These release notes describe the features, modifications, and caveats for Software Release 9.0, up to an including maintenance release 9.0(9). Refer to the Router Products Configuration and Reference document set, dated April 1992, for complete product documentation for Release 9.0.
Note Release 9.0(9) is the last maintenance release for 9.0. Maintenance customers will continue to receive phone support from CE, but fixes will be made only to later software releases. If you want to upgrade to a later software release, there is a choice of upgrade paths. Consult your account representative for further information.
These release notes describe the following topics:
- Current software versions, page 2
- New hardware features, page 2
- System management and interface configuration features, page 3
- New protocol features and enhancements, page 8
- New bridging features, page 12
- New features for IBM networks, page 13
- Obsolete commands, page 15
- Router products documentation enhancements, page 15
- 9.0(9) caveats, page 16
- 9.0(8) caveats/9.0(8) modifications, page 16
- 9.0(7) caveats/9.0(8) modifications, page 16
- 9.0(6) caveats/9.0(7) modifications, page 19
- 9.0(5) caveats/9.0(6) modifications, page 22
- 9.0(4) caveats/9.0(5) modifications, page 31
- 9.0(3) caveats/9.0(4) modifications, page 36
- 9.0(2) caveats/9.0(3) modifications, page 44
- 9.0(1) caveats/9.0(2) modifications, page 55
- Customer Information Online, page 67
Refer to the Cisco Price List for the version number and ordering instructions for the current 9.0 software release.
Note CSC/2 is no longer supported in 9.0.
Note STSX images are no longer supported in 9.0.
The following new hardware features are supported in Release 9.0:
- CSC/4
- Token Ring interface cards
- Flash memory card
Release 9.0 introduces support for the CSC/4 processor card. This card offers additional memory and faster processing.
Release 9.0 introduces support for the CSC-1R and CSC-2R Token Ring interface cards. The CSC-1R and CSC-2R can connect to IEEE-802.5 and IBM Token Ring media. Under software control the card can operate a Token Ring port at either 16 or 4 megabits per second (Mbps). These cards support the Cisco XBus interface that allows connections to the CSC-MC Nonvolatile Random Access Memory (NVRAM) card, as well as to the Flash memory (CSC-MC+) card. Neither of these cards requires a chassis slot.
The CSC-1R provides a single Token Ring port. The CSC-2R card provides two Token Ring ports that are individually configurable.
The Flash memory card is an add-in card containing flash EEPROM memory storage onto which system software images can be stored, booted, and rewritten as necessary. This card also is called the CSC-MC+. The Flash Memory card provides a fault-tolerant solution to users who only netboot and reduces the effects of network failure on system netbooting.
To use the Flash memory card, you must have an appropriate level of system software, firmware, and hardware. In addition, several prerequisites and caveats apply to installation and use of the Flash memory card. Refer to the Modular Products Hardware Installation and Reference publication for complete hardware requirements, specifications, caveats, and step-by-step installation instructions.
EXEC commands that support this feature include:
copy tftp flash
copy flash tftp
show flash [all]
Note Use of the Flash memory card is subject to the terms and conditions of the software license agreement that accompanies your Cisco product.
This section describes features and enhancements for the router system and interface configuration software.
Software Release 9.0 includes enhancements to Cisco's interface configuration software.
- The setup command facility now supports extended AppleTalk networks.
- For Token Ring interfaces, the software prompts for Token Ring ring speed (4 or 16 Mbps).
- The prompt for configuring MOP no longer appears.
Telnet sessions now provide online help information for special Telnet escape sequences.
Use the show environment command to display temperature and voltage information on the AGS+ console.
Note This capability requires ENVM microcode version 2.0 and router microcode version 9.0.
A show process memory command has been added that shows current memory use.
The TFTP server now displays verbose messages during file transfer sessions to help you monitor TFTP sessions.
Authenticating User Names
For networks that cannot support a TACACS service, you still can use a user name-based authentication system. In addition, you can define user names that get special treatment, for example, an "info" user name that requires no password, but connects the user to a general-purpose information service.
The network server software provides a local username configuration command that supports user name authentication.
Dynamic Buffer Sizing
The buffers huge size command is an optional global configuration command that adjusts huge buffer sizes.
Software Release 9.0 includes enhancements to Cisco's FDDI support.
Use the global configuration command smt-queue-threshold to set the maximum number of unprocessed Station Management (SMT) frames that will be held for processing.
Cisco provides support for some of the FDDI MIB variables as described in RFC 1285, "FDDI Management Information Base," published in January 1992 by Jeffrey D. Case of the University of Tennessee and SNMP Research, Inc.
Software Release 9.0 includes enhancements to Cisco's Token Ring support.
The CSC-R16 (or CSC-R16M), CSC-2R, and CSC-1R cards all support early token release, a method by which these interfaces can release the token back onto the ring immediately after transmitting, rather than waiting for the frame to return. The following interface subcommands control this feature:
[no] early-token-release
The Token Ring interface on the CSC-1R/2R interfaces can run at either 4 or 16 Mbps. The following interface subcommand controls this feature:
[no] ring-speed speed
Dial-on-demand routing (DDR) provides network connections in an environment that uses the public switched telephone network (PSTN). Traditionally, networks have been interconnected using dedicated lines for WAN connections. When used with modems (or ISDN terminal adapters), DDR facilitates low-volume, periodic network connections over a PSTN.
The following commands are added for support of DDR:
[no] dialer in-band
[no] dialer idle-timeout number-of-seconds
[no] dialer idle-timeout number-of-seconds
[no] dialer fast-idle number-of-seconds
[no] dialer enable-timeout number-of-seconds
[no] dialer string dial-string
[no] dialer map protocol next-hop-address dial-string
[no] dialer-group group-number
[no] dialer-list dialer-group protocol protocol-name permit|deny
You need special cable configurations to use the dial-on-demand feature. The pinouts for RS-232 and Cisco HD V.35 cables are shown in Figures 1 and 2.
On an RS-232 cable, swap pin 6 (DSR) and pin 8 (CD) at one end.
Figure 1: RS-232 Cable for Dial-on-Demand
On a Cisco high-density (HD) V.35 cable, swap pin E (DSR) and pin F (RLSD) at the standard V.35 end, or pin 20 (DSR) and pin 22 (RLSD) at the high-density end.
Figure 2: Cisco HD V.35 Cable for Dial-on-Demand
Software Release 9.0 includes enhancements to Cisco's packet-switched software support.
Note Bridge circuit-groups are supported only over parallel HDLC links.
When netbooting over X.25 or Frame Relay, you cannot netboot via a broadcast: you must netboot from a specific host.
TCP header compression is supported over X.25 links through the use of the following interface subcommand:
x25 map compressedtcp
Cisco provides support for the exchange of local management interface messages as defined by ANSI standard T1.617.
Use the frame-relay lmi-type ANSI interface subcommand to specify use of the ANSI LMI.
Cisco's implementation of SMDS includes a configuration option that allows you to enable or disable the router's ability to interface to an AT&T SMDS switch that implements AT&T's SMDS d15-mode. Please consult with your service provider to find out whether this command is needed.
Use the smds d15-mode interface subcommand to operate with an AT&T SMDS switch that implements the AT&T d15-mode packet structure.
Connection Mode Network Service (CMNS) is now supported over broadcast media. Cisco's CMNS implementation supports services defined in ISO Standards 8208 (packet level) and 8802-2 (frame level).
This section describes features and enhancements provided with Software Release 9.0.
This section describes changes and enhancements to Cisco's support of AppleTalk routing.
Release 9.0 now supports true AppleTalk-style access control lists based on AppleTalk zones. IP-style access lists, which are based on network numbers, are still supported.
Release 9.0 supports version 1.0 of the AppleTalk responder. The router responds to AppleTalk responder requests.
Release 9.0 routers allow routing of IP datagrams to IP clients using DDP as a low-level encapsulation, which is a technique commonly referred to as MacIP. Several commands have been added to configure and manage this feature.
Release 9.0 allows the advertisement of partial zones in an AppleTalk network. The appletalk permit-partial-zones command enables this feature.
Bad routing information, sometimes caused by a corrupt packet or a broken router, can cause ZIP storms on the network. The appletalk require-route-zones global configuration command now prevents bad routes from being propagated.
The show appletalk nbp command displays the NBP name registration table, which shows services registered by the router.
This section describes changes and enhancements to Cisco's support of DECnet Routing.
Release 9.0 supports DECnet Phase IV to Phase V translation. DECnet Phase V is OSI-compatible and conforms to the ISO 8473 (CLNP/CLNS) and ISO 9542 (ES-IS) standards.
DECnet access lists now can be used to filter on DECnet objects.
This section describes changes and enhancements to Cisco's support of IP routing features.
Release 9.0 router products now support up to 30 concurrent IP routing processes.
Release 9.0 supports a default SLIP address with the addition of the slip default EXEC command. When a default SLIP address is used, the transaction is validated by the TACACS server (when enabled), and the line is put into SLIP mode using the address configured with the IP address argument of the slip address dynamic configuration command.
Release 9.0 has provided an implementation of SLIP over the auxiliary port (asynchronous serial line) of its chassis-based router products. Its use is to provide access from a network management workstation to a router in a network where one or more routers are otherwise inaccessible.
Release 9.0 supports asynchronous Boot Protocol over SLIP. The Boot Protocol (BootP) server for SLIP supports the extended BootP requests specified in RFC 1084. These requests are specified with the async-bootp global configuration command.
This section describes changes and enhancements to Cisco's support of IP routing protocols.
Release 9.0 now allows you to enable or disable the split horizon mechanism in IP networks. This is particularly important in non-broadcast packet switching networks to prevent routing loops. Use the no ip split-horizon interface subcommand to disable the split horizon mechanism.
IGRP has been enhanced to simultaneously use an asymmetric set of paths for a given destination. This feature is known as unequal-cost load balancing.
With Release 9.0, Cisco supports OSPF routing and route distribution. The following commands have been added for OSPF support:
[no] ip ospf cost cost
[no] ip ospf retransmit-interval number-of-seconds
[no] ip ospf transmit-delay number-of-seconds
[no] ip ospf priority 8-bit-number
[no] ip ospf hello-interval number-of-seconds
[no] ip ospf dead-interval number-of-seconds
[no] ip ospf authentication-key 8-bytes-of-password
[no] router ospf ospf-process-id
[no] area area-id authentication
[no] area area-id stub
[no] area area-id default-cost cost
[no] area area-id range address mask
[no] area area-id virtual-link router-id [hello-interval number-of-seconds]
retransmit-interval number-of-seconds] [ transmit-delay number-of-seconds]
[dead-interval number-of-seconds] [authentication-key number-of-seconds]
The Release 9.0 implementation of BGP now supports Versions 2 and 3 of the protocol and permits dynamic version negotiation with neighbors. Routers can be configured to handle only Version 2 of the protocol using the neighbor version router subcommand.
Release 9.0 supports EGP core gateways. In some situations, certain external routing problems can be solved by having a single, central clearinghouse of routing information. The EGP protocol with core gateway support can be used to implement this structure.
This section describes changes and enhancements to Cisco's support of ISO CLNS routing protocols.
Release 9.0 supports DECnet cluster aliases. DECnet Phase V cluster aliasing allows multiple systems to advertise the same system ID in end-system hello messages. The router does this by caching multiple ES adjacencies with the same NSAP, but different SNPA addresses. When a packet is destined to the common NSAP address, the router load-splits the packets among the different SNPA addresses. A router that supports this capability forwards traffic to each individual system.
Release 9.0 supports the IS-IS ISO CLNS routing protocol. The IS-IS routing protocol supports the concept of areas. Within an area, all routers know how to reach all of the station IDs. Between areas, routers know how to reach the proper area. IS-IS supports two levels of routing: station routing (within an area) and area routing (between areas). Commands that support IS-IS are as follows:
[no] router isis tag
[no] is-type [level-1|level-1-2|level-2-only]
[no] redistribute router-name tag
[no] clns router isis tag
isis metric default-metric delay-metric expense-metric error_metric [level-1|level-2]
no isis metric [level-1|level-2]
[no] isis priority value [level-1|level-2]
[no] isis circuit-type [level-1|level-1-2|level-2-only]
[no] isis password password [level-1|level-2]
This section describes changes and enhancements to Cisco's support of XNS Routing.
Release 9.0 supports specific configurations for Ungermann-Bass Net/One networks. Net/One end nodes communicate using the XNS protocol, but there are a number of differences between Net/One's usage of the protocol and the usage common among other XNS nodes. Commands provided for configuring Ungermann-Bass Net/One networks are as follows:
[no] xns ub-emulation
[no] xns ub-routing
[no] xns hear-rip
This section describes changes and enhancements to Cisco's support of bridging.
Release 9.0 supports transit bridging of Ethernet frames across UltraNet media. The term transit refers to the fact that neither the source nor destination of the frame cannot be on the UltraNet media itself. This allows UltraNet to act as a highly efficient backbone for interconnecting many bridged networks. Configuring UltraNet transit bridging is identical to configuring FDDI transit bridging as well as transparent bridging on all other media types.
Source-route transparent (SRT) bridging is supported on Token Ring interfaces capable of supporting transparent bridging. Transparent bridging is supported only on the CSC-R16 or CSC-R16M Token Ring interface running at least Version 3.0 of the Token Ring monitor (SBEMON). As with all other media types, all bridge-group commands can be used on Token Ring interfaces.
This section describes changes and enhancements to Cisco's support of IBM networks.
This section describes changes and enhancements to Cisco's support of source-route bridging.
Fast switching allows faster implementations of local source-route bridging between 4/16-megabit Token Ring cards in the same Cisco router/bridge. This feature also allows faster implementations of local source-route bridging between two Cisco router/bridges using 4/16-megabit Token Ring cards and the direct interface encapsulation. The following command has been added:
[no] source-bridge route-cache
You can bridge packets between a source-route bridging domain and a transparent bridging domain. Using this feature, a software "bridge" is created between a specified virtual ring group and a transparent bridge group. To the source-route station, this bridge looks like a standard source-route bridge. There is a ring number and a bridge number associated with a "ring" that actually represents the entire transparent bridging domain. To the transparent bridging station, the bridge represents just another port in the bridge group.
The Local Acknowledgment capability in router/bridges supporting RSRB addresses the problems of unpredictable time delays, multiple retransmissions, or loss of user sessions.
The Boolean access expression functionality allows you to combine access filters in new ways for Token Rings. With these access expressions, you can now indicate complex conditions under which bridged frames can enter or leave an interface. With these expressions, you can achieve levels of control on frame forwarding that would be impossible when using only the simple access expressions.
LAN Network Manager (LNM), formerly called LAN Manager, is an IBM product used to manage a collection of source-route bridges. A source-route bridge connects multiple physical Token Rings into one logical network segment. LNM provides access to services so that you can monitor the entire source-route bridge environment through the use of a proprietary protocol.
This section describes changes and enhancements to Cisco's support of LLC2 and SDLC link-level support.
The Release 9.0 router software supports LLC2 connections over the following IEEE interfaces:
- MCI Ethernet
- MEC Ethernet
- Token Ring
- IGS Ethernet
- FDDI
LLC2 connections are used in support of the IBM LAN Network Manager, LLC2 Local Acknowledgment, SDLLC SDLC/LLC2 Media Translation, and CMNS.
SDLC is used in Cisco's implementation of SDLLC, the media translator between LLC2 and SDLC.
Cisco's implementation of SDLC supports multipoint, using a modem or line sharing device (MSD or LSD), in configurations where the device speaks a full-duplex protocol to the Cisco router.
Currently, the Cisco router can only act as the primary end of the SDLC session. As a result, in SDLLC applications, the Token Ring station always must act as the primary station, and the SDLC station always must act as the secondary station.
SDLLC is Cisco's term for media translation between IBM's Synchronous Data Link Control (SDLC) data link protocol for serial lines and ISO's Logical Link Control (LLC) Type 2 data link protocol used over Token Ring networks. The media conversion occurs between Token Ring and serial lines. The protocol conversion occurs between LLC Type 2 protocol used over Token Rings and the SDLC protocol used by IBM machines in an SNA network over serial lines. Any router that supports bridging can support the translation between SDLC on serial links and LLC2 on Token Rings using SDLLC.
The smds att mode command is obsolete.
In Release 9.0, the following documentation changes have occurred:
- Additional explanations of MTU limitations have been added.
- Additional examples of AppleTalk CAP/IPTalk configurations have been added.
- Chapter 24 and Chapter 25 discuss SDLC/LLC2 parameters and SDLLC, and media translation.
- A new appendix that describes the X.25 international diagnostics has been added.
- A new appendix that describes frame formats has been added
- A new appendix that presents error messages has been added.
- A separate booklet, Router Products Command Summary, has been provided.
- With Release 9.0, ISO routing protocols are documented in a separate chapter from the ISO switching protocols.
There are no outstanding caveats against Release 9.0(9).
This section describes possibly unexpected behavior by Release 9.0(8). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(8). For additional caveats applicable to Release 9.0(8), see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(9).
- After an uptime of nearly 25 days the IS-IS level 2 LSP may stop being sent, causing the IS-IS routing entry to disappear in the neighbor router. This is likely to happen when a router has only one Level 2 adjacency. [CSCdi13482]
This section describes possibly unexpected behavior by release 9.0(7). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(7). For additional caveats applicable to release 9.0(7), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(8).
- When configuring an AppleTalk access group on an interface, the access-group command may allow or disallow traffic in violation of the list. A workaround is to issue the interface subcommand no apple route-cache. [CSCdi12917]
- When converting NBP BrRq packets into NBP FwdReq, the system does not preserve the original DDP source address. It, instead, uses the address of the outgoing interface. This can short-circuit access-group filtering. [CSCdi13287]
- When NBP BrRq and NBP FwdReq packets are converted to NBP LkUps, the source address is not preserved. This can cause access-groups to inadvertently filter out the LkUps. The workaround is to disable access-groups. [CSCdi14245]
- Devices that perform gleaning of MAC addresses from AppleTalk Phase 2 packets may experience connectivity problems. This problem can manifest itself as services on the local network appearing and disappearing in Mac Choosers. There is no workaround. An upgrade is necessary. [CSCdi14732]
- Certain debugging messages are unexpectedly displayed to the console regardless of the state of the logging console configuration command. [CSCdi12665]
- Under conditions of high network or TACACS authentication server load, multiple responses can be received by the router or communication server. The multiple responses can be lost and cause the input queue to fill up on the interface the responses were received on. [CSCdi13626]
- The router fails to become a DECnet designated router on an FDDI interface when it is supposed to do so (it is the highest priority DECnet router on the FDDI ring). As a result, DECnet router hellos to end-nodes are not sent out on the FDDI ring and the end-nodes on the ring do not see a designated router. [CSCdi10442]
- Cisco routers do not listen to the DECnet multicast address for Level 2 only routers. This can create problems in situations where DEC routers are configured Level 2 only. The workaround is to configure those routers for both Level 1 and Level 2 routing. [CSCdi14521]
- In certain environments, use of the source-bridge proxy-explorer command may cause a router to reload, reporting a "Jump to Zero" error. [CSCdi12328]
- Under extreme circumstances, if autonomous switching is enabled (that is, ip route-cache cbus is configured), the router will reload. [CSCdi12415]
- When a CLNS NET is configured on a router using the command clns router igrp areatag net nsap1, and is then "undone" by the command no clns router igrp areatag net nsap1, and another NET is configured by the command clns router igrp areatag net nsap2, the system may reload. Caution is advised when adding and deleting CLNS NETs. [CSCdi09094]
- IS-IS, when redistributing static routes, should not include the prefix in a Level 2 LSP if the next-hop interface for the static route goes down. This is not a problem for ISO-IGRP. [CSCdi13023]
- The configuration command redistribute isis is not properly written to nonvolatile configuration memory. [CSCdi13154]
- If the router receives a redirect that lists itself as the next hop for a router, it will process the packet resulting in a circular routing table entry. This makes the destination listed in the redirect become unreachable from behind the router. [CSCdi12292]
- A Cisco router does not forward a subnet-only broadcast in the same manner that a Banyan server does. The Cisco router will forward it as a MAC layer broadcast onto the LAN segment containing the server, whereas a Banyan server will forward it directly to the server as a MAC unicast and let the server rebroadcast it. [CSCdi12555]
- The dialer-list 10 command would cause the router to take an exception. This is because only dialer lists from 1 to 9 are allowed. [CSCdi11279]
- When responding to a RIP request from a NetWare 3.1x/4.x server/router the response is sent to an incorrect MAC address (0000.0000.0001) and therefore is never received. This will only happen on NetWare devices that use an internal network number: a response to normal NetWare Client is sent to the correct MAC address. [CSCdi13400]
- If you configure a Novell IPX static RIP or static SAP entry using a host ID that matches the host ID being used by any Cisco interface, the static RIP or static SAP will be disallowed. The verification of host id should use the entire network.host-id address for a match instead of only the host ID. The 9.0 version of this bug only applies to static RIP configuration as static SAP configuration is not supported in the 9.0 software release. [CSCdi13332]
- In a topology where multiple equal cost routes exist to a destination and novell maximum-path is still at the default value of 1 a situation can happen such that an old route-cache entry exists pointing to a route that no longer exists. Using a nondefault value of novell maximum-path will avoid this issue, which will clear itself the next time the route cache changes, or when a clear novell cache is done. [CSCdi14410]
- Novell routes are flushed whenever a novell network xxx command is issued against an interface, even if the network number is unchanged from its previous value. This is most often seen when a configuration file is uploaded using the ciscoworks configuration management feature. The impact is Novell routing to some destinations will stop for up to 1 minute while the Novell route tables are rebuilt. SPX sessions, which have relatively short timeout values, may be dropped. [CSCdi14444]
This section describes possibly unexpected behavior by release 9.0(6). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(6). For additional caveats applicable to release 9.0(6), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(7).
- AppleTalk GMZ (GetMyZone) packets received on a nonextended interface are not handled properly by the system and get held in the small buffer pool. Evidence for this problem would include a slow depletion on the available system memory (as shown by show memory) and a continuous rise in the small buffer "total" count (as shown by show buffers). A GMZ request on a nonextended interface is an undefined call and should be ignored, but some AppleTalk-based network management packages use these packets to determine network configuration. [CSCdi10715]
- Occasionally, a newly configured MACIP server in a running router will not begin operation. Instead, it will hang in state "initial." This problem will only occur in routers that have been running for more than three weeks. The workaround is to configure MACIP prior in the first three weeks of operation, or to restart the router and reconfigure MACIP. This problem will not occur in routers that have a continuously running MACIP server. [CSCdi10771]
- Zone names that begin with one or more leading blank spaces are not properly stored in the configuration memory. This may lead to zone conflicts when the system is rebooted; the parser will consume all leading white space when parsing the zone name. To prevent such a situation, zone names with leading blank spaces should not be used. The correct system behavior would be to store the first leading blank space as the sequence :20 using the special colon notation. [CSCdi11052]
- A ZIP GetMyZone reply is sent in response to a ZIP GetLocalZones request on nonextended interfaces. This is an unexpected response on Macintoshes running AppleTalk v58. The correct behavior is to respond with a GetLocalZones reply. [CSCdi11248]
- When an interface is configured for nonextended AppleTalk, it will unexpectedly try to bring itself up after an AppleTalk address is assigned but before a zone is specified. This leads to improper port startup. This can be avoided by specifying the zone first and the AppleTalk address second. [CSCdi11516]
- When debug apple-events and debug apple-routing are enabled, state changes for routes are reported with incorrect cable ranges. There is no system impact. To get an accurate picture of the state of a route, use show appletalk route. [CSCdi11558]
- During a write terminal or a show configuration, trailing white space in a zone name is not visible, although present. There is no system impact. [CSCdi11847]
- Changing the logging level via the logging console global configuration command does not limit the display of logging messages to the console. The workaround is to log in via a virtual terminal and control the logging of messages with the logging monitor global configuration command. [CSCdi11676]
- A router running with IV/V conversion enabled converts any Phase IV hellos it receives and adds it to the Phase V adjacency database. The format of this entry in the Phase V database is recorded as "Phase IV". If a corresponding Phase V hello comes in (i.e., the other router is also running Phase V), it should overwrite the entry in the Phase V adjacency data base that was always forwarding to the final destination instead of the next hop. A IV adjacency is stored in the V adjacency database as noted above. This info is also entered into the V routing table, so that it is propagated through the OSI cloud. The caveat results in the router not updating this route, so the route would go into holddown and ultimately go away. Therefore Phase IV ES information never stays long enough in the V routing table. [CSCdi11174]
- The Token Ring interface was sending ring status messages to the LAN manager when it was in the DOWN state. The status messages are valid only after the interface has begun the insertion process. [CSCdi10364]
- Spurious entries may appear in the bridge table (show bridge) when the MAC address of an interface changes (for example, in reconfiguring an interface with a different DECnet address). This can be corrected with clear bridge n, where n is the bridge group identifier. [CSCdi09802]
- IP accounting is not supported for UltraNet interfaces. Incorrect data is entered into the accounting table. The fix is to disable IP accounting on UltraNet interfaces. Future releases will prevent this unsupported configuration from being set up. [CSCdi10595]
- There is a window in which commands to the interface get dropped. The fix is to protect against interrupts when issuing commands. In this case, the system drops the command to throttle the interface. When the system later tries to unthrottle the interface, it can get passed random pointer values to the interfaces shared memory. Also, store the throttle count in idb and display in show controller. [CSCdi11046]
- If a router receives IP packet fragments which are broadcasts, or addressed to the router and the fragments arrive more quickly than they can be reassembled, large amounts of processor memory can be consumed. [CSCdi10903]
- The router will not accept a partial command for ip route-cache because of the addition of a new command ip route-cache-same-interface. [CSCdi11171]
- If you run setup from enabled mode and configure a Token Ring interface that was previously shut down and had no ring speed, the configuration fails because setup configures no shutdown before ring-speed 16. The problem is encountered if the customer uses the setup command to configure an unconfigured CSC-2R/1R for the first time, but after the box had been booted some other interfaces have already been configured. It doesn't seem to happen to routers just out of the box with no configuration at all such that the customer uses setup to configure all the interfaces. [CSCdi09032]
- Routes learned via core EGP are redistributed into BGP with an AS path of zero (0) rather than the AS of the remote peer. [CSCdi11575]
- If a user waits at the --More-- prompt in the middle of show vines neighbor or show vines route output for any period of time, it is possible that the router will reload when the output is continued. This will only happen if the neighbor entry about to be displayed is deleted before the user continues. This is very unlikely to happen in normal usage of the router. [CSCdi10788]
- In their Release 5.50, Banyan changed the way that a client determines the name of its routing server. This fix changes the router to support that new method as well as the old method. [CSCdi11384]
- If a network is set up such that two or more routers are connected to a LAN segment containing a server, and the router interfaces connected to that LAN segment have been configured as serverless, then it is likely that there will be a broadcast storm. The workaround is to correctly configure the routers by removing the serverless specification on the interfaces that have servers connected to them. [CSCdi11991]
- Incoming SMDS ARPs are not entered into the SMDS ARP table. This is only evident in test situations where the interface is looped. There is no regular operational impact. [CSCdi10269]
- The SAP Flash updates that result from adding a static SAP to a router are not filtered according to any assigned SAP filter list. SAP poison packets, hop count 16, are not filtered according to the configured SAP filter access list on the outgoing interface. Static SAP entries are Flash-announced to the world at the wrong hop count. When the correct hop count is sent in the periodic updates, it will cause neighbor routers to think the topology has changed and to place the service into hold down, timeout, and flash an advertisement of hops equal 16 before advertising the correct hop count. [CSCdi10834]
- When bringing up an interface which has been down since system startup, on a router running with XNS UB emulation configured for over four weeks, the newly installed XNS interface will not send out UB XNS RIP packets after the initial update at interface startup. A workaround is to briefly turn off XNS UB emulation and then turn it back on. This may cause a couple minutes of UB route disruption on routes using this router. [CSCdi11543]
- If a Novell SAP update is received which has more than the normal seven services per frame advertised and all those services are new, there is a strong possibility that memory will be corrupted. [CSCdi12108]
- The optional behavior of the rip-check command installed as of CSCdi09056 has now become the default. To turn off the RIP-check handling of RIP requests use the no novell rip-check. Two new counters have been added to the show novell traffic display: SAP format errors and RIP format errors. Should these counters be incrementing on a router, it might be prudent to investigate which client is sending malformed RIP requests by turning on debug novell-rip-event; information will then be displayed about the next one of these packets which arrives along with other RIP events which may or may not be interesting. Note: turning on debugging may cause unwanted overhead on the router, use of an analyzer may also be warranted. [CSCdi12244]
This section describes possibly unexpected behavior by release 9.0(5). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(5). For additional caveats applicable to release 9.0(5), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(6).
- Serial interfaces configured with discovery mode never become operational. [CSCdi09532]
- The router may remember old, deconfigured AppleTalk networks as directly connected for reconfigured AppleTalk interfaces in rare circumstances if all of the following are true: 1) The router has an existing cable-range or address associated with it., and 2) The router is reconfigured with a new cable-range or address while it is not administratively shut down. This problem does not exist in releases 9.1 and above of the router software. The workaround in release 9.0 is to ensure that one of the above two conditions are not met by either administratively shutting the interface down with the shutdown command, or removing the existing AppleTalk address with either the no appletalk address or no appletalk cable-range command. [CSCdi09635]
- Under certain conditions, the configuration interface subcommand multiring all or multiring appletalk will prevent the router from being able to acquire an AppleTalk node address, thereby preventing the interface from becoming active as a routing node. You can detect this condition using the command debug apple-arp, which shows the router attempting to probe for an address indefinitely, incrementing the requested node address at each cycle. To circumvent this condition, remove the multiring command from the afflicted interface. (Multiring is necessary only if AppleTalk traffic will be source-routed from the adjacent Token Ring network to remote Token Ring networks.) If multiring is necessary, a temporary workaround is to disable multiring only during the AppleTalk ARP process. Once the interface has become operational for AppleTalk, multiring can again be applied to the interface. However, if the interface should restart for any reason, AppleTalk will again be disabled, so this should be considered an emergency workaround only. [CSCdi09753]
- AppleTalk Packets cannot be fast switched between MEC Ethernet controllers and HSSI serial controllers when the Ethernet interface is running Phase I AppleTalk, and the HSSI interface is running Phase II AppleTalk. [CSCdi09818]
- A pending ZIP garbage collection request may not be fulfilled as expected. This can occur whenever a route and its associated zone is deleted. There is no user visible impact. [CSCdi10254]
- All inactive zones may not be freed during ZIP garbage collection; show appletalk zone will display zones without any networks. This can occur when a large number of routes and their associated zones are deleted. There is no router impact. [CSCdi10279]
- The no appletalk cable-range and no appletalk address commands do not properly release assigned zone(s). As a result, the zone(s) may not be properly cleared during ZIP garbage collection and may show up as orphaned zones in show appletalk zone. There is no significant router impact. To ensure proper cleanup of zones, the user should issue a no appletalk zone command before issuing either of the two previous commands. [CSCdi10297]
- Partially qualified AppleTalk addresses of the form, 0.X, are unexpectedly inserted into the AARP cache on all nonextended interfaces. Since the entries are not valid, they will shortly age out. No user intervention is required. [CSCdi10426]
- AARP response debugging messages print bogus return addresses when debug apple-arp is enabled. [CSCdi10439]
- AppleTalk addresses of the form 0.X, where X is any valid node number, are erroneously entered into the fast-switching cache. This may possibly affect systems with more than one operational nonextended interface. [CSCdi10802]
- The AppleTalk address of the dissenting router is incorrectly reported as 0.0 when a network number conflict is discovered during port startup of an extended interface. There is no system impact. [CSCdi10839]
- A terminal line configured for flow control will not successfully time out (due to a "session-timeout" configuration) if the line is XOFFed at the time of the timeout. [CSCdi09310]
- DECnet should look at the MAX AREA parameter and not advertise reachability to any areas greater than this parameter. Likewise, it should not advertise reachability to a node that is MAX NODE. It should also not accept hellos from such nodes. [CSCdi09716]
- Any FDDI attached DECnet Phase IV end-nodes will have an OSI adjacency entry with a multicast SNPA. This occurs only when DECnet conversion is enabled on the router. [CSCdi09956]
- The parser sometimes claims that incomplete command names are not unique. [CSCdi10554]
- When a router with multiple Token Ring interfaces runs with the DECnet protocol, there are duplicate Token Ring MAC addresses on the bridge network because the Cisco implementation of DECnet modifies all the Token Ring interface MAC addresses to the same address. The IBM LNM protocol does not allow multiple stations with the same MAC address to exist on the bridge network. All the LNM functionality that relates to the duplicate MAC addresses, such as path test, station, profile, and link with bridge, will not perform normally.
- A configuration command was added to allow the router's LNM module to accept link requests from the adapter that is not closer to the LNM station ring. In a normal case, the LNM station links with the adapter of a bridge that is closer to the LNM ring and expects to receive an error if an LNM station tries to link with the other end of a bridge. This addition allows a router to stay linked with LNM station and to report problems. However, other LNM station-related functionality is still not acting properly.
- The following is the procedure to configure the router and LNM station:
- 1. Define the router as a bridge on LNM station. Use the burn-in address and the virtual interface address.
- 2. Issue the lnm duplicate-address global command on the router to turn on the option. [CSCdi09396]
- A TCP connection that has transmitted a very large amount of data (on the order of 2 billion bytes) can remove packets from the retransmission queue prematurely, causing the connection to unexpectedly close due to a retransmission timeout, even though the network path is working correctly. This can affect router functions like remote source route bridging, which can transmit large amounts of data over a long period of time. [CSCdi09764]
- The RSRB state machine goes to a null state when one of the peers of the WAN peers is power cycled. The workaround is to reset both routers. [CSCdi09767]
- The system did not learn the burned-in address of the Token Ring adapter card until after the interface inserted onto the ring. If the interface was shutdown when the router was booted and the router was configured for bridging, the virtual ring address would be configured with the address 4000.0000.0000. This happened because the virtual ring uses the burned-in address of the adapter, logically ORed with the 4 to obtain its unique address, which is a problem in the above scenario. [CSCdi07105]
- The transmitter-delay microseconds command does not show up when issuing a write terminal or a show config command on Ethernet or Token Ring interfaces. For this reason, the command must be issued at each reload for it to take effect. Serial interfaces function as described in the manual and don't exhibit the same failure. [CSCdi08710]
- There is a problem of setting access filters on source-route bridge networks based on SNAP type codes. [CSCdi09010]
- OSPF does not listen to multicasts on an old Type 2 Ethernet card. [CSCdi09553]
- In pre-9.0(5.4) environments, IP fast switching is not allowed on the same interface. This becomes desirable in a scenario like this:
A-----FR network------B
|
|
C
- Here, router A has DLCI to B, and router B has DLCI to C. There is no DLCI between A and C, so traffic between A and C would have to go through B.
- A new IP subinterface command has been defined to allow IP fast switching on the same interface:
- int s 0 ip route-cache-same-interface
- IP fast switching on the same interface and ICMP redirects are incompatible. Therefore, when the user enters the ip route-cache-same-interface command, ICMP redirects are never sent on the specific interface. If the user enters the command ip redirect, ICMP redirects are sent and the IP fast-switching cache is not updated with new entries if the output and input interface are the same. IP fast switching between serial interfaces does not work properly on low-end products in 9.0(5.3) and previous environments. This fix includes changes to the IP fast switching code to properly handle the frame header when switching between serial lines. [CSCdi09761]
- In the case where there are excessive token-to-mother interrupts, the system should call str_reset( ) instead of str_soft_reset( ) so that the interface transitions correctly. [CSCdi10116]
- The R16M will accept the configuration command ring-speed 4/16 even though its ring speed can only be changed by a jumper. The interface display will show the ring speed from the configuration command. However, the ring will continue to operate at the correct (jumpered) speed. The fix is to reject an attempt to change the ring speed on interfaces that are hardware configurable only. [CSCdi10617]
- It was observed once that a router was continuously looping running SPF, which resulted in locking the router. [CSCdi08089]
- OSPF fails to install an external route which it receives in external link state advertisement in some circumstance. The workaround is to cause the shortest path calculation to run again by issuing a clear ip route * command. [CSCdi09149]
- OSPF installs a wrong next hop for a route that is advertised in AS external advertisement. This happens when there is more than one AS external advertisement to the same destination. [CSCdi09213]
- Static routes with destination gateways routed to via an interface that goes down (or is shutdown) are not always removed from the main routing table. [CSCdi09374]
- If the router has more than one Network Entity Title (NET) configured, it will advertise only the first one configured in ES-IS ISH packets. The effects of this is that autoconfiguring end-systems will not learn of all addresses in a multihomed area. [CSCdi09414]
- When initiating a TFTP read request, the system can generate TFTP packets with invalid UDP checksums. This only happens when the request is transmitted out an unnumbered interface. If the TFTP server has UDP checksumming enabled, TFTP read requests via the unnumbered interface will fail. Turning off UDP checksumming at the TFTP server, or restricting TFTP reads to numbered interfaces avoids this problem. [CSCdi09577]
- Upon receipt of IP directed broadcast packets, the system erroneously attempts to resolve the directed broadcast address via HP Probe address resolution broadcasts. This occurs if the directed broadcast is destined for a directly connected interface, and that interface is configured for arp probe. The system then also correctly forwards the directed broadcast as a data link layer broadcast (if not disabled via the configuration command no ip directed-broadcast). The system should be sending the directed broadcast as a (data link layer) broadcast out the directly connected interface, but should not be attempting to perform address resolution on the IP directed broadcast address. [CSCdi09627]
- OSPF summary lock timer is created as continuous timer where it should be a one shot timer. If this timer is set once, it will try to come back even when it is not supposed to. [CSCdi09684]
- If a new BGP neighbor is configured after the router has been operational for 24 days, BGP will not attempt to start the session. The workaround it to manually start the session with the clear ip bgp command. [CSCdi09732]
- If an interface flaps, or if an IP routing protocol is removed from the configuration, then the gateway of last resort will be lost. [CSCdi09903]
- When an interface whose IP address is used as router ID by an OSPF router is shut down, the router mistakenly regenerates a router LSA with the old router ID that consequently fails to be deleted after an acknowledgment is received. This causes it to be continuously retransmitted. Note that this does not prevent the router from performing the normal operation. The router changes its router ID and reforms adjacencies with its neighbors with the new router ID correctly. This caveat is introduced in 9.1(3.1) and 9.0(4.2). [CSCdi09931]
- The LAN Net Manager "frame forward" used to verify an SRB route was causing a call to the function send_trace_report( ) with parameters in reverse order. This caused an attempt to jump to a null vector, thus "jump to zero error." The patches not only fix the function call, but also puts in paranoid code to check for invalid pointers. [CSCdi09980]
- BGP routes aged out of IP forwarding table. [CSCdi09983]
- OSPF default hello interval for non-broadcast interface is not set to 30 seconds as documented. Instead, it is set to 10 seconds. Interface subcommand ip ospf hello-interval number-of-seconds can be used to specify this interval. [CSCdi10027]
- The show ip ospf database command can cause the system to reload when the link state advertisement is removed from the OSPF database after the command has been issued. [CSCdi10228]
- This is a dynamic configuration problem. If you issue an area range command while the router is in operation, the router will not remove the summary LSAs that fall into that range. The workaround is that after completing the configuration, do a write memory and remove the OSPF process. Then configure the process again from memory. [CSCdi10293]
- A router which is configured as an area border router in OSPF domain fails to generate a summary network link state advertisement into the backbone area for a network in non-backbone area that is configured as an interface's secondary address. [CSCdi10302]
- On Cisco 2000, 3000, and 4000 routers equipped with Token Ring interfaces, enabling OSPF using the commands router ospf ospf-process-id and network address wildcard-mask area area-id may cause the router to execute an immediate system reload. There is no workaround. Users wishing to use OSPF under these circumstances are advised to call the Cisco TAC for more information [CSCdi10488]
- The router crashes if there is a virtual link configured and the interface whose IP address is used as Router ID is shutdown. The workaround is not to shut down the interface whose IP address whose IP address is used the OSPF Router ID. [CSCdi10555]
- When two routers are connected by a unnumbered serial link, OSPF does not calculate the routes properly. The workaround is to number the unnumbered link. [CSCdi10563]
- The area route summarization command area range xxxx xxxx accepts 0.0.0.0 as the summary address even though this address might cause routing loops. You should not add 0.0.0.0 as the range address. [CSCdi10627]
- A redirect sent out over an X25 interface does not get encapsulated and CLNS returns a failure. [CSCdi04417]
- ES-IS cache entries for a disabled interface are not flushed when the interface is disabled. This means that packets destined to systems that were formerly reachable through that interface may be lost until the cache entries time out (maximum of 5 minutes). [CSCdi08490]
- CLNS packets that are slow switched will always have their checksums calculated from scratch, even when the incoming packet has checksums turned off. This has no operational impact, other than slowing down packet forwarding and receipt if the original packet did not have checksums enabled. [CSCdi08567]
- IS-IS will send Level 1 LSPs over a point-to-point link to a Level 2 adjacency. The router on the other end discards the packet, and the sending side continually retransmits these LSPs. [CSCdi09335]
- When CLNS receives a packet that needs to be fragmented, but the segmentation permitted bit in the packet is off, it should send back an error packet (ERPDU) indicating this situation. [CSCdi09413]
- Duplicate adjacencies are formed (both system-id and SNPA are the same) when CLNS cluster aliasing is enabled on an interface. This happens for ISO-IGRP and DECnet Phase IV systems. This does not happen for IS-IS and OSI end-system adjacencies. [CSCdi09525]
- There are four obscure cases where IS-IS does not purge its own LSPs. The effect is LSPs harmlessly stay in the database longer than necessary. [CSCdi09526]
- IS-IS sends point-to-point IIHs out HSSI interfaces that are 1 byte larger than the allowable MTU. This results in a %TOOBIG.... error message. The adjacency still forms. [CSCdi09538]
- If IS-IS areas are configured in neighboring routers such that they are not in the correct order, a level-1 adjacency will not form. This only occurs in multihomed areas over point-to-point links. [CSCdi09555]
- Interface static routes with no SNPA specified will not be deleted from the configuration file. They are deleted from the routing table. [CSCdi09579]
- The router will create an adjacency with an end-system that has advertised an invalid NSAP format in its ESHes. [CSCdi09670]
- If and OSI end-system advertises an NSAP address that exceeds the legal length (20 octets), the router will accept and process the NSAP and build an adjacency. [CSCdi09672]
- If there exists a Phase IV end-node directly connected to a router, and IS-IS is enabled where the router is designated router, the Phase IV end-system is not inserted into the level-1 routing table and therefore is not reachable. This is a problem for end-systems that are both Phase IV and Phase V. [CSCdi09678]
- IS-IS does not free the memory used for any LSP when the Lifetime expires and it is deleted from the link state database. This event does not occur very often. [CSCdi09759]
- There are rare occurrences that the system may reload when a show isis database detail command is issued when the link state database contents is changing. [CSCdi09805]
- The NSAP lookup routine goes through the entire hash table even when a matching entry has been found. [CSCdi09915]
- If there are any CLNS discard routes configured and they are redistributed into ISO-IGRP, they will not be advertised. The workaround is to configure a fictitious static route so it can be redistributed. [CSCdi09917]
- If a static CLNS route to the zero-length prefix (default) is configured, it will not be written correctly to NVRAM. The workaround is to install a small number of static routes of length one instead. [CSCdi09997]
- If there is a neighboring IS on a LAN, and a router is configured to run IS-IS on the interface, the router does not advertise the IS as an ES link in the pseudo-node LSP. This fix allows ISs that do not run IS-IS to be reachable via the IS-IS running domain. [CSCdi10002]
- When there exists static routes in which the next-hop interface is no longer reachable, and ISO-IGRP is redistributing static routes, it will continue to do so if the interface goes down or the next-hop goes unreachable. [CSCdi10060]
- When deconfiguring an ISO-IGRP routing process, static prefix routes learned by that process are not deleted from the routing table. These routes stay in the table indefinitely. A system reload is the only cure for the problem. [CSCdi10406]
- There are situations when two routers running IS-IS are brought up on a serial interface and all the LSPs are not flooded to each other. [CSCdi10532]
- If static adjacencies are configured before the IS-IS routing process is configured, the adjacencies are not inserted into the non-pseudo node LSP. This is a race condition and does not happen very often. [CSCdi10587]
- If an attempt is made to either write a read-only object or read a write-only object, the wrong error code is returned. [CSCdi09714]
- If two users attempt a TACACS login or SLIP address request at the same time, the password one user types in can be sent with both authentication requests, causing authentication failures. This is due to the use of a static buffer. The problem will be fixed by using dynamic storage. [CSCdi10479]
- When a TCP connection has a closed window, packets containing valid ACKs are discarded if they also contain any data (since the data is outside of the window). The correct behavior is to continue to process the ACKs for segments with reasonable ACK values. This is especially a problem in the initial stages of a connection, when we send the SYN-ACK with a 0 window. If the ACK to our SYN contains data also, we will not process that ACK, and the connection never gets to ESTABLISHED state. [CSCdi05962]
- Telnet connections to a router will not transfer any data during the first couple of seconds after a connection is first opened, resulting in a visible pause if the user begins typing immediately. [CSCdi09576]
- The ability to debug TCP-based remote source route bridging, X.25 switching, and SDLC tunneling, is inadequate. New commands debug ip-tcp-driver and debug ip-tcp-driver-pak would be very useful. [CSCdi10382]
- All ARPs over an SMDS link were being discarded preventing routing of IP traffic over SMDS. [CSCdi09781]
- If a Novell network number is assigned to an interface that is administratively shut down and the router has a valid alternative route to that same network in its routing table, poison SAPs will be routed to that network. A result of this possibly unexpected behavior is that it will sometimes appear that the router is violating split-horizon and sending poison SAPs back out the interface they arrived on. Regular periodic SAP updates do not display this behavior. The workaround is to remove Novell network numbers from interfaces that are administratively shut down. [CSCdi07425]
- There was an interoperability issue between the Novell IPX routing fast switching implementation between release 9.1 and 8.3 or 9.0 software releases before either 8.3(7.2) or 9.0(5.1). This fix allows 8.3 and 9.0 to operate correctly with both correctly formatted input frames from release 9.1, or incorrectly formatted input frames from previous releases, on both FDDI or serial. The problem in 8.3 and 9.0 can be worked around by turning off fast switching on the 9.1 router's FDDI or serial interface. This patch will also fix problems where 8.3 or 9.0 cannot correctly forward frames sent by a PC FDDI end host onto an Ethernet. [CSCdi09754]
- The show novell route and show xns route displays are missing the count of learned routes in the header of the display. [CSCdi09923]
- Novell, XNS, and Apollo maximum path 0 is accepted and displayed by the system, but the default maximum-paths is 1. If a user types a maximum path of 0, make this return to the default setting of 1. [CSCdi09955]
- The IPX ping command was limited to a maximum of 1500 bytes. This patch increases the ping maximum to 4096 bytes for segments which supports that size. [CSCdi10130]
- XNS RIP General Request replies have the split-horizon rule inadvertently applied to them, split-horizons should not be applied to XNS General Requests Responses. [CSCdi10294]
This section describes possibly unexpected behavior by release 9.0(4). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(4). For additional caveats applicable to release 9.0(4), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(5).
- The computed total in the summary line of the show appletalk zones command is not the same as the number of zone names shown in the output of the command. This is cosmetic and does not affect routing operation. [CSCdi06993]
- The AppleTalk name lookup cache may not always be reflected in the output of various show apple commands. This affects the output of these show commands only, and does not affect any core router functionality. [CSCdi07775]
- A clear interface command will not clear the IPtalk port. Use the configuration command no apple iptalk instead. [CSCdi07778]
- AppleTalk zone multicasts such as NBP Lookups are unexpectedly ignored on FDDI interfaces. [CSCdi09424]
- DECnet fast-switching on Cisco 7000 works fine on Ethernet when the encapsulation is ARPA. It does not seem to work for ISO1/SNAP encapsulations. A (crude) workaround to the ISO1/SNAP ethernet encapsulation switching problem is to enable the default encapsulation (ARPA), set your switching mode, and enable the desired encapsulation (ISO1 or SNAP). Fast-switching is supported only for ARPA encapsulation (for Ethernet). The problem is that the code does not change the decnet fast-switch flag to FALSE when the encapsulation flag is changed to anything other than ARPA. Likewise, the code does not set the flag to TRUE when the encapsulation is changed back to ARPA (and DECnet fast-switching is turned on). [CSCdi08415]
- Turning on fast switching on an interface should be disallowed if that interface does not support fast switching, or in the case of serial interfaces, if the encapsulation does not support fast switching. [CSCdi08806]
- The DECnet fast-switching code will not process an extended ACL if no standard ACL is present. To be consistent with the slow-switched case, the check for the presence of a standard ACL should be removed, so that a list consisting of only extended ACEs will be processed. [CSCdi08875]
- If a DECnet Phase V end-node sends both Phase IV hellos and ESHes, the Cisco router continually changes the adjacency type stored in the OSI adjacency database. Therefore, packets are sometimes converted and sometimes not. The correct behavior is to set the adjacency type to Phase V and use this adjacency. Phase IV packets should then always be converted. Phase V packets should not. [CSCdi09235]
- When routing IP in conjunction with bridging, HP Probe packets will be bridged rather than received by the router. [CSCdi07039]
- If enable use-tacacs is configured without defining a tacacs-server host, then any username/password combination will allow any user to enable. [CSCdi08070]
- The clear counter [type unit] command always clears the counters regardless of the users respond to confirmation. [CSCdi08774]
- If a router is configured with a username having an encrypted password of invalid format, it is possible that the unit will reload when someone tries to log in using that username. The only way to get an encrypted password is for the Cisco unit to create it; users should not enter username myname password 7 mypassword, since mypassword is not a valid format for a type 7 encrypted password. [CSCdi08805]
- On routers without NVRAM, part of the sequence used to determine IP addresses is to send a BOOTP request. The replies to these requests are being ignored. [CSCdi08893]
- The lapb hold-queue interface subcommand is not properly stored in the routers configuration memory. [CSCdi08957]
- There is a messaging scheme whereby the token ring interface board can send status info to the system. There was no protection against a runaway board dominating the system with interrupts. The fix is to watch for excessive amounts of interrupts over a short period and reset the board if necessary. [CSCdi09022]
- Misconfiguration of the router with peers that do not exist or are powered down can cause the router to lose all memory. [CSCdi09041]
- A Cisco router sends VINES routing updates as spanning tree explorers whereas a VINES server sends routing updates as all routes explorers. The Cisco implementation provides lower explorer impact upon the network, whereas the Banyan implementation finds the shortest path between any two nodes. The fix for this behavior allows choosing between spanning tree explorers and all routes explorers on a per protocol basis. This is done via an extension to the multiring command. The new command syntax is:
[no] multiring {protocol | all} [all-routes | spanning]
- The trailing all-routes and spanning keywords specify the explorer type to be used. The default is to use spanning tree explorers. [CSCdi09091]
- There was a condition whereby the token ring chipset would become the Ring Parameter Server but the LAN Manager could not discover this fact and so would not respond to requests by other stations to insert onto the ring. [CSCdi09108]
- The message "Ignore Format 3 type 4 XIDs for SDLLC connections" is sent by NCP when VTAM is brought down. Once VTAM is brought down there is no point for the Cisco to initiate connection. [CSCdi09211]
- Due to interactions between the bridging code and driver code, the spanning tree state would be handled correctly. In pre-9.1, this would show up most readily on Serial lines. If a serial line was shut and then no-shut the port would go into blocking and then stay there. This same bug also shows up in other ways. Namely if you have an Ethernet port and you pull the cable out, the port will go down. But if you wait for a minute or so (give the Spanning Tree protocol time to recompute) and then plug the cable back in you'll see the port go into Forwarding immediately. This can cause temporary network meltdowns. [CSCdi09535]
- When using the domain-list feature, the software may fail to properly update domain cache entries that have been timed out. [CSCdi03896]
- Source routed IP packets which are supposed to be discarded by the system sometimes are not. Such packets are being packet switched when the local system does not appear as the next hop in the source route. These packets should never be packet switched when the user has entered the no ip source-route configuration command. This unexpected behavior can pose a security problem for sites who use this command to restrict access. Access lists can probably be used as a substitute means of restricting access. [CSCdi09517]
- Sometimes, when OSPF processes the link state advertisement retransmission list, the system will reload. This happens right after the system starts. [CSCdi04617]
- During designated router election process, a router who used to be a designated router but just lose the election fails to choose itself as backup designated router when it should. The correct behavior is to choose a router with the highest router priority among the rest, excluding the router that declared itself as DR. [CSCdi08732]
- OSPF generates a Seq Number Mismatch event after receiving a duplicate database description packet after it moved into state Full and it was a slave during database synchronization. The correct is behavior is to simply discard it, up until Dead Interval time since transition into state Full. And after that period end it will generate a Seq Number Mismatch event. [CSCdi08829]
- When configuring a router with redistribute static metric-type 1 router subcommand for OSPF router, the metric-type 1 argument is correctly set for redistributed routes but it is not recorded in configuration file as indicated by write terminal command. This can cause the router to use the default metric-type of 2 if the incorrect configuration file is written to either file or memory, then reloaded back to the router. [CSCdi08870]
- BGP does not accept advertisements of network 0.0.0.0 [CSCdi08880]
- The Chaos, PUP, and Hello routing protocols do not properly expire old routing entries, leading to a memory leak, race conditions, crashes, and incorrect routing decisions. [CSCdi08881]
- The system reloads after loading configuration file with distribute-list access-list-number out router subcommand for an OSPF router. This only happen when loading configuration file from TFTP server. Configuring from console will not cause a reload. [CSCdi08956]
- If a BGP router learns a route via IBGP and it has an EBGP neighbor as the next hop, and it then advertises the same route to the EBGP neighbor, the resulting next hop will be the EBGP neighbor itself. This will cause the BGP session to disconnect. [CSCdi08963]
- OSPF packet is sent with IP-TTL 1 on virtual link. This can cause the packet to be discarded when it is crossing the transit area. The IP-TTL for packet to virtual link is now set to 255. [CSCdi09000]
- When a system is attempting to TFTP boot, it may not know a route to the TFTP server. If the system has multiple interfaces by which it might contact the TFTP server, it can fail to continue to use the interface on which the TFTP transfer was just established. The result is that the TFTP boot attempt fails. The system should remember by means of its arp table the interface to use to reach the TFTP server. Configuring the systems NVRAM so that it can only reach the server by one interface at boot time avoids this problem. [CSCdi09068]
- Sometimes, when OSPF processes an incoming summary link state advertisement, the system will reload. This problem occurs under heavy OSPF load conditions. [CSCdi09090]
- OSPF removes the wrong instance of link state advertisement from link state retransmission list after receiving a link state acknowledgment. This happens in a rare circumstance when the acknowledgment is for an older instance of link state advertisement. [CSCdi09189]
- OSPF module miscalculates whether two link state advertisements are the same instance. [CSCdi09190]
- System normally disallows multiple interfaces to be configured with IP addresses on the same subnet. Such IP address overlap should be allowed when it occurs between a transmit only interface and its associated receive interface, as designated by the transmit-interface interface subcommand. [CSCdi09300]
- OSPF module miscalculates whether two link state requests are for the same link state advertisement instance. [CSCdi09338]
- Debugging messages showed by OSPF module during designated router election process shows a wrong router ID. [CSCdi09411]
- When redistributing core egp into another protocol, the command redistribute egp 0 is written out as redistribute egp which is an invalid command. This only happens if the EGP AS is 0. [CSCdi09524]
- CLNS static routes will not be written to NVRAM when a routing protocol has learned the same route and has better administrative distance. The correct behavior is for static routes to be written to NVRAM. [CSCdi05767]
- If there are multiple options present in an IS-IS hello packet, there are cases that the area address is not extracted and stored in the adjacency database. This occurs when the router on the other end of a serial link advertises both an IP address and an area address. This does not occur between two Cisco routers. [CSCdi09048]
- When using ISIS as the OSI routing protocol, any static routes that are configured are not entered into the Level 1 ISIS routing table. As a result, route table look-ups on the static address fail. The ISIS code will add a route to the routing table if the route is ISIS or ESIS derived; it should also add the route if the route is a static one. [CSCdi09053]
- When an invalid ER PDU is received, we should just discard it, without sending an ER PDU in response. [CSCdi09139]
- When redistributing ISO-IGRP routes into IS-IS, there are cases where some routes don't get redistributed. This occurs when the number of ISO-IGRP prefix routes causes more than one IS-IS Level 2 LSP to be generated. The routes that overflow the first LSP do not get generated. [CSCdi09144]
- CLNS fast switching over a serial interface with HDLC encapsulation falls back to slow switching. [CSCdi09172]
- There are situations where IS-IS will delete the wrong link in an LSP. This results in either duplicate entries or corrupt LSPs. [CSCdi09466]
- VINES redirect messages were ignored. This patch also fixes some minor problems generating redirect messages. [CSCdi09088]
- A Cisco router may occasionally send an ICP error message with an error code of zero. Receipt of this message can cause a Banyan server to drop some or all communications links passing through the Cisco. [CSCdi09175]
- If a station is removed from an interface that uses one type of encapsulation and is added to another interface that uses a different encapsulation before the neighbor entry expires, communication to the station will never be re-established. [CSCdi09294]
- There is a condition where some serverless networks will have extreme difficulty logging into any server. This is caused by a packet sent by the router not being understood by a VINES server. The workaround to this problem is to shorten the name of the Cisco router to be 15 characters or less. [CSCdi09372]
- When a client is initially powered on and the first login attempt results in a forced password change, the user will not be able to change their password, and will not be able to log in. The workaround is to have another user login and logout at that client, and the affected user will be able to login and change their password. [CSCdi09467]
- In certain topologies, fast-switch looping of (Novell) multicast packets can occur when received on an interface which is active, but not configured for Novell. This is now corrected. [CSCdi08722]
- A race condition in the show novell cache command can cause the router to reload. [CSCdi09163]
- Certain Novell packets may be received and processed by the local interface when they have been sent by a misconfigured Client, Server, or Router. For example, a SAP Get Nearest File Server packet sent on network 0xA1 from a host whose network number has been misconfigured as 0xA2. These misconfigured packets should be ignored and counted as bad packets, in the Show Novell Traffic display the packets pitched counter should be incremented when we receive one of these packets. [CSCdi09178]
This section describes possibly unexpected behavior by release 9.0(3). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(3). For additional caveats applicable to release 9.0(3), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(4).
- An error in the AppleTalk fast switching functionality results in invalid AppleTalk packets being generated in the case of a packet being received on a ciscoBus FDDI interface running extended AppleTalk and being destined for a nonextended Ethernet MEC interface. It can be worked around by disabling the AppleTalk route cache on either the MEC Ethernet interface or the FDDI interface. [CSCdi08211]
- When the appletalk permit-partial-zones command is enabled, the appletalk distribute-list access-list out and appletalk getzonelist-filter access-list commands unexpectedly permit all networks and zones in RTMP updates and GetZoneList replies when used with access-lists that contain no zone information (i.e. network number restrictions/permissions only). [CSCdi08819]
- DECnet address translation fails on IGS platform routers in the cases where both interfaces are not fast switched and one of the interfaces is capable of being fast switched. The workaround is to configure both interfaces for DECnet fast switching. Since this is not possible for all interfaces and encapsulations, such as Token Ring, X.25, and Frame Relay interfaces, some configurations cannot support ATG on IGS platform routers. [CSCdi07652]
- A packet going from one DECnet host to another on the same LAN should not be subject to access control checks. Making these packets go through the access control check serves no useful purpose since end systems can easily discover that they are on the same LAN and bypass the router altogether. This makes any access control set-up useless for such packets. Also, the result of this is that two end systems on the same LAN cannot talk to each other if they end up using the router to "discover" each other for the first time. [CSCdi08121]
- The router was not ignoring IV hellos sent by a router running V (Cisco or DEC). This created problems when a DEC V router was adjacent to a Cisco router, because the router was accepting the DEC IV hellos while the DEC router was rejecting our IV hellos. The result was a half-baked IV adjacency. Bug 7393 added code to ignore IV hellos from a V router when we were running OSI, IV and had conversion turned on. This fixed the original problem, but it resulted in an interesting side effect: we were now refusing IV hellos from Cisco routers as well and this caused a DECnet IV network to get partitioned when there were Cisco routers running with IV, OSI and conversion on. [CSCdi08164]
- When a DECnet extended access list is configured with a destination address, the code ignores the destination/mask info in the ACL. If a match was found in the connect part of the ACE, it would return TRUE i.e grant access, regardless of the destination/mask info. For example,
access-list 300 permit 1.400 0.0 1.999 0.0 eq any
- should allow ONLY packets from 1.400 to 1.999 to go through. The observed behavior was all packets would go through, regardless of destination. The fix is to just check that the source address/mask (and destination/mask, if applicable) specified in the access list matches the corresponding values in the in-coming packet. [CSCdi08760]
- For DECnet access lists, the destination address/mask is ignored, regardless of what is in the connect part of the access list. If the connect part of the access list matches, access is granted, regardless of the destination address/mask. [CSCdi08818]
- Any attempt to query an unimplemented SNMP MIB variable will cause the system to return the snmpEnableAuthenTraps variable. The correct behavior is to indicate that the variable requested is not available. [CSCdi04806]
- The show process memory command can be inaccurate due to incorrect accounting of deallocated memory. [CSCdi07586]
- The debug ? command does not show serial options if only serial interface type is HSSI. [CSCdi07674]
- sysLocation is read-only. As a workaround, the location can be set with the snmp-server location configuration command. [CSCdi07909]
- The router may experience a software error when the command show memory free is executed, and the command must pause for output at any time in displaying the results of the command. The workaround is to ensure that the output does not pause by using the command terminal length 0 before issuing the show memory free command. [CSCdi08368]
- Entering multiple logging buffered commands without an intervening no logging buffered command can cause meaningless output to be included in the output of the show logging command. [CSCdi08459]
- Router issues a %SYS-2-INTSCHED message and traceback when operating with debug rif enabled. The behavior has been present in all versions of the code supporting process-level bridging. After the command has been issued, the router may begin to display the message. The length of time depends upon how much traffic is presented to the router. Higher levels of traffic cause the problem to appear sooner. Once the condition has been triggered, the router continually sends error message and traceback information. The impact is a potential performance for process level activities. The workaround is to not use the debug rif command. The behavior has been present in all versions of the router supporting REF caching. [CSCdi06634]
- If the ring-group parameter for the sdllc traddr configuration command is configured before defining the ring-group (by issuing the source-bridge ring-group configuration command) it could cause the router to crash. Now, the sdllc traddr command will not be accepted, if the ring-group parameter specified is not already defined by the source-bridge ring-group command. [CSCdi07317]
- Repeated disconnections of the router could cause the router to hang. This was especially seen with LAN Network Manager sessions. The problem was that multiple LLC2 control blocks would get allocated pointing to the same session. [CSCdi08350]
- It is the firmware that is linked to the system versions and will cause a crash if earlier systems are used. [CSCdi08087]
- When the system is bridging IP, ARPs originated by the system cause an error message to be generated. This behavior is seen only with packets originated by the system and impacts the use of IP for management of a bridge with a frame relay interface. [CSCdi08293]
- When reconfiguring the priority on an interface used for transparent bridging, we delay reconfiguring the port until we receive the following BPDU message. This can cause a significant delay in the convergence of the spanning tree. This caveat is present in all previous releases. The port is now reconfigured as soon as the configuration command is executed. [CSCdi08296]
- Under certain circumstances a pure IP bridge (no ip routing) would not be able to communicate with other IP hosts in the presence of topology changes. [CSCdi08349]
- When use process PCM and dual-homing connection, if the user issues a cmt disconnect command to a standby port the CUP utilization will go very high. Fixed in 9.1(1.5) 9.0(3.2) 8.3(6.1). [CSCdi08427]
- When an IP packet with IP options is received on a fast-switching interface, the system sometimes fails to decrement the IP TTL before forwarding the packet. This is most noticeable when a traceroute program is being used with source-routing options, and causes the system to sometimes fail to show up as an intermediate hop in the traceroute output. [CSCdi08699]
- The RIF structures are now initialized before use. It is possible that a previous use of a RIF structure had entries which could affect operations when the RIF entry is used a second time for a different purpose. This has caused problems of pings being unsuccessful, unable to reach SRB hosts, etc. Initializing an entry will clear out all previous usage and start afresh. [CSCdi08790]
- MCI/SCI will become unusable when the MTU is 4 Kbytes or above because there is only one buffer for the receive side. We recommend that MTU should be less than 4.5 Kbytes. [CSCdi08842]
- If an interface is shut down and assigned an IP address, then the router should ignore that interface when trying to determine if it is on the same subnet as various other IP addresses. This affects various calculations, notably BGP NEXT_HOP calculations. [CSCdi05356]
- If the subnet mask is changed after a system has been operational, the new subnet mask will not be reflected in the IP routing table. A workaround is to reload the system after changing the subnet mask. [CSCdi05915]
- While routing IP, if two ARP style interfaces have the same IP address and one of those interfaces is shut down, the wrong MAC address could get entered into the ARP table. The workaround is to remove the duplicate IP address from the shutdown interface with the no ip address interface subcommand. [CSCdi07036]
- TCP connections can exhibit long pauses in data delivery if the router is attempting to send data faster than the foreign host can use that data. This happens most often in cases of protocol translation, sdlc tunneling, remote source route bridging, and X.25 switching. TCP connections can exhibit long pauses in data delivery if the Cisco is attempting to send data faster than the foreign host can use that data. This happens most often in cases of protocol translation, SDLC tunneling, remote source route bridging, and X.25 switching. [CSCdi07964]
- The system does not properly process RARP response packets received where these packets are responses for requests not initiated by the system. The system allows such packets to remain in the input queue, resulting in two user visible problems. First, the network interface input queue can fill up with RARP response packets, causing all subsequent packets destined for the system to be dropped. Second, the system fails to bridge these RARP response packets. The correct behavior is to bridge such packets in the case where the system is configured to bridge RARP packets, otherwise to ignore these packets. [CSCdi08651]
- The distribute-list command sometimes makes access list changes even when a parsing error is detected and an error message is printed. The software continues processing this command even though an error has been detected. Because of this aspect of the implementation, the system will treat a distribute-list command which specifies a nonexistent interface as if no interface has been specified, thus unexpectedly applying the access list to all interfaces. If the user receives parser errors in response to their distribute-list configuration commands, it is recommended that they verify that the system has not wrongly interpreted their commands by examining the distribute-list commands reported by write terminal. [CSCdi08668]
- In certain obscure circumstances and configurations, internal BGP paths which are not yet synchronized can be preferred over external BGP paths. This can cause instability in both BGP and in the IGP. [CSCdi08113]
- When a subnet is known via OSPF and is redistributed into some other protocols (for example, BGP or another OSPF) and the route to the subnet is removed, the other protocol may remove that entire network from its routing table. [CSCdi08129]
- Static IP routes can fail to be removed from the routing table when an unnumbered interface goes down. This can result in host or network routes pointing to a down interface to continue to be advertised via routing protocols. When the interface goes down, the router should remove the static route from the routing table for as long as the interface remains down. Until fixed, static IP routes should not be used with unnumbered interfaces. [CSCdi08180]
- In a very large networks, it is possible for fragmentation to occur on OSPF packets. This can cause problems with routers that do not do proper reassembly. [CSCdi08210]
- Duplicate AS path regular expressions are not ignored with the consequence that they will show up more than once in the list if a box is configured with the same set of ACLs more than once. [CSCdi08228]
- If IS-IS is not configured to redistribute static routes but is configured to redistribute ISO-IGRP routes, in some cases the ISO-IGRP routes are not propagated. [CSCdi08231]
- Whenever inconsistent metrics are assigned to router interface, it is possible to run into this bug. The result of this bug is that the route entries in IP routing table will sometimes drop the interface or will have wrong interface. The workaround is to have consistent metrics in the network. [CSCdi08297]
- When a routes boots from ROM, it ignores OSPF configuration in NVRAM. After booting, issue the command config mem. [CSCdi08409]
- If a summary LSA is regenerated within 5 seconds, the flooding of the LSA may not happen resulting in inconsistent database. The fix will be available in a future release. [CSCdi08463]
- When a link is flapping continuously, it is possible to run SPF calculations after each topology change resulting in locking the router. [CSCdi08600]
- If an unnumbered interface is shut down, it is periodically removed from the IP routing table. This causes unnecessary routing table activity and can introduce other detrimental side effects. This problem was introduced in 9.1(1.3) and 9.0(3.1). [CSCdi08715]
- The no clns enable command does not check to see whether or not a dynamic protocol is active on an interface before disabling CLNS on the interface. [CSCdi07413]
- The MTU of CLNS is always set to be three less than the IP MTU on the same interface. This works for Ethernet/802.3, but is incorrect for other media. This bug could cause CLNS to attempt to generate fragments larger than can be reasonably sent on an interface, resulting in packet loss, although this is unlikely to happen in practice. [CSCdi07875]
- The show clns route command will display unused next-hop addresses when one of the equal-cost routes goes down. [CSCdi08262]
- If the isis metric value interface subcommand is entered and the IS-IS process is not created (no previous router isis command), the system may crash. [CSCdi08434]
- If a Cisco router is an IS-IS designated router on a multiaccess network, it will transmit LSP entries in CSNP packets with a negative lifetime. This is only a problem if a receiver uses the lifetime information, and Cisco routers do not. This was found while doing interoperability testing with IBM's IS-IS implementation. [CSCdi08435]
- The encapsulation type for CLNS is sometimes displayed incorrectly when a show clns interface command is entered. This has a cosmetic defect only. [CSCdi08467]
- CLNS fast switching does not properly fragment packets. Packets received on FDDI that are larger than 1497 octets will not be forwarded properly over serial and 802.3 interfaces. This isn't typically a problem, since CLNS packets are seldom this large. The workaround is to disable CLNS fast switching on the FDDI interface (no clns route-cache). [CSCdi08494]
- If the CLNS trace facility is used to trace a path that goes through another Cisco router on the same LAN, the second of the three trace packets may not work. This has no operational impact, other than causing a three second delay in the execution of the trace. [CSCdi08653]
- CLNP packets received by a router with a lifetime field of zero will be forwarded (with a lifetime of 255) if slow-switched. This has no operational impact whatever unless a host is emitting packets with a lifetime of zero. [CSCdi08654]
- This problem only occurs when you run an ISO-IGRP routing process where you enable level-2 only routing for all interfaces for the processes routing domain. For example:
router iso-igrp 39
net 39.0001.0000.0c00.ffff.00
int e 0
clns router iso-igrp 39 level 2
int e 1
clns router iso-igrp 39 level 2
- ISO-IGRP routes are created, ISO-IGRP adjacencies are not. routes may not go away. [CSCdi08745]
no router iso-igrp 39
- all prefix routes created by this process will not be removed from the CLNS prefix routing table. A workaround is to do a clear clns routes. Also, if you enter:
router iso-igrp 39 distance 90
- prefix routes that are created by this process are not assigned a distance of 90. A workaround is to do a clear clns routes. The next updates received will build routes with a distance of 90. [CSCdi08755]
- A recent VINES bug is causing VINES clients to send broadcast StreetTalk packets. Because the Cisco router floods streettalk broadcasts, this can cause congestion in wide area links. The change to the router code is to only flood StreetTalk broadcasts sent from a server. [CSCdi08277]
- If a VINES SPP packet is addressed directly to a router, it will discard the packet twice producing a "Buffer in list" error message. This error is very unlikely, and is also harmless. [CSCdi08362]
- Once enabled, disabling X.25 routing with the no x25 routing command does not disable X.25 call forwarding. [CSCdi06840]
- The ping command will display incorrect round trip times for 32, 33, or 34 byte Novell IPX or XNS packets. Use larger sizes when sending IPX or XNS echoes from the router to obtain more accurate round trip times. [CSCdi07529]
- On media other than 802.x, show xns int will display the wrong encapsulation type, if the default encapsulation has been changed. For example, on an SMDS interface show XNS interface will display: "XNS encapsulation is HDLC". We should only display XNS encapsulation types for 802.x media. [CSCdi07929]
- When a Cisco unit has a large number of the same type of interface show novell cache or show XNS cache will display the interface limited to nine characters which allows only Ethernet1 to be displayed when it is in fact Ethernet11. The initial 9.1 release changed this to ten characters which corrects Ethernet names, but Token Ring will have a similar problem unless the length is eleven characters. [CSCdi08236]
- When a Cisco router generates a XNS error response packet it is sent out with a source address equal to the original source of the packet which caused the error response. The source address should be that of the router itself. [CSCdi08377]
This section describes possibly unexpected behavior by release 9.0(2). Unless otherwise noted, these caveats apply to all 9.0 releases up to and including 9.0(2). For additional caveats applicable to release 9.0(2), please see the caveats sections for newer 9.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 9.0(3).
- Sites with AppleTalk networks that are incorrectly config
