditions: This symptom is observed only with 5510 DSP modules. The symptom does not occur with 549 DSP modules.
Workaround: There is no workaround.
•
Symptoms: Router crashes consistently within minutes of making a call from a Cisco 7920 Wireless IP Phone registered to CME 4.0 via a wireless connection. The crash points to memory corruption.
Conditions: This symptom has been seen on Cisco IOS Release 12.4(4)XC.
Workaround: There is no workaround.
•
Symptoms: A voice gateway reloads while bulk calls are being processed.
Conditions: The symptom is observed on a Cisco voice gateway that runs VXML applications that stream voice when the voice gateway receives prompts from an HTTP server.
Workaround: Enter the ivr prompt streamed none command on the voice gateway.
•
Symptoms: When you try to remove an Embedded Event Manager (EEM) policy that has event criteria specified via the event_register_appl Tcl command extension, the attempt fails.
Conditions: This symptom is observed when two or more Embedded Event Manager policies are configured and when only one of these policies has event criteria specified via the event_register_appl Tcl command extension.
Workaround: There is no workaround.
•
Symptoms: Incoming SS7 calls with Loopback Continuity Testing (COT) fail to setup.
Conditions: This symptom occurs with basic 1 call bringup using Loopback COT.
Workaround: There is no workaround.
•
Symptoms: When using GDOI and the crypto engine is VAM2+, the crypto engine throws an invalid attribute error.
Conditions: This symptom has been observed when using VAM2+ with GDOI.
Workaround: Use software Crypto.
•
Symptoms: A Cisco AS5400XM gateway crashes after 24 hour stress with E1-R2 calls.
Conditions: This symptom occurs in stress conditions after a period of 24 hours.
Workaround: There is no workaround.
•
Symptoms: A router cannot be reloaded by entering the reload command, and the following message is displayed when you attempt to reload the router:
The startup configuration is currently being updated. Try again.
Conditions: This symptom is observed under rare conditions and may be triggered after an "Invalid pointer value in private configuration structure" error message is displayed (as seen in caveat CSCin98933). This symptom is observed in Cisco IOS interim Release 12.3(19.7), interim Release 12.4(6.5), and interim Release 12.4(6.5)T, and in later releases.
Workaround: There is no workaround.
•
Symptoms: A voice gateway may crash because of a bus error that is related to an MGCP Visual Message Waiting Indicator (VMWI) function.
Conditions: This symptom is observed on a Cisco IAD 2430 that runs Cisco IOS Release 12.3(14)T2. The symptom may also affect Cisco IOS Release 12.4 and Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: Under heavy stress, a few TDM backplane timeslots (3 or 4) are lost after 12 hours.
Conditions: This symptom has been seen with SS7 with more than 50 calls per second.
Workaround: There is no workaround.
•
Symptoms: When a forced target is used for active probing, then actual probing may not occurring certain conditions. OER looks for a route to a prefix created using the forced target and the mask length of the prefix to which the forced target is assigned. If the route doesn't exist or super route doesn't exist, then probes are not created. For example:
Prefix: 10.1.1.0/24
Forced Target: 10.2.2.2
Routes on BR:
10.2.2.2/32 via Exit1
10.1.1.0/24 via Exit1
Even though there is a route to 10.2.2.2, it will not be probed because OER looks for route 10.2.2.0/24 formed by the target IP 10.2.2.2 and mask length 24 of the prefix 10.1.1.0/24.
The symptom would not occur if there are default routes through all exits.
Conditions: This symptom has been observed when a forced target is used for active probing.
Workaround: Create a route to the prefix formed by the target IP and the mask length of the prefix to which it is assigned or create a default route.
•
Symptoms: The passive monitoring of applications using DSCP as part of application definition is not working because the conversion from DSCP to ToS is missing.
Conditions: This symptom has been observed with applications using DSCP.
Workaround: There is no workaround.
•
Symptoms: With a certain combination of debugs enabled, the packet contents are being displayed. This should be avoided with GDOI because there is sensitive information being displayed.
Conditions: This symptom has been observed with a certain combination of debugs enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2600XM series router may unexpectedly restart while handling a bus error. The original bus error was going to result in an unexpected restart. However the data normally saved after such an event may not be completely saved due to the second unexpected restart.
Conditions: This symptom affects Cisco IOS software after Cisco IOS Interim Release 12.3(10.3)T2 only on the Cisco 2600XM series of routers.
Workaround: There is no workaround.
•
Symptoms: When you reload a CMM in one slot, the CMM in another slot reloads too, and the console of the supervisor engine shows an "EarlRecoveryPatch Reset" error message for the CMM that you intentionally reloaded.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series and Cisco 7600 series when you enter the reload command via the console of the CMM.
Workaround: Do not reload the CMM via its console. Rather, enter the hw-module module slot number reset command for the CMM on the supervisor engine.
•
Symptoms: NAT configurations didn't go through due to insufficient memory.
Conditions: This behavior was observed on a Cisco 831 router running Cisco IOS Interim Release 12.4(1.2)PI1a and also Interim Release 12.4(2.2)T.
Workaround: There is no workaround.
•
Symptoms: The output of the show interfaces sum and the show interfaces tunnel commands is inconsistent.
Conditions: This symptom is observed when CEF switching is enabled and when IPsec tunnel protection or VTI is applied to a tunnel interface.
Workaround: Disable CEF switching and use fast-switching or process-switching.
Further Problem Description: The output of the show interfaces tunnel command shows the wrong number of packets that are switched per second, and the number of bytes that have been switched is shown incorrectly.
•
Symptoms: On rare occasions, Embedded Event Manager (EEM) may cause a crash when you deregister an EEM policy.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series but is platform-independent.
Workaround: There is no workaround.
•
Symptoms: No error message is printed out when running an Embedded Event Manager (EEM) policy that is not registered with the none event detector.
Conditions: This symptom occurs when executing event manager run policy name or action label policy policy name command, but the policy is not registered with the none event detector.
Workaround: There is no workaround.
•
Symptoms: The voice ports of a Cisco IOS Voice over IP (VoIP) gateway that terminates fax calls may lock up and not accept any new calls. The following error messages may be generated on the console or syslog (if enabled):
%HPI-3-CODEC_NOT_LOADED: channel:2/0/0 (171) DSP ID:0x1, command failed as
codec not loaded 0
- Traceback= 615D2FA8 615C8528 617D5044 617D5258 61BBCD44 61BBD764 617BAE88
617BBD38 6138720C
Conditions: This symptom is observed on a Cisco 3600 series router but is not platform-dependent.
Workaround: Disable T.38 and use fax passthrough.
•
Symptoms: When EasyVPN is configured to use a BRI interface as the outside interface, return packets may fail to decrypt properly within the router.
Conditions: This symptom has been observed when EasyVPN is configured.
Workaround: Disable the onboard crypto accelerator.
•
Symptoms: Web Cache Communication Protocol (WCCP) for service 90 is going up and down on a Cisco router that runs Cisco IOS Release 12.4(3b)B. The router has services 81, 82 and 90 configured. The only service that has a problem is 90. The packet traces indicate that the router is sometimes responding to "Here_I_Am" messages from the cache with "I_See_You" messages that contain an incorrect destination IP address. This situation leads to a loss of WCCP service.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(3b) but may also affect other releases.
Workaround: There is no workaround.
•
Symptoms: OSPF and LDP periodically may go down on a Cisco MGX-RPM-XF-512 running Cisco IOS Release 12.3(11)YW1. The protocols may be down for 2 to 3 minutes and then self recover.
Conditions: This symptom has been observed on a Cisco MGX-RPM-XF-512 running Cisco IOS Release 12.3(11)YW1.
Workaround: There is no workaround.
Further Problem Description: Input queue may show Input queue: 776/600 Input OAM queue may show Input OAM Queue: 775
•
Symptoms: A router that has the ip local pool command enabled in an IPv6 configuration may reload under rare circumstances.
Conditions: This symptom is observed when the local pool must allocate prefixes to the same user name on multiple interfaces in a specific order, then releases one of the prefixes, and then attempts to allocate a new prefix.
The interfaces that the prefixes are allocated on, and the ordering of the events, must follow a very specific pattern in order for the symptom to occur.
Workaround: Use per-user prefixes from a RADIUS server, or in a DHCP-PD configuration, use the prefix allocation per DUID.
Further Information: IP local pools in an IPv6 configuration are used by DHCP-PD and by IPv6 Control Protocol (IPv6CP) for IPv6 over PPP links. However, the symptom is unlikely to occur with IPv6CP.
•
Symptoms: A Cisco router may crash when a policy map is simultaneously displayed and unconfigured.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4T but may also affect Release 12.4. The symptom occurs when the show policy-map command is entered via one CLI session while the no policy-map policy-map-name command is entered via another CLI session.
Workaround: There is no workaround.
•
Symptoms: The router resets when switching ipv4 or ipv6 traffic over CEF from one tunnel to another.
Conditions: This symptom has been observed on a Cisco 7200 router with back-to-back tunnels and CEF switching.
Workaround: Do not configure the ip cef global configuration command or the ipv6 cef global configuration command.
•
Symptoms: Alignment errors and a bus error may occur on a Cisco platform that has the ip inspect command enabled.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.4 or Release 12.4T.
Workaround: Disable the ip inspect command.
•
Symptoms: A gateway-controlled T.38 fax relay between an MGCP gateway and another gateway may be disconnected unexpectedly.
Conditions: This symptom is observed on a Cisco platform that is configured for Voice xGCP.
Workaround: There is no workaround.
•
Symptoms: This assertion indicates that the router has dropped an incoming packet due to a known bug in the FIO/GIO. A particle may have been leaked in I/O memory. This is expected to be an extremely rare occurrence; no action is necessary unless it happens repeatedly. Under certain (not well-understood) conditions, this bug may result in an unexpected system reload.
Conditions: This symptom has been observed with ADSL traffic flowing on ADSL port of HWIC_ADSL_BRI card, at high traffic volume, and on more than one PVC.
Workaround: There is no workaround.
•
Symptoms: A Media Termination Point (MTP) does not generate an RFC 2833 event on a second call leg when it should do so.
Conditions: This symptom is observed when a call from a CallManager version 5.0 invokes an MTP and an RFC 2833 event and when the call is supported on both endpoints that are connected via the MTP.
For example, a Cisco 7860 IP phone that is configured for SCCP sends a DTMF via both SCCP and RFC 2833. In this situation, the MTP receives an RFC 2833 event from the Cisco 7860 IP phone and a SCCP DTMF notification from the CallManager for the same DTMF event. This function properly, but the MTP does not generate the RFC 2833 event on the second call leg when it should do so.
Workaround: In the above-mentioned example, disable RFC 2833 DTMF on the Cisco 7860 IP phone.
•
Symptoms: When a Cisco Content Services Switch (CSS) is used in a Customer Voice Portal (CVP) configuration, the Cisco IOS Voice Browser may be unable to play the media file. The CSS does send the HTTP Redirect message that points to the CVP, but the gateway does not react.
Conditions: This symptom is observed on a Cisco AS5400HPX Universal Gateway after you have upgraded this platform from Cisco IOS Release 12.3(3a) to Release 12.4(3b). Other software components in the configuration are CVP 3.1 SR1, ICM 6.0, and Cisco CallManager 4.1(3)SR2.
Workaround: Bypass the Cisco CSS, and point the VXML application directly to the CVP.
•
Symptoms: A Cisco router may reload unexpectedly with a "Signal 0" without a stack trace in the crash info file.
Conditions: This symptom is observed on a Cisco 10000 series that has a PRE and that is configured for SSG. However, the symptom is platform-independent and may occur on any router that is configured for SSG.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for IPSec and ISAKMP may reload unexpectedly because of a bus error exception that is triggered by an address error exception.
Conditions: This symptom is observed rarely and occurs when data leaks during IPSec rekeying. Both IPSec and ISAKMP life times are configured as the recommended values of respectively 3600 seconds and 86,400 seconds. The router may crash when the data is used 65,536 times.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: The Hot Standby Router Protocol (HSRP) may not come up and may remain in the "Init" state, which can be verified in the output of the show standby brief command.
Conditions: This symptom is observed when dampening is configured on a native Gigabit Ethernet interface of a Cisco 7200 series or on a Fast Ethernet interface of a PA-FE-TX port adapter. Other types of interfaces are not affected.
Workaround: When the symptom has occurred, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Gigabit Ethernet and Fast Ethernet interfaces of all routers of the standby group.
To prevent the symptom from occurring, remove dampening from the Gigabit Ethernet and Fast Ethernet interfaces.
•
Symptoms: A router crashes with traceback.
Conditions: This symptom has been observed when a Cisco 7200 router is sending traffic using IXIA after applying crypto map feature.
Workaround: There is no workaround.
Further Problem Description: The crash was obtained when testing TED feature in Cisco 7200 routers using IXIA. While sending packet to initiate IPSec tunnel, the router got crashed with traceback
•
Symptoms: Static map configuration for ATM PVC using protocol ip IP address command is rejected, giving error as ambiguous command.
Conditions: Configure static map on ATM PVC using protocol ip IP address command
Workaround: There is no workaround.
•
Symptoms: VoIP LMR multicast capability does not work on a network module NM-HD-2V with E&M.
Conditions: This symptom has been observed on a network module NM-HD-2V with E&M.
Workaround: There is no workaround.
•
Symptoms: An analog or digital CAS port enters a state in which inbound or outbound calls, or both, may no longer function through the port.
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as gateways with analog or digital CAS ports that use PVDM2 DSP modules.
When this problem occurs, it impacts multiple ports that share the same signaling DSP. The output of the show voice dsp signaling EXEC command shows which DSP is used by a port for signaling. The symptom may occur more often for ports that use DSP 1 on the PVDM2 module for signaling.
Because this issue impacts the signaling channels, it has been seen that calls either will not connect at all through impacted ports or in some cases when multiple simultaneous calls are present on adjacent voice ports/timeslots, the call may connect momentarily before being disconnected.
If a problem occurs only on a single voice port, there is another problem, not this caveat (CSCse15025). PRI/BRI calls are not affected because PRI/BRI does not utilize the DSP for signaling purposes.
When the symptom occurs with either a VIC2-xFXO or EVM DID/FXS module, enter the terminal monitor command followed by the test voice port port- number si-reg-read 39 1 command for one of the affected ports. The output typically should be a single octet value for register 39. When the symptom occurs, information for Registers 40, 41, and 42 is presented and some of the registers show double- octet information. See the example output (2) below.
When the symptom occurs with FXS or analog E&M modules, enter the terminal monitor command followed by the test voice port port- number codec-debug 10 1 command for one of the affected ports. The output typically should be a single octet value for each register. See the example output (4) below.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reload the gateway to restore proper operation.
Further Problem Description: The changes in CSCse15025 includes changes in CSCsc11833 and CScsd90851. These changes have been shown to help mitigate this problem in the majority of cases.
There is a further detection and reset mechanism in CSCse15025 that will recover the DSP which is in this state. This mechanism will trigger immediately if the impacted voice port is an analog FXO port. For other voice ports, a delay in the detection will be present and it is possible to see the symptom of this problem before the recovery code triggers.
Note that the reset mechanism will cause any active calls utilizing the DSP in question to be dropped.
It is recommended if running with modules which can be impacted by this issue to upgrade to a release of software which contains the changes in CSCse15025. If the DSP is reset and the below output is seen, contact the TAC for further assistance. Note that this output is sent at debug level and it is recommended to enable either syslog or logging buffered on the gateway.
Logging buffered on the gateway is enabled through the global command logging buffered 50000 debug as an example to set the logging buffered to use 50K bytes of processor memory for logging. The output of the log can be seen with the exec command show log
----
Example output when detection and recovery code on gateway triggers:
*May 31 14:30:43.343: TDM pointers: 0100 0100 0115 0115. Deltas: 0001 0000.
*May 31 14:30:43.347: Received alarm indication from dsp(0/1)
0030 0000 0080 0000 0013 4100 2E2E 2F2E 2E2F 6D6F 6475 6C65 732F 7363 6865
6475 6C65 2F64 6562 7567 2E63 2833 3634 2900
*May 31 14:30:43.347: ../../modules/schedule/debug.c(364)
*May 31 14:30:43.347: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0,
changed state to Administrative Shutdown
*May 31 14:30:43.647: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1,
changed state to Administrative Shutdown
*May 31 14:30:43.947: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/2,
changed state to Administrative Shutdown
*May 31 14:30:44.247: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/3,
changed state to Administrative Shutdown
*May 31 14:30:48.147: Crash dump CLI may not be configured, not able to get
crash info, slot 0, dsp 1
*May 31 14:30:48.147: DSPDUMP - Recover slot 0 dsp 1
*May 31 14:30:48.147: DSPDUMP - ka sent 0, ka_cnt 51193, skip_ka 103079
*May 31 14:30:50.579: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed state to up
*May 31 14:30:50.947: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0,
changed state to up
*May 31 14:30:51.219: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1,
changed state to up
*May 31 14:30:51.371: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/2,
changed state to up
*May 31 14:30:51.523: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/3,
changed state to up
----
Following are command output examples:
1) Following is an example of normal output for FXO and EVM FXS ports.
For FXO ports, the value is usually 0x01 but for EVM FXS the value can be different. When you run the above-mentioned command, the expected output is that a single octet is displayed and only for register 39. (This command does not work for VIC-4FXS and VIC2-xFXS modules).
router#term mon
router#test voice port 0/3/3 si-reg-read 39 1
router#
Values read from SiLabs Codec connected to DSP 0, channel 11:
--------------------------------------------------------------
Register 39 = 0x01
2) Following is an example of output for FXO and EVM FXS ports that indicates that the symptom has occurred. Note that the exact output for the register values is different, but when the symptom occurs, different lines with information are displayed as shown below:
router#term mon
router#test voice port 0/3/3 si-reg-read 39 1
router#
Values read from SiLabs Codec connected to DSP 0, channel 11:
--------------------------------------------------------------
Register 39 = 0x5CB8
Register 40 = 0xFFFF
Register 41 = 0xFFFF
Register 42 = 0xFFFF
3) Following is an example of normal output for FXS and analog E&M modules. The values that are listed in a normal case may be different, but only four registers of a single octet should be displayed.
Values read from PEB2465 Codec connected to DSP 02 (channel 0):
---------------------------------------------------------------
Extended Register Values (XR4..XR1) = 00, CC, 50, 11
4) Following is an example of output for FXS and analog E&M modules that indicates that the symptom has occurred.
Values read from PEB2x65 Codec connected to DSP 0, channel 1:
------------------------------------------------------------
Extended Register Values (XR4..XR1) = D001, B83C, 3FF1, 63AC
•
Symptoms: A router may during an E1R2 test for different country codes and codecs.
Conditions: This symptom is observed on a Cisco router only when E1R2 digital semi-compelled signaling is used.
Workaround: There is no workaround.
•
Symptoms: Memory depletes over short time when VoAAL2 traffic is passed.
Conditions: PVDM2-64 module is used to pass VoAAL2 traffic.
Workaround: None
•
Symptoms: When the PMC PTT key is pressed on a channel shared by an LMR voice port configured for e-lead voice, the e-lead is not seized.
Conditions: This symptom occurs on Cisco IOS Release 12.4(6)T or Cisco IOS Release 12.4(4)T with versions of VIC2-2E/M hardware older than HW version 5.1.
Workaround: Use Cisco IOS Release 12.4(4)T with newer E+M hardware until issue is resolved.
•
Symptoms: OGW rejects incoming OLC from an alternate endpoint when the slow start procedure is used and so the call is rejected.
Conditions: This symptom has been observed when OGW is configured to use the slow start procedure.
Workaround: There is no workaround.
Further Problem Description: OGW is configured to use the slow start procedure. OGW receives alternate endpoints in the ACF. The call on the primary endpoint fails after H.245 procedures are completed and logical channel are opened. Now OGW tries the call on alternate endpoint, but it rejects the incoming OLC from the alternate endpoint, thus resulting in call failure.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: A Cisco Multiservice IP-to-IP Gateway (IPIPGW) may crash while functioning under stress.
Conditions: This symptom is observed on a Cisco IPIPGW that runs Cisco IOS interim Release 12.4(9.4) or interim Release 12.4(9.9)T.
Workaround: Configure slow start:
voice service voip
h323
call start slow
Note that the symptom does not occur in releases earlier than interim Release 12.4(9.4) or interim Release 12.7(7.24)T.
•
Symptoms: The radius account attribute feature-vsa attribute is being sent even though an accounting template has been applied commenting out the attribute.
Conditions: The symptom has been observed when the filter feature-vsa attribute is using the accounting template.
Workaround: There is no workaround.
•
Symptoms: A VAM2 may reset when it receives a malformed ESP packet, and a "Free Pool stuck" error message may be generated. This situation causes high CPU usage in the encryption process while the software is handling the encryption as opposed to the hardware. Even when the VAM2 recovers, the high CPU usage remains because the software-encrypted tunnels do not fall back to hardware encryption until the SA lifetime expires.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(19) or Release 12.4(7a).
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred and after the VAM2 has recovered, disable software encryption by entering the no crypto engine software ipsec command to force the encryption back to the hardware.
•
Symptoms: A software-forced crash may occur on a Cisco 3745, and an error message similar to the following may be displayed:
rcojx67-vgw01-3745 uptime is 1 day, 16 hours, 19 minutes
System returned to ROM by error - a Software forced crash, PC 0x60A87D38
at 15:59:36 GMT Tue May 16 2006
System restarted at 16:00:35 GMT Tue May 16 2006
System image file is "flash:c3745-ipvoice-mz.123-14.T3.bin"
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.3(14)T3 only when there are some memory allocation failures. The symptom may also affect Release 12.4.
Workaround: There is no workaround.
•
Symptoms: Memory leaks at IPSEC key engine process. In the show memory sum command, the memory block used as "KMI num ipsec" is leaking.
Conditions: This symptom has been seen if there is traffic.
Workaround: It may be possible to disable the hardware encryption. If not, there is no workaround.
•
Symptoms: Inbound calls to FXO ports on Cisco IOS VoIP gateways connect, but audio is not present.
Conditions: With caller-id enable configured on FXO ports, the call will connect, but no audio is heard. When this occurs, the following error message can be seen at debug level:
Jun 20 01:41:15.855: mbrd_e1t1_vic_connect: setup failed
Jun 20 01:41:15.855: flex_dsprm_tdm_xconn: voice-port(0/0/1), dsp_channel
(/0/2/0)
Workaround: Disable caller id on the voice-port.
•
Symptoms: A router is crashing due to bad chunk reference count.
Conditions: This symptom occurs on Cisco 7200 routers running Cisco IOS Release 12.4(6)T2 configured for H.323 voice services.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: There is a possibility router crash due to fixing memory leak problem in "SSS Manager."
Conditions: This symptom may happen in an LAC router.
Workaround: There is no workaround.
•
Symptoms: Analog FXS port on a Cisco 2800/3800 ISR does not go back to idle if it has been offhook for more than a minute at the end of a call.
Conditions: A and B are two FXS ports on the same router connected to analog phones. A calls B. B answers the call. Once the conversation is done, A hangs up. B does not go onhook. After 60 seconds, B starts hearing offhook alert (howler) tone. Putting B onhook now has no effect. B continues to play offhook alert for the rest of its life until the router is reloaded.
Workaround: There is no workaround.
•
Symptoms: The CPU stack frame can become corrupted when a channel-group is configured on the t1/e1 controller.
Conditions: This symptom have been seen on mainboard WIC slots when the slot is configured with the no network-clock participate command.
Workaround: Use the network-clock participate command to configure the VWIC when installed in the mainboard WIC slot of the router.
Further Problem Description: In most situations, no problems are seen. In rare cases, a crash may occur.
•
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
•
Symptoms: A Cisco IOS router may detect a memory corruption and reload.
Conditions: An interface on the system must be configured for Van Jacobsen TCP header compression, using the ip tcp header-compression command, and connected to a third party system.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco device may reload ("System returned to ROM") unexpectedly due to a memory leak in the ISDN L2 process.
Conditions: This symptom is observed on a Cisco device that functions in a call manager-backhaul configuration after running under stress for about 24 hours.
The output of the show processes memory, collected in regular intervals shows a memory leak in the ISDN L2 process. The amount of memory that is held by the ISDN L2 process will be very large and growing.
Workaround: Enter the isdn k 1 command on all backhauled serial interfaces.
•
Symptoms: A router may crash by address error (load or instruction fetch) exception during normal operation.
Conditions: This symptom has been observed when the router is configured with VPDN and Multilink PPP, using Virtual-Template interfaces.
Workaround: There is no workaround.
•
Symptoms: BRI interfaces does not come up when you reload a router. You must enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected BRI interfaces to bring them up.
Conditions: This symptom is observed when you enter the no isdn spoofing command and reload the router.
Workaround: Disable the no isdn spoofing command.
•
Symptoms: VPDN loadbalancing incorrectly biases to one LNS (IP address) instead of sharing the session load between the different LNSs after LNS return from the busy list.
Conditions: This occurs when multiple LNSs are configured for one vpdn-group and are unreachable. They are moved to the busy list. Once the LNSs become reachable again, this problem occurs.
Workaround: There is no workaround.
•
Symptoms: A router which when configured with the frame-relay ip rtp header- compression command crashes with the traceback.
Conditions: This symptom is observed on Cisco 2600, Cisco 3745, and Cisco 7200 routers that run Cisco IOS Interim Release 12.4 (9.9)T.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(9)T
This section describes possibly unexpected behavior by Cisco IOS Release 12.4(9)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.4(9)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
•
Symptoms: A platform reloads after you enter the aaa route download 2 command.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T2.
Workaround: There is no workaround.
•
Symptoms: The ip sla monitor command of type voip is rejected.
Conditions: This symptom has been observed with Cisco IOS interim Release 12.4(5.13)T2.
Workaround: Use the newer command versions of the ip sla command.
•
Symptoms: An access point may crash when you add or remove TACACS servers via the CLI.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)JA1 or Release 12.3(7)JA2 and that has the aaa accounting commands level default list-name group groupname command enabled. The symptom may also occur in other releases.
Workaround: Disable the aaa accounting commands level default list-name group groupname command.
Alternate Workaround: Use RADIUS instead of TACACS.
•
Symptoms: Alarms are not populated in the ceAlarmTable. The ceAlarmlist is empty. The whole entity alarm filtering functionality fails.
Conditions: When the connected interface at the peer device is shut, alarms should be populated in the ceAlarmTable -> ceAlarmList object. It can also be viewed using the CLI show facility-alarm status EXEC command. There are no issues observed in CLI. The show facility- alarm status EXEC command CLI shows alarms correctly. Only the ceAlarmTable -> ceAlarmList object is not getting populated.
Workaround: There is no workaround.
•
Symptoms: When upgrading from Cisco IOS Release 12.4(2)T or Cisco IOS Release 12.4(4)T, the IP SLAs echo operation configuration is lost. This defect is logged because the router (while coming up after reload) does not understand the use of "Dialer" in the interface-name argument of the source-interface interface-name command as shown in this example:
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
250368K bytes of ATA CompactFlash (Read/Write)
type echo protocol ipIcmpEcho 10.0.0.1 source-interface Dialer1
^
% Invalid input detected at '^' marker.
timeout 1000
^
% Invalid input detected at '^' marker.
frequency 3
^
% Invalid input detected at '^' marker.
%Entry not configured
This symptom is related to CSCsc24145.
Conditions: This symptom has been observed on routers having the IP SLA echo operation configured with the ip sla monitor command, when these operations specify the Dialer as the source-interface, and when the router is being upgraded to Cisco IOS Release 12.4(4)T or later version.
Workaround: Reconfigure new operations with the new release after upgrading.
•
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
IP Routing Protocols
•
Symptoms: Sending a ping to the router interface does not get an answer and results in traceback.
Conditions: This symptom has been observed when FPM service policy is configured on the interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 870 router does not offer the vrf keyword during configuration of the router ospf command:
router(config)#router ospf ? <1-65535> Process ID
router(config)#
Conditions: The symptom has been observed in Cisco IOS Interim Release 12.4 (5.8)T. Only the Cisco IOS Release 12.4T train is affected. The symptom is triggered by port of CSCsb73882 in Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: In certain circumstances, if the static reservations are configured via the ip rsvp listener commands, an interface going down can cause the router to crash.
Conditions: This problem is seen under the following conditions:
1.
2.
3.
4.
The problem is not seen if any of these conditions do not hold. For example, routers not running RSVP, or running RSVP only as a midpoint, or routers running MPLS/TE, do not see this problem.
Workaround: There is no workaround. Discontinuing the use of the ip rsvp listener command will prevent the crash.
•
Symptoms: A Telnet session from a TCP host to an X.25 client may fail when the protocol translator is configured in between.
Conditions: This symptom has been observed in Cisco IOS interim Release 12.4 (5.8)T.
Workaround: There is no workaround.
•
Symptoms: Toggle the no ip cef command followed by the ip cef command could cause a router CPUHOG.
Conditions: This symptom is especially vulnerable on a router that is configured with many VRFs (maybe more than 100 VRFs) and with an import/export routes to each other.
Workaround: There is no problem if the command sequence no ip cef command followed by the ip cef command is not executed. If this command sequence is executed, there should be no problem if less than 50 VRFs are configured. As the number of VRFs that are configured is increased, the CPU utilization will rise. There is no workaround.
•
Symptoms: A platform that is configured for Open Shortest Path First (OSPF) and incremental Shortest Path First (SPF) may crash when changes occur in the OSPF topology.
Conditions: This symptom is observed on a Cisco platform that has the ispf command enabled when changes occur in the OSPF topology that cause the intra-area routes to be updated.
Workaround: Disable the ispf command.
Miscellaneous
•
Symptoms: A Cisco gateway may unexpectedly reload because of a software-forced crash when it builds a SIP ACK(nowledgement) or BYE message.
Conditions: This symptom is observed when the gateway receives a SIP response that contains a Record-Route header and a Contact header and when the length of the Contact header exceeds 128*n, in which "n" is the number of URLs in the Record-route header.
Workaround: There is no workaround.
•
Symptoms: Incoming traffic is lost when the IP Source Tracker feature is enabled on an interface. A ping times out.
Conditions: These symptoms are observed when the ip source-track command is enabled on a local interface. Even when you enter the no ip source-track command, traffic does not resume.
Workaround: First write down the IP address of the affected interface, then enter the no ip source-track command followed by the no ip address command on the affected interface, and finally enter the ip address command on the affected interface.
•
Symptoms: The router will crash when the testing script is aborted and the script is re-run without clearing out the existing configuration.
Conditions: This crash has not been seen under normal operating conditions and requires a sequence of events in the code path that are not easily identified. The crash is reproducible.
Workaround: Enter a clear crypto gdoi command on the key server to clear up some existing data structures to prevent the crash.
•
Symptoms: Policing does not drop any packets after the packets are sent or received at a rate that is much higher than the committed information rate (CIR).
Conditions: This symptom is observed on a Cisco 7500 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: RPM-XFL card is continuously rebooting with Cisco IOS Release 12.4T.
Conditions: This symptom has been observed with a VC tunnel priority queue configured with VC SCR rate.
Workaround: There is no workaround.
•
Symptoms: The Key Server crashes with the testing script and ipsec-dgvpn.
Conditions: This crash has not been seen under normal operating conditions and requires a sequence of events in the code path that are not easily identified. The crash is reproducible.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may not set its interface identifier to the ID provided in an IPv6CP exchange.
Conditions: This symptom has been observed when running Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: A gateway running CME or SRST may crash.
Conditions: This symptom has been observed with a Cisco 3825 router running CME with two IP phones and one analog phone attached. This symptom has been observed with both Cisco IOS Release 12.4(4)T and Cisco IOS interim Release 12.4(5.2)T.
Workaround: There is no workaround.
•
Symptoms: Executing the debug rpm hwdiags POS 1 command doesn't display any output.
Conditions: Execute the debug rpm hwdiags POS 1 command on a standby RPM-XF from user mode and the same on an active RPM-XF from privileged mode.
Workaround: There is no workaround.
•
Symptoms: The show policy-map interface sw1.xx command output is jumbled and information pertaining to a class is not fully displayed under the correct class.
Conditions: With service policy-map attached to PVC execute show policy-map interface sw1.xx command
Workaround: There is no workaround.
•
Symptoms: A spurious memory access traceback has been observed.
Conditions: This symptom has been observed when an XF card reloads or resets from PXM.
Workaround: There is no workaround.
•
Symptoms: Memory corruption has been observed.
Conditions: This symptom has been observed when resetting the Multilink interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform that is configured for ISDN and AAA may reload unexpectedly.
Conditions: This symptom is observed on a Cisco AS5400XM that functions under stress. The symptom is platform-independent.
Workaround: There is no workaround.
•
Symptoms: The following message may be displayed on the console when you enter the write memory command or the copy nvram:startup-config command is configured for any SRC configuration:
NV: Invalid Magic found in NVRAM.....Erase of configuration files recommended
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.4(6.7) or interim Release 12.4(6.6)T and affects the following platforms: Cisco 2811, Cisco 2821, Cisco 2851, Cisco 3825, Cisco 3845, and a BCM-based Cisco AS5400.
Workaround: There is no workaround.
•
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•
Symptoms: Cisco 878 and Cisco 2691 routers crash while pinging with the ip inspect command configurations.
Conditions: This symptom has been observed with Cisco IOS interim Release 12.4 (6.6)T. Configure the ip inspect command on an interface and ping the IP address on the interface.
Workaround: There is no workaround.
•
Symptoms: After configuring Multicast and applying the crypto map command, traffic can't go through from the second Ethernet interface to the same group. However, traffic goes through fine from the first Serial interface.
Conditions: The symptom has been observed in Cisco IOS interim Release 12.4(5.13)T2.
Workaround: There is no workaround.
•
There are two customers' escalated issues which are related to the DSL Firmware 3.01.
1.
2.
Both customer and internal DevTest/InterOP lab have verify these problems are fixed by the new 3.05 firmware.
•
Symptoms: When registering an EEM Tcl policy with the event_register_resource command extension, an error message that the keyword policy is not supported will appear.
Conditions: This symptom has been observed when an EEM Tcl policy with the event_register_resource command extension is registered.
Workaround: There is no workaround.
•
Symptoms: An SNMP request to delete a switch connection (setting cwaChanRowStatus to 6 [destroy]) deletes both the Swconn part and the PVC part.
Conditions: This symptom has been observed under normal conditions using SNMP to manage connections on RPM.
Workaround: There is no workaround.
•
Symptoms: Ping can't go through after applying a crypto map.
Conditions: This symptom has been observed with Cisco IOS interim Release 12.4 (6.6)T.
Workaround: There is no workaround.
•
Symptoms: In the IP-MPLS path, the basic MPLS IP to Tag switching for optimum path fails.
Conditions: This symptom has been observed when running Cisco IOS interim Release 12.4(5.13)T3 and interim Release 12.4(5.13)T4.
Workaround: There is no workaround.
•
Symptoms: SIP phones do not receive MWI even though a message is left for a SIP phone user.
Conditions: This symptom has been observed with SIP phones on CME and when CUE has voicemail.
Workaround: There is no workaround.
•
Symptoms: A ping fails with port adapters (PA) inserted into a C7200-I/O Jacket Card with reformation images.
Conditions: This symptom only happens with reformation images and not with classic images.
Workaround: Use a classic image or use the PA in any other slot other than ESCORT.
•
Symptoms: A router reloads when you enter the tunnel protection ipsec profile vpnprof command.
Conditions: The symptom can be observed on a Cisco 7200 series but may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: The Dot11 Radio interface does not come up.
Conditions: This symptom has been observed when using the following procedure:
1.
2.
3.
4.
Workaround: Configure the ssid command and authentication command before using the no shutdown command.
•
Symptoms: The Parallel eXpress Forwarding (PXF) on RPM-XF card reloads and generates a log and a crashinfo file.
Conditions: Bit errors in PXF IRAM can occur, though they are extremely rare. The Bit error in PXF Instruction RAM can cause other issues, like invalid register contents, which could result in other PXF exceptions causing the reload.
Workaround: There is no workaround. The PXF crash process will reload PXF IRAM. All layer 3 connectivity comes up automatically after the PXF reloads.
•
Symptoms: A spurious memory access is generated when the router is booting up after a power-cycle or reload.
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3700 series, and Cisco 3800 series that have a virtual asynchronous auxiliary interface configured.
Workaround: Remove the interface async1 command from the running configuration and reload the router.
•
Symptoms: When the policy-map class bandwidth is modified, it fails for the multilink interface.
Conditions: This symptom has been observed with the output of the policy map attached to multilink and when changing the bandwidth allocation for a class.
Workaround: Use the shutdown command and then the no shutdown command on the switch subinterface.
•
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
•
Symptoms: RFC2833 is not working between Cisco CallManager Express (CME) and a Cisco AS5850 gateway in a SIP trunk service.
Conditions: This symptom has been observed on a Cisco 2800 Series Integrated Services Routers (ISR) running Cisco IOS Release 12.4(4)T2 configured for CME SIP trunking. The VoIP dial-peer has the dtmf-relay rtp- nte command configured.
Workaround: The only workaround is to have the Cisco AS5850 gateway configured for RFC2833 if that is possible in the network. As this change will effect live deployment, it may not be possible, in which there is no workaround.
Further Problem Description: CME is not offering RFC2833 DTMF relay capability when VoIP dial-peer has the RFC2833 DTMF relay configured.
•
Symptoms: The microcode reload generates a CPU Hog traceback.
Conditions: This symptom has been observed on an RPM-XF card with more than 2k policy maps.
Workaround: There is no workaround.
•
Symptoms: Hardware diagnostics for Fast Ethernet always fail.
Conditions: This symptom has been observed when running the hardware diagnostics for the Fast Ethernet back card after plugging the card in.
Workaround: There is no workaround.
•
Symptoms: The router cannot be reloaded using the reload command. The following message is displayed when trying to reload the router:
The startup configuration is currently being updated. Try again.Conditions: This symptom occurs in some rare conditions. It may be triggered after the "Invalid pointer value in private configuration structure" message is displayed (as seen in (CSCin98933,CSCsd63356).
Workaround: There is no workaround other than power cycling the router.
•
Cisco devices running Cisco IOS which support voice and are not configured for Session Initiated Protocol (SIP) are vulnerable to a crash under yet to be determined conditions, but isolated to traffic destined to User Datagram Protocol (UDP) 5060. SIP is enabled by default on all Advanced images which support voice and do not contain the fix for CSCsb25337. Devices which are properly configured for SIP processing are not vulnerable to this issue. Workarounds exist to mitigate the effects of this problem. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.
•
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•
Symptoms: A SIP gateway may not process an incoming REFER request that does not include a "Referred-By" header and turns a "400 Bad Request" response.
Conditions: This symptom is observed on a Cisco platform that functions as a SIP gateway.
Workaround: There is no workaround.
Further Problem Description: RFC3515 does not mandate that a "Referred-By" header is included in a REFER request.
•
Symptoms: A router crashes when a call from the PSTN to a SIP gateway is disconnected.
Conditions: This symptom is observed when the Record-Route header in any message that is received by the gateway is more than 128 bytes long.
Workaround: Reduce the length of the Record-Route header to less than 128 bytes.
•
Symptoms: Traffic drop is seen on WIC-1SHDSL-V3.
Conditions: The issue happens when the WIC-1SHDSL-V3 is in line-mode auto mode. We have not seen this dropping conditions in 2-wire line-mode.
Workaround: There is no workaround for this issue if you want to use 4-wire mode.
•
Symptoms: An analog or digital CAS port enters a state in which inbound or outbound calls, or both, may no longer function through the port.
Conditions: This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as gateways with analog or digital CAS ports that use PVDM2 DSP modules.
It may take some time for the symptom to occur, but when it does occur, it impacts multiple ports that share the same signaling DSP. The output of the show voice dsp signaling EXEC command shows you which DSP is used by a port for signaling. The symptom may occur more often for ports that use DSP 1 on the PVDM2 module for signaling.
Because this issue impacts the signaling channels, it has been seen that calls either will not connect at all through impacted ports or in some cases when multiple simultaneous calls are present on adjacent voice ports/timeslots, the call may connect momentarily before being disconnected.
If a problem occur only on a single voice port, there is another problem, not this caveat (CSCsc11833). PRI/BRI calls are no affected because PRI/BRI does not utilize the DSP for signaling purposes,.
When the symptom occurs with either a VIC2-xFXO or EVM DID/FXS module, enter the terminal monitor command followed by the test voice port port- number si-reg-read 39 1 command for one of the affected ports. The output typically should be a single octet value for register 39. When the symptom occurs, information for Registers 40, 41 and 42 is presented and some of the registers show double-octet information. See the example output (2) below.
When the symptom occurs with FXS or analog E&M modules, enter the terminal monitor command followed by the test voice port port-number codec-debug 10 1 command for one of the affected ports. The output typically should be a single octet value for each register. See the example output (4) below.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reload the gateway to restore proper operation.
Further Problem Description: When you run a Cisco IOS software image that integrates the fix for this caveat (CSCsc11833) and the symptom still occurs, contact the TAC.
Following are command output examples:
1) Following is an example of normal output for FXO and EVM FXS ports.
For FXO ports, the value is usually 0x01 but for EVM FXS the value can be different. When you run the above-mentioned command, the expected output is that a single octet is displayed and only for register 39. (This command does not work for VIC-4FXS and VIC2-xFXS modules).
router#term mon
router#test voice port 0/3/3 si-reg-read 39 1
router#
Values read from SiLabs Codec connected to DSP 0, channel 11:
--------------------------------------------------------------
Register 39 = 0x01
2) Following is an example of output for FXO and EVM FXS ports that indicates that the symptom has occurred. Note that the exact output for the register values is different, but when the symptom occurs, different lines with information are displayed as shown below:
router#term mon
router#test voice port 0/3/3 si-reg-read 39 1
router#
Values read from SiLabs Codec connected to DSP 0, channel 11:
--------------------------------------------------------------
Register 39 = 0x5CB8 Register 40 = 0xFFFF Register 41 = 0xFFFF Register 42 = 0xFFFF
3) Following is an example of normal output for FXS and analog E&M modules. The values that are listed in a normal case may be different, but only four registers of a single octet should be displayed.
Values read from PEB2465 Codec connected to DSP 02 (channel 0):
---------------------------------------------------------------
Extended Register Values (XR4..XR1) = 00, CC, 50, 11
4) Following is an example of output for FXS and analog E&M modules that indicates that the symptom has occurred.
Values read from PEB2x65 Codec connected to DSP 0, channel 1:
------------------------------------------------------------
Extended Register Values (XR4..XR1) = D001, B83C, 3FF1, 63AC
•
Symptoms: TCP connections may not be established between an end device that has TCP stacks that are not RFC-compliant and a platform that has a Cisco IOS firewall enabled.
Conditions: This symptom is observed when the platform that has the Cisco IOS firewall enabled enforces strict checking for a TCP Window Scale option per RFC1323 section 2.
Workaround: There is no workaround. Note that the Cisco IOS firewall functions properly.
Further Problem Description: This is an enhancement request. For Cisco IOS software images that implement this enhancement, the Cisco IOS firewall makes an exception to RFC1323 section 2 so TCP connections can be established between the platform that has the Cisco IOS firewall enabled and an end device has TCP stacks that are not RFC-compliant.
•
Symptoms: ccmeEphoneActTable from CISCO-CCME-MIB provides inconsistent results.
Conditions: This symptom has been observed when a partial SNMP GET is issued on selected columns from ccmeEphoneActTable.
Workaround: Perform a complete SNMP GET instead of a few entries on ccmeEphoneActTable.
•
Symptoms: Call forward busy to Unity gets the subscriber standard greeting instead of the busy greeting.
Condition: This symptom has been observed when Unity integrates with CME 3.4.
Workaround: There is no workaround.
•
Symptoms: A router crash may occur if FPM policies are configured and the CISCO-CLASS-BASED-QOS-MIB.my MIB is queried.
Conditions: This symptom has been observed when FRM policies are configured on routers running Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: User CLI sessions would be stuck on all Cisco routers while configuring QoS.
Conditions: This symptom has been observed after executing a show policy-map interface command with Cisco IOS Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: Intrusion Prevention System (IPS) signatures that require inspection of TCP flows below port 550 may not be triggered on a Cisco IOS IPS device.
Conditions: This symptom is observed on a Cisco IOS router that is configured for IPS functionality.
Workarounds: Apply CBAC (Context Based Access Control) in addition to IPS.
Further Information: On a Cisco IOS router with IPS (Intrusion Prevention System) enabled, all TCP flows should be subject to TCP stateful inspection until the TCP 3-way handshake is complete. This does not work for TCP sessions with a destination port that is less than 550, if it does not match a predefined signature on the router.
•
Symptoms: Router-originated packets that are subject to encryption are bypassing the Quality of Service (QoS) feature. This prevents QoS from giving priority to protocol packets (for example BGP), which in turn can cause these protocol packets to be dropped when the outgoing link is congested.
Conditions: This symptom is observed when router-originated packets are IPSec encrypted.
Workaround: Disable CEF and fast switching and use process switching.
•
Symptoms: The radio fails to function with constant assertion fail and message shows Atheros Chipset met fatal error.
Conditions: 1. With total 384Mb memory (128Mb on board and 256Mb external DIMM memory) in a Cisco 2801 or Cisco 1841 router. 2. Use the no shut command in radio interface mode and configure any one SSID.
Workaround: Replace 256Mb DIMM with 128Mb DIMM.
•
Symptoms: The Cisco IOS has the capability to implement HSP feature but the MIB support is incomplete. HSRP-related MIBs have not been implemented in the Cisco 800 series platforms.
Conditions: This symptom has been observed on Cisco 800 series routers.
Workaround: There is no workaround.
•
Symptoms: 100% CPU utilization will be observed on Cisco 2811, Cisco 2821, and Cisco 2851 routers even with no or minimal traffic.
Conditions: This will happen on the Cisco 2811, Cisco 2821, and Cisco 2851 routers with the images that have integrated the CSCsc10961 fix and have Serial, or DSL interfaces on the native HWIC slots.
Workaround: There is no workaround.
•
Symptoms: A router may crash when threats are continuously sent and removed from a controller and when simultaneously access control list (ACL) entries are checked by entering the show ip access-lists command.
Conditions: This symptom is observed when an ACL entry is being displayed and when simultaneously the same entry and the next entry are being deleted.
Workaround: Do not enter the show ip access-lists command while a dynamic ACL entry is being deleted.
•
Symptoms: PPPoE sessions are not established.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release version 12.4(6.3) but may also occur in other releases of Release 12.4 or Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: Only one PRI channel instead of all PRI channels is busied out when Advanced Voice Busy-Out (AVBO) is used.
Conditions: This symptom is observed on a Cisco router when the busyout monitor interface command is enabled and when the interface for which the command is enabled is shut down.
Workaround: There is no workaround.
•
Symptoms: Cisco 876 and Cisco 877 routers fail to synchronize with third-party vendor DSLAMs.
Condition 1. The DSL line of a Cisco 876 router with the dsl operating-mode auto command configured fails to synchronize with a third-party vendor DSLAM and line card SU ADSL 32I (TI chipset).
Condition 2. The DSL line of Cisco 876 and Cisco 877 routers with the dsl operating-mode auto command configured fails to synchronize in ADSL2/2+ Rate-Adaptive mode with another third-party vendor DSLAM at and below 2000m line loop length with maximum data rates configured as 512/512 Kbps upstream and downstream.
Workaround 1. There is no workaround.
Workaround 2. For 512/512 Kbps profile, if the line operating mode is set to itu-dmt, the line trains up fine in ADSL1 mode.
•
Symptoms: When the stcapp global configuration command is enabled, the command is not accepted and the following error messages are generated:
STCAPP: Internal error: Unable to create codec list... exiting stcapp shutdown initiated... waiting for calls to clear. stcapp shutdown complete.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(6.3) but may also affect Release 12.4T.
Workaround: There is no workaround.
•
Symptoms: On a Dynamic IPSec VTI, when a packet is greater than twice the IP MTU (i.e., needing more than 2 fragments), the first fragment is transmitted but not the additional fragments.
From the show ip traffic command:
–
–
Conditions: This symptom has been observed when an IP packet needs more than two fragments on a router serving as an IPSec Gateway using Dynamic IPSec VTI. It is only seen when Cisco Express Forwarding (CEF) is turned on.
Workaround: There is no workaround.
•
Symptoms: The router crashes when you configure a crypto map in sparse mode.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec and multicast.
Workaround: There is no workaround.
•
Symptoms: There is no voice path and packets are not encrypted or decrypted.
Conditions: This symptom has been observed when a call is made as an SRTP call.
Workaround: There is no workaround.
•
Symptoms: RP-sourced control packets are delayed causing protocol timeouts.
Conditions: This symptom has been observed with VC congestion, when SAR-based- cbwfq is enabled, and when the output service policy is attached to the VC.
Workaround: There is no workaround.
•
Symptoms: The gateway reloads during call transfer scenarios.
Conditions: This affects calls on a SIP-SIP CME or an IPIP GW, which is doing consultative transfer.
Workaround: There is no workaround.
•
Symptoms: The Cisco 1812J router could crash due to:
1.
2.
3.
Conditions: The symptoms have been observed on Cisco 1812-J routers with Cisco IOS Release 12.4(4)T and 12.4(6)T and Rommon Release 12.3(8r)YH6.
Workaround: There is no workaround.
•
Symptoms: When a router is configured for IPv6-NAT-PT the router goes into a software forced reload when the show ipv6 nat translations verbose command is executed. The following error message is displayed:
%Software-forced reload Preparing to dump core...
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.4(3b).
Workaround: Do not execute the show ipv6 nat translations verbose command.
•
Symptoms: A router that functions as a DHCP client may crash.
Conditions: This symptom is observed on a Cisco router when you change the DHCP service through the ip address dhcp command or when DHCP is configured more than once.
Possible Workaround: Before you make any changes, stop the DHCP service by entering the no ip address dhcp command followed by the ip address dhcp command.
•
Symptoms: Bidirectional Forwarding Detection (BFD) support was added for the Cisco 7200 and Cisco 7301 platforms in Cisco IOS Release 12.4(4)T. Some interface level BFD commands are not configurable which may prevent the full BFD feature from working.
Conditions: This symptom is seen with all feature set images of Cisco 7301 and Cisco 7200 of Cisco IOS Release 12.4(4)T and Cisco IOS Release 12.4(4)T1 except Cisco 7200 with GGSN feature set images of same versions.
Workaround: There is no workaround.
•
Symptoms: Issuing the trust-point storage command sometimes causes a crash.
Conditions: This symptom only occurs when an error occurs on a previous execution of this command. The second execution of the command results in a crash.
Workaround: If an error occurs when issuing this command, the trustpoint must be removed and re-created to avoid a crash.
•
Symptoms: The TDM crossconnect for a T1/E1 WIC does not function.
Conditions: This symptom is observed on a Cisco IAD 2400 series that is configured with a VIC2-2MFT-T1/E1 WIC.
Workaround: Use the native T1/E1 slot to install the WIC in.
•
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•
Symptoms: Router crashes when sending trap related to tunnel down if the remote peer ID is FQDN.
Conditions: This symptom has been observed with the tunnel down and remote peer with FQDN ID.
Workaround: Do not use FQDN as a remote peer ID.
•
Symptoms: The Parallel Express Forwarding (PXF) external column memory (XCM) cannot be read without superuser privileges.
Conditions: This symptom has been observed with an RPM-XF Cisco router running Cisco IOS Release 12.4T and earlier.
Workaround: There is no workaround.
•
Symptoms: Protocol Independent Multicast (PIM)sparse mode (SM) Multicast-VPN (MVPN) Core is not working.
Conditions: The symptom has been observed in IPFR LSNT with MGX-based RPM-XF PEs and RPM-XF Hub/P routers, which uses Parallel Express Forwarding (PXF) for forwarding.
Workaround: There is no workaround.
•
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•
Symptoms: Traffic through an IPsec VPN connection does not leave the router.
Conditions: This symptom has been observed when the interface where the
Guest
