Feedback
Table Of Contents
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S. Caveats describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This chapter includes severity 1, severity 2, and selected severity 3 bugs.
Note
For information about the caveats pertaining to releases earlier to 3.6S, see Cisco IOS XE 3S Release Notes.
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
In each section, the following information is provided for each caveat:
•
•
•
Note
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
http://docwiki.cisco.com/wiki/Category:Internetworking_Terms_and_Acronyms_(ITA)
This chapter contains the following sections:
•
•
•
•
•
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S
This chapter contains the following sections:
•
•
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S
This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S.
•
Symptom: OSPF IPv6 control packets are not encrypted or decrypted.
Conditions: This issue occurs while configuring the IPv6 OSPF authentication.
Workaround: There is no workaround.
•
Symptom: flexVPN client ikev2 sa stuck at IN-NEG with status description:
Initiator waiting for AUTH response.
Conditions: flexVPN server initialclear crypto session command to clear 4K crypto sessions. After crypto session recovered, there is 1 ikev2 sa at flexVPN client stuck at IN-NEG status. At flexVPN server, there is no ikev2 peer, 172.4.234.1.
Client: 2ru-2#sh crypto ikev2 sa local 172.4.234.1 det
Load for five secs: 12%/1%; one minute: 9%; five minutes: 9%
Time source is NTP, 11:49:38.299 PDT Thu Jul 5 2012
Tunnel-id Local Remote fvrf/ivrf Status 1
172.4.234.1/500 172.255.255.252/500 none/none IN-NEG
Encr: AES-CBC, keysize: 256, Hash: SHA512, DH Grp:5, Auth sign: PSK, Auth verify: Unknown - 0 Life/Active Time: 86400/0 sec CE id: 50798, Session-id: 0
Status Description: Initiator waiting for AUTH response
Local spi: 7E92CB576E3BC65B Remote spi: 01B87002CE230A4A
Local id: 2ru-2-1000.cisco.com Remote id: Local req msg id: 1 Remote req msg id: 0 Local next msg id: 2
Remote next msg id: 0 Local req queued: 1
Remote req queued: 0 Local window: 5
Remote window: 1 DPD configured for 0 seconds, retry 0
NAT-T is not detected Cisco Trust Security SGT is disabled Initiator of SA : Yes 2ru-2#Workaround: flexVPN client is able to use the clear crypto ikev2 sa psh <index> command to delete stuck ikev2 sa.
•
Symptoms: Static routes are not getting removed.
Conditions: This symptom is observed with Smap - Smap. Removal of CLI does not remove the static route.
Workaround: Remove the ACL before removing the SA.
•
Symptom: QFP may reload.
Conditions: The known conditions for this are to have oneFirewall and NAT configured on a ASR1002-X, but crash is intermittent.
Workaround: There is no workaround.
•
Symptom: ucode crashes at
REM_REM_MISC_ERR_LEAF_INT_INT_REM_POP_REQ_TO_EMPTY_SCHEConditions: on flapping multilink interfaces
Workaround: There is no workaround.
•
Symptom: With IPsec (crypto-map mode) configured, after VFR disable followed by ASR reboot, the no ip virtual-reassembly-out CLI is lost and VFR is re-enabled.
Conditions:
1. Apply crypto map on the interface.
2. Manually disable VFR with the no ip virual-reassembly-out command.
3. Save config.
4. Reload.
Workaround: After reload, again disable VFR with no ip virual-reassembly-out.
•
Symptom: Netsync customer seeing clock in ql-failed state on one ASR-2ru.
Conditions: The issue occurred when distributing stratum 1 clock source through its network.
Workaround: If both SPAs are in the same slot, do not send the secondary config.
•
Symptom: After a Web logon, the user does not get a Web logon response page sent by the portal. If the Web logon is successful, the user is not redirected to the Web address specified. Instead, the user is redirected to the portal for authentication.
Conditions:
1. Walkby feature is enabled with L4R & PBHK features applied to lite session.
2. User initiated the Web logon request.
Details: Upon a Web logon, an account-logon COA request is triggered from the portal to ISG. In ISG, the request triggers conversion of the lite session to a dedicated session. During the conversion, lite session and its associated resources (L4R and PBHK mappings) are removed from PD, and the dedicated session gets provisioned. Once conversion is done, ISG replies to the portal with COA ACK/NACK. Based on the response from ISG, the portal generates a Web logon response-page (SUCCESS/FAILURE) and sends it back to the client.
But when the response packet reaches ISG, it does not get classified to the downstream session (because PBHK & L4R mapping were deleted). As a result, the packet is dropped in ISG.
Workaround: There is no workaround.
•
Symptom: ASR router might start using new SPIs before quick mode exchange finishes. This causes invalid SPI messages on the receiver side and, in some cases, flap of IKE/IPsec.
Conditions: First seen on IOS XE 15.2(4)S with DMVPN.
Workaround: There is no workaround.
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S
This section documents resolved issues on Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.S.
•
Symptom: A Cisco 5400XM may reload unexpectedly.
Conditions: This symptom is intermittent and is seen only when the DSPs available are insufficient to support the number of calls.
Workaround: Ensure that sufficient DSPs are available for transcoding.
•
Symptoms: After reload, ISDN layer 1 shows as deactivated. Shut/no shut brings the PRI layer 1 to Active and layer 2 to Multi-frame established.
Conditions: This symptom occurs when "voice-class busyout" is configured and the controller TEI comes up before the monitored interface.
Workaround: Remove the "voice-class busyout" configuration from the voice-port.
•
Symptom: Sometimes, users may face a "peer leak" situation with EzVPN.
Conditions: This symptom may occur when an NAT box gets reloaded/rebooted with live translations.
Workaround: Reload the router to clear the leaked peers.
•
Symptom: The router crashes upon initiation of an MSRPC secondary channel.
Conditions: When using a pre-gen created by control channel.
Workaround: There is no workaround.
•
Symptom: When the system includes a Cisco AS5350 universal gateway, the CCSIP_SPI control causes a memory leak.
Conditions: The symptom is observed with the following IOS image: c5350-jk9su2_ivs-mz.151-4.M2.bin. It is seen with an outgoing SIP call from gateway (ISDN PRI --> AS5350 --> SIP --> Provider SIP gateway).
Workaround: There is no workaround.
•
Symptom: When attempting a T.38 fax call on a gateway, you might see the following in the logs: 006902: %FLEXDSPRM-3-UNSUPPORTED_CODEC: codec cisco is not supported on dsp 0/0 006903: %FLEXDSPRM-5-OUT_OF_RESOURCES: No dsps found either locally or globally.
Conditions: The symptom is observed with a T.38 fax call.
Workaround: There is no workaround.
•
Symptom: A router has an unexpected reload due to CCSIP_SPI_CONTROL process.
Conditions: This issue has been seen in Cisco IOS Release 15.2(3)T.
Workaround: There is no workaround.
•
Symptom: Files cannot be downloaded using the management interface via FTP or HTTP. SCP might also be affected. This can include firmware files, configuration files, or license files.
Conditions: This symptom occurs when using the management interface on a RP2 route processor or the Cisco ASR 1000 router.
Workaround: Use an interface other than the management interface to download the file or use a protocol that does not use TCP as the session transport, for example, TFTP. If you need to use the management interface, see the workaround attached to the caveat.
•
Symptom: A Cisco router experiences a spurious access or a crash. Cisco ISR-G1 routers such as a 1800/2800/3800 experience a spurious access. ISR-G2 routers such as the Cisco 2900/3900 routers that use a Power PC processor crash because they do not handle spurious accesses.
Conditions: This symptom occurs after enabling a crypto map on an HSRP-enabled interface.
Workaround: There is no workaround
•
Symptom: The ASR1002-X Series Aggregation Services Router with large numbers of MLPPP bundles might experience a crash, with the following error message:
%CPPOSLIB-3-ERROR_NOTIFY: SIP0: cpp_cp: cpp_cp encountered an error.This would be followed by a traceback and eventual reload of the router.Conditions: Large numbers MLPPP bundles on an ASR1002-X Series router.
Workaround: Keep the number of single-link MLPPP bundles under 4000, and the total number of multi-member MLPPP bundles under 2000.
•
Symptom: (Intermittently) One-way traffic is seen on a DMVPN spoke-to-spoke tunnel one minute after the tunnel is built. Message:
Invalid SPI.Conditions: The symptom is observed with Cisco IOS Release 15.1(3)T1.
Workaround: There is no workaround.
•
Symptoms: Malformed RTCP packets are observed.
Conditions: This symptom occurs when DTMF interworking is enabled or SRTP/SRTCP is in use.
Workaround: Disable DTMF interworking if not required for the call.
•
Symptom: The WAAS-Express device goes offline on WCM.
Conditions: This symptom occurs when a certificate is generated using HTTPS using the Cisco IOS Release 15.1(3)T image. After upgrade to Cisco IOS Release 15.2(3)T, the WAAS-Express device goes offline on WCM.
Workaround: Configure an rsakeypair on the TP-self-signed trustpoint with the same name and execute the
<CmdBold>enroll<noCmdBold>command again or delete the self-signed trustpoint point and reenable the HTTP secure-server.•
Symptom: SIP memory leak seen in the event SIPSPI_EV_CC_MEDIA_EVENT.
Conditions: The command show memory debug leaks shows a CCSIP _SPI_CONTORL leak with size of 6128 and points to the event:
SIPSPI_EV_CC_MEDIA_EVENT?:
Adding blocks for GD...
I/O memory
Address Size Alloc_pc PID Alloc-Proc Name
Processor memory
Address Size Alloc_pc PID Alloc-Proc Name
286E144 6128 8091528 398 CCSIP_SPI_CONTR CCSIP_SPI_CONTROLWorkaround: There is no workaround.
•
Symptoms: Reverse routes are not installed for an IPsec session while using dynamic crypto map.
Conditions: Occurs when the remote peer uses two or more IP addresses to connect and the session goes down and comes back at least twice.
Workaround: Issue clear crypto session for that peer.
•
Symptom: A crash with traceback is seen, and all calls are dropped.
Conditions: This symptom is observed under all conditions.
Workaround: There is no workaround. The gateway crashes, and the soak time appears to be six weeks.
•
Symptom: The router crashes continuously after a normal reboot due to power or some other reason. Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1) uptime is 4 days, 11 hours, 38 minutes System returned to ROM by error - a Software forced crash, PC 0x88D26F0 at 07:42:45 UTC Sat May 5 2012 System restarted at 07:43:55 UTC Sat May 5 2012 System image file is
"flash:c3900-universalk9-mz.SPA.150-1.M4.bin" ; Last reload type: Normal Reload ---------------------------- generated Traceback: Pre Hardware Replacement Crashinfo: ------------------------------------ #more flash0:crashinfo_20120519-165015-UTC ------------------ Traceback Decode: ------------------ tshakil@last-call-2% rsym c3900-universalk9-mz.150-1.M4.symbols.gz Uncompressing and reading c3900-universalk9-mz.150-1.M4.symbols.gz via /router/bin/zcat c3900-universalk9-mz.150-1.M4.symbols.gz read in Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z 0x88D1D88:fsm_crank(0x88d1d2c) 0x5c 0x88D27C0:fsm_exec_w_option(0x88d2650) 0x170 0x729E558:htsp_process_event(0x729e1d4) 0x384 0x729E6F4:htsp_main(0x729e62c) 0xc8 0x495F298:ppc_process_dispatch(0x495f274) 0x24 0x4962FC8:process_execute(0x4962e24) 0x1a4 Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z 0x88D1D88:fsm_crank(0x88d1d2c) 0x5c 0x88D27C0:fsm_exec_w_option(0x88d2650) 0x170 0x729E558:htsp_process_event(0x729e1d4) 0x384 0x729E6F4:htsp_main(0x729e62c) 0xc8 0x495F298:ppc_process_dispatch(0x495f274) 0x24 0x4962FC8:process_execute(0x4962e24) 0x1a4 Enter hex value: -------------------------------- Crash File Post Installation: ------------------------------ #more flash0:crashinfo_20120519-185725-UTC ------------------ Traceback Decode: ----------------- Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z 0x88D1D88:fsm_crank(0x88d1d2c) 0x5c 0x88D27C0:fsm_exec_w_option(0x88d2650) 0x170 0x729E558:htsp_process_event(0x729e1d4) 0x384 0x729E6F4:htsp_main(0x729e62c) 0xc8 0x495F298:ppc_process_dispatch(0x495f274) 0x24 0x4962FC8:process_execute(0x4962e24) 0x1a4 Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z 0x88D1D88:fsm_crank(0x88d1d2c) 0x5c 0x88D27C0:fsm_exec_w_option(0x88d2650) 0x170 0x729E558:htsp_process_event(0x729e1d4) 0x384 0x729E6F4:htsp_main(0x729e62c) 0xc8 0x495F298:ppc_process_dispatch(0x495f274) 0x24 0x4962FC8:process_execute(0x4962e24) 0x1a4 ---------------------------------------------------Conditions: This symptom is observed with the following conditions: - MGCP gateway. - Take out all the modules from the router. - Put the modules one by one. - Apply the configuration. - The router is stable. The lab test recreated as follows: 1) Disable auto-configuration, that is, "no ccm-manager config". 2) Reload the gateway. 3) Enable the CCM manager configuration and the router does not crash.
Workaround 1: Bypass the start-up configuration and log in via ROMmon without any configuration. Add the configuration one by one. Once the configuration is added, save the configuration and reload the gateway.
Workaround 2: Shut down the router and add the cards one by one in slots 0, 1, 2, 3, and 4. The device is stable until the third slot is inserted and brought up. As soon the router is powered on, after adding the fourth slot, the crash starts. Shut down the router and remove the card in slot 4 (EVM-HD-8FXS/DID). Bring the device up without the card in slot 4 (EVM-HD-8FXS/DID). Remove the "mgcp" and "ccm-manager fallback-mgcp" configuration from the device because the console log is displaying the "Call Manager backhaul registration failed" error message. Shut down the router and add the card which was removed. Bring up the router. Read the ccm-manager fallback-mgcp command and do a "no mgcp/mgcp". The router becomes stable.
Workaround 3: Remove the ccm-manager config command by no ccm-manager config which tears down the connection from the call manager to the MGCP gateway. The gateway will not download the configuration from the call agent at the time of startup. Reload the router. Once the router is back and stable, readd the command.
•
Symptoms: The router stops passing IPsec traffic after some time.
Conditions: This symptom is observed when the show crypto eli command output shows that during every IPsec P2 rekey, the active IPsec-Session count increases, which does not correlate to the max IPsec counters displayed in the SW.
Workaround: Reload the router before active sessions reach the max value. To verify, do as follows:
router#sh cry eli
CryptoEngine Onboard VPN details: state = Active
Capability : IPPCP, DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE, HA
IPSec-Session : 7855 active, 8000 max, 0 failed•
Symptom: Occasionally, after full chassis reload, all ATM autovc fail to come up upon reception of PADI. CPE gets no PADO. All PPPoEoA sessions fail to establish on the chassis.
Conditions: Trigger unknown. This condition occurs intermittently, after full chassis reload, once every ~50 reloads.
Workaround: If the condition occurs, reload the chassis again.
•
Symptom: Intermittently during Phase II rekey, after new SPIs are negotiated and inserted into SPD, old SPIs are removed and then VTI tunnel line protocol goes down.
Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T, with VTI over GRE.
Workaround: There is no workaround.
•
Symptoms: In a VTI scenario with HSRP stateless HA, the tunnel state on standby is up/up.
Conditions: This symptom occurs when HSRP is configured and there is no SSO configuration.
Workaround: There is no workaround.
•
Symptoms: If CUBE has midcall reinvite consumption enabled, it also consumes SIP 4XX responses. This behavior can lead to dropped or hung calls.
Conditions: This symptom occurs when midcall reinvite consumption is enabled.
Workaround: There is no workaround.
•
Symptom: Address Error exception is observed with ccTDUtilValidateDataInstance.
Condition: This symptom is observed with ccTDUtilValidateDataInstance.
Workaround: There is no workaround.
•
Symptom: The voice gateway router is configured as a CME for handling ephone reloads due to spurious memory access.
Condition: This symptom occurs as the voice gateway router is capable of handling ephones. Reload is very specific to ephone handling.
Workaround: There is no workaround.
•
Symptom: Permanent license disappear after the IOS upgrade or downgrade.
Conditions: This symptom occurs when:
–
–
Workaround: Without this fix: Do a license save from 3.4 before the upgrade and re-install in 3.6 in 34, save all the licenses to a file to bootflash 1RU#license save <file location> in 36 , install back all the licenses from the file 1RU#license install <file location>.
With this fix: To avoid this, customers have to create a file in the bootflash called 1RU_34_36_ENFORCE_LICENSE_MIGRATION to enforce the migration of all the licenses before the upgrade process. The file will be removed automatically after the license migration.
For example: 1RU#license save bootflash:1RU_34_36_ENFORCE_LICENSE_MIGRATION For the routers, which are already experiencing this issue, customers can either try to reinstall the licenses or downgrade to 34, create the file in bootflash and upgrade with 36 or later image with this fix again.
•
Symptoms: No-way audio is observed on hair-pinned calls back from CUBE to SIP Provider. The call flow is as follows: PSTN caller --Verizon---(sip)---ASR CUBE---(sip)---CUSP---(sip)---Genesis (SIP refer sent to transfer back to Verizon) -- CUSP - CUBE - Verizon -- PSTN
Conditions: This symptom is observed only after upgrading to Cisco IOS Release 15.2(2)S.
Workaround: Modify the diversion header on the transfer leg invite. Therefore, the Verizon handles the call differently.
•
Symptom: Cisco IOS Unified Border Element (CUBE) contains a vulnerability that could allow a remote attacker to cause a limited Denial of Service (DoS). Cisco IOS CUBE may be vulnerable to a limited Denial of Service (DoS) from the interface input queue wedge condition, while trying to process certain RTCP packets during media negotiation using SIP.
Conditions: Cisco IOS CUBE may experience an input queue wedge condition on an interface configured for media negotiation using SIP when certain sequence of RTCP packets is processed. All the calls on the affected interface would be dropped.
Workaround: Increase the interface input queue size. Disable Video if not necessary.
•
Symptoms: CUBE does not send a response to an early dialog UPDATE in a glare scenario.
Conditions: This symptom occurs when CUBE receives an early dialog UPDATE when it sends 200OK to INVITE and expects ACK.
Workaround: There is no workaround.
•
Symptom: CUBE SP does not respond to any SIP messages sent across using TCP. SIP using UDP works fine. Call Flow: Multiple CUCM's ---> SIP --->CUBE SP--->Provider.
Conditions: This defect is noticed on 15.2(01)S01 and is only active when we have calls running SIP TCP. Reason for this behavior is that during the create or close transaction on TCP, the control buffer would be on hold. Therefore, if close of existing TCP connection is needed while the control buffer are all being held, the connection would be marked as dead but not able to notify corresponding peer, therefore the peer might still send data through that connection, which CUBE-SP would think as invalid and get dropped internally.
Workaround: As a workaround we need to send the SIP call as UDP instead of TCP.
•
Symptom: Traffic fails to pass on PW.
Conditions: Configure xconnect on EFP and do RP SSO.
Workaround: Reconfigure the EFP and xconnect.
•
Symptoms: On dual RP configurations, a standby route processor might crash when establishing new interfaces (could be PPP sessions).
Conditions: This symptom is observed when IDB reuse is turned on, for a dual RP configuration, and when some interfaces are deleted and created again.
Workaround: Turn off the IDB reuse option.
•
Symptoms: About 10 minutes after CUBE boot, the router crashes with the following traceback: Traceback= 5B01805 46158ED 45F4F57 45BB19E 45BA1CF 451D6DC 4525549 45252D9 4519C30 45196A9 4778FFD. After the reload from the crash, it may take sometime before it crashes again.
Conditions: This symptom occurs when CUBE receives the SIP REFER message with the Refer-To header having no user part.
Workaround: There is no workaround.
•
Symptom: The packet is dropped with the reason NatIn2out.
Conditions: This symptom is observed due to the PAT.
Workaround: There is no workaround.
•
Symptom: Receive a for_us packet with multiple (thousands of) tunnel headers, make ESP crash.
Conditions: Router A-------Router B-------Router C there is a tunnel T1 between A and C. In the router A, there is a PBR that makes the packets from B transmitted through T1. In router B there is a default route pointing to A. Then in router A a packet is transmitted through T1 encapsulated with a GRE header. When this packet arriving at router B, due to the flapping of route between B and C, it cannot be sent to C. But it will be sent to A because of the default route. When the packet arriving at A, according to the PBR rule, it will be transmitted through T1 again encapsulated one more GRE header. again and again, this packet will be encapsulated with thousands of GRE header. At last, when the route between B and C no longer flaps, it will arrive at C, and make C crash.
Workaround: Workaround for customer's scenario: Customer can configure a ACL in router C 's tunnel T1 interface, deny the packet if it has an inner header with the same src addr and dst addr with outer header. But this workaround can't cover the scenario of an attack packet encapsulated with multiple different tunnel headers.
•
Symptom: Phase 2 for EzVPN client with split network and VTI does not come up if IPSec SA goes down.
Conditions: The root cause of the issue is that IPsec SA is not being triggered after IPsec SA is down due to no traffic. So in spite of traffic IPsec SA is not coming up leading to packet drops in client network. The same problem is not seen with Cisco IOS Release 15.0(1)M7. This behavior is introduced post-PAL where virtual-interface creates a ruleset where traffic cannot trigger IPsec SA again once IPsec SA is deleted.
Workaround The following are workarounds for this symptom:
–
–
•
Symptoms: SHA2 processing in software causes low throughput or high CPU.
Conditions: On the Cisco 892 running Cisco IOS Release 15.2(4)M and later, this symptom is observed with SHA2 configured and the onboard crypto engine enabled.
Workaround: There is no workaround.
•
Symptom: The ucode crash is seen.
Conditions: This symptom occurs when configuring or unconfiguring the static NAT in B2BHA setup.
Workaround: There is no workaround.
•
Symptoms: Incoming calls through e1 r2 stop working in Cisco IOS Release 15.2(4)M1.
Conditions: This symptom is observed with incoming calls through e1 r2 in Cisco IOS Release 15.2(4)M1. Outgoing calls work fine.
Workaround: Use Cisco IOS Release 15.2(2)T.
•
Symptom: The performance of urpf with acl gets downgraded.
Conditions: The downgrading has been found since 15.3(01)S.
Workaround: There is no workaround.
•
Symptom: A crash occurs in CME while accessing a stream in sipSPIDtmfRelaySipNotifyConfigd.
Conditions: This symptom occurs in CME.
Workaround: There is no workaround.
•
Symptom: Traffic is be redirected to WCCP client even when defined as deny in wccp redirect ACL.
Conditions: WCCP on ASR1K.
Workaround: The following are the workarounds for this symptom:
–
–
•
Symptom: There is no sync of SADB on an active router when it reloads from the current standby router.
Conditions: This symptom occurs when the active and standby routers are up. Whenever a session is up, there is a sync of SADB from active to standby. When active reloads and is up, there is no sync of SADB from the current active router.
Workaround: Remove the isakmp-profile configuration under the crypto map.
•
Symptoms: After the reload, ISDN layer 1 shows as deactivated. Shut or no shut brings the PRI layer 1 to Active and multiframe is established in layer 2.
Conditions: This symptom occurs when voice-class busyout is configured and the controller TEI comes up before the monitored interface.
Workaround: Remove the voice-class busyout configuration from the voice-port.
•
Symptom: Traceback appears and the packet is dropped with uRPF specific cause.
Conditions: Remove and add uRPF and ACL configuration in the following manner while the traffic is runnin:, copy remove_config running and copy add_config running.
Workaround: There is no workaround.
•
Symptom: An ASR 1K might experience a watchdog crash due to a kernel panic. After viewing the plaintext contents of the resultant kernel core file that is generated, iosd generates a watchdog because of a soft lockup that prevents it from responding within 60 seconds:
<3>BUG: soft lockup - CPU#0 stuck for 61s! [linux_iosd-imag:26869]Conditions: There is no particular condition.
Workaround: There is no workaround.
•
Symptom: See some drops: FirewallInvalidZone 12676.
Conditions: ASR with WCCP and ZBF and netflow both configured.
Workaround: Ping the destination on ASR1000 before introducing WCCP traffic.
•
Symptoms: Packet drop might be observed during IP Security (IPSec) rekey.
Conditions: This symptom is observed on a Cisco ASR1000 series router when functioning as an IPSec termination and aggregation router, with Internet Key Exchange.
Workaround: There is no workaround.
•
Symptom: Many tracebacks are printed in the console when GTPv2 messages are handled.
Conditions: Attached configuration is imported. It can be triggered too if layer 7 drop is configured.
Workaround: There is no workaround.
•
Symptom: Memory leak in GTP PDP pool.
Conditions: GTP AIC must be configured.
Workaround: There is no workaround.
•
Symptom: Hash table not memset for ALG during intialization.
Conditions: 1. Start sip/h323/... traffic. 2. Established NAT session over 60~70K 3. Send CLI combinations with the following actions: A. clear ip nat trans * . B. Shutdown inside/outside traffic interfaces C. Remove nat/alg config D. Reconfig nat/alg and unshut interfaces.
Workaround: There is no workaround.
•
Symptom: ESP crashes with multicast service reflect config when recieving UDP fragmented packets.
Conditions: Multicast service reflect configured udp fragments recieved in the VIF interface.
Workaround: There is no workaround.
•
Symptom: TX drops seen on LSMPI driver show platform software infrastructure lsmpi driver. The reason for the TX drops (sticky) is: Bad packet len: 0 Bad buf len: 0 Bad ifindex: 0 No device: 0 No skbuff: 0 Device xmit fail : 663 <<<<< ......
Conditions: Counter increase due to large or bursty control packets.
Workaround: There is no workaround.
•
Symptom: Memory leak is seen on the router related to CCSIP_SPI_CONTRO.
Conditions: This symptom is observed in CME SIP phones with Presence in running configuration.
Workaround: There is no workaround.
•
Symptom: The router crashes due to a hardware interrupt.
Conditions: When FRF.12 is configured on ESP100 or 1RUVE2, the recycle queue cannot be changed on-the-fly because there may be packets inflight that will be enqueued to this queue by the hardware.
Workaround: There is no workaround.
•
Symptom: When the Ethernet SPA with Catskills SFPs (GLC-SX-MMD /GLC-LH-MMD) is reloaded, the SPA could go out of service with the following error message:
%SMC-2-BAD_ID_HW: SIP0/0: Failed Identification Test in 0/0 [7/0]Conditions: This symptom occurs when the Ethernet SPA is booted with the Catskills SFPs(GLC-SX MMD/GLC-LH-MMD). The defect could happen during initialization or reload.
Workaround: Boot the Ethernet SPA without the Catskills SFPs. Insert the Catskills SFPs after the Ethernet SPA has completely booted.
•
Symptom: Ucode crash seen with nat tgn mode and CLI operation during traffic.
Conditions: 1. Setup sip/h323 traffic. 2. Shut ->clear ip nat tr * -> unshut. 3. Remove ip nat shut clear ip nat tr *.
Workaround: There is no workaround.
•
Symptom: FP20 and FP40 cards crash if single bit parity error occurs on TCAM device #1.
Conditions: TCAM (hardware) single bit parity errors are very rare and recoverable. Due to a defect in fault recovery code FP crashes instead of recovering from this hardware error.
Workaround: There is no workaround to prevent this crash. You may not run into this problem again after FP reboot.
•
Symptom: Switching from periodic to on-demand DPDs may cause the DPDs to fail intermittently and thus IPSEC Failover may not work correctly.
Conditions: 1. 7200-VSA 2. IOS 15.1(4)M2. 3. On-demand DPDs configured for IPSEC FO.
Workaround: Disable the SCTP session: ipc zone default association 1 shutdown.
•
Symptom: DMVPN hub ASR1004 may crash after the fetching CRL from MS CRL server.
Conditions: The crash happens when there are 5 CDPs for the hub router to fetch CRL. Given that there are multiple CDPs, the hub router fetches CRL in a parallel way, which then lead to a crash under a timing issue.
Workaround: Setting up only 1 CDP instead of multiple CDPs will avoid the timing condition which leads to the crash.
•
Symptom: Log messages for REJECT Create-session-response are not printed in sys-log.
Conditions: GTP AIC should be configured in the UUT.
Workaround: There is no workaround.
•
Symptom: SPA-2CHT3-CE-ATM is flapping with Nortel Passport due to very fast bouncing down/up 10s after the interface is brought up.
Conditions: This symptom is observed in the E3 and DS3 mode.
Workaround: There is no workaround.
•
Symptom: One-way audio is observed when a call goes through BACD and comes over SIP trunk.
Conditions: This symptom occurs when a call comes through SIP trunk and is connected to an agent phone via BACD during the third call xfer, along with the "headset auto-answer" configuration in the ephone.
Workaround: Remove the "headset auto-answer" configuration in the ephone configuration.
•
Symptom: Outbound traffic does not flow.
Conditions: When configuring IPv4 VRF aware ipsec with crypto maps with ivrf=ivrf1 and fvrf=global.
Workaround: Put a route in the global routing table (fvrf) for the network in ivrf pointing the next-hop to the ivrf interface.
•
Symptom: ESP100 crashed.
Conditions: NAT configured, TCP segments size larger then 26K,ESP100 or 1002-X.
Workaround: Add "no payload-option" in the nat entry to disable all alg or disable a specific DNS tcp alg by "no ip nat service dns tcp."
•
Symptom: FP crash.
Conditions: QoS is confgiured on physical interface which is bind to a BDI interface. Stile is configured on the same BDI interface.
Workaround: There is no workaround.
•
Symptom: Tunnel QoS is broken.
Conditions: Tunnel target interface is ATM sub-interface.
Workaround: There is no workaround.
•
Symptom: Presence of FP core file.
Conditions: Under certain very rare (unreproducible in lab) conditions, multicast LRE code can run out of rbufs while serially processing packets, presumably because of the feature chain executed.
Workaround: Disabling MLRE through configuration command "platform multicast lre off" can be done if condition occurs.
•
Symptom: ASR1K router running NAT with a keyword of "oer" in the NAT overload mapping can cause disruption to the NATted sessions when the PfR feature changes the exit link.
Conditions: ASR1K router running NAT with PfR with a oer keyword in the NAT configuration can result in this condition.
Workaround: There is no workaround.
•
Symptom: The Cisco ASR 1000 ESP crashes (ucode core file created) when compressed packets are sent on a Multilink PPP interface using the Cisco IOS XE 3.5 Release and earlier Cisco ASR 1000 software images. On Cisco IOS XE 3.6 Release and later on Cisco ASR 1000 software images a crash does not occur, but routed traffic on configured interfaces are not forwarded. However, local traffic between the peer routers may still be forwarded. In all releases, routed traffic will be dropped on any other interfaces (for example, PPP, Multilink PPP, HDLC, and so on.) configured for this mode of compression.
Conditions: This symptom is observed if the legacy IOS compression feature compress [mppc | stac | predictor] is configured on any interface (for example, PPP, Multilink PPP, HDLC, and so on.). If this feature is configured on a Multilink PPP interface then the ESP crash can be encountered if using an Cisco IOS XE 3.5 Release and an earlier Cisco ASR 1000 software image.
Workaround: Remove the compress [mppc | stac | predictor] feature configuration from all interfaces as this functionality is not supported on the Cisco ASR 1000 router. The software fix associated with this bug report will be removing this configuration option from the Cisco ASR 1000 router.
•
Symptom: Rx traffic drop on the ESP seen by IN_RECV_UNKNOWN_OCT_ERR counter.
Conditions: When IP header checksum is "0" or "0xFFFF". This counter can be checked using the following command - show platform hardware qfp ac fea ips data drops clear.
Workaround: There is no workaround.
•
Symptom: System may be out of service.
Conditions: This symptom is observed on a Cisco ASR1000 series router when functions as an IP Security (IPSec) termination and aggregation router, and when more than 30 IPSec sessions are up and running traffic.
Workaround: There is no workaround.
•
Symptom: An ASR1K running 03.06.00.S.152-2.S could crash due to a NAT bind age timing. Conditions: This is a rare timing condition which was triggered by the RG infra toggle . Workaround: There is no workaround.
•
Symptom: When configuring an ACL for both IPv4 and IPv6 in a policy-map,the policy-map does not work properly.
Condition: This symptom occurs under the following conditions: -using an ACL for both IPv4 and IPv6 in a policy-map -when the policy-map is attached to an interface or control-plane.
Workaround: Use IPv4 ACL and IPv6 ACL in a same class-map with match-any.
•
Symptom: The aggregation-type prefix-length of PfR can not be configed less then 16. If so, the number of learned prefix will be much lesser then it should be.
Conditions: When PfR is enabled.
Workaround: The aggregation-type prefix-length of PfR is better to be configed bigger then 24.
•
Symptom: A router running Cisco IOS Release 15.2(4)M2 will reload with a bus error soon after the DSP reloads when there is a live transcoding session.
Conditions: This symptom is observed with Cisco IOS Release 15.2(4)M2.
Workaround: There is no workaround.
•
Symptom: The Cisco 3925 router running Cisco IOS Release 15.0(2)SG reloads when connecting to a call manager.
Conditions: This symptom is observed with the Cisco 3925 router running Cisco IOS Release 15.0(2)SG.
Workaround: Remove SNMP.
•
Symptom: VG350 gateway crashes when the configuration file is downloaded from CUCM. This occurs when the VG350 has 144 ports configured.
Conditions: The VG350 supports a maximum of 144 FXS ports. Configure MGCP control and download configuration from CUCM, gateway crashes.
Workaround: Use the no ccm-manager config command to stop the configuration download from CUCM.
•
Symptom: SBC CLI hung.
Conditions: Configure signaling-peer-port when the adj is attached, new vty terminal would be hung.
Workaround: There is no workaround.
•
Symptom: BFD flaps continuously upon ESP switchover.
Conditions: Upon ESP switchover.
Workaround: There is no workaround.
•
Symptom: Non-hdlc traffic (Non standard but customer defined traffic) coming through HDLC interface got dropped by ASR1K.
Conditions: Normal L2TPv3 configuration.
Workaround: There is no workaround.
•
Symptom: The command show platform software memory chunk qfp-control-process qfp active shows that there are memory leaks from "CPP STILE Server CTX Chunk". There are three cases of this memory leak: Case 1: when NBAR is active there is a leak of 40 bytes every 10 seconds. Case 2: when NBAR is active there is a leak of 60 bytes every 10 seconds. Case 3: when NBAR is not active there is a leak of 20 bytes every 10 seconds.
Conditions: Case 1 is observed when the router is running an image with a version prior to 15.3(1)S. Cases 2 and 3 are observed when the router is running version 15.3(1)S or later.
Workaround: There is no workaround.
•
Symptom: ES crashes after the second 401 challenge.
Conditions: This symptom occurs when the second 401 is received after SDP offer/answer with 183/PRACK is complete. This is a rare scenario.
Workaround: There is no workaround.
•
Symptom: On a Cisco ASR1000 series router with GTP ZBFW enabled, pinholes are opened on GTP-U for the initiating side. TRaffic back is dropped since the UDP-SRC port of the initiation side is changed from xxxx to 2152.
Conditions: This symptom is observed when GTP ZBFW is enabled.
Workaround: There is no workaround.
•
Symptom: Packet drop may be observed during IP security (IPSec) rekey, in high scaling deployment.
Conditions: This symptom is observed on a Cisco ASR1000 series router when functions as an IP Security (IPSec) termination and aggregation.
Workaround: there is no workaround.
•
Symptom: BFD neighbour is not up.
Conditions: This symptom is observed after ISSU upgrade of active RP.
Workaround: There is no workaround.
•
Symptom: x86-based platforms can crash after ~27x days.
Conditions: This symptom is observed with x86-based platforms. Most likely, this issue is not seen on RP1, 1RU, and 2KP as their CPU feature set does not have both constant_tsc and nonstop_tsc on.
Workaround: Reboot the box. In any case, plan to upgrade to a release which has the fix within 7 months (the first release that has the fix is Cisco IOS XE Release 3.7.3S.)
•
Symptom: When Priority-queue 100% is configured on class-default, packets are not going on High ESI.
Conditions: When Priority-queue 100% is configured on class-default, packets are not going on High ESI.
Workaround: There is no workaround.
•
Symptom: FPMAN-RP memory increases when the uut flaps the interface facing the CE side.
Conditions: 8K l2tpv3 scaling event monitor.
Workaround: There is no workaround.
•
Symptom: More than 95 SCCP controlled FXS ports cannot be configured on the Cisco VG350. The debug output for "debug ccm-manager config-download errors" is as follows: cmapp_sccp_gw_start_element_handler: warning - max number of interfaces reached.
Conditions: This symptom occurs when configuring more than 95 SCCP FXS ports on the Cisco VG350 using CUCM.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR1000 series router cannot forward specific size of packets via L2TPv3 tunnel.
Conditions: The problem occurs only when the ping size is 1501-1503.
Workaround: There is no workaround.
•
Symptom: With NAT dynamic route-map configuration and HA, lower pool allocation is displayed on the standby.
Conditions: With NAT dynamic route-map configuration and HA, you sometimes see a lower pool allocation on the standby compared to the active. This could be caused by DNS traffic going through the boxes.
Workaround: Perform the following:
1. clear ip nat trans *
2. Turn off DNS ALG on the both active and standby boxes, if possible.
3. no ip nat service dns tcp no ip nat service dns udp
•
Symptom: The traffic-classes keeps switching between the Border Routers and PfR fails to converge.
Conditions: The issue is seen when PfR Border Routers are deployed over different platforms.
Workaround: The workaround is to use the same platform for all the PfR Border Routers.
•
Symptom: ASR with PKI certificate may crash when issuing 'show crypto pki certificate'.
Conditions: Issue 'show crypto pki certificate' on ASR with pki certificate.
Workaround: There is no workaround.
•
Symptom: Update PDP context request is dropped.
Conditions: TEID is 0, IMSI is existing.
Workaround: There is no workaround.
•
Symptom: Hung call at SIP, CCAPI, VOIP RTP components (but cleared in the Dataplane of ASR1k platform).
Conditions: Video call set up as audio call. Call then gets transferred with REFER but caller hangs up the call before the call gets transferred. This is an intermittent problem.
Workaround: There is no workaround.
•
Symptom: System crash.
Conditions: On ASR1002 system with ipsec is configured on both ingress and egress GRE tunnel interface and configure NAT64 feature with FTP stateful traffic, the system crashes.
Workaround: configure "no nat64 service ftp" to disable FTP64 ALG, system does not crash with FTP stateful traffic.
•
Symptom: When POS Rx fiber at the tail end of the MPLS TE FRR is pulled, the FRR takes longer than 200 ms to cut over to the other Tunnel.
Conditions: This happens with POS MPLS TE FRR, when head end receives remote defect due to rx fiber pull at the tail end. Remote defects wont trigger FRR quickly.
Workaround: There is no workaround.
•
Symptoms: Traceback might appear when configuring NBAR custom protocol on Border Router.
Conditions: This symptom is observed when PfR is "updating" or "deleting" Traffic-Classes during NBAR custom protocol configuration.
Workaround: Before configuring NBAR custom protocol, shut the PfR-Master.
•
Symptom: cpp_cp_svr crash at cpp_qm_event_insert_aggr_node.
Conditions: While bringinup 4K PPPoA sessions with QOS policy attached in ATM subinterfaces.
Workaround: There is no workaround.
•
Symptom: QMovestuck is observed when you attempt to change the policy map with traffic ON.
Conditions: This is seen when changes are made in policy-map with traffic ON.
Workaround: Reload the router to bring it back to normal state.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T
This chapter contains the following sections:
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T
This section documents resolved issues on Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T.
•
Symptom: A new feature has been introduced for dummy packet support.
Conditions: There are no known conditions.
Workaround: There is no workaround.
•
Symptom: A new feature has been introduced for dummy packet support.
Conditions: There are no known conditions.
Workaround: There is no workaround.
•
Symptom: During the FIPS code review, a non-conformance was found. Specifically, when the SP 800-90 Deterministic Random Bit Generator (DRBG) calls the ACT chip for a seed, there is no Continuous Random Number Generator Test applied to the value output from the chip.
Conditions: The symptom is observed when the SP 800-90 DRBG calls the ACT chip for a seed, there is no Continuous Random Number Generator Test applied to the value output from the chip.
Workaround: There is no workaround.
•
Symptom: IPSec dummy packet support is currently not available in the Cisco IOS XE 3.7 image. (This is the DDTS used to add the support in Cisco IOS XE Releases 3.7 and 3.7.2T).
Conditions: This symptom is observed at all times.
Workaround: There is no workaround.
•
Symptom: The system may be out of service.
Conditions: This symptom is observed on a Cisco ASR 1000 Series Router when it functions as an IP Security (IPSec) termination and aggregation router, and when more than 30 IPSec sessions are up and running traffic.
Workaround: There is no workaround.
•
Symptom: On a Cisco ASR 1000 Series Router, IPSec dummy packet counter is only shown in the PD specific CLI under the show pl ha qfp act feat ipsec sa ## command. It is not shown under the show crypto ipsec sa det command as dummy packets send or receive.
Conditions: This symptom is observed when you issue the show crypto ipsec sa det command.
Workaround: There is no workaround.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S
This chapter contains the following sections:
•
•
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S
This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S.
•
Symptom: SPA-4XCT3/DS0 reloads after performing an fp reload.
Conditions: 1. Issue is seen on a single fp system 2. Issue is seen when serial interfaces are configured on the SPA.
Workaround: There is no workaround.
•
Symptom: TCAM exhaustion and FP crash with IDFW scale > 300 class-maps on 2ru or RP1/RP10 box.
Conditions: TCAM exhaustion and FP crash with IDFW scale > 300 class-maps on 2ru or rp1/rp10 box.
Workaround: There is no workaround.
•
Symptom: IOSd restart in 4k mixed tunnel scaling test.
Conditions: This symptom is observed during mixed tunnel scaling test and high traffic.
Workaround: There is no workaround.
•
Symptom: An issue is seen after running certain functionality tests of VPLS.
Conditions: The issue is seen in VPLS scaled test bed after running certain functionality tests. The issue is reproducible on running the script.
Workaround: The issue is not reproducible manually.
•
Symptom: Occasionally, after a full chassis reload, all ATM autovc fail to come up after reception of PADI. CPE gets no PADO. All PPPoEoA sessions fail to establish on the chassis.
Conditions: Trigger unknown. This is occurring intermittently, after full chassis reload, once every ~50 reloads.
Workaround: If the condition occurs, reload the chassis.
•
Symptom: Under certain circumstances, an Aggregation Services Router 1000 with a single Embedded Service Processor 40 (ESP40) and dual Router Processor 2 cards (RP2), will reload if the ESP40 is replaced.
Conditions: When running an ASR1000 with dual RP2 running is SSO mode and a single FP40, if the FP40 is removed/replaced, the entire router will reload and leave a core file behind. The router is working as an L2TP access concentrator with thousands of active tunnels and passing traffic, but other situations my trigger the same reaction.
Workaround: Running with redundant FP40 may help alleviate the situation.
•
Symptom: On dual RP configuration, a standby route processor might crash when establishing new interfaces (could be PPP sessions).
Conditions: This symptom is observed when db reuse is turned on, on a dual RP configuration. Some interfaces are deleted and recreated.
Workaround: Turn off the idb reuse option.
•
Symptom: Packet is dropped with reason of NatIn2out.
Conditions: PAT
Workaround: There is no workaround.
•
Symptom: Configured IP GRE tunnel causes ESP to crash.
Conditions: A packet containing multiple IP/GRE headers being similar causes ESP to crash.
Workaround: Configure ACL to block the traffic.
•
Symptom: in a scale situation with several DENY statements and several NAT pools, the following configuration hit the deny-jump. TCAM limitation and NAT does not work.
Oct 16 16:27:33.835 MEST: %CPP_FM-3-CPP_FM_TCAM_ERROR: F0: cpp_sp: TCAM limit exceeded: Class group nat-class:1001.1 could not be successfully edited. Please remove the class group from the interface.Conditions: NAT and SIP NAT ALG are required. For SIP NAT ALG, not all embedded IP addresses within SIP payload need to be translated. For this reason, aa exceptions need to be defined.
ip nat pool <name>-hosts 10.200.0.36 10.200.3.253 netmask 255.255.252.0 ip nat inside source list all-nat pool <name>-hosts vrf <name> ! ip access-list extended all-nat deny ip 192.168.152.0 0.0.1.255 192.168.152.0 0.0.1.255 permit ip any 192.168.152.0 0.0.1.255.Workaround: There is no workaround.
•
Symptom: Traffic will be redirected to WCCP client even when defined as deny in wccp redirect ACL.
Conditions: WCCP on ASR1K.
Workaround: There can be 2 workarounds: 1. Move the deny entries before the permits when possible (especially for deny... host...). This may not work in some situations. 2. Use different redirect ACLs for each service, and remove the unnecessary ones for specific services.
•
Symptom: Some packet drops seen:
FirewallInvalidZone 12 676Conditions: Netflow configured at the same time.
Workaround: Ping the destination on ASR1K before introducing WCCP traffic.
•
Symptom: Packet drop may be observed during IP Security (IPSec) re-key.
Condition: This symptom is observed on a Cisco ASR1000 series router when I14 is configured.
Workaround: There is no workaround.
•
Symptom: IOSd crashes at
ace_polo_list_cm_head_nodes.Conditions: This symptom is observed while entering the show crypto ace polo detail command after configuring 192-bit AES key for IPv6 OSPF encryption.
Workaround: There is no workaround.
•
Symptom: ESP ucode crash is seen on the ASR causing loss of traffic forwarding.
Conditions: CGN NAT is enabled on the router.
Workaround: There is no workaround.
•
Symptom: Ucode along with fman_fp core seen in UUT with GTP_AIC_FUNC_POLICY_CHANGE.
Conditions: This symptom is observed while sending traffic from SGSN
Workaround: There is no workaround.
•
Symptom: Ping fails between CE routers.
Conditions: Configure MPLS VPN Inter-AS IPv4 BGP Label Distribution and flaps mpls bgp forwarding in the interface between ASBRs
Workaround: There is no workaround.
•
Symptom: RP switchover due to a kernel crash.
Conditions: Dual RP running on ASR with 15.1(3)S1.
Workaround: There is no workaround.
•
Symptom: Update PDP context requests are dropped if GSN address is not identical with GSN address provided in Create PDP context request.
Conditions: 3GPP communication on GRX interface. Roaming mobile users from GRX to inside can have different GSN address information.
Workaround: There is no workaround.
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S
This section documents resolved issues on Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S.
•
Symptom: When the retransmission number is changed, the next rekey does not reflect this change.
Conditions: Change number of retransmissions from 2 to 5, and the number stayed at 2; and when changing the retransmissions from 2 to 1, the number of retransmissions stayed at 2. This happen for both unicast and multicast rekey.
Workaround: Clear crypto gdoi and start over again.
•
Symptoms: Tracebacks are seen for PLATFORM_INFRA-5-IOS_INTR_OVER_LIMIT.
Conditions: This symptom is observed with RPSO.
Workaround: There is no workaround.
•
Symptom: Logs: %LSMPI-4-INJECT_FEATURE_ESCAPE: Egress IP packet delivered via legacy inject path.
Conditions: Ethernet/QinQ/LCP/IP frames are received on a QinQ subinterface with PPPoE.
Workaround: There is no workaround. Further information: Use the debug platform software infrastructure inject err_packet command to get the first 32bytes of the packets causing this. Or use the debug ip cef packet all input rate 10 dump command to dump the full packets.
•
Symptom: CPP Ucode crash on ASR1000-ESP40.
Conditions: This has been seen on ASR1006 (RP2) running asr1000rp2-advipservicesk9.03.02.02.S.151-1.S2.bin. It will impact any systems that use MLRE (FP40, FP80, and so on).
Workaround: Use the set platform hardware qfp act feature multicast v4mcast lre off* command or for permanent setting used configuration command: conf> platform multicast lre [on | off]. *This is a temporary solution until the software bug is fixed.
•
Symptom: Platform max numbers for ASR1k NAT44 and NAT64 is not set for KP and FP80.
Conditions: Scalability numbers are not correct.
Workaround: There is no workaround.
•
Symptom: Route not found on UUT for RRI test cases.
Conditions: When the testcase for RRI, reverse-route remote-peer 16.0.0.1 gateway is checked, route is not found on the router.
Workaround: There is no workaround.
•
Symptom: IOS router with enabled ISM-VPN-29 module does not process ESP traffic when GRE packets are denied on the outside ACL.
Conditions: There are 2 conditions that must BOTH be met to experience this issue: 1. The router uses an ISM-VPN module, and the module is installed and enabled. 2. There is an ACL on the 'outside' interface of the router that does not permit GRE traffic from the remote IPSec peer.
Workaround: There are 2 work-arounds for this issue: 1. Permit GRE traffic from the remote IPSec peer or 2. Disable the ISM-VPN module.
•
Symptom: Hub router crashes while removing Stale Cache entry.
Conditions: Crash occurs when 2 spokes are translated to same NAT address.
Workaround: Spokes behind the same NAT box must be translated to different post-NAT Addresses.
•
Symptom: bqs queue output is different for FP10 and FP80.
Conditions: Output difference is seen while checking the sh plat hard qfp ac fe qos queue out all d output.
Workaround: There is no workaround.
•
Symptom: security-association lifetime not reflected in configs and script was expected the lifetime 120 to be reflected while checking for output.
Conditions: security-association lifetime 120 was not reflected in sh run putout.
Workaround: DT need to fix the issue.
•
Symptom: ASR1K/RP2/ESP40 on 15.1(3)S3 acting as L2TP BRAS.
Conditions: Periodically the ESP F0/F1 crashes with the reason:
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x0.Workaround: There is no workaround.
•
Symptoms: FNF records do not get exported when a user reloads the router.
Conditions: This symptom occurs if a user configures a non-default export-protocol, that is, anything other than "netflow-v9". If the user configures a non-default export-protocol such as IPFIX or netflow-v5, after saving the configuration to the start-up configuration and reloading the router, the exporter will not export any records.
Workaround: Either one of the following methods will fix this issue: 1. Remove and reconfigure the exporter configuration after reload. 2. Change the export-protocol to the default value (netflow-v9).
•
Symptom: qfp exmem is exhausted in the standby fp
Conditions: TCP is used for Sip signalling.
Workaround: There is no workaround.
•
Symptoms: Memory leak occurs during rekey on the IPsec key engine process.
Conditions: This symptom occurs after rekey, when the IPsec key engine does not release KMI memory, causing the IPsec key engine holding memory to keep increasing.
Workaround: Clear crypto session for IPsec key engine to release memory.
•
Symptom: Traceroute may return * * * instead of host.
Conditions: When going v4->v6 through NAT64 stateful on ASR1k.
Workaround: There is no workaround.
•
Symptom: on 1ru, after system booted rarely the bootflash (eUSB) gets disconnected. as a result, the system will reboot as the system cannot stay up without eUSB storage.
Conditions: This can occurs randomly (no specific pattern, but usually after 2~3 days). so this is a big issue for system stability.
Workaround: There is no workaround.
•
Symptom: There are 2 calls to mcp-sysinit.
Conditions: This issue is observed all the time.
Workaround: There is no workaround.
•
Symptom: Router may no longer be accessed through the console port. Power cycle is required to recover.
Conditions: Console loss occurs randomly when console port is used to enter router configuration.
Workaround: There is no workaround.
•
Symptom: An ASR1000-system might see a crash of the stby-RP.
Conditions: This could be seen after an OIR of a power-supply and perhaps similar events.
Workaround: There is no workaround.
•
Symptom: ASR1K CPP crashes when shutting down core facing MPLS intf on NPE.
Conditions: Happens rarely.
Workaround: There is no workaround.
•
Symptom: A "show interface" on a SPA interface shows "0" for "unknown protocol drops", yet when the same interface is polled for ifInUnknownProtocols, a value is returned.
Conditions: Normal polling.
Workaround: There is no workaround.
•
Symptom: Traceback at FreeUInt64 on booting up router.
Conditions: This symptom is observed on an ASR1006 running mcp_dev towards XE38. On booting up the router a traceback is seen.
Workaround: Tracebacks are seen because of snmp-server enable traps entity-qfp mem-res-thresh. Disable the snmp-server enable traps entity-qfp mem-res-thresh.
•
Symptom: Standby ESP100 reloaded.
Conditions: 4K IKEv2 IPv6 static crypto map 4k VRF (ivrf = fvrf). Running bi-directional IMIX traffic @ 4Gbps for 5 minutes.
Workaround: There is no workaround.
•
Symptom: the console reports "%FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image: PFR TT Enable download to CPP failed" and prints traceback. also, ASR may reload with fman_fp core file.
Conditions: FMAN-FP reports PfR ERR log when there is PfR session flapping between MC and BR.
Workaround: There is no workaround.
•
Symptom: An ASR 1K may experience reloads on the ESP module due to a CPP driver fault during an in-2-out NAT translation. Issue has been seen with IOS 15.2S, but not in 15.1S.
Conditions: NAT enabled. No other requirements known.
Workaround: Disable NAT or downgrade to a 15.1 release.
•
Symptom: ASRNAT address leak may occur. This will show a larger number of allocated addresses in 'sh ip nat stat', then the translations that exist for that address through 'sh ip nat trans'.
Conditions: This issue only occurs when a dynamic route-map configuration is used and the NAT sub-drop code ESP_CREATE_FAIL is incrementing (there must be ESP traffic).
Workaround: The leaked addresses can be reclaimed periodically by executing a 'clear ip nat trans *', but that will be disruptive to users so it should be scheduled for off-hours.
•
Symptom: Pw with backup.
Conditions: Switch between active/standby pw.
Workaround: Reload the routers.
•
Symptom: Message is dropped.
Conditions: This symptom is observed when cause is not equal to 128.
Workaround: Resend the message.
•
Symptom: Atm keyword for the show command disappears.
Conditions: Perform a powered shutdown of the SPA card and bring it back up using no form of the previous command.
Workaround: There is no workaround.
•
Symptom: ALG FTP44 doesn't work, and the data path fails to establish.
Conditions: Divide two networks into two vrf, both client and server reside in different network.
Topo: Client --- Gi 0/0/0 --- vasileft 1 --- vasiright 1 --- Gi 0/0/1 ---- Server (inside) (outside) (outside) (inside) vrf_in vrf_out for vrf_in, there's dynamic NAT access-list 10 permit 10.0.0.0 0.255.255.255 ip nat pool in 202.120.0.2 202.120.0.10 prefix-length 24 ip nat inside source list 10 pool in vrf vrf_in overload for vrf_out there's one inside static nat ip nat inside source static 192.168.0.2 202.119.0.2 vrf vrf_out Client runs FTP,active mode.Workaround: Use dynamic NAT instead.
•
Symptoms: FP Pending Refs are observed when "cypto map <> local-address loopbackX" is removed from the configuration when the crypto map is applied on a subinterface.
Conditions: This symptom is observed with the following configuration:
crypto map cry local-address Loopback0 interface GigabitEthernet0/0/0.100 crypto map cry interface GigabitEthernet0/0/0.200 crypto map cry.Workaround: Remove "crypto map" from the subinterface first and then remove "crypto map <> local-address loopbackX."
•
Symptom: When netflow test is performed on NAT cgn mode, an abnormal netflow log was found. This issue is not observed in the default mode.
Conditions: Config as cgn mode:
ip nat log translations flow-export v9 udp destination 10.75.163.59 9995 ip nat settings mode cgn.Workaround: There is no workaround.
•
Symptom: Configured permit-error, for 3GPP RLS7&8 req/resp, sessions are created, but for those unknown/unwanted IE, gtp counter doesn't work correctly.
Conditions: Turn on permit-error.
Workaround: There is no workaround.
•
Symptom: IPv6 packet with Hop-By-Hop extension header is dropped when the packet is sent out to L2TP Virtual-Access interface.
Condition: ASR is configured as L2TP LNS. At that time, EssUnsupPktType drop counter is incremented.
Workaround: There is no workaround.
•
Symptom: On serial interface the IOS counters for input packets, input errors and aborts increase even after the interface is administratively shutdown.
Conditions: No specific condition.
Workaround: As this is a corner case situation, un-shutting and shutting down the interface may resolve the issue.
•
Symptom: The console reports "[aom]: (ERR): Unable to find async context for AOM" and traceback.
Conditions: FMAN-FP reports PfR ERR log when there is PfR session flapping between MC and BR.
Workaround: There is no workaround.
•
Symptom: When using the call-policy-set copy source x destination y command, the na-src-name-anonymous-table is not copied.
Conditions: If you copy the policy to a set number that didn't previously exist, this problem does not occur; it only seems to happen if you reuse a number that was removed previously.
Workaround: Copy to new set number which has not been used before.
•
Symptoms: T1 controller will stay DOWN after switchover.
Conditions: This symptom is seen when SATOP is configured on T1.
Workaround: Perform a shut and no shut.
•
Symptom: This is not a defect but an enhancement, so there are no symptoms.
Conditions: This is an enhancement, so there are no conditions.
Workaround: It is not an defect but only and enhancement.
•
Symptom: Static routes created by RRI are created with the wrong mask for subnet acls.
Conditions: This has been observed on an ASR1k and 7200 running IOS 15.2(4)S and 15.1(4)M.
Workaround: Configure a static route to the remote network manually.
•
Symptom: Reload indicating "stuck thread" may occur.
Conditions: On clear ip nat translations vrf <vrf-name> *
Workaround: Use clear ip nat trans * This issue exists only on XE3.7.1.
•
Symptom: ASR1K ucode crash with scaled MLPPP configuration with sustained high data rates across most bundles.
Conditions: Highly scaled MLPPP configuration with sustained high data rates across most bundles. Problem has only been seen with ESP40. instances of encountering this issue are small as this issue has only been seen in a lab environment under extremely high data rate conditions.
Workaround: There is no workaround.
•
Symptom: Changes in the configured ppp multilink fragment size or fragment delay are not pushed down to the data path for Broadband MLPPP sessions. Note that this issue does not apply to MLPPP over Serial connections.
Conditions: If ppp multilink fragmentation is enabled on a Broadband MLPPP bundle before the bundle is established and the user later attempts to modify the fragment size or fragment delay, the resulting fragment size changes are not pushed down to the data path (that is, the original fragment size configuration is retained). The IOS show ppp multilink command indicates that the new fragment size was applied but in fact the new fragment size may not yet be active.
Workaround: After changing the fragment size or fragment delay configuration, restart the Multilink PPP session. This can be accomplished through the clear ppp interface <Bundle-Virtual-Access-intf-name> command.
•
Symptoms: A pending-issue-update is seen at SSL CPP CERT on the Cisco ASR 1002, ESP-1000 platform.
Conditions: This symptom is observed with the following configuration:
show platform software object-manager fp active pending-issue-update Update identifier: 128 Object identifier: 117 Description: SSL CPP CERT AOM show Number of retries: 0 Number of batch begin retries: 0Workaround: There is no workaround.
•
Symptom: Ucode crashes when gtp aic inspect packets.
Conditions: GTP aic configured.
Workaround: There is no workaround.
•
Symptom: fman_fp Core file seen.
Conditions: Config GreoIPsec with tunnel protection and configure more than 1k route-maps.
Workaround: There is no Workaround.
•
Symptom: GRE keep-alives are going out unencrypted if the Tunnel interface is in "up / protocol down" state.
Conditions: ASR1K platform (reproduced on 3.4S through 3.7S). GRE/IPsec using tunnel protection keep-alives configured on GRE/IPsec tunnel - Tunnel interface in protocol down state because of previously missed GRE keepalives - PIM configured on Tunnel interface - "ip multicast-routing distributed" configured globally.
Workaround: Disable "ip multicast-routing distributed" (possible performance impact) or remove PIM configuration from Tunnel interface. The GRE keep-alives will be encrypted as long as there is no CEF adjacency on the Tunnel interface when in protocol down state (that is, no output from show adjacency tunnel <number> detail).
•
Symptoms: Incremental leaks are seen at :__be_nhrp_recv_error_indication.
Conditions: This symptom occurs when the NHRP error indication is received on the box. This issue is seen only if CSCub93048 is already present in the image. CSCub93048 is available from Cisco IOS Release 15.3M&T onwards.
Workaround: There is no workaround.
•
Symptoms: IKEv2 STOP Accounting records show wrong counters for packets/octets, when the sessions are locally cleared using clear crypto sa or clear crypto session.
Conditions: This symptom is observed with latest Cisco IOS XE Release 3.8S images when IKEV2-Accouting is enabled. This issue is easily reproducible with a single session, and may be service impacting as STOP Accounting records are usually used for billing purposes.
Workaround: The STOP records reflect the right counters when the disconnect is through the remote-end.
•
Symptom: NBAR classification granularity reduced for some protocols or some protocols may be classified as unknown.
Conditions: The following command can be used to clearly know if this is the bug at hand: test platform hardware qfp active feature nbar function sui_gmc_show_chunks_brief. If the "errors?" column has a non zero value, it is likely caused by the problem described here.
Workaround: Restarting NBAR will typically solve the problem. If a protocol pack is loaded, a simple way to restart NBAR would be to unload and reload the protocol pack. In order to workaround the problem and verify that the problem is resolved, use the following steps: 1. Clear the above counters using the command: test platform hardware qfp active feature nbar function sui_gmc_reset_counters 2. Verify that the number of errors has been cleared: test platform hardware qfp active feature nbar function sui_gmc_show_chunks_brief 3. Enter configure mode: config terminal 4. Unload the protocol pack: no ip nbar protocol-pack <protocol-pack-filename> 5. Re-load the protocol pack: ip nbar protocol-pack <protocol-pack-filename> 6. Verify the number of errors is 0: test platform hardware qfp active feature nbar function sui_gmc_show_chunks_brief.
•
Symptom: Fp reload.
Conditions: ALG traffic with ACL limit configuration.
Workaround: Remove ACL limit configuration with ALG traffic.
•
Symptom: Packets with single digit MNC are not matched in L7 class-map. Instead counters are increasing in class
class-default Service-policy inspect gtpv1 : gtpv1_grx_inside_mcc_mnc Class-map: gtpv1_grx_inside_mcc_mnc (match-any) 0 packets, 0 bytes <<<< zero 30 second offered rate 0000 bps Match: mcc xxx mnc 1 Match: mcc xxx mnc 1 Class-map: class-default (match-any) 543464 packets, 11565497 bytes <<<< 30 second offered rate 19000 bps, drop rate 0000 bps Match: anyConditions: Match criteria in L7 class-map define single digit MNC as follows:
class-map type inspect gtpv1 match-any gtpv1_grx_inside_mcc_mnc match mcc xxx mnc 1 match mcc xxx mnc 1.Workaround: There is no workaround.
•
Symptom: During SIP attack, NAT causes ESP lock-up.
Conditions: SIP registration attack.
Workaround: Use ACL to block SIP attack.
•
Symptom: sh plat h q a f nat data dynbin output gets into a loop.
Conditions: When executed on ASR1K.
Workaround: Use sh ip nat trans and its filters for showing this information.
•
Symptoms: Execution of the show run command and other commands such as copy run start and show access-list cause the router to stop for a few minutes before completing.
Conditions: This symptom is observed with Cisco ISR G2 routers. This issue is seen only with IPV6 configured and used.
Workaround: There is no workaround.
•
Symptom: NAT address pool exhaustion with high DNS traffic.
Conditions: Payload addresses in DNS PTR record natted without active NAT bindings. RFC 2694 suggests that DNS PTR queries should not be translated if no active bindings are found in the NAT translation table. Per current implementation, new NAT dynamic bindings are created when processing DNS PTR queries, eventually contributing to NAT address pool exhaustion.
Workaround: Add deny ACL to avoid NAT translation of unknown payload addresses in the DNS PTR query. Turn off dns alg service if possible.
•
Symptom: ucode crash when h323 alg traffic passed through router.
Conditions: Seen with alg traffic.
Workaround: Remove hsl logging.
•
Symptoms: 2X1GE-SYNCE (metronome) SPA does not boot on a 2RU (Cisco ASR 1002).
Conditions: This symptom is observed with Cisco IOS XE Release 3.7S onwards, when metronome SPA (2X1GE-SYNCE) fails to boot on a 2RU. An error message indicating that the SPA is not supported is displayed on the RP console.
Workaround: There is no workaround.
•
Symptoms: The GETVPN/GDOI Secondary Cooperative Key Server (COOP-KS) does not download the policy (that is, when the show crypto gdoi ks policy command is issued on the Secondary COOP-KS and the command output shows that no policy is downloaded) and Group Members (GMs) registering to the Secondary COOP-KS fail to register without any warning/error message.
Conditions: This symptom is observed when the GETVPN/GDOI group (with COOP configured) has an IPsec profile configured with one of the following transforms in its transform-set:
esp-sha256-hmac - esp-sha384-hmac - esp-sha512-hmacWorkaround: Use esp-sha-hmac as the authentication transform instead.
•
Symptom: QFP crashes with icmpv4 error packets when ZBF debugs are enabled (debug platform hardware qfp active feature firewall datapath global all detail)
Conditions: This condition is observed when ZBF debugs are enabled.
Workaround: Don't enable ZBF debugs with "detail" or "drop" keywords for all traffic. Instead enable ZBF debugs only for the traffic you'd like to debug. See CSCtf45361 to see how to do it.
•
Symptom: GTPv1 memory chunk leak.
Conditions: GTP AIC is configured.
Workaround: There is no workaround.
•
Symptom: Need ikev2 framed route support on server.
Conditions: Need ikev2 framed route support on server.
Workaround: There is no workaround.
•
Symptom: WCCP stops working after adding ZBF. We see message of WCCP packets being redirected but not leaving ASR.
Conditions: ASR with netflow anf ZBF enabled under the same interfaces.
Workaround: Disable netflow on all the interfaces.
•
Symptom: Match not apn is not working.
Conditions: Basic gtp message flow.
Workaround: There is no workaround.
•
Symptom: After volume rekey, ipsec pd flow set both hard and soft limit of traffic limit to 0.
Conditions: Volume rekey set to 0.
Workaround: Clear crypto session recover volume rekey value.
•
Symptom: CPC request message is passed by AIC and sent to another side.
Conditions: IMSI is invalid.
Workaround: There is no workaround.
•
Symptom: Cpp crash with core dump file and traceback.
Conditions: Session setup rate is 10.
Workaround: There is no workaround.
•
Symptom: DHCP reply message was dropped in dataplane after RPSO or clear ipv6 neighbor.
Conditions: 1. Setup DHCPv6 binding. 2. Clear ipv6 neighbor/ RPSO and without traffic before adjacency convergence. The dhcp reply message is dropped in the dataplane.
Workaround: There are several workarounds: 1. Send downstream traffic to client which will relearn the neighbor. 2. Clear ipv6 route X::X/prefix <dhcp installing route> to relearn the neighbor. 3. Client can reconnect after the dhcp session timeout.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S
This section describes the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S. It contains the following topics:
•
•
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S
This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S.
•
Symptom: A %SPA_CHOCX-3-FATAL_ERROR occurs on hard online removal of SPA-1XCHSTM1-OC3 when controller of the SPA is configured as net-sync clock source on the Cisco ASR1002-X router.
Conditions: This issue occurs when controller of SPA-1XCHSTM1-OC3 is configured as the active network-clock input source.
Workaround: Avoid hard removal of the SPA when SPA-1XCHSTM1-OC3 is selected as the current active clock input. However, insterting the SPA in the same subslot after the occurrence of this error does not affect the netsync capability. Therefore, the error while SPA removal can be neglected.
•
Symptom: The BITS IN clock with RP switchover stays locked even with Alarms On link on ASR1002-X.
Conditions: When BITS IN is active clock source for the system and RP switchover occurs, the BITS IN with Active Alarms ON, is seen as active clock source.
Workaround: There is no workaround.
•
Symptom: The request platform software package install rp 0 snapshot to harddisk command saves subpackages to bootflash instead of hard disk.
Conditions: This issue is seen only on the ASR1002-X router.
Workaround: Use the bootflash instead for this option.
•
Symptom: Multiple cpp_cdm tracebacks occur while CPP microcode is being collected in a crash dump file.
Conditions: These tracebacks occur while collecting a CPP microcode is being collected in a crash dump file.
Workaround: There is no workaround. However, the cpp_cdm tracebacks do not have any impact on the working of the router and can be ignored.
•
Symptom: When the command show platform hardware qfp active datapath utilization, is execute on CSR1000v platform, te output always shows the Processing: Load (pct) as 100%.
Conditions: This issue occurs when show platform hardware qfp active datapath utilization is executed.
Workaround: Use the show platform so status control-processor bri command. CPU 2 and CPU 3 form the data plane. For example:
VXE-21#sh pl so status control-processor briLoad AverageSlot Status 1-Min 5-Min 15-MinRP0 Healthy 1.15 0.59 0.44Memory (kB)Slot Status Total Used (Pct) Free (Pct) Committed (Pct)RP0 Healthy 3988596 2675940 (67%) 1312656 (33%) 2504260 (63%)CPU UtilizationSlot CPU User System Nice Idle IRQ SIRQ IOwaitRP0 0 0.50 2.30 0.00 2.00 17.90 77.30 0.001 0.50 0.70 0.00 98.79 0.00 0.00 0.002 22.50 7.10 0.00 0.00 0.00 0.40 0.003 23.30 21.20 0.00 25.30 0.00 30.20 0.00•
Symptom: For a slot housing the Cisco ASR1000-SIP40, or on a Cisco ASR1002-X, the output of the show platform hardware slot <slot#> plim buffer settings detail command always shows the value of Max always as "0" in the "Fill Status Curr/Max" filed, even when the Rx buffers have been utilized.
Conditions: When the SPA Aggregation ASIC has been flow controlled by the Network Processing Unit, the buffers inside the SPA Aggregation ASIC will start filling up.
Workaround: There is no workaround.
•
Symptom: The BITS output network clock configuration sends an invalid QL value when it is configured for the first time on a back-to-back Cisco ASR1002-x setup.
Conditions: This issue is observed after the router reloads with configuration of the BITS e1 output network clock source. The reloaded router sends QL-INV to the remote end.
Workaround: Reconfigure BITS e1 output network clock source.
•
Symptom: Network boots from ROMMON may occasionally run very slowly. Sometimes, booting from a "tftp:" device may appear to stall or run very slowly.
Conditions: This issue occurs when a user attempts to boot from a "tftp:" device.
Workaround: In nonautoboot situations where the console port is connected, and under user supervision, perform a reset.
If the system is configured to auto boot, reconfigure the TFTP_TIMEOUT environment variable from its present value to a value longer than the expected boot time, considering the network and server load. If the system finds itself in this slow-booting mode while auto booting, the transfer will time out, and autoboot will reset and attempt to net boot the file again.
A value of 300 seconds can be chosen as a suggested starting value. From the ROMMON prompt run:
TFTP_TIMEOUT=300sync
Note
•
Symptom: When IPX traffic is introduced at 150 KPPS and the punt policer is changed from 40KPPS to the highest limit, which is 146 KPPS, lsmpi-rx consumes more CPU resources and tail drops occur.
Conditions: This issue occurs when punt traffic is introduced at high rates while the punt policer is modified from the default setting.
Workaround: Do not maintain a high punt packet traffic rate.
•
Symptom: Cisco ASR1000 RP2 and Cisco ASR1001 may report the following message:
%IOSXEBOOT-1-BOOTFLASH_FAILED_MISSING: (rp/0): Required Bootflash disk failed or missing, reloading system.The reload of the system recovers the device. There is no loss of data due to the device disconnect. In a redundant hardware configuration, there is no loss of service, and the standby takes control when the active system reloads. In a dual IOSd configuration, the platform reloads fully. If the eUSB is inaccessible during boot, an additional reload may occur, resulting in a longer-than-expected boot time.
Conditions: This error may occur when an embedded eUSB device is a part of the configuration.
Workaround: There is no workaround to avoid the disconnect of the boot flash device. Since the boot flash device is monitored as a critical device for correct system operation, it is necessary to reload the system to reset and recover the device.
•
Symptom: The Cisco ASR1002-X router with large numbers of MLPPP bundles may experience a crash preceded by the following message, followed by a traceback and eventual reload of the router:
%CPPOSLIB-3-ERROR_NOTIFY: SIP0: cpp_cp: cpp_cp encountered an errorConditions: This issue occurs on Cisco ASR1002-X router with large numbers of MLPPP bundles.
Workaround: Keep the number of single-link MLPPP bundles under 4000, and the total number of multimember MLPPP bundles under 2000.
•
Symptom: The show platform hardware qfp active feature epc client statistics 0 command does not respond.
Conditions: This issues occurs while using command in multi terminal.
Workaround: Use one terminal.
•
Symptom: FNF records do not get exported.
Conditions: The Cisco ASR 1002-X router boots with preconfigured FNF exporter when export protocol is IPFIX and the platform is RP1 or ASR1002-X.
Workaround: Reconfigure exporter.
•
Symptom: When BGP MDT address-family is configured with one or more VRF having mdt default x.x.x.x with 4000 VRF, out of which 400 VRF have "mdt default x.x.x.x" and with 8000 BGP neighbors in VRF (4K IPv4 & 4K IPv6), then router takes approximately 30 minutes to apply the configuration.
Conditions: This issue occurs if configured neighbors are under BGP VRF address-family with update-source command, that is neighbor X.X.X.X update-source interface.
Workaround: Do not use neighbor X.X.X.X update-source interface under BGP VRF address-family.
•
Symptom: IOSD crashes occur with 1000 MVPN sessions. When the sessions are cleared, all the IGMP joins are released, then the sessions are brought up. When about 400 to 500 IGMP sessions join, a crash is screen.
Conditions: This issue occurs when you clear 1000 MVPN sessions on LAC using the command clear pppoe.
Workaround: There is no workaround.
•
Symptom: The BPS and PPS information shown in the output of show platform hard qfp active data utilization is inaccurate for ASR1002-X and ESP100.
Conditions: There are no specific conditions under which this symptom occurs.
Workaround: There is no workaround.
•
Symptom: COOP failure messages are seen continuously on a standby RP. However, there is no impact on the functionality of the standby RP. This is an erroneous messaging issue.
Conditions: This issue is seen on a HA setup.
Workaround: There is no workaround.
•
Symptom: Flapping BGP and IOSD crash occur during the LNS sessions.
Conditions: This issue occurs during the LNS sessions.
Workaround: There is no workaround.
•
Symptom: Packet drops may occur and syslog errors may be displayed during ISSU.
Conditions: This issue is observed during ISSU.
Workaround: There is no workaround.
•
Symptom: OSPF IPv6 control packets are not encrypted or decrypted.
Conditions: This issue occurs while configuring the IPv6 OSPF authentication.
Workaround: There is no workaround.
•
Symptoms: QoS DSCP cases fail.
Conditions: The symptom is observed with a QoS profile, which has DSCP as 31 configured under SBE and DSCP bit set as zero.
Workaround: There is no workaround.
•
Symptom: NAS-IP address appears as 0.0.0.0 in the RADIUS Accounting-on packet when the Cisco ASR 1002-X router is restarted:
*May 17 14:34:22 JST: RADIUS(0000000C): Sending a IPv4 Radius Packet*May 17 14:34:22 JST: RADIUS(0000000C): Send Accounting-Request to 172.16.100.231:1813 id 1646/1, len 48*May 17 14:34:22 JST: RADIUS: authenticator F5 0C 46 BF 31 52 28 10 - 6D 9E B3 5A C8 7B 92 4D*May 17 14:34:22 JST: RADIUS: Acct-Session-Id [44] 10 "00000001"*May 17 14:34:22 JST: RADIUS: Acct-Status-Type [40] 6 Accounting-On [7]*May 17 14:34:22 JST: RADIUS: NAS-IP-Address [4] 6 0.0.0.0 <<======Here!!!*May 17 14:34:22 JST: RADIUS: Acct-Delay-Time [41] 6 0*May 17 14:34:22 JST: RADIUS(0000000C): Started 3 sec timeout*May 17 14:34:22 JST: %SYS-6-BOOTTIME: Time taken to reboot after reload = 170 seconds*May 17 14:34:22 JST: %ASR1000_OIR-6-INSSPA: SPA inserted in subslot 0/0*May 17 14:34:23 JST: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*May 17 14:34:23 JST: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFFConditions: This issue occurs when you restart the router.
Workaround: There is no workaround.
•
Symptom: After SSO, all the GRE tunnels show that the admin is down and stay down until the SSC-600/WS-IPSEC-3 security module comes up. Complete traffic loss occurs during this time.
Conditions: This issue occurs when vanilla GRE tunnels are configured in the system where HA and IPsec Module SSC-600/WS-IPSEC-3 card are present, and SSO is issued.
Workaround: There is no workaround.
•
Symptom: Recursive IPv6 route does not get installed in multicast RPF table.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: There is no workaround.
•
Symptom: IOSD crashes are observed when ipv6_address_set_tentative is run.
Conditions: This issue occurs while unconfiguring IPv6 subinterfaces.
Workaround: There is no workaround.
•
Symptom: When ANCP ports are brought up to the UP,SHOWTIME state, ANCP truncation occurs only on Active RP. The downstream rate is not truncated on the standby RP, and the associated QinQ interface policy map fails to be created on the standby RP.
Conditions: This issue occurs on the Cisco ASR1000 with "ancp truncate 32" configured.
Workaround: There is no workaround.
•
Symptoms: Crash occurs when the tunnel interface is removed from the hub and is added back again using config replace nvram:startup-config.
Conditions: This symptom is observed under the following conditions:
–
–
–
–
Workaround: Use CLI to change configuration instead of the rollback feature.
•
Symptom: A crash occurs at __be_nhrp_group_tunnel_qos_apply decode.
Conditions: This issue occurs when you flap a DMVPN tunnel on the hub in a scale scenario.
Workaround: There is no workaround.
•
Symptom: A CPP crash observed in VPLS setup.
Conditions: The issue is seen in VPLS setup.
Workaround: There is no workaround.
•
Symptom: The MVPNv4 traffic does not flow properly from the remote PE to the UUT.
Conditions: With Agilent traffic on, the removal or addition of MDT configurations for the MVRFs configured on the UUT, MVPNv4 traffic does not flow properly from the remote PE to the UUT.
Workaround: There is no workaround.
•
Symptom: Flapping BGP sessions are seen when route-map is changed, before or after mpls-ip or mtu is configured.
Conditions: The issue is seen between two BGP peers with matching MD5 passwords configured, and can be triggered by either of the following conditions:
–
–
Workaround: There is no workaround.
•
Symptom: A crypto_kmi_add_data_to_pyld memory leak occurs during the IPSEC key engine process.
Conditions: This issue occurs when the IPSEC key engine's holding memory is increased.
Workaround: There is no workaround.
•
Symptom: The AD in the route installed by a client is not updated to the configured value.
Conditions: When the ip route 0.0.0.0 0.0.0.0 dhcp 5 command is configured, AD is not updated to 5.
Workaround: There is no workaround.
•
Symptom: The Cisco ASR 1002-X may lose OSPF routes pointing to the reconfigured OSPF interface.
Conditions: This issue occurs during the quick removal and addition of the interface IP address.
Workaround: Insert a short delay in between the tasks of removing or adding the IP address. The delay should be bigger than the wait interval for LSA origination, which is 500 ms by default. Refresh routing table by running the clear ip route * command.
•
Symptom: On Cisco ASR 1001 router, after the system boots, the bootflash (eUSB) gets disconnected. As a result, the system reboots because the system cannot stay up without eUSB storage.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: There is no workaround.
•
Symptom: A VRF error message occurs in the Cisco ASR 1002-X Router.
Conditions: This issue occurs during the bootup of the router.
Workaround: There is no workaround.
•
Symptom: An access request sent by a BRAS might not contain ANCP attributes.
Conditions: This issue is seen, if an ANCP-enabled subinterface is set up for the first time or gets removed or included again.
Workaround: Reconfigure the ANCP neighbor name.
•
Symptom: The ISG router configured for the Layer 2 connected subscriber sessions does not respond to ARP replies, after a subscriber ARP cache has expired.
Conditions: This issue occurs when a router is configured with HSRP.
Workaround: Clear subscriber session. After the corresponding subscriber session is reintroduced, this issue is resolved. Alternatively, configure the IP proxy ARP on the HSRP configured interface.
•
Symptom: After router reload, all PADIs fail on QFP and autovc stays down.
Conditions: This issue occurs intermittently, approximately once every 50 reloads, after full chassis reload.
Workaround: Reload the chassis.
•
Symptom: The RP crashes.
Conditions: This issue occurs when the Cisco 1002-X Router reloads.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR 1000 Series Aggregation Services Router may experience reloads on the ESP module due to a CPP driver fault during an in-2-out NAT translation. This issue is seen with IOS release15.2S, but not in release15.1S.
Conditions: This issue occurs when NAT is enabled.
Workaround: Disable NAT or downgrade to a release 15.1.
•
Symptom: With OSPFv2 running between a Cisco ASR 903 router and a Cisco 7609 router, if you reset OSPF on Cisco ASR 903 router with clear ip ospf process, multiple OSPF and BFD flaps occurs, which last up to 3 minutes.
Conditions: This issue occurs when ASR903 has BFD and static routes as BFD client.
Workaround: Have a symmetric BFD client configuration.
•
Symptom: After a multiple RP switchover, router crashes with the following message:
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = BGP HA SSOConditions: This issue occurs when mVPN is with 500 VRF and multiple switchovers are performed on PE1.
Workaround: There is no workaround.
•
Symptom: After a Cisco IOS-XE bootup, there are no static reverse routes inserted as a result of applying or installing an HA crypto map. The same issue is present on the HSRP standby device, that is, the static RRI routes do not get installed when a failover occurs. The show cry map - command can be used to verify if RRI is enabled. The show cry route - command can be used to determine if RRI has occurred and if its been done correctly.
Conditions: This issue occurs on Cisco IOS-XE 3.5 to 3.7 VRF-aware IPSec with stateless HA and static RRI IPv4.
Workaround: Removing and re-entering the reverse-route static command into the configuration triggers the route insertion.
•
Symptom: Standby RP reloads continuously when a RP switchover is executed on a Cisco ASR 1000 Series Aggregation Services Router as PE with about 2500 BGP sessions with IPv4 or IPv6.
Conditions: This issue occurs on Cisco ASR 1000 Series Aggregation Services Router as PE with 2500 BGP sessions (IPv4 or IPv6).
Workaround: There is no workaround.
•
Symptoms: Under certain conditions, running a TCL script on the box, may cause software traceback and reload of the affected device.
Conditions: This issue occurs when privilege 15 user run TCL commands that may lead to an affected device reloading.
Workaround: There is no workaround.
•
Symptom: Cisco ASR 1000 Series Aggregation Services Router looses mapping for accounting feature on ISG users.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: The command clear sss session all solves the issue.
•
Symptom: The IOSD process crashes because of segmentation fault: UNIX-EXT-SIGNAL: Segmentation fault(11), Process = PPP Events.
Conditions: This issue occurs when BRAS functionality is configured, and the configuration includes ISG and PPPoE session termination includes ISG and PPPoE session termination.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR 1000 Series Aggregation Services Router may reload when deployed as an ISG.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: There is no workaround.
•
Symptom: The multihop L2TP tunnel fails to establish after enabling the ISG control policy under the virtual template interface for PPPoE users.
Conditions: If the ISG control policy is not empty and the service is configured, multihop L2TP tunnel fails to establish.
Workaround: Remove the ISG control policy.
•
Symptom: 15.2(2)S2 local policy routing issue occurs from PE to CE.
Conditions: This issue occurs when MPLS Multi-VRF Selection with PBR is configured on PE.
Workaround: There is no workaround.
•
Symptom: Audio fails on hair-pinned calls back from the CUBE to a SIP Provider.
Conditions: This issue is when you upgrade to IOS release 15.2.(2)S.
Workaround: Modify the diversion header on the transfer leg invite.
•
Symptom: Ucode crashes when GTP AIC inspects packets.
Conditions: This issue occurs when the GTP AIC is configured.
Workaround: There is no workaround.
•
Symptom: The fman_fp Core file is displayed.
Conditions: This issue occurs when Config GreoIPsec is configured with tunnel protection and more than 1000 route-maps are configured.
Workaround: There is no workaround.
•
Symptom: The following message is displayed at startup:
IOSXEBOOT-1-OOTFLASH_FAILED_MISSINGOccasionally, upon system startup, the bootflash storage device may not be discovered by the system software. A log message to that effect is shown on the console, and after a delay, the system will reboot.
Conditions: This occurs during normal operations of the Cisco AS 1002-X Routers.
Workaround: No workaround is required. The system reboots itself after some delay, and the bootflash device returns to service automatically.
Note
•
Symptom: The radius-server attribute 6 on-for-login-auth command is not configurable any more.
Conditions: There are no specific conditions under which this issue occurs.
Workaround: There is no workaround.
•
Symptom: The system does not save logs and the reset reason is displayed as LocalSoft.
Conditions: This issue occurs when combined architecture platforms (ASR 1001, 2KP & Overlord, and so on) have the CC or FP sections reset the hardware.
Workaround: There is no workaround.
•
Symptom: On the Cisco ASR 1001 router, bootflash disconnects and reconnects. As a result, there is loss of bootflash contents.
Conditions: This issue occurs after approximately 64 reloads of the Cisco ASR 1001 router.
Workaround: There is no workaround.
•
Symptom: The AD in the route installed by a client is not updated to the configured value.
Conditions: When the ip route 0.0.0.0 0.0.0.0 dhcp 5 command is configured, AD is not updated to 5.
Workaround: There is no workaround.
•
Symptom: The active RP crashes on the LNS with the Process SSS Mgr when the LAC is reloaded.
Conditions: This issue occurs when the LAC is reloaded.
Workaround: There is no workaround.
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S
This section documents resolved issues on Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S.
•
Symptom: The Netflow TimeStamp may show time drift compared to NTP time. This effect is equal to approximately 50 seconds of lost time per day.
Conditions: This issue occurs when the flexible Netflow runs on either an ESP40-based Forwarding Processor or on a Cisco ASR 1001 router.
Workaround: There is no workaround, but when the time skew exceeds 10 minutes, Netflow TimeStamp self-corrects.
Note
•
Symptom: One or more linecards may fail to boot in a Cisco ASR 1000 router with an RP2 or there may be an error with the EOBC. %CMFP-3-STANDBY_EOBC_LINK_ERROR: F0: cman_fp: Standby EOBC link error detected.
Conditions: This issue is observed with certain combinations of RP2 and ESP10.
Workaround: There is no workaround, but the issue is not seen with an ESP20.
•
Symptom: If a packet is sent to a null interface, an Cisco ASR 1000 router does not respond with an ICMP packet.
Conditions: This issue occurs when a prefix is routed to the null interface.
Workaround: There is no workaround.
•
Symptom: After some reloads, the last reload reason in show version output is seen as LocalSoft.
Conditions: The conditions under which these symptom is observed is unknown.
Workaround: There is no workaround.
•
Symptom: Pending issues and acknowledgments are observed after unconfiguring and then reconfiguring the same scale configuration while traffic is running.
Conditions: This issue occurs after configuring four overlays with 500 EFPs per overlay, setting up the traffic as described in the DDTS start traffic, removing the overlay and EFP config, and copying the same config back on one of the otv routers.
Workaround: There is no workaround.
•
Symptom: Unexpected reload of Cisco ASR1002-X router or ESP100 occurs.
Conditions: This issue is typically observed when large numbers of interfaces are present.
Workaround: There is no workaround.
•
Symptom: The output of the show platform hardware qfp active feature ess state command is showed in XML format during ISSU subpackage downgrade from XE3.7.0 to earlier releases on Cisco ASR 1004 router. This issue does not impact functionality.
Conditions: This issue occurs during an ISSU subpackage downgrade.
Workaround: There is no workaround.
•
Symptom: VCs that are configured with VPLS on the standby RP appear in down state.
Conditions: This issue occurs during core link flap.
Workaround: Run the clear xcon all command.
•
Symptoms: RP-Announce packets are replicated across all the tunnel interfaces and the count of replication is equal to the number of tunnel interfaces. For example, if there are 3 tunnel interfaces, then each tunnel should forward 1 RP-Announce packet each minute (with the default timer configured). However, in this case, each tunnel is forwarding 3 RP-Announce packets across each tunnel interface. This issue is not specific to the number of interfaces. It can happen with any number of tunnel interfaces.
Conditions: This symptom is observed when filter-autorp is configured with the ip multicast boundary command. This issue is seen on the Cisco 3725 router too, where the incoming packets are being replicated because of the filter-autorp command.
Workaround: Removing filter-autorp resolves the issue. However, you need to remove the pim and boundary commands first and then reapply the pim and boundary list without the filter-autorp keyword. Also, doing this might lead to redesigning of the topology to meet specific requirements. int Tun X no ip pim sparse-dense mode no ip multicast boundary XXXXXX filter-autorp int TuX ip pim sparse-dense mode ip multicast boundary XXXXXX.
•
Symptoms: The Cisco ASR 1000 router crashes in Firewall code due to NULL l4_info pointer.
Conditions: This symptom occurs when the Cisco ASR 1000 router acts as the MPLS L3VPN UHP. It crashes because FW/NAT requires the l4_info to be set.
Workaround: There is no workaround.
•
Symptom: Some TCP segments of particular length may be forwarded with wrong packet payload if NAT is configured.
Conditions: This issue is caused by NAT-configured packets are TCP segments of particular length.
Workaround: configure ip tcp adjust-mss to a smaller value than the current tcp flow.
•
Symptom: When an ESP switchover happens in an intra or inter box setup, sometimes the standby ESP gets stuck and does not come up properly.
Conditions: The show redundancy application group <grp-number> command shows the RF state as STANDBY COLD-BULK.
Workaround: This issue can be solved by reloading the standby.
•
Symptom: Sub-classification of HTTP traffic (for example, by host or url) does not work on the first transaction of the HTTP flow and matches on the second request.
Conditions: Only happens when all protocols or specific protocols on top of HTTP are enabled - sharepoint, audio-over-http, video-over-http, windows-azure, oracle-ebsuite-unsecured, bittorrent
Workaround: If you are using subclassification on HTTP, avoid using protocol discovery, FNF or specifically enabling other protocols which run over HTTP.
•
Symptom: Pending objects and traffic loss occur on cell packed interfaces.
Conditions: This issue occurs during router reload.
Workaround: Reload the router.
•
Symptoms: When configuring ipv6 vfr max-fragmentation in/out at no-default value, the ESP reloads with traceback.
Conditions: This symptom is observed when ipv6 vfr max-fragmentation in/out is configured at no-default value.
Workaround: There is no workaround.
•
Symptoms: SYN packets to establish ftp-data connections are sporadically dropped at the Cisco ASR router.
Conditions: This symptom is observed under the following conditions:
–
–
The symptom is observed on Cisco ASR 1000 Series Aggregation Services Routers.
Workaround 1: Use the passive mode FTP. Workaround 2: Use the static NAT/dynamic NAT configuration.
•
Symptom: Under certain conditions, ESP may reload and ESP forced switchover may happen.
Conditions: This issue occurs on ESP20 and RP2 with 200 branches, and two BRs each with two exits, and with delay-flap on over one of ISP link.
Workaround: There is no workaround.
•
Symptom: VRF-aware IP SLA with ICMP probes fail.
Conditions: The Cisco ASR 1000 Series Aggregation Services Router, which is PE, is configured to send ICMP Ping probes to a certain mpls VPN destination. The Ping is received back from the destination but ip-sla shows continues failures. Manual Ping via CLI fails as well.
Workaround: The workaround is to shut/unshut the ICMP source interface (Loopback) or deconfigure and reconfigure the VRF on the loopback interface. If the router is being reloaded, the same problem is seen again.
•
Symptoms: The active FTP data channel sourced from the outside may not work as expected. Other protocol inspections that expect pinhole or door for connections initiated from the outside may be affected as well.
Conditions: This symptom was first identified on the Cisco ASR router running Cisco IOS Release 15.1(3)S3 with VASI VRF PAT FW. This issue is seen when the FTP client is on the inside and the active FTP server is on the outside.
Workaround: To resolve this issue, use static NAT.
•
Symptom: Dropped fragments are observed.
Conditions: This issue occurs with fragmented traffic in CGN mode.
Workaround: There is no workaround
•
Symptom: Back to back FR is observed.
Conditions: This issue occurs when the router is reloaded.
Workaround: Perform shut/no shut the FR interface.
•
Symptom: ESP reload with fman-fp error occurs.
Conditions: This issue occurs when crypto map from interface is unconfigured and there is double ACL in the crypto map
Workaround: There is no workaround.
•
Symptom: Output of show sbc call-stats all current always shows as 15 minutes.
Conditions: This issue occurs when adjacencies are more in numbers with running calls.
Workaround: There is no workaround.
•
Symptoms: ESP reloads on the Cisco ASR 1000 Series Aggregation Services Routers due to ucode crash.
Conditions: This symptom is observed on the Cisco ASR 1000 router where the Layer 4 Redirect feature is configured. This problem was first introduced in Cisco Release 15.2(01)S. This issue may be not seen at all in some customer environments to about once a week in medium-sized high CPS ISG production networks.
Workaround: There is no workaround.
•
Symptom: The router may crash or generate datapath trace-back.
Conditions: This issue occurs when one of the following conditions is met: 1. MMON (Media Monitoring) is enabled. 3. NBAR is enabled and NBAR is configured to look into IPv6 tunnels, using the one or both of the following CLI commands: a. ip nbar classification tunneled-traffic ipv6inip b. ip nbar classification tunneled-traffic teredo
Workaround: 1. Disable MMON. 2. Disable NBAR classification of tunneled traffic: # no ip nbar classification tunneled-traffic ipv6inip # no ip nbar classification tunneled-traffic teredo
•
Symptom: System crash and reboot occur with AVC1.0.
Conditions: This issue occurs when FNF collects HTTP fields such as host, for example, with AVC1.0. The crash occurs infrequently in context of MSN traffic.
Workaround: Remove the HTTP fields from the FNF records.
•
Symptom: Fragmented SIP packets may be dropped due to FirewallInvalidZone.
Conditions: This issue occurs when NAT and Firewall is configured in VASI interface. In such a case SIP payload needs to be translated and the length of translated ip address is different from the prenat address or PAT is configured.
Workaround: There is no workaround.
•
Symptom: Default sessions do not establish when you apply VRF as a service to the default policy. VRF can only be applied to a default session by assigning a VRF on the access-interface. However with dedicated sessions, one cannot apply a VRF on the access-interface and VRF transfer at the same time. Thus if we require VRF transfer on dedicated sessions, we need VRF transfer on lite sessions as well.
Conditions: This issue occurs when access-side interface is in the default VRF, VRF is applied as a service to the default policy.
Workaround: There is no workaround.
•
Symptom: Multicast traffic over PVC Bundle always goes to prec 0 pvc.
Conditions: This issue occurs when multicast over PVC bundle is configured.
Workaround: There is no workaround.
•
Symptom: FP crashes with certain mulitcast config, on reloading the Cisco ASR 1000 router with RP2.
Conditions: This issue occurs when the router is reloaded.
Workaround: There is no workaround.
•
Symptom: The Cisco ASR 1000 router ESP may crash at pfr_tt_ll_resp_cb when introduce delay and flapping for TC, that is, clear pfr master border * on MC.
Conditions: Running PfR DMVPN setup with scaled number of branches, and clear pfr master border * on MC.
Workaround: No PfR session flapping solves this issue.
•
Symptom: The command sh ip nat trans causes error message or crash.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: Downgrading to any version earlier than XE3.6.0 release solves the issue.
•
Symptom: Ucode crash occurs followed by FP crash seen on sending GTP traffic.
Conditions: This issue occurs while sending traffic from SGPRS simulator.
Workaround: There is no workaround.
•
Symptom: The plim qos input queue command reflects on all int of the same spa.
Conditions: The configuration reflects for all the interfaces on the spa.
Workaround: There is no workaround.
•
Symptom: BFD sessions go down during FP switchover.
Conditions: This issue occurs when the peer is a Cisco ASR 1000 router with large BFD sessions.
Workaround: There is no workaround.
•
Symptom: Packets are dropped.
Conditions: This issue occurs with 5 cps basic sip call.
Workaround: Reduce the traffic load from 5 cps to 2 cps.
•
Symptom: The Cisco ASR 1000 router resets its FP with FW NAT feature combination.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: There is no workaround.
•
Symptom: High number of GTPv0 and GTPv1 packet drops occur with "GTP permit-error" OFF. On ASA, this feature can be turned ON.
Conditions: This issue occurs with zone-based firewall for GTP traffic configured and GTP permit-error OFF.
Workaround: There is no workaround.
•
Symptom: HS_logger crashes with IPFIX export of long URL
Conditions: This issues occurs when long URLs are present.
Workaround: There is no workaround.
•
Symptom: The Cisco ASR 1000 router crashes due to fragmented ICMP packets on BDI5.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: 1. Increase the MTU size at adjacent router which is connected with this ASR. 2. Under the interface BDI, use access-list to deny those icmp packets destined to subnet broadcast address.
•
Symptom: FP crashes on loading ATM VC bundle configuration
Conditions: The issue is seen on configuration around 200 ATM VC bundles.
Workaround: There is no workaround. FP stabilizes after the initial crash.
•
Symptom: Consecutive crashes occur.
Conditions: This issue occurs on a Cisco ASR 1000 router with ESP10 with IOS 15.2(2)S release.
Workaround: There is no workaround
Workaround: There is no workaround.
•
Symptom: ESP40 crashes when traffic hits the router.
Conditions: This issue occurs on basic LSM setup of PE-P-PE.
Workaround: Disabling LRE fixes the issue.
set plat hard qfp active feature multicast v4 lre offset plat hard qfp active feature multicast v6 lre off•
Symptom: FP may crash while flapping sessions with ISG services, or flapping the ISG services themselves.
Conditions: This behavior might be seen on a Cisco ASR 1000 router running 15.1(2)S images or later. The ISG services involved must be Traffic Class services, and they may have any of L4R, DRL/Policing, or accounting-based features applied. The behavior may be seen when such services are quickly added and removed from a subscriber.
Workaround: There is no workaround.
•
Symptom: Bad voice quality is observed.
Conditions: This issue is observed on RP1, ESP10, or SIP10 when there are multiple spas present and transcoding is active.
Workaround: There is no workaround.
•
Symptom: After the second RP switchover, mcast traffic stops forwarding by PE.
Conditions: This issue occurs in mVPN topology, during mcast traffic sending, while performing RP switchover on PE1.
Workaround: Use clear ip mroute * command to make the global MDT mroute re-built can restore mcast traffic before/after the second switch-over.
•
Symptom: GTPv0 request drops and fails to create session.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: There is no workaround.
•
Symptom: Ping to SBC interface from a Cisco ASR 1000 router fails.
Conditions: This issue may occur in any of the following conditions:
–
–
Workaround: Deactivate sbc, delete sbc interface, and re-create it again.
•
Symptom: CHSTM (prowler) spas serial interface shows down due to C2 byte mismatch.
Conditions: This issue is seen in releases 15.2(01)S, 15.2(02)S and 15.2(04)S.
Workaround: There is no workaround.
•
Symptom: Reload may occur on a Cisco ASR 1000 router NAT.
Conditions: This issue may occur while removing static rmap mapping.
Workaround: There is no workaround.
•
Symptom: Mod F: Shaper becomes inactive when policy-map is removed and added back on a subinterface.
Conditions: This issue occurs when policy-map is removed and added back on a subinterface.
Workaround: Changing shaper value reactivates shaper.
•
Symptom: Upgrade or downgrade ISSU fails.
Conditions: This issue is seen on devices with versions 3.7.x or later.
Workaround: There is no workaround.
•
Symptom: CPP Crashes seen on Active and Standby FP following RP switchover.
Conditions: This issue occurs after RP switchover.
Workaround: There is no workaround.
•
Symptom: After changing the grandparent shape rate through ANCP, traffic is not shaped to the new rate.
Conditions: This issue occurs on PPPoE model F Qos.
Workaround: There is no workaround.
•
Symptom: RP information is not learned when Auto-RP is configured and the MA and RP candidate are on different PE.
Conditions: This issue occurs when MA and RP candidate are on different PE.
Workaround: There is no workaround.
•
Symptoms: When some port-channels go down at the same time on a router, it can cause EIGRP SIA errors.
Conditions: The symptom occurs with full mesh four routers which are connected via port-channels. Additionally, it occurs with over five routers which are connected via a partial mesh port-channel.
Workaround: Use the following port-channel interface settings:
(config)# interface port-channel <port-channel interface number>(config-if)# bandwidth <bandwidth value> (config-if)# delay <delay value>•
Symptoms: Memory leaks are observed on the Cisco CMTS router when NAT is configured.
Conditions: This issue is observed with packets that need NAT in a VPN Routing and Forwarding (VRF) environment.
Workaround: There is no workaround.
•
Symptom: A Cisco device running IOS may crash due to a watchdog timeout with the following error messages:
%SYS-3-CPUHOG: Task is running for (126004)msecs, more than (2000)msecs (30/1),process = SSH Process. -Traceback= 0x63D827CCz 0x6496A670z 0x649774CCz 0x649776A0z 0x6497777Cz 0x6496BCFCz 0x6496BEA4z 0x6496BFF8z 0x61E122A0z 0x61DFC6CCz 0x61DFCF94z 0x61DFF270z 0x61DFC5F8z 0x61E980E0z 0x61E984ACz 0x61E3DF6Cz %SYS-3-CPUHOG: Task is running for (128004)msecs, more than (2000)msecs (31/1),process = SSH Process. -Traceback= 0x63D7AA5Cz 0x62A47F68z 0x62A48500z 0x62A45F9Cz 0x649774E8z 0x649776A0z 0x6497777Cz 0x6496BCFCz 0x6496BEA4z 0x6496BFF8z 0x61E122A0z 0x61DFC6CCz 0x61DFCF94z 0x61DFF270z 0x61DFC5F8z 0x61E980E0z %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SSH Process.Conditions: This issue occurs when there the response from the client is slow.
Workaround: Close the connection.
•
Symptoms: Router crashes in a scale DVTI scenario.
Conditions: The symptom is observed when the IPsec tunnel count reaches around 2500.
Workaround: Use fewer tunnels or use a different platform.
•
Symptoms: Various small, medium, or big VB chunk leaks are seen when polling EIGRP MIB or during SSO.
Conditions: This symptom is observed when MIBs are being polled or SSO is done.
Workaround: There is no workaround.
•
Symptom: The Cisco ASR 1000 router crashes at rip_process_mgd_timers decode.
Conditions: This issue occurs when 500 6rd tunnel and rip are configured, traffic is started and then stopped, and configuration is cleared.
Workaround: There is no workaround.
•
Symptoms: A crash is seen while applying the policy map with more than 16 classes with the Cisco 3900e platform.
Conditions: This symptom occurs when applying the policy map with more than 16 classes.
Workaround: There is no workaround.
•
Symptoms: A Cisco ASR 1000 router may crash due to Bus error crash at voip_rtp_is_media_service_pak.
Conditions: This symptom has been observed on a Cisco router running Cisco IOS Release 15.1(4)M2.
Workaround: There is no known workaround.
•
Symptom: Traffic from ixia 3 to ixia 1 and ixia 3 to ixia 2 on odd vlans (ED1 is the AED for odd vlans) is dropped with UnconfiguredMplsFia counters incrementing.
Conditions: This issue occurs with scaled OTV config in a multihomed setup do a RP switchover.
Workaround: There is no workaround.
•
Symptoms: DHCP pool that is configured for ODAP assigns the same IP to multiple sessions.
Conditions: PPP users receive pool via Radius. The pool is defined on the Cisco 10000 series router to use ODAP. ODAP is receiving the subnets from Radius correctly, and assigns IPs to PPP sessions, but sometimes two users end up having the same IP address.
Workaround: Clear both sessions sharing the same IP.
•
Symptoms: Multilink member links move to an up/ down state and remain in this condition.
Conditions: This symptom occurs after multilink traffic stops flowing.
Workaround: Remove and restore the multilink configuration.
•
Symptoms: The following message is displayed in the logs:
InterOp:Cube-NavTel : LTI: Video Xcode Call with plain Audio FAILSConditions: This symptom is seen when video Xcode call with plain audio fails.
Workaround: There is no workaround.
•
Symptoms: BGP L3VPN dynamic route leaking feature from the VRF to global export feature, the prefix-limit is incorrect upon soft clear, or new prefix added, or prefix deleted.
Conditions: This symptom is observed when VRF to global export is enabled, and prefix-limit is configured.
Workaround: Hard-clearing the BGP resolves the issue.
•
Symptoms: Shut down the physical interface of tunnel source interface. The router crashes with traffic going through some of the tunnels.
Conditions: This symptom is seen with tunnel interface with QoS policy installed.
Workaround: There is no workaround.
•
Symptom: IOS router may crash under certain circumstances when receiving a mvpnv6 update.
Conditions: This issue occurs while receiving a mvpnv6 update
Workaround: There is no workaround.
•
Symptoms: The requests to the RADIUS server are retransmitted even though the session no longer exists, causing unnecessary traffic to RADIUS, and RADIUS getting requests for an invalid session.
Conditions: This symptom occurs when the RADIUS server is unreachable and the CPE times out the session.
Workaround: This issue can be avoided by making sure that the RADIUS server is always reachable.
•
Symptoms: An EIGRP IPv6 route redistributed to BGP VRF green is not exported to VRF RED. Extranet case is broken for IPv6 redistributed routes.
Conditions: The issue is seen with IPv6 link-local nexthop. When the EIGRP route is redistributed to BGP VRF, it clears the nexthop information (it become 0.0.0.0). Now this route becomes invalid and BGP is not able to export to another VRF.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR 1000 router may crash.
Conditions: This issue is observed in a setup with configuration of BGP L3VPN VRF to global export, NSR, and large scale, hard clear or link flap.
Workaround: There is no workaround.
•
Symptoms: A crash is observed on EzVPN Server if VRF configuration under the ISAKMP profile is modified.
Conditions: The crash is observed only if there are active sessions at the time of configuration change.
Workaround: Prior to applying a configuration change, clear the sessions.
•
Symptoms: The router crashes when users execute the show ip route XXXX command.
Conditions: This symptom is observed during the display of the show ip route XXXX, when the next-hops of "XXXX" networks are removed.
Workaround: The show ip route XXXX command (without "XXXX") does not have the problem.
•
Symptoms: ATM local switching segments do not come up after changing encap on both interfaces.
Conditions: This symptom is seen with ATM VC local switching. If the encap on both the ATM VC segments are changed, the segments remain in DOWN state.
Workaround: There is no workaround.
•
Symptoms: When the prefix from CE is lost, the related route that was advertised as best-external to RR by PE does not get withdrawn. Even though the BGP table gets updated correctly at PE, RIB still has a stale route.
Conditions: This symptom is observed with a topology like shown below, where CE0 and CE1 advertise the same prefixes.
Workaround: Hard-clearing the device solves this issue.
•
Symptoms: Active or standby route processor crashes.
Conditions: This symptom can be seen during the configuration or removal of ATM virtual circuits.
Workaround: There is no workaround.
•
Symptoms: MFR memberlinks-T1 serial interfaces created under a CHOC12 controller, do not get decoupled from MFR even after the MFR bundle interface is deleted. Once the MFR bundle interface is reconfigured, the memberlinks do not appear under it.
Conditions: This symptom is seen with MFR with memberlinks as T1 serials from CHOC12 sonet controller.
Workaround: Unconfigure and reconfigure the encap frame-relay MFRx under each memberlink after reconfiguring the MFR bundle interface.
•
Symptom: Memory allocation failure occurs.
Conditions: This issue occurs while attaching to SIP-40 using a web browser.
Workaround: Reset the line card.
•
Symptom: Some of the backup VCs are down after SSO.
Conditions: It happens only on scale scenario, in this bug submitter created 500 primary and 500 backup VCs
Workaround: These backup VCs can be brought to SB state by issuing the following command although it is not usually recommended, it is only way to recover: clear xconnect peerid <peerid of the PW> vcid <vcid>.
•
Symptoms: Router may crash with breakpoint exception.
Conditions: The symptom is observed when SNMP polls IPv6 MIB inetCidrRouteEntry and there is a locally-sourced BGP route installed in IPv6 RIB.
Workaround: Disable SNMP IPv6 polling.
•
Symptom: Routes for the converted dedicated P sessions are missing after a RP switchover.
Conditions: Converted dedicated IP sessions are not HA aware. Therefore after a RP switchover, these sessions will be re-established at the new active RP. Routes are not installed for some of these sessions. As a result, downstream traffic is dropped.
Workaround: There is no workaround.
•
Symptoms: When service change occur as ISG, in some particular conditions, the SCE is not ready to accept the CoA, In that case the ISG resends an Update Session on the ISG-SCE Bus. The Update Session is sent but it is not populated with the required attribute for SCE (policy, service-monitor)
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: There is no workaround.
•
Symptoms: RP crashes at the far end, pointing to Watchdog Process BGP.
Conditions: This symptom is observed when doing an FP reload at the near end. This issue is seen with EBGP sessions with BFD configured between near end and far end routers.
Workaround: There is no workaround.
•
Symptoms: IPSec tunnels fail to be formed due to error: ''RM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.''
Conditions: Even though the router does not have 225 IPsec SA pairs, error will prevent IPSec from forming. Existing IPSec SAs will not be affected.
Workaround: Reboot to clear out the leaked counter, or install hsec9 which will disable CERM (Crypto Export Restrictions Manager).
•
Symptom: RP2 gets reloaded.
Conditions: This issue occurs when one dynamic crypto map with 8k tunnels running 700Mbps 64B packets are processed.
Workaround: There is no workaround.
•
Symptoms: Traffic loss is seen in pure BGP NSR peering environment.
Conditions: The symptom is seen on a Cisco router that is running Cisco IOS Release 15.2(2)S, and the BGP peerings to CEs and RR are all NSR enabled.
Workaround: Enable the bgp graceful-restart command for RR peering.
•
Symptoms: A router crashes during second rekey.
Conditions: This symptom occurs with IKEv2 with RSA authentication.
Workaround: There is no workaround.
•
Symptoms: Authentication fails for clients after some time because the radius_send_pkt fails, because it complains about the low IOMEM condition.
Conditions: In AAA, minimum IO memory must be 512KB to process the new request. If the memory is less than this, AAA does not process the new authentication request. This is AAA application threshold. This application barriers are not valid in dynamic memory case. Such conditions are removed for NG3K platform.
Workaround: There is no workaround.
•
Symptoms: CPU utilization shoots up to 99% after configuring crypto maps.
Conditions: The symptom is observed after applying crypto maps.
Workaround: There is no workaround.
•
Symptoms: A crash is seen on RP2, when the show platform software shell command package command is issued.
Conditions: This symptom is observed when the show platform software shell command package command is issued. It impacts the RP2 (x86_64_*) image only.
Workaround: There is no workaround. Do not issue the show platform software shell command package command.
•
Symptoms: Trace route for TP does not work as expected.
Conditions: This symptom occurs with a TP setup.
Workaround: There is no workaround.
•
Symptoms: Memory leaks are observed.
Conditions: The memory leaks are seen when OSPFv3 authentication is enabled over virtual link, and the OSPFv3 process is restarted.
Workaround: There is no workaround.
•
Symptoms: In a FlexVPN Spoke to Spoke setup, Resolution reply goes via the Tunnel interface to the Hub.
Conditions: This symptom is only observed when NHO is added for the V-Access, overriding an existing route. This issue is not seen when H route is added.
Workaround: Distribute the summarized address from the Hub, thus avoiding addition of NHO at the Spokes. The Spokes will then add H route instead of NHO.
•
Symptoms: Memory leaks occur when SNMP polling cbgpPeer2Entry MIB.
Conditions: This symptom occurs when BGPv4 neighbors are configured.
Workaround: There is no workaround if this MIB is to be polled.
•
Symptom: The SUP720 crashes.
Conditions: This issue occurs when you issue the sh clns interface | i ^[A-Z]|Number of active command multiple times via script with following error and decodes:
%ALIGN-1-FATAL: Corrupted program counter 00:53:22 EET Tue Jun 5 2012 pc=0x0 , ra=0x411514F4 , sp=0x55A8B080 c7600s72033_rp-adventerprisek9-m.122-33.SRE5.symbols.gz read in Enter hex value: 0x407F5B70 0x407F612C 0x407E026C 0x42BCA588 0x407EDDFC 0x41A78BB8 0x41A78B9C 0x407F5B70:get_alt_mode(0x407f5b68) 0x8 0x407F612C:get_mode_depth(0x407f6118) 0x14 0x407E026C:parse_cmd(0x407ded18) 0x1554 0x42BCA588:parser_entry(0x42bca360) 0x228 0x407EDDFC:exec(0x407ed344) 0xab8 0x41A78BB8:r4k_process_dispatch(0x41a78b9c) 0x1c 0x41A78B9C:r4k_process_dispatch(0x41a78b9c) 0x0Workaround: There is no workaround.
•
Symptoms: Checksum value parsed from GRE header does not populate, causing the GRE tunnel checksum test case to fail.
Conditions: The issue is seen on a Cisco ISR G2.
Workaround: There is no workaround.
•
Symptom: Default sessions do not establish when you apply VRF as a service to the default policy. VRF can only be applied to a default session by assigning a VRF on the access-interface. However with dedicated sessions, one cannot apply a VRF on the access-interface and VRF transfer at the same time. Thus if we require VRF transfer on dedicated sessions, we need VRF transfer on lite sessions as well.
Conditions: This issue occurs when access-side interface is in the default VRF and VRF is applied as a service to the default policy.
Workaround: There is no workaround.
•
Symptoms: Multicast event log preallocated memory space needs to be conserved on the low-end platform.
Conditions: This symptom is observed with multicast even log.
Workaround: There is no workaround.
•
Symptoms: Router crashes when show ip sla summary command is run.
Conditions: The symptom is observed on Cisco 2900, Cisco 1900, and Cisco 3945 routers configured with IPSLA operations. The router which was idle for one day crashes on issuing the show ip sla summary command.
Workaround: There is no workaround.
•
Symptoms: The show ospfv3 event command causes the router to crash.
Conditions: The symptom is observed when "ipv4 address family" is configured and redistribution into OSPFv3 from other routing protocols is configured.
Workaround: Do not use the show ospfv3 event command.
•
Symptom: In the Pseudowire redundancy, secondary Pseudowire fails to come up that is also configured as the backup on the other side.
Conditions: In the Pseudowire redundancy, cannot bring up the secondary Pseudowire that is also configured as the backup on the other side. There are no issues in activating pseduwires that are primary on the other side.
Workaround: Terminate these pseudowires on a different AC and make them as primary. If the customer want to terminate on the same AC, there is no work around.
•
Symptoms: An invalid SPI message is seen throughout the lifetime of IPsec SA.
Conditions: This symptom is observed with SVTI-SVTI with a GRE IPv6 configuration. When bringing up Cisco ASR 1000 Series router sessions, an invalid SPI is seen. There is also inconsistency between the number of child SAs in IKEv2 and the number of IPsec SAs on the same box.
Workaround: There is no workaround.
•
Symptoms: A Cisco IOS memory leak is observed.
Conditions: This symptom is seen when unconfiguring/reconfiguring BGP AD VFIs.
Workaround: There is no workaround.
•
Symptom: Flexvpn server crashes after overnight RP switchovers in ASR1000.
Conditions: Multiple RP switchovers in ASR1000 and it fails to allocate an IPsec SPI.
Workaround: There is no workaround.
•
Symptom: PWs does not come up after an SSO.
Conditions: This is only a specific case where the primary pseudowire path is DN when the active RP coming up, so the backup PW comes to UP state. Later when the primary path is available pseudowire redundancy switchover happens the primary PW becomes UP. At this stage if the Software Switchover happens the PWs on the newly active RP is DN. This is a very corner case and the chance of happening in the real deployment scenarios is very low.
Workaround: Run the clear xconnect all command to bring up the PWs.
•
Symptoms: QoS do not work on one of the subinterfaces/EVC.
Conditions: This symptom occurs when HQoS policy is configured on more than one subinterface/EVC on ES and then add flat SG on them.
Workaround: Remove and reapply SG.
•
Symptom: Overhead accounting configuration changes on XE37 image.
Conditions: This issue occurs in the following conditions:
–
–
Workaround: There is no workaround.
•
Symptom: Incorrect minimum bandwidth displayed when a 0k packet is received.
Conditions: Different behavior in ASR code when Min BW of 0 Kbit is received. 2.6.2 uses 10 Gbps as Min BW in case Min BW = 0 received 3.4.3 uses 1 Kbit as Min BW in case Min BW = 0 received
Workaround: There is no workaround.
•
Symptoms: System crashes.
Conditions: This symptom occurs after adding or removing a policy-map to a scaled GRE tunnel configuration.
Workaround: There is no workaround.
•
Symptoms: Traceback is seen when the show clock detail command is executed.
Conditions: This symptom is seen when executing the show clock detail command with Cisco IOS interim Release 15.3(0.4)T.
Workaround: There is no workaround.
•
Symptoms: CUBE reloads on testing DO-EO secure video call over CUBE when SDP passthru is enabled.
Conditions: The symptom is observed when running Cisco IOS interim Release 15.3(0.4)T.
Workaround: There is no workaround.
•
Symptoms: Router crashes.
Conditions: The symptom is observed with a Cisco router that is running Cisco IOS Release 15.2(3)T1. The router may crash during the failover test with OCSP and CRL configured.
Workaround: Configure OCSP or CRL but not both.
•
Symptoms: Authentication of EzVPN fails.
Conditions: The symptom is observed with BR-->ISP-->HQ.
Workaround: There is no workaround.
•
Symptoms: EoMPLS remote port shutdown feature does not work.
Conditions: This symptom is observed if xconnect and a service instance are configured under the same interface.
Workaround: There is no workaround.
•
Symptoms: Crash at slaVideoOperationPrint_ios.
Conditions: The symptom is observed when IPSLA video operations are configured and show running-config is issued.
Workaround: There is no workaround.
•
Symptoms: Following a misconfiguration on a two-level hierarchical policy with a user-defied queue-limit on a child policy, the UUT fails to attach the QoS policy on the interface even when corrected queueing features are used.
Conditions: This symptom is observed with the following conditions: 1) The issue must have the user-defined queueu-limit defined. 2) This error recovery defected is confirmed as a side effect with the c3pl cnh component project due to ppcp/cce infrastructure enhancement.
Workaround: There is no workaround.
•
Symptoms: A session provisioning failure is seen in the ISG-SCE interface. The deactivate or disconnect request has the message authenticator wrongly calculated.
Conditions: This symptom is observed with the ISG-SCE interface.
Workaround: There is no workaround.
•
Symptoms: When relay is configured with unnumbered interface, it appears the packet is sent out of the loopback interface (instead of the serial interface) to the server, which does not receive the packet.
Conditions: The issue happens only when unnumbered loopback address is used on the relay interface which connects to server. If an IPv6 address is used directly on the interface, it works fine.
Workaround: Use numbered interface instead of unnumbered interface.
•
Symptoms: In an IPv6 snooping policy, the keyword "prefix-list" has no effect on control packet. The keyword only affects the binding table recovery. In an "ipv6 nd raguard" policy, the limited-broadcast keyword appears though it is deprecated. It should be hidden and is always on.
Conditions: These symptoms are observed in an IPv6 snooping policy and IPv6 and RA-guard policy.
Workaround: There is no workaround.
•
Symptoms: ISIS adjacency process shows traceback messaging related to managed timer.
Conditions: This symptom is seen when configuring isis network point-to-point on LAN interface with isis bfd or isis ipv6 bfd enabled. The traceback does not happen always. It depends on timing.
Workaround: Disable isis bfd or isis ipv6 bfd before issuing isis network point-to-point command. Restore isis bfd or isis ipv6 bfd configuration on LAN interface.
•
Symptoms: The switch crashes when sending the DHCPv6 packet with "ipv6 snooping" on VLAN configurations.
Conditions: This symptom occurs when sending the DHCPv6 packet with "ipv6 snooping" configured on VLAN configurations.
Workaround: There is no workaround.
•
Symptoms: RP crashes when downloading FreeRadius Framed-IPv6-Route on MLPPP sessions.
Conditions: This symptom occurs when downloading radius Framed-IPv6-Route.
Workaround: There is no workaround.
•
Symptom: NHRP cache entry for the spokes get deleted on NHRP timer expiry even though there is traffic flowing through the spoke to spoke tunnel.
Conditions: This issue occurs on FlexVPN Spoke to Spoke setup.
Workaround: Configure the same hold time on both Tunnel interface and the Virtual-Template interface.
•
Symptoms: IPsec session does not come up for spa-ipsec-2g if ws-ipsec3 is also present. "Volume rekey" is disabled.
Conditions: This symptom occurs if "volume rekey" is disabled.
Workaround: Do not disable the volume rekey.
•
Symptoms: MDT tunnel is down.
Conditions: This symptom is seen in MVPN. If the ip multicast boundary command on non-current RPF interface blocks the MDT group, it may cause MDT tunnel failure.
Workaround: Adding the static join command under PE loopback interface may work around the problem temporarily.
•
Symptoms: Configuring mpls lsp trace results in IOSD restart.
Conditions: This symptom occurs when configuring mpls lsp trace results in IOSD restart.
Workaround: There is no workaround.
•
Symptoms: A memory leak is seen when IPv6 routes are applied on the per-user sessions.
Conditions: This symptom is seen if IPv6 routes are downloaded as a part of the subscriber profile. On applying these routes to the sessions, a memory leak is observed.
Workaround: There is no workaround.
•
Symptom: Segmentation fault crash and router reloads continuously.
Conditions: When router is reloaded with cfm over xconnect scale config (configuring 500 meps)
Workaround: There is no workaround.
•
Symptoms: IPv4 mVPN inactive (S,G) are not removed on egress PE.
Conditions: There are no specific conditions for the occurrence of this symptom.
Workaround: Remove entries manually.
•
Symptom: Router crashes in EIGRP due to chunk corruption.
Conditions: This issue is seen on EIGRP flaps.
Workaround: There is no workaround.
•
Symptom: During the "issue loadversion", while downgrading from Texel (or later) to Yap (v151_1_sg_throttle or earlier), the standby RP keeps reloading due to the out of the sync of configuration.
Conditions: The issue occurs during issu loadversion operation. The newer version of image supports the ipv6 multicast while the older version of image does not.
Workaround: There is no workaround.
•
Symptom: KS rejects rekey ACK from GM with message (from "debug crypto gdoi ks rekey all"): GDOI:KS REKEY:ERR:(get:0):Hash comparison for rekey ack failed. The keys & policies in the rekey packet are correctly installed by the GM, but the rekey ACK does not get processed by the KS. This leads to rekey retransmissions, GM re-registration and potential disruption of communication.
Conditions: Rekey ACK validation in versions 15.2(4)M1 (ISR-G2) and 15.2(4)S/3.7S (ASR1000) is incompatible with other software releases. A KS that runs 15.2(4)M1 or 15.2(4)S/3.7S will only be able to perform successful unicast rekeys with a GM that runs one of those two versions. Likewise, a KS that runs another version will only interoperate with a GM that also runs another version.
Workaround: Use multicast rekeys.
•
Symptoms: The image cannot be built with an undefined symbol.
Conditions: This symptom occurs as the commit error triggers the compiling issue.
Workaround: There is no workaround.
•
Symptom: Static tunnels between hubs and spokes fails to rebuild.
Conditions: Reload hub on the DMVPN ipv6 setup with DPD on-demand enabled on all spokes.
Workaround: There is no workaround.
•
Symptom: A /32 prefix applied to an interface (for example, a loopback) is not being treated as connected. This can then prevent Half-Duplex VRFs for operating correctly.
Conditions: This issue occurs when the prefix is applied to an interface is for a host route (/32 for Ipv4 or /128 for IPv6).
Workaround: Use a shorter prefix.
•
Symptoms: The POS interface line protocol is down with encapsulation PPP in an MPLS setup.
Conditions: This symptom occurs when configuring encapsulation PPP on both ends of PE1 and CE1, and then configuring xconnect in the customer-facing interface of PE1.
Workaround: Reconfigure the xconnect settings. Then, the interface will come up in the proper state.
•
Symptom: IOSD crashes.
Conditions: This issue occurs while bringing up 8k PPP sessions with QOS and ebgp routes.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR 1000 Series Aggregation router running IOS 15.2.(4)S ipBaseK9 feature set crashes when a interface that a qos policy attached to it comes up.
Conditions: This issue occurs on an interface with a qos policy attached.
Workaround: Use other feature sets, AdvEnterpriseK9, for example.
•
Symptom: A Cisco ASR1001 router Feature Navigator does not show correct image to license mapping.
Conditions: This issue occurs on a Cisco ASR1001 router with or without licenses.
Workaround: There is no workaround.
•
Symptom: Software is forced to reload on a Cisco ASR 1000 Series Aggregation Router using the ISG feature.
Conditions: ISG sessions cannot be authenticated/authorized whenever primary/secondary Radius servers are marked as unreachable. This creates high load on ISG and may force a crash.
Workaround: There is no workaround.
•
Symptom: Packet drops are seen on Scaled Cisco ASR 1000 Series Aggregation Router during RP switchover.
Conditions: This issue occurs during RP and FP switchover.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR 1000 router running 15.2(4)S release acting as a GM in a GETVPN deployment starts using the most recent IPSEC sa upon KS rekey instead of using the old key up to 30 seconds of expiration.
Conditions: This issue was observed only in 15.2.(4)S.
Workaround: There is no workaround.
•
Symptom: A Cisco ASR 1000 router being GM in a GETVPN deployment fails to start GDOI registration after a reload. The following status is seen: Registration status : Not initialized in the show crypto gdoi output after a reload.
Conditions: This issue occurs while running 15.2(4)S.
Workaround: Use an EEM script to issue a "clear crypto gdoi" a bit after boot time or issue this manually.
•
Symptom: Subscriber session on LAC/LNS attempts state with "vpdn authen-before-forward"cli configured and auto-service in the radius-profile.
Conditions: This issue occurs because of the command "vpdn authen-before-forward" and one auto-service in the user's profile in radius.
Workaround: Configure and apply one policy-map with SESSION-START rule with at least one action.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
This section describes the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S. It contains the following topic:
•
•
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S.
•
Symptom: BITS e1 output network-clock source configuration sends QL-INV to remote end.
Conditions: This issue is observed when the configuration of BITS e1 output network-clock source sends QL-INV to the remote end.
Workaround: There is no workaround.
•
Symptom: Occasionally, network boots from ROMMON may run very slowly. Booting from a "tftp:" device may appear to stall or run very slowly.
Conditions: This issues is observed when attempting to boot from a "tftp:" device.
Workaround: In non-autoboot scenarios, where the console port is connected, issue a reset under user supervision.
If the system is configured to autoboot, reconfigure the TFTP_TIMEOUT environment variable from its present very long value to a value longer than the expected boot time considering the network and server load. If the system finds itself in this slow booting mode while autobooting, the transfer will time out, and autoboot will reset and attempt to netboot the file again.
A suggested starting value of 300 seconds can be provided from the ROMMON prompt:
TFTP_TIMEOUT=300Sync•
Symptom: The output of show platform hardware qfp active feature ess state command is not working and is showed in XML format during ISSU sub-pkg downgrade from XE3.7.0 to lower releases on 4RU. There is no functionality impact.
Conditions: This issue is observed during ISSU upgrade process with ESP and RP running at different versions. There is no functional impact with this issue. The command work correctly after the system upgrade is complete.
Workaround: There is no workaround.
•
Symptom: When configuring the maximum throughput on a Cisco ASR 1002-X router, a value of 40000000 kbps is indicated even though the actual limit is 36000000 kpbs. Several log messages also indicates a value as 40000000 kbps when the license changes or is rejected. Actual product license or throughput is not affected.
Conditions: This issue is observed in the configuration mode. Log messages would vary dependent on action. But the output include message similar to the following message:
"*Aug 14 21:42:30.294: %IOSXE_THROUGHPUT-3-INVALID_CONFIG: No valid license found for the configured throughput level: 40000000 kbps"Workaround: There is no workaround.
•
Symptom: A small amount of packet drop due to anti-replay failure may be seen when the IPSec feature is configured.
Conditions: This issue is observed when the IPsec session is starting or when the IPSec SA lifetime expires and a new SA is established.
Workaround: There is no workaround.
•
Symptom: Pending issues and acknowledgments are observed after unconfiguring and configuring the same scale configuration while traffic is flowing.
Conditions: This issue is observed when four overlays are configured with 500 EFPs per overlay. Remove the overlay and EFP configuration. Copy the same configuration back on one of the routers.
Workaround: There is no workaround.
•
Symptom: POS interfaces are stuck in down state.
Conditions: This issue is observed while reloading a Cisco ASR1000 or a SPA.
Workaround: Reload the FP.
•
Symptom: Cisco ASR1000 devices displays traceback after RP switchover.
Conditions: This issue is observed with DMVPN HUB when scaled to 4000 spokes.
Workaround: There is no workaround.
•
Symptom: High IPSec/QoS latency.
Conditions: This issue is observed when traffic with volume-based rekey is sent.
Workaround: There is no workaround.
•
Symptom: IPv6 IPSec tunnel start up may be slow and pending objects may be seen in the show platform software object-manager fp active statistics command output.
Conditions: This issue is observed when trying to start large number of IPv6 tunnels (500 tunnels or more) after configuring them.
Workaround: There is no workaround.
•
Symptom: The CLI output format of the show platform hardware qfp active feature ess state command has changed.
Conditions: This issue was observed during ISSU sub-pkg downgrade from XE3.7.0 to lower releases on 4RU while FP is running XE3.7.0 image and Active RP is running non-XE3.7.0 images.
Workaround: There is no workaround.
•
Symptom: VCs configured with VPLS on the standby RP is in down state.
Conditions: This issue is observed during a core link flap.
Workaround: Clear xcon all.
•
Symptom: End to End Traffic fails in Port-channel QinQ Xconnect circuit.
Conditions: This issue is observed in a scaled configuration of 100 Port-channel subinterfaces configured using a script.
Workaround: Reload the router.
•
Symptom: IOSd restarts.
Conditions: This issue is observed during a mixed tunnel scaling test with high traffic.
Workaround: There is no workaround.
•
Symptom: mGREv6:IPv6 NHRP Shortcut switching not working for IPv6 transport.
Conditions: This issue is observed on a topology with two spokes registered to a Hub. Tunnel interfaces in mGREv6 mode is configured on bob and spokes and NHRP shortcut and redirect switching is configured on the tunnel interfaces.
Workaround: There is no workaround.
•
Symptom: TCP segments of specific length may be forwarded with wrong packet payload if the NAT feature is configured on Cisco ASR 1000 Series Aggregation Services Routers.
Conditions: This issue is observed when NAT is configured on the device and the TCP segments are of specific length.
Workaround: There is no workaround.
•
Symptom: BGP entries fail to return to the original value within 600 seconds.
Conditions: This issue is observed on DMVPN networks.
Workaround: There is no workaround.
•
Symptom: CPP crashes after modifying scaled VPLS configuration and changing the loop back address.
Conditions: This issue is observed only in scaled VPLS setup and on doing a negative test by changing the loop back address.
Workaround: There is no workaround.
•
Symptom: Pending objects and traffic loss.
Conditions: This issue is observed on cell packed interfaces.
Workaround: Reload the router.
•
Symptom: The OSPF relationship between PE & P routers disappears after reloading carrier card several times.
Conditions: This issue is observed if the carrier card is reloaded multiple times.
Workaround: There is no workaround.
•
Symptom: cpp_svr restarts on an optimised edge router (OER) border router.
Conditions: This issue is observed during a tunnel flap on external interfaces or while replacing a configuration.
Workaround: There is no workaround.
•
Symptom: IOSd crashes and router reloads multiple times after the ISSU upgrade.
Conditions: This issue is observed while running 4RURP1 ISSU sub package forwarding with all features from Cisco IOS XE 3.5.2 and Cisco IOS XE 3.6.
Workaround: There is no workaround.
•
Symptom: End to End ping and Traffic Fails.
Conditions: This issue is observed on IP internetworking with port-channel Xconnect QINQ ANY encapsulation.
Workaround: There is no workaround.
•
Symptom: qfp exmem is exhausted on the standby FP.
Conditions: This issue is observed when TCP is used for SIP signalling.
Workaround: There is no workaround.
•
Symptom: The ESP reloads on a Cisco ASR1000 router due to ucode crash.
Conditions: This issue is observed an Cisco ASR1000 router where Layer 4 Redirect feature is configured. This problem was first observed in 15.2(01)S release. This issue may not occur in some customer environments to about once a 1 week in medium sized high CPS ISG production networks.
Workaround: There is no workaround.
•
Symptom: ESP 100 crashes.
Conditions: This issue is observed while removing a hierarchical QoS policy-map from a port-channel member link.
Workaround: There is no workaround.
•
Symptom: The following symptoms are observed:
–
–
–
–
–
–
Conditions: This issue is observed on only on two Cisco ASR 1006 devices with 2x RP2, 2x ESP40, SIP40 and 2x ASR1013/06-PWR-DC
Workaround: Power cycle the chassis.
•
Symptom: Clients fail to get the IP address through the PPP IPCP from DHCP pool.
Conditions: This issue occurs after upgrading a Cisco ASR 1000 Series Aggregation Services Router from Cisco IOS XE 12.2(33) XNF2 to Cisco IOS XE 15.2(2)S without any configuration changes.
Workaround: There is no workaround.
•
Symptom: The SNMP loops at OID 1.3.6.1.4.1.9.9.645.1.2.1.1.1, and as a consequence, the SNMP walk fails.
Conditions: This issue is observed only during an SNMP getbulk request on OID 1.3.6.1.4.1.9.9.645.1.2.1.1.1.
Workaround: Exclude the MIB table from the SNMP walk using the SNMP view. For details on excluding the MIB table from the SNMP walk, see the following configurations:
snmp-server view <view name> iso includedsnmp-server view <view name> ceeSubInterfaceTable excludedsnmp-server community <community> view <view name>•
Symptom: The Cisco ASR 1000 Series Aggregation Services Router crashes when displaying MPLS VPN MIB information.
Conditions: This issue occurs on the Cisco ASR 1000 Series Aggregation Services Routers running IOS XE 15.1(02)S.
Workaround: Avoid changing the VRF while querying for MIB information.
•
Symptom: The syslog is flooded with traceback message similar to the following message:
Jun 20 10:05:23.961 edt: %SYS-2-NOTQ: unqueue didn't find 7F3D26BDCCD8 in queue7F3CA5E4A240 -Process= "RADIUS Proxy", ipl= 0, pid= 223-Traceback= 1#e0ee0ce60492fdd11f0b03e0f09dc812 :400000+873623 :400000+2547652:400000+20F9217 :400000+6C70C9C :400000+6C69C71 :400000+6C682BC :400000+6C68183Conditions: This issue occurs under the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptom: The router does not pass traffic towards the access side on the VCs configured with QoS shaping output policy.
Conditions: This issue occurs when you configure a QoS shaping output policy.
Workaround: There is no workaround.
•
Symptom: A configuration with a high number of down MEPs does not function properly.
Conditions: This issue occurs when you configure 500 or more down MEPs with 500 or more Xconnect configurations between service instances.
Workaround: Configure no more than 200 CFM sessions.
•
Symptom: The router displays CPU utilization traceback messages and drops all multicast traffic for 2050 seconds.
Conditions: This issue occurs under the following conditions:
–
–
–
–
–
Workaround: There is no workaround.
•
Symptom: The router may crash or restart, with the console displaying a SW_WDOG: expired message.
Conditions: This issue occurs under the following conditions:
–
–
–
–
Workaround: There is no workaround.
•
Symptom: Port shaper rate changes do not take effect.
Conditions: This issue occurs when QoS policies attached to EVCs on an interface do not include a shaper configuration; issue does not occur on EFP policies that include a shaper in a class.
Workaround: Include a shaper in one class of EFP policies.
•
Symptom: The router experiences CPP download failures when sending IGMP join messages.
Conditions: This issue occurs when the router is configured with a trunk EFP in SM mode on the access side, and is sending IGMP join messages to more than 1970 multicast groups.
Workaround: There is no workaround.
•
Symptom: The router displays traceback and CPU error messages.
Conditions: This issue occurs when you configure a large number of MAC address table entries while REP is enabled. The router displays errors during an REP topology change, REP pre-emption, or when you perform a shutdown/no shutdown on an interface.
Workaround: Reduce the MAC scale.
•
Symptom: The Connectivity Fault Management (CFM) up Maintenance End Points (MEPs) and down MEPs fails to scale to 1000 CFM sessions.
Conditions: This issue occurs when you configure CFM on a trunk Ethernet Flow Point (EFP).
Workaround: There is no workaround.
•
Symptom: The router applies the class-default QoS policy to all outgoing traffic.
Conditions: This issue occurs under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptom: The router crashes.
Conditions: This issue occurs when you have an OC-3 IM installed, and perform a soft OIR or SSO (when HA is configured).
Workaround: There is no workaround; reload the router.
•
Symptom: Traceroute to a remote MEP fails.
Conditions: This issue occurs under the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptom: Traffic floods an EFP interface.
Conditions: This issue occurs when you configure a multicast static MAC on a bridge domain and add more than 24 EFPs.
Workaround: Remove the extra EFPs from the bridge domain.
•
Symptom: The router crashes.
Conditions: This issue occurs when you configure CFM, SCE over MPLS, VPLS, or G.8032 services while running SNMP polling.
Workaround: There is no workaround.
•
Symptom: The router stops passing traffic and crashes.
Conditions: This issue occurs when you remove a QoS policy applied to a trunk EFP.
Workaround: There is no workaround.
•
Symptom: The router intermittently drops packets.
Conditions: This issue occurs on 10-Gigabit Ethernet core links when the router passes traffic for an extended period while running a VPLS-TP configuration.
Workaround: There is no workaround.
•
Symptom: The router's convergence time is greater than 90 seconds when you clear the multicast routing table.
Conditions: This issue occurs with a ring topology with two parallel paths from the FHR to the LHR receivers.
Workaround: There is no workaround.
•
Symptom: The router duplicates multicast traffic when configured as a static rendezvous point (RP) node.
Conditions: This issue occurs under either of the following conditions:
–
–
Workaround: Select an RP mode: static, auto, or bootstrap router (BSR) and avoid switching dynamically between RP modes.
•
Symptom: MAC learning fails and the router displays FIFO table overflow messages.
Conditions: This issue occurs with a MAC security configuration running at high scale.
Workaround: There is no workaround.
•
Symptom: L3 multicast replication fails on some of the EFPs.
Conditions: This issue occurs under the following conditions:
–
–
–
–
–
Workaround: Configure the EFPs and bridge domains, and initiate the traffic flow before attaching QoS policies.
•
Symptom: An interface module crashes after an interface module OIR.
Conditions: This issue occurs when you perform an OIR after the router has been passing traffic for more than 6 hours.
Workaround: There is no workaround; the IM recovers after the crash and resumes the task of passing traffic.
•
Symptom: IPv6 BFD sessions drop after you perform an SSO.
Conditions: This issue occurs when you perform an SSO on the router while running an IPv6 BFD configuration. Note that this issue does not occur with an IPv4 BFD configuration.
Workaround: After SSO, perform a shutdown and no shutdown on the physical interface.
•
Symptom: Some IPv6 multihop BFD over BGP sessions flap.
Conditions: This issue occurs on port channel interfaces running IPv6 multihop BFD over BGP sessions after you perform an SSO.
Workaround: There is no workaround.
•
Symptom: A CFM configuration crashes after passing traffic for several hours.
Conditions: This issue occurs when you create the following configuration:
–
–
–
Workaround: There is no workaround.
•
Symptom: The router does not pass multicast traffic consistently; only some traffic passes.
Conditions: This issue occurs when you configure 255 EVCs spanning across different slots on the router.
Workaround: There is no workaround.
•
Symptom: The router forwards multicast traffic on 63 out of 255 multicast OIFs.
Conditions: This issue occurs when you configure the following:
–
–
–
–
Workaround: There is no workaround.
•
Symptom: The router displays a QoS Stats Stalled error message and stops applying QoS configurations.
Conditions: This issue occurs when you apply a flat VLAN policy to a trunk EFP interface.
Workaround: There is no workaround.
•
Symptom: QoS classification does not function properly.
Conditions: This issue occurs when you create QoS class containing a policy that classifies traffic based on both ACLs and DSCP values.
Workaround: There is no workaround.
•
Symptom: QoS classification fails when you configure the match vlan command under a class map.
Conditions: This issue occurs when the router is configured with an EVC with the encapsulation default command.
Workaround: Change the encapsulation to dot1q.
•
Symptom: The router does not learn remote CFM MEPs on an EFP interface.
Conditions: This issue occurs when you configure rewrite push operation on an EFP interface.
Workaround: There is no workaround.
•
Symptom: The router crashes when you attach a QoS policy.
Conditions: This issue occurs when you apply a QoS class map that:
–
–
–
Workaround: There is no workaround.
•
Symptom: The router does not learn remote CFM MEPs.
Conditions: This issue occurs under the following conditions:
–
–
–
Workaround: Configure the EFP encapsulation as untagged.
•
Symptom: The OC-3 interface module crashes when you create a large number of ATM IMA interfaces.
Conditions: This issue occurs when you configure multiple ATM IMA interfaces with fewer than 16 links per bundle.
Workaround: Perform a hard OIR on the interface module.
•
Symptom: Gigabit Ethernet port 0/5/1 does not timestamp Ethernet OAM Y.1731 packets.
Conditions: This issue occurs when you configure Ethernet OAM on port 0/5/1 of a copper or SFP Gigabit Ethernet interface module.
Workaround: There is no workaround.
•
Symptom: Changes to the police QoS command do not take effect.
Conditions: This issue occurs under the following conditions:
–
–
Workaround: Remove the policy from the interface, make the necessary changes, and reattach the policy.
•
Symptom: The router does not transmit Y.1731 Delay Measurement Message (DMM) values using QinQ encapsulation.
Conditions: This issue occurs with the following configuration:
–
–
–
–
Workaround: There is no workaround.
•
Symptom: The router does not update the Gigabit Ethernet interface bitmaps after you remove an EFP from a multicast group. However, the router can display CPU hog messages.
Conditions: This issue occurs under the following conditions:
–
–
–
–
Workaround: There is no workaround.
•
Symptom: The router stops passing traffic on the 10-15 HDLC interfaces.
Conditions: This issue occurs when you configure a large number of HDLC interfaces: 84 for each port or 336 for each interface module.
Workaround: Remove and reconfigure the interface.
•
Symptom: The router does not increment QoS port shaper policy counters displayed by the show policy interface command.
Conditions: This issue occurs when you configure:
–
–
Workaround: There is no workaround. However, the router applies the QoS policy normally.
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
This section documents resolved issues on Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S.
•
Symptom: IOSD may crash while adding route information for PPP-IP-P2P neighbor (ppp_ip_p2p_neighbor_route_add)
Conditions: This symptom may occur during session churning of L2TP with BGP.
Workaround: There is no workaround.
•
Symptom: Some virtual circuit (VC) information is missing in the Simple Network Management Protocol (SNMP) MIB object cAal5VccEntry from the output of the snmpwalk router configuration command. For example, The ATM VCs 4/0.120 exist on the router but are missing in the MIB. Conditions: This symptom is observed on a Cisco 7204VXR (NPE-G2) router that is running 12.2(33)SRE5 (c7200p-advipservicesk9-mz.122-33.SRE5.bin) image in customer network. The symptom may also occur in other releases.
Workaround: - Enter the show atm vc privileged EXEC command on the same device to obtain a complete list of all the VCs. OR - Do the SNMPWALK suffixing the ifIndex of the interface to get the value. $ snmpwalk -v 2c -c fwwrcmn na-salerno-ar011 .1.3.6.1.2.1.2.2.1.2 | grep "4/0.120" IF-MIB::ifDescr.253 = STRING: ATM4/0.120-atm subif IF-MIB::ifDescr.254 = STRING: ATM4/0.120-aal5 layer
$ snmpwalk -v 2c -c fwwrcmn na-salerno-ar011 .1.3.6.1.4.1.9.9.66.1.1.1.1.3 | grep 9.9.66.1.1.1.1.3.254 ===> Got no entry of ifindex here in complete snmpwalk $ $ snmpwalk -v 2c -c fwwrcmn na-salerno-ar011 .1.3.6.1.4.1.9.9.66.1.1.1.1.3.254 ===> When done the SNMPWALK suffixing the ifindex, then getting the value which can be one workaround. SNMPv2-SMI::enterprises.9.9.66.1.1.1.1.3.254.200.106 = Counter32: 403633041
•
Symptom: Accounting stop send without Acct-Input-Packets Acct-Output-Packets Acct-Input-Octets Acct-Output-Octets when service stop is performed
Conditions: Service stop is issued
Workaround: There is no workaround.
•
Symptom: VRF to global packet's length corrupted by -1.
Conditions: Issue seen when the next-hop in vrf is global and recursive going out labeled. Issue is seen from 150-1.S3a onwards not seen on 150-1.S2.
Workaround: use next hop interface ip instead of recursive next hop.
•
Symptom: ANCP truncated line rate not seen on standby and hence the policy application will differ from that on active
Conditions: ancp truncate <value> CLI enabled and port ups received on BRAS
Workaround: There is no workaround.
•
Symptom: Router crashes during "sh run | format" CLI execution
Conditions: This crash is seen only during "sh run | format" execution. All other CLI executions are fine.
Workaround: Avoid executing "sh run | format". Instead "sh run" can be executed.
