Table Of Contents
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
TN3270
Wide-Area Networking
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
IP Routing Protocols
Novell IPX, XNS, and Apollo Domain
VINES
Basic System Services
DECnet
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
TCP/IP Host-Mode Services
VINES
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
VINES
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
LAT
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
VINES
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
LAT
Novell IPX, XNS, and Apollo Domain
Protocol Translation
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Not defined
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
10.2(14) Caveats
This section describes possibly unexpected behavior by Release 10.2(14). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(14).
AppleTalk
•
The interface-specific pre-FDDItalk "allowed" flag is initialized incorrectly, disallowing any FDDI interfaces from hearing neighbors that might be operating in pre-FDDItalk mode. One workaround is to enter the command appletalk pre-fdditalk , which enables reception and recognition of pre-FDDItalk multicast packets for RTMP. [CSCdi21262]
Basic System Services
•Under unknown circumstances, use of SSE switching can cause the router to reload. [CSCdi26395]
•If no tacacs-server hosts are configured, login attempts on lines configured for tacacs login will be rejected. This is different from historical behavior. [CSCdi28420]
•If NTP is configured to send broadcasts on an interface, the interface broadcast address is changed, and then the "ntp broadcast" command is reissued, NTP will transmit multiple broadcast messages. The workaround is to issue a "no ntp broadcast" and then an "ntp broadcast" on the interface. [CSCdi30813]
•The system might reload if the show version EXEC command is performed. The syslog system error message "ALIGN-3-CORRECT" might display before the reload. [CSCdi34937]
•TACACS and extended TACACS (but not TACACS+) occasionally send unsolicited, incorrect packets to the daemon. [CSCdi47622]
•Receive CPUHog error message and traceback data when booting AGS+ router from flash with version 10.3.8 when boot roms are also at 10.3.8 message is as follows %SYS-3-CPUHOG Task ran for 15464 msec (16013/1704), Process = Boot Load,PC = 37E04 -Traceback= 4B0A6 4B914 DAF8 1080 10005EC 100905E router appearsto boot up after error message. This message does not occur on routers that are at boot r [CSCdi49994]
•An SNMP query for tslineSesType does not report any information for lines in async interface mode (for example, SLIP or PPP mode). [CSCdi50645]
EXEC and Configuration Parser
•The lat enable command is accepted on serial interfaces even if the encapsulation set on that interface is known to not support LAT. [CSCdi29158]
•The setup program prompts for the enable secret. It should give you the option of whether you want to use encrypted passwords. [CSCdi34797]
•The debug source error command is undocumented, but is displayed when you issue a debug source ? command. [CSCdi46253]
IBM Connectivity
•Under extremely heavy loads sessions may be dropped between routers performing remote source route bridging with local-ack enabled. The workaround is to ensure that the llc2 ack-delay-time is not set too short. [CSCdi16481]
•Show qllc output does not page according to term length. [CSCdi23957]
•When the host sends a DISC/RD to disconnect the session with a PU, the host-router returns an RR instead of a UA. This caveat happens randomly and infrequently. At the moment it is not known what causes this random behavior. The UA is eventually sent, ususally immediately following the RR, and the session gets disconnected.
The impact on the user is that an error message might be generated by endstations sensitive to the unnecessary RR frame. Otherwise, without a datascope contantly monitoring the line, the frame goes by undetected.
Cisco Systems expects to have this random behavior resolved in the next maintenance release of 10.2. [CSCdi24211]
•Ethernet Type Code 80d5 to Token Ring translation is currently configured by means of the source-bridge enable-80d5 global command. This translation cannot currently be configured on a per interface basis. [CSCdi27426]
•This ddts describes a problem with inaccurate packet input counts in a show interface with local SRB. The problem is resolved by CSCdi27652. [CSCdi27729]
•RSRB peers appear to be in a normal state--open or opening--but no traffic can pass through. Under normal circumstances, opening or closing peers should change the state to open. Once the remote-peer statements are removed and reconfigured, peers become operational. [CSCdi36072]
•Source-route bridging from Token Ring to Fiber Distributed Data Interface (FDDI) environments causes a corrupt frame to be generated on the FDDI ring when an explorer frame is bridged from the Token Ring. The resulting FDDI explorer frame has its MAC address length bit set to indicate 2-byte addressing when, in fact, the frame has a 6-byte address. These frames are misread by other stations on the FDDI ring. [CSCdi39289]
•I have requested that a knob be added to the code to allow users to specify using hexadecimal in their configs and show commands instead of always using decimal. This would allow the "show source" command to display the ring numbers in hex not decimal. [CSCdi43869]
•Logical Link Control, type 2 (LLC2) ping functions do not exist. [CSCdi43876]
Interfaces and Bridging
•Configuring empty access lists for a given transparently bridged protocol on a non-MCI/cBus platform will filter all packets in the given protocol. [CSCdi25526]
•On 7xxx series routers, interfaces configured to use the Silicon Switching feature may under-count input bytes. [CSCdi32500]
•A system reload occurs with autonomous ciscoBus bridging enabled on a Cisco 7000 router that is running Release 10.2(6) and SP microcode version 10.9. To work around, run fast ciscoBus bridging or upgrade to a later version of Release 10.2 that includes SP microcode version 10.12. [CSCdi36643]
•A large number of packets are dropped on T1 links on Cisco 7000 series routers. [CSCdi37512]
•The path-cost configured for an interface is not recomputed when changing the spanning tree protocol from dec to ieee. The workaround is to: no bridge 1 protocol dec bridge 1 protocol ieee And reconfigure path-costs for each interface. [CSCdi42144]
•When doing an OIR on any IP with ciscoBus bridging configured, autonomous bridging falls into the suppressed state when the OIR insert is complete. You can view this from the output of a show span command. The workaround is to go into configuration mode and re-enter the bridge-group group number cbus-bridging command on the interface. [CSCdi42330]
•"Traceroute" throught a frame-relay interface might yield multiple ICMP TIME_EXCEEDED return to the originator. [CSCdi43919]
•If a router configured for X.21 and acting as a data terminal equipment (DTE) device sets Control to OFF for any reason (such as interface resets) and frames exist on the Transmit circuit, the data communications equipment (DCE) device might go into a loop 2 or loop 3 condition. When X.21 is configured, the DTE device should not send any data if Control is set to OFF. [CSCdi45512]
•If the customer is seeing problems on a ring that are causing a interface reset we can minimize the problem by raising the keepalive interval. They still need to address conditions on the ring as it is affecting traffic truput. [CSCdi46667]
•If a serial interface is set to loopback via a hardware signal, the interface will remain in loopback until the hardware signal is dropped and a no loopback interface configuration command is issued. [CSCdi47768]
•When the user types the command "show controller tokenring ..." the values of the following 10 'since last reboot' error counters may be less than the actual counts:
Internal controller counts:
line errors: 0/1309, internal errors: 0/0 ^^^^ ^ burst errors: 0/11224, ari/fci errors: 0/0 ^^^^^ ^ abort errors: 0/0, lost frame: 0/2 ^ ^ copy errors: 0/0, rcvr congestion: 0/0 ^ ^ token errors: 0/16575, frequency errors: 0/0 ^^^^^ ^ [CSCdi62392]
IP Routing Protocols
•BGP autonomous system path filters are not working. [CSCdi23857]
•Responses to RIP queries do not honor IP split horizon rules. [CSCdi30060]
•The current procedure for multiple DNS servers is to scan all domain entries for the first server in the list before moving on to the next server in the list.
The DNS lookup order should be changed to scan through the DNS server list using the first domain-list entry and the search should continue with other domain-list entries only if one server of the list replies 'does not exist' and that new search should continue starting with the server that replied. This is both for performance reasons and to avoid that an IP address be used for x.ULG.AC.BE when one exists for x.DIALUP.ULG.AC.BE. [CSCdi33643]
•IP packets sent to the Hot Standby Router Protocol (HSRP) virtual MAC address are not received if the packet is Subnetwork Access Protocol (SNAP)-encapsulated and the receiving interface is part of the ciscoBus or Switch Processor (SP) complex. [CSCdi39274]
•When transparent bridging is configured on interfaces with HSRP, IP packets destined for the HSRP virtual MAC address may accidently be routed by systems that are not in the HSRP active state, thus causing IP packet replication. Specifically, this problem occurs if the same HSRP group number is shared by multiple LAN segments that are being bridged together. This problem does not exist on high-end systems (7xxx, AGS).
A workaround is to make sure to use different HSRP group numbers on the LAN segments that are being bridged together. [CSCdi48154]
•HSRP timers does not fall back to its default even after removing the configured timers value. [CSCdi48433]
•CSCdi25494 resulted in the disabling of DNS reverse name lookups in the "Configured from console" messages when performed via a vty (telnet) session. [CSCdi51019]
•When you issue a debug ip packet command on a router via Telnet, some of the information may be lost if the device that is the source of the packets also Telnets into the router and does a terminal monitor. [CSCdi70218]
•IP packets might be accepted on an interface that is not configured for IP when an IP directed broadcast is input on that interface. [CSCdi72982]
ISO CLNS
•When CLNS is enabled or disable on an interface, the interface is reset in-order to add the multi-cast address. This will make the Fddi, token-ring and BRI interface to go down momentarily. [CSCdi24599]
Novell IPX, XNS, and Apollo Domain
•In contradiction to IPX-EIGRP, RSUP has no concept of autonomous system, i.e. all SAPs are 'shared' by the system. There's no difference between SAPs coming in from one AS and those coming in from another AS.
This also means that SAP updates are sent to all IPX-EIGRP neighbors, regardless of the AS to which these neighbors belong to. This way, SAP updates are injected into other ASs while the routes to the services in these SAP updates aren't.
The result is a lot of useless SAP traffic going to the IPX-EIGRP neighbors of other ASs and a bunch of unreachable services in the SAP tables of these neighbors. [CSCdi50611]
TCP/IP Host-Mode Services
•In TCP connections initiated from a VTY (via protocol translation, for example), local port numbers may be reused more quickly than a server can accomodate, which can reduce transaction rate. [CSCdi51617]
TN3270
•A ttycap entry with two colons in a row or a colon at the end of one line and the beginning of the next will fail to be interpreted correctly. [CSCdi27822]
Wide-Area Networking
•Under unusual circumstances X.25 addresses may be improperly encoded. [CSCdi16601]
•When using the command ppp authentication pap, and a invalid user logs on, the message returned will be no name received to authenticate. This can be confusing by implying that no message was actually sent. [CSCdi24023]
•When multiple x25 route commands are used for the same X.121 address to multiple interfaces, a no x25 route command removes the first entry in the list matching the X.121 address. [CSCdi24391]
•IPX is not classified correctly by the SP when using NLPID encapsulation on an AIP. This causes fast switching and autonomous switching of IPX over NLPID to fail. Process switching of IPX over NLPID works correctly. This situation has been corrected as of version 10.6 of the SP microcode. [CSCdi24518]
•In some situations, the host router will give no indication that the remote Cisco 1000 has been power cycled or has rebooted. If you want to ensure that the host router's serial line protocol is successful in noticing that the Cisco 1000 has rebooted, configure a keepalive interval of less than 5 seconds on the host router serial interface which is connected to the remote Cisco 1000. [CSCdi26483]
•Async SLIP or PPP connections started up without a /routing switch may still get routing updates from some protocols like IGRP or IPX RIP. [CSCdi26831]
•When using bandwidth on demand on an ISDN interface, the connected time may not be correct for one of the B channels. [CSCdi27410]
•Incorrect circuit states are reported using the show pvc command when the frame-relay interface-dlci is applied to an interface instead of a subinterface. Additional interface mapping command(s) are required to make the circuit active for data transmission. [CSCdi27640]
•When doing a show dialer on a BRI that is part of a rotary group, the rotary group number displayed is the index of the BRI, not the rotary group number. [CSCdi28507]
•For the x25 pvc , need a xot-source option to specify the source address so that the pvc can switch over to a dial backup interface if the primary link is no longer valid. [CSCdi34950]
•Combining a synchronous serial interface in a rotary dialer with BRI interfaces does not follow the bandwidth-on-demand load-sharing model. [CSCdi37048]
•X.25 encapsulation of CLNS that specify use of the SNAP encoding method will generate a protocol identification value that is not interoperable. [CSCdi38553]
•"Show Interface Async" does not reflect DTR pulse time if pulse-time is configured on interface at "pulse-time 0".
Also, default pulse time on ansync interface is 5 if it is not configured. If pulse time is configured then removed via "no pulse-time", the default is set to 0 rather than 5.
Also, a write terminal does not reflect that a dialer interface has been confgired with the "pulse-time" command.
Also, if a dialer interface is configured with the"pulse-time" command, any async interfaces which belong to that dialer interface may or may not be affected by the pulse time value configured on the dialer interface. If the async interface is configured with the default pulse time of 5, that interface will not be affected by any changes made to the dialer interface via the 'pulse-time' command. If the async interface is configured with any pulse time value other than 5, it will be affected by pulse time changes made to its dialer interface. [CSCdi61506]
•request to change the current behaviour of resetting DTE originated cause codes >127 to 00 whilst switching X25. [CSCdj03489]
10.2(13) Caveats/10.2(14) Modifications
This section describes possibly unexpected behavior by Release 10.2(13). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(13). For additional caveats applicable to Release 10.2(13), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(14).
Basic System Services
•Added the following images for CIP2 support:
10.2 - gs7-k2 gs7-p2 10.3 - gs7-k2 gs7-p2 rsp-k2 rsp-p2 11.0 - gs7-k2-mz gs7-p2-mz gs7-ak2-mz rsp-k2-mz rsp-ak2-mz rsp-p2-mz
CIP2 is a new hardware version that requires one of the previously listed images for a particular release of IOS. [CSCdi61227]
EXEC and Configuration Parser
•The envm polling has been added. It is enabled by default, which means that the CSC/4 polls the ENVM for stats every 10 minutes. When enabled, if you issue a show environment all command from the enable prompt, the current statistics are displayed. If you configure the no envm polling command, the CSC/4 no longer polls the ENVM for stats. When disabled, if you issue a show environment all command from the enable prompt, the last set of statistics is displayed. If you save the no envm polling command in the configuration and then boot the router, the show environment all command displays a message indicating that no statistics have been collected. This command is being added only as a temporary fix for CSCdi33910. [CSCdi61554]
IBM Connectivity
•When automatic spanning tree (AST) is configured on multiple routers in a high-redundancy topology, a bridge protocol data unit (BPDU) broadcast storm might be triggered. [CSCdi41851]
•In a parallel SDLLC network, the ACTPU RSP is never received by the host. [CSCdi55142]
•Directed source-route bridge frames with control field of 010 instead of the more usual 010.The architecture supports a control field of 0XX for nonbroadcast frames so this appears to be a bug. [CSCdi59100]
•LNM Resync command does not work with 10.3(10.2) on 7000 if the router is configured for IBM automatic spanning tree support. [CSCdi59890]
IP Routing Protocols
•Deconfiguring an IP output access-group on a subinterface causes the IP output access-list checks to be disabled for other subinterfaces of the same hardware interface. [CSCdi60685]
Novell IPX, XNS, and Apollo Domain
•Service names with embedded spaces or special characters will not get saved properly in SAP filters, they will be accepted on input but will generate an error when the system is reloaded and the access list is read from non volatile memory. [CSCdi59557]
VINES
•SNAP is the default vines encapsulation on a LAN Extender interface while VINES servers and clients on Ethernet support ARPA. This discrepancy causes network connectivity problem when remote LAN is connected to a core router via LAN Extender. Now the VINES router defaults to ARPA on a LEX interface and either ARPA or SNAP can be configured on LEX interfaces. [CSCdi57934]
•VINES Sequenced RTP (SRTP) broadcasts an RTP update with metric 0xFFFF when a existing route ages out. This is an implicit RTP request. Upon receipt of a route with metric 0xFFFF, all routers, if they know better routes, immediately generate an RTP update to the originator. However, the originator ignores these RTP updates from neighbor routers if the sequence number is older than that of the route just aged out, thus losing the route. This caveat was introduced in 10.2(11.4), 10.3(9.2), 11.0(5.2) and 11.1(1.4). The correct router behavior is to accept any route information when the route is in garbage collection state. [CSCdi58038]
10.2(12) Caveats/10.2(13) Modifications
This section describes possibly unexpected behavior by Release 10.2(12). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(12). For additional caveats applicable to Release 10.2(12), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(13).
Basic System Services
•According to documentation and online help, it's not possible to increase the queue size of output queue 0. [CSCdi50233]
•Under certain circumstances, the "IP SNMP" process can consume almost all of the CPU resources, starving other processes and causing erratic behavior in the device. The most obvious symptom is the loss of TCP connections to the device. The most likely cause of the problem is a flurry of SNMP requests being sent to the device in a short period of time, retrieving large amounts of data. This behavior is usually associated with network auto-discovery mechanisms which retrieve the device's entire ARP cache and IP routing table on a periodic basis. The problem is exacerbated by the fact that some network management applications, by default, perform auto-discovery as often as every five minutes.
A partial work-around is to identify those devices which are performing auto-discovery, and modify their default behavior so that they perform auto-discover on a less frequent basis, if at all.
The permanent solution is to lower the priority of the "IP SNMP" process so that it doesn't starve other processes in the system. [CSCdi50399]
•Enable debug sanity on a rsrb router which also has a heavy load of messages that destine to the Ring Error Monitor on the local token ring, can crash the router. [CSCdi51776]
•Memory allocated at system initialization time is displayed as belonging to the "*Dead*" process when a show process memory command is issued. This memory should be displayed as belonging to "*Init*" instead. There is no workaround. [CSCdi53190]
•The cisco implementation of the SNMPv2 Simplified Security Conventions was based on the following IETF Internet Drafts: draft-waldbusser-conventions-00.txt, draft-waldbusser-ssecimpl-00.txt, and draft-waldbusser-ssecov-00.txt. These were later obsoleted by the following documents: draft-waldbusser-conventions-01.txt, draft-waldbusser-ssecimpl-01.txt, and draft-waldbusser-ssecov-01.txt.
Since the differences between the -00 and -01 versions were never incorporated, and since the -01 documents have been expired by the IETF, and since the SNMPv2 party-based model (RFCs 1445-1447) that these documents rely upon has been relegated to historic status by the IETF, support for the Simplified Security Conventions will be removed from all software images.
This is the first step in replacing all support for party-based SNMP with support for SNMPv2C as outlined in RFCs 1901-1908, as well as supporting any new secure SNMP standard produced by the IETF. [CSCdi53343]
•A memory leak can occur that is related to the traffic rate and the TCP process. This leak is difficult to reproduce, but can be identified by an input queue wedge on a router configured for RSRB with TCP encapsulation. The output of a show buffer command indicates memory errors. Other symptoms include small buffers being created but not trimmed, and explorers being received with a wrong SNAP type value. [CSCdi54739]
•The 32mb memory option on the 4000m splits memory up into 2 discontiguous chunks. This breaks the uncompress routine which expects memory to be contiguous as well as making the upper 16Mb of memory inaccessible. The memory test also fails to recognize the 2 chunks. [CSCdi55171]
•If you are running SNMP and have more than approximately 512 interface addresses, you may get the following error messages:
% Maximum number of parties reached. % Memory allocation failure
You can ignore this if you are not using SNMPv2 and parties. [CSCdi57672]
DECnet
•This is a feature request to have support for DEC MOP over Frame Relay implemented. [CSCdi49406]
IBM Connectivity
•Reverse QLLC will only allow one active PU. The router will cache only one PU MAC address at a time. [CSCdi38186]
•In extremely rare circumstances, the router may crashed while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]
•When a Synchronous Data Link Control (SDLC) device is reloaded, the connection is not automatically reestablished. To reestablish the connection, issue the configuration commands shut and no shut. [CSCdi42369]
•When configuring for RSRB via direct encapsulation router will continue to reboot while the remote router is sending keepalives. If the connectoin is broken between router , or the remote router determins the link to be dead, the router will come u [CSCdi45949]
•An incorrect timer reference causes explorer frames to be flushed on interfaces, even when the maximum data rate for explorers on the interface is not exceeded. [CSCdi47456]
•NETBIOS name recognized frames are now filtered by NETBIOS access-lists as a result of CSCdi36649. This can break some applications and needs to be optional. [CSCdi49101]
•Low-end platforms cache invalid RIF entries when using any form of the multiring command. This problem can also be seen in the DLSw reachability cache and with possible loops with LNM. [CSCdi50344]
•IOS 10.2 may fail to forward explorers incoming from RSRB to the local token Ring of low-end platforms. [CSCdi50509]
•When the command fst is used with RSRB, the router might suffer performance degradation and display the console message: SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=xxxxxx, count=0 -Traceback=xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx [CSCdi50997]
•Applying a source-bridge output-lsap-list to a Token Ring interface when source-bridge explorer-fastswitch is enabled may cause packets permitted by the output-lsap-list to be dropped. The workaround is no source-bridge explorer-fastswitch. [CSCdi51754]
•On any interface defined as encapsulation sdlc, attempting to add an SDLC address lower than all SDLC addresses already defined on the interface will cause the SDLC address poll chain on the interface to become corrupted, resulting in one or more SDLC-attached devices not being polled. Workaround to this problem is to either reload the router, or remove the SDLC address definitions and re-add them in ascending order of addresses. [CSCdi53646]
•In some mixed vendor bridge environments, Automatic Spanning Tree may not become active if the Cisco platform is the root bridge. The message-age-increment option is now available as part of the source-bridge spanning command to assist with the message age count manipulation. This hidden command may be needed when the existing MAXAGE value is insufficient for network diameter and the maximium age is not configurable by the vendor bridges. [CSCdi53651]
•The LAN Network Manager (LNM) fails to link to the router's source bridge after the Token Ring interface is shut down on the remote router. The show lnm bridge command continues to display Active Link to the LNM. This problem does not occur when bridges are linked locally to the LNM. The workaround is to remove the source-bridge command from the Token Ring interface and configure it back in. [CSCdi53954]
•A Sniffer trace shows duplicate ring numbers in the RIF when proxy explorers are in use. New SNA sessions fail to connect to the FEP. The workaround is to issue the clear rif command. [CSCdi55032]
•no source-bridge remote-peer may cause the router to reload. This has been rarely observed. [CSCdi55919]
•Spurious accesses when source-bridge proxy-explorer configured. [CSCdi56744]
Interfaces and Bridging
•Turning on ipx route-cache sse with microcode version SSP10-12 or SSP10-13 produces a mismatch between the frame length on odd-byte 802.3 IPX packets and the 802.3 length. Novell devices might not recognize these packets, resulting in communication timeouts.
The following three workarounds can be used:
-- Turn off padding on process-switched packets via the command: no ipx pad-process-switched-packets
-- Configure the router for Autonomous Switching instead of SSE switching via the commands: no ipx route-cache sse ipx route-cache cbus
-- Turn off SSE switching: no ipx route-cache sse [CSCdi42802]
•When a Cisco 7000 router Ethernet interface is the root of a spanning tree and UDP flooding is configured with turbo flooding, packet loops occur. The workaround is to disable turbo flooding. [CSCdi45659]
•%LINK-4-NOMAC: A random default MAC address ... error message is issued at router reload when the FIP is the only LAN interface (no EIP nor TRIP). This may lead to some issues whe transparent bridging is configured as two routers with similar configuration on the same FDDI ring running 10.2 may end up using the same default-mac-addr and same Bridge Identifier. The duplicate default-mac-addr value may impact IPX and XNS as well. [CSCdi49616]
•Bridging of ipx raw between ethernet and fddi on 4500 does not work in 10.2 for unicast packets. With 11.1 the problem appear for both unicast and broadcasts. 7000 bridging of ipx raw is correct for 10.2 (11.1 untested). [CSCdi53363]
•SABME (for Netbios) are not correctly bridged from FDDI to serial lines (using HDLC encap). The bridging of SABME from fddi to ether and reverse is Ok. The problem appears in 10.2, 10.3, 11.0 and 11.1. [CSCdi58733]
IP Routing Protocols
•There is a small delay between the time OSPF marks a LSA as deleted and the time the LSA is actually removed. Within this small window, if OSPF receives an old copy of the LSA which has a higher sequence number, probably from some new neighbors through database exchange, OSPF will be confused and not able to remove the LSA. Customer will observe self-originated LSA stuck in the database. The stucked LSA would be removed automatically when the router regenerate a new instance of the LSA. This fix resolves the problem for 10.2 and later releases. [CSCdi48102]
•Packet corruption might occur when fast-switching IP packets from ATM interfaces to Token Ring interfaces configured with the multiring command. [CSCdi49734]
•Regular expressions longer than 59 characters in the ip as-path access-list configuration command will cause the router to reload. [CSCdi53503]
•The error message DUAL-3-SIA may occasionally appear when route flapping occurs in a meshed EIGRP topology. The EIGRP neighgour sourcing the flapped route is reset and routing resumes. [CSCdi54781]
•After a reload EIGRP does not redistribute static routes which are not directly connected. i.e. static routes pointing to a destination beyond another EIGRP router. The workaround is to reconfigure such static routes. [CSCdi57743]
ISO CLNS
•When using RFC1490 encapsulation for OSI protocols, the system inserts an extra byte into the header. When communication is between two Cisco devices, Cisco encapsulation can be used to work around this problem. [CSCdi40775]
•ISO-IGRP fails to install parallel routes into the CLNS prefix table under certain conditions. [CSCdi50714]
•Issuing a CLNS ping to one of the router's own address will cause the router to reload if debug clns packet is on. The workaround is to not have this particular debug on if you need to ping to one of the router's own addresses. [CSCdi50789]
•Between two 4500 routers, one running decnet and clns, and the other decnet, ipx, and clns. Each would display the same message as follows, and the other would reload shortly thereafter.
ALIGN-3-SPURIOUS: Spurious memory access made at 0x60144260 reading 0x0
This bug is a duplicate of CSCdi36048, which was fixed for 10.3 and later. [CSCdi52421]
•When the extended option of CLNS ping is used, one of the options that can be specified is the source NSAP that is to be used in the ping packet.
The ping command does not accept any NSAP (for the source NSAP) other than the default value (i.e. the sender's own NSAP). [CSCdi54904]
Novell IPX, XNS, and Apollo Domain
•An IPX ping sent from a router to it's own ethernet IPX address does not report successful echo on the low end routers. [CSCdi35609]
•The ipx interface values of rip and sap triggered delays will get change after a system relaod if you have a global ipx default output rip/sap delay configured. [CSCdi51038]
•RIP format error counter is displayed twice on the show ipx traffice screen. [CSCdi53167]
VINES
•VINES SRTP on serverless segements running Release 10.3(8) do not send the redirect to the correct network number (layer 3) address. The workaround is to turn off VINES redirects on the serverless segment interface. A sniffer trace of this packet will show an "abnormal end of Vines SRTP." [CSCdi50536]
•Vines recompute does the same calculations as enalbing VINES routing. It should do some different calculations to come up with a different network number. This gives the potential of routers with different mac addresses calculating the same network addresses. The work around is to manually enter a unique address on your network. [CSCdi51823]
Wide-Area Networking
•Removing a TRIP card and replacing it with a MIP card in the same slot of a 7000 will cause memory allocation errors. [CSCdi24243]
•A Cisco 4000 series router with ISDN BRI interfaces can run out of timer blocks and crash. Use the show isdn memory command to see if memory is not being freed. [CSCdi47302]
•In some failed CHAT script operations over asynchronous interfaces, a reload might occur during later operations because data was left in an inconsistent state. [CSCdi47460]
•Groups of 4 ports on Cisco 2511 may have DSR behaving in unison on a single stimulus. Reloading the router is the only workaround. [CSCdi49127]
•Router will crash sometimes, if you try to initialize the administratively down AIP interface.
The bug has been resolved in 10.2(11.5).
If an AIP is hotswapped into the router, then it is a guaranteed crash when doing a "no shut" on the new interface. [CSCdi50225]
•$IGNORE
routine microcode upgrade. *MAY* fix some port hang bugs, not sure. [CSCdi52571]
10.2(11) Caveats/10.2(12) Modifications
This section describes possibly unexpected behavior by Release 10.2(11). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(11). For additional caveats applicable to Release 10.2(11), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(12).
AppleTalk
•ZIP Queries may unexpectedly not be sent to a neighbor if that neighbor has been up for more than approximately 3 weeks. The symptom can be seen by doing "show apple route" and "no zone set" are seen in the routing entries. [CSCdi42908]
•AppleTalk Transaction Protocol (ATP) packets might be incorrectly sent to a multicast address instead of a unicast address. This can cause problems such as the inability to login to an AppleTalk server. [CSCdi44145]
•Due to the bug in the low end fastswitching code, the 802.3 header will contain a wrong length when small packets (less than 60 bytes) are fastswitched on the ethernet media. [CSCdi45581]
•AT eigrp doesn't update fast cache entries when eigrp routes go away. Therefore, it is possible that the fast cache may contain invalid entries when running AT eigrp. This fix corrects this problem by invalidating the fast cache entries when eigrp routes go away. [CSCdi46975]
Basic System Services
•If a "show config" and a "wr mem" are done simultaneously, there is a window whereby the system can crash because the NVRAM gets write- protected from under the "wr mem" operation. This causes the box to reload continuously. [CSCdi40434]
•When configuring a new protocol to be routed, the router will bring down existing ISDN connections. Examples are "ipx routing" or "no vines routing". This is an inconvenience when telnetted into the router over ISDN to configure another protocol. [CSCdi42391]
•Available memory will slowly decrease on a router that is bridging IP and that has more than one interface with the same IP address. [CSCdi44023]
•Polling the following Management Information Base (MIB) variable causes the Cisco 7000 router's CPU utilization to exceed 90 percent: .iso.org.dod.internet.private.enterprises.cisco.local.linterfaces. lifTable.lifEntry.locIfOutputQueueDrops [CSCdi45961]
•When querying the variable dot1dBaseBridgeAddress from rfcs 1286 and 1493, the value ffffffffffff is returned rather than a unique identifier for the router.
This will cause the discovery mechanism of IBM bridge management software (Lan Network Manager for AIX) to fail against Cisco Routers. [CSCdi46677]
•If an NTP packet is sent to one of a system's secondary addresses, the system will reply with the primary address of the outgoing interface in the source address field.
There is no workaround to this problem. [CSCdi47415]
DECnet
•DECnet Phase IV-to-Phase V conversion might introduce incorrect area routes into the ISO Interior Gateway Routing Protocol (IGRP), if there are DECnet L2 routes on the DECnet side. These area routes show up as "AA00" and are propagated to other routers. [CSCdi47315]
EXEC and Configuration Parser
•If you configure a nondefault Fiber Distributed Data Interface (FDDI) transmission time and save the fddi valid-transmission-time to nonvolatile random-access memory (NVRAM), the system will reload when the boot monitor reads the command from NVRAM at boot time. If a nondefault time is required, the workaround is to boot that portion of the configuration using the boot host command. [CSCdi37664]
IBM Connectivity
•Some token ring packets that are parsed can end up with the RIF field aligned on an odd byte boundary, causing this message %ALIGN-3-CORRECT. [CSCdi35413]
•Mis-aligned routing information field in SRB packets cause an error message to be displayed. This error message is only seen on routers with MIPS processors (4500, 4700, 7500). [CSCdi36169]
•If the router receives an LLC2 XID packet destined for an X.25 connection (QLLC) that is not yet established, it will drop the packet instead of buffering it until the X.25 connection completes. This behavior will cause connection problems for devices that do not automatically retry and resend the XID pacet. [CSCdi36695]
•You have to configure access-expression on an interface before adding source- bridge input-lsap-list; you get the error: EXPR: access-expression must be specified alone on interface in the opposite order. [CSCdi37685]
•When router is configured with SRB/RSRB it may experience loss of memory. [CSCdi40888]
•When source-route transparent (SRT) bridging is configured on the router, calls to management functions that are related to source-route bridging (SRB) might not work correctly. [CSCdi42298]
•When a front-end processor (FEP) initiates a Qualified Logical Link Control (QLLC) connection, a virtual circuit is established, but the exchange identification (XID) negotiation never proceeds to completion. The router sends XID responses as commands, rather than as responses. [CSCdi44435]
•A router might crash if running QLLC and using remote source-route bridging (RSRB) over a serial line to provide the Logical Link Control, type 2 (LLC2) connection from QLLC to an end station or host. The crash only occurs if multiple changes are made to the encapsulation type on the RSRB serial line. [CSCdi45231]
•When configuring more than 2 interfaces in a ring group, where the interfaces are bridged into the ring group using different bridge numbers, explorers would not be forwarded out all the interfaces in the ring group. [CSCdi45373]
•If a router receives a source-route bridging (SRB) packet with bit 2 of the routing control field set, the router might send back a bridge path trace report frame to a group address, instead of to the source of the original frame. This can cause congestion. [CSCdi47561]
Interfaces and Bridging
•Mis-alligned packets causing %ALIGN-3-CORRECT messages in a token ring environment. [CSCdi35920]
•On a Cisco 4500 router, if you issue the no shutdown command on a Fiber Distributed Data Interface (FDDI) interface, the router will reboot. [CSCdi42429]
•A Cisco 7000 series router configured with a Silicon Switch Processor (SSP) might sporadically reload when main memory is low. [CSCdi43446]
•When a Cisco 2500 runs X.25 over the B channel of a Basic Rate Interface (BRI), it sends the idle character 0xFF (mark) instead of the idle character 0x7E (flag). X.25 requires flags, not marks, for the idle character. [CSCdi44262]
•When bridging is configured on interfaces not capable of silicon switching engine (SSE) bridging, then SSE bridging for all interfaces on the router is disabled. The workaround is to use cBus bridging. [CSCdi45124]
IP Routing Protocols
•In a Cisco 7000 series router, when Open Shortest Path First (OSPF) is configured, an interface cost is not automatically assigned to the CIP interface. To work around this problem, configure the subinterface command ip ospf cost cost(noCmdArg> to statically assign a cost to the interface. [CSCdi42163]
•A system running OSPF might reload when configuring a controller T1 with a channel-group time-slot assignment. [CSCdi43083]
•Attempts to route Internetwork Packet Exchange (IPX) packets by Routing Information Protocol (RIP) or by Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) might fail on primary serial interfaces. Failure can occur when the subinterfaces were configured for IPX routing before their primary interface was. [CSCdi44144]
•OSPF tries to delete MAXAGE LSA when no delete bit is set. This results in a slower convergence. It can be seen under 'debug ip ospf events'. [CSCdi44588]
•If the area id of the network command for ospf is changed on network statment. The subnet in that network statment still remains with the old area ID in ospf database. Unless you do "no network" statment first with the old area id first, and then add the new network statment with the new area id. [CSCdi44966]
•Enhanced IGRP might announce IP summary routes that have the metric value set too high. This can make the applicable networks unreachable. [CSCdi46290]
•If there is a gateway of last resort in the routing table, packets that should be forwarded to a helper address are instead send out the interface to the gateway of last resort. The destination ip address is filled in with 0.0.0.0 in the packet header. If there is no gateway of last resort, this problem should not occur.
There is no workaround for this problem. [CSCdi48312]
ISO CLNS
•ISO Interior Gateway Routing Protocol (IGRP) will not work when interoperating between Motorola processor-based Cisco routers (older routers such as MGS, AGS+, or Cisco 7000) and millions of instructions per second (mips) processor-based Cisco routers (later routers such as the Cisco 4500, 4700, or 7500). [CSCdi44688]
•When ISO-IGRP is running on a router, and a CLNS default route is configured, the ISO-IGRP routing table entry corresponding to the local entry shows "*Unknown SNPA*", instead of the usual "--".
This is purely cosmetic in nature, and has no impact on CLNS routing functionality. [CSCdi47322]
•ISIS fails to install more then one Level2 route in the CLNS routing table, when there are multiple equal-cost paths to the other area available. As a result there is no CLNS loadbalancing for destinations in another area. [CSCdi48162]
•When DECnet IV/V conversion is on, and the Phase V protocol is ISIS, ISIS adjacencies in the adjacency data base can end up with an adjacency format of "Phase IV".
This can happen if a DECnet IV hello was received first, in which case DECnet creates a Phase V adjacency in the adjacency data base, and marks it as "Phase IV". When the ISIS hello comes in a little later, ISIS fails to modify the adjacency format to be "Phase V".
A snippet of a display from the customer's router is attached below:
KCCR01# sh clns is
System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase IV ...
Clearing the table and re-issuing the "show" command shows:
KCCR01# sh clns is
System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase V
Basically, the problem will show up when the DECnet hello comes in first. [CSCdi48461]
Novell IPX, XNS, and Apollo Domain
•When issuing the interface subcommand "ipx sap-incremental eigrp (AS) rsup-only" for a second EIGRP Autonomous System (AS), an additional "ipx sap-incremental eigrp (AS) rsup-only" command is added to the configuration for the first EIGRP AS automatically. [CSCdi37965]
•When using subinterfaces and multiple IPX encapsulations it is necessary to use either the "ipx network x encap y" form of the ipx network command or to put the ipx encapsulaiton novell-ether as the last subinterface.
If one uses the "ipx network x" and "ipx encapsulation y" form, that is two commands, and the first interface configured in for encapsulation novell-ether then the second interface will complain about encapsulation already in use.
This can be a problem if the subinterface was configured in the following manner in configuration editor:
interface ether 1.3 ipx encap sap ipx network 777
The system will accept this and this will function normally until the next system reload/power-off/on at which time the ipx network 777 will produce an error message and not be accepted. [CSCdi38803]
•Static SAP command should write to non-volatile memory the quoted string to allow embedded spaces.
example: ipx sap 4 "Silly ServerName" 1.0000.0000.0001 453 3 currently is written to NVM as ipx sap 4 Silly ServerName 1.0000.0000.0001 453 3
upon system reload an error is generated for the static sap. [CSCdi45662]
•If ipx sap-incremental is configured, a router might end up with fewer service access point (SAP) entries than actually exist if the interface goes down and then comes back up. This problem occurs more often when there are many SAP entries in the network environment. [CSCdi46224]
•the configuration of ipx delay to set a ticks value for an interface allows too large a value, the current range is 0 thru 1000000, the maximum value should be 65535. [CSCdi47086]
•Debug ipx sap activity fails to display output SAP packet details. [CSCdi47410]
•When debugging ipx sap events debugging is displayed for failure to forward packets which are not sap packets. [CSCdi47413]
•The ipx accounting command does not get removed after no ipx routing is configured. The workaround is to issue no ipx accounting command before disabling routing. [CSCdi48651]
•On 4500 systems using token ring IPX SNAP encapsulation can produce alignment warning message. [CSCdi49352]
•When an Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) route is advertised back into Routing Information Protocol (RIP), the delay within the Enhanced IGRP cloud is not properly taken into account in the tics metric value of the route when it is redistributed into RIP. The RIP advertised route might then look closer than it really is. [CSCdi49360]
•If IPX Enhanced IGRP is running, the following command sequence might cause the router to reload: interface serial no ipx network no ipx routing [CSCdi49577]
TCP/IP Host-Mode Services
•On a Cisco AGS+ router or Cisco 7000 router, if ip tcp header-compression is turned on for Fiber Distributed Data Interface (FDDI) or serial interfaces, the following error message might display: %LINK-3-TOOBIG: Interface Serialxx, Output packet size of 1528 bytes too big [CSCdi38666]
•If an IP helper-address is configured on an interface, the router will fail to forward directed broadcasts sent to a MAC broadcast address. [CSCdi47639]
VINES
•VINES servers located downstream might unexpectedly lose routes that were learned via Sequenced Routing Update Protocol (SRTP). This behavior results from improper handling of network sequences numbers by the system. Issuing a clear vines neighbor or disabling SRTP are suggested workarounds. [CSCdi45774]
•The commands vines time set-system and vines time use-system can be configured simultaneously. These commands should be mutually exclusive. [CSCdi45962]
•A Cisco router reloads when it receives incorrectly formatted Interprocess Communications Protocol (IPC) packets from the VINES application software Streetprint. The VINES IPC length field should contain the number of bytes that follow the long IPC header in a data packet, but Streetprint incorrectly sets the IPC length in each IPC message to the total number of bytes of all IPC messages. [CSCdi47766]
•If a Vines-configured serial interface is down, then a small-buffer memory will occur. This leak will occur for as long as Vines is configured on the interface, or as long as the interface is down. [CSCdi48180]
•Vines clients using Bluemail get the message "time not available" on serverless segments connected to a 4500 or a 4700. The only workaround is putting a Vines file server on the segment. [CSCdi48247]
•Lost connectivity to Vines server co-incides with appearance of Align-3 message on console. Router is configured for Vines SRTP routing. SH ALIGN reports a number of spurious memory access errors pointing to the same SRTP procedures. [CSCdi48252]
•A simple vines access list (in the range 200-299) is used to filter time updates. This should be applied with the global configuration command vines time access-group 2xx.
The parser incorrectly accepts the interface configuration command vines access-group 2xx which can yield unexpected results.
The workaround is to use the correct configuration as specified in the "Router Products Configuration Guide". The example in the "Router Products Command Reference" under the vines access-list (simple) is incorrect up to and including the 11.0 documentation. [CSCdi49568]
Wide-Area Networking
•If a PPP NCP is shutdown (due to line problems, for example), the NCP will not renegotiate unless the LCP is recycled. A manifestation of this problem is the loss of the DECNET protocol between a Cisco and non-Cisco router when the non Cisco router will shut down NCPs but not LCPs when there are line problems. [CSCdi29247]
•When a Cisco 4500 receives a compressed TCP packet over X.25, it might reset the virtual circuit. [CSCdi36886]
•When routing an X.25 call request packet containing a Calling/Called Address Extension facility, sometimes the Calling/Called Address Extension facility is inadvertently modified. [CSCdi41580]
•Basic Rate Interface (BRI) interfaces might stop placing calls after a period of normal operation. To re-enable the interface, you must reload the router. [CSCdi42098]
•ISDN interfaces on an MBRI card might stop functioning, if the following error message is reported: "%SYS-3-HARIKARI: Process ISDN top-level routine exited..." To restart ISDN, reload the router. [CSCdi42578]
•With encap lapb or encap X25 configured, sometimes the command lapb N1 xxx disappears from the working configuration and N-1 falls back to the default. This problem is most likely to occur after an interface reset or a reload. [CSCdi44422]
•On reload an X.25 interface can enter the 'protocol up' state before all of the interface's configuration commands have been processed. This can cause problems if the X.25 configuration includes commands that will not take effect while the protocol is up (i.e. modulo, default window and packet sizes and the VC range parameters).
The symptom of this problem is the printing of 'Parameter held until RESTART' messages while the router image has not completed its startup. In particular, the PVC configuration commands will be refused if commands to modify the default VC ranges are held off. [CSCdi45199]
•When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command. [CSCdi45360]
•Running X.25 Defense Data Network (DDN) encapsulation on a Cisco 2500 serial port might cause the router to reload. This problem appears to be the result of mixing x.25 switching and X.25 DDN. A workaround is to shut down the serial interface. [CSCdi45673]
•Doing a no dialer-list followed by a dialer-list will cause the router to crash and reboot. [CSCdi45951]
•dialer fast-idle configuration command is ineffective on rotaries groups of BRIs or PRIs. [CSCdi46780]
10.2(10) Caveats/10.2(11) Modifications
This section describes possibly unexpected behavior by Release 10.2(10). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(10). For additional caveats applicable to Release 10.2(10), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(11).
AppleTalk
•Issuing the command show appletalk route network, where network is an AppleTalk proxy network, causes the system to halt. [CSCdi44235]
Basic System Services
•When the filenames were prompted for after entering a `copy tftp flash' command, the whitespace was not being stripped off the destination filename (the source filename was being correctly stripped). This resulted in flash filenames with embedded spaces.
The fix involved moving the whitespace stripping to a common function that is called by both the source and destination filename read functions. [CSCdi17352]
•Cisco 2511 running XTACACS does not send an end record (xlogoff) when logging in as a second user id on the same connection. [CSCdi41291]
DECnet
•Decnet Conversion should make validity checks. [CSCdi44859]
IBM Connectivity
•The Cisco 4500 might reload if a TEST (F) or NULL XID (F) is received while the X.25 SVC for the QLLC connection is down. [CSCdi40851]
•The counters for "Processor" and "Route cache" switched packets are incorrect in the "show interface interface-id stats" command output.
When a packet cannot be fast switched using the route cache, the packet must be switched by the processor.
The counters for "Route cache" switched packets are incremented even if the fast switch of a packet fails.
The counters for "Processor" switched packets are incremented correctly. [CSCdi41891]
•SNMP queries of the CIP daughter board MIB table (cipCardDaughterBoardTable) would not return the record if the corresponding CIP interface was not configured with a valid channel device statement.
The SNMP MIB object for the the CIP interface online/offline status (cipCardDtrBrdOnline) was indicating the opposite of the true CIP interface status. [CSCdi41938]
•The Find Name NetBIOS broadcast is sent from the Token Ring interfaces even though the proxy-explorer and NetBIOS name caches are configured on the interface. To workaround, run back-level software. [CSCdi41972]
•Currently the IOS will warn the user if a duplicate bridge is defined in the router. This condition should never be permitted. [CSCdi42740]
•When an SDLLC or QLLC virtual ring is configured, explorers may be incorrectly forwarded to the interface corresponding to the 3rd ring in the routing information field (RIF). [CSCdi43378]
•On low-end systems for a DTE router interface, after a router reload, SDLC packets are identified as HDLC packets by the serial driver until a shut/no shut command is performed for the interface. This causes occassional packet drops without any trace, if the byte pattern happens to match that of other protocols. This can also cause serious performance problems. [CSCdi43686]
•Using the SRB proxy-explorer feature with SRB autonomous switching on FDDI can cause incoming packets to be dropped by the FDDI interface. The work around is to disable the SRB proxy-explorer feature or disable SRB autonomous switching on the FDDI interface. [CSCdi44095]
•When configuring "netbios name-cache timeout", the parser help incorrectly specifies the units as seconds. The actual parameter used and the documentation correctly specify the units as minutes. Any value greater than 35000 for this value is accepted but will give unexpected results. [CSCdi44259]
•SRB bridged packets may be dropped when the router is configured for RSRB direct, and priority/custom queueing is enabled on the output Serial interface. A work-around is to disable priority/custom queueing on the Serial interface. [CSCdi44430]
•When configuring proxy-explorers on an interface that is bridging IPX traffic, the router would detect invalid memory accesses and display the following message:
ALIGN-3-SPURIOUS: Spurious memory access made at 0xnnnnnnnn reading 0x1 [CSCdi45258]
Interfaces and Bridging
•Vines routing updates do not get bridged across token ring token ring interfaces configured for transparent bridging. [CSCdi37413]
•Any protocols that make use of multicast addressed frames (e.g. OSPF, RTMP) may loose its information due to the fact that the FDDI interface may stop receiving multicast addressed frames, which is usually detected only after a couple of hours the system is up and running. [CSCdi38185]
•On a Cisco 4500 router bridging DECnet, certain stations might be unable to establish connectivity over transparent bridging, because some DLC frames are not forwarded when they should be. [CSCdi42690]
•Enabling SSE for IP might cause the system to crash. The workaround is to perform the no ip route-cache sse command. [CSCdi44414]
IP Routing Protocols
•When a standby ip address for HSRP is changed, the new MAC address associated with the IP address will not enter the ARP table until a clear arp is done. In addition, if the standby address is removed from an interface, the arp entry will not be removed and the router may still respond to pings sent to the standby address. [CSCdi26336]
•Eigrp topology table gets into an inconsistent state when using redistribute connected and these connected interfaces are flapping. These connected routes must also be known via the network command. [CSCdi27454]
•When EIGRP split horoizon is disabled on the 7000 PRI interface, the routing updates are not properly sent to the remote routers causing routes to be removed. When split horizon is enabled, routing is OK. [CSCdi32436]
•RIP doesn't immediately flush routes with a higher metric value when better routes are available. [CSCdi37812]
•When multiple routers are configured to aggregate a route which is really a class A network, and one of the neighbors goes down, the other routers flap the aggregated route. [CSCdi43165]
•The count of IP packets which violated an access list but which were not kept because the "Account Threshold" was exceeded is never initialized or reset. As a result, spurious values may be displayed in this field in the output from "show ip accounting access-violations". [CSCdi43342]
ISO CLNS
•When clns routing is enabled on an X.25 serial interface, and you try to statically configure a CLNS IS-NEIGHBOR or CLNS ES-NEIGHBOR before defining the X25 map command, the configurator discards the commands without generating error message. [CSCdi40640]
•When a router has a statically configured ES/IS neighbor, ISO-IGRP fails to advertise them after CmdBold 'clear clns route' noCmdBold. The workaround is to delete and readd the static neighbors. [CSCdi42468]
TCP/IP Host-Mode Services
•IP helper address doesn't work over un-numbered interfaces. [CSCdi43791]
VINES
•When adding a new X.25 map to an existing interface and running VINES with SRTP enabled, the router will request full routing updates from all VCs on the interface, not just the new VC. This can cause high CPU and link utilitization on the affected interface. [CSCdi38892]
•The system may halt unexpectedly after issuing a clear vines neighbor command. [CSCdi42431]
•Under some circumstances, the router will send updates for Vines networks that are not reachable. [CSCdi44038]
•A SRTP update sent in response to a client request for specific networks will omit the last network specified in the request. [CSCdi44517]
•show vines access may unexpectedly halt the system when displaying very long access lists entries. [CSCdi44873]
•TN3270 and TELNET user sessions can be dropped unexpectedly
•Adding more than one dialer-list l protocol p permit/deny configuration commands with the same list number, protocol and permit/deny clause results in as many lines in the configuration file, instead of just one. [CSCdi24793]
•dialer-group and dialer-list should accept range 1-10 instead of 0-9. [CSCdi29641]
•Changing the input or output hold-queues for a BRI interface does not change the individual channel queue depths. [CSCdi32869]
•Ping and telnet fail over an X.25 link configured for transparent bridging. [CSCdi36544] from the Cisco 2509 and Cisco 2511 access server asynchronous ports, because of an inactivity timeout. [CSCdi41542]
•Routers with an ISDN BRI interface might have problems with B channels, or might run out of call control blocks, because B channels might be assigned that are already in use. The router rejects these calls with a "Channel Unacceptable" cause. If the router runs out of call control blocks, severe errors will likely occur. [CSCdi42123]
•The line configruation command modem ri-is-cd is obscurely named. modem dialin should work instead. [CSCdi42491]
•Under unusual circumstances, a LAPB or X.25 interface may cause the router to become unresponsive, requiring it to be reloaded. [CSCdi42803]
•Hardware flow control may be inadvertently disabled on the Cisco 2509, 2510, 2511 and 2512 routers' asynchronous ports after issuing a configure network or a copy tftp running-config command. To restore flow control, issue the line configuration command flowcontrol hardware on all lines. [CSCdi43306]
•ISDN BRI routers connected to a 5ESS switch can have calls fail. This can occur if the line is configured for voice and data. The show isdn memory will show that the number of NLCB blocks has reached it's maximum. [CSCdi44348]
•If the PPP peer attempts to negotiate VJ Header Compression with more than slots than are configured, the router should Nak the IPCP Configure Request and suggest an acceptable slot value. Instead, a malformed IPCP Configure Reject is generated that includes an IPCP Addresses option (Option #1) and a malformed option. The trace of the packet exchange (using 'debug ppp negotiate') also shows a 'bad CI length' message. [CSCdi44404]
•Once the DLCI is assigned to a mulit-point FR port. Thought the DLCI has been removed from the port, it will not be added to anohter subinterface. [CSCdi44657]
•When using 'debug atm errors' you sometimes get the following message which is not an error. *Nov 30 10:05:14 EST: addr_lookup: vcnum = 3 [CSCdi44725]
10.2(9) Caveats/10.2(10) Modifications
This section describes possibly unexpected behavior by Release 10.2(9). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(9). For additional caveats applicable to Release 10.2(9), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(10).
AppleTalk
•Using show appletalk route to display information about a connected route may result in a spurious access. There is no operational impact to the system. [CSCdi41913]
Basic System Services
•The show version output for a cisco 2500 or 3000 reports a processor memory size that is less than the actual size by 4096 bytes. The 4096 bytes are subtracted because they are used for a special purpose - as a console output logging buffer during Flash upgrades via the Flash Load Helper feature - and are unavailable for normal use as processor memory.
This size reduction is, however, a source of confusion since it is not accounted for in any of the show outputs. The show version output is therefore being changed so that it shows the true physical size of processor memory even though the 4096 byte chunk will continue to be used for the special purpose. This change is cosmetic and does not affect the operation of the system in any way. [CSCdi30593]
•Undefining a tacacs-server host and then defining a new one when there are oustanding requests still pending from the first host may cause a system reload. [CSCdi36726]
•Memory may get corrupted when servicing macip ATP packets causing a system reload. [CSCdi41076]
•[CSCdi42575]
•NTP may not synchronize immediately after system startup. It will synchronize after approximiately fifteen minutes in any case. There is no workaround to this problem. [CSCdi43035]
EXEC and Configuration Parser
•Port numbers above 32767 are written as negative numbers to nvram when using the ip host configuration command. [CSCdi41005]
IBM Connectivity
•The SNA packet is lost during fragmentation if no buffer is available to store the fragmented packet. The SNA application will recover and resend the packet without disconnecting the session. [CSCdi27730]
•A router configured for IBM automatic spanning tree with the default BPDU interval of 2 seconds may instead send BPDU's at 1 second intervals. However, the correct spanning tree will still be formed. [CSCdi35149]
•Netbios access-list host doesnt look at name recognized frames. [CSCdi36649]
•The router's serial interface driver software occasionally drops SDLC frames, if the bit patterns are identical to HDLC LEX frames. Dropping occurs on interfaces using STUN-basic encapsulation with non-IBM SNA data traffic (for example, COMM10 CNS protocol). Note that there is no indication in the router when this problem occurs. The router does not increment the interface "drop" counter or the STUN "drop" counters. Detection is only possible with a media tracing tool. [CSCdi41558]
•FST suffers poor performance when running over serial lines due to a regression in the fix for TR/FST media.
This patch restores proper fastswitching of the FST frames on the serial media. [CSCdi41846]
•After you configure a LAN Network Manager (LNM) PC with a bridge definition that contains the target interface MAC addresses on the router, watch for the following behavior. If a no source-bridge local-ring bridge-number target-ring command is entered for one of the interfaces previously configured on the LNM PC and a Link Bridge command is then entered on the LNM PC, the router halts with a bus error indication. The only workaround is to ensure that no source-bridge local-ring bridge-number target-ring commands are not executed on the router after you define the target LNM server bridge on the LNM PC. [CSCdi41997]
•QLLC connections fail to come up if the X.25 link is secondary. [CSCdi43634]
Interfaces and Bridging
•2500 token ring interface will not try to reinsert into token ring hub after one failed attempt. [CSCdi41499]
•For a given bridge table entry, bridging may fail to forward packets to one destination, although packets to other destinations will be properly forwarded. This can be seen by a show bridge nnnn.nnnn.nnnn command. The TX count increments, but the RX count stays constant. The workaround is to issue a clear bridge command. [CSCdi42445]
IP Routing Protocols
•The system allows the assignment of the same IP address to multiple X.25 interfaces on the same system. [CSCdi15734]
•Variance and traffic share on eigrp not working. [CSCdi34629]
•Major network summary not sent in RIP/IGRP out unnumbered interface. [CSCdi35158]
•EIGRP displays incorrect redistributed routes in topology table in version 10.2 IOS. [CSCdi40200]
•If the active router supresses a proxy ARP response due to split-horizon reasoning, and the standby router has the best path (and would provide a proxy ARP response in a non-HSRP scenario), then we fail to provide the expected proxy ARP response with HSRP. [CSCdi41163]
•OSPF is not able to flood huge router LSA (bigger than 1456 bytes) correctly. The huge router LSA is generated when there is more than hundred OSPF interfaces or there is more than hundred secondary addresses defined on the OSPF interfaces. The maximum number of interfaces before the problem hits varies, it depends on the type of interfaces. In the worst case, 60 point-to-point OSPF interfaces is sufficient to cause the problem. At the worst, this huge LSA can cause the router to restart. This fix enables the router to process huge LSA correctly. Note that all routers in the OSPF area that need to process huge LSA must be upgraded with version containing the fix; Routers running versions without this fix could restart upon receiving the huge LSA. [CSCdi41883]
•Routers running 10.2 or higher fail to add an entry to the ARP cache when they receive a valid HP probe VNA reply. Possible workarounds: configure static ARP entries. If not absolutely necessary, don't use HP probe but use ARPA or SNAP encapsulation. [CSCdi41952]
•Helper addresses will not work on IP unnumbered interfaces. This is a problem for network protocols that require broadcast forwarding on dialup, such as Microsoft Networking over TCP/IP. Workaround is to configure an appropriate ip broadcast-address in addition to the ip helper-address on the async interface in order to facilitate forwarding. [CSCdi42154]
•When pinging a non-existant host, arp table entries for that host, with a mac address of 00:00:00:00:00:00, are reported via snmp in the atTable and the ipNetToMediaTable as defined in mib-2. [CSCdi42267]
ISO CLNS
•When running ISO-IGRP and a CLNS route goes in holddown and gets deleted, a memory leak of 128 bytes will occur. This can happen very frequently in a normal network. The final result will be that the ISO-IGRP process will use most RAM memory, and the router will become unreachable and stops functioning. A reboot is the only way to get the router going again. [CSCdi39191]
•Route redistribution from ISIS into another IP routing protocol was broken in 10.0 and 10.2. A symptom was that eg. ISIS routes that were redistributed into RIP, were advertised with metric 16 (infinity) after the first periodic ISIS SPF run. This bug was not present in 10.3. [CSCdi40353]
•CLNS Error packets may contain invalid information in the data field, or they may not be sent at all. There is no workaround to this problem. [CSCdi41968]
Novell IPX, XNS, and Apollo Domain
•If the interface is configured with an encapsulation that is not the same as default, there is no way to reverse it back to the default using the command no ipx encapsulation The workaround is to remove the ipx network number and then reconfigure the ipx network number on the interface. [CSCdi37380]
•'show ipx traffic' command ignores the terminal length setting using the command 'term len xx' and displays all information at once. [CSCdi40901]
•The router may unexpectededly reload while displaying the output of show ipx route<no CmdBold>. [CSCdi40908]
•Doing 'no ipx network xx' and then 'shutdown' on the interface sometimes may leave the connected route as secondary connected. [CSCdi41319]
•'clear ipx route number' wipes out the static route in the configuration if the route that is being cleared is a static route. [CSCdi41898]
•On interfaces using ipx secondaries the ipx triggered delay commands show up for each secondary as well as the primary, they should only appear once per primary interface. Triggered delays if not explicitly set should follow any explicit normal RIP/SAP delays set, they are not they are using the default values. [CSCdi42278]
•A 400 byte block of memory is allocated for the SAP table each time a new service type (like type 4 - fileserver) is heard by the router. That block of memory is not released when the last SAP of that type disappears from the table. In unusual cases this can cause the appearance and symptoms of a memory leak if there is a device on the network that is generating non-existant SAP types. [CSCdi42651]
VINES
•When running VINES on a Cisco 4500 router, the router may occasionally generate the message "VINES: Invalid string in data". [CSCdi39242]
•The Vines Router system process runs at low priority. It should run at normal priority. [CSCdi41380]
•Under heavy loads, the VINES router system process may not run frequently enough for proper VINES operation. Symptoms include a high amount of route and neighbor flappage. Reducing the load on the router may help alleviate the problem. [CSCdi41922]
•Cisco routers will reply to NetRPC Searches for the Server Service with a reliable IPC data packet instead of an unreliable IPC datagram. This can add a small amount of additional traffic to the networks where the responses are sent. [CSCdi42851]
•If, while in suppression, the metric for a route changes, the suppression interval should be restarted. [CSCdi43012]
•When a route with a better metric is learned via SRTP from a neighbor different from the current neighbor, the route will unnecessarily enter suppression. This can cause an instabilities in the network. [CSCdi43112]
•Cisco 2509 through Cisco 2512 devices' asynchronous lines stop
•The configured load interval for input and output packets on a BRI interface has no effect on the load calculation of the B-channels. [CSCdi35668]
•When using DTR dialing and PPP encapsulation, DTR does not stay "low" after the call is disconnected. [CSCdi39576]
•Routers with an ISDN BRI interface may not properly answer incoming calls. This may occur if a "clear interface bri x" command is entered while calls are established or if the isdn tei flag is configured for first-call. The incoming call will be accepted, but the Layer 3 CONNECT message will not get sent out to the network. [CSCdi39627]
•When using multiple BRIs in a rotary group, the router may unnecessarily dial extra B channels, even though the load on some of the B channels in use is less than the configured threshold. [CSCdi39713]
•In rare circumstances, an SDLLC connection failure can cause the router to reload. This is true for releases 10.2, 10.3 and 11.0. [CSCdi39832]
•The "dialer priority" command does not work properly when applied to invidivual interfaces. It will work correctly when applied to Dialer interfaces, however. [CSCdi39833]
•The frame relay map can become stuck in a state if it has been staticly configured and then taken out, so that we will not inverse-arp for the DLCI after removal. [CSCdi40866] accepting input under certain conditions. One of these conditions occurs when a user connected to a LAT host types a Control-C character. A clear line x or a change to the line parameters will cause the line to start accepting input again. [CSCdi40994]
•ISDN routers with a PRI or BRI interface might crash when receiving a Layer 3 Status Enquiry message with a "Display IE" in the message. [CSCdi42382]
10.2(8) Caveats/10.2(9) Modifications
This section describes possibly unexpected behavior by Release 10.2(8). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(8). For additional caveats applicable to Release 10.2(8), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(9).
AppleTalk
•The system may halt unexpectedly when show appletalk route detail is given. There is no workaround. [CSCdi36007]
•IPTalk clients running CAP cannot start up because a nonstandard NBP packet generated by the client is not forwarded by the system. There is no workaround. [CSCdi39096]
•On a large AppleTalk network with redundunt links, CPU utilization may increase dramatically due to heavy recalculation for each neighbor's update as a result of an unbalanced (lopsided) routing table search tree. [CSCdi39372]
Basic System Services
•A tty line configured to do software flow control on a Copan class (2509-2512) of access server, will occassionally garble data when connecting to a remote host using telnet protocol. [CSCdi35487]
•Buffers are lost when a router needs to retransmist LAPB frames when there are no buffers available, eventually requiring a reload. [CSCdi37394]
•On Routers running subset images which do not support all serial line encapsulation types (CFRAD, CiscoPro) setting the encapsulation on a serial interface to an unsupported type can cause a recursive encapsulation swapping loop. This caveat has been resolved in 10.2(8.1), 10.3(5.1) and 11.0(1.1) releases. [CSCdi38244]
•On AGS+, 7000, and 7500 platforms, the command buffers huge size [size] has no effect. [CSCdi38912]
•SNMP can report information about cards that have been removed, in cardIfIndexTable. [CSCdi39308]
EXEC and Configuration Parser
•The rshd process on a Cisco router tries to append domain suffixes on a DNS lookup even though it should have been passed a FQDN. A possible workaround is to configure ip domain-list .. [CSCdi30543]
IBM Connectivity
•If the CIP controller fails to execute a configuration command successfully, the system does not undo the command. A write term will erroneously show the presence of the command, when in fact, it is not configured. The user must manually undo the configuration by issuing the [no] form of the command.
This situation can be detected by the occurrence of a CIP-generated message following the configuration command, such as the following:
%CIP3-3-MSG: %CONFIG-3-NODEVSPC: Error allocating storage for device block [CSCdi25909]
•SDLLC traffic flow over RSRB/FST over X.25 can cause system to reload. Same symptoms (STACKLOW error) may be observed with X.25 over LLC2. [CSCdi30085]
•IBM automatic spanning tree when configured on the system shows as manual spanning tree on LNM. [CSCdi30094]
•Netbios connections occasionally fail to connect through remote source route bridging when local acknowledgement is enabled. The workaround is to disable local acknowledgement. [CSCdi37525]
•On the 4000, 4500, and 4700 series routers with FDDI interfaces, if SR/TLB (translational bridging) is set up between the FDDI and Token Ring, all frames destined to multicast or functional MAC addresses have their destination address translated to canonical format. While this is correct for Ethernet to T/R SR/TLB, it is not correct for FDDI to T/R SR/TLB. This problem is not seen on the 70x0 or AGS+ platforms. [CSCdi38322]
•A problem was introduced in the fix for CSCdi38322 which caused Source-Route Translational bridging (SR/TLB) to break. This problem affects Interim release 10.3(5.1) only - routers doing SR/TLB should not use this Interim IOS version. No other IOS versions will be affected by this problem. [CSCdi38988]
•The following three problems have been observed when source route bridging from token ring to FDDI is enabled on a router:
1. A corrupt frame is generated on the FDDI when a explorer frame is bridged from the token ring. The resulting FDDI explorer frame has its 'MAC address length bit' set to indicate 2 byte addressing when, in fact, the frame has a 6 byte address. These frames are mis-read by other stations on the FDDI ring.
2. If source route bridging from token ring to FDDI is configured to use a ring group while remote source route bridging (RSRB) is also configured, the router will erroneously attempt to forward FDDI frames over RSRB links. Source route bridging from FDDI to token ring over RSRB is not supported.
3. If the router receives a FDDI frame with a duplicate ring number in the routing information field (i.e. a rif loop), it will erroneously forward the frame. The correct behavior is to drop frames that contain RIF loops. [CSCdi39293]
Interfaces and Bridging
•During the process of initializing a token ring interface the keepalive process on other interfaces may stop. This condition may result in other interfaces on the system experiencing resets. [CSCdi13654]
•When you do a show controller MCI on a Hitachi based product with no cable attached, you see buffer size, HD unit, and No DCE cable. This may cause some confusion with the specific message of DCE cable. This is a known display message error. [CSCdi28337]
•The 5 minute input and output rate counters may reflect rates that are higher than the actual rate when fastswitching, autonomous switching, or SSE switching. [CSCdi30206]
•Very intermittently,The FSIP controller detected a spurious error on the transmit buffer size resulting in a controller fatal error.
fsip179-0 corrects the problem. [CSCdi30344]
•SDLC Multidrops need router to ignore data carrier detect for High-End Platform. This behavior has been observed in 10.0 code. This aspect of implementation will be in post 10.0 IOS. [CSCdi32813]
•The 4500 with an FDDI interface module may reload with an error. The interface should reset first instead of reload. A temporary workaround is to shutdown the fddi interface. [CSCdi35936]
•On the BRUT partner product (2500 variant co-developed with DEC) when an Ethernet interface goes down the output of a show interface still shows the Interface as being up. The SNMP Replies are also incorrect. This problem has been resolved in 10.0(10.5), 10.2(8.1) and 10.3(5.1) releases of the code. [CSCdi37135]
•Transparent bridging across HDLC serial links does not work with LAT compression enabled on low end platforms. The workaround is to disable LAT compression. [CSCdi38595]
•At startup, 4000 family routers with MBRI interfaces can overflow ISDN processing queues resulting in errors messages indicating "NO MEMORY for ISDN L1 Q elements". [CSCdi38915]
•During the process of initializing a token ring interface the keepalive process on other interfaces may stop. This condition may result in other interfaces on the system experiencing resets. [CSCdi60858]
IP Routing Protocols
•When executing the "no router ospf" command, a system reload occurs. [CSCdi33077]
•When the eigrp process receives a hello packet from a neigbor, it tries to send an update packet, but this process of sending an update packet can be suspended by the eigrp process. When the eigrp process gets scheduled again to send the update packet the neighbor could be dead and all of the internal data structures for that peer (neighbor) could have been erased, which confuses the eigrp process and results in the generation of wrong bus address. [CSCdi35257]
•Clearing ip route causes memory corruption which in turn causes reload, when the memory is checked for validity. Problem reported in 10.2(6). The fix has been integrated into 10.2(8.1), 10.3(5.1) and 11.0(1.1) releases. [CSCdi36060]
•If a route's holddown timer expires and new information comes in before the route is finally aged out, the IP route cache may get out of sync. (Obviously, this can only happen with routes learned via RIP and IGRP.) [CSCdi36713]
•When using the IP Local-area Mobility feature, the router may reload under some circumstances. As a workaround, Local-area mobility can be disabled. [CSCdi37313]
•The IGRP metric for routes coming from a BRI interface are incorrect. [CSCdi37686]
•EIGRP retains summary route with incorrect metric if learned by multiple paths. [CSCdi37985]
•router display following cpu hog messages and trace back:
Jul 27 15:09:54 harvard-gw 526: %SYS-3-CPUHOG: Task ran for 3520 msec (44/7), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 harvard-gw 527: -Traceback= 3E206 24318A 22F204 Jul 27 15:09:54 bbn3-gw 325: %SYS-3-CPUHOG: Task ran for 5964 msec (99/40), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 bbn3-gw 326: -Traceback= 3E206 24318A 22F204 [CSCdi38044]
•In a misconfigured/malfunctioning token ring bridging environment, pinging of the HSRP virtual IP address can cause the ICMP echo request packets to be massively replicated. [CSCdi38170]
•Doing a redistribute connected will also redistribute interface static route into OSPF. In other words, OSPF will generate external link state advertisement for it. Doing clear ip route * will delete the external link state advertisement. [CSCdi38232]
•DVMRP can spew a lot of debug output, and CSCdi37082 (partially) took care of this by allowing the user to specify debugs for only incoming or only outgoing streams. However, this too was not enough, so we are enhancing the debug to accept an access list. [CSCdi38504]
•A problem exist in which static routes are not being redistributed into eigrp after a clear ip route * . A workaround is to kick start the redistribution process by either removing one static route and reinstalling it, or by removing and reinstalling the redistribute static command under router eigrp xx command. [CSCdi38766]
•In EIGRP, the hold-time and hello-interval do not properly default when the encapsulation on the line is changed to frame-relay. [CSCdi38859]
•Transparent Bridging of IP ARP from HDLC serial interfaces to token ring fails to forward unicast ARP replies. [CSCdi38884]
•On a router running OSPF, a clear ip route * could cause the router to reload. This caveat has been fixed in 10.2(8.1), 10.3(5.2) and 11.0(1.3) releases. [CSCdi38914]
•In some rare circumstances, the router may suddenly cease to respond to commands or forward packets. Power-cycling the router may be necessary in order to recover. [CSCdi39471]
•Setting the ring speed on a low-end token ring interface will cause a non-default MTU value to be reset to its default. [CSCdi39498]
•OSPF sometimes create intra-area host route which point to itself during route flapping. This fix resolves the problem. [CSCdi39623]
ISO CLNS
•When issuing the clear clns is-neighbors command, this may reduce the maximum number of entries in the ISIS route table to 130. Any additional entries that may have existed could be lost. The only workaround is not to issue this command, if possible. [CSCdi36854]
Novell IPX, XNS, and Apollo Domain
•When deleting a network from the ipx router eigrp command, the RSP reloads and the 4500 prints out spurious memory access message. [CSCdi32071]
•Atm interface logging 800e errors with vines and novell protocols enabled on an interface. This behavior was observerd in versions 10.3(2) and 10.2(4). The way to overcome the 800E errors with the vines protocol is to downgrade the ios to 10.2(6.6). The final implementation to fix this challenge will be in post 10.2 and 10.3 IOS.
IPX frames may be encapsulated improperly for the ATM interface, and cause the interface to hang, when ipx maximum-path is greater than one and multiple equal cost routes exists one of which is an ATM interface. Workaround is to set maximum-path back to one. [CSCdi36798]
•When a SAP packet fails to be sent the SAP sent counters may still be incremented. [CSCdi38293]
•In highly redundant topologies containing backdoor paths a routing loop may occur when running IPX-EIGRP. [CSCdi38319]
•Adding an XNS static route that's also an interface route causes the routing table to have duplicate entries. [CSCdi38591]
Protocol Translation
•An access class specified on a translate command using X.25/pad as the inbound transport is not evaluated properly. [CSCdi37114]
•When using permanent virtual circuits (PVCs) with the "swap" option on packet assembler/disassembler (PAD) to TCP translation, the PVC may terminate after the first connection. [CSCdi39626]
TCP/IP Host-Mode Services
•The router can erroneously drop packets (generating ICMP ttl-expired messages) from serial interfaces when TCP header compression is configured on those interfaces. [CSCdi37637]
•An access server can accept a new reverse tcp connection while being in the HANGUP state for the previous connection. This will cause the new connection to be closed shortly after being established. This happens with the modem cts-required command configured. [CSCdi39085]
•TCP header compression debugging and detailed ip debugging can sometimes print TCP sequence and acknowledge numbers as negative numbers. [CSCdi39127]
VINES
•Memory corruption can occur when fastswitching Vines packets. The corruption usually occurs when fastswitching over SMDS. Disabling fastswitching will avoid the behavior. [CSCdi34197]
•A Vines BADTIMER error message may appear following system initialization. This is purely cosmetic. [CSCdi35167]
•Timezone offsets in Vines Server Service Get Local Time replies are incorrectly formatted. This can cause applications that make time requests from the system to report incorrect time. Workaround is to reconfigure the network so that another correctly working system receives the request. [CSCdi37669]
•Current behavior is to send Vines redirects to an all 'F's broadcast at both the data link and network layer addresses.
A redirect should to sent to a data link unicast address and a vines network broadcast address. [CSCdi38016]
•The Vines fastswitching cache may not be properly invalidated when either a better or alternative equal-cost route is learned. As a result, packets may not be optimally routed when they are fastswitched. [CSCdi38606]
•The system may halt unexpectedly when show vines interface is used. The behavior occurs only when SRTP is enabled. [CSCdi38846]
•When vines single-route is enabled, the metric for alternative routes is recorded incorrectly. Disabling vines single-route avoids the problem. [CSCdi39054]
•Issuing a show vines interface command can crash the system. [CSCdi40388]
Wide-Area Networking
•When a received Call is routed to a CMNS host, an LLC2 connection is attempted but fails, the configured CMNS map is deleted. [CSCdi30978]
•Values on dialer timers, such as the "dialer idle-timeout" command, do not work for values greater than 2147483, rather than the published maximum (4294967).
The workaround is to use the lower value as the maximum. [CSCdi33266]
•On link reset, the LAPB N1 value is not updated after the new modulo is configured. This causes the encapsulation failure on large packets when LAPB modulo is changed to 128. [CSCdi35191]
•When encapsulating OSI packets for transmission on a frame relay PVC, two copies of the NLPID are put in the header. RFC1490 specifies that the redundant NLPID should be left out. [CSCdi36199]
•After changing an X.25 LTC from 1 to another number, the router configures the interface as a PVC following a reload or clearing of the X.25 interface. [CSCdi37627]
•$IGNORE [CSCdi37946]
•Interfaces using Blacker Front End encapsulation do not correctly determine X.121 addresses from IP addresses. [CSCdi37951]
•When an AIP interface is declared down due to a CD state change while there are SVC's on the AIP, messages similiar to the following may show up.
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
%SYS-2-MALLOCFAIL: Memory allocation of 34 bytes failed from 0x748D8, pool Processor, alignment 0
No workaround. [CSCdi38087]
•ISDN BRI routers, 2500 and 3000 series, will not properly activate Layer 1 after a shut/no shut on the interface. This will cause incoming calls to fail because Layer 1 does not see the event. A work around is to force an outgoing call, this activates Layer 1 and will allow incoming calls to be recognized. This only affects the igs images. [CSCdi38254]
•X.25 doesn't accept configurations of the T1x series of timers when configured as a DCE. As a work-around, configure the analagous T2x timer. [CSCdi38404]
•After a reload, de-group commands disappear from working config. Need to do a config memory after a reload to restore the de-group statements from NVRAM. [CSCdi38475]
•The router receives a lmi update from the switch saying that a dlci is "inactive" but it is reflected as "deleted" in the show frame-relay PVC and map statements. [CSCdi38822]
•When a serial ppp link from a 7000 to a lex box goes protocol down, the lex code should not continue to forward frames out the serial interface. [CSCdi39882]
•Changes implemented for basic-net3 switchtype for ISDN BRI interfaces. This is required for Italy homologation, as they test more cases within the specification. [CSCdi40646]
10.2(7) Caveats/10.2(8) Modifications
This section describes possibly unexpected behavior by Release 10.2(7). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(7). For additional caveats applicable to Release 10.2(7), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(8).
Basic System Services
•Unexpected system restarts due to a "software forced crash" can occur when using extended TACACS. [CSCdi28744]
•Under certain situations for some interfaces, the SNMP agent does not generate a trap when line protocol goes up or down (linkUp and linkDown traps are not sent). [CSCdi36656]
•Router with numerous Async interfaces using PPP encapsulation sometimes complains of memory corruption and restarts automatically. [CSCdi36763]
•If the Intial Setup Dialog is skipped by doing a Control-C, in some instances the following message appear on the router: "%ALIGN-3-SPURIOUS: Spurious memory access made at 0x605D8228" This caveat has been resolved in 10.0(10.4), 10.2(7.3), 10.3(4.4) releases of the software. [CSCdi36925]
•The system will return an invalid day-of-the-year in the reply to a VINES get-local-time request. There is no workaround to this problem. [CSCdi36947]
DECnet
•A DECnet MOP remote console connection is attempted from a VAX to a Cisco router. The process begins, gets connected and goes as far as issuing the password prompt and the then connection is broken quickly. [CSCdi36500]
•When a L2 router has no (Phase IV) area reachability, it declares itself as "unattached", which is the correct behavior. However, if it is also doing Phase IV/V conversion, there are instances where we want the router to advertise itself as the "nearest L2 router", so that interior L1 routers can send packets to the L2 router for conversion.
In order to accommodate this, we will need to add a knob ("decnet attached override") that will override the attached bit. By default, this is OFF, so that a L2 router with no (Phase IV) area reachability will not advertise itself as the "nearest L2 router. [CSCdi36662]
EXEC and Configuration Parser
•Traffic received during execution of a chat script is not masked using the setting of exec-character-bits, making it difficult to deal with intermediate devices that use parity. [CSCdi30390]
IBM Connectivity
•When Source Route Bridging from token ring to token ring the counters in sh source show the sum of received and transmitted packets under transmitted packets and received packets remains zero. This has no influence on the correct operation of the device. [CSCdi27989]
•When transparently bridged frames are received on a fddi interface and then translated to source route bridged frames via SR/TLB and sent out that same fddi interface the mac layer address of the frames does not get bit flipped correctly. This only happens on 4500's when bridging from ethernet to token ring using a fddi backbone. [CSCdi34328]
•When using local-ack, the following error messages may result in a router reload or loss of session: %SYS-2-NOTQ: unqueue didn't find 11CA40 in queue 63C3C -Process=3D "*Sched*", ipl=3D 4 -Traceback=3D 3050154 302854C 332869A 331DB8C 3311628 3304C50 303C4E8 3104F5E [CSCdi34930]
•When Source Route Bridging and Transparent bridging are configured on the same interface, it is not possible to configure source-bridge spanning. While this is proper when the Transparent bridge group is using the ibm protocol ('bridge x ibm') for Automatic Spanning Tree (AST), it should be allowed for IEEE or DEC protocols ('bridge x iee' or 'bridge x dec'). [CSCdi35866]
•A Cisco 4500 or Cisco 4700 series router might restart with the error message "%ALIGN-1-FATAL: Illegal access to a low address" if RSRB is configured on the router. [CSCdi35905]
•When the configurataion command stun schema name xxxx length xx format hex is entered, it is executed correctly. If the config is then written to memory, the keyword hex is saved as hexidecimal. This causes an error at reload and the command will be rejected. The workaround is to remove the command from the config prior to reload and re-enter it after the router has booted. [CSCdi36328]
•If (R)SRB is configured on more than 2 token ring interfaces in a router with a CBUS/SP controller (AGS+ and 7000 series), then some of the token ring interfaces will stop accepting packets after a number of explorers arrive at the interface. FDDI interfaces may also stop accepting packets. See CSCdi34101. [CSCdi36539]
•LOCACK: RR frame dropped, bogus NO_ONES_HOME ADM neg timer netbios prevents netbios sessions from coming up in a busy system. Fixed only in 10.2(7.3) and above. [CSCdi36624]
•Source route bridging from token ring to FDDI causes a corrupt frame to be generated on the FDDI when an all-routes explorer frame is bridged from the token ring. The resulting FDDI explorer frame has its 'MAC address length bit' set to indicate 2 [CSCdi36678]
•In some networks, when direct source route bridging from token ring to FDDI is enabled on a wrapped FDDI ring, the router fails to strip frames from the FDDI ring properly. When this condition occurs, the FDDI ring utilization approaches 100% and the router appears to pause. [CSCdi36717]
•The source-bridge proxy-explorer command causes broadcast storms on the network when an explorer is sent for a non-existant destination MAC address. A trace of the token ring shows excessive LLC explorer frames and the router console does not accept keyboard input. It has to be reloaded to recover. The work around is to remove the source-bridge proxy-explorer command from the token ring interfaces. [CSCdi36718]
•When using the STUN feature with TCP/IP encapsulation with local ack, the router will incorrectly forward an aborted SDLC frame from the SDLC end station through its remote-peer and to the remote end SDLC station. Correct behavior would be to sense the aborted SDLC frame locally and request retransmission, dropping the aborted SDLC frame rather than forwarding it. [CSCdi36957]
Interfaces and Bridging
•Autonomous Bridging will not properly discard some bridge cache entries. This is essentially a memory leak in cBus memory and will reduce the number of available bridge cache entries and ultimately the volume of autonomously bridged traffic.
This memory can only be re-allocated by reloading the router. [CSCdi36910]
•When using encapsulation bridging on FDDI with 4500 router..the swapping from Canonical to non canonical mac address is not done when packet are output from the 4500 on the FDDI interface. [CSCdi37188]
•The system software was not querying the FSIP for the G.703-E1 specific errors - remote alarm indication, alarm indication signal, loss of signal, and loss of framing - when the framing was enabled on the G.703-E1 port adapter. [CSCdi37725]
IP Routing Protocols
•This occurs for sparse-mode PIM groups only. If the DVMRP/PIM border router is not the RP, sources in the DVMRP cloud cannot get multicast packets to all PIM receivers. This problem does not occur if the topology is configured dense-mode from the border router to the RP. [CSCdi27921]
•This bug exist in all releases. Customer will find that the router does not remove LSA which is MAXAGE, either because of the local router ignoring the acknowlegment or the remote router failing to generate acknowlegment. This will further prevent the router from re-learning route which is once removed but then becomes available again. [CSCdi36150]
•This bug is introduced into 10.0(10.2), 10.2(6.4), 10.3(3.5) and 11.0(0.7). It causes the OSPF area border router not advertise summary LSA for connected loopback interface and connected multi-access network where has no neighbor exist into other area. [CSCdi36186]
•IP routing lookups are limited in their recursion as a safety measure. The arbitrary safety limit eliminated some useful corner configurations. Increase the safety limit slightly so that more complex configurations work. [CSCdi36749]
•This bug exists in all versions. OSPF will not install external route associated with external LSA which forwarding address happens to match secondary address of a connected network. [CSCdi36946]
•Telnetting to the router with a loose or strict source route will cause the router to hang. [CSCdi37213]
•If the command "clear ip dvmrp route *" is issued when there are no routes in the dvmrp routing table the router will crash. [CSCdi37791]
ISO CLNS
•When PhaseIV/V conversion is enabled and if the Phase IV source and Phase V destination are on the same interface of the router, the box could crash. This due to the attempt by the router to send a Phase V redirect to the Phase IV host. [CSCdi37236]
LAT
•Modification of characters during lat printing in version 10.2(5) IOS. Frequency is intermittent, however, after a first occurence frequency increases. [CSCdi36412]
Novell IPX, XNS, and Apollo Domain
•Setting the ipx output-sap-delay and output-rip-delay commands to large values might prevent normal updates from occurring. To fix this, four new commands have been added. The ipx default-output-rip-delay and ipx default-output-sap-delay commands set global defaults for all interfaces. The ipx triggered-rip-delay and ipx triggered-sap-delay commands set the per-interface values for the interpacket gap in Flash memory and poison RIP/SAP updates. This value overrides the settings of the ipx output-sap-delay and output-rip-delay commands. If you normally configure a large interpacket gap, configure these commands to have small values. [CSCdi34411]
•IPX autonomous switching is permitted to be configured on ATM interfaces using the ipx route-cache cbus command. However, ATM autonomous IPX switching is not currently supported and should not be permitted as a configuration option. [CSCdi35568]
•On systems which do alignment and spurious memory reference checking, configuring Novell (IPX) with a SAP queue maximum value may cause ALIGN-3-SPURIOUS log messages. Removing the SAP queue limit is a workaround. [CSCdi35867]
•Two global commands have been added that allow you to set the default value of the IPX triggered SAP delay and triggered RIP delay. These commands are ipx default-triggered-rip-delay and ipx default-triggered-sap-delay. [CSCdi37833]
TCP/IP Host-Mode Services
•The RLOGIN process is not flushing the pending output correctly. [CSCdi36259]
•When initiated from a VTY (i.e., telnetting into the router), the transfer of files between flash and a network server using rcp (via the commands copy flash rcp and copy rcp flash) cannot be halted via the escape character. [CSCdi36734]
•When spanning tree flooding is enable on an interface, the system does not check for directed broadcasts on the directly connected interfaces and will discard the packet. [CSCdi37183]
VINES
•VINES fastswitch cache entries are sometimes built with the MAC address of another VINES interface. This issue can cause the message VINES ENCAPFAILED and can cause the router to pause or crash. It is recommended that fast-switching be disabled in highly redundant networks or single-route be enabled. Customers running RTP can issue 'vines single-route' instead of disabling fast-switching only if they running 10.0(10.1), 10.2(6.1) or 10.3(3.1) or later due to CSCdi34071. Customers running a pure SRTP network can issue 'vines single-route' in any 10.x release. [CSCdi37335]
Wide-Area Networking
•Becasue chat-script names are matched via regualar expressions, names containging special characters may unexpectedly NOT match unless great care is taken. [CSCdi29917]
•When using the ppp use-tacacs command, the behavior of CHAP Authentication for PPP connections does not comply with RFC 1334. Rather than always retransmit the same reply code when receiving multiple CHAP RESPONSE messages our implementation sends a query to the TACACS server for authenication every time. Since successive TACACS queries may yield different results (if the server becomes unreachable for example) our behavior does not comply with the RFC.
The new behavior will be to cache the reply code to a CHAP RESPONSE message and retransmit the same reply if multiple copies of a RESPONSE message are received. [CSCdi31925]
•When the session-timeout interval expires, the protocol translator now closes the outgoing PAD connection, returns the terminal line to an idle state, and displays the following message:
[Connection to remote X.121 address idle too long; timed out] [CSCdi34009]
•Under some unknown conditions, some X.25 data packets may incorrectly have the D bit set, which will cause a connection to be reset. [CSCdi35036]
•Appletalk phaseI over ATM is incompatible between 10.2 (or earlier) and 10.3 (or later) images. I.e. if one end of ATM cloud runs 10.2(or 10.0) image and the other end runs 10.3(or 11.0), they can't communicate in atalk-I. [CSCdi35118]
•On a Copan class router (C2509, C2510, C2511, C2512), the Async driver can consume limitless number of system buffers. This is usually not a problem as the typical number of used buffers is around 3. In some rare pathological conditions, a vast number of system buffers get allocated by the driver, causing a performance degradation and reducing available resources for others.
The maximum number of system buffers the Copan's Async driver can leave outstanding at a given time should be 8 per async channel for received-data. This count excludes the 3 permanent buffers each channel owns for received-data. [CSCdi35587]
•Router crashes when PRI timeslots are removed from the controller. [CSCdi36421]
•A received Call that encodes local facilities (i.e. using a local facility marker) will have those facilities processed as if they were standard facilities. [CSCdi36424]
•Configuring LAPB's T1 parameter will report "T4 disabled" when no T4 is configured. [CSCdi36571]
•Async DDR SLIP fails to reconnect after idle timeout or a line failure. The async line shows noDSR. The dialer shows still connected. The async interface is still up (spoofing). This has been found in versions 10.2, 10.3, and 11.0 IOS. [CSCdi36616]
•atm pvcVCD VPI VCI ENCTYPE ? gives wrong help string of "Average rate", while it should have been "Peak rate". [CSCdi36687]
•show atm vc VCD dose not take VCD's that are bigger than 1024. Also, AIP on 7000 (family) only supports maximum of 2048 VC's, instead of 4096. [CSCdi36778]
•Forced reload of router in parser when doing show x25 map, while maps were being added and deleted in another session. This was discovered in versions 10.2, 10.3, and 11.0 IOS. [CSCdi37303]
•Forced reload of router occurs when attempting to change serial line encapsulation to an unsupported encapsulaiton type while runnig version 10.2, 10.3, 11.0 IOS. [CSCdi37492]
10.2(6) Caveats/10.2(7) Modifications
This section describes possibly unexpected behavior by Release 10.2(6). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(6). For additional caveats applicable to Release 10.2(6), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(7).
AppleTalk
•On a large AppleTalk network, high CPU utilization may occur due to a highly lopsided routing tree. [CSCdi32063]
•Corrected the alignment problems which appears on 4500. [CSCdi32568]
•If an 'extended' route is heard for a non-extended equivalent in the routing table, it gets converted to extended. This should not be happening if the 'extended' route is also a poison route (distance 31). In rare circumstances this can cause route instability. [CSCdi33321]
•When routes associated with zones would age out, the network entry would not disassociate itself with the zone. When that network entry was relearned, an additional network-zone association would form. The result is multiple appearance of the same network number in the zone table as viewed by the SHOW APPLE ZONE comand.
Restarting the router will clear the table. [CSCdi33691]
•Corrected the problem which prevents router to run in pre-fdditalk. [CSCdi33873]
•Routing Table Maintenance Protocol (RTMP) routes are sometimes not aged correctly, resulting in a continually increasing update time. Although the RTMP path is updated, the route in the routing table is not. As a result, the user does not see the route timer and state change. [CSCdi34053]
•The command no appletalk protocol eigrp causes the system to dereference Null (during a bcopy() the source address is Null), which causes the system to reload because the bcopy() routine uses a ld instruction to read 8 bytes at [CSCdi34264]
•Corrected the problem which prevents users from clearing neighbor entries. [CSCdi35099]
•AppleTalk frame fastswitched onto Token Ring have the AC byte set incorrectly. This may result in poor switching performance, characterized by a high number of drops on the output queue. [CSCdi35153]
•Corrected the problem which prevents the router to invalidate the old cache entries. [CSCdi35967]
Basic System Services
•Using point-to-point LAPB compression seems to generate a memory leak. Workaround would be removing the command 'compress predictor' from the configuration. The problem with the predictor (RAND) compression algorithm was fixed. [CSCdi32109]
•If a terminal line is configured with a Location command, and the user makes a tn3270 connection to a host that supports the telnet location negotiation on tn3270 connections, the connection may halt and fail to respond. The workaround is to remove the location with a no location config command. [CSCdi33143]
•System may reload unexpectedly and System was restarted by error - Software forced crash may be displayed when show version is displayed. [CSCdi33205]
•Either the timer process or the callback routines that it invokes is holding the CPU for a abnormally long time. [CSCdi33370]
•If an NTP authentication key is configured, and an NTP packet is received with that authentication key, but the key has not been configured as "trusted" (via the "ntp trusted-key" command), and later the key is configured as being trusted, packets containing that key may not authenticate correctly.
The workaround is to re-enter the "ntp authentication-key" command for that key again, or to reload the system (with the "ntp trusted-key" command included). [CSCdi33390]
•ROM monitor on cisco 4500 routers could reload with a bus error when the boot flash is corrupted. [CSCdi33906]
•Tacacs slipoff records are not sent to lhost when the user logs in using name@lhost. [CSCdi34401]
•Seriously oversized NTP packets (or packets addressed to UDP port 123, whether they are actually NTP or not) can cause memory corruption and failure to sync time correctly. [CSCdi34786]
•The 10.2 release does not correctly print a stack trace if the traceback routine is called from interrupt level. Instead of tracing the interrupt level stack, it traces the process stack. This obviously makes the output worthless. The problem does not affect any other release. [CSCdi35172]
•It is desirable to be able to control the TFTP servers to which configuration files can be written with an SNMP set to the writeNet variable and from which configuration files can be loaded with an SNMP set to the netConfigSet and hostConfigSet variables. To that end, the global configuration command snmp-server tftp-server-list acl-number should be implemented. This command will associate a simple IP access list with the TFTP operations. The writeNet, netConfigSet, and hostConfigSet will be allowed only when they specify a TFTP server whose IP address passes the access list specified. [CSCdi35746]
•If the system clock is set previous to 1961, NTP will cause the time to converge to 1927 instead of 1995.
This should never happen unless the clock is set by hand, or the fix to CSCdi34786 is not installed.
The workaround is to set the clock (using the "clock set" EXEC command) to a time that is roughly correct (or at least later than 1961); NTP will correct the time from there. [CSCdi36101]
•Interrupting the output from the show registry command by quitting at the more prompt can produce a SYS-3-CPUHOG error message. [CSCdi36133]
DECnet
•This is a regression caused by 28342.
When DECnet IV/V conversion is enabled on a router configured for L2, the router ceases to send L2 hellos to the Phase IV+ (i.e. "all L2 routers") multicast. As a result, other vendors' routers that explicitly listen to L2 hellos on this multicast will not create a L2 adjacency.
In an all cisco environment, there is no problem, since cisco routers will listen for L2 hellos on the "old" ("all routers") multicast. [CSCdi34275]
•When a route look up for a particular DECnet IV destination shows that the next hop is in an "Initializing" state, we should convert to Phase V, if possible. [CSCdi35322]
EXEC and Configuration Parser
•For Frame-relay subinterfaces specifying link-type will be a must i.e. there will be no default link-type as shown below:
goldy(config)#int s0 goldy(config-if)#encapsulation frame-relay goldy(config)#int s0.1 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link goldy(config)#int s0.1 % Incomplete command.
Previously multipoint type used to be the default for FR sub-interfaces. [CSCdi32283]
IBM Connectivity
•A router configured for Source-Route Bridging will not forward All-Route Explorer frames if the destination MAC address is the token ring broadcast address c000.ffff.ffff. All-route explorers destined for other MAC addresses are still forwarded correctly. [CSCdi30429]
•On 2500's, 4000's or 4500's reject the Null-XID response when RS6000 is attached to local ring (RIF length is 2) and broadcast bit is set. Therefore, the RIF table is not updated, but the ARP table is. [CSCdi32042]
•4500 crashes when configuring remote-peer, or after configuring remote peer and bringing the token-ring port up. [CSCdi32138]
•Issuing "show lnm interface token-ring x/x" will loop indefinately when soft errors are present on the token ring. [CSCdi33378]
•For SNA sessions, llc2 local-window is set to 8 even though the default is 7.
For Netbios sessions, using llc2 local-window x with x is equal to either 1 or 6, the value will set to 8 by error. [CSCdi33845]
•Disabling LanNet Manager may cause the router to reload. [CSCdi33944]
•In some rare cases a router configured for STUN with local acknowledgement will stop forwarding all packets and continuously print the following messages on the console: %SYS-2-INTSCHED: event dismiss at level 5 -Process= "IP Input", ipl=5, pid=7 [CSCdi33993]
•On the Cisco 4500 router clear source-bridge command can cause a system reload. [CSCdi35237]
•When determining the next wakeup time for the REM component of Lan Manager, the router may incorrectly wakeup at the later of two times, instead of the earlier of two times. This may produce jerky behavior of the REM as errors get reported in groups based on the time of the last error, instead of being reported based upon their individual times. This problem happens for 24.5 days out of 49 days. [CSCdi35914]
Interfaces and Bridging
•In high traffic environments, FSIP8 will get FCICMDFAIL messages and may eventually get 8010 fsip_reset due to multiple command timeouts. The command timeout was caused by a long path in the fsip firmware during the memd read on trasmit. fsip10-8 fixed this problem by splitting the memd read on transmit into 32 bytes chunks and enablinginterrupts between the chunks. [CSCdi27451]
•It is a problem to SSE switch packets from an AIP using encapsulations aal5snap, aal5mux and MIP using encapsulations ppp, frame-relay and fr-ietf. [CSCdi31104]
•Serial interface in a spanning tree may mistakenly go into a blocking state. This has the possibility of occuring during interface transitions. One work around is to shut the interface down, then bring it back up to restore the spanning tree. [CSCdi32843]
•Under some conditions, certain configurations (example: router dual-homed to concentrators) may experience CMT (phy-A/B state) connection problems.
Symptoms include: fddi interface goes down/down, phy states that do not match phy status (example: Phy-A state is break, status HLS), CFM isolated, RMT non-op, both phys "active" (or "idle") simultaneously, connection status LEDs on concentrators flashing. [CSCdi33053]
•When bridging from fddi across serial or hssi ,if the packet is greater than 1500 bytes, it will be marked as a giant at the far bridge, then dropped. [CSCdi33179]
•A software race condition can cause systems with an SSP to generate incorrect hardware failure messages. These messages will include the string "sse_bridge_on" or "sse_bridge_off". The behavior of the system after such a race condition occurs is unpredictable. [CSCdi33607]
•A system reload can occur when using the cmt connect fddi n or cmt disconnect fddi n commands. Culprits are NULL pointer dereferences inside cmt_connect() and cmt_disconne [CSCdi34054]
•While inserting a cache entry for truncated CLNS address (a CLNS address which is a truncated form of another address), SSE switching gets disabled. [CSCdi34344]
•$IGNORE$ [CSCdi35371]
IP Routing Protocols
•When the auto-summary address range overlaps with the manual configured summary lists range, or when there is more than one manual configured summary lists and the range overlaps, there is a chance that both the summary address and the specific address are advertised. The specific address is supposed to be suppressed. [CSCdi26268]
•$IGNORE [CSCdi32358]
•OSPF external route is not removed even when the external route is no longer being redistributed at the ASBR. [CSCdi32647]
•Fast switching of IP traffic between serial interfaces and FDDI interfaces is not working. A workaround is to turn off fast switching (use "no ip route-cache") on the affected interfaces. [CSCdi33376]
•This problem is introduced in 10.0.(8.2), 10.2(4.5) and 10.3(1.2). The customer will find the ABR (Area Border Router) not advertise summary LSA (Link State Advertisement) about the connected secondary subnet into other areas even if the network has cover it. There is no workaround. [CSCdi33467]
•If an IGRP or RIP routing process is configured, but no routing update has been sent in the last 24 days (e.g. if there are no "line protocol up" interfaces available) then routing updates may be suppressed for up to 24 days before resuming. [CSCdi33918]
•Internal/External routes fail to propagate in IP-EIGRP when heard from candidate defaults. [CSCdi33968]
•Modify BGP to support the most recent change in the RFC specification so we will support optional parameters in the OPEN message. [CSCdi34002]
•A router acting as an OSPF Area Border Router may incorrectly run out of free memory. [CSCdi34206]
•Memory corruption by the scheduler can cause the router to reboot because of a software forced crash. [CSCdi34545]
•An ICMP packet with erroneous information in the options field can cause an unscheduled restart. [CSCdi34709]
•In Release 10.3, when an interface is configured with WAN type encapsulation, for example, Frame Relay, the ip ospf hello-interval 10 configuration on that interface is lost upon reload. The problem is caused because the ip ospf interface commands appear before the encapsulation command in the configuration. This fix solves the problem by moving ip ospf interface commands after the encapsulation command. You may experience the same problem when the fixed image is reloaded the first time. Just reconfigure the ip ospf interface commands and do write terminal. This will reorder the command in the NVRAM, and the configuration will be retained upon next reload. [CSCdi34779]
•This bug exists in all release. It happens when more than one serial interface are configured to be on the same subnet, and this subnet fall in the range of the network command. In this condition, if some of this serial interfaces are not functional, for example, are shutdown, OSPF will not aware of it and it is possible for OSPF to use this non-functional interface as output interface in SPF calculation. The result is that OSPF select wrong output interface for route to other border area router, as shown by show ip ospf border-router, it will further cause summary and external route not to be installed in the IP routing table. [CSCdi35182]
•In a multicast network with Protocol Independent Multicast (PIM) sparse mode running in one portion of the network and PIM dense mode in the other part, groups with a known Rendezvous Point (RP) address still have the D (Dense) bit set. [CSCdi35672]
•The "no ip address" command, when used with IP-EIGRP may cause unnecessary meemory use. A portion of memory is not freed up on the router. [CSCdi35696]
•When determining what time to flush neighbor entries from its tables, EGP may incorrectly wakeup at the later of two times, instead of the earlier of two times. This may produce a clumping behavior of neighbor aging, but should not produce any other problems. This problem happens for 24.5 days out of 49 days. [CSCdi35916]
•With Enhanced IGRP-IP, if a default network is known through an interface that is shut down, the show ip eigrp top act command shows the default network via the down interface, and CPU utilization for EIGRP can measure 40 percent to 50 percent. [CSCdi36032]
•When used with Enhanced EIGRP, the no ipx network and no appletalk cable-range commands might cause unnecessary memory use. [CSCdi36141]
•When IP multicast routing AND transparent bridging are BOTH configured on low-end images, any feature which relies on the reception of IP multicasts (i.e., packets destined to a MAC address prefix of 01-00-5E) will fail to function properly since these multicasts will not be received by the router. Such features include IP multicast routing itself, EIGRP, and OSPF. [CSCdi36404]
ISO CLNS
•Static CLNS interface routes clns route nsap-prefix interface-type [snpa-address] over X.25 encapsulation don't get removed from the routing table when the specific interface is down. [CSCdi33029]
•When ISIS is redistributed into ISO-IGRP, the ISO-IGRP metrics count to infinity when an ISIS route disappears from the network. The route is not flushed. This event causes ISO-IGRP to send constant updates which raises the CPU in the router considerably. [CSCdi33174]
•Issuing the command "show isis route" may cause the router to reload. [CSCdi35145]
Novell IPX, XNS, and Apollo Domain
•On the 4500 platform (only) IPX standard access lists and extended IPX access lists (types 800 and 900) were not correctly applied to process switched packets when source host or destination host fields were present in a filter entry.
On (all) low end platforms, the "ipx access-group" filter was not applied to fast switched packets. Also on low end platforms, ipx accounting was not performed for fast switched packets output to an interface when an "ipx access-group" filter was configured on that interface. [CSCdi33556]
•The router should not listen to RIP requests or RIP replies from network nn if the ipx router rip and no network nn commands are entered. These commands are normally used to disable RIP when IPX Enhanced IGRP is running on the interface. [CSCdi33838]
•Router running Novell may crash with a bus error at PC 0x319369E, address 0xE9F8030C [CSCdi34022]
•When IPX networks are defined only on subinterfaces (i.e., no IPX network is defined on the primary interface), "ipx route-cache" commands (which must be issued on the primary interface) are not allowed and/or not generated correctly in the configuration. [CSCdi34331]
•With many IPX services in the router and IPX RSUP is enable, there is a chance for the router to reload if the following command is entered show ipx eigrp neighbor server [CSCdi34361]
•When configuring SSE switching for IPX on serial interfaces via the ip route-cache sse command, the router will sometimes print out an error message stating autonomous switching is not supported on that interface. [CSCdi34608]
•Configure rsup-only on LAN interface and unconfigure it. Write term displays the unconfigured command, no ipx sap-incremental eigrp 1 rsup-only It should not be displayed. [CSCdi35236]
•If an IPX Internal Network number is configured then IPX pings to local interfaces fail. [CSCdi35604]
•When disabling IPX RIP using the commands ipx router rip followed by no network nn, the system should not disable SAP, but should disably only RIP. [CSCdi36015]
Protocol Translation
•An X.25 RESET REQUEST received on a virtual circuit used for TCP-to-PAD protocol translation causes the connection to hang. [CSCdi33374]
TCP/IP Host-Mode Services
•Serial interfaces with Frame relay encapsulation will drop the very small incoming frames that are sometimes produced by TCP/IP header compression. This results in excessive retransmits which will cause TCP to become very slow. The work around iS to disable TCP/IP header compression on interfaces configured with Frame relay encapsulation. [CSCdi34470]
VINES
•System can halt unexpected while processing redirects received on a Token Ring interface. There is no workaround. [CSCdi33132]
•vines single-route has no effect on routes learned via RTP. Enabling SRTP on the router and all its neighbors works around the problem. [CSCdi34071]
•Traceback messages may appear on a Copan class (2509, 2510, 2511, 2512)
•The output of the show frame-relay map and show frame-relay pvc commands would be more useful if it were sorted. It should also be possible to display subsets of the data. [CSCdi24781]
•Bridge access lists 200 don't work when used in a dialer-list, the packet ethertype extracted is off by 4 bytes. To work around this use dialer-list 1 protocol bridge permit. [CSCdi27037]
•A 32 bit cell that is used to store timer values wraps every 49 days and 17hrs. This results in incorrect time values being shown in various displays. [CSCdi29908]
•atm pvc VCD VPI VCI aal5mux accepts wrong protocol types for the vc. [CSCdi29918]
•The show atm map dose not page its output. [CSCdi30966]
•If the system is running Novell IPX over a frame relay link and the maximum path value is greater than one, the system will not function. [CSCdi31042]
•This behavior is seen in at least two cases. If a PVC is created in response to an LMI full status message, the user is then unable to assign it to a subinterface. The same behavior can be created by changing to an encapsulation other than frame relay, switching the encapsulation back to frame relay, and then attempting to config from NV memory or the network. [CSCdi31053]
•The atm framing G804 applies to both E3 and DS3 PLIM, but it should only apply to E3. It cannot apply to DS3 PLIM because it would affect connectivity. [CSCdi31226]
•ATM MAXVC is configurable. However, the command line help from atm pvc ? dose not reflect the MAXVC correctly. [CSCdi31801]
•Although it is highly recommended not to alter ATM Signaling timers (the defaults are good for most networks) unless the user has a very good knowledge of ATM signaling if a user does alter then incorrect values will be written in nvram. [CSCdi32199]
•Under unusual circumstances, closing a PAD connection may cause the router to reload. [CSCdi32592]
•Under unusual circumstances, accepting a PAD call from a connection that the router have sent a call to may cause the system to reload. [CSCdi32856]
•There are some small cases where PPP authentication may not complete due to it believing the remote is requiring us to authenticate. [CSCdi33142]
•When a routing protocol is removed, Frame Relay removes all dynamic maps that reflect this routing protocol. In doing so, there was a hole in the code that would free a PVC pointer before the status of all routing protocols had been checked, leading to crashes within decnet, novell and appletalk routines.
Furthermore, quite significant fixes to handle crashes caused by the "no ipx network" command, CSCdi31520 and CSCdi32606, have also contributed to the cure. [CSCdi33336]
•This problem results from the AARP frames, to an SMDS interface, would be sent with a type 4(HW_SMDS) SMDS address. The SMDSTalk specification specifies that SMDS AARP entries use type 14(HW_SMDSTALK) address type. This created an incompatibility with other vendor implementations.
The fix requires the newer IOS versions to send out type 14 address types with AARP packets and is compatible with other vendors.
This is only an issue for ATALK users running in Extended mode with Dynamic ATALK address resolution enabled.
CAUTION: This fix creates an incompatiblity with the existing ATALK/SMDS base when sending AARP in Extended mode. Users *MUST* upgrade all routers to the newer IOS versions to interoperate.
The workaround until all routers are running IOS with this fix is to run AppleTalk on SMDS with a non-extended configuration.
See CIO, under techtips and appletalk for sample configurations. [CSCdi33586]
•A command has been added that allows you to enable and disable Frame Relay inverse ARP on all protocols of a router interface. The frame-relay inverse-arp enables inverse ARP on all protocols that were enabled before you issued a no frame-relay inverse-arp command. The no frame-relay inverse-arp command disables inverse ARP on all protocols of a router interface. [CSCdi33792]
•Ping failed across fsip interface when configured with CLNS over frame-relay ietf encapsulaiton in version 10.2 IOS. [CSCdi33795]
•Certain packets (such as ICMP packets) can be corrupted by the BRI interface on Cisco 2500 series and Cisco 3000 series routers. [CSCdi33942]
•Invalid packets received on an SMDS interface are discarded incorrectly, and remain counted against the input queue, causing the interface to stop receiving traffic. [CSCdi34116]
•When doing bandwidth-on-demand over rotary groups of async or serial lines, traffic stops while a line is being dialed. [CSCdi34276]
•1) atm pvc VCD takes VCD from the range of 1 through MAXVC, while it should have taken only the VCD in the range of 1 through (MAXVC-1).
2) atm pvc command accepts peak-rate and average-rate in the range of 64k to 150,000kbps on a TAXI AIP while it should have taken each no more than 100,000kbps.
3) atm rate-q command accepts bandwith of a rate-q in the range of 1 to 150Mbps on a TAXI AIP, while it should have only taken any rate-q with bandwith no more than 100Mbps. [CSCdi34371]
•In a large customer network of routers fully meshed with rsrb tcp local-ack peer connections there are situations of high load and sessions are lost. When a new session is trying to get established no connection is possible anymore. Debug llc2 error will display no memory for llc2 structure. From that moment no more llc2 session can be established. To recover from the situation the customer has to bring down all his llc sessions in the Host and restart. [CSCdi34961]
•The interface bandwidth on primary rate ISDN B channels is always 64 Kbps, even when 56 Kbps calls are being made. There is no workaround to this problem. [CSCdi35247] router, if too many BREAK characters are received successively on its async lines. Increasing the number of available big buffers, sometimes releives this problem. [CSCdi35611]
•Some of async line scripts incorrectly hang up the line. These include the Line Activation script, Network Connection script and in some cases the user command script. [CSCdi35773]
•The isdn caller or dialer caller command will crash the 4500 with a low memory access. It will corrupt low memory on all other platforms. [CSCdi36195]
10.2(5) Caveats/10.2(6) Modifications
This section describes possibly unexpected behavior by Release 10.2(5). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(5). For additional caveats applicable to Release 10.2(5), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(6).
AppleTalk
•The error messages and trace back:
%SYS-2-BADSHARE errors in datagram_done pool_getbuffer and atalk %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=xxxx, count=0 -Traceback= xxxxxxxx xxxxxxxx xxxxxxxx
is displayed on the console of router that configures with Appletalk. If this message is produced, contact Cisco Systems, include the text and the traceback of this message as well as the information from the show vrsion command. [CSCdi29127]
•This corrects a slow memory leak which would manifest itself when AppleTalk EIGRP was enabled. [CSCdi30641]
•Router is sending the first NBP FwdRq to the correct DLC next hop address, but all FwdRq packets to the multicast address. The effect of this bug is that a user might not see all entities in a given zone. The bug is only found when the ARAP clients try to do NBP Broadcast Request to the router. NPB lookups done from the Ethernet port (such as with NBPtest) are OK. [CSCdi30787]
•Routes will be stuck in routing table after failing sanity check while configuring static routes. [CSCdi31428]
•It appears at arap shutdown that all ARAP context Queues and one MNP4 context queue are not emptied. [CSCdi31592]
•ARAP MNP4 Link Request to set up an initial MNP4 link does not currently have a retransmit capability. If the Link Request sent by the Commserver is not received correctly or at all by the powerbook client, the Link Acknowledge is not sent. Currently, the commserver would then lose the connection. In practice, in a noisy line situation, failed ARAP connections would happen if the time window results in LR garbled/lost from the commserver. [CSCdi31595]
•ARAP checksum value is extracted from deallocated pak once it has been queued. This will only impact on LR and LD's frames. [CSCdi31596]
•mnp4 timer is defined as a long instead of ulong. [CSCdi31597]
•Some incidents arap will avoid needless transmission ARAP tickle time when line is already dropped. It may also confuse the modem and affect future incoming/outgoing calls. [CSCdi31598]
•CSCdi31098 introduced an error where some AT/EIGRP update packets from neighboring AT/EIGRP routers would be dropped with an indication that they were received with an incorrect DDP checksum.
The update packets are, in fact, not being generated with an incorrect checksum. However, the error in question causes the packets to be dropped regardless of whether or not the packets' checksum is correct.
The easiest work-around is to disable DDP checksums on the router running AT/EIGRP and dropping update packets and indicating checksum errors. [CSCdi31812]
•With AT-EIGRP, the router may reset due to error in watchdog timeout. The AT-EIGRP hello packet length was corrected. [CSCdi32021]
•Corrected the problem which prevents the router to run in pre-FDDItalk mode. [CSCdi33270]
Basic System Services
•The show version command does not label the booted image correctly when it was booted from ROM. The command shows "System image file is unknown, booted via" instead of the expected "Running default software." [CSCdi23575]
•With slip configured, the system reloads with Zero Divide error. This caveat has been resolved in 10.3(2.3) and 10.2(5.4) releases. [CSCdi29842]
•4500 may crash occasionally when doing multiple write mem, or write net. [CSCdi29920]
•Support for the cisco-private MIB object authAddr, which is the IP address of the system that caused the last snmp authentication failure, is missing. In pre-10.2 releases, this object was properly updated, and was also added to the variables sent in an authenticationFailure SNMP trap. In 10.2 and greater releases this is not the case. The correct behavior for 10.2 and greater releases would be to mirror the behavior of pre-10.2 releases. Cisco Systems expects to resolve this behavior in the next interim release of software versions 10.2 and greater. [CSCdi30109]
•TACACS notify requests do not use the user-configurable retransmit and timeout parameters. [CSCdi30113]
•2511 software does not send xslipon events to tacacs-server for ppp sessions. [CSCdi30415]
•SLARP can cause system to reload on routers that have dual flash bank. [CSCdi30588]
•NTP cannot send broadcast packets with the authentication option. There is no workaround to this problem. [CSCdi30746]
•The regular expression parser's magic meta delimiter character "_" doesn't match the "{" or "}" characters. [CSCdi30769]
•NTP broadcasts are always sent to the interface broadcast address, which defaults to 255.255.255.255. Unix NTP daemons typically will not receive on this address. [CSCdi30808]
•The NTP process may generate a CPU HOG message under extreme circumstances. There is no workaround to this problem. [CSCdi31176]
•There are a few instances of the NO MEMORY error message where the arguments will not be printed correctly. This should not be a problem, as the included stack trace will pinpoint what part of the system was attempting to allocate memory. [CSCdi31811]
EXEC and Configuration Parser
•A show env all command on the router console, will print out warning messages for any environmental measurement which is out of tolerance. Currently, the voltage warning message leaves space for the measured voltage level, but does not print anything out. This fix adds the measured voltages to the warning messages in the space previously provided. [CSCdi26256]
•The problem concerns various IPX, appletalk, vines issues involving redistribution and certain ipx network statements. [CSCdi30589]
•write term command output could have some bogus keywords in front of global commands. Interface specific and router specific commands are in tact. [CSCdi31923]
IBM Connectivity
•In an environment where translational bridging from Ethernet to Ethernet over an FDDI ring is required, the router doing the translation from Ethernet to FDDI includes any padding bytes from the Ethernet frame into the FDDI frame. This causes the bridge doing the translation from FDDI back to Ethernet to incorrectly calculate the length field. Note - this problem was fixed for the 4000 series platform in 9.14(6.3) and 9.21(3.1). [CSCdi28654]
•In some situations, an interface configured to use the Source-Route Bridging Automatic Spanning Tree (AST) feature can forward single-route broadcast frames despite the fact that the interface is supposed to be in blocking state. [CSCdi29831]
•While packet counts in show source are correct, the packet counts reported via SNMP are incorrect. [CSCdi30095]
•The system may reload when using an IBM Lan Manager to change the ring number of the token ring interface. [CSCdi30096]
•Enabling Local Ack blocks QLLC connections. [CSCdi30255]
•While the router is trying to establish QLLC sessions with a controller, activate/deactivate the controller can cause the router to reload. [CSCdi30347]
•Remote NCP load does not work with local-ack. Problem resolved in later release. [CSCdi31427]
•QLLC flow control can be incorrect if there are a number of calls being established simultaneously. One sympton is delay in terminal activation caused by delay in translation from llc2 SABME to qllc QSM. The another sympton is delay in termination of sessions. The disconnect session may be improper where DM is sent from the lan attached host and UA is returned from the router. However, RR may be continued to flow for the terminated session. [CSCdi32033]
•Problem found in FEP to FEP STUN configuration using SDLC-TG with local acknowledment. Router has been found to ignore UA's flowing from to FEP. [CSCdi32105]
•Turning on proxy explorers caused the router to be in a hung state as it was putting the packets on the same ring more than once, which is a violation of SRB protocol. [CSCdi32284]
•TEST/XID frames are dropped by the cisco box. [CSCdi32976]
Interfaces and Bridging
•While running the ISDN image (igs-g-f) on a Cisco 2500 with two serial ports attached, the image causes the system to disable the two serial ports and reload. When the two serial ports are removed, the system functions properly. [CSCdi27578]
•This problem occurs in bufferin fsip code. Custom/priority queueing will not work properly on an overdriven (high traffic) serial link. This has been fixed in 10.0(8.3), 10.2(5.1) and 10.3(2.2) - bundled with fsip10-7. [CSCdi28181]
•When doing SSE switching, an increase in the MTU size on an interface is not being tracked properly. This caveat has been resolved in 10.0(8.3), 10.2(5.1) and 10.3(2.1) releases. [CSCdi29876]
•When it is shut down, you will see an MTU of 8136 bytes reported in a show interface tokenringx/y output on a Cisco 7000. This is a cosmetic error, as the 7000 tokenring interface does not support this MTU size. The output of this command is correct when the interface is enabled. [CSCdi30947]
•Software errors while SSE switching can cause the router to become non-responsive, resulting in a watchdog reload. [CSCdi31048]
•In some circumstances, input IP access-groups will be ignored on interfaces with silicon (SSE) switching enabled. [CSCdi31231]
•Process-level flooding performance of Transparent or Source Route Translational Bridging deteriorates when interfaces of large MTU such as FDDI and Token Ring are present on the router. Process-level level flooding is used when the output interface is configured either for priority queueing or in a source-bridge ring-group.
This problem may be alleviated somewhat by increasing the initial, minimum, and maximum numbers of huge buffers. [CSCdi31501]
•Changes in the output of the slip and ppp user commands can prevent proper operation of client scripts written with the 9.1 software in mind. Later versions of software have the configuration command service old-slip-prompts to provide backward compatability to old scripts. [CSCdi31567]
•When SSE source-route bridging a packet that we would normally route, e.g., an IP packet, the packet may become corrupted. [CSCdi31569]
•On a router doing Source Route Bridging if Silicon Switching is enabled, SRB packets which are destined to the routers own MAC addresses are mistakenly Source Route Bridged as well. This problem is resolved in 10.0(9.1), 10.2(5.4), 10.3(2.4). [CSCdi32742]
IP Routing Protocols
•[no] ip summary-address can cause the router to reload. [CSCdi23646]
•EIGRP over slow X.25 link can cause the router to reload. [CSCdi29892]
•If an interface is configured with an IP secondary address and the ip access-group in command, the router will not respond to pings or Telnets directed to the interface secondary address if the ping or Telnet comes into the router on an interface other than the interface configured with the ip access-group in command. [CSCdi30011]
•Receiving a fragmented packet can cause the input queue counter to go negative. [CSCdi30204]
•Routes are not distributed between different IP and Enhanced IGRP processes. This problem occurs only when you enter certain commands, such as clear ip route *, ip address, transmit-interface, and mtu inteface. The workaround is either to retype the redistribute router commands or to reload the configuration file either from NVRAM or over the network, depending on the location of the configuration file. [CSCdi30575]
•If PIM is enabled on an interface, it may cause a rapid loss of small buffers. [CSCdi30724]
•This bug appear in 10.3 only. Customer will notice that there are multiple entry of external LSA 0.0.0.0 from the same advertising router stored in the database. It can further cause problem in adjacency forming and sequence of OSPF error messages about external 0.0.0.0 is lost and reinstalled. The only work around is not generated LSA 0.0.0.0. That is, do not use default-information originate command. The fix solves the problem. [CSCdi30733]
•The OSPF process can install a wrong next hop, which doesn't belong to the transit area when using a virtual link. [CSCdi30785]
•This bug exist in all release, the system always generated IP packet with identification field as zero. This cause problem when the packet is fragmented and those fragments arrive the destination intermixed with fragments from other packets. The recieving end will not be able to reassemble correctly without a useful identication. The fix solves the problem. [CSCdi30818]
•A problem that could cause a memory related system reload while running IP multicating has been fixed. [CSCdi30890]
•A caveat with OSPF configured with virtual links is optimized for the systems on the OSPF backbone. [CSCdi30973]
•Error messages of the form "DUAL-3-LINKSEXIST" would appear on any exec login with message logging enabled when interfaces running EIGRP would be restarted. In fact, there was no error and the error message was superfluous.
This error message will now appear only in situations where an interface is being restarted and EIGRP has not removed any active neighbor entries from it neighbor table. [CSCdi30981]
•It is possible to misconfigure the router to enable IS-IS for IP without having a valid IP address on the interface. [CSCdi31452]
•Register packets received by the Rendezvous Point router are not checked against access lists and TTL thresholds on IOS versions older than 10.3(2.1) and 10.2(5.2). [CSCdi31471]
•In IP-EIGRP, a candidate default is not advertised during a candidate route state change. [CSCdi31833]
•If route cache entries are created while a given route is in holddown, the cache entries are not destroyed when the route is finally flushed. [CSCdi32273]
•The "dvmrp" keyword causes the advertisement of access-list denied routes into the MBONE even when no access-lists are defined on the router. [CSCdi32947]
•This change enables a Multicast router to chooses an interface with a Unicast-Only Router present as a Reverse Path Forwarding or RPF Interface. This change has been incorporated in 10.2(5.5) and 10.3(2.4) releases. [CSCdi33025]
ISO CLNS
•[CSCdi32185]
•The system may fail when the "show ipx nlsp database detail" command is used. There is no workaround other than avoiding the command. [CSCdi32683]
LAT
•The default terminal-queue entry-retry-interval is 60 minutes instead of 60 seconds. In some cases this can cause VAX LAT print queues to stall for up to 60 minutes even when the printer is idle. A workaround is to configure an explicit terminal-queue entry-retry-interval 60. [CSCdi31720]
Novell IPX, XNS, and Apollo Domain
•The ipx route-cache cbus command is accepted and displayed in write terminal output even when ipx is not enabled on that interface. [CSCdi31249]
•Some versions of the Novell MPR appear to drop RIP poisons (network unreachable, hopcount 16) if the delay field is set to 0. This tends not to be serious since if the network is really gone, it will age out within 4 update periods.
Under some circumstances, a triggered update indicating that a network is unreachable may be sent with a delay value of 0. This change makes sure that the delay field is always non-zero. [CSCdi32097]
•Apollo traffics over FDDI are not forwarded to the next hop gateway. They are being dropped by the router because the router computes the data offset incorrectly. [CSCdi32395]
•$IGNORE [CSCdi32606]
Protocol Translation
•The system reloads if "PVC" X.25 translation option is used in the translate command and "encapsulation x.25" in not configured on any interface. [CSCdi30172]
•Telnet negotiation on a PAD to TCP translation session can hang causing an opened telnet session with no login prompt from the host. A workaround is to configure a terminal type on the vtys used for translation. [CSCdi31420]
•When using "transport input" subcommand, PAD connections are accepted on VTY lines configured for none PAD protocols. [CSCdi32538]
VINES
•Metric values in VINES ICP metric notification packets are bitshifted 4 positions. This causes higher metric values and can cause timeout delays during the retransmission process. [CSCdi30821]
•Source route information contained in SRTP Redirect packets may not be placed in the router's RIF cache with multiring configured on the interface. This causes loss of connectivity with the client workstation across the source-route bridge on the token ring. [CSCdi30962]
•The show protocols command does not display VINES metrics correctly. It displays all metrics as 16 times their actual value. Use the show vines command to view correct metric numbers. [CSCdi31770]
•The system may halt unexpectedly following the display of show vines ipc output. The behavior may be avoided by first issuing terminal length 0 prior to the Vines show command. [CSCdi31900]
•The system may unexpectly halt when processing a Server Service Format Time RPC call from a client. This can be avoided by having the client use another routing server that does not have the exhibit the problem. If the client is on a serverless net, there is no workaround. [CSCdi33030]
Wide-Area Networking
•Packets can be corrupted over BRI interfaces under some conditions. This results in lower throughput than would normally be expected across the BRI connection. [CSCdi25792]
•Entering the encapsulation frame-relay configuration command may cause sub-interfaces to reset superfluously and cause other frame-relay related commands to disappear from the configuration. A side effect of this behavior is that the configure network command may fail to appropriately configure subinterfaces. [CSCdi26572]
•PVCs do not work over an XOT connection. [CSCdi27337]
•On the Cisco 2509, 2510, 2511, and 2512, if carrier is lost while an async channel configured for hardware flow control has output held (because CTS is low), the channel can be left in an unusable state. [CSCdi27841]
•PRI line connected to DMS100 switch may cause router to reload when call is disconnected if the caller ID received contains no digit information [CSCdi28158]
•For the x25 route command, allow an option xot-source which takes an interface name as a parameter. This causes XOT TCP connections to use the IP address of the specified interface as the source address of the TCP connection allowing the connection to move to a backup interface without terminating the TCP session. [CSCdi28892]
•It is possible to fool the X.25 software into believing an an X.25 SVC is a PVC if the interface is rapdily shut down and brought back up. [CSCdi29850]
•On the 2509, 2510, 2511, and 2512, certain sustained incoming flows of async data can be accumulated but not processed until up to 1500 bytes have been received. Baud rates above 9600 baud are generally not affected. [CSCdi29931]
•If an async line is configured with the script reset script-name command, the chat process that runs the script can continue indefinitely. [CSCdi29975]
•If a user sets up the MAXVC limit via atm maxvc MAXVC then configures an atm pvc with a VCD beyond the MAXVC, the system dose not generate an error message. [CSCdi30007]
•When BREAK is used as the escape-character on a 2509, 2511, 2512 or a 2513, the first 2 characters typed on the router prompt after escaping are always lost. [CSCdi30027]
•The X.25 default protocol command (x25 default {ip | pad}) doesn't work. [CSCdi30318]
•If fast switching is enabled on a lex interfaces that is connected to an FSIP, and an AIP, a CIP, or a serial with SMDS encapsulation are active and have fast switching enabled, the FSIP resets regularly. The workaround is not to enable fast switching on the lex interface in the router. [CSCdi30751]
•Sometimes the vacant message or PPP startup message on a cisco 25xx access server is not displayed correctly. The last portion of text sent to a printer may also be lost or damaged. [CSCdi30871]
•The DDN and BFE modes do not encode the needed local facilities when originating a Call. [CSCdi31252]
•Under heavy load a switched X.25 VC can, on receipt of a Data or flow control packet, initiate a spurious Reset with a diagnostic of "unidentifiable packet" (code 33.). [CSCdi31358]
•An MBRI router may not answer an incoming call to the second number if it is configured as a basic-dms100 switchtype. The local directory number as delivered in the incoming SETUP message must be in the config with the spid number. It will work on B0, but not on B1-B15. The message in a RELEASE COMPLETE from the network will indicate "Invalid call reference value". [CSCdi31409]
•Issuing a local reset on PAD connections can cause the system to reload. [CSCdi31448]
•A router with a BRI interface using basic-net3 switchtype will ignore incoming calls with the High Layer Compatablity element. This will cause problems for routers calling from Norway, using basic-nwnet3, because the HLC must be used in calls. Incoming calls with HLC will be accepted by all the net3 switch versions. [CSCdi31517]
•Router accepts an ISDN call, but doing a sh dialer or show int indicated that the BRI b channel 1 was not connected. Show isdn status reports 1 or 2 layer 3 calls though. This was observed in versions 10.2 and 10.3 IOS. In order to work around this challenge, one needs to reload the router. [CSCdi32074]
•When routers with BRI or MBRI interfaces see Layer 1 transitions on the line it can cause Call Control Blocks (CCB) to become lost. The CCB usage can be seen with the show isdn status command. [CSCdi32246]
•When using dialer maps, Vines packet are not transmitted on DDR interfaces, neither can they place a call. To work around this, use a dialer string. [CSCdi32445]
•When Australia routers using MBRI ISDN interfaces attempt to add the Calling Party Number to interfaces other than BRI0, it fails. The number entered on BRI 0 is incorrectly sent out on the other BRI interfaces as well. [CSCdi32502]
•Routers with Multiple BRI interfaces (4000 and 4500) can crash and have spurious memory alignment problems. This can occur if interfaces are defined and configured, but not connected to a BRI interface. If interfaces are not used, it is recommended that they be shut down. This will prevent the software from attempting to activate the interface. [CSCdi32565]
•X.25 interfaces that use priority IP encapsulation (DDN mode) will clear a Call if a Call Confirm does not explicitly confirm the requested priority. [CSCdi32872]
•A router running X.25 receiving unknown local or remote facilities may pause indefinitely in some circumstances. [CSCdi33178]
10.2(4) Caveats/10.2(5) Modifications
This section describes possibly unexpected behavior by Release 10.2(4). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(4). For additional caveats applicable to Release 10.2(4), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(5).
AppleTalk
•When use on serial interfaces, the no appletalk send-rtmp command may have the unintended side effect of causing the router to never fully enable AppleTalk routing on the serial interface. The workaround is not to use this command on serial interfaces. [CSCdi29674]
•Fast switched packets is not counted for the MIB variables: atForward and atOutput. [CSCdi30028]
•During the first ARAP session on a line, the "arap noguest" flag will be cleared, regardless of configuration. This allows guest to establish connection [CSCdi30119]
Basic System Services
•IPX is Fast Switched instead of Silicon Switched although Silicon Switching is configured. [CSCdi27771]
•The router cannot detect a shortage of buffer elements and thus does not create new ones. This causes the router to drop packet even though there are ample packet buffers. The show buffers command output shows many buffer element misses. [CSCdi29379]
•Certain operations performed by the SSE are unnecessarily CPU intensive. [CSCdi29706]
•A portion of the scheduler can interfere with the periodic timer interrupt resulting in a corrupted PC. This can cause a Cisco 4500 to reload. The likelihood of this problem's occurring increases in applications that use many processes, such as IPX SAP updates across many interfaces. [CSCdi30044]
•If a system is set to be an NTP master, eventually other systems will refuse to synchronize to it. There is no workaround. [CSCdi30293]
•Default automatic boot from flash, when the booting method is not specified, will fail with a bus error on 4500 routers. The router will properly boot after this bus error. Configuring boot system flash is the workaround. [CSCdi30783]
DECnet
•A router receiving a MOP connection request through its serial port for one of its LAN port addresses responds with the LAN port's burnt-in address instead of the actual hardware address. If the requesting host uses the DECnet-style MAC address of the router in the request packet, the host will not recognize the response packet sent by the router because it sees a different address in the "source" field. This causes the requesting host to time out on the connect request. [CSCdi26991]
•The low end fast switching code for DECnet should send a packet down to process level if it determines that the packet is a Phase V packet. This way, it will be converted and sent to CLNS for further processing.
This fix has already been applied to 10.3 (as part of 28141) and is being added to 10.0 and 10.2 as well. [CSCdi30372]
EXEC and Configuration Parser
•The router crashes if the output stream from a show appletalk zone command is waiting at a "More" prompt and the router deletes routes or zones at the same time. [CSCdi28127]
•When a sub-interface is configured with "frame-relay interface-dlci" command, it doesn't enter the configuration as seen with a "write term" command and hence cannot be saved. When the router reloads the DLCI would end up being tied to the Interface instead of the sub-interface. This has been resolved in releases 10.0(8.1), 10.2(4.3), and 10.3(1.1). [CSCdi28353]
•You cannot have more than 999 elements in the hold queue. This limit is too low. [CSCdi28903]
•Commands that write configurations directly to NVRAM (for example, config overwrite) mistakenly make the software believe that the user has changed the running configuration, and so may cause the software to prompt the user to save the configuration before the reload command is executed. [CSCdi29177]
•When a menu is configured for linemode operation, typing a carriage return only will cause menu item one to be selected. It shouldn't do anything. [CSCdi30077]
•Enable secrets offer greater security for enable passwords when the "encrypted" version is allowed to leave the cisco box (either by doing a "write net" or doing a "write term" over a telnet session). [CSCdi30273]
IBM Connectivity
•On a 7000 with SRB configuration, when a packet with path tracing(e.g: decnet pings) passes thourgh a CTR interface, the following message will be displayed on the router console:
%LINK-3-BADMACREG : Interface, non-existant MACADDR registry for link 0 -Process= "*Sched*", ipl = x -Traceback = hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh [CSCdi16761]
•The presence of this message indicates that a configuration command for the CIP has not been successfully processed. The Command number displayed in the message can be any value from 70 to 76. A write term will erroneously show the presence of the command, when in fact, it is not configured. The user must manually undo the configuration by issuing the [no] form of the command, and then reissue the command. [CSCdi26323]
•When using prioritization with remote source-route bridging, the number of packets in the TCP queue for a given peer can exceed the number specified in the maximum output TCP queue length (specified with the source-bridge tcp-queue-max command). The workaround is to turn off prioritization. [CSCdi27718]
•Proxy explorer caching and responding with last rif. [CSCdi28103]
•When ibm bridge protocol is configured, the source-bridge spanning path-cost is not being used to calculate which ports should be forwarding. In this scenario, tokenring 0 will always be chosen over other rings, regardless of path cost. This ddts corrects this behavior. [CSCdi28139]
•There is a cosmetic problem where some of the output from the show source-bridge command does not line up with the appropriate headers. [CSCdi28826]
•When using the Source Route Bridging Proxy Explorer feature in conjunction with fast explorers, it is possible that certain explorer frames could be processed twice. This should not affect connectivity, but does have slight impact on both router CPU utilization and media bandwidth used by explorer traffic. [CSCdi29384]
•In a large token-ring bridging environment which uses AST(automatic spanning tree), bridge can incorrectly declare itself as root. [CSCdi29517]
•There is a cosmetic parser problem which would allow a user to define an AST (Automatic Spanning Tree) value of zero (source-bridge spanning 0), even though a bridge group of zero is not valid. [CSCdi29745]
•Under certain circumstances, the last bridge entry in the RIF(Routing information field) field is not initialized. This may cause bridging problem with any bridge that does not ignore these last four bits. [CSCdi29807]
•Configuring Source-Route Bridging on an FDDI interface can cause the user to see a LINK-3-BADMACREG message, followed by a traceback and pointing to the LAN Network Manager (LNM) process. [CSCdi30387]
Interfaces and Bridging
•Misalignments can occur while running appletalk phase I over BRI on a 4500. This has no real impact except for a entry in the show alignment command. [CSCdi22547]
•When using Flash load helper to copy a new image into Flash memory, the system might panic and return back to the system image without carrying out the copy request. With long filenames, a buffer overflows, resulting in the resulting crash.
The buffer can hold only 56 characters (54 when the flash is partitioned into multiple partitions). Thus during the copy operation, the sizes of the source and destination filenames together must be less than or equal to 56/54 ASCII characters (not including null terminators).
Evidence of the crash can be detected using the show flh-log command. Because the affects of the buffer overflow might be unpredictable, the output may vary. When the copy fails, the show flh-log command output shows that a new image was not copied to Flash memory.
If the source and destination file names are less than 28/27 characters, this problem is not be seen. [CSCdi26920]
•When an FSIP serial line is highly utilized and the idle code is set to mark (not Flags), the output of the show interfaces command may show a high number of aborts. As a workaround, use FSIP 10.7, which fixes the problem. [CSCdi28278]
•When transparently bridging from an MCI/ciscoBus interface to a MultiBus Token Ring interface using fast switching, two or eight bytes of data starting from the LSAP are dropped. [CSCdi28616]
•On high-end routers, transparent bridging in FDDI encapsulation mode does not work at the process level. [CSCdi28839]
•X.25 payload compression causes byte alignment corrections on the 4500. [CSCdi29151]
•In some cases, frames received on Token Ring interfaces may be fast switched when they should in fact be silicon switched. [CSCdi29733]
•AGS+ and 7000 FDDI interfaces can clear the routing caches abruptly when the physical layer appears to fail. This can be unnecessarily disruptive in some environments. [CSCdi29872]
•Specifically only on later model cisco 2515's, there is an interoperability issue between the 2515 hardware design and the software image that will prevent the image from being able to correctly set the ring speed on the token ring interfaces. This is not an intermittent problem - if a particular 2515 has been working with this image at a given ring-speed, then it will not suddenly begin experiencing this problem. [CSCdi29927]
•SSE switching cannot be configured for IP unless the interface has an IP address (or is unnumbered). This means that it is not possible to SSE switch out a frame relay interface where the primary interface is not given an address. The workaround is to make the primary interface unnumbered. [CSCdi29955]
•Fast Switching of IP routing packets over Token Ring interfaces of Cisco access routers (4000 series, 2500 series) is not working. Please note that this affects only interim releases 10.2(4.1) and 10.2(4.2). [CSCdi30013]
•Load balancing while SSE switching CLNP causes the SSE to forward incorrectly. [CSCdi30465]
IP Routing Protocols
•When users issued the 'no smds address ...' command, it would cause a spurious crash on the 4500. [CSCdi25249]
•All subinterfaces will be created with split-horizon enabled. [CSCdi27249]
•If a virtual link is configured, the router can place external LSAs into the retransmission list of virtual neighbors but then never send the LSAs out. When these external LSAs become invalid, that is, they reach their maximum age, the router cannot remove them because the LSAs are still in some neighbor retransmission lists. This means that these external LSAs get stuck forever in the link-state database. You will see external LSAs with arbitrarily high ages stuck in the link-state database. [CSCdi27964]
•OSPF spf calculation can hog the CPU. Message: %SYS-3-CPUHOG: Task ran for x msec (y/z), process = OSPF Router is shown on the router console. [CSCdi28526]
•IP multicast host queries are not sent on async serial interfaces. [CSCdi28865]
•An IP packet that is destined for the address 0.0.0.0 is accidently routed instead of being treated as a broadcast packet if the system has a route to 0.0.0.0 in the routing table. The workaround is use 255.255.255.255 as the broadcast address. [CSCdi28929]
•When DVMRP Reports are sent over a DVMRP tunnel and the next-hop interface is ATM and we're running NHRP over ATM, the IGMP stack size may be exceeded. [CSCdi29130]
•During the inital Neighbor Establishment phase, the EIGRP neighbor router gets stuck in an unexpected state. The result of this is that Neighbor don't recognize each other and hence do not exchange routing information. Symptoms of this problem are Neighbors dropping in and out of the Neighbor table as seen in the output of a "sh ip eigrp neighbors". This problem was found in 10.0(7) and has been resolved in 10.0(7.5) and 10.2(4.1). [CSCdi29152]
•When a RIF cache entry expires, we should always ARP for it. [CSCdi29322]
•EIGRP fails to remove the redistributed routes information from its topology table as soon as possible. [CSCdi29346]
•This bug happens for OSPF over multi-access network, for example, ethernet, X.25 etc, provided the OSPF cost to the network for the attached routers are configured to be different. For a destination behind the common network, the system still calculate the correct shortest path cost to it, however, the output interface will always be the one connected to the common network, even though it is not the one leaded to the shortest path cost. No workaround available. But there is no serious impact, like looping, other than packet will take a slightly higher cost path. This fix solves the problem. [CSCdi29411]
•There is a race condition that occurs when sending Prune messages. PIM Prune messages are sent to the RPF neighbor when the outgoing interface list becomes NULL. PIM Prune messages are also sent on p2p links when a multicast packet is received from a non-RPF neighbor.
On LANs, prunes may be delayed and if either of the two situations above occur, the Prune is only sent to the non-RPF neighbor. This is the wrong way. Precedent should be given to the RPF neighbor. [CSCdi29480]
•'ip dvmrp metric 0 1 bgp 1' crashes router in 10.2 prior to (4.1). [CSCdi29492]
•Candidate default routes are not correctly marked in the routing table of the router. [CSCdi29599]
•Regular expression processing is a performance bottleneck in some BGP applications. [CSCdi29705]
•Changing an IP address on an interface can cause the entire IP cache to be invalidated. This is overly disruptive in some environments. [CSCdi29873]
•EIGRP traffic can get stuck on NBMA (Non-Broadcast Multi-Access, for example Frame Relay) interfaces with multiple neighbors, hence very slow convergence can happen. [CSCdi30181]
ISO CLNS
•In ISIS, when the designated router (DR) goes down and comes back up, the router does not find its neighbors. Setting the isis priority to something lower than the neighbors will allow the router to relearn its neighbors. [CSCdi29611]
Novell IPX, XNS, and Apollo Domain
•When a new adapter is inserted into the router after it is booted, the interface short name is missing from commands like show ipx server [CSCdi27331]
•When we reply to a General SAP Request for a Specific Service and there are morethan 7 services of that types the multiple SAP packets are not obeying the specified inter-packet delay of 55ms [CSCdi29224]
•The SAP hop count for a server whose internal network number is learned via Enhanced IGRP should be the external hop count plus one. (The external hop count is the number following the Enhanced IGRP metric in brackets in the routing table entry). [CSCdi29455]
•Use of Novell Standard echo may produce unrealiable round trip results, and on cisco 4500 product may produce alignment warning messages. [CSCdi29548]
•If, when <CmdEnv>ipx gns-round-robin<NoCmdEnv> is enabled through configuration, a Get Nearest Server request for a service type for which there are no services is handled, but there was recently one or more services of this type, a traceback message will be generated to the console/syslong due to improper handing of this request. [CSCdi29764]
•In a network with a mixture of routers running 9.1 and 9.21 or later cisco images, where one or more of the 9.1 units are using ipx helper-address network.ffff.ffff.ffff where network is some network other than -1. IPX NetBIOS filters will not be enforced on the helpered packets when they are received on the 9.21 or later units. [CSCdi30101]
Protocol Translation
•Translate commands that include a PVC option cannot be removed from the router configuration. [CSCdi29962]
TCP/IP Host-Mode Services
•Turbo-flooding of UDP broadcast packets across token ring is slow. In addition, when turbo-flooding mode is enabled, token-ring UDP broadcast packets sent by the router will not traverse source-route bridges. [CSCdi27362]
•Repeated rsh commands might fail sometimes. [CSCdi29945]
•Certain failures during incoming rsh connections can cause the software to reload. There is no workaround. [CSCdi30148]
•When a user tries to copy a config from an rcp server the router sends a random username to the server causing the operation to fail. The only affected commands are copy rcp running-config and copy rcp startup-config. If these commands are executed as one of the first few operations after the router has been reloaded, a bus timeout error can occur. Copying TO an rcp server remains unaffected. [CSCdi30343]
VINES
•A static can inadvertently disappear if it is overridden by dynamic routing information of equal metric or if SRTP is enabled or disabled. The static route can be recovered by readding it manually. [CSCdi29213]
•The output of the 'show vines timer' command does not correctly indicate whether or not the query timer is running. The word 'none' should be displayed when the timer is not running, instead of the time 00:00:00. [CSCdi29590]
•The VINES address the router retains to assign to clients is not incremented after it is assigned to a client until the router receives an update (RTP or SRTP) from the client. This leaves a short window in which duplicate address assignments can occur. [CSCdi29886]
•When an interface is looped back, the router will report that a duplicate vines address is present in the network. This message is cosmetic, and does not affect the functionality of VINES. [CSCdi30090]
•If a serverless interface has a description string attached to it that is longer than 32 characters, clients on that interface will not be able to login to the network. [CSCdi30411]
Wide-Area Networking
•X.25 traps are not sent out. [CSCdi25289]
•Bearer capability is not being setup correctly for German semi-permanent connections. [CSCdi25741]
•There is no form of modem control that offers the capabilities of modem cts-required or modem callout that also allows simultaneous HW flow control. [CSCdi26270]
•When using the dialer load-threshold on BRI, PRI or dialer interfaces and the configured load is exceeded, the router place calls while there already is a call being setup but not fully established yet. The router should wait for the additional call to be up before dialing new ones. [CSCdi27357]
•When bridging over DDR using the dialer map bridge command, spanning-tree BPDUs are not transmitted over the DDR link. To work around this, use the dialer string command. [CSCdi27419]
•Packet and byte counters for protocols that are fast-switched over Frame Relay are not correctly incremented and displayed in the show frame-relay traffic command . Proccess switched counts are correct. [CSCdi27509]
•When the command frame-relay interface-dlci is applied to a main serial interface instead of a subinterface, frame-relay will not function correctly until the dcli is moved to the subinterface. [CSCdi27645]
•When using the appletalk address (non-extended) configuration of an SMDS interface, no aarp cache is kept. As such, every appletalk packet requires an aarp. Even in smds multicast aarp is not configured, this can have a detrimental impact on cpu utilization. [CSCdi27891]
•When removing dialer maps from a BRI configuration, the router may reload. To work around this problem, shutdown the interface before removing a map. [CSCdi28180]
•Timers used by LAPB and X.25 are not working correctly when run over an ISDN B channel. [CSCdi28370]
•The lapb n1 value is calculated incorrectly by the router by default. The value displayed is 12048 and it should be 12056. The workaround is to manually configure <CmbBold>lapb n1 12056 on the interface configured for X.25 encapsulation. [CSCdi28408]
•In the 4500, (interface b 0), an external loop may cause a crash. This behavior has been fixed. [CSCdi28465]
•When using LQM with PPP on a system that does autonomous switching, like a Cisco 7000, if the PPP quality is set too high, the link may go down if significant amounts of the traffic are autonomously switched. There is a race condition at reboot where a Cisco 7000 may sometimes not start PPP when it reboots. [CSCdi28655]
•Changing the Hardware address of an ATM static-map list would cause some pointer corruption and eventual system crash. The example below show the scenario for creating this corruption/crash.
map-list aa ip 1.1.1.1 atm-vc 8 broadcast ip 1.1.1.1 atm-vc 10 broadcast no ip 1.1.1.1 atm-vc 10 [CSCdi28730]
•While in configuration mode, bri ports may show compress predictor but encapsulation type supported for that (latb) is not possible on the BRI port. This issue has been resolved. [CSCdi28957]
•On the 2509 running 010.002 010.003 does not support the European Bridging Measure tests. This has been fixed. [CSCdi28984]
•In some cases Copan (2509-2511) attempts to flow control the tty line using RTS, although there would be no configured flow control on the tty line. [CSCdi28997]
•If the LAN Extender interface is configured with a unit number greater than 9999, the host router will crash. [CSCdi29164]
•Deactivation timer does not turn off when the system receives an activation pending in order to pass bridging measures tests for the 2500s. This issue is resolved. [CSCdi29246]
•DTR dialing does not work with PPP encapsulation. Even though the console shows the line going up and down, no traffic goes through, and the serial interface is still spoofing. To work around this, use HDLC or X.25 encapsulation. [CSCdi29249]
•This patch resolves two problems. The first is that the router would not transmit frames on an ISDN Primary Rate Interface (PRI) due to an incorrect count of available transmit buffers.
The second problem only applies if the isdn switch-type primary-dms100 command is used. In this case when the router attempted to initiate the ISDN link the DMS100 switch would take all the B-channels out of service.
As of release 10.3(1) the router will never attempt to initiate the link to a DMS100 ISDN switch. [CSCdi29291]
•Incomplete exceptional handling for TCP Header Compression may occur. TCP header compression may fail to take case out of memory at malloc() and the possibility of invoking free() with a NULL pointer. [CSCdi29294]
•When using remote source-route bridging over a DDR connection using direct encapsulation, a LINK-3-BADMACREG message is displayed. [CSCdi29352]
•Decnet and CLNS routing updates packets can not be configured to be interesting or uninteresting. The following configuration commands are added: dialer-list 1 protocol clns_es permit/deny, dialer-list 1 protocol clns_is permit/deny, dialer-list 1 protocol decnet_node permit/deny, dialer-list 1 protocol decnet_router-L1 permit/deny, dialer-list 1 protocol decnet_router-L2 permit/deny, [CSCdi29388]
•When using a BRI interface as the interface in a backup interface command, the BRI interface may not be placed in standby mode after a reload. [CSCdi29603]
•While running ISDN on the 2500 and 3000 series, the terminal end point identifier may not be retained and shut/no shut may not be working. Layer 2 is never notification that the interface is shutdown. This could possibly lead to CCB problems. This issue has beens resolved. [CSCdi29614]
•In certain traffic loading conditions on async lines (generally, an async line with receive and transmit looped) while using reverse Telnet, garbage characters may be output on the line. [CSCdi29696]
•Further BRI homologation is necessary on the 2509 to meet the European standards. The tests failed on the NET3/L3 due to a unrecognized information element. [CSCdi29808]
•The inconsistency occurs when users issue the 'clear counter' command. The current code did not clear the per-VC counters, nor the ATM specific interface counters. This fix now clears all the per-VC counters and ATM specific interface counters to make all the counts consistent with the other system counters. [CSCdi29825]
•Under load, the HDLC keepalive protocol is unforgiving of extended periods of packet bursts. [CSCdi29874]
•AIP cards that support E3, DS3, or TAXI connections occasionally stop functioning in high-temperature situations because of a timing problem in the AIP hardware. The hardware fix for this problem was implemented on cards shipped after February 22, 1995. The hardware fix requires Cisco IOS Release 10.0(9), 10.2(5), or 10.3(1), or later. [CSCdi29885]
•When using PPP LQM, if the far side of the connection stops replying, the router does not detect that the link has failed. The workaround is not to use PPP LQM by not issuing the ppp quality command. [CSCdi30042]
•If an ASM async interface is configured with the flowcontrol hardware in command, the CTS line does not honor flow control requests. Issue the flowcontrol hardware command to cause correct operation. [CSCdi30054]
•A cisco 2500 series Access Server will show a high cpu utilizaion (eg 85%) even if there is only one active connection sending data to a single line. Overall performance is not affected, however. [CSCdi30121]
•If, under rare and poorly understood circumstances, the router initiates an XOT connection, sends a Call packet, and the remote XOT host violates the protocol by returning a Call packet instead of a Call Confirm, the router will reload at some later time. [CSCdi30338]
•When using a dialer string on a BRI or PRI interface, the router reloads. To work around this, use dialer maps. [CSCdi30442]
•A router with a BRI interface can run out of call control blocks (CCBs). Layer 2 can also become wedged in a state waiting for a TEI to be assigned by the switch. This can cause incoming or outgoing calls on the BRI interface to fail. [CSCdi30501]
•Snapshot does not dial the phone number specified in the dialer map and therefore fails to establish DDR connections. To work around this configure a dialer string. [CSCdi30810]
10.2(3) Caveats/10.2(4) Modifications
This section describes possibly unexpected behavior by Release 10.2(3). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(3). For additional caveats applicable to Release 10.2(3), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(4).
AppleTalk
•Under some extremely specific circumstances the commserver will crash, probably trashing a big chunk of memory on the way. [CSCdi28661]
Basic System Services
•The SSE manager process can consume unfair amounts of CPU time. [CSCdi28086]
•No SNMP support is included in the isdn-subset image for 2504 [CSCdi28324]
•Router crashes due to a race condition in rsh. an example of this race condition is to clear the vty line in which the rsh request comes in on.
no work around.
fixed in next release. [CSCdi28361]
•When running very large IPX route tables that change frequently, the route can fragment memory to a point where telnet conmnections to the router are refused and messages like "Low on memory" and "No memory available" may appear during certain operations. You likely have this problem if the "Free(b)" Is much larger than "Largest(b)" in the show memory output. [CSCdi28549]
•A zipped self decompressing image is a run from RAM image that is compressed using the zip compression utility. It is attached to a decompression utility which self decompresses the image in RAM when it is loaded. It significantly reduces the image size in flash and does not require any change to ROM based code.
Self decompressing images are named as follows :
xx-yy-mz : xx = Product Code yy = Subset Code mz = Self decompressing, run from RAM image
Presently, self decompressing images are avaliable for the c4000 and the c7000 only. [CSCdi28651]
•On the 4500, when configuring tftp-serv the system gives an error message: TFTP server not supported in this version of the software. This unexpected behaviour is corrected by a Rom Monitor change. [CSCdi28699]
EXEC and Configuration Parser
•The snapshot routing commands are no longer hidden. [CSCdi28358]
IBM Connectivity
•When using the source-bridge ring-group global command, the ring number must be specified in decimal. The parser will not accept a hexadecimal ring number (for example '0x4F3').
The hexadecimal format can be used on the source-bridge interface subcommand. [CSCdi25671]
•Sometimes after a forced clear of the x25 virtual circuit used by QLLC, the reconnection attempt hung and a second clear had to be issued by the operator to restore connectivity. [CSCdi28092]
•A segV exception crash may occur when when configuring certain source route bridging commands in a certain order. [CSCdi28269]
•Using the fast explorer code feature in Source-Route Bridging (SRB), it is possible that a large explorer frame (>265 bytes) can cause the router to reload. The vast majority of explorer frames are considerably smaller than this (typically TEST frames), so the impact of this problem is highly dependent on the applications being run on the network. [CSCdi28588]
•The commands to enable fast explorers for Source-Route Bridging have not yet been enabled in the parser. [CSCdi28809]
Interfaces and Bridging
•Bandwidth of token-ring interfaces always set at 16000 Kbit regardless of the actual wire speed (4Mb/16Mb). [CSCdi27243]
•FDDI interface becomes deaf to unicast packets in bursty environment. 'clear int fddi 0' is the workaround. [CSCdi28392]
•"cmt connect" and "cmt disconnect" commands were broken [CSCdi28491]
IP Routing Protocols
•OSPF can fail to remove invalid inter-area and external route When OSPF get a Summary LSA/External LSA with mask changed, which is made more possible as supernetting is used, it could fail to remove the route that use the old mask from the routing table. [CSCdi24752]
•[CSCdi25947]
•OSPF sometimes will not flush the summary LSA generated from inter-area route when the route goes away. This fix solves the problem for 10.0 and later release. [CSCdi28318]
•When ip multicasting is configured, system may unexpectedly reload and System was restarted by bus error may be displayed when the command show version is invoked. [CSCdi28356]
•Router crashes when enabling eigrp after changing encapsulation from smds or frame-relay to x25. [CSCdi28660]
•EIGRP may meltdown because of inadvertently generated updates. [CSCdi29132]
Novell IPX, XNS, and Apollo Domain
•When the XNS code receives an error in the error protocol packet, it should not generate an error packet according to the XNS protocol spec. This is to avoid an infinite loop. [CSCdi28336]
TCP/IP Host-Mode Services
•a need to be able to turn dns on/off for rcmd's are needed. add a new command for just this purpose. the new command is [no] rcmd domain-lookup
This command will only be effective if dns is configured on by the command "ip domain-lookup". [CSCdi28401]
•The source IP address validation done by the RSH server can fail when the IP address has a name specified via the ip host command and that name is not in DNS. As an unwanted side-effect, the static host mapping will be deleted. In 10.3, this problem can be worked around by disabling IP address validation with the command no ip rcmd domain-lookup. [CSCdi28424]
•The error message produced by the software when an attempt is made to rsh to the router and this feature is disabled is not too useful. [CSCdi28724]
Wide-Area Networking
•XOT (x25 tunneled over TCP/IP) will exhibit mis-behaviour under severe traffic load. x25 resets (cause 5,diag 1) or excessive output drops may appear. [CSCdi25318]
•This is a problem where incoming Frame-Relay(IETF) traffic couldn't be fastswitched to the ATM interface. CBUS errors 8026 would result. All FR traffic is now properly fastswitched to the ATM interface. [CSCdi27063]
•A new SNMP configuration command is added with this format:
[no] snmp-server enable {traps | informs} [<types>]
to enable or disable (with the "no" form) traps or informs sending for specified types.
The trailing argument, <types>, is optional, specifing one or more applicable types of the corresponding traps or informs. When no such type is given in the command entry, the default is for all applicable types (for either traps or informs). Currently, the only type supported is "framerelay" to enable or disable Frame Relay Trap sending.
For example, a command like
snmp en tr or snmp en tr fr
will set Frame Relay MIB variable frTrapState to be enabled(1). And a command like
no snmp en tr or no snmp en tr fr
will set frTrapState to be disabled(2). Notice that this function does not exclude the effect from SNMP Set Request. In other words, value of frTrapState variable can be changed via the regular SNMP Set or this new configuration command.
If something like "snmp" is supported for traps in the future, then the command
snmp en tr
would be equivalent to
snmp enable traps fr snmp
*** Note *** In order to allow traps to be sent (to a certain host), the "snmp host" command must be present, for example,
snmp host 131.121.11.1 frworld framerelay
This sample command allows Frame Relay trap sending, but the traps won't be sent if the FR MIB variable, frTrapState, stays disabled(2).
The "snmp enable" command allows control over some specific traps/informs. [CSCdi27173]
•When ISDN BRI interfaces get Layer 1 transitions, they can lose Call Control Blocks (CCBs). The show isdn memory command can be used to see the allocation of ISDN memory usage. [CSCdi27483]
•Systems configured back-to-back to run frame-relay encapsulation over a subinterface require the interface subcommand no shut on each subinterface to initiate communication. [CSCdi27643]
•The show frame-relay are unintentionally disabled in the FRAD image. [CSCdi28313]
•In an effort to reduce the current size of the images created by the 10.3 tree, ISDN software must use run time allocation of workspace memory rather than using statically defined arrays of workspace. Static arrays of workspace cause image space increase in order to accommodate them. [CSCdi28602]
•The ISDN primary images only support ISDN called and ISDN answer. This issue has been resolved. [CSCdi28665]
•The restriction that all 'SMDS MULTICAST ... E.164' addresses be true E.164 MULTICAST addresses was too severe. This restriction is removed to allow users to configure any E.164 address on this command. [CSCdi28764]
•While running ISDN through a vn3 switch, the terminal end point identifer (tei) may not be retained as needed. This behavior has been resolved. [CSCdi28768]
•An MBRI ISDN can have calls left hanging without being properly disconnected. If the Layer 1 interface goes down when calls are active on other interfaces, the active calls may not be able to be released by the dialer code. [CSCdi28830]
•When using the <CmbBold>dialer load-threshold command on a dialer rotary group including one or more BRI interfaces, additional B channels are dialed regardless of the configured load. While a B channel is being dialed, connectivity via the other B channels is lost. Debug shows encapsulation failures. [CSCdi28899]
•Use of ISDN TEI powerup flag on ISDN BRI interfaces can cause the router to crash. A temporary work around is to set the ISDN TEI configuration parameter to: isdn tei first-call.
This will cause problems for dms-100 and 5ess switchtypes that use spids. The first call will fail due to the time to do spid negotiation with the switch. [CSCdi29037]
•ISDN layer 1 transitions may cause Spurious memory access. This is most noticeable on the 4500, but may occur on other platforms. This problem only occurs in switch types NET3, VN3 and TS013. This issue has been resolved. [CSCdi29089]
10.2(2) Caveats/10.2(3) Modifications
This section describes possibly unexpected behavior by Release 10.2(2). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(2). For additional caveats applicable to Release 10.2(2), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(3).
AppleTalk
•When MacIP services are configured on a router which does not have a IP Domain Name defined, the MacIP server will fail to deliver an IP address to requesting clients. The workaround is to configure the commserver/router with a IP Domain Name (via the configuration command ip domain-name xyz.com) [CSCdi26851]
•When the address of a non-existant AppleTalk neighbor was supplied to the command show appletalk neighbor<CmdNoBold>, the command would print a result similar to:
No such neighbor, 28765.233
and 27865.233 would not be the address supplied as the argument to the command.
The fact that no neighbor exists for the supplied address was correct and true information; the address printed in the output string was incorrect in that it did not match the supplied address. [CSCdi27550]
•Entering the command appletalk eigrp active-time 2<CmdNoBold> would result in a error message of:
AT: Unhandled configuration command
This would also be seen when attempting to write a configuration to memory.
This has been fixed. [CSCdi27792]
•Due to a software error, the system has reloaded itself. [CSCdi27894]
•When using the command broadcast-deny with AppleTalk access-lists, Name Binding Protocol (NBP) FwdReq packets are not passed. This prevents users from opening a connection over that link through the chooser. [CSCdi28036]
Basic System Services
•The sending or reception of telnet sub-negotiation strings is not show by debug telnet or individual connection debugging. [CSCdi25822]
•IP helpering on other than HDLC serial lines is not working. [CSCdi25881]
•This bug exist in all versions. The condition is that the customer has multiple connection to the router using multiple window. The box will crash if clear ip route * is issued in one window while show ip route is in progress in another window.
This fix solves the problem for 10.0 and 10.2. [CSCdi26605]
•TACACS SLIPON and SLIPOFF accounting and per-user access lists now works on dedicated async interfaces. [CSCdi26933]
•NTP "master" mode does not work; the system will fail to declare itself synchronized, and thus no other system will synchronize to it. There is no workaround. [CSCdi27148]
•If your telnet connection to the router is dropped while erasing flash, it may hang the router waiting for a response from the user. [CSCdi27218]
•This bug exist in version 9.1, 10.0 and 10.2. When forwarding BOOTP reply which original UDP checksum is non-zero, the box will recalculate the UDP checksum before forwarding it. However, the checksum is calculated incorrectly so the BOOTP client will reject it. The fix solves the problem for 10.0 and 10.2. [CSCdi27277]
•An unexpected loss of memory can occur whenever a X.25 and/or Frame Relay VC is created or destroyed. This condition can be avoided by enabling Vines routing. Issue the command vines routing. [CSCdi27348]
•show queue .. causes unexpected results when the specified queue is empty. [CSCdi27500]
•MIP cards can register twice with SNMP, causing duplicate responses to SNMP queries for interface entries. [CSCdi27543]
•The loopback virtual interface is not reported in snmp queries. [CSCdi27702]
•Router crashes while doing a remote configuration from Ciscoworks. [CSCdi27839]
•Ethernet hosts using only SNAP encapsulation for IP can be excluded from the ARP table. [CSCdi27984]
•The Network Time Protocol keeps less accurate time (as much as several milliseconds in error) on the cisco 4500 platform. There is no workaround for this problem. [CSCdi28260]
DECnet
•Router crashes with a Software crash after a 'sh decnet route' [CSCdi23535]
•When disconnecting MOP sessions memory is not returned to the system. This results in a decrease in available system memory, which can lead to memory shortage after a number of connects/disconnects. [CSCdi26664]
EXEC and Configuration Parser
•This bug allowed users to associate a 'map-group' with any interface. It didn't cause problems/bugs, but created some confusion. The fix is to disallow use of the 'map-group' command on all but ATM interfaces. [CSCdi27085]
•Performing a write terminal when the router is low on memory may cause a router reload. [CSCdi27503]
•If you choose the default value for packet rate on a frame-relay broadcast-queue, the broadcast queue will resort to all default values when the router is rebooted. Workaround is to choose a packet rate other than the default which is 36. [CSCdi27784]
•When entering a? in configuration mode on a 2500 running from flash, a reload occurs. [CSCdi28258]
IBM Connectivity
•A reload may occur when changing bridge protocol from IEEE to IBM. [CSCdi25477]
•Buffers misses may cause QLLC session to hang if the size of reassembled QLLC message units exexceeds 1500 byte. [CSCdi25557]
•Some patterns of QLLC traffic might cause a Cisco 2500, Cisco 3000, or Cisco 4000 router with a 2T network module to reload. [CSCdi26308]
•Setting the llc2 ack-max parameter to value n actually causes router to acknowledge every n+1 packets. Since this value cannot be set to zero, this makes it impossible to tell the router to acknowledge every packet. [CSCdi27034]
•This will be fixed in a future maintenance release. Until that time, AIP interfaces which route packets thru CIP interfaces must be confugured for process or autonomous switching. This will be fixed in a future maintenance release. Until that time, AIP interfaces which route packets thru CIP interfaces must be confugured for process or autonomous switching. [CSCdi27052]
•The rsrb remote-peer lsap-output-list and rsrb remote-peer netbios-output-list commands are not working in the 10.3 code tree. [CSCdi27301]
•A router token ring interface which is configured for Source-Route Bridging will insert into a ring with a different ring number, and will attempt to forward Source-Route Bridge frames based on its incorrectly configured ring number. Correct behavior would be to shut down the interface which is incorrectly configured. [CSCdi27354]
•Under heavy load, QLLC may incorrectly drop buffers containing packet fragments. This will necessitate unnecessary retransmissions. With debugging turned on, the user may see a misleading message during this problem: "Ran out of memory allocating a fragmented SDLC buffer!" [CSCdi27388]
•If for some abnormal reason the remote x25 peer resets the virtual circuit used for the QLLC session, the command clear x25-vc needs to be used to restore connectivity. [CSCdi27470]
•Due to an error in parsing the configuration file, the router will not accept sdllc xid or sdllc traddr commands upon router reload, even though these commands show up in a show config output. Workaround is to re-enter these commands manually in configuration mode after the box has come up - the commands will then remain in effect as normal until the next router reload. [CSCdi27513]
•The use of the fast explorer feature in conjunction with the SRB over FDDI capability can cause the router to reload. The reload should not be seen in any other SRB environments. [CSCdi27652]
•This adds Support for SRB over FDDI. [CSCdi27693]
Interfaces and Bridging
•Enabling SSE switching in situations where there are many thousands of IP cache entries can cause periodic high CPU utilization. The utilization is annoying, but not normally not debilitating. In extremely large cache situations, or in early versions of 10.2, the effects are more pronounced. [CSCdi23856]
•Configuring the router subcommand priority-group 1 to the PCbus interface causes the interface to go down. Removing this command allows the interface to recover. [CSCdi24563]
•If bridging is enabled on an SSP but SSE bridging is not used, and SSE routing is used for a protocol, then the SSP can route packets which appear on the local LAN but which were not intended to be routed by the router. [CSCdi26048]
•The following platform types are not included in the banner for FIJI II with daughter card: AP-EBC for Ethernet FIJI II, and AP-RBC for token ring FIJI II. [CSCdi27070]
•[CSCdi27096]
•This version will not be included in 10.0(7). This is because there was not enough time to test it completely before the throttle build, but it had to go in for a major customer (Sprint). It is in 10.0(6.4), and should go in 10.0(7.1). [CSCdi27187]
•Using ip accounting<CmdBold> and ip route-cache sse<CmdBold> will cause incorrect accounting results. [CSCdi27289]
•Silicon switched bridging could cause infrequent crashes after flushing the cbus bridge cache. [CSCdi27293]
•Attempting to configure SSE bridging on a serial interface corrupts CxBus data structures, resulting in various errors. SSE bridging on serial interfaces is not currently supported. [CSCdi27322]
•When using the Clear Interface command, for a serial interface, on the the 4000, the system will automatically send back an unnecessary traceback. The traceback(s) are only detectable when the Debug Serial Interface is turned on. [CSCdi27597]
•The system does not support LNM for pcbus interfaces. [CSCdi27807]
IP Routing Protocols
•In 10.2 and 10.3, arp entry is unconditionally refreshed. It resulted in arp request being sent regardless if no arp arpa is configured. This fix solves the problem and only do the refreshment if no arp arpa is not configured. [CSCdi26188]
•Router may reload unexpectedly when interface command no ip pim mode is issued, and System was restarted by error - Jump to zero may be displayed when show version is issued. [CSCdi26823]
•PIM packets may be mis aligned on the 4500, resulting in invalid values in the packets. [CSCdi27210]
•Under certain conditions the RPF lookup for the RP will use the gateway of last resort because it is looking up the route to 0.0.0.0 rather than the RP address. [CSCdi27211]
•a cosmetic bug where from a unix computer, an rsh was initiated to a cisco router, the final line didn't have a newline so made the output messy.
no workaround. fixed in next release. [CSCdi27246]
•When IGMP and HSRP are used on the same ethernet interface of the Cisco high end systems, packet duplication occurs. [CSCdi27460]
•Invalid IPX EIGRP routes persist after a topology change. [CSCdi27623]
•Doing a clear ip route *<CmdBold> with a sufficiently large routing table will generate CPUHOG messages. [CSCdi27886]
•The command ip route-cache same-interface<CmdBold> should be enabled by default for HDLC and PPP encapsulations. [CSCdi27887]
•For OSPF non-backbone area which has multiple connections to the backbone, if serial link within the non-backbone area flaps, a race-condition could happen so that a host route is created within the non-backbone area and points to the wrong direction. This will resulted in a routing loop.
This host route is an inter-area route created from one of the summary LSA, which should be flushed already but is not, advertised by one of the area border router.
Doing clear ip route will not correct the situation as the summary LSA will cause the host route being inserted to the routing table again. The only workaround is to restart the OSPF process on the area border router.
This fix correct the problem by flushing the summary LSA correctly in 10.0, 10.2 and 10.3. [CSCdi27987]
ISO CLNS
•When a Level1/Level2 router (ISIS) has connectivity to another area via a redistributed prefix route, the attached bit is not set in the Level1 LSP packet. This event prevents Level1 routers from using the Level1/Level2 routers to reach other areas. [CSCdi27560]
Novell IPX, XNS, and Apollo Domain
•when using IPX SAP filter using wildcard character '*', the last character before '*' is ingored. For example, given the access-list access-list 1000 permit -1 0 SAN* Server SAM should be denied, but it is accepted. [CSCdi27294]
•The ipx watchdog-spoof command is written to non volatile memory before the dialer commands are written, upon a reload the system will complain about DDR not being enabled and will not enable watchdog spoofing. Instead of enforcing watchdog spoofing on dialer configured interfaces allow spoofing on all serial or dialer interfaces. [CSCdi27326]
•The hop count values for the static routers are set incorrectly after the interface go through the transition. This occured with eigrp-ipx. Has been fixedin later releases. [CSCdi27557]
•There is a memory race condition that can cause the router to crash when show novell server command is entered. This behavior is not consistant but it happens more often for large IPX network. [CSCdi27622]
Protocol Translation
•The quiet option in the translate command is not properly handled over serial lines configured for x.25 in versions 10.0 and 10.2 IOS. [CSCdi27086]
TCP/IP Host-Mode Services
•Packets forwarded by the any-local-broadcast option of ip forward-protocol spanning-tree fail to be fastswitched on the 7000 and AGS+ [CSCdi27257]
•On a 7000 router, some interfaces configured for udp broadcast flooding may get skipped causes broadcasts not to get forwarded. [CSCdi27258]
•In 10.0(7) only, the router will not forward a UDP directed broadcast packet. This causes ip helpering to fail if a directed broadcast address is configured as the ip helper address. [CSCdi27280]
•When the sequence number for a TCP connection grows so large that the right edge of the window rolls over to zero, the usable window size calculation fails to calculate the correct usable window size. [CSCdi27537]
•On an AGS+ router, some interfaces configured for udp broadcast flooding may get skipped causing broadcast on those interfaces to not be forwarded. [CSCdi27703]
•UDP turbo-flooding on an AGS+ router can cause a software forced crash. [CSCdi27709]
•Turbo-flooding of UDP packets from FDDI to any media may result in mis-aligned packets. [CSCdi27773]
VINES
•When a neighboring system changes MAC addresses between RTP or SRTP routing updates, the system may unexpectedly halt. A neighboring system may change MAC addresses for any number of reasons: swapped interfaces, started up Decnet, or mac-address interface command was used. Issuing clear vines neighbor on the system can prevent the system halt. [CSCdi27038]
•This problem occurs only with low end router. When a VINES frame is forwarded from a SMDS interface to another interface, it grows by 4-7 bytes. This happens because the SMDS padding and trailer are not accounted for when computing the size to be transmitted. This is a minor problem, as most end hosts don't care about the physical size of the packet; they only look at the VINES IP packet size. [CSCdi27093]
•Connectivity to remote servers running SRTP may be unexpectedly lost. This occurs when the router is rebooted and comes up after the remote server has marked the route to the router as bad but before the remote server has completely flushed the route out of its network table. This condition can be corrected by issuing the command clear vines neighbor * on an intervening neighbor router. [CSCdi27374]
Wide-Area Networking
•Improved the negotiation time of PPP encapsulated ISDN call setups over the BRI interface. [CSCdi21126]
•This was a bug where users could issue 'no atm aal aal3/4' while still having an AAL3/4 configuration on the interface. The problem is solved by disallowing the 'no atm aal aal3/4' command until the user has removed all other AAL3/4 specific configuration commands:
These include: atm pvc n n n aal34smds atm smds nnnn.nnnn.nnnn.nnnn atm multicast nnnn.nnnn.nnnn
All of these commands must be removed before the 'no atm aal aal3/4' command is accepted. [CSCdi23430]
•When entering the isdn caller interface command and the same number is entered, the entry is duplicated. [CSCdi24295]
•Routing by NSAP (for CMNS) doesn't work. [CSCdi25326]
•Addition of new ISDN user configuration option. Within an interface context the user can select the isdn configuration option "isdn not-end-to-end".
This will allow incoming calls to be accepted at a speed of 56K, even though the network has indicated a speed of 64K, provided that the network stated the call was not isdn end to end. (Refer to "debug isdn event" information to see if incoming calls have this information). [CSCdi26477]
•When making an unsuccessful ISDN call immediately following a successful ISDN call to a different number, the system repeatedly reports that the earlier successful call was hung up. [CSCdi27015]
•X.25 is sending duplicate broadcast datagrams over maps that can carry broadcast traffic. [CSCdi27057]
•When leaving XRemote or PPP protocol modes on a Cisco 2509, Cisco 2510, Cisco 2511, or Cisco 2512, a short burst of what looks like noise may be received. The next user on the line may also see this data. May also show up as a user seeing typein from the previous user of the line at the "Username" prompt. [CSCdi27266]
•In Async DDR situations where the needed chat script can not be found, the Async line will never be dialed again. Configuration must ensure that the required chat scripts for dialout are defined in the system. [CSCdi27334]
•Dynamic maps created by inverse arping on a dlci may cause static maps to be removed from the working configuration of the remote system. The dynamic maps will then take precedence over static maps. [CSCdi27375]
•When a 4000 or a 4500 places or receives a call on a serial line, the line goes up, then down, and then up again, instead of going and staying up. The router then believes that the call is an incoming call. This happens only with the Hitachi HD64570 serial controller; the Mostek MK5025 works fine. [CSCdi27742]
•[CSCdi27924]
•In the 7000 series, using the MIP card for channelized T1 (12 timeslots) with a multipoint frame relay circuit, broadcasts may not be sent to the dlci's. This issue has been resolved. [CSCdi27954]
10.2(1) Caveats/10.2(2) Modifications
This section describes possibly unexpected behavior by Release 10.2(1). Unless otherwise noted, these caveats apply to all 10.2 releases up to and including 10.2(1). For additional caveats applicable to Release 10.2(1), see the caveats sections for newer 10.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.2(2).
AppleTalk
•The system has received CPUHOG error messages while running ARAP. This causes to have a slow response time. [CSCdi21948]
•Issuing the no appletalk glean command on Phase I AppleTalk interfaces causes AppleTalk ARP to fail. To avoid this problem, do not issue this command. [CSCdi24698]
•The command "show interfaces accounting" incorrectly displays the output byte count. [CSCdi24717]
•Shutting down an interface may generate an assertion failure in the ZIP process. System functionality is not affected in any way. [CSCdi24855]
•This DDT will add the new command appletalk rtmp jitter<CmdUnbold> which will allow a user to introduce "jitter" into the RTMP update interval.
Jitter is useful to avoid convergence of RTMP routine update events in a large network after a long period of time. In large networks, especially "spoke-and-hub" topologies, it is possible that RTMP routing update events will start to synchronize in such a way that rather than routing updates being sent at various points in time during a 10-second interval by various routers in the network, most of the routers in the network will send their RTMP routing updates at the same time as most other routers in the network. This results in heavy packet loads on routers which have many neighbors in the routing topology.
This condition can be avoided by configuring the routers which are most central in the network topology with a jitter of 20 to 30 percent; ie, RTMP updates will be sent anywhere from 7 to 10 seconds after the last routing update has been sent, rather than every 10 seconds. [CSCdi24959]
•There is a need for ARAP users to be able to calculate the time for the each session. [CSCdi25027]
•System crashes at ether_extract_addr and atalk_input. Workaround is to turn off appletalk gleaning by putting a configuration command 'no appletalk glean-packets'. [CSCdi25070]
•Memory gets fragmented when AppleTalk is turned on. [CSCdi25115]
•CSCdi25131 corrects a mis-printing of the AppleTalk composite route metric whereby very large route metrics would be printed as negative numbers.
CSCdi25131 also adds the following commands:
clear apple interface<CmdUnbold>
This command will clear and reset the current state of an AppleTalk interface without resetting the underlying hardware interface. If you want to reset or restart the underlying interface or protocol, you should use the command clear interface<CmdUnbold>.
clear apple route-cache<CmdUnbold>
This command will clear the AppleTalk fast-switching cache. Previously, the command clear apple arp<CmdUnbold> was used to clear both the AppleTalk ARP and fast-switching caches simultaneously. [CSCdi25131]
•This fixes an error which would cause the router to crash if AppleTalk/EIGRP were started, stopped and restarted on a router. [CSCdi25132]
•Nonextended AppleTalk fastswitching on HDLC-encapsulated serial interfaces is unexpectedly set up for fastswitching. Fastswitching is not supported under these conditions and fastswitching will not operated correctly. Workaround is to issue to no appletalk route-cache on these interfaces. [CSCdi25181]
•AppleTalk neighbors should be notified with an AppleTalk static route is removed from the configuration. [CSCdi25227]
•Deconfiguring appletalk with proxy nets configured can cause the system to crash. [CSCdi25304]
•When a route comes back to us from "Notify Neighbor", or "Deleted" state, the router should assume that it is a new route and therefore clean the zone list. [CSCdi25458]
•AppleTalk ports can get stuck in the restart state when system uptime is greater than 24.85 days. There is no workaround; you must reload the system. [CSCdi25482]
•ARAP causes the system crash if the session uses v42 bis. [CSCdi25686]
•ARAP authentication fails if the user name is greater that 20 characters. The arap authentication structure only leaves space for 20 characters of a possibly 34 byte username. [CSCdi25778]
•Global Appletalk ARP commands have a side effect of changing the router ID number for AppleTalk Enhanced IGRP. There is no workaround. [CSCdi25786]
•ARAP session disconnect potentially due to excessive traffic. As the traffic increases on the async line the TICKLE may get discarded. [CSCdi25908]
•The exec commands show appletalk eigrp events<CmdUnbold> and show appletalk eigrp sia-events<CmdUnbold>. These commands will display the past 500 AppleTalk/EIGRP events which have occured on a router.
The global configuration command appletalk rtmp gc-interval<CmdUnbold> has been added to allow users to configure longer intervals between AppleTalk RTMP route garbage collections. Increasing the RTMP garbage collection interval can decrease the CPU load on a router running AppleTalk RTMP which is experiencing route flapping, but users should be aware that increasing the garbage collection intervals results in the AppleTalk RTMP process keeping process memory which could be returned to the system free list immediately for a longer time. [CSCdi25924]
•The "show apple route #" command will always display that the path is derived from RTMP. Although the path could have come from other protocols (ie. STATIC, AURP, etc). [CSCdi26039]
•If AppleTalk is started after the router has been up for more than three weeks, RTMP updates will not be sent out of the router.
The workaround to this is to enable AppleTalk before the router has been up for three weeks, or to reboot the router before enabling AppleTalk. [CSCdi26137]
•When an AppleTalk distribution list is defined with at least one zone entry and no network entries, it is necessary to include access-list numberpermit other-access as part of the access-list. Otherwise, improper filtering of routing updates occurs. [CSCdi26233]
•Frames that are sent out a fastswitching-enabled interface should be fastswitched regardless of the state of fastswitching on the input interface. However, frames are unexpectedly process switched on input interfaces other than Ethernet. This can be avoided by enabling fastswitching on the input interface. [CSCdi26425]
•ZIP GetNetInfo Request packets that contain the zonename, '*', are not correctly handled. Some printers generate this type of request when starting. There is no workaround. [CSCdi26491]
•The commserver may crash after is configured for ARAP. [CSCdi26579]
•Heavy network traffic during startup will cause arap session to fail. [CSCdi26667]
•ARAP generates and error message for every getbuffer failure it encounters. This fills up the log files rather quickly. [CSCdi26759]
•When starting ARA from the EXEC prompt and using ARA 1.0, if the first characters of an the MNP4 start packet are lost, ARA will not start. Workarounds are to use ARA 2.0, or insure the charaters are not lost. [CSCdi26835]
Basic System Services
•Flash error messages get displayed on the terminal, but not logged. [CSCdi13547]
•MIB variable ipRouteProto reports EIGRP as IGRP and IS-IS as OTHER protocol. IS-IS is part of RFC1213 describing ipRouteProto variable EIGRP is added. [CSCdi20825]
•[CSCdi23952]
•The optional size parameter in the command logging buffered size does not always get removed when no logging buffered is issued. This leftover parameter can cause an otherwise correct configuration to become invalid.
This can be avoided by always issuing the command logging buffered immediately before issuing no logging buffered to turn off buffered logging.
Cisco systems expects to resolve this behavior in a release after release 10.2 [CSCdi24315]
•The implementation of the SNMPv2-MIB does not include support for the snmpORTable. Since the snmpORTable is what management applications will use to determine what MIBs are supported by an agent, it should be implemented. [CSCdi24632]
•Although transparent bridging may be configured on the igs-g-f image, these commands will have no functional effect on the router; transparent bridging is not supported by the igs-g image. [CSCdi24696]
•The communication server does not do Telnet if the /line or /stream switch is used with rlogin. The communication server also does not fall back to Telnet protocol if the destination port is anything other than RLOGIN in the rlogin command. [CSCdi24813]
•The Terminal Server crashes if an IP address is specified for network connection to a remote host, at the CS> prompt or in the Connect IP-addr command. The crash would occur if 'rlogin' is the preferred transport protocol for outbound network connections on the user's line. [CSCdi24931]
•The extensions of Show Buffers is unnecessarily available to non-privileged users. [CSCdi24956]
•SNMP MIB variable ciscoContactInfo does not have the new San Jose address. The Menlo Park address is used. [CSCdi25141]
•Excessive processor utilization can result from the tty_background process running more than once per second due to a timer error. This also results in keepalives being sent more often than the configured keepalive interval. This has been observed on systems with an uptime of greater than 49 days. [CSCdi25372]
•MIB variable sysServices does not return correct value for application (0x10) instead of 0x07 as described in rfc1213. [CSCdi25442]
•The novell MIBs were implemented initially in the cisco OID space. They need to be in the Novell OID space now that the MIB variables are standard and under control. [CSCdi25848]
•Router restarted due to bus error in SNMP code when getting a ipRouteEntry MIB variable. [CSCdi25976]
•MIB variable locIfCollisions is not returning the same value as "show interface" It reports the value as 0. [CSCdi26063]
•cs-500 may unexpectedly pause indefinitely at reload. [CSCdi26301]
•Copy tftp flash not operational for subset image in IOS 10.2. [CSCdi26875]
•A protocol translator could get into a telnet TTY-TYPE negotiation loop with a device that does not negotiate TTY-TYPE. [CSCdi26990]
EXEC and Configuration Parser
•Dialer maps for DECnet do not display properly when you issue a write terminal command. [CSCdi23564]
•The old form of the frame-relay lmi-type ansi interface subcommand, frame-relay lmi-type Annex D is not accepted by the parser. This can cause an interface to use the incorrect form of LMI after an upgrade from a software version earlier than version 9.21. [CSCdi24881]
•Even if configured with exec-character-bits 8, user typin to the exec prompt is echoed and interpretted with the 8th bit cleared. [CSCdi25148]
•When no default-information originate is used to stop originate a default route, it is possible that the default LSA, for OSPF and ISIS, is not cleaned up and still stick in the database.
This fix solves the problem for 10.0 and 10.2 [CSCdi25268]
IBM Connectivity
•A disconnect issued by the FEP is not answered and causes the PU inactivation to last a few minutes until the timeout expires. [CSCdi24726]
•On a Cisco 4000 router, when the debug qllc packet<NoCmdBold) is enabled, incoming QLLC XIDs are displayed incorrectly. The XID type and identifier string are displayed twice. The first display is incorrect, but the second display is correct. [CSCdi24842]
•Problem description:
The new configuration command qllc npsi-poll was added to support PU2.0 devices on the LAN side, where the upstream device is a FEP running NPSI. The LAN attached devices start up by sending an XID NULL upstream. If this reaches the FEP, the FEP assumes it is connecting to an NT2.1 device, and responds with its own NULL QXID. If the secondary then sends XID Fmt 0 Type 2, the FEP will clear the call because it cannot switch to PU2.0 support once it's running PU2.1.
This problem does not occur with the AS/400 as the upstream device on the X.25 interface.
To resolve this a new command
qllc npsi-poll <virtual macaddr> is introduced
Use this command only when 1) The upstream device is a FEP running NPSI, and 2) The downstream device is a PU2.0.
The effect of this command is to intercept any NULL XID packets that the router receives on the LAN interface and to send a NULL XID packet back to the downstream device. It continues to allow XID Fmt 3 and XID Fmt 0 packets through the the X.25 device. [CSCdi24970]
•Some endnodes don't respond to an IEEE XID command. This can cause entries in the router RIF table to prematurely age out. Future releases will handle this unusual interoperability circumstance by adding a configuration command.
If the configuration command rif test-explorer is set, an IEEE TEST command will be used for finding the routes.
NOTE, the in 10.3 and later using of IEEE TEST command is the default behavior.
In 10.3 and later, the configuration command rif xid-explorer can be used if there is a need to use IEEE XID commands for finding the routes. [CSCdi26687]
•QLLC componenet was missing from some early releases of 10.2 FRAD images. If you try to use a QLLC command and the router does not accept it then this my me your problem. You must get a new release that was built properly. [CSCdi26926]
•The router can reload if the command source-bridge ring-group n is configured then immediately removed from the configuration. This behavior has only been observed in the igs-dr-l 2500 image. [CSCdi27195]
•With either IP/IBM or IP/IPX/IBM subset images, RSRB(remote source route bridging) is not forwarding all routes explorers on 2500, 4000 and 4500 platforms. [CSCdi27590]
Interfaces and Bridging
•On AGS/AGS+/MGS/CGS routers the show controller mci and show interface serial commands erroneously display the state of serial interfaces' RTS, CTS, DTR, and DSR lines. Since the MCI controller cannot actually detect the state of those signals, they should not be displayed. [CSCdi15343]
•MTU larger than 18000 on the low-end reloads the box. [CSCdi19751]
•A STUN multipoint link with 4700 ALA controllers drops connection. When an IBM 4700 ALA polls for the first station, it polls for the second station as soon as it gets a reply. While the IBM waits for a reply from the second station, the first station loses the session. [CSCdi20511]
•Attempting to flood out a giant packet can cause the router with bridging configuration reload. [CSCdi23388]
•The command show controller serial X on a 4000 with 4t NIM card does not display correct information. [CSCdi23470]
•In order for the routers to work with true SDLC Multidrops using IBM or IBM compatible modems and telco lines, you need to tie DCD to DSR on the remote modem connections to the PU device. This is a workaround. [CSCdi24194]
•Quad port serial NIMS on the 4000/4500 do not properly report themselves as being valid. [CSCdi24320]
•Under high process-switched traffic load low-end platforms may build up the input queue counter. [CSCdi24497]
•If a modem hangs up while the cisco is in the process of implementing a user's slip or ppp command, the cisco can fail to properly reinitialize modem control on that line, causing the line to be unusable until cleared, and appear "dead" to subsequent dialin users. This is most likely to happen if an extended tacacs server is delayed in responding to the xslipaddr or xslipon messages. [CSCdi24676]
•When receiving DECnet control packets of an unidentifiable type (usually illegal), the interface can saturate its input buffer space resulting in the interface's being unable to receive additional packets. The input queue (displayed with the show interface command) will show n+1/n packets, where n is the size of the input hold queue. [CSCdi24993]
•10.2(1.1onwards) will fix all the following problems found in earlier 10.2 releases.
1)Multimode optical bypass not working with FCIT/FIP. 2)Single-mode not coming up. (FCIT/FIP). 3)Single-mode optical bypass not working with FCIT/FIP [CSCdi25479]
•The G.703 version identification is missing from the Cisco 4500. [CSCdi25997]
•Hitachi based serial ports may not transmit under severe load, resulting from the under-run interrupt not being properly enabled [CSCdi26209]
•This bug was found in the priority packet path( Eh: keepalives, bpdus etc). Holdq_enqueue can fail also due to the lack of available Q elements, in addition to the normal case when the Q becomes full. In such a case, make sure if a tail is present before unqueueing it to accomodate the current priority packet. If there is no tail, just flag failure.
The crash occured since there was no check for the valid tail. [CSCdi26417]
•A static bridge table entry including a frame relay DLCI is written to NVRAM in an incorrect format. The entry is not used upon reload if stored in this manner. A workaround is to configure the static bridge table entry in a host configuration file booted from network at boot time. [CSCdi26433]
•Routers connected to a MIP card (Channelized T1) on a 7000 were unable to use the autoinstall capability. This was due to MIP cards not responding to cisco HDLC SLARP requests. [CSCdi26546]
IP Routing Protocols
•When load-balancing IP traffic over multiple equal-cost paths, the system's routing table might reach an inconsistent state, leading to a system reload. Before the inconsistent state is reached, the system must have three or four equal-cost paths for a particular route. A routing update must then be received that causes the system to replace those paths with fewer (but still more than one), better metric paths. This route must then become used for further locally generated traffic. This problem is most likely to be seen after an interface flap (that is, after an interface's line state goes from up to down to up again) in an environment where there are redundant, but not symmetric, interconnections between routers. The problem also seems more likely in FDDI environments, where interfaces flap before fully coming up. These flaps can result in multiple back-to-back routing table changes. [CSCdi20674]
•If a UDP broadcast is sent as a physical layer unicast, it will be forwarded even if the protocol is not enabled for forwarding. [CSCdi23360]
•During IGRP to EIGRP migration, IGRP will only install a route in the routing table if it has a better metric than an EIGRP external route. The metrics are compared by converting the IGRP metric into EIGRP format and matching against the IGRP route (not the external metric).
EIGRP must do the same before adding external routes to the routing table. It must look up the IGRP route in the routing table and compare metrics.
This occurs only for external routes created by an EIGRP process with the same AS number as the IGRP process adding the route. [CSCdi23765]
•If an async interface is not configured for routing, or does not have routing turned on via the /routing switch, routing updates received on that link will be discarded silently, even with debugging enabled. [CSCdi23919]
•Using a 'route-map' to set the origin code of an aggregate entry has no effect. [CSCdi24252]
•$IGNORE
just a typo fix. [CSCdi24541]
•This bug is introduced in 9.21. It happens when tthe router has RIP running on interface that use the ip unnumbered numbered-interface command. If numbered-interface has the ip broadcast command configured, the peer router will not get the RIP update. The workaround is to remove the ip broadcast command from the numbered-interface.
This fix provides a complete solution for 9.21 and later versions so that the ip broadcast<NoBold> will not cause the problem again. [CSCdi24719]
•EIGRP, when it retransmits a packet on a Frame Relay network, the packet is replicated and sent to all neighbors where in fact it needs retransmission to only a single neighbor.EIGRP sends Sequence TLVs on NBMA nets when it does not need to. [CSCdi24733]
•$INGORE [CSCdi24748]
•The BGP subcommand suppress-map keyword of the aggregate-address is parsed incorrectly. [CSCdi24809]
•For the route 0.0.0.0, there used to be a * appear besides it in the output of show ip route. It signals that 0.0.0.0 is always a candidate default route. However, in earlier releases of 10.0 and 10.2, this * is missing, although the 0.0.0.0 is still consider as candidate when calculating gateway of last resort. It might cause some confusion to the customer. This fix solves the problem for 10.0 and later versions. [CSCdi24902]
•If a packet to be fast-switched is destined to an illegal network (official martian network) we will create but then not install a route cache entry. This causes a memory leak in IP input. [CSCdi24995]
•Parameters for the aggregate address command must be entered in a very specific order. A workaround is to use the "?" parser directive to learn what parameter is next expected. [CSCdi25058]
•On an interface with secondary addresses the router replies to ARP requests with the primary address only. [CSCdi25069]
•[CSCdi25116]
•When route summarisation is disabled, ie when changing from aggregate-address x.x.x.x m.m.m.m summary-only<CmdBold> to aggregate-address x.x.x.x m.m.m.m<CmdBold> and issuing clear ip bgp x.x.x.x<CmdBold>, may still result in routes being suppressed. [CSCdi25128]
•If the traffic share min<CmdBold> configuration command is in use, (which should ensure the traffic is distributed across routes with minimum cost, in the event of multiple paths), then if a new better route is acquired, it is not used. [CSCdi25133]
•When using FDDI as the only interface for the backbone area of OSPF, it is possible that the router fails to recognized itself as an area border router even if it is configured for more than one area under some wierd conditions. So the router will fail to perform the duty of area border router like originating summary LSA. No simple workaround is available. This fix the problem for 10.0 and later version. [CSCdi25198]
•OSPF may repeatedly retransmit a link-state advertisement with an incorrect checksum. [CSCdi25269]
•EIGRP route communication on startup is not complete for all three EIGRP protocols. This results in missing routes. [CSCdi25328]
•This bug is introduced by the fix of CSCdi24902. When specifing a 0.0.0.0 static route to interface, for example, ip route 0.0.0.0 0.0.0.0 null 0, then 0.0.0.0 is not considered in the default route calculation as it used to be.
This fix resolve the problem. [CSCdi25453]
•a summary route is advertised on an unnumbered serial when EIGRP is configured on a single subnetted major network. Use no auto-summary as a workaround. [CSCdi25562]
•Add additional checks on incoming BGP update messages to insure that we catch improperly formatted messages and report them as such. [CSCdi25784]
•OSPF memory leak occurs on Area Border Routers that have to generate summary ASBR LSA's into the backbone for the non backbone area they are connted to . This applies to version 10.0 and later. [CSCdi25820]
•$IGNORE [CSCdi25955]
•Pings to secondary addresses fail if the secondary address is configured on a different interface than the one on which the packets arrive. In this case, the secondary address is mistakenly added to the IP route cache, which causes the problem. The workaround is to disable fast switching on the interface the has the secondary address configured using the no ip route-cache command. [CSCdi26022]
•The dynamic priority changes only become cumulative when one uses the extended form of the 'standby track' command. standby track if if-priority
•The optional argument specifies how much to decrement the HSRP priority by when that interface goes down. When multiple tracked interfaces are down, these configured priority decrements are cummulative. If tracked interfaces are down, but none of them were configured with priority decrements, the default decrement of 10 is used, non-cummulative.
Administratively down interfaces are now considered to be down not up by the 'standby track' command. [CSCdi26090]
•This bug is introduced in CSCdi23360. It affects both 10.0 and 10.2. It cause the router not to forward any UDP broadcast even though it is configured to do so, for example, by ip helper-address.
This fix solves the problem. [CSCdi26426]
•In 10.2, configuring ospf over lex interface will crash the box. No workaround is available.
This fix solves the problem for release later than 10.2(1.4). [CSCdi26429]
•Packets with a TTL of 128 or greater whose TTL values are checked on systems with 68000 processors are bounced with the message "ICMP Time Exceeded." The cases that are not affected are SSE switching, autonomous switching, and most high end fast switching (TTL checked by microcode). The case that is affected is switching on low-end routers. Notably, our ping and telnet implementations send packets with a TTL of 255. Normal hosts generally use a smaller TTL. This bug was introduced in IOS Release 10.2(1.6); it was resolved a few days later in Release 10.2(1.7), and Release 10.2(1.6) was then removed from /ftp and CIO. [CSCdi26799]
•Unexpected behaviour could result when a router's Multicasting table is queried by SNMP. This problem has been resolved in 10.2(1.7). [CSCdi26824]
•There is a memory leak in the router if you poll the IP forwarding table via SNMP. This problem was introduced in 10.2(1.4). [CSCdi26942]
•Router reloads when configuring the commnd ip dvmrp metric 1 static [CSCdi26975]
•Config-net causes a race condition with ospf resulting in loss of of some ospf routes. [CSCdi27016]
•$IGNORE
Add new bgp router-subcomand common-administration as-number Use this knob to configure AS that needs to be considered to be under common adminstration. Neighors in the AS under common Adminstration will receive MED, Local preference and Next-hop values like an internal neighbor.
Also add set prepend as-path. This new route-map set command will allow arbitrary AS-path to be prepended to AS-PATH attribute. It could be used for BGP4 updates via the outbound and inbound route-maps. [CSCdi27021]
•show ip cache pfx mask doesn't zero out the pfx dontcares. [CSCdi27025]
ISO CLNS
•When a self-generated LSP is received from the net and it appears newer than router's own. If anything other than LSP fragment 1 is received this way, IS-IS attempts to regenerate fragment 1 with this new sequence number. This may cause the IS-IS to regenerate LSP with wrong sequence number. [CSCdi20806]
•If the DR generates a new set of LSP fragments and if, as a result of there being less info to stuff into the LSP, there are less LSP fragments generated, the old high-numbered fragments will not be flushed. This may cause IS-IS not to flush DR LSPs. [CSCdi20807]
•This bug is introduced in 9.21. When tunneling CLNS over IP with GRE, bogus message about bad nsap length is generated by debug tunnel. It is only a cosmetic bug and there is no impact on the normal operation. This fix get rid of the bogus message for 10.0 and later version. [CSCdi25544]
•Some particular pattern of exchange of ESIS and ISIS hello packets can cause the router not to carry out the DR election correctly. The customer may either find the router which is the DR itself do not update its non-pseudo LSP to point to its pseudo LSP, or find that fail to elect itself and thus do not originate pseudo LSP totally. Usually, reconfigure ISIS will solve the problem.
This fix resolves the problem for 10.0 and 10.2. [CSCdi25656]
•The clns fastswitching from FDDI to Ethernet on a different MCI interface is broken. The last byte of the fastswitched packet is corrupted. The only way to prevent corruption is to turn off fastswitching on FDDI.
The fix solves the problem for 9.1, 10.0 and 10.2. [CSCdi25950]
Not defined
•In LAT to PAD (X25) translated sessions, a CTRL-S followed by the entry of any character can sometimes cause a continuous stream of empty LAT messages, causing a session disconnect. [CSCdi24491]
Novell IPX, XNS, and Apollo Domain
•When an IPXWAN link is initializing or is down for one reason or another
ipx router rip no network 0
will appear in the "write terminal" display, if a write memory is done then this will appear in the non-volatile memory configuration file as well. This has no side-effects other than an error message when the "no network 0" is parsed fron non-volatile memory at system startup. These commands are removed from the write terminal output when the IPXWAN link is fully established. [CSCdi24336]
•The rsup-only keyword of the ipx sap-incremental command cannot be used on subinterfaces. [CSCdi24492]
•$IGNORE [CSCdi25349]
•The IPX Enhanced IGRP distribute-list command allows standard access lists only (access lists whose numbers are 800 through 899) only. It should also allow extended access lists (numbers from 900 through 999). [CSCdi25895]
•The token ring XNS encapsulation keywords '3com-tr' and 'ub-tr' were not being accepted by the router, but '3com' and 'ub' are. However, on 'write terminal' or 'write memory' the router would generate '3com-tr' and 'ub-tr', making the keywords not be recognized on the next reboot. [CSCdi25941]
•IPX SAP/ISO encapsulation frames over Token Ring on a CTR or Cisco 7000 that are being sent to an FSIP or HSSI interface are corrupted if the Token Ring frames contain a Routing Information field. There are two workarounds to this problem: (1) Run SNAP encapsulation on the Token Ring, or (2) Issue the no ipx route cache command on the serial interface. [CSCdi26154]
•Novell Official Ping protocol does not work when the ping is tarted from a Novell device to cisco device, but does work when the ping is started from a cisco to Novell device. [CSCdi26239]
•When IPX autonomous switching is enable, router may reload with message "Multibus timeouts". [CSCdi26663]
•Memory corruption by SAP ager can cause the router to crash or can also create weired problems. This has been fixed in later releases of software. [CSCdi26760]
•There seems to be a condition where servers that should be far down in the SAP list remain at the top of the list, even though their tick and hop count may be higher than like SAP-types in the list.
The temporary workaround:
1) Issue the following global config. command, in order: no ipx sap-uses-routing-info ipx sap-uses-routing-info [CSCdi26827]
TCP/IP Host-Mode Services
•The configuration command ip tcp path-mtu-discovery doesn't work. [CSCdi12488]
•User Datagram Protocol (UDP) broadcasts can be flooded even if TTL checks fail. [CSCdi22568]
•If the printer option is applied to a translation from an ip address also used for other non-printer translations, connections to those other translations may fail. A workaround is to ensure that printer is used on either all or none of the translations sharing a "from" IP address. [CSCdi23757]
•this problem appears when using a non-cisco and rsh'ing to a cisco. the rsh session never terminates. the TCP remote shell process on the cisco stays on the process queue.
there is no workaround.
fixed in the next release. [CSCdi25483]
•boot system rcp filename ipaddr is broken. workaround is to use boot system tftp filename ipaddr.
fixed in next release. [CSCdi26206]
•The size of the TCP receive window offered on connections created by RSRB should be configurable for each connection. This requires the additional option tcp-receive-window size for the source-bridge remote-peer command. [CSCdi26327]
•Under heavy RSRB traf via TCP encap, the TCP queue backs up on the sending side to a abnormally high value as seen in the output of "sh source-bridge" This could cause End User interactive traffic like 3270 session to have increased response time. This problem was found in 10.2(1.4) and has been resolved in 10.0(6.1) and 10.2(6.1). [CSCdi26501]
•When using the UDP broadcast turbo-flooding feature on a cisco 7000, interfaces that should receive copies of the broadcast packets may not. [CSCdi26749]
VINES
•The VINES RIF cache becomes corrupted when an end station does an all routes broadcast/nonbroadcast return. The problem is that the router returns a corrupt RIF to the end station. [CSCdi23239]
•bus error at vrtp_route_update (0x236D92) Found in 10.0(4.6) fixed in 10.0(5.2) and 10.2(1.1). [CSCdi24179]
•When the router transmits an SRTP update in a response to an SRTP request, it miscounts. The transmitted packet is incorrectly recorded as an SRTP request, instead of an SRTP update. [CSCdi24387]
•This ddts greatly enhances the usability of several vines debugging commands through access lists. The new form of these commands are:
debug vines packet [ <number> ] debug vines route [ <number> ] [ verbose ] debug vines table [ <number> ]
Number is an optional argument, and is an access list in the range of 201 to 300. For the first two commands, if the access list is supplied it will be used to filter debugging based upon the source address in a packet. For the last commands,if the access list is supplied it will be used to filter debugging based upon address in the router's tables. The 'debug vines route' command now only displays the presence of routing messages. Use of the 'verbose' argument will also display the contents of routing updates. [CSCdi25004]
•The redirect logic does not correctly delete non-optimal routes when it installs a new optimal route. This does not cause an operational problem as the non-optimal routes will never be used, and will age out of the routing table normally. [CSCdi25037]
•The router loses packets if an SRTP update is received while there are packets on the SRTP reassembly queue from a different SRTP update. [CSCdi25280]
•VINES Crash in vines_best_path_from_delt in 9.21, 10.0 and 10.2. Crash is seen when continuously issuing a "show vines routing" command on one exec process while issuing "clear vines neighbor *" commands on a second exec process. Fixed in 9.21(5.4), 10.0(5.5) and 10.2(1.1). [CSCdi25310]
•The router does not correctly transmit ICP error messages. Instead of including the proper codes to indicate a net or port unreachable, it returns random values. [CSCdi25319]
•Banyan Support has asked for the ability to diable the enhancements added to cisco's VINES RTP support to reduce network overhead. The first enhancement is the split horizon of regular routing updates. The second enhancement is that immediate updates, sent to announce topology changes, contain only the information that has changed. In both of these cases, a Banyan server would transmit the full topology. [CSCdi25325]
•Redundant routers can get into a deadlock state where they continuously exchange unicast RTP messages. This state can last up to three minutes or until broken by information from a third router. This problem has only been seen with the RTP protocol, not with the SRTP protocol. [CSCdi25580]
•When the vines serverless broadcast command is configured in a redundant topology and all other router interfaces are configured with the vines serverless command, a broadcast storm results. [CSCdi25597]
•A "pacing" parameter has been added to the VINES ping command. This allows pings to be limited to a specified rate, for example, one per second, instead of transmitting them as fast as possible. [CSCdi25598]
•Starting in 10.0, the vines "arp", "propagate", and "serverless" commands will dynamically configure themselves. When dynamically configured, it is not clear from the "show vines interface" display whether one of these feature is currently active or inactive. [CSCdi25599]
•The router does not honor the "server nets only" bit in the broadcast class field. This results in extra broadcast traffic on client-only networks. [CSCdi25642]
•Enabling the 'vines decimal-addresses' command should affect all printing of vines addresses. It does not currently affect the printing of access lists, meaning that access lists can not be written to NVram and read back. This also affects a couple of debugging statements. [CSCdi25843]
•Add further tests to prevent/ignore extraneous information in a routing update. The specific problem involved the receipt of a routing update where the senders routing information was explicitly listed in the contents of the update. This extra information should be ignored, as the senders routing information is already implicit in the receipt of a routing update. [CSCdi26040]
•This problem occurs when vines is re-enabled in a router after having been disabled for a long period of time. The router will send a large number of routing updates before settling down to the normal 90 second update interval. [CSCdi26049]
•SRTP has a pair of flags that indicate whether the last hop to a server is via a LAN or a WAN. The router was not correctly setting these flags when it learned routes from a non-SRTP neighbor. This flags are not used except for display, so this is a cosmetic problem. [CSCdi26050]
•When the router receives a REINIT message from a neighbor, it removes the routing table entries for that neighbor and all routes reachable through it. This in itself does not cause a problem, but it does not accomplish the purpose of a reinit message. This purpose is to flush the routing information from the entire network, not just the neighbors. Poisoning the routes and advertising them as unreachable in a flash update will correctly accomplish the purpose of a reinit message. [CSCdi26054]
•The router may learn additional routes for the local router. These additional routes will never be used, so the problem is only a cosmetic one. [CSCdi26087]
•In 10.0 and 10.2 there is a mispelled word in vines. "returnaddress" should be "return address". This cosmetic bug is fixed in 10.0(6.1) and 10.2(1.4). [CSCdi26184]
•In 10.0 and 10.2 VINES 'helper' update code shouldn't send empty updates. Fixed in 10.0(6.1) and 10.2(1.4). The routine that sends helper updates was testing the length of the rtp message to determine whether or not it had put any data into a rtp message. It should be checking the length of the data portion of the rtp message, not the length of the entire rtp message. [CSCdi26185]
•When fast switching VINES over a source-route bridged Token Ring network, the router does not build its fast-switching cache entries properly. This prevents communication with stations that are across a bridge from the router. The workaround is to disable fast switching on the Token Ring interface. [CSCdi26288]
•Excessive interface transitions can cause the router to stop sending VINES routing updates on that interface. [CSCdi26300]
•The DDTS is about increasing version number in vines fast switching cache. This 'version number' is almost meaningless, and provides no real insight into what changes are occuring in the cache. [CSCdi26400]
•The problem is if the dynamically learned path to a neighbor disappears and the only remaining path is the placeholder path, then the placeholder path entry maybe corrupted. Once corrupted, the placeholder entry may only be removed by rebooting the router. This problem only occurs when static routes are uses.
This fix also corrects the problem where the metric on a static route will change after the neighbor it points to is removed from the neighbor table. [CSCdi26701]
Wide-Area Networking
•PPP drops LCP options, from config request if rejected by peer. This is not always correct [CSCdi19434]
•The X.25 software typically does not encode address or facility information in a Call Accepted/Call Connected packet, which some X.25 equipment rejects with a "packet too short" diagnostic (38). [CSCdi21201]
•Dial-on-demand PPP connections to any router sending an IPCP request with an IP address of 0.0.0.0, such as as Wellfleet router, do not work. The workaround is to have the non-Cisco router propose a valid IP address in its IPCP packet. [CSCdi22160]
•Under very high traffic load (indicated by a high packet loss rate shown in the "output drops" field), PPP Echo Reply packets are not transmitted, and the remote router declares the line down. In the case of DDR connections, the call is taken down. To work around this, use priority queueing and assign the heavy load traffic to the low, normal, or medium queue. [CSCdi22420]
•The command Show frame-relay map incorrectly reports the LMI type ANSI as CISCO. This has no effect on the operation of the ANSI LMI. [CSCdi22669]
•X.25 bridging will rapidly bring up all allowed SVCs even with light traffic load. [CSCdi23764]
•On an MBRI interface on a 4000 or a 4500, the interface may report a number of input errors (runts) equal to the number of input packets even though there are no errors on the line. This is a cosmetic problem due to a mis-read register on the driver chip. [CSCdi23839]
•If no image has ever been copied into the Flash memory in the Cisco 1000, an invalid Flash image version number is reported in the output of the show controller lex unit command. [CSCdi23864]
•The system declares the AIP as operational even though the PLIM type is INVALID. This has been fixed to force the AIP to stay down until the PLIM problem is corrected. [CSCdi23947]
•If a priority group is added to a lex interface with the priority-group list interface configuration command, the output queue will fill up and subsequent packets sent to that interface will be dropped. The problem is not remedied by removing the priority group. Note that there is no problem when configuring with the lex priority-group number interface configuration command. The difference between these two commands is where the priority queueing takes place. With the priority-group command, priority queueing occurs at the host router; with the lex priority-group command, priority queueing occurs at the Cisco 1000. [CSCdi23954]
•X.25 calls with a null destination address that are directed to the router are denied with cause 0, diag 67. [CSCdi23975]
•The communication server or router may be restarted due to an address error when PAP authentication has been configured on an async line. A PPP client sending an invalid PPP frame may cause this to occur. [CSCdi24013]
•Broadcasts, such as routing updates, are not sent out "receive only" DDR interfaces that have neither a dialer map nor a dialer string configured. Workarounds are to configure a dialer string, or neighbor commands for the routing protocol in use. [CSCdi24060]
•When using IPX over PPP, if the node number is NAK'ed, we continue to ask to negotiate it. [CSCdi24078]
•User unable to view active/inactive B channels using the exec command show interface serial x/y:z. [CSCdi24130]
•The ISDN debugs have been changed to not show a timestamp. Use the service timestamp configuration command to put a timestamp on the debug messages. [CSCdi24414]
•When the maximum lex interface number, 4294967294, is configured, an arithmetic error occurs, and the actual interface number saved in the configuration is -2. The workaround is to configure lex interfaces in the range of 0 through 2147483647 only. [CSCdi24458]
•Using the exec command show interface serial x/y:z, the line Last input in ISDN/PRI D channels always reports never no matter if user traffic passes through the B channels or not. [CSCdi24539]
•Packets less than the minimum size are erroneously accepted on SMDS interfaces. [CSCdi24560]
•When typing no smds static-map ..., and the map is not configured, an error message is printed with a bogus network address. [CSCdi24672]
•When adding a dialer string or a dialer map to a dialer interface which has T1 channels as physical interfaces, the router may reload. This is an illegal configuration that should not be allowed. [CSCdi24675]
•When using dial on demand with PPP and CHAP and dialer map statements, hostnames must be unique. Hostnames such as fred1 and fred are incorrectly considered to be the same. [CSCdi24718]
•The first time that a pri-group is added a write mem and reload may be required. This can be verified by enabling "debug isdn-q921" and you will see SABME and UAs and only 1 RR. The workaround is to do a write mem and a reload. The link should then idle (RR) normally after the Mip card synchronizes. [CSCdi24761]
•No release-note needed. [CSCdi24768]
•Entering the exec command config memory will result in a call setup failure due to unavailable channels in a pri-group. [CSCdi24786]
•On the Cisco 4500 router, under heavy loads that diminish the availability of compression buffers, X.25 payload compression may overwrite an area of low memory. This causes the router to reload. [CSCdi24847]
•A new command, show queue interface has been added to the router that allows the contents of the queue to be displayed. [CSCdi24848]
•To use decnet over DDR, static maps for decnet-router-l1 are required on top of static maps for decnet. This extra configuration should not be required, only static maps for decnet should be necessary. [CSCdi24862]
•This was a bug where users would remove an SMDS address from an AAL3/4 ATM subinterface, but the SMDS address would persist in the ARP table. This problem is now resolved and removal of an SMDS address will result in removal of that address from the ARP table as well. [CSCdi24873]
•On a cisco Copan (2509-2513) switching an Up/Up Async interface's encapsulation from PPP to SLIP, sometimes doesn't take effect. [CSCdi24887]
•Cisco routers with an ISDN PRI interface can cause all the B-channels to become unavailable. This happens if the PRI line is unplugged or shutdown and call attempts are made to bring the interface up. This will make sure that failed call attempts free the B-channel. [CSCdi24888]
•Routers with multiple ISDN interfaces configured to use dialer rotary groups may not work correctly. This is seen after configuring and reloading the router. The interfaces will not come up properly and the debug traces may show that information is sent out but nothing seems to come back from the switch. The <CmdBoldshow counters command can be used to verify whether data is coming back from the switch. [CSCdi24889]
•The current queue count, maximum queue count, and queue drops for the Ethernet interface on the cisco-1000 is not displayed correctly by show interface lex unit ethernet <NoC mdBold> It always shows a value of "0". [CSCdi24966]
•Users should not be able to configure ISDN/PRI B channels between B0 and B22. [CSCdi24978]
•The following sequence of actions causes the router to pause indefinitely: * A PRI interface is configured in a rotary group. * The PRI interface is reconfigured (adding/removing channels). * It is added back in a rotary group. * The rotary group configuration is changed (dialer configuration commands). [CSCdi24983]
•Bearer capability of the incoming SETUP message is not verified before accepting the call. This is required for French homologation. [CSCdi24984]
•The show interface counters for the Cisco 1000 are collected on the Cisco 1000 and sent to the host router, which keeps the totals. Currently, the clear counters lex unit ethernet | serial command does not inform the Cisco 1000 to clear its counters; just the totals on the host router get cleared. The workaround is to issue the show interface lex unit ethernet | serial, which does inform the Cisco 1000 to clear its counters, followed by a clear counters lex unit ethernet | serial command. The combination of these two commands clears the counters on both the Cisco 1000 and at the host router. [CSCdi24987]
•If IP fast switching is enabled on a lex interface that is connected to a Cisco 7000 through a MIP card, the router will corrupt the length field and physical length of IP packets that traverse the lex interface. The corrupted length will be off by 2 bytes. To prevent this problem from occurring, disable IP fast switching on the lex interface using the no ip route-cache interface configuration command. [CSCdi25056]
•When doing a no pri-group on a PRI interface that is a member of a rotary group, the router may reload. [CSCdi25061]
•Removing the PRI configuration from a T1 controller may cause the IOS software to reload. [CSCdi25104]
•When a cisco router with an ISDN Primary Rate Interface (PRI) has calls up and loses communication with the remote end, the calls may not be properly removed and the B-channels freed. This is especially noticed if the Layer 1 interface does not lose sync. [CSCdi25105]
•On BRI and dialer interfaces, it is not possible to change the encapsulation from PPP to HDLC by typing the command no encap ppp. The only way to change it is to type encap hdlc. [CSCdi25121]
•Vines traffic may trigger DDR configured interface to place a call even if an IP access-list is present in the configuration. To work around this problem, configure dialer-list n protocol vines deny as the first one in the list. [CSCdi25136]
•When using the command PPP autoselect and TACACS authenticate slip always, the following behavior may occur: Network access denied by TACACS, login required, following by a disconnect; modem may repeatedly attempt negotiation and stall out; and/or No name received to authenticate, modem continues to attempt negotiations. By using the TACACS authenticate slip always, the user will continue to receive immediate logouts/disconnects with invalid user names. [CSCdi25215]
•Large datagrams are dropped by X.25. X.25 will not encapsulate datagrams that exceed LAPB's N1 parameter, despite the fact that X.25 will fragment a datagram before sending. [CSCdi25323]
•The Calling or Called Address Extension facility is formatted improperly in the "debug x25" output. [CSCdi25529]
•Outgoing characters are garbled at times on a Copan, when the async line is connected to a host via the telnet protocol. [CSCdi25661]
•The Frame Relay broadcast queue might exhibit drops under high broadcast volume. There will be an increase in "buffer element" misses at the same time the drops happen. [CSCdi25707]
•Appletalk packets queued in the dialer hold queue while a connection is being established are discarded when the line eventually goes up. [CSCdi25724]
•When PPP single-client users use CHAP to authenticate to a TACACS server, TACACS misses storing the authentication and usernames resulting in invalid usernames. Workaround is to use scripts for authentication process. [CSCdi25737]
•On the Cisco 2509, Cisco 2510, Cisco 2511, and Cisco 2512 routers, asynchronous lines set with BREAK as the escape character require an additional character to be sent before a prompt is displayed. [CSCdi25768]
•This was a bug in 10.2 that prevented CLNS from properly sending packets to the next hop in the ATM cloud. CLNS over ATM would fail. [CSCdi25776]
•The upper bound of the dialer idle-timeout, dialer enable_timeout, dialer fast-idle and dialer wait-for-carrier-time commands is incorrect. The upper bound should be 4294967 seconds. [CSCdi25836]
•Datagrams routed to an X.25 point-to-point subinterface fail encapsulation. [CSCdi25854]
•This was a problem with sending CLNS PDUs over an ATM AAL3/4 encapsulation. The problem was that CLNS didn't know how to handle ATM E.164 addresses and couldn't resolve NSAP addresses to ATM E.164 addresses. This fix resolves the problem. [CSCdi25938]
•The interface subcommand ppp use-tacacs <noCmdBld> does not work on ISDN interfaces. [CSCdi26311]
•This fixes 2 problems. First, and most important, the bug fix also enables dynamic routing over ATALK, using EXTENDED mode. Users are now able to configure EXTENDED mode over SMDS interfaces and are no longer required to configure STATIC MAPs for next hop ATALK nodes.
The following config. will work:
interface serial 0 encaps smds apple cable-range 10-10 apple zone xxx smds address c111.1111.1111 smds multicast appletalk e111.1111.1111 smds multicast aarp e111.1111.1111 smds enable-arp
No STATIC MAP statements are required!
This fix also removes a problem were ATALK would cause SMDS packets to be xmitted with bad Destination Addresses(DA) in the EXTENDED mode config. above. [CSCdi26312]
•This fixes a fastswitching problem between the AIP and the tokenring devices. The AIP can fastswitch IPX packets to/from TokenRing properly. [CSCdi26325]
•This fixes a problem when removing an ATM virtual interface. The bug would allow the ATM specific config. to remain, after the virtual interface was deleted. This left stranded VCs, still accepting packets. Now the 'no int atm ?/0.n' will clean up all ATM specific configuration for that virtual interface. [CSCdi26414]
•Systems using frame-relay static maps and running Inverse ARP for the same DLCI will reload when the command show frame-relay map is issued. [CSCdi26416]
•The X.25 interface parameter th has an upper limit of the configured input window size; this is too restrictive because SVCs can negotiate larger window sizes. [CSCdi26730]
•The X.25 feature is incorporated into the 10.2 xx-in-m subset image set. [CSCdi26849]
Feedback