Table Of Contents
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
TN3270
Wide-Area Networking
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
Wide-Area Networking
Basic System Services
DECnet
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Wide-Area Networking
AppleTalk
Basic System Services
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
TCP/IP Host-Mode Services
TN3270
VINES
XRemote
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
Wide-Area Networking
AppleTalk
Basic System Services
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
AppleTalk
Basic System Services
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
LAT
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
LAT
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
Wide-Area Networking
AppleTalk
Basic System Services
DECnet
EXEC and Configuration Parser
IBM Connectivity
Interfaces and Bridging
IP Routing Protocols
ISO CLNS
Novell IPX, XNS, and Apollo Domain
Protocol Translation
TCP/IP Host-Mode Services
TN3270
VINES
10.3(19a) Caveats
This section describes possibly unexpected behavior by Release 10.3(19a). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(19a).
Basic System Services
•
Release-note This was fixed when mip11-2 and rsp_mip20-1 were committed. [CSCdi34854]
•If the transmit queue limit is set to a low value (for example, through priority queuing), traffic on the interface might be subject to delayed transmission. [CSCdi35399]
•Certain information in Cisco 7513 routers cannot be accessed. Media Access Control (MAC) starting addresses are not assigned, so a MAC address must be entered for every Dallas chip (the MAC cookie chips on the Route Switch Processor (RSP) platform arbiter boards) on every Cisco 7513. The address must be allocated from the "OUI keeper." [CSCdi35766]
•Setting the config register to boot the boot loader always boots the first image in bootflash, ignoring any boot bootldr configuration commands. [CSCdi38227]
•On a Cisco 7000 series router, if you replace one interface processor (for example, a TRIP or an FSIP) with a different type of interface processor online, the show ip interface brief and show interface commands display information for both the old and new controllers. Rarely, this also results in the continual reinitialization of the newly inserted controller.
The only known workaround is to completely unconfigure the old card before replacing it with the new card. Sometimes, it might even be necessary to issue a write erase command, reboot the router, and then redefine the existing interfaces to completely remove all configuration traces of the old card. Once the information that is displayed by the show commands is self-consistent, the newly inserted card behaves normally. [CSCdi49800]
•Receive CPUHog error message and traceback data when booting AGS+ router from flash with version 10.3.8 when boot roms are also at 10.3.8 message is as follows %SYS-3-CPUHOG Task ran for 15464 msec (16013/1704), Process = Boot Load,PC = 37E04 -Traceback= 4B0A6 4B914 DAF8 1080 10005EC 100905E router appearsto boot up after error message. This message does not occur on routers that are at boot r [CSCdi49994]
•If you issue a boot system command to boot a Cisco 7000 router image on a Cisco 7500, the router reboots forever, reporting a "bad file magic number" each time. [CSCdi52921]
•The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]
•If an active IP address on the network is included on a router configuration on a port in shutdown, the router with the shutdown port may answer to telnet requests from IP hosts on the network. This does not affect routed IP traffic from IP hosts. [CSCdj07305]
•If an interface card is added by Online Insertion and Removal (OIR), a Cisco 7000 series router with an SSP, FIP, and AIP may fast switch some packets that were being silicon switched before the OIR. The symptom of the problem will be increased cpu utilization after the OIR. A workaround for the problem is to issue the "microcode reload" configuration command after the OIR. [CSCdj08762]
•Under certain conditions CDP will not be sent accross a pt-to-pt subinterface. No known workarounds. [CSCdj34672]
EXEC and Configuration Parser
•The IOS contains invalid routing processes options in it's parser. The invalid options are: static, hello, conected, mobile and floating-static.
There is no operational impact due to their presence and/or use. This is a cosmetic problem. [CSCdj18849]
IBM Connectivity
•Show qllc output does not page according to term length. [CSCdi23957]
•When the host sends a DISC/RD to disconnect the session with a PU, the host-router returns an RR instead of a UA. This caveat happens randomly and infrequently. At the moment it is not known what causes this random behavior. The UA is eventually sent, ususally immediately following the RR, and the session gets disconnected.
The impact on the user is that an error message might be generated by endstations sensitive to the unnecessary RR frame. Otherwise, without a datascope contantly monitoring the line, the frame goes by undetected.
Cisco Systems expects to have this random behavior resolved in the next maintenance release of 10.2. [CSCdi24211]
•A reload may occur when removing a DLSw remote peer. [CSCdi25550]
•In a remote source route bridged environment assigning automatic spanning tree on one router may cause a peer router to reload. This happens when the command source bridge spanning 1 is issued, where 1 is the bridge group number for the IBM spanning tree protocol. [CSCdi26588]
•This ddts describes a problem with inaccurate packet input counts in a show interface with local SRB. The problem is resolved by CSCdi27652. [CSCdi27729]
•DLSw incorrectly shows a device both as source and destination in the reachability cache after a session outage and subsequent recovery. [CSCdi29129]
•The data-link switching (DLSw) ring-list is intermittently not recognized. [CSCdi33453]
•%RSP-3-ERROR: CyBus0 error 10 %RSP-3-ERROR: command/address mismatch %RSP-3-ERROR: bus command write 2bytes (0xD) %RSP-3-ERROR: address offset (bits 3:1) 6 %RSP-3-ERROR: virtual address (bits 23:17) 000000 The above error is seen and causes a cbus reset. At this point it is possible that CIP2 in the 7500 is causing this. [CSCdj40940]
Interfaces and Bridging
•Autoselect ppp and slip feature is not usable without an "Async Default IP address" on the corresponding Async Interface. The system should check and warn for the lack of "Async Default IP address" when configuring Autoselct ppp or slip. [CSCdi30012]
•On 7xxx series routers, interfaces configured to use the Silicon Switching feature may under-count input bytes. [CSCdi32500]
•High-end routers intermittently drop Sequenced Packet Exchange (SPX) keepalive packets between local Token Rings. [CSCdi36291]
•The path-cost configured for an interface is not recomputed when changing the spanning tree protocol from dec to ieee. The workaround is to: no bridge 1 protocol dec bridge 1 protocol ieee And reconfigure path-costs for each interface. [CSCdi42144]
•SSE switching of clns packets with PPP encapsulation does not work. The work around is to turn off CLNS SSE switching. [CSCdi44017]
•If a serial interface is set to loopback via a hardware signal, the interface will remain in loopback until the hardware signal is dropped and a no loopback interface configuration command is issued. [CSCdi47768]
•Version 1.6 Revision C0 EIP cards might cause cache parity errors on all Cisco 7500 series and Cisco RSP7000 systems. The cache parity errors can cause system reloads. The hardware revision and version can be determined from the show diagbus command output. This problem is resolved in RSP EIP microcode version 20.2 and higher. The microcode has been changed to alleviate the hardware problem with the "f" transceivers. The board has been revised to 1.6 D0 to replace the "f" transceivers with the "fr" part. [CSCdi52082]
•AGS+ reloaded at cbus_analyze [CSCdi56604]
•When the user types the command "show controller tokenring ..." the values of the following 10 'since last reboot' error counters may be less than the actual counts:
Internal controller counts:
line errors: 0/1309, internal errors: 0/0 ^^^^ ^ burst errors: 0/11224, ari/fci errors: 0/0 ^^^^^ ^ abort errors: 0/0, lost frame: 0/2 ^ ^ copy errors: 0/0, rcvr congestion: 0/0 ^ ^ token errors: 0/16575, frequency errors: 0/0 ^^^^^ ^ [CSCdi62392]
•Bridged traffic is not currently payload-compressed when compression is enabled. This is due to problems caused in some instances by the combination of software bridging and payload compression. [CSCdi63268]
•When processing IPX (NCP) keepalive (watchdog) packets, the router adds an extra byte to the packet when SSE switching is enabled. [CSCdi66651]
•Wri t or sho int dipslays token-ring interface in the reverse order on a AGS+ [CSCdi68261]
•On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]
•Cannot ping/telnet to HSRP virtual address on FastEthernet that is multiprotocol running.
I checked 'show smf'. When 16 MAC addresses is registered on FE, I cannot ping/telnet HSRP virtual address. But HSRP replies ARP request. If I delete or disable any protocol, and the number of MAC decrease less than 16 (i.e. 15 or fewer), HSRP works fine. [CSCdi92485]
•If a serial interface on the router is configured for simplex serial operation with an X.21 cable attached the serial interface display may show the serial line up, line protocol down as follows:
Serial0 is down, line protocol is up [CSCdj40702]
IP Routing Protocols
•IP packets sent to the Hot Standby Router Protocol (HSRP) virtual MAC address are not received if the packet is Subnetwork Access Protocol (SNAP)-encapsulated and the receiving interface is part of the ciscoBus or Switch Processor (SP) complex. [CSCdi39274]
•The router will send ICMP redirects on point to point interfaces when it may not make sense to do so. This behavior may be defeated by the interface subcommand no ip redirects. [CSCdi45535]
•When transparent bridging is configured on interfaces with HSRP, IP packets destined for the HSRP virtual MAC address may accidently be routed by systems that are not in the HSRP active state, thus causing IP packet replication. Specifically, this problem occurs if the same HSRP group number is shared by multiple LAN segments that are being bridged together. This problem does not exist on high-end systems (7xxx, AGS).
A workaround is to make sure to use different HSRP group numbers on the LAN segments that are being bridged together. [CSCdi48154]
•If the HSSI interface on a Cisco 7000 series router experiences an interruption and the router is running EIGRP, the router could experience very high utilization. The problem was found in Cisco IOS Release 10.3(16a). [CSCdj15781]
•Ping to a non-existant IP address should be listed in the ARP table as ARP INCOMPLETE, instead, it lists it with a MAC address of 0000.0000.0000 [CSCdj22721]
•EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj28874]
ISO CLNS
•If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]
Novell IPX, XNS, and Apollo Domain
•Routers running NLSP will fail if all memory is used up. There is no workaround for this problem. [CSCdi29957]
TN3270
•A ttycap entry with two colons in a row or a colon at the end of one line and the beginning of the next will fail to be interpreted correctly. [CSCdi27822]
•When using TN3270 keymaps, a keymap will not be selected based on a match of the local terminal-type name to the name in terminal type list of the keymap unless the keymap name is equal to the local terminal type.
Workaround is to explicity select a keymap-type on the line (TTY) or make the keymap name equal to the terminal type name. [CSCdj35972]
Wide-Area Networking
•Because large numbers of frames may be queued for output, the acknowledgement of LAPB frames is sub-optimal; this results in lower link throughput than might otherwise be achieved. [CSCdi23253]
•When using the command ppp authentication pap, and a invalid user logs on, the message returned will be no name received to authenticate. This can be confusing by implying that no message was actually sent. [CSCdi24023]
•When multiple x25 route commands are used for the same X.121 address to multiple interfaces, a no x25 route command removes the first entry in the list matching the X.121 address. [CSCdi24391]
•IPX is not classified correctly by the SP when using NLPID encapsulation on an AIP. This causes fast switching and autonomous switching of IPX over NLPID to fail. Process switching of IPX over NLPID works correctly. This situation has been corrected as of version 10.6 of the SP microcode. [CSCdi24518]
•In some situations, the host router will give no indication that the remote Cisco 1000 has been power cycled or has rebooted. If you want to ensure that the host router's serial line protocol is successful in noticing that the Cisco 1000 has rebooted, configure a keepalive interval of less than 5 seconds on the host router serial interface which is connected to the remote Cisco 1000. [CSCdi26483]
•Incorrect circuit states are reported using the show pvc command when the frame-relay interface-dlci is applied to an interface instead of a subinterface. Additional interface mapping command(s) are required to make the circuit active for data transmission. [CSCdi27640]
•PPP reliable mode does not operate correctly when configured on asynchronous network interfaces. [CSCdi33977]
•X.25 encapsulation of CLNS that specify use of the SNAP encoding method will generate a protocol identification value that is not interoperable. [CSCdi38553]
•The display of show x25 vc is not correct for incoming CMNS calls. [CSCdi40724]
•Using 10.3(7) or 10.3(8) software in conjunction with a lex running 2.0 will require a shut/no shut of the router's serial interface after router re-load. [CSCdi46615]
•The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]
•SMDS encapsulation is not stripped from transparent-bridged frames. [CSCdi48811]
•On the AIP when trying to setup a VC, the AIP-3-AIPREJCMD error message may occasionally reject the setup. This was sometimes observed on the 7500. The setup will succeed at next attempt. [CSCdi54829]
•Problem with "No CCBs available" on BRI0 of 1004 can be cleared by a shut/no shut on the interface. Exact cause of memory prob is still not clear. Customer's environment included IP/IPX/ATK on latest c1004.103-10. -mwb; [CSCdi55891]
•Under very rare circumstances, when using software flow control on the AUX port under heavy load, the line may end up in a hung 0 state. The output of a show line command indicates "Status: Ready, Connected, Active, Waiting for XON, Sent XOFF." If XOFF has been sent and the device is waiting for XON, issue a clear line command to recover. [CSCdi56432]
•Messages such as the following are printed to the console if data is received on a remotely switched permanent virtual circuit before the tunnel is established:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -Traceback= 107EA 1D190C 1EA92 342D2E 34188E 32F100 330378 3328F2 %X25-3-INTIMEQ: Interface Serial1, LCN 2 already in timer queue, new time 310620 -Process= "interrupt level", ipl= 4 -Traceback= 333396 330618 3328F2 332348 331E06 34FA74 6DE0C 1158F2 [CSCdi57343]
•The parser does not show the ppp quality command as an option. However, you can enter the ppp quality percentage command. [CSCdi61507]
•CMNS is not supported in the -c image. It is only supported in images with CLNS. The 'cmns enable' command should be removed from the -c image. [CSCdi79854]
•MOP remote console connections dont work with ppp encapsulation. [CSCdj35758]
10.3(18) Caveats/10.3(19) Modifications
This section describes possibly unexpected behavior by Release 10.3(18). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(18). For additional caveats applicable to Release 10.3(18), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(19).
Basic System Services
•When directly connected fddi interface transitions, default route kicks in and the route-cache entry is stuck in the interface where the default route is set, even though the fddi is a better route. [CSCdi63587]
•On RSP systems, when maximum-size MTU packets are received by serial interface processors (including the FSIP, HIP, MIP, POSIP, and serial port adapters on VIPs that forward data to the RSP to be routed), up to 8 bytes of data might be written into the next datagram's packet memory. This could result in anomalous system behavior, including software-caused system crashes and dropped datagrams. This problem is never seen on RSP systems that do not have serial interfaces. [CSCdj08573]
EXEC and Configuration Parser
•The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software as is available with the enable password. Take care when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, and user IDs and passwords before sending. [CSCdj06881]
IBM Connectivity
•This crash is caused by the SP microcode on the C7000 whereby a buffer copy by the SP makes the RP wait too long and it takes a bus error.
There is precedence for this problem and the fix is to lower the size of the block of data being copied at any one time. [CSCdi77785]
•When an LNM queries the router with a report station address, the router answers correctly with a report station address. However, 0.001 seconds later, the router sends a second report station address to the LNM with all zeros in the frame. This causes the LNM to work incorrectly. [CSCdj04559]
•Dlsw circuit is staying in a remote_resolve state. This is an uncommon state for dlsw to stay in, if you encounter this do a dlsw disable and then re-enable dlsw and this will correct the problem [CSCdj07098]
Interfaces and Bridging
•On Cisco 7500 RSP platforms, FSIP serial interfaces may display the following panic messages on the RSP console:
%RSP-3-IP_PANIC: Panic: Serial12/2 800003E8 00000120 0000800D 0000534C
%DBUS-3-CXBUSERR: Slot 12, CBus Error
%RSP-3-RESTART: cbus complex
If the string "0000800D" is included in the panic message, the problem is related to this bug. The workaround is to load a new image that contains the fix for this bug. [CSCdi78086]
•OIR removal of a FIP from one slot into another will cause the FDDI to permanently remain in DOWN/DOWN. A reload is needed to get it up. OIR removal and putting it back into the same slot works fine. [CSCdi87221]
•The situation is as follows: Customer has a 4000 that is connected to a FDDI ring and to a Token Ring. There are several servers and clients on both of the rings. He is seeing any packets that go from the FDDI ring to the Token Ring are getting corrupted. This was seen when the cust ran a test packet and did a sniffer trace on that packet. This happened with multiple images, 10.3(10), 10.3(13). This is strictly data corruption, there is no corruption of the protocol or the checksum. Also there is no corruption going from the Token ring to the FDDI ring. [CSCdj05331]
IP Routing Protocols
•OSPF will not be able to form adjacency because the neighbor list is corrupted. It could lead to router crash too. [CSCdj16875]
Wide-Area Networking
•PPP CHAP authentication has a serious security vulnerability that allows a moderately sophisticated programmer, armed with knowledge of the vulnerability and some basic information about the network to be attacked, to set up unauthorized PPP connections. There is no workaround. Customers who rely on CHAP authentication should upgrade their software to avoid this problem. More information is available on the Worldwide Web at http://www.cisco.com/warp/public/770/chapvuln-pub.shtml. [CSCdi91594]
•A router may reload without producing a stack trace or otherwise behave unpredictably on routing an X25 call that contains 16 bytes of Call User Data. There is no known work-around. [CSCdj10216]
10.3(17) Caveats/10.3(18) Modifications
This section describes possibly unexpected behavior by Release 10.3(17). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(17). For additional caveats applicable to Release 10.3(17), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(18).
Basic System Services
•If the user does multiple card removals followed by multiple card insertions in the newly emptied slots with OIR, some of the replaced cards may remain in the administratively down state. For example, pull out a card from slot 1, pull another from slot 2, insert a new card in slot 1, insert another card in slot 2 is a set of actions which will trigger this bug.
The easy workaround is to simply replace cards one at a time. In the example above, pull slot 1, insert slot 1, pull slot 2, insert slot 2 will avoid the problem entirely. [CSCdi57526]
•On Ethernets that experienced output errors XBUFHDR and INVRTN errors could be seen. This has been fixed in this code. [CSCdi75404]
•When using RSP code with HIP, TRIP, or FIP interfaces, and when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the error message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]
DECnet
•The command "dec advertise <area> <hops> <cost>" (correctly) creates an entry in NVRAM. However, if there is an entry for the *same* area in the DECnet routing table and that entry was created dynamically (i.e. learned via DECnet), then issuing the command
"no dec advertise <area> <hops> <cost>"
fails to remove the "dec advertise <area> <hops> <cost>" line from NVRAM. [CSCdi87264]
IBM Connectivity
•Cisco 4500 and 4700 router Token Ring interfaces intermittently stop working and fails to reinitialize. Problem is seen only during heavy activity and when more than one Token-Ring ports are active. This problem occurs only on the 4500 and 4700 routers. This problem doesn't occur on the 4000. [CSCdi70398]
•DLSw+ reachability entry may get stuck in VERIFY state. This problem is timer related and likelihood of this happening are low. It will generally occur after several months of operation. [CSCdi93217]
Interfaces and Bridging
•Alignment errors may possibly occur when performing transparent bridging at process level to a token ring interface. [CSCdi48465]
•Customer is trying to migrate from ags+ to 4700. They have know problem(s) with excessive collisions on 2 ethernet segments.
However, interfaces did not go down on AGS+ or other 7000 routers (showing excessive collissions, (rate in excess of 10%) as is the case with the 4700 router with NP-6E card.
Using AM79970 chipset. Also seeing similiar manifestations as in CSCdi51927 where output of 'sh cont eth is showing 'link state down' while sh int eth sho up/up for state and we're seeing packets inbound/outbound on the interfaces respectively. [CSCdi49380]
•This problem can be avoided by not doing a show interface command on a removed FDDI interface. Unfortunately, show techsupport will generate such a command without opportunity for intervention. This patch prevents the software from attempting to read non-existent registers and thereby avoids the errors that result. [CSCdi78254]
•FDDI interface on 4x00 platform does not correctly apply/filter MAC address access list. [CSCdi83829]
•When a FIP FDDI interface is under very heavy load, the FIP may not reply to queries resulting from 'show controller fddi' or 'show interface fddi' commands soon enough, causing a command timeout, causing the software to unnecessarily reset the FDDI interface. [CSCdi87020]
IP Routing Protocols
•When sho standby command is issued on 4700 (10.3.12) with hsrp configured on fddi int, it shows wrong prioriy and tracking interface status.
After reload with standby track command configured, the tracked interface may be in a wrong state, hence the priority is wrong too.
For the first time loading the image with the fix, standby track command will be deconfigured, and need to reconfigure it again. [CSCdi72254]
•During topology changes, a lot of OSPF update packet could be generated and flooded through out the network and overload the network. This overload situation can cause OSPF to lose neigbors. [CSCdi85902]
•Cisco 4500 running IOS version 10.3(16) reloads and provides stack trace:
System was restarted by bus error at PC 0x601E4CD0, address 0xD0D0D0D 4500 Software (C4500-P-M), Version 10.3(16), RELEASE SOFTWARE (fc1) Compiled Thu 24-Oct-96 18:32 by richardd (current version) Image text-base: 0x600087E0, data-base: 0x60370000
Stack trace from system failure: FP: 0x605D46B8, RA: 0x601E4CD0 FP: 0x605D46D8, RA: 0x601E4D88 FP: 0x605D46F8, RA: 0x601E50EC FP: 0x605D4710, RA: 0x601C88E0 FP: 0x605D4740, RA: 0x601E4998 FP: 0x605D4760, RA: 0x601E5174 FP: 0x605D4778, RA: 0x60081D04 FP: 0x605D47B8, RA: 0x6006C8A4
Which decodes as follows:
Symbols
nhrp_cache_clear_nei nhrp_cache_clear_nei nhrp_cache_delete_subr nhrp_cache_age_subr rn_walktree_blocking_list nhrp_cache_walk nhrp_cache_age registry_list net_oneminute [CSCdi90523]
•After 'clear ip route <network>', where <network> is a host route, EIGRP will not reinstall the associated route.
'clear ip route *' will force EIGRP to reinstall it. [CSCdi92753]
•An extented access-list that denies IP traffic and that does not require transport layer information may let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]
•Potential memory corruption and memory leaks when send PIM packets out. [CSCdj02092]
ISO CLNS
•CSCdi78048 introduced a bug that ISO-IGRP will not redistribute the local ISIS route. [CSCdi85861]
•Router memory leaks if router receives a CLNS packet with invalid destination address length.
There is no workaround of this problem. [CSCdi90052]
Novell IPX, XNS, and Apollo Domain
•In a redundant ipx eigrp network running ipx incremental sap, the router's sap table sap information may contain out of date information, such as the socket number if the socket number is changed from its initial advertisement. [CSCdi85953]
•When IPX incremental SAP is running, the router's SAP table may not contain all the SAPs in the network if one of it interfaces goes down and comes back up later. [CSCdi90899]
•When running IPX incremental sap, the router may not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]
10.3(16) Caveats/10.3(17) Modifications
This section describes possibly unexpected behavior by Release 10.3(16). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(16). For additional caveats applicable to Release 10.3(16), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(17).
AppleTalk
•When using ARAP on a terminal server you may experience issues with modem answering calls with no connection. Reloading the router will fix the problem [CSCdi73132]
•Router crash when incomplete AppleTalk fast switching cache entry is used. This happens when the cache entry is updated with another output interface and within a small timing window.
There is no workaround. Though in most cases, this scenario is unlikely. [CSCdi77772]
Basic System Services
•When a 1000 router or a 2500 router run low on memory (less than 32K) the command 'write terminal' fails to generate any output. [CSCdi40791]
•AGS+ routers with first generation FDDI cards (CSC-C2FCI) do not support translational bridging, and are no longer supported. They use encapsulated bridging. The second generation AGS+ FDDI cards (CSC-C2FCIT) support both translational and encapsulated bridging.
Encapsulated bridging does not work on the 7500 router. The workaround at this time, to bridge between the AGS+ and the 7500, is to use CSC-C2FCIT cards in the AGS+ and translational bridging.
The big disadvantage of using encapsulated bridging is that it cannot use the hardware bridge filtering capabilities of the CSC-C2FCIT cards, which have a CAM built into them which is used to do bridge filtering on the card. When encapsulated bridging is used, the main processor has to do all bridge filtering. This means that one busy encapsulated bridging FDDI network can eat the entire bandwidth of the router's main processor, just for bridge filtering. It should be no surprise that the use of encapsulated bridging is to be vigorously discouraged. [CSCdi46862]
•If an snmp view which had previously been configured with the snmp-server view command is deconfigured, and then reconfigured, any snmp communities which utilized the view will no longer work. [CSCdi47796]
•The boot config nvram: configuration command, which was added for the RSP platform, interacts improperly when the service compress-config command is enabled. The boot config command causes the NVRAM to lock up, and the router must be rebooted to free the NVRAM. [CSCdi52587]
•When using a Secure Dynamics TACACS+ server for authentication, the server might ask the user to stop and wait for the next token. The user must press any key or provide some sort of input at least every 30 seconds, or the router will time out the user. [CSCdi55474]
•The verify flash command has online help documentation but is unsupported. [CSCdi62272]
•Occasional SNMP linkDown traps coming from Ethernet interfaces in which the variable locIfReason (the reason why it went down) says, "Keepalive OK." These traps are due to the interface momentarily and harmlessly losing carrier. You can ignore them. If they become a nuisance, you can remove them by issuing a no snmp trap link-status command. [CSCdi63434]
•The first attempt to use a menu command fails authorization as it should, but subsequent attempts succeed. [CSCdi72822]
•for the following error messages
%RSP-3-ERROR: RP parity error %RSP-3-ERROR: SRAM parity error %RSP-3-ERROR: QA parity error %RSP-3-ERROR: CyBus0 parity error %RSP-3-ERROR: CyBus1 parity error
a bitmask follows to indicates which bytes (0-7) had bad parity. The bits indicating bytes 0 & 1 are actually in bit positions 9 & 8 instead of bit positions 7 & 6. [CSCdi74453]
•Timer-related functions, such as NTP and routing update intervals, do not work correctly in Revision D Cisco 4700 routers. Also, Revision E Cisco 4700 routers are recognized by SNMP as "4700" instead of "4700M." [CSCdi75353]
DECnet
•Allow DECnet IV router adjacencies to be added to the Phase V (OSI) data base.
The previous version of the code allowed only end-system adjacencies to be added to the Phase V data base. [CSCdi77560]
EXEC and Configuration Parser
•The router will crash if you issue a command line that is an alias and that is greater than 256 characters in length after the alias is expanded. [CSCdi63994]
IBM Connectivity
•If source-route bridging (SRB) explorer traffic is so low that no explorer is forwarded on a Token Ring interface for 25 days, then the Token Ring interface stops forwarding SRB explorers. The show source command shows that the "flushed" count increments for every explorer received, while no "expl_gn" explorers are counted to the remote peers. This problem causes connectivity loss. On more recent products, such as the Cisco 7500 series, these symptoms can occur on very active Token Ring interfaces after the Cisco IOS software is reloaded. A short-term workaround is to reload the affected router. [CSCdi70559]
•DLSw may fail to carry circuits when the interface command source-bridge local-ring bridge target-ring is removed and then re-added. [CSCdi70595]
•When using RSRB with FST encapsulation, the router may crash if there is more data to forward onto the virtual ring than there is bandwidth to accept it. [CSCdi72427]
•"no lnm rps" is only accepted when a full bridge is configured. During system releod, this command is ignored. The workaround is to configure this command again after reload. [CSCdi72702]
•When doing RSRB with FST encapsulation in 11.0(11) the packet counts reported by the sho interface commands are not necessarily accurate. [CSCdi72968]
•Data-link switching (DLSw) sometimes cannot handle disconnects being issued by two stations that are in session, if the stations have a requirement to re-establish a session in less than 3 seconds. The first disconnect is answered with a UA message but the second is not responded to until the station resends the disconnect message (DISC). After the DISC is resent, a DM message is sent to answer. [CSCdi73204]
•SDLC does not send a proxy XID to DLSw when using "sdlc role prim-dix-poll" for an SDLC PU Type 2.1 device. This prohibits the sdlc connection from being established. [CSCdi73869]
•If a BIND request is received before the Notify response has arrived, DSPU will reject the BIND request with sense code 0x80050000. [CSCdi76085]
•When using DLSw+ to communicate with non-Cisco devices, the Cisco platform might not deal with incoming transport keepalive packets in an appropriate manner. [CSCdi78202]
•Customer is experiencing a problem when on a TN3270 session. The 'control e' (eeof) used to erase the field is pressed followed by a return and the host gives an error message indicating that the data in the field is invalid. The problem seems to be that the ios fails to clean the data in the buffer. The field on the screen gets cleaned, though. [CSCdi81236]
Interfaces and Bridging
•Appletalk ARP packets can pass through a transparent bridge group when appletalk routing is configured on the router. There is no workaround, and the impact of this caveat is very small, in that "new" apple fddi broadcasts would leak through the bridge when apple routing is configured. "Old" apple fddi broadcasts would not leak and are not a problem. Please note apple fddi broadcasts are actually fddi multicast packets (NOT ieee defined (all f's).
Appletalk code did not register its interesting "new" fddi broadcast (090007ffffff) with the bridging database to let bridging know how to handle it. The "old" fddi apple broadcast, (090007000000) was registered properly. From the ddts the "new" fddi broadcast was the driver for apple arp requests, and when when bridging had nothing to reference in its databases, it flooded the sucker to interfaces that were members of the bridge group every time it received one.
Please note both "new" and "old" fddi apple broadcasts exist in apple networks today, depending on the servers and clients in the network, so both types of apple broadcasts must be registered in the bridging database. [CSCdi51284]
•In rare situations, on ciscoBus interfaces on a Cisco AGS+ router, the router might stop accepting packets after you enable transparent bridging. Issuing the show controllers cbus command shows a Receive Queue Limit (RQL) of 0 for the affected interface and an unusually large RQL value for other interfaces. Issuing the show interface type number command shows an Ignore counted for every packet received on the affected interfaces. To recover from this problem, reload the router. To work around the problem, disable transparent bridging on the affected interfaces. [CSCdi54727]
•Bridging between sde encaps and atm (or any encap that we define interface flag span_process_bridge_force such as smds frame relay, X25 )such that slowswitching is the forced output bridging mode, the transition from sde encaps TO a forced slowswitch output encaps (such as atm in 103 code) does not properly prepare this packet for process level. [CSCdi65959]
•In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory, or when changing the serial encapsulation (for example, from HDLC to SMDS) or when doing OIR of another card in the chassis:
%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
The show diag x command reports that the board is disabled, wedged. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi73130]
•Token ring driver misclassified ipx broadcast packets as srb explorer packets and had them flushed rather than switched while being bridged on LOW end products only (igs xx c4500 platforms). By chance no other protocol packets are affected, this is a ipx broadcast issue only by luck of the logic followed... [CSCdi75134]
•The FDDI interface driver can interact poorly with OSPF during OIR, causing SPF recalculations. This occurs only when OSPF is running on a FDDI interface which is not being inserted or removed. This fix eliminates the spurious indication from the driver that the SPF recalculation needs to take place. [CSCdi81407]
IP Routing Protocols
•A Management Information Base (MIB) query of the ospfLsdbTable fails because no MIB objects are found under the ospfLsdbTable subtree. However, some subtrees under OSPF can be successfully queried, such as ospfGeneralGroup, ospfAreaTable, and ospfIfTable. [CSCdi69097]
•Clearing an IP host route (i.e. 10.1.1.1/32) learned by OSPF out of the IP routing table can take a long time for the network route (i.e. 10.1.1.0/24) to reappear in the table when done on a stable network, and when only the net route, not the host route, exists in the table. To avoid this problem, clear the network route exactly as it appears in the IP route table; do not clear the host route. [CSCdi70175]
•EIGRP may not retain the best route from topology into routing table when variance and metric weights are configured. [CSCdi72459]
•When OSPF hello timer, and hence the dead timer, is changed, the wait timer is not changed accordiingly to match the dead timer's value.
This fix resolves the problem. [CSCdi74009]
ISO CLNS
•After removing a static CLNS route, ISO-IGRP prefix routes may be seen to count to infinity around a looped topology. The workaround is to use no clns router iso-igrp DOMAIN to break the loops in the CLNS topology untill the routes age out. [CSCdi78048]
Novell IPX, XNS, and Apollo Domain
•Every time the router receives a sap update..the age timer in show ipx serv det' resets to 0. This is a cosmetic bug does not affect any performance. [CSCdi66723]
•NLSP links may reflect incorrect source network/node addr in the routing tables. This does not hinder connectivity to other IPX networks when going cisco to cisco. However, certain non cisco routers may not like the incorrect address and NLSP routing may fail. NLSP routers should use the address Internal-Network.0000.0000.0001 when sending NLSP packets, therefor on WAN media which require MAPs for IPX this should be the next hop address in the map statement. [CSCdi68981]
•Some Service Advertisement Protocols (SAPs) might not be seen if an interface is flapping while running IPX Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) and the ipx sap-incremental command is configured. As a work around, clear the IPX Enhanced IGRP neighbors. [CSCdi72438]
•If the ISIS or NLSP LSP refresh interval and LSP lifetime values are both reduced from the default value, the LSP lifetime will be ignored when the system is restarted.
The workaround is to hand-configure the parameters in the reverse order. [CSCdi72691]
•NLSP may reflood LSP fragments unnecessarily, including both changed and unchanged fragments. Typically this is not a problem on LAN circuits. However, this can present bandwidth-related problems on low speed WAN circuits, especially as the size of the network increases.
The flooding behavior covers up a problem where services may be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third party routers are present on the same link. [CSCdi74487]
•The bug fix CSCdi72104 introduced a problem in 10.3(15.4) where XNS routes may randomly age out, causing network instability as networks become unreachable and then are relearned. There are no workarounds for this issue. [CSCdi82925]
TCP/IP Host-Mode Services
•Cust is seeing a crash in 11.1.5 code PC 0x12CFA8, address 0xD0D0D11 [CSCdi70432]
•Non-TCP reverse connections to lines may corrupt memory, resulting in a software-forced crash. This problem was introduced starting in Releases 10.3(15.1), 11.0(11.1), and 11.1(6.1). [CSCdi79310]
Wide-Area Networking
•Under certain circumstances, a group of four serial ports on an AS5100 or 2509/10/11/12 router can become unresponsive. Only a reload will solve the problem. [CSCdi58103]
•Outbound OAM cells may cause CBUS-3-OUTHUNG errors on AIP. This will cause a reset of the AIP board causing ATM traffic to be dropped for a few seconds. It occurs only if rate-queue 0 (zero) is explicitely NOT configured, which means that automatic rate-queue configuration is not used AND the rate-queue 0 is not used. [CSCdi60941]
•ATM interface on 4x00 may go down in a down/down state with the atm error of "atmzr_dumb_inhand(ATM0):Secondary port error". The interface will not come up untill a reboot is done or interface is flapped by doing a Shutdown and no shutdown. [CSCdi72769]
10.3(15) Caveats/10.3(16) Modifications
This section describes possibly unexpected behavior by Release 10.3(15). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(15). For additional caveats applicable to Release 10.3(15), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(16).
AppleTalk
•Over a period of three to five weeks, an active commserver will slowly run out of I/O memory. This may be related to ARAP or Tacacs+ usage. [CSCdi61152]
•This corrects a problem when ARAP is configured and under some conditions the following messages occured:
%SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=xxxxx %SYS-2-LINKED: Bad enqueue of xxxxx in queue yyyyy
After which a router reload could occur. [CSCdi63635]
•There has been a request for additional debugging messages for the arap logging command. The requested command is arap logging debug-extensions, which enables seven advanced debugging messages in addition to the traditional ARAP logging messages. [CSCdi68276]
•AppleTalk domains do not operate correctly when configured on subinterfaces. The domain properties will be applied to the main interface rather than it's subinterface(s). The workaround is to disable AppleTalk fast-switching. [CSCdi69886]
Basic System Services
•The copy startup-config tftp command is an interactive command. You cannot specify a filename on the command line. [CSCdi38765]
•For Release 10.3(9.3) or earlier, if a microcode reload command is issued over a Telnet connection, the router may enter an infinite loop Otherwise, the message "%SYS-3-INTPRINT: Illegal printing attempt from interrupt level" may be displayed whenever microcode is downloaded. You can ignore this message; it indicates a cosmetic problem. [CSCdi47580]
•The router may reboot when the following snmp variables are used:
writeNet, hostConfigSet, netConfigSet [CSCdi50407]
•Bug fix CSCdi55978, which was integrated into the builds 10.003(012.006), 11.001(004.005), 11.000(009.006), 11.000(010.000.001), 11.001(005.000.001), 11.002(000.018), 10.003(013.000.001), introduced the following problems. Cisco 7500 family processors (RSP1, RSP2, and RSP7000) encounter a Reserved Exception crash or encounter a QAERROR causing a switching complex restart when receiving a runt from an Ethernet interface. The Ethernet interfaces are supposed to filter and count the runt packets, so we are never supposed to see them.
The Reserved Exception crash looks like this:
Queued messages: Aug 14 10:44:16: %RSP-3-ERROR: memd write exception, addr 08000000 Aug 14 10:44:16: %RSP-3-ERROR: RSP alignment error on write to QA, addr 08000000 *** System received a reserved exception *** signal= 0x9, code= 0x0, context= 0x60c72fd0 PC = 0x60107514, Cause = 0x2020, Status Reg = 0x34008702 DCL Masked Interrupt Register = 0x000000ff DCL Interrupt Value Register = 0x00000000 MEMD Int 6 Status Register = 0x00000000
The QAERROR looks something like this:
Jun 17 10:50:23.329: %RSP-2-QAERROR: reused or zero link error, write at addr 0308 (QA) log 260308C0, data A816FFFF 00000000 [CSCdi66673]
•If a system is configured with "ntp master" and has no other NTP associations, it may eventually report that it is unsynchronized.
A workaround is to ensure that there is at least one other NTP association (by configuring an "ntp server" or "ntp peer" on the system, or by changing one of the other systems to use "ntp peer" with the master rather than "ntp server"). [CSCdi67635]
•A problem has been found in RSP code within Cisco IOS releases 10.3, 11.0, 11.1, and 11.2. The failure condition can occur when BACKING-STORE or fair queuing are enabled. The conditions that could cause one of the above behaviors to occur are expected to be extremely rare. However, to avoid these problems, all Cisco IOS RSP releases previous to those listed in the chart below are no longer available.
Cisco highly recommends upgrading all RSP-based systems to one of the Cisco IOS release identified below. For those systems that cannot upgrade, this problem can be avoided by disabling both BACKING-STORE and fair queuing. Please see instructions for this at the end of this message.
When packet load on RSP-equipped systems causes datagrams to be forwarded from SRAM to DRAM, a function of BACKING-STORE, 32 bytes of data may be randomly written into DRAM. This could result in several anomalous system behaviors including: - Software-induced system crashes - Dropped datagrams - Other anomalous errors
To eliminate this problem, Cisco highly recommends downloading and installing one of the following Cisco IOS releases:
Base Rel. Maint Rel. On CCO 10.3 10.3(16a) 11/15 11.0 11.0(12a) 11/22 11.1 11.1(7)CA1 11/18 11.2 11.2(1a) 12/9
The default Cisco IOS image for all new RSP-based router shipments is Cisco IOS release 10.3(16a) effective immediately.
SOLUTION:
FOR CUSTOMERS WITH RELEASE 10.3 Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
Option #2: Below are options to work around this bug.
1) Simply disable backing store on each interface with IOS command 'no transmit-buffers backing-store' Please note each interface needs this disabled.
Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces.
FOR CUSTOMERS WITH RELEASE 11.0, 11.1 or 11.2
Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
Option #2: Below are options to work around this bug.
1) Disable backing store AND fair queuing on each interface with IOS commands
'no transmit-buffers backing-store' 'no fair-queue'
ALSO disable udp-turbo flooding if the image is 11.0 or later The IOS command to disable UDP turbo flooding is 'no ip forward-protocol turbo-flood' which is OFF by default in all releases.
Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces. [CSCdi71609]
•If a system is configured to be both an NTP broadcast client (using the "ntp broadcast client" configuration) as well as an NTP unicast client (using the "ntp server" configuration), and the unicast server is also acting as a broadcast server, the system will not synchronize with the server at all.
The workaround is to configure the client as either unicast or broadcast, but not both. It may also be necessary to remove and reconfigure the "ntp server" configuration if the system is to be a unicast client. [CSCdi72452]
DECnet
•DECnet may fail to work properly when using an area number of 63 for L2 routers. The symptoms are being unable to ping (decnet) between two area routers, one of which is using area 63.x, and having the show dec command report that the 'attached' flag is false even though the show dec route command shows routes to it. The workaround is to use the decnet attach override command to force the router into an attached state. This command is available in Releases 10.2(7.3), 10.3(4.4), 11.0(0.13), and all versions of Release 11.1 and higher. [CSCdi69247]
EXEC and Configuration Parser
•Under some circumstances, the AS5200 may run low on memory or may run out of memory after processing more than 11,000 calls. A small amount of memory may be lost under two conditions, only when aaa new-model is configured: when a user hangs up at the "Username:" prompt, or when a user successfully autoselects with the autoselect during-login command configured. [CSCdi67371]
IBM Connectivity
•DLSW flow control allow max/min flow control window sizes [CSCdi48010]
•Some IBM llc2 implementation devices send a RNR when they run out of buffer and drops the frame. This will cause no data traffic flow for 30 seconds. Non IBM llc2 devices use IEEE llc2 will send REJ rather than RNR and no delay will be noticed. [CSCdi49447]
•With Release 11.0 and a direct Escon-attached CIP, the host may "box" the CIP if the router is reloaded without the CIP being varied offline. This problem has not been seen with CIPs connected through a director or if the CIP is taken offline before the router is reloaded. The workaround is to vary the device offline before reloading the router. [CSCdi59440]
•QLLC may try to initate a connection in the middle of activating a connection. [CSCdi62155]
•A Cisco router may eventually crash if configured with a STUN TCP peer which suffers from hardware issues. [CSCdi62480]
•When running CIP SNA over DLSw, the LLC2 control blocks may not get freed even when the LLC2 session is lost and the DLSw circuit is gone. The workaround is to reload the router. [CSCdi62627]
•Extraneous XID packets could cause the following message to be displayed:
%CLS-3-CLSFAIL CLS Assertion failed file "../cls/cls_entitymanager.c", line 2985 this->fCepState == kCepStateIdReqPending -Traceback= 3272892 304084A 33B8156 33B96E6 3040832 3271056 327118C 326ED4A
This was an annoyance and the message was eliminated. [CSCdi64207]
•When the host pu is not activated, the connect in from DSPU is either sent too fast or sent once only. The configuration parameters RETRIES and RETRY-TIMEOUT in the pu configuration are used to control the number of retries and the period of retry. [CSCdi65090]
•SNA sessions using QLLC over X.25 PVCs do not become active. The following tracebacks are a symptom of this problem:
%SYS-2-LINKED: Bad enqueue of 9600E8 in queue 88380. SNA: Alert xxxxx not sent, Focal point buffer overflowed. [CSCdi66340]
•If the Channel Interface Processor (CIP) card on a Cisco 7000 router is in a hung state, the Cisco IOS software may enter a loop trying to reset it. The following messages will be repeated:
%CBUS-3-CIPRSET: Interface Channelslot/port, Error (8010) disable - cip_reset() %CBUS-3-INITERR: Interface decimal, Error (8004), idb hex decimal cmd_select - cbus_init() %CBUS-3-INITERR: Interface decimal, Error (8004), idb hex decimal cmd_select -cbus_init() %CBUS-3-CTRLRCMDFAIL1: Controller decimal , cmd (128 hex) failed (0x8010)count (16) %CBUS-3-FCICMDFAIL1: Controller decimal, cmd (32 0x00000001) failed (0x8010) count (1)
Looping may be severe enough to require a router reboot.
The looping messages may overrun the logging buffer and thus obviate the reason for the initial attempt to reset the CIP. [CSCdi66420]
•When you issue the show controller cxbus command, the CIP utilization and memory statistics are not shown if the router uptime is 49 days. [CSCdi66467]
•Reloads due to a Seg-V violation at 0x0 are occurring, but the tracebacks are pointing at DLSw. [CSCdi67085]
•dlsw with frame relay pass-thru fails to bring up a netbios windows nt session. [CSCdi68970]
•The router crashes when NSP is configured and is trying to connect back to the owning host. [CSCdi69231]
•Router interface operating in an SDLC secondary role will not respond to TEST P. [CSCdi70562]
•When using DLSw FST, end user sessions may not switch over to an alternate lan or peer path following a connectivity failure. [CSCdi70709]
•The lnm disable global command sometimes prevents stations from inserting into the ring. The workaround is to issue the no lnm rps or no lnm rem interface command. [CSCdi70962]
•If a 2500 or 4x00 router has source route bridging enabled on two or more interfaces and are routing on any other interface(s), the router will drop packets causing session loss. The problem occurs on the stated routers between IOS software versions 10.3(13.0.1) and 10.3(15.3) inclusive. [CSCdi71493]
Interfaces and Bridging
•There is a problem with the SNMP Packets in counter on token ring interfaces of Cisco access routers (4000, 2500 series) which can cause these counts to be inaccurate on the low side. In the case of relatively inactive token rings, this counter can actually underflow, causing SNMP to report that a very large number of frames have come into the interface. [CSCdi21699]
•The "hybridge_input" message may be seen when running bridging over a serial link. This should not be seen any longer since how the message is generated has changed. A rate limited "BAD_ENCAP" message is now generated. [CSCdi48388]
•Show controller t1 after a clear conters shows that there is remote loss of signal when the t-1 is up. This is a display problem only as the pri can be used to place outbound calls. Resetting the csu clears the problem. [CSCdi52688]
•When you perform buffer changes on a serial interface with SMDS encapsulation, the changes are not taken into account after a reload. [CSCdi62516]
•The source-bridge ring-number command allows you to configure a ring-number mismatch. The workaround is to make sure that all bridge devices on ring use same ring number. [CSCdi63700]
•In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory, or when changing the serial encapsulation (for example, from HDLC to SMDS):
%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
The show diagnostics x command reports that the board is disabled. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi66450]
•ppp encapsulation config erased when MIP card is reseated. This occured on version 010.003.007 010.003.008 010.003.012 011.000.009 and 011.001.004. [CSCdi66915]
•Misaligned data accesses in the packet data may negatively affect CPU usage on RSP based platforms when handling SAP or SNAP frames. [CSCdi70402]
•When using custom-queueing feature in conjunction with payload compression on HDLC or Frame-relay encapsulations, traffic regarded as "low-priority" by custom-queueing would be passed uncompressed. This resulted in lower- than-expected compression ratios.
Please note this bug never existed in versions 11.0. It is not an error that this patch was not applied to that source-tree. [CSCdi71367]
IP Routing Protocols
•IPX Enhanced IGRP updates do not propagate if the MTU size is less than the IPX Enhanced IGRP packet size. [CSCdi65486]
•Processing of input offset lists in Enhanced IGRP was disabled erroneously, so offset list processing is not available. There is no workaround. [CSCdi65889]
•When running 10.3(13) IOS, if you have neighbor statements pointing to a subnet broadcast address, it may fail to send updates to that broadcast address. [CSCdi67411]
•OSPF ABR will generate summary for subnet of connected point-to-point interface with wrong cost. The wrong cost is twice as much as the actual OSPF cost of the interface. In topology with more that one ABR, this could create routing loop for the point-to-point interface subnet. In order words, attempt to telnet or to ping the point-to-point interface address from a different area could fail, but the router could still be accessed through other non-point-to-point interface addresses on the router.
There is no workaround. [CSCdi70406]
ISO CLNS
•When configuring the isis router-subcommands max-lsp-lifetime and lsp-refresh-interval, these two lines are saved in the wrong order in NVRAM. This will cause the lsp-refresh-interval to be ignored after a reload (though it stays in NVRAM). During reload the following warning will show up:
%ISIS: Refresh time must be less than LSP lifetime
This bug will cause no real harm, as the router will only fall back to the default lsp-refresh-interval of 15 minutes. There is no workaround for this bug. [CSCdi66787]
•If the IS-IS or NLSP Designated Router goes down, there may be a delay of 10 seconds or more before routing converges again. There is no workaround to this problem. [CSCdi72234]
•Once the apollo network number is configured in the interface, it cannot be
•After upgrading from Release 10.2(11) to Release 11.0(9), a show processor memory command indicated that the IPX SAP table memory usage grew by almost 300%. [CSCdi65740]
•Using IPX Enhanced IGRP can cause a memory leak when a link with an Enhanced IGRP neighbor is flapping. The SAP updates are queued and backed up, thus using increasingly more memory. [CSCdi66169]
•Directly connected SAP's which do not have a internal network numbers are being learned via EIGRP interfaces (i.e via serial interfaces) instead of interfaces from which they were originally heard.
It appears as though the router learns the SAP, sends it into the EIGRP cloud and if the other routers in the cloud do not split-horizon SAP's prefers the SAP being seen from the EIGRP cloud. Once this is created, in certain circumstances it is impossible to remove these SAP's from the table.
The workaround is to have all routers split-horizon SAP's. [CSCdi66719]
•When configuring the nlsp router-subcommands max-lsp-lifetime and lsp-refresh-interval, these two lines are saved in the wrong order in NVRAM. This will cause the lsp-refresh-interval to be ignored after a reload (though it stays in NVRAM). During reload the following warning will show up:
%NLSP: Refresh time must be less than LSP lifetime
This bug will cause no real harm, as the router will only fall back to the default lsp-refresh-interval of 15 minutes. There is no workaround for this bug. [CSCdi66788]
•When using the 'ipx route default' command, IPX Netbios (type 20) packets are still dropped on a router if the source route is not known and the default route is known. It is strongly recommended that when forwarding IPX NetBIOS broadcasts that the extra input and output checking be enabled. The commands to do this are ipx type-20-output-checks and ipx type20-input-checks. [CSCdi68151]
•Valid services may be lost on NLSP routers as a result of normal SAP activity (especially when large numbers of services are poisoned via a RIP/SAP interface on a neighboring router). [CSCdi68274]
•IPX NetBIOS packets which are filtered by router netbios filters do not get freed and may stay in system memory. [CSCdi69212]
•When using EIGRP as a routing protocol show ipx server may display an incorrect negative metric. This error in the display does not affect operations. [CSCdi69226]
•Under certain circumstances, some IPX services learned via NLSP may not appear in the service table. There is no workaround to this problem. [CSCdi71036] removed or modified. [CSCdi71716]
•XNS RIP periodic routing updates may not be sent at regular 30 second intervals. [CSCdi72104]
Wide-Area Networking
•4500 with ATM card blocking with the following message: atmzr_hi_irq_hand(ATM0): Secondary port error [CSCdi58134]
•ISDN NET3 cannot handle incomming FACILITY message when call is connected. [CSCdi60340]
•X25 parameters ignored at startup in some cases. Config is still correct though. [CSCdi60529]
•Dialing into an async line and starting a SLIP/PPP session may fail even though the same IP address was previously allocated successfully for the particular user. [CSCdi63143]
•Exec command Slip /compress and the exec command PPP /compress don't correctly turn on TCP/IP header compression if configuration command service old-slip-prompts is in use, with the async interface configured with ip tcp header-compression passive. [CSCdi64325]
•aip20-8 microcode may cause the AIP board to lock into a state where it transmits corrupted packets, causing debug atm error showing: ATM(ATM9/0.1): VC(1) Bad SAP ... at the receive side of the ATM VC. The transmission of data is usually affected in one direction only. The problem may occur when the input traffic exceeds the average rate configured on the ATM VC, when the bandwidth of the incoming interfaces exceeds the average Rate on the outgoing VC or SVC. A workaround is either to downgrade the AIP microcode to aip20-6 or to upgrade the AIP microcode to rsp_aip205-5, or aip20-9 when available. A short term workaround is clear int atm 5/0 on the transmit side.
The same problem applies for aip10-15 on RP based platforms. [CSCdi67812]
•When dialing into the AS5200 from an I-Courier modem over sync ISDN and then starting a PPP session, the router may crash. This occurs only when login is done on a non-async interface and when extended TACACS is enabled. A workaround for non-async interfaces is to use AAA/TACACS+. [CSCdi68257]
•A router may crash while trying to process a corrupted or malformed Frame Relay LMI message. The problem is independent of platform type. The cause of the corrupted LMI message is currently unknown. [CSCdi68330]
•DlSw router with token-ring starts sending frmr responses without i-field, to sna devices, bringing down the llc2 sessions. Reload temporarily fixes. [CSCdi69576]
•The system can unexpectedly restart if an outgoing PAD call is placed on an X.25 logical channel that experiences a call collision, when acting as an X.25 DCE. [CSCdi69963]
•the restart ack messge we sent out in responsding to the incoming restart message with global call reference, we did not set the call reference value flag to 1. we did set the flag correct if it's not a global call reference. [CSCdi71883]
10.3(13) Caveats/10.3(15) Modifications
This section describes possibly unexpected behavior by Release 10.3(13). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(13). For additional caveats applicable to Release 10.3(13), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(15).
AppleTalk
•According to Inside AppleTalk, 2nd Edition, page 8-18, the router should convert NBP BrRq to NBP FwdReq packets. Instead, the router sends NBP LkUp packets for nonextended networks.
Note: For routers that are directly connected to a Phase 1 (non-Phase 2) router in compatibility mode, the appletalk proxy-nbp network zone command must be used. This will allow the router to convert the NBP FwdReq to NBP LkUp to the Phase 1 router. [CSCdi61668]
•A router configured with AppleTalk Enhanced IGRP takes too long to age-out routes even when the link is down, causing a long convergence time for features such as backup interface. [CSCdi62796]
•IPTalk does not function correctly. IPTalk-speaking CAP servers cannot communicate and is not recognized on the network. [CSCdi64165]
Basic System Services
•The password obfuscation algorithm does not encrypt the whole password if the length of the password is too big. As much password as is accepted should be encrypted. [CSCdi13190]
•[CSCdi42087]
•The queue-list [n] lowest-custom [m] will not appear in a write terminal although it is properly accepted and the functionality is working. [CSCdi46873]
•Under some conditions, the SEEQ will incorrectly pass up runt ethernet packets. We did not previously check for them, and so incorrectly received ethernet runt packets. [CSCdi55978]
•If an interface is clocking faster than the configured bandwidth, the load computation is erroneous. [CSCdi57534]
•An RSP router can crash with a "reserved exception" error because of a software error or an error in the microcode for an interface processor. More than one problem can generate a similar error message and stack trace, which can make this problem hard to track down. See also CSCdi58999, CSCdi60952, and CSCdi60921. [CSCdi58658]
•After BRI interface is put into "administratively down" status using shutdown command, BRI B-channel 1 and 2 show up status when MIB-II ifAdminStatus is received from the router. Customer has NMS system which monitors all network interfaces which are marked "Administatively up". Customers application has problems with BRI B-channels.
BRI B-channels should be marked DOWN in the MIB after whole interface is marked DOWN. [CSCdi59776]
•Cisco 7500 series routers cannot fast switch packets larager than 8192 bytes. These packets are switched at process level, a slower performance path. [CSCdi60295]
•In some cases the snmp-server party and snmp-server context configuration commands may cause a system reload. Neither of these commands verify that the configured OID is not already in use, permitting multiple records to be configured with the same OID, violating the rule that each record must have a unique OID. A common occurrence is to attempt to configure an initialPartyIdentity or initialContextIdentity that conflicts with the OIDs that are automaticially preconfigured per RFC 1447. A workaround is to not configure OIDs that conflict with the initial party and context OIDs specified in RFC 1447. [CSCdi63694]
•Cisco routers with Motorola 68000 microprocessors (such as the Cisco 7000 and Cisco 2500 series) cannot fast switch packets larager than 8192 bytes. These packets are switched at process level, a slower performance path. [CSCdi63695]
IBM Connectivity
•A Cisco 4500 or Cisco 4700 series router might restart with the error message "%ALIGN-1-FATAL: Illegal access to a low address" if RSRB is configured on the router. [CSCdi35905]
•DLSW debug - change dlsw debug to allow more options - netbios, no iframes, etc [CSCdi48007]
•The following message may appear when microcode is downloaded to a CIP with 128M DRAM. DBUS-3-SW_NOTRDY: DBUS software not ready after cxbus_soft_reset(), or DBUS-3-SW_NOTRDY: DBUS software not ready after dbus_slot_enable()
The CIP will be unable to successfully initialize. This may result in other messages, like: CBUS-3-CTRLRCMDFAIL1: CBUS-3-DAUGHTER_NO_RSP:, or CBUS-3-CCBPTIMEOUT: associated with the slot that the CIP is in. [CSCdi50739]
•When autonomous switching is enabled on a CIP interface and the packet is larger than the CIP MTU, the packet is not fragmented.
If this is occurring, use fast switching instead of autonomous switching. [CSCdi52884]
•In a parallel SDLLC network, the ACTPU RSP is never received by the host. [CSCdi55142]
•The problem is that valid multicast explorers that should be handed to the protocol stack are instead being diverted to the srb module and are being flushed by the srb explorer control mechanism.
This problem was introduced by some changes to the token ring interrupt handler in 11.0 and later.
There is no workaround for the diversion, though the flushing can be avoided by raising the explorer maxrate value to some high number. However, this may cause instability in the network.
Note that this bug fix is comprehensive in that several issues regarding multicast explorers and inbound remote explorers have now been resolved.
Paul S. [CSCdi59090]
•This message is harmless. It was added in a previous release to detect a race condition that caused a crash. This ddts fixes the race condition.
Previous crashes that were likely caused by this race condition : CSCdi61278 CSCdi58842 [CSCdi61790]
•It is not possible to configure more than 10 saps in the command syntax of 'dlsw icannotreach saps xx xx ....'. There is no work-around for this. [CSCdi61887]
•When configured on a Channel Interface Processor (CIP) interface, the ip mtu command is removed from the configuration after a microcode reload or EOIR event. [CSCdi62273]
•Connections cannot be established when using IBM process-switched features (e.g. RSRB/TCP, DLSw+/TCP, etc) because of dropped packets
Symptom is "dropped Routed protocol" messages are output when "debug source-bridge error" is enabled
This behavior was introduced by CSCdi61267. Integrated into 11.0(9.4) and 11.1(4.3). [CSCdi62738]
•DLSW netbios can't connect windows NT. [CSCdi62784]
•When you issue the show controller cxbus command, the CIP utilization and memory statistics are not shown if all the CIP interfaces are down, or if no device is configured on either the channel slot/0 or channel slot/1 interface.
In version 11.0 and greater, a workaround is to no shut the CIP virtual interface, channel slot/2 [CSCdi64004]
•Configuring the dlsw remote-peer cost command has no effect on peer selection. All peers displayed in the show dlsw capabilites command show equal costs. [CSCdi64537]
•SDLC using DLSw+ does not reestablish session when PU is reset. [CSCdi64828]
•QLLC may incorrectly set the ABM bit to 0, instead of 1 on Format 3 XIDs that it sends to Token Ring or RSRB. [CSCdi64913]
•If infinite retries is enabled for SNA Service Point using an APPN/DLUR link, some routers (4000, 2500, 7000) may fail with a bus error. The "Stack for process TTY Background running low, 0/2000" message is displayed.
As a temporary work-around, you can specify "retries 1" on the sna host definition. [CSCdi65375]
•A router running remote source-route bridging where the input explorer queue overflows may crash with the message "%ALIGN-1-FATAL: Illegal access to low address from srb_enq." [CSCdi65489]
•On the "show dlsw peer" command, if a peer's state is WAN_BUSY, the tcp queue depth and peer uptime are not displayed. [CSCdi65588]
•Route cache counters in "show interface x/x stats" command are incorrect when router is switching R/SRB packets [CSCdi65943]
Interfaces and Bridging
•Incomming packets to the Hot Standby Router Protocol (HSRP) MAC address are process-switched, regardless of the route cache status on the interface. [CSCdi44437]
•If AAA new-model is configured and an attempt is made to allocate an IP address after the 'ppp' or 'slip command is entered, the address allocated may not be the last address the user was allocated, even if that address is available. [CSCdi49571]
•7500/RSP performance is degregated with ISL,fast-switching and access-lists applied. Work-around is to disable fast-switching on the main interface.
Cisco Systems expects to resolve this caveat in a future IOS release. [CSCdi59825]
•Cisco intends to fix the bug in the future releases of the IOS. [CSCdi62177]
•Router sends repeated Babble errors without an apparent cause in sniffer traces. [CSCdi62232]
•XID frames are not bridged on the 4000 when using version 10.3 (version 11.1 seems ok) This is broken at least in eth/eth or eth/fddi and fddi/eth setups. [CSCdi62520]
•A router running Frame Relay crashes at bridge_enq even when bridging is not configured. The fix put in for this bug does not fix the crash. The fix for CSCdi67157 is the correct fix. [CSCdi63140]
•When passing compressed bridged traffic on HDLC WAN links, many errors of the type "Decompression size error" occur. The router sometimes crashes when processing these packets. This fix causes bridged traffic not to be compressed. The fix is considered temporary until process-level bridging can be made compatible with payload compression. [CSCdi63245]
•In DTE mode, FSIP was looking for DCD and DSR up before declaring the Line UP. In the new ucode, now FSIP will only look for DCD. This behaviour is same as our low end serials. [CSCdi64735]
IP Routing Protocols
•IP accounting does not contain valid entries. The source and destination ip addresses do not exist in the network. The invalid host entries in the ip accounting table only appear at power up and only with the aip card in the 7000. This impacts the accounting and the cpu utilization goes up by approx 10%. There is no known workaround except when the customer removes the AIP. This is known the appear in releases 10.3.5.4 and 10.3.7. [CSCdi45135]
•The HSRP command standby track interface priority cannot track the status of a subinterface. [CSCdi54969]
•Failure in code optimisation may cause a excessive CPU utilisation on a RSP running IOS 10.3 with IP access-lists configured. [CSCdi56019]
•Deconfiguring an IP output access-group on a subinterface causes the IP output access-list checks to be disabled for other subinterfaces of the same hardware interface. [CSCdi60685]
•A problem introduced in Releases 10.3(11.1), 11.0(7.3), 11.1(2.3), and 11.2(0.5) causes OSPF to crash when an OSPF external LSA with a nonzero forwarding address exists and the router has a non-OSPF route for the forwarding address. If the non-OSPF route is removed, OSPF crashes when it reprocesses the external LSA. There is no workaround for the problem. However, in general, no more than one routing protocol should be run over the same topology. If you follow this guideline, no non-OSPF route for forwarding address will exist and the router will not crash. [CSCdi61864]
•When an interface flaps, it is possible for OSPF to remove a healthy network LSA accidently and result in a missing route. This happens in the situation where a segment flaps causing the interfaces of multiple routers to flap at the same time. The DR will bounce from one interface on one router to another interface on a second router and back to the first router. During the transition the network LSA of the common segment will disappear causing that subnet not to show up in the routing tables. [CSCdi61982]
•Regression introduced by CSCdi61328 (in 10.3(12.4), 11.0(9.3), 11.1(4.2) and 11.2(0.14)): A router running OSPF may reload if there are parallel intra-area paths. [CSCdi62870]
•Shutdown interfaces with IP addresses or static routes which point to down next-hops or interfaces may cause the IP cache to be partially invalidated more frequently than necessary. This is particularly evident when there are multiple paths. Workaround by removing IP addresses from down interfaces and/or removing static routes through down interfaces. [CSCdi62877]
•A Macintosh that receives its IP address from a router acting as a MacIP server is unable to ping any IP interface on that router. There is no other operational impact from this caveat. [CSCdi63477]
•The router configuration command neighbor x.x.x.x remove-private-AS could be used to remove Private AS numbers from AS path while sending updates to External neighbors. If the AS-path includes Private and Public AS numbers, Private AS numbers will not be removed.
When used with neighbors external to the Confederation, Private AS numbers will be removed if it is after the Confederation part of the AS path. [CSCdi64489]
•Entries in the IP fast-switching cache can be aged prematurely in some cases. [CSCdi65058]
•A directly connected route may disappear from the IPX Enhanced IGRP topology table if the interface that is configured for IPX Enhanced IGRP goes down and comes back up in in brief period of time, on the order of 2 seconds. The workaround is to issue the shut and no shut commands on the interface. [CSCdi65345]
ISO CLNS
•The LSP lifetime and LSP refresh intervals are not currently configurable in IS-IS. This can result in high LSP traffic in very large networks.
There is no workaround for this problem. [CSCdi64256]
•This is a refinement on CSCdi57308 (ISIS could detect duplicate system IDs).
The routers will now make a distinction between possible duplicate system IDs, and spurious LSP purges, which are probably caused by LSP corruption somewhere in the network. [CSCdi64266]
•On some media/encapsulation combinations, the system may not send an ES-IS IS Hello packet immediately in response to an ES Hello packet received from a new End System. The normally scheduled IS Hello will eventually be sent. There is no workaround to this problem. [CSCdi64354]
•If an IS-IS router is generating a significant number of LSPs, the following erroneous error message may appear when the system is first started:
%CLNS-4-DUPSYSTEM: ISIS: possible duplicate system ID xxxx.xxxx.xxxx detected
This is a cosmetic problem only. There is no workaround to this problem. [CSCdi65078]
•Under some conditions, purged IS-IS and NLSP link state packets may persist in a network longer than necessary. This has no impact on calculated routes. There is no workaround to this problem. [CSCdi65479]
Novell IPX, XNS, and Apollo Domain
•IPXWAN Client mode fails to negotiate properly. [CSCdi42325]
•In rare circumstances, NLSP may not report information learned from RIP and SAP. There is no workaround to this problem. [CSCdi45425]
•The behavior of the "ipx route-cache" command is inconsistent when IPX is not configured on the interface. In particular, when IPX is configured only on subinterfaces, "ipx route-cache cbus" is lost from the primary interface following a reload with this message:
%Invalid IPX command - IPX not enabled on interface
Note that this can be corrected by issuing a "config mem". A workaround is to always configure at least one IPX network on the primary interface. [CSCdi45840]
•On a router running both IPX RIP and IPX Enhanced IGRP, turning off IPX RIP on the router using the command no ipx router rip and then turning it back on again causes a spurious no redistribute rip command to appear under the ipx router eigrp AS command. [CSCdi47813]
•This bug would have slowed down the cpu a little in doing the alignment correction. Other than that, it wasn't really a bug. [CSCdi61153]
•Defining a static IPX route using the peer address of an IPXWAN neighbor may fail with a message about multicast addresses. The workaround is to avoid using eight digit IPX Internal Network numbers which have an odd numbered first byte. A 7 digit or fewer length IPX Internal Address also will not give this error message. [CSCdi61993]
•Under certain conditions an IPX packet may be received which has an incorrect IPX length in the IPX header, the CRC is good and we process this packet. We incorrectly pad the packet to the length specified in the IPX header instead of throwing the malformed packet away. [CSCdi63412]
•CSCdi63412 introduced an alignment error, in particular for IPX frames routed from Token Ring networks with multiring enabled. Alignment errors occur in process-switched and certain fast-switched paths. [CSCdi63741]
•CSCdi58363 introduced a problem where NLSP-learned servicex and SAP-learned services overwrite one another, causing unstable service table information. This is particularly a problem in networks with redundant paths. There is no workaround. [CSCdi63771]
•When using network 'A', it was clashing with the keyword "ALL". So network 'A' could not be used in eigrp routing. This fix will remove that limitation. [CSCdi64830]
Protocol Translation
•On TCP-X25 one step translations, data is not dispatched to the pad connection when the idle timer set by X.3 parameter 4 expires. A workaround is to use two step translation. [CSCdi64955]
VINES
•VINES time server service may get out of synch when the system runs over 49 days. This is because only the low 32 bits of the internal clock counter are used when VINES computes network time. To give accurate time, the total elapsed time since system boot is now taken into account. This problem does not exist post-10.3 releases. When network time is out of synch, it is recommended that you either disable VINES time server service for Cisco IOS Releases 10.2 and 10.3, or upgrade to Cisco IOS Release 11.0 or 11.1. [CSCdi58105]
•VINES clients running Oracle application program can not make connection to a server due to packet reordering when vines route cache is enabled. This problem has been addressed in 10.3(13). A suggested workaround is to use process switching for those applications which can not handle out of sequence packets. [CSCdi59059]
•The system may halt unexpectedly when show vines interface is used. This behavior occurs when non-sequenced RTP is enabled. [CSCdi65525]
Wide-Area Networking
•PPP authentication using method none clears the line when using VTY-Async interfaces.
Workaround is being investigated. [CSCdi50049]
•No user action is required when the ATM-4-OVERSUBSCRIBED appears, so this message has been moved to only appear during debugging. [CSCdi55228]
•The Frame Relay MIB counters, including
frCircuitReceivedFECNs Counter, frCircuitReceivedBECNs Counter, frCircuitSentFrames Counter, frCircuitSentOctets Counter, frCircuitReceivedFrames Counter, frCircuitReceivedOctets Counter,
would be reset resulted by the "clear counters" exec level command for the interface over which the FR circuits were established. [CSCdi60658]
•Serial lines with SMDS encapsulation may take SegV catstrophic failures when enabled after reboot.
There is no workaround. [CSCdi60761]
•It is currently not possible to fastswitch between secondary ip networks defined on LANE subinterfaces. This can make LANE less performant than ethernet. A workaround is available if only one vlan needs to be defined (one LEC). We configure it on the main interface which allows fast-switching if 'ip route-cache same-interface' is configured. [CSCdi60896]
•An error in the AIP ucode introduced in aip177-2/rsp_aip205-2 causes a race condition in the microcode and commands from the RP/RSP are rejected. When this happens, the following console messages are logged:
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1011, VPI=0, VCI=262) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC) %AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Teard own VC command (error code 0x8000) [CSCdi62445]
•The printer printer-name line number global command uses the newline-convert option as default. There is no way to get the router to work without either the newline-convert or formfeed option. [CSCdi63342]
•Part of the fix for CSCdi63245 broke bridging on HDLC links. This fix returns the broken code to its original state. [CSCdi64710]
•[CSCdi64909]
•PAP authentication fails when using TACACS+ as authentication method for PPP [CSCdi66077]
10.3(12) Caveats/10.3(13) Modifications
This section describes possibly unexpected behavior by Release 10.3(12). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(12). For additional caveats applicable to Release 10.3(12), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(13).
AppleTalk
•Users may see AT-2-ASSERTFAILED messages when router is misconfigured. [CSCdi57321]
•ARAP connection failures resulting in BAD EXIT and FORCE QUIT error messages are occuring at higher rates in 10.3(x) releases with the use of 28,800 kbps (V.34/V.fc/V.FAST) modems. [CSCdi57713]
•Router will crash if user queries for services in the virtual zone (configured via the 'appletalk virtual-network' command) from the Mac chooser.
This only occurs in 11.2. For other releases, the source changes contain only minor internal fix. [CSCdi60845]
•MacIP server will not give out IP address to MacIP client if the next address to give out is currently being use by a genuine IP device. The problem is the MacIP server does not skip over that IP address and assign the next available address and the process stucks. [CSCdi61526]
•Router crashed when trying to send ZIP Query to a route that has been poisoned. This is a timing problem where a route comes in, ZIP Query are set to be sent out, but then the route is poisoned. Route flapping can cause this problem.
This only occurs in 11.2. There is minor internal fix to prior releases. [CSCdi61658]
Basic System Services
•Configuring custom/priority queueing on an MBRI interface causes performance degradation. [CSCdi56473]
•If you see the message "%RSP-3-RESTART: interface Serialx/y, output stuck" on an RSP-based platform, you might have problems with the output interfaces. This problem can occur when bursty traffic is optimum-switched to an output interface on which either fair queue or transmit-buffers backing-store is enabled. A possible workaround is to disable optimum switching. [CSCdi56782]
•If you are running SNMP and have more than approximately 512 interface addresses, you may get the following error messages:
% Maximum number of parties reached. % Memory allocation failure
You can ignore this if you are not using SNMPv2 and parties. [CSCdi57672]
•User should turn backing store ON for slow interface processors. Routers without slow interface processors suffer performance degradation during peak activity. [CSCdi57740]
•The first entry of a vty password using password encryption will fail to encrypt the password. In other words, even though password encryption is on, the un-encrypted password will be visible in the configuration. [CSCdi57850]
•Autoinstall is not working in RSP. It is reported only in serial media; but, the problem is there in LAN media too. No workaround. Customer needs to upgrade to newer version which includes the fix for this. [CSCdi59063]
•In Releases 10.3(7) and 10.3(11) with the following configuration, everything after the first method in the aaa authorization exec command is lost after issuing a configure memory command or reloading:
! aaa new-model aaa authentication local-override aaa authentication login default tacacs+ enable aaa authorization exec local tacacs+ aaa accounting exec start-stop tacacs+ aaa accounting network start-stop tacacs+ aaa accounting connection start-stop tacacs+ enable secret 5 $1$Z.9E$zLyE9WxUeaWSMFr/qicia0 !
The problem does not occur if you remove the aaa accounting exec start-stop tacacs+ command. This problem does not occur in Release 11.x. [CSCdi60172]
•Added the following images for CIP2 support:
10.2 - gs7-k2 gs7-p2 10.3 - gs7-k2 gs7-p2 rsp-k2 rsp-p2 11.0 - gs7-k2-mz gs7-p2-mz gs7-ak2-mz rsp-k2-mz rsp-ak2-mz rsp-p2-mz
CIP2 is a new hardware version that requires one of the previously listed images for a particular release of IOS. [CSCdi61227]
DECnet
•A router should send a CLNS redirect even if the source NSAP indicates that the sender is a Phase IV host, if the destination NSEL indicates that this packet is part of intra- Phase V cluster traffic.
The fact that the NSEL indicates intra- Phase V cluster traffic and that the source was a IV host means that the packet was originated by a IV host, converted by the router and sent to one of the Phase V cluster members, who decided that this packet should be sent to one of the other cluster members. In this case, the packet is sent back to the router (since the receiver presumably has no idea where this other cluster member is), and the router should send a redirect to the cluster member who first received the packet, indicating that the intended recipient is on the same LAN. [CSCdi52326]
•A DECnet "advertise" route (i.e. one created by the command 'dec advertise..') always remains in the "Down" state even when there is an ISO-IGRP route corresponding to the DECnet area.
If there is a matching route in the CLNS prefix table, then the DECnet "advertise" route behaves correctly. [CSCdi58806]
•A router running DecNet might present ALIGN-3-SPURIOUS error messages. This condition will occur only if the adjacency between neighbors expires.
It is a cosmetic problem and has no other impact on the router. [CSCdi60716]
EXEC and Configuration Parser
•The "write memory" and "copy running-config startup-config" command now work at privilege level 15.
The remaining "write" and "copy running-config" commands still operate at the users current privilege level due to security considerations. [CSCdi55809]
•The ipx gns-response-delay command will accept a range of values from 0-4294967295. If very large values are entered the configuration will display a negative value and unexpected results will occur. There is no reason to enter such large values (greater than approximately 500 hours). [CSCdi58426]
•The envm polling has been added. It is enabled by default, which means that the CSC/4 polls the ENVM for stats every 10 minutes. When enabled, if you issue a show environment all command from the enable prompt, the current statistics are displayed. If you configure the no envm polling command, the CSC/4 no longer polls the ENVM for stats. When disabled, if you issue a show environment all command from the enable prompt, the last set of statistics is displayed. If you save the no envm polling command in the configuration and then boot the router, the show environment all command displays a message indicating that no statistics have been collected. This command is being added only as a temporary fix for CSCdi33910. [CSCdi61554]
IBM Connectivity
•In extremely rare circumstances, the router may crashed while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]
•When automatic spanning tree (AST) is configured on multiple routers in a high-redundancy topology, a bridge protocol data unit (BPDU) broadcast storm might be triggered. [CSCdi41851]
•When a Synchronous Data Link Control (SDLC) device is reloaded, the connection is not automatically reestablished. To reestablish the connection, issue the configuration commands shut and no shut. [CSCdi42369]
•Low-end platforms cache invalid RIF entries when using any form of the multiring command. This problem can also be seen in the DLSw reachability cache and with possible loops with LNM. [CSCdi50344]
•If a new CIP Internal LAN Interface is added following a dbus internal error, the CIP Virtual Port x/2 may not be found. The workaround is to reload the router. [CSCdi54224]
•Show Dlsw peer shows uptime zero [CSCdi54753]
•For DLSw FST over WAN frame-relay, peers will connect, but user circuits will not connect. [CSCdi57997]
•If you encouter a problem with fras at a level greater that IOS 10.3(7.5) and you receive a message "IBM: Unknown L3 PID, fr_doencap failed" backoff to down to 10.3(7.5) or lower. Engineering is currently investigating. [CSCdi58769]
•When running interim software release 10.3(10.3) the router may produce the following error message:
%DLSWC-3-BADCLSI: CLSI Msg : ENABLE.Cfm DLC_OK dlen: 24 primitive not valid for dlsw Sending Act Ring sw_idb is NULL -Traceback= .....
This message is not a deadly situation and should not cause alarm. [CSCdi58813]
•The router is crashing with message System restarted by bus error at PC 0xD0D0D0D, address 0x0. The crash happens when using promiscuous TCP peers. The crash occurs when peer structures get deleted (transmission line problems, peer routers reloads etc.) while still being used by TCP. THe work around is to define static peers. The fix is now available in 10.3(12.1). If there is a stack trace action_b() will be one of the entries.
Note: CSCdi61278 is a follow on fix to this problem. [CSCdi58842]
•Directed source-route bridge frames with control field of 010 instead of the more usual 010.The architecture supports a control field of 0XX for nonbroadcast frames so this appears to be a bug. [CSCdi59100]
•LNM Resync command does not work with 10.3(10.2) on 7000 if the router is configured for IBM automatic spanning tree support. [CSCdi59890]
•DLSW LLC Ethernet 80d5 bad frames after a llc retransmission [CSCdi60102]
•The router is crashing with message System restarted by bus error at PC 0xD0D0D0D, address 0x0. The crash happens when using promiscuous TCP peers. The crash occurs when peer structures get deleted (transmission line problems, peer routers reloads etc.) while still being used by TCP. The work around is to define static peers. If there is a stack trace action_b() will be one of the entries.
This ddts is a follow on fix to CSCdi58842. [CSCdi61278]
Interfaces and Bridging
•When "ip route-cache cbus" is configured on an interface, there is the potential for intermittent router crashes due to an incoherent cache entry data structure.
If this incoherency occurs and does not cause a router crash, it may instead cause cbus switching to be automatically disabled, and the interface would resort to fast switching (or sse switching if sse switching were also configured). [CSCdi43526]
•On the high-end routers, empty FDDI 17 byte frames without LLC layer were counted as runts though being enabled by the standards. [CSCdi45026]
•FEIP's keepalive will not detect line protocol down (disconnected cable) when configured for full duplex so reliance on this feature to detect cable faults is inaccurate. The only known workaround is the periodic tracking of successful transmissions/reception on the suspect interface. [CSCdi48337]
•Bridging of ipx raw between ethernet and fddi on 4500 does not work in 10.2 for unicast packets. With 11.1 the problem appear for both unicast and broadcasts. 7000 bridging of ipx raw is correct for 10.2 (11.1 untested). [CSCdi53363]
•If a TRIP (token ring interface processor) is present in cisco 7000 series routers, token rings which beacon frequently may cause performance degradation of the router. The source of the problem is tql may increase when a beacon occurs, causing the interface to hold more memd buffers. Performance degradation will result. This is not a problem on cisco series 7500 routers. [CSCdi55758]
•After issuing "sh cont cam" and pressing space bar to page down, the router hangs and has to be power cycled to continue. [CSCdi56241]
•If a serial interface on FSIP sees lots of giants, then there is a chance to get %DBUS-3-CXBUSERR: Slot x, CBus Error. If Slot x has FSIP then look into sh int for this slot. If any of the serial interface on this slot shows giants, then chances are high that this bug is causing the problem. This will happen in both 7000 and RSP. If this error occurs, see sh int of the above slot. The workaround is to load the new image which contains new ucode (fsip10-15 or latter for 7000 and rsp_fsip202-5 or latter for RSP).
/Ramki [CSCdi58194]
•When EOIR is attempted on an IP that is too old to support the EOIR feature, we should tell the user about the problem. Add a new NOEOIR error message to let the user know why EOIR is not working with this old hardware, so that they can upgrade the IP to a version which does support EOIR. [CSCdi58549]
•SABME (for Netbios) are not correctly bridged from FDDI to serial lines (using HDLC encap). The bridging of SABME from fddi to ether and reverse is Ok. The problem appears in 10.2, 10.3, 11.0 and 11.1. [CSCdi58733]
•When using release 10.3 with fddi encapsulate being configured on a FIP interface, the router may reload with a bus error. The error happen if encapsulated packets are in ethernet like format. This problem is specific to 10.3 only. [CSCdi59182]
•If IPX broadcast packets are present on a token ring attached to a 4000, 4500, or 4700 router, and neither IPX routing nor bridging is configured on the router, the router will lose other broadcast packets on the token ring. This can cause secondary failures in protocols such as EIGRP and IS-IS.
A workaround is to configure "ipx routing" (it is not necessary to assign any IPX addresses in the router, so it will not actually participate in IPX.) [CSCdi61501]
IP Routing Protocols
•When using Enhanced IGRP, the auto-summaries advertised could be mishandeled by the router.
This defect will not be fixed in 10.0 because of its low severity and because it was found internally. This is because 10.0 is in its Mature Maintenance Phase. [CSCdi21082]
•The system may fail when a no router eigrp as-number command is issued and there are summary routes present. A workaround is to turn off auto-summary and deconfigure all manual summaries before deconfiguring Enhanced IGRP. [CSCdi57814]
•This bug is introduced in 10.3(10.1), 11.0(7.1) and 11.1(2.0.2). The router could crash when ip address change or upon unconfiguring OSPF following the ip address change. [CSCdi58029]
•A router that receives an ICMP echo request for a network or subnet address that it is directly connected to may send an echo reply with a source address that has nothing to do with the destination network or subnet address in the initial echo request. [CSCdi58660]
•OSPF default-information originate command limits the metric value to be no larger than 65535. However, this value should be allowed to be 24 bits in length. A workaround using route maps exists. [CSCdi58666]
•If an EIGRP candidate default route is overwritten by another protocol, the EIGRP topology table may be left in a state where the candidate default route will not return to the routing table. A workaround to this problem is to clear all EIGRP neighbors. [CSCdi59276]
•If a non-summary route is present in the routing table that exactly matches an EIGRP summary route, but the summary route is not in use (because there are no more specific routes), the route will be advertised only on interfaces on which the summary is configured.
There is no workaround to this problem. [CSCdi59446]
•4500/4700 - HSRP on ethernet interface may come up in a state of init with timers set to 0 upon reloading of the router.
To recover, perform a shut/no shut on the interface. [CSCdi60445]
•Under some circumstances, EIGRP summary routes may remain in the routing table even though all more specific routes that were part of the summary were deleted. The workaround is to delete and reconfigure the summary (if manual) or disable and reenable autosummarization (if automatic). [CSCdi60515]
•A router running EIGRP (Appletalk, IPX, or IP) which has input route filters configured may improperly filter routes that it should install.
Additionally, if a router running IPX-EIGRP receives an update containing an external route that was originated by the router itself, the rest of the update will be ignored.
There is no workaround to this problem. [CSCdi61491]
•IP ARP mobility causes unnecessary routing protocol updates by deleting and then re-adding the same route repeatedly (and hence wastes CPU).
Also, attempts to refresh ARP entries every minute, rather than every keepalive interval. [CSCdi61730]
ISO CLNS
•A router reload may occur when CLNS traffic is fast-switched. This regression affects 10.3(12) and 11.0(9) maintenance releases. [CSCdi57629]
•Under situations of extreme load, ISIS and NLSP may cause packets to be dropped unnecessarily. There is no workaround to this problem. [CSCdi58433]
•If a non-cisco router running IS-IS on a level-1-only circuit is also sending ES-IS End System Hello (ESH) messages, it is possible for the cisco router to not recognize the other router for IS-IS.
A workaround is to filter out the ESH packets using the "clns adjacency-filter es" configuration command in conjunction with an appropriate filter set (which should specify a wildcard, "**", in the last byte of the address). [CSCdi58621]
•A router running IS-IS will not clean up its adjacency database properly when switched from being a level-1/level-2 router to being level-1 only. A workaround is to manually clear the adjacency database (using the "clear clns neighbors" command) on the reconfigured router and on all of its neighboring routers, or restarting the router. [CSCdi58953]
•If IP-ISIS is configured on an unnumbered interface, the route corresponding to the numbered interface pointed to by the unnumbered interface may be reported multiple times in that system's LSP. There is no workaround for this problem. [CSCdi60661]
Novell IPX, XNS, and Apollo Domain
•The NLSP next hop uses a different addressing scheme than RIP. This may cause an issue when setting up dialer maps. A workaround for it is to configure a dialer map that uses the same addressing scheme as NLSP. [CSCdi37797]
•'show access-list xxx' may cause the router to reload while another telnet session is removing the same access list. [CSCdi51235]
•When an EIGRP route is lost, it is placed in holddown. The hold down time takes 300 seconds to expire. This DDTS reduces it to 5 seconds. It also provides a new subinterface command ipx hold-down eigrp AS# xxx where AS# is the autonomous number and xxx is the hold down time in second if the user wants a longer or shorter hold down timer. [CSCdi57042]
•IPX SNMP request sent to the router may accumulate in the input queue when SNMP is disabled, these packets are not processed, possibly causing full input queues. [CSCdi57589]
•Under osbscure circumstances, some ISIS and NLSP link-state packets (LSPs) may not be transmitted on some point-to-point interfaces. There is no workaround to this problem. [CSCdi58613]
•This was because 1. we were not looking at the maximum limit on the number of parallel paths, while learning sap's. 2. we were not pruning the sap list, in case the maximum-paths is reduced. [CSCdi59116]
•Service names with embedded spaces or special characters will not get saved properly in SAP filters, they will be accepted on input but will generate an error when the system is reloaded and the access list is read from non volatile memory. [CSCdi59557]
•Under certain conditions, an alignment error may be generated when an IPX fastswitch cache entry is created. Specifically This can occur on token ring or fddi when multiring is configured and a RIF is present for an odd number of hops. [CSCdi60014]
•Doing 'no ipx router eigrp xxx' may cause the router to reload if there is a lot of saps in the router and while the sap table was changing. [CSCdi60174]
•The following new command sets a maximum limit on the number of cache entries:
ipx route-cache max-size size
size is the maximum number of entries allowed in the IPX route cache.
If the cache already has more entries than the specified limit, the extra entries are not deleted. To remove stale entries, use the ipx route-cache inactivity-timeout time command to select a suitable value for the cache aging parameter. [CSCdi60228]
•IPX Services with a route metric of 1 tick and 1 hop away will show as "conn" in the show ipx server display. Only those directly connected services should show as "conn". [CSCdi60499]
•When the optimal sap is lost and NLSP has an alternate path to the same sap, the alternate sap was never installed. [CSCdi61173]
•If an IPX EIGRP distribute list access-list is changed EIGRP might not be notified of the change and the nieghbors may contain information which violates the filter. [CSCdi61632]
Protocol Translation
•The stream and binary keywords do not have the correct effect on the outgoing TCP connection when translating from X.25 to TCP, if the swap global option is also used. [CSCdi60641]
VINES
•SNAP is the default vines encapsulation on a LAN Extender interface while VINES servers and clients on Ethernet support ARPA. This discrepancy causes network connectivity problem when remote LAN is connected to a core router via LAN Extender. Now the VINES router defaults to ARPA on a LEX interface and either ARPA or SNAP can be configured on LEX interfaces. [CSCdi57934]
Wide-Area Networking
•The ATM Interface Processor (AIP) used with a RSP processor may stop receiving data if OAM cells are inserted in the incoming cell flow. [CSCdi55512]
•The system may unexpectedly restart or print error messages of the form %SCHED-3-PAGEZERO: Low memory modified by Exec, when a pad connection is made specifying an X.29 profile on the command line. A workaround is to turn on debug pad. [CSCdi58587]
•The router may reload if you run "debug ppp negotiation" while negotiating the compression control protocol (CCP). [CSCdi58710]
•ISDN PRI routers running primary-5ess switch type may not accept an incoming SETUP message if the Called Party Number IE has an "unknown" numbering plan. [CSCdi59816]
•Release-note This bug was cloned to CSCdi63716, and ultimately fixed in 11.0(10.3), 11.1(5.4) and 11.2(0.22).
If dialer holdqs are enabled, an outbound call could crash the box. [CSCdi60578]
•Configuring the nasi enable command will result in the following unwanted line in the config:
ipx route-cache nasi-server enable [CSCdi60747]
•ISDN PRI routers running primary-5ess switch type may not accept an incoming SETUP message if the Called Party Number IE has an "unknown" numbering plan. [CSCdi65484]
10.3(11) Caveats/10.3(12) Modifications
This section describes possibly unexpected behavior by Release 10.3(11). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(11). For additional caveats applicable to Release 10.3(11), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(12).
AppleTalk
•An AppleTalk packet travelling from ATM to Ethernet receives an improper 802.3 packet length. This affects the AppleTalk Printer Access Protocol adversely. HP LaserJet printers with the AppleTalk compatible HP JetDirect card discard these packets as invalid or erroneous. AppleTalk print jobs fail. [CSCdi53747]
•The BADEXIT error messages for ARAP need to be more specific about the problem being encountered. [CSCdi57035]
Basic System Services
•Reloading the microcode from ROM on an Interface Processor board in a Cisco 7500 series router can cause the system to enter a rebooting loop that requires a system reload for recovery. The ROM-based microcode on the Interface Processors is only compatible with Cisco 7000 series routers. [CSCdi44138]
•A Cisco 7500 series router can crash if Frame Relay interfaces are active. [CSCdi49868]
•a 7000 running 10.3(9) with MIP and Lex interfaces will incorrectly map ip addresses via snmp to the wrong interface when the interface is newly created. This can be resolved by rebooting the router.
The problem has also been found on a 4700 running 10.3(9) using Lex interfaces off of a NP-CT1. [CSCdi50834]
•The command priority-list is not written correctly in NVRAM. This problem affects prioritization after reload of the router. [CSCdi51014]
•In extremely unusual situations the router will display the following error message on a frequent basis:
%SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000
This message may eventually lead to the router haning. [CSCdi54119]
•On RSP interfaces, optimum switching is supposed to be the default. However, depending on the link order of the image, it can default to off. [CSCdi54567]
•The 32mb memory option on the 4000m splits memory up into 2 discontiguous chunks. This breaks the uncompress routine which expects memory to be contiguous as well as making the upper 16Mb of memory inaccessible. The memory test also fails to recognize the 2 chunks. [CSCdi55171]
•Under some conditions SNMP queries of the CISCO-ENVMON-MIB can cause the system to reload. This occurs when an SNMP get-request is received that tries to retrieve instance 0 of an object in the ciscoEnvMonSupplyStatusTable. Since the instances of this table start with 1, the correct processing is to return a noSuchName error (or noSuchInstance if SNMPv2 is used). A workaround is to not use SNMP get-requests that specify instance 0 for objects in the CISCO-ENVMON-MIB. Instead, applications should either use SNMP get-requests starting with instance 1, or else use SNMP get-next-requests or get-bulk-requests. [CSCdi55599]
•All ATM OAM frames will be dropped on the RSP, and will not be processed. [CSCdi55969]
DECnet
•When DECnet conversion is enabled, discard routes are inserted into the Connectionless Network Service (CLNS) routing table. [CSCdi40503]
EXEC and Configuration Parser
•The exec command "show tech-support" command has been added to help collect general information about the router when reporting problems.
The command does the equivalent to the following show commands: show version show running-config show controllers show stacks show interfaces show buffers show process memory show process cpu [CSCdi47180]
IBM Connectivity
•Interfaces that have physical Units (PU) that are SDLC attached using DLSw+ will hang in the XIDSENT state after forwarding a non-activation XID3 message. Interfaces that have the PU token ring attached are not affected. [CSCdi47090]
•In some cases, the RIF of explorer frames is not checked to ensure that the ring defined as the DLSw+ ring-group has not already been traversed. In the majority of situations, this should not be an issue, but in some topologies it may result in moderately higher explorer traffic loads than are strictly required. Note, there are not any situations in which this would cause an explorer loop. [CSCdi50712]
•In some mixed vendor bridge environments, Automatic Spanning Tree may not become active if the Cisco platform is the root bridge. The message-age-increment option is now available as part of the source-bridge spanning command to assist with the message age count manipulation. This hidden command may be needed when the existing MAXAGE value is insufficient for network diameter and the maximium age is not configurable by the vendor bridges. [CSCdi53651]
•The LAN Network Manager (LNM) fails to link to the router's source bridge after the Token Ring interface is shut down on the remote router. The show lnm bridge command continues to display Active Link to the LNM. This problem does not occur when bridges are linked locally to the LNM. The workaround is to remove the source-bridge command from the Token Ring interface and configure it back in. [CSCdi53954]
•A router may crash when DSPU debugging is enabled on a Cisco 4500 or Cisco 7500 router. [CSCdi54277]
•On the 7500, IPX routes not received from FDDI interface when RSRB traffic is passed. [CSCdi54402]
•There is a problem which results in token ring ports being enabled for use by DLSw even if they are not defined to bridge to a virtual ring group. [CSCdi54558]
•Some NetBIOS applications that require a UI frame in response to Add Name Query cannot connect using a DLSw peer on demand if the NetBIOS circuit is the initial circuit that triggers the peer-on-demand to connect. [CSCdi54796]
•A Sniffer trace shows duplicate ring numbers in the RIF when proxy explorers are in use. New SNA sessions fail to connect to the FEP. The workaround is to issue the clear rif command. [CSCdi55032]
•When using "dlsw peer-on-demand-defaults fst", the FST peer-on-demand may pass user data frames before the FST peer is connected. This may result in the user session bouncing if the peer does not successfully connect. [CSCdi55172]
•When a packet is received for an FST promiscuous peer while it is connecting, packets may be leaked. [CSCdi55219]
•When a DLSw peer router is reloaded and a DLSw peer connection is attempted while ip is converging, the peer conection may enter a connect loop that may cause a several minute delay in the peer connection process. [CSCdi55437]
•no source-bridge remote-peer may cause the router to reload. This has been rarely observed. [CSCdi55919]
•A connection to a DLU (DSPU or APPN) across RSRB may fail if the remote SAP address is not enabled at the destination router. The workaround is to enable the remote SAP address. [CSCdi56660]
•Spurious accesses when source-bridge proxy-explorer configured. [CSCdi56744]
•DLSw FST encapsulation does not work over WAN, Token Ring, or FDDI interfaces. [CSCdi57207]
•In any software image with CSCdi55177 integrated, you will see the DLSw+ backup-peer brought up while the primary peer is still up, approximately 10-15 seconds later. This backup will stay active despite the fact that the primary is connected. [CSCdi58140]
Interfaces and Bridging
•Turning on ipx route-cache sse with microcode version SSP10-12 or SSP10-13 produces a mismatch between the frame length on odd-byte 802.3 IPX packets and the 802.3 length. Novell devices might not recognize these packets, resulting in communication timeouts.
The following three workarounds can be used:
-- Turn off padding on process-switched packets via the command: no ipx pad-process-switched-packets
-- Configure the router for Autonomous Switching instead of SSE switching via the commands: no ipx route-cache sse ipx route-cache cbus
-- Turn off SSE switching: no ipx route-cache sse [CSCdi42802]
•On a 7000 with a Silicon Switch Processor, access lists used for packet filtering which contain an entry matching all IP packets followed by two or more entries can cause the router to reload.
As a workaround, one can remove all access list entries following the entry which matches all packets. Doing so will not change the behavior of the access list.
As an example, change:
access-list 116 permit ip any any access-list 116 permit tcp any any gt 1023 access-list 116 permit tcp any any eq smtp
to:
access-list 116 permit ip any any [CSCdi50886]
•While booting a Cisco 7500 router, the FIP FDDI interface might momentarily beacon the ring, causing ring instability. [CSCdi54444]
•After starting CMT, one second is allowed for the FDDI interface to come up. For some FDDI rings that isn't long enough, and the router should wait five seconds instead. [CSCdi55837]
IP Routing Protocols
•There is a small delay between the time OSPF marks a LSA as deleted and the time the LSA is actually removed. Within this small window, if OSPF receives an old copy of the LSA which has a higher sequence number, probably from some new neighbors through database exchange, OSPF will be confused and not able to remove the LSA. Customer will observe self-originated LSA stuck in the database. The stucked LSA would be removed automatically when the router regenerate a new instance of the LSA. This fix resolves the problem for 10.2 and later releases. [CSCdi48102]
•OSPF put incorrect information in the source field for stub route. It prevents BGP to adverstise this stub route to peer as the route will not be synchronized. This fix put the advertising router in the source field for stub route and avoid the problem. [CSCdi49377]
•The router attempts to make a routing decision assuming the broadcast packet is a directed broadcast. After the routing decision is made, it discovers that it isn't a directed broadcast and then attempts to forward the packet to the helper address(es). Unfortunately, it remembers the interface from the previous routing decision and uses that instaed of the correct path to the helper address.
The workaround for this bug is to use 255.255.255.255 as the broadcast address. [CSCdi50629]
•The error message DUAL-3-SIA may occasionally appear when route flapping occurs in a meshed EIGRP topology. The EIGRP neighgour sourcing the flapped route is reset and routing resumes. [CSCdi54781]
•After a reload EIGRP does not redistribute static routes which are not directly connected. i.e. static routes pointing to a destination beyond another EIGRP router. The workaround is to reconfigure such static routes. [CSCdi57743]
•Attempting to copy an empty startup-configuration to the network will cause the router to reload. [CSCdi58040]
ISO CLNS
•There is no method for altering the transmission rate of IS-IS link state packets in cases where the rate would add undue load to the receiving system. There is no workaround for this problem. [CSCdi54576]
•When the extended option of CLNS ping is used, one of the options that can be specified is the source NSAP that is to be used in the ping packet.
The ping command does not accept any NSAP (for the source NSAP) other than the default value (i.e. the sender's own NSAP). [CSCdi54904]
•The CLNS cache gets invalidated too frequently, and in an environment with heavy traffic, can cause the CPU to spend too much time just purging and re-populating the cache.
The fix is to delay the cache invalidation, and have an appropriate knob to control the frequency of invalidation. [CSCdi56559]
•If IS-IS is running, and a CLNS static route is configured that points to a point-to-point interface on which IS-IS is not configured, and the static route is removed, the system may crash.
A workaround is to either disable IS-IS before removing the static route, or to enable IS-IS on the interface before removing the static route. [CSCdi56815]
Novell IPX, XNS, and Apollo Domain
•An IPX ping sent from a router to it's own ethernet IPX address does not report successful echo on the low end routers. [CSCdi35609]
•If the NLSP database is cleared using "clear ipx nlsp *", any static routes or services installed in that router will no longer be advertised via NLSP.
The workaround is to add or delete another static route or service, or restart the NLSP process by deconfiguring and then reconfiguring it. [CSCdi52574]
•The message "before is_idb" will be seen when configuring an IPX static route, it was a debugging statement accidently left in the software, it may be ignored. [CSCdi54677]
•ipx eigrp-sap-split-horizon is off by default. It should be on by default according to our documentation. [CSCdi54690]
•Doing a "no ipx router eigrp xx" may cause the router to access illegal memory. On the 4500 and rsp, this causes an error message to be displayed. [CSCdi55250]
•If SAP entries remain to be transmitted when the last IPX-EIGRP or RSUP neighbor on an interface goes down, those SAP entries will remain enqueued, and will be transmitted when a new neighbor is detected.
There is no workaround to this problem. [CSCdi55252]
•The default for ipx eigrp-sap-split-horizon needs to be changed to off. [CSCdi55576]
•Adding the command distribute-list access-list out rip to an active IPX ROUTER NLSP process causes the router to display the following error message, after which the router reloads:
Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC)
The existence or absence of the access-list in the configuration does not effect the behavior of the router. [CSCdi55681]
•If there are more than 42 neighbors on a single LAN interface, ISIS and NLSP will be unable to establish neighbor adjacencies. The workaround is to limit the number of neighbors to 42 or less. [CSCdi56547]
•IPX SAP table may not accurately reflect SAP entries learned locally if IPX EIGRP and IPX RIP/SAP is configured at the same time. Some of the SAP entries may show up on the SAP table as EIGRP derived rather than RIP/SAP derived even when the local LAN where the problem SAP sourced, is not running EIGRP. [CSCdi56588]
•The router may reload when turning off and on immediately on an interface that is running IPX. [CSCdi57683]
•The router may reload when running IPX EIGRP due to illegal access to memory. [CSCdi57728]
VINES
•Segments running FDDI/Ethernet may experience disconnects when using certain NICs. The router is dropping packets that are being padded due to the packet length being less than 64 bytes. The fix is to check only if the data packet is greater than the actual buffer size allocated. [CSCdi55508]
•VINES Sequenced RTP (SRTP) broadcasts an RTP update with metric 0xFFFF when a existing route ages out. This is an implicit RTP request. Upon receipt of a route with metric 0xFFFF, all routers, if they know better routes, immediately generate an RTP update to the originator. However, the originator ignores these RTP updates from neighbor routers if the sequence number is older than that of the route just aged out, thus losing the route. This caveat was introduced in 10.2(11.4), 10.3(9.2), 11.0(5.2) and 11.1(1.4). The correct router behavior is to accept any route information when the route is in garbage collection state. [CSCdi58038]
Wide-Area Networking
•Under certain conditions, the router can reload with the message "System was restarted by error - Illegal Instruction, PC 0x300D646." This problem is related to ISDN. There is currently no workaround. [CSCdi45085]
•If the cell burst size is a multiple of 64 the AIP may reset with the error: CBUS-3-OUTHUNG: ATM3/0: tx0 output hung (800E = queue full) This incurs a short temporary interruption of the ATM traffic.
The correction of this fix also enforces the parser to restrict the range allowed for the burst size parameter of the atm pvc command to the legal values [1-63]. [CSCdi45984]
•Groups of 4 ports on Cisco 2511 may have DSR behaving in unison on a single stimulus. Reloading the router is the only workaround. [CSCdi49127]
•Frame Relay switching across an IP tunnel does not work if one of the Frame Relay serial interfaces is configured to be frame-relay intf-type dte.
In addition, when the serial line is configured to be frame-relay intf-type dce or frame-relay intf-type nni, if a frame-relay intf-type command is entered after the desired PVCs have been configured, then the router will fail to send the correct LMI Full Status message. [CSCdi52339]
•Unable to remove "frame-relay de-group" command from interface. [CSCdi54672]
•A heavily loaded X.25 link that is experiencing congestion can, under rare conditions, enter a state where it oscilates between sending a RNR and a REJ. [CSCdi55677]
•uni 3.0 sscop will not return BeginAck PDU back if the Begin PDU is from uni 3.1 version. [CSCdi57785]
•Routers using basic-net3 switchtype may Release a call when an incoming INFORMATION message is received. [CSCdi58183]
10.3(10) Caveats/10.3(11) Modifications
This section describes possibly unexpected behavior by Release 10.3(10). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(10). For additional caveats applicable to Release 10.3(10), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(11).
AppleTalk
•Adding the command appletalk virtual-net network-number zone-name to the configuration of a Cisco 4000 router running Release 11.0(5) can cause the router to reload. [CSCdi51787]
Basic System Services
•There is no way to configure an async line so that software flowcontrol may NOT be turned off by the remote tcp host.
Line command flowcontrol software lock may now be used to specify a flow control configuration that will not change when connected to remote network hosts, using telnet or rlogin protocols. [CSCdi33144]
•Under certain conditions, the router can receive SYS-3-CPUHOG messages during the boot process. [CSCdi45511]
•A transmit buffer mismanagement problem on the EIP on an RSP-based router can cause the message RSP-3-XBUFHDR to be generated. [CSCdi46905]
•When trying to set the MTU on an interface in an RSP chassis (Cisco 7500 series or RSP7000) larger than 8192, the MTU change will fail and report the error message "can't carve anything." [CSCdi50133]
•According to documentation and online help, it's not possible to increase the queue size of output queue 0. [CSCdi50233]
•Under certain circumstances, the "IP SNMP" process can consume almost all of the CPU resources, starving other processes and causing erratic behavior in the device. The most obvious symptom is the loss of TCP connections to the device. The most likely cause of the problem is a flurry of SNMP requests being sent to the device in a short period of time, retrieving large amounts of data. This behavior is usually associated with network auto-discovery mechanisms which retrieve the device's entire ARP cache and IP routing table on a periodic basis. The problem is exacerbated by the fact that some network management applications, by default, perform auto-discovery as often as every five minutes.
A partial work-around is to identify those devices which are performing auto-discovery, and modify their default behavior so that they perform auto-discover on a less frequent basis, if at all.
The permanent solution is to lower the priority of the "IP SNMP" process so that it doesn't starve other processes in the system. [CSCdi50399]
•locIfReason shows 'administratively down' for linkUp trap instead of 'up' [CSCdi51613]
•Transparent bridging with Cisco 7500 series routers may fail if frame crosses HDLC link. [CSCdi52360]
•Memory allocated at system initialization time is displayed as belonging to the "*Dead*" process when a show process memory command is issued. This memory should be displayed as belonging to "*Init*" instead. There is no workaround. [CSCdi53190]
•The cisco implementation of the SNMPv2 Simplified Security Conventions was based on the following IETF Internet Drafts: draft-waldbusser-conventions-00.txt, draft-waldbusser-ssecimpl-00.txt, and draft-waldbusser-ssecov-00.txt. These were later obsoleted by the following documents: draft-waldbusser-conventions-01.txt, draft-waldbusser-ssecimpl-01.txt, and draft-waldbusser-ssecov-01.txt.
Since the differences between the -00 and -01 versions were never incorporated, and since the -01 documents have been expired by the IETF, and since the SNMPv2 party-based model (RFCs 1445-1447) that these documents rely upon has been relegated to historic status by the IETF, support for the Simplified Security Conventions will be removed from all software images.
This is the first step in replacing all support for party-based SNMP with support for SNMPv2C as outlined in RFCs 1901-1908, as well as supporting any new secure SNMP standard produced by the IETF. [CSCdi53343]
DECnet
•This is a feature request to have support for DEC MOP over Frame Relay implemented. [CSCdi49406]
EXEC and Configuration Parser
•The uses statistic shown by the show line exec command does not include packet-mode uses of the line (slip, xremote, ppp, etc.) [CSCdi46565]
IBM Connectivity
•Input bridge access-lists applied to the virtual bridge interface in DLSw+ will cause SYS-2-SHARED error messages and Tracebacks. There is also a minor memory leak as the result of this bug. [CSCdi44347]
•When two or more routers are connected to the same Token Rings, and each uses source-route bridging (SRB), a station on one of the rings might choose a non-optimal route with a path through both routers. In typical (large) networks, this behavior might result in explorer storms as well as suboptimal routes. [CSCdi45116]
•When the dlsw icanreach mac-exclusive and dlsw icanreach mac-address mac-addr commands are issued to specify a single MAC address to be filtered, all traffic is filtered instead. [CSCdi45773]
•When configuring for RSRB via direct encapsulation router will continue to reboot while the remote router is sending keepalives. If the connectoin is broken between router , or the remote router determins the link to be dead, the router will come u [CSCdi45949]
•A Cisco router might report inaccurate traffic statistics. In particular, non-broadcast frame counts might be incorrect if the router is acting as a source bridge on a Token Ring. [CSCdi46631]
•In some configurations of DLSW with local ack, the router does not answer the SABME P from an end station properly. The problem manifests itself when the PC sends SABME P (out) and the router sends UA (in). Some end stations treat this as a violation of the LLC2 specification.
In most instances, the PC sends another SABME P and the router responds appropriately with a UA F.
The workaround is to ensure that the end station (PC) makes more than one attempt to connect to the host by sending at least two SABME Ps. [CSCdi46918]
•When an IP peering protocol is in use in the router (for example, RSRB, STUN, or BSTUN) CLS DLUS (such as APPN and DSPU) may have difficulty establishing LLC2 sessions over RSRB virtual interfaces when the LLC2 path is bridged SRB only (that is, it does not traverse an IP cloud local to this router). [CSCdi47301]
•An incorrect timer reference causes explorer frames to be flushed on interfaces, even when the maximum data rate for explorers on the interface is not exceeded. [CSCdi47456]
•If the attached device is online but does not answer SNRM, the router stops polling after N2 * T1. To clear the condition, reactivate the serial port. A workaround is to configure slow-poll for the interface. [CSCdi47552]
•Under the condition where two token ring interfaces are attached to the same physical token ring and where either:
A) an all routes explorer is generated on that ring
B) a packet with a rif that indicates that the packet should go back onto the token ring it originated on
will cause a bridge loop and cause router cpu to rise as well as increase ring utilization.
This bug fix makes the router check the rif in further detail. [CSCdi48577]
•NETBIOS name recognized frames are now filtered by NETBIOS access-lists as a result of CSCdi36649. This can break some applications and needs to be optional. [CSCdi49101]
•The number of downstream PUs supported should be increased from 256 to 1024. [CSCdi49448]
•NO_REMOTE_STN rsp to REQ_OPNSTN sdlc reconnect [CSCdi49683]
•DLSW+ on C4700 crashes on 'show dlsw reachability' when there are a large no. of local 'icanreach' nodes. [CSCdi50102]
•If peer A and peer B are DLSw priority peers (the keyword priority is on the remote peer definition), and peer A is reloaded, peer B may crash. [CSCdi50155]
•netbios dlsw should not send a test_cmd after a name recognized is received. [CSCdi50382]
•RSRB does not declare the peer dead until the keepalive times out. In order for RSRB to detect the dead peer so that the ring list can be cleaned up properly, set the keepalive value as small as possible. [CSCdi50513]
•Peer on Demand peers (peers that learn of each other through Border Peers) do not connect. The options inactivity timeout and lf lfsize should be added to the dlsw peer-on-demand-defaults command. [CSCdi50574]
•Data Link Switching (DLSw+) will attempt to update its reachability cache based on explorers received on interfaces that have SRB configured, but are not bridged to a ring-group (port-to-port SRB). This causes some unnecessary explorer overhead in these environments. [CSCdi50717]
•This ddts allows cisco to interoperate with other vendors' DLSw 1795 compatible implementations in the area of capability exchange. cisco DLSw was not sending or receiving the Vendor Context control vector that must preceed any vendor specific control vectors. For more detail regarding the DLSw capabilities exchange, please refer to RFC1795.
This ddts also fixes a "bad p_enqueue NULL" traceback in cls_entitymanager.c that is preceeded by a CLS_ASSERT traceback with text "connInd != NULL". [CSCdi50868]
•When using the DSPU feature to map upstream LUs to downstream LUs, the downstream LU may not recover properly after the upstream LU is deactivated and reactivated.
Work-around to avoid this problem is to ensure that deactivation of the upstream LU is complete (i.e. DSPU has deactivated the downstream LU) before reactivating the upstream LU.
Work-around to recover a lost LU is to deactivate/reactivate the downstream PU. [CSCdi51042]
•Removing a DLSw configuration by configuring no dlsw local-peer and adding the DLSw configuration back can cause a memory leak in the middle buffer. [CSCdi51479]
•Applying a source-bridge output-lsap-list to a Token Ring interface when source-bridge explorer-fastswitch is enabled may cause packets permitted by the output-lsap-list to be dropped. The workaround is no source-bridge explorer-fastswitch. [CSCdi51754]
•When a very large number of I-frames are sent by an end station to a DLSw router at the same instant, the following message may appear on the console :
DLSW:CPUHOG in CLS background, PC=0x60549f3c
Since the CPU is being occupied by the CLS background process for a period of time, protocols that involve polling may lose their connections because of to poll starvation. [CSCdi52382]
•Unnecessary creation of RIF entries for bridged IPX explorers. [CSCdi52464]
•When running DLSw+ over Ethernet, the router transmits corrupted frames on retransmission. The restransmission occurs on receipt of a REJ frame from the end station or if an acknowledgement of the frame is not received within the LLC2 t1 timeout. [CSCdi52934]
•A list number greater than 255 on the dlsw remote-peer 0 tcp 172.22.12.128 lsap-output-list list_num command will not be parsed properly. [CSCdi52957]
•A configured explorer maxrate value is lost when the rsp reloads. It is replaced by the default maxrate value.
There is no workaround and the impact can be substantial for large networks, resulting in increased delays for srb connections. [CSCdi53357]
•On any interface defined as encapsulation sdlc, attempting to add an SDLC address lower than all SDLC addresses already defined on the interface will cause the SDLC address poll chain on the interface to become corrupted, resulting in one or more SDLC-attached devices not being polled. Workaround to this problem is to either reload the router, or remove the SDLC address definitions and re-add them in ascending order of addresses. [CSCdi53646]
•When the router is configured to use the DSPU feature, it may crash during deactivation of multiple downstream physical units (PUs). [CSCdi54114]
Interfaces and Bridging
•When a Cisco 7000 router Ethernet interface is the root of a spanning tree and UDP flooding is configured with turbo flooding, packet loops occur. The workaround is to disable turbo flooding. [CSCdi45659]
•%LINK-4-NOMAC: A random default MAC address ... error message is issued at router reload when the FIP is the only LAN interface (no EIP nor TRIP). This may lead to some issues whe transparent bridging is configured as two routers with similar configuration on the same FDDI ring running 10.2 may end up using the same default-mac-addr and same Bridge Identifier. The duplicate default-mac-addr value may impact IPX and XNS as well. [CSCdi49616]
•When shutting or unshutting an interface, the driver could create a zero-length received packet. If compression was enabled on the interface, the packet length passed to the decompression engine would appear to be a very large number. The decompression engine would then proceed to overwrite memory and crash the router.
This fix prevents zero- or outlandishly-sized packets from reaching the decompression engine. [CSCdi51869]
•A bug exists in the MEMD carve code on the Cisco 7000 that can cause bandwidth considerations to be ignored. This might result in nonoptimal MEMD carving. [CSCdi52227]
•In a 4700 with two fddi interfaces configured for bridging, when one of the interfaces moves from a blocking state to a forwarding state that interface may fail to pass unicast traffic. This condition can be cleared by entering a clear interface fddi x, where x is the interface that moved from blocking to forwarding. [CSCdi52756]
•Asynchronous TTY lines on Cisco 2509 through Cisco 2512 devices sometimes stop answering new modem calls. The show line x command output shows the line with modem state in Idle and Hanging-up. A workaround is to configure session-timeout 0 for asynchronous lines. [CSCdi54196]
IP Routing Protocols
•Running multiple Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) autonomous systems might consume all available memory in the router. [CSCdi36031]
•Packet corruption might occur when fast-switching IP packets from ATM interfaces to Token Ring interfaces configured with the multiring command. [CSCdi49734]
•Unconfiguring OSPF can cause the router to reload. [CSCdi51283]
•If two IP-Enhanced IGRP autonomous systems are configured, and an interface address is changed so that the interface moves from one autonomous system to the other, Enhanced IGRP will fail to operate on that interface. The workaround is to delete the IP address (using the no ip address command) before configuring the new address. [CSCdi52078]
•BOOTP broadcasts which are forwarded from unnumbered interfaces using ip helpering do not properly populate the BOOTP giaddr field. [CSCdi52246]
•The set metric subcommand of the route-map command causes an incorrect value to be advertised for the bandwidth metric for IGRP and Enhanced IGRP. The units of the default-metric subcommand to the router eigrp are improper. An improper value is advertised for the delay metric in Enhanced IGRP if it is set using the metric option of the redistribute subcommand to the router eigrp command. There are no workarounds for these problems. [CSCdi52277]
•Under certain conditions, Enhanced IGRP may stop transmitting packets. This may manifest itself as large numbers of routes repeatedly Stuck-In-Active. The workaround is to deconfigure and restart Enhanced IGRP, or reload the system. [CSCdi53466]
•Regular expressions longer than 59 characters in the ip as-path access-list configuration command will cause the router to reload. [CSCdi53503]
•Enhanced IGRP will stop working on an interface if the interface goes down for some reason and then comes back up. There is no workaround to this problem. [CSCdi53903]
•Due to an uninitialized variable, multipoint GRE tunnels in Releases 10.3 and 11.0 may allow non-IP network protocols to be forwarded to all endpoints of the tunnel. This can give the perception that non-IP protocols are capable of being routed over the multipoint tunnel in these versions. Only IP multipoint tunnels are supported in these versions. In Release 11.1, routing IPX over GRE multipoint tunnels will fail. [CSCdi54192]
ISO CLNS
•When using RFC1490 encapsulation for OSI protocols, the system inserts an extra byte into the header. When communication is between two Cisco devices, Cisco encapsulation can be used to work around this problem. [CSCdi40775]
•If two routers running Intermediate System-to-Intermediate System protocol (IS-IS) are connected via multiple point-to-point links and one of the links fails in only one direction, it is possible for traffic to be sent down the failing link and subsequently lost. This is because of a deficiency in the IS-IS protocol specification. There is no workaround to this problem. [CSCdi48351]
•ISO-IGRP fails to install parallel routes into the CLNS prefix table under certain conditions. [CSCdi50714]
•Issuing a CLNS ping to one of the router's own address will cause the router to reload if debug clns packet is on. The workaround is to not have this particular debug on if you need to ping to one of the router's own addresses. [CSCdi50789]
•CLNS packets whose NSAP's have a non-zero N-selector byte are not fast-switched.
The result of this situation is a high CPU utilization, and is more pronounced in an environment where there is heavy CLNS traffic (e.g. large file transfers), [CSCdi52752]
•Routes that are redistributed into ISO-IGRP from another protocol (e.g. ISIS), or from another ISO-IGRP domain, are stored as prefix routes.
When the redistribution is disabled, ISO-IGRP should poison all prefix routes that were being learnt from the protocol that was being redistributed.
ISO-IGRP currently does not do this, and as a result, can cause the routes to count to infinity. [CSCdi53023]
Novell IPX, XNS, and Apollo Domain
•On a Cisco 4000 running Enhanced IGRP for IPX, the router may generate CPU-HOG messages for the IPX SAP process. [CSCdi39057]
•IPXWAN calculates the wrong NLSP metric for the serial interface. Therefore, NLSP may use the serial interface as the next hop router instead of the LAN interface. [CSCdi48717]
•IPX Services advertised by SAP with a missing Servicename are accepted by the Service table, they should be rejected. NetWare Servers when seeing this Service advertised in NLSP LSPs will complain about an "LSP L1 packet received ... has malformed option code 0xc3" [CSCdi50223]
•When an interfaces goes down SAP poisons for Services learned over that interface are sent twice out all other interfaces. [CSCdi50745]
•The ipx interface values of rip and sap triggered delays will get change after a system relaod if you have a global ipx default output rip/sap delay configured. [CSCdi51038]
•On RSP systems using MIP with either HDLC or PPP encapsulation can produce alignment warning message. [CSCdi51183]
•When an interface starts up IPX RIP/SAP networking extra General RIP request, General SAP request, and flash updates are sent. In addition on IPXWAN interfaces configure and negotiated for NLSP the RIP/SAP General Queries are sent which may trigger NLSP "auto" mode in our WAN neighor to switch to sending RIP/SAP packets, which in turn causes us to send RIP/SAP packets resulting in routes being learned via RIP on an NLSP interface. [CSCdi52030]
•Configure ipx update-time on the router without any ipx network number may generate traceback error messages. [CSCdi52234]
•Under conditions where many routes are changing, IPX-EIGRP can block the transmission of service information for long periods of time, resulting in excessive memory utilization. There is no workaround to this problem. [CSCdi52398]
•When using IPX static routes and services over WANs clients may receive "Error receiving from device NETWORK" messages and abort the connection process, most commonly during the attempt to download and run LOGIN.EXE. A workaround is to increase the ipx delay of the Client and Server LAN interfaces on each side of the WAN, this has the effect of increasing the metric associated with the static route and therefor increasing the timeout values used for the connection. Static routes should have a configurable routing metric. [CSCdi52606]
•IPX-EIGRP SAP packets may not be processed for all neighbors. There is no workaround to this problem. [CSCdi52997]
•RIP format error counter is displayed twice on the show ipx traffice screen. [CSCdi53167]
Protocol Translation
•A traceback message, "SYS-2-NOTQ: unqueue didn't find xxx in queue yyy" is printed when closing connections to an X.25 translation using the printer option. [CSCdi38602]
•Release-note:
Only 5 translate statements using X.25 permanent virtual circuits can be read from non-volatile memory upon boot up. If more are required, a work around is to configure them after booting from a terminal or using TFTP. [CSCdi52043]
TCP/IP Host-Mode Services
•Under unknown circumstances, random lines on an ASM will pause indefinitely in Carrier Dropped state. The only way to clear the line is to reload the ASM. [CSCdi44663]
•Opening hundreds of simultaneous telnet connections from a TTY or VTY can cause the software to reload with a watchdog timeout error. [CSCdi47841]
•A router running DLSw may print the following error message when a peer reloads:
%SYS-6-STACKLOW: Stack for process TCP Driver running low, 36/1000 [CSCdi50306]
TN3270
•Async lines connected via TN3270 to remote hosts, receive TN3270 Cursor-move escape strings for each data byte. [CSCdi48513]
VINES
•VINES SRTP on serverless segements running Release 10.3(8) do not send the redirect to the correct network number (layer 3) address. The workaround is to turn off VINES redirects on the serverless segment interface. A sniffer trace of this packet will show an "abnormal end of Vines SRTP." [CSCdi50536]
•Vines recompute does the same calculations as enalbing VINES routing. It should do some different calculations to come up with a different network number. This gives the potential of routers with different mac addresses calculating the same network addresses. The work around is to manually enter a unique address on your network. [CSCdi51823]
Wide-Area Networking
•Removing a TRIP card and replacing it with a MIP card in the same slot of a 7000 will cause memory allocation errors. [CSCdi24243]
•The no x25 address interface subcommand does not remove the X.121 address from an interface. The correct behavior is to remove the address, unless the interface is configured with the DDN or BFE option, in which case the correct behavior is to recalculate the default X.121 address from the IP address configured on the interface. [CSCdi45936]
•Transparent bridging over point-to-point ATM subinterfaces may fail and users may see error messages such as "hybridge_input ATM1/0.3: unexpected idb type ...". The workaround is to replace the point-to-point subinterfaces with multipoint ones. [CSCdi46514]
•A Cisco 4000 series router with ISDN BRI interfaces can run out of timer blocks and crash. Use the show isdn memory command to see if memory is not being freed. [CSCdi47302]
•The dialer fails to bring up an additional BRI interface when both BRI B channels are active and the dialer load threshold load is exceeded. [CSCdi50619]
•Under some unknown circumstances, a Cisco 4000 series router with MBRI will stop transmitting on an ISDN interface. Only a reload of the router can correct this. [CSCdi50628]
•International calls being placed using the Australian Primary Rate switch type of primary-ts014 do not tag the format of the called address field correctly. This results in calls to locations outside of Australia being rejected as unassigned. [CSCdi50927]
•When configuring atm rate-queue and mtu on the same time, the atm rate-queue configuration may not be processed properly, such AIP may not be able to process outgoing traffic correctly, and lead the error of %CBUS-3-OUTHUNG to occur, after the presence of traffic for a couple of minutes. However, The %CBUS-3-OUTHUNG will then result in an atm interface reset which will bring everything back to normal.
The problem will show up only when the two configuration commands are issued quick and close enough. So, the problem will most likely to occur when booting a router with such configurations. The problem will likely not to show up when these two configuration commands are issued sequentially from command line, as the two commands could not be entered so quick and so close to each other (to introduce the problem).
So, the output hang caused by this should recover without human interferring, although it may take a few minutes. On the other hand, 'shutdown' and 'no shutdown' on the atm interface with the configurations, as soon as the router is reloaded, should let everything work normally from the very beginning, without seeing the output hang. [CSCdi51013]
•Asynchronous DLCI status changes from 0x02 (buffer-treshold-normal) to 0x03 (buffer-treshold-exceeded) will generate useless error messages: FR-5-DLCICHANGE: Interface Serial0 - DLCI YYY state changed to ACTIVE There is no impact on router functionality. [CSCdi51629]
•No action is taken when an X.29 Set or Set and Read message containing no parameters is received. The proper action is to reset X.3 parameters to their initial values, and, in the case of a Set and Read, to respond with an appropriate Parameter Indication message. [CSCdi52237]
•If a switched X.25 over TCP (XOT) permanent virtual circuit (PVC) receives a RESET REQUEST from the locally attached device within 2 seconds of an X.25 packet level RESTART REQUEST, the PVC will remain in an unusable state indefinitely. [CSCdi52548]
•Changes to the primary-dms100 ISDN PRI switchtype code to make it conform with the NorTel PRI specification. Changes were not made in response to any field related problems. [CSCdi52751]
•Using multidrop lines on a 5ESS ISDN switch is not recommended. If used, they will have SPIDs. Currently, the SPIDs are send out BRI0 only, so on a router equipped with an MBRI, lines other than BRI0 will not be able to place calls. The workaround is to get point-to-point lines from the telco. [CSCdi53168]
10.3(9) Caveats/10.3(10) Modifications
This section describes possibly unexpected behavior by Release 10.3(9). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(9). For additional caveats applicable to Release 10.3(9), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(10).
AppleTalk
•Routing Table Maintenance Protocol (RTMP) routes are sometimes not aged correctly, resulting in a continually increasing update time. Although the RTMP path is updated, the route in the routing table is not. As a result, the user does not see the route timer and state change. [CSCdi34053]
•ZIP Queries may unexpectedly not be sent to a neighbor if that neighbor has been up for more than approximately 3 weeks. The symptom can be seen by doing "show apple route" and "no zone set" are seen in the routing entries. [CSCdi42908]
•Due to the bug in the low end fastswitching code, the 802.3 header will contain a wrong length when small packets (less than 60 bytes) are fastswitched on the ethernet media. [CSCdi45581]
Basic System Services
•When using 10.3 and cbus1 cards in an AGS+, some of the interface counters can be inaccurate. The counters affected are FDDI ignores, FDDI frame errors, and Ethernet collisions. There is no workaround. [CSCdi39273]
•Available memory will slowly decrease on a router that is bridging IP and that has more than one interface with the same IP address. [CSCdi44023]
•deleting a flash file mentioned in a "boot" config command can cause a reload [CSCdi44152]
•A Cisco 7500 that is fast switching SRB explorers, fast switching IP multicasts, or bridge-flooding packets might crash with a SEGV exception error message and a stack trace that ends in the rsp_fastsend().
A workaround is to disable fast switching of IP multicasting, or fast switching of source-route bridging (SRB) fast explorers by using the no source explorer-fastswitch command. Another possible workaround is to remove or add an IP card, particularly of a different media type. [CSCdi45887]
•Under unknown conditions, a non-fatal error may be displayed that an attempt was made to dismiss while 'blocking is disabled' or that an 'Invalid memory action' was attempted from interrupt level. [CSCdi47152]
•The initial introduction of the following command : snmp-server enable traps envmon
introduced a problem wherein any use of the "snmp-server enable traps" command will automatically enable all envmon SNMP traps. This occurs when the user types in this command, as well as after a router reboot, if any other "snmp-server enable trap" exists in the configuration file. The only workaround is to manually type : no snmp-server enable traps envmon or to disable the envmon traps via SNMP.
Again, this will disable the envmon traps, but the traps will be enabled again on the next reboot. [CSCdi47252]
•If an NTP packet is sent to one of a system's secondary addresses, the system will reply with the primary address of the outgoing interface in the source address field.
There is no workaround to this problem. [CSCdi47415]
•A router configured with snmp-server enable traps envmon will unexpectedly restart when it attempts to send an snmp trap about a redundant power supply failure. [CSCdi47421]
•hostname "" doesn't let router to use the default hostname of "Router". Some protocol usage in this configuration may cause router to hang. [CSCdi47506]
•When configuring many different MTU sizes on an RSP based system, message %CBUS-3-NOBUF: Buffer allocation failure: can't carve anything may appear on the console. A workaround can be to use the same MTU on different interfaces. [CSCdi48055]
•The electrically eraseable programmable read-only memory (EEPROM) in some chassis interfaces is misprogrammed. A show diagbus command indicates that the chassis interface incorrectly has "07" in the first byte of the EEPROM, instead of "01." The system software does not recognize chassis interfaces that have this error. At startup, the following message appears:
%CI-3-CTRLRTYPE: Wrong controller type 10 %CI-4-NOTFOUND: Chassis Interface not found
The output of the show version command indicates:
WARNING: Chassis Interface not present
When these messages appear, the show environment commands do not work, and no environmental monitoring takes place. [CSCdi48075]
•In RSP equipped routers, fast switched explorers which were flushed due to maxrate exceeded, were counted as input queue drops in a show interface, in addition to incrementing the flushed explorer count in a show source. This occurred even when the size of the input queue was not exceeded, and there was no shortage of buffers. This change causes the flushed explorers to only be counted in the show source output. This is a cosmetic change only. [CSCdi49673]
DECnet
•The 'show dec static' command shows bogus SNPA's if the static route that is being displayed points to a non p2p interface, and the SNPA does not have an 'ethernet-like' format (an example is an X.121 address).
This is a cosmetic bug only. [CSCdi46327]
•DECnet Phase IV-to-Phase V conversion might introduce incorrect area routes into the ISO Interior Gateway Routing Protocol (IGRP), if there are DECnet L2 routes on the DECnet side. These area routes show up as "AA00" and are propagated to other routers. [CSCdi47315]
IBM Connectivity
•If the router receives an LLC2 XID packet destined for an X.25 connection (QLLC) that is not yet established, it will drop the packet instead of buffering it until the X.25 connection completes. This behavior will cause connection problems for devices that do not automatically retry and resend the XID pacet. [CSCdi36695]
•The SNA SDLC MIB implementation is based on draft-ietf-snadlc-sdlc-mib-06. This Internet Draft has been superceed by RFC 1747. [CSCdi37617]
•You have to configure access-expression on an interface before adding source- bridge input-lsap-list; you get the error: EXPR: access-expression must be specified alone on interface in the opposite order. [CSCdi37685]
•When router is configured with SRB/RSRB it may experience loss of memory. [CSCdi40888]
•When source-route transparent (SRT) bridging is configured on the router, calls to management functions that are related to source-route bridging (SRB) might not work correctly. [CSCdi42298]
•When user disables and then re-enables a DSPU/RSRB SAP, multiple entries of the DSPU/RSRB virtual ring may appear in the "show source" output.
As a consequence, DSPU/RSRB connections may not become active.
Work-around is to configure "no dspu rsrb localRing" and re-configure. [CSCdi44110]
•When powering up the router messages show indicating alignment errors. These messages do not have any visible effect on the performance of the router. [CSCdi44326]
•When a front-end processor (FEP) initiates a Qualified Logical Link Control (QLLC) connection, a virtual circuit is established, but the exchange identification (XID) negotiation never proceeds to completion. The router sends XID responses as commands, rather than as responses. [CSCdi44435]
•A router might crash if running QLLC and using remote source-route bridging (RSRB) over a serial line to provide the Logical Link Control, type 2 (LLC2) connection from QLLC to an end station or host. The crash only occurs if multiple changes are made to the encapsulation type on the RSRB serial line. [CSCdi45231]
•Outbound access lists were not always being applied to fast switched explorer frames. [CSCdi46182]
•Use TRIP microcode version 10.2 for a workaround. [CSCdi46309]
•When configuring dspu for sdlc connection to a fep there is no way to not code a xid; code a dummy xid. The xid will not be used. [CSCdi46728]
•If a CIP is in the lowest numbered occupied slot in a 7000 or 7500 series router, it will not download microcode properly. The router will display the DBUS-3-WCSLDERR message at boot time. A subsequent "microcode reload" or EOIR of the CIP will work. [CSCdi46899]
•Router configured for DLSw+ getting repeated CLS-3-CLSFAIL and DLSWC-3-BADCLSI error messages under show log. [CSCdi46944]
•DSPU/RSRB connections cannot be established with 10.3(8.2) DSPU/RSRB functionality is okay in 10.3(8.1) [CSCdi46949]
•If a router receives a source-route bridging (SRB) packet with bit 2 of the routing control field set, the router might send back a bridge path trace report frame to a group address, instead of to the source of the original frame. This can cause congestion. [CSCdi47561]
•A downstream physical unit (DSPU) sometimes retries connecting to the host too rapidly, with as many as sixty tries per second, flooding the host with XID packets. This problem causes the NetView log to get congested and run out of storage, which might bring down the host. [CSCdi47803]
•If DLSw with FST is configured, an LLC2 session should not be set up. [CSCdi47888]
•Using the no lnm disable command in conjunction with a CSNA internal Token Ring adapter can cause a bus error. [CSCdi47898]
•When Synchronous Data-Link Control (SDLC) attached Physical Unit 2.1 (PU 2.1) devices are connected over Data Link Switching Plus (DLSw+), if the host device does not respond because the application is down, the DLSW+ circuit does not correctly disconnect. This problem causes the circuit at the SDLC end to be in a Contact Pending state even with no circuit at the host end. This is cleared by shutting down the SDLC interface at the router or by reloading the PU 2.1 device. [CSCdi48227]
•During cross-domain file transfers via Data Link Switching Plus (DLSw+) on a Logical Link Control (LLC) connection, frames might be sent out of sequence. This problem can cause a receiving Physical Unit 4 (PU 4) or Physical Unit 5 (PU 5) to disconnect. [CSCdi48915]
•dlsw remote-peer 0 tcp ip @ tcp-queue-max incorrect. It cant be set to a value greater than 255. [CSCdi49687]
•DSPU error message, DSPU-3-LSXIDNegotiationError, incorrectly reports the bad byte and bad bit fields from the CV 0x22 error vector of an XID3.
The sense data from the CV 0x22 (when present) is also not provided in the DSPU error message. [CSCdi49863]
•Connections to a host cannot be established from a DSPU using virtual telecommunications access method (VTAM) through a Cisco 3172 Channel Interface Processor (CIP). [CSCdi49872]
•Users can not control the tcp-queue-max on peer-on-demand peers (those learned about through a border peer). The "tcp-queue-max" keyword was ommitted from the "dlsw peer-on-demand-defaults" configuration command. This ddts adds this keyword.
Additionally, this ddts enhances the "show dlsw peers" output to show the current congestion level of a TCP peer's outbound tcp queue and also displays the amount of time a peer is connected. [CSCdi49949]
Interfaces and Bridging
•On a 4000 with ISDN BRI interfaces, the link establishment uses too much memory to set up the call causing the link not to come up. [CSCdi37200]
•On a Cisco 4500 router, if you issue the no shutdown command on a Fiber Distributed Data Interface (FDDI) interface, the router will reboot. [CSCdi42429]
•The cisco 1000 product line will receive and respond to unicast packets incorrectly under certain conditions. The problem is exhibited when a protocol that uses a multicast address is enabled (i.e. CDP). After which it is possible for the destination address of incoming unicast frame to hash to the same bucket as the physical address of the router. The frame is then incorrectly accepted and processed. [CSCdi42687]
•BRI commands not recognized by system with both MBRI NPM and CT1/CE1 NPM installed. Work around is to remove the CT1/CE1 NPM. [CSCdi43998]
•The FDDI interface becomes deaf to data traffic, but not SMT traffic. The command clear interface fddi {number} may provide a workaround. [CSCdi44246]
•When a Cisco 2500 runs X.25 over the B channel of a Basic Rate Interface (BRI), it sends the idle character 0xFF (mark) instead of the idle character 0x7E (flag). X.25 requires flags, not marks, for the idle character. [CSCdi44262]
•If TACACS+ returned an IP address during SLIP or PPP Authorization (during command processing at the exec level), the peer address would be ignored unless 'async dynamic address' had been configured. [CSCdi47013]
•Transparent bridging and the HSRP protocol cannnot be simultaneously enabled on Fast Ethernet interfaces. Random crashes occur, which can result in image or memory corruption. [CSCdi48646]
•Serial interfaces that are down but not administratively disabled might periodically reset with the error "(8010) disable - fsip_reset()". [CSCdi49431]
IP Routing Protocols
•ARP throttling not working [CSCdi43596]
•Under some circumstances, when a DVMRP neighbor becomes active over a DVMRP tunnel, the tunnel will not be added to the outgoing interface list for existing multicast routing table entries.
Workaround is to do a "clear ip mroute *" after the neighbor becomes active. [CSCdi46003]
•If two OSPF processes exists and redistribution is configured, when a connected OSPF interface for the redistributed OSPF process go down, the router could crash. [CSCdi46409]
•If a router is incorrectly configured with an autonomous system (AS) placed in a confederation it is not part of, the confederation information within the AS path will be incorrectly propogated. The workaround is to configure the router correctly. [CSCdi46449]
•EIGRP packets are sent out on async interfaces which normally should not be routing unless configured with async default routing. [CSCdi47184]
•If there is a gateway of last resort in the routing table, packets that should be forwarded to a helper address are instead send out the interface to the gateway of last resort. The destination ip address is filled in with 0.0.0.0 in the packet header. If there is no gateway of last resort, this problem should not occur.
There is no workaround for this problem. [CSCdi48312]
ISO CLNS
•ISO Interior Gateway Routing Protocol (IGRP) will not work when interoperating between Motorola processor-based Cisco routers (older routers such as MGS, AGS+, or Cisco 7000) and millions of instructions per second (mips) processor-based Cisco routers (later routers such as the Cisco 4500, 4700, or 7500). [CSCdi44688]
•When ISO-IGRP is running on a router, and a CLNS default route is configured, the ISO-IGRP routing table entry corresponding to the local entry shows "*Unknown SNPA*", instead of the usual "--".
This is purely cosmetic in nature, and has no impact on CLNS routing functionality. [CSCdi47322]
•ISIS fails to install more then one Level2 route in the CLNS routing table, when there are multiple equal-cost paths to the other area available. As a result there is no CLNS loadbalancing for destinations in another area. [CSCdi48162]
•When DECnet IV/V conversion is on, and the Phase V protocol is ISIS, ISIS adjacencies in the adjacency data base can end up with an adjacency format of "Phase IV".
This can happen if a DECnet IV hello was received first, in which case DECnet creates a Phase V adjacency in the adjacency data base, and marks it as "Phase IV". When the ISIS hello comes in a little later, ISIS fails to modify the adjacency format to be "Phase V".
A snippet of a display from the customer's router is attached below:
KCCR01# sh clns is
System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase IV ...
Clearing the table and re-issuing the "show" command shows:
KCCR01# sh clns is
System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase V
Basically, the problem will show up when the DECnet hello comes in first. [CSCdi48461]
Novell IPX, XNS, and Apollo Domain
•Use of the command no ipx sap-uses-routing-info causes Services learned after sap-uses-routing-info was disabled to not be propagated out other interfaces, included responses to SAP queries and GNS queries.
Workaround is to enable ipx sap-uses-routing-info. [CSCdi46812]
•The IPX fastswitch cache (IPX route cache) can grow large over time if many end hosts are active and the network and configuration are stable. This is because cache entries are not normally invalidated as long as the destination network is reachable. On routers which are already low on memory, this can create various problems. A workaround is to issue the "clear ipx cache" exec command periodically. [CSCdi46978]
•When an IPX static route is configured to be associated with an ipx interface which is presently down the static network defined in the static route is advertised as reachable until the interface state changes, it should not be advertised until the link comes up. [CSCdi47023]
•the configuration of ipx delay to set a ticks value for an interface allows too large a value, the current range is 0 thru 1000000, the maximum value should be 65535. [CSCdi47086]
•Parallel equal bandwidth IPXWAN links may calculate different NLSP metrics. [CSCdi47276]
•Services added to the Service Table which have no direct route to their network but do have a default route are not being re-advertised out other interfaces. [CSCdi47299]
•Network FFFFFFFE is ignored when the handling of FFFFFFFE as the 'The IPX Default Route" is disabled, when default route handling is disabled FFFFFFFE shouold just be another ipx network as is is in 10.2 and earlier releases. [CSCdi47314]
•When debugging ipx sap events debugging is displayed for failure to forward packets which are not sap packets. [CSCdi47413]
•NLSP and ISIS may report corrupted LSP checksums. There is no workaround to this problem. [CSCdi47916]
•The ipx accounting command does not get removed after no ipx routing is configured. The workaround is to issue no ipx accounting command before disabling routing. [CSCdi48651]
•On 4500 systems using token ring IPX SNAP encapsulation can produce alignment warning message. [CSCdi49352]
•When an Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) route is advertised back into Routing Information Protocol (RIP), the delay within the Enhanced IGRP cloud is not properly taken into account in the tics metric value of the route when it is redistributed into RIP. The RIP advertised route might then look closer than it really is. [CSCdi49360]
•When an interface goes down, services that are not learned over that interface are marked as down. This behavior might cause excessive SAP packet generation because packets are flooded first as down, are then learned, and are finally flooded again as new. [CSCdi49369]
•If IPX Enhanced IGRP is running, the following command sequence might cause the router to reload: interface serial no ipx network no ipx routing [CSCdi49577]
TCP/IP Host-Mode Services
•If an IP helper-address is configured on an interface, the router will fail to forward directed broadcasts sent to a MAC broadcast address. [CSCdi47639]
•When a DLSw remote peer brings down a TCP connection during the peer connection sequence, the partner DLSw router may crash. This ddts fixes this problem by adding better communication between DLSw and the tcp driver. [CSCdi47801]
TN3270
•TN3270 does not assume the appropriate 132 x 27 dimensions when set up as a Model 5 (MOD5) terminal. [CSCdi44497]
VINES
•VINES servers located downstream might unexpectedly lose routes that were learned via Sequenced Routing Update Protocol (SRTP). This behavior results from improper handling of network sequences numbers by the system. Issuing a clear vines neighbor or disabling SRTP are suggested workarounds. [CSCdi45774]
•A Cisco router reloads when it receives incorrectly formatted Interprocess Communications Protocol (IPC) packets from the VINES application software Streetprint. The VINES IPC length field should contain the number of bytes that follow the long IPC header in a data packet, but Streetprint incorrectly sets the IPC length in each IPC message to the total number of bytes of all IPC messages. [CSCdi47766]
•If a Vines-configured serial interface is down, then a small-buffer memory will occur. This leak will occur for as long as Vines is configured on the interface, or as long as the interface is down. [CSCdi48180]
•Vines clients using Bluemail get the message "time not available" on serverless segments connected to a 4500 or a 4700. The only workaround is putting a Vines file server on the segment. [CSCdi48247]
•Lost connectivity to Vines server co-incides with appearance of Align-3 message on console. Router is configured for Vines SRTP routing. SH ALIGN reports a number of spurious memory access errors pointing to the same SRTP procedures. [CSCdi48252]
•A simple vines access list (in the range 200-299) is used to filter time updates. This should be applied with the global configuration command vines time access-group 2xx.
The parser incorrectly accepts the interface configuration command vines access-group 2xx which can yield unexpected results.
The workaround is to use the correct configuration as specified in the "Router Products Configuration Guide". The example in the "Router Products Command Reference" under the vines access-list (simple) is incorrect up to and including the 11.0 documentation. [CSCdi49568]
•Async interface connections hung up in heavy load conditions. Async
•When routing an X.25 call request packet containing a Calling/Called Address Extension facility, sometimes the Calling/Called Address Extension facility is inadvertently modified. [CSCdi41580]
•An X.25 interface might hang if the Link Access Procedure, Balanced (LAPB) layer gets stuck in the RNRsent state. This might occur if virtual circuits (VCs) receive encapsulated datagram fragments that are held for reassembly, and the number of these fragments approaches the interface input queue count. The LAPB protocol will not exit the RNRsent state until the number of held buffers decreases. This condition can be cleared if a shut /no shut is performed on the interface, or if the other end of the LAPB connection resets the protocol. [CSCdi41923]
•If a new permanent virtual circuit (PVC) is defined on an ATM Interface Processor (AIP) when existing switched virtual circuits (SVCs) and PVCs are already defined, an interface reset might occur with a subsequent restart of all SVCs. [CSCdi43779]
•On reload an X.25 interface can enter the 'protocol up' state before all of the interface's configuration commands have been processed. This can cause problems if the X.25 configuration includes commands that will not take effect while the protocol is up (i.e. modulo, default window and packet sizes and the VC range parameters).
The symptom of this problem is the printing of 'Parameter held until RESTART' messages while the router image has not completed its startup. In particular, the PVC configuration commands will be refused if commands to modify the default VC ranges are held off. [CSCdi45199]
•When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command. [CSCdi45360]
•Running X.25 Defense Data Network (DDN) encapsulation on a Cisco 2500 serial port might cause the router to reload. This problem appears to be the result of mixing x.25 switching and X.25 DDN. A workaround is to shut down the serial interface. [CSCdi45673]
•When configuring 2 routers back-to-back via ATM using SMDS encapsulation, you may experience intermittent ping failures.
Cisco Systems expects to resolve this caveat in a future AIP microcode version. [CSCdi45807]
•Under certain conditions XOT data might be delayed by the router. [CSCdi45992]
•The router can reload if two PAD connections were initiated if "debug x25" and "terminal monitor" are enabled on one of the PAD connections while the other connection is doing constant pings. [CSCdi46665]
•Routers with ISDN BRI interfaces which use the isdn switch-type basic-net3 command may experience BRI port failures dues to all network layer control blocks (NLCB's) being used and never released. Once all NCLB's and call control blocks (CCB's) are used and hung, a reload of the router is required to use the BRI interface. The problem does not apply to ISDN Primary Rate interfaces (PRI).
A possible workaround is to set the dialer idle-timeout value on the BRI routers connected to NET3 switches higher than the timeout value of the other router or routers connecting via ISDN. This assumes the other router or routers do not have BRI's connected to NET3 switches, as they would have the same problem. This also requires knowledge of the dialer idle-timeout value configured on the other router or routers.
The problem does not occur if the call hangup is initiated by the ISDN network rather than the BRI router connected to a NET3 switch.
11.0(2.1), 10.3(6.1) and 10.2(8.5) were the first available versions which exhibited the problem. [CSCdi46668] interfaces use standard keepalives suited to faster and high bandwidth interfaces. [CSCdi48054]
•The IPXCP Configuration Complete option is not supported. This is an advisory option to indicate that the sender thinks that no more negotiation is necessary. The option will be supported in a future release of IOS. [CSCdi48135]
•Incoming 64kb voice calls will not work. An incorrect assumption was made at implementation. [CSCdi48606]
•There are some errors in the prompts when configuring frame relay.
In some instances the user is given a help prompt that indicates RFC1294 encapsulation is about to be configured.
This is erroneous. RFC1294 is obsoleted by RFC1490.
As of IOS release 10.3 Cisco uses RFC1490 for bridged and routed protocols.
These errors are all cosmetic.
No work around is required. [CSCdi48715]
•When booting a router on which all ATM interfaces are in a no shut state, you need to issue a shutdown and no shutdown command sequence on one of the ATM interfaces to make Service-Specific Connection-Oriented Protocol (SSCOP) fully initialized and to allow ATM signaling to function properly. [CSCdi49275]
•If Cisco's enhanced Terminal Access Controller Access Control System (TACACS+) is enabled, you cannot specify inbound authentication on the Point-to-Point Protocol (PPP) authentication configuration line. [CSCdi49280]
XRemote
•Xremote does not work if attempted from telnet connections. [CSCdi49862]
10.3(8) Caveats/10.3(9) Modifications
This section describes possibly unexpected behavior by Release 10.3(8). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(8). For additional caveats applicable to Release 10.3(8), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(9).
AppleTalk
•AppleTalk Transaction Protocol (ATP) packets might be incorrectly sent to a multicast address instead of a unicast address. This can cause problems such as the inability to login to an AppleTalk server. [CSCdi44145]
•AT eigrp doesn't update fast cache entries when eigrp routes go away. Therefore, it is possible that the fast cache may contain invalid entries when running AT eigrp. This fix corrects this problem by invalidating the fast cache entries when eigrp routes go away. [CSCdi46975]
Basic System Services
•When fast-switching is enabled on an async interface, configured with PPP/CHAP and tacacs+ network authorization, a per-user access list applied by the tacacs+ server may stop working as soon as permitted traffic has passed through the interface. Configuring no ip route-cache on the interface will prevent the problem at the expense of slower performance. [CSCdi39791]
•When configuring a new protocol to be routed, the router will bring down existing ISDN connections. Examples are "ipx routing" or "no vines routing". This is an inconvenience when telnetted into the router over ISDN to configure another protocol. [CSCdi42391]
•If a packet being bridged either exceeds the maximum size or is too small a crash may occur on the 10.3 release. For the 11.0 release and later, the problem exhibits itself as an alignment error. [CSCdi43513]
•When doing Tacacs+ authorization, any server message returned by the Tacacs+ daemon in an authorization response is ignored i.e. not displayed to the user. [CSCdi44055]
•When polling sysObjectID from an AGS+ running 10.3, the value is incorrectly returned as 1.3.6.1.4.1.9.3 instead of the proper 1.3.6.1.4.1.9.11 value. [CSCdi45218]
•Certain snmp manager (cabletron) machines look at the ipRouteType field of a query (rfc1213) to find out if the network reported is directly connected or not. When we report a static route to the snmp querier we always put the ipRouteType as "direct(3)" which stands to mean directly connected which is not true in all cases. [CSCdi45367]
•fastswitching with some encapsulations can cause the router to crash. The workaround is to disable fastswitching. [CSCdi45414]
•When authenticating using tacacs or extended tacacs with PAP on an interface which is not an asynchronous line, the system may reload if the principal's username and password also exist in the local database. [CSCdi45530]
•SNMP sets to the writeNet, hostConfigSet, or netConfigSet variables can cause the router to reload. Workaround is to not issue sets to these variables until the problem is fixed. [CSCdi45948]
•Polling the following Management Information Base (MIB) variable causes the Cisco 7000 router's CPU utilization to exceed 90 percent: .iso.org.dod.internet.private.enterprises.cisco.local.linterfaces. lifTable.lifEntry.locIfOutputQueueDrops [CSCdi45961]
•use of HSRP in heavy traffic situations can cause RSP-3-ERROR reports and cbus resets. [CSCdi46654]
•When querying the variable dot1dBaseBridgeAddress from rfcs 1286 and 1493, the value ffffffffffff is returned rather than a unique identifier for the router.
This will cause the discovery mechanism of IBM bridge management software (Lan Network Manager for AIX) to fail against Cisco Routers. [CSCdi46677]
DECnet
•Switching of DECnet Phase IV packets may be slow when the packets need to traverse a Phase V cloud (i.e. when DECnet IV/V conversion is involved).
An illustration of this problem can be seen by issuing a 'SET HOST' command from one Phase IV host to another over a Phase V cloud, and noticing that the connect can take about a minute to complete. Normally this operation should take a few seconds. [CSCdi38569]
•Decnet Conversion should make validity checks. [CSCdi44859]
EXEC and Configuration Parser
•If you configure a nondefault Fiber Distributed Data Interface (FDDI) transmission time and save the fddi valid-transmission-time to nonvolatile random-access memory (NVRAM), the system will reload when the boot monitor reads the command from NVRAM at boot time. If a nondefault time is required, the workaround is to boot that portion of the configuration using the boot host command. [CSCdi37664]
IBM Connectivity
•When applying NetBIOS access lists with rsrb remote-peer access list statements on a system with active SRB traffic, the router may reload due to a bus error. The fix changes the system code so that it handles these conditions in a more graceful manner. [CSCdi18993]
•Some token ring packets that are parsed can end up with the RIF field aligned on an odd byte boundary, causing this message %ALIGN-3-CORRECT. [CSCdi35413]
•When a MAC Address cache entry is configured with a mask or a NetBIOS name is added with wildcards to the cache, they are not handled correctly by the DLSw+ reachability cache. The same problem exists when the resource names are received with wild card or mask from the remote peer as part of the peer capabilities exchange process. [CSCdi36046]
•Mis-aligned routing information field in SRB packets cause an error message to be displayed. This error message is only seen on routers with MIPS processors (4500, 4700, 7500). [CSCdi36169]
•The counters for "Processor" and "Route cache" switched packets are incorrect in the "show interface interface-id stats" command output.
When a packet cannot be fast switched using the route cache, the packet must be switched by the processor.
The counters for "Route cache" switched packets are incremented even if the fast switch of a packet fails.
The counters for "Processor" switched packets are incremented correctly. [CSCdi41891]
•In a FRAS configuration: if IOS on the TokenRing sends an XID to the FEP or 3172, and there is no response, IOS puts about 4K of memory into the 'Per Minute Jobs' under 'show proc memory'. This memory is never released back into the Free pool (memory leak). [CSCdi42475]
•Currently the IOS will warn the user if a duplicate bridge is defined in the router. This condition should never be permitted. [CSCdi42740]
•When an SDLLC or QLLC virtual ring is configured, explorers may be incorrectly forwarded to the interface corresponding to the 3rd ring in the routing information field (RIF). [CSCdi43378]
•On low-end systems for a DTE router interface, after a router reload, SDLC packets are identified as HDLC packets by the serial driver until a shut/no shut command is performed for the interface. This causes occassional packet drops without any trace, if the byte pattern happens to match that of other protocols. This can also cause serious performance problems. [CSCdi43686]
•Using the SRB proxy-explorer feature with SRB autonomous switching on FDDI can cause incoming packets to be dropped by the FDDI interface. The work around is to disable the SRB proxy-explorer feature or disable SRB autonomous switching on the FDDI interface. [CSCdi44095]
•When configuring "netbios name-cache timeout", the parser help incorrectly specifies the units as seconds. The actual parameter used and the documentation correctly specify the units as minutes. Any value greater than 35000 for this value is accepted but will give unexpected results. [CSCdi44259]
•If an end-station is continuously connecting/disconnecting to DSPU, the router may begin losing memory in 2K blocks.
The router will not recover this memory without reload. [CSCdi44393]
•SRB bridged packets may be dropped when the router is configured for RSRB direct, and priority/custom queueing is enabled on the output Serial interface. A work-around is to disable priority/custom queueing on the Serial interface. [CSCdi44430]
•The data portion of a multicast IPX explorer packet might be corrupted when being fast-switched. [CSCdi44672]
•The Cisco AGS+ router intermittently re-boots if the router has at least one 2-port TR card and one 4-port TR card, and "source-bridge explorer-fastswitch" is turned on. [CSCdi45131]
•When configuring proxy-explorers on an interface that is bridging IPX traffic, the router would detect invalid memory accesses and display the following message:
ALIGN-3-SPURIOUS: Spurious memory access made at 0xnnnnnnnn reading 0x1 [CSCdi45258]
•When configuring more than 2 interfaces in a ring group, where the interfaces are bridged into the ring group using different bridge numbers, explorers would not be forwarded out all the interfaces in the ring group. [CSCdi45373]
•Dlsw is causing some traceback messages to occur.
Not sure if this is impacting user connectivity at this point. [CSCdi45407]
•Release-note: A router configured for QLLC support of a PU 2.0 to a host may ignore the null XID response from the host, and not send the XID T2 on behalf of the controller. [CSCdi45514]
•When configured for DLSW+ with SDLC when and if application is taken down on host system SDLC controller will not respond. Recovery would be to reload SDLC attached controller. Show interface on router will be in a XIDSENT state. Fix integrated in later release. [CSCdi46028]
•The cost from capabilities exchange was being ignored by the peer. With this fix, When cost is not configured in the remote-peer statement, the cost received from the remote peer in the capabilities exchange message is used. [CSCdi46574]
•Router configured for DSPU crashes at _CLSCepCheck while making DSPU config changes. [CSCdi46820]
Interfaces and Bridging
•Low-end routers do not check collisions or keepalives to determine line protocol up/down. High end routers check both to determine line protocol up/down. [CSCdi32464]
•The serial interface on a Cisco 2500 series router enters a looped state if it is configured as a backup DTE interface and if the cable is disconnected and reconnected a few times. To fix the problem, enter a clear interface command. [CSCdi32528]
•Mis-alligned packets causing %ALIGN-3-CORRECT messages in a token ring environment. [CSCdi35920]
•Secure Data Exchange (SDE) encapsulation used with bridged virtual LANs (VLANs) is corrupted in some environments. This may manifest itself in lost traffic between VLAN-connected networks. The environments known to be affected include connections across HSSIs, Token Ring interfaces, and Fast Serial Interface Processors (FSIPs). The SDE encapsulation works correctly across Ethernet and FDDI. [CSCdi36792]
•Any protocols that make use of multicast addressed frames (e.g. OSPF, RTMP) may loose its information due to the fact that the FDDI interface may stop receiving multicast addressed frames, which is usually detected only after a couple of hours the system is up and running. [CSCdi38185]
•A Cisco 7000 series router configured with a Silicon Switch Processor (SSP) might sporadically reload when main memory is low. [CSCdi43446]
•Enabling SSE for IP might cause the system to crash. The workaround is to perform the no ip route-cache sse command. [CSCdi44414]
•When bridging is configured on interfaces not capable of silicon switching engine (SSE) bridging, then SSE bridging for all interfaces on the router is disabled. The workaround is to use cBus bridging. [CSCdi45124]
•Without this fix, compression statistics for compression on HDLC-encapsulated lines will not be updated. The result is a display of all zeros...
Even without the fix, compression continues to work, but evaluation of compression ratios is complicated. [CSCdi45308]
•The output of show controller cbus on an SSP will will be inconsistent when reporting the Altera version number. [CSCdi46074]
•On the 7000, sometimes you will see an error like the following when you remove an interface processor card. For example, the following error occured when I removed an interface processor from slot 1:
DBUS-3-DBUSINTERR: Slot 1, Internal Error %CONTROLLER-2-CRASHED: Interface Processor in slot 4 not responding (8004): shutting it down
This error occured because the software was trying to access the card after it had been removed. [CSCdi46228]
•The MIP board will continue to experience output drops in severely bursty traffic; this fix will allow more smaller packets to be locally queued on the mip. [CSCdi46383]
IP Routing Protocols
•When EIGRP split horoizon is disabled on the 7000 PRI interface, the routing updates are not properly sent to the remote routers causing routes to be removed. When split horizon is enabled, routing is OK. [CSCdi32436]
•A system running OSPF might reload when configuring a controller T1 with a channel-group time-slot assignment. [CSCdi43083]
•MAC Burned-in-addresses (BIA) can sometimes replace the HSRP group MAC address for the HSRP IP address in the ARP table. [CSCdi43875]
•Attempts to route Internetwork Packet Exchange (IPX) packets by Routing Information Protocol (RIP) or by Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) might fail on primary serial interfaces. Failure can occur when the subinterfaces were configured for IPX routing before their primary interface was. [CSCdi44144]
•OSPF tries to delete MAXAGE LSA when no delete bit is set. This results in a slower convergence. It can be seen under 'debug ip ospf events'. [CSCdi44588]
•Under unknown conditions, 7000s with an SSP will incorrectly generate a spurious %SYS-2-GETBUF error message. [CSCdi44709]
•If the area id of the network command for ospf is changed on network statment. The subnet in that network statment still remains with the old area ID in ospf database. Unless you do "no network" statment first with the old area id first, and then add the new network statment with the new area id. [CSCdi44966]
•If there is non-OSPF recursive route (with higher adminstrative distance) installed in the routing table and that route is also advertised by OSPF, then spurious memory access could happen when OSPF does route calculation. [CSCdi45610]
•AURP tries to send a Open-Req to establish a connection, it fails because IP ARP fails to create incomplete entry for IP address.
Symptom:
#sh app int tun 0 Tunnel0 is up, line protocol is up AppleTalk port is an AURP Tunnel AURP Data Sender state is Unconnected AURP Data Receiver state is Waiting for Open Response AURP Tickle Time interval is 90 seconds AppleTalk address gleaning is not supported by hardware AppleTalk route cache is not initialized
Debug:
#sh deb ARP: ARP packet debugging is on UDP: UDP packet debugging is on ATIP: AURP packets debugging is on AURP connection debugging is on
AT: Tunnel0: Open-Req sent UDP: sent src=1.0.0.2(387), dst=1.0.0.1(387) IP ARP: failed to create incomplete entry for IP address: 1.0.0.1
Work-around: Ping the other side of the tunnel (IP address). This will create the ARP entry and AURP will be fine after that. [CSCdi46070]
•Enhanced IGRP might announce IP summary routes that have the metric value set too high. This can make the applicable networks unreachable. [CSCdi46290]
ISO CLNS
•When a router has a statically configured ES/IS neighbor, ISO-IGRP fails to advertise them after clear clns route . The workaround is to delete and readd the static neighbors. [CSCdi42468]
•When one has configured a static clns route, this route should be automatically redistibuted into ISIS. When the static clns route is pointing to a next-hop NSAP, the route gets redistributed OK. When the static clns route is pointing to an interface, the route does *not* get redistributed into ISIS. [CSCdi44622]
•If an IS-IS LSP is not regenerated for 24.8 days, it will become impossible to transmit it for another 24.8 days. This could only happen in extremely stable IS-IS networks. [CSCdi45179]
•Under rare conditions, show isis route can cause the router to reload. [CSCdi45496]
•Configuring an ISIS 'net' multiple times results in the creation of multiple ISIS Update and Adjacency processes. [CSCdi45586]
•The delay times displayed in the response to a CLNS "trace" command are incorrect.
There is no workaround to this problem. [CSCdi46859]
•The ISIS "level-2 attached" flag is set in some ISIS Link State Packets in which it should not be set. This problem has no known operational effects. There is no workaround to this problem. [CSCdi46860]
Novell IPX, XNS, and Apollo Domain
•When issuing the interface subcommand "ipx sap-incremental eigrp (AS) rsup-only" for a second EIGRP Autonomous System (AS), an additional "ipx sap-incremental eigrp (AS) rsup-only" command is added to the configuration for the first EIGRP AS automatically. [CSCdi37965]
•When using subinterfaces and multiple IPX encapsulations it is necessary to use either the "ipx network x encap y" form of the ipx network command or to put the ipx encapsulaiton novell-ether as the last subinterface.
If one uses the "ipx network x" and "ipx encapsulation y" form, that is two commands, and the first interface configured in for encapsulation novell-ether then the second interface will complain about encapsulation already in use.
This can be a problem if the subinterface was configured in the following manner in configuration editor:
interface ether 1.3 ipx encap sap ipx network 777
The system will accept this and this will function normally until the next system reload/power-off/on at which time the ipx network 777 will produce an error message and not be accepted. [CSCdi38803]
•Static SAP command should write to non-volatile memory the quoted string to allow embedded spaces.
example: ipx sap 4 "Silly ServerName" 1.0000.0000.0001 453 3 currently is written to NVM as ipx sap 4 Silly ServerName 1.0000.0000.0001 453 3
upon system reload an error is generated for the static sap. [CSCdi45662]
•If ipx sap-incremental is configured, a router might end up with fewer service access point (SAP) entries than actually exist if the interface goes down and then comes back up. This problem occurs more often when there are many SAP entries in the network environment. [CSCdi46224]
•The IPX ping command may accept illegal IPX addresses and convert illegal portions of the adress to zro. Example: ping DY.0000.0000.0001 becomes ping 0.0000.0000.0001, it should produce and illegal ipx address message and abort the ping. [CSCdi46268]
•The global configuration command ipx nlsp has no options having to do with RIP/SAP compatibility the help message is misleading and should be changed. [CSCdi46270]
Protocol Translation
•A TCP to LAT/X25 translation with an "access-class" option specifying an extended access list can cause the router to reload. Extended access lists are not allowed to be used with a translate command. [CSCdi44853]
•If a PPP authentication mechanism has been set for a VTY interface, then an attempt to set an alternate mechanism will appear to succeed but the old mechanism will still be used and written out in the configuration. [CSCdi46568]
TCP/IP Host-Mode Services
•On a Cisco AGS+ router or Cisco 7000 router, if ip tcp header-compression is turned on for Fiber Distributed Data Interface (FDDI) or serial interfaces, the following error message might display: %LINK-3-TOOBIG: Interface Serialxx, Output packet size of 1528 bytes too big [CSCdi38666]
TN3270
•If a null field is encountered in a TN3270 screen, the router may reload. [CSCdi43297]
VINES
•Under some circumstances, the router will send updates for Vines networks that are not reachable. [CSCdi44038]
•show vines access may unexpectedly halt the system when displaying very long access lists entries. [CSCdi44873]
Wide-Area Networking
•If a PPP NCP is shutdown (due to line problems, for example), the NCP will not renegotiate unless the LCP is recycled. A manifestation of this problem is the loss of the DECNET protocol between a Cisco and non-Cisco router when the non Cisco router will shut down NCPs but not LCPs when there are line problems. [CSCdi29247]
•The AIP card of the Cisco 7000 series routers does not map the virtual path identifier/virtual channel identifier (VPI/VCI) pair used in an ATM connection unless the router is initiating the switched virtual circuit. There are two symptoms: The first occurs when a new VPI/VCI is opened to the router from an ATM switch. In this case, the AIP does not pass this information to the RP and a reply to the incoming traffic is not sent back on the VPI/VCI just opened. Rather, the AIP card opens a new VPI/VCI and sends it back to the switch, creating unidirectional switched virtual circuits, which is inefficient. The second more serious symptom occurs when cells carrying packets, which are responses to those in a VPI/VCI pair opened by a sending router, return on a new, unidirectional VPI/VCI for which the router has no mapping. In this case, the incoming cells are missed, requiring retransmissions to complete the intended communications. The correct behavior is for the router to map all VPI/VCI pairs. [CSCdi32192]
•Pings across a BRI ISDN channel when using X.25 encapsulation. [CSCdi33844]
•Ping and telnet fail over an X.25 link configured for transparent bridging. [CSCdi36544]
•When a Cisco 4500 receives a compressed TCP packet over X.25, it might reset the virtual circuit. [CSCdi36886]
•ISDN interfaces on an MBRI card might stop functioning, if the following error message is reported: "%SYS-3-HARIKARI: Process ISDN top-level routine exited..." To restart ISDN, reload the router. [CSCdi42578]
•LEX interfaces connected to a Channelized T1 NIM on a 4000/4500/4700 will cause the router to crash with a SegV exception.
LEX interfaces should not be used with the CT1 card prior to this release. [CSCdi42843]
•Once the ATM interface is up and has established the SVCs, then a clear interface atm x/y is issued . The router then tries to re-establish VCs. At this point the atm switch sens a status request to the router. The router ignores this status request. After 4 seconds the switch then times out the status request and issues call releases. The router responds to the call release with a code of zero. [CSCdi43528]
•With encap lapb or encap X25 configured, sometimes the command lapb N1 xxx disappears from the working configuration and N-1 falls back to the default. This problem is most likely to occur after an interface reset or a reload. [CSCdi44422]
•Using autoinstall over frame-relay may result in router reload(s) after having downloaded the host specific config file. This happens when point-to-point subinterfaces are used. [CSCdi44643]
•Once the DLCI is assigned to a mulit-point FR port. Thought the DLCI has been removed from the port, it will not be added to anohter subinterface. [CSCdi44657]
•When running an MBRI using a 5ESS switchtype and using spids on multiple interfaces on the BRI 0 interface will work correctly. When doing a clear int on all the other interfaces the spid for BRI 0 will be sent out. This can be verified by running debug isdn q921 and debug isdn q931. There is no workaround. [CSCdi44727]
•The command show frame pvc can cause the router to reload with a bus error. [CSCdi45206]
•If an ATM interface goes down and back up because of a disruption on the fibres connecting it, pvc's defined for the interface remain inactive. Because this includes the signaling (qsaal) and ilmi pvc's, no svc's can be established, either.
The workaround is to do a shut/no shut on the interface. [CSCdi45544]
•Serial interface running with x25 encapsulation under heavy load can under some circumstances stop sending lapb RR's. The x25 switch is sending I frames untill the window is full. After 3 seconds when the switch sends a frame with the poll bit set, we reject the frame and the traffic continues. [CSCdi46024]
•ISDN PRI routers connected to a 5ESS switch may not accept incoming calls if the Called Party Number IE contains an unknown type. This can occur during interoperabilty of a 5ESS and a Teleos switch. [CSCdi46675]
10.3(7) Caveats/10.3(8) Modifications
This section describes possibly unexpected behavior by Release 10.3(7). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(7). For additional caveats applicable to Release 10.3(7), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(8).
AppleTalk
•Issuing the command show appletalk route network, where network is an AppleTalk proxy network, causes the system to halt. [CSCdi44235]
Basic System Services
•When the filenames were prompted for after entering a `copy tftp flash' command, the whitespace was not being stripped off the destination filename (the source filename was being correctly stripped). This resulted in flash filenames with embedded spaces.
The fix involved moving the whitespace stripping to a common function that is called by both the source and destination filename read functions. [CSCdi17352]
•The show version output for a cisco 2500 or 3000 reports a processor memory size that is less than the actual size by 4096 bytes. The 4096 bytes are subtracted because they are used for a special purpose - as a console output logging buffer during Flash upgrades via the Flash Load Helper feature - and are unavailable for normal use as processor memory.
This size reduction is, however, a source of confusion since it is not accounted for in any of the show outputs. The show version output is therefore being changed so that it shows the true physical size of processor memory even though the 4096 byte chunk will continue to be used for the special purpose. This change is cosmetic and does not affect the operation of the system in any way. [CSCdi30593]
•Undefining a tacacs-server host and then defining a new one when there are oustanding requests still pending from the first host may cause a system reload. [CSCdi36726]
•Cisco 2511 running XTACACS does not send an end record (xlogoff) when logging in as a second user id on the same connection. [CSCdi41291]
•Router may reload when trying to parse attribute-value pairs returned by a TACACS+ daemon. [CSCdi42385]
•With AAA (and TACACS+) a privilege level of zero could not be specified for a user, even though zero is a valid level. [CSCdi42490]
•An off by one error may cause a system reload when running BGP if thousands of withdrawn routes are sent out as a part a BGP update message. [CSCdi42495]
•[CSCdi42575]
•NTP may not synchronize immediately after system startup. It will synchronize after approximiately fifteen minutes in any case. There is no workaround to this problem. [CSCdi43035]
•TTY Lines are not marked as "available" immediately after the modem hangs up. This happnes when the line modem hangs up while TACACS+ is trying to authenticate the line. [CSCdi43911]
EXEC and Configuration Parser
•The async-bootp time-offset command does not allow negative offsets. [CSCdi40595]
•Port numbers above 32767 are written as negative numbers to nvram when using the ip host configuration command. [CSCdi41005]
•"reload" will cause a spurious access if the config needs saving but overwriting the config from a previous version is not confirmed. [CSCdi42918]
IBM Connectivity
•When STUN is used to support virtual multi-dropped devices to an AS/400, unless CD is tied low to the AS/400, the line is reset when one multi-dropped device goes down. A new feature will be added to handle this in Cisco IOS. [CSCdi33572]
•When using local-ack, the following error messages may result in a router reload or loss of session: %SYS-2-NOTQ: unqueue didn't find 11CA40 in queue 63C3C -Process=3D "*Sched*", ipl=3D 4 -Traceback=3D 3050154 302854C 332869A 331DB8C 3311628 3304C50 303C4E8 3104F5E [CSCdi34930]
•LOCACK: RR frame dropped, bogus NO_ONES_HOME ADM neg timer netbios prevents netbios sessions from coming up in a busy system. Fixed only in 10.2(7.3) and above. [CSCdi36624]
•DSPU sends TEST (P) in response to a NULL XID (P) on connect-ins, causing problems with certain LLC2 implementations. [CSCdi40809]
•The Cisco 4500 might reload if a TEST (F) or NULL XID (F) is received while the X.25 SVC for the QLLC connection is down. [CSCdi40851]
•IPX All Stations Broadcasts Explorers are not fast switched when source-route bridging for IPX is configured. [CSCdi41043]
•The router's serial interface driver software occasionally drops SDLC frames, if the bit patterns are identical to HDLC LEX frames. Dropping occurs on interfaces using STUN-basic encapsulation with non-IBM SNA data traffic (for example, COMM10 CNS protocol). Note that there is no indication in the router when this problem occurs. The router does not increment the interface "drop" counter or the STUN "drop" counters. Detection is only possible with a media tracing tool. [CSCdi41558]
•SNMP queries of the CIP daughter board MIB table (cipCardDaughterBoardTable) would not return the record if the corresponding CIP interface was not configured with a valid channel device statement.
The SNMP MIB object for the the CIP interface online/offline status (cipCardDtrBrdOnline) was indicating the opposite of the true CIP interface status. [CSCdi41938]
•The Find Name NetBIOS broadcast is sent from the Token Ring interfaces even though the proxy-explorer and NetBIOS name caches are configured on the interface. To workaround, run back-level software. [CSCdi41972]
•Although routers with sufficient memory and CPU horsepower should support more than 1000 LLC2 sessions, the actual number of sessions allowed is erroneously limited to significantly fewer. [CSCdi42181]
•DLSW backup peers broken [CSCdi42215]
•CIPs with hardware revisions 4.0 and 4.1 are not compatible with the 7500 line of routers. This was not properly reflected in the output of the "show diagbus" command, which marked every CIP as "7500 compatible" regardless of its hardware revision. [CSCdi42373]
•Running QLLC/LLC2 conversion in the router would somtimes result in a memory leak during connection establishment. [CSCdi43119]
•The following commands may disappear from the router configuration if the connection does not become active:
sna start dspu start sna rsrb start dspu rsrb start [CSCdi43278]
Interfaces and Bridging
•Vines routing updates do not get bridged across token ring token ring interfaces configured for transparent bridging. [CSCdi37413]
•For a given bridge table entry, bridging may fail to forward packets to one destination, although packets to other destinations will be properly forwarded. This can be seen by a show bridge nnnn.nnnn.nnnn command. The TX count increments, but the RX count stays constant. The workaround is to issue a clear bridge command. [CSCdi42445]
•On a Cisco 4500 router bridging DECnet, certain stations might be unable to establish connectivity over transparent bridging, because some DLC frames are not forwarded when they should be. [CSCdi42690]
•In very rare cases, it's possible for AGS style MCI ethernet interfaces to be classified incorrectly as fast ethernet interfaces. [CSCdi42751]
•The Cisco 4000 series routers with FDDI network interface modules (NIMs) might reload under certain stressful conditions. [CSCdi43618]
•When configuring SLIP or PPP framing on the auxilliary port of a router, "Low memory modified by Input Helper" messages erroneously appear in the system error log. [CSCdi43970]
IP Routing Protocols
•A router running OSPF may restart with a bus error under extremely rare conditions. [CSCdi25568]
•When a standby ip address for HSRP is changed, the new MAC address associated with the IP address will not enter the ARP table until a clear arp is done. In addition, if the standby address is removed from an interface, the arp entry will not be removed and the router may still respond to pings sent to the standby address. [CSCdi26336]
•Eigrp topology table gets into an inconsistent state when using redistribute connected and these connected interfaces are flapping. These connected routes must also be known via the network command. [CSCdi27454]
•Under certain unknown conditions, the router may reload after adding a passive interface to an EIGRP routing process. [CSCdi34641]
•RIP doesn't immediately flush routes with a higher metric value when better routes are available. [CSCdi37812]
•Routers running 10.2 or higher fail to add an entry to the ARP cache when they receive a valid HP probe VNA reply. Possible workarounds: configure static ARP entries. If not absolutely necessary, don't use HP probe but use ARPA or SNAP encapsulation. [CSCdi41952]
•Helper addresses will not work on IP unnumbered interfaces. This is a problem for network protocols that require broadcast forwarding on dialup, such as Microsoft Networking over TCP/IP. Workaround is to configure an appropriate ip broadcast-address in addition to the ip helper-address on the async interface in order to facilitate forwarding. [CSCdi42154]
•Under uncommon circumstances, the IP fast switching cache can become inconsistent. [CSCdi42366]
•Disabling SSE switching on an interface can leave cache entries in the SSE. Packets will continue to be switched based on these cache entries. A workaround is to first shutdown the interface, then disable the SSE. Another workaround is to clear the SSE after disabling it. [CSCdi42444]
•Remove the "ip cache-ager-interval" and "ip cache-invalidate-delay" commands. These esoteric tuning knobs are no longer necessary nor supported. [CSCdi42608]
•The show ip bgp net mask subnets command may display BGP entries that do not match the selected criteria. This is purely a cosmetic problem. [CSCdi42970]
•There is no way for an administrator to specify the ip source address used in TFTP requestion from a router. A new command ip tftp source-interface interface should be added. [CSCdi43195]
•The count of IP packets which violated an access list but which were not kept because the "Account Threshold" was exceeded is never initialized or reset. As a result, spurious values may be displayed in this field in the output from "show ip accounting access-violations". [CSCdi43342]
•The distribute-list command should allow extended access lists for outbound filtering. [CSCdi43559]
ISO CLNS
•IS-IS, and NLSP may generate CPU HOG messages. [CSCdi39906]
•When clns routing is enabled on an X.25 serial interface, and you try to statically configure a CLNS IS-NEIGHBOR or CLNS ES-NEIGHBOR before defining the X25 map command, the configurator discards the commands without generating error message. [CSCdi40640]
•Open System Interconnection (OSI) end system adjacencies sometimes do not appear in an IS-IS protocol Level-1 pseudonode LSP. This is especially likely to occur when there is only one router on the LAN containing the end systems. [CSCdi43236]
Novell IPX, XNS, and Apollo Domain
•On interfaces using ipx secondaries the ipx triggered delay commands show up for each secondary as well as the primary, they should only appear once per primary interface. Triggered delays if not explicitly set should follow any explicit normal RIP/SAP delays set, they are not they are using the default values. [CSCdi42278]
•In 10.3 maximum-paths was reduced to a maximum of 4 equal cost paths, due to NLSP overhead. This restriction should not be made if NLSP is not configured. [CSCdi42340]
•Configuring IPX on the the router when the router has low memory, might cause the command shell to crash. [CSCdi42363]
•'ipx router ?' erroneously displays 'isis' as one of the supported protocols in the help menu. [CSCdi42574]
•The ipx routing command does not enable the IPX RIP protocol if no ipx routing is configured. The workaround is to not configure no ipx routing. [CSCdi42953]
•A spurious "ipx router rip" may show in the configuration file after disabling ipx on all interfaces and removing the configuration of other ipx features. This command will not show after a minute or two and has no adverse side effects.
The ipx internal-network command may appear in the configuration file for a short while after removing the ipx internal-network from the configuration. [CSCdi43211]
Protocol Translation
•For incoming PAD connections, the Protocol Translator uses a default PAD profile to set the remote X.3 PAD paramaters unless a profile script is defined in the translate command. To override the default PAD profile the PT uses, create a PAD profile script named "default" by using the X29 profile global configuration command:
x29 profile default parameter:value [parameter:value]
Where "default" is the name of the default PAD profile script and the parameter:value is the X.3 PAD parameter number and value separated by a colon. [CSCdi14369]
•The global "translate" command keyword options are now shown in lower case. [CSCdi41300]
TCP/IP Host-Mode Services
•BOOTP attempts may fail over an asynchronous VTY PPP connection when async-bootp commands are used. This is because of an incorrect User Datagram Protocol (UDP) checksum on the BOOTP reply. [CSCdi41168]
•IP helper address doesn't work over un-numbered interfaces. [CSCdi43791]
VINES
•When adding a new X.25 map to an existing interface and running VINES with SRTP enabled, the router will request full routing updates from all VCs on the interface, not just the new VC. This can cause high CPU and link utilitization on the affected interface. [CSCdi38892]
•Workstations on a Vines serverless segment connecting through a router running IOS 10.3 will experience delays in accessing StreetTalk services. The router does not respond to StreetTalk requests directed to itself. The workstation will direct the requests elsewhere after a time-out period. [CSCdi40757]
•Under heavy loads, the VINES router system process may not run frequently enough for proper VINES operation. Symptoms include a high amount of route and neighbor flappage. Reducing the load on the router may help alleviate the problem. [CSCdi41922]
•The system may halt unexpectedly after issuing a clear vines neighbor command. [CSCdi42431]
•Cisco routers will reply to NetRPC Searches for the Server Service with a reliable IPC data packet instead of an unreliable IPC datagram. This can add a small amount of additional traffic to the networks where the responses are sent. [CSCdi42851]
•If, while in suppression, the metric for a route changes, the suppression interval should be restarted. [CSCdi43012]
•When a route with a better metric is learned via SRTP from a neighbor different from the current neighbor, the route will unnecessarily enter suppression. This can cause an instabilities in the network. [CSCdi43112]
•A SRTP update sent in response to a client request for specific networks will omit the last network specified in the request. [CSCdi44517]
Wide-Area Networking
•This ddts fixes two things:
1) show atm interface x/0 does not always display active VCCs correctly.
2) show atm vc and write term used to not show inactive PVCs. E.g. if a user configures a PVC that is in the inactive state, user will not see the PVC in either show atm vc, or write term This has caused confusions to some users.
We now change to let show atm vc and write term display any PVC, as long as long the PVC is still being configured and we add a field "Status" to the output of the show atm vc command to differentiate whether a PVC being displayed is an ACTIVE one or an INACTIVE one. [CSCdi31527]
•Changing the input or output hold-queues for a BRI interface does not change the individual channel queue depths. [CSCdi32869]
•When using Cisco 2500 series terminal servers with PPP, packets might pass after IPCP has completed negotiation, but before the interface is declared up. This might cause problems with applications that send out immediate requests, since the reponse may be dropped by the terminal server due to the interface being down. The workaround is to place a slight pause after IPCP has been negotiated and before sending out requests. [CSCdi37400]
•Routers may crash for no apparent reason. The stack decode will show that it was in a TimerTask routine. Added the recommended macro call to be used when referencing the system clock. [CSCdi37934]
•The router receives a lmi update from the switch saying that a dlci is "inactive" but it is reflected as "deleted" in the show frame-relay PVC and map statements. [CSCdi38822]
•When a Called Line Address Modified (CLAM) facility is encoded in an X.25 Call Confirm packet, a subsequent Clear issued by the router for that VC will encode the VC addresses without encoding a CLAM facility. This is contrary to the specification for Clear packet encoding. [CSCdi39381]
•The frame relay map can become stuck in a state if it has been staticly configured and then taken out, so that we will not inverse-arp for the DLCI after removal. [CSCdi40866]
•Clearing X.25 virtual circuits on an interface using "clear x25" command can cause a spurious memory access on the c4500 platform. [CSCdi40878]
•TN3270 and TELNET user sessions can be dropped unexpectedly from the Cisco 2509 and Cisco 2511 access server asynchronous ports, because of an inactivity timeout. [CSCdi41542]
•Approximately 350 bytes of free memory are lost each time an outbound ISDN call fails. The router can eventually run out of free memory. [CSCdi41942]
•Copan class of routers (2509, 2510, 2511, 2512) don't output BREAK correctly out of the async tty lines. [CSCdi42050]
•show isdn status only allows dsl values up to 9. It should support values up to 15. [CSCdi42110]
•Routers with an ISDN BRI interface might have problems with B channels, or might run out of call control blocks, because B channels might be assigned that are already in use. The router rejects these calls with a "Channel Unacceptable" cause. If the router runs out of call control blocks, severe errors will likely occur. [CSCdi42123]
•When making international ISDN PRI using a 4ESS switchtype calls will be marking as international calls if the number called starts with 011 or x011, where x may be any digit, and more than 4 digits are dialled. This will only be true when the switchtype is primary-4ESS. [CSCdi42248]
•The router will not encapsulate X.25 or LAPB. [CSCdi42261]
•ISDN routers with a PRI or BRI interface might crash when receiving a Layer 3 Status Enquiry message with a "Display IE" in the message. [CSCdi42382]
•The line configruation command modem ri-is-cd is obscurely named. modem dialin should work instead. [CSCdi42491]
•ISDN routers may have trouble placing additional calls and may run out of ISDN Call Control Blocks (CCBs). [CSCdi42565]
•If you enter a dialer string dial-string command on an ISDN interface instead of a dialer map command, the router may crash. [CSCdi42764]
•Hardware flow control may be inadvertently disabled on the Cisco 2509, 2510, 2511 and 2512 routers' asynchronous ports after issuing a configure network or a copy tftp running-config command. To restore flow control, issue the line configuration command flowcontrol hardware on all lines. [CSCdi43306]
•With sub-interfaces defined on ATM interfaces (AIP) and using the command atm pvc vcd vpi vci aal5mux ip under each sub-interface, the PVCs may not show up in the active configuration (write t) after reload, thus causing the PVCs not to come up. The only way to get the PVCs up is to issue a config mem commamd. [CSCdi43387]
•Removing the connector from an ATM interface on a 7000 series router with IP configured on that atm interface may lead to a crash. [CSCdi43519]
•Change for ISDN BRI approval of NET3 switchtype for Taiwain. [CSCdi43785]
•With Frame-Relay IP TCP Header-Compression enabled on the appropriate ports, tcp sessions across a frame-relay link produce unintended results. The problems have manifested themselves as spontaneous router reload, or hung sessions.
Workaround: Turn header compression off. [CSCdi43927]
•ISDN BRI routers connected to a 5ESS switch can have calls fail. This can occur if the line is configured for voice and data. The show isdn memory will show that the number of NLCB blocks has reached it's maximum. [CSCdi44348]
•If the PPP peer attempts to negotiate VJ Header Compression with more than slots than are configured, the router should Nak the IPCP Configure Request and suggest an acceptable slot value. Instead, a malformed IPCP Configure Reject is generated that includes an IPCP Addresses option (Option #1) and a malformed option. The trace of the packet exchange (using 'debug ppp negotiate') also shows a 'bad CI length' message. [CSCdi44404]
•Routers may crash for no apparent reason. The stack decode will show that it was in a TimerTask routine. Added the recommended macro call to be used when referencing the system clock. [CSCdi44464]
•ISDN PRI changes for NET5 switchtype for Italian homologation. Includes changes to handle Restart messages for the various European switches. [CSCdi44526]
10.3(6) Caveats/10.3(7) Modifications
This section describes possibly unexpected behavior by Release 10.3(6). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(6). For additional caveats applicable to Release 10.3(6), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(7).
AppleTalk
•IPTalk clients running CAP cannot start up because a nonstandard NBP packet generated by the client is not forwarded by the system. There is no workaround. [CSCdi39096]
•Using show appletalk route to display information about a connected route may result in a spurious access. There is no operational impact to the system. [CSCdi41913]
Basic System Services
•IPX SAP process may consume more memory than required causing a memory leak and potential memory exhaustion. [CSCdi38381]
•On AGS+, 7000, and 7500 platforms, the command buffers huge size [size] has no effect. [CSCdi38912]
•Router looses memory slowly when PPP async encapsulation is used in conjunction with AAA & Tacacs+. [CSCdi39879]
•Router looses memory slowly when Tacacs_plus is used in conjunction with AAA for authenticating User logins and Network connections. [CSCdi39880]
•User information is now available for PPP users, even when no authentication is performed. We still don't know who the user is, but we can now pass other information (such as port name and remote_address ...) along with authorization and accounting messages. [CSCdi40013]
•Telnet speed is retained even after the session is closed in version 10.3 IOS. [CSCdi40022]
•Privilege levels set by TACACS+ now are properly applied to the user at login. [CSCdi40150]
•When using Protocol Translation for Virtual Async connections, The system may restart with : System was restarted by error - Illegal Instruction, PC 0x0. [CSCdi40681]
•Newer boards, such as the SMIP and SSIP, may cause a SEGV exception on an RSP when using an image that does not include the proper support. [CSCdi40862]
•The reload command has been modified to allow for the scheduling of a reload in the future. [CSCdi40898]
•Removing enable secrets with the "no enable secret" config command would fail and print an error when specifying explicit privilege levels. [CSCdi41368]
•If an Interface Processor fails and becomes "disabled" as seen in the "show diag" command's output, it may not restart automatically. In addition, if it is EOIR'd from the slot, the interface counts seen in the "show version" command's output may be incorrect and the configuration information may be lost for the reinsertion of the same Interface Processor type. [CSCdi41907]
IBM Connectivity
•If the CIP controller fails to execute a configuration command successfully, the system does not undo the command. A write term will erroneously show the presence of the command, when in fact, it is not configured. The user must manually undo the configuration by issuing the [no] form of the command.
This situation can be detected by the occurrence of a CIP-generated message following the configuration command, such as the following:
%CIP3-3-MSG: %CONFIG-3-NODEVSPC: Error allocating storage for device block [CSCdi25909]
•The SNA packet is lost during fragmentation if no buffer is available to store the fragmented packet. The SNA application will recover and resend the packet without disconnecting the session. [CSCdi27730]
•A router configured for IBM automatic spanning tree with the default BPDU interval of 2 seconds may instead send BPDU's at 1 second intervals. However, the correct spanning tree will still be formed. [CSCdi35149]
•Netbios access-list host doesnt look at name recognized frames. [CSCdi36649]
•With DLSW configured, changing the bridging protocol caused the router to be restarted by error due to an Illegal Instruction. [CSCdi37823]
•With source- route bridging configured (local only), the router occasionally appends random data to the end of LLC2 RR frames being bridged through the router. Some LLC2 devices will reject these padded frames, which causes sessions to be lost. [CSCdi38486]
•Release-note:
The bridge number on the DSPU RSRB statement was originally hard-coded to a 1. Under certain conditions, other vendors routers will modify the RIF based on whether it contains a bridge number 1. [CSCdi38628]
•For using RSRB direct over Frame Relay, MTU size of the frame-relay interface shoule be greater than 2104 (MAXDGRAM_RSRB). If its less than this value, the configuration is now allowed but packet is dropped if its size is greater than the MTU size of the interface.
Set the MTU size of the frame-relay interface to be greater than the largest-frame size of RSRB. [CSCdi38633]
•An AGS+ may crash unexpectedly when configured to do RSRB direct encapsulation over a serial line with the message "Exception: Illegal Instruction at 0xC"
This feature is not supported and is being removed. [CSCdi39276]
•dlsw sends test_cmds to sap 04 instead of of sap 00 if the cache is stale. [CSCdi39850]
•Command syntax: netbios input-access-filter session-bytes name netbios output-access-filter session-bytes name
Example:
!to filter SMB 73 packet netbios access-list byte SMB deny 18 73
int tok 0 source-bridge 100 1 200 source-bridge spanning netbios input-access-filter session-bytes SMB
int tok 0 source-bridge 200 1 100 source-bridge spanning netbios output-access-filter session-bytes SMB [CSCdi40165]
•CMNS will use an incorrect mac address when trying to open a LLC2 connection to a host running DECnet phase iV. The current workaround is to have the DECnet host opening the LLC2 connection to the router. [CSCdi40639]
•An unsolicited debug message may be received from DSPU even though no debugging is enabled.
The format of this unsolicited message is as follows: LS hostname RNR sent to host
This message does not indicate any problem and may occur during normal data transfer by DSPU. [CSCdi41646]
•After you configure a LAN Network Manager (LNM) PC with a bridge definition that contains the target interface MAC addresses on the router, watch for the following behavior. If a no source-bridge local-ring bridge-number target-ring command is entered for one of the interfaces previously configured on the LNM PC and a Link Bridge command is then entered on the LNM PC, the router halts with a bus error indication. The only workaround is to ensure that no source-bridge local-ring bridge-number target-ring commands are not executed on the router after you define the target LNM server bridge on the LNM PC. [CSCdi41997]
Interfaces and Bridging
•If the serial interface on the C1005 router is configured with "encapsulation atm-dxi", the following error message appears:
%QUICC-3-BADENCAP: Unit 0, bad encapsulation in idb->enctype = 0x22
This is because the C1005 does not support the atm-dxi encapsulation, and it should not be configured on the serial interface. [CSCdi39433]
•2500 token ring interface will not try to reinsert into token ring hub after one failed attempt. [CSCdi41499]
•Under rare circumstances, the IP fast switching cache can contain overlapping prefixes. If the SSE manager detects this, it will disable SSE switching. This was introduced in CSCdi39840. [CSCdi41807]
IP Routing Protocols
•The system allows the assignment of the same IP address to multiple X.25 interfaces on the same system. [CSCdi15734]
•System reloads when OSPF LSA is sent in send_ls_update. [CSCdi20080]
•Variance and traffic share on eigrp not working. [CSCdi34629]
•Major network summary not sent in RIP/IGRP out unnumbered interface. [CSCdi35158]
•EIGRP neighbor tables do not reflect correct uptime. Entries show "never" in the uptime colume. Must manually clear ip-eigrp neighbor from table to start timer on uptime. [CSCdi36672]
•The IGRP metric for routes coming from a BRI interface are incorrect. [CSCdi37686]
•In EIGRP, the hold-time and hello-interval do not properly default when the encapsulation on the line is changed to frame-relay. [CSCdi38859]
•EIGRP displays incorrect redistributed routes in topology table in version 10.2 IOS. [CSCdi40200]
•When ip ospf network broadcast is configured on wan interface like frame-relay, and ip ospf hello-interval command is used to set the interval to 30, then the hello-interval is not retained upon reload. Workaround is not to set hello-interval to 30 in this case. [CSCdi40729]
•If the active router supresses a proxy ARP response due to split-horizon reasoning, and the standby router has the best path (and would provide a proxy ARP response in a non-HSRP scenario), then we fail to provide the expected proxy ARP response with HSRP. [CSCdi41163]
•The show ip route command may display garbage characters if used with ISIS, for example:
* 144.228.10.1, from 144.228.10.1, via Hssi1/0^AxT
There is no workaround to this problem. It is purely cosmetic in nature. [CSCdi41383]
•On an SSE equipped 7000 routing IP with IP fast switching and SSE switching enabled, if a route is configured to use parallel paths, and one of the paths is removed due to a local interface flap, the SSE will suspend operation and the system will revert to fast switching. [CSCdi41527]
•OSPF is not able to flood huge router LSA (bigger than 1456 bytes) correctly. The huge router LSA is generated when there is more than hundred OSPF interfaces or there is more than hundred secondary addresses defined on the OSPF interfaces. The maximum number of interfaces before the problem hits varies, it depends on the type of interfaces. In the worst case, 60 point-to-point OSPF interfaces is sufficient to cause the problem. At the worst, this huge LSA can cause the router to restart. This fix enables the router to process huge LSA correctly. Note that all routers in the OSPF area that need to process huge LSA must be upgraded with version containing the fix; Routers running versions without this fix could restart upon receiving the huge LSA. [CSCdi41883]
•When pinging a non-existant host, arp table entries for that host, with a mac address of 00:00:00:00:00:00, are reported via snmp in the atTable and the ipNetToMediaTable as defined in mib-2. [CSCdi42267]
ISO CLNS
•When running ISO-IGRP and a CLNS route goes in holddown and gets deleted, a memory leak of 128 bytes will occur. This can happen very frequently in a normal network. The final result will be that the ISO-IGRP process will use most RAM memory, and the router will become unreachable and stops functioning. A reboot is the only way to get the router going again. [CSCdi39191]
•CLNS packets which should be fast switched from an AIP to a FIP are switched incorrectly. [CSCdi40977]
•CLNS Error packets may contain invalid information in the data field, or they may not be sent at all. There is no workaround to this problem. [CSCdi41968]
Novell IPX, XNS, and Apollo Domain
•Atm interface logging 800e errors with vines and novell protocols enabled on an interface. This behavior was observerd in versions 10.3(2) and 10.2(4). The way to overcome the 800E errors with the vines protocol is to downgrade the ios to 10.2(6.6). The final implementation to fix this challenge will be in post 10.2 and 10.3 IOS.
IPX frames may be encapsulated improperly for the ATM interface, and cause the interface to hang, when ipx maximum-path is greater than one and multiple equal cost routes exists one of which is an ATM interface. Workaround is to set maximum-path back to one. [CSCdi36798]
•If the interface is configured with an encapsulation that is not the same as default, there is no way to reverse it back to the default using the command no ipx encapsulation The workaround is to remove the ipx network number and then reconfigure the ipx network number on the interface. [CSCdi37380]
•Issuing the "no ipx router rip" command causes the "IPX RIP" process to run continuously in background (about 6% CPU load). This condition appears to be corrected by issuing the "ipx router rip" command. [CSCdi40568]
•'show ipx traffic' command ignores the terminal length setting using the command 'term len xx' and displays all information at once. [CSCdi40901]
•If NLSP is configured and deconfigured, 'ipx routing' should not resurrect the command 'ipx router nlsp' and spawn its processes. [CSCdi41016]
•When a floating static route is defined, the same route learned via NLSP do not override the user-defined floating static route. [CSCdi41138]
•When NLSP is turned off by either doing 'no ipx router nlsp' or 'no ipx routing', some memories are not released to the system. [CSCdi41213]
•When a learned route entry goes away on an interface which is also used as the IPX default route path and a routed packet to the previously learned network is sent over this interface while the learned network is in hold down a system restart may occur. [CSCdi41272]
•Doing 'no ipx network xx' and then 'shutdown' on the interface sometimes may leave the connected route as secondary connected. [CSCdi41319]
•If NLSP is configured, the router may create multiple path via the same interface to its neighbors internal network if its maximum path is set greater than 1. [CSCdi41778]
•'clear ipx route number' wipes out the static route in the configuration if the route that is being cleared is a static route. [CSCdi41898]
Protocol Translation
•"telnet transparent" and "escape-char none" are now automatically set on incoming one-step Vty-async connections over TCP. The "stream" option must be used with the "telnet" exec command to accomplish total transparency to a vty-async connection over TCP. [CSCdi38359]
•When using permanent virtual circuits (PVCs) with the "swap" option on packet assembler/disassembler (PAD) to TCP translation, the PVC may terminate after the first connection. [CSCdi39626]
•Terminating a PAD-virtual asynchronous connection immediately after initiating it can cause the router to reload. [CSCdi39675]
•You cannot use x25 regular expressions in a translate statement. [CSCdi40511]
•Any new Virtual Async connection that drops immediately (PAP/CHAP authentication mismatched) causes an incomplete clean up of the Virtual Async process. [CSCdi42137]
TCP/IP Host-Mode Services
•An access server can accept a new reverse tcp connection while being in the HANGUP state for the previous connection. This will cause the new connection to be closed shortly after being established. This happens with the modem cts-required command configured. [CSCdi39085]
VINES
•When running VINES on a Cisco 4500 router, the router may occasionally generate the message "VINES: Invalid string in data". [CSCdi39242]
•Issuing a show vines interface command can crash the system. [CSCdi40388]
•The Vines Router system process runs at low priority. It should run at normal priority. [CSCdi41380]
•The router is too restrictive on doing MAC/VIP frame size comparison on fddi. The result is, no vines server connected behind the fddi ring is seen by the router. This is particularly evident when an ethernet/fddi translational bridge is between the router and vines server. (ex. C1200 catalyst switch) [CSCdi42292]
Wide-Area Networking
•Traceroute responses will not be sent out over an ATM link, so traceroutes always fail when attempting to transit ATM links. Normal data packets (such as ping) work just fine, though.
There is no workaround. [CSCdi35837]
•When running PRI there are spurious access at bringup time. This is from a shut/no shut or a RESTART and RESTART_ACK. There is no CCB allocated yet. [CSCdi35949]
•When encapsulating OSI packets for transmission on a frame relay PVC, two copies of the NLPID are put in the header. RFC1490 specifies that the redundant NLPID should be left out. [CSCdi36199]
•Added support for voice calls. Incoming and outgoing voice calls can now be configured seperately. For outgoing calls there is a new field in the dialer map statement called "class". For incoming calls, which are ignored for BRI, there is a new interface command "isdn incoming-voice data".
For outgoing calls to be placed as a voice call:
dialer map ip 6.1.1.1 name test class foo 15551212
map-class dialer foo dialer voice-call
For incoming voice calls to be accepted. Currently BRI ignores voice calls and PRI rejects them:
int bri 0 isdn incoming-voice data [CSCdi36915]
•When an AIP interface is declared down due to a CD state change while there are SVC's on the AIP, messages similiar to the following may show up.
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
%SYS-2-MALLOCFAIL: Memory allocation of 34 bytes failed from 0x748D8, pool Processor, alignment 0
No workaround. [CSCdi38087]
•If an interface configured for priority or custom queueing is modified to encapsulate LAPB, the configuration will still reflect the queuing feature but the interface will operate using the standard queuing method. [CSCdi38693]
•CMNS connections cannot be established. [CSCdi38709]
•Frame Relay DLCIs that are deleted via the no frame-relay interface dlci command are not actually deleted from the system. [CSCdi39555]
•Routers with an ISDN BRI interface may not properly answer incoming calls. This may occur if a "clear interface bri x" command is entered while calls are established or if the isdn tei flag is configured for first-call. The incoming call will be accepted, but the Layer 3 CONNECT message will not get sent out to the network. [CSCdi39627]
•The first CMNS connection directed to an Ethernet CMNS host fails if the LLC2 session between the Cisco router and the CMNS host has not been opened by a previous connection attempt. [CSCdi39783]
•In rare circumstances, an SDLLC connection failure can cause the router to reload. This is true for releases 10.2, 10.3 and 11.0. [CSCdi39832]
•When a serial ppp link from a 7000 to a lex box goes protocol down, the lex code should not continue to forward frames out the serial interface. [CSCdi39882]
•Changes implemented for basic-net3 switchtype for ISDN BRI interfaces. This is required for Italy homologation, as they test more cases within the specification. [CSCdi40646]
•Routers with an ISDN PRI interface may have channels put into an "out-of-service" condition and will not accept or place calls. This seems to show up predominantly on the DMS-100 switches.
The routers will now change the channels back to "in-service" with a Layer 3 Restart message, a shutdown of the interface as well as with the Service (in-service) message. [CSCdi40762]
•A CMNS call directed to a downed x.25 destination interface causes a bus error. [CSCdi40830]
•Configuring X.25 on a serial interface may cause the router to reload unexpectedly with the message "Exception: Illegal Instruction". All router platforms that have X.25 functionality are susceptible to this problem. [CSCdi40956]
•Cisco 2509 through Cisco 2512 devices' asynchronous lines stop accepting input under certain conditions. One of these conditions occurs when a user connected to a LAT host types a Control-C character. A clear line x or a change to the line parameters will cause the line to start accepting input again. [CSCdi40994]
•[CSCdi41170]
•An attempt to start up a new Virtual Async connection on a VTY line that has not been totally shut down from the previous connection can cause the router to reload. [CSCdi41378]
•The system may reload if the virtual async line is reset at the same time as the PAD connection is closing. [CSCdi41961]
•Forced reload of router when forwarding an X.25 call and the destination interface is down. [CSCdi42195]
•When using a PAD connection, a false "buffer already setup" log message is sent to the monitoring terminals, or SYSLOG hosts. The PAD connection continues to function properly. [CSCdi42345]
10.3(5) Caveats/10.3(6) Modifications
This section describes possibly unexpected behavior by Release 10.3(5). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(5). For additional caveats applicable to Release 10.3(5), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(6).
AppleTalk
•The system may halt unexpectedly when show appletalk route detail is given. There is no workaround. [CSCdi36007]
•When a Macintosh dialed into a async port on a 2511 using ATCP tries to print to a device off the ethernet of the 2511, the router crashes with "System restarted by error - Line 1111 Emulator, PC 0xD7A". [CSCdi37588]
•On a large AppleTalk network with redundunt links, CPU utilization may increase dramatically due to heavy recalculation for each neighbor's update as a result of an unbalanced (lopsided) routing table search tree. [CSCdi39372]
Basic System Services
•Configuring an interface with custom-queue-list may cause the router to reload if the associated queue-list has not been defined previously. [CSCdi32666]
•A tty line configured to do software flow control on a Copan class (2509-2512) of access server, will occassionally garble data when connecting to a remote host using telnet protocol. [CSCdi35487]
•If tacacs extended was configured prior to configuring AAA New-model and tacacs+, the system may continue to send some extended tacacs messages until it is reloaded with the new configuration. A workaround is to manually turn of extended tacacs before enabling AAA. [CSCdi35591]
•There exist a buffer leak problem with tacacs+ that causes the router to run out of IO memory. This problem is fixed in 10.3(4.5). [CSCdi35954]
•Input serial IP packets with IP options are dropped as a checksum error when optimal or flow switching is configured on the inbound interface. [CSCdi36127]
•Under certain situations for some interfaces, the SNMP agent does not generate a trap when line protocol goes up or down (linkUp and linkDown traps are not sent). [CSCdi36656]
•The routing attribute is not honored by the NAS resulting in denial of service when running ppp and aaa authorization. [CSCdi36743]
•A new global command [no] downward-compatible-config version causes the router to attempt to generate configurations that are compatible with the specified version. Currently, only IP access lists back to version 10.2 are generated. [CSCdi36981]
•If authorization is configured, erroneous attempts are made to authorize outgoing dialer connections, resulting in failure to complete calls. [CSCdi37361]
•When using autoselect PPP in conjuction with TACACS+ authorization, the routing table will contain the host route for the default IP address assigned on the async interface even if TACACS+ and IPCP have assigned a different address to the client. [CSCdi37366]
•If a user was logged in when the system configuration is changed to aaa new-model, and then issues a new login exec command, the system will reload. [CSCdi37596]
•CDP does not allocate a large enough output buffer to display CLNP NSAP's that are of maximum length (20 bytes). As a result, issuing the 'show clns neighbor detail' command will cause a crash if neighbor entries have NSAP's of maximum length. [CSCdi38201]
•On Routers running subset images which do not support all serial line encapsulation types (CFRAD, CiscoPro) setting the encapsulation on a serial interface to an unsupported type can cause a recursive encapsulation swapping loop. This caveat has been resolved in 10.2(8.1), 10.3(5.1) and 11.0(1.1) releases. [CSCdi38244]
•the "output hang" time as seen in "show interface" is wrong for cbus interfaces. [CSCdi38496]
•If aaa accounting is configured on a router running the 10.3 software (which does not support this feature), the system may spontaneously reload if a user issues the exec login command. [CSCdi38815]
•cardIfIndexTable in the cisco Chassis MIB is not available. [CSCdi38945]
•There is a problem with tn3270 emulation in which the 3270 datastream WSF command code X'll' isn't handled correctly. After receipt of this command by the router the keyboard becomes locked up. To get the IBM login screen the user must reset the keyboard, and enter an attention key (ENTER). [CSCdi39265]
•SNMP can report information about cards that have been removed, in cardIfIndexTable. [CSCdi39308]
•Failure to netboot found in version 10.3(5) IOS. [CSCdi40422]
DECnet
•When DECnet connect initiate packets are sent over a DDR link, the router tries to open up a DDR link. In the meantime, however, DECnet thinks there is no route to the destination and returns the packet to the sender, thereby terminating the connection. A second connect initiate session is needed for the connect to get across.
The fix is for DECnet to recognize that this is a special situation which needs to be handled differently, and that the packet should be dropped instead of being returned to the sender of the connect initiate packet.
Once the circuit is established, one of the (numerous) retransmit connect initiate packets will establish the end-to-end session.
This fix is on the DECnet side; the relevant dialer fix appears in CSCdi37919. [CSCdi33368]
•The DECnet fast-switching code path cannot handle a static route that points to another DECnet address (i.e. the static route has no outgoing interface information). In this situation, we need to punt the packet to process switching, which can get the next-hop interface information. [CSCdi38977]
•Segv exception when running DECnet Phase IV to Phase V conversion. [CSCdi39208]
EXEC and Configuration Parser
•The rshd process on a Cisco router tries to append domain suffixes on a DNS lookup even though it should have been passed a FQDN. A possible workaround is to configure ip domain-list .. [CSCdi30543]
•You cannot assign a privilege exec level to the command terminal download [CSCdi38824]
IBM Connectivity
•SDLLC traffic flow over RSRB/FST over X.25 can cause system to reload. Same symptoms (STACKLOW error) may be observed with X.25 over LLC2. [CSCdi30085]
•IBM automatic spanning tree when configured on the system shows as manual spanning tree on LNM. [CSCdi30094]
•DLSW-3-BADCLSIRET: CLSI MSG : ENABLE.Cfm UNKNOWN_PORT dlen: 24 [CSCdi34766]
•When Source Route Bridging and Transparent bridging are configured on the same interface, it is not possible to configure source-bridge spanning. While this is proper when the Transparent bridge group is using the ibm protocol ('bridge x ibm') for Automatic Spanning Tree (AST), it should be allowed for IEEE or DEC protocols ('bridge x iee' or 'bridge x dec'). [CSCdi35866]
•When using the STUN feature with TCP/IP encapsulation with local ack, the router will incorrectly forward an aborted SDLC frame from the SDLC end station through its remote-peer and to the remote end SDLC station. Correct behavior would be to sense the aborted SDLC frame locally and request retransmission, dropping the aborted SDLC frame rather than forwarding it. [CSCdi36957]
•In configurations where there is a duplicate definition for a bridge on two interfaces, even with one of the interfaces shutdown, stange connectivity problems can occur. Duplicate bridge definitions should not be permitted within the router and should be avoided within a network. [CSCdi37283]
•Netbios connections occasionally fail to connect through remote source route bridging when local acknowledgement is enabled. The workaround is to disable local acknowledgement. [CSCdi37525]
•LLC2 parameters on IETF are not picked up when entered. [CSCdi37921]
•The router may be forced to reload when removing configuration statements for the Downstream Physical Unit feature - i. e. no dspu rsrb... This will only occur if there are active PUs while the configuration statements are being removed, so a workaround would be to shutdown interfaces or take other measures to ensure there are no PU transactions taking place before removing the DSPU configuration commands. [CSCdi38144]
•A downstream PU end-station may send a 2-byte ACTLU rsp in response to the ACTLU request received from DSPU.
DSPU does not recognize the 2-byte ACTLU rsp as a valid response and does not activate the LU as it should. [CSCdi38299]
•On the 4000, 4500, and 4700 series routers with FDDI interfaces, if SR/TLB (translational bridging) is set up between the FDDI and Token Ring, all frames destined to multicast or functional MAC addresses have their destination address translated to canonical format. While this is correct for Ethernet to T/R SR/TLB, it is not correct for FDDI to T/R SR/TLB. This problem is not seen on the 70x0 or AGS+ platforms. [CSCdi38322]
•When DLSw+ prioritization is enabled, the DLSw+ code classifies traffic as normal priority when it should be high priority. This problem is only seen on the 4500 platform - the problem does not occur on non-4500 platforms. [CSCdi38827]
•Configuring the nw sub-parameter of the llc2 dynwind command is not possible unless it is combined with the dwc sub-parameter. [CSCdi38916]
•A problem was introduced in the fix for CSCdi38322 which caused Source-Route Translational bridging (SR/TLB) to break. This problem affects Interim release 10.3(5.1) only - routers doing SR/TLB should not use this Interim IOS version. No other IOS versions will be affected by this problem. [CSCdi38988]
•The DLSw+ state machine can get stuck such that on an SDLC line, a show dls circuit command will show one index in a HALT PENDING NOACK state, and another at DISCONNECT PENDING. During this state, no DLSw+ traffic will flow over these circuits. A clear dls circuit command will have no effect, requiring a router reload to recover. [CSCdi39046]
•The negotiation of window size between two DLSw+ peers may not end up with the same window size at both peers, causing problems with flow control, and ultimately, with any level of DLSw+ traffic, causing the DLSw+ session to hang. PLEASE NOTE: The fix for this problem cannot be made backwards- compatible. As such, versions of Cisco IOS without this fix (Interim release 10.3(5.2) or below) should not be used in the same DLSw+ network as versions of Cisco IOS with the fix (Interim release 10.3(5.3) or above, or any release of IOS 11.0). [CSCdi39082]
•The following three problems have been observed when source route bridging from token ring to FDDI is enabled on a router:
1. A corrupt frame is generated on the FDDI when a explorer frame is bridged from the token ring. The resulting FDDI explorer frame has its 'MAC address length bit' set to indicate 2 byte addressing when, in fact, the frame has a 6 byte address. These frames are mis-read by other stations on the FDDI ring.
2. If source route bridging from token ring to FDDI is configured to use a ring group while remote source route bridging (RSRB) is also configured, the router will erroneously attempt to forward FDDI frames over RSRB links. Source route bridging from FDDI to token ring over RSRB is not supported.
3. If the router receives a FDDI frame with a duplicate ring number in the routing information field (i.e. a rif loop), it will erroneously forward the frame. The correct behavior is to drop frames that contain RIF loops. [CSCdi39293]
•Configuring LLC2 parameters on frame-relay sub-interface is not consistent with frame-relay interface. Entering the dwc sub-parameter of the llc2 dynwind command, is not possible. [CSCdi39638]
Interfaces and Bridging
•When you do a show controller MCI on a Hitachi based product with no cable attached, you see buffer size, HD unit, and No DCE cable. This may cause some confusion with the specific message of DCE cable. This is a known display message error. [CSCdi28337]
•The 5 minute input and output rate counters may reflect rates that are higher than the actual rate when fastswitching, autonomous switching, or SSE switching. [CSCdi30206]
•Very intermittently,The FSIP controller detected a spurious error on the transmit buffer size resulting in a controller fatal error.
fsip179-0 corrects the problem. [CSCdi30344]
•SDLC Multidrops need router to ignore data carrier detect for High-End Platform. This behavior has been observed in 10.0 code. This aspect of implementation will be in post 10.0 IOS. [CSCdi32813]
•The 4500 with an FDDI interface module may reload with an error. The interface should reset first instead of reload. A temporary workaround is to shutdown the fddi interface. [CSCdi35936]
•Under some circumstances, packets arriving via a MIP interface will not be silicon switched when they should be. A workaround is to insure that there is an appropriate network layer protocol address defined for the first channel group in the configuration for each controller. [CSCdi37030]
•On the BRUT partner product (2500 variant co-developed with DEC) when an Ethernet interface goes down the output of a show interface still shows the Interface as being up. The SNMP Replies are also incorrect. This problem has been resolved in 10.0(10.5), 10.2(8.1) and 10.3(5.1) releases of the code. [CSCdi37135]
•The system software was not querying the FSIP for the G.703-E1 specific errors - remote alarm indication, alarm indication signal, loss of signal, and loss of framing - when the framing was enabled on the G.703-E1 port adapter. [CSCdi37725]
•Transparent bridging across HDLC serial links does not work with LAT compression enabled on low end platforms. The workaround is to disable LAT compression. [CSCdi38595]
•At startup, 4000 family routers with MBRI interfaces can overflow ISDN processing queues resulting in errors messages indicating "NO MEMORY for ISDN L1 Q elements". [CSCdi38915]
•Intermittenly vty-async connection messages are not displayed after entring SLIP/PPP exec command. [CSCdi39088]
•When an access list is loaded via the config net command, large blocks of memory might be consumed by the silicon switching engine (SSE) manager process, requiring the router to be rebooted. [CSCdi39419]
IP Routing Protocols
•The bug exist in all releases. When secondary address is from interface which is OSPF enabled, OSPF will be turned off on that interface. Customers have to do a no network/network commands sequence to enable OSPF on that interface again. [CSCdi26731]
•When executing the "no router ospf" command, a system reload occurs. [CSCdi33077]
•Removing an ip name-server address that does not exit, will cause the system to return an incorrect error message. [CSCdi35100]
•Router responds to a rtquery with a TTL of 2. [CSCdi35234]
•When the eigrp process receives a hello packet from a neigbor, it tries to send an update packet, but this process of sending an update packet can be suspended by the eigrp process. When the eigrp process gets scheduled again to send the update packet the neighbor could be dead and all of the internal data structures for that peer (neighbor) could have been erased, which confuses the eigrp process and results in the generation of wrong bus address. [CSCdi35257]
•This bug exist in all releases. If OSPF are configured on unnumbered interfaces but the address of source interface is then modified so that OSPF is disabled on the source interface, OSPF is not disabled correctly on those unnumbered interfaces. The router will crash when OSPF routing process is latter deconfigured. [CSCdi35840]
•Clearing ip route causes memory corruption which in turn causes reload, when the memory is checked for validity. Problem reported in 10.2(6). The fix has been integrated into 10.2(8.1), 10.3(5.1) and 11.0(1.1) releases. [CSCdi36060]
•This bug exist in all releases. Customer will find that the router does not remove LSA which is MAXAGE, either because of the local router ignoring the acknowlegment or the remote router failing to generate acknowlegment. This will further prevent the router from re-learning route which is once removed but then becomes available again. [CSCdi36150]
•If a route's holddown timer expires and new information comes in before the route is finally aged out, the IP route cache may get out of sync. (Obviously, this can only happen with routes learned via RIP and IGRP.) [CSCdi36713]
•When using the IP Local-area Mobility feature, the router may reload under some circumstances. As a workaround, Local-area mobility can be disabled. [CSCdi37313]
•If the command "clear ip dvmrp route *" is issued when there are no routes in the dvmrp routing table the router will crash. [CSCdi37791]
•EIGRP retains summary route with incorrect metric if learned by multiple paths. [CSCdi37985]
•router display following cpu hog messages and trace back:
Jul 27 15:09:54 harvard-gw 526: %SYS-3-CPUHOG: Task ran for 3520 msec (44/7), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 harvard-gw 527: -Traceback= 3E206 24318A 22F204 Jul 27 15:09:54 bbn3-gw 325: %SYS-3-CPUHOG: Task ran for 5964 msec (99/40), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 bbn3-gw 326: -Traceback= 3E206 24318A 22F204 [CSCdi38044]
•In a misconfigured/malfunctioning token ring bridging environment, pinging of the HSRP virtual IP address can cause the ICMP echo request packets to be massively replicated. [CSCdi38170]
•Doing a redistribute connected will also redistribute interface static route into OSPF. In other words, OSPF will generate external link state advertisement for it. Doing clear ip route * will delete the external link state advertisement. [CSCdi38232]
•DVMRP can spew a lot of debug output, and CSCdi37082 (partially) took care of this by allowing the user to specify debugs for only incoming or only outgoing streams. However, this too was not enough, so we are enhancing the debug to accept an access list. [CSCdi38504]
•A problem exist in which static routes are not being redistributed into eigrp after a clear ip route * . A workaround is to kick start the redistribution process by either removing one static route and reinstalling it, or by removing and reinstalling the redistribute static command under router eigrp xx command. [CSCdi38766]
•Transparent Bridging of IP ARP from HDLC serial interfaces to token ring fails to forward unicast ARP replies. [CSCdi38884]
•On a router running OSPF, a clear ip route * could cause the router to reload. This caveat has been fixed in 10.2(8.1), 10.3(5.2) and 11.0(1.3) releases. [CSCdi38914]
•"ip ospf network point-to-multipoint" doesn't support 4 routers on the same subnet with version 10.3(4.6) [CSCdi38999]
•Extended IP access lists which use UDP destination ports can have an incorrect configuration generated for them. This bug was introduced in 10.3(5.1). [CSCdi39192]
•In some rare circumstances, the router may suddenly cease to respond to commands or forward packets. Power-cycling the router may be necessary in order to recover. [CSCdi39471]
•OSPF sometimes create intra-area host route which point to itself during route flapping. This fix resolves the problem. [CSCdi39623]
ISO CLNS
•Getting system reloads while routing CLNS and errors on the console:
null db: null ibn in clns, xs_sending process = clns input, ipl=0, pid=30 traceback = 0x28376, 0x24608C, 0x24652A [CSCdi34841]
•When PhaseIV/V conversion is enabled and if the Phase IV source and Phase V destination are on the same interface of the router, the box could crash. This due to the attempt by the router to send a Phase V redirect to the Phase IV host. [CSCdi37236]
•The ISIS protocol definition requires that a received LSP which is corrupted (according to its internal checksum) be purged by the receiver, causing the initiator of the LSP to regenerate it.
However, if a network has a link which causes data corruption with correct data link checksums, this can cause a continuous cycle of purging and regenerating large numbers of LSPs, rendering the network nonfunctional.
There is no workaround to this problem. [CSCdi37692]
•If a subnetted network is present in the network, the level 2 link state packets will be reflooded every time the shortest path first algorithm runs. [CSCdi37879]
•Under obscure circumstances, it is possible for a level-1/level-2 ISIS adjacency to be reflected in only one of the level-1 and level-2 adjacencies. The result is partial connectivity.
A possible workaround is to perform a "clear clns neighbors" command when this occurs. [CSCdi38310]
•If ISIS is configured on a serial line *after* the ISIS process is configured to be L2-only, hellos will not be sent, and the adjacency will not come up.
This problem does not happen after a reboot, because the interface is configured for ISIS before the ISIS process is set to be L2-only.
A workaround is to configure ISIS on the serial line, followed by the ISIS process. Another workaround is to perform all configuration, save the configuration to non-volatile memory, and restart the system. [CSCdi38585]
Novell IPX, XNS, and Apollo Domain
•If NLSP is disabled, a host name entry for the system will be left in the name cache. There is no workaround to this problem. [CSCdi31507]
•NLSP will not generate a WAN pseudonode (thus advertising received RIP routes) if NLSP is configured on a WAN interface but the router at the other end is RIP-only.
The workaround is to disable NLSP on the interface. [CSCdi33185]
•The global configuration command
ipx broadcast-fastswitching
when enabled will permit IPX directed broadcast packets to be fastswitched. (A directed broadcast is one with a network layer destination address of the form, net.ffff.ffff.ffff) This may be useful in certain broadcast-based applications that rely on helpering.
The default setting for this command is off. The default behavior is to always process-switch these packets.
Note that eligible directed broadcast packets are never autonomous switched, even if autonomous switching is enabled on the output interface. Also note that routing and service updates are always exempted from this treatment. [CSCdi37234]
•Two global commands have been added that allow you to set the default value of the IPX triggered SAP delay and triggered RIP delay. These commands are ipx default-triggered-rip-delay and ipx default-triggered-sap-delay. [CSCdi37833]
•Most NLSP options cannot be configured on subinterfaces.
There is no workaround to this problem. [CSCdi38152]
•distribute-list command is missing under ipx router rip command. [CSCdi38216]
•When a SAP packet fails to be sent the SAP sent counters may still be incremented. [CSCdi38293]
•In highly redundant topologies containing backdoor paths a routing loop may occur when running IPX-EIGRP. [CSCdi38319]
•Adding an XNS static route that's also an interface route causes the routing table to have duplicate entries. [CSCdi38591]
•If NLSP is configured on one end of a point-to-point link but not the other, the router configured for NLSP does not redistribute the RIP routes received when RIP compatibility mode is automatically started. A workaround is to disable NLSP on the link. [CSCdi39102]
•Show ipx server unsorted actually shows server listed sorted by name, it should show the unsorted table. [CSCdi39233]
•Under some circumstances, ISIS and NLSP link state packets may stop being transmitted on an interface. There is no workaround to this problem. [CSCdi39582]
Protocol Translation
•Virtual async interfaces, such as those used for slip or ppp over pad connections, may unexpectedly stop sending packets. [CSCdi36149]
•An access class specified on a translate command using X.25/pad as the inbound transport is not evaluated properly. [CSCdi37114]
•When using one-step translation without requiring a login, a per-user access lists cannot be assigned by Extended TACACS for a virtual async interface. [CSCdi37678]
•A Virtual Async connection was not notified of the line RESET condition and remained active. The "show translation" exec command continued to show active users that did not exist because the active user count was not decremented. This prevented the "no translate" configuration command from deleting the translate entry. [CSCdi39133]
TCP/IP Host-Mode Services
•When spanning tree flooding is enable on an interface, the system does not check for directed broadcasts on the directly connected interfaces and will discard the packet. [CSCdi37183]
•The router can erroneously drop packets (generating ICMP ttl-expired messages) from serial interfaces when TCP header compression is configured on those interfaces. [CSCdi37637]
•UDP checksum is being set to zero instead of recalculated when a BOOTP reply from a server (with a correct UDP checksum) is being forwarded to the client. This causes certain BOOTP client implementations to incorrectly ignore the BOOTP reply. [CSCdi38285]
•TCP header compression debugging and detailed ip debugging can sometimes print TCP sequence and acknowledge numbers as negative numbers. [CSCdi39127]
TN3270
•A slow memory leak occurs in operations, causing the router to reload when it runs out of memory. This problem was introduced in IOS Release 10.3. Cisco Systems expects to address this caveat in release 10.3. [CSCdi37917]
•Terminal emulations for Mod3, Mod4 and Mod5 terminals, part of TN3270 emulation support, do not work as expected. Rather than placing characters in particular fields, all characters wrap the screen lines. [CSCdi38665]
•The cursor placement in TN3270 emulation does not behave as expected. When editting fields in a CICS application, the cursor moves to the side of the screen, instead of to the left-most position in the field. Cisco Systems expects to resolve this caveat in release 10.3 of the IOS. [CSCdi38677]
VINES
•Memory corruption can occur when fastswitching Vines packets. The corruption usually occurs when fastswitching over SMDS. Disabling fastswitching will avoid the behavior. [CSCdi34197]
•A Vines BADTIMER error message may appear following system initialization. This is purely cosmetic. [CSCdi35167]
•Timezone offsets in Vines Server Service Get Local Time replies are incorrectly formatted. This can cause applications that make time requests from the system to report incorrect time. Workaround is to reconfigure the network so that another correctly working system receives the request. [CSCdi37669]
•Current behavior is to send Vines redirects to an all 'F's broadcast at both the data link and network layer addresses.
A redirect should to sent to a data link unicast address and a vines network broadcast address. [CSCdi38016]
•The Vines fastswitching cache may not be properly invalidated when either a better or alternative equal-cost route is learned. As a result, packets may not be optimally routed when they are fastswitched. [CSCdi38606]
•The system may halt unexpectedly when show vines interface is used. The behavior occurs only when SRTP is enabled. [CSCdi38846]
•When vines single-route is enabled, the metric for alternative routes is recorded incorrectly. Disabling vines single-route avoids the problem. [CSCdi39054]
Wide-Area Networking
•When a received Call is routed to a CMNS host, an LLC2 connection is attempted but fails, the configured CMNS map is deleted. [CSCdi30978]
•Values on dialer timers, such as the "dialer idle-timeout" command, do not work for values greater than 2147483, rather than the published maximum (4294967).
The workaround is to use the lower value as the maximum. [CSCdi33266]
•unconfiguring sscop keepalive timer causes the system to receive a SegV exception . First noticed in 10.3(3.2) and fixed in 10.3(5.1) [CSCdi35110]
•On link reset, the LAPB N1 value is not updated after the new modulo is configured. This causes the encapsulation failure on large packets when LAPB modulo is changed to 128. [CSCdi35191]
•SSE switching IP, IPX traffic from AIP onto LAN media turns out to be fast switching, despite correct SSE configuration. [CSCdi35681]
•The following new show command will be added:
show isdn history
It will display the call type (outgoing/incoming), called or calling party number and the duration of the call in seconds. [CSCdi36875]
•When using X.25 encapsulation over BRI interface, LAPB fails to connect and no traffic is sent or received. [CSCdi37190]
•Forced reload of router occurs when attempting to change serial line encapsulation to an unsupported encapsulaiton type while runnig version 10.2, 10.3, 11.0 IOS. [CSCdi37492]
•After changing an X.25 LTC from 1 to another number, the router configures the interface as a PVC following a reload or clearing of the X.25 interface. [CSCdi37627]
•When establishing semi-permanent ISDN connections, the SPC facility code is missing in the CONNECT message which may cause some problems with certain switches. [CSCdi37630]
•Routers with an ISDN BRI interface using switchtypes basic-dms100 or basic-ni1 will only use one Layer 2 TEI if only one spid is configured. Two TEIs will be used if both spids are configured. Makes the router more flexible with the Switches and if other devices are on the shared S-bus. [CSCdi37836]
•When the serial port on the central site is configured as an unnumbered interface, it returns a address mask of 0.0.0.0 in a BOOTP reply causing the client side to reject the returned address. [CSCdi37881]
•ATM cells being generated (by AIP) are in incorrect format. Incoming OAM cells are also process incorrectly. [CSCdi37887]
•If a telnet connection is opened to the router through a frame-relay link with TCP header compression enabled and that the router is reloaded for some reason like a power outage, a second software-caused reload may occur when the router is being restarted. [CSCdi37923]
•Interfaces using Blacker Front End encapsulation do not correctly determine X.121 addresses from IP addresses. [CSCdi37951]
•ISDN BRI routers, 2500 and 3000 series, will not properly activate Layer 1 after a shut/no shut on the interface. This will cause incoming calls to fail because Layer 1 does not see the event. A work around is to force an outgoing call, this activates Layer 1 and will allow incoming calls to be recognized. This only affects the igs images. [CSCdi38254]
•X.25 doesn't accept configurations of the T1x series of timers when configured as a DCE. As a work-around, configure the analagous T2x timer. [CSCdi38404]
•After a reload, de-group commands disappear from working config. Need to do a config memory after a reload to restore the de-group statements from NVRAM. [CSCdi38475]
•Under some circumstances, LAPB may unduely delay sending an X.25 packet. [CSCdi38546]
•In order for autoinstall to work over frame-relay, the DLCI over which the autoinstall is performed needs to be unique in the router. [CSCdi39401]
10.3(4) Caveats/10.3(5) Modifications
This section describes possibly unexpected behavior by Release 10.3(4). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(4). For additional caveats applicable to Release 10.3(4), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(5).
AppleTalk
•AppleTalk frame fastswitched onto Token Ring have the AC byte set incorrectly. This may result in poor switching performance, characterized by a high number of drops on the output queue. [CSCdi35153]
•Corrected the problem which prevents the router to invalidate the old cache entries. [CSCdi35967]
Basic System Services
•Unexpected system restarts due to a "software forced crash" can occur when using extended TACACS. [CSCdi28744]
•A problem exist that only AIPs at hardware version 1.3 or higher will work with the RSP. [CSCdi33730]
•Tacacs slipoff records are not sent to lhost when the user logs in using name@lhost. [CSCdi34401]
•When an RSP boot request from the rom monitor fails all subsequent commands relating to devices will fail also. [CSCdi35081]
•When an OIR (Online Insertion/Removal) is done while an AIP is present the Tx queue (Transmit) on the AIP can stall. It will not recover without a reload. [CSCdi35111]
•The snmp-server packetsize size configuration command is being ignored, causing the default packet size of 484 bytes to be used. This may cause SNMP "tooBig" errors to be returned for large SNMP get/get-next requests. This caveat was introduced in 10.3(2.4), and will be corrected in an upcoming maintenance release. Also, concurrent with this correction, the default size value for the snmp-server packetsize size configuration command will be increased to 1500 bytes. [CSCdi35423]
•A problem exist on the RSP2 with X25 windows closing and not reopening. This problem is corrected in 10.3(4.1). [CSCdi35616]
•When CDP is globally disabled, adding a new interface will cause CDP to be globally enabled. [CSCdi35820]
•"copy tftp startup-config" may cause a spurious access. [CSCdi35942]
•If the system clock is set previous to 1961, NTP will cause the time to converge to 1927 instead of 1995.
This should never happen unless the clock is set by hand, or the fix to CSCdi34786 is not installed.
The workaround is to set the clock (using the "clock set" EXEC command) to a time that is roughly correct (or at least later than 1961); NTP will correct the time from there. [CSCdi36101]
•Interrupting the output from the show registry command by quitting at the more prompt can produce a SYS-3-CPUHOG error message. [CSCdi36133]
•The router doesn't seem to dispose the XID frames properly. [CSCdi36924]
•If the Intial Setup Dialog is skipped by doing a Control-C, in some instances the following message appear on the router: "%ALIGN-3-SPURIOUS: Spurious memory access made at 0x605D8228" This caveat has been resolved in 10.0(10.4), 10.2(7.3), 10.3(4.4) releases of the software. [CSCdi36925]
•The system will return an invalid day-of-the-year in the reply to a VINES get-local-time request. There is no workaround to this problem. [CSCdi36947]
•The "trace" command is now the "traceroute" command. This is entirely transparent to the user--"trace" will still work as an abbreviation. [CSCdi37018]
DECnet
•When DECnet data packets are padded, the source and destination address fields are not correctly extracted from the packet. As a result, when these addresses are passed into an access-list, they are not processed correctly. If these access lists are used to open a cicruit (as in DDR), the open fails, since the access list will incorrectly classify the packet as "uninteresting".
For the same reason, the debug message that DECnet DDR prints out (when a connection is being attempted) contains the wrong source and destination DECnet addresses. [CSCdi33292]
•A DECnet MOP remote console connection is attempted from a VAX to a Cisco router. The process begins, gets connected and goes as far as issuing the password prompt and the then connection is broken quickly. [CSCdi36500]
•When a L2 router has no (Phase IV) area reachability, it declares itself as "unattached", which is the correct behavior. However, if it is also doing Phase IV/V conversion, there are instances where we want the router to advertise itself as the "nearest L2 router", so that interior L1 routers can send packets to the L2 router for conversion.
In order to accommodate this, we will need to add a knob ("decnet attached override") that will override the attached bit. By default, this is OFF, so that a L2 router with no (Phase IV) area reachability will not advertise itself as the "nearest L2 router. [CSCdi36662]
•When the 'extended' mode is used in DECnet ping, the user is given the option of specifying the size of data to send in the ping packet.
Regardless of the size specified by the user, DECnet would always send ping packets with a fixed size. [CSCdi36667]
EXEC and Configuration Parser
•Traffic received during execution of a chat script is not masked using the setting of exec-character-bits, making it difficult to deal with intermediate devices that use parity. [CSCdi30390]
•For Frame-relay subinterfaces specifying link-type will be a must i.e. there will be no default link-type as shown below:
goldy(config)#int s0 goldy(config-if)#encapsulation frame-relay goldy(config)#int s0.1 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link goldy(config)#int s0.1 % Incomplete command.
Previously multipoint type used to be the default for FR sub-interfaces. [CSCdi32283]
IBM Connectivity
•When Source Route Bridging from token ring to token ring the counters in sh source show the sum of received and transmitted packets under transmitted packets and received packets remains zero. This has no influence on the correct operation of the device. [CSCdi27989]
•Statistics displayed for output packets and bytes via the show interface commands did not include source-route bridge explorer frames. [CSCdi30326]
•Sometimes after a reload, peers may stay in an opening state.
Possible workarounds are: (1) delete proxy explorer, reload and add proxy explorer, or (2) remove the peer and then add the peer. [CSCdi34242]
•(1) Having both No source route and netbois output access lists configured, may cause output queue buffer leaks for fast explorers. A workaround is to diable fast explorers whenever fast SRB is disabled.
(2) Outpur ring errors may occur when running RSRB to a 4000 or 4500 ringing 10.3(1). A workaround is to upgrade the 4000 or 4500 to 10.3(4) or later.
(3) Ignored MAC packets are included in the drop count.
(4) Process switched packets are counted twice. [CSCdi34908]
•Spurious dlsw allroute commands such as dlsw allroute_sna and dlsw allroute_netbios will appear in the configuration when no peer is configured. They cannot be removed. There should generally be no operational impact. [CSCdi35890]
•When determining the next wakeup time for the REM component of Lan Manager, the router may incorrectly wakeup at the later of two times, instead of the earlier of two times. This may produce jerky behavior of the REM as errors get reported in groups based on the time of the last error, instead of being reported based upon their individual times. This problem happens for 24.5 days out of 49 days. [CSCdi35914]
•A router running RFC 1490 support over Frame Relay does not properly swap the direction bit in the RIF frame. [CSCdi36042]
•When the configurataion command stun schema name xxxx length xx format hex is entered, it is executed correctly. If the config is then written to memory, the keyword hex is saved as hexidecimal. This causes an error at reload and the command will be rejected. The workaround is to remove the command from the config prior to reload and re-enter it after the router has booted. [CSCdi36328]
•Improve router performance. [CSCdi36367]
•If (R)SRB is configured on more than 2 token ring interfaces in a router with a CBUS/SP controller (AGS+ and 7000 series), then some of the token ring interfaces will stop accepting packets after a number of explorers arrive at the interface. FDDI interfaces may also stop accepting packets. See CSCdi34101. [CSCdi36539]
•In some networks, when direct source route bridging from token ring to FDDI is enabled on a wrapped FDDI ring, the router fails to strip frames from the FDDI ring properly. When this condition occurs, the FDDI ring utilization approaches 100% and the router appears to pause. [CSCdi36717]
•The source-bridge proxy-explorer command causes broadcast storms on the network when an explorer is sent for a non-existant destination MAC address. A trace of the token ring shows excessive LLC explorer frames and the router console does not accept keyboard input. It has to be reloaded to recover. The work around is to remove the source-bridge proxy-explorer command from the token ring interfaces. [CSCdi36718]
Interfaces and Bridging
•Australia homologation testing for layer 1 is different from NET5 homologation, Australia adds some layer 1 specific issues.
Australian homologation for PRI requires the monitoring of errors, and if the error rate is greater than 1.0E-3, an RAI signal must be sent.
In order to accomplish added, we added a code and a keyword for the controller E1 framing command. These commmands are used as follows:
controller E1 1/0 framing crc4 Australia
or
controller E1 1/0 framing no-crc4 Australia [CSCdi36002]
•[CSCdi36117]
•Release-Note This problem will occur with certain pieces of equipment in the field that will inject all 0's in Timeslot 16 when receiving a remote alarm. Most of these can be configured for which pattern to inject. [CSCdi36414]
•SLIP should not allowed to be run on an async line, if IP is not configured on the corresponding async interface. Similarly a remote IP address should be known when bringing up SLIP. PPP needs similar checks, unless Apple Talk or IPX is configured on the interface. [CSCdi36611]
•This problem occures when an interface is changing to the DOWN state. When The interface is transitioning to the DOWN state, packets may be retransmitted causing and infinate loop/recursion. [CSCdi36736]
•Autonomous Bridging will not properly discard some bridge cache entries. This is essentially a memory leak in cBus memory and will reduce the number of available bridge cache entries and ultimately the volume of autonomously bridged traffic.
This memory can only be re-allocated by reloading the router. [CSCdi36910]
•A problem exist on the RSP2 when there is a failure to create a MIP interface via the channel-group command there is no resultant error message. This problem is corrected in release 10.3(4.4). [CSCdi37370]
•If the ethernet cable is unplugged/unconnected on a C1000, the "lost carrier. Transceiver problem?" message is displayed too frequently (every 10 secs by default corresponding to the keepalive frequency). [CSCdi37628]
IP Routing Protocols
•This occurs for sparse-mode PIM groups only. If the DVMRP/PIM border router is not the RP, sources in the DVMRP cloud cannot get multicast packets to all PIM receivers. This problem does not occur if the topology is configured dense-mode from the border router to the RP. [CSCdi27921]
•OSPF external route is not removed even when the external route is no longer being redistributed at the ASBR. [CSCdi32647]
•A router acting as an OSPF Area Border Router may incorrectly run out of free memory. [CSCdi34206]
•This bug exists in all version. The system may crash during show ip ospf delete-list. This fix solves the problem. [CSCdi35275]
•This bug exist in 10.3 and 11.0. When interface is configured with a very large bandwidth value with the bandwidth, with OSPF auto cost determination enabled, OSPF will give that interface zero cost. This fix solves the problem by forcing the minumum value of OSPF cost as 1. [CSCdi35900]
•When determining what time to flush neighbor entries from its tables, EGP may incorrectly wakeup at the later of two times, instead of the earlier of two times. This may produce a clumping behavior of neighbor aging, but should not produce any other problems. This problem happens for 24.5 days out of 49 days. [CSCdi35916]
•With Enhanced IGRP-IP, if a default network is known through an interface that is shut down, the show ip eigrp top act command shows the default network via the down interface, and CPU utilization for EIGRP can measure 40 percent to 50 percent. [CSCdi36032]
•When used with Enhanced EIGRP, the no ipx network and no appletalk cable-range commands might cause unnecessary memory use. [CSCdi36141]
•This bug is introduced into 10.0(10.2), 10.2(6.4), 10.3(3.5) and 11.0(0.7). It causes the OSPF area border router not advertise summary LSA for connected loopback interface and connected multi-access network where has no neighbor exist into other area. [CSCdi36186]
•When IP multicast routing AND transparent bridging are BOTH configured on low-end images, any feature which relies on the reception of IP multicasts (i.e., packets destined to a MAC address prefix of 01-00-5E) will fail to function properly since these multicasts will not be received by the router. Such features include IP multicast routing itself, EIGRP, and OSPF. [CSCdi36404]
•The system might fail to send a proxy Address Resolution Protocol (ARP) response, upon receipt of an ARP request through an interface where the ip mobile arp command has been configured. This problem occurs when the source IP address of the ARP request is part of the directly connected network of the systemUs interface on which the ARP request is received. The system should not suppress a proxy ARP response in the above situation, if it can generate such a response without interfering with potential mobile IP addresses. Specifically, the system should not suppress such responses if it can determine the source of the ARP request to be a mobile host, or the destination of the ARP request to not be a mobile host. The ip mobile arp access-group command must be used to enable the system to make such determinations in this situation. [CSCdi36709]
•IP routing lookups are limited in their recursion as a safety measure. The arbitrary safety limit eliminated some useful corner configurations. Increase the safety limit slightly so that more complex configurations work. [CSCdi36749]
•If the keyword lpd is used in defining an extended access list referring to a TCP port, the keyword is not used when the access list is displayed or when the configuration is generated. The equivalent and correct numeric port number is used instead. [CSCdi36841]
•This bug exists in all versions. OSPF will not install external route associated with external LSA which forwarding address happens to match secondary address of a connected network. [CSCdi36946]
•This bug exist in 10.3 and 11.0 only. When OSPF start a new SPF calculation, destination with multiple paths will reinstalled, it causes unneccessary cache invalidation. [CSCdi36948]
•Access lists using the tacacs-ds keyword will not be parsed correctly in 10.3(4). This bug was introduced in CSCdi34944, which was integrated into 10.3(3.4). [CSCdi36962]
•Telnetting to the router with a loose or strict source route will cause the router to hang. [CSCdi37213]
ISO CLNS
•If an ESH is received from a neighbor running ISIS, it will overwrite the ISIS adjacency and cause unnecessary LSP flooding and SPF calculation. The adjacency count also gets messed up.
This can happen in some unusual circumstances when running ISIS for IP only. [CSCdi37612]
LAT
•Modification of characters during lat printing in version 10.2(5) IOS. Frequency is intermittent, however, after a first occurence frequency increases. [CSCdi36412]
Novell IPX, XNS, and Apollo Domain
•Problem Description -------------------
Due to a software error when populating the IPX fastswitching cache, IPX multiple equal cost ATM paths do not work. Only one path will be populated with the correct 'MAC Header' field. All the other paths will be populated with the same MAC Header as the first path, which will typicaly be incorrect for these paths.
How to determine if this problem is causing you trouble -------------------------------------------------------
If you are running IPX over multiple equal cost ATM paths, then it almost certainly is, but to confirm this:
(this example assumes that you have 2 equal cost paths)
1. disable one of your ATM interfaces
2. clear the ipx cache ("clear ipx cache")
3. populate the cache, by letting the router switch traffic
4. display the ipx cache, paying attention the ATM interface ("show ipx cache") Destination Itf MAC Header * 37.0000.00c0.016c AT5/0 00010900AAAA030000008137
5. swap ATM interfaces (i.e. disable this one, and enable the other one)
6. repeat steps 2 through 4 Destination Itf MAC Header * 37.0000.00c0.016c AT8/0 00020900AAAA030000008137
7. enable both ATM interfaces
8. repeat steps 2 through 4 Destination Itf MAC Header * 37.0000.00c0.016c AT5/0 00010900AAAA030000008137 @AT8/0 00010900AAAA030000008137
If either interface has a different MAC Header in step 8 from what it had in steps 4 or 6, then you are suffering from this problem. In this example, ATM8/0 has the wrong MAC Header displayed in step 8 (i.e. it's different from that shown in step 6).
Workaround ----------
Unfortunately, the only workaround is to disable multiple equal cost IPX paths, with the following global config command:
(config)#no ipx maximum-paths [CSCdi33071]
•Display IPX routes may cause the router to reload when IPX EIGRP routes are being deleted. [CSCdi34380]
•Setting the ipx output-sap-delay and output-rip-delay commands to large values might prevent normal updates from occurring. To fix this, four new commands have been added. The ipx default-output-rip-delay and ipx default-output-sap-delay commands set global defaults for all interfaces. The ipx triggered-rip-delay and ipx triggered-sap-delay commands set the per-interface values for the interpacket gap in Flash memory and poison RIP/SAP updates. This value overrides the settings of the ipx output-sap-delay and output-rip-delay commands. If you normally configure a large interpacket gap, configure these commands to have small values. [CSCdi34411]
•IPX autonomous switching is permitted to be configured on ATM interfaces using the ipx route-cache cbus command. However, ATM autonomous IPX switching is not currently supported and should not be permitted as a configuration option. [CSCdi35568]
•If an IPX Internal Network number is configured then IPX pings to local interfaces fail. [CSCdi35604]
•Static IPX routes show LAN interfaces as possible options, IPX static routes tied to an interface are only permitted on IPXWAN configured interfaces. [CSCdi35779]
•On systems which do alignment and spurious memory reference checking, configuring Novell (IPX) with a SAP queue maximum value may cause ALIGN-3-SPURIOUS log messages. Removing the SAP queue limit is a workaround. [CSCdi35867]
•Routes and Services learned over IPX unnumbered point to point links will age out and disappear. Using a numbered interface is a workaround for RIP/SAP. This was broken by CSCdi33838 in 10.3(3.3). [CSCdi36047]
•A SAP input filter is incorrectly applied to services learned via NLSP. [CSCdi37285]
•External routes are not correctly absorbed by NLSP via RIP-only subinterfaces running IPXWAN. A temporary workaround may be to enable NLSP temporarily on the subinterface ("ipx nlsp enable"). [CSCdi37298]
•NLSP may produce "Name matches ours" messages when a neighbor router has a similar but not identical name. For example, and error message will be seen if "Router1" and "Router10" are neighbors, if Router1's name was Router01 the message is not seen. [CSCdi37603]
Protocol Translation
•Memory leak in the Middle and Big Buffers. [CSCdi36312]
TCP/IP Host-Mode Services
•The RLOGIN process is not flushing the pending output correctly. [CSCdi36259]
•When initiated from a VTY (i.e., telnetting into the router), the transfer of files between flash and a network server using rcp (via the commands copy flash rcp and copy rcp flash) cannot be halted via the escape character. [CSCdi36734]
•The reverse DNS name lookup performed by the RSH server code fails, so incoming connections are aborted. The workaround is to disable the reverse lookup via the no ip rcmd domain-lookup command. [CSCdi36874]
•RSRB's FTCP encapsulation on high-end platforms over MCI hardware does not work. [CSCdi37573]
TN3270
•Users emulating 3270 devices through the TN3270 emulation package receive redundant responses to commands previously issued. The correct behavior is for the 3270 emulation user to receive responses only for the current command. Cisco Systems expects to resolve this caveat in the 10.3 release of IOS. [CSCdi35861]
VINES
•A gradual loss of free memory attributable to a memory leak in Vines can occur. There is no workaround. [CSCdi35901]
•VINES fastswitch cache entries are sometimes built with the MAC address of another VINES interface. This issue can cause the message VINES ENCAPFAILED and can cause the router to pause or crash. It is recommended that fast-switching be disabled in highly redundant networks or single-route be enabled. Customers running RTP can issue 'vines single-route' instead of disabling fast-switching only if they running 10.0(10.1), 10.2(6.1) or 10.3(3.1) or later due to CSCdi34071. Customers running a pure SRTP network can issue 'vines single-route' in any 10.x release. [CSCdi37335]
Wide-Area Networking
•Unexpected LAPB resets may occur under extreme conditions of traffic and load. This problem may be avoided by increasing moderately the interface input-queue. [CSCdi30355]
•When using the ppp use-tacacs command, the behavior of CHAP Authentication for PPP connections does not comply with RFC 1334. Rather than always retransmit the same reply code when receiving multiple CHAP RESPONSE messages our implementation sends a query to the TACACS server for authenication every time. Since successive TACACS queries may yield different results (if the server becomes unreachable for example) our behavior does not comply with the RFC.
The new behavior will be to cache the reply code to a CHAP RESPONSE message and retransmit the same reply if multiple copies of a RESPONSE message are received. [CSCdi31925]
•Routing on Dedicated mode Async Interfaces is not being affected by the state of the "Async Default Routing" flag. Further Async Interfaces are doing routing all the time, whether or not configured using the "Async Dynamic Routing" or "Async Default Routing" flags. [CSCdi31975]
•When the session-timeout interval expires, the protocol translator now closes the outgoing PAD connection, returns the terminal line to an idle state, and displays the following message:
[Connection to remote X.121 address idle too long; timed out] [CSCdi34009]
•This fixes a problem where an ATM switch reset causes the software to clean up the VCC information, but doesn't notify the ATM interface to do the same. Now all teardown requests are sent to the ATM interface regardless of the interfaces UP/DOWN status. [CSCdi34432]
•Under some unknown conditions, some X.25 data packets may incorrectly have the D bit set, which will cause a connection to be reset. [CSCdi35036]
•A router configured for Connection-Mode Network Service (CNMS) ignores X.25 restart requests from a LAN attached workstation using the CNMS connection. This problem will disrupt CNMS connections. [CSCdi35117]
•PPP interfaces do not display statistics via the show compression command. [CSCdi35161]
•On a Copan class router (C2509, C2510, C2511, C2512), the Async driver can consume limitless number of system buffers. This is usually not a problem as the typical number of used buffers is around 3. In some rare pathological conditions, a vast number of system buffers get allocated by the driver, causing a performance degradation and reducing available resources for others.
The maximum number of system buffers the Copan's Async driver can leave outstanding at a given time should be 8 per async channel for received-data. This count excludes the 3 permanent buffers each channel owns for received-data. [CSCdi35587]
•A received X.25 Call that has user-specified data in the Call User Data field and no destination address (length of 0) is ambiguous; the X.25 routing table should be checked to see if the Call can be routed and, only if no route matches, should the Call then be treated as destined for the router.
The router is not treating received Calls with the null destination address as routable. [CSCdi35754]
•Auto-install over frame-relay can add static routes to your configuration. In most environments these static routes are harmless. For those environments were the static routes are not desired, the workaround is to include an equivalent "no ip static route ..." statement in the config file on the tftp server used for autoinstall. [CSCdi35964]
•The isdn caller or dialer caller command will crash the 4500 with a low memory access. It will corrupt low memory on all other platforms. [CSCdi36195]
•The cisco 7000 PRI has passed TS014 homologation in Australia. [CSCdi36325]
•Router crashes when PRI timeslots are removed from the controller. [CSCdi36421]
•A received Call that encodes local facilities (i.e. using a local facility marker) will have those facilities processed as if they were standard facilities. [CSCdi36424]
•Configuring LAPB's T1 parameter will report "T4 disabled" when no T4 is configured. [CSCdi36571]
•ISDN PRI interfaces may use the incorrect timeslot for the B-channel. [CSCdi36633]
•Software systems for the Cisco 7000 AIP card do not always get initialized in the correct order. This can lead to the appearance of the message: "SYS-3-Regnone: Registry 7 service 26 doesn't exist" at the console. Cisco Systems plans to address this caveat in release 11.0 of the IOS. [CSCdi36654]
•show atm vc VCD dose not take VCD's that are bigger than 1024. Also, AIP on 7000 (family) only supports maximum of 2048 VC's, instead of 4096. [CSCdi36778]
•ATM OAM FERF is not generated correctly, in replying to OAM AIS. [CSCdi36822]
•Forced reload of router in parser when doing show x25 map, while maps were being added and deleted in another session. This was discovered in versions 10.2, 10.3, and 11.0 IOS. [CSCdi37303]
10.3(3) Caveats/10.3(4) Modifications
This section describes possibly unexpected behavior by Release 10.3(3). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(3). For additional caveats applicable to Release 10.3(3), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(4).
AppleTalk
•On a large AppleTalk network, high CPU utilization may occur due to a highly lopsided routing tree. [CSCdi32063]
•Corrected the problem which prevents the router to run in pre-FDDItalk mode. [CSCdi33270]
•If an 'extended' route is heard for a non-extended equivalent in the routing table, it gets converted to extended. This should not be happening if the 'extended' route is also a poison route (distance 31). In rare circumstances this can cause route instability. [CSCdi33321]
•When routes associated with zones would age out, the network entry would not disassociate itself with the zone. When that network entry was relearned, an additional network-zone association would form. The result is multiple appearance of the same network number in the zone table as viewed by the SHOW APPLE ZONE comand.
Restarting the router will clear the table. [CSCdi33691]
•Corrected the problem which prevents router to run in pre-fdditalk. [CSCdi33873]
•The command no appletalk protocol eigrp causes the system to dereference Null (during a bcopy() the source address is Null), which causes the system to reload because the bcopy() routine uses a ld instruction to read 8 bytes at [CSCdi34264]
•Corrected the problem which prevents users from clearing neighbor entries. [CSCdi35099]
Basic System Services
•Using point-to-point LAPB compression seems to generate a memory leak. Workaround would be removing the command 'compress predictor' from the configuration. The problem with the predictor (RAND) compression algorithm was fixed. [CSCdi32109]
•the entry in the chassis MIB for the chassis interface card claims it is in chassis slot 31. [CSCdi32778]
•It is noticed that ping fails when switching between HIP (using encapsulation PPP) and MIP. [CSCdi32831]
•'Copy tftp' command occasionally fails with 'buffer overflown' message. This may only happen when broadcast address is used for tftp server. [CSCdi32922]
•When routing a protocol and with bridging turned on, the implementation is optimized so that the packets belonging to this protocol will not be bridged if it is destined to DLC or MAC addresses. [CSCdi33008]
•If a terminal line is configured with a Location command, and the user makes a tn3270 connection to a host that supports the telnet location negotiation on tn3270 connections, the connection may halt and fail to respond. The workaround is to remove the location with a no location config command. [CSCdi33143]
•System may reload unexpectedly and System was restarted by error - Software forced crash may be displayed when show version is displayed. [CSCdi33205]
•Running the DNLD command on cisco 1003 ROM monitor fails with checksum errors. [CSCdi33361]
•Either the timer process or the callback routines that it invokes is holding the CPU for a abnormally long time. [CSCdi33370]
•romId, romVersion, romSysVersion aren't necessarily valid DisplayStrings [CSCdi33371]
•If an NTP authentication key is configured, and an NTP packet is received with that authentication key, but the key has not been configured as "trusted" (via the "ntp trusted-key" command), and later the key is configured as being trusted, packets containing that key may not authenticate correctly.
The workaround is to re-enter the "ntp authentication-key" command for that key again, or to reload the system (with the "ntp trusted-key" command included). [CSCdi33390]
•cisco 7505 router fails to download lex image using the command copy tftp. [CSCdi33877]
•ROM monitor on cisco 4500 routers could reload with a bus error when the boot flash is corrupted. [CSCdi33906]
•When OSPF is configured, using the show commmand show ip ospf neighbor causes a system reload. [CSCdi34109]
•The AIP microcode on the 7500 series routers is not handling the transmit of packets correctly. [CSCdi34417]
•log messages are queued and never emitted by bootstrap images [CSCdi34596]
•After a write erase and a reload, the system reports spurious memory access errors. [CSCdi34667]
•Seriously oversized NTP packets (or packets addressed to UDP port 123, whether they are actually NTP or not) can cause memory corruption and failure to sync time correctly. [CSCdi34786]
•It is desirable to be able to control the TFTP servers to which configuration files can be written with an SNMP set to the writeNet variable and from which configuration files can be loaded with an SNMP set to the netConfigSet and hostConfigSet variables. To that end, the global configuration command snmp-server tftp-server-list acl-number should be implemented. This command will associate a simple IP access list with the TFTP operations. The writeNet, netConfigSet, and hostConfigSet will be allowed only when they specify a TFTP server whose IP address passes the access list specified. [CSCdi35746]
DECnet
•When a DECnet static route is configured using a next hop that is itself a statically-configured route, we should "resolve" the next hop until we determine the outgoing interface.
For example, if we have a configuration
dec route 1.1 1.2 dec route 1.2 1.3 dec route 1.3 e 0 xxxx.yyyy.zzzz
a packet addressed to 1.1 should correctly get routed out on interface e 0, with the snpa xxxx.yyyy.zzzz . [CSCdi33277]
•When a DECnet static route is configured with cost or hop information, the configuration in memory contains a duplicate occurrence of the cost/hop information. As a result, the configuration command cannot be parsed correctly.
For example, if the user enters:
decnet route 3.101 3.75 2 41
WRITE TERM and SHOW CONFIG show:
decnet route 3.101 3.75 2 412 41
(i.e. the "2 41" is repeated) [CSCdi33298]
•This is a regression caused by 28342.
When DECnet IV/V conversion is enabled on a router configured for L2, the router ceases to send L2 hellos to the Phase IV+ (i.e. "all L2 routers") multicast. As a result, other vendors' routers that explicitly listen to L2 hellos on this multicast will not create a L2 adjacency.
In an all cisco environment, there is no problem, since cisco routers will listen for L2 hellos on the "old" ("all routers") multicast. [CSCdi34275]
•Configuring DECnet conversion without actually configuring an OSI protocol for the CLNS side causes the router to reload. [CSCdi34640]
•When a route look up for a particular DECnet IV destination shows that the next hop is in an "Initializing" state, we should convert to Phase V, if possible. [CSCdi35322]
EXEC and Configuration Parser
•If you reload a router with vty-async configured and more than five VTYs, it will come back with only the default five lines available for PPP use. The workaround is to enter the vty-async command once more. [CSCdi33272]
•The header-compression option is written to nonvolatile memory in an incorrect format when used in the translate command. The command is not parsed properly when read. [CSCdi34507]
IBM Connectivity
•While packet counts in show source are correct, the packet counts reported via SNMP are incorrect. [CSCdi30095]
•The system may reload when using an IBM Lan Manager to change the ring number of the token ring interface. [CSCdi30096]
•On 2500's series routers, adding a data link local peer may cause the router to reload. [CSCdi30264]
•A router configured for Source-Route Bridging will not forward All-Route Explorer frames if the destination MAC address is the token ring broadcast address c000.ffff.ffff. All-route explorers destined for other MAC addresses are still forwarded correctly. [CSCdi30429]
•Configuring a LSAP or DSAP for a RSRB remote peer may cause the router to reload. [CSCdi31089]
•QLLC flow control can be incorrect if there are a number of calls being established simultaneously. One sympton is delay in terminal activation caused by delay in translation from llc2 SABME to qllc QSM. The another sympton is delay in termination of sessions. The disconnect session may be improper where DM is sent from the lan attached host and UA is returned from the router. However, RR may be continued to flow for the terminated session. [CSCdi32033]
•On 2500's, 4000's or 4500's reject the Null-XID response when RS6000 is attached to local ring (RIF length is 2) and broadcast bit is set. Therefore, the RIF table is not updated, but the ARP table is. [CSCdi32042]
•4500 crashes when configuring remote-peer, or after configuring remote peer and bringing the token-ring port up. [CSCdi32138]
•Perfromance improvement. [CSCdi32585]
•Proxy explorers may cause a XID storm when two router share two or more rings. A workaround is disable proxy explorer on one of the routers. [CSCdi32948]
•Sometimes when using LanNet Manager to configure automatic spanning mode, the bridges do not move into the forwarding state. [CSCdi33352]
•Issuing "show lnm interface token-ring x/x" will loop indefinately when soft errors are present on the token ring. [CSCdi33378]
•For SNA sessions, llc2 local-window is set to 8 even though the default is 7.
For Netbios sessions, using llc2 local-window x with x is equal to either 1 or 6, the value will set to 8 by error. [CSCdi33845]
•Disabling LanNet Manager may cause the router to reload. [CSCdi33944]
•In some rare cases a router configured for STUN with local acknowledgement will stop forwarding all packets and continuously print the following messages on the console: %SYS-2-INTSCHED: event dismiss at level 5 -Process= "IP Input", ipl=5, pid=7 [CSCdi33993]
•If (R)SRB is configured on a token ring interface in a router that also contains a FDDI card, then the FDDI card stops accepting incoming traffic after the token ring is brought up. This problem only affects routers that have a CBUS/SP controller (AGS+ and 7000 series). show controllers cbus will show an rql of 0 for the FDDI and show interface fddi x will show an ignore counted for every packet received. Token ring interfaces may also stop accepting packets when (R)SRB is configured on multiple interfaces on the same card. See CSCdi36539. [CSCdi34101]
•Datalink switching will not work when fastswitching. [CSCdi34209]
•When using Datalink Switching, XID data is limited to 120 bytes. [CSCdi34283]
•Some SAPs are altered when running DataLink Switching. [CSCdi34577]
•On the Cisco 4500 router clear source-bridge command can cause a system reload. [CSCdi35237]
Interfaces and Bridging
•In high traffic environments, FSIP8 will get FCICMDFAIL messages and may eventually get 8010 fsip_reset due to multiple command timeouts. The command timeout was caused by a long path in the fsip firmware during the memd read on trasmit. fsip10-8 fixed this problem by splitting the memd read on transmit into 32 bytes chunks and enablinginterrupts between the chunks. [CSCdi27451]
•It is a problem to SSE switch packets from an AIP using encapsulations aal5snap, aal5mux and MIP using encapsulations ppp, frame-relay and fr-ietf. [CSCdi31104]
•"shutdown" FSIP interfaces present during an OIR are spuriously enabled, which can cause ports running faster than 2Mbits/s to report errors (e.g. overruns).
one workaround is to explicitly shut them down after each OIR event. Another is to issue the "microcode reload" config command after each OIR event. [CSCdi32419]
•Serial interface in a spanning tree may mistakenly go into a blocking state. This has the possibility of occuring during interface transitions. One work around is to shut the interface down, then bring it back up to restore the spanning tree. [CSCdi32843]
•Under some conditions, certain configurations (example: router dual-homed to concentrators) may experience CMT (phy-A/B state) connection problems.
Symptoms include: fddi interface goes down/down, phy states that do not match phy status (example: Phy-A state is break, status HLS), CFM isolated, RMT non-op, both phys "active" (or "idle") simultaneously, connection status LEDs on concentrators flashing. [CSCdi33053]
•When bridging from fddi across serial or hssi ,if the packet is greater than 1500 bytes, it will be marked as a giant at the far bridge, then dropped. [CSCdi33179]
•A software race condition can cause systems with an SSP to generate incorrect hardware failure messages. These messages will include the string "sse_bridge_on" or "sse_bridge_off". The behavior of the system after such a race condition occurs is unpredictable. [CSCdi33607]
•A system reload can occur when using the cmt connect fddi n or cmt disconnect fddi n commands. Culprits are NULL pointer dereferences inside cmt_connect() and cmt_disconne [CSCdi34054]
•On a Cisco 2500, DTR is held high on a shutdown interface when a DTE cable is attached. [CSCdi34135]
•While inserting a cache entry for truncated CLNS address (a CLNS address which is a truncated form of another address), SSE switching gets disabled. [CSCdi34344]
•Interface could be subject to delayed transmission of keepalives or other traffic when few packets per second are output on the line and it has some protocol or feature that sets the transmit queue limit to a low value (e.g., priority queueing). [CSCdi35345]
•The interface transmit delay fails to work on T1/E1/PRI links. [CSCdi35650]
IP Routing Protocols
•This bug is introduced in 10.3(1). The configuration of neighbor command will be lost upon reload if the interface that is connected to the neigbor(s) has been configured with any ip ospf interface command. There is no workaround. This fix solves the problem. [CSCdi32834]
•This problem is introduced in 10.0.(8.2), 10.2(4.5) and 10.3(1.2). The customer will find the ABR (Area Border Router) not advertise summary LSA (Link State Advertisement) about the connected secondary subnet into other areas even if the network has cover it. There is no workaround. [CSCdi33467]
•Backup interfaces fail to send EIGRP hellos out when the link comes up after the primary link goes down. This seems to occur when the backup interface is in a standby mode for longer than a day or so. [CSCdi33558]
•If an IGRP or RIP routing process is configured, but no routing update has been sent in the last 24 days (e.g. if there are no "line protocol up" interfaces available) then routing updates may be suppressed for up to 24 days before resuming. [CSCdi33918]
•Internal/External routes fail to propagate in IP-EIGRP when heard from candidate defaults. [CSCdi33968]
•Modify BGP to support the most recent change in the RFC specification so we will support optional parameters in the OPEN message. [CSCdi34002]
•Memory corruption by the scheduler can cause the router to reboot because of a software forced crash. [CSCdi34545]
•An ICMP packet with erroneous information in the options field can cause an unscheduled restart. [CSCdi34709]
•In Release 10.3, when an interface is configured with WAN type encapsulation, for example, Frame Relay, the ip ospf hello-interval 10 configuration on that interface is lost upon reload. The problem is caused because the ip ospf interface commands appear before the encapsulation command in the configuration. This fix solves the problem by moving ip ospf interface commands after the encapsulation command. You may experience the same problem when the fixed image is reloaded the first time. Just reconfigure the ip ospf interface commands and do write terminal. This will reorder the command in the NVRAM, and the configuration will be retained upon next reload. [CSCdi34779]
•If an interface configured as passive-interface, EIGRP will not remove it from its topology table whenever the interface is shutdown or unconfigured. [CSCdi34952]
•This bug exists in all release. It happens when OSPF is running and the system is attached to multiple areas, but not including the backbone area. In this case, for destination that can be reached by inter-area route through different non-backbone areas, the system is not able to select the best path. This bug is fixed in 10.3. [CSCdi35004]
•This bug exists in all release. It happens when more than one serial interface are configured to be on the same subnet, and this subnet fall in the range of the network command. In this condition, if some of this serial interfaces are not functional, for example, are shutdown, OSPF will not aware of it and it is possible for OSPF to use this non-functional interface as output interface in SPF calculation. The result is that OSPF select wrong output interface for route to other border area router, as shown by show ip ospf border-router, it will further cause summary and external route not to be installed in the IP routing table. [CSCdi35182]
•The "no ip address" command, when used with IP-EIGRP may cause unnecessary meemory use. A portion of memory is not freed up on the router. [CSCdi35696]
ISO CLNS
•Static CLNS interface routes clns route nsap-prefix interface-type [snpa-address] over X.25 encapsulation don't get removed from the routing table when the specific interface is down. [CSCdi33029]
•When ISIS is redistributed into ISO-IGRP, the ISO-IGRP metrics count to infinity when an ISIS route disappears from the network. The route is not flushed. This event causes ISO-IGRP to send constant updates which raises the CPU in the router considerably. [CSCdi33174]
•CLNS route redistribution into ISO-IGRP may cause the router to reload. [CSCdi34941]
•Issuing the command "show isis route" may cause the router to reload. [CSCdi35145]
Novell IPX, XNS, and Apollo Domain
•When the router has a route in holddown state, configure an interface with the same network number as the holddown on the token ring may cause the router to reload. This symptom is only seen when IPX EIGRP is configured. [CSCdi33219]
•On the 4500 platform (only) IPX standard access lists and extended IPX access lists (types 800 and 900) were not correctly applied to process switched packets when source host or destination host fields were present in a filter entry.
On (all) low end platforms, the "ipx access-group" filter was not applied to fast switched packets. Also on low end platforms, ipx accounting was not performed for fast switched packets output to an interface when an "ipx access-group" filter was configured on that interface. [CSCdi33556]
•The router should not listen to RIP requests or RIP replies from network nn if the ipx router rip and no network nn commands are entered. These commands are normally used to disable RIP when IPX Enhanced IGRP is running on the interface. [CSCdi33838]
•If IPX Enhanced IGRP is running, the command sequence interface serial no ipx network no ipx routing
may cause the router to reload. [CSCdi33994]
•Router running Novell may crash with a bus error at PC 0x319369E, address 0xE9F8030C [CSCdi34022]
•When IPX networks are defined only on subinterfaces (i.e., no IPX network is defined on the primary interface), "ipx route-cache" commands (which must be issued on the primary interface) are not allowed and/or not generated correctly in the configuration. [CSCdi34331]
•With many IPX services in the router and IPX RSUP is enable, there is a chance for the router to reload if the following command is entered show ipx eigrp neighbor server [CSCdi34361]
•Configure rsup-only on LAN interface and unconfigure it. Write term displays the unconfigured command, no ipx sap-incremental eigrp 1 rsup-only It should not be displayed. [CSCdi35236]
•The "ipx routing" command incorrectly places deleted interfaces in a "down" state causing ipx routing to cease. [CSCdi35418]
•IPX static routes tied to an interface should be allowed on subinterfaces. [CSCdi35588]
•Even if the default route is known the router does not respond to a specific rip request for a network not in our route table. If the default route is known, a response will now be sent using the metric associated with the default route.
Also, allow the default route to be defined as a static via the internal network for administrative convenience. [CSCdi35794]
•When disabling IPX RIP using the commands ipx router rip followed by no network nn, the system should not disable SAP, but should disably only RIP. [CSCdi36015]
Protocol Translation
•An X.25 RESET REQUEST received on a virtual circuit used for TCP-to-PAD protocol translation causes the connection to hang. [CSCdi33374]
TCP/IP Host-Mode Services
•The 10.2 command rcmd remote-host user host user is not translate correctly to its 10.3 syntax: ip rcmd remote-host user host user. Specifically, the enable keyword is dropped. The work around is to re-enter the affected rcmd remote-host commands, prefixing them with the word ip. [CSCdi33664]
•Serial interfaces with Frame relay encapsulation will drop the very small incoming frames that are sometimes produced by TCP/IP header compression. This results in excessive retransmits which will cause TCP to become very slow. The work around iS to disable TCP/IP header compression on interfaces configured with Frame relay encapsulation. [CSCdi34470]
•The system fails to forward IP Directed Broadcast packets. UDP FORWARD-PROTOCOL UDP port # must be configured as a workaround. [CSCdi34839]
TN3270
•The TN3270 emulation program provided by the Cisco router does not support the commmon ATTN and SYSREQ functions requireded by standard 3270 terminals. This functionality is to be provided in future releases of IOS release 10.3. [CSCdi34765]
VINES
•vines single-route has no effect on routes learned via RTP. Enabling SRTP on the router and all its neighbors works around the problem. [CSCdi34071]
Wide-Area Networking
•On an MBRI interface on a 4000 or a 4500, the interface may report a number of input errors (runts) equal to the number of input packets even though there are no errors on the line. This is a cosmetic problem due to a mis-read register on the driver chip. [CSCdi23839]
•The output of the show frame-relay map and show frame-relay pvc commands would be more useful if it were sorted. It should also be possible to display subsets of the data. [CSCdi24781]
•Frame-relay dynamically learned DLCI's, created by the use of inverse arp, cannot be cleared using the clear frame-relay-inarp. [CSCdi26027]
•On the Cisco 2509, 2510, 2511, and 2512, if carrier is lost while an async channel configured for hardware flow control has output held (because CTS is low), the channel can be left in an unusable state. [CSCdi27841]
•I believe that the underlying bug here is that it is possible to configure a PVC with the VCD number of an existing SVC. This leaves the software in a bizarre state.
The fix for this is a check which guarantees that a SVC VCD cannot be used for a PVC. [CSCdi29773]
•A 32 bit cell that is used to store timer values wraps every 49 days and 17hrs. This results in incorrect time values being shown in various displays. [CSCdi29908]
•atm pvc VCD VPI VCI aal5mux accepts wrong protocol types for the vc. [CSCdi29918]
•The show atm map dose not page its output. [CSCdi30966]
•If the system is running Novell IPX over a frame relay link and the maximum path value is greater than one, the system will not function. [CSCdi31042]
•This behavior is seen in at least two cases. If a PVC is created in response to an LMI full status message, the user is then unable to assign it to a subinterface. The same behavior can be created by changing to an encapsulation other than frame relay, switching the encapsulation back to frame relay, and then attempting to config from NV memory or the network. [CSCdi31053]
•The atm framing G804 applies to both E3 and DS3 PLIM, but it should only apply to E3. It cannot apply to DS3 PLIM because it would affect connectivity. [CSCdi31226]
•There were ocasional 'CPUHOG' messages during AIP initialization, at boot and during a 'shut/no shut' sequence. [CSCdi31410]
•Although it is highly recommended not to alter ATM Signaling timers (the defaults are good for most networks) unless the user has a very good knowledge of ATM signaling if a user does alter then incorrect values will be written in nvram. [CSCdi32199]
•Under unusual circumstances, accepting a PAD call from a connection that the router have sent a call to may cause the system to reload. [CSCdi32856]
•Atalk fast switching from a phase-I Lex interface onto an ATM interface failes, although process switching on the same path works just fine. [CSCdi32913]
•There are some small cases where PPP authentication may not complete due to it believing the remote is requiring us to authenticate. [CSCdi33142]
•A router running X.25 receiving unknown local or remote facilities may pause indefinitely in some circumstances. [CSCdi33178]
•When ATM interface is configured for SMDS encapsulation, the configuration that gets written to NVRAM is in the wrong order. [CSCdi33324]
•When a routing protocol is removed, Frame Relay removes all dynamic maps that reflect this routing protocol. In doing so, there was a hole in the code that would free a PVC pointer before the status of all routing protocols had been checked, leading to crashes within decnet, novell and appletalk routines.
Furthermore, quite significant fixes to handle crashes caused by the "no ipx network" command, CSCdi31520 and CSCdi32606, have also contributed to the cure. [CSCdi33336]
•If an interface is changed from x25 encapsulation to atm-dxi encapsulation, the x25 parameters are erroneously shown by show interface until the router is reloaded. [CSCdi33455]
•An interface configured with PPP encapsulation will not accept negotiations of the interface MTU, even if the value the remote side is sending is the same as the value already configured. [CSCdi33554]
•This problem results from the AARP frames, to an SMDS interface, would be sent with a type 4(HW_SMDS) SMDS address. The SMDSTalk specification specifies that SMDS AARP entries use type 14(HW_SMDSTALK) address type. This created an incompatibility with other vendor implementations.
The fix requires the newer IOS versions to send out type 14 address types with AARP packets and is compatible with other vendors.
This is only an issue for ATALK users running in Extended mode with Dynamic ATALK address resolution enabled.
CAUTION: This fix creates an incompatiblity with the existing ATALK/SMDS base when sending AARP in Extended mode. Users *MUST* upgrade all routers to the newer IOS versions to interoperate.
The workaround until all routers are running IOS with this fix is to run AppleTalk on SMDS with a non-extended configuration.
See CIO, under techtips and appletalk for sample configurations. [CSCdi33586]
•When the T1 or E1 controller configurations are removed from both routers connected via ISDN PRI, the last router to be reconfigured crashes. Cisco Systems expects to resolve this caveat in the 10.3 release of IOS. [CSCdi33719]
•A command has been added that allows you to enable and disable Frame Relay inverse ARP on all protocols of a router interface. The frame-relay inverse-arp enables inverse ARP on all protocols that were enabled before you issued a no frame-relay inverse-arp command. The no frame-relay inverse-arp command disables inverse ARP on all protocols of a router interface. [CSCdi33792]
•This problem was preventing BOOTP UDP traffic, coming into an AIP interface, from being forwarded to other interfaces. BOOTP was never getting onto the other networks from ATM. [CSCdi33911]
•Certain packets (such as ICMP packets) can be corrupted by the BRI interface on Cisco 2500 series and Cisco 3000 series routers. [CSCdi33942]
•Invalid packets received on an SMDS interface are discarded incorrectly, and remain counted against the input queue, causing the interface to stop receiving traffic. [CSCdi34116]
•If AutoInstall is initiated on all uninitialized routers and you enter the configuration dialog to manually configure the box, the AutoInstall process is stopped. The cleanup sequence before the process is stopped does not reset serial or HSSI encapsulation to HDLC. [CSCdi34210]
•The AIP defaults to SCRAMBLE mode with the DS3 PLIM. The microcode was modified to change the default to scrambling disabled. A new parser command was required to enable scrambling on the DS3 PLIM: [NO] ATM DS3-SCRAMBLE This is applicable to the main ATM interface only. [CSCdi34243]
•In configurations where "snmp host" is configured in a router with an ISDN connection, ISDN traps bring the line up unnecessarily. This can lead to expensive ISDN billing for unnecessary calls. To address this caveat, ISDN traps are disabled by default. A command "no snmp-server enable traps isdn" is added so that snmp functionality can continue in the router without causing ISDN dialing. [CSCdi34313]
•1) atm pvc VCD takes VCD from the range of 1 through MAXVC, while it should have taken only the VCD in the range of 1 through (MAXVC-1).
2) atm pvc command accepts peak-rate and average-rate in the range of 64k to 150,000kbps on a TAXI AIP while it should have taken each no more than 100,000kbps.
3) atm rate-q command accepts bandwith of a rate-q in the range of 1 to 150Mbps on a TAXI AIP, while it should have only taken any rate-q with bandwith no more than 100Mbps. [CSCdi34371]
•Async and virtual async connections configured with the line configuration command autocommand ppp ip-address | host-name produce the error message "%Unable to find address for you" when the connection starts up. This problem first appeared in 10.3(2.0.1).
To work around the problem for async connections only, use the line configuration command autocommand ppp default. There is no workaround for virtual async connections. [CSCdi34519]
•The ISDN PRI implementation for switch-type NTT does not interact correctly with the network when the switch is using slot-maps. Symptoms of this problem include outgoing call setups being rejected with a "Invalid number format" message, and incoming calls being switched to the wrong B channel. Cisco Systems expects to resolve this caveat in the 10.3 release of IOS. [CSCdi34581]
•User may get error message similiar to the following at bootup time %WARNING(ATM1/0): Total rate queue allocation 200Mbps exceeds maximum of 100Mbps when there are both PVC and RATE-Q configuration in the NVRAM. [CSCdi34590]
•A MIP card configured as a ISDN PRI does not respond to SABME frames from a DMS100 switch after it has been shut down and brought back up. Similar results have been reported for BRI interfaces connected to 4ESS switches. The router does not successfully re-enter the tei negotiation process. Cisco Systems expects to resolve this caveat in the 10.3 release of IOS. [CSCdi34856]
•In a large customer network of routers fully meshed with rsrb tcp local-ack peer connections there are situations of high load and sessions are lost. When a new session is trying to get established no connection is possible anymore. Debug llc2 error will display no memory for llc2 structure. From that moment no more llc2 session can be established. To recover from the situation the customer has to bring down all his llc sessions in the Host and restart. [CSCdi34961]
•The interface bandwidth on primary rate ISDN B channels is always 64 Kbps, even when 56 Kbps calls are being made. There is no workaround to this problem. [CSCdi35247]
•Efforts to perform auto-install over Frame Relay fail. This caveat first appears in IOS release 10.3(3.3). When the router which is trying to find the remote tftp server is unable to make the needed connection, the Frame Relay encapsulation and mapping commands disappear from the running configuration. Cisco Systems expects to resolve this caveat in release 10.3 of the IOS. [CSCdi35485]
•Traceback messages may appear on a Copan class (2509, 2510, 2511, 2512) router, if too many BREAK characters are received successively on its async lines. Increasing the number of available big buffers, sometimes releives this problem. [CSCdi35611]
•Autoinstall over frame-relay on AccessPro product does not work. [CSCdi35615]
•When an unitialized router is powered up, it automatically spawns a process that attempts to autoinstall. This process is killed when the user attempts to manually configure the router through the configuration dialog. Because of a coding error, this cleanup sequence attempts to clear the same block of memory twice. Workaround is to wait 4 minutes at the configuration dialog prompt before attempting to manually configure the box. This allows time for the autoinstall process to gracefully commit suicide. [CSCdi36477]
10.3(2) Caveats/10.3(3) Modifications
This section describes possibly unexpected behavior by Release 10.3(2). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(2). For additional caveats applicable to Release 10.3(2), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(3).
AppleTalk
•The error messages and trace back:
%SYS-2-BADSHARE errors in datagram_done pool_getbuffer and atalk %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=xxxx, count=0 -Traceback= xxxxxxxx xxxxxxxx xxxxxxxx
is displayed on the console of router that configures with Appletalk. If this message is produced, contact Cisco Systems, include the text and the traceback of this message as well as the information from the show vrsion command. [CSCdi29127]
•This corrects a slow memory leak which would manifest itself when AppleTalk EIGRP was enabled. [CSCdi30641]
•Router is sending the first NBP FwdRq to the correct DLC next hop address, but all FwdRq packets to the multicast address. The effect of this bug is that a user might not see all entities in a given zone. The bug is only found when the ARAP clients try to do NBP Broadcast Request to the router. NPB lookups done from the Ethernet port (such as with NBPtest) are OK. [CSCdi30787]
•Routes will be stuck in routing table after failing sanity check while configuring static routes. [CSCdi31428]
•It appears at arap shutdown that all ARAP context Queues and one MNP4 context queue are not emptied. [CSCdi31592]
•ARAP MNP4 Link Request to set up an initial MNP4 link does not currently have a retransmit capability. If the Link Request sent by the Commserver is not received correctly or at all by the powerbook client, the Link Acknowledge is not sent. Currently, the commserver would then lose the connection. In practice, in a noisy line situation, failed ARAP connections would happen if the time window results in LR garbled/lost from the commserver. [CSCdi31595]
•ARAP checksum value is extracted from deallocated pak once it has been queued. This will only impact on LR and LD's frames. [CSCdi31596]
•mnp4 timer is defined as a long instead of ulong. [CSCdi31597]
•Some incidents arap will avoid needless transmission ARAP tickle time when line is already dropped. It may also confuse the modem and affect future incoming/outgoing calls. [CSCdi31598]
•CSCdi31098 introduced an error where some AT/EIGRP update packets from neighboring AT/EIGRP routers would be dropped with an indication that they were received with an incorrect DDP checksum.
The update packets are, in fact, not being generated with an incorrect checksum. However, the error in question causes the packets to be dropped regardless of whether or not the packets' checksum is correct.
The easiest work-around is to disable DDP checksums on the router running AT/EIGRP and dropping update packets and indicating checksum errors. [CSCdi31812]
•With AT-EIGRP, the router may reset due to error in watchdog timeout. The AT-EIGRP hello packet length was corrected. [CSCdi32021]
•A spurious memory access may occur on systems routing AppleTalk. There is no significant impact. [CSCdi32554]
•Issuing the interface subcommand " no appletalk protocol eigrp" may cause the router to reset. [CSCdi32773]
Basic System Services
•The show version command does not label the booted image correctly when it was booted from ROM. The command shows "System image file is unknown, booted via" instead of the expected "Running default software." [CSCdi23575]
•With slip configured, the system reloads with Zero Divide error. This caveat has been resolved in 10.3(2.3) and 10.2(5.4) releases. [CSCdi29842]
•4500 may crash occasionally when doing multiple write mem, or write net. [CSCdi29920]
•TACACS notify requests do not use the user-configurable retransmit and timeout parameters. [CSCdi30113]
•2511 software does not send xslipon events to tacacs-server for ppp sessions. [CSCdi30415]
•At the end of autoinstall, the first attempt to load network-confg fails during autoinstall of an AGS/7000. The second attempt succeeds. [CSCdi30573]
•SLARP can cause system to reload on routers that have dual flash bank. [CSCdi30588]
•NTP cannot send broadcast packets with the authentication option. There is no workaround to this problem. [CSCdi30746]
•The regular expression parser's magic meta delimiter character "_" doesn't match the "{" or "}" characters. [CSCdi30769]
•Default automatic boot from flash, when the booting method is not specified, will fail with a bus error on 4500 routers. The router will properly boot after this bus error. Configuring boot system flash is the workaround. [CSCdi30783]
•NTP broadcasts are always sent to the interface broadcast address, which defaults to 255.255.255.255. Unix NTP daemons typically will not receive on this address. [CSCdi30808]
•The NTP process may generate a CPU HOG message under extreme circumstances. There is no workaround to this problem. [CSCdi31176]
•MIB variable ciscoCallHistoryRetainTimer returns a value out of range. [CSCdi31223]
•CDP sends notification messages (basically update packets with TTL of zero) when the router is shutdown, so that all neighbors can delete their entries for this router.
These messages should not be sent out if CDP has been disabled on the router. [CSCdi31480]
•Writing certain files into Intel flash cards is noticed to be a problem. [CSCdi31635]
•cisco 7505 ROM Monitor is not able to read the file from PCMCIA card formatted by 7505 system software image. [CSCdi31810]
•There are a few instances of the NO MEMORY error message where the arguments will not be printed correctly. This should not be a problem, as the included stack trace will pinpoint what part of the system was attempting to allocate memory. [CSCdi31811]
•RCP using copy rcp:file slot0:file fails to copy the file into the flash card. The directory format is also getting affected. [CSCdi31897]
•Command 'copy tftp slot0' fails occasionally with 'device driver error write'. The copy is then aborted and an error message is shown. The copied file is then marked as deleted on the device. [CSCdi31985]
•Fast Bridging (TBR) fails to work on a MIP interface. [CSCdi32115]
•The system fails to boot from the flash credit card with the configuration register value 0x2 and the BOOT SYSTEM command. [CSCdi32240]
•The format command doesn't work if it's the first operation on the card after the card is plugged in. [CSCdi32508]
•"buffers" config commands are ignored in *-boot-* images [CSCdi32521]
•[CSCdi32820]
•The AccessPro crashes with 10.3(3) during images due to unexpected level 2 interrupts from the PCBus interface. If the PC host assert level 2 interrupts during this time, the router would be trapped into the default level 2 ISR installed by the ROM Monitor and crash.
The workaround for this problem is to install a dummy level 2 ISR, which would simply do a "rte", early in the IOS initialization phase to override the ROM Monitor's default level 2 ISR if we determine the router is a AccessPro. [CSCdi32829]
•When a tcp connection connection to or from a router running from flash is closed, the router can reload unexpectedly. [CSCdi34372]
DECnet
•Under heavy route processing loads, the DECnet routing process can generate messages like:
%SYS-3-CPUHOG: Task ran for 2328 msec (26/0), Process = DECnet Input,
This is purely cosmetic and is an indication that the process must be suspended after a certain amount of time. [CSCdi30608]
EXEC and Configuration Parser
•A show env all command on the router console, will print out warning messages for any environmental measurement which is out of tolerance. Currently, the voltage warning message leaves space for the measured voltage level, but does not print anything out. This fix adds the measured voltages to the warning messages in the space previously provided. [CSCdi26256]
•This problem is caused by using nvarm compression when there is not enough memory available to compress/uncompress the configuration. The work around is to not use nvram compression if it is not needed. The current implementation require 3X the size of nvram available in order for nvram compression to work properly. [CSCdi28367]
•The parser does not generate the correct help text associated with the 'decnet route' command that is used to configure DECnet static routes. However, all commands, when typed in full, are accepted (and work).
An example is shown below:
test-16(config)#decnet route ? default Default prefix
test-16(config)#decnet route 12.2 ? % Unrecognized command test-16(config)#decnet route 12.2 serial ? % Unrecognized command test-16(config)#decnet route 12.2 serial 0 ? % Unrecognized command test-16(config)#decnet route 12.2 serial 0 test-16(config)# [CSCdi29452]
•The default bandwidth for a loopback interface of 1 Kbps can yield non-optimal IP paths for routers using the loopback IP address as a peering address (RSRB, STUN) in an IGRP or EIGRP environment. This should be a higher value, such that the loopback never becomes the lowest-bandwidth link. Workaround - manually raise the bandwidth of the loopback interface. [CSCdi30437]
•The problem concerns various IPX, appletalk, vines issues involving redistribution and certain ipx network statements. [CSCdi30589]
•Added two new RSP specific IP route cache configuration options:
'ip route-cache rsp' Enables RSP specific IP scalable fast switching code for EIP, FIP, HSSI, FSIP, and MIP interfaces with default encapsulation. This code takes advantage of the Cisco proprietary address filter hardware and 64 bit MIP bus cycles for greatly improved IP fast switching speed.
'ip route-cache flow' Enables Darren's 'flow switching' cache for EIP, FIP, HSSI, FSIP, and MIP interfaces with default encapsulation. $$TALK TO DARREN KERR ABOUT THIS!!!
These two commands are mutually exclusive, and if you configure one, the other gets deconfigured automatically. They both default to disabled, which means that the RSP uses the normal platform independent fast switching code by default. [CSCdi31222]
•write term command output could have some bogus keywords in front of global commands. Interface specific and router specific commands are in tact. [CSCdi31923]
•Added two new RSP specific IP route cache configuration options:
'ip route-cache rsp' Enables RSP specific IP scalable fast switching code for EIP, FIP, HSSI, FSIP, and MIP interfaces with default encapsulation. This code takes advantage of the Cisco proprietary address filter hardware and 64 bit MIP bus cycles for greatly improved IP fast switching speed.
'ip route-cache flow' Enables Darren's 'flow switching' cache for EIP, FIP, HSSI, FSIP, and MIP interfaces with default encapsulation. $$TALK TO DARREN KERR ABOUT THIS!!!
These two commands are mutually exclusive, and if you configure one, the other gets deconfigured automatically. They both default to disabled, which means that the RSP uses the normal platform independent fast switching code by default. [CSCdi43203]
IBM Connectivity
•The presence of this message indicates that a configuration command for the CIP has not been successfully processed. The Command number displayed in the message can be any value from 70 to 76. A write term will erroneously show the presence of the command, when in fact, it is not configured. The user must manually undo the configuration by issuing the [no] form of the command, and then reissue the command. [CSCdi26323]
•In an environment where translational bridging from Ethernet to Ethernet over an FDDI ring is required, the router doing the translation from Ethernet to FDDI includes any padding bytes from the Ethernet frame into the FDDI frame. This causes the bridge doing the translation from FDDI back to Ethernet to incorrectly calculate the length field. Note - this problem was fixed for the 4000 series platform in 9.14(6.3) and 9.21(3.1). [CSCdi28654]
•When using Source Route Bridging (SRB), unicast ARP requests and replies are passes through instead of blocked. [CSCdi29436]
•In a large token-ring bridging environment which uses AST(automatic spanning tree), bridge can incorrectly declare itself as root. [CSCdi29517]
•In some situations, an interface configured to use the Source-Route Bridging Automatic Spanning Tree (AST) feature can forward single-route broadcast frames despite the fact that the interface is supposed to be in blocking state. [CSCdi29831]
•Unable to remove protocol priority or queue lists if the protocol keyword is used. [CSCdi30081]
•Enabling Local Ack blocks QLLC connections. [CSCdi30255]
•While the router is trying to establish QLLC sessions with a controller, activate/deactivate the controller can cause the router to reload. [CSCdi30347]
•Stop packet fragmentation of RU for PU2.1. [CSCdi30752]
•Show LLC2 does not show the correct configured LLC2 parameters for the specific interface [CSCdi30887]
•Buffer leak in DataLink Switching. [CSCdi31161]
•Slow buffer leak in DataLink Switching. [CSCdi31293]
•CDRM from FEP to FEP across RSRB will not operate when local ack is enabled. [CSCdi31353]
•Remote NCP load does not work with local-ack. Problem resolved in later release. [CSCdi31427]
•Problem found during development testing. Remote source route bridging does not pass data over SMDS networks. Problem resolved in later release. [CSCdi31504]
•Problem found in development testing of DLSW+ and only effects DLSW+ where the port-list command gets deleated from the configuration. New commands will be added to handle the ability to read in order the list and not deleate it from the configuration. [CSCdi31709]
•Problem found in FEP to FEP STUN configuration using SDLC-TG with local acknowledment. Router has been found to ignore UA's flowing from to FEP. [CSCdi32105]
•Turning on proxy explorers caused the router to be in a hung state as it was putting the packets on the same ring more than once, which is a violation of SRB protocol. [CSCdi32284]
•Problem found during development testing where router configured for source route bridging drops directed ARP requests. Problem fixed in later release. [CSCdi32328]
•TEST/XID frames are dropped by the cisco box. [CSCdi32976]
•When transparently bridged frames are received on a fddi interface and then translated to source route bridged frames via SR/TLB and sent out that same fddi interface the mac layer address of the frames does not get bit flipped correctly. This only happens on 4500's when bridging from ethernet to token ring using a fddi backbone. [CSCdi33422]
Interfaces and Bridging
•When using Flash load helper to copy a new image into Flash memory, the system might panic and return back to the system image without carrying out the copy request. With long filenames, a buffer overflows, resulting in the resulting crash.
The buffer can hold only 56 characters (54 when the flash is partitioned into multiple partitions). Thus during the copy operation, the sizes of the source and destination filenames together must be less than or equal to 56/54 ASCII characters (not including null terminators).
Evidence of the crash can be detected using the show flh-log command. Because the affects of the buffer overflow might be unpredictable, the output may vary. When the copy fails, the show flh-log command output shows that a new image was not copied to Flash memory.
If the source and destination file names are less than 28/27 characters, this problem is not be seen. [CSCdi26920]
•While running the ISDN image (igs-g-f) on a Cisco 2500 with two serial ports attached, the image causes the system to disable the two serial ports and reload. When the two serial ports are removed, the system functions properly. [CSCdi27578]
•This problem occurs in bufferin fsip code. Custom/priority queueing will not work properly on an overdriven (high traffic) serial link. This has been fixed in 10.0(8.3), 10.2(5.1) and 10.3(2.2) - bundled with fsip10-7. [CSCdi28181]
•Pings greater in size than 4470 bytes fail on the Cisco 7000 series' HIP (High-Speed Serial Interface) card. Symptoms include fragmentation errors being seen in response to the command "show ip traffic." [CSCdi29729]
•When doing SSE switching, an increase in the MTU size on an interface is not being tracked properly. This caveat has been resolved in 10.0(8.3), 10.2(5.1) and 10.3(2.1) releases. [CSCdi29876]
•SSE switching of IPX does not maintain the cache sufficiently rapidly. [CSCdi29899]
•When it is shut down, you will see an MTU of 8136 bytes reported in a show interface tokenringx/y output on a Cisco 7000. This is a cosmetic error, as the 7000 tokenring interface does not support this MTU size. The output of this command is correct when the interface is enabled. [CSCdi30947]
•Software errors while SSE switching can cause the router to become non-responsive, resulting in a watchdog reload. [CSCdi31048]
•IPX would not be SSE switched over an AAL5 MUX PVC. [CSCdi31177]
•When changing serial encapsulation from atm-dxi to others or when freeing up a atm-dxi virtual circuit, the router may attempt to free non-existent memory. Workaround is to not change the encapsulation on a atm-dxi encapsulated interface and also to not attempt to remove any atm-dxi pvcs. [CSCdi31283]
•Problem found in development testing with line of code which breaks modularity of image. Resolved in later release. [CSCdi31482]
•Process-level flooding performance of Transparent or Source Route Translational Bridging deteriorates when interfaces of large MTU such as FDDI and Token Ring are present on the router. Process-level level flooding is used when the output interface is configured either for priority queueing or in a source-bridge ring-group.
This problem may be alleviated somewhat by increasing the initial, minimum, and maximum numbers of huge buffers. [CSCdi31501]
•Changes in the output of the slip and ppp user commands can prevent proper operation of client scripts written with the 9.1 software in mind. Later versions of software have the configuration command service old-slip-prompts to provide backward compatability to old scripts. [CSCdi31567]
•When SSE source-route bridging a packet that we would normally route, e.g., an IP packet, the packet may become corrupted. [CSCdi31569]
•Release-note
The following values have been added to the speed parameter to the channel-group command for the controller E1 and controller T1 config commands: 8, 16, 24, 32, 40 and i460-48.
These are hidden commands, and will remain hidden until a customer can verify them. [CSCdi31704]
•C7000 FDDI interfaces do not come up after the router reboots, requiring a "clear interface" or configuring "shut/no shut" to bring them up. [CSCdi32146]
•On-line insertion (OIR) of a 7000 series FIP card, under heavy fddi traffic, will not bring up the FIP interface. Traffic must be at low rate for the interface to come up. You may also see an error message on the router when this is occurring. [CSCdi32383]
•configuring a transmit delay on HSSI interfaces may corrupt packet data sent or received by any interface [CSCdi32497]
•When ISDN calls are established across an E1 PRI card, the B channels fail to come and the following error message is displayed " Unit 1, no memory for Channelized Interface". This issue has been fixed in release 10.3(2.3). [CSCdi32601]
•On a router doing Source Route Bridging if Silicon Switching is enabled, SRB packets which are destined to the routers own MAC addresses are mistakenly Source Route Bridged as well. This problem is resolved in 10.0(9.1), 10.2(5.4), 10.3(2.4). [CSCdi32742]
•Performance enhancements for token ring interfaces. [CSCdi32775]
•Problem found during development testing on routers configured with BRI interface. A race condition can develope on a disabled BRI interface leading to erratic pinging. Problem resolved in later release. [CSCdi33172]
•Even though the token ring interfaces MTU is 4464, the largest packet accepted is 4445. [CSCdi33725]
IP Routing Protocols
•[no] ip summary-address can cause the router to reload. [CSCdi23646]
•While running EIGRP, the router may crash with a bus error due to memory corruption. [CSCdi24171]
•When the auto-summary address range overlaps with the manual configured summary lists range, or when there is more than one manual configured summary lists and the range overlaps, there is a chance that both the summary address and the specific address are advertised. The specific address is supposed to be suppressed. [CSCdi26268]
•SSE switching does not yet support AAL5 NLPID encapsulation on the AIP. Need to fix all protocols. [CSCdi29230]
•EIGRP over slow X.25 link can cause the router to reload. [CSCdi29892]
•If an interface is configured with an IP secondary address and the ip access-group in command, the router will not respond to pings or Telnets directed to the interface secondary address if the ping or Telnet comes into the router on an interface other than the interface configured with the ip access-group in command. [CSCdi30011]
•EIGRP traffic can get stuck on NBMA (Non-Broadcast Multi-Access, for example Frame Relay) interfaces with multiple neighbors, hence very slow convergence can happen. [CSCdi30181]
•Routes are not distributed between different IP and Enhanced IGRP processes. This problem occurs only when you enter certain commands, such as clear ip route *, ip address, transmit-interface, and mtu inteface. The workaround is either to retype the redistribute router commands or to reload the configuration file either from NVRAM or over the network, depending on the location of the configuration file. [CSCdi30575]
•Doing various sho ip bgp commands on a router which is not running BGP can cause the router to reload. [CSCdi30604]
•The igs-c-l image for a 2509 does not include the SMDS subsystem. When autoinstall over Frame Relay fails, SMDS encapsulation is attempted for the serial interface and an error message is printed. "%Encapsulation 21 not supported in this software version". There is no functional effect. [CSCdi30658]
•If PIM is enabled on an interface, it may cause a rapid loss of small buffers. [CSCdi30724]
•This bug appear in 10.3 only. Customer will notice that there are multiple entry of external LSA 0.0.0.0 from the same advertising router stored in the database. It can further cause problem in adjacency forming and sequence of OSPF error messages about external 0.0.0.0 is lost and reinstalled. The only work around is not generated LSA 0.0.0.0. That is, do not use default-information originate command. The fix solves the problem. [CSCdi30733]
•The OSPF process can install a wrong next hop, which doesn't belong to the transit area when using a virtual link. [CSCdi30785]
•A problem that could cause a memory related system reload while running IP multicating has been fixed. [CSCdi30890]
•A caveat with OSPF configured with virtual links is optimized for the systems on the OSPF backbone. [CSCdi30973]
•Error messages of the form "DUAL-3-LINKSEXIST" would appear on any exec login with message logging enabled when interfaces running EIGRP would be restarted. In fact, there was no error and the error message was superfluous.
This error message will now appear only in situations where an interface is being restarted and EIGRP has not removed any active neighbor entries from it neighbor table. [CSCdi30981]
•This bug is introduced in 10.3(0.16). The configuration of ip ospf dead-interval is lost after reload. No workaround is available, if neccessary, the command must be reconfigured after reload to ensure proper operation. This fix solves the problem. [CSCdi31279]
•It is possible to misconfigure the router to enable IS-IS for IP without having a valid IP address on the interface. [CSCdi31452]
•Register packets received by the Rendezvous Point router are not checked against access lists and TTL thresholds on IOS versions older than 10.3(2.1) and 10.2(5.2). [CSCdi31471]
•In IP-EIGRP, a candidate default is not advertised during a candidate route state change. [CSCdi31833]
•Under some condition, router with OSPF configuration may reload during start up. [CSCdi31865]
•If route cache entries are created while a given route is in holddown, the cache entries are not destroyed when the route is finally flushed. [CSCdi32273]
•autoinstall may make a harmless spurious access [CSCdi32525]
•The "dvmrp" keyword causes the advertisement of access-list denied routes into the MBONE even when no access-lists are defined on the router. [CSCdi32947]
•This change enables a Multicast router to chooses an interface with a Unicast-Only Router present as a Reverse Path Forwarding or RPF Interface. This change has been incorporated in 10.2(5.5) and 10.3(2.4) releases. [CSCdi33025]
•This bug is introduced in 10.3(1.1). It cause the system to reject the neighbor command whenever it is entered with the poll-interval or priority keyword. There is no workaround available. This fix solves the problem. [CSCdi33056]
ISO CLNS
•ISIS adjacencies may fail to be established over some media types (notably FDDI and token ring) if ISIS is being hand-configured. This problem does not occur when the configuration is loaded from NVRAM at system startup.
This problem can be diagnosed by noticing that all ISIS adjacencies on an interface (as displayed by "show clns neighbors") are in "Init" state.
The workaround is to bring the interface down and back up again by any means (including a "shutdown"/"no shutdown" command sequence). [CSCdi31476]
•It is possible for some adjacencies to not be reported in ISIS Level 2 pseudonode LSPs. This can cause level 2 connectivity failures. The condition is transient and will clear itself within at most fifteen minutes. One potential workaround is to issue a "clear clns neighbors" command. [CSCdi31684]
•[CSCdi32185]
•CLNS pings fail over atm-dxi encapsulated interface. [CSCdi32377]
•The system may fail when the "show ipx nlsp database detail" command is used. There is no workaround other than avoiding the command. [CSCdi32683]
LAT
•The default terminal-queue entry-retry-interval is 60 minutes instead of 60 seconds. In some cases this can cause VAX LAT print queues to stall for up to 60 minutes even when the printer is idle. A workaround is to configure an explicit terminal-queue entry-retry-interval 60. [CSCdi31720]
Novell IPX, XNS, and Apollo Domain
•IPX fastswitching does not work between Token ring (TRIP card) and Serial interface (FSIP). [CSCdi30004]
•This resolves a problem with ATM point-to-point interfaces not being able to handle 'internal-network' addresses in NLSP. In a point-to-point interface, we assume that all traffic for that interface should ALWAYS be sent on the point-to-point VCC. No map lookup is required in a p2p interface. [CSCdi30159]
•When multiple paths are present, the path list for a SAP service learned via NLSP may be in a different order than the path list for the route to that service. [CSCdi30288]
•Services advertised in SAP packets as being on Network 0 will not compare properly after they are first inserted in the table, as a result Flash updates for these Services will be sent every minute and every three minutes the Services will age out of the Service table to be inserted as new upon the next SAP received from that Service. This results in an increase in SAP packets and a small window of time when this service is unreachable. [CSCdi30514]
•If a packet buffer request for an IPXWAN NAK packet fails, memory might become corrupted and produce unpredictable results, including a possible unscheduled system reload. [CSCdi30695]
•If a single NLSP route is cleared with "clear ipx route nn", the route will not be regenerated by NLSP. A workaround is to clear all IPX routes with "clear ipx route *". [CSCdi30713]
•Under rare circumstances the output from "show ipx nlsp database" and "show isis database" can display incorrect LSP identifiers. This can happen if there is a lot of LSP traffic at the time. There is no workaround to this problem. [CSCdi30730]
•NLSP can currently be configured on non point-to-point WAN media, such as multipoint subinterfaces on frame relay and ATM, but does not actually work. The NLSP specification does not describe how the protocol should operate on such media, and this configuration should not be allowed. [CSCdi31094]
•The ipx route-cache cbus command is accepted and displayed in write terminal output even when ipx is not enabled on that interface. [CSCdi31249]
•Memory may be consumed when a route or service learned via NLSP is lost. [CSCdi31510]
•There is a chance the router will crash when interface subcommand "no ipx network ##" is entered while IPX EIGRP is running. The crash most likely to happen when the command is entered on the serial port where incremental SAP is the default for IPX EIGRP. [CSCdi31520]
•It is possible to misconfigure NLSP so that it generates link state packets that are bigger than the MTU of some links in the network. This misconfiguration can cause connectivity problems that are very difficult to diagnose. NLSP should generate an error log message in this case to aid in the diagnosis of this misconfiguration. [CSCdi31545]
•It has been observed that if a non cisco router on the other side of the IPXWAN link sends an NLSP Throughput response with a inappropriate packet size of 0 or throughput delta of 0 a math exception system reload may occur. Workaround is to make the other side the MASTER IPXWAN device by increasing it's internal network number, the cisco will then become the IPXWAN Slave and send a proper size & delta. Alternatively, reconfigure the link to run RIP instead of NLSP. [CSCdi31556]
•IPX gns-reply-disable does not functional properly and may cause a system reload. Workaround is to use a gns-filter on this interface which denies all GNS replies. [CSCdi31875]
•When deleting a network from the ipx router eigrp command, the RSP reloads and the 4500 prints out spurious memory access message. [CSCdi32071]
•Some versions of the Novell MPR appear to drop RIP poisons (network unreachable, hopcount 16) if the delay field is set to 0. This tends not to be serious since if the network is really gone, it will age out within 4 update periods.
Under some circumstances, a triggered update indicating that a network is unreachable may be sent with a delay value of 0. This change makes sure that the delay field is always non-zero. [CSCdi32097]
•Turning off ipx routing on the router does not flush all networks configured on the router. Specifically, an interface whose ipx network number was recently removed. If that interface is readded to the ipx routing process, by issuing "ipx network" interface subcommand, it will never come back up. [CSCdi32203]
•Apollo traffics over FDDI are not forwarded to the next hop gateway. They are being dropped by the router because the router computes the data offset incorrectly. [CSCdi32395]
Protocol Translation
•The system reloads if "PVC" X.25 translation option is used in the translate command and "encapsulation x.25" in not configured on any interface. [CSCdi30172]
•Telnet negotiation on a PAD to TCP translation session can hang causing an opened telnet session with no login prompt from the host. A workaround is to configure a terminal type on the vtys used for translation. [CSCdi31420]
•Vty-async connections don't disconnect when remote async line goes down. [CSCdi31729]
•When using "transport input" subcommand, PAD connections are accepted on VTY lines configured for none PAD protocols. [CSCdi32538]
TCP/IP Host-Mode Services
•The execution of enabled-mode commands via a remote rsh client does not work properly. [CSCdi31584]
•On the destination subnet, the directed UDP broadcast packets are being sent with a incorrect UDP checksum. [CSCdi31731]
TN3270
•The terminal emulation TN3270 software for Mod3 and Mod4 does not work. [CSCdi31370]
VINES
•Metric values in VINES ICP metric notification packets are bitshifted 4 positions. This causes higher metric values and can cause timeout delays during the retransmission process. [CSCdi30821]
•Source route information contained in SRTP Redirect packets may not be placed in the router's RIF cache with multiring configured on the interface. This causes loss of connectivity with the client workstation across the source-route bridge on the token ring. [CSCdi30962]
•The show protocols command does not display VINES metrics correctly. It displays all metrics as 16 times their actual value. Use the show vines command to view correct metric numbers. [CSCdi31770]
•System can halt unexpected while processing redirects received on a Token Ring interface. There is no workaround. [CSCdi33132]
Wide-Area Networking
•SMDS static-map entries are not removed from the router configuration when the SMDS encapsulation is removed from an interface or subinterface. [CSCdi23743]
•Packets can be corrupted over BRI interfaces under some conditions. This results in lower throughput than would normally be expected across the BRI connection. [CSCdi25792]
•PVCs do not work over an XOT connection. [CSCdi27337]
•CLNP is not SSE switched across AAL5 SNAP encapsulation. [CSCdi28113]
•PRI line connected to DMS100 switch may cause router to reload when call is disconnected if the caller ID received contains no digit information [CSCdi28158]
•CDP support for an ATM interface currently does not exist. Configuring CDP on ATM will give an error message saying CDP is not supported. [CSCdi28357]
•TCP does not function properly when PPP compression is enabled on an interface. The only workaround is to disable compression. [CSCdi28756]
•DLCI's can not be reassigned to subinterfaces from a primary interface. [CSCdi28765]
•For autoinstall over Frame-relay, the router at the receiving end of the bootp request (i.e. existing) needs a frame-relay map statement identifying the ip address of the client. Since the frame-relay map statement is not supported on P2P subinterfaces, a P2P subinterface cannot be the receiveing end of an autoinstall request.
We expect this behavior to change with 10.3(2) and P2P subinterfaces will be supported at that point. [CSCdi28801]
•For the x25 route command, allow an option xot-source which takes an interface name as a parameter. This causes XOT TCP connections to use the IP address of the specified interface as the source address of the TCP connection allowing the connection to move to a backup interface without terminating the TCP session. [CSCdi28892]
•Configuring aal3/4-smds on AIP on 7000 series router running with RSP will cause router to reload. [CSCdi29595]
•It is possible to fool the X.25 software into believing an an X.25 SVC is a PVC if the interface is rapdily shut down and brought back up. [CSCdi29850]
•On the 2509, 2510, 2511, and 2512, certain sustained incoming flows of async data can be accumulated but not processed until up to 1500 bytes have been received. Baud rates above 9600 baud are generally not affected. [CSCdi29931]
•When BREAK is used as the escape-character on a 2509, 2511, 2512 or a 2513, the first 2 characters typed on the router prompt after escaping are always lost. [CSCdi30027]
•When using PPP LQM, if the far side of the connection stops replying, the router does not detect that the link has failed. The workaround is not to use PPP LQM by not issuing the ppp quality command. [CSCdi30042]
•"no vty-async" global command could cause the system to reload. [CSCdi30049]
•The X.25 default protocol command (x25 default {ip | pad}) doesn't work. [CSCdi30318]
•When configured for bridging using the IETF encapsulation (RFC1490), the system is not correctly forwarding these packets. Bridge table entries may be learned correctly but they are not being used.
There is no impact on the cisco bridging encapsulation over frame relay. [CSCdi30383]
•This was a problem Fastswitching SMDS packets from an MCI to/from an SBE Token ring interface. The fix allows IP packets, over SMDS, to be fastswitched from the MCI serial interface(s) to the SBE Token Ring interface(s). [CSCdi30557]
•The dialer-group interface command is ignored on interfaces not configured as dialers, which means that there is no way to specify "interesting" packets affecting the idle time on dial-in only async interfaces intended for remote node use. [CSCdi30605]
•The no-reverse option has been added to the X25 translations command. The following is the new syntax:
translate incoming-protocol protocol-address x25 x121addr no-reverse
The no-reverse overrides the serial interface configuration for reverse charging and does not send out a reverse charged call even if the serial inteface is configured to do so. To follow the interface configuration, use neither the reverse or no-reverse option. [CSCdi30719]
•If fast switching is enabled on a lex interfaces that is connected to an FSIP, and an AIP, a CIP, or a serial with SMDS encapsulation are active and have fast switching enabled, the FSIP resets regularly. The workaround is not to enable fast switching on the lex interface in the router. [CSCdi30751]
•Sometimes the vacant message or PPP startup message on a cisco 25xx access server is not displayed correctly. The last portion of text sent to a printer may also be lost or damaged. [CSCdi30871]
•Although not in violation of any standard, Cisco's choice of Private in the Called Party IE Numbering Plan identification has met with objection from some ISDN switch vendors, who want it set to "unknown". To accomodate this request and to avoid connection failures with these switches, the field is changed from Private to Unknown. [CSCdi30956]
•This is/was a problem when fastswitching packets from an AIP to a Serial interface. The problem affects only ATALK fastswitching traffic. The first packet would be successful, then subsequent packets were being dropped. [CSCdi30964]
•The DDN and BFE modes do not encode the needed local facilities when originating a Call. [CSCdi31252]
•Under heavy load a switched X.25 VC can, on receipt of a Data or flow control packet, initiate a spurious Reset with a diagnostic of "unidentifiable packet" (code 33.). [CSCdi31358]
•An MBRI router may not answer an incoming call to the second number if it is configured as a basic-dms100 switchtype. The local directory number as delivered in the incoming SETUP message must be in the config with the spid number. It will work on B0, but not on B1-B15. The message in a RELEASE COMPLETE from the network will indicate "Invalid call reference value". [CSCdi31409]
•AIP crash when command 'atm txbuff 0' was entered. user would see: %DBUS-3-CXBUSERR: Slot 1, CxBus Error %CBUS-3-OUTHUNG: ATM1/0: tx0 output hung (800E - queue full), interface
fix: aip ucode does a sanity check on the buf size. [CSCdi31438]
•Issuing a local reset on PAD connections can cause the system to reload. [CSCdi31448]
•A router with a BRI interface using basic-net3 switchtype will ignore incoming calls with the High Layer Compatablity element. This will cause problems for routers calling from Norway, using basic-nwnet3, because the HLC must be used in calls. Incoming calls with HLC will be accepted by all the net3 switch versions. [CSCdi31517]
•ISDN calls fail on the 1003 router when autonomous switching is enabled on the BRI interface. The workaround is to disable autonomous switching. [CSCdi31730]
•When the atm-dxi encapsulation is removed after the atm-dxi maps and the atm-dxi pvcs have been removed, freed memory is attempted to be freed again causing the router to crash. The workaround is to only remove the encapsulation without removing the maps and the pvcs. [CSCdi31976]
•when attempting to configure atm-dxi encapsulation, a "IETF" keyword is allowed. It has no functional effect or changes in performance. [CSCdi32057]
•A router with a BRI interface may see the following console message: %SYS-3-HARIKARI: Process ISDN top-level routine exited. This means that the router must be reloaded to restart the ISDN process. [CSCdi32213]
•When routers with BRI or MBRI interfaces see Layer 1 transitions on the line it can cause Call Control Blocks (CCB) to become lost. The CCB usage can be seen with the show isdn status command. [CSCdi32246]
•Many improvements in Layer 1 operations of the ISDN software are made in response to the NET3 (switch-type) Homologation Project. [CSCdi32247]
•When Australia routers using MBRI ISDN interfaces attempt to add the Calling Party Number to interfaces other than BRI0, it fails. The number entered on BRI 0 is incorrectly sent out on the other BRI interfaces as well. [CSCdi32502]
•Routers with Multiple BRI interfaces (4000 and 4500) can crash and have spurious memory alignment problems. This can occur if interfaces are defined and configured, but not connected to a BRI interface. If interfaces are not used, it is recommended that they be shut down. This will prevent the software from attempting to activate the interface. [CSCdi32565]
•Residual configuration from autoinstall prevents the user from reassigning the autoinstall dlci to a subinterface because the dlci is already assigned to the main interface. [CSCdi32670]
•X.25 interfaces that use priority IP encapsulation (DDN mode) will clear a Call if a Call Confirm does not explicitly confirm the requested priority. [CSCdi32872]
•A memory leak occurs in the ISDN software (IOS level 10.3(2.3)) running in the 1003 router. Corrections to this behavior are implemented in IOS release 10.3(2.4). [CSCdi33040]
•For a given call, the BRI is sending two enable messages to the B channel. The correct behavior is for the BRI to enable the B channel only once per incoming call. [CSCdi33382]
•1003 console access maybe intermittent under heavy load conditions on the BRI port. This may be seen more often when both B channels are being used. [CSCdi34047]
•Routers with a BRI interface will accept incoming calls, but the B-channel will not properly be connected. This means that no data will pass and the calls will fail. This affects NET3, VN2, VN3 and TS013 switchtypes. [CSCdi34113]
10.3(1) Caveats/10.3(2) Modifications
This section describes possibly unexpected behavior by Release 10.3(1). Unless otherwise noted, these caveats apply to all 10.3 releases up to and including 10.3(1). For additional caveats applicable to Release 10.3(1), see the caveats sections for newer 10.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 10.3(2).
AppleTalk
•Fast switched packets is not counted for the MIB variables: atForward and atOutput. [CSCdi30028]
Basic System Services
•The router cannot detect a shortage of buffer elements and thus does not create new ones. This causes the router to drop packet even though there are ample packet buffers. The show buffers command output shows many buffer element misses. [CSCdi29379]
•If CDP is not configured on an interface, the configuration in NV ram will have a 'no cdp enable' for that interface. However, these configuration commands also show up gratuitously on unsupported interfaces, even though no explicit 'no cdp enable' command was issued for that interface. [CSCdi29685]
•A portion of the scheduler can interfere with the periodic timer interrupt resulting in a corrupted PC. This can cause a Cisco 4500 to reload. The likelihood of this problem's occurring increases in applications that use many processes, such as IPX SAP updates across many interfaces. [CSCdi30044]
•Support for the cisco-private MIB object authAddr, which is the IP address of the system that caused the last snmp authentication failure, is missing. In pre-10.2 releases, this object was properly updated, and was also added to the variables sent in an authenticationFailure SNMP trap. In 10.2 and greater releases this is not the case. The correct behavior for 10.2 and greater releases would be to mirror the behavior of pre-10.2 releases. Cisco Systems expects to resolve this behavior in the next interim release of software versions 10.2 and greater. [CSCdi30109]
•When CDP receives a packet that has an item of length zero, it will not process the packet any further (since it uses the length to move to the next piece of information in the packet), and can cause CDP to hang. [CSCdi30115]
•Bogus Buffer allocation commands show up in the running configuration. The impact is if the running configuration is written to memory and the router is reloaded, memory utilization will be impacted by these commands. This problem has been resolved in 10.3(1.1) release. [CSCdi30160]
•If a system is set to be an NTP master, eventually other systems will refuse to synchronize to it. There is no workaround. [CSCdi30293]
•There is no way to send a special string on a telnet connecion when the connection is resumed. [CSCdi30348]
•The mib variable writeNet tries to get router's configuration from the user mode instead of the privileged mode, thus producing an empty value. [CSCdi30373]
DECnet
•A router receiving a MOP connection request through its serial port for one of its LAN port addresses responds with the LAN port's burnt-in address instead of the actual hardware address. If the requesting host uses the DECnet-style MAC address of the router in the request packet, the host will not recognize the response packet sent by the router because it sees a different address in the "source" field. This causes the requesting host to time out on the connect request. [CSCdi26991]
•DECnet 'nearest L2' information is not propagated over a DDR link when the link is down. So a L1 router that is downstream will not know who its nearest L2 router is. [CSCdi29461]
•When using dialer maps, interesting Decnet packets do not trigger calls on DDR interface. To work around this, use a dialer string. [CSCdi29762]
•After a DECnet route has been configured over a non point-to-point serial interface, a subsequent 'write term' shows incorrect SNPA information relating to the static route. [CSCdi30036]
•Decnet DDR will not work after BRI interface being disconnected, and the decnet route being timed-out. [CSCdi30424]
EXEC and Configuration Parser
•The router crashes if the output stream from a show appletalk zone command is waiting at a "More" prompt and the router deletes routes or zones at the same time. [CSCdi28127]
•When a sub-interface is configured with "frame-relay interface-dlci" command, it doesn't enter the configuration as seen with a "write term" command and hence cannot be saved. When the router reloads the DLCI would end up being tied to the Interface instead of the sub-interface. This has been resolved in releases 10.0(8.1), 10.2(4.3), and 10.3(1.1). [CSCdi28353]
•Commands that write configurations directly to NVRAM (for example, config overwrite) mistakenly make the software believe that the user has changed the running configuration, and so may cause the software to prompt the user to save the configuration before the reload command is executed. [CSCdi29177]
•Keymap command is no longer recognized when attempting to define a new keymap for TN3270 sessions. [CSCdi29970]
•When a menu is configured for linemode operation, typing a carriage return only will cause menu item one to be selected. It shouldn't do anything. [CSCdi30077]
•Enable secrets offer greater security for enable passwords when the "encrypted" version is allowed to leave the cisco box (either by doing a "write net" or doing a "write term" over a telnet session). [CSCdi30273]
IBM Connectivity
•When IPX routing is enabled on a Token Ring interface and there is a source-route bridge network behind the ring, a multiring ipx all command is used to cache the RIF in the router. During normal operation all is well. But when a station is moved from one ring to another ring (for example, from 0B8 to 0B1), the station cannot reach the server. Looking at the RIF cache on the AGS+, it is fine. However, analyzing the frames with a Sniffer, we can see the "create connection request" from the station with a good RIF field but the answer from the AGS+ shows the previous RIF (the RIF before the station was moved). The workaround is to disable the IPX route cache or to clear the IPX cache when a station is moved. This is a general problem with all routed protocols. The RIF code does not inform the routing protocols when an entry in the table changes. Therefore, the cache entries become invalid. -------------------------------------------------------------------- Please see bug CSCdi38375 for more information [CSCdi17099]
•Problem found in development testing of DLSW+. It was found that the DLSW+ ring list did not work with ring groups configured in router. Modification to router to use port list instead of ring list will be made in later release. [CSCdi27600]
•When using prioritization with remote source-route bridging, the number of packets in the TCP queue for a given peer can exceed the number specified in the maximum output TCP queue length (specified with the source-bridge tcp-queue-max command). The workaround is to turn off prioritization. [CSCdi27718]
•Problem exist in the Cisco IOS for FRAD support. the FRAS router receives Null XID on the frame relay interface but doesn't initiate llc2 session on the other side. Problem is resolved in later release. [CSCdi29110]
•Problem found during development testing of DLSW+ running SNA and Netbios. As both SNA and NetBIOS applications are run,sh mem is used to look at free I/O memory. Free I/O memory steadily decreases and after running for about 4 hours, it is completely depleted. [CSCdi29654]
•Problem found during development testing. PU 2.1 session will not come up if SDLC session starts first. Problem is seen after XID negotiation when secondary and primary roles are established, sessions do not come up properly. [CSCdi29786]
•Problem found during testing of DLSW+ running Netbios. Netbios sessions fail to come up over ethernet. Problem is resolved in later release. [CSCdi29800]
•Under certain circumstances, the last bridge entry in the RIF(Routing information field) field is not initialized. This may cause bridging problem with any bridge that does not ignore these last four bits. [CSCdi29807]
•no dspu enable-host|pu lsap lsap_addr can cause system to reload. [CSCdi29913]
•DSPU cannot establish sessions across RSRB with local-ack. The lenth of data was not correctly calculated before being sent to RSRB router. Problem was not found with local-ack off. [CSCdi29914]
•When using FTCP encapsulation for RSRB, the software may complain if you specify a largest-frame size on the source-bridge remote-peer statement. The workaround is to repeat the command. [CSCdi29944]
•Problem found during testing of SDLC and RSDLLC support over DLSW+. The SDLC frame is not converted to token ring frame correctly. Two extra bytes are inserted into the frame. [CSCdi30083]
•Lanmgr Support over RSRB does not work.
When the management station sends an initial explorer to a bridge on an RSRB router, the response is incorrectly alligned, and the packet is corrupted. Users will see an error message like:
"%RSRB-3-SENDPUNTIF: IFin: sent UNK_RING_GROUP to 13/Serial3/3"
and will not be able to link the router to the netowrk management station. [CSCdi30118]
•Problem found during development testing of FST over DLSW+. The largest frame size may not set correctly. Problem resolved in later release. [CSCdi30145]
•LNM cannot link to local or remote router over token ring media. System may reload if attempting to link repeatedly. [CSCdi30289]
•Problem found in development testing of DLSW+. Data not valid for data path was being allowed before connection state was established with DLSW+ peer. Resolved in later release. [CSCdi30403]
•When DLSW+ is configured in the router it will not accept a sdlc frame larger then 521. Problem is resolved in later code release. [CSCdi30569]
•Problem found when DLSW+ is configured in router. It is found that SNA LU 6.2 applications will hang when run with Netbios at high rates. [CSCdi30775]
•When there are multiple peers to reach a target station, and if the station has been disconnected for longer than the dlsw timer sna-verify-interval ( default is 4 minutes), router may reload when the session is re-established. [CSCdi31397]
•Problem is found when DLSW+ is congigured in router. Netbios sessions cannot come up due to a local busy funtion in router not clearing. Router will send RNR's in response to RR's and session will drop. [CSCdi31443]
Interfaces and Bridging
•The system does not support LNM for pcbus interfaces. [CSCdi27807]
•On high-end routers, transparent bridging in FDDI encapsulation mode does not work at the process level. [CSCdi28839]
•The debug ethernet command is not recognized due to missing ethernet parser initialization. [CSCdi29522]
•AGS+ and 7000 FDDI interfaces can clear the routing caches abruptly when the physical layer appears to fail. This can be unnecessarily disruptive in some environments. [CSCdi29872]
•Specifically only on later model cisco 2515's, there is an interoperability issue between the 2515 hardware design and the software image that will prevent the image from being able to correctly set the ring speed on the token ring interfaces. This is not an intermittent problem - if a particular 2515 has been working with this image at a given ring-speed, then it will not suddenly begin experiencing this problem. [CSCdi29927]
•SSE switching cannot be configured for IP unless the interface has an IP address (or is unnumbered). This means that it is not possible to SSE switch out a frame relay interface where the primary interface is not given an address. The workaround is to make the primary interface unnumbered. [CSCdi29955]
•Router fails to switch packets between two routers on an SMDS cloud with Process Switching enabled on their interfaces. This problem seems to manifest itself when a 7000 router is involved. A possible workaround is to enable Fast Switching between the routers. [CSCdi30331]
•Load balancing while SSE switching CLNP causes the SSE to forward incorrectly. [CSCdi30465]
•EIP interfaces hang after micro reload. Once they do and 'line protocol' goes down, only a clear interface eip slot/int will cause them to come back up. [CSCdi31105]
•In some circumstances, input IP access-groups will be ignored on interfaces with silicon (SSE) switching enabled. [CSCdi31231]
IP Routing Protocols
•All subinterfaces will be created with split-horizon enabled. [CSCdi27249]
•If a virtual link is configured, the router can place external LSAs into the retransmission list of virtual neighbors but then never send the LSAs out. When these external LSAs become invalid, that is, they reach their maximum age, the router cannot remove them because the LSAs are still in some neighbor retransmission lists. This means that these external LSAs get stuck forever in the link-state database. You will see external LSAs with arbitrarily high ages stuck in the link-state database. [CSCdi27964]
•EIGRP fails to remove the redistributed routes information from its topology table as soon as possible. [CSCdi29346]
•This bug happens for OSPF over multi-access network, for example, ethernet, X.25 etc, provided the OSPF cost to the network for the attached routers are configured to be different. For a destination behind the common network, the system still calculate the correct shortest path cost to it, however, the output interface will always be the one connected to the common network, even though it is not the one leaded to the shortest path cost. No workaround available. But there is no serious impact, like looping, other than packet will take a slightly higher cost path. This fix solves the problem. [CSCdi29411]
•There is a race condition that occurs when sending Prune messages. PIM Prune messages are sent to the RPF neighbor when the outgoing interface list becomes NULL. PIM Prune messages are also sent on p2p links when a multicast packet is received from a non-RPF neighbor.
On LANs, prunes may be delayed and if either of the two situations above occur, the Prune is only sent to the non-RPF neighbor. This is the wrong way. Precedent should be given to the RPF neighbor. [CSCdi29480]
•Changing an IP address on an interface can cause the entire IP cache to be invalidated. This is overly disruptive in some environments. [CSCdi29873]
•Release 10.3 drops all directed broadcasts, in contrast to the default behavior in Releases 10.0 and 10.2, which is to forward them.
The side effect is that helpering is unsuccessful if the helper address is configured as a directed broadcast, because this directed broadcast is dropped by the next hop that is running Release 10.3.
The temporary workaround is to configure ip directed broadcast access-list-num with the access list that permits all (or selected) addresses. [CSCdi30315]
•The IP access log feature can mis-report the status of a logged packet under rare circumstances. This is a cosmetic problem, the information about the packet under scrutiny is correct, only the status may be incorrect. [CSCdi30572]
ISO CLNS
•When a Level1/Level2 router (ISIS) has connectivity to another area via a redistributed prefix route, the attached bit is not set in the Level1 LSP packet. This event prevents Level1 routers from using the Level1/Level2 routers to reach other areas. [CSCdi27560]
•In ISIS, when the designated router (DR) goes down and comes back up, the router does not find its neighbors. Setting the isis priority to something lower than the neighbors will allow the router to relearn its neighbors. [CSCdi29611]
Novell IPX, XNS, and Apollo Domain
•When a new adapter is inserted into the router after it is booted, the interface short name is missing from commands like show ipx server [CSCdi27331]
•Use of Novell Standard echo may produce unrealiable round trip results, and on cisco 4500 product may produce alignment warning messages. [CSCdi29548]
•When "no ipx routing" or "no ipx router nlsp" is issued while NLSP is running, or "no router isis" is issued while ISIS is running, some data structures are not released, leading to memory loss. There is no workaround to this problem. [CSCdi29839]
•NLSP advertises an incorrect MTU for interfaces with LLC and SNAP encapsulations.
There is no workaround to this problem. [CSCdi29958]
•In release 10.3(1), the "show ipx nlsp database" and "show ipx nlsp neighbor" displays contain NLSP System Identifiers as the identification of each router. This can make network debugging more difficult.
This has been fixed in releases after 10.3(1) by replacing the System ID with the router name in these displays. The old behavior can be restored by configuring the following: ipx router nlsp name-display-disable
The name-to-system ID mapping can be displayed by entering the following EXEC command: show hosts [CSCdi29974]
•In a network with a mixture of routers running 9.1 and 9.21 or later cisco images, where one or more of the 9.1 units are using ipx helper-address network.ffff.ffff.ffff where network is some network other than -1. IPX NetBIOS filters will not be enforced on the helpered packets when they are received on the 9.21 or later units. [CSCdi30101]
•If IPX is enabled on any interface, a "write terminal," "write memory," or "write network" command will create NLSP processes on the system. These cause no operational effect other than consuming memory. There is no workaround to this problem. [CSCdi30149]
•NLSP will set the default link metric according to the default physical bandwidth of the interface it is running over, rather than the throughput value calculated by IPXWAN. There is no workaround to this problem. [CSCdi30191]
•When process switching to a destination for which multiple, equal cost paths are known via NLSP, the current setting of "ipx maximum-paths" is ignored. All known equal cost paths will be used.
Note that this affects NLSP routes and process switched packets ONLY! [CSCdi30197]
•Under very obscure circumstances, NLSP can fail to run the SPF algorithm, causing some routes to not be present that otherwise should be. This is very unlikely to happen in practice. There is no workaround to this problem. [CSCdi30199]
•Changing a parameter on the ipx ixpwan command while ipx nlsp enable is configured resutls in removal of the ipx nlsp enable command. the ipx nlsp enable command would have to be reissued in order for nlsp to function properly on that interface.
When initially configuring ipxwan on certain serial links the underlying protocol should be restarted or ipxwan may not come up. Doing a shut followed by a no shut on the interface is a workaround prefvious to this correction. [CSCdi30259]
•IPXWAN Static and CLient modes should not be allowed when NLSP is enabled, NLSP should not be allowed when IPXWAN Static or Client modes are configured. [CSCdi30329]
•The way that NLSP advertises IPX Static routes is in conflict with Novell's conformance tests. The fix for this problem will cause the later versions to be incompatible with versions 10.3(1) and 10.3(1.1); in particular, static routes advertised by these earlier releases will not be accepted by later releases (though the opposite direction will work successfully). It is therefore required that any router running NLSP which has IPX static routes configured be upgraded to a release containing this fix. [CSCdi30346]
Protocol Translation
•Translate commands that include a PVC option cannot be removed from the router configuration. [CSCdi29962]
TCP/IP Host-Mode Services
•Repeated rsh commands might fail sometimes. [CSCdi29945]
•Certain failures during incoming rsh connections can cause the software to reload. There is no workaround. [CSCdi30148]
•TCP keepalives are ignored and do not generate an ACK in response. [CSCdi30388]
TN3270
•If a tn3270 sessions is resumed from the exec prompt, the redisplay of the user screen may pause after only partial completion, and does not finish till the user types a key or output from the host is received. [CSCdi30517]
VINES
•The VINES address the router retains to assign to clients is not incremented after it is assigned to a client until the router receives an update (RTP or SRTP) from the client. This leaves a short window in which duplicate address assignments can occur. [CSCdi29886]
•When an interface is looped back, the router will report that a duplicate vines address is present in the network. This message is cosmetic, and does not affect the functionality of VINES. [CSCdi30090]
•If a serverless interface has a description string attached to it that is longer than 32 characters, clients on that interface will not be able to login to the network. [CSCdi30411]
•In certain traffic loading conditions on async lines (generally, an
•Bearer capability is not being setup correctly for German semi-permanent connections. [CSCdi25741]
•There is no form of modem control that offers the capabilities of modem cts-required or modem callout that also allows simultaneous HW flow control. [CSCdi26270]
•Packet and byte counters for protocols that are fast-switched over Frame Relay are not correctly incremented and displayed in the show frame-relay traffic command . Proccess switched counts are correct. [CSCdi27509]
•When the command frame-relay interface-dlci is applied to a main serial interface instead of a subinterface, frame-relay will not function correctly until the dcli is moved to the subinterface. [CSCdi27645]
•When using LQM with PPP on a system that does autonomous switching, like a Cisco 7000, if the PPP quality is set too high, the link may go down if significant amounts of the traffic are autonomously switched. There is a race condition at reboot where a Cisco 7000 may sometimes not start PPP when it reboots. [CSCdi28655] async line with receive and transmit looped) while using reverse Telnet, garbage characters may be output on the line. [CSCdi29696]
•The inconsistency occurs when users issue the 'clear counter' command. The current code did not clear the per-VC counters, nor the ATM specific interface counters. This fix now clears all the per-VC counters and ATM specific interface counters to make all the counts consistent with the other system counters. [CSCdi29825]
•Under load, the HDLC keepalive protocol is unforgiving of extended periods of packet bursts. [CSCdi29874]
•If a user sets up the MAXVC limit via atm maxvc MAXVC then configures an atm pvc with a VCD beyond the MAXVC, the system dose not generate an error message. [CSCdi30007]
•If an ASM async interface is configured with the flowcontrol hardware in command, the CTS line does not honor flow control requests. Issue the flowcontrol hardware command to cause correct operation. [CSCdi30054]
•A cisco 2500 series Access Server will show a high cpu utilizaion (eg 85%) even if there is only one active connection sending data to a single line. Overall performance is not affected, however. [CSCdi30121]
•If, under rare and poorly understood circumstances, the router initiates an XOT connection, sends a Call packet, and the remote XOT host violates the protocol by returning a Call packet instead of a Call Confirm, the router will reload at some later time. [CSCdi30338]
•A router with a BRI interface can run out of call control blocks (CCBs). Layer 2 can also become wedged in a state waiting for a TEI to be assigned by the switch. This can cause incoming or outgoing calls on the BRI interface to fail. [CSCdi30501]
Feedback