This section describes possibly unexpected behavior by Release 11.2(11). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(11).
Configuring appletalk on a D channel will bring down all B channels. Perform ping operations -- ping itself to bring up the B channels. [CSCdi59892]
A Catalyst 5000 RSM with only 16 MB of RAM may experience a system reload at initialization if running the -jsv image. The workaround is to add more memory. [CSCdj63501]
The DHCP proxy client feature should send unicast Discover messages to the DHCP servers. [CSCdi52819]
If you issue a boot system command to boot a Cisco 7000 router image on a Cisco 7500, the router reboots forever, reporting a "bad file magic number" each time. [CSCdi52921]
Configuring Kerberos on a Cisco router will cause all "exec" processes to increase its allocated stack size from 8K to 11K. This is done to accomodate Kerberos' demands for stack utilization.
Kerberos is available only in the Enterprise J-Images. [CSCdi54856]
This does not affect any operations of the router, only the display of certain buffering information. If a particular buffer is thought to be of interest, the problem can be worked-around by inspecting the particular buffer in more detail, for example, via the show bufferCmdArg>address header command. [CSCdi59394]
There are legitimate cases where packets are counted placed within the custom/weighted-fair/priority queues in DRAM and yet have not been swapped out. In particular, packets that have been generated by the router itself, keepalives or route updates, are created in DRAM, and hence have no need to be swapped out. If the packet is copied to DRAM as part of the activity of creating a cache entry for one of the fast switching mechanisms, it is copied there at the input interface side, and is not charged with being swapped out to the outbound interface, since the outbound interface is not known at the time of swapping. As a result, it is possible for more packets to be shown in the show queueing output than are shown swapped out from the show interface output. This is not a problem. [CSCdi59949]
If an authorization method generates a ERROR and falls over to the next method, even though the authorization may eventually succeed, the error message "%Authorization failed" is still printed. [CSCdi60517]
DHCP proxy-client feature does not accept DHCP packets from the DHCP server with any DHCP option that has a length of 0. [CSCdi60953]
The size of a write-protected 20Mb flash card is misreported in the output of show version as 16Mb. The size is reported correctly for flash cards that do not have the write-protect tab set to write-protect the card. [CSCdi61561]
"show cdp neighbor detail" command doesn't show network addresses of ISDN neighbors. [CSCdi63804]
1. Symtom: When an interface is configured with encryption or decryption, high volume of traffic may cause the VIP2 to crash with error message "%ERR-1-FATAL: PCI bus 0 system error"
2. Conditions: This symptom occurs when we try to stress the encrypt interface with 512 bytes packet at 10MB/sec. [CSCdi67292]
The router might reload when trying to process the show accounting command. [CSCdi69364]
The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]
Tacacs+ Network accounting packets for SLIP session have some cosmetic issues, the most serious of which is that "protocol=ip" is missing (although this is certainly implied by the fact that it's SLIP!) [CSCdi78663]
Adding an RSRB peer with direct encapsulation on a Cisco 7000 router configured with CSNA causes a "%RSP-3-RESTART: cbus complex restart" message and takes down the CIP interface. [CSCdi82836]
Concurrent pings started via the Cisco Ping MIB were subject to having their messages mixed due to using the same message ID sequence. Although not observed this could also happen with pings started with the ping command. This problem was fixed by using a random number as the base for the message ID in both situations. [CSCdi84475]
Fast switching and optimum switching counters should be broken out separately in the output of the show interface switching command. [CSCdi87008]
Enabling weighted fair queueing (WFQ) may cause excessive output drops when explicitly configured on Ethernet interfaces. Note that WFQ defaults to 'ON' only on serial links with visible bandwidths of 2.048Mbps or less. The workaround is to disable WFQ on the Ethernet interfaces. [CSCdj12187]
IP/IPX ping only partially go through on ATM interface for packet size larger than 4500 bytes on c7000 and gs7 images. [CSCdj13978]
Under heavy interrupt load, driver instrumentation gets hit repeatedly while processes are accessing the instrumentation variables (for example, last output time). This causes a number of problems, including stuck output and incorrect user displays. There is no workaround. [CSCdj15583]
Under certain circumstances, the router may experience the following informational messages:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x602D4280 reading 0x30 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x602D38CC reading 0x16 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x60352800 reading 0x630 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x601779E4 reading 0x648 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x602B3D28 reading 0xC04 [CSCdj18620]
Register dump has provided valuable information to find out root cause of a crash especially for memory corruption crashes.
This fix enchanced the register dump and crashinfo in general by providing: . not only deallocator of a freed block but also the previous deallocator . better early memory corruption detection when "debug sanity" is on . dectect whether data in register is inside a malloc block. if so dump the entire malloc block (up to 1 KB) . check the contents of register memory dump for valid RAM address and dump them as well. This is useful to dump places such as pak->datagramstart or hwidb->next etc. . consolidates all memory dump into up to 96 dump blocks to eliminate duplicate dump on same/nearby area. [CSCdj18684]
IOS Telnet server pauses when sending data to arbitrary telnet client. [CSCdj19239]
clogHistTableMaxLength, despite being marked by the CISCO-SYSLOG-MIB.my as being a read-write object, is not settable via SNMP. [CSCdj19438]
A recovery mechanism for misaligned 64-bit accesses has been added. This new functionality is similar to the current misaligned handler for shorter misaligned accesses. [CSCdj20738]
When telneting into a router, Router may not echo characters back.
Router responds to command fine, but characters are not sent back to telnet source.
No known work-around. [CSCdj22622]
The bank number always starts from one in each partition. It should be accumulative and not be relative to each partition. The other incorrect information can't be observed if running from flash. It seems that those information were got when running from network. There is no workaround of the inaccurate bank number. [CSCdj25541]
On a Cisco RSP7000 or 7500, optimum switching appears to negatively interfere with Frame Relay switching. An IP route cache is created and connectivity between sites is lost. The behavior appears to be sporadic. [CSCdj26122]
V.120 calls are being reported as NAS-Port-Type '5' on the 5200 not '3'. [CSCdj27587]
None of the syslog messages that IOS issues before the SNMP subsystem is initialized are recorded by the CISCO-SYSLOG-MIB.my. [CSCdj29305]
The following objects in the OLD-CISCO-IP-MIB do not show up when polled via SNMP:
actSrc, actPkts, actViolation, ckactSrc, ckactPkts, and ckactViolation [CSCdj30073]
When the as5200 is confured as a dhcp client proxy, and a broken implementation of dhcp server offers the same ip address for more than on session, we pass it along. We can do a better job at keeping track of what addresses were offered refuse the dupplicate address. This is considered a minor bug since the root of the problem is the implementation of the dhcp server. [CSCdj31231]
The exception address (e.g. parity error address) is not saved by the ROM monitor on some platforms (MIPS and 68360 based). [CSCdj32197]
The write-back view of packet memory is no longer used, and is thus redundant. Additionally the commands test rsp cache memd-optimum-and-flow caching-method and test rsp cache memd-fastswitch caching-method do the same thing. [CSCdj34218]
if an IP fails, the interfaces on it may be removed from the configuration without appropriate notification to protocols running on those interfaces. [CSCdj34427]
eventOwner object in eventTable is allowed to be empty, which forms a wrong event configuration.
Workaraound would be to always explicitly set eventOwner prior to setting row active. [CSCdj34464]
The tacacs-server directed-request restricted command now applies to authentication, authorization, and accounting. When this command is configured and the user tries login with a username, like <username>@<servername> (e.g. john@cisco), the only server tried is the server listed after the '@'. [CSCdj37496]
Customer entered:-
no int atm x/x.x int atm x/x.x point-to-point
results in error message:-
% Warning: cannot change link type
Workaround:
int atm x/x.x point-to-point no int atm x/x.x int atm x/x.x point-to-point [CSCdj43221]
If there are already active accounting session, when we turn on periodic watchdog accounting (aaa accounting update periodic n), this could result in an error message and a traceback. [CSCdj48480]
DHCP packets from Cisco Access Servers do not correctly use the source and giaddr IP addresses as defined in the dialer rotary-group configuration. [CSCdj49380]
Add code to increment 'hops' field in BOOTP packet when acting as a BOOTP relay agent. [CSCdj50491]
NTP slave takes a long time so synchronize after the server's clock is manually reset.
Currently the work around (have the clock synchronize in a short time interval) is to deconfigure and reconfigure NTP in the slave system. [CSCdj51376]
Fastboot was successfully implemented for the AS-5200 platform; there is now a call for full support of this feature on other platforms. Fastboot can be invoked by turning on bit 4 of the configuration register; when fully functional, the router boots directly to the IOS by skipping the loading of a boot image. The chief advantage would be to conserve memory; however, on a 7000, three minor errors have been discovered. [CSCdj54935]
If traffic-shaping is configured on some sub-interface and that sub-interface is deleted, traffic-shaping information persists for that sub-interface. [CSCdj56035]
If a cisco is loaded, radius may miss the last retransmit, due to a timer race condition. [CSCdj58534]
After a user sends a break command to the console, the cont command does not work - it does not restart the running IOS. Instead the system will crash again and drop to the ROMMON prompt. The break command also does not work properly - it may hang, and the ROMMON command stack will report the wrong backtrace.
This bug affects all platforms with MIPS R4700 and R4600 chips, including all RSP-based platforms. [CSCdj58608]
When OTP is used with CiscoSecure 2.1.X, chap authentication & 'aaa authorization network tacacs+ local', authorization fails with message 'internal info is invalid'. [CSCdj60023]
An SNMP trap process can cause high CPU utilization. The workaround is to deconfigure SNMP. [CSCdj63629]
the console/virtual-terminal exec on 7500 HSA systems may become unresponsive with configurations larger than 128K and service compress-config. the console can lock up on "wr mem" or "copy running" commands, and the configuration nvram can become corrupted and inaccessible. other vtys and packet forwarding and routing operations will continue operating unimpeded while the console or telnet exec is nonresponsive.
a workaround is to store the configuration in flash. for example, "copy running slot0:config" and configure "boot config slot0:config", and "service compress", and "boot buffersize N", where N is at least three times the configuration size in bytes. then the "wr mem" command will work slowly - 10 minutes elapsed time for each 128k block of configuration text.
the method to recover configuration nvram after nvram is corrupted is: send RS232 break to the console of both master and slave. use rommon "confreg" on master and slave to ignore system config. use rommon "reset" command on master & slave and boot a slave-capable image. on the master console, copy good config file from flash or tftp into running-config. turn off the 0x40 bit in the configuration register by using the "sh ver" exec command and the "config-register" configuration command. reload the master. [CSCdj63926]
Symptom:
Customer experienced the following problems with the IOS:
For ISDN we use the username password construct to set up the CHAP PPP passwords.
Now if some one cut's and paste this into a router the encrypted passwords will be followed by spaces (depends on the terminal used and terminal set-ups).
username test password 7 02080B581F031C35
with a space on the end then the password for username test is corrupted and the router will never pass CHAP authentication. This can be tested locally on the router by telnetting to the router's ethernet or loopback and trying the password for test.
Even without encryption if you try test password test With a space at the end then to login as test you have to use "test ". Which means that CHAP authentication won't work because it's expecting the password "test" not "test ".
This fault also effects the enable password
enable password "test " is different from enable password "test"
Workaround:
Advised the customer to input the username password into the config instead of cutting and pasting them into the config. In order to aviod any white spaces in the transfer. [CSCdj64406]
When a copy flash slot0: command is issued to copy the file on the on board flash of an RP 7000 router to the flash card in the SAME RP, the command successfully copies the file in 11.0.17. In 11.1.15 and 11.2.9, an Lseek file flash:filename error (file not a direcotry) message is issued.
This is a problem when copying from the flash to the slot of the SAME router. There is no problem copying the file on flash to a flash card on another router that is set up as a tftp server. [CSCdj65335]
Sympton: Router crashes when doing a start-chat any vty xx, where vty xx is a line number outside the valid vty line range.
Conditions: No special conditions.
Workaround: Since this command, as stated in the documentation, does not work on vty lines, don't execute the command. [CSCdj66129]
The patch added in CSCdi37706 and incorporated into Cisco IOS Releases 11.2(8.1), 11.2(8.1)P, 11.3(0.2) and 11.2(8.1)BC was intended to correct a cosmetic problem with command authorization.
Instead it exposed a bug in older implementations of the developers kit TACACS+ daemon (freeware) and will cause certain command authorizations to fail.
All freeware daemon versions prior to version 3.0.13 are subject to this problem including the ACE Safeword Security Server daemon. CiscoSecure daemons are not affected. [CSCdj66657]
RED Mean queue depth returns to 0 extremely slowly. [CSCdj69270]
A corrupt buffer header is causing 7500 Routers to restart with bus error. This occurs about twice a day. They are running IOS 11.1.(15.05)CA. [CSCdj70296]
Using the "show decnet route" command it is not possible to see the next hop interface number if the interface is fast ethernet (not enough width in the "next hop" column). [CSCdj71695]
When a PPP connection is established between two async peers and VJ header compression has been negotiated as part of the IPCP negotiation, a Telnet connection from one peer to the other could result in a traceback. [CSCdi76186]
The parser allows multiple dialer map snapshot statements per sequence number when configured as the client. Only the first dialer map will be used to dial out. [CSCdi82652]
The maximum length of filenames for the copy rcp and copy tftp is 45 characters. Some users have requested a longer limit, 80 or more characters. [CSCdj02798]
Interface ethernet parser shows incorrect help information. [CSCdj06457]
There is a problem when a configuration file is copied to startup configuration and startup configuration is set to nonvolatile random-access memory (NVRAM). If the configuration file is larger than the startup NVRAM then the system will reload. This situation can be avoided by enabling configuration compression with the command "service compress-config". [CSCdj14322]
Severity levels in logging buffered are listed alphabetically rather than hierarchically. [CSCdj17121]
The IOS contains invalid routing processes options in it's parser. The invalid options are: static, hello, conected, mobile and floating-static.
There is no operational impact due to their presence and/or use. This is a cosmetic problem. [CSCdj18849]
After doing a write core on a 2514 router, the router reloads as soon as logging out or breaking the telnet connection to the exec session. [CSCdj20313]
The parser gives the "%Error: Unknown physical layer" when entering the interface command "physical-layer sync" while the interface is already set as a synchronous iinterface. [CSCdj24380]
The 'any' and 'host' keywords will not appear when using the access-template command with privilege levels less than 15. [CSCdj25093]
If the line speed on an AS5300 is configured for tty lines that span a Microcom modem followed by a Moca modem, the output of the show running-config and copy running-config startup-configNoCmdBold> commands is wrong for the speed commands on those lines. [CSCdj41555]
For ATM subinterfaces specifying link-type will be a must i.e. there will be no default link-type as shown below:
goldy(config)#int atm0.1 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link goldy(config)#int atm0.1 % Incomplete command.
Previously multipoint type used to be the default for ATM sub-interfaces. [CSCdj68721]
If you enter a prompt with doublequotes around the prompt string, and with an embedded space in it, like this:
DEMO2(config)#prompt "space embedded>"
Then this appears to work - you get a prompt of
space embedded>
However, when the configuration is loaded from NVRAM at boot time, the parser refuses to accept this prompt with an embedded space, and the system prompt reverts to the default one.
The correct method is to use the %s construct, as is documented for the prompt command:
When trying to set up different privilege levels, the "privilege exec level 5 write terminal" command doesn't work the way it's expected to do. It returns nothing when the user do "wr t". See Description and Configuration attachements. [CSCdj70686]
When 'privilege configure level x ntp server' is configured, where x is privilege level other than default (15) following occurs: You are able to configure 'ntp server' from privilege level x. Once router is reloaded 'ntp server' can not be configured from privilege level x anymore. [CSCdj74729]
dlsw netbios reachability search is linear not binary [CSCdi50707]
The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]
User was not able to query CIP LLC stats for memd waits/drops from RP console or SNMP. [CSCdi57533]
The "dspu enable-host sdlc " doesn't get cleaned up properly when the sdlc encapsulation is removed.
A sample configuration would be: interface Serial0 encapsulation sdlc sdlc role secondary sdlc address C1 sdlc address C2 dspu enable-host sdlc C1 dspu enable-host sdlc C2 no shutdown
All sdlc configuration commands would be removed by changing the encapsulation; i.e "no encapsulation sdlc":
int serial 0 no encapsulation sdlc
So the configuration would show:
interface Serial0 no ip address no keepalive no fair-queue no cdp enable no shutdown
If sdlc encapsulation is configured again then the previous "dspu enable" configuration commands re-appear:
interface serial 0 encapsulation sdlc
interface Serial0 no ip address encapsulation sdlc no keepalive dspu enable-host sdlc c1 dspu enable-host sdlc c2 no shutdown
A work around for this problem would be to reload the router inorder to clean up properly. [CSCdi62105]
When source-route bridging is configured, the source-bridge largest-frame command does not properly set the largest frame size. [CSCdi65918]
Any router that is configured with DECnet and SRB on more than one Token Ring interface will produce this message at boot time:
The work around is to use th mac-address command to specifically configure the burn-in MAC address on each Token Ring interface. [CSCdi68577]
A bus error occurred at PC0x169a46. The stack trace indicates a problem in the LNX process. This problem occurs on X.25. [CSCdi73516]
This problem occurs in some versions of 11.0, and has been fixed by the commit of CSCdi67725 in 11.1. In the event that this problem is occuring in your 11.0 images, please upgrade to 11.1 GD [CSCdi76393]
APPN continues to send data to DLSw even if DLSw's WAN link is congested. [CSCdi76813]
The TDU count kept by the APPN MIB, may not be correct. [CSCdi76866]
When the fast source-route translational bridging feature is configured, packets are corrupted. The workaround is to issue the no source-bridge fastswitchring-groupfastswitch command, which disables the fast source-route translational bridging feature. [CSCdi87612]
The errmsg LNMC-C-BADCLSIRET ACTIVATE_SAP_Cfm SAP BUSY is displayed when configuring multiple CIP internal SRB LANs on the CIP virtual interface. [CSCdj08979]
A router may restart unexpectedly with SegV exception, PC 0x0, when the router is configured for DLSw. [CSCdj16559]
A router configured for DLSw has a buffer leak in the middle and big buffers. Eventually, the router runs out of I/O memory.
The problem is related to the way DLSw backup peers are configured. This problem will only occur if the local router is configured with backup peer commands and the remote router also has a configured peer and is not promiscuous.
The workaround is to remove the DLSw backup peer configuration. [CSCdj21664]
When establishing a DLSw session, the circuit priority field in the SSP header of the CUR_cs, ICR_cs, and/or REACH_ACK SSP frames may be set to a reserved value (5, 6, or 7). While this value will not cause problems when sent to a Cisco router peer, it may cause interoperability problems when peering to another vendor's equipment. This problem may manifest itself as an inability to start the circuit. [CSCdj22482]
When the target DLCI, on an interface with one or more DLCIs, goes down FRAS fails to go into backup mode. The backup will not be invoked until the interface transitions to the down state. [CSCdj22613]
The SHOW INTERFACE ACCOUNTING command would incorrectly show NO traffic sent for RSRB SDLLC configurations,and no transmit packets/frames for STUN. STUN incorrectly shows only the receive side information. [CSCdj23788]
It has been seen that when running srb on a c7200 w/DLUR, downstream cp-cp sessions do not come up. Work around is to use tr/llc, rsrb, or a c4500 or c7500. [CSCdj30284]
A dropped frame-relay link can cause the QLLC to not reactivate. Work-around is to reset the routers. [CSCdj38370]
doing a config net while the config file is incomplete, leaves router in tn3270 config mode. [CSCdj46527]
A crash could occur for STUN DIRECT over frame-relay if data continues to be received after a stun peer was deconfigured, or the encapsulation is changed from STUN. [CSCdj48350]
When using appn-isr over an RSRB port over FDDI a cisco 7200 may start sending frames with the non-bitswapped address of the target device.
Workaround is to configure a mac address on the target device that is always the same canonical or non-canonical. i.e. 4242.6666.ffff. [CSCdj48606]
When issueing the "show appn intermediate-session detail" exec command, the RSCV (route selection control vecotor) displayed is incorrect for DLUR managed (dependent) sessions. [CSCdj52673]
In a rare timing situation, an APPN/DLUR router may reload due to a bus error/segV exception at ndr_sndtp_encap_mu. [CSCdj59639]
Alignment errors detected running TL/SRB on c7200 router. [CSCdj59922]
If an RSRB session is disconnected by the local LAN side at exactly the same time as a data message is received from a remote host, a situation can occur which will lead to a crash in llc_get_oqueue_status().
There is no workaround. [CSCdj62026]
When router is configured with SRB-related features (e.g. RSRB or DLSw), the R/SRB background process may experience thrashing on a watched timer.
The output message is as follows:
02:22:53: %SCHED-3-THRASHING: Process thrashing on watched simple timer (0x875C08). -Process= "RSRB Background", ipl= 6, pid= 48 -Traceback= 1807B0 180A5C 6E1B12ebd
The SDLLC and DSPU features may also experience this problem. [CSCdj62105]
When source route translational bridging is used, llc sessions which are initiated from the transparent domain will result in the source route largest frame to be incorrectly set to 4472 instead of 1500. The result is that SNA and Netbios sessions may fail if the source route station sends a frame with a payload which exceeds the maximum allowable size of 1500 for ethernet media.
The problem typically occurs when Netbios is utilized to allow workstations to communicate between ethernet and token ring. It will also occur when SNA is used.
The workaround is to disable fast-switching by using the command no source-bridge transparent fastswitch or configure the end stations to use frames with a payload of less than or equal to 1500 bytes. [CSCdj62385]
The appn router may have an excessive amount of processor memory allocated to appn after experiencing several spikes in appn processing. The appn memory manager was optimized to release groups of unused pools back to the operating system. [CSCdj62502]
IP packets from the CIP which contain IP options are dropped by the IOS. The router log will show a message like:
for every dropped packet. IP options are very rare in todays networks, so there shouldn't be any impact for most customers. There is no workaround. The problem happens no matter if autonomous, fast, or process switching is configured on any of the router interfaces. [CSCdj64709]
When implementing source route translational bridging, frames which originate in the transparent domain which have a payload larger then 1486 bytes may get silently dropped. Therefore, stations which transmit the largest possible ethernet frame of a payload of 1500 bytes may not be able to maintain sessions. The workaround is to reduce frame payload to something less that 1486 bytes. [CSCdj65835]
The router may send a frmr when the role is code as primary. This is currently under review by de. We will be changing the default behavior so that it can only send frmr as a secondary. If this presents a problem you can use the following interface configuration option to prevent us from sending the frmr as a primary or secondary : frmr-disable. [CSCdj66967]
DLUR pipe seesions goes on cpsvrmg mode. This mode supports only two sessions. Under some condition, before DLUS cleans up its dlur pipe seesion, it may get request for another session from same DLUR. This time DLUS send +RSP(BIND) followed by UNBIND request. This may cause race condtion in dlur subsystem and causes DLUR FSM in hung state. [CSCdj67223]
After a 'no [claw|csna|offload|mpc]' immediately followed by a shutdown, the deconfiguration attempt could be left pending. This would be apparant after attempting to reconfigure the claw,csna,offload, or mpc command and getting the following message: %Configuration of XXXX YY is pending...
The circumvention for this problem is to "no shut" the interface and then readd the configuration. [CSCdj67340]
APPN/DLUR: In the rare case due to a protocol violation caused by another node (sending data on a lfsid that is not in use), a reload can occur in the Cisco APPN/DLUR router due to trying to look up the unallocated lfsid. [CSCdj67431]
Any dlur installation with over 800-1000 downstream PUs can may experience a reload with the following backtrace:
Dspu over rsrb with fst encapsulation reloads with bus error similar to this, when upstream or downstream connectino is initializing:
System was restarted by bus error at PC 0xCC6B8, address 0xFC4AFC82 4000 Software (C4000-JS-M), Version 11.2(10.3), MAINTENANCE INTERIM SOFTWARE Compiled Mon 01-Dec-97 19:45 by ckralik (current version) Image text-base: 0x00012000, data-base: 0x0076AE64
The workaround is to use tcp encapsulation for rsrb, or switch to dlsw. [CSCdj68261]
Some hosts exist that use the unusual behaviour of setting the OAF (Origin Address Field) equal to the DAF (Destination Address Field) in traffic on the LU-LU session, instead of setting it to the more usual value of 1. This actually makes it impossible to distinguish whether the LU is dependent or independent, and DSPU has followed the standard SNA convention of assuming that all sessions with OAF greater than 1 were for independent LUs.
As DSPU only supports dependent LUs, it now assumes that the OAF equal to DAF condition does signify a dependent LU and maps the session accordingly.
The only workaround is the very restrictive configuration of only using the host LU locaddr 1. [CSCdj69265]
When DLSw is configured, the following error message may be seen:
This message does not affect functionality. It indicates that a race condition has occurred between DLSw and the LLC2 layers when cleaning up an LLC2 session that timed-out during the XID exchange process. [CSCdj69533]
CIP CSNA does not work with DLSw+. On a router configured with DLSw+ and CIP internal SRB LANs, when the router is loaded, the CIP internal LANs do not get registered to DLSw+ correctly. DLSw+ will not forward frames to the CIP internal LANs. [CSCdj70659]
APPN router may reload in rare situations with the following backtrace:
If the following BGETAS04 message is displayed on the APPN router, then appn's ps process may hang. In this case, the router may not process cp-cp session and cpsvrmgr session activations and deactivations. The appn subsystem must be restarted to clear this problem.
%APPN-7-APPNETERROR: BGETAS04: Invalid pool type %APPN-0-APPNEMERG: Assertion failed in ../ps/ptp05a.c at line 240 [BAY6] 100: -Process= "psp00 ", ipl= 0, pid= 53 [BAY6] 101: -Traceback= 60707F30 6067AF9C 6067D458 6067AD7C 6067789C 6067780C 6067767C 601A2208 601A21F4
To address the problem of a DLUR pipe going down and reestablishing on the non-network owning CMC, the perfer-active-dlus command is being enhanced to include a retry parameter. The number of retries will be adjusted to a sufficently high number to allow for those times when the network owning CMC is busy. An alert will be provided for each retry attempt. [CSCdj71104]
While configuring FRAS BAN, if there are multiple SDLC interfaces, then each BAN-SDLC interface must have a different ban-dlci-mac address configured. The IOS software does not support the same ban-dlci-mac address on more than one SDLC interface. This ban-dlci-mac address is configured in the sdlc partner statement and on the fras ban frame-relay Serial0 4000.1111.1111 dlci 35 command. [CSCdj71301]
The range for the cipCardAdminMaxLlc2Sessions and cipCardOperMaxLlc2Sessions CISCO-CIPCSNA-MIB objects should be changed from (0..4000) to (0..6000) to reflect the max llc2 session limit in the IOS code.
The description for the cipCardAdminMaxLlc2Sessions object does not match the behavior of the max llc2 session configuration parameter. [CSCdj72029]
Under certain circumstances, issuing appn ping commands may crash router. [CSCdj73921]
Sometimes the 'show qllc' command does not report on all the established QLLC sessions [CSCdj74992]
Symptom: In unusual circumstances a memory leak of buffers can occur in DSPU link station handling. This may lead to messages indicating a failure due to lack of memory, such as DSPU-3-LSConnInFailedNoMem.
Conditions: This buffer leak can occur only in a short window of time during DSPU link station activation processing and only when the link station fails to activate.
Workaround: This buffer leak will never occur for successful link station connections. It will only occur for some unusual types of connection failure that may occur before an XID response has been sent by DSPU back to the connecting link station. Lost memory can only be recovered by reloading the router. [CSCdj75816]
In a ISL environment with DLSW where DLSW bridge-group is on one of the ISL vlan subinterfaces, retransmitted frames from DLSW contain 4 bytes of extra data causing session loss.
This problem has been witnessed more severly when the switch port on the trunk between the router and switch is set to auto ( negotiation ). This causes the switch to default to 100/half while the router is at 100/full causing collisions, late collisions and overruns. These cause retransmisions that trigger the problem.
Besides trying to avoid the retransmissions there is no workaround in ISL/DLSW setup. [CSCdj76634]
The APPN router may crash with the following backtrace while processing a destroy tg.
Under very rare circumstances, when using software flow control on the AUX port under heavy load, the line may end up in a hung 0 state. The output of a show line command indicates "Status: Ready, Connected, Active, Waiting for XON, Sent XOFF." If XOFF has been sent and the device is waiting for XON, issue a clear line command to recover. [CSCdi56432]
Symptom: memd complains "cannot carve anything" upon changing mtu on HIP
Conditions: when changing to a large mtu
Workaround: Keep mtu reasonably small (under 8192) on HIP until further notice [CSCdi60426]
When the user types the command "show controller tokenring ..." the values of the following 10 'since last reboot' error counters may be less than the actual counts:
Bridged traffic is not currently payload-compressed when compression is enabled. This is due to problems caused in some instances by the combination of software bridging and payload compression. [CSCdi63268]
Under a sudden burst of moderate load, MIP controllers cycle, taking all attached interfaces down. This behavior is sporadic (that is, it does not usually occur), and the router recovers without any user intervention within a few minutes. [CSCdi65044]
Running SRB over FDDI on Cisco 4000 series routers may not perform as well as expected. However, this behavior should not seriously impact network functionality. [CSCdi69101]
Certain types of source-route bridge explorers are process switched instead of fast-switched. [CSCdi72488]
A MultiChannel Interface Processor (MIP) card can cause interfaces output stuck if configure channel-groups in reverse order. Starting from 23 on T1 applique or 29 on E1 applique. After the configuration, the MIP stops working on other channels. However, those stucked channels will be automatically reseted by RSP driver output stuck assertion operation. [CSCdi74075]
On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]
When IPCP negotiates the peer's address, it ignores the dialer map as a possible source of the peer's address unless a phone number is configured in the dialer map statement. [CSCdi75423]
LMI becomes unknown to remote DTE with 2 or more frame-relay sub-interfaces - configured with - apparently after traffic transported over the link (before traffic sent - all stable). All DLCI's under physical interface are subsequently deleted. [CSCdi81761]
A TRIP interface configured for transparent bridging but not configured for source route bridging may silently drop some incoming frames. Specifically, if the interface receives a frame with length less than 120 bytes and the RII bit is set (indicating a source route bridging frame) it may drop the next frame received. This can cause the interface's keepalive processing to fail and can lead to sporadic resets on the interface. [CSCdi88756]
Cannot ping/telnet to HSRP virtual address on FastEthernet that is multiprotocol running.
I checked 'show smf'. When 16 MAC addresses is registered on FE, I cannot ping/telnet HSRP virtual address. But HSRP replies ARP request. If I delete or disable any protocol, and the number of MAC decrease less than 16 (i.e. 15 or fewer), HSRP works fine. [CSCdi92485]
A Cisco 7500 series router might resign its active HSRP status when configured on an FEIP, if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]
Symptom: Under certain conditions, customers may experience a memory-leak which would lead to a router reset if the (B)ridge-group (V)irtual (I)nterfaces for the new (I)ntegrated (R)outing and (B)ridging feature are not configured correctly.
Workaround: When configuring IRB in a router, customers should ensure that they DO NOT configure (B)ridge-group (V)irtual (I)nterfaces to logical/physical router interfaces that do not exist. [CSCdj02283]
The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]
IPX packets which are outbound on a async interface will not be fastswitched. [CSCdj09731]
Multiring IP/IPX is not functional on Cisco 7200 Fddi interface. There is no workaround. [CSCdj11924]
The transparent bridging is not able to handle the packet that is greater than 1500 bytes with frame relay encapulation in the process level bridging.
Since the frame_relay packet is normally handled in the fast_switching path, The above failure won't be happened in most of the applications.
There are certain conditions matched will cause the failure:
1. The packet has to be forwarded to the Output interface with frame relay encapsulation configured.
and
2. The packet size is greater than 1500.
and
3. The input interface matched with one of the following cretiria:
a. The IRB turn on and the recieving packet contains the protocol type which can be either routed or bridged on the receiving interface. or
b. Unclassified packet received on the bridged interface.
or
c. The input interface is ATM and bridged. [CSCdj15970]
The config command no exec-banner should suppress both the two banners: exec banner motd banner on all the following interfaces CON, AUX, vty sessions, async lines
However, this is not true when you reverse telnet to any of the async lines. In other words, if you config the async line to be no exec-banner
then you reverse telnet to this async line, then you will see the MOTD banner in addition to the INCOMING banner. [CSCdj16789]
Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload. OR, change the T1 framing setting from sf to esf at both end (including Central Office and the C2524 router). [CSCdj22485]
The pos specify-s1s0 and pos specify-c2 POS interface specific configuration commands do not work correctly. [CSCdj25166]
In C7000 and C7500 (RSP) platforms, changing some encapsulations can cause cbus complex restart. There is no workaround for this. [CSCdj29409]
7500's with OC3 POSIP interfaces do not support the Path Trace Buffer feature that the GSR (c12000) supports which indicates the name, interface, IP address, etc. of the remote connection.
On a GSR that is connected to a 7500, the Path Trace Buffer information available via the "show controller pos" command will be blank.
This will not impact the functionality of the router, but the presence of the feature makes misconnections easier to debug. [CSCdj31880]
A Cisco 2520 low-speed port may sometimes ignore group polls. This problem occurs on average once per minute and appears to occur only when the router is configured for half duplex and is using a DTE cable.
This problem has minimal impact on the performance of the customer's multidrop line because a FEP usually resorts to individual polling. [CSCdj33392]
The ethernet interface on the AS5200, 4x00 and 2500 platforms log BADCABLE messages with the console periodically when the interface is under load. [CSCdj35951]
TTY lines on access servers may hang when control characters are sent in dumb terminal mode (no PPP or SLIP). A show line will show the TTY line in a ready state, but no response or prompt is seen from the access server when the activation-character is sent (default is a return). Doing a clear line # does allow for the line to recover and respond to the acitvation-character. [CSCdj46760]
You receive System restarted by bus error at PC 0x4262AA, address 0xFFFFFFFC, when you enter the command frame-relay payload-compression packet-by-packet under the subinterface.
Problem was attributed to bug CSCdj43332 which was resolved in 11.2(9.4)P
Move to 11.2(10)P to correct. If you get ' System restarted by buss error PC 0x4262AA, address 0xFFFFFFFC' after entering 'Frame-relay payload compression', you have this bug.
This is an artifact of CSCdj43332. Upgrade to 11.2(9.4) or beyond to fix. [CSCdj49344]
Stac Compression is causing the PPP connection to hang between a 5200 and a 7xx router. The AS 5200 is running 11.2.8 and the 7xx is running 4.1(1). [CSCdj52340]
MIP serial interface counter may produce higher output rate than the actual rate under high traffic volume. [CSCdj54328]
In rare cases a Cisco 7200 router with a token ring port adapter may crash if one of it's token ring ports attempts to insert into the ring and fails due to a ring error. [CSCdj59796]
Symptom : setup command assigns invalid interface for ip unnumbered command while configuring the async/group-async interfaces.
Conditions : This occurs when there are interfaces (viz.,ethernet, token-ring,fddi) ,which do not have an ip address configured and these interfaces precede by slot number and unit number,any other interface which has an ip address configured.
Workaround : The workaround is to always have the first interface configured with an ip address or manually re-configure the async/group-async interface by assigning a valid interface to the ip unnumbered command. [CSCdj62240]
The 'no ip redirect' is autonatically added to the configuration when isl is defined. Customer removed it but after reload the 'no ip redirect' gets back in the config. [CSCdj64043]
3Com G703 to X21 converters do not resynch after failure on 7200 serial interfaces. The converters loose their timing and crc errors increment on each end of the link. Manual intervention is required to have converters resynch. The problem is not appearant on other platform serial interfaces. [CSCdj65162]
The 'debug broadcast' command doesn't produce any output on Lance ethernet interfaces. [CSCdj66833]
A 2500 router configured for source route bridging on a token ring interface may crash on bootup or during a 'no shutdown' on the token ring interface. This can only occur if the source-bridge is configured with the wrong number (a ring number mismatch with other devices already on the ring). Once the interface is properly configured and brought up, this problem cannot occur. [CSCdj68265]
When IRB is enabled, the BVI interface may not overwrite the real incoming interface in the arp response, so we install an incomplete arp entry and list "wrong cable" in the debug arp output. [CSCdj68785]
On 7200 with the I/O controller with MII only and other platforms (i.e., 4500 and 7500), the regular Fast Ethernet PA media config command is missing the RJ45 option; only the MII option is available. On 7500 platform, to configure for RJ45, use the "no media-type MII" option as a workaround. The workaround is not available for 4500 and 7200 platform. Because all images use RJ45 as the default media type for Fast Ethernet, they will not discard the original configurations that specify RJ45. [CSCdj75983]
When using the PA-2CE1 you cannot determine if the line is being clocked from the line or from the internal clock source. There is no clock command on this interface as it automatically sense the better clock. [CSCdj77370]
Responses to RIP queries do not honor IP split horizon rules. [CSCdi30060]
A new command to set OSPF router ID is being added. When configuring OSPF with this new command, make sure that the new command always comes before the OSPF network statements. If the OSPF process is already running, the new command will only take effect after the OSPF process is re-enabled or by a reload. [CSCdi38380]
in 11.1-based test code, a spurious access was recorded when issuing the "show ip rsvp installed" command. [CSCdi54296]
If a RPF change occurs or an outgoing interface list entry is added or deleted, RSVP is not informed immediately by IP multicast routing. This causes reservation latency. But only occurs for multicast sessions. [CSCdi58028]
Without periodic registers, the (S,G) state in the RP has to be kept alive by other means, such as (S,G) joins/prunes. [CSCdi59021]
Beta code may not correctly forward an RSVP message when RSVP is *not* configured [CSCdi61151]
Unequal messages seen on RSP platforms after a route flaps. There is no apparent functionality or performance impact. [CSCdi62271]
The neighbor x.x.x.x soft-reconfiguration command is changed to neighbor x.x.x.x soft-reconfiguration inbound. This command is required to enable inbound soft reconfiguration. The work around it to continue using neighbor x.x.x.x soft-reconfiguration command. [CSCdi64487]
When an ip address is unconfigured, the summaries still stay in the routing and eigrp topology tables. [CSCdi68564]
When using , only one entry in the route-map is deleted (the one with the lowest sequence number).
The workaround is to issue the command once for every entry in the route-map. [CSCdi74893]
If a multicast mtrace request is received from the interface that toward the requested (source,group), the mtrace request is not dropped but forwarded back on the incoming interface. [CSCdi78092]
mrinfo with no command line options (a local request) sometimes times out if the request is looped back through an unroutable interface. Workaround is to specify the router's name ( mrinfo ) with the command. [CSCdi84362]
There is no prune sent toward the RP for (*,G) timeout. In the case that OIF is expired after the (*,G) entry, traffic will continue to flow down the shared tree for an extended period until each router along the path individually times out the entry. [CSCdi84784]
When the fragments arrives at the destination out-of-order, router may fails to reassemble the packet. Typical example is when it has several lays of fragmentations along the path and fragments arrives at the tunnlel destination out-of-order because small fragments got fast-switched and large fragments got process switched(since it needs to be fragment again in process level). [CSCdj03076]
In LANE 11.2 code, LANE configuration appear before OSPF configuration in NVGEN. [CSCdj05560]
(*,G) prunes should also schedule removal of interfaces from all (S,G) entries which match. Currently, only the (*,G) entry's olist is updated. The work around is to enter clear ip mroute for the specific group. [CSCdj05669]
When enabling a gre-tunnel interface, it might not take the default configuration, but an old configuration - not stored in NVRAM. [CSCdj06852]
Problem:
Non-cisco PIM routers do not send CGMP messages. Cat5k with older code would not recognize them as routers and hence would not forward multicast data toward them. Adding the CGMP Proxy functionality in cisco routers for them was proposed in this bug report.
Workaround:
Cat5K with V2.3(1) code can recognize messages from any PIMv1 router and mark the port where the messages come in as a router port. With this level of code, CGMP Proxy is no longer needed for Cat5k. [CSCdj10170]
A router running 11.2(5.4) won't be able to normally trace to it's own ip address.
The work around is to do an extended trace and source the packet from a different IP address on the router. [CSCdj13341]
In the PIM/DVMRP border router, (S,G) with null OIF is pruned even if it is still registering. [CSCdj14514]
Under certain circumstances, the router may experience the following informational messages:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x602D4280 reading 0x30 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x602D38CC reading 0x16 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x60352800 reading 0x630 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x601779E4 reading 0x648 %ALIGN-3-SPURIOUS: Spurious memory access made at 0x602B3D28 reading 0xC04 [CSCdj18623]
The command "sh ip bgp neighbor x.x.x.x adv" does not include the originated default information. [CSCdj19834]
If a router receives an EIGRP UPDATE from an non-existent neighbor, it might display the following message:
This error should not impact the operation of the router. [CSCdj22621]
Crash due to Memory leak, SH MEM shows 'IP Input' and 'Pool Manager' holding onto memory. [CSCdj23080]
The execution of the command 'cle ip acco' on a tunnel interface resets the interface. [CSCdj23178]
If a superset network configuration line exists under OSPF, it may be overwritten after a change in the router ID. Also, any interfaces covered by this line may not be included in the OSPF process.
The workaround is to include the superset network line in the configuration file. [CSCdj24152]
When re-configuring route reflectors clients peer-groups without making any change (typically cut/paste) a reset of all peers within the group occurs. [CSCdj25866]
The OSPF RFC doesn't allow having a virtual link thru a stub area.
Although the router allows this to be configured, it could lead to problems when trying to reach external domains through the stub area. [CSCdj30202]
The background timer which kicks off once a second will find out the neighbors who need attention. Access the queue of the neighbors with established sessions only. [CSCdj30654]
After changing the bandwidth or delay value at the interface, "sh ip eigrp topo" still shows old FD(metric) value. [CSCdj30917]
The ip forward-protocol udp command should only influence flooding broadcast (255.255.255.255) and not directed broadcasts. However if we configure on a router "no ip forward-protocol udp", it will prevent forwarding of directed broadcast to a local interface.
no ip forward-protocol udp | v router1---10.1.1.0---router2---10.1.2.0---router3---10.1.3.0 ^ ^ ^ | | | source fails works [CSCdj31239]
route-map filtering of routing updates based upon community strings fails [CSCdj34779]
There is a bug in 11.2.7 where by offset commands coded in conjunction with router rip statements do not appear in the startup and running configurations. The commands do function, but do require to be re-entered after every router re-load. [CSCdj35131]
Routers experiencing a high incidence of DUAL-3-SIA messages may also incorrectly log DUAL-3-BADCOUNT messages. There is no functionality or performance impact from the BADCOUNT messages.
The workaround is to prevent the stuck-in-active (SIA) messages by configuring timers active-time for router eigrp to the correct value for the network. [CSCdj35254]
In some instance, a configured 'bgp router-id' is not used after the router reloads. Instead, the router uses the highest ip interface address as its router id, until 'clear ip bgp' is performed.
A workaround is to configure loopback interface, whose address is greater than any other address on the router. [CSCdj37962]
If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]
Under certain conditions, the output of 'show ip ospf statistics' will not display a reason code explaining why an SPF run took place.
This is known to happen when the only event to trigger an SPF run is an update to a summary-asbr LSA. [CSCdj42636]
Configuring multiple virtual links to the same router id (via different transit areas) may cause routing table entries to be calculated with a correct metric (corresponding the the virtual link with the lowest cost), but an incorrect next hop (corresponding to the first virtual link appearing in the router LSA).
To avoid this problem, do not configure multiple virtual links to the same router. [CSCdj43279]
Router sends ICMP network redirects (code 0) when it should send host redirects. This is in violation of RFC1812 section 5.2.7.2. No adverse affects to any particular client have been found at this time. [CSCdj44606]
Policy routing inconsistent on subinterfaces [CSCdj47355]
If RSVP is configured on a router, it will only forward RSVP reservation information to interfaces that are configured for RSVP. It will not forward RSVP messages from or to interfaces that are not so configured.
While this is consistent with the specification, it precludes some uses of RSVP that might be desireable. [CSCdj51276]
Under EIGRP, when the router clears a route using the host ip address, the router fails to bring back the route on that subnet into the routing table. The route, howeber, is still in the topology table but not in the routing table. [CSCdj52415]
eigrp may crash when receiving updates in a network which has a major topology change in conjunction with a large eigrp topology database. [CSCdj54728]
Under certain conditions LS type 5 are not generated by an ABR in response to LS type 7 received (if the cost becomes worse or the LSA is purged) [CSCdj55301]
With certain route-map configuration or soft-reconfiguration, the LOCAL_PREF for a path may be set to 0, resulting in wrong path being selected. [CSCdj55839]
When you have a 7000 running EIGRP on two EIP6s, a TRIP4 and a FIP. EIGRP runs on all these interfaces. All connected networks are in the EIGRP topology, until... One adds a third EIP6. In the EIGRP toplology we may loose some of the connected networks that connect to the existing ethernet interfaces. The ip routing table still shows the routes.
Result: not all connected networks may be advertised in EIGRP.
Workaround: redistribute connected [CSCdj57362]
A permanent IP static route to an interface will be removed from the routing table when that interface goes down. For example: with ip route 10.9.10.0 255.255.255.0 Async1 permanent in effect, then if interface Async1 is down, the route will be absent, despite the "permanent" keyword. This will prevent the route from being redistributed into an IGP. [CSCdj57495]
misconfigured eigrp with a network statement for a non directly connected ip address will auto-summarize the network if it is receiving subnets for the network from its neighbors. [CSCdj57578]
Release-notes ------------- router ospf 1 area X range A area X range B where B is totally included in A
Upon reload, 11.2(7a) no longer advertises range B. [CSCdj60048]
The 'always' option is added to the 'remove-private-as' command to strip the private ASs from the as-path even though there is a mix of private and public ASs. [CSCdj62077]
When the metric in EIGRP increments beyond unreachable, the value can wrap wrap around and be reported as a smaller metric. [CSCdj62489]
The error message displayed at the console when dampening "reuse" is higher than "suppress" is bogus. [CSCdj62820]
When multicast is configured and then ip rsvp bandwidth is entered on an interface without ip configured on it, the box crashes. [CSCdj63772]
Under rare ciscumstances a BGP router sends bgp updates with a duplicate community attribute, which triggers the neighbor reset. [CSCdj64103]
When spt-thresholds are in use and the last-hop router switches back to the RP tree, the RP-bit on the (S,G)RP-bit Joins are being dropped (not sent) by the next router in the path to the RP. This is resulting in erroneous state being created along the RP-tree and data does not begin to flow down the RP-tree for several minutes. [CSCdj64114]
Router may hang telnet sessions and reload in rsvp process area. [CSCdj64211]
Dynamic redistribution into EIGRP from another routing protocol fails if the routes being redistributed fall within the same major network as EIGRP. A temporary workaround is to remove the redistribution statement from the EIGRP configuration, then re-insert the redistribution statement. [CSCdj65737]
At the IP on GRE tunnel configuration, Drop 2nd and 3rd ping packet when there is no IP route cache. This phenomenon does not occur when there are IP route cache or no ip route-cache. [CSCdj66098]
ospf ignore lsa mospf does not suppress all error messages related to MOSPF. In particular, error messages about receiving MOSPF LSA in link state acknowlegement packet are still generated. These error messages will appear if there are more than 2 MOSPF routers on the same LAN as the Cisco router.
This fix suppress error messages for link state acknowlegment packet too. [CSCdj66792]
A router supporting FastEthernet that is configured with ISL encapsulation will place an entry in its ARP Table if a client in one VLAN is incorrectly configured with an IP address in the subnet assigned to another VLAN that is supported within that trunked interface. [CSCdj67271]
If the ACL number specified in the offset-list is 0, the offset-list entry is not NVGENed.
Currently there is no workaround. [CSCdj67950]
Router accepts no auto when configuring router eigrp as being the no autonomous-system command (egp) rather than the no auto-summary command, and it does it without complaining about the extraneous text at the end.
Workaround is to type no auto-. [CSCdj67951]
EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj68388]
When an interface is configured to send rip v1 packets while running rip v2, router sends out corrupt packets. v2 packets are not effected. No known workaround. [CSCdj69026]
ripv2 sending duplicate route in update over unnumbered link when 'no auto-summary'. [CSCdj69646]
A new bgp neighbor command:
neighbor / shutdown
is added so that an individual peer or a peer-group can be brought down without de-configuration. [CSCdj69829]
A new route-map "set ip next-hop peer-address" Command is added to simplify overriding third-party next-hop. [CSCdj69835]
Router may crash when 'clear ip route *' if RIP is enabled with 'output-delay' configured. [CSCdj70535]
If the interface on the router flaps or a new interface has been broght up, this will cause the downstream router that is connected to this router to "reread" its routing entry, thus resetting the timer on the routing table and also resets the default route. The default route will be gone until the next time the router recalcultes it default route, which is about one minute. [CSCdj70939]
When a router receives a PATH/RESV message that contains POLICY data, the router reloads.
The workaround is to avoid sending PATH/RESV messages containing POLICY data, [CSCdj72245]
For multicast flows, the multicast routing table will be used for forwarding. So, you can use static mroutes to force the flows to take one path when there is a redundant path setup such as two serial links between a pair of routers.
A problem can arise with unicast flows, which use the unicast routing table. Each and every time RSVP checks for a routing change to get a different next-hop. This causes RSVP to fail [CSCdj72858]
When inbound soft-reconfiguration is configured, this bug may cause bgp attributes to be set incorrectly for received prefixes. [CSCdj73336]
Routers with misconfigured IP address on a connected lan, show up as PIM neighbors because they still respond to the "ALL_ROUTERS" multicast address on the lan. But for all practical purposes (RPF problems, DR selection), they are not PIM neighbors. [CSCdj74197]
OSPF uses 1500 byte mtu size that cannot be changed on media that supports larger MTU sizes. [CSCdj75112]
Releases 11.1(15.1), 11.2(10.1), 11.3(0.11) and later, which include the fix for CSCdj38748, do not add an arp entry for an ip secondary address if the address is of the subnet of the ip primary address or another ip secondary address of the same interface. [CSCdj75552]
An IGMP v2 querier router which is running pim sparse-mode, fails to send IGMP v2 group specific query when a member of the group sends a leave message. This causes other remaining members on the LAN, not to send membership report until the next periodic, general query. These members may see a loss of data during this period.
A possible work around is to use dense-mode PIM or reduce IGMP query interval by
[no] ip igmp query-interval
command. [CSCdj75782]
If there are duplicate external's in an OSPF domain, under certain conditions, there could be a continuous route flap for this network. [CSCdj75857]
After a 'cle ip route', although the router still see all eigrp neighbors, he is unable to ping some of them. This is working as expected with 10.3.17. A shut/no shut of the interface is required to get back connectivity. This problem appears with ppp when host routes are not suppressed (mo peer neighbor-route should be a work-around) [CSCdj76960]
RIP and IGRP send requests when an interface goes down even the protocol is not running on that interface. [CSCdj77928]
If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]
If a clns route points to an interface, and if the interface processor is moved from one slot to another slot of the 7xxx router then the old clns route cannot be removed. As a result the CLNS static route is not consistent. The router needs to be reloaded after this unusual OIR event. The impact is highly reduced running an image including the fix CSCdi78048. [CSCdi78517]
clns static route across map-lists fails [CSCdi80018]
A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem was a result of the node being deleted and freed in the middle of tree walk. This is an IS-IS (using AVL tree) specific problem. [CSCdj18685]
A dynamically discovered clns route does not overwrite a static clns route pointing to a down interface. Workaround consists of removing the static route definition from the configuration and issue the command "clear clns route". [CSCdj31228]
No ISIS route to reflector over fddi in the routing portion of CRB. [CSCdj55173]
When using SNMP to change an existing IPX static SAP entry and only the sap hop count is provided to change a traceback may occur. Workaround is when changing IPX static services to provide all objects and not just the object which is to change. [CSCdi57358]
When walking the MIB on the 4500 a "NoSuchName" error may be returned for the IPX NLSP Neighbor Entry Group when the Neighbor table is present and populated. [CSCdi57864]
In order to facilitate redundant IPX topologies, it would be beneficial to have an IOS IPX command which would allow one to regulate the speed at which the router responds to IPX RIP requests, similar to the ipx gns-response-delay. [CSCdi82056]
Adding XNS back into a router's configuration after it has been removed may cause a system to restart by bus error. This may only be a one-time event if it occurs at all. [CSCdj16694]
Login takes a long time when traversing a router using the Microsoft 32-bit NDS client. The problem does not appear to be related to the Novell or Microsoft clients. [CSCdj25785]
When using IPX-EIGRP over ISDN with floating static routes, there may be a short delay (~10 seconds) before the application is able to get through. [CSCdj38031]
If two routers running NLSP are also connected redundantly to each other via RIP, route changes in the NLSP area are sometimes not redistributed immediately via RIP (flash update). The situation corrects itself after a brief delay since the correct information is present in subsequent RIP periodic updates from both NLSP routers. [CSCdj39987]
On certain platforms when using XNS fastswitching, alignment warnings may occur. These warnings are informational and cause only a small increase in overhead as the system does some extra work to control for the alignment issues. [CSCdj49994]
Before a floating static route is installed a waiting period is observed when the network is down and unreachable, if IPX watchdogs or SPX keepalives arrive during this time they will be dropped. This may lead to session timeouts. [CSCdj50629]
In using floating static route across an ISDN link, when IPX EIGRP is the primary dynamic routing protocol, when the link goes down the EIGRP route is installed but after the floating static is configured and the line goes down and then back up there is no route to that network. The EIGRP route is received but never fully installed due to what seems to be incomplete removal of the floating static route. [CSCdj52947]
An access server may encounter high CPU utilization when IPX has been enabled on the async and ISDN interfaces if the IPX network is very large, has a large number of servers and is unstable. The process which uses the most CPU will be the "IPX SAP OUT" process as shown in the output of "show process cpu". This CPU is caused by SAP changes or flashes being sent to a number of lines where SAP updates are unwanted.
A new option to an existing command has been added in response to more than one customer seeing high CPU use due to the sending of SAP updates when they thought they disabled SAP updates. Normal updates were disabled or sent very infrequently but flashes/changes updates are still sent normally. There was no way to disable these flashes without impacting the end clients.
In 11.2 the command
ipx sap-interval
is now
ipx sap-interval < | passive>
In 11.3 a "passive" option has been added to the existing ipx update command making it:
ipx update interval < | changes-only | passive>
11.3 will also accept
ipx sap-interval < | passive>
but will write out to Non Volatile Memory in the new form
ipx update interval sap < | changes-only | passive>
When the passive option is set both the normal updates are stopped and the flashes/changes updates are stopped. Queries will still be replied to on this interface. The update interval is set to the same interval used in change-only, for SAP that is an interval of 0 and for RIP a large value, any SAP or RIP heard on these interfaces will use that value for aging effectively taking forever, or a very long time, to age out. [CSCdj59918]
When replacing an adapter type with a different type while the router is running (OIR), configuration problems can surface if the new adapter is configured with the same IPX (and/or XNS, Apollo) network number as that of the replaced adapter. The error message will look similar to this "%IPX network CAFE already exists on interface Fddi0/0".
Workaround: An alternative to this fix is to remove the IPX (and/or XNS, Apollo) network from the existing adapter BEFORE replacing it. The command to use to remove the existing IPX network number, while in configuration mode, is: no IPX networknetwork [CSCdj60836]
EIGRP/IPX without RIP process enabled will encounter sap processing problem. The workaround is to enable ipx router rip with no network all. [CSCdj73190]
Following a reload or a clearing of the NLSP data base ("clear ipx nlsp *") a router may experience several minutes of high CPU utilization. This can only happen if the NLSP router is reporting large numbers of RIP routes and SAP services into its NLSP area. [CSCdj73759]
Parser allows keywork options node and port as inbound options for LAT in the translate lat global command. These are not supported as inbound options and should not appear in the parser. [CSCdj29889]
Some initial telnet negotiation may occur at the beginning of an X25->TCP translation even though the stream option is specified. [CSCdj71495]
Under rare circumstances, a router reload may occur while running TCP to X.25 protocol translation. [CSCdj23230]
TCP sessions terminated on a router may experience increased delays in unstable environments with large RTT, lost packets, and interoperating with TCP stacks with no fast retransmit and no congestion avoidance.
The normal issues when running TCP in the above environment can be exacerbated by an issue where the router may not buffer out of order datagrams up to the advertised window size.
This is no known word around, but this appears to only be a problem in rare situations with sessions to TCP stacks of sub-optimal design. [CSCdj68834]
At the time of the crashes, multiple Frame Relay DLCIs were flapping. [CSCdj72482]
Inbound connections may erroneously be refused to a TCP translation service. This is most likely to occur when many connections are being opened and closed at the same time. [CSCdj73057]
When using TN3270 under low memory conditions, the router can run out of DRAM memory. Reloading is the only way to recover. [CSCdi77852]
When using TN3270 keymaps, a keymap will not be selected based on a match of the local terminal-type name to the name in terminal type list of the keymap unless the keymap name is equal to the local terminal type.
Workaround is to explicity select a keymap-type on the line (TTY) or make the keymap name equal to the terminal type name. [CSCdj35972]
Problem: ------- When a router is enabled for VINES routing and if any VINES command has been issued on any active interface, that interface is considered an active VINES interface and would cause periodic VINES updates to be sent out on that interface. This problem exists even after the VINES commands have been removed (using the no prefix. These invalid updates could cause neighboring VINES routers' routing tables to be invalid.
Work-around: Alternative to this problem resolution ----------- If VINES is enabled in the router, issue the following command on all active interfaces which are connected to a VINES network, or interfaces on which an interface VINES command (e.g., vines update interval 60) was issued:
C The minimum peak rate supported is platform dependent. The AIP does not support peak rates below 130kbps. The command parser does, however, not reject configured peak rates below this value. Users of AIP interfaces on the 7x00 platforms should not c [CSCdi38544]
When using a VIP controller in a Cisco 7000 series router with a Silicon Switch Processor (SSP), the SSP cannot access the second port adapter when the VIP is installed in slot 4. As a workaround, install the VIP in slots 0 through 3. [CSCdi41639]
A new command will be added to allow the CHAP Challenge name to be common across multiple boxes in a rotary group. The new command will be 'ppp chap hostname xyz'. [CSCdi44884]
Asynchronous LMI updates are currently not supported. If the Cisco router receives an async LMI update from the switch, all PVC's on that circuit could go down. Disable async LMI updates on the switch to workaround this problem. [CSCdi46835]
The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]
When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should be also configured on the serial interface to achieve effective traffic prioritization.
See associated BUG CSCdi52882 [CSCdi52067]
If extended access-lists are used to prioritize traffic over two DLCI's with the command frame-relay priority-dlci-group, then fast-switching must be disabled with a commands such as no ip route-cache or priority-group on the serial interface to achieve prioritization as designed by the access-list.
See associated bug CSCdi52087 [CSCdi52882]
The interface configuration command ppp chap password password has been added. This command allows a router to respond to multiple unconfigured peers with a single common CHAP secret. [CSCdi54088]
On the AIP when trying to setup a VC, the AIP-3-AIPREJCMD error message may occasionally reject the setup. This was sometimes observed on the 7500. The setup will succeed at next attempt. [CSCdi54829]
the poll pdu will be sent out every second. if line is idle, poll pdu will be sent out every 5 or 10 seconds depending on keep-alive timer or idle-timer is running. [CSCdi56131]
The map-class subcommand frame-relay traffic-rate is not being converted to an equivalent value for committed information rate and committed burst and excess burst values.
In addition, this command is not being written to non-volatile memory when the write memory is issued.
There is no work-around for this problem. [CSCdi59984]
ip tcp header-compression is not compatible with ppp multilink but the config allows both commands to be configured for the same interface.
A workaround is to remove either ip tcp header-compression or ppp multilink from tne interface configuration. [CSCdi60142]
The parser does not show the ppp quality command as an option. However, you can enter the ppp qualitypercentage command. [CSCdi61507]
When configuring PVCs on the AIP, you may observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)
The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]
Show dialer will not display the correct idle time for link in a multilink bundle.
For PRI, sync or async interfaces that are have ddr configured and are part of a multilink bundle: 1. execute show ppp multilink to find the master link for the bundle 2. Look at the idle timer for this link when executing show dialer. This is the correct idle timer for the bundle.
No workaround for BRI. See CSCdi57326 [CSCdi72858]
The command "ipx ppp-client " is only for Async interface as documented in the manual. It should not be allowed for other interfaces, especially dialer interface. [CSCdi74600]
When PPP or SLIP is started from the async interface command prompt, the configured peer IP address pool name is not used. Instead, the peer address will be retrieved from the pool named 'default'. [CSCdi83107]
When bridging over Frame Relay, the IETF encapsulation type configured on the frame relay subinterface is not inherited by static maps on that subinterface. As a result, they use CISCO encapsulation. A workaround to the problem is to use the IETF keyword in the configuration of the frame relay maps. [CSCdi85189]
ARP replies are not sent over a PPP multilink interface. As a workaround, you can configure a static ARP on the remote device or disable PPP multilink. [CSCdi88185]
Soon after you disconnect a PRI on which active calls connected, a message such as the following may be displayed:
%SYS-3-CPUHOG: Task ran for 2004 msec (1871/435), Process = ISDN, PC = 2206232E [CSCdi93207]
aaa network authorization fails with an "unknown attribute callback-dialstring" if the remote node connects to the NAS in character mode first, then has an autocommand "ppp negotiate" launched via exec authorization.
If the same remote node connects in packet mode it works okay.
A workaround is to remove the "if-needed" keyword from the aaa authentication. [CSCdj04942]
Snapshot does not work with multilink PPP. Workardound is to disable multilink PPP [CSCdj07330]
CHAP authentication might fail when you configure the aaa authentication local-override command. [CSCdj08113]
When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface may bounce once or continually bounce during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.
During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]
Removing a fr map-class followed by a wr will - crash the system - erase the complete NVRAM (all config lost). The problem has been duplicated with 11.2.4 and 11.2.5.4 [CSCdj15205]
Incoming Multilink PPP calls will cause a routing broadcast request to be sent out all interfaces configured for RIP or IGRP. This has no serious impact other than additional processing. [CSCdj15850]
PPP has been observed to actively negotiate LCP on a shutdown BRI interface on a 4x00. [CSCdj17377]
Intermittent ping failure when pinging over a ddr interface using lapb encapsulation. No workaround [CSCdj20072]
Sometimes an AS5200 displays messages of the following type on the console :
*Mar 1 12:23:16.295 EST: %AAAA-3-BADSTR: Bad accounting data: too many attributes
This problem in the feature dialer profiles is purely cosmetic. "idle timer" in "show dialer" doesn't change under the physical interfaces(BRI0:1 and BRI0:2) when entering the command "dialer idle-timeout xxx" under the logical interface(interface dialer1). Moreover, the idle timeout will be according to the defined value (xxx), which is specified under the logical interface. See below.
Furthermore, you cannot enter the command idle timeout under BRI0 when using dialer profiles.
artevelde#sh dialer BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last status 0 incoming call(s) have been screened. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Dialer1 - dialer type = DIALER PROFILE Load threshold for dialing additional calls is 1 Idle timer (3600 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle
Dial String Successes Failures Last called Last status 237 4 2 00:22:35 failed Default artevelde# interface BRI0 description ISDN number 234 no ip address encapsulation ppp dialer pool-member 1 no fair-queue ppp authentication chap ! interface Dialer1 ip address 1.1.2.1 255.255.255.0 encapsulation ppp dialer remote-name bavik dialer idle-timeout 3600 dialer string 237 dialer load-threshold 1 either dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap ! [CSCdj24994]
Currently, the private buffer pool on the 4500-ATM card can be adjusted but the changes are onyl applied to the largest-size private buffer pool for that card rather than the mtu-based buffer pool that the card is using. This is currently being worked on and will be fixed in a later release of IOS. [CSCdj25842]
In a LANE environment the ATM module on the Cisco routers does not report the correct traffic count on the 'show int'. This problem has been identified and will be fixed in a future release of software. [CSCdj28364]
This DDTS adds the following hardware registers to the crash context for VIP that is displayed in sho diag:
" sh isdn history " command shows improper o/p. [CSCdj36783]
Getting A LOT of router crashed after upgrading IOS from 11.2(5) to 11.2(8). ISDN internet connection stays on line for few minutes and then router dies. [CSCdj37380]
If an asynchronous interface is configured with encapsulation slip (the default), and if it is currently up and running with encapsulation ppp, then the configuration command "encapsulation ppp" will not be saved in the running or nonvolatile configuration. [CSCdj38128]
The router with over 180 DLCIs can not boot properly due to excessive console log messages related to the startup of Frame Relay PVCs. [CSCdj39383]
In the ISDN layer2, layer3 and management entity tasks, memory pointers are becoming invalid, it appears due to a race condition between tasks when when memory is freed in one task, and then another task attempts to access this now invalid pointer. This scenario has only been seen on ISDN BRI platforms in which a number of the BRI interfaces experience persistent deactivation such that the management entity is shutdown, etc. Add validmem_complete() checks before accessing pkt, pkg or primitive pointers, and before freeing these same. [CSCdj40403]
arp handling isn't quite right for 11.2(8) atm lane. [CSCdj40570]
It should be possible to change the MRRU when using multilink PPP. [CSCdj40945]
When an interface that is part of a multilink PPP bundle goes into "up (looped)" state, PPP does not remove that link from the bundle.
The result is that only a fraction of small packets make it thru the bundle, and no large packets do. [CSCdj41030]
The SSCOP layer sequence number wraparound conditions leads to memory leaks and memory fragmentation problems. The problem occurs when the the sscop's send sequence number reaches a maximum value of 16777215. The switch needs to be reset to continue normal functionality. [CSCdj45157]
When ATM traffic-shaping is enabled on ATM interface along with priority-queueing, priority queuing doesn't work as desired.
The work around of this problem is to turn off ATM traffic-shaping over that interface. Another work-around is to use release 11.2(2) or before 11.2(2). It also works fine in 11.1 releases. [CSCdj45778]
.None [CSCdj45814]
When running Generic Traffic Shaping and Frame Relay Header Compression WFQ is unable to disseminate sessions within the Traffic Shaping Queue. [CSCdj46628]
Manual intervention is required to disable Fast-Switching on the interface when Frame-Relay Header Compression is enabled. As FR Header Compression takes place it the Process Switching Level - we do not compress headers until FS is manually disabled- a cleaner solution could be to automatically disable/re-enable FS upon FR Header Compression config/de-config. [CSCdj46631]
You may experience issues with the pri hanging or busy when all channels are not in use. This is usually accompied by the following console messages:
ISDN Se9/0/1:23: Error: CCB run away: 0x61D97560: ISDN Se9/0/1:23: Error: CCB run away: 0x61C494F8: ISDN Se9/0/1:23: Error: CCB run away: 0x61C494F8:
A CCB is an internal structure, Call Control Block. Should only have 1 per call and B-channel. For an example, look at interface, Serial 9/0/1, 60 CCBs. Looks like Duplicated callids, B-channels, possibly caused by calls are failing and not getting cleaned up.
The only work-around is to reset the controller manually. This can be done with a shut / no shut of the 'interface Serial0:XX' or reload the router.
An async interface with PPP encapsulation and DHCP address pooling will cause any matching dialer map IP address to be ignored. [CSCdj51011]
On an access server configured to route IPX on async interfaces, the router will attempt to send IPX rip routing updates out the async interfaces even if the remote peer has not negotiated IPX.
A low impact workaround is to disable IPX routing on the async interfaces. [CSCdj51024]
IOS support of rfc1315 frame relay mib does not include listing subinterfaces associated with dlci. As a result, any particular dlci will be referenced by the ifIndex of a main interface, rather than the subinterface the particular dlci is associated with. [CSCdj51386]
The router reloaded with Software forced crash, PC 0x30F8804 at valifblock, validate_memory, checkheaps, checkheaps_process. [CSCdj51442]
Under rare circumstances, V.120 ISDN calls into a router will pause for a few seconds (or until a keypress) when carrying a large traffic stream. [CSCdj51657]
When the commands ip tcp header-compression and ppp multilink are configured together on the same interface, it can cause the router to crash.
The workaround is to remove the ip tcp header-compression or ppp multilink command. [CSCdj53093]
A router configured as ISDN leased-line does not tolerate other devices to share the same S-bus with it. It can only be used in a point-to-point fashion. [CSCdj53215]
The command "isdn caller" does not work together with dialer rotary-group. Moreover, the router accepts all incoming calls when isdn caller is defined. The workaround is to use dialer profiles. [CSCdj56668]
RSP crashes at rsp_fs_free_memd_pack may be caused by down rev AIP microcode in the router that is crashing or in routers that are "feeding" this router in the same network. [CSCdj59745]
When configuring map-class frame-relay BCcommitted-burst-size, the system may encounter a CPU exception with reason = EXEC_ADERR(1200) and restart.
There is no workaround, this is an intermittent problem. [CSCdj62139]
Autoinstall over Frame Relay can fail if the link goes down after the autoinstall process has started but before it has completed. This will only happen if the Frame Relay network is provisioned to use the "lmi reroute" option - a new feature available on Newbridge switches.
The only workaround is to manually configure frame relay encapsulation on the interface. A reload of the router will not help. [CSCdj62439]
c4700 crash pc 0x601beadc running dlsw on a large x.25 network. Buffer tuning does not help [CSCdj62657]
1. Symptoms ----------- This bug pertains to utilizing Frame-relay SVC's. IOS appears to not include the magnitude parameters for Be and Bc on the SVC CONNECT message (It only includes them in the SETUP Message). The SVC circuits are on S4/0 for both routers. Without the magnitude parameters, the biggest value Bc and Be can be is ~130Kbits.
3. Workaround ------------- None known at this time [CSCdj63173]
Using 11.2(11) may cause spurious access on ATM interfaces resulting in a performance drop. This is likely to happen in a broadcast situation like UDP flooding. Upgrading to next maintenance version will alleviate this problem. [CSCdj63294]
Some Windows 95 Dial sessions that use script files fail to connect to an Asynchornous interface on Cisco Access Servers. [CSCdj63311]
A frame relay interface configured for ANSI LMI will acknowlege a Cisco LMI update when the router should ignore it. [CSCdj64207]
During Bridging over legacy ISDN DDR with Frame Relay encapsulation, IP data are not going across. [CSCdj64846]
The map-class commands
frame-relay bc out frame-relay be out
are accepted by the enterprise image. These parameters are relevant for SVC setup.
However, the traffic shaping code doesn't use them As a result the values appear to be unset.
This behavior can be avoided by using the commands:
frame-relay bc frame-relay be [CSCdj65624]
When performing an OIR of a VIP PA it is possible to get a CPU hog in OIR handler and performance may be affected. Avoiding an OIR is the workaround for the problem. [CSCdj66959]
The router may reload when using X.25 switching with x25 route statements specifying "substitute-source" or "substitute-dest" keywords such as: x25 route ^169 substitute-source 104144953 interface serial0 This problem was introduced in 11.2(10.1). [CSCdj67115]
When the system is reducing its rate in response to the receipt of BEcNS, the reduction may not be predictable. Rate adjustments are made once per interval if any number of BECNs were received during that interval. [CSCdj67297]
frame-relay is broken. Most of the protocols on frame-relay may not work and packets may get dropped/misbehave as parsing of packets is not properly done in some cases. [CSCdj67384]
Configuring a PVC via the "frame-relay interface-dlci" command on multipoint subinterfaces caused a system reload if the PVC had previously been learned via inverse arp. [CSCdj67510]
A bus error is generated when changing the ISDN switch type from basic ni1 to basic 5ess on a 1004 router. [CSCdj68815]
When a user dials into an as5200 and uses a virtual-access interface over a normal async interface, IPCP will sometimes not negotiate correctly and loop over until the connection disconnects. This occurs for a very specific client. Normal windows 95 client work correctly. [CSCdj68881]
Custmer getting the following error %LINK-3-TOOBIG: Interface Lex1, Output packet size of= 1520 bytes too big on 4500 router after upgrading to 11.2.9. [CSCdj69018]
With an async interface in "async mode dedicated", but with "autoselect ppp" in effect on the corresponding line, when an incoming call arrives, autoselect spuriously starts on the line, despite the "async mode dedicated". This spurious autoselect quickly loses, rendering the line useless.
The workaround is to put in "no exec", "no autoselect ppp", "no autoselect during-login", etc., on the line. [CSCdj69797]
A BRI interface may lose a TEI after it is reset. The router fails to request for a second TEI after the reset. If the BRI is reset a second time, the router regains both of the TEIs. [CSCdj69824]
Symptom:
IPX dialup clients do not see a server list.
Conditions:
Any IPX dialup connection usiing ISDN or any form of PPP multilink will not see a server list if they are using the 32 bit Netware Client or any device requiring an IPX RIP response.
This is a regression introduced by CSCdi72429.
Workaround:
Use a client that does not require IPX RIP such as the Microsoft Netware Client. [CSCdj70744]
3640 getting ALIGN-3-SPURIOUS messages sometimes during startup and sometimes during configuration tasks. Router continues to operate correctly. [CSCdj70812]
[CSCdj70836]
symptoms of the defect:
After OIR of AIP(s) on router, SVCs can no longer be established.
conditions when those symptoms occur:
When all existing AIPs are extracted and hot swapped.
any known workarounds:
In the case of multiple AIPs, change them one at a time. In the case of only one AIP, insert new AIP BEFORE extracting the existing AIP. [CSCdj71438]
When a dialup PPP link is coming up, PPP sometimes drops incoming LCP packets with a debug message: "Lower layer not UP, packet dropped". This is specially noticed on Asynch Autoselected interfaces. [CSCdj72006]
After Reload sometimes an Asynchronous interface running PPP framing will not come UP/UP automatically.
A workaround is to change the line speed or to clear the line or to issue the configuration commands Shutdown and the configuration command No Shutdown in succession. [CSCdj72909]
When LANE sub-interfaces are part of bridge group, the bridged traffic does not use the data direct VC. This will be fixed in 11.2(11.2). [CSCdj72939]
While trying to configure a cisco 1003 router running 11.2(11) for switch-type AT&T 5ess w/spids the router incountered Bus errors and reloads. The router will not crash when you input the configuration. It will crash once you plug it into the ISDN line after you have configured the router with switch-type AT&T 5ESS with spids. The router does not like to see spids added to the configuration. This bug was found while trying to get a muiltipoint 5ESS switch to run with the router and requires spids be added. [CSCdj73634]
The CyBus error reporting has been improved to help diagnose problems caused by VIP cards. Following the normal RSP-3-ERROR:
The presence of a DBUS-3-CXBUSERR can help identify a possible cause of the error:
%DBUS-3-CXBUSERR: Slot 2, CBus Error
And additional information about the CyBus error may be provided via the VIP2-1-MSG logging mechanism:
%VIP2-1-MSG: slot2 Nevada Error Interrupt Register = 0xA01 %VIP2-1-MSG: slot2 CYASIC Error Interrupt register 0x2010000F %VIP2-1-MSG: slot2 Readback of bad posted read data %VIP2-1-MSG: slot2 Parity Error internal to CYA %VIP2-1-MSG: slot2 Parity Error in data from CyBus %VIP2-1-MSG: slot2 Missing ACK on CyBus access %VIP2-1-MSG: slot2 NACK present on CyBus access %VIP2-1-MSG: slot2 CYASIC Other Interrupt register 0x100000 %VIP2-1-MSG: slot2 Unknown CYA oisr bit 0x00100000 %VIP2-1-MSG: slot2 CYBUS Error register 0x8001A10, PKT Bus Error register 0x41000001 %VIP2-1-MSG: slot2 Reno read parity error - bytes 0 & 1 %VIP2-1-MSG: slot2 Reno read parity error - bytes 2 & 3
The CyBus error will then still result in a cbus complex restart:
%RSP-3-RESTART: cbus complex [CSCdj74213]
LANE does not filter multicast packets (like ethernet hardware). As a result, some multicast packets may get to process level and get duplicated. To prevent the router from doing this, configure bridging on the interface. If the protocol is routed and if bridging is configured on the Lane Client configured interface, the multicast packets will get dropped. [CSCdj74418]
This section describes possibly unexpected behavior by Release 11.2(10). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(10). For additional caveats applicable to Release 11.2(10), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(11).
When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]
IPTALK is completely broken in 11.2 due to the fact that llap header is missing in all iptalk packets. There is no work around. [CSCdj50179]
IPTALK interface will not come up after reboot if the order of tunnel interface precedes its physical interface (e.g, ethernet, serial, etc.). The symptom is that the iptalk command from tunnel interface disappears after reboot. There is no work around. [CSCdj58363]
Sometimes a memory leak that consumes I/O memory can be triggered in the pool manager. [CSCdi90521]
Symptom ------- Under extremely heavy CPU interrupt states a router with FSIP, CT3 or any serial interface may experience the following "output stuck" error message...
This is a result of a internal timer utility that can incorrectly return false value under extreme interrupt situations. And that causes transmit-buffers backing-store mechanism faulty declare serial interface "output stuck".
Conditions ---------- The symptom occurs on Cisco routers in the 7000 family using the CT3 or 4/8 port FSIP cards or any serial interface under IOS version 11.1(10)CA, 11.1(11), and 11.2. It only observed under oversubscribed traffic load.
Workaround ---------- Configure interface to FIFO queueing via the no fair-queue command.
The command transmit-buffers backing-store is on by default when an interface is configured for weighted fair-queueing. If the interface command no fair-queue is used which changes the queueing strategy to FIFO then transmit-buffers backing-store is off by default. [CSCdj12815]
If a 'map list' is configured; the 'show running' command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]
An EXEC prompt does not appear until the TCP connection for accounting EXEC is sent and acknowledged. Accounting EXEC acts like wait-start, even though start-stop is configured. [CSCdj27123]
'clear counter' on CLI also clears the SNMP counters in ifTable for the sub-interfaces. [CSCdj35391]
Performing a telnet from the router with TACACS being configured might sometimes cause a router to reload with a bus error. The exact cause is still under investigation.
This problem has only been seen with 11.2 or later IOS releases. [CSCdj36356]
Normal notification of change of state on the Slave RSP in HSA systems leads to an incorrect diagnosis of bugs. The messages are caused by CBus resets, and merely indicate that the slave is progressing through a normal series of states as it resets. The messages look like :
%RSP-3-SLAVECHANGE: Slave changed state from Slave to Non-participant %RSP-3-SLAVECHANGE: Slave changed state from Non-participant to Slave %RSP-3-SLAVECHANGE: Slave changed state from Slave to Non-participant %RSP-3-SLAVECHANGE: Slave changed state from Non-participant to Slave [CSCdj40662]
router sending out wrong oid for bgp trap (bgpEstablished and bgpBackwardTranstion) this happens on 11.2.x [CSCdj47431]
This is a generic problem found in 11.1, 11.2 and 11.3 (the fix has been patched to all three trains as of 11/10/97) [CSCdj49461]
A bug introduced by CSCdi77395 causes ifPhysAddress to mistakenly return a NoSuchName error for subinterfaces with a NULL ifPhysAddress. The workaround would be to configure :
no snmp-server sparse-tables, so an entry will be returned. [CSCdj50390]
On a 7500 router with HSA, the slave config will not be updated via the first "write mem" or "copy running-config startup-config" command. There is no warning to the user other than the absence of the "[OK]" on the slave console. The slave configuration will be updated on all subsequent "write mem" and "copy run start" commands, so the workaround is to repeat the command. [CSCdj50727]
When traffic shaping on the C7500 family routers, we may not switch enough traffic to achieve the specified traffic level. [CSCdj50861]
Traffic shaping on frame relay will not be enforced unless a session is active at the time traffic shaping is configured.
The only known work-around is to enable shaping during an existing data transfer. [CSCdj52135]
In all versions of IOS, even with aaa authorization commands 1 or 15 on a router, a user can bypass authorization command checks and telnet from a router by simply leaving off the word "telnet" and typing only the IP address of his destination. The router will then use the "preferred" transport method implicitly (which is "telnet" by default) and allow the user to telnet to another device even though this user is explicity denied the ability to issue the "telnet" command on a TACACS+ daemon.
There is a simple workaround and that is to configure "transport preferred none" on any lines (vty or otherwise):
line vty 0 4 transport preferred none line 1 16 transport preferred none [CSCdj54679]
The general problem is the 7500 may not correctly allocate the right number of a packet memory (memd) buffers to some network interfaces. The problem requires a large number of interfaces whose collective bandwidth is high, but their MTU is smaller than another buffer pool.
For example, a problem was found with a 7500 using a large number of fast ethernet and/or ethernet interfaces and one or more FDDI interfaces. The pool of packet memory should have allocated 80% of the memory to the ethernet and fast ethernet interfaces which use an MTU of 1536. The error is it got 20% of the memory, and the lone FDDI interface with MTU 4512 got 80% of packet memory.
The problem occurred with 55 Ethernet, 6 FastEthernet and 1 FDDI network interface. The problem did not occur with fewer interfaces, specifically 36 Ethernet, 5 FastEthernet and 1 FDDI interface.
The problem may show up a high number of input drops on some router interfaces. [CSCdj55428]
Memory corruption caused by NTP.
There is no workaround. [CSCdj55888]
At times, c1000 code will send sntp queries to the next hop along the route, instead of to the address configured in the sntp server statement in the config. [CSCdj56216]
The input queue may be wedged with ip packets if the exception dump command is configured.
The Known workarounds are: 1)Increase the input queue to 175 ([75]Original Queue amount+[100] per exception dump x.x.x.x cmd) 2)Remove exception dump x.x.x.x command [CSCdj58035]
When frame relay traffic shaping is enabled on a serial interface, disabling and re-enabling weighted fair queuing will cause a system restart. [CSCdj58431]
When router is very highly loaded and traffic-shaping is active on the outgoing interface, it might be possible that LMI control messages get queued in traffic-shaping queues causing LMI protocol to go down. [CSCdj64221]
When frame relay traffic shaping is enabled and the clear counters command is issued, the system may restart.
The work-around is to remove and then re-enable frame relay traffic shaping to clear its counters. [CSCdj65742]
The show source command could give inaccurate information about the amount of explorers IN to the router from the ring and about the amount of fastswitched explorers.
The show controllers tokenring commands will not shift the amount recorded from left to right in the entries:
throttles: 51/0
at the next show output it should be like this:
throttles: 0/51 [CSCdj06982]
The following error message and traceback can be generated if lnm rps is enabled on the tokenring interface for a 75xx router running 11.1.9, turning off this function will eliminate the error message and traceback. [CSCdj10473]
While running STUN local-ack on Cisco IOS Release 11.1(12), secondary PU 2.1 SDLC devices may enter FRMR state. The connection is terminated and restarts, sending XID to the device. Since no SDLC DISCONNECT was sent, the endstation remains in stuck FRMR state, and rejects the XID. This fix changes STUN local-ack so that if a FRMR comes in while the STUN state is "disconnected", an SDLC DISC is sent to reset the station. Subsequent XIDs will then succeed. [CSCdj35118]
The APPN router may crash during an snmp access to the appn mib. This problem only occurs after an unused appn node is garbage collected. The crash has the following backtrace.
System was restarted by bus error at PC 0x8B5902, address 0x4AFC4AFC PC: process_snmp_trs_tg_inc
On RSP-based routers the pseudo MAC address assigned to a bridge port on a source route bridge virtual ring group is incorrectly formatted to ethernet format during IOS start up. This MAC address is used to establish a bridge link from IBM Lan Network Manager and can be shown by using the "show lnm config" exec command. [CSCdj38360]
The APPN router may crash with a bus error if a race condition is hit during cleanup processing. The stacktrace shows the crash occurred in Qfind_front while executing a psp00 function. The stacktrace for this particular crash is shown below.
System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]
Symptom: A downstream LU is unable to get logo screen from the host even though other LUs on the downstream PU can. Router shows dspu state of that LU to be Reset or dsLUStart, while host shows state as active. LU is recovered by deactivation, then reactivation of LU at the host.
Conditions: This state may occur if the downstream LU has previously failed to reply to ACTLU, or if the host has failed to respond to a NOTIFY (available or not available) from DSPU within a timeout period of 20 seconds.
Workaround: Recovery requires the host operator to recycle the LU at the host. [CSCdj45783]
When RSRB with TCP encapsulation is configured with priority peers and some of the priority peers are closed/dead, an explorer packet may continuously try to open the closed/dead priority peer. After several tries, the router may crash with memory corruption. [CSCdj47493]
Prior to this fix, DLSw MIB time related variables would be incorrect after approx 49 days. After the fix, they are accurate up to 497 days. Affected variables include:
Also all variables except ciscoDlswUpTime would have minor small changes (off by a few milleseconds) dependent upon timing. After the fix all these variables remain accurate. [CSCdj48345]
The interfaces throttle count had been inadvertantly removed from the show source output. This counter has been added back to the show source output. [CSCdj49389]
Executing a show source command may cause the router to restart unexpectedly if a virtual ring group or remote peer is deconfigured when the source source bridge command output is waiting at the -- more -- prompt.
The workaround is do not reconfigure virtual rings or remote peers while executing a show source command. [CSCdj49973]
Executing the command show dlsw capabilities local may generate a 'Spurious memory access' message. [CSCdj50187]
Normal non-extended unbind (0x3201) was extended with corrupted information which caused rejection by the host. As far as the host is concerned, the session is still active. User can not cleanup this session without bringing down the link. [CSCdj50581]
RIF may be modified incorrectly when multiring and SRB proxy explorer are configured on an interface but the SRB triplet is not configured.
e.g.
interface TokenRing0/0 ip address multiring ip source-bridge proxy-explorer
Note the absence of the "source-bridge "
The "source-bridge proxy-explorer" statement will not show up in the config unless the SRB triplet is configured.
Work-around for this problem is to configure "no source-bridge proxy-explorer". [CSCdj51631]
When running proxy explorer & netbios name caching on a token ring interface of a c7200, alignment errors will occur. [CSCdj52522]
DLSw routers with ethernet and token-ring ports, also configured for SR/TLB between DLSW ethernet and token-ring ports, will display token-ring devices as reachable through the token-ring and transparent bridge paths when show dlsw reachability is issued. [CSCdj55019]
It was found that with some PCs, we're not able to link to the local bridge. From the trace, we noticed that LNM end-stations are not able to handle RR right after RNR. [CSCdj55763]
Router may reload when removing configuration of X.25 PVCs for QLLC. [CSCdj57872]
Configuring LLC2 parameters on the CIP virtual interface at interface config mode are not being set. Configuring LLC2 parameters on the CIP virtual interfae at internal adapter config mode is not effected by this problem. [CSCdj61654]
When an actpu is followed by a dactpu from VTAM and there has been no response from the downstream device to either flow, after a disconnect is received from the downstream device, DLUR will send a -rsp(actpu) upstream instead if the proper flow, a +rsp(dactpu). This can cause the PU from the DLUS perspective to hang in PDACP state. [CSCdj61872]
It is rare, but possible, for DLUS to send a -rsp(REQDACTPU). When this happens it indicates that VTAM has already cleaned up the PU in question. When receiving this response, DLUR must clean up the PU it avoid the PU from being stuck in 'stopping' state. [CSCdj61879]
When using APPN/DLUR with a large number of LUs (over 1000), a memory spike can occur during the processing of a downstream PU outage. In extream cases, this memory spike can be large enough to exhaust memory in the APPN/DLUR router, which can cause a reload. [CSCdj61908]
Session attempts fail with DLUR generating a sense 08060000 in a rare case where the LU name list gets corrupted. This problem is easily identified by the VTAM LU showing "active" state, while the show appn dlur-lu name display does not show the lu. [CSCdj62172]
When using APPN dlur directly attached to a FEP, when SSCP takeoever occurs for that FEP, the APPN router may detect an xid error in the non-activation xid following the takeover. The messages printed are:
When "ip route-cache cbus" is configured on an interface, there is the potential for intermittent router crashes due to an incoherent cache entry data structure.
If this incoherency occurs and does not cause a router crash, it may instead cause cbus switching to be automatically disabled, and the interface would resort to fast switching (or sse switching if sse switching were also configured). [CSCdi43526]
When adding or removing a sub-interface to a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. Two problems are associated with this caveat:
The whole interface will be reset when a user tries to add the ip address command. Caveat CSCdj02488 (integrated into 11.1(11) and 11.2(5.1)) fixed this problem.
A workaround for the other problem is to turn off CDP globally ("no cdp run") BEFORE adding/removing new/old sub-interfaces and turn cdp back on AFTER that. [CSCdj07291]
Doing a "show interface" and viewing the PRI may show "input packets" and Runts to be incrementing. No physical or performance issues will be found to support the problem seen.
This appears to be cosmetic only.
The fix will eliminate incrementing runt counter for every packet. On the Cisco AS5200 router Runt recovery will work normally. But runt counters will not account for the runts at recovery. [CSCdj23598]
Under certain conditions packets may stay on the input queue.
The condition which caused packets to stay on the input queue has been removed. [CSCdj30087]
When use SDE encapslation on HSSI interface, it doesn't work. IOS 11.2 image was used. [CSCdj37170]
When transparent bridging to a tokenring interface it is possible for the interface to read in a frame it has forwarded onto the tokenring interface. This will cause the bridge table to be incorrect.
The problem only affects the mid-range and low-end platforms. [CSCdj41666]
A Catalyst 5000 RSM populated with an ATM Port Adapter with LANE client(s) configured can get its ATM interface stuck in a down state if a user creates new vlan interfaces.
Symptoms include the following message being displayed to the console
Saving the RSM configuration and reloading its image will clear the error condition. [CSCdj41802]
The PA-4R may incorrectly adjust the datagram size of an incoming packet to include extra padding at the end of the packet. This problem only occurs under moderate/heavy traffic load where multiple PA-4R interfaces are consuming many particle buffers. The problem also only occurs on packets with a packet length that is a multiple of 512 bytes, 513 bytes, 514 bytes or 515 bytes. On Cisco 7xxx family VIP PA-4R systems any type of packet may be subject to this corruption. On Cisco 720x family systems with PA-4R, only source route bridging packets are subject to this corruption. The only workaround is to reduce the token ring interface's MTU to 508 bytes or less. [CSCdj48183]
If an MBRI fails to get a buffer (either from the interface buffer pool, or when a fallback occurs to the public buffer pool), the relevant field, 'no buffer', will not be updated when looking at the 'show interface BRI x 1 2' command output. [CSCdj48748]
With two fastethernet subinterfaces configured for VLAN 1, if one of the subinterfaces is removed, the remaining one's VLAN # changes in the configuration. [CSCdj49470]
Compression for HDLC encapsulated bridging only payload compresses Spanning Protocol packets. Actual bridged packets are forwarded with their payloads uncompressed. Prior to this release, bridged packets may have had their MAC addresses corrupted if STAC compression was enabled with HDLC encapsulation. [CSCdj50894]
When CRB or IRB is enabled before assigning bridge-group number to an interface, both routed and bridged traffic on that interface might be completely dropped. [CSCdj50928]
In Cisco 7500 series routers, sh dialer is not working. The workaround is to use sh dialer int serial x/y . [CSCdj51612]
For 802.10 interfaces such as fddi, ether, token, and hdlc transit bridging between smds, the translation failed. [CSCdj52314]
Cat5000 can not change packet format from SNAP to ARPA. [CSCdj53698]
With IRB configured on the router, ipx clients can't log into services on a bridged interface. Removing the ipx routing from the bvi fixes the bridged interface but you'd loose the routing. At this time this feature isn't supported. [CSCdj54050]
If you are doing IRB with RFC1483 PVCs, you may see certain IP anamolies such ARP resolution not working or if the ARP resolutions may take place and yet you cannot ping the neighboring device. These issues are currently being worked and a resolution will be available in a future release of IOS. [CSCdj54558]
The appletalk might fail when packets are bridged through ppp transit. [CSCdj61857]
An ATM interface configured with: ip pim [dense|sparse-dense]-mode ip pim nbma-mode no atm multipoint-signalling
can not create an mcache entry for mpackets sent to dense mode groups.
The interface must be configured no ip mroute-cache
to forward packets for the dense mode groups.
Sparse mode groups are not affected. [CSCdj06472]
A router may crash with a "System restarted by bus error at PC 0x60394488, address 0xD0D0D0D" message when running Cisco IOS 11.1(9) RSP with a heavy load of EIGRP and CSNA traffic. [CSCdj29447]
If OSPF external routes are summarized using the summary-address command, and the number of external routes being covered by this summary address drops to zero, the external summary will be flushed, but the router originating the summary will not install any matching external or nssa routes that may be present in its database.
The router can be forced to install the matching route by using the clear ip route * command. [CSCdj32471]
BOOTP requests being sent to 0.0.0.0 get forwarded to the gateway of last resort when there is one. [CSCdj33809]
If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]
A C7513 router running EIGRP reloads with the following message :-
"System restarted by error - an arithmetic exception, PC 0x60286234".
The program counter value points to an EIGRP IOS routine. [CSCdj38361]
Router has a high cpu utilization only in the ip background process, with 11.1(13.4). [CSCdj38748]
Snapshot server fails to poison stale routes. [CSCdj41097]
If a tunnel built on top of a dialer interface, turn on multicast fastswitch will crash the router. The work around is to configure 'no ip mroute-cache' on the tunnel interface. [CSCdj44432]
Under some circumstances, when removing a static IP route, the router will crash. [CSCdj45152]
Routers dont' update their routing table(s) running RIPv2 with md5 authentication being turned on - as the authentication fails if the key string used is longer than 15 characters.
The workaround is to use a key string not longer than 15 characters. [CSCdj45374]
If the BGP neighbor has the default-originate defined and then the AS of the BGP neighbor is changed, then default-originate will no longer be in wr t. Workaround is to add it back in. [CSCdj45721]
Rip version 2 clear-text authentication failure. [CSCdj46674]
Set metric 0 configuration doesn't work in a BGP neighbor outbound route-map. A workaround is to use "set metric 1" in the route-map instead. [CSCdj49095]
If the OSPF summary host route is overwritten by a route from another routing process which has lower administrative distance, it is possible that the OSPF summary host route will not be reinstalled after the latter route is removed. In particular, it only happens if the host route address is also the router ID of some ASBR. [CSCdj49161]
To help in troubleshooting and avoid any confusion, the 'show ip bgp' output should show the default local preference of 100 for ebgp learnt routes as we do for the ibgp learnt routes. [CSCdj49566]
Currently bgp does not check the number of outstanding messages when receiving from TCP. This behavior could weaken the TCP flow control in some cases. This fix will cap the number of outstanding messages in bgp receiving queue to 600. [CSCdj51596]
When a receiver joins a group after source starts sending (and source is also joined to the same group), RP may not trigger a PIM join immidiately, resulting in approximately one minute join latency for the receiver. [CSCdj51633]
When network topology changes, NHRP purge requests are not properly forwarded back to ingress routers leaving stale entries on intermediate NHSs and preventing immediate route switchover. The workaround is to clear stale NHRP cache entries on intermediate NHSs. [CSCdj52416]
entering the command "no ipx routing" then enableing eigrp can crash the router. This is a regression of CSCdj54141. [CSCdj53541]
When one of the routers on a broadcast network has been partitioned in which at least one partition has only one router, OSPF will generate a stub advertisement for this network in the isolated router's router LSA. This stub route will overwrite the normal network route calculated using the network LSA, regardless of the path cost.
This problem exists in all releases starting 10.3. This will be fixed in 11.1 and newer releases. [CSCdj53804]
*** Release Notes ***
The Proteon router's Internal Address is advertised as a Host Route not a network in the router's LSA. A Host Route is represented as a Type 3 link ( Stub Network ) whose link ID is the host's IP address and whose Link Data is the mask of all ones ( 0xffffffff ). This Host Route is advertise into all OSPF Areas.
The interoperatbility issue with the Cisco routers is that we will install the latest 'learnt' route to the Proteon's Internal address - this may not be the Shortest Path. See descriptions enclosures for a full explanation. [CSCdj56079]
In instance where router has 'passive-interface' configured under a Distance Vector protocol (RIP or IGRP) and has a 'neighbor x.x.x.x' configured known via that same interface; the router does not replicate a route request for the neighbor. Consequently there is no way to speed the convergance of the routing table between these two routers.
However, normal routing update intervals are not effected and work properly. [CSCdj57146]
If you are doing IRB with RFC1483 PVCs, you may see certain IP anamolies such ARP resolution not working or if the ARP resolutions may take place and yet you cannot ping the neighboring device. These issues are currently being worked and a resolution will be available in a future release of IOS. [CSCdj58194]
With EIGRP routing configured, redistribution of of the following type of routes into the EIGRP process will not work correctly:
A directly connected route A static route with the next hop set to an interface A static route with the next hop set to a dynamically learned route
The nature of the defect is that it will only occur after a dynamic event. If redistribution is manually configured, EIGRP will initially reflect correct information in the topology table, however after any sort of dynamic event the topology table becomes invalid and routing updates sent are inaccurate. [CSCdj58676]
Customer moved the IP multicast tunnels (DVMRP, GRE) from a serial interface to an ATM interface on an 4700. The packets are now process switched instead of fast switched, which causes a lot of CPU (IP INPUT).
When we use the serial interface for incoming packets and the ATM for outgoing there's no problem. Incoming on ATM, outgoing on serial also has this problem.
We used several IOS versions, always the same effect. In the config I tried ATM subinterfaces, ATM map-list, aal5mux and aal5snap.
It seems that incoming (IP multicast?) packets are not fast switched.
sh atm int atm0: 3869452 input, 2950238 output, 0 IN fast, 1097846 OUT fast [CSCdj59076]
When booting an unconfigured 3600 or 4X00 with a CE1 module, all available processor memory may be consumed during the initial setup dialog. [CSCdj60090]
Symptom:SYS-3-CPUHOG error messages occurred after the IOS was upgraded from 11.0 to Release 11.2(8) or 11.2(9). Suspect the error messages occur due to the OSPF database refresh every 30 minutes.
Conditions: Large IP OSPF network with multiple areas.
Workaround: None.
[CSCdj60461]
Symptom:
OSPF ABR does not generate summary for some connected networks.
Conditions:
The problem happens when unnumbered interface is used with OSPF. Summary for connected network which is put in the same area as the unnumbered interface might not be generated to other areas.
Workaround:
The workaround is to redistributed the connected network into OSPF to retain connectivity to those network. [CSCdj60959]
Symptom:
show ip ospf int interface command does not allow customer to specify a virtual-access interface. As a result, customer cannot get OSPF information for a single virtual-access interface.
Workaround:
Use show ip ospf int command to get information for all interfaces, including virtual-access interface. [CSCdj61373]
When using ISO-IGRP in conjunction with backup load functionality, ISO-IGRP routes may be un-usable for approx. 300 seconds after the BRI backup link drops. [CSCdj34115]
Under certain circumstances, a Cisco 7505 router running 11.1(13a)CA1 will reload if the netID is changed under the IS-IS routing process. [CSCdj49485]
Routing protocol hellos and updates are given priority over normal user data packets. After all, why forward data if you are not sure you have the right routes.
ISIS makes sure Hellos are given extra priority. ISIS should also do the same thing for some other ISIS control packets (SNPs). [CSCdj56141]
Symptom: When two routers running ISIS are misconfigured to have the same IP address, ISIS will happily install routes in the routing table that have our own IP address as next-hop.
Conditions: Misconfiguration of duplicate IP addresses.
Workaround: Don't make the mistake to assign duplicate IP addresses. The IP address that will be used as next-hop is visible with the command "show clns neighbor detail". The IP address selected will have an asterix. [CSCdj58060]
If you issue the ipx router eigrp command by itself, without including any network commands, a process is created that is visible with the show ipx eigrp neighbors, but that does not appear in the system configuration and cannot be deleted with the no ipx router eigrp command. The workaround is to issue a network subcommand to the ipx router eigrp command before issuing the no ipx router eigrp command. [CSCdi52895]
Using any of the xns flooding command may cause the router to reload, give alignment, bad pool, or buffer warnings. [CSCdj23479]
Occassionally on 4500 series routers XNS Standard access lists produce incorrect "permit" results. In one case this caused XNS RIP packet to bring up BRI/DDR lines every 30 seconds. If similar false "permit" results happen in forwarding filters it could mean supposedly filtered traffic could be permitted through the router instead of denied. [CSCdj25490]
If a route goes away via aging (180 seconds) and the default route is known a cache entry may be installed for this network using the default route path. If the network comes back within the next 60 seconds a new cache entry pointing to the now valid path may not be installed, the cache will still point to the default route path for this network. Workaround is to clear ipx route-cache, or run without using the default route. [CSCdj47705]
Enabling detailed IPX EIGRP debugging for specific peers may produce alignment warnings on some platforms. [CSCdj52136]
This failure is seen on lapb/frame-relay encap. You might see some "%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level" messages on the console. It is possible (rarely) that xns connected route for this interface doesn't get installed in the route table.
As a work around one of the following could be tried. 1. A "shut" and a "no shut" on the affected interface. or 2. Reconfigure ipx network using "no ipx network", followed by "ipx network .." [CSCdj53721]
Some IPX SAP packets are counted twice in show ipx interface and show show ipx traffic stats, some incoming SAP GNS packets may not be increment the incoming GNS counter. [CSCdj53762]
There are two problems. 1. Sometimes a connected network may not appear in the routing table, just after reload. A shut; no shut, should correct the behaviour.
2. If ipx routing is disabled (using "no ipx routing" command), you could see something like a steady memory leak, to unexpected router behavior to a router crash. The only known resolution is to power cycle the router, every time you do a "no ipx routing". [CSCdj54141]
This defect is only seen if you disable and re-enable IPX/XNS routing. If during this disable to re-enable window, some interfaces change state, there is a possibility of loosing the IPX/XNS background process.
Symptoms of this problem could be loss of network connectivity to a slow memory leakage till the router cannot allocate any more memory, and you will need a reload the router to correct this situation. [CSCdj57257]
If the command no ipx default-route is configured, the interface command [no] ipx down is ignore and non functional.
Workaround is to enable processing of the default route. [CSCdj63007]
'show ipx nlsp database detail | private' allows detail or private to be entered again. This is merely a parser problem. It has no effect on the output. [CSCdj64577]
A translation from tcp to either LAT or X.25 using the printer option may fail to close the outgoing connection under rare conditions. This will make the vty line unusable for protocol translation. If an exec session is started on that line, the line will be usable again for translation after the exec ends. [CSCdj40442]
Clearing obsolete VINES routes and neighbors using the commands clear vi route * and/or clear vi nei * can actually cause these obsoleted routes to remain in the table for days. This patch addresses the above problem.
As a work-around to applying this patch, refrain from issuing the clear vi route * and/or clear vi nei * commands. The obsoleted routes should age out naturally within 10 minutes. [CSCdj52929]
VINES interface status may not be up on some media types due to miscommunication between VINES and the driver code even when the interface and line protocols appear to be up. This seems to be timing related. The workaround is to issue shutdown and no shutdown on the affected interface. [CSCdj54032]
Modems on a 5200 chassis which have been busied out will show up in systat output with no user time and no idle time. [CSCdi62861]
With a Router running NetBIOS Frames Protocol (NBF) over Token Ring, a device connected via Async or ISDN with PPP encapsulation will appear to connect successfully but will be unable to see other NetBIOS devices in a domain. [CSCdi72429]
ciscoCallHistoryDestinationAddress is missing from CiscoCallHistoryTable for successful call. For failed calls, the CiscoCallHistoryTable does not contain ciscoCallHistoryDialReason. [CSCdj13033]
VIP requires and does not have a mechanism to determine the health/status of a VIP card. Specifically there needs to be a way to show tech-support, alignment, and logging information. The "show controllers" command should be extended to provide this information like "show controllers vip X COMMAND" where X is the vip slot number, and COMMAND is either tech-support, alignment, or logging. [CSCdj17006]
A Cisco Router running Release 11.1(6.1) can experience an input queue wedge on the serial interface. The symptoms are dropped packets on the interface. The only way to clear this problem is to reload or power cycle the router. [CSCdj17547]
A VIP2 with an incompatable or unsupported PA in bay0 causes the VIP to be disabled/wedged. The following error message is displayed in this condition:
Since the VIP is wedged, valid and supported PA's in slot 1 will be down as well. If a VIP2 is disabled/wedged with this condition:
1) Check to make the version of software your running supports this PA type. 2) Reseat the PA's to insure a proper connection is made. 3) Swap the PA's to opposite bays to further isolate the issue. [CSCdj21814]
Router may stop making Frame Relay SVC calls after a long time. [CSCdj29722]
A translation from x25 to another protocol using the "printer" option may fail to release about 500 bytes of memory when the outgoing connection cannot be established. [CSCdj39057]
Translation entries with similar X.121 addresses but different Call User Data (CUD) fields could cause a connection to the wrong translation. [CSCdj41023]
Active calls dropped when entered "no shut" for Group-Async interface. A new hidden command is created to do no shut without dropping calls. [CSCdj41199]
Routers configured for Frame Relay switching will lose a frame-relay route command in the running configuration when the corresponding dlci has been deleted. To restore the originial configuration, execute the copy start run or config memory command or reload the router. [CSCdj43340]
When using the frame-relay map class command, frame-relay traffic-rate, and when the rate is being reduced in response to BECN, the default lower limit is zero.
The expected default is CIR/2.
The work-around for this behavior is to define the rate using the CIR/BC/BE parameters. [CSCdj49145]
The output from the "show diagbus" command has been extended to provide additional information about VIP cards. Under normal circumstances, the image version information for the code running on a VIP will appear in a new boot log section:
--Boot log begin--
Cisco Internetwork Operating System Software IOS (tm) VIP Software (SVIP-DW-M), Experimental Version 11.3(19971023:025153) [dtaubert-11_3 123] Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Wed 22-Oct-97 23:06 by dtaubert Image text-base: 0x600108D0, data-base: 0x60150000
--Boot log end--
When a VIP experiences problems during initialization that cause the board to be marked as wedged, additional error information may be included here after the image version information. In addition, the existing crash context and error logging mechanisms were extended to provide information when VIP cards are marked as wedged. [CSCdj49779]
The router crash with software force crash in process_suspend.
This bug is very similar to CSCdj15399. [CSCdj50030]
Direct broadcast with physical-broadcast destination MAC address is not forwarded to helper address over atm/lane interface. [CSCdj51378]
When a configuration of 2 systems has Frame-Relay LMI timeouts set differently on DTE and DCE systems in communication, then the PVCs could remain active but no data would be transferred because once system would have declared the connection inactive while the other system still thought it was active.
The workaround is to set the timeout values the same using the lmi-t392dce parameter. [CSCdj53354]
If LES/BUS is configured on the cat5k, pulling down one client in the ELAN can affect other clients. This problem happens very rarely. The workaround is to restart the LES/BUS on the cat5k. 3.2(6) fixes this problem. [CSCdj54587]
Configuring XOT keepalives when doing remote X.25 switching should not require a user to enable TCP keepalives globally if values are specified for XOT keepalive options in the x25 route command. [CSCdj54887]
A boot image for version 11.003(000.012) will cause the router to reload if a variant of the "compress" command is configured for a PPP encapsulated interface.
This has not been observed on any other release. [CSCdj56450]
Cisco IOS Releases 11.2(1) through 11.2(10) are technically not in compliance with RFC 1990. The RFC requires that the first multilink fragment that is transmitted after adding a second link to a bundle which previously only had one link must be transmitted over the first link in the bundle. Instead, the first fragment is being transmitted over the newly added link. This can result in the peer receiving packets out of sequence.
There is no known workaround. [CSCdj57498]
Under some circumstances, an AS5200 which experiences a layer 2 dropout may reject incoming calls even though channels and modems are available. This is caused by the retention of some obsolete information in the AS5200's ISDN call status table.
Configuration of scheduler-intervalmilliseconds often helps avoid these dropouts; a value of 2500 milliseconds is recommended. Also, make sure that console logging is either disabled by the no logging console configuration command or buffered by the logging buffered configuration command.
The bug fix in this DDTS applies only to the Primary-5ESS and Primary-DMS100 switches. [CSCdj58138]
The router may output an error message when X.25 pvc statements are deconfigured. [CSCdj60430]
Symptom: 4000 Router reloads when frame-relay traffic shaping is unconfigured
Conditions: once configured, 4000 router may crash and reload if traffic shaping is unconfigured
Workaround: only workaround seems to be to blow away the config on the router, reload it, and restore the config. [CSCdj61097]
PPP on Asynchronous interfaces configured with the Command Autoselect PPP takes too long to negotiate. [CSCdj63179]
This section describes possibly unexpected behavior by Release 11.2(9). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(9). For additional caveats applicable to Release 11.2(9), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(10).
In extremely unusual situations the router will display the following error message on a frequent basis:
%SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000
This message may eventually lead to the router haning. [CSCdi54119]
When aaa accounting system start-stop tacacs+ is configured, the "system restarted" message sent when the box first reboots may fail to be successfully transmitted, because it is generated before the routing protocols have had a chance to stabalize on the router. A workaround to to configure ip host-routing. This will allow the router to use backup mechanism for sending packets when routing is not up. [CSCdi64948]
A timing conflict between the HTTP server and tacacs+ code can cause the HTTP process to hang when configured to use tacacs+ for authentication. Since the HTTP server uses a tty to handle I/O for the request, these hung processes can tie up all available tty's. [CSCdi84657]
"snmp-server trap-source" does not work correctly. We verified at both of 11.1(3) and 11.1(7CA1). The source IP address must be fixed, identical. [CSCdi88055]
On Cisco 7000 series routers, in the output of the show interface serial command, the packet input field reports the incorrect number of received packets. The workaround is to enable SSE switching on all MIP interfaces. [CSCdj01844]
The system reports an incorrect authen_method in an authorization packet if ppp multilink is turned on. This behavior only affects customers who may be writing their own T+ servers, and rely on the authen_method field when authorizing a request. [CSCdj08325]
This ddts enhances Console error message upon Cbus errors that have virtual address information. The virtual address is decoded and mapped to the slot number for older type interface processors like EIP, FIP, HIP, TRIP. A sample error message is: %RSP-3-ERROR: MD error 00F000F000000000 %RSP-3-ERROR: MC Control parity error 3F %RSP-3-ERROR: CyBus1 error 44 %RSP-3-ERROR: page map parity error %RSP-3-ERROR: address parity error %RSP-3-ERROR: address parity error 23:16 0, 15:8 0, 7:0 0 %RSP-3-ERROR: bus command write 4bytes (0xE) %RSP-3-ERROR: virtual address (bits 23:17) F40000 %RSP-3-ERROR: virtual address corresponds to slot10 %RSP-3-ERROR: MEMD parity error condition [CSCdj25303]
On Single Flash Bank 2500 devices, when the device is running from the image on flash (RFF), SNMP operation of copy to flash using CISCO-FLASH-MIB doesn't work.
The work around is to use the (C)ommand (L)ine (I)nterface: "copy tftp flash" This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]
When custom or priority queueing is turned off on an interface that does not support fair queueing, the queueing data structures associated with the interface are left in an incosistent state.
In particular the enqueue and the dequeue routines are not reset and this causes the box to crash, the moment the routines are invoked next time. However, once the box is rebooted the inconsistency is cleared. [CSCdj29439]
Customer observed that clock are getting unsyncronised. The ntp broadcast dissapear from config without any log. When the clock is sync, the ntp broadcast does not appear back in the config. [CSCdj31250]
RMON alarms will not work properly on a number of MIBS which use internal MIB caching to speed up mib object value retrieval. The only possible workaround is to set up an snmp get poll on these objects to force an update to the MIB cache, with a poll period within the alarmInterval time. The following MIBs have this problem :
A memory leak exists in the flash filesystem. Using SNMP to poll the ciscoFlashMIB objects, or using the "show flash" CLI commands can result in non-trivial amounts of memory being allocated and never freed. Repeating these polls or CLI commands will eventually result in the system using up all available memory.
The ciscoFlashMIB can essentially be disabled (SNMP is prevented from polling this MIB) via use of SNMP views. For example, given the following SNMP configuration: snmp-server community public ro
This can be changed to: snmp-server view no-flash internet included snmp-server view no-flash ciscoFlashMIB excluded snmp-server community public view no-flash ro
The result is the SNMP polls using the "public" community string can access objects in the entire MIB space (internet) except for those objects in the ciscoFlashMIB space.
This will, of course, effect any NMS applications which rely on the ciscoFlashMIB objects. [CSCdj35443]
If an ERROR packet received from the server, memory leaks in tacacs+. This is a rare occurance. [CSCdj37295]
Symptom: http server side include files are inaccessible from flash:2 partition.
Workaround: place html files on the first flash partition. [CSCdj38170]
When issuing the no snmp trap link-status command on an ISDN interface on both the Virtual-Template and the D-channel, the router still sends traps whenever a B-channel changes state. [CSCdj38266]
On RSP-based platforms, the stack backtrace may occasionally fail when invoked from code which handles level 6 interrupts. When it fails, it prints the current PC but no backtrace. [CSCdj38468]
When an as5200 has been running for 4-5 days, it might experience a severe memory leak requiring the router to be rebooted.
As a workaround, the user may configure aaa accounting nested which has been reported to stop the memory leak. There are side effects to the use of this command, which are described below.
This memory leak is a result of the fix for CSCdj28612, which was integrated in 11.2(8.1). CSCdj28612 changed the order in which accounting records are sent for users that do NOT use autoselect to get to PPP (i.e. if users login as regular shell users and then go to ppp from the exec prompt; be it through autocommand or script on their end). In other words, if users go through the login: password: sequence before starting PPP, then they will get slightly different accounting records.
When running images with the fix for CSCdj28612, accounting records will be generated in the following order:
shell-start shell-stop net-start net-stop
By configuring aaa accounting nested, the records are generated in the following order, which is the same at that prior to CSCdj28612:
shell-start net-start net-stop shell-stop
The user should make sure that the nested accounting records which result don't result in double-billing of customers since the shell and network sessions overlap. [CSCdj41164]
An SNMP Get of an individual instance from the ipNetToMediaTable may fail, even though an SNMP Get-next will successfully retrieve the instance. This is likely to be seen on table entries referring to software interfaces (e.g. subinterfaces, loopbacks, tunnels) or hardware interfaces that have been hot-swapped in. There is no known workaround. [CSCdj43639]
4500 running 11.0.13 crashes in fr_fair_queue_flow_id .
The crash occured in the frame-relay packet classifier fuction called by the WFQ routine. The work around of this problem will be to disable wfq on the interfafce with frame-relay encapsulation. [CSCdj45516]
Code introduced in maintaince release 11.2(5) causes the show file name command to attempt to open some files in write mode. All files on TFTP, NVRAM and Cisco7000 Flash file systems are opened in write mode. This causes possible corruption of the NVRAM configuration file, and failures to open TFTP files. A corrupted NVRAM file typically has a long series of NULL characters (represented as a backslash ampersand) appended to, and possibly scattered within, the file. [CSCdj45805]
Customer is running against the limit of 32 adj. They need to work with static routes. However when the interfaces used for these static routes are down, the system try to keep using them. This prevent any form of backup route with a higher cost additional static route. [CSCdj26721]
When dynamic window is enabled, the window size is reduced when BECN is received. The router does not send RNR to the LAN device to slow down the traffic forwarding to the frame relay network. This problem will cause the llc2 layer trasmission queue overflow. [CSCdi65668]
When an IBM AS/400 end system is attempting to communicate with an IBM 5494 controller through Cisco 4700 routers, the Token Ring interface on the router uses its Token Ring MAC address as the source address when sending DM command messages to the AS/400. The AS/400 discards these messages because it does not recognize the source address, and it continues to poll the IBM 5494, which causes it to hang. The workaround is to reload the router. [CSCdi87648]
None of the flavors of SDLC encapsulation work on the MIP card CT1/CE1 interfaces. No frames are ever transmitted on the wire.
There is no workaround, other than using an different kind of serial interface. [CSCdj22687]
A small window exists in which it is possible after a transmission group reinitialization that only one CP-CP session is established between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. Once this occurs, the CP-CP contention winner session will only activate if the APPN subsystem is stopped and started.
There is no known workaround. [CSCdj25859]
Align-3-correct errors are detected in srb_common and lnm processes. [CSCdj29840]
When changing the configuration of stun from one interface to another, the router will have to be restarted for sessions to open on new interface. [CSCdj30982]
Can't configure encaps sdlc on the 4xxx family channelized E1/T1 NIM serial interfaces. This is a bug in the code that handles configuration of this card. It is specific to "encaps sdlc". Other flavors of SDLC encapsulation such as stun, sdlc-primary, etc can be configured. [CSCdj33235]
The APPN router may display the following "Unanticipated CP_STATUS" message when the conloser cp-cp session goes down and comes back up without the conwinner session being deactivated.
%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1 %APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4 %APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received
Each subsequent broadcast locate received by this router causes the following messages to be displayed and about 1920 bytes of appn memory to be leaked.
This problem was found when 2 links were active to the same node, and the cp-cp sessions were split between these 2 links. The problem would occur if the link with conloser was stopped.
The appn subsystem should be stopped and restarted to clear this problem. If these cp-cp sessions are between the router and the host, terminating either cp-cp session on the host will also clear this problem. [CSCdj33718]
There may be intermittent failures when trying to link to bridges over the DLSw remote peers when running LNM over DLSw. The workaround is to reload the router that is directly attached to the LNM device. [CSCdj34112]
APPN dlur router may reload with SegV exception in ndr_sndtp_encap_mu in a timing window where the DLUR supported device disconnects before a request_actpu is sent to the dlus for that device. [CSCdj37172]
Dspu router with sdlc-attached 3174 leaves terminal hung after terminal power-reset. Vtam inact/act of LU fixes. Workaround is to remove dspu, connect 3174 via dlsw. [CSCdj37185]
After a DLSw peer is disconnected and reconnects the circuit count will be in error. An example of this is:
On router B, the remote peer statement is removed and re-entered several times, causing the peer to disconnect and connect. Then on router A, issue the command:
Merlot#sh dlsw pe Peers: state pkts_rx pkts_tx type drops ckts TCP uptime TCP 10.1.4.1 CONNECT 57484 57476 conf 0 3 0 00:09:54
Every time the peer comes back up, the circuit count for the peer has been incremented. There is only one real circuit across this peer connection. [CSCdj37235]
2520 with FRAS BNN connection to FEP and FRAS backup via RSRB over ISDN. FRAS BNN PUs on both the serial and ethernet interfaces.
The frame relay connection fails, and the ISDN backup doesn't get a connection. When the frame relay connection recovers, the llc2 PUs get stuck in 'ls-reset (Backup is enabled)' status in a show fras command output.
Removing the fras map llc commands on the ethernet interface and re-adding them recovers the session. [CSCdj37431]
A show lnm interface tokenring X will even display active stations on the tokenring when the actual interface on the router is shutdown. [CSCdj37458]
When entering a DLSw remote peer statment, the pass-thru option is only to be used with direct interface or frame-relay DLSw peers.
Previously, the pass-thru option was accepted but ignored when entered with a tcp or fst DLSw remote peer statment.
Now, the pass-thru option will not be accepted on a remote peer statement unless the remote peer statement is of type direct interface or frame-relay. [CSCdj37744]
In a dlus-dlur environment where downstream PUs and LUs (being serviced by the dlur) are active, bringing down these PUs may cause router to display spurious memory access messages as the following:
Sep 4 00:42:57: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x6073CFD0 reading 0x1C [CSCdj38995]
The DLUR router may not display the backup DLUS even if it is configured. The backup DLUS is not displayed until the router tries to start a DLUR connection to the backup DLUS.
This is a minor problem with the show command only. The backup DLUS function works properly. [CSCdj39140]
A router using 11.1(10)CA for DLSw QLLC conversion may output messages of the form:
There is no workaround for this problem. [CSCdj39765]
When doing DLSw/QLLC conversion it is possible for the x25 vc to be cleared and the DLSw circuit to remain up. This can lead to remote devices failing to establish a session. The workaround id to disable/enable DLSw. [CSCdj39771]
APPN enforces the maximum size of a CV10 (product set identifer) on XID to not exceed 60 bytes. Some products include a CV10 which is larger than the 60 byte value. These products will fail xid negotiation with APPN. [CSCdj40144]
In the event that APPN/DLUR has processed and sent a bind request to a downstream device, and that device has not responded to the bind, a vary,inact on the host for the lu name that the bind is destined for will not completely clean up the session as it should. [CSCdj40147]
When a connection is attempted over a port defined with the len-connection operand, appn can loose 128 bytes of memory for each connection attempt. [CSCdj40190]
7200 may crash on receiving a frame from a token ring. No workaround is present for this bug. [CSCdj40568]
DLSw FST may corrupt frame header if the riflen is different on both sides. [CSCdj40582]
Need a operator command to control activation/deactivation of CP-CP sessions with an adjacent node from the appn router. [CSCdj40911]
appn TPsend_search leaks memory while sending locate search requests to adjacent nodes at certain condition (when lik failure occurred). [CSCdj40915]
TN3270 server lu idle timer wrapped around every 18.2 hours. [CSCdj41564]
If keepalive 0 is explicitly specified on a dynamic DLSw dlsw remote-peer statement, a display of the running configuration does not show keepalive 0.
Operationally, dynamic peers do not send keepalives. Whether the keepalive is specified or not, keepalive 0 is assumed. [CSCdj41601]
If effective capacity is configured on the APPN link station, then the APPN router was incorrectly interpreting this value as 0.
The workaround is to configure effective capacity on the APPN port instead of the APPN link. [CSCdj42318]
When RSRB with TCP encapsulation is configured and remwait/dead peers exist, an explorer packet may continuously try to open the remwait/dead peer.
After several tries, the router may crash with memory corruption.
The workaround is to remove any remwait/dead peer statements. [CSCdj42427]
Cisco 7206 with IOS 11.1(13.5)CA restarts with the following: System was restarted by error - a Software forced crash, PC 0x60278214
The protocols running on the router are Remote source route bridging (RSRB), dlsw, Decnet, and IPX. [CSCdj42431]
The 3640 router crashes when a UI LLC frame is received on the token-ring interface. [CSCdj43755]
In some circumstances a router will crash if it is configured with DLSW and promiscous. The crash pertaining to this bug can be identified if it contains the following process and is a bus error:
remdlc2dlsw
To resolve this problem, upgrade to the images that contain the software fix. [CSCdj43759]
APPN crashed when it received a CV35 without the Termination Procedure Origin Name (TPON) field. [CSCdj44661]
When link failed or inactivated, link inactive message doesn't display. This happens only with links configured with "retry limit". [CSCdj44687]
Configuration of SRB on second interface yields traceback from LNM:
DLUR bind processing can cause stack corruption which leads to a reload with PC 0x0. This is caused by attempting to parse the user data subfields beyond the location where the subfields exist. The reload will only occur of the byte two bytes beyond the end of the user data area is 0x3 or 0x4. This is a very rare occurance. [CSCdj45676]
In a large (over 200 NNs) APPN network environment, during initial start up or intermediate links recovery, numerous broadcast searches could happen and melt down the entire network due to the serge of memory usage for these broadcast.
Even tremendous efforts were spent on the network design trying to reduce the number of broadcast searches as much as possible, as the APPN network continues to grow, it simply doesn't scale.
One of the problems is that even the location path is predefined or known one way or the other, if the directed-search fails for whatever reason, according to the APPN architecture, a broadcast search should follow. This creates the broadcast storm unneccessarily if nothing has been changed except the intermediate links just went down and in the process of coming up. [CSCdj45705]
In recent versions in 11.0 could see problems when appn cp/cp session are split across multiple tgs. Workaround is to force cp/cp session to use a single tg. [CSCdj46413]
The message %APPN-0-APPNEMERG: Mfreeing bad storage, addr = 60BB7188, header = 60BB6B20, 00000218 -Process= "ndrmain", ipl= 0, pid= 62 may be issued when a dlur served PU disconnects. This defect was caused by the fix for CSCdj37172. [CSCdj46783]
Router will not pass SRB directed frames if the SRB proxy-explorer feature is configured. SRB proxy-explorer is used with NetBios name caching. [CSCdj47797]
Some 68K-based routers (7000, 4000, 2500) running APPN may crash with the following stacktrace. This memory corruption may occur after a rare combination of appn detail displays, following by a "show appn stat" display.
When connecting a Canary Fast Ethernet transceiver to the MII connector on VIP port adapters, reload the microcode so that the port will function properly. [CSCdi64606]
Removes the auto-enable feature for packet-by-packet frame-relay compression, and allows this form of compression to be manually enabled. [CSCdi85183]
Hardware platforms which use Cirrus Logic serial line controllers may experience the following behavior:
If the system tries to discard output for a line while there is output data in the buffer, the line may become unresponsive to input. This happens most frequently when the user attempts to abort output from a network connection. For example: sending CTL-C on a LAT connection or sending a break character during a PAD connection may cause this symptom.
The affected platforms are:
2509 - 2512, 2520 - 2523 AS5200 NP-2T16S - module for 4500 and 4700 NM-4A/S, NM-8A/S, NM-16A, NM-32A - modules for 3600 [CSCdj02282]
In certain cases the router decides to bring layer 1 down without any apparent reason. Hereafter, a new TEI is negotiated with the switch. The latter still keeps all call references belonging to the previous TEI, since no DISCONNECT was seen on L3. [CSCdj11840]
SNMP agent returning erroneous values. Under some conditions, the ifInUcastPkts counter was observed returning decreasing values, which is incorrect. [CSCdj23790]
Please note that ppp-compression and custom-queueing are not compatible features. We are currently trying to reproduce this bug with all forms of fancy queueing turned off.
Assuming we cannot reproduce, this bug will be reclassified at a lower priority, with the trust being to do a command-parser change to prevent use of fancy queueing and ppp-compression.
Please note, however, that we ackowledge that use of mutually- incompatible features should not cause the router to crash. Further, why the crash is occuring in the compression engine is something we do not currently understand.
For the present, please turn off all fancy queueing. [CSCdj25503]
In X.25 packet by packet compression, error checking code is fixed after malloc for decompression history buffer. [CSCdj29139]
The BREAK sequence may not be received properly on platforms that use the Cirrus Logic asynchronous controllers. This includes the Cisco 2509, 2511, AS5100 and AS5200. You may have to send the BREAK sequence multiple times before it is interpreted correctly. [CSCdj32121]
dot5StatsTable does not return any value in Cisco IOS Release 11.2 software. [CSCdj32372]
NFS transmission problem and fddi excessive claims after installing 11.1(9) through 11.1(14) and 11.2(1) through 11.2(9). This problem is specific to the CX-FIP interface board. This problem does not apply to 11.0, 10.3 or older IOS releases. [CSCdj38715]
SLIP will not work on systems that have never had an interface run PPP, because the host route for the IP address assigned to the SLIP client is not installed properly. Once any interface on the system runs PPP, the problem is resolved until the next reload. This problem was introduced in 11.2(8.3). [CSCdj39228]
When IRB is configured with a FDDI interface on a 4000 series router, some packets will not be forwarded through the fddi interface. [CSCdj40769]
When IRB is being configured, if 'bridge xx route ip' command is entered before 'int bvi xx' command, ip bridging will not work on the interface which has the bridge group configured.
Either configure int bvi before bridge command or save the configuration and then reload the router should get rid of the problem. [CSCdj42357]
Spurious acccess errors may be recorded when SRB debugging is enabled and illegal RIF packets are received. [CSCdj43562]
On a RSP2 platform, issue sh vlan x for ISP encap on FastEthernet could displays negative number in the Received column. [CSCdj44467]
NT client/server sending out multiple ARP requests to the BVI interface of the router causing loss of connection. Workaround is to enable arp snap arp timeout 120 [CSCdj46855]
Issuing the command "undebug ip rsvp detail" does not work, i.e. it does not undo the effect of "debug ip rsvp detail".
The workaround is to issue "undebug all". [CSCdj15325]
IP cache is not being invalidated for destinations which use the default routes even after the next hop is down. Workaround is to do 'clear ip cache'. [CSCdj26446]
After the "ip default-network" statement is issued, the default network route does not get propergated to other routers in the network. The is no known work-around for this problem at this time. [CSCdj28362]
when using ip bgp-community new-format option, show ip bgp community 0:N command doesn't filter the displayed output according to the specified community, but rather displays the entire bgp routing table. [CSCdj28386]
This ddts enhances validation of AS-path attribute for ebgp updates:
If the AS_PATH attribute is empty, an error msg (Malformed AS_PATH) will be sent and the ebgp peer will be terminated. [CSCdj28539]
The help test for set metric and default-metric that makes reference to IGRP also applies to EIGRP.
This is a cosmetic problem. [CSCdj28871]
EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj28874]
When a router receives a PATH message that has only a Guaranteed Svc fragment (i.e. no Controlled Load fragment), it can cause the router to reload.
The workaround is to send a PATH message that has both Guaranteed Svc and Controlled Load fragments. [CSCdj30274]
"clear ip rout *" does not clear redistributed routes. [CSCdj30913]
If dvmrp route-limit is exceeded while sending reports over a DVMRP interface(tunnel or LAN), reports are not send over subsequent DVMRP interfaces. [CSCdj32464]
Router crashes on receiving multicast packets with illegal source address 0.0.0.0. The work around is to configure access list to filter out packets with source ip address 0.0.0.0. [CSCdj32995]
Customer cannot enter the 'ip accounting' command on a frame-relay subinterface with this version of IOS on a 4500 router. [CSCdj33780]
This bug causes intermittent failures in distribution of autorp mappings and bootstrap messages (pimv2). There is no workaround, however, it occurs very rarely. [CSCdj34626]
One of two parallel routers connected together via ethernet can end up forwarding onto a LAN with no receivers for up to 3 minutes. [CSCdj36316]
When the OSPF interface command ip ospf authentication-key key is configured with key which length, including any trailing space, is longer than 19 characters, then the OSPF internal data will be corrupted. The following write terminal command could reload the router.
The workaround is not to enter key longer than 19 characters, either encrypted or not.
The same problem happen with the ip ospf messge-digest key-id md5 key command, the key length in this case should not be longer than 36 characters.
This fix will resolve the problem with both commands. [CSCdj37583]
Routers may forward subnet-directed broadcasts (ie MAC layer b'casts) if the destination subnet-directed broadcast ip-address does not match the locally configured subnet-directed broadcast ip-address.
Upon receipt of the MAC broadcast frame, we consult the ip forwarding table - if a valid route exists, we will forward the datagram. [CSCdj38659]
BGP dampening can not be re-enabled after configuring no router bgp xxx and router bgp xxx.
Workaround is to configure no bgp dampening first, and then configure bgp dampening. [CSCdj39076]
When the last forwarding interface does down for a group which has at least 1 other pruned interface, the Prune flag may not be properly set. This may result in failures to send Prunes as well as failures to send Grafts. Workaround is to clear the affected group by issuing a clear ip mroutegroup. [CSCdj39109]
If no ARP cache entry exists for the next-hop to the destination of a packet the router needs to send, the packet may be dropped while ARP resolution is attempted. This applies to packets which the router itself generates, not to transit traffic. [CSCdj39289]
On a 4700, RIP can't handle more than 1800 routes received back to back without inter-frame gap. [CSCdj40042]
When a router receives a PATH TEAR (PTEAR) message that has no TSPEC information, the router rejects the packet. As a result, PATH state is stored for a sender who has stopped sending, and the state is deleted only as a result of the time-out mechanism.
The same issue also applies to RESERVE TEAR (RTEAR) messages not containing FLOWSPEC information.
A possible workaround is for the originator of the PTEAR/RTEAR to include the TSPEC/FLOWSPEC information. [CSCdj41144]
After aggregate-address x.x.x.x x.x.x.x summary-only is configured, the same command without "summary-only" will not unsuppress the more specifics of the aggregate.
A work around is to negate the whole aggregate-address command first. [CSCdj42066]
Cisco routers in certain circumstances will receive LSA type 6 ( MOSPF ) even if the other router(s) would have seen we don't support MOSPF. This would be the case in Broadcast networks where the DR would talk MOSPF, in which case according to the spec - "a non-multicast neighbour may (inadvertenty) receive group membership LSAs. The non-multicast router will then simply discard the LSA, however the Cisco will generate a syslog message for every "unknown LStype" received which results in a large amount of syslog messages.
This fix add the ospf ignore lsa mospf router command. When this command is configured, the router will not generate the syslog message when MOSPF LSA is received. [CSCdj42242]
ICMP unreachables are wrongly sent out for multicast packets. [CSCdj43447]
This ddts addresses two issues:
(1) The threshold for generating warning msg is now configurable in the "neighbor x.x.x.x maximum-prefix" command:
neighbor x.x.x.x maximum-prefix [] [warning-only]
where is an integer between 1 to 100 (percent).
(2) In the command sho ip bgp summary, the number of routes (received and used) from a neighbor is shown in the "state" field for established peers. [CSCdj43952]
If a peer-group is not configured with the "soft-reconfiguration in", then members of the peer-group will not have this command in nvgen even if they are individually configured with the command. Thus, the command will be lost with router reload.
A work around is to re-confgiure this command after a reload. [CSCdj43966]
"Debug eigrp fsm" shows a negative value for the metric. [CSCdj44619]
Under certain circumstance using static default route, NHRP may create a SVC short cut to the router itself (routing loop). [CSCdj45117]
When running dense-mode groups over routers with NBMA mode or PIM p2mp signalling enabled. The incoming interface will often be put in the outgoing interface list, resulting in RPF failures and duplicate packets on the network. [CSCdj45345]
A new bgp neighbor command is implemented so that a description can be given a peer. The syntax of this command is
router bgp xxx neighbor description [CSCdj45413]
During ping, each packet took more than 2 seconds to output. With ATM static maps, the wait is not necessary for IP over ATM. [CSCdj47856]
entering "no ip gdb rip" twice can crash router [CSCdj48291]
The headline of sho ip bgp summary is reduced to 80 characters by changing "Prefix-Rcvd" to "PfxRcd". [CSCdj49446]
Spurious access errors appear while running IP Multicast. No operational impact. [CSCdj50963]
The ARP lookup routine may suspend, causing unexpected behaviors for IP protocols. For example: If the OSPF routing process is traversing a list of neighbors to send LSA packets and the ARP routine is called, the ARP routine suspension could cause a system reset. [CSCdj60533]
Under the "router isis" you can't configure which interfaces to run ISIS on by configuring a network statement. You need to configure "clns router isis" and/or "ip router isis" on each interface. Now if you want to advertise the IP prefix of an interface, but not send out hellos or establish adjacencies, the intuitive way to do this is by using the passive-interface router subcommand.
interface ethernet1 ip address 192.31.231.16 255.255.255.0 ip router isis
router isis passive-interface ethernet1
This does not work for ISIS. Hellos are send out, and adjacencies are formed regardless of the interface being passive or not.
The proper way to do this is by omitting the "ip router isis" config.
interface ethernet1 ip address 192.31.231.16 255.255.255.0
router isis passive-interface ethernet1
The fix for this problem will be that as soon as someone configure an interface to be passive, the semantical equivalent of:
interface ethernet1 no ip router isis no clns router isis
will be issued. [CSCdj06135]
In CLNS one can configure static routes to a next-hop NSAP. A cisco router will look for ESIS/ISIS/ISO-IGRP adjacencies to a OSI devices with the configured next-hop NSAP. If there is such an adjacency, the static CLNS route will be up, if there is no such adjacency, the static CLNS route will be reported as down.
In the case when such and adjacency is learned via the ESIS protocol and the remote device advertises itself as an ES, (not as an IS), and the cisco router has just rebooted, it is not triggered to update the status of the static route. It might take a long time before some other event forces the router to re-evaluate the status of all static routes. Until this has happened, the static route in the CLNS routing table has the status down, and is not redistributed into IS-IS.
A work around is to unconfigure the static route and configure it again. Another workound is to make the remote device advertise itself as a router (IS) and not an ES. After all, the remote device is going to forward packets for the area to which the static is pointing, so it is a router. [CSCdj30685]
When generating a configuration (wr term, show running-cof, etc..) the following lines can pop up on passive isis interfaces:
This it totally harmless. The default metric for passive interfaces is 0. For other isis interfaces it is 10. [CSCdj32978]
When a router advertises it's LSP, it puts in one random IP address in the TLV. This enables us to see with "show ip route" the IP address of the router who generated the route. This fix makes the router to prefer an IP address from the loopback interface when possible. This is purely a cosmetic issue to help network admins to identify the originating router for an ISIS generated IP route. [CSCdj32984]
When a router has a serial interface configured for ISIS in IP mode, and the encapsulation is frame-relay, and p2p subinterfaces are not used, the following problem can occur.
Original configuration:
interface serial 0 ip address 10.1.1.1 255.255.255.0 ip router isis encapsulation frame-relay isis metric 20 level-1
Configuration after reboot:
interface serial 0 ip address 10.1.1.1 255.255.255.0 ip router isis encapsulation frame-relay isis csnp-interval 0 level-1 isis csnp-interval 0 level-2 isis metric 20 level-1
This will prevent the routers from sending CSNPs. CSNPs are needed to find out if LSPs must be retransmitted in case they are dropped. With this problem, an occasional dropped LSP will not be retransmitted over the frame-relay cloud. This problem can also occur with ATM or X25. NB. it is strongly suggested to run ISIS over p2p subinterface over NBMA.
There are a number of workarounds. 1) Don't run ISIS-IP. If only ISIS-CLNS is used, then after a reboot the encapsulation will be changed before ISIS is started on the interface. This prevent the problem. If ISIS is explicitely needed for IP routing, this workaround can of course not be used. 2) After a reboot, unconfigure ISIS on the interface, and then reconfigure. 3) After a reboot, configure by hand "isis csnp-interval 10" 4) Configure a non-standard csnp-interval (not 0 or 10), so it will be saved in nvram. NB, this is not a full fix. 5) Strongly suggested, configure p2p subinterfaces, and run ISIS over each VC as a p2p link. This prevents the problem, but also this will make routing much more robust in the face of VC failures. [CSCdj35494]
When an router runs ISIS-IP, and an interface is configured with "isis circuit-type level-2-only", the IP addresses configured on that interface are put in the L2 LSP twice.
Once is enough, but advertising the prefixes twice has no bad side effects, except that it makes the L2 LSPs grow a little larger. [CSCdj36832]
When the directly connected IP addresses are advertised in the L2 LSP, the level-1 metric is used in stead of the level-2 metric.
L2 IS to IS adjacencies are correctly advertised with the level-2 metric, so this only applied to IP prefixes advertised via ISIS. When the interface is configured with "isis circuit-type level-2-only" this bug does not apply. When running level-1-only, this bug does not apply. When the level-1 metric and the level-2 metric are both configured to be the same, this bug will not be noted.
The work-around is to configure a level-1 metric that suites your needs for advertising the IP prefix in level-2 routing. Or configure explicitly "isis circuit-type level-2-only"
If the metrics for level-1 and level-2 must be different, and both level-1 and level-2 routing are used, there is nothing you can do. [CSCdj40284]
The following message may be erroneously displayed:
%LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet
When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full ethernet frame. Data for the slot is discarded. [CSCdi82343]
Route stuck in 'deletion pending' state after a "ipx down " The only workaround is to disable and re-enable ipx routing on the router.
This could happen if "ipx down " and "no ipx network " are given in same or reverse order, with very less time gap. [CSCdi91755]
NLSP memory usage may be excessive if external RIP/SAP information is learned via multiple, redundant paths. [CSCdi93174]
XNS routes may get deleted on serial interfaces at boot time. The workaround is to issue the shut and no shut commands on the affected interface. [CSCdj25806]
IPX watchdog spoofing is useful in DDR situations to prevent the IPX watchdog packets from bringing up the line when the client is idle. However, spoofing the server has side effects that may be undesirable in async client DDR environments. In order to provide a more complete and acceptable solution to the watchdog issue in all DDR environments, the ipx watchdogfilter command is introduced. This command will cause the IPX watchdog packets to be filtered out and dropped if the DDR link is down, so that the watchdogs will not cause the link to be brought up. If the link is already up, the watchdog packets will be passed through. There is no spoofing of the server when the filter argument is used. It is recommended that the new filter option be used only for async client DDR and the previous spoof option be used for router-to-router DDR. [CSCdj41290]
IPX does not advertise static/floating static routes if they are created before the interface that the routes connected to is up. The workaround is to shut and no shut the interface that the static/floating static routes connected to. [CSCdj41584]
Running IPX EIGRP with maximum path set greater than one, the router may not remove the SAP after the interface is down if it is learned via more than one path. [CSCdj45364]
X.29 parameters may not be set properly on an incoming PAD call if the VTY line the call uses is configured with "autocommand slip" or "autocommand ppp". [CSCdj40104]
If the system has corrupt vines access lists, show vines access displays debug information. To suppress this debug information, added a new hidden command. Use show vines bad-access [] to display corrupt vines access lists. [CSCdj37856]
A router may unexpectedly reload when VINES SRTP routing is configured. The workaround is to remove the vines srtp-enabled command. [CSCdj37888]
When using the show diagbus command, the minor version number in the "HW rev" field for VIP port adapters displays in hexadecimal rather than decimal. For example, HW rev 1.10 would display as HW rev 1.A. [CSCdi65281]
The "%SYS-2-GETBUF" error message may appear. [CSCdi92482]
When a call is recieved on a DDR interface (an interface attached to a dialer interface), LCP packets will not be sent for up to 30 seconds if the calling peer does not send an LCP packet. This delay was added to avoid losing the first packet sent by the router since the router is often informed that the line is up before a complete path is available. While the delay is a good idea, some PPP applications wait until the first LCP packet is received from the router before sending their first packet. This mutual standoff takes 30 seconds to resolve itself. In a future release of IOS, the delay will be lowered to 3 seconds. [CSCdi93105]
PPP IPCP negotiation will be changed after Cisco IOS Release 11.0(11).
In Cisco IOS Release 11.0(11) the software accepts the remote peer's "Her" proposed address regardless, and the "Her" address is subsequently added to the IP routing table as a host route.
With Cisco IOS Releases later than 11.0(11) the software will check the "Her" address against the corresponding dialer map and if the address is different than the IP address detailed within the dialer map, a NAK will be sent and the dialer map IP address will be added as a host route in the IP routing table.
It is possible to revert to the previous operation using the hidden interface command ppp ipcp accept-address. When enabled the peer IP address will be accepted but is still subject to AAA verification, it will have precedence over any local address pool however. [CSCdj04128]
The show users command does not display the username for PAP authenticated asynchronous interfaces if local (no TACACS or AAA ) authentication is used.
The workaround is to configure AAA new-model as follows: aaa new-model aaa authentication ppp default local [CSCdj04600]
When using named ip access-list for the "match address" clause of the "crypto map" of an interface that use VIP2 crypto engine, the traffic will not be encrypted as expected, a workaround is to use numbered ip access-list instead. [CSCdj07138]
Cisco products may fail to interoperate with certain PPP implementations of Stacker (Stac) compression, notably Microsoft dial up networking and Ascend stac9 mode. Cisco supports Stac Check byte mode(1) and Sequence Number mode(3), which is default, but Microsoft and Ascend support only Extended mode(4). Stac negotiation might fail or the connection may hang when packets are lost. A workaround for Microsoft Windows 95 is to upgrade with ISDN 1.1 Accelerator Pack or later. To check the version of the Dial-Up Adapter on a system, check the file version for PPPMAC.VXD in WindowsSystem. File versions of "4.00.1150" and later support Sequence mode. [CSCdj08064]
On a Cisco 4500 running Cisco IOS Release 11.0(11) and RSRB, there may be a crash in the "llc2_timer" routine causing a system reload. [CSCdj13175]
On a 7000 router, the following console messages may be logged:
Such error is associated to the AIP not being able to receive packets. It is reproducible only if there are long periods (minutes) where no traffic crosses the ATM interface.
The workaround is to reload the box or to perform microcode reload. This does not occur on the 7500 family (including the RSP7000). [CSCdj20667]
Under certain conditions, the router may reload during an ISDN call setup with the SPC bit set. This problem only occurs with 1TR6 ISDN switch types. [CSCdj20841]
Conditions Under Which the Problem Occurs: While using Distributed Fast Switching, buffer headers can be stranded in the outgoing VIPs transmit queue when that interface has been taken down. This is more likely to occur when a faster interface is switching to a slower one.
Symptoms: Ignores/drops may increase on the input interface as it fails to obtain a needed buffer header to switch the packet. The rxcurr on the input interface will also remain above rxlow even when traffic is not arriving on the interface.
Solution: The VIP will now continue to "drain" the transnit queue of the interface even when it is administratively down. This will allow the buffer headers to be returned to the originating local free queue.
This may cause the number of drops on outbound interface to jump up when the interface is taken down. However, this behavior is normal as the downed interface will drop any packets sent to it when it is not up. [CSCdj21693]
The ISDN debug "ISDN L2D_Task Counter %d: Event: Syncing Discards: L2 Discards" displays incorrect values, this is cosmetic. [CSCdj29913]
VIP2 log messages are currently displayed in the format "VIP23-1-MSG:", where the number after VIP2 indicates the slot of the card generating the message, the center number is the severity, and the third component is the type of error. The new format is "VIP2-1-MSG: slot3" which more clearly identifies the slot number. [CSCdj31248]
The Frame Relay LMI Enquiry and Status messages stop being exchanged after a short time of successful communication. The statistics incorrectly report timeouts and message activity. There is no workaround. [CSCdj31567]
Making a PAD call with an illegal Call User Data (CUD) (greater than 12 characters) could cause the router to reload. The maximum CUD field in an X.25 Call Request packet is 16 bytes which includes 4 bytes of standard Protocol Identifier Field (PID) and 12 bytes of remaining Call Data. A work-around is to use up to 12 bytes of CUD. [CSCdj32515]
Customer has an AS5200 running IOS 11.2(5)P (Enterprise Plus Feature Set). He has a dialup customer on a PC running Windows95 and running a communications package called NetTerm with an external modem dialing into the AS5200. There is an autocommand on lines (1 24) to pad to an X.121 address of an X.25 host. Customer has an X.29 profile configured in order to set X.3 parameter 13 to a value of 4 (13:4) (also tried 1,2 and 7). This should insert a LINE FEED ( or 0A hex) after echoing a to the remote host. Customer is doing Protocol Translation (TCP-to-X25).
This is not working, no is being inserted after the [CSCdj33431]
[CSCdj34126]
When an ATM interface is running with an MTU size larger than 1500 (such as 4470) and then a sub-interface is configured with an MTU size of 1500, then the router upon a reload will assume a 1500 mtu size on the major atm interface. Cisco is currently working on this and will provide a fix in a future software release. [CSCdj36131]
The system may unexpectedly restart when the "show x25 vc" command is executed, if a virtual circuit is cleared while the display of that circuit is paused. [CSCdj36880]
If a BRI port attached to an NI-1 ISDN switch using two SPIDs gets a Layer 1 deactivation and re-activation (typically due to adverse line conditions or temporary disconnection of the cable), that port may not be able to re-establish Layer 2 connectivity on the second TEI and therefore not be able to use the second B channel. The "show isdn status" will report TEI_ASSIGNED on one of the TEIs instead of MULTIPLE_FRAME_ESTABLISHED on both. A workaround is to have your service provider configure a single SPID that can control two B channels. [CSCdj41311]
Using NBF (NetBIOS over PPP) may result in traceback messages complaining about invalid memory action at interrupt :
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
with traceback information appended. [CSCdj42341]
The patch prevents the use of an invalid pak->info_start pointer when doing payload compression on RSP platforms, thus avoiding a crash. [CSCdj43332]
Release-note: A remote DLSw peering router may send a DM response just after the LLC2 connection is established if the router is very busy and the PC station responds immediately to the UA with a RR. The client will need to reestablish the connection. [CSCdj47782]
A boot image without a subsystem containing IPCP will restart the router.
There is no workaround. [CSCdj48085]
The router may unexpectedly restart when configuring an X.25 PVC that is locally switched. [CSCdj49828]
The show x25 vc command will cause the router to unexpectedly restart if there is a combination of locally switched virtual circuits and other virtual circuits. [CSCdj50405]
This section describes possibly unexpected behavior by Release 11.2(8). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(8). For additional caveats applicable to Release 11.2(8), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(9).
A reload might occur if the command show modemslot/modem-port is issued when the associated modem is in the autoconfigure mode. Autoconfigure mode is normally a short interval during which the modem is reset and reinitialized by the modem autoconfigure command. [CSCdj17224]
Sometimes during modem firmware download, we see messages of the following type on the console :
*Mar 1 04:24:53.629 EST: %MODEM-3-UNEXPECTED_STATUS_EV: Error -- status state m achine received unexpected event=18 for modem(1/15)^M *Mar 1 04:45:40.361 EST: %MODEM-3-UNEXPECTED_STATUS_EV: Error -- status state m achine received unexpected event=18 for modem(2/17)^M [CSCdj24413]
The "clear modem" EXEC command now clears all the modems including the ones that are currently active. When the same command is entered in IOS versions prior to 11.2(5.2), "clear modem" will reset only the idle modems or if the modem is active, it will issue this message: "modem is active, cannot be cleared".
Do not use this command unless you want to clear all modems including ones currently active. There is also no user confirmation given for this command currently. It will clear all modems as soon as the command is entered. [CSCdj24942]
When doing command authorization, which is appended by CLI should be filtered before command tokens are added into AV-pairs. [CSCdi37706]
When the AAA profile contains an AV-pair addr-pool for which there is no definition on the NAS, then it will print out wrong debugging message. [CSCdi40763]
The router sometimes displays messages such as %RSP_STUB: cbus_mci_rxtypes_update called from 601D1C0C. These messages are benign and can be ignored. [CSCdi48430]
Cisco recommends that PCMCIA flash cards be used solely on platforms of the same type as that which formatted the card. [CSCdi58506]
With the configuration "aaa authentication login default radius enable", if the RADIUS server does not respond to an authentication request, the router will not prompt you for the enable password. Instead, it will use the password you already entered and compare that to the enable password. [CSCdi73436]
FDDI ring transitions noticed on the VIP/FDDI level and the RSP level will not be the same . RSP level will be less than or equal to the VIP level due to the dampening effect per the FDDI spec. [CSCdi93209]
Connected routes stay in the routing table when a card is disabled and in an analyzed wedged state. There is no workaround. [CSCdj08355]
priority-list protocol compressed-tcp [args] and queue-list protocol compressed-tcp [args]
in the NVRAM. As a result of change in the string from "compressedtcp" to "compressed-tcp", when you reload the router, these commands are not executed successfully. The workaround will be to reconfigure these commands after reloading the router. [CSCdj13848]
Inability to password protect the slave from console access. [CSCdj15265]
Show ip int does not always show the state of flow and distributed switching. [CSCdj16071]
The error "System restarted by bus error at invalid address" is caused by intermittent Telnet sessions on a Cisco AS500 platform running Cisco IOS Release 11.1(10)AA.
This problem occurs because of a race condition when doing DNS name query, and DNS name cache is removed in the middle of the process.
There is no workaround on the router side. On the DNS server side, configuring DNS TTL to be one minute or longer may work around this problem. However, this workaround may not be acceptable for some applications. [CSCdj16824]
This bug may be user specific; the following error message occurs when a user's script executes the show start command:
% Non-volatile configuration memory has not been set up
The user's script is used to change passwords. Current testing indicates that it may be a software checksum error. [CSCdj18107]
On RSP-based platforms, the stack backtrace may fail when invoked from code which handles level 6 interrupts. When it fails, it prints the current PC but no backtrace. When the backtrace does appear, it can be misleading because of a hardware delay between the generation of the error and the handling of the interrupt. [CSCdj20188]
This problem presented in all images. Prior to this fix, if the users manually specify any types of fancy queuing on the interface (FIFO, priority, custom, etc...), and then, when the interface encapsulation gets changed, the queuing will revert back to "fair-queuing". This is not desirable.
We want to have the user's specified queuing maintain accross the encapsulation change. Only in the special case where if the type of encap doesn't support fancy queuing, then the queuing will be the default of that encapsulation.
Tom Vo [CSCdj20358]
During a boot Flash format, systems with earlier release images will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).
To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20681]
After extended use, a Cisco AS5200 may begin to report MALLOC failures. The output of the show memory command indicates a possible leak of ppp authentication buffers. [CSCdj22107]
For 11.1 CA images the SNMP sysDescr string exceeds 255 characters in length. Some NMS platforms may have difficulty with sysDescr strings this long. [CSCdj25961]
traffic-shape group applies a token bucket to all traffic that is permitted by a specified access list. An access list which is unspecified permits all traffic. Therefore, this contruction
no access-list 101 <...> interface traffic-shape group 101
shapes all IP traffic to the indicated rate [CSCdj27809]
On RSP-based platforms, the following error may occur, indicating a problem with a hardware enqueue:
%RSP-2-QAERROR: reused or zero link error, write at addr 00C0 (QA) log 2600C040, data 00070000 00000000
This message may be followed by the following error and a crash:
Unexpected exception, CPU signal 10, PC = 0x601C4658
This message is caused by a memory access problem in the diagnostic code handling the original QA error. [CSCdj29751]
The object cmInitialLineConnections in the CISCO-MODEM-MGMT-MIB is supposed to return only non-zero values. The current implementation returns all counter values, including zeroes. This problem is not too serious if only single-valued SNMP retrievals (getone ...) of cmInitialLineConnections are performed. In actuality, SNMP retrievals of multiple values (getmany ...) are often used. The problem is much more pronounced in the second case. On an AS5200, there are 48 modems and 31 possible modulation speeds. A single issue of the getmany command on cmInitialLineConnections will result in roughly 1500 values being returned, most of which are zeroes and will be ignored. This is inefficient and causes a lot of unnecessary traffic on the network.
There is no workaround for this caveat. [CSCdj30171]
When inbound PAP authentication is configured to use TACACS+ with a down-rev daemon (for example, Freeware 2.1) the system will leak one TACACS+ packet for every PAP authentication it performs.
Upgrading to a daemon that understands the latest version of the TACACS+ protocol (version 193) is an effective workaround. [CSCdj36449]
The following warning message is likely to occur on low-end machines: "get_man_dev:Warning! Device is not formatted. Invalid DIB." If the bootflash is correctly formatted with the flash filesystem the warning should never appear. If the bootflash is formated but not with the flash filesystem, the warning will appear and may be ignored. In both cases the image will boot. [CSCdj36699]
The problem was caused by the changes made to fix CSCdj21539. We now use a different approach to solve the CSCdj21539 problem so that ip pings will not fail again because of the CSCdj21539. [CSCdj37942]
The error corrected by this problem might in some situations be the cause of software forced reload while executing a copy of the startup configuration. At the time of the reload, the console would display a message like: %SYS-3-OVERRUN: Block overrun at xxxxxxxx (redzone yyyyyyyy) [CSCdj38500]
In rare cases, an error may occur in Cisco routers. It may be seen as an error message describing an inconsistent state in allocating or deallocating blocks of memory.
An error was introduced by CSCdj42505 in Release 11.2 P and CSCdj22736 in Release 11.1 CC. It does not exist in other IOS releases. [CSCdj44667]
enabling decnet fast-switching on inter-area routers will cause decnet routing to fail.
With the following topology, we found that decnet pings from Area 10 to Area 1 via the 2509 area router failed as long as decnet fastswitching was enabled on the ethernet interface of the 2509: =========================================================================== Area 1 Area 10 | ---------------- | | 2514 (1.300) | | ---------------- | | | | | ----------------------------- | | | | e0 | s1 ----------------- ---------------- s0 |---------| 2514 (10.301) | | 2509 (1.400) |----------| ----------------- ---------------- | |
It is not possible on a cisco 7200 to configure a core dump with protocol ftp with IOS 11.1(12). Workaround is to use rcp. [CSCdj22274]
IOS Parser does not accept Unix style rlogin command using "-l" for user option. [CSCdj28856]
absolute-timeout does not work on virtual terminals. Also, the value shown for this timeout in the show line command is the time remaining instead of the configured time, and the time since activation is not shown for the virtual terminals. [CSCdj34709]
Entering the privilege route-map levelxset as-path prependx command in configure mode may cause the router to reload, even though the number after prepend is not necessary. The workaround is to not enter a number after prepend. [CSCdj37035]
When configured for SDLLC and using 11.0(10) or 11.1(5) and the remote SDLC device goes offline, it may be necassary to clear the LLC session on host end inorder to re-establish the session. [CSCdi70911]
QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]
When LNM is enabled on 4000 (or other series), it is possible that there will be a bus error leading to a crash. [CSCdi87220]
*** Release Notes ***
Multiple "%ALIGN-3-SPURIOUS: Spurious memory access made at xxxxx", are being reported by all DLSW+ routers running c4500-ir-mz.110-13 IOS. [CSCdj02472]
A memory corruption causes the router to crash when a NETBIOS DATAGRAM explorer is received by a Cisco 7200 router. This problem can occur for any non-explorer frame also. There is no workaround for this problem. [CSCdj04944]
Issuing the show lnm station command may cause the routers to reload, especially when the stations are getting in and out of the ring. [CSCdj09905]
The "clear counters" command will clear the interface counters but also clear the SRB local interface counters as well; the SRB local interface counters should only be cleared by the "clear source-bridge" command. [CSCdj10094]
Attachmate Advanced Function SDLC adapter is limited to 19.2 kbps on a Cisco 3600 asynchronous/synchronous port. Setting the clock rate above 19.2 kbps will eventually cause an abort in an I-Frame which inactivates the PU. The router SNRMs the device, but it does not respond to the UA from the Attachmate SDLC adapter. Issuing the clear interface command or the shut and no shut commands will restart the device.
Issue a show controller serial command, then look for the "residual indication count". If the counter is at "0," then this caveat is not the problem. If it is a non-zero value, then this caveat may the problem. [CSCdj17394]
When SRB and transparent bridging are both configured on two interfaces, Sr frames with an Ethernet type of 0x600 or 0x800 will not be forwarded and do not show up as source errors. This problem first appeared in Cisco IOS Release 11.1(12). [CSCdj18483]
A 1500-byte frame sent to the srtlb code is dropped because the srtlb mtu is set to 1492. [CSCdj18838]
Continuously issuing the appn ping command causes the router to hang indefinitely. [CSCdj19525]
When a PU is started via the "dspu rsrb start" command, traceback messages may be output if SRB debugging is enabled.
These traceback messages are warning of an internal problem but will not affect the operation of either DSPU or SRB.
Customers will not see these messages unless SRB error debugging is enabled. [CSCdj20528]
Removing an SDLC address before removing a the stun route for that address will cause the router to reboot with a SEGV exception. The workaround is to first remove the stun route then the sdlc address. [CSCdj20761]
The router may reload unexpectedly with a stack trace pointing to llc2_timer. [CSCdj21370]
On a Cisco 7200 router, duplicate ring entries may be seen in the RIF cache and when using the debug source bridge command. The duplicate ring entries lead to connectivity problems for end systems. [CSCdj21876]
This DDTS describes problem with Router SNA Service Point command response errors experienced with 11.1(12) and 11.0(14.4)BT. When we use the NetMaster "RUNCMD" facility to send an IOS "show" command to a router configured with SNA Service Point, one of the lines of output is split into two lines at a seemingly random point [CSCdj22139]
When using RSRB local-ack with priority queuing on a Cisco 7200 platform running Cisco IOS Release 11.1, a severe performance degradation has been seen. The root cause is an alignment error in the priority module. [CSCdj22593]
When RSRB with TCP encapsulation is configured and there are dead peers, an explorer packet may continuously try to open the dead peer. After several tries, the router may crash with memory corruption. The workaround is to remove any dead peer statements. [CSCdj24658]
When promiscuous or peer-on-demand peers are used and there are more than 100 circuits connected, a memory corruption crash may result when the promiscuous or peer-on-demand peers disconnect. The corruption occurs when circuit cleanup is delayed due to end station delay, LAN network delay, or high router CPU usage. [CSCdj26284]
Using 11.2.4 with qllc, npsi-poll, and rsrb, the router does not forward the null-xid from the host. The LLC session fails to establish.
Workaround is to configure using dlsw. [CSCdj26404]
appn image may restart because of a CPU HOG problem in processing a link failure event by the Directory Service appn process (xxxdns00) in an extreme condition when a lot of locate requests were pending with the node with which link failure has occurred.
There is no alternative workaround when this happens. The router is forced to restart by the system watchdog process (software-forced reload event).
The fix is to give up the cpu by the xxxdns00 process after processing certain number of requests at a time. [CSCdj26423]
DLSw may send NetbIOS NameQueries to the local attached ring instead of using the known rif when verifying the path for netbios-names. This appears only to the first NQ, subseqeuent retries are sent as explorers. [CSCdj27350]
DSPU router sometimes doesn't send SSCP-LU data to the terminal. It seems if router receives NOTIFY during handling SSCP-LU data(logon message), stops sending SSCP-LU data to terminal. [CSCdj28164]
Customer reports blank entries in a show dlsw reachability netbios.
Router1#sh dlsw reachability netbios-names DLSw NetBIOS Name reachability cache list NetBIOS Name status Loc. peer/port rif FOUND REMOTE 10.9.254.1(0) FOUND REMOTE 10.5.254.1(0) FOUND REMOTE 10.8.254.1(0)
These entries do not have any functional impact. [CSCdj28173]
DLSw local-switching from VDLC to LLC media does not work correctly in Cisco IOS Release 11.2. [CSCdj28900]
The timer that controls the daily cleanup of APPN topology and the 5-day rebroadcast of topology resources owned by this APPN node can fail after 45 days. At this time, other nodes where the timer is still functioning properly may age out the topology of the node with the failed timer after 15 days. Thus, after a total of 60 days, APPN routing failures and failed CP-CP sessions may result between APPN network nodes.
Because other network events (link outages, and so forth) can trigger a node to send a TDU, this problem will not necessarily appear exactly after a 60-day uptime -- it may occur much later or not at all. However, any APPN router running in the network for over 60 days is at risk for seeing this problem.
Stopping and restarting APPN will work around this problem until the next timer wrap, which can be up to 45 days, but may be less depending on the current value of the timer. Reloading the router will reset the timer and avoid the problem for an additional 60 days. [CSCdj29014]
A router configured for RSRB may crash with a watchdog timeout during low memory conditions and/or continual peer state changes. [CSCdj30381]
A DLUR router may reject unbind requests from the host if it has not received a bind response from the downstream LU.
If the downstream device never responds to the outstanding bind, the DLUR router will wait indefinitely and not free the local-form session ID (lfsid). This may cause a situation in which the host tries to reuse a lfsid after it has sent an unbind request, but the DLUR rejects the new bind request because it believes that this lfsid is in use. If the host continuously tries to use this lfsid which the DLUR believes is in use, then no new sessions can be established. This problem occurs only when the downstream device does not respond to a bind request. [CSCdj30386]
Sometimes the linkstations may get stuck in a XIDSENT state when an APPN linkstation fails and recovery is attempted.
Caveat CSCdi77040 provides a fix for this problem in the system side. This caveat provides the corresponding fix for APPN. [CSCdj30552]
A router configured with RSRB may crash upon RSRB keepalive failure if (and only if) SRB debugging is enabled.
The work-around is to disable SRB debugging or if SRB debugging is required, disable RSRB keepalives. [CSCdj31101]
DLSw is running between an IBM 6611 and a Cisco 4500 router running Cisco IOS Release 11.0(16). On the IBM 6611 side, the network is Token Ring. On the Cisco 4500 side, there is an Ethernet segment. SNA is working correctly, but some NetBIOS sessions do not connect. [CSCdj31233]
When using APPN/DLUR with the prefer-active-dlus configuration command specified on the APPN control point, DLUR may not properly connect to a backup DLUS in cases where the primary DLUS is available in the network but has the served PUs varied inactive. [CSCdj31261]
When using the len-connection configuration command on the APPN port and there are at least 30 XID3 devices connecting in through that port, a rare sequence of events of devices connecting and reconnecting can cause a reload. [CSCdj31264]
The DLUR router may display a display a spurious memory access during a pipe failure.
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60700B84 reading 0xA4 [CSCdj33097]
Any device connecting to APPN/DLUR that does not carry a cv0E with a CPname specified on XID (any PU2.0 and some older PU2.1 implementations) causes APPN to fail to release 536 bytes of memory each time the device disconnects and reconnects. Any device connecting on a port with LEN-connection defined also exhibits this behavior.
When memory is exhausted, the APPN subsystem may stop or the router may reload. [CSCdj33429]
appn stop needs a confirm statement so that the operator does not involuntarily stop the appn subsystem. [CSCdj33652]
When an LLC2 connection is configured to work over ATM LANE for DLSW, the connection succeeds until a retransmission is required, at which time it fails. [CSCdj34873]
Unable to enter XID option on an interface configured for QLLC & DLSW. [CSCdj35448]
When doing a passive open for a DLSw peer, the peer connection may fail due to an early capability exchange message. An error "DLSw: can't process CapExId until write pipe open" is reported. [CSCdj35489]
If the DLUR router received fixed session-level pacing values on the primary stage, it may modify these pacing values before forwarding the bind to the secondary stage. [CSCdj36195]
Router may reload when reverse-QLLC connections disconnect using QLLC/DLSw+. [CSCdj36613]
The problem would appear to be when a LU node specific node attempts to start a session with a set of invalid Bind parameters. This results in a locate-find ( with the bind in the CDINIT ) being sent through the Cisco APPN network to the end VTAM CP who rejects the Locate-Find with a 0835003A sense and sends this back with a control vector CV35 of minimum length 8 bytes to the originator via the Cisco APPN NN.. The APPN NN then rejects the frame with a 08953500 sense and drops the CP-CP session between the CISCO and VTAM CP's. [CSCdj37479]
A Cisco 4700 router crashed in ip_input because of a bad packet on the IP input queue. [CSCdi46479]
MultiChannel Interface Processor (MIP) 'no channel-group' command will causes router to reload if OSPF are configured. [CSCdi79844]
When the system is configured for transparent bridging, the interfaces specified in bridge table entries "hardwired" in the system configuration may be overwritten by dynamically learned interfaces. In other words, even though the system has been configured to believe that host A is connected to interface x, it may change its belief if it receives a packet from host A via interface y. This happens even if the system has been configured not to acquire bridge table entries dynamically. The changes are propagated into the system configuration when the configuration is saved.
This may have security implications for sites that are relying on hardwired bridge table entries to prevent MAC address "spoofing". The workaround for such sites is to use access lists to implement a similar security policy. [CSCdi86805]
On Cisco 2500 series routers, the Token Ring interfaces run FastMac Plus microcode version 1.28, even though the latest microcode version available is 1.61. [CSCdi93243]
Bridging from serial interface to fastethernet interface with ISL encapsulation fails because serial input queue is not cleaned up. [CSCdj01443]
This autoconfig procedure should only be used for running back to back tests with 2.1.9 f/w when using IOS versions 11.1(9)AA, 11.2(3), or above, and then autoconfig should be disabled or the modemcap changes removed for production (regular) operation.
Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#modemcap edit microcom_mfg_1 template microcom_hdms Router(config)#modemcap edit microcom_mfg_1 best-error-control 0-k0 Router(config)modemcap edit microcom_mfg_1 misc %g1%b28800 Router(config)#li 1 48 Router(config-line)#modem auto type microcom_mfg_1 Router(config-line)stopbit 1 Router(config-line)flow hardware Router(config-line)speed 115200 Router(config-line)parity none Router(config-line)modem InOut Router(config-line)#exit Router(config)#conf 0x2 Router(config)#exit [CSCdj04947]
Routers running RSRB from a Cisco 7200 or 7500 series router with a PA-4R Token Ring insert an invalid Token Ring frame check sequence (FCS) in frames sent to remote peers. The invalid FCS will cause data frames to be dropped on some remote peer routers. Affected remote peer routers are Cisco 2500 series, Cisco 4000 series, Cisco 4500 series, and Cisco 4700 series routers running Cisco IOS Release 10.2 or earlier. Other router models and routers running Cisco IOS Release 10.3 or later are not affected. [CSCdj21539]
When bridging IP and routing AppleTalk, assigning the bridge-group to the LEX interface causes AARP entries to disappear and become no longer resolved. [CSCdj22825]
Release-note Access-expression statements of greater than 128 bytes appear to corrupt data structures, causing bus error. [CSCdj25808]
IP Pool can hand out a duplicate IP address to peer if a user makes a mistake by assigning same IP address to an interface as well as pool. A workaround is to not make a mistake assigning same IP address between pool and interface, for example. [CSCdj27956]
When PIM is configured on a Fast Ethernet PA on a Cisco 7200, the interface enters promiscuous mode and receives all packets on the LAN, possibly interrupting unicast traffic between other stations on the LAN. [CSCdj28007]
When configured for greater than 10 HSRP standby groups, the active VIP FE card will not respond to packets destined to the virtual addresses for HSRP groups greater than 10. [CSCdj29466]
On an experimental image corresponding to 11.1(12.5)CA, it was observed that if one uses a point-to-point subinterface on the ATM interface of the CES card of the 7200, then IP connectivity will break if transparent bridging is configured on the subinterface (via the "bridge-group") command. IP connectivity can be restored by unconfiguring transparent bridging.
The workaround is to do RFC1483 over a PVC using a multipoint subinterface with a map-list defined. Using the map-group command on a multipoint subinterface does not exhibit breakage.
To tell if you have this bug, do a "show arp." If there is an entry for the other end of the PVC showing "incomplete" for the MAC address, then you have this bug.
It is not currently (8/14/97) not known what if any major revision images exhibit this behavior or not. [CSCdj34217]
An AS5300 system with Microcom and Mica modems can crash if fast ring is disable. The problem occurs because the code does not check for Microcom or Mica carrier card before accessing registers on the board, the current code prior to this fix assumes Microcom card.
This is a hard failure so mixed Microcom/Mica configurations cannot be supported with this bug present. Microcom 56K modems often work best with fast ring disable, so aggrevates the situation and further limits the working options.
In addition, a similar crash (same stack trace) was also seen with just Microcom modems, but this is much harder to reproduce. [CSCdj44456]
When ip multicast rate-limit is configured on an interface with no source and no group ACLs, rate limiting is not performed based on the total aggregate multicast traffic processed through that interface. [CSCdi74132]
Under unusual circumstances, EIGRP may reinitialize multiple peers when a stuck-in-active condition occurs, instead of just the peer through which the route was stuck. [CSCdi83660]
Under certain circumstances, if the Cisco router received a route with a lower rip2 metric, the router may go to hold down with infinite metric. [CSCdj15295]
Under certain circumstances, a Cisco router will interpret an ip packet which was broadcasted at the link-layer as an ip directed broadcast. Once the router determines that the original packet was a directed broadcast, it forwards the packet (the default behavior, ie, Cisco routers forward directed broadcasts by default) to any other interfaces that belong to the directed broadcast address.
Though the destination ip address of the original packet appears to be that of a directed broadcast, the router should not forward the packet as it is actually a link-layer broadcast. [CSCdj16052]
The exec command parser does not sanity check the combination of the global command
router(config-router)#area range
So for instance it is possible for a user to enter an inconsistent and on the command line, as shown: ========================================= A5-R2#config t Enter configuration commands, one per line. End with CNTL/Z. A5-R2(config)#router ospf 2 A5-R2(config-router)#area 150 range 161.68.24.0 255.255.240.0 A5-R2(config-router)#^Z A5-R2# =========================================
Note the parser doesn't complain that 161.68.24.0 is a network id that is inconsistent with the mask 255.255.240.0.
Workaround is to make sure that the mask and network id are consistent. In the example shown, either the netid should be "161.68.16.0" or the mask should be "255.255.248.0" [CSCdj16943]
A router may crash after the fifth EIGRP process is configured. CSCdi36031 is a related caveat. [CSCdj17508]
Private ASNs are not removed by the neighbor option in BGP if the AS path length is more than one.
This problem occurs when the AS_PATH has been created by using . The fix should be applied to the router originating the prefix, not the one stripping the private ASNs. [CSCdj19299]
When redistributing routes from one OSPF process into another if both the metric-type 1 and match internal parameters are used, then the metric-type 1 parameter is ignored.
For example, in the following configuration:
! router ospf 100 redistribute ospf 4 metric-type 1 subnets match internal network 136.96.0.0 0.0.255.255 area 0 ! router ospf 4 network 192.161.10.0 0.0.0.255 area 0 !
Routes redistributed into ospf 100 from ospf 4 would have metric type 2 instead of metric type 1.
A workaround is to use a route-map for the redistribution:
! router ospf 100 redistribute ospf 4 subnets route-map OSPF4 network 136.96.0.0 0.0.255.255 area 0 ! router ospf 4 network 192.161.10.0 0.0.0.255 area 0 ! route-map OSPF4 permit 10 match route-type internal set metric-type type-1 ! [CSCdj21048]
When configuring route-maps with set community, the sequence of the community strings have an impact on what the parser store in the config. If you specify well-known communities at the begin of the string they will override the rest. Problem happens with all 11.1 and 11.1CA images. [CSCdj24387]
Router will crash when it tries to flood bootp request packets that have been reassembled by the router.
The workaround (cumbersome, but will work) is ensure that bootp packets are not fragmented either by the bootp client or somewhere along the way. [CSCdj25137]
A router with equal cost paths to a unicast route, requires that all interfaces leading to that route be configured for PIM to have that route advertised via DVMRP. [CSCdj25619]
CPUHOG with ARP Input process observed due to arp_background. [CSCdj26681]
A DVMRP route may not be poison-reversed if a unicast route is present and is equal or lower distance but is recursive. This situation most often occurs with static unicast routes. Workaround is to either make the administrative distance of the unicast route worse or the DVMRP route better. [CSCdj26991]
If one specifies a value for minttl greater than 255 then traceroute loops when prompting for maxttl.
The workaround is to specify a value for minttl that is smaller than 255. [CSCdj27076]
When the router receives a PATH message containing an ADSPEC that has only Controlled Load information (i.e. the ADSPEC has no Guaranteed Service (GS) fragment), the PATH message is incorrectly flagged as being invalid and therefore dropped.
The workaround is to send an ADSPEC fragment that has GS info. [CSCdj27798]
This will let a route-reflector-client peer with RRs of more than one clusters and thus break away from the heirarchical topology. This is used in tie-breaking between the paths which are common upto and including IGP metric. [CSCdj28525]
The first unicast route is never included in DVMRP Reports on interfaces configured with ip dvmrp default originate. A workaround is to use ip dvmrp default only which still includes default in DVMRP Reports but does not include any unicast routes. [CSCdj30275]
When an administratively scoped boundary is configured on the incoming interface of a multicast forwarding entry, it does not send prunes upstream. As a result, traffic is continuously sent to the boundary router. Note this bug does not result in leakage of unwanted packets across the boundary. [CSCdj30423]
Major net summarization is incorrectly done if you have two equal cost direct connect interfaces.
clear ip rou * is the workaround. [CSCdj30971]
Regression bugs found by ARF requre us to do a paritial backout of CSCdi73194 until all regression problems have been found and fixed.
The following Cisco IOS Releases are affected: 011.001(012.004) 011.002(007.002) 11.2(07.02)P 011.000(016.001) 11.1(12.04)AA 11.2(07.02)F 11.0(16.01)BT 11.1(12.04)IA 11.1(12.05)CA and subsequent versions of those releases until this fix is integrated. Also relevant are other releases where the fix for CSCdi73194 got integrated. [CSCdj31496]
If the system receives an Assert containing a worse metric, the system may unexpectedly fail to send an Assert override. As a result, the wrong system may end up forwarding onto the LAN. In certain topologies this could result in loss of connectivity. [CSCdj32145]
Dense mode interfaces are not always populated in the outgoing interfaces of a multicast route. This was introduced by CSCdi25373. [CSCdj32187]
ALIGN-3-SPURIOUS messages may occur if the BGP SNMP MIB is polled when BGP is not configured. This error is cosmetic and will not affect the operation of the router. [CSCdj32320]
When doing a traceroute from the router to a broadcast network address, NO ICMP TTL Exceeded is sent back by the next hop Cisco.
ie trace 3.0.0.0 [CSCdj33761]
The system may occasionally perform rate-limiting by media type using the wrong port. This can occur when the sdr entry consulted by the system contains media descriptions for more than one group. [CSCdj34356]
Old incoming interface is not populated in the OIF during RPF transitions. [CSCdj34457]
An %ALIGN-3-SPURIOUS error message may result when issuing a no igmp static-groupgroup for a nonexistant group address. [CSCdj36795]
A router configured with more than one attached nssa area will crash after processing type 7 (nssa) LSA updates.
There is no workaround, other than to avoid configuring a router with more than one attached nssa area. [CSCdj37551]
When performing protocol translation from X.25 to LAT, spurious memory accesses may be seen in console messages as well as in the output from the show alignment EXEC command. [CSCdj18470]
When upgrading from Cisco IOS Release 10.3(7) on a Cisco 4700 router, an IPX EIGRP memory leak may occur when introducing Frame Relay on subinterfaces. The IPX EIGRP is increasing in the same quantity as the free memory is decreasing. [CSCdi62135]
A CPUHOG warning message may occur on a system when it is busy handling large numbers of echo packets, or discarding broadcasts messages which are not forwarded by an ipx helper-address. [CSCdj11342]
If Cisco IOS Release 11.1(10) is running with IPX NLSP, IPX EIGRP, and IPX RIP, and IPX EIGRP is redistributed into NLSP and vice versa, the router may reload when receiving certain NLSP updates and redistributing them into IPX EIGRP. [CSCdj11870]
If an ethernet fails in a manner similar to the cable being unplugged, the local XNS network stays in the table as "(down)" and a new path to that network is not learned. [CSCdj20438]
IPX fast switching might fail over a PRI interface, resulting in IPX client connections not being established over the PRI even though the IPX servers are visible. The workaround is to configure no ipx route-cache on the PRI interface. [CSCdj29133]
XNS does not learn the new non-canonical format of Token ring MAC addresses. It retains the old canonical format address for its node address. This would cause routing failure. The workaround is to disable and renable xns network on all the token-ring interfaces. This affects only RSP platforms and when you upgrade a XNS configured router from a version which has the bug CSCdi48110 to a version which has this bug fixed. [CSCdj29916]
the ipx ping-default command displays and accepts more options than the permitted "cisco" and "novell" options of the command. [CSCdj33364]
The ipx nlsp command "tag" option is not being displayed as an option, making routing between nlsp areas impossible. [CSCdj33746]
IPX NetBIOS and other broadcasts which might need to be propagated may be dropped if type-20-helpered is configured and an ipx helper-list is not configured. [CSCdj35497]
crash in tcp_removeackedsendsegments with address 0x0D0D0D11 [CSCdj10879]
In Cisco IOS Release 11.1(10), forwarding UDP broadcast packets to the helpered addresses seems to be broken. Cisco IOS Release 11.1(4) is not affected. [CSCdj13548]
An interface may become wedged with input queue 76/75. This is caused by both syslog and SNMP traps.
The workaround is to disable both syslog and SNMP traps. The commands to do this are no snmp-server hostip-address and no loggingip-address. [CSCdj27567]
New TCP connections may become stuck in SYNSENT state when router is low on memory. [CSCdj30008]
Issuing the write memory command may cause the system to reload while writing the VINES access list to memory. Issuing the write terminal or show vines acc commands may also halt the system. The workaround is to delete the configuration file and reconfigure the system. [CSCdi49737]
CMNS connections may suffer spurious X25 RESETS under traffic load. [CSCdi40875]
There is a problem that only affects the PPP reliable protocol. No other protocols are affected, such as HDLC. [CSCdi70242]
When "frame-relay map .." command is issued with "ietf" option and a map with same address already exists (static or dynamic), "nocompress" keyword is added at the end of command in nvram. [CSCdi82129]
When bridging from an interface with an MTU greater than the target Ethernet interface you may get the following message:
%LINK-3-TOOBIG: Interface Ethernetx, Output packet size of 1552 bytes too big"
followed by a traceback message.
Workaround is to set the MTU of the source interface to 1500. [CSCdi88531]
The loss of ISDN layer 2 connectivity with the central office should result in the generation of a syslog event and SNMP trap. [CSCdj04772]
The command ppp bridge ip is not supported on an interface configured with ip unnumbered . PPP half-briding requires a numbered interface. [CSCdj05835]
A BRI interface with frame-relay encapulation configured does not behave correctly. A call stays up for some seconds, LMI messages are exchanged, and as soon as the DLCI goes from INACTIVE to DELETED, the BRI is physically reset. Therefore, it is impossible to use Frame Relay over ISDN. [CSCdj09661]
Frame relay Inverse ARP is not sent over ISDN with frame-relay encapsulation. As a result, dynamic frame-relay maps aren't created. [CSCdj09679]
When a router receives a valid Frame Relay Setup message while the local SVC's map-class is not yet properly configured, the router crashes. The crash point and the stack trace may be like one of the following:
Packets which are exactly encsize long are not bridged. This means that TEST and XID frames will not be bridged. Instead, they are passed up to process level, which will respond to them. [CSCdj14748]
If a Group Async interface is configured with more than 20 lines than the lines after the 20th line will not be applied to the member interfaces after a unit (re)starts. All of the commands will show up in the 'show running' output. This defect will be removed in a future release of IOS> As a workaround, you can remove and re-enter each of the unapplied to the Group Async interface. [CSCdj14946]
The MAC address of an ATM interface in a router, instead of the actual MAC address of an end station connected to a LANE client, is entered in the ARP cache. This occures after several hours. The problem can be temporarily resolved by clearing the ARP cache of the router.
Other workarounds include removing bridging from lane subinterfaces, or disabling proxy arp or correctly configuring the subnet mask of end stations in a lane environment. [CSCdj19293]
I assumed some line troubles and disconnect the bri cable and place a call,the call was failed. Then I connect the bri calbe and placed call again toward the same distination but it was failed, The show dialer result showed me "dialer state is call pending". This dialer couldn't use after received a call from this destination. I think this bug correspond to CSCdi80876, it is still alive. [CSCdj19790]
Defect Description:
Upon bootup, OIR, microcode reload, & cbus complex restarts, the router shows CCBTIMEOUT error messages on VIPs that result in a disabled wedged status.
Conditions:
This has been seen to happen with bad PAs and PAs in a "not-ready" state. A PCI access is tried and the PA does not respond thus resulting in CCBTIMEOUTS.
Workarounds/Fixes:
Microcode reloads had limited success, but this fix of moving the PMA software fix should take care of the problem. [CSCdj21639]
ISDN BRI switchtype basic-net3 may incorrectly include an invalid diagnostic code in an outgoing RELEASE message after receiving a DISCONNECT message. [CSCdj25183]
Code was added to decode the CYA error registers on the VIP2 during a crash.
The new error messages for the CYASIC Error Interrupt register are:
"Forced Error Interrupt" "Bus Error from PMA on CYA master cycle" "Error in handling soft DBus data port" "Overflow of internal arbitration FIFO" "Unknown CYA eisr bit 0x08000000" "DMA Transmit Error" "DMA Receive Error" "Queueing Engine LOW Priority Interrupt" "Queueing Engine Program Memory Parity Error" "ORION re-used read-ahead register" "Readback from unused posted read" "Readback of bad posted read data" "Global Lock requested when unavailable" "CBus read during CBus stall" "Posted read not complete" "Overflow of ORION write FIFO to MEMD" "Illegal address from ORION" "Re-try at end of I/O Stall is not the same" "ORION re-used read-ahead register (Stall)" "Unknown CYA eisr bit 0x00001000" "Unknown CYA eisr bit 0x00000800" "Unknown CYA eisr bit 0x00000400" "Invalid byte enables from ORION" "Single idle cycle between packet bus grants" "Odd number of packet bus grant cycles" "Unknown CYA eisr bit 0x00000040" "Unknown CYA eisr bit 0x00000020" "Parity Error in data from Packet Bus" "Parity Error internal to CYA" "Parity Error in data from CyBus" "Missing ACK on CyBus access" "NACK present on CyBus access"
The new error messages for the CYASIC Other Interrupt register are:
"CBus Stall (raw)" "Stall Handling in progress" "CBus Stall (forced)" "CBus Stall starting" "CBus Stall ending" "Unknown CYA oisr bit 0x04000000" "Unknown CYA oisr bit 0x02000000" "Unknown CYA oisr bit 0x01000000" "ORION re-used read-ahead register (Stall)" "Unknown CYA oisr bit 0x00400000" "Unknown CYA oisr bit 0x00200000" "Unknown CYA oisr bit 0x00100000" "Unknown CYA oisr bit 0x00080000" "Unknown CYA oisr bit 0x00040000" "Unknown CYA oisr bit 0x00020000" "Unknown CYA oisr bit 0x00010000" "Unknown CYA oisr bit 0x00008000" "Unknown CYA oisr bit 0x00004000" "Exception Interrupt (forced)" "Unknown CYA oisr bit 0x00001000" "Unknown CYA oisr bit 0x00000800" "Unknown CYA oisr bit 0x00000400" "QE Interrupt (forced)" "QE HIGH Priority Interrupt" "Unknown CYA oisr bit 0x00000080" "Unknown CYA oisr bit 0x00000040" "DBus Interrupt (forced)" "DBus Interrupt" "Unknown CYA oisr bit 0x00000008" "Unknown CYA oisr bit 0x00000004" "Attention (forced)" "Attention" [CSCdj26377]
A workaround for this problem is to perform a "shut", "no shut" on the E1 controller that goes into this state.
For BRIMUX
Symptom ++++++++ When you shut down controller t1 while there is a V110 or modem call active, no more call can be setup to that port after T1 being broughtup. The first call fail for tomeout, all following call failed for "Request channel not available.
Conditions ++++++++++ It has to be V110 or modem call being active, digital call without this problem, and it only happen when there is no "RESTART" msg sent/receive when T1 brought up.
Workaround +++++++++++ You can shut /no shut T1 again when all the channels are idle to get rid of this failure state.
The fix ++++++++++ after the fix, the symptom gone. The code chenge has been reviewed by isdn-sw Aditi Chopra. [CSCdj26436]
The CHAP debug message which includes the text "Waiting for peer to authenticate first" will be output with an invalid interface name. [CSCdj27861]
increase range for x29 inviteclear-time
Increasing it to max possible using an integer i.e. 2147483 seconds which is approx 24.85 days. [CSCdj27903]
When per VC custom or priority queuing is configured prior to the initialization of the VC, the functionality is not correctly initialized and is not activated. [CSCdj28240]
Use of IPX with very large packet sizes may result in a memory leak when transmitting packets via PPP multilink. [CSCdj29387]
ATCP negotiation fails when an ARAP 3.0f1c4 client attempts to connect to an IOS access server. This was found during Beta testing of the ARAP 3.0 software. The actual ARAP protocol works fine, it is only ATCP which is failing. [CSCdj31323]
[CSCdj33756]
ISDN PRI interfaces may need to send an ALERTING message when answering incoming data calls. The modem calls currently send ALERTING and the data calls should be able to optionally support this message as well. [CSCdj36011]
When a PPP connection is disconnected due to a keepalive timeout (for example when the other end of the link is reset), the PPP internal state will be left in a confused state and be unable to negotiate with the peer. This will manifest itself as an interface where LCP is Open and IPCP and other NCPs are Closed.
This defect can be cleared by entering 'shut' followed by 'no shut' on the interface in question.
This defect was added to 11.2(8.1) and 11.2(8.1)P. It will be fixed in a later release of IOS. [CSCdj44339]
When an async interface is configured with a 'peer default ip ' and AAA Authorization is enabled, the async interface will fail to come up. [CSCdj45355]
This section describes possibly unexpected behavior by Release 11.2(7). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(7). For additional caveats applicable to Release 11.2(7), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(8).
ATCP and ARAP code will not work with all-router node addresses. NBP lookup to ATCP/ARAP clients may fail. There is no workaround. [CSCdj02390]
A router may prevent Macs from coming up because of duplicate provisional addresses. A work around is to issue the clear appletalk arp command. [CSCdj16510]
A special character in an AppleTalk zone name does not work correctly when using the appletalk static command. If the special character is between :80 and :ff, it will be changed in running-config. This change only occurs when using the appletalk static command. [CSCdj25241]
When using AAA, it is not possible to duplicate the precise sequence of prompts that dialup users have become accustomed to from using XTACACS. This makes moving from XTACACS to AAA problematic for users who do not wish to rewrite their dial-in scripts. [CSCdi42842]
Under some circumstances, the RADIUS CLASS attribute sent to a cisco during radius authentication may be corrupted when it is included in accounting packets originated by the cisco IOS. The MERIT radius server uses this as a "session-ident", and the corrupted values can cause problems in billing applications. [CSCdi63648]
When using an RSP, a "squeeze in progress" message may appear under the status info heading of the "sh flash all" command output. This does not appear to affect the operation of the router. [CSCdi83356]
The system may reload when writing a core file via tftp if the core file already exists on the tftp server. [CSCdi83485]
IP Accounting with Custom Queuing enabled appears to not produce the right numbers. [CSCdi89138]
ifSpeed for Subinterfaces will currently reflect the bandwidth setting of the primary (lowest layer) interface. Changes to the subinterface bandwidth via the cli command option will not be reflected in the snmp ifSpeed object instance for that subinteface. [CSCdi89245]
The Group-Async command will add a bogus entry into the ifTable. This entry does not reflect what is going on in the async interfaces combined under this group-async command. It applies only to the group-async itself (as in the internal logical structure). [CSCdj00853]
The router will transmit one MOP packet and one CDP packet out each shutdown ethernet interface as it boots. [CSCdj08753]
The tftp-server flash slotx:xxxxxx command does not work in Cisco IOS Release 11.1. The problem occurs somewhere between 11.0(14) and 11.1(1).
A workaround is to use the alias keyword>
client gets the following error, Accessing file "rsp-pv-mz.1666.kao.112.isp" on 10.1.1.1 ...NOT FOUND Can not open source file tftp:rsp-pv-mz.1666.kao.112.isp (TFTP read error)
Server debugs says, TFTP: Server request for port 7761, socket_id 0x60989170 TFTP: read request from host 10.1.1.2(7761) via Serial12/0 TFTP: Sending error 1 No such file [CSCdj09134]
This bug is seen only for asynchronous interfaces and may be caused by the following situations: 1. The configuration is read after a reload. 2. Asynchronous interfaces are configured via Group-Async commands but snmp-server is not yet running.
To work around this problem, do one of the following: 1. For scenario 1 above, reread the configuration, or go to the Group-Async interface commandline and configure no snmp trap link-status again. 2. For scenario 2, start snmp-server before configuring the no snmp trap link-status command. [CSCdj13769]
The 7200 will fail when trying to perform a copy tftp if the tftp server resides on a PC. In order for this operation to be successful, the tftp server must be a multi-threaded application (typically a unix machine). [CSCdj14349]
Configuring net/ov on a router that has the tftp-server flash slot0:xxx alias xxxx command configured resulted in a timeout. [CSCdj15425]
If one person is doing a write mem and another does a show config at the same time, the router may crash. Seems to be same as CSCdi51059. [CSCdj16985]
Distributed access-lists with a large number of statements may not behave properly when the RSP reloads. A workaround is to execute the microcode reload command. [CSCdj17068]
A dialout chat script which ABORTS under more than one condition, will always report the last condition as the cause. ie.
chat-script att-hayes ABORT ERROR ABORT "NO CARRIER" ABORT "BUSY" ABORT "NO DIALTONE" "" AT&FE0Q1 TIMEOUT 1 OK "pATDTT" TIMEOUT 45 "CONNECT" p
will ABORT on Error, No Carrier, Busy or No Dialtone, but always reports No Dialtone as the cause. Tested by reverse telnet to the modem and atdl redial last number to find true cause of ABORT. [CSCdj17447]
Too many accounting records are sent for a Multi-chassis Multilink PPP connection. [CSCdj17870]
Setup utility adds "modem chat-script" default command that is invalid, and rejected by parser. [CSCdj18729]
Control characters in chat-script commands that are specified using backslash-octal representation are not stored properly in the config. [CSCdj18869]
The default clogMaxSeverity was getting set at "notice" instead of "warning". [CSCdj19449]
When the NAS is configured for "single-connection", restarts of the tacacs+ daemon causes an ERROR event during the first subsequent authentication attempt. [CSCdj19491]
In RSP-based platforms, the following error may be printed with no accompanying diagnostic information:
%RSP-2-QAERROR: reused or zero link error, write at addr 0100 (QA) log 220100BB, data E9603440 E9603440
See bug CSCdj11175 for more information on the error message itself. This bug number tracks the lack of diagnostics only. [CSCdj19653]
With an async interface configured to do netbios framing over PPP on a router running aaa network authorization, the router generates an authorization request for appletalk. [CSCdj20013]
An ARAP session attempt causes NAS to reload when running AAA accounting with ARAP. [CSCdj21751]
When requested to send location, a telnet option, during telnet negotiation, router may respond with Modem Busyout as the location when the location command has not been configured and there are no modems present in the router. [CSCdj22167]
An AS5200 may reload if Van-Jacobsen TCP/IP header compression is enabled on the async interfaces. As a temporary workaround, remove the configuration line ip tcp header-compression. [CSCdj22168]
The debug modem command does not show any information about the creation of autoconfigure or chat processes. [CSCdj08482]
Currently no help is provided for the commands needed to complete a core dump via FTP.
You can't dump more than 16MB due to the limitations of most Unix TFTP servers. In fact, it dumps one block less than 16MB, because at 16MB the block number goes negative, which causes some TFTP servers to overwrite block 0, trashing the dump. At 32MB, the block number wraps back to zero, so the servers that didn't overwrite block 0 at 16MB will do so at 32MB. The router is defensive and only attempts to dump the first not-quite-16MB.
There are four configuration commands for FTP client support:
ip ftp username ! needed to be able to authenticate ip ftp password ip ftp source-interface exception protocol ftp
If a username and password are not configured, the router will attempt anonymous FTP.
Finally, you can watch the FTP dialogue with:
debug ip tcp ftp [CSCdj14292]
The autohangup command does not work if the user uses the rlogin command. Instead of being disconnected at the end of the rlogin session, the user will be presented back with the prompt (or the menu if you are using one).
A workaround is to use the telnet command in the menu, specifying the rlogin port value (513), which will cause rlogin to be envoked, for example menu test command 1 telnet myhost 513. [CSCdj16600]
A change to introduce a locking mechanism in the parser is preventing the virtual template interface configuration from being applied when the system is loading. This results in the incorrect application of commands to any virtual access interface which is cloned from the template.
The workaround is to enter the configuration manually after the system has booted. [CSCdj24440]
When certain configuration commands are entered, the configuration is locked and the commands cannot be executed. When this happens, the message "the configuration has been locked for more than 10 seconds. Please try again in a few moments" appears. [CSCdj24585]
When using RSRB/Direct, fast-switched, the output packet are counted twice on low-end platforms. Thus when doing a "show interface stat" the number under Pkts Out is twice the number of incoming packets. The code path reponsible for this double count has been identified. A fix has been tested and will be available in the next interim release pending approval of the release program managers. [CSCdi49232]
DSPU: Parsing code was changed to validate DSPU HOST names. ALL DSPU HOST NAMES MUST NOW BE VALID VTAM NAMES. Specifically, the names can contain only characters "A-Z", "0-9", or "$#@". Names must be between 1-8 characters in length and must begin with an ALPHABETIC character.
NON-CONFORMING NAMES WILL NOT BE ALLOWED IN THE CONFIGURATION. If the name conforms, the name will be used "as is" in the CP NAME field of the XID sent to VTAM.
Before this change, if characters other than A-Z and 0-9 were used in the DSPU host name, they were stripped out, e.g. "BRU#" became "BRU". DSPU host names will now be sent as defined, providing they conform to the naming convention.
This change applies to DSPU Host names only. DSPU PU names are not checked. [CSCdi57724]
Router crashes when issuing a show extended channel /2 llc stat if a "bridge-group n" is configured on this interface.
Note: The CIP does not support transparent bridging at this time and should not allow this command to be configured on the interface. [CSCdi81961]
When running TN3270 Server SHOW commands or accessing SNMP MIB variables related to CIP TN3270 Server, a Spurious Read message is displayed at the router console. This appears to have no impact on the operation of the router or the CIP. [CSCdi88047]
Configuring direct frame-relay on one remote peer and promiscuous on the other peer, results in peers coming up as Direct Fr on one and Direct Serial on the other. [CSCdi92441]
When an LNM queries the router with a report station address, the router answers correctly with a report station address. However, 0.001 seconds later, the router sends a second report station address to the LNM with all zeros in the frame. This causes the LNM to work incorrectly. [CSCdj04559]
Cisco APPN currently does not support undefined appn modes which may be used by end devices. It is required to configure the mode and associated class-of-service on the appn router.
This ddts will fix this problem by selecting a default COS (#CONNECT) when a BIND is received for an unknown MODE to the router. [CSCdj09309]
During certain race conditions, the DLUR router may hang the dlur/dlus pipe in a "pending inactive" or "pending active" state. [CSCdj10176]
The router may output SCHED-3-STUCKTMR message when SRB is configured. [CSCdj11419]
A system was restarted by the error "Software forced crash." The stack trace points to the LAN Manager process.
The current workaround is to disable LNM.
> [CSCdj11711]
Enhance APPN PING command to take optimal path though network every time the command is invoked not just on the first instance. [CSCdj12188]
Any existing sessions or circuits over the backup peer will be brought down immediately after the primary peer is up. This occurs even though the backup peer linger timer has been configured for a higher value. [CSCdj13159]
Source-routed frames with a destination address of FFFF.FFFF.FFFF will not be forwarded between Token Rings when SRB is configured on the router. Source-routed frames with destination addresses other than an all Fs broadcast address will be forwarded.
In some application environments, certain 3270 emulators will not direct a test poll to a specific media access control address and will use an all Fs address to create the frame. It is this all Fs frame in an SRB configuration that will not be forwarded by the router. This configuration impacts workstations that are attempting to connect to host devices. The broadcast frame will never leave the local ring.
Most emulators will use the destination media access control address of the host device to create a frame containing the test poll. With some proprietary implementations, the MAC address of the host device does not have to be known by the end device. [CSCdj13563]
DLUR does not currently display the PU name as known to VTAM on any of its displays. This needs to be added so that customers can effectively display, debug, and analyze dlur/ dlus problems. [CSCdj15432]
DLSw searching remote and local behavior was observed in Cisco IOS Release 11.1(11). A workaround is to not allow CUR frames to go from hub router to the peered (remote) router. [CSCdj16711]
When running Cisco IOS Release 11.1(11) with BSTUN configured, the router may reload under certain conditions. This problem may be minimized by configuring HOSTTIMEOUT to a large value. However, this will have a significant impact in detecting device outages. [CSCdj16888]
Cisco DLSw appears to shift the lf bits in the SSP header when peering to other vendors DLSw implementations. This may cause circuits to connect using a (smaller) non-optimal largest frame size or may cause cicruits not to be able to connect at all. [CSCdj17372]
Cisco 2522 routers running Cisco IOS Release 11.0(11) may have problems with the SDLC state machine. When a large amount of data is input into the router from a PU (for example, during a file transfer), the router may poll the next PU without receiving a poll final in a frame and without T1 expiring. The router may also expect data from the PU, even though it did not poll the PU.
A workaround is to ensure there are no unnecessary PUs configured on a line that is continually sending SNRMs. [CSCdj17630]
Changes in the dlsw icanreach configuration are not propagated into the remote routers reachability cache unless the peer connection is taken down. [CSCdj20162]
Buffers classified as linktype IBMNM may leak in the LNM process. A workaround is to disable the LNM process. [CSCdj20441]
Endstations that have LSAPs other than 0x04 will not work with FRAS/BAN. At present, the LSAPs are defaulted in the code to be 0x04. This poses a problem when a device with multiple PUs are defined on a single endstation with single NIC. Since there is only one mac-address associated with the single NIC only one PU will successfully establish a connection. [CSCdj20685]
The router is unable to link router with LAN Network Manager. [CSCdj20748]
When a directory cache entry exists for a resource and a broadcast search arrives for that same resource name, the intermediate node broadcast processing will delete the valid cache entry that existed previously. This defect will cause excessive locate broadcast traffic. [CSCdj21343]
If APPN directory services receives a search flow which contains a CV35 (extended sense data CV) which has data beyond the point that Cisco APPN recognizes it, Cisco APPN will reject the locate flow in error. [CSCdj21690]
The "show dspu pool" exec command requires the poolName parm but should display all configured pools if poolName parm is not given. [CSCdj21695]
Using the dlsw ring-list or dlsw port-list configuration commands can cause a SegV exception when executing the show dlsw reachability command. [CSCdj21894]
A DLSw+ crash will happen when the followomng occurs :
DLSw+ router A is connected to peer router C and is also peered to router B but is not yet connected to peer router B. Peer C can reach a specific resource (MAC address or NetBIOS name). Peer A can reach the same resource through a local interface. Therefore, at this point peer A can reach the resource both local and remote via peer C.
Now, Peer B has dlsw icanreachmac/netbios-name configured. When peer A connects to peer B, peer A will crash when trying to delete the dynamic reachability for the resource and replace it with the reachability learned through capabilities exchange with peer B. [CSCdj22327]
The DLUR router may get into a tight loop, in which it continuously retries to start the DLUR/DLUS pipe to the same DLUS without waiting the specified retry time. This problem could cause the router to crash or continuously display pipe retry messages without waiting the specified retry time. It may also result in high CPU usage. [CSCdj22330]
The source/target ring numbers in SRB debug are not always correct; sometimes the source/target ring numbers are reversed. [CSCdj22819]
When the first attempt to link a Cisco router with the LAN Network Manager fails, it is not possible to link this bridge again because of a hanging LLC2 session in status ADM. To clear this session, reload the router. [CSCdj23142]
With APPN/DLUR, caveat CSCdj18360 caused a regression in APPN images, which creates thrashing topology updates (topology war) for any topology with more than one CP-CP session. Cisco recommends that an image containing CSCdj18360 should not be used in an APPN network without also having this fix applied. All APPN images containing CSCdj18360 and not this fix have been deferred as production images. [CSCdj23165]
When using Remote Source Route Bridging with TCP encapsulation, an alignment error may appear when establishing a new connection.
This causes no functional problems for the router. [CSCdj23265]
To avoid getting bad refcount message at the time of router boot. [CSCdj23422]
Two trlane clients configured with the same mac address can join the same emulated token ring lan. [CSCdj23781]
Under certain circumstances, the router will fail to create a dynamic link station. The workaround is to restart APPN on the router. This is caused by a small buffer leak that occurs for each actpu processed by DLUR. After some time, enough buffers may be lost as to cause session failures and dynamic link station failures due to insufficent buffers. [CSCdj23782]
OSPF, EIGRP and other protocols may not work over FDDI. [CSCdj23804]
Len-connection mode of operation on an APPN port is designed to allow len-level connectivity between a DLUR and its downstream devices. Independent session activation (LU6.2) through ports with len-connection fails with the message "no route for session." This problem does not affect dependent session activation (LU 0,1,2 etc). [CSCdj24777]
During certain race conditions, an APPN router may crash with the following stack trace:
ReqActPU continuously fails with sense 8170001. This problem may occur when there are two parallel links to the same adjacent CP and the links are frequently stopped and started. The reason this may occur is because someone could try to activate a route over an inactive link. [CSCdj26027]
An APPN router may crash with the following stack trace:
606CD174[Qfind_front+0x24]
606C7D80[timer_process+0x300]
606C8070[csweotsk+0x1d0]
A router may experience this problem after displaying several messages when the output buffer was full. If the crash was related to displaying "incomplete definition in configuration" warnings, the workaround is too remove these incomplete definitions. [CSCdj26701]
While coming up the APPN link, if the other router doesn't have the appn started, the other router will reload. [CSCdj29550]
The "IP SNMP" process on a DLUR router may leak processor memory when executing the dlur mib. This memory leak may eventually cause the router to run out of memory and crash. A leak occurs everytime the dlur mib is run. The workaround is to not execute the dlur mib. [CSCdj31236]
In some cases, a Cisco 4000 router with Token Ring NIM and running xx-p-mz image displays the "%SYS-3-SUPNONE: Registry 6 doesn't exist" error message repeatedly on the console after bootup. [CSCdi70834]
On Cisco 7500 RSP platforms, FSIP serial interfaces may display the following panic messages on the RSP console:
If the string "0000800D" is included in the panic message, the problem is related to this bug. The workaround is to load a new image that contains the fix for this bug. [CSCdi78086]
4700 with unused PRI interface outputs the following message:
%SCHED-2-WATCH: Attempt to set uninitialized watched boolean
Workaround is to shutdown interface sx:15. [CSCdj01699]
The probrem occurs when use OIR with any interfaces with a sub-interface, e.g. 4T, 8T, 4E, on 7200 platforms, and is 7200 specific. After the OIR, the communication between two routers is stopped.
The workaround is to reload the router. [CSCdj02122]
7513 router received CBUS-3-MIPSTAT and SYS-3-CPUHOG error message at 11.1(9) rsp-jv-m version during the router initialization.
Confirmed by DE, Andy Vaz, this is not a duplicate with exist bug CSCdi75427 which only applies to 7000 and 7010. [CSCdj04751]
A Cisco 7500 series router may report spurious errors such as the following:
09:53:32.607 EST: %RSP-3-ERROR: MD error 0080008030003000
09:53:32.607 EST: %RSP-3-ERROR: SRAM parity error (bytes 0:7) 0F
09:53:33.363 EST: %RSP-3-RESTART: cbus complex
CyBus errors similar to the above errors have two known causes. If there are HIPs in the router and on the bus reporting the CyBus error, a race condition may exist with the HIP microcode on an oversubscribed bus. The workaround on dual-CyBus platforms is to move all the HIPs onto a CyBus that is not oversubscribed.
The errors can also be caused by the failure of a marginal CI arbiter board or an RSP board. As a result of this problem, all interfaces are reset, causing forwarding to be stopped for a few seconds. [CSCdj06566]
removing 10base/2 cable doesnt change the status of aui port. [CSCdj11247]
The Bridge ID may choose a Cisco random address even for the Ethernet interface which has the MAC address. It mostly happens in the first Ethernet interface. [CSCdj13302]
The VIP PA-4R was bridging frames that were aborted by the sender. The frame is now dropped when the abort is detected. [CSCdj13409]
When using Token Ring Adapter in a Cisco 7200 router, a very large number of receive errors on the Token Ring interface may cause the router to reload. [CSCdj16191]
An ARP/RARP packet is dropped on a Cisco 7000 ISL subinterface. [CSCdj17002]
Attempting to use a dispatch-machine on a "TTY" async line in milking machine mode (tcp connection to port 40xx) results in network traffic that contains only some of the characters from the async data, repeated in strange patterns. [CSCdj17075]
For high-end systems, the Token Ring SDE interface failed to translate the packet into a token or FDDI native packet. The ping packet will fail. [CSCdj19749]
When using Integrated Routing and Bridging with a BVI interface, AppleTalk routing through an Ethernet port will fail. [CSCdj19903]
The FDDI PA versions that support CAM are properly recognized before attempting CAM operations. CSCdi51248 must also include CSCdj23259 to avoid problems with old FDDI hardware. [CSCdj23259]
When the command ip default-network is removed, the Gateway of last resort is not removed from the routing table. [CSCdi76285]
Cisco 4500 routers may not correctly policy-route when serial subinterfaces are configured and the fast-switching cache is populated. The workaround is to disable fast switching on all interfaces. [CSCdi86063]
icmp redirect is not sent if icmp type of incoming packet is echo-reply [CSCdj00809]
IP transmit accounting not done for wfq/backing-store packets [CSCdj02741]
A router may reload if it receives an ARP request frame from a token ring interface and the frame has been incorrectly formatted as a frame relay ARP. ARP request frames that are correctly formatted for IEEE LAN media will not cause this problem. The only workaround is to remove the station sending the illegal frame from the network. [CSCdj05170]
Under certain conditions a static route with a next hop reachable via a static interface route is not installed in the routing table. [CSCdj08220]
A BGP router running experimental code and configured using the soft configuration feature may accept a path with its own autonomous system. [CSCdj11588]
Type 7 LSAs from a NSSA OSPF area may not be translated to type 5 LSAs in the backbone when crossing a virtual link. [CSCdj12181]
A locally joined group configured with the ip igmp join-group command may lose its local status if either one of the following occurs:
1) the RP which services the group was statically configured with the ip pim rp-address and the configuration is removed and then readded, or 2) the group is deleted with the clear ip mroute command.
A group is considered to have local status when the "L" flag appears in show ip mroute. If the "L" flag is not set for the Auto-RP Discover group (224.0.1.40), the system will not process Auto-RP Discover packets and will not have the correct group-to-RP mappings. [CSCdj14929]
An ICMP redirect will not be sent if there is a destination IP address entry in the fast cache. An ICMP redirect is only sent when the packet is process-switched. [CSCdj16708]
Systems to which there are either directly connected sources or receivers or both may inadvertently result in group state becoming sparse, even though ip pim accept-rp is configured to reject the use of a RP for that group. There is no workaround if the group to RP mapping is learned dynamically via Auto-RP. [CSCdj16823]
After a configured numbered IP access-list is removed from configuration, a "SHOW ACCESS-LIST" will display the access-list's type and number until next reload. [CSCdj16910]
Using the show ip bgp neighborsaddressadv with the route-map deny community command does not work. [CSCdj16922]
Router drops packets with IP option 0x86 (CIPSO) rather than forwarding them. [CSCdj17249]
A Cisco 4700 running Cisco IOS Release 11.0(3) or 11.1(10) fails to route a subnet directed broadcast as a 255.255.255.255 broadcast back out the same interface it received it on if the subnet is defined on that interface.
host src=131.86.169.85 dst= 131.86.171.191 should be sent to MAC address e0 and then IOS should route the packet back to e0 which should put it back out on the wire as a 255.255.255.255 broadcast.
The end target is on a subnet on the e0 segment and listening for 255.255.255.255 packets. It is not heard when sourced from one subnet and directed to another subnet on the same segment. [CSCdj18292]
When first configuring IP policy routing on an interface, the requested policy routing will not take effect if the destination IP address is already in the IP route-cache. The workaround is to process the clear ip cache command after configuring IP policy routing. [CSCdj18345]
The system may reload if AppleTalk is enabled on ATM interfaces. No workaround is available. This caveat is introduced in 11.2(6.2) and the related caveat is CSCdj16317. [CSCdj18531]
Multicast groups are sometimes pruned when the router has locally joined the group on the incoming serial interface. Workaround is to configure this on another interface. [CSCdj19385]
Under certain conditions, the EIGRP variance command may not remove routes that have a higher next hop metric. To resolve the problem, issue the clear ip route command. [CSCdj19634]
IOS changes the order of lines in ip access-lists. The change doesn't effect the passing of packets but causes problems for configuration management systems that compare config files.
The config can randomly change after reload if a "wr mem" is issued prior to reload. [CSCdj19726]
The command "show traffic-shape queue" has been added to Interface Independent Traffic Shaping. [CSCdj20237]
A Sparse group does not become Dense when the RP goes down and there is no replacement RP. Issue a clear ip mroute group for the affected group to work around the problem. [CSCdj20512]
Multicast prunes sent on serial links give priority to Non-RPF rather than RPF prunes. No workaround till this bug is integrated. [CSCdj20857]
In some cases a CGMP Join message sent by the system may contain a bogus IP Multicast address. This includes cases where the system has detected a mrouted-capable router on a LAN connected to the interface, and when the system is configured with an ip igmp join-group or ip igmp static-group command on the interface. [CSCdj20903]
The IP route associated with an OSPF virtual link is not updated, or is very slow to update (30 minutes) when the virtual link is re-routed over a lower cost link. When this occurs, the output of show ip ospf virtual-link will show a different next hop than show ip route.
The impact is that backbone transit traffic is routed over a slower link when a faster one is available. Manually removing and re-adding the virtual link will cause the route to be updated immediately. [CSCdj21134]
The system may erroneously prune a point-to-point input interface if no packets were successfully forwarded out any interface due to IP TTL thresholding, outbound access list control or outbound rate limiting. [CSCdj22078]
Routes come back that are injected and then take precedence over the unicast route. Then the unicast route stops getting advertised. There is counting to infinity with no reachability in the meantime then the route starts back again. [CSCdj22506]
There are cases for sparse-mode groups, that an olist interface may get inadvertently deleted from an (S,G) entry. This can happen when the router is on the border between a DVMRP domain and a PIM-SM domain. The situation occurs when a member joins and then leaves group G on the interface where there is a DVMRP neighbor present. This can also occur if a PIM neighbor becomes active and then inactive on that same interface. [CSCdj23572]
There is no easy way to set OSPF route adminstrative distance based on route type. The current method is to use distance command with access-list to selectively set adminstrative distance based on route prefixes, which is very inconvenient and result in huge configuration.
This fix introduces a new command distance ospf which allows the customer to set the distance of intra-area, inter-area and/or external routes with a single command. [CSCdj23621]
There was only one OSPF neighbor allowed on a GRE tunnel interface. This restriction should not be there and is removed. [CSCdj24308]
If NHRP cache has more specific entry then route entry, the NHRP route lookup will fail and result in keep sending NHRP request. [CSCdj25042]
When a router is no longer the DR, it should not keep a sparse-mode interface in its outgoing interface list, even if a connected group member exists on that LAN. The sparse-mode interface should expire unless it is refreshed by a join message from a downstream router. [CSCdj25373]
When a router running RSVP receives a PATH message containing an ADSPEC, and the ADSPEC has a Guaranteed Service (GS) fragment with zero length, the router ends up copying more bytes than necessary. This results in a modified ADSPEC that contains invalid information; if this ADSPEC is passed on to the next downstream router, the downstream router may crash.
A workaround is to send an ADSPEC with a non-zero length GS fragment, such as one containing valid GS information. [CSCdj25441]
When service password-encryption and BGP neighbor passwords are configured, TCP resets for the neighbor connections will contain invalid MD5 signatures. When this happens, the recipient of the reset will log the following error message:
%TCP-6-BADAUTH: Invalid MD5 digest from :179 to :11256 (RST) [CSCdj25706]
Turning on IP routing after assigning IP addresses to the interfaces does not take effect.
The workaround is to turn on IP routing and then assign the IP addresses to the interfaces. [CSCdj26052]
The following problem has been observed when: a router is configured to be a L1-only ISIS router and there are only interfaces with "ip router isis" configured and no interfaces are configured with "clns router isis", then: the L1-only router will not be able to find the closest L2 router so this router can not send IP traffic to or via the (L2) backbone.
The workaround is to configure "clns router isis" on at least one of the interfaces, maybe just a (random) loopback interface.
Imporved behaviour. Before this DDTs, a L1-only router would only installed a default route to one closest L2 router. After this code change, a router will do full loadbalancing over multiple equal-cost paths, if there are more then one closest L2 routers. Also, a L1L2 router that gets disconnected from the backbone, will now find another L1L2 router that has not lost contact to the backbone. [CSCdj06150]
Use the "set-overload-bit" router isis subcommand when you want this router to signal other routers not to use it as intermediate hop in their SPF calculations. The result will be that no paths through this router will be seen by other routers in the ISIS area. However, IP and CLNS prefixes directly connected to this router will be still be reachable.
This command can be useful when you want to connect a router to an ISIS network, but don't want real traffic flowing through it under any circumstances. Examples are: 1) a test router in the lab, connected to a production network 2) a router configured as an LSP flooding server, e.g. on an NBMA network, in combination with the mesh-group feature. 3) a router that is aggregating VCs used only for network management. In this case the network management stations must be on a network directly connected to the router with the set-overload-bit feature configured. [CSCdj18100]
In a multi-vendor environment it is possible that cisco routers complain about LSP checksum errors on purged LSPs. Some vendors recompute the LSP checksum on a purge, some don't. Cisco routers do recompute, and they expect other routers to do the same. According to ISO 10589, par 7.3.16.4, note 32 says we should always accept purged LSPs, even when the checksum is not correct.
This problem can not cause any real world problems (like routing loops), but LSP will stay (unconnected, so unused) in the LSP database until they timeout. [CSCdj18556]
Under certain circumstances a router running ISIS in IP mode may crash. First CLNS-3-ONLIST and CLNS-1-LINKERR errors will show up. Then a short period of time later the router will seem to hang for 60 seconds. Then the router will crash with a watchdog timer error message.
The most common cause for this crash is misconfiguration of IP addresses of different routers connected via a common link. E.g. one router on an ethernet has IP address 10.1.1.1/24 and the other has 192.31.231.16.
The workaround to prevent this crash is to make sure no mismatch in IP addresses are occuring.
This bug was introduced by the fix for CSCdj03684: IS-IS can leave wrong route in routing table. [CSCdj21555]
When two routers are connected to the same destination, outbound IPX fast switching on dialer interfaces does not work on the more recently connected interface. Under certain circumstances a system reload may occur with traceback pointing to ipx fastswitching. The workaround is to turn off fast switching on the DDR interfaces using the no ipx route-cache command. [CSCdi78766]
XNS routing over non-LANE ATM interfaces creates a cache entry which is never used and never freed; this may result in memory starvation. A workaround is to disable XNS route-cache on the non-LANE ATM interfaces. [CSCdj09666]
IPX cache corruption occurs when you have two Fast Ethernets in a VIP carrier (one configured for ISL) connecting to a single server with dual NIC's (different external numbers, same frame type), and IPX max-paths set to 2. A workaround is to disable fast-switching for IPX. [CSCdj17470]
When LANE is configured on an ATM interface, IPX may be using the wrong encapsulation type (SNAP) rather than the default (NOVELL_ETHER) after the router is reloaded. [CSCdj21874]
Service type is a two byte field. But IOS CLI accepts upto 4 bytes, and in reality uses just the truncated two bytes. [CSCdj22787]
Apollo packets arriving on an interface not enabled for Apollo, while Apollo is anabled in the unit, may accumulate on the interface input queue and are not discarded or processed causing the queue to fill. [CSCdj27002]
sh ipx eigrp topology for an IPX route has the wrong unit of measure, in nanoseconds. It should be shown in usec. [CSCdj27035]
Sometimes a TCP control block structure is mistakenly freed during timeout processing, and the next reference to the structure will cause the router to crash. [CSCdi91097]
Under certain circumstances, a Cisco router may improperly handle being in the FIN_WAIT2 state. Instead of continuing to process information, it will ignore incoming data, including the FIN the other side may send to complete the TCP close. Therefore, it will remain in this state for 10 minutes and then close by itself. [CSCdj17461]
When running the Enterprise version of the Cisco IOS software, the router may not forward UDP broadcasts and UDP unicasts. [CSCdj21684]
When 'no vines time participate' is configured on the router, the router no longer responds correctly to vines time requests. This results in mail messages from clients on serverless segments having timestamps that are 3 hours earlier than the time configured on the router and vines server. [CSCdj13232]
The "clear counters" command doesn't clear the counters on the T1 controllers. [CSCdi88438]
The Frame Relay traffic shaping and per-VC queuing features do not operate correctly. When you configure the frame-relay traffic-shape command, the required initialization does not occur as expected. The result is that the specified rates for transmission are not observed and the defined queuing method is not properly configured. There is currently no workaround. You are therefore advised not to configure this feature. This problem does not affect the interface-independent traffic shaping function. [CSCdi88662]
The line status is coming from the reception of valid cells. Customer complained about E3 which we tested but the problems are similar with oc3. In that case, we expect the router to set line down if it receives FERF info from the switch. This allows when connecting two ls1010, to have the same line status on both sides. [CSCdi91293]
PPP CHAP authentication has a serious security vulnerability that allows a moderately sophisticated programmer, armed with knowledge of the vulnerability and some basic information about the network to be attacked, to set up unauthorized PPP connections. There is no workaround. Customers who rely on CHAP authentication should upgrade their software to avoid this problem. More information is available on the Worldwide Web at http://www.cisco.com/warp/public/770/chapvuln-pub.shtml. [CSCdi91594]
SegV crash in RSP2.
This problem causes a crash in situations where SDLLC is used. If a connection comes in over LLC2 for a device configured for SDLC, and the line or station isn't up, or doesn't accept the connection, this crash may occur. [CSCdi92210]
After a data-direct VCC is created, the ATM-SIG input holding value increases. After it is cleared by a timeout, the ATM-SIG continues to hold onto memory, causing a memory leak. [CSCdj02779]
A problem seems to exist with the lower bound of the frame-relay broadcast queue parameters. [CSCdj04561]
Following an email regarding traffic shaping on the 4x00 NIM on cs-atm, I made some tests. It appears based on these tests that - when PCR=SCR, the NIM has a throughput of about 10..15% below configured values. - values of throughput obtained when changing PCR/SCR for an existing pvc may be different after a reload compared to a dynamic change without reload. [CSCdj14906]
A system may reload when a bundle is disconnected while receiving data. [CSCdj15340]
Broadcast packet is not sent over frame-relay over ISDN (BRI & PRI) interface resulting in loss of ip routing. Following error message is generated- %FR-3-INCORRECT_INT: Incorrect output (sub)interface [CSCdj16593]
Occasionally, an RSP router running Cisco IOS Release 11.1 would crash with invalid pointers. This problem has not been identified on other platforms or other software releases. [CSCdj17033]
Under a high CPU load, it may be possible for the number of active calls and the number of available B channels displayed by the show isdn status command to be incorrect. Duplicate caveats are CSCdj23944, CSCdj27419, CSCdj15811, CSCdi82010 and CSCdj28147. [CSCdj18895]
The
"atm multipoint-signalling"
interface subcommand is currently only available on the main ATM interface. The effect is that signalling behavior, point-to-point or point-to-multipoint, for all clients on all subinterfaces is determined by the command on the main interface.
Clients on different subinterfaces can have different behavior, specifically 1577 requires point-to-point, and PIM allows point-to-multipoint, the command should be on a per subinterface basis.
***************** Special Configuration Note ********************
Users will have to enable the "atm multipoint-signalling" command on all those subinterfaces which require it. Previously they only needed to enable it on the main interface. [CSCdj20944]
This memory allocation error problem occurs after a large number of modem calls to an AS5200 configured for PRI ISDN. After the AS5200 starts to generate a number of these memory allocation error messages, calls cannot be answered.
The following are indicators that may be used to determine if the AS5200 is encountering this problem:
1) When the AS5200 runs out of memory, MALLOC Failure messages will be displayed similar to the one below:
2) Below is an example of the output from "show process" command. If there is no process by the name "ISDN" in the list, and if the customer starts to see SYS-2-MALLOCFAIL error messages, then you know that the memory leak was caused by the bug reported in this ddts.
Router#show processes
CPU utilization for five seconds: 16%/8%; one minute: 23%; five minutes: 22%
3) Below is an example of the output from "show isdn history" command. If there are more than 46 entries marked "Active" in the list, then you can tell that the memory on this router is leaking due to the bug reported in this ddts.
Router#show isdn history ------------------------------------------------------------- ISDN CALL HISTORY ------------------------------------------------------------- History Table MaxLength = 100 entries History Retain Timer = 15 Minutes ------------------------------------------------------------- Call Calling Called Duration Remote Time until Type Number Number Seconds Name Disconnect ------------------------------------------------------------- In Active(1312) In Active(1238) In Active(176) ------------------------------------------------------------- [CSCdj21944]
VIP2 packet bus parity errors are not reported. [CSCdj23431]
A Cisco Access server may fail to start PPP mode for dialup connections when the line is configured with the autoselect ppp command. This results in the dialup connection getting dropped.
To work around this problem, do one of the following:
- Use async mode dedicated if no login is required.
- If a login is required, configure no flush-at-activation, change the q2 register in the modem database, and configure modem autoconfigure type. [CSCdj25443]
Routers running with x25 routing enabled on releases after 11.0(14.1), 11.1(10.1) and 11.2(4.4) are susceptible to the router processor pausing indefinitely when malformed connections are made to the X25-Over-TCP (XOT) port. If this occurs, the router must be reloaded to recover.
The following error message can be seen scrolling on the console if the router is in the above state:
This does not seem to occur in a normal XOT switching environment. [CSCdj25846]
Some PC based PPP clients are not correctly autoselected into PPP mode by the Cisco Access Servers. This results in numerous drop calls. This problem is usually noticed when an automated dialer is used.
The workaround is to configure the asynchronous interfaces using the async mode dedicated command. Sometimes, adding a second or two delay in the automated dialer's script also fixes the problem. [CSCdj26647]
This section describes possibly unexpected behavior by Release 11.2(6). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(6). For additional caveats applicable to Release 11.2(6), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(7).
The number of modems showing in sh line output is dependent on the modem card carrier and not on the actual number of modems in the modem cards. [CSCdi92848]
When using ARAP on a terminal server users may experience issues with modem answering calls with no connection. Messages similar to the following may be displayed on the console:
%SYS-2-MALLOCFAIL: Memory allocation of 41394 bytes failed from 0x35DD24E Traceback= 30E83CC 30E94CA 35DD25 35D8CBE 35DCD5C 35D9CF0
This occurs primarily under heavy load. [CSCdi79459]
The ability to route AppleTalk with EIGRP on the 1005 was present in 10.3 and 11.0 but is not in 11.1. [CSCdj09990]
Spurious memory access may occur due to uninitialized idb sub-block. There is no work around. [CSCdj12071]
Memory leak can occur when an ARAP user fails to connect due to initialization failure. [CSCdj14393]
AppleTalk may crash on the 4000 platform due to low stack. There is no work around. [CSCdj15680]
CSCdj12071 broke arap. There is no work around. [CSCdj17092]
The no transmit-buffers backing-store command appears spontaneously on non-ciscoBus interfaces. [CSCdi38692]
In RSP-based Cisco routers, a CyBus transaction with bad parity can cause a cache parity exception and system reload. This problem is rare but is more likely to occur in routers that have many active interfaces, each with moderate to high traffic load. [CSCdi47784]
Configuring advanced queuing algorithms on a 7000 caused failures in IP Multicast Fast switching. Workarounds: 'no ip mroute-cache' or 'no fair-queue'. [CSCdi65270]
HTTP Proxy Servers and MS Internet Explorer (see CSCdi67032) encode '' as '%5c' when submitting a URL to the router; the router does not decode encoded characters. [CSCdi78160]
Router crash with bus error when doing rcmd command [CSCdi90095]
On a system that is configured with multiple TACACS server hosts, when the directed-request servers are down, the router traverses the entire list of configured TACACS servers before determining that TACACS is not available to use for AAA.
To disable this, use the command: tacacs-server directed-request restricted
When this command is used, then no fail-over occurs, and the directed-request fails (however see tacacs-server dns-alias-lookup). [CSCdi92011]
the command tacacs-server retransmit 0 is currently available under aaa new-model and this command is only valid for tacacs not tacacs+ and therefore should be removed when aaa is enabled. [CSCdi92014]
An error in the command structure would allow meaningless show ip cache commands like "show ip cache flow cbus optimum" to be entered. [CSCdi93093]
When a squeeze or dir command is issued for a flash device, commands to other flash devices must wait until it completes. These commands take a global lock when only a per-device lock is required. [CSCdj01685]
When ntp broadcast client is enabled, packet buffer leaks may occur unexpectedly. Deconfigure the command if this condition occurs. [CSCdj03162]
When using compresssion and traffic shaping over frame relay, the traffic shaping uses uncompressed data volumes to calculate load. [CSCdj04312]
The message:
%SYS-3-SUPNONE: Registry 23 doesn't exist
May appear at boot time. The message is displayed in error, and there is no operational effect on the router. It can safely be ignored. [CSCdj04776]
The command debug tacacs returns the error "Received unsane data from server" when there is a key mismatch between the NAS and the tacacs+ daemon. [CSCdj06384]
Release-Note:
The 'copy tftp' command does not appear to work correctly on a router that is running late 11.1(x)CA code. The router on which the command is issued attempts to locate the file from it's own local flash card, without trying to find the TFTP server. This has been verified to affect 11.1(8)CA1, 11.1(9)CA, and 11.1(10-6.4)CA IOS. [CSCdj09479]
The nexthop address in the flow data export record was incorrectly being outputed as 0.0.0.0. [CSCdj09896]
Encapsulation Frame-relay cisco is fast-switching. The workaround is to use encapsulation frame-relay ietf. [CSCdj11883]
If a radius server returns no attributes at all, the system will let a dialup client choose whatever address it desires. To prevent this, always include the radius attribute Framed-IP-Address set to the value 0xFFFFFFFE (255.255.255.254) so that the NAS will enforce an address according to its configuration. [CSCdj12198]
Under certain circumstances alignment warnings may appear when fastswitching with custom or priority queueing enabled.These warnings signal that extra CPU cycles are necessary to process the packet. Despite the warnings, the packet is still switched correctly. [CSCdj12269]
The interface config command "no ip route-cache flow" on RSPs and 7200s would not reenable the default optimum switching. [CSCdj13424]
Even if the rlogin command command has its privilege altered to level 0, it will still be treated as though its privilege level is 1 by AAA command authorization. [CSCdj14206]
Release-note:
Configuring a byte-count larger than 65535 for a custom queue does not work correctly. When a value larger than 65535 is used the resulting command in the configuration will not display the value which was set for the queue. [CSCdj14347]
If a Cisco Catalyst 3000 on an adjacent network does not have a protocol address configured and it sends CDP updates, the router may be reset when the show cdp neighbor detail command is used. [CSCdj15708]
When the user enters
show cdp entry version protocol the response only contains the protocol, the version is missing.
The user can type in show cdp version to get the software version of its neighbor, but the additional request of asking for the protocol suppresses the version information [CSCdj16148]
This DDTS enhances the displayed error message upon a Cache Parity exception error. It now displays the virtual address that got cache parity exception, and also saves the console error message in NVRAM for systems with 11.1(2) Boot Rom monitor for subsequent retrieval of error message via a 'show context' command. The failing address reported by 'show version' for processor memory parity error still remains to incorrect value 0x0.
SAMPLE CONSOLE OUTPUT ===================== Error: primary data cache, fields: data, physical addr(21:3) 0x1585E8, vAddr(14:12) 0x0000, virtual addr 0x609585E8 *** System received a Cache Parity Exception *** signal= 0x14, code= 0xa01585e8, context= 0x608dfa00 PC = 0x600f5844, Cause = 0x2020, Status Reg = 0x34008002 DCL Masked Interrupt Register = 0x000000bf DCL Interrupt Value Register = 0x0000001c MEMD Int 6 Status Register = 0x00000000
This does not seem to cause any problems. [CSCdi29750]
QLLC cannot use X.25 PVCs for DLSw+. The workaround is to use RSRB or to use X.25 SVCs. [CSCdi58735]
Router puts 1000 product ID in NMVT, which should be 7500 or 7000 depending on the router. [CSCdi66847]
The CIP show command, show ext ch x/2 llc statlmac * rmac should display statistics for all CIP LLC2 sessions between the selected lmac and dmac. Instead, this command displays all LLC2 sessions for the specified lmac. The user can specify the lsap in the command to display the CIP LLC2 sessions between lmac/lsap and rmac as a temporary workaround. [CSCdi67133]
Running either CMPC or TN3270 and CSNA on the CIP can cause the Router Process (RP or RSP) to mistakenly think that the CIP virtual interface, /2, is stuck or hung. The result of this is that the RP/RSP will either reset the CIP virtual interface or reset the Cbus complex. Resetting the CIP virtual interface will cause all sessions using the virtual interface (CSNA/LLC2, TN3270) to fail. Resetting the Cbus complex will cause all sessions (CSNA/LLC2, TN3270 or OFFLOAD/TCPIP) on all every CIP in the router to fail. [CSCdi82710]
Certain interface processors send up a set of logger messages which contain the details of a fatal error condition that has been detected on that card. Under some circumstances, the IOS resets the card before all the messages have been retrieved and displayed. This results in a loss of useful information necessary to debug the fatal error that occurred on the interface processor. [CSCdi86708]
When doing a show lnm station all stations are displayed even if you shut down the token ring interface over which they were learned.
These entries do not time out. [CSCdi88082]
Source-route bridging over FDDI may not be passing all frames following the spanning or all-routes explorers. This problem occurs in Release 11.2(9). A workaround is to run Release 11.1(8)CA1. [CSCdi92160]
The DLUR router should not tear the downstream link down when it receives a dactpu "not final use" for the downstream pu. [CSCdi92973]
When both BNN and BAN sessions are configured on the same SLDC interface, all sessions will come down when the user deconfigures the BAN sessions. This is disruptive to existing BNN sessions.
The fix corrects the deconfiguration by only taking down BAN-SDLC sessions. Testing the changes are straightforward. Do the BNN-SDLC sessions stay up when deconfiguring BAN? Test results prove that they do. [CSCdj00497]
The SDLC output queue can get stuck if the sdlc line-speed command is not set or if it is set to an incorrect value. The symptom is that the router stops sending SDLC frames out the serial interface, resulting in SNA session drops. The interface needs to be recycled or reset to clear the condition. The workaround is to configure the sdlc line-speed parameter to be equal to the actual line speed being used. [CSCdj01434]
The Cisco 2520, 2521, 2522, and 2523 routers may report SDLC abort frames on low-speed ports that do not get reported on the high-speed ports or other platforms. This is because the low-speed ports count all aborts and the high-speed ports and other platforms count only aborts that are longer than 2 bytes. This is cosmetic and does not result in retransmitted frames. There is no performance impact. It is merely an indication that the transmitting device is sending erroneous bits after the trailing flag. These bits are simply ignored. No workaround is necessary. [CSCdj01488]
A router configured for DSPU may crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdj02005]
APPN links over RSRB may not connect if started simultaneously. Work-around is to start only one side of the link or the other. [CSCdj03501]
In certain cases where the LU gets disconnected, VTAM could get stuck in PALUC state since the DACTLU was not being properly handled. The problem has now been fixed and DACTLU & ACTLU are correctly handled in all cases [CSCdj03737]
When the first connection to an SDLC-attached OS/2 system in a FRAS BNN environment fails, a successful connection can be made only by issuing the shutdown and no shutdown commands on the router's SDLC interface. [CSCdj04321]
The 'sh appn sessions' command only displays one path between a CP-CP pair even though the 2 sessions can be running over 2 different paths/TGs [CSCdj04484]
IOS improperly ignores IPX SAP packets received from a VIP/4R token ring interface if the SAP packets have a destination MAC address of "all stations broadcast" and a RIF (routing information field). [CSCdj04552]
When running DLSw remote switching on 7200 alignment errors may be seen. [CSCdj06022]
SDLC on serial interface(s) s2 though s9 on a 25xx router will use a shared trailing and starting flag between frames. This is valid SDLC, however, some older equipment does not operate with shared flags. The symptom is that some frames will be ignored by the receiving station, resulting in retransmissions and poor performance. The workaround it to configure transmitter-delay 2 on the interface. This will cause the router to include separate trailing and starting flags between frames. [CSCdj06044]
router behavior includes crash in ibmnm_su when running the lnm enable features. lnm eventually memory leaks the router into a crash... [CSCdj07103]
When configuration changes are made in TN3270 server such that new PU is added which uses a new ip address, very rarely failure might happen with following message:
Failing "Invalid VCN number" could be different than 65535 also.
Following message was also reported when SSP is being used:
%SYS-6-STACKLOW: Stack for process SSE Manager running low...
The failure continues until the route-processor is reloaded. There is no known workaround. [CSCdj07773]
Telstra ITG have a requirement for an enhancement to the 'show extended channel x/y tn3270 client-ip-address' command. Due to the large number of tn3270 clients that access Telstra's network via the CIP-tn3270 server, they have the requirement for a more efficient means of displaying required output from the above command.
The tn3270 server remembers the client IP addresses of active sessions, as well as terminated sessions.What Telstra are concerned about is the amount of output that is displayed as a result of a 'sh ext channel x/y tn3270 client-ip-address' command. This output can sometimes contain data for hunderds of sessions, some active and some terminated.
The enhancement that Telstra ITG are requesting, is the ability to display the status of tn3270 sessions based on the state of a IP address's sessions.
They would like an optional operand to be available at the end of the command which would allow client IP addresses to be queried based on session status. The desired session state such as (ACT/SESS, ACT/NA etc) could be entered into this operand so that only the sessions that were reflecting the requested status be displayed.
Example Current command
show extended channel x/y tn3270 client-ip-address
Example of desired command modification.
show extended channel x/y tn3270 client-ip-address
Status will be available status such as ACT/SESS or ACT/NA [CSCdj07826]
Details:
The router crashes when either a no fras backup dlsw ... or no fras backup rsrb ...
command is issued ONLY WHEN the backup code is invoked. For example, when the serial line to the FR cloud is lost, and backup is configured.
When the no backup command is invoked, the cleanup for the backup functions are invoked. The bug in the code is that the backup function removes the lan-cep, instead of the backup-cep. When the lan-cep structure is referenced, the structure is garbage, and the router crashes.
No workaround at this point in the code. [CSCdj08577]
APPN/DLUR downstream PU may get stuck in a "stopping" state in a timing situation when a dactlu is outstanding to a downstream PU and the the PU disconnects. After this point, the PU may no longer be able to connect. [CSCdj08833]
The APPN router may crash with a SegV exception in ptp06a. [CSCdj09026]
During IBM-LNAMAN tests, after lan manager was shutdown, router crashed on command "show buffer" Then, router crashed with a bus error. This happened to c4000 router on image: c4000-js-mz.112-5.1.F [CSCdj09919]
Buffer leak causes crash when NSP is used over DLUR. [CSCdj10387]
release note
LOCACK: recv DM, bogus, state NO_ONES_HOME can prevent netbios sessions from coming up in a busy system. [CSCdj11152]
Running dlsw and rsrb in the same box with lan mgr can cause disruption of lan mgr on the rsrb connections. [CSCdj11691]
Under certain circumstances, particularly when there is race condition due to different link speeds between downstream and upstream routers, certain UNBINDs are not getting to the router of a lower speed link. This causes subsequent session failure with sense code LFSID_IN_USE. [CSCdj12673]
Unable to enter de as valid sdlc address in sdlc dlsw command. Conflicts with sdlc dlsw default. [CSCdj13052]
cipCardEntryCpuUtilization in CISCO-CHANNEL-MIB was changed from status=current to status=deprecated by CSCdj04309, but SNMP rules dictate that all object groups in which it appears must also be deprecated. This ddts reverses that change. [CSCdj13233]
On the 11.1 version, "clear dlsw" command works the same as at the enable mode. [CSCdj13728]
Using QLLC/DLSw+, QLLC connections fail to be established when non-default saps are used. [CSCdj14080]
In PU4/5 to PU4/5 environments, if both devices send XID NULL at the same time, DLSw circuit will not connect. [CSCdj14201]
When issueing a vary inact,giveback to a DLUR served PU (or entire DLUR), the DLUR will put the PU in timer retry and may retry the original DLUS instead of retrying the next-best dlus. [CSCdj14214]
Cisco APPN/DLUR is not able to establish dynamic link stations with a device that sends xid3 but does not include a cpname on xid3. [CSCdj15606]
When modifying a peer statement for a DLSw remote peer we added a cost parameter and the cost parameter was not accepted by the parser and saved in the config. Even when a "wr mem" was executed the router did not save the cost statement in the config. The cost statement did work as designed and this can be observed when looking at the sh dls capabilities command but if the router is reloaded the command must be reentered to get it to work. [CSCdj16627]
When in the network with a VTAM4.4 node, Cisco APPN improperly clears a bit in the TDU CV45 which is set by VTAM 4.4. This can cause improper tdu information to be dispersed to the network and can cause a topology trashing condition in some situations where a router is positioned between two vtam 4.4 nodes. [CSCdj18360]
An APPN router may fail with a SegV exception when reporting an xid negotiation error during appn link activation. The decoded PC is in cs_send_alert. [CSCdj18565]
The DLUR router may display an Mfree error in the ndrmain process when issuing an "appn stop". This message does not effect the performance of the DLUR router. [CSCdj19884]
This bug makes the loopback remote interface command inoperable for channelized T1 interfaces on pretty much all platforms except the 7x00 series.
The loop up and loop down codes are not sent in the manner that the specifications define, or are sent at 56K when they need to be sent at 64K. [CSCdi58558]
The c3600's 4/8 async/sync interface currently does not support Async Group command as in other type of async. ports on the router such as 2511. The limitation is the same as 2523's async/sync interfaces as well.
Avoid using the Async Group command on these kind of interfaces by configuring each interface separately. [CSCdi86295]
Translational bridging to frame-relay ietf and cisco will fail ONLY on MIP interface on rsp ONLY due to incorrect datagramsize calculation in the translation to MIP encapsulation output. There is no workaround for this. [CSCdi86940]
Under heavy load condition it is possible for the keepalive timer to go off and cause resets on the token ring interface. [CSCdi88713]
In Release 11.2(3), when the dialer dtr command is configured, the router does not raise the DTR signal. [CSCdi92812]
(1) The config command no exec-banner should suppress both the two banners: exec banner motd banner on all the following interfaces CON, AUX, vty sessions, async lines
However, this is not true when you reverse telnet to any of the async lines. In other words, if you config the async line to be no exec-banner
then you reverse telnet to this async line, then you will see the MOTD banner in addition to the INCOMING banner.
(2) A new configuration command [no] motd-banner has been created to suppress the display of MOTD banner. The default is always to display the MOTD banner. This configuration command works for all the following interfaces: CON, AUX, all vty sessions, and all async lines. [CSCdj00076]
Fast Switching of ipx traffic while using standard access lists may not work. Should Fast Switching of these packets fail, the packets will be process switched, with no loss of connectivity.
A work-around for this problem is to configure extended access lists in place of the standard access lists. [CSCdj00483]
Async controller hang and causes four modems to go into hang state [CSCdj01441]
The keep alive packet on the rsp token ring has problem when changing configuration between sub-interface. Work around is to disable keep alive. [CSCdj03137]
On the Serial interfaces MK5025, HD64570 and CD2430, the debug command 'debug serial interface' shows the up/down status of only the input signals.
The assert and deassert of any output signal are not shown. [CSCdj05352]
I have to add sth. to release-note to commit the fix to 11.1 throttle.
This is a vLAN problem, starts from 11.1. [CSCdj08697]
A problem occurs when the VIP2 FIFO buffers overflow, causing a write of data to SRAM to fail silently. This may cause a number of protocol-related failures including, but not limited to, TCP checksum errors and other possible packet data errors. This problem is not limited to any particular network configuration, traffic load or other specific circumstances.
The solution to this problem involved a change to the PCI bridge parameters to avoid VIP2 FIFO buffer overflows. There is no manual avoidance - all customers using VIP2 products are strongly encouraged to upgrade to an image containing this solution. Refer to "Field Alert: VIP2 Cisco Software Release Deferrals" for image availability and additional information. [CSCdj08722]
A problem occurs when the FDDI port adapter experiences a receive ring overrun under heavy traffic load with packet sizes larger than 512 bytes. This may cause a number of protocol-related failures including, but not limited to, TCP checksum errors and other possible packet data errors.
There is no manual avoidance - all customers using VIP2/FDDI PAs are strongly encouraged to upgrade to an image containing this bug fix. Refer to "Field Alert: VIP2 Cisco Software Release Deferrals" for image availability and additional information. [CSCdj09576]
When the 90-compatible OUI is used on a 'source-bridge transparent' statement, the command is accepted and translational bridging operates correctly. A display of the configuration shows the OUI option as '90compat' instead of '90-compatible'. If the router is reloaded, an error message is generated pointing to the 'c' in '90compat' and the resulting configuration does not have the 'source-bridge transparent' command included. If the command with the 90-compatible OUI is configured again, normal operation is restored. [CSCdj09688]
Low-speed sync/async ports are unable to receive packets with size greater than 1500 bytes. The workaround is to set the MTU on both sides of the link to less than 1498. [CSCdj11304]
When a serial is configured as half-duplex a 4000 series, but that some other serial used in full duplex is shut/no shut, then a cisco router may happen to appear totally non responsive. A power-cycling of the router is required. [CSCdj13056]
7500 can only support 12 FDDI interfaces. [CSCdj13377]
The following message may appear when a TRIP token ring interface is being reset...
This message will then be followed by interface "UPDOWN" messages that indicate the interface is being reset.
For this type of occurance, the CTRBADLOVE2 error message is invalid and should not appear. It does not indicate a problem and does not indicate the cause of the token ring interface reset. [CSCdj16628]
PA-4R token ring interfaces will not completely initialize on VIP1 based cisco 7000 systems. Attempts to initialize an interface with the "no shutdown" config command will cause the interface to go into "initializing" state forever.
TRIP and RSP based VIP2 PA-4R token ring interfaces are not affected by this problem. [CSCdj17807]
cpuhog and traceback generated when 'wr t' is executed [CSCdi48656]
The route-map configuration command match ip address access-list id is not controlling the redistribution of ODR routes into another routing protocol in the context of the redistribute odr route-mapmap-tag command. To manage the ODR routes and data flow in current release, appropriate distribute-list and access-list should be specified. See the documentation for distribute-list and access-list commands. The correct behavior is to allow the match ip address command to control redistribution of ODR routing information. [CSCdi62538]
removing the last RSVP interface on a router causes a traceback, indicating autocorrection of an incorrect memory access. [CSCdi70323]
If two interfaces are configured with the same IP address, ping may fail if the active interface is shut down, and the other one is brought up. [CSCdi79845]
Systems running OSPF might experience a software-forced crash. There is no known workaround. [CSCdi81510]
BGP: allow set origin via outbound route-maps [CSCdj01795]
When using PIM nbma mode in certain configurations, some interfaces will not be populated in the outgoing interface lists upon receipt of sparse-mode joins. [CSCdj01906]
A router running BGP4 may, under unusual circumstances, advertise it's router ID as 0.0.0.0.
This condition will cause other routers to not form a new neighbor relationship with the offending router.
The problem can be cleared by reloading the router. [CSCdj04131]
BGP routers with many peers and many possible alternative paths can have a severe memory fragmentation. The symptom of this is a very small largest free memory block, as can be seen in the last field of the output of show memory command. [CSCdj08054]
Internal BGP, which uses confederations is seeing an apparent routing loop. The two routers involved are running different IOS images. [CSCdj08110]
The router may reload when removing OSPF from the configuration. [CSCdj09036]
static routes entered in the form:
ip route
may not appear in the eigrp topology table .
The routes can be 'recovered' (reinstalled in the topology table) by either using or by unconfiguring the redistribution and configuring it again.
In the first case (), the routes go away again after a short time. In the second case, the routes are present in the topology table for a longer period, but eventually go away too. [CSCdj09571]
IP accounting is not available on subinterfaces. It cannot be implemented on subinterfaces in conjunction with fast switching. The configuration commands are changed so to disable the ability to configure ip accounting on subinterfaces. [CSCdj11050]
PIM RP Reachable packets are unexpectedly ignored if the input interface on the (*,G) entry is empty. As a result, the RP for the group may never be learned. Issuing a clear ip mroutegroup to clear the entry should restore RP information for the group. [CSCdj11339]
RSP2 reload at bc_odd_src_dst [CSCdj11540]
In a Router with a Simplex interface configuration, IP route cache in invalidated on the RECEIVE interface only. The IP route cache should also be invalidated for the TRANSMIT interface. [CSCdj11960]
The reception of a DVMRP Graft for a group for which an administrative multicast boundary has been defined may unexpectedly halt the system. [CSCdj12029]
A multicast boundary on the incoming interface does not stop the router from giving packets to its local process, although these packets can not be forwarded out any interface due to this boundary. [CSCdj12030]
cpuhog and traceback generated when 'wr t' is excuted involving large number of 'ip host ...' statements. [CSCdj12412]
The ip nhrp map destinationIP NBMA address command on tunnel interface is incorrectly parsed to add unnecessary IP mask. The workaround is to always specify the mask and reenter ip nhrp maps without masks. This caveat exists in all IOSs since 10.3(10.3), 11.0(7.1), 11.1(2.0.1) and 11.2(0.1). [CSCdj13220]
When an RP mapping agent is configured on a border router, an administrative boundary is usually set up on the external link for group 224.0.1.40 (CISCO-RP-DISCOVERY). In the absence of a properly configured TTL-threshold on that link, the RP-discovery packets can leak out across the administrative boundary. [CSCdj14326]
DVMRP routes not preferred in comparison with recursive routes [CSCdj14507]
(S, G, RP) bit prunes not sent in some cases [CSCdj14513]
Router will crash if user configures the maximum IRDP advertisement interval and minimum advertisement interval with the same value.
int e1 ip irdp ip irdp max 10 ip irdp min 10
Workaround is to specify different values for maximum and minimum advertisement values. [CSCdj14903]
Issuing a no ip pim send-rp-announce interface when interface does not have an IP address and is not unnumbered may halt the system. Workaround is to either assign an IP address to the interface or make it unnumbered before issuing the command. [CSCdj14928]
Changing the ip address or ip unnumbered configuration on an interface will not change the IP address announced in Auto-RP Announce messages. To work around this, deconfigure and reconfigure the appropriate ip pim send-rp-announce configuration command. [CSCdj14930]
Under Unusual circumstances RIP updates may not contain all routes for large forward tables. [CSCdj15207]
Lower distance DVMRP route does not override previous route [CSCdj15445]
Configuring ip igmp query-interval0 on an interface will hang the system. To avoid this problem, never configure a query interval to be less than 1 second. [CSCdj15467]
DNS names are not accepted for the source address supplied in clear ip mr.
-Chris [CSCdj16696]
After OSPF received a its own router LSA from its neighbor and that LSA has a higher sequence number than the one OSPF have currently, it is possible for OSPF to corrupt its router LSA for at most 5 sec (the minimal interval between LSA generation). If this corrupted LSA is sent to other neighbor, and the neighbor would generate OSPF-4-BADLSATYPE message about bad LSA checksum. This is no workaround but the corruption will be corrected when the next router LSA is created within 5 sec. The same problem can happen with network LSA too. [CSCdj16784]
When a router receives a PATH message containing an ADSPEC that has no GS (Guaranteed Service) information, the router inserts default GS information in the ADSPEC, and forwards the PATH message to the next hop. However, the lengths of the ADSPEC parameters are not modified appropriately, and as a result, the ADSPEC itself becomes invalid. [CSCdj17736]
The following problem has been observed when: a router is configured to be a L1L2 ISIS router and there are only interfaces with "ip router isis" configured and no interfaces are configured with "clns router isis", then: the L1L2 router will not set the attached bit in it's L1 LSP so L1-only routers can not send IP traffic to the (L2) backbone.
The workaround for this problem is to configure "clns router isis" on at least one interface.
This could be the loopback interface, or when loopback0 is already used for other things, one could even create another loopback interface just to do this. Configuring "clns router isis" on a regular interface that already has "ip router isis" is OK as well. [CSCdj06192]
Illegal LAT STOP slots may be sent if a line is disconnected immediately after initiating a LAT connection. This is more likely to be seen when using protocol translation. These illegal slots cause the LAT virtual circuit to be disconnected, affecting all connections to the host. [CSCdj09876]
distribute-sap-list command doesn't work when used to filter saps into a ipx routing protocol instance. This could be workarounded by filtering the same saps when they get redistributed, using distribute-sap-list out command. [CSCdj15889]
When using weighted fair queueing IP RIP, and IPX RIP/SAP packets may be dropped, this might lead to losses of connectivity if three updates in a row are dropped. [CSCdj18092]
Systems doing vty-async protocol translation of SLIP or PPP over X.25 may unexpectedly restart when the incoming connection is closed, due to a race condition. This problem was introduced in 11.1(10.4) and 11.2(5.1). [CSCdj15471]
Cisco boxes running small numbers of outging telnet sessions (ie being used as terminal servers) will show unexpectedly high CPU utilizations. This is somewhat an artifact of the way CPU usage is measured, and not cause for too much concern. This is a regession introduced in 11.1(10.3) and 11.2(5.1) [CSCdj11528]
When you do a 'debug ip tcp trans' the packet size of the TCP packet is reported as 536 bytes. The 'debug ip pack det' reports the size of the packet incorrectly as 44 bytes. [CSCdj17099]
Customer has (2) Cisco 7500 routers with IOS 11.1(7)CA1 running vines on token ring interfaces with SRB. Customer reported the exact align-3-spurious error message on both Csico 7500's, (12) hours apart.
THis align-3-spurious memory access 0x603fa318 resulted in communication problems between the Vines clients and Vines servers. While this error message surfaced, the clients could no longer communicate to the servers. All other traffic reported no problems, including TCP/IP-only Vines protocol had communication problems. [CSCdj12126]
We verified that 11.1.6 + rsp_aip205-5 does now correct traffic shaping. However there are still 2 issues: - The sho int atm reports traffic without this traffic shaping (which is therefore totally incorrect) - There is nowhere an indication of packets dropped/ignored due to this traffic metering/shaping [CSCdi72246]
A Cisco 4000 series router with MBRI runs out of LIF timer blocks and NLCBs, and the ISDN interface goes up and then down. [CSCdi75469]
Incoming calls may be blocked when lines are available. This problem starts after the router has been in use for several hours. Issuing a debug q931 command displays the following:
ISDN Se1:23: RX <- SETUP pd =3D 8 callref =3D 0x0338 Bearer Capability i =3D 0x8090A2 Channel ID i =3D 0xA98395 Called Party Number i =3D 0xC1, '2817924' ISDN Se1:23: Incoming call id =3D 0x137D ISDN Se1:23: TX -> RELEASE_COMP pd =3D 8 callref =3D 0x83 Cause i =3D 0x80AC01 - Requested channel not available
As a workaround, configuring scheduler interval2500 has been effective in controlling or eliminating the problem. [CSCdi85735]
When running over X25, ISIS should extract the called X.121 address and use it as the SNPA. If the x25 suppress-calling command is configured on the router, ISIS does not seem to find any called address, nor can it find the SNPA. Apparently, the routine that extracts the X.121 address fails if the calling address is not present. [CSCdj00315]
Some modems are very slow in dropping the DSR after the router drops the DTR, for example, the Motorola Codex modems. This fails the async callback process when the router waits only for a fixed period of DSR timeout. This period was previously fixed at 5 sec.
To work around this problem, this DSR timeout period is now made configurable. To change this time to fit the modem's need, use command
callback nodsr-wait
The problem described by this DDTS and duplicates CSCdj02168, CSCdj07119, CSCdj08187 and CSCdi82010 results on AS5200 platforms in hung calls, ISDN data structure memory leaks and inability to either call out or accept incoming calls.
Other ISDN platforms are affected largely by that described in CSCdj07119 or CSCdi82010 depending upon their particular ISDN usage characteristics. [CSCdj05355]
Deleting a subinterface causes the main interface and associated subinterfaces to vanish from the configuration. This happens when the main interface uses Frame Relay encapsulation and is a member of a channel group. A workaround is to re-create the main interface by issuing the interface serial command. [CSCdj05415]
Router reacts incorrectly to REJ frame. It seems we need a REJ frame with the P-bit set to send the requested frames. Furthermore, frames seem to be queued and sent twice. [CSCdj08607]
A router may reload without producing a stack trace or otherwise behave unpredictably on routing an X25 call that contains 16 bytes of Call User Data. There is no known work-around. [CSCdj10216]
When static le-arp entries are configured on an ATM sub-interface, the box crashes if there is no LANE client on the sub-interface. [CSCdj10839]
The number of available B channels is incorrectly incremented by the total number of B channels per interface whenever the controller or the interface is reset. This results in dialer attempting to place calls incorrectly on resources that are actually inuse. [CSCdj11181]
The Broadband Send Complete IE is processed incorrectly. This could cause interoperability problems with public networks is the IE is used. [CSCdj11953]
Under unknown circumstances, the router may output the error message:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=1EF8D0, count=0
The 'ptr' value will differ but the traceback that follows will have only two addresses. This defect was added with CSCdi89940 and will be fixed in a future release of IOS. [CSCdj12217]
Release-note:
Netbios NBF over async doesn't seem to work correctly after session initialization. [CSCdj12468]
In X25 over TCP (XOT) configuration, Call Request packets with the delivery confirmation bit (D Bit) set are forwarded to a serial interface with D bit reset set to 0.
This could cause some problems in X25 hosts which require the D bit to be passed during the call setup phase.
This behavior is not see in software releases of 11.2(4)F and above. [CSCdj12847]
When using LAN Extender (LEX) devices on Cisco 7500, Cisco 4500, Cisco 4700, or Cisco 7200 systems, you may see a SPURIOUS error message. The LEX Host router may also crash if the LEX inteface is not bound to any serial interface. [CSCdj13342]
When the router receives an incorrectly formed LCP NAK frame, a 'software forced crash' may occur. The actual problem is in the peer PPP software, but IOS will be enhanced in a future release to handle such frames. [CSCdj15209]
Unicast routed packets sent on BUS are throttled to 10 frames per second. [CSCdj15327]
Release-note The router is crashing with "System was restarted by error - Software forced crash, PC 0x1E8E76". When decode the stacktrace results are :_crashdump, _process_suspend ,_process_may_suspend_inline, _process_may_suspend, _doprintc, _doprnt, _printf ,_frame_relay_map_delete _fr_clear_dynamic_entries. [CSCdj15399]
The ISDN process should not preallocate memory. This is wasteful of resources if ISDN interfaces are not used. It also does not scale well for platforms with many ISDN interfaces. The memory should be gotten as needed. [CSCdj16901]
Router crashes everytime it receives an ISDN Q.931 DISCONNECT message. This affects the -net3 switchtype only. The router can also crash if a clear int bri x command is entered, affects net3, vn2/vn3, and ts013 switchtypes only. [CSCdj24132]
This section describes possibly unexpected behavior by Release 11.2(5). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(5). For additional caveats applicable to Release 11.2(5), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(6).
The signal-to-noise ratio displayed in the modem log "Modem analog signal event" message shows a negative number such as -40 for a properly operating modem. The correct value is the negative of the number displayed, i.e. -(-40) or +40 dB. [CSCdi79239]
In order to entirely clear a modem, a sequence of commands is required. A simpler method is desired. [CSCdi89108]
The packet size distribution in "show ip cache flow" has a problem where packets larger than 575 bytes where reported in the next larger size range. [CSCdi58755]
On a 7010 when any Fan from Fan1-Fan5 goes into WARNING mode, the state entry for Fan0 is also modified - even though Fan0 is ok. [CSCdi67019]
When running the TN3270 client to a slow TN3270 server, the router might reload. The following error will be seen on the console or in the logs prior to the reload:
%SCHED-3-PAGEZERO: Low memory modified by Exec
Issuing the show version command after the reload displays the following:
System restarted by unknown reload cause - ptr to non-ascii bytes 0x4 [CSCdi73404]
The source and destination ports in the show ip cache flow display where swapped. [CSCdi74356]
When customer enables cdp on multipoint frame-relay interface, result is an increase in encapsulation failures. cdp does not work with multipoint , but did work with a frame-relay point-to-point subinterface on the same router . [CSCdi74856]
When using RSP code with HIP, TRIP, or FIP interfaces, and when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the error message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]
Modem reset script will not run after PPP sessions if the user exits gracefully. If user exits by quitting his application, or if the sysadmin clears the line, the script runs. When the script doesn't run, the line stands about a 50% chance of being un-useable by subsequent callers. [CSCdi78178]
Writing to nvram takes about 1 minute, it should be closer to the write time for writing to terminal (about 15 secs). [CSCdi84164]
Symptom: Packets are not switched over a GRE Tunnel.
Condtions: This could occur when access-lists are applied to the input interfaces.
Workaround: Disable access-lists on the input interfaces or add the tunnel source address to the access-list.
Problem Description: It is possible, after an incoming packet has been encapsulated for a tunnel, that an access-list check could prevent the packet from being switched. This is caused by the access-list checking the new source of the tunnel packet, resulting from the encapsulation, against the interface the packet arrived on. This issue has been corrected. [CSCdi87500]
When enabling ip accounting on a tokenring interface configured for optimum or flow switching, the customer encounters %ALIGN-3-CORRECT errors. [CSCdi92814]
Release-Note
The reason that the 'hold-queue out'command is not accepted is that the output interface is configured for fair queueing. Fair queueing is the default queueing mode for low-speed (<2Mbps) serial interfaces.
The 'hold-queue' command is intended to configure the number of output hold queue buffers for FIFO (or FCFS) queueing. It has no meaning in the context of fair queueing. So the (intentional) design was that this command would be ignored when fair queueing was enabled.
When fair queueing has been configured, you may use the 'fair-queue' command to control the number of ouptut buffers which may be used by fair queueing. [CSCdj01870]
SYS-2-MALLOCFAIL traceback pointed to wr net [CSCdj03198]
Under some obscure circumstances, an NTP broadcast client may claim to be synchronized but will have incorrect time. There is no workaround to this problem. [CSCdj03467]
Telnet packets from an async port will never be larger than 536 bytes. [CSCdj03682]
Telnet sessions can pause for up to 20 seconds. To interrupt the pause, press any key. [CSCdj06450]
An error was introduced by CSCdi75522, but only in release 11.2. Releases beginning with 11.2(4.5), 11.2(4.5)F and 11.2(4.5)P have this error.
A symptom is intermittent dropping of datagrams through a TRIP, FIP or HIP interface on a 7500. Another symptom of this bug is console messages of "CYBus Error 08, invalid page map register'. This problem does not apply to VIP interface processors on 7500 series routers. [CSCdj06955]
The show queue command, on a fair-queued interface, may display incomplete data or an inconsistent snapshot of the queue. [CSCdj07674]
The system may reload shortly after restarting if script startup and modem control are both configured on a line, and conditions are such that the line is "active" immediately after reloading. A workaround is to remove the script startup. [CSCdj08337]
On RSP systems, when maximum-size MTU packets are received by serial interface processors (including the FSIP, HIP, MIP, POSIP, and serial port adapters on VIPs that forward data to the RSP to be routed), up to 8 bytes of data might be written into the next datagram's packet memory. This could result in anomalous system behavior, including software-caused system crashes and dropped datagrams. This problem is never seen on RSP systems that do not have serial interfaces. [CSCdj08573]
'ntp broadcast' is lost after reload. [CSCdj09473]
When DECnet is configured on the ATM interfaces, the routing updates may not be received properly by the routers. This is due to the size of the packet being larger than the expected value. This will be fixed in the next maintenance release. To get around the problem, turn off DECnet on the ATM interface and configure DECnet again. [CSCdj04027]
When fastswitching is turned on ATM LANE interfaces for DECnet processing, connections to native DEC hosts hang. Doing a "no route-cache" on the ATM interface will make the problem go away. [CSCdj04028]
The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software as is available with the enable password. Take care when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, and user IDs and passwords before sending. [CSCdj06881]
There is some confusion in the way the parser outputs information in the show fras command.
This is a cosmetic problem only. This bug is a suggested enhancement to show fras.
The "show fras" command displays incorrect data in some of its fields. For the FRAS/BNN case when attached to SDLC endstations, there is a field called LSap that displays the configured SDLC address. This is not valid and will be fixed in an upcoming release. [CSCdi49137]
Re-configuring source route bridging (SRB) on an operating token ring interface does not cause the interface to de-insert and re-insert into the ring as it should. As a result, the system does NOT check for an SRB ring number conflict on the network. [CSCdi75166]
This crash is caused by the SP microcode on the C7000 whereby a buffer copy by the SP makes the RP wait too long and it takes a bus error.
There is precedence for this problem and the fix is to lower the size of the block of data being copied at any one time. [CSCdi77785]
This DDTS corrects a problem with STUN TG. If multiple SDLC INN links are used between FEPs, then it was possible for the first nine messages to be lost when the links were deactivated and reactivated again. [CSCdi83119]
When certain flow control situations occur between LLC2 partners, a message indicating that the T1 timer should be increased is printed. This is usually misleading. When the message is printed, the retransmission cycle is delayed by a T1 interval. This is wrong, and may lead to delays. This fix corrects the problem. [CSCdi84471]
Router gets 'System Restarted by bus error' message when removing the Frame Relay interface cable from the router serial port on a router configured with ISDN backup. [CSCdi87777]
When configuring IPX routing, a serial interface running BSTUN was put into a down state and then came up again. Restarting the host session brought the end-end connection back up. [CSCdi89005]
QLLC tries to activate an LLC-2 session to the host after receiving a RESET with a cause of NETWORK_OUT_OF_ORDER or OUT_OF_ORDER. [CSCdi90114]
APPN ping does not return to the router command prompt. Instead the user must press enter. [CSCdi90959]
When running DLSw+/LLC2 over FDDI, when an REJ frame is received from an FDDI end station, the router sends a corrupted retransmitted I-frame. The last byte of the SMAC gets replaced by the DMAC value. [CSCdi91063]
When an end station caches rif's that it learns from broadcasts or when there are duplicate mac addresses on each side of the DLSw cloud, DLSw will local switch circuits between 2 local srb capable interfaces. This degrades srb performace. [CSCdi91204]
Removeing dead peers bu the config comamnd 'no source-bridge remote-peer...' can sometimes cause the router to crash, if that peer is trying to open up. [CSCdi93052]
If you configure more than 8 digits on the xid-snd parameter for a dspu host command, or more than 8 digits on the xid-rcv parameter for a dspu pu command, then the system reloads. Note that the maximum valid length for an XID is 8 digits, and is accepted without problem. [CSCdj00228]
The router can only backup 1 BAN session over dial back up over RSRB. [CSCdj02136]
A race condition may occur during session cleanup which causes the DLUR router to crash or display a "Mfreeing bad storage" message for the "psp00" process. [CSCdj02249]
When the user gives the "show fras" command, it might sometimes reload the router, if there are sessions trying to come up, or there are sessions going down. [CSCdj03482]
The condition of RSRB w/ Direct encap breaks at v11.2-4.4 was due to a small coding error in ddts CSCdi92514. When this bug happens, the router will open the RSRB peers, but no traffic will pass. When srb debugs are turned on, the router will show "SRB subblock does not exist".
The fix has been commited at v11.2-5.0.
-Mike Maurer 3-16-97 [CSCdj03561]
Release-note: This DDTS adds handling for frame-reject SDLC frames. When the router is configured as SDLC primary, and the secondary device is configured as switched, then if the router receives a frame reject in response to XID, it will send an SDLC disconnect to reset the secondary devices SDLC state. [CSCdj03735]
is a constant 89 (also observerd was the value 90), regardless of the real CIP CPU utilization. The 'show controller cbus' command can be used to retrieve the real CPU utilization on the Channel Interface Processor.
Fix provided:
The SNMP MIB has been enhanced to return the CIP Load Metrics for CPU Load, DMA Load, and Channel Adapter Load. The old value for CPU Utilization is retained but has been marked in the MIB as deprecated. The MIB was also brought up to date with respect to the reporting of Broadcast Enable and Row Status for the CIP Claw Config. [CSCdj04309]
Exclusively configuring DLSw+ with the icanreach netbios-name command prevents some applications, including Microsoft Windows applications, from making NetBIOS connections. The workaround is to add as asterisk (*) to the end of the NetBIOS names configured with the icanreach netbios-name command. [CSCdj04936]
Packets with the TRACE_ORIG bit set will not be forwarded. The problem can be seen when the Lan Manager trace function is enabled on the end station.
This problem can prevent session establishment. [CSCdj05978]
The LSAP parameter is incorrectly set to 0 on the SNA HOST, DSPU HOST and DSPU PU commands when the DLCI parameter (i.e. Frame Relay) is also used. [CSCdj06152]
Dlsw circuit is staying in a remote_resolve state. This is an uncommon state for dlsw to stay in, if you encounter this do a dlsw disable and then re-enable dlsw and this will correct the problem [CSCdj07098]
This DDTS has the following changes implemented. 1. An idnum/idblk(adjacent node id ) information field was added to the sh appn link deta command. The output of sh appn link deta will now be:
ibm3-4kb#sh appn link deta Number of links 1
1>Link name LNK02 Port name T1 Interface name TokenRing1 Destination DLC address (remote SAP) 0000.302C.292F (04) Link activated Remotely Link state Active * Adjacent Node Id X'ABCDEFAB' Deactivating link No Max send frame data (BTU) size 4096 Adjacent node CP name CSCO.CP Adjacent node type Network node CP-CP session support Yes Link station role Secondary Line type Shared access transport facility Transmission group number 21 Effective capacity 16000000 bits per second Cost per connect time 0 Cost per byte 0 Propagation delay 384 microseconds (local area network) User defined parameter 1 128 User defined parameter 2 128 User defined parameter 3 128 Security Nonsecure
2. The sh appn link will now have two additional filters xid and cpname.
ibm3-4kb#sh appn link ? show appn link-station [filters] [brief|detail] brief Show brief APPN link station information * cpname Show specific appn link stations by CP name detail Show detailed APPN link station information name Show specific APPN link stations by link name port Show specific APPN link stations by port name * xid Show specific APPN link stations by idnum/idblk
ibm3-4kb#sh appn link xid abcdefab Number of links 1 APPN Logical Links Link Name State Port Name Adjacent CP Name Node Type --------- -------- --------- ----------------- ------------ 1> LNK02 Active T1 CSCO.CP Network Node ibm3-4kb# [CSCdj07270]
The show appn dlur-lu and show appn dlur-pu can fail to filter out the correct lu the user is looking to display. The symptom is no matches will be found even though the filter should have matched. [CSCdj07924]
When running APPN/DLUR, if the downstream device has a different netid from the netid specified on the APPN CP name, the binds for the dependent sessions will fail. [CSCdj08190]
In some circumstances, specifically when DLSw is required to verify the NetBIOS reachability cache entry, there may be a 1 second delay before a NetBIOS FIND_NAME is forwarded to the LAN interface. [CSCdj09865]
A DLUR router (which has PU2.0 pus connecting in) may try to start the dlur/dlus pipe connection repeatedly, instead of waiting 30 seconds (default) between attempts. This condition may occur if ANS=CONTINUE is coded for an nsp pu, and the host link is stopped. [CSCdj10157]
The DLUR router may send a corrupt APPC frame to a DLUS if a timing window is hit when accessing multiple DLUSs. This problem may occur if there is both a primary and a backup dlus configured and at least one pu that cannot get in to the primary dlus (pu inactive) while other pus are active with the primary dlus.
This problem may cause vtam to refuse to activate subsequent dlur/dlus pipes for all dlur NNs. "/d net,dlurs" shows the dlus conwinner state as reset and the conloser as active.
The workaround is to prevent the dlur router from sending this corrupt frame is to reconfigure the DLUR routers without a backup dlus coded. [CSCdj10485]
IPX with integrated routing and bridging (IRB) does not work over serial interfaces if the encapsulation on BVI interface for IPX is 802.2(SAP) and 802.3(Novell-ether), encap arap(ethernet_ii) works fine. This problem occurs when a serial interface is configured for bridging, and Ethernet interface is configured for IPX routing, and IRB is enabled to transport bridging IPX traffic to routing interface. [CSCdi56417]
On lines running software flow control without modem control, attached devices may get stuck in a flow-controlled state if the Cisco TTY is reset while it is flow-controlling the attached device. [CSCdi60204]
When TRANSIT FAST bridging from frame-relay ietf (rfc1490) atm(rfc1483) or smds encapsulating FDDI or token ring MAC packets (ethernet not affected) TO a process switched bridging mode (X25, ppp, isdn, atm_dxi (a frame relay derivative)), the FDDI or token ring MAC packet address structure will become corrupted (byte shifted) in the transition on the bridge translation resulting in bridge table and packet data corruption on this bridge transition (on the process switched link). Bridging the other way (slowswitch TO frame-relay ietf, atm, or smds) has always worked properly. There are no workarounds to this specific issue, but user may consider bridging FROM atm, frame relay, or smds TO another fast bridged wan link (such as atm, frame relay, or hdlc) instead of a process switched bridge mode.
Note: In 11.0 smds is process bridged on input to bridge and therefore does not exhibit issue (but in 11.0 still issue for frame_relay ietf and atm) [CSCdi71927]
The show vlan command will not display correct VLAN ID sometimes. Another configured VLAN ID may be displayed instead.
There is no workaround. [CSCdi80987]
When a router is configured as a RARP server and is also configured for transparent bridging on the same interface, the router does not respond to reverse ARP requests.
After the fix, the router box can provide RARP service if configured as a RARP server regardless of it's being configured as later 2 bridge only [CSCdi83480]
There appear to be situations where HSRP running on VIP-Ethernet fail to result in an active router at some times. While CISCO is exploring the source of this problem we are recommending that customers use the "use-bia" option as well as removing the use of the preempt feature if this problem is experienced until this problem is resolved. CSCdi85537 corrects the limitation where you should not use preempt with use-bia. [CSCdi83940]
7200 configured for HSRP on ethernet interface may send duplicate packets out the interface. [CSCdi85866]
ISL subinterface can not be set arp timeout. "sh interface" shows always 0 which means never age-out. This means it is going to be memory resourse problem. [CSCdi86434]
When a FIP FDDI interface is under very heavy load, the FIP may not reply to queries resulting from 'show controller fddi' or 'show interface fddi' commands soon enough, causing a command timeout, causing the software to unnecessarily reset the FDDI interface. [CSCdi87020]
As system resources become maximized FDDI interfaces stop accepting multicast packets. [CSCdi92156]
Packets destined to the HSRP virtual MAC address will not be routed if received on a 802.10 sub-interface. [CSCdj01435]
When configuring IPX routing, a serial interface running BSTUN was put into a down state and then came up again. Restarting the host seesion brought the end-end connection back up. [CSCdj02488]
Transparent bridging may cause high CPU utilization in 11.1(8) IOS. A SHOW ALIGN can be used to confirm whether large 'counts' of alignment errors are the source of the problem. The SHOW ALIGN will also yield TRACE information which can be decode to determine the source of the problem. [CSCdj03267]
802.10 encapsulation does not work over serial interface as it should be for 7500 and 7000 platforms. [CSCdj04777]
SMDS transparent bridging to process path (ie X25, PPP) never worked until my fixes for CSCdi71927. But CSCdi71927 uncovered a PRE-EXISTING "hidden" bug for transparent bridging for packets to the process level, that would fail to swap a encapsulated fddi mac address for packets destined to the process level ONLY if smds transparent bridging was deconfigured on the interface AND another transit wan bridge encapsulation (ie ppp) was reconfigured WITHOUT a reload OR another transit wan bridge encapsulation was configured also on the router on another interface. This issue, while internal to the code before CSCdi71927, does NOT exhibit its symptoms as described above until the CSCdi71927 commit, and in many practical applications (ie bridging all done in the fastpath) these symptoms will not arise. [CSCdj07756]
If a router is running out of memory while running OSPF, OSPF does not check to see if one of its structures has been properly allocated. This may result in a SegV exception, thus causing the router to reload. [CSCdi64972]
Clear ip nhrp does not always clear all ATM dynamic map entries created by NHRP. The entries that may not clear are those that identify routes behind an egress router. [CSCdi74989]
When fast switching is enabled on the system, an incorrect SVC may be created for NHRP path. A workaround is to disable fast switching. [CSCdi75617]
If type 5 LSA exists, OSPF would crash if all the configured areas are removed by the no area area-id commands. This is fixed in 11.2 and later.
To avoid this crash, do not use the no area area-id command, or make sure that at least one area is not removed. To check which areas are being maintained by ospf, use the show ip ospf command. [CSCdi78012]
The system might reload after a show ip bgp inconsistent-as is executed. [CSCdi88669]
The router does not forward BOOTP request broadcasts when the broadcast address is 0.0.0.0. [CSCdi88723]
The user may see the error messages
%SYS-2-NOBLOCK: idle with blocking disabled -Process= "TCP Listener", ipl= 0, pid= 40 %SYS-2-BLOCKHUNG: Task hung with blocking disabled, value = 0x1 -Process= "TCP Listener", ipl= 0, pid= 40
when running BGP. Certain BGP related SNMP traps may be lost. [CSCdi89683]
Cisco 4500 running IOS version 10.3(16) reloads and provides stack trace:
System was restarted by bus error at PC 0x601E4CD0, address 0xD0D0D0D 4500 Software (C4500-P-M), Version 10.3(16), RELEASE SOFTWARE (fc1) Compiled Thu 24-Oct-96 18:32 by richardd (current version) Image text-base: 0x600087E0, data-base: 0x60370000
A DVMRP route that is also present in the unicast routing table as a directly connected route on a non multicast-enabled interface is not poison reversed. Poison reverse should be done in order to inform DVMRP neighbors of our dependence on them for traffic sourced from that subnet. [CSCdi91820]
The header details stored in the ip route-cache do not correctly reflect the MAC details of the next hop for remote destinations if the next hop MAC address changes. [CSCdi92668]
Rate-limited prunes not sent on p2p interfaces [CSCdi92785]
An extented access-list that denies IP traffic and that does not require transport layer information may let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]
After major topology changes, it is possible that OSPF neighbor list is corrupted. Under show ip ospf neighbor, it could be found that OSPF has adjacency with itself. It prevents OSPF from establishing adjacency with other routers on the network. More seriously, This could lead to router crash. [CSCdj01682]
When set interface selects a multiacess network there should be a route in the routing table that matches the interface to determine the next hop. If the interface is point to point, there is no reason for the routing table entry. The workaround is to use set ip next-hop. [CSCdj01894]
Removing the RIP routing process via the no router rip command produces tracebacks. [CSCdj02661]
I have the customer who sets the "arp timeout 2160000" on Cisco2500. But, the box can not age arp table. [CSCdj02981]
The router will crash in nhrp_find_nhs when attempting to access a network which is not being served by nhs. [CSCdj03224]
When igrp installs a majornet route it could possibly black hole the majornet for unknown subnet routes. [CSCdj03421]
New Integrated Services objects are required for interoperability; other vendors are changing to them, and we must as well [CSCdj05118]
standby group is no longer allowed. It is an obsolete command that was only used in 10.2, but supported in subsequent versions for backwards compatibility. [CSCdj05401]
When a dense mode graft message needs to be sent upstream, a join might have been sent instead. This happens when the number of sources sending to the group is large and the graft message does not fit in one packet. [CSCdj05431]
%ALIGN-3-SPURIOUS: Spurious memory access at route_map_ip_check [CSCdj06528]
Enabling CGMP on an interface may result in a spurious access. [CSCdj07630]
Static Reservations now install a reservation on the router on which they are configured, rather than only requesting reservations upstream. [CSCdj07993]
When the LSA with the host bits is generated, OSPF ABR handles the LSA incorrectly and reports the OSPF-3-DBEXIST error message for type 3 LSAs. [CSCdj08699]
When a NHRP cache entry exists for a host mask address but no entry for the network, the system may not forward packets destined to the host. This is most likely to happen when the target station resides on the directly connected NBMA network of the NHS. The workaround is to add the NHRP cache entry for the network. [CSCdj10501]
Under certain circumstances ISIS can install a recursive route in the routing table. This route will not be removed by ISIS anymore. ISIS should never install recusrive routes, so this behaviour can lead to suboptimal routing.
One of the reasons why this can happen is when two adjacenct routers are misconfigured with IP addresses on directly connected interfaces that are not taken from the same prefix.
The workaround for this problem is to configure matching interface IP addresses. The wrong route can be removed with the "clear ip route a.b.c.d" command.
Be carefull, the fix for this problem causes the crash reported and fixed in CSCdj21555 (Watchdog crash after ISIS list inconsistencies). Make sure you run software that includes this fix. [CSCdj03684]
The command "show isis spf-log" is enhanced to include the the LSP id of the last LSP that caused a full spf calculation. This is done for the triggers NEWLSP, LSPEXPIRED, LSPHEADER, TLVCODE and TLVCONTENT. When multiple LSPs changed, only the last one that arrived at the router will show up in the log. Example output:
When enabling or disabling IPX routing interface resets are done, this may cause disruption of some services in particular on token rings. [CSCdi17856]
When a router running NLSP receives an IPX aggregate route, SAPs whose source networks match that aggregate route will be installed into the SAP with a route hop count of 255, making those services unreachable. [CSCdi91209]
If IPXWAN is configured and the remote router is configured to allow IPXWAN Client mode the local router will reset the link upon receiving the IPXWAN Timer Reuqest. IPXWAN debugging will show "IPXWAN: Rcv TIMER_REQ reject Router asking for Client mode". The workaround is to disable IXPWAN Client mode negotiation on the remote router. [CSCdi93285]
When routing IPX packets between Ethernet segments using different IPX encapsulations, a TOOBIG traceback may be generated when a maximum-size Ethernet packet from one segments is routed to another Ethernet segment that has a slightly larger IPX encapsulation size. an example is going from Ethernet_802.3 (Novell-ether) to Ethernet_802.2 (SAP). No actual giant packet is sent. Instead, the large packet is dropped as part of the traceback warning message. [CSCdj00849]
On a Cisco C7200 series router running IOS Release 11.1 or 11.2, fastswitching IPX traffic to a GRE tunnel can cause unexpected system reload. The workaround is to disable fastswitching on the tunnel. [CSCdj01107]
The "ipx nlsp retransmit-interval" interface config command always fails with the message:
%IPX unknown NLSP interface command [CSCdj01189]
Connected routes are not redistributed to IPX Enhanced IGRP with the proper metrics. This may cause the remote routers to use a suboptimal route if multiple autonomous systems are configured and routes are mutually redistributed. [CSCdj04141]
On a router that is configured for NLSP, when a more distant route is replaced by a better route, RIP might advertised two routes for the same network. [CSCdj04543]
A router might reload if no redistribute eigrpautonomous-system-number is given under ipx router eigrp with a wrong autonomous system number. [CSCdj06394]
ipx protocol is not configurable for images like c2500-f2in-l which did not include ipx eigrp. [CSCdj06531]
The IPX route table may be incomplete after an interface is shut down and more than one IPX Enhanced IGRP autonomous system is configured. [CSCdj07334]
The router may reload if NLSP is disabled on an interface. [CSCdj08009]
If ipx network number is deconfigured from a loopback0 interface, before removing ppp-client from the client interfaces, client interface cannot do ipx routing anymore. [CSCdj08233]
When trying to stop ipx sap updates from going out ipx-eigrp the distribute-sap-list command does not stop the saps when the filter is applied [CSCdj09678]
When the route for a static SAP is learned via EIGRP, the source router constantly sending flash update about that static SAP. [CSCdj09710]
A spurious access in novell_network_ifcommand might be seen, while trying to remove an unexisting network number from an interface configured for ipx ppp-client. [CSCdj09840]
Under certain circumstance alignment warnings may be reported in conjunction with CDR and IPX RIP. [CSCdj09921]
The initiation of telnet or other TCP connection may fail with an the error message "%Out of local ports." A workaround is to attempt the connection a second time. [CSCdi60974]
Previously, DLWS connect to a down interface on the peer succeeded. This has been fixed so that a DLSW connect to a down interface on the peer will not succeed. This is the correct behavior. [CSCdj00448]
A TCP packet still in use may accidentally get freed in IP when the packet is going out a Frame Relay interface on which TCP header compression is configured. When this happens, the following messages are logged on console:
Mar 19 08:41:23: %TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 -Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C Mar 19 08:41:50: %X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted Mar 19 08:41:52: TCP0: extra packet reference for pak 0x60A031D8 found: Mar 19 08:41:52: %TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 -Process= "TCP Driver", ipl= 0, pid= 26 -Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4 [CSCdj06781]
User can not show a TCP connection by its control block (TCB) address. [CSCdj07118]
Memory allocated for a new TCP connection will not be freed after receiving an ICMP unreachble if the new connection has it's own listeners for processing of incoming connections. [CSCdj07761]
This is a display error. The counters are not actually negative. [CSCdi68753]
When using Frame Relay IETF encapsulation, bridging fails for Token Ring-to-serial-to-Token Ring connections. [CSCdi70653]
This problems occurs on a 25xx/1003's bri interface (with hdlc encaps) After the router is reloaded, the bri interface's line protocol does not come up.
The show interface bri 0 command shows BRI0 is up, line protocol is down. The work around is to do a clear interface bri 0 after the system comes up. The correct behavior would be for the system to come up with BRI0 is up, line protocol is up(spoofing) [CSCdi78255]
ISDN Primary Rate interfaces may get incoming Setup messages with a slot map defining the B-channel. If the B-channel is not available, do not attempt to negotiate to a different B-channel, instead reject the incoming call. [CSCdi80152]
Under unknown circumstances, the router may be restarted by a bus error. This defect will be fixed in a future release of IOS. [CSCdi82332]
When using LAN Extender (LEX) devices on Cisco 7500, Cisco 4500, Cisco 4700, or Cisco 7200 systems, you may see a SPURIOUS error message. [CSCdi86587]
A Cisco 4700 router may constantly display the following error message:
%SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=60C43314 -Traceback= 60037A78 60039F6C 6003EF98 [CSCdi87914]
DLCI references (ie those detailed in a ) are only erased, from the router, if the LMI derived DLCI has a corresponding 'dynamically' learned map entry. [CSCdi89475]
Cisco 760 calling an AS5200 over ISDN link. Service was working fine with c760/version 3.2(2) calling the AS5200/IOS 11.1(7)AA. When customer upgraded the IOS on the AS5200 to 11.2(3)F, PAP authentication stopped working.
Apparently, upgrading the IOS to 11.2 causes a different Tacacs dameon version to be used- 193 instead of 192. The AS5200 reverts back to using tacacs version 192, but results in delays in the PAP authentication process. This delay causes the C760 to call the AS5200 with a PAP-REQ with id=1 and before the response AUTH-ACK is sent by the AS5200, the C760 send another AUTH-REQ with id=2. The AS5200 sends back an AUTH-ACK with id=1 and as the c760 sees the PAP response for id=1, the message "ppp:pap : ident mismatch" results. The end result being a PAP authentication failure and the ISDN link dropping.
the C760 should have silently discarded the PAP with id=1 and waited for last one sent with id=2, and continued retrying until exceeding a number of PAP retries. [CSCdi89940]
If a 'no shutdown' command is entered for a Group Async interface, the router may reload. [CSCdi91037]
Enhanced PMA error reporting to include error messages for each of the possible PMA errors that may occur in the VIP system.
The new error messages are:
"PCI Transmit Parity error" "PCI Master Transfer Target Abort" "Packet Bus Write Parity error" "PCI Parity error" "PCI Retry time-out" "PCI TRDY time-out" "PCI IRDY time-out" "PCI DEVSEL time-out" "PCI GNT time-out" "PCI Target ADDR exceeds SRAM size" "PCI SERR" "Packet Memory Read Parity error" "Unknown PMA error 0x00000080" "Packet Bus Addr exceeds SRAM size" "PCI Master Access failed" "Packet Bus timeout CYA" "Packet Bus timeout CPU" "Packet Bus State Machine error" "Illegal CPU Burst Write" "PCI Master Access not enabled" [CSCdi92934]
When using AAA accounting, a message similar to the following may be displayed:
%AAAA-3-BADSTR: Bad accounting data: too many attributes [CSCdj00190]
When the Cisco router is configured for AAA accounting and it has agreed to authenticate with CHAP, each CHAP Challenge results in an accounting attribute being created. If the peer implements the optional mechanism to repeatedly authenticate the peer with multiple CHAP Challenges, this may eventually result in the 'AAAA-3-BADSTR, Too many attributes' message. This defect will be fixed in a later release of IOS. [CSCdj03234]
Last X25 fragment has the M-Bit set improperly when the packet is full, but no additional data is to be sent. [CSCdj03488]
When IRB is enabled and a BVI interface is configured, traffic through an ATM interface will cause the ATM input queue to wedge, while the BVI input queue will display negative numbers. [CSCdj04025]
For TS014 (Australia, PRI) switchtypes: When a clear collision occurs between the CE and the network simulteneously transfering a DISCONNECT message specifying the same call, the call is not properly cleared. Neither side sends the RELEASE message to release the call, and hence the call reference and the associated call control block (CCB). [CSCdj06157]
When you are modifying the LANE database, if you lose the Telnet session to the router, the database locks up. This is not a bug in the LANE code. A "dead" telnet session takes approximately 5-8 minutes to be detected from the "alive" side. Once it is detected, the alive side cleans up and releases the lock. This is a Telnet feature and has nothing to do with the LANE database. The workaround is to reload the router. [CSCdj06660]
When the CPU is very busy and running many processes, an attached ATM switch may tear down SSCOP and all SVCs because the SSCOP Poll PDUs sent by the switch are not serviced in time. The workaround is to keep other processes from using too much of the CPU. [CSCdj06928]
ISDN BRI switchtypes need additional changes to be compliant with Bellcore certification: custom 5ESS, custom DMS100 and National ISDN (NI1). Refer to CSCdi91165 for the initial changes. [CSCdj08681]
ISDN PRI for Hong Kong needs some Layer 3 fixes to pass the NET5 homologation tests. [CSCdj09573]
This section describes possibly unexpected behavior by Release 11.2(4). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(4). For additional caveats applicable to Release 11.2(4), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(5).
When using the command "show flash all" or "show flash chips" and specifying a device that is on the slave RSP in a Dual-RSP 7507 or 7513, the chip information for the device is written to the slave processor console which is either inaccessable if the Y-cable is being used or is not supported for any function if two consoles are being used. The end result is that the chip information is not available to the user, and if the user has 2 consoles connected, the console on the slave RSP (which is not supported when the processor is in slave mode) will display some information when this command is used. [CSCdi45489]
Copying a text file to Flash memory and displaying it using the show flash filename command causes the router to reload. [CSCdi57527]
On RSP systems, the router reloads with a SegV error when trying to free a misqueued buffer or a buffer that is an invalid size. The buffer might contain a bad packet passed to it from another router. [CSCdi74039]
When rcp from a host is used to copy a large file into 7500 series router flash, the router may print "CCCCCCCCCCCCCCCCCCCCCCCCC...". [CSCdi74684]
On Ethernets that experienced output errors XBUFHDR and INVRTN errors could be seen. This has been fixed in this code. [CSCdi75404]
On 7000 routers a SYS-3-CPUHOG message may appear during initial boot. This does not affect any routing performance. It is a duplicate of CSCdi45511, but now it is fixed in 11.1. [CSCdi75427]
In some scenarios the SNMP traps sent for interface status (linkUp/linkDown) may contain incorrect ifIndex values.
The resulting incorrect ifIndex values usually overlap valid ifIndex values for other interfaces in the system and may be incorrectly interpreted as coming from them.
This problem has been observed with B-channels on a PRI and with interfaces on hot-swappable modules after they have been inserted (or re-inserted). There may be other scenarios as well. This fix should address them as well.
This defect was originally found on an LS1010 and was fixed in the 11.1(8) software release for LS1010. See CSCdi75534. [CSCdi75531]
If the IP address on one or more interfaces is changed, NTP may continue to use the old address as the source address in packets sent to some peers. The workaround is to deconfigure and reconfigure any "ntp peer" or "ntp server" statements after changing interface addresses. [CSCdi84318]
RSP2 reload at dequeue [CSCdi85492]
The Channel Interface Processor (CIP) is only supported in the enterprise (-j) IOS system images.
On an rsp platform, the following message is displayed when a router is booted with a CIP card in it, or when a CIP card is OIRd into the router:
%CBUS-3-MODULE: Missing controller analyze for slot , type
On a 7000 platform, the router crashes with an Illegal Instruction error.
In either case, a more informative message is needed.
Remove the unsupported CIP card or reload the router with a system image that has driver support code for the CIP. [CSCdi85722]
The router may reload inadvertently if you respond improperly to extended ping dialog prompts. [CSCdi88443]
A memeory leak was introduced whenever Tacacs+ was enabled. The memory is released to the exec process as seen on the sh memory. The leak does not appear in 11.0.9 only 11.0.10 and above. [CSCdi89479]
You cannot include any modem command inclucing a colon (:) in a modemcap entry. [CSCdi90443]
If a hex 00 is entered as part of the name string on a Catalyst switch, IOS will incorrectly compare the name string on a received CDP packet to that of the stored CDP packet. The router will continually store the received CDP packet as a "new" device. Eventually, the router will run out of memory.
One can diagnose this problem by turning on DEBUG CDP PACKETS
If device is receiving GOOD CDP information, the output will look similar to:
CDP-PA: Packet received from 008024 3DD610 (wan-sw.3100) on interface Ethernet1 **Entry found in cache**
If the device is receiving BAD CDP packets, the entry will never be found in the cache (and thus repeatedly added).
Workarounds: 1. Turn off CDP on the router via the NO CDP RUN command. 2. Change the name on the Catalyst to a Text String; e.g. set system name foobar [CSCdi91300]
Under some circumstances, processing of an SNMP Get request may result in a message similar to the following being displayed on the console:
%SNMP-3-CPUHOG: Processing Get of lifEntry.75.34 [CSCdi93084]
The Network Time Protocol (NTP) will not respond to packets sent to an address defined with the Hot Standby Routing Protocol (HSRP).
There is no workaround to this problem. [CSCdj00240]
The copy tftp flash is not using as source ip address the ip address configured with ip tftp source-interface. Other commands like copy running-config tftp use the correct ip source address. [CSCdj00334]
SNMP Traps process can CPU HOG if presented with a large quantity of traps to deliver. [CSCdj02181]
Under unknown circumstances, the router may restart due to a Bus Error. This defect will be fixed in a future release of IOS. [CSCdj02493]
Displaystrings reported in the Image MIB report a length that is longer than the useful information. The useful infomation is zero terminated however and can be picked out if necessary [CSCdj02719]
CSCdi72789 created an exposure in line configuration generation. If a new router is started, and the setup dialog aborted, and a "show run" executed before doing any line configuration, the router will either reload or generate random characters as the current line configuration. [CSCdi88154]
Characters received prior to executing an autocommand are discarded even when no flush-at-activation is configured on a line. [CSCdi89236]
Newer telnet clients which support the NAWS option cause line and width line configuration commands to appear on the vty. [CSCdi90442]
On CIP cards, it is possible to see the adapter type in sh int, but this information and version information is not available from the show controller cbus command. [CSCdi26192]
In extremely rare circumstances, the router may crashed while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]
DLSW debug - change dlsw debug to allow more options - netbios, no iframes, etc [CSCdi48007]
This problem has been more prevalent in STUN/Local-Ack scenarios involving AS/400s. The remote router expects to see an OPCODE called LINK_ESTABLISHED from the host router in order for it to transition the state from USBUSY to CONNECT. While in USBUSY state, the remote router continually sends RNR to the downstream devices. The host router will only send the OPCODE once it sees the first RR/P after a SNRM/UA exchange sequence. With other devices such as a FEP, an I-Frame can be sent out prior to the RR/P which would actually take the remote router state out of USBUSY, but the local-ack states were not corresponding to the actual situation at hand. This was the problem. The fix to CSCdi65599 actually corrected it for the most part. Additional "checking" code was added for exceptional state cases. Workarounds would be to use IOS releases that include the fix for CSCdi65599. [CSCdi61514]
LAN applications that use an broadcast xid to a non-zero destination sap will not be able to establish a circuit over DLSw. [CSCdi77862]
Customer has request that the 'show appn inter' command display the LFSID for that session. [CSCdi81988]
SNMP GET for cipCardClawTable did not return all claw links even though the MIB defined unique information for each link. Conversely, cipCardClawConfigTable was repeating the same information for each subchannel even though it is defined to be identical. [CSCdi82268]
You may experence connection problems with stations running netbios under very old versions of DOS. The only workaround is to use the latest netbios drivers available for the workstation. A tip that you may be experencing this problem is that Windows and O/S2 stations can establish sessions fine, but your DOS based stations can not. [CSCdi83982]
QLLC: Connection using a virtual Mac Address from a pool of virtual mac addresses may get connected to the wrong resource on the mainframe. [CSCdi86358]
An Invalid packet is being received from the VTAM NN and the CP-CP session is being torn down. [CSCdi87217]
When source-route bridging is enabled on a Cisco 7500 router in a Token Ring environment, if the router receives a packet that is to be routed but that contains a RIF, the router misclassifies the packet, treating it as a source-route bridge packet, which causes it to be discarded. This may cause intermittent failures of routed protocol sessions. There is no known workaround. [CSCdi87321]
This fixes APPN DLUR router crash and reload. There was a race condition in the APPN/DLUR code, because of which null pointer was accessed sometime casung SegV violation crash. [CSCdi87325]
For LU0-LU0 traffic the extended BIND may contain unformatted user data fields. The NN rejects the BIND and hence the session willk never start. [CSCdi87365]
Release-note: lsap-output-list parameter on a dlsw remote peer statement blocks sna and/or netbios if configured as such, but will only block other types of broadcast traffic from local dlsw interfaces. DLSw routers acting as border peers are not able to use lsap-output-list filters on remote peer definitions.
Workaround: Configure the required filter at the originating router, either at the interface or dlsw level. This is a large administrative task in large networks. [CSCdi87600]
The "Net Periodic" process takes more CPU than necessary. You can tell if the percentage CPU used in "Net Periodic" has gone up drastically in the output of show process cpu. This is a result of a regression introduced to 11.1(8.1) and 11.2(3.1). [CSCdi88317]
DLSw FST over SMDS uses an incorrect smds header. The 7500 platform works despite this error, but the low-end paltforms do not. This ddts fixes DLSw FST on low end platforms such as 4500 and 4000. [CSCdi88359]
When issuing a "show appn dlur-pu" or "show appn dlur-lu" command and there are more than five elements to display, the display will loop and display the first 5 elements in a loop until the user quits out of the display. This defect was introduced by CSCdi83563. [CSCdi88580]
APPN show commands may cause a DLUR router console to hang. This problem occurs when a race condition is hit during dlur deactivation flows. [CSCdi88581]
Configuring the output-lsap-list command on the local Token Ring interfaces does not block broadcast traffic from a DLSW peer. The workaround is to use a filter at the DLSW level on either router or to block the traffic with an input-lsap-filter command at the remote peer. [CSCdi88593]
Customer has a 3708 controller that is sending a NOTIFY(UNAVALIABLE) when it already has sent an ACTLU +RSP(UNAVAILABLE) and the DSPU sscplu fsm is not handling this properly. [CSCdi89183]
Release note This fix corrects the delay seen in connection establishment for routers configured with DLSw and sdlc "switched" option. XIDs arriving from the DLU (host) system will break the station out of slow-poll and send the XID on the line immediately. Stations that were in slow poll had to wait until they were slow polled again before they would get connected, prior to this fix. [CSCdi89219]
When running multiple large file transfers across DLSW using FST transport sequence errors may occur causing the job to abort. This is viewed by show dlsw peer. A sequence error occurs when a numbered FST (ip) packet is received by the DLSw peer and the sequence number does not match what the peer expects. [CSCdi89838]
The DLUR router may start failing to establish new lu lu sessions after hitting a race condition during session activation and deactivation. Messages similar to the following may be displayed on the router console when attempting to start new sessions. APPN must be stopped and restarted to clear the problem.
If odd sap value is configured on a Tn3270-server PU on cip, PU might get stuck in Reset state. The odd sap values are illegal. To avoid this problem, odd sap values shouldn't be used. [CSCdi90299]
Release Note for the fix:
This fixes the APPN DLUR router crash with memory corruption. This may happen occasionally and the router often crashes in a function call Mget_x. [CSCdi90441]
A reload can occur when using the APPN/DLUR feature in extream stress situations (typcially thousands of sessions being cleaned up). The PC (program counter) at the time of the reload will vary. [CSCdi90518]
PEER INVALID trace messages are displayed on the console. Also, in Releases 11.1 and 11.2, the session on the peer-on-demand does not come up for quite some time. [CSCdi90953]
A router configured for DSPU may crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdi91368]
When running APPN/DLUR, heavy session activation can result in the router using all I/O (buffer) memory available in the router. Often the external symptom of this occurance is the APPN subsystem shutting down. This fix minimizes dlur's buffer usage allowing many more concurrent session activations before I/O memory will be exhasted. [CSCdi91380]
On Cisco 7000 systems, packets that are fast switched from CIP to FDDI might be dropped by some layer 2 switches because one additional byte is being added to the FDDI frame. The problem does not occur on RSP systems. A workaround is to use autonomous or process switching. [CSCdi91417]
When running APPN/DLUR sessions, a reload in check_heaps may occur due to a memory overwrite. The memory overwrite occurs if the amount of control vector data in an extended bind response is larger than the buffer that the bind response arrived in. [CSCdi91432]
When using LAN Net Manager, the LanSuppManager process may cause the router to run out of memory if the router is receiving UI-frames destinated to sap 0xF4 and sourced by another sap. If the router runs out of memory it may reload or pause indefinitely. [CSCdi91571]
The router might crash if you enter the debug source error, debug llc2, or debug local command. [CSCdi92503]
When running DLSw+ local switching from SDLC/QLLC to Token Ring/Ethernet, if the XID negotiation is delayed or ends abnormally, a memory leak may occur. [CSCdi92511]
The DLUR router may crash with a "SegV exception" or an "Illegal access to a low address" message because of a DLUR memory corruption problem. This error results from a race condition that usually occurs when DLUR sessions are going up and down. The stack trace after the memory corruption usually indicates Mget_x. [CSCdi92947]
APPN End Nodes with the duplicate CP name will not be able to establish link to the Network Node. This ddts will add a configurable override on the port that ignores cpnames on inbound xid3 and instead treats them much like pu2.0s... with a dynamic cp name generated from the dynamic LS name. [CSCdj01044]
When ruuning dlsw on a 7500 with 11.0(13) it is posible for entries in the reachabilty cache to stay in a searching or found state beyond the default 16 minute timeout. If you enter this condition issue a "clear dlsw reach" command to clear the entries. [CSCdj01288]
Currently, the APPN/DLUR subsystem can only access 64M of main memory. With this fix, the upper bound and default maximum memory will be changed to 128M. [CSCdj01587]
The show diagnostic command does not display Fast Ethernet Interface Processor port adapter information. [CSCdi33967]
A Cisco 7500 series router does not display a token ring interface's "burned-in" MAC address (BIA) in the correct format. Token ring MAC addresses should be in non-canonical format. 7500 series routers incorrectly use the canonical (LSB first) format. [CSCdi48110]
Under certain circumstances, a group of four serial ports on an AS5100 or 2509/10/11/12 router can become unresponsive. Only a reload will solve the problem. [CSCdi58103]
7500 in transparent bridging environment suffered memory fragmentation such that the largest available memory block was 120k. [CSCdi67513]
On Cisco 7200 systems, enabling automatic spanning tree on Token Ring interfaces causes the interface to transition. Disconnecting the cable might cause the router to reload with a PC bus error ibm692_lap_read, which results in a booting loop. To recover from this booting loop, reload the router. [CSCdi72257]
SMDS interfaces use buffers from the Very Big Buffer pool and will have 1/4 the number of buffers as other serial interfaces using different encapsulations. This may cause input drops. As a workaround, you can manually tune the number of very big buffers and the number of permanent buffers for the serial interface. [CSCdi75945]
Release-note: asyn/sync ports on the 252x series routers will reset for a one second period under rare error conditions. [CSCdi77033]
Cann't ping the active/phantom ip address of the router when MHSRP is configured on the VIP2 fast ethernet interface. [CSCdi78368]
FDDI interface on 4x00 platform does not correctly apply/filter MAC address access list. [CSCdi83829]
Issue occurs when performing a getnext operation on the dot1dTpFdbTable in the Bridge MIB. A getnext will not retrieve a request of index+1 and will instead return the lexigraphically next index. Example if the table has the entries with indices of
a getnext of 0000.0000.0002 would return the index 0000.0000.0005
because 0000.0000.0003 is the index requested + 1
a getnext of 0000.0000.0003 would return the index 0000.0000.0005
because 0000.0000.0005 is greater than the requested index + 1 [CSCdi84559]
Interface BVI missing during copy of configuration file from tftp server to running-config . [CSCdi87121]
7200 with 4T serial port adapter doesn't handle eia leads properly. The interface only goes down if both DCD and DSR are down. [CSCdi90896]
A severe problem was found in the 11.2 code, which affects all plataforms, when the router is configure for Integrated Routing and Bridging (IRB). A bad decision in the forwarding of packets which destination is not in the bridge table could cause the router to reload. [CSCdi92194]
When a router joins a multicast group using the "ip igmp join-group" command, the (S,G) entries for this group will be deleted and reentered every 3 minutes unless the router is also forwarding for the (S,G). The router will continue to receive and respond to all the multicast packets it receives. [CSCdi40588]
the MIB variable ospfAreaEntry.ospfAreaLSACount shows incorrect counts in the magnitude of 50,000+. [CSCdi51531]
OSPF calculates cost for interface automatically by dividing the reference bandwidth with the bandwidth of the interface. In the past, the reference bandwidth is fixed in 100M such the FDDI is assigned the OSPF cost 1. This fixed reference bandwidth prevents OSPF from distinguishing faster media, like ATM, from FDDI. To resolve the problem, new router command ospf auto-cost reference-bandwidth is added for adjusting the reference bandwidth. The default is 100. By assigning larger value to , the customer can make OSPF assign cost to faster media automatically. [CSCdi73355]
PIMv2 register and register-stop are understood. Auto-RP now conveys the versions of the annouced/discovered RPs. [CSCdi74228]
When using BRI IP unnumbered & static default route 0.0.0.0, the default route entry is removed from the routing table for up to 1 minute - upon ISDN B channel disconnecting.
The fix for 11.2 introduced CSCdj02347 and CSCdj02729. [CSCdi77493]
The IP Timestamp option is filled in with a nonstandard value. Routers which know the time of day should fill it in with a standard value instead.
There is no workaround to this problem. [CSCdi82499]
IGMP and PIM should support multicast addresses (for example, c000.0004.0000) as configurable options on Token Ring interfaces instead of requiring broadcast address (for example, ffff.ffff.ffff). [CSCdi83845]
When using UNIX mtrace 5.1 or later, some customers will notice no response from cisco routers which previously worked fine. This is due to the new addition of the router alert option to mtrace packets. Workaround is to use the -O option of mtrace which turns router alert off.
-Chris [CSCdi84721]
Problem sympton: snmpwalk self looping on bgp table entries on 3000 running IGS-IN-L 11.0(9).
Resolution: Modified iprouting on bgp.c and Reset peer_addr only when finished traversing all paths in a prefix and are moving on to the next prefix on the link list.
Fix is integraded into the following codes: 011.002(004.003) 11.2(04.03)F 11.2(04.03)P 011.001(010.001) 11.1(10.01)AA [CSCdi87071]
The BGP neighbor default-originate command does not work if a 0.0.0.0 withdrawn message is sent to a neighbor. The workaround is to issue the clear ip bgp * command. [CSCdi87188]
ip multicast-threshold is no longer supported. [CSCdi88233]
In 11.2(3) software, Configuring OSPF NSSA (not so stubby areas) may affect the way routes are redistributed into ospf. [CSCdi88321]
OSPF fails to install parallel type 1 external paths if the forwarding costs to reach the advertizing router or forwarding address of the LSAs are not the same. [CSCdi88553]
When using the extended form of the ping command, the system will not accept the IP address if there are trailing spaces in the input. [CSCdi89510]
Some fields are misset under weak mtrace (mtrace to group 0.0.0.0) this will result in misrepresented statistics and possibly extraneous errors at the endpoints of DVMRP tunnels. [CSCdi90003]
Removing secondary address on an interface may cause EIGRP stops sending hellos/updates to an unnumbered link which uses that interface's primary address.
Reload is the only way to recover. [CSCdi92226]
After 'clear ip route ', where is a host route, EIGRP will not reinstall the associated route.
'clear ip route *' will force EIGRP to reinstall it. [CSCdi92753]
The RP, when placed at the PIM/DVMRP border, should send prunes to the DVMRP neighbor, if its (S,G) outgoing interface list no longer has interfaces in forwarding state. This bug does not affect the pruning behavior when the RP is not at the border. [CSCdj00745]
A prefix that has no-export community string set from an inbound route-map still gets advertised to EBGP peers. A work-around is to configure a route-map to set no-export community on the outbound side of the peering router instead. [CSCdj01351]
If you enter a named access-list standard or extended and do no enter any permit or deny statements and then you exit out. The command does not show up in a wr t. [CSCdj01433]
Potential memory corruption and memory leaks when send PIM packets out. [CSCdj02092]
Under certain timing related circumstances, the use of per-user routes would cause a router to reload, when the interface, that caused the routes to be installed, went down. This is because both the IP background process and the per-user code attempted to remove this route. [CSCdj02347]
Router memory leaks if router receives a CLNS packet with invalid destination address length.
There is no workaround of this problem. [CSCdi90052]
If minimum-sized (or sweeping-sized) CLNS pings are done and the CLNS source and destination addresses are very long, the system may fail. The workaround is to raise the minimum ping size to at least 63 bytes. [CSCdi91040]
CLNS PING intermittently result in cannot send ECHO [CSCdi91861]
An error message such as "%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0)." will appear on the console while booting, if LAT packets are received while the system is initializing. This is a cosmetic problem. [CSCdi87127]
When ipxwan static is configured and negotiated RIP/SAP updates are still being sent. They should be disabled. [CSCdi62418]
A response to a RIP request for an EIGRP locally connected network may use a hop count of 0 in the response. This appears to be a problem for some NetWare clients. Minimum hop count in any RIP packet should always be 1 in these cases. [CSCdi75080]
If a non-cisco router running NLSP has multiple NIC cards on the same network with NLSP enabled, a cisco router will establish an adjacency with only one of the NIC cards. There is no workaround to this problem. [CSCdi82730]
When a device running LANE is configured as a LEC, it does not acknowledge any secondary IPX networks with frame types different from the primary. The debug ipx packet command displays these received packets as "bad pkt." Only packets that arrive with the same IPX frame type as the primary IPX network on the ATM interface of the router are properly accepted. [CSCdi85215]
In a redundant ipx eigrp network running ipx incremental sap, the router's sap table sap information may contain out of date information, such as the socket number if the socket number is changed from its initial advertisement. [CSCdi85953]
SPX keepalive spoofing will cease to spoof after a router has been up for 24+ days. Debug ipx spx-spoof will show packets being "skip"ped at the time when they should be spoofed. The only workaround is to reload the router once very 3 weeks. [CSCdi86079]
XNS RIP requests for all networks causes normal periodic RIP updates to be delayed or skipped. [CSCdi90419]
When IPX incremental SAP is running, the router's SAP table may not contain all the SAPs in the network if one of it interfaces goes down and comes back up later. [CSCdi90899]
When running IPX incremental sap, the router may not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]
Show ipx access-list does not pause with a more it just keeps on scrolling until the end. [CSCdj01405]
AAA accounting records aren't generated for one step protocol translation connections. [CSCdi88862]
To log the X.121 calling address, Call User Data (CUD), and the IP address assigned to a VTY-Async connection use the service pt-vty-logging global configuration command.
The syslog authentication information can be used to associate an incoming PAD VTY-Async connection with an IP address. [CSCdi89272]
A Telnet session with a nonzero number of unread input bytes cannot be cleared. [CSCdi88267]
The rcp protocol on the router uses a small TCP window. [CSCdi88541]
If you have a route to the all ONES subnet via Null0, a packet that should be interpreted as an all nets broadcast (i.e., when using spanning-tree based udp flooding), is discarded. [CSCdi88587]
Copying to flash via the rcp protocol may fail under some circumstances if the TCP window size is enlarged using the ip tcp window-size command. [CSCdi88754]
Extra characters are sometimes syslogged by TCP when MD5 authentication is configured. [CSCdi89606]
Customer has a crash that looks similar CSCdi61278 [CSCdj01350]
IP packets with valid TTLs (of varying values) received on a VIP2 serial PA or FSIP (both on RSP2 platform) with tcp header compression are intermittently dropped. The router sends an ICMP Time Exceeded message to the source.
show ip traffic will show ICMP Time Exceeded counter incrementing.
Workaround is to turn off tcp header compression. [CSCdj01681]
If you add a vines static route of equal metric for an alternative path when vines single-route is configured, the system may reload. The workaround is to delete the static route or enter no vines single-route command. [CSCdi92190]
interface ATM3/0 no ip address atm pvc 1 0 5 qsaal atm pvc 2 0 16 ilmi
nestor#conf t Enter configuration commands, one per line. End with CNTL/Z. nestor(config)#int atm 3/0 nestor(config-if)#no atm add nestor(config-if)#end nestor#wr t
In certain environments, I/O and processor memory are being consumed by processes in the router, primarily the Critical Background process, and the router runs out of memory after 29 hours of operation. [CSCdi80450]
When using a 4ESS PRI to place an international call (011), the call might be rejected with the error "cause i = 0x839C - invalid number format." [CSCdi81069]
Using the command no pri-group while traffic is being passed may result in a bus error. The command may be used safely when no traffic is being passed. [CSCdi82055]
At odd times, MLP bundle interface may not be freed when the session is disconnected. [CSCdi84698]
If dlci-prioritization is enabled on an interface and low/medium/normal priority DLCI is same as high priority one, router may not inverse-arp after router-reload, shut/noshut. This may cause loss of ip connectivity as frame-relay map will not exist. Workaround for this bug is to first remove the dlci prioritization and then add it back after the router has inverse-arped for the remote ip address. [CSCdi85414]
When the BRI interface is used as leased line, the interface does not come up after a cable is pulled out/in back if the d-channel interface is shutdown. "clear interface" or reload is required to resolve this problem.
If d-channel interface is not configured into shutdown mode, this problem will not occur. [CSCdi88014]
Customer has configured for isdn incoming-voice data 56 to specify that incoming data over voice calls are to be taken as 56k calls. When a real data call actually comes in with a bearercap specifying 64k, the router will see it as a voice call and incorrectly interprets the data as 56k. [CSCdi88690]
Host route installed from ppp ip address negotiation may incorrectly contain the IP address from a previous negotiation. [CSCdi88836]
When flush packets are received by 7000 series routers, their length is truncated to first 20 bytes only. As a result, flush response from the router will be truncated. This is a problem only when Cisco 7000 router is talking to a non-cisco gear and the other side initiates a flush. [CSCdi90808]
Due to topology changes in a bridge, the router may retain old information about the destination MAC in its cache. The only way to fastswitch packets is to destroy the VC. [CSCdi90864]
When TEST/XID packets are received by a LANE client, the router may crash. There is no workaround for this problem. [CSCdi90868]
ISDN BRI switchtypes are not compliant with Bellcore certification: custom 5ESS, custom DMS100 and National ISDN (NI1) need changes to comply with the switch specifications. [CSCdi91165]
NBFCP, the protocol for doing NETBIOS frames over PPP, is not being negotiated properly. As a result, NETBIOS frames over PPP will not be passed. [CSCdi91612]
When a V.120 call is made to the AS5200, an incorrect Caller-Id is sent back to the radius server. [CSCdi92415]
ISDN BRI and PRI for Taiwan homologation requires a Sending Complete information element to be included in outgoing Setup messages. [CSCdi92515]
If the PPP peer does not include a username in the Challenge packet, the router will refuse to respond even if a 'default' CHAP secret has been configured. This defect has existed since the 'default' CHAP secret was added with 11.0(8.1), 11.1(3.0.2), and 11.2(0.7). This defect will be fixed in a future release of IOS. [CSCdi93104]
Under heavy call volume, the router may not return memory to the free pool when it is no longer needed. This will eventually result in a low-memory or no-memory condition which may manifest itself in several different error messages. [CSCdj02481]
This section describes possibly unexpected behavior by Release 11.2(3). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(3). For additional caveats applicable to Release 11.2(3), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(4).
Sometimes on AS5200, the OOB port of a modem may become unresponsive. Issuing a clear modem command will recover the modem from this state. [CSCdi85028]
Router crash when incomplete AppleTalk fast switching cache entry is used. This happens when the cache entry is updated with another output interface and within a small timing window.
There is no workaround. Though in most cases, this scenario is unlikely. [CSCdi77772]
Router may display assertion messages when nbp filters are activated with a dialer list. The work around is to remove nbp filters or activate nbp filters via the access-group command. [CSCdi83205]
If aaa authorization commandslevel methods is turned on, every command entered is authorized using methods, which includes configuration commands. Since there are some configuration commands that are identical to exec-level commands, there can be some confusion in the authorization process.
Using no aaa authorization config-commands causes the Network Access Server (NAS) not to try to authorize configuration level commands.
Care should be taken, as this reduces the administrative control that can be placed on configuration commands, i.e. it turns into an all-or-none authorization. [CSCdi36536]
When a connection is made to a telnet binary port on a cisco router (60xx, 70xx, etc), from a host that does not implement the telnet protocol RFC, the router will not successfully enter binary mode. [CSCdi49663]
Neither RADIUS nor TACACS+ currently passes any information that may be available as to the "dialed number" (DNIS) of an incoming call. This bug addresses only analog modem calls received on an AS5200 PRI. [CSCdi57688]
The NAS-Port value supplied in RADIUS requests does not identify which B channel of a BRI or PRI is being used. [CSCdi60334]
The IOS RADIUS implementation will generate accounting requests with ACCT-STATUS-TYPE = 3 (watchdog/update), which has been deprecated in the current radius specification. [CSCdi62320]
This bug is cosmetic and does not actually effect the behaviour of the system.
There is no workaround. [CSCdi66889]
On a Cisco 7000 router, some process stacks can run low on heap space, possibly causing memory corruption under the following conditions: debug messages are enabled, logging is output to a buffer rather than to the console (via the no logging console command), OSPF is the routing protocol is use (router ospf n), routes are redistributed into OSPF from another protocol (for example, via the redistribute rip subnets command), and the OSPF or redistributed networks are in flux (flapping). Under these conditions, logging the debug messages to the console has no adverse effects. [CSCdi68387]
After installing new Interface Processor cards and powering up a 7513 with viper cards one of the viper cards may not come up properly. You will see the following message on the console:
The workaround to this is to do a microcode reload, however, CISCO recommends that any customer using VIP2s run with a release that contains this bugfix, such as 11.1(8), 11.1(8)CA, 11.2(4) [CSCdi68682]
This problem is only applicable to users of IOS 11.2 Packet Encryption or Kerberos on a 7000, 7200, or 7500. When encryption keys have been created and saved, a copy tftp startup-config command may destroy those keys. Also, if the router is configured to save the configuration flash (e.g., slot0:) rather than NVRAM (i.e., nvram:) those keys will not be saved. In all other configurations the encryption keys will be preserved. [CSCdi74651]
Issuing a copy tftp flash command and typing in a source file name with only one : in it to indicate a drive letter on the TFTP server will cause an error, and the TFTP copy will not be initiated. This occurs in all 7500 series routers. There are several workarounds. One workaround is to just specify the source file name without the drive letter (making sure the tftp server is set up to properly to accept this). Other workarounds include preceding the entire file name with the device id "tftp:". For example:
The following works: #copy tftp:D:testflash Enter destination file name [D:test]: Address or name of remote host [255.255.255.255] ?
and the following works: #copy tftp flash Enter source file name: tftp:D:test Enter destination file name [D:test]: Address or name of remote host [255.255.255.255] ? [CSCdi78276]
The ip named access-list cannot be configured via http access in 11.2(2).Command work manualy (via terminal), but there is no option to enter it via the browser page access. [CSCdi79249]
With this change, DFS to serial interfaces with fair-queue configured (the default queueing mode on slower serial interfaces) will fail and packets will take an RSP-switch path. This change will result in fair-queueing to work properly since DFS is not capable of queueing to RSP DRAM. [CSCdi80147]
The software does not currently prevent a customer from using a slave device (for example, slaveslot0:) in the "microcode" command. However, when you attempt to use this image during a "microcode reload", it will not work, because the slave's file system is unavailable during microcode reloads. The slave RSP itself is being redownloaded during 'microcode reloads'. [CSCdi80620]
PCMCIA flash card insertion or removal on a C7200 can, under some conditions, cause a system reload with a PCI bus system/parity error. This caveat has been resolved starting the 11.1(8.1) and 11.2(3.1) releases. [CSCdi80691]
Authenticated NTP packets will be ignored. There is no workaround to this problem. [CSCdi82459]
When HTTP and AAA are enabled, the login is set to the default of local authentication, and the username is blank, the router enters an infinite loop that sets off the watchdog timer, causing the router to crash. [CSCdi84663]
Opening the URL http:///platform on a 7200 with a plain I/O Card (no interface) will cause the Status & Configuration Views (HTML Tables) to not appear. [CSCdi86529]
Accessing a non-existent interface followed by a valid interface using the http server may cause the router to crash. [CSCdi87125]
The command "dec advertise " (correctly) creates an entry in NVRAM. However, if there is an entry for the *same* area in the DECnet routing table and that entry was created dynamically (i.e. learned via DECnet), then issuing the command
"no dec advertise "
fails to remove the "dec advertise " line from NVRAM. [CSCdi87264]
When activating more than 8000 LUs, PUs and DLUSs combined, it is possible for the DLUR feature to corrupt storage and cause a router failure. [CSCdi63903]
Issuing a 'show controller cbus' on a cisco 7000 series router with a CIP card installed and all the interfaces on the CIP card shutdown will cause the show command to hang for a couple of minutes and the CIP ucode segments loaded on the CIP are not displayed. [CSCdi65077]
Router is loosing a 'fras map' statement from the config after the router reloads. In boot-up time the following error appears: fras map llc 0200.0060.0080 4 4 Serial0.1 frame-relay 100 4 4 ^ % Invalid input detected at '^' marker.
Once the router reloads a 'config mem' can be done to add the statement back. [CSCdi67719]
When the EXEC command appn start is issued the router may print a message similar to the following:
%ALIGN-3-CORRECT: Alignment correction made at 0x606FA218 reading 0x60E7B322
There is no appreciable affect on the router and no user action is required. [CSCdi69696]
Cisco 4500 and 4700 router Token Ring interfaces intermittently stop working and fails to reinitialize. Problem is seen only during heavy activity and when more than one Token-Ring ports are active. This problem occurs only on the 4500 and 4700 routers. This problem doesn't occur on the 4000. [CSCdi70398]
The lnm disable global command sometimes prevents stations from inserting into the ring. The workaround is to issue the no lnm rps or no lnm rem interface command. [CSCdi70962]
When using APPN RSRB ports you do not have the ability to configure some key LLC2 parameters. Namely, when a DLUR router activates 4000 downstream PUs over an RSRB port, the CPU will spend considerable time maintaining the LLC2 connections active especially when there is no traffic. That is, the CPU will be spending considerable cycles sending keepalives to all 4000 PUs. [CSCdi72397]
APPN/DLUR does not provide you the ability to limit the number of dependent PUs it may support. This may be desirable when designing networks using some of the fault-tolerant and redundancy features available to you when using APPN/DLUR in conjunction with RSRB or DLSW+. [CSCdi72398]
"no lnm rps" is only accepted when a full bridge is configured. During system releod, this command is ignored. The workaround is to configure this command again after reload. [CSCdi72702]
Purpose: Allows the activation sequence for DLSw+ SDLC attached devices to be changed.
Description: When the router is configured with the following statement: sdlc address xx switched the router will poll the device with an XID before contacting the host. If the device responds, A null XID will be sent from the router to the host. The host XID response will be passed through to the PU 2.x device and the host-pu connection will be established.
The switched option will work for both PU2.0 and PU2.1 devices. A switched device must be capable of providing its IDBLK/IDNUM, so no 'sdlc xid xxxyyyyy' config statement is necessary. This applies to both PU2.0 and PU2.1 devices.
Compatibility with previous configurations: This function only affects devices configured with the switched parameter. Other configurations will continue to operate as before.
Configuration Requirements: 1. Encapsulation type must be sdlc. 2. sdlc role must be primary or prim-xid-poll 3. Configuration is sdlc dlsw. 4. Downstream device must be xid-capable.
Sample configuration showing switched configuration: interface Serial1 no ip address no ip mroute-cache encapsulation sdlc no ip route-cache bandwidth 9 no keepalive ignore-dcd clockrate 19200 sdlc role primary sdlc vmac 4000.1250.1000 sdlc poll-pause-timer 1000 sdlc address 99 switched sdlc partner 4000.1060.1000 99 sdlc dlsw 99 [CSCdi73414]
APPN alerts are currently only sent over an LU6.2 session. It is a requirement to be able to configure these alerts to be sent over a SSCP-PU NSP session. [CSCdi73663]
Currently the APPN ping command reports the status of the ping, but not the route that was selected. The command needs to be modified to display the route that was selected for the duration of the ping. [CSCdi73673]
A CIP2 card (hw version 5.0) is not distinquishable from a CIP1 card in the output of "show version", "show hardware", "show controller cbus", or "show diag". [CSCdi77528]
When running DLSw remote or local switching between QLLC/SDLC/VDLC and a TR, if the TR's largest frame (lf) is less than 4472, the circuit will not connect.
"debug dlsw reachability" or "debug dlsw reachability error" will indicate an lf mismatch condition detected by DLSw. This condition should not be flagged as an error. The smallest lf across the entire path should be used for the circuit. [CSCdi77805]
If a configuration session timed out or was dropped while in a command configuration mode, the next attempt to enter that configuration mode might fail, with the following message being displayed:
The TN3270-server feature is currently being configured [CSCdi80173]
A SegV exception in CLSCepPongCnf can occur in a rare race condition when APPN to DLC flow control is attempted (internal to the router) simultanously with an APPN link being disconnected. This typically happens on SDLC links, but may not be limited only to SDLC. [CSCdi80473]
It is currently impossible to configure APPN 'route additional resistance' on the appn control point. If the configuration commands are entered, they are ignored and the value for route additional resistance remains the default of 128. [CSCdi81003]
Customer is experiencing a problem when on a TN3270 session. The 'control e' (eeof) used to erase the field is pressed followed by a return and the host gives an error message indicating that the data in the field is invalid. The problem seems to be that the ios fails to clean the data in the buffer. The field on the screen gets cleaned, though. [CSCdi81236]
APPN/DLUR can not establish a session with a frame relay-attached downstream PU. [CSCdi81400]
When a NN's name changes the topology database has the old NN name in the database with active TGs. [CSCdi81486]
An APPN connection network will not properly identify a currently active connection between the mac/sap pairs if the connection network is defined over a rsrb or vdlc port ( It works fine over TR and FDDI ports). This causes the session to fail wih sense 80020000. [CSCdi81897]
Problem happens when u try to do router commands thru nsp. When u come to the Press'Y' for more option, the router aborts the connection. This results in the 'Y' typed from the nsp to go to the run queue on the router instead of the interactive queue. This problem seems to be happening because we terminate connection when PU is not active.. we dont take care of the busy condition.. we should.
Anyways taking care of the busy condition, the router doesnt abort the conncetion and correctly passes the Y to the interactive queue. [CSCdi81927]
The show appn dlur-pu and show appn dlur-lu commands do not allow filtering by name like the other appn show commands. [CSCdi83563]
The DLUR router may hang a session after the downstream PU2.0 is IPLed. The DLUR router was not forwarding unbind response with non-zero sequence numbers to the downstream PU. [CSCdi84751]
A router might reload when more than 125 sessions on the router are using QLLC/DLSw+ conversion. [CSCdi84896]
A CLS assert with traceback information may be displayed on the router during sdlc link deactivation. [CSCdi84944]
When a downstream PU2.0 stops by issuing a REQDISCONT to a DLUR router, the DLUR router may loop continuously restarting the link to a downstream PU2. In this case, the DLUR router sends a corrupted packet to the host, instead of a REQDACTPU. [CSCdi86769]
4000 series routers may reload due a PC error. Seems to be related to increasing the bandwidth on the serial interfaces with hardware type MK5025. [CSCdi36722]
Alignment errors may possibly occur when performing transparent bridging at process level to a token ring interface. [CSCdi48465]
Kille packets when bridging on FDDI interface receives a packet with DSAP and SSAP = 0xaaaa and length less than 21 bytes, can cause havoc. running IOS 11.0(9.3) or 11.1(4) and the following message is seen:
CBUS-3-INTERR: Interface 6, Error (8011)
This is due to the bridging code was seeing aaaa and assuming it as snap encapsulated. Since SNAP encapsulated packets have a minimum length of 21, the bridging code was subtracting 21 from the original length of the packet (20) when queuing it on the outbound interface. Result. Length of outbound packet was -1 or 65535 bytes. This caused the SP to become confused and writing over low core causing the 8011 error. [CSCdi65953]
On Cisco 7000 and Cisco 7500 series platforms that have FSIPs, transmitter delay does not seem to be working correctly. There is no workaround. The fix for this problem is available from 011.002(003.001) 011.001(008.003) 11.2(03.01)F 11.2(03.01)P. [CSCdi72431]
When using FDDI with subinterfaces and encapsulation sde configuring of transparent bridging on a subinterface caused OSPF to die on the complete interface. [CSCdi72969]
A MIP interface with more than 64 kbps (more than 2 time slots) may need to be tuned with more tx-limit than the default. The tx-limit can be tuned with tx-queue-limit interface configuration command. In general, the tx-limit should be tuned just to support the interface line rate. This normally can be achieved by the formular - tx-limit = (default tx-limit) * (no of time slot). It is recommended to shut down the interface before changing its tx-limit. [CSCdi74509]
The 7200 router does not accept the early-token-ring command on the 16 meg token ring interface. The command fails with the message: %This interface does not support early token release This command works fine with 11.2 software. [CSCdi74548]
VIP2 4r module does not recognize the HSRP virtual ip address, even though it responds to an arp for the virtual ip with the token ring functional mac address for HSRP. [CSCdi77355]
On Cisco RP/SP 7000 series routers, if you reload the router after adding new interface processors or swapping interface processors, the configuration for serial interfaces may be lost. Also, the encapsulation may be lost, causing the serial interface configuration to change to the default (HDLC). You can identify this problem if your interface is a serial interface, for example, an FSIP or a HIP, and the show configuration command correctly displays the original configuration for the serial interface. As a workaround, EOIR the new card, configure it, and issue the write memory command before reloading. [CSCdi79523]
When using MED information that is learned from multiple providers, the sequence in which BGP prefixes are installed in the BGP table could cause BGP to pick the wrong path. [CSCdi69580]
OSPF does not load balance over parallel point-to-point links which belong to the same IP subnet.
There is no workaround. [CSCdi70260]
When sho standby command is issued on 4700 (10.3.12) with hsrp configured on fddi int, it shows wrong prioriy and tracking interface status.
After reload with standby track command configured, the tracked interface may be in a wrong state, hence the priority is wrong too.
For the first time loading the image with the fix, standby track command will be deconfigured, and need to reconfigure it again. [CSCdi72254]
The OSPF Area Border Router does not create Summary Net Link States as long as there are no neighbors in area 0. The result is that networks in area 0 are not reachable from routers in the other area.
Work-arounds, in order of preference: - add a router in area 0 - put everything in one area as long as there's only one router in area 0 [CSCdi73483]
When using route-maps, if a null entry (no set/match commands) is entered under configuration mode, the entry with the lowest sequence number will be overwriten (as long as the lowest sequence number is not equal to 10).
This doesn't seem to affect the order in which the route-map is executed. [CSCdi74891]
When more than one router advertise the OSPF external LSA with the same information, it is possible for the routers, except the one with the highest router id, to generate the OSPF-4-NOTREDIST4 message every minute. There is no workaround but the message are harmless. [CSCdi76699]
When OSPF is configured with the default-information originate router command to generate default information, OSPF is prevented from installing the default information advertised by other OSPF routers. This causes a problem if OSPF does not really generate the default because a certain condition is not satisfied, for example, the gateway of last resort is not set. [CSCdi80474]
When a Cisco 4000 series is routing IP and bridges some other protocol on a FDDI interface it may enter a condition where it incorrectly forwards frames received from the FDDI fiber. A possible workaround is to configure no ip route cache on the output interfaces, but this usually leads to excessive CPU utilisation. [CSCdi81114]
DVMRP Tunnels that are shutdown or have no ip address configured still pass reports and accept probes, but do not forward traffic. Make sure that you have configured "ip address" or "ip unnumbered" or that the interface is "no shut" if there appears to be DVMRP traffic but no multicast data traffic. [CSCdi81183]
In very obscure cases involving equal-cost backup routes to a failing route, it is possible for EIGRP to be caught in a "stuck in active" state (self-correcting after several minutes). There is no workaround to this problem. [CSCdi81791]
Help text may not be available for some show ip commands. [CSCdi81808]
IP Multicast commands do not accept IP Named Access lists as an alternative to IP Numbered Access lists. [CSCdi81978]
Help text may not be available for some IP Multicast show commands. [CSCdi81979]
OSPF can lost neighbor periodically over slow link when ospf database is refreshed, which generate a lot of OSPF packets. There is no workaround. [CSCdi82237]
This bug causes (S,G) state to be immediately deleted in the RP when a Register is received. [CSCdi82581]
While running 11.2(1.5) the following error might occur:
System restarted by error - Zero Divide, PC 0x38EF0C (0x38EF0C:_igmp_report_delay(0x38eec6)+0x46) [CSCdi83040]
If multiple OSPF processes are configured, each process will get a different router id. However, once the router is rebooted, all OSPF processes will choose the same router id. Although it does not cause any routing problem, it make the configuration of virtual link harder as the router id changed. This fix ensures that different processes choose a different router id all the time. [CSCdi83839]
If the TCP and UDP small servers are disabled, their configuration commands are not written to NVRAM. [CSCdi83849]
show ip pim rp mapping will not correctly display any access lists assigned using the ip pim rp-address command. [CSCdi84088]
When using BGP, prepending autonomous system paths using an incoming route map can cause a memory shortage in the router. The workaround is to use other methods, for example, setting the neighbor weight, to influence path selection. [CSCdi84419]
RARP over ISL encapsulated ethernet does not work. [CSCdi84700]
A router might advertise a combination of unicast and DVMRP routes in excess of the configured route limit (but no more that two times the limit). The workaround is to configure a lower route limit. [CSCdi85263]
show ip s does not produce an ambiguous command error message. show ip sd should be a valid command but produces an Incomplete command error message. [CSCdi86326]
clear ip sdr may not clear all entries from the SDR Cache. Workaround is to perform a no ip sdr listen. [CSCdi86691]
show ip mroute should accept the source and group addresses in either order. [CSCdi87507]
After removing a static CLNS route, ISO-IGRP prefix routes may be seen to count to infinity around a looped topology. The workaround is to use no clns router iso-igrp DOMAIN to break the loops in the CLNS topology untill the routes age out. [CSCdi78048]
CSCdi78048 introduced a bug that ISO-IGRP will not redistribute the local ISIS route. [CSCdi85861]
NLSP links may reflect incorrect source network/node addr in the routing tables. This does not hinder connectivity to other IPX networks when going cisco to cisco. However, certain non cisco routers may not like the incorrect address and NLSP routing may fail. NLSP routers should use the address Internal-Network.0000.0000.0001 when sending NLSP packets, therefor on WAN media which require MAPs for IPX this should be the next hop address in the map statement. [CSCdi68981]
When "ipx sap-interval 0" is configured on an interface, the full update that should be sent when the interface first comes up, is not sent. The router will still respond to a SAP general query if received. [CSCdi80574]
Changing the NLSP partial route caluculation (PRC) holddown value has no effect. Instead, the default value of 5 seconds is always used. [CSCdi81020]
When the command "ipx maximum-path xx" is entered, a spurious access results on the 4500 and rsp platforms. [CSCdi81824]
In images without IPXWAN support, IPXWAN packets may accumulate on the input queues. [CSCdi82952]
Routers configuring for IPX Enhanced IGRP with parallel paths might reload. The workaround is to run IPX RIP. [CSCdi84739]
The ipx downnetwork-number command might appear unexpectedly in the output of a write terminal command, and this command might be written to nonvolatile memory with the write memory command when the interface is down but you have not issued a ipx down command on that interface. There is no workaround. The unwanted command does not appear when the interface is up. If the unwanted command appears in nonvolatile memory, issue a no ipx down command followed by a write memory command when the interface is up to clear the undesired command from memory. [CSCdi85453]
IPX does not work in Release 11.2(3.2) because of CSCdi80447, which introduced a broadcast mechanism for clients on the same IPX network separated by WAN links. There is no workaround. [CSCdi85856]
If multiple instances (i.e., multiple NLSP areas) are configured on a router, changing the IPX NLSP router subcommand "lsp-data-hashing" on one instance, may affect other instances.
There is no problem if all instances of NLSP on the router are consistent (i.e., all instances use the default LSP packing algorithm, or all instances are configured with "lsp-data-hashing"). [CSCdi86503]
Session timeout has been implemented for tcp->pad translations. This enables us to monitor the traffic on the translated (tcp->pad) session & clear the call if there is no activity in either direction for the specified amount of time which is configured through session-timeout parameter. [CSCdi59977]
Protocol translation (tcp to x25) router continually tries to negotiate telnet window-size, causing high cpu utilization. [CSCdi86983]
If the second port sent from remote for a rsh request is zero, the second connection for will not be opened on the router. Blindly close the second connection could cause crash on the box. [CSCdi78028]
You may notice that a router will stop accepting telnet sessions a short time after being brought online. While doing a debug ip tcp this is the possible error message:
TCP0: bad seg from X.X.X.X -- No wild listener: seq YYYYYY ack 0 rcvnxt 0 rcvwnd 0
The only know workaround is to reload router or load an ios with the fix to this bug id. [CSCdi82566]
Router will reload if TCP tries repacketize a packet that has invalid packet reference count. [CSCdi87175]
TCP data structure gets clobbered if a RST is received while the application is half way thru closing the connection. Local TCP will end up in a endless loop trying to send the last FIN to its peer. A typical symptom for the problem is that the CPU usage becomes very high, and the application that is doing the close will be stuck in TCP forever. [CSCdi88063]
TCP will get into endless ACK war with its peer if application on both ends have stopped reading data. A typical sympton will be that CPU usage becomes very high on the router. A possible workaround for the problem is to clear the tty/vty line that owns the TCP connection in ACK war. [CSCdi88065]
Routers that are connected via extremely slow links that have a large routing table, for example, a table with more than 300 entries, do not get the full routing update before the reassembly timer expires. The symptom is that routes repeatedly appear and then age out. The workaround is add access lists to eliminate some of the unneeded routes. [CSCdi79355]
This problem is that ATM counter shows a wrong current VCC value under the sh int atm0 command. The VCC value is over the maximum value of the active VCCs. This problem does not happen often, only after many resets. This problem is to be fixed in the future release. [CSCdi69914]
The output hold queue holds all buffers that are being kept in output queue because of traffic shaping. This slows down traffic for other VCs, causing the traffic to traverse the complete queue before it can leave the system. [CSCdi74940]
BRI interfaces will have an extra CCB allocated when the router is configured for switch types basic-5ess, basic-ni1 or basic-dms100 and a SPID is not used. Configuring a SPID for each of the BRI interfaces will prevent an extra CCB from being assigned. [CSCdi77135]
The command to do character mode authentication is
username ppp nopassword autocommand ppp
the user then gets authenticated via chap for the pp session and in the show users we should see the chap username but it reports only ppp as the username. [CSCdi77152]
IPX fast switching with multiple route paths over multiple ATM/LANE interfaces/subinterfaces may cause random system reloads. Workaround is to use only one AMT/LANE IPX path, set ipx maximum-path 1, or use ipx per-host-load-balance to force only one interface to be used. [CSCdi77259]
When a SGBP member receives equal highest bids from two or more peer members It may pick itself to be the winner of the bundle, when it should pick one of the highest bidders to be the winner. [CSCdi80121]
When encryption is configured on an interface and it is a non-VIP interface then DFS traffic will be prevented out of that interface. The packets will traverse the RSP fast-path so that output-encryption functionality can be honored. [CSCdi82250]
LE-ARP table must be age-out at 15 seconds after spanning topology change is happened. at rsp 11.2(2) and cat5K 2.1(5) atm3.2, we need to "clear lane le-arp" manualy. [CSCdi82494]
In 11.0(13), routers will reload when the "no frame-relay priority-dlci-group" command is entered.
The work-around is to first remove any "frame-relay interface-dlci" commands and THEN remove the "frame-relay priority-dlci-group" command. [CSCdi85395]
When an access server is a member of a multichassis multilink ppp stack group and a call master reloads, the access server will restart due to a bus error. [CSCdi86600]
This section describes possibly unexpected behavior by Release 11.2(2). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(2). For additional caveats applicable to Release 11.2(2), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(3).
AGS+ routers with first generation FDDI cards (CSC-C2FCI) do not support translational bridging, and are no longer supported. They use encapsulated bridging. The second generation AGS+ FDDI cards (CSC-C2FCIT) support both translational and encapsulated bridging.
Encapsulated bridging does not work on the 7500 router. The workaround at this time, to bridge between the AGS+ and the 7500, is to use CSC-C2FCIT cards in the AGS+ and translational bridging.
The big disadvantage of using encapsulated bridging is that it cannot use the hardware bridge filtering capabilities of the CSC-C2FCIT cards, which have a CAM built into them which is used to do bridge filtering on the card. When encapsulated bridging is used, the main processor has to do all bridge filtering. This means that one busy encapsulated bridging FDDI network can eat the entire bandwidth of the router's main processor, just for bridge filtering. It should be no surprise that the use of encapsulated bridging is to be vigorously discouraged. [CSCdi46862]
The output of "show queueing" and "show queue int xx" commands were inconsistent. Both the command outputs were not right. The impact was limited to only the show outputs and did not in any way affect the queueing behaviour on the interface. [CSCdi60096]
Only images with encryption can experience this problem. If a router has encryption keys stored in priave NVRAM, those keys will be destroyed if a 'copy tftp startup-config' is done. [CSCdi60485]
Enabling RMON on an interface may cause the router to crash. The only workaround is to disable RMON. This problem affects only images that support full mon (some Cisco 2500 series images). It does not affect RMON alarms and events running on most Cisco IOS images. Releases prior to Release 11.1(3.2) do not have this problem because it was introduced by the patch for CSCdi55847. [CSCdi62282]
In cases where an accountable task has a duration shorter than the time is takes to contact the tacacs+ accounting server, the stop record may be discarded by IOS without being transmitted to the server. [CSCdi70312]
A problem has been found in RSP code within Cisco IOS releases 10.3, 11.0, 11.1, and 11.2. The failure condition can occur when BACKING-STORE or fair queuing are enabled. The conditions that could cause one of the above behaviors to occur are expected to be extremely rare. However, to avoid these problems, all Cisco IOS RSP releases previous to those listed in the chart below are no longer available.
Cisco highly recommends upgrading all RSP-based systems to one of the Cisco IOS release identified below. For those systems that cannot upgrade, this problem can be avoided by disabling both BACKING-STORE and fair queuing. Please see instructions for this at the end of this message.
When packet load on RSP-equipped systems causes datagrams to be forwarded from SRAM to DRAM, a function of BACKING-STORE, 32 bytes of data may be randomly written into DRAM. This could result in several anomalous system behaviors including: - Software-induced system crashes - Dropped datagrams - Other anomalous errors
To eliminate this problem, Cisco highly recommends downloading and installing one of the following Cisco IOS releases:
Base Rel. Maint Rel. On CCO 10.3 10.3(16a) 11/15 11.0 11.0(12a) 11/22 11.1 11.1(7)CA1 11/18 11.2 11.2(1a) 12/9
The default Cisco IOS image for all new RSP-based router shipments is Cisco IOS release 10.3(16a) effective immediately.
SOLUTION:
FOR CUSTOMERS WITH RELEASE 10.3 Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
Option #2: Below are options to work around this bug.
1) Simply disable backing store on each interface with IOS command 'no transmit-buffers backing-store' Please note each interface needs this disabled.
Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces.
FOR CUSTOMERS WITH RELEASE 11.0, 11.1 or 11.2
Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
Option #2: Below are options to work around this bug.
1) Disable backing store AND fair queuing on each interface with IOS commands
ALSO disable udp-turbo flooding if the image is 11.0 or later The IOS command to disable UDP turbo flooding is 'no ip forward-protocol turbo-flood' which is OFF by default in all releases.
Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces. [CSCdi71609]
Per-user access-class will not be installed correctly if the Filter-ID is set to ".out". It works correctly if the Filter-ID is "".
For example, if you have an access-list 101 defined on the router, a Filter-ID of "101" will work, but "101.out" will not. [CSCdi74210]
A device with RMON enabled may reload if free memory gets too low [CSCdi74278]
a bitmask follows to indicates which bytes (0-7) had bad parity. The bits indicating bytes 0 & 1 are actually in bit positions 9 & 8 instead of bit positions 7 & 6. [CSCdi74453]
Timer-related functions, such as NTP and routing update intervals, do not work correctly in Revision D Cisco 4700 routers. Also, Revision E Cisco 4700 routers are recognized by SNMP as "4700" instead of "4700M." [CSCdi75353]
You may experience router reload after seeing following message :
High CPU utilization may be seen prior to message and reload. [CSCdi76126]
With the configuration "aaa authentication login default local", if you press return at the username prompt, it will not regenerate a username prompt, instead it will interpret it as a null username.
To work around this, configure "aaa authentication local-override". [CSCdi76170]
SNMP queries of objects in the MIB-II atTable may cause the device to reload if static ARP entries have been configured. This anomaly was introduced as a byproduct of the fix for CSCdi68943. [CSCdi77494]
Qualified Logical Link Control (QLLC) devices that are connected through a router using QLLC/Logical Link Connection, type 2 (LLC2) conversion might occasionally experience poor response time. [CSCdi44923]
When using APPN/DLUR and starting and stopping many sessions to downstream dependent LUs, the router may stop with a bus error at ndr_queue_handler. [CSCdi52377]
In a parallel SDLLC network, the ACTPU RSP is never received by the host. [CSCdi55142]
OIR of an IP in a 75xx router equipped with a CIP and another IP that has the same size MTU as the CIP can cause the router to crash with a cbus error. [CSCdi59377]
The following instruction disappears on reboot on a 7000 running 10.3-9: source-bridge remote-peer 1280 frame-relay interface Serial1/1.3 404 lf 4472 [CSCdi59935]
In certain configurations adding appn control-point statement can cause router to reload. [CSCdi64095]
In Tn3270 server config tcp-port of 0 and 65535 cannot be used. It can potentially cause a microcode reload. To avoid hitting this problem donot use port number 0 or 65535 under tn3270-server context or any PU statements underneath that.
This ddts ensures that tcp-port under tn3270 server won't accept the value of 0 or 65535 [CSCdi64150]
QLLC DLSw cannot reconnect after a failure. The following assert message is displayed: %CLS-3-CLSFAIL: CLS: Assertion failed: file "../srt/qllc.c", line 4352 !"QSapAddCepFailed". [CSCdi64840]
When show on a PU is done which has been in shut state, it doesn't show correct values of siftdown values inherited from global context. The siftdown variables are tcp-port, idle-time, keepalive, unbind-act and generic-pool.
This only affects the show command and doesn't cause any other operational problem. [CSCdi65716]
Running CIP features TN32700-Server and CSNA concurrently on the same CIP will produce incorrect interface counters. The statistics reflecting the TN3270-Server traffic on the CIP virtual interface si not included in the counters displayed. [CSCdi68510]
This crash occurs when both SRB and other kinds of traffic are used on the same router. It causes a crash with a traceback like the following:
ALIGN-1-FATAL: Illegal access to a low address addr=0x1, pc=0x60544FE0, ra=0x60544FE8, sp=0x60AEE780
0x604C23EC:llc_store_rif(0x604c23c0)+0x2c 0x604BE390:llc2_input(0x604be128)+0x268 0x6014BD28:llc_input(0x6014bc64)+0xc4 ... Somewhere in the drivers.
It is exacerbated by increasing loads. There is no workaround. [CSCdi69234]
APPN over FDDI support does not work correctly when SRB/FDDI is in use between the APPN endpoints of the connection to bridge either FDDI to FDDI or FDDI to Token Ring. APPN over FDDI does work when both APPN connection endpoints are on the same FDDI ring. [CSCdi69841]
An SNMP request for the cipCardEntry information will produce the following message
%ALIGN-3-SPURIOUS: Spurious memory access made at reading
on a 75xx. [CSCdi72059]
Release-note: If using cost to control the remote peer for a sdlc device, to ensure the router waits sufficiently for all peers to open and subsequent test responses, dlsw timer explorer-delay-time in minutes, must be configured at the sdlc router. Otherwise the sdlc connection will likely use the first of the peers to connect when DLSw is restarted, regardless of cost. [CSCdi72301]
Release-Note:
On a 7000 running an RSP7000 with IOS Release 11.1(6), CIP microcode cannot be read if it has been loaded into Bootflash. The workaround is to load the CIP microcode into Flash. [CSCdi72463]
Remote source route bridged traffic using FST encapsulation will be process switched under certain circumstances on some platforms. [CSCdi72962]
When doing RSRB with FST encapsulation in 11.0(11) the packet counts reported by the sho interface commands are not necessarily accurate. [CSCdi72968]
Data-link switching (DLSw) sometimes cannot handle disconnects being issued by two stations that are in session, if the stations have a requirement to re-establish a session in less than 3 seconds. The first disconnect is answered with a UA message but the second is not responded to until the station resends the disconnect message (DISC). After the DISC is resent, a DM message is sent to answer. [CSCdi73204]
Frames coming from a High-Speed Serial Interface (HSSI) are sometimes dropped. This problem occurs when a Cisco router has remote source-route bridging (RSRB) configured direct over a HSSI interface. The HSSI interface shows that the packets are forwarded on the interface itself, but the packets are not passed to the source-route bridging (SRB) process. The show source command on FHDC-1 shows receive cnt:bytes 0, and the show interface h 5/0 command shows nonzero packets are input. [CSCdi73357]
When more than 38 sdlc devices are configured upstream and downstream using DLSw local switching, the router crashes with :
Exception: Line 1111 Emulator at 0x7E9500 (PC) [CSCdi73675]
When many sessions are created and then torn down over an ISR network, a memory leak might occur in the router. [CSCdi73676]
DLSw+ back up peers continue to accept new connections after the primary link is restored. This continues until the back up link is torn down when the linger time expires. [CSCdi73864]
When doing dlsw local (same box) the router will issue tracebacks when doing a debug dlsw peer. This is a cosmetic issue and doesn't affect the performance or the sessions in the router. [CSCdi74324]
Show ext ch x/2 tcp-c d doesn't show the relevant output for TN3270 server related sockets and connections. [CSCdi74448]
When running APPN over RSRB virtual stations where rsrb local-acknolegement is being used, the secondary station may hang upon sending data. The most common symptom is only one of the two CP-CP sessions come active with the partner node. [CSCdi74906]
During the peer connection process, an SSP CanUReach_ex packet may be sent on a TCP pipe that is being disconnected as part of the capabilities exchange process. This packet is never delivered to the peer partner. The DLSw reachablity cache, however, views the packet as being sent and shows a SEARCHING REMOTE entry for the target resource. This blocks all other CanUReach_ex packets for the target resource for a interval (dependent on SNA or NetBIOS). This causes a delay in the connection of the circuit. [CSCdi75379]
7206 with 11.1(6.4) fails to source-route-bridge IP packets ("no ip routing"). Workaround is to route ip. [CSCdi75477]
The DLUR router may send a negative response to a DLUS response for a resource which is no longer available. [CSCdi75547]
A Format 0 XID may be forwarded on the X.25 interface before a Null XID is received on that X.25 interface when QLLC npsi-poll is configured. [CSCdi75628]
If SNA/DSPU receives a RECFMS frame that contains control vectors and the RECFMS cannot be forwarded to the focal point host for any reason (for instance, the focal point is inactive), the negative response sent by DSPU causes the router to display the BADSHARE error and deactivate the connection. [CSCdi76030]
If a BIND request is received before the Notify response has arrived, DSPU will reject the BIND request with sense code 0x80050000. [CSCdi76085]
When two or more FEPs at a cental site, each with the same TIC address, are connected to a different Token Ring and a different DLSw peer router, a remote SDLC attached PU2.0 device will not establish a session to the back-up FEP if the first is taken offline. This problem does not affect PU2.1 devices. [CSCdi76575]
For an APPN/DLUR router, a "DLUS command" specified on the link station to the downstream DLUR device may not work correctly. The link station defined for the downstream device may repeatedly start and stop. [CSCdi76630]
When a user writes a previously configured APPN configuration, and then reloads it, the following message may be displayed for each link station defined:
dlur-dspu-name > % Incomplete command.
This message, while a nuisance, does not cause any problems. [CSCdi76709]
Under certain race conditions a VDLC circuit fails to come up, and the router reloads. [CSCdi76751]
This problem prevented users from saving the results of an llc2 idle-time command into the nvram.
The workaround is to edit the configuration on another machine, and then to download it. [CSCdi76800]
DSPU configuration of contiguous, dedicated LUs on separate hosts is not written to NVRAM correctly.
e.g.
dspu pu TESTPU xid 05d00001 dspu lu 1 1 host host1 1 dspu lu 2 2 host host1 2
...is written to NVRAM as...
dspu pu TESTPU xid 05d00001 dspu lu 1 2 host host2 1 [CSCdi76858]
When a EN connects to the Cisco APPN/DLUR function, there may be problems establishing CP-CP session connectivity if the EN's CP name was previously known to the network topology as a NN. [CSCdi77533]
show dlsw reachability exec command causes the router to crash if a resource like netbios name is reachable through multiple peers or ports and the reacability entry for the resource goes into a VERIFY state. [CSCdi77667]
Multiple DLSw peerings to remote Routers using Frame Relay direct encapsulation and passthrough does not work.
The symptoms are sessions failing to establish and existing sessions being torn down.
The workaround is to configure TCP encapsulation. [CSCdi78017]
The MIB variable ciscoDlswIfSapList is supposed to return an octet string, exactly similar in format to the one returned by ciscoDlswTConnConfigSapList, that conveys the list of all saps that are enabled on an interface. Instead, this object returns a null string. [CSCdi78082]
When using DLSw+ to communicate with non-Cisco devices, the Cisco platform might not deal with incoming transport keepalive packets in an appropriate manner. [CSCdi78202]
When "stun remote-peer-keepalive" is enabled in a locally acknowledged STUN over Frame-Relay configuration, STUN peers are constantly resetting due to incorrect handling of STUN keepalives. [CSCdi78480]
If multiple DLSw remote peers advertise via capabilities exchange that they can reach the same resource, the dlsw reachability cache only indicates that one of the remote peers can reach the resource. [CSCdi78980]
After SDLC sends 3 XID NULLs upstream to a host and receives no response, SDLC stops sending the XID NULLs and the SDLC device will never connect. This condition can occur if the remote peer conection is down because of a WAN connectivity outage or because the host or server is inactive and does not respond to XIDs. To clear this condition, remove the sdlc addressaddress command from the configuration and then reconfigure this command on the SDLC interface. [CSCdi79498]
The variable locIfotherInPkts in SNMP might not reflect a correct value compared to the total packets counted. [CSCdi56828]
When IP routing is configued on an ISL subinterface, the longest IP packet that can be sent is 1498 bytes because of the extra 26-byte ISL header. This is 2 bytes shorter than the standard packet size of 1500 bytes. This problem started when the fix of CSCdi39484 was committed. [CSCdi71140]
3000 series routers with MK5025 serial interfaces may halt unexpectedly on system startup. There is no workaround. [CSCdi71715]
If transparent bridging and an IP address is configured on a VIP FastEther or Ether interface, duplicate packets may occur on directly connected LANs to the VIP interface. In particular, Unicast DODIP packets between 2 workstations on a segment on which the VIP2 interface is attached can be incorrectly duplicated by the router. This can also occur when running bridging and any other protocol in this type of configuration.
In addition, if VIP Ethernet is used with multiple unicast protocols such as HSRP, packet duplication can occur on the LAN segment. These problems can significantly degrade RSP performance, if your configuration is listed here, be sure you obtain the interim or release with this problem corrected. [CSCdi71856]
A fast ethernet viper2 interface may stop listening to unicast packets. The workaround is to do a shut/noshut on the interface. [CSCdi71968]
HSSI interfaces will register overruns on a show interface when low on i/o memory instead of ignores. [CSCdi72025]
Under certain conditions Spanning Tree Protocol can cause a memory leak.
You'll see the small buffers being created but not released (Created is going up and Trims doesn't in the show buffer) and the show memory will show the memory available going down.
Spanning Tree BPDUs are handled by small buffers , so when a BPDU comes in a small buffer is used , if at the same time the interface is going down , this small buffer should be released, and that was not the case...
This problem has been fixed in the IOS software code. [CSCdi72783]
In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory, or when changing the serial encapsulation (for example, from HDLC to SMDS) or when doing OIR of another card in the chassis:
The show diag x command reports that the board is disabled, wedged. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi73130]
When doing a "debug vlan packet" on 7010 using 11.1(6), router crashes. [CSCdi73457]
A %VIP2 System Reload Requested crash of a VIP2 with FastEthernet can occur when using HSRP. The crash will cause RSP complex restarts but since they may occur repeatedly, the RSP will defer reloading leaving the interfaces down for extended periods. Customers using this configuration such as with pairs of 75xx routers running HSRP on FastEthernet to Catalyst 5000's should be sure to obtain the interim or release with this problem corrected. [CSCdi73671]
Under certain conditions, if an interface on a 5EFL PA is left un-cabled AND in an un-shutdown state, IOS may incorrectly report the interface with the line protocol status as UP.
Workaround: cable the interface, or place the interface in an admin down state via the SHUTDOWN command. [CSCdi73867]
Policy routing on a Cisco 7000 router with silicon-switching enabled does not function correctly. As a workaround, manually disable silicon-switching on each of the interfaces with the no ip route-cache sse command. [CSCdi77492]
In a Cisco 7206 router, when source-bridge is enabled, the router may stop sending packets on the Token Ring interface. [CSCdi78494]
If multicast fastswitching is not working you must configure "no ip mroute-cache" on the token ring interface. [CSCdi46775]
RSVP doesn't generate correct routes for PIM Sparse Mode [CSCdi60355]
The command show ip ospf database database-summary can intermittently cause router reloads. [CSCdi63817]
The spurious access errors occur due to a race condition in the intialization code.
It does not affect the normal running of the router. [CSCdi64005]
Change in network statment does not take effect immediately. Workaround is to restart ospf. [CSCdi64468]
This affects only multicast packets. When multicast fastwitching is enabled on a 7000, and the input rate results in output queue build up, packets are incorrectly dropped and the statistics are not correct. Workaround is to turn off multicast fastswitching on the outgoing interface. [CSCdi65568]
A Management Information Base (MIB) query of the ospfLsdbTable fails because no MIB objects are found under the ospfLsdbTable subtree. However, some subtrees under OSPF can be successfully queried, such as ospfGeneralGroup, ospfAreaTable, and ospfIfTable. [CSCdi69097]
show align reports misaligned memory accesses. This error is reported on a 7513 with a token-ring interface installed. This bug is automaticly detected and corrected by the router. It will not inhibit the normal operation of the router. [CSCdi69939]
When multiple OSPF processes are configured, the administrative distance is ignored when these OSPF processes install route. As a result, the distance command cannot be used to prefer one OSPF process over the others. This fix resolves the problem. [CSCdi70011]
EIGRP may not retain the best route from topology into routing table when variance and metric weights are configured. [CSCdi72459]
Router running IRDP & IGMP won't accept IGMP reports after a reload.
Workaround is to issue shut and no shut commands to the interface which isn't receiving the IGMP reports. [CSCdi72642]
ATM blocking with input queue full 151/150. No signalling, just rfc1483 defined for packets blocked and returned by sho bufferes old dump. [CSCdi72840]
Cisco routers do not support Type Of Service, but it should be able to accept Type Of Service Link State Advertisements from non-Cisco routers. [CSCdi72891]
When OSPF hello timer, and hence the dead timer, is changed, the wait timer is not changed accordiingly to match the dead timer's value.
This fix resolves the problem. [CSCdi74009]
This crash happens only in 11.2. In previous releases, this bug causes spurious access.
The problem happens only when the router have a single interface with OSPF running over it as broadcast/non-broadcast network. If the single interface is shutdown and is brought back up within a 5 seconds interval, it creates a race condition which causes the crash (or spurious access). [CSCdi74044]
Configuring RSVP over an interface without configuring UDP encapsulation for RSVP can result in memory leaks.
The workaround is to configure RSVP-UDP encapsulation for all RSVP-enabled interfaces. [CSCdi74212]
Using the "talk" keyword when specifying an ip extended access-list is not functional. Workaround is to use the udp or tcp port number (517) specifically. [CSCdi74214]
When the cache is populated, the system will not perform correctly policy routing on subinterfaces. This has been produced on 4500 with atm lane subinterfaces. The problem does not occur when ip route cache is cleared. [CSCdi74375]
ip sd listen is no longer supported. [CSCdi74508]
IP Multicast SDR entries never time out. [CSCdi74586]
If OSPF demand circuit feature is enabled over interface which is protocol down, the router will crash. [CSCdi74862]
The parser does not accept show ip pim rp mapping in-use as a valid command. [CSCdi75049]
The configuration command ip tftp source-interface is no longer available. [CSCdi75158]
ARP debugging messages that indicate an ARP response was filtered for being on the wrong cable do not contain information about the source interface making it impossible to troubleshoot. [CSCdi75342]
in 11.1, the output of "show ip route" lists a /16 instead of 255.255.255.0 mask. 11.1 is only listing a mask for the major net, not the subsequent subnetting being used when only one type of subnetting is being used for a major network. This doesn't affect routing but only the display of the mask in "show ip route". It's a cosmetic issue. [CSCdi75408]
The system may emit a %SYS-6-STACKLOW error message if debug ip sdr is enabled. Debugging should be disabled immediately. [CSCdi76410]
Turning on 'ip rsvp debug detail' can cause the router to reload if the debug information being printed pertains to multicast traffic. [CSCdi77482]
Under heavy traffic conditions, RSVP can cause the router to reload due to a "zero-divide" exception. [CSCdi77897]
If encapsulation changes after configuring static CLNS adjacency, it is required to delete the adjacency and reconfigure it. [CSCdi60457]
If an interface is down when it is configured as passive for IS-IS, it will not be advertised in IS-IS link state packets when the interface comes up. The workaround is to unconfigure the interface and then reconfigure it as passive after it is up. [CSCdi76431]
If the ISIS or NLSP LSP refresh interval and LSP lifetime values are both reduced from the default value, the LSP lifetime will be ignored when the system is restarted.
The workaround is to hand-configure the parameters in the reverse order. [CSCdi72691]
IPX fastswitching on the c72XX of various encapsulations of IPX including IPX over ISL may produce packets which are ignored by the receiving host. A workaround is to disable IPX fastswitching using the np ipx route-cache command, note: this workaround causes increased router overhead. [CSCdi73231]
NLSP may reflood LSP fragments unnecessarily, including both changed and unchanged fragments. Typically this is not a problem on LAN circuits. However, this can present bandwidth-related problems on low speed WAN circuits, especially as the size of the network increases.
The flooding behavior covers up a problem where services may be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third party routers are present on the same link. [CSCdi74487]
VPDN uses loopback interfaces, but IPX and SPX spoofing are not allowed on loopback interfaces. [CSCdi76227]
When a packet is too large for the output interface the packet is dropped per IPX specification, the debugging message associate with this action is confusing as it lists only the input interface not the output interface on which this action was taken. The debugging message should list the output interface name. [CSCdi76741]
Under some conditions, the X.29 profile may not be set on a call to a Virtual Async protocol translation address. This may result in the communication failing, if the calling PAD does not already have the correct parameters for transparent communication. [CSCdi73090]
A protocol translator may unexpectedly restart when a translation entry is configured but fails to be successfully added due to system limitations, such as exceeding the number of LAT services that can be advertised. [CSCdi76145]
RIP Request packets are sent out with invalid UDP length fields, thus causing them to be discarded by the receiving system. This can cause delays in network convergence, but won't in and of itself prevent it. [CSCdi73140]
When a Cisco 4500 or Cisco 7000 is configured to use FTP or RCP to take an exception dump and an exception happens with validblock in the stack trace, the core dump operation fails and a core file cannot be obtained. As a workaround, if validblock is in the stack trace, use TFTP to take the exception dump. This means that the exception dump is limited to 16 MB. This is a known TFTP defect. [CSCdi75757]
Non-TCP reverse connections to lines may corrupt memory, resulting in a software-forced crash. This problem was introduced starting in Releases 10.3(15.1), 11.0(11.1), and 11.1(6.1). [CSCdi79310]
One step protocol translations using TCP as the inbound protocol cannot be connected to. The connection never opens completely. This behavior was introduced in 11.2(2.4) and later. A workaround is to configure an equivalent two step translation. [CSCdi82193]
VINES broadcast packets are forwarded away from the source. If the immediate router toward the source of a broadcast packet has a neighbor entry but no associated path, the system may halt. This kind of dangling route is rare and is considered a timing-related issue. [CSCdi75345]
This fix upgrades the cisco ppp stacker compression implementation to conform to the newly released draft (draft-ietf-pppext-stacker-04.txt).
Initial testing with this image (11.1(7.3)) has indicated a minor problem with the Lan Extender boxes such as the Cisco 1001 and 1002 running lex software version 2.0
The Lex box is able to carry out data transfer and is able to get bound to the interface it's connected to. However, if the ppp stacker compression is configured, the negotiations may not succeed. The lex box continues to transfer data, but may not compress/decompress the data.
The problem with compression is under investigation. [CSCdi44495]
Optimum switching is enabled by default for LANE interfaces. This is supported in 11.3 and in 11.1(16)CA. To turn off optimum switching one can use "no ip route-cache optimum" command on the ATM interface. That would effectively set the switching mode to fast switching for the interface. [CSCdi64260]
The VIP2 might crash with a context dump that shows register $0 = 0xffffffff. The cause register and S registers might also contain 0xffffffff. This reflects the fact that the VIP2 is experiencing a fatal CyBus or PCI bus error and the context for the processor has not been fully saved. A workaround that allows viewing of the PCI bus or CyBus error is available on a case by case basis by using an undocumented, not fully supported feature of the VIP2. The fix for this problem allows the fatal error to be displayed on the RSP console. [CSCdi66567]
PRI ISDN calls may be dropped on heavily loaded Cisco 7513 routers with multiple PRIs. The following error is displayed when this occurs: BRI Error: isdn_fromrouter() msg dequeue NULL. [CSCdi66816]
Dialer profiles does not support cpp. [CSCdi68530]
4500/4700 unable to get complete large (Problem already appears with 1500 bytes frames) if no traffic shaping is performed on the incoming atm traffic. The system will report CRC errors even for a traffic of 500 pps and will only forward 100...300 pps. When traffic shaping is applied on the traffic generated, we get a throughput superior to 2000 pps. [CSCdi68586]
Enabling transparent bridging on a Viper port adapter interface apparently alters the switching path of ip traffic from distributed switching to fast switching. IP pings generated from a device off of one port on the PA and directed to a device off of another port on the same PA show up in the distributed switching path of a SHOW INTERFACE ST output. When one of the interfaces is placed in a bridge-group, the IP pings received on that interface show up in the route-cache switching path.
This problem does not effect the data transferred, just the path which it takes through the router. [CSCdi68769]
Some ISDN PRI NET5 switches may send a Restart message with either an invalid or an unused B-channel. The router should answer the Restart message with a Restart Acknowledge message for the valid B-channels. If the router does not answer the Restart message, the switch may place the ISDN PRI interface "out-of-service". [CSCdi70399]
V11.2 now has Frame Relay traffic shaping functionality, but the following three traffic related MIB objects per RFC 1315 stay zeroes: frCircuitCommittedBurst frCircuitExcessBurst frCircuitThroughput [CSCdi71206]
Router is currently not able to detect Vines servers on lane interfaces. [CSCdi72706]
ATM interface on 4x00 may go down in a down/down state with the atm error of "atmzr_dumb_inhand(ATM0):Secondary port error". The interface will not come up untill a reboot is done or interface is flapped by doing a Shutdown and no shutdown. [CSCdi72769]
The interface command:
mac-address XXXX.XXXX.XXXX
now MAY affect any LANE components' atm and/or mac addresses, since the esi portion of an auto generated atm address is created using the mac address of the interface.
Also note that this command actually causes a hardware reset on the card that is being executed. Hence, all LANE components on such a card will recycle anyway. But as to whether the atm addresses they listen on after they come back up again will change, actually depends on how those addresses were defined in the first place.
If they were defined using the "auto" addressing method, obviously their esi portions will be affected.
In the case of an LEC (LANE Client), the mac address of the client will also change as well.
****** Note that this fix broke DECNET, which is now fixed. So, the correct version that has BOTH the fixes in is 11.2 (2.2) ****** [CSCdi73530]
The smallest Receive block size announced by the router is 64064 instead of 1498 as it is for ethernet. This result in negative smallest router blocksize reported by 'sho decnet inter' and in routing problems with DEC systems. These routing problems do not appear with Cisco devices used as end nodes but are reported by customer. [CSCdi74046]
PAD connections made from lines configured with session-timeout values can be incorrectly closed, because data sent or received on the line does not restart the session-timeout timer. [CSCdi74095]
Half-bridging of IP on DDR interfaces is broken. The symptom of this problem is that the remote devices on the bridged segment do not get a valid reply from their ARPS to the router that is configured for IP half-bridging. [CSCdi74185]
Half-bridging of IP over dialer interface associated with Dialer Profile feature is broken. Symptoms are inability of remote devices in the bridged domain to communicate with devices in the routed domain. This appears to be caused by the dialer interface failing to use a valid MAC address to answer ARP requests. [CSCdi74195]
when aal5mux svc idle timeout, the static map was not update due to svc was not torn down. [CSCdi74752]
ISDN PRI routers running 4ESS or 5ESS switchtypes should accept incoming Setup messages with an "abbreviated" type of Called Party Number. [CSCdi74767]
An important change has been made to the semantics of one of the LANE LECS address binding commands, in the 11.2 release. This change has been committed to the mainline california release today (11/5/96) at about 2:20 pm. Following are the details:
The command is: ---------------
lane config fixed-config-atm-address
Old semantics: --------------
1) When an LECS became the "master" LECS, it automatically started listening on this address. When it became a slave, it automatically stopped listening on this address. This behaviour could NOT be changed by manual operator intervention.
2) When the command was actually entered by an operator, regardless of whether an LECS was a master or slave, the LECS would immediately start listening on the well known address.
Problems with this aproach: ---------------------------
If multiple vendors' LECS were intermixed in a network, Cisco LECS would always automatically register and listen on the well known LECS address, as soon as it became a master. This meant that now there could potentially be more than one LECS in the network which would simultaneously listen on the well known address. This further led to the problems that connections intended for NON Cisco LECS's which were listening on well known LECS address, could potentially end up on a Cisco master LECS. So network "segragation" was difficult to administer.
The new semantics and approach: -------------------------------
The policy has now been changed to overcome this problem. Here are the new rules:
1) A Cisco master LECS will NOT automatically register to listen on the well known LECS address.
2) It will only do so, if and only if the above command has been entered.
Note that the customers now have a choice as to if they want the Cisco master LECS to listen or NOT to listen on the well known LECS address. In other words, this behaviour is now controllable by the administrator.
As a result, the old semantics of the command has disappeared. In other words, entering the command will NOT immediately and mandatorily cause an LECS to start listening on the well known LECS address. It will merely be a "hint" to the LECS indicating that it should listen on that address only if it becomes a master. [CSCdi74881]
There are a few switches around the world that require the send of the ALERT after a CALL_PROC when accepting an incoming speech call. After researching the issue it should be harmless to other switches to do this. [CSCdi74913]
Incoming speech calls be delivered with a rate of 64kb in the bearar capability when in actuality it is a 56kb call. This only occurs on speech calls. The new command will override the incoming data rate and use the configured value. Note that the dialing side will have to dial at 56kb if this command is used. [CSCdi75090]
After a number of days PRI calls may be dropped, high ISDN CPU utilization may be seen. There may be some discrepancy between 'show dialer' which indicates free B channels available and 'show isdn service' which shows all channels busy. Ultimately, a software forced crash occurs. [CSCdi75167]
IPX routing might stop working because the router cannot find any servers. This might happen because the ipx network command is probably parsed before LANE commands so that after a reload, the system reports "IPX encapsulation not allowed on ATM." [CSCdi75283]
ISDN interfaces under a dialer rotary group do not correctly autodetect the incoming encapsulation. [CSCdi75813]
At system boot up time, you may see: %SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0). -Process= "", ipl= 1, pid= 2
This message means Frame Relay InARP packets are received before InARP input queue is initialized.
This is harmless but inARP input queue is initialized later right away, you will not see this message except at the boot up time. Frame Relay Inverse ARP function will not be affcted. [CSCdi75843]
If a PAP Authentication Request is resent because of a timeout or missed response and is received after the router has completed processing of the first request, then it will repeat the authentication process. It should not repeat the authentication process. Instead it should send back the same response message that it did for the first message, regardless of the contents of the second (or subsequent PAP Authentication Requests). This defect will be fixed in a future release of IOS. [CSCdi76763]
The negotiation of a PPP Callback option, passing a dial string or E.164 number, will fail due to a defect that was introduced into 11.2(1.4), 11.1(7.1), 11.2(1.4)P, 11.2(1.4)F, and 11.0(12.1). The negotiation will appear to complete successfully, but the callback will not succeed. The failure can be seen if 'debug ppp negotiation' is set. The callback option will be marked 'acked', but there will typically be garbage on the debug line between 'allocated' and 'acked', eg 'PPP Callback string allocated ^]" acked'. There is no workaround for this defect. The defect will be fixed in a future release of IOS. [CSCdi77739]
This section describes possibly unexpected behavior by Release 11.2(1). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(1). For additional caveats applicable to Release 11.2(1), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(2).
It is not possible to connect an ara client using a username with 'nopassword' or without a password configured in the router. [CSCdi53202]
Over a period of three to five weeks, an active commserver will slowly run out of I/O memory. This may be related to ARAP or Tacacs+ usage. [CSCdi61152]
There has been a request for additional debugging messages for the arap logging command. The requested command is arap logging debug-extensions, which enables seven advanced debugging messages in addition to the traditional ARAP logging messages. [CSCdi68276]
There is a cosmetic defect in the appearance of the arap logging debug-extensions command in the output of the write term or show config commands. The appearance is as follows:
! appletalk routing appletalk route-redistribution appletalk virtual-net 7554 ATCP dialins debug-extensions debug-extensions arap network 7569 IS Dialup !
The appropriate display should be:
! appletalk routing appletalk route-redistribution appletalk virtual-net 7554 ATCP dialins arap logging debug-extensions arap network 7569 IS Dialup ! [CSCdi68279]
AppleTalk domains do not operate correctly when configured on subinterfaces. The domain properties will be applied to the main interface rather than it's subinterface(s). The workaround is to disable AppleTalk fast-switching. [CSCdi69886]
The AT Domain system process is always started on system bootup, whether or not it is needed. There is no operational impact. [CSCdi71120]
When using ARAP on a terminal server you may experience issues with modem answering calls with no connection. Reloading the router will fix the problem [CSCdi73132]
ipNetToMediaTable entries created via ATM-ARP have ipNetToMediaPhysAddress values that reflect the VC. The values should report the E.164 or NSAP address.
For ATM SVCs, ipNetToMediaPhysAddress would contain the called party address. For ATM PVCs, ipNetToMediaPhysAddress would still contain VC #.
"show arp" command would still show VC#'s. [CSCdi39628]
When a 1000 router or a 2500 router run low on memory (less than 32K) the command 'write terminal' fails to generate any output. [CSCdi40791]
The aaa accounting commands N command is accepted, but no accounting records are generated for the individual commands. A workaround is to use per-command authorization and log the occurrence in the accounting file. [CSCdi44140]
If an snmp view which had previously been configured with the snmp-server view command is deconfigured, and then reconfigured, any snmp communities which utilized the view will no longer work. [CSCdi47796]
Multiple simultaneous copy operations to the Flash devices on a Cisco 7500 router (bootflash:, slot0: and slot1:) cause the router to crash. This happens only when more than one user is logged in to the router (for example, one at the console and one via Telnet) and both are trying to perform a copy tftp flash at the same time. This is true even if the two users are trying to write to different devices. [CSCdi50888]
The boot config nvram: configuration command, which was added for the RSP platform, interacts improperly when the service compress-config command is enabled. The boot config command causes the NVRAM to lock up, and the router must be rebooted to free the NVRAM. [CSCdi52587]
When using a Secure Dynamics TACACS+ server for authentication, the server might ask the user to stop and wait for the next token. The user must press any key or provide some sort of input at least every 30 seconds, or the router will time out the user. [CSCdi55474]
When "hold-queue out" command is entered, "show int" reflects the new hold queue value. After "wri mem" and reloading the router, "hold-queue out" disappears from the configuration and "show int" shows the default hold-queue out setting of 40. The "hold-queue out" command has to be reentered everytime a reload happens. [CSCdi58292]
An RSP router can crash with a "reserved exception" error because of a software error or an error in the microcode for an interface processor. More than one problem can generate a similar error message and stack trace, which can make this problem hard to track down. See also CSCdi58999, CSCdi60952, and CSCdi60921. [CSCdi58658]
RADIUS Accounting packets sent by the cisco IOS do not include an Acct-Delay-Time attribute, which may cause some billing systems to compute incorrect charges if the Accounting-Request needs to be retransmitted for an extended period of time. [CSCdi60959]
service password-encryption can't be used with key-string in 11.1(4.2)
The router will attempt to re-encrypt an encrypted key-string when it's read into the running configuration.
Work around is:
1- don't use "service password-encryption"
2 - or don't use "key-string" [CSCdi62490]
Occasional SNMP linkDown traps coming from Ethernet interfaces in which the variable locIfReason (the reason why it went down) says, "Keepalive OK." These traps are due to the interface momentarily and harmlessly losing carrier. You can ignore them. If they become a nuisance, you can remove them by issuing a no snmp trap link-status command. [CSCdi63434]
Temporary access-list created through lock-and-key services currently may not be manually deleted. That is to say, the command "clear access-template acc-list-number access-list-name src-addr dest-addr" does not delete temporary access-lists due to errors in parsing the addresses of the source and destination.
However, this lack of functionality does not seriously compromise the security of a system since the temporary access-lists will be deleted by the system when the idle timeout is reached or the maximum time of existence for the access list is reached. If it is felt that a system is compromised without use of this command then it is recommended that these timeout values be configured to be small values. [CSCdi65615]
When using AAA authentication for enable passwords, the HTTP server in the IOS will never allow a user to access it. [CSCdi66938]
Shaping of traffic in optimum and flow switching is not implemented at this time. Traffic moving from an input interface which is optimum/flow switched to an output interface which is traffic shaped will therefore not experience traffic shaping. [CSCdi67120]
'telnet transparent' in 'line vty' settings causes HTML pages to appear to lose some of the characters in the displayed page due to null characters in the page output. [CSCdi68224]
The IOS implementation of RADIUS does not support the Framed-Netmask radius attibute. A workaround is to include the equivalent Framed-Route attribute instead. (Instead of Framed-IP-Address = 1.1.1.1 with Framed-Netmask=255.255.0.0, use Framed-Route=1.1.0.0 255.255.0.0) Note that only ONE per-user route is permitted in current versions of IOS, so you cannot combine a Framed-netmask with a Framed-route. [CSCdi68264]
Release 11.2(0.25) RSP crypto images cannot use a VIP2-based software engine. You can configure encryption using interfaces on Cisco 7500 serial routers that are not on a VIP2, but do not configure encryption on interfaces that are on a VIP2. [CSCdi68697]
When a server has multiple entries defined in the DNS, Tacacs+ will normally try each of these aliases in turn when trying to open a connection to a daemon.
If a daemon returns an error after a connection has been successfully established however, no more aliases for that daemon will be tried. Instead the daemon will try the next server configured in its list of servers.
One workaround is to order the list of tacacs-server hosts configured on the NAS to increase the likelihood that the desired daemon will always be selected. [CSCdi68816]
When using Tacacs+ with a daemon which does not speak the new revision of the protocol (e.g. v2.1 or CiscoSecure 1.1) the system will automatically switch to using the old version of the Tacacs+ protocol. In doing so, it may fail to re-establish its connection to the daemon and will output the error message "no address for get_server". [CSCdi69012]
Crash on a 2511 at acct_cleanup(), System restarted by bus error at PC 0x30B65F4, address 0xD0D0D29. The router is running IOS 11.1(5). [CSCdi69068]
The command debug chat line x and parser do not display the chat script components correctly if the octal 7 or 8 bit xxx format is used to specify a byte greater than 0 x7f. [CSCdi69149]
The IP address of the dialup interface that is trying to acquire a temporary IP address for the peer, is not being used as the source of the DHCP proxy client packets sent from the Access Server. [CSCdi69448]
The IOS implementation of RADIUS does not include the Acct-Authentic attribute in accounting packets. [CSCdi69855]
On some devices, SNMP GetNext requests performed on the CISCO-CDP-MIB can cause the device to pause for an extended length of time. [CSCdi69892]
AAA authorization and accounting transactions to the TACACS+ server can be delayed by 9 seconds if DNS is not configured on the router. Workaround is to enable the global configuration "no ip domain-lookup". Whenever the router needs to establish a connection to your Tacacs+ server, it will attempt to look up your server's IP addresses.
If the IP address of your Tacacs+ server does not exist in your local host table and you do not have DNS configured, you may experience a 9-second delay before connecting to the server.
To resolve this problem, do at least one of the following:
1) add "no ip domain-lookup" to your configuration. 2) add the IP address of your Tacacs+ server to your local host table. [CSCdi70032]
TACACS+ accounting will include an attribute "address", which is not defined in the tacacs+ specification. The correct attibute name is "addr". [CSCdi70146]
Chat scripts cannot send a NULL byte out on the async line. IOS chat scripts do not support N escape-sequence which has been used conventionally for this purpose. [CSCdi70330]
If a new MIP channel group is added after a microcode reload has been performed the system must be rebooted to ensure correct operation. [CSCdi70909]
If you have a standard SunOS/Solaris Telnet server, and if the NAWS option is mistakenly sent, the Telnet server hangs instead of ignoring NAWS. [CSCdi71067]
The interface input abort counter is not cleared by the clear counters command. [CSCdi71256]
The system may occasionally produce the following error message:
%SYS-3-MGDTIMER: Running parent with no child
This message is cosmetic in nature and has no impact on the health of the system. There is no workaround to this problem. [CSCdi72401]
If a system is configured to be both an NTP broadcast client (using the "ntp broadcast client" configuration) as well as an NTP unicast client (using the "ntp server" configuration), and the unicast server is also acting as a broadcast server, the system will not synchronize with the server at all.
The workaround is to configure the client as either unicast or broadcast, but not both. It may also be necessary to remove and reconfigure the "ntp server" configuration if the system is to be a unicast client. [CSCdi72452]
The command ntp broadcast is not configurable on fast ethernet subinterfaces for both isl and 802.10 vlan encapsulation. [CSCdi72703]
The first attempt to use a menu command fails authorization as it should, but subsequent attempts succeed. [CSCdi72822]
DECnet may fail to work properly when using an area number of 63 for L2 routers. The symptoms are being unable to ping (decnet) between two area routers, one of which is using area 63.x, and having the show dec command report that the 'attached' flag is false even though the show dec route command shows routes to it. The workaround is to use the decnet attach override command to force the router into an attached state. This command is available in Releases 10.2(7.3), 10.3(4.4), 11.0(0.13), and all versions of Release 11.1 and higher. [CSCdi69247]
The router will crash if you issue a command line that is an alias and that is greater than 256 characters in length after the alias is expanded. [CSCdi63994]
Under some circumstances, the AS5200 may run low on memory or may run out of memory after processing more than 11,000 calls. A small amount of memory may be lost under two conditions, only when aaa new-model is configured: when a user hangs up at the "Username:" prompt, or when a user successfully autoselects with the autoselect during-login command configured. [CSCdi67371]
When a show ip arp command is executed on the router, the router sends DNS lookups under following conditions. This is a cosmetic bug in the parser code.
Router#sh ip arp ? Ethernet IEEE 802.3 H.H.H 48-bit hardware address of ARP entry Hostname or A.B.C.D IP address or hostname of ARP entry Null Null interface Serial Serial cr
RioGrande#sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.51 - 0000.0ca0.5d00 ARPA Ethernet0/0 Internet 10.6.1.71 1 0000.0c07.9b41 ARPA Ethernet0/0
RioGrande#sh ip arp 0000.0c07.9b41 Translating "c07.9b41"...domain server (255.255.255.255)
Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.71 1 0000.0c07.9b41 ARPA Ethernet0/0
Router#sh ip arp 10.6.1.71 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.71 2 0000.0c07.9b41 ARPA Ethernet0/0 RioGrande#
Router#sh ip arp e 0/0 Translating "e"...domain server (255.255.255.255)
Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.51 - 0000.0ca0.5d00 ARPA Ethernet0/0 Internet 10.6.1.71 8 0000.0c07.9b41 ARPA Ethernet0/0 [CSCdi68767]
A message warning of low or exhausted stack space for the LLC2 Timer process will appear if the router is experiencing this problem. [CSCdi44511]
An SDLC PU2.0 link station on an APPN DLUR router may get stuck in the "starting" state if "no connect-at-startup" is not specified on the link station definition. (If the user does not configure the PU2.0 link stations, they will be dynamically created.) [CSCdi56633]
With Release 11.0 and a direct Escon-attached CIP, the host may "box" the CIP if the router is reloaded without the CIP being varied offline. This problem has not been seen with CIPs connected through a director or if the CIP is taken offline before the router is reloaded. The workaround is to vary the device offline before reloading the router. [CSCdi59440]
When the PS/2 Link Station Role is configured as Negotiable, the XID(3) Negotiation may not complete. The workaround is to configure the PS/2 Link Station Role as Secondary. [CSCdi60999]
When running CIP SNA over DLSw, the LLC2 control blocks may not get freed even when the LLC2 session is lost and the DLSw circuit is gone. The workaround is to reload the router. [CSCdi62627]
Extraneous XID packets could cause the following message to be displayed:
This was an annoyance and the message was eliminated. [CSCdi64207]
Change mib to add tn3270sRunningTime and make some names more meaningful. "Deprecate tn3270sLuLastEvent. Added ciscoTn3270ServerMIBGroupObsolete. Modified SYNTAX clause for tn3270sLuAppnLinkIndex. Introduced tn3270sRunningTime. Replaced tn3270sStatsInboundTransactions, tn3270sStatsOutboundTransactions, tn3270sStatsSampledInboundTransactions, tn3270sStatsNetSampledInboundTransactionRespTime, tn3270sStatsSampledOutboundTransactions, tn3270sStatsNetSampledOutboundTransactionRespTime, with tn3270sStatsInboundChains, tn3270sStatsOutboundChains, tn3270sStatsSampledHostResponses, tn3270sStatsNetSampledHostResponseTime, tn3270sStatsSampledClientResponses, tn3270sStatsNetSampledClientResponseTime respectively. " [CSCdi67808]
Direct encapsulation over Ethernet, Token Ring, Loopback blocked at the parser level. These options are not supported. Configuration commands will no longer allow these options.
Crash in the managed timer, with respect to dlsw, has been fixed. [CSCdi67926]
dlsw with frame relay pass-thru fails to bring up a netbios windows nt session. [CSCdi68970]
Dynamic Peer configured in the 'dlsw remote-peer' command, never gets connected. The dynamic peer options dynamic inactivity and no-llc are broken.
Backup Peer linger option is broken. The default and zero linger time are not working correctly.
Other 'dlsw remote-peer' options, destination mac address exclusive (dest-mac) and destination mac address exclusive list (dmac-output-list), are not present. [CSCdi68995]
The router crashes when NSP is configured and is trying to connect back to the owning host. [CSCdi69231]
SNA and NetBIOS session do not connect using DLSw FST (Fast Sequenced Transport) over SMDS WAN media. [CSCdi69766]
7000/RSP routers that have mixed non-VIP/VIP interfaces (e.g. TRIP and VIP-4R in the same router) may crash when configuring/unconfiguring SRB. [CSCdi69873]
When using fast-switched DLSw+ (FST, direct encapsulations) in environments in which the number of source-route bridge hops between the source station and the DLSw+ cloud differs from the number of source-route bridge hops between the destination station and the DLSw+ cloud, the Source MAC Address may be altered. This will, in many situations, adversely affect connectivity between the two end stations. [CSCdi69891]
The APPN sub-system may reject a VDLC port definition when removing it and adding it back. This only occurs if you have a single VDLC port definition in APPN and no link station active and no link station definitions. To have the system accept the definition you will need to stop and start APPN. [CSCdi69930]
SNA alerts generated by the CIP TN3270 Server get corrupted and dropped by the IOS. Such behavior can prevent the alerts from being forwarded to the host. [CSCdi70208]
Router interface operating in an SDLC secondary role will not respond to TEST P. [CSCdi70562]
DLSw may fail to carry circuits when the interface command source-bridgelocal-ring bridge target-ring is removed and then re-added. [CSCdi70595]
When using DLSw FST, end user sessions may not switch over to an alternate lan or peer path following a connectivity failure. [CSCdi70709]
DLSw+ MIB: ciscoDlswTConnConfigOpens is always returning 0. ciscoDlswTConnConfigOpens should be returning the number of times the DLSw+ peer entered into the connected state. [CSCdi71150]
If the MTU on a remote link exceeds 1500 bytes, no connection can be established. The workaround is to reduce the MTU size on the remote link. [CSCdi71760]
When establishing an LU session with the APPN/DLUR router, the downstream LU session may display a x'20110000' pacing protocol error and unbind the session. The APPN/DLUR router was performing pacing incorrectly on the secondary stage. [CSCdi71834]
dlsw fst rsp 7500 token ring input queue on token ring wedged. [CSCdi71840]
When segmentation or reassembly is involved in a DLUR-managed LU-LU session (that is, the MTU for the downstream link to the PU is smaller than the MTU for the upstream link toward the host) and the RU size is larger than can be transmitted in a single frame (most common with IND$FILE transfers from a PU to the host), the router may reload with an "intermediate_reassembly" or a memory corruption stack trace. [CSCdi72260]
DLSw MIB variable ciscoDlswTConnConfigSapList reports the saps configured on the remote peer instead of the local peer. [CSCdi72492]
A bug introduced by CSCdi69231 may cause NSP to stop working. The images affected are 11.0(11.2) 11.1(6.2) 11.2(1.1). The following messages may display when NSP stop working: SNA: Connection to Focal Point SSCP lost. The above message appears for no reason. SNA: MV_SendVector rc = 8001 [CSCdi72696]
If the ABM indicator (async balanced mode) differs between the way the APPN/DLUR feature sets the indicator and the way the attached node sets the indicator, the xid will fail with sense 10160010. While there is technically a mismatch, this problem is usually caused by incorrect xid3 implementations or bridge implementations which do not convert the indicator appropriately. Cisco NN DLUR is removing the check since it can fail a connection unnecessarily when the xid3 would otherwise succeed. [CSCdi73143]
An APPN/DLUR router cannot establish an lu-lu session with a downstream DSPU router. The bind sent by the host is rejected by the DLUR with a x'0806002b' sense code. [CSCdi73494]
Due to a bug, appn link station can not be defined as "auto-activateable" link. [CSCdi73918]
There is a problem with the SNMP Packets in counter on token ring interfaces of Cisco access routers (4000, 2500 series) which can cause these counts to be inaccurate on the low side. In the case of relatively inactive token rings, this counter can actually underflow, causing SNMP to report that a very large number of frames have come into the interface. [CSCdi21699]
2500 token ring interface will not try to reinsert into token ring hub after one failed attempt. [CSCdi41499]
A 'write erase' (return to initial configuration) on a 2500 or 4500 has been observed to result in fair queuing being disabled rather than being enabled, but only on serial port 0. [CSCdi46850]
Customer is trying to migrate from ags+ to 4700. They have know problem(s) with excessive collisions on 2 ethernet segments.
However, interfaces did not go down on AGS+ or other 7000 routers (showing excessive collissions, (rate in excess of 10%) as is the case with the 4700 router with NP-6E card.
Using AM79970 chipset. Also seeing similiar manifestations as in CSCdi51927 where output of 'sh cont eth is showing 'link state down' while sh int eth sho up/up for state and we're seeing packets inbound/outbound on the interfaces respectively. [CSCdi49380]
Fast-switching of ISL encapsulated IPX packets does not work on the c7200 platform. The workaround to this caveat is to disable fast-switching of IPX packets using the no ipx route-cache interface sub-command. [CSCdi61366]
When you perform buffer changes on a serial interface with SMDS encapsulation, the changes are not taken into account after a reload. [CSCdi62516]
SRB fast-switching is not working in 11.1 or 11.2; SRB traffic is always process-switched through token-ring interfaces [CSCdi62974]
The source-bridgering-number command allows you to configure a ring-number mismatch. The workaround is to make sure that all bridge devices on ring use same ring number. [CSCdi63700]
Bridging between sde encaps and atm (or any encap that we define interface flag span_process_bridge_force such as smds frame relay, X25 )such that slowswitching is the forced output bridging mode, the transition from sde encaps TO a forced slowswitch output encaps (such as atm in 103 code) does not properly prepare this packet for process level. [CSCdi65959]
SRB over VIP interfaces cannot be configured (i.e. SRB cannot be used) [CSCdi68885]
IRB does not work over ATM interface with RFC1483 encapsulation for Appletalk and IPX SNAP and SAP encapsulations [CSCdi68890]
Using 802.10 encapsulation on FDDI trunk port, 4700 router cannot form OSPF neighbour adjacency with other routers on the other side of Catalyst switch connected via 10BaseT.
Configured bridge-group under the fddi subinterface, OSPF works ok in all routers. [CSCdi68923]
Small and middle buffers leak when transparent bridging on ATM is enabled. [CSCdi69237]
Misaligned data accesses in the packet data may negatively affect CPU usage on RSP based platforms when handling SAP or SNAP frames. [CSCdi70402]
When an arp packet is received from the ATM interface, the router sends out a total of two arp packets to the Ethernet interface. [CSCdi70533]
The c7200 token ring interfaces may become hung when under very high load. The only know work around is clear interface token x/y. [CSCdi70675]
Routers are responding to packets not destined to them because of ISL encapsulation. This creates routing loops. [CSCdi71152]
When using custom-queueing feature in conjunction with payload compression on HDLC or Frame-relay encapsulations, traffic regarded as "low-priority" by custom-queueing would be passed uncompressed. This resulted in lower- than-expected compression ratios.
Please note this bug never existed in versions 11.0. It is not an error that this patch was not applied to that source-tree. [CSCdi71367]
Token ring interfaces on the c7200 that are configured for both routing and source-route bridging will incorrectly bridge broadcast multiring packets. [CSCdi71398]
When Integrated Routing and Bridging is configured, packets with size less than 60 bytes sourced by the BVI interface and going out an atm bridged interface will become runt ethernet packets without padding inside the rfc1483 header. [CSCdi71614]
The show ip eigrp topology command should show the administrator tag.
Also need DDTS CSCdi77369. [CSCdi34362]
In an area with more than one area border router (ABR), the Open Shortest Path First (OSPF) routing protocol does not delete old network/mask combinations from the routing table when you change masks for networks or subnetworks in the configuration. The workaround is to issue the no ip address command before issuing the ip address command to change the mask. [CSCdi61022]
The IP source address on syslog messages generated by the router cannot be sourced from the same IP address every time and instead are sourced from the IP address of the interface from which the packet leaves the router. [CSCdi63582]
RESV messages do not seem to be getting sent out for unicast sessions even though a sender state exists. [CSCdi63660]
This problem happens with IP tunnel. When the route used to reach the tunnel's destination is pointing to the Null interface, SYS-2-GETBUF messages will appear whenever a packet is sent over the tunnel.
Besides the messages, there is no bad effect on the network.
The workaround is to remove the route pointing to the Null interface. [CSCdi65475]
IPX Enhanced IGRP updates do not propagate if the MTU size is less than the IPX Enhanced IGRP packet size. [CSCdi65486]
When the router performs DNS name lookups of nicknames, the canonical name is stored in the host name cache, so repeated uses of the nickname will require queries to the name server rather than being satisfied from the name cache.
Note that releases 11.0(11.1) and 11.1(6.1) contain the fix for this ddts may reload when doing DNS name validation. Check CSCdi70707 and CSCdi71158. Releases 11.0(11.2), 11.1(6.2) and any 11.2 are fine. [CSCdi66910]
When non-DC (Demand Circut) capable router is rebooted with DC capable image, the DC feature may not come up properly. [CSCdi67638]
RIP v2 updates are not received on passive interfaces. [CSCdi69055]
When you issue the router static command followed by the no router static command, the following error message are displayed:
%SYS-2-NOPROCESS: No such process 0 -Process= "Exec", ipl= 0, pid= 27 -Traceback= 137CA8 483202 1328B6 1ACBB8 DBE2E 1321B8 EC3EC %SYS-2-FREEBAD: Attempted to free memory at 474DBF, not part of buffer pool -Traceback= 123FEC 48329C 1328B6 1ACBB8 DBE2E 1321B8 EC3EC [CSCdi69228]
A router interface that has joined the cisco DISCOVER auto-rp group can only delete membership from that group by unconfiguring PIM on that interface and then rebooting the router. A different interface will then join that group (224.0.1.40) if it is configured using the command ip pimmode. [CSCdi69269]
PIM-NBMA mode will not allow population of outgoing interface list with neighbors that are also on the incoming interface list. The result is that joiners on a single NBMA interface may not be able to exchange traffic with other joiners on the same interface. This only affects interfaces in sparse-mode. [CSCdi69298]
A mechanism to prevent summaries from being injected into NSSA for OSPF NSSA needs to be created, and inject a summary default into NSSA instead. A command, such as areaarea-idnssa needs to be created. [CSCdi69302]
An OSPF area border router does not generate an indication LSA correctly if it is attached to three or more areas. [CSCdi69676]
Traffic belonging to a flow that has an established (RSVP) reservation in a router can cause a 'divide-by-zero' error, causing the router to reload. [CSCdi69860]
BGP will not be able to establish a password-protected session with a peer when service password-encryption is configured, the configuration is written to NVRAM, and the router is reloaded. A workaround is to remove the password encrytion and re-enter the passwords as cleartext. [CSCdi69978]
When a data packet arrives on an outgoing interface of a (*,G) entry, the router would create a (S,G) RPbit entry, and send an RP-bit assert. This assert is looped back to itself. It should match this assert on the (S,G) RP-bit just created and schedule to prune this outgoing interface in the (S,G) PR-bit outgoing interface list, instead of in the (*,G). [CSCdi70098]
Clearing an IP host route (i.e. 10.1.1.1/32) learned by OSPF out of the IP routing table can take a long time for the network route (i.e. 10.1.1.0/24) to reappear in the table when done on a stable network, and when only the net route, not the host route, exists in the table. To avoid this problem, clear the network route exactly as it appears in the IP route table; do not clear the host route. [CSCdi70175]
OSPF ABR will generate summary for subnet of connected point-to-point interface with wrong cost. The wrong cost is twice as much as the actual OSPF cost of the interface. In topology with more that one ABR, this could create routing loop for the point-to-point interface subnet. In order words, attempt to telnet or to ping the point-to-point interface address from a different area could fail, but the router could still be accessed through other non-point-to-point interface addresses on the router.
There is no workaround. [CSCdi70406]
If bridge is enabled on an interface where HSRP is also configured, both active and standby routers start to forward packets when primary active router that has gone down comes back to life . [CSCdi70693]
Using ip pim send-rp-announce with a group access list that contains entries with zero wildcard masks will result in the first such entry being omitted from RP Announcements. [CSCdi70807]
When virtual link is configured in OSPF, the adjacency over the virtual link will keep flapping if only one of the end points of the virtual link is running OSPF DC-capable (11.2) image.
There is no problem if both end points are running OSPF DC-capable image or both end points are running OSPF non-DC-capable image.
This is no workaround. [CSCdi71021]
Static hosts can only be displayed but will not be used or deleted.
The patch for this ddts causes CSCdi73022. [CSCdi71096]
RSVP PATH messages that need to be UDP-encapsulated are not built correctly. As a result, a receiver who's expecting to receive such packets will reject them. [CSCdi72162]
show ip sdrgroup does not display entries for which group matches a group address in the media list. [CSCdi72191]
The system suffers a gradual loss of free memory whenever ip sd listen or ip sdr listen are enabled. [CSCdi72863]
Use of the DNS Name Service for alias lookups causes the router to reload. Lookups of canonical names do not exhibit this problem. [CSCdi73022]
The password configured in a BGP peer-group will not be used by members of that peer-group. The workaround is to manually configure the password for each neighbor in that peer-group. [CSCdi73179]
If the IS-IS or NLSP Designated Router goes down, there may be a delay of 10 seconds or more before routing converges again. There is no workaround to this problem. [CSCdi72234]
When translating LAT to PPP under Protocol Translation, data sent from translator may be lost, causing the PPP negotiation to fail and the LAT session to be disconnected. [CSCdi46164]
ipx show commands incorrectly displayed novell encapsulation for serial interfaces when their novell encapsulation was not specified. [CSCdi65771]
Every time the router receives a sap update..the age timer in show ipx serv det' resets to 0. This is a cosmetic bug does not affect any performance. [CSCdi66723]
SPX spoofing might cause a reload due to a software-forced crash. A workaround is to disable aging of the SPX table by entering the following commands: ipx spx-spoof session-clear 0 and ipx spx-spoof table-clear 0. [CSCdi68150]
When using the 'ipx route default' command, IPX Netbios (type 20) packets are still dropped on a router if the source route is not known and the default route is known. It is strongly recommended that when forwarding IPX NetBIOS broadcasts that the extra input and output checking be enabled. The commands to do this are ipx type-20-output-checks and ipx type20-input-checks. [CSCdi68151]
When enabling debug ipx nlsp (network#), the system erronenously states "ipx nlsp debugging disabled for net (network#)" This may cause a spurious memory access. [CSCdi68918]
If SPX spoofing fails to send a keepalive a traceback message will be display on the system console. [CSCdi69062]
IPX NetBIOS packets which are filtered by router netbios filters do not get freed and may stay in system memory. [CSCdi69212]
When using EIGRP as a routing protocol show ipx server may display an incorrect negative metric. This error in the display does not affect operations. [CSCdi69226]
ipx interface subcommand 'no ipx route-cache' has no effect on the router if there is not an ipx network already configured on the interface. Normally, this command should disable fast switching on the interface as well as all its subinterfaces even though the primary interface has no ipx network configured. [CSCdi69726]
High end Cisco routers may send XNS RIP update packets too quickly for older host to receive. A new global command XNS RIP-DELAY will be added to increase the interframe gap to at least 1ms between XNS/RIP update packets. [CSCdi70357]
Under certain circumstances, some IPX services learned via NLSP may not appear in the service table. There is no workaround to this problem. [CSCdi71036]
Once the apollo network number is configured in the interface, it cannot be removed or modified. [CSCdi71716]
XNS RIP periodic routing updates may not be sent at regular 30 second intervals. [CSCdi72104]
Some Service Advertisement Protocols (SAPs) might not be seen if an interface is flapping while running IPX Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) and the ipx sap-incremental command is configured. As a work around, clear the IPX Enhanced IGRP neighbors. [CSCdi72438]
"show translate" may incorrectly indicate the number of active users for translations using TCP as the inbound protocol, if TCP connections fail to be set up properly. [CSCdi70265]
Using one-step Virtual Async Protocol Translation, the PPP/SLIP banner will not display (IP address, MTU size, etc.) but the PPP/SLIP link comes up fine. There does not seem to be a pattern although it happens sporadically. [CSCdi71495]
RSH commands executed to the router without a controlling shell only return the first 1608 bytes of data. [CSCdi69424]
The fix of CSCdi66910 introduced this bug and CSCdi71158, system may reload when doing DNS name validation. There is no workaround. [CSCdi70707]
Certain invalid TCP SYN packets can cause infinite looping in the TCP code, either within a single system or involving continuous packet exchange between two systems. This results in serious performance degradation or complete system lockup. Such SYN packets are not sent by normally functioning TCP implementations, and would be unlikely to be generated by any innocent TCP bug or misconfiguration... but might easily be generated by malicious system abusers. One particular case of such a packet is the attack packet sent by the "land.c" program. See http://www.cisco.com/warp/public/770/land-pub.shtml for more information on the land.c attack. [CSCdi71085]
Under unusual circumstances, if the keepalive sequence values between mineseq and mineseen vary by greater than three the line protocol will stay up instead of bringing the line down.
The workaround for this is to shut and no shut the interface. [CSCdi31415]
When a PPP connection on any serial interface finishes negotiating the IP address, an attempt is made to generate a 'gratuitous' ARP (an unsolicited ARP reply) on all other interfaces with IP enabled. This can result in extraneous trace messages as well as error messages reported on other hosts on attached LANs. In a future release of IOS, this sending of 'gratuitous' ARPs will be limited to appropriate LAN interfaces and only when no other mechanism is available. [CSCdi48137]
Although it is not common to deconfigure the pri group ('no pri' command) while all of ISDN calls on B channels are still active, we still need to make sure that this action will not cause the router to crash. This action is timing related. Therefore, it may not crash the router all the time. [CSCdi58907]
X25 parameters ignored at startup in some cases. Config is still correct though. [CSCdi60529]
Show dialer will not display the correct idle time for link in a multilink bundle.
For PRI, sync or async interfaces that are have ddr configured and are part of a multilink bundle: 1. execute show ppp multilink to find the master link for the bundle 2. Look at the idle timer for this link when executing show dialer. This is the correct idle timer for the bundle.
No workaround for BRI. See CSCdi57326 [CSCdi60809]
RFC 1577 and LANE applications get blocked because of a difference between the VCD known by different parts of the software. This problem has been reported with both RFC 1577 and LANE applciations and in Releases 11.0(8) and 11.1(4). [CSCdi61979]
Radius is incapable of providing out-going authentication information. A seperate AV pair needs to be implemented, that will pass a clear text password from the Radius server back to the NAS/Gateway. This password will be used in turn for the CHAP-style authentication of the tunnel. [CSCdi62277]
When an appletalk address is configured to a virtual template interface, all the active virtual access interfaces cloned from it will go down. [CSCdi62428]
When the router is acting as an X.25 DCE, it will sometimes fail to encode a facilities length field in a switched call connected packet. Some attached DTE's may then clear the call with a diagnostic code of 38, packet too short. This behavior was introduced in 10.3(12), 11.0(9), and 11.1(4). [CSCdi63831]
The L2F implementation does not fully match the RFC's description of sequence number handling. This can cause incompatibility with other vendor's implementations. [CSCdi63923]
Exec command Slip /compress and the exec command PPP /compress don't correctly turn on TCP/IP header compression if configuration command service old-slip-prompts is in use, with the async interface configured with ip tcp header-compression passive. [CSCdi64325]
A router configured with Frame Relay Switched Virtual Circuits (SVCs) may reset if the frame relay switch is improperly configured and multiple Call Setup messages sent from the router in a very short time frame.
The workaround is to make sure that the swwitch is functional before attempting calls from the router. [CSCdi65662]
The Lan Extension (lex) interface will not function correctly will this release of the IOS software. The symptoms are as follows: The lex NCP will negotiate and set the lex interface state to up. The show controller lex X (where X is the unit number of the lex interface) will print the following message "No inventory message received from LAN Extender". Turning on the lex rcmd debugging will show that every remote command is being rejected with the following message, "LEX-RCMD: encapsulation failure". There is NO workaround for this bug. [CSCdi66478]
The VIP/VIP2 IPC overlaps some TX accumulators and makes those accumulators spurious. Those accumulators are not used until the number of interfaces is more than 20. [CSCdi67842]
An APPN/DLUR router may not establish a link to an ethernet-attached 3270 workstation which sends tests and xids in both 802.3 format and ethernet 80D5 type format. [CSCdi68201]
When dialing into the AS5200 from an I-Courier modem over sync ISDN and then starting a PPP session, the router may crash. This occurs only when login is done on a non-async interface and when extended TACACS is enabled. A workaround for non-async interfaces is to use AAA/TACACS+. [CSCdi68257]
autodetect encapsulation v120 ... does not correctly sense V120 calls. [CSCdi68446]
ISDN BRI boxes currently support France switchtype VN3 and no changes are required to support VN4. Customers should see no difference and should continue to use VN3 switchtype on the router. [CSCdi68605]
At NET5 homologation testing for we failed a test for invalid bearer cap. This was caused because we were accepting a trasnfer rate of 384 kbit/sec. The call should be rejected with a cause of Incompatible Destination. There is no workaround. [CSCdi68630]
This problem is that an AAL5-ABORT frame is always followed an OAM cell. This problem happens on 4500 and 4700 when a F5 cell is sent out. This problem is known and to be fixed in the future release. [CSCdi68675]
Release-note With cpp, we will only be compatible with the remote combinet unit if it uses novell-ether ipx encapsulation. We will not support arpa, snap or sap ipx encapsulations at this time. [CSCdi69187]
ATM F5 OAM segment cells are received by c4500/c4700 as user data cells. As a result, an F5-segment-loopback ping will not succeed. In ATM LANE environment, LE Client up/down state change may occur if a c4500/c4700 receives a F5 OAM segment cell. But Cisco Systems is unaware of any other environments in which network function is seriously impaired. The correct router behavior would identify ATM F5 OAM segment cells and support F5 OAM segment loopback service. Cisco Systems expects to resolve this behavior in a future maintenance release. [CSCdi69513]
DlSw router with token-ring starts sending frmr responses without i-field, to sna devices, bringing down the llc2 sessions. Reload temporarily fixes. [CSCdi69576]
When the configuration command 'ppp authentication xxx' is applied to any PPP interface, the connection will be reset to apply the authentication change. If command is applied to a group-async interface, then all member interfaces will be disconnected. This behavior is caused by the fix for CSCdi59213. In a future release, the connection will only be reset if there was no PPP authentication configured and the 'ppp auth xxx' command is entered. [CSCdi69680]
On certain platforms, entering a ip address configuration command while the interface is connected to a SLIP or PPP peer may cause a software-forced reload. [CSCdi69809]
A neighbor route is not installed for PPP connections over an async or a vty-async connection. This defect was introduced by the fix for CSCdi50490. [CSCdi69919]
The system can unexpectedly restart if an outgoing PAD call is placed on an X.25 logical channel that experiences a call collision, when acting as an X.25 DCE. [CSCdi69963]
The aaa authorization global command does not work over VPDN. If you use it, VPDN users will not able to connect to the home gateway. The workaround is to configure both the vpdn force-local-chap and aaa authorization commands, which causes AAA authorization to work normally. [CSCdi70148]
A PPP line that is looped back will not be explicitly reported in the debug trace. [CSCdi70395]
Using TACACS+ with dialback over a rotary group causes the authorization to fail for the user when the callback script aborts or finishes incorrectly, so failover to another line of the rotary occurs. The call is made, but an internal error occurs when debugging TACACS+. [CSCdi70549]
misalignment error is detected when fastswitching from vines, ipx to serial encaps like hdlc, frame relay. If fastswitching is disabled, no such an error is detected. [CSCdi71261]
ISDN BRI routers may have problems bringing up multiple B-channels to the same destination. The router and PBX may also get into a Layer 3 state mismatch and continuously exchange Layer 3 messages. [CSCdi71333]
When a RELEASE COMPLETE mesage is received from the network and the Q.933 state machine is in the CALL_PROCEEDING state, the RELEASE COMPLETE is treated as an unexpected message causing a STATUS request to be sent out. This causes the network to send out another RELEASE COMPLETE and the sequence continues. There is no workaround. [CSCdi71492]
Occasionally, when a serial interface is shutdown, frame relay switched virtual circuits are not released. The show frame-relay map will then indicate that the SVC is defined and active. [CSCdi71676]
the restart ack messge we sent out in responsding to the incoming restart message with global call reference, we did not set the call reference value flag to 1. we did set the flag correct if it's not a global call reference. [CSCdi71883]
When configured on a point-to-point subinterface, the frame-relay ip tcp header-compression introduces an extraneous no ip route-cache command in the main interface configuration. The workaround is to re-enable the route cache manually. [CSCdi71935]
When an mtu command is applied to an ATM interface, non-default (4470) values don't take effect in 4500 and RSP platforms, if none of the sub-interfaces have a LANE client configured in them. If a change in mtu is required, then the user has to do a "no mtu" followed by "mtu " to have the desired result. This will be fixed in the next release. [CSCdi71966]
If the peer attempts to negotiate an unacceptable STAC history count or check mode, the debug trace will indicate that a Configure NAK will be sent back, but the actual option contents will not be modified with the acceptable history count or check mode. Typically, the peer will repeat its Configure Request ten times and then give up on CCP/STAC. [CSCdi72385]
this warning message confuse users: %ATM-4-UNMATCHUNIVERSION: rcv non-0 NUU in BeginPdu at UNI 3.0. Please ver ify peer UNI version
this is because sscop comes up with the default uni version before ilmi gets the peer uni version from the other side. when ilmi finally receives the peer uni version, sscop will tear down the connection if uni version unmatch and restart a new connection. [CSCdi72457]
If a looped line condition is detected during PPP LCP negotiation, debug messages will be output, but the line status will not be changed. [CSCdi72719]
An async PPP interfaace does not correctly support a reduced MTU using the 'mtu xxx' interface configuration command. Problems will appear when attempting to upload files or other large transactions. [CSCdi72866]
Code changes required for Australia TS013 BRI homologation. [CSCdi73207]
Routers with ISDN BRI interfaces using basic-5ess, basic-dms100 or basic-ni1 may have the first call attempt fail. This is because the Spid, if configured, should be sent out before the call request (Setup message) or before the call is accepted with the Connect message.
The first call will fail with a cause of "Requested Facility not subscribed". Addtional calls will work fine, but the first call fails. [CSCdi73750]
When bidirectional PAP authentication is enabled on a PPP link, the router may ignore the PAP response from the peer, timeout, and send another PAP Authentication request. A peer that is compliant with RFC 1334 will respond with the same PAP response. The result, typically, will be a three-second delay in negotiation. Some PPP implementations appear to be non-compliant and refuse to respond to the second PAP Authentication request. This defect will be fixed in a future release 11.2 IOS. [CSCdi74000]
When doing a 'wr term', 'wr mem', or any other command that creates the running configuration, the word 'outbound' may be appended multiple times to various lines in the configuration. This will cause those configuration commands to fail if they are fed back into the command parser, for example if you do a 'wr mem' followed by a reload. This defect was added in 11.2(1.3) and will be removed in a future release of 11.2 IOS. Note that the router is fully functional, but configuration changes should not be saved until a fixed version of IOS is loaded. [CSCdi74030]
This section describes possibly unexpected behavior by Release 11.2(11)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(121P.
If modem startup-test is configured on an AS5200, and if the AS5200 has 56k modems installed, then the startup test will interfere with the modem DSP code download. This can result in excessive delays in the DSP download, and sometimes in DSP code download failures. For example, one may see:
Nov 6 18:11:49.715: %MODEM-5-DL_DSP_START: Modem (2/4) started DSP download [...] .Nov 6 18:21:27.798: %MODEM-5-DL_DSP_GOOD: Modem (1/15) completed DSP download: MNPClass10K56flexModemRev3.1.30/85
i.e. an interval of many minutes between the start and completion of the DSP download.
Conditions:
AS5200 with 56k (Rio) modems.
Workaround:
no modem startup-test [CSCdj58388]
If a 47 character filename is used for the modem software image, the access server may crash with a %SYS-3-OVERRUN error. The workaround is to shorten the filename to 46 characters or less. [CSCdj69312]
"show memory " can cause an RSP4 to reload if an invalid address is specified. [CSCdi78714]
CSCdj12951:Need better crash information to debug data/stack corruption crashes
SOLUTION: Write crash information to default bootflash:crashinfo in RSP and flash:crashinfo in RP. A series of "test crash" command selections are used to control and change the crashinfo collection mechanism.
The crash information contains: . up to 32 KB in RSP of errmsg log plus command history including config commands that user enters or "copy". In RP, it is 20 KB . contains up to 32 KB on RSP and 20 KB on RP for all the following informatrion . crash stack trace . crash context . stack dump at crash . dump memory for each register containing "valid" RAM address . add errmsg display on invalid length of bcopy . add two commands to "test crash" . "sh stack" will display ("cat" as in UNIX) the bootflash:crashinfo file if there was a crash. User can also do "copy flash tftp" to dump the ASCII file bootflash/flash:crashinfo to server. . the size is 16 KB of errmsg/command plus up to 16 KB of memory dump and other crash information. There is one 16 KB DRAM declared for this crash information collection mechanism. . Only c7000 and RSP are activated with new crashinfo mechanism and the 16 KB. 4500 and others will see no difference. . memory dump on malloc/free trace [CSCdj12951]
When h/w compression is enabled, packets are normally fastswitched. If the user turns off fastswitching then turns it back on, fastswitching remains disabled.
The workaround is to re-configure compression (ex, "no comp/comp stac"). [CSCdj14601]
In certain low memory cases, the initialization of the netflow cache can fail and not generate an error message. [CSCdj21130]
When a user dials a dynamic dialer map is created, and a user passes authentication even is the username on the router is lowercase and the host name of router dialing in is uppercase.
The username should be case sensitive for chap or pap. [CSCdj32650]
CDP will become enabled on PRI B channels after reload even though it has been disabled in saved configuration. Workaround is, after reload, disable CDP on the D channel again, which will be propagated to all B channels. [CSCdj50105]
rsp router may crash when copying 9699 byte file to pcmcia flash.
workaround is to change file size. ;) [CSCdj56077]
Release-note
1.Symptom
sh align Alignment data for: 3600 Software (C3640-D-M), Version 11.2(6)P, SHARED PLATFORM, RELEASE SOFTWARE (fc1) Compiled Mon 12-May-97 14:57 by tej
2.Conditions The symptom occurs only on Cisco 3640 router running Release 11.2(6)P
3.Workaround Currently no work around exists. [CSCdj57188]
The c36[2,4]0-i-mz.112-9.P images may have problems when they're copied to new (previously unused) intel 4Meg simms the first time. This possible problem is under investigation. Please look at the description for more details.
amit. [CSCdj59820]
When polling the ciscoFlashPartitionTable on a router running 11.2(9)P and 11.2(10)P the router's CPU utilization will go to 99%. Both CiscoView and the Cisco Resource Manager's Software Image Manager poll the ciscoFlashPartionTable so they will cause this behavior. [CSCdj60284]
Periodic accounting records generated by AAA do not contain input and output packet or byte counts. [CSCdj61812]
Packets might not be forward correctly and cause problems if fancy queueing (e.g. fair-queue) is enable along with compress service adaptor (CSA). [CSCdj64898]
When a user dials into an AS5200/AS5300 using ISDN, the cpmActiveUserID object in the CISCO-POP-MGMT.mib is not updated and is left blank. [CSCdj66942]
A corrupt buffer header is causing 7500 Routers to restart with bus error. This occurs about twice a day. They are running IOS 11.1.(15.05)CA. [CSCdj70296]
An enhancement made by CSCdj00796 introduced the following new command:
aaa accounting update {newinfo | periodic xx}
This command is required for the system to send interim accounting records to the accounting server.
This new behavior was introduced in the following releases:
If you are upgrading from an older release to one which contains this new command and you are using the TACACS+ update accounting packet to track assigned user IP addresses, it is necessary for you to configure the command "aaa accounting update newinfo" in order for the update accounting packet to be generated in the newer release. [CSCdj72511]
telnet tos is saved in hex format instead of decimal. riw [CSCdj73718]
If the customer has configured in the Ethernet-Control-Units a wrong mac-address as gateway-mac-address, then the router loses memory crash and restart in rommon [CSCdj61624]
In a DLSW / QLLC configuration
The "show x25 vc" displays the same vmac address used by QLLC for all x25 vc, although a different one is configured.
No operation impact. [CSCdj62689]
Heavy IPX utilization can cause TokenRing interfaces to lock-up and go into administratively down condition. In IOS 11.2(9)P. [CSCdj64218]
The work around is to turn the logg console debug in the config mode for the box: "no logg console", or to selectively turn of the interface state change debug from being printed in the console by turning of the interface state change messages: "no logg events link-status" [CSCdj25814]
A checkheaps crash on the VIP can occur with a POSIP when the line is flapping continuously. This is due to the POSIP getting reset during line up/down events. Line flapping can be minimized by disabling keepalives or reloading the one router at a time. [CSCdj26511]
After unplug/plug the cable, the atm lite interface experiences ignores at low packet rate. The workaround is to shut/no shut the interface. [CSCdj29724]
cisco has identified an issue with 4700 with Fast ethernet interface may freeze for a few seconds with Receive FIFO overflow messages.
Pending further investigation. [CSCdj45097]
On a 3600 series router, HSRP hellos are not received on a token ring interface with multiring all configured. [CSCdj47021]
When using E1 or T1 PAs in channelised mode, the non-used timeslots should be assigned to an interface with the latter put in shutdown. If not, the router may affect other used timeslots and degrade their performance. [CSCdj48322]
Decnet does not work over tokening-hssi bridge in 3600. [CSCdj50212]
Symptom : The show diag command in the cisco IOS was not able to display the port adapter type for FE-TX/FE-FX.
Further Problem description :
Analysis : This was occurring because the pas_display_pa_info function was reading the ideprom value and displaying the corresponding string from the pa_hw_desc_strings array. Since this array did not have entry for Fast Ethernets for c3600 (both FE-FX and FE-TX) therefore it displayed the string UNKNOWN for the port adapter type.
Changes to : The pa_hw_desc_strings array has been modified to include program the corresponding PA types. flow [CSCdj50944]
If bridging is turned on the router and on the interface, using no bri command on the interface will remove the bridging from the whole router. In order to remove the bridging from the interface use complete command syntex "no bridge-group 1" that will work fine. [CSCdj59771]
Symptom: The Serial Links on PA-4T+, PA-8T flap when exposed to Moderate traffic load on the VIP or the c7200. This causes spurious interface resets.
Workaround: turn off fancy queueing, i.e. use FIFO for queueing strategy. WFQ is enabled by default and should be disabled by the command: no fair. However under severe traffic conditions some isolated interface reset might be observed with the workaround being applied. [CSCdj60813]
Cisco3640's IRB does not forward IP traffic properly. [CSCdj62824]
Router crash with a bus error when configuring SRTLB [CSCdj64480]
3640 with 11.1(15)AA not allowing encaps frame-relay under the serial interface of the router. The router is configured for channelized T1. The router does accept the encaps without an error, however, it never shows up in the wr t output or the sho int serial output. Other encaps: X25 and ppp work fine under the same interfaces. [CSCdj69440]
NM-COMPR for Cisco3600 bad paeformance. [CSCdj69491]
Release-Note ------------ In rare circumstances, a 7200 containing FDDI pa's and configured for source-route bridging, will incorrectly forward an IP packet that contains a RIF field back out onto the same interface that it came. This behavior will result in IP packets "looping" around the FDDI ring until the Time To Live counter reaches 0. There is no known workaround. [CSCdj71082]
PA-8T-X21 stops transmitting LAPB frames, SDLC lines on the same PA continue to work fine ! [CSCdj73975]
PA-4T+ or PA-8T will show default clockrate when it is used as a DTE interface but before cable is connected or interface is enabled. This is because in some IOS re;eases, default is set to be DCE, and the interface will continue to act so until the interface is up and the DTE cable is detected. [CSCdj76240]
This problem only happened with any 11.2. If he downgrade IOS ver to 11.1 or change the framing & linecode at EQ side to SF & AMI, the problem went away. [CSCdj76290]
Segv exception when configuring ospf on 3620 router [CSCdj34080]
Routers running IOS 11.1(13)CA or 11.1(13)CA with IP access-list logging for inbound access-groups does not perform logging unless router is reloaded. [CSCdj40503]
In BGP, multiple conditional advertisements not supported.
No work-around at this time. [CSCdj49976]
"clear ip route" will cause dynamic routs to be lost from the routing table. This is a known problem with only work around is to clear the interface and re-initate the connection. [CSCdj59706]
EIGRP fails to redistribute static routes when the next hop is pointed to an interface. [CSCdj63538]
When using TN3270 keymaps, a keymap will not be selected based on a match of the local terminal-type name to the name in terminal type list of the keymap unless the keymap name is equal to the local terminal type.
Workaround is to explicity select a keymap-type on the line (TTY) or make the keymap name equal to the terminal type name. [CSCdj35972]
The "show controller t1/e1" command doenst display the entire information, it is supposed to during the first 15 minutes after reload on all the images from 11.2P train. [CSCdi88721]
Because of a VIP2 problem the ESA service adapter must be installed in port adapter slot1 rather than slot 0 to function properly. Use the show diag command to indicate which slot the ESA is occupying in the VIPs. [CSCdj06072] [CSCdj25563]
3640 Router with BRI interface second B-channel failed. The second B-channel failed to respond to the switch pull so the TEI is removed. First B-channel is not affected. [CSCdj33831]
Sometimes ip_get_pool will fail to assign an IP address out of a local pool, even though there are plenty of free addresses. DEBUG IP PEER will show: "ip_get_pool: As49: no address available". IPCP will attempt to negotiate an address of 0.0.0.0 for the peer, with the result that IPCP will ultimately fail. [CSCdj41331]
Problem was seen on a 3620 running IOS 11.2(8.3)P. Router has an active PRI. With (11) active layer 3 calls up, seeing the following console message:
ISDN Se1/0:23: Error: CCB run away: 0x60FD0A30
A "show isdn status" will show multiple CCBs assigned per B-channel of the PRI:
A "show isdn service" shows multiple B-channels in a "Propose" state. This means that the router is attempting to either answer or place a call on the selected B-channel of the PRI.
Customer had "compression stac" and "ppp multilink" enabled on Interface Dialer1 (ser1/0:23 in dialer rotary-group 1). This may or may not be a contributing factor. [CSCdj51452]
The command "isdn caller" does not work together with dialer rotary-group. Moreover, the router accepts all incoming calls when isdn caller is defined. The workaround is to use dialer profiles. [CSCdj56668]
The problem appears when we do a "copy tftp start" to load a file into nvram, and then reload the router. All F/R traffic shaping parameters are OK, except "no frame becn-response", which is no longer present (it does not show up with "sh run"). This must be corrected by manual reconfiguration (reentering the command under "map class" with "conf t") [CSCdj62672]
The statistics represented on the serial interface are wrong. [CSCdj62690]
When configuring IRB to bridge over a serial interface with HDLC or frame-relay encapsulation, appletalk does not work properly. Apple ping will fail and zone information will not be transferred. [CSCdj67875]
3640 getting ALIGN-3-SPURIOUS messages sometimes during startup and sometimes during configuration tasks. Router continues to operate correctly. [CSCdj70812]
Issusing a no interface dialer x may cause your router to crash while running 11.2 version of the IOS. The only workaround is to remove all the dialer interface sub commands but not the dialer interface itself. [CSCdj74144]
LANE does not filter multicast packets (like ethernet hardware). As a result, some multicast packets may get to process level and get duplicated. To prevent the router from doing this, configure bridging on the interface. If the protocol is routed and if bridging is configured on the Lane Client configured interface, the multicast packets will get dropped. [CSCdj74418]
NETBIOS_NAME_RECOGNIZED is not forwarded out through the ISDN line. [CSCdj75170]
When configuring interface dialers, if there is no IP address on the serial interface, IPCP fails negotiation. [CSCdj75905]
This section describes possibly unexpected behavior by Release 11.2(10)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(10)P. For additional caveats applicable to Release 11.2(10)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(11)P.
Work around for copying from flash to TFTP or RCP is to use
copy flash: {rcp | tftp}
instead of flash keyword. This, however, does not work with bootflash. [CSCdj38964]
If a telnet session is originated from a Cisco router and the command is enabled, the IP address of the outgoing interface is used as the source instead of the one from the specified interface. [CSCdj51149]
CSCdj17314 found a bug in RSP where radix walktree routine was suspended unexpectedly. This ddts put a detection mechanism to check whether there is other place radix walktree routine could suspend unexpectedly to cause various crashes on rn_walktree_* routine. [CSCdj52129]
The AS5300 will only allow the creation of more than 5 vty's in the enterprise image. [CSCdj61798]
The FDDI NIM in a 4000 series router only places one data frame on the ring per token capture. On a large ring with a mix of 4000s and other devices, this can cause a nonoptimal level of performance. [CSCdj00852]
The Internal Clock of ATM-lite is not initialized properly. This cause loopback ping to fail because neither end is providing clock. [CSCdj24890]
When a 3600 router serial interface is operating in HDX DCE mode and the attached DTE device drops RTS too quickly after the end of frame, it is possible that router will silently ignore the frame.
The workaround is to enable the interface to run in FDX or DTE mode. [CSCdj36625]
In the case where a T1 is broken out of the CT3 bundle, and sent to one of the test/external ports, *and* that T1 is also configured as an IOS interface at the CT3, the following unintended side effects can be observed:
. data arriving on that T1 from the CT3 bundle is sent to the test/external port as intended, but also sent towards the IOS interface configured at the CT3. Depending on the router configuration, this may in turn cause each such packet to be received twice, once (correctly) by the MIP (or whatever is connected to the test/external port) and once (incorrectly) by the CT3.
. any FDL, IBCD or BOC messages sent from the remote T1 end (arriving via the CT3 bundle) will be sent to the test/external port as intended, but also interpreted by T1 framer at the CT3. When the message requests some loopbacks (most notably line loopback), that T1 will be looped at the CT3. The CT3 should be completely transparent for any T1s sent to the test/external ports. [CSCdj42171]
Written By Steve Lee of SJ TAC WAN Team 3 Oct 1997
1. Symptom ---------- When configuring HSSI interfaces to support IPX traffic you can use the ipx encapsulation command which is not relevant on a HSSI interface since the IPX packets will simply traverse the HSSI link via whatever encapsulation method is present on the HSSI interface, ie... PPP, HDLC, SMDS, etc.
2. Conditions ------------- The commands can be entered on any type of HSSI interface and on any platform. This includes the following HSSI interface types: HIP, PA-H, and NP-1HSSI. This cosmetic bug has been configurable in testing all the way through 11.2(8)P and 11.1.14 IOS code.
3. Workaround ------------- There is no workaround required. Simply turn on IPX routing with the global configuration command ipx routing and then put an ipx network on the particular HSSI interface with the command ipx network <1-FFFFFFFD> and the HSSI interface will support the transport of IPX packets.
4. Further Problem Description ------------------------------ This is simply a cosmetic bug and causes no problem on the router as the command informs the user that the ipx encapsulation type is unsupported on the HSSI interface. [CSCdj47293]
In certain conditions, bridged traffic through a 7206 running 11.1(13a)CA1 coming in on a Frame Relay Interface may have the last four bytes corrupted. The same problem has also been reported on a 3640 running 11.2(8)P. It is also expected that the problem might occur when the inbound is atm(aal3/4), smds, lane-ether or the outbound media has enabled ppp compression, priority queueing or outbound media is isdn, dialer interface. [CSCdj47881]
On 7200 if IRB is configured for traffic b/w ethernet and atm port adapter that may drive the 5sec cpu utilization to 95%. Because at atm interface IP traffic is being process switched. This only happens if IRB is configured on the 7200. [CSCdj48228]
Problem has been identified in the code where buffer size of 256 is used by the vip if the vip card is a vip2-20 and the PA is a PA-4R-FDX. The right buffer size should be 512 which is what the 4R driver is using. The difference in buffer size betw [CSCdj49030]
ATM lite port adapter on VIP2 platform does not function. The symptom is the interface gets output stuck and going up and down repeatedly. [CSCdj51923]
Current "show controller t3 x/0/0 tabular" output is based on UTC (Coordinated Universal Time). Which does not match with the local "show clock" output. Since "show clock" output will offset UTC with local time zone value.
It is prefered the "show controller t3 x/0/0 tabular" output use the time displayed by "show clock". [CSCdj53768]
In c75xx platforms, if the inbound SMDS encapsulated packet size is greater than the MTU of outbound media, then the packet transmission failure is expected. This problem will occur only if the optimum switching is turned-off (no ip route-cache opt) and fast switching is turned-on. A possible workaround is to issue a ip route-cache optimum on the serial interface which has SMDS encapsulation. [CSCdj62042]
When using VIP2 based interface processor on a 7500 under high load or during an OIR event, A cybus error might sometimes spuriously occur and indicate:
The cybus will reset all interfaces and cause routing protocol and spanning tree updates to occur. [CSCdi80769]
ATM Lite connected to a Newbridge causes the laser to shut down after 8 seconds for 2 seconds. But replacing the ATM Lite with AIP, everything works. [CSCdj46914]
While debugging distributed multicast, it was noted that get_drq_entries was causing a crashdump. While analyzing the cause, we determined the get_drq_entries algorithm was not safe for recurssion, causing some outstanding cybus errors [CSCdj49417]
This section describes possibly unexpected behavior by Release 11.2(9)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(9)P. For additional caveats applicable to Release 11.2(9)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(10)P.
When h/w compression is utilized in a 7200 or 7500/VIP2 platform, show compress counters may wrap after 4 billion bytes indicating the wrong compression ratio. A "clear counters" will temporarily remedy this until the counters wrap again. [CSCdi91385]
In the 7513 some revisions on IOS 11.1 and 11.2 return the wrong card values for the PA-8T_X21 and PA-8T_v35 port adapters. These incorrect values can result in CiscoView displaying the wrong card types in the CiscoView image of the 7500 router. [CSCdj17487]
When memory corruption in malloc or free routine is found, errmsg_mtrace is called to displayed the contents of corrupted memory blocks. The old errmsg_mtrace has a bug so that incorrect information is reported. This is fixed now. [CSCdj49778]
Using hardware or distributed compression on the VIP may result in occasional "output stuck" messages. There are many problems that have this symptom, this is one of them. This commit fixes this problem. [CSCdj51983]
When enabling source bridge translational bridging on a cisco 7200 with IOS 11.2(8.3)P the router runs out of I/O memory caused by a buffer leak in small and middle buffers.
The workaround is to disable sr/tlb. [CSCdj40130]
When enabling source bridge translational bridging feature, the router runs out of I/O memory caused by a buffer leak in small and middle buffers.
The total_vc counter in the show controller of atm-lite interfaces does not go down when a vc is removed. [CSCdj06198]
Transmit Underflows are seen with bi-directional traffic on the Fast Ethernet Network module when the link operates in half-duplex at high traffic rates. The Underflows have been observed with 1518 byte packets. [CSCdj09759]
The receive FIFO on the Fast ethernet Network Module fills up and overflows result when the Fast ethernet is over-subscribed. Overflows of the FIFO are counted as Input errors.
amit. [CSCdj10619]
PAs using posted read registers should use different PMA Posted read registers. [CSCdj13511]
MultiChannel Interface Processor (MIP) on Cisco c7000 routers, interface loopback remote command will stays on "remote pending" state after issue. [CSCdj19606]
FastEthernet port on a 4500 running a half duplex does not count collisions or defers. 0 collisions and 0 defers are reported for 500091725 packets output. The NP-1FE is connected to a 3COM 100-Base-FX hub. IOS is 11.1.11. [CSCdj34846]
Dialer in-band does not work with 3600 platforms when the interface used is X.21 cable on the 5-in-1 WIC. [CSCdj40826]
When the T3 performance monitoring algorithms enter Unavailable State, as defined in rfc1407, we no longer continue to count Line Code Violations, P-bit Coding Violations and C-bit Coding Violations. Without these counters, it's very difficult to diagnose the cause of the Unavailable State. In addition, the lack of increasing counts may mislead the diagnosis effort into thinking there are no physical/framing problems present.
Similarly, when the T1 performance monitoring algorithms enter Unavailable State, as defined in rfc1406, we no longer continue to count Line Code Violations and Path Code Violations. [CSCdj45821]
7505 / rsp4 / E1 PA / 11.1.14CA - custom queueing does not seem to work ... [CSCdj47294]
7206 with PA-A1-OC3MM running returns "unknown" to snmp queries for card type and description. This behavior seen with 11.1(9)CA, 11.1(14)CA, and 11.2(8)P
from snmpwalk (ATM card installed in slot 1, corresponds to index 2 below):
A routing node is removed from the IP cache Radix tree and then the buffer is freed, but somehow it can still be traversed from the treetop and cause a crash (access after free). [CSCdj17314]
The router sets the type of service precedence bits to 0C (internetwork control) in the IP header of telnet packets. Macintosh telnet clients are not able to handle this and they abort the TCP connection.
This is a change in behavior from the 11.2 mainline code.
The only workaround is to run IOS other than 11.2(x)P. [CSCdj36238]
The router configured with "isdn incoming-voice data 56" might wrongfully treat an incoming voice call as 64k. [CSCdj43717]
This problem has two ways of manifesting itself. First is when ATM-lite is the 3rd of the three fast PAs on a NPE-150, it's rx pool will be forced to operate out of DRAM. And the second is when ATM-lite is running in a NPE-100, where it's designed to operate out of DRAM.
The problem behaves in such way that sometimes, packets that are to be handled at the process level will end up in wrong queues. For instance, a routing packet could end up in a SSCOP queue, or a LANE queue, causing the SSCOP or LANE to operate abnormally and sometimes resulting in the interface flapping. [CSCdj46634]
This section describes possibly unexpected behavior by Release 11.2(8)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(8)P. For additional caveats applicable to Release 11.2(8)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(9)P.
Software encryption failed with CT3. Packets get decrypted but not encrypted.
There is no known workaround. [CSCdj19989]
We have a 7513, server-gw10, which has an RSP4 in slot 6 and an RSP2 in slot 7. When we use SNMP and the old cisco chassis MIB to pull the information from the router, IOS is returning "R5000" as the cardDescr for the RSP2. This is incorrect, it should return "dual-cbus R4600".
SNMP is pulling the right hardware revision, and reports the RSP2 has HW Version 1.2 (which it is, below).
When using distributed compression (VIP s/w compression), if input congestion occurs where an input buffer cannot be allocated, an illegal packet can be sent to the host causing unpredictable results including "output stuck" messages that result in a CBUS reset. This has been found on a VIP with 4 PRI interfaces doing distributred compression.
The workaround is to turn off distributed compression. [CSCdj27067]
The Cisco 3600 series is missing the modemcap and modem auto discovery subsystems in the Service Provider subset images (c3620-p-mz and c3640-p-mz) in Release 11.1AA and Release 11.2P.
Note that the other Cisco 3600 series image subsets are not affected by this bug. [CSCdj27391]
Routers with a MIPS 4000 processor do not always reply correctly to NTP time requests. This problem exists only in Cisco IOS Release 11.2 P. Currently there is no workaround. [CSCdj27481]
CSCdj28947: Memory split not working when used with 128 MB RAM.
Conditions Under Which the Problem Occurs
This problem occurs when you attempt to configure, on a C3640 or C3620 router with 128 MB of RAM, I/O memory to occupy 40 percent or more of total RAM. For example, on a router with 128 MB of RAM, if you enter the configuration mode command:
memory-size iomem 40
The problem is that the size of I/O memory, as calculated by the router, is not 40 % as specified, but more like 20 %. This problem is caused by an overflow condition caused by the calculation of I/O memory size. The first step of this calculation is to multiply the total memory size, 128 MB, by the specified percentage, 40. This multiplication overflows the 32-bit integer precision of the operands. The multiplication operation truncates the result to 32-bits, resulting in an incorrect value for the calculation.
This problem only occurs when you configure I/O memory to 40 % on a router with 128 MB of RAM. No other configurations result in manifestation of the problem.
Symptoms of the Problem
If you configure the router as described above, and then enter the command
show version
then part of the text displayed will be the calculated memory split. If this problem did not occur, you would see a memory split of:
78848K/52224K
indicating that 78848K, or about 77 MB, are reserved for program and data, and that 52224K, or about 51 MB are reserved for I/O Memory. Indeed, 51 MB is about 40 % of the total 128 MB, as requested.
Instead, because of the problem, you see a memory split of about:
120,828K/10,240K
Workaround
The only way to workaround the problem is to configure the memory split for 30% or less. This avoids the overflow situation described above. [CSCdj28947]
When configured for autoboot the system will fall into a boot loop if all attempts to boot according to the user configured boot commands fail. This error occurs in systems running rom monitor version 474, 474A with system images 11.1(8)AA and 11.2(6.1)P or greater.
The workarounds are to avoid configuring boot commands unless we need to boot an image that is not the first image in system flash or to add last resort boot command(s). The example below will force the system to boot the first image in flash, first image in 2nd partition of system flash, and first image bootflash respectively if all else fails.
(e.g. boot system flash flash:, boot system flash flash:2:, boot system flash bootflash: ) [CSCdj34884]
This bug is a very rare condition. It happens only when the underlying TCP layer sends us a invalid frame. As such it doesnot add any instability to the release. [CSCdj27157]
SR/TLB feature does not function correctly; sessions through SR/TLB cannot be established. [CSCdj33360]
On Cisco 3600 series routers, the program counter can be corrupted while changing the encapsulation from hdlc to bstun on the 5in1 Serial WIC interface while traffic is running. A corrupted program counter will cause the system to reload with an error message like the following: %ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60027BC8, sp=0x60B3AD08
The workaround for this is to shutdown the interface before changing the encapsulation. [CSCdj35539]
A POS configuration command to specify Sectionsub Overhead byte J0 is added. Also, the existing POS configuration commands were modified to be in line with existing commands. Old commands are hidden, and will not be written into NVRAM configuration. If a old style configuration comand is present when booting with IOS release that has this fix, a error message like "Invalid input detected ..." will appear at bootup time. If you have some configuration commands that uses 'old' style syntax, we recommend that it be changed to the 'new' style.
Call setup failures with AIPREJCMD & AIP-3-FAILCREATEVC messages on ATM Lite PA(VIP). The problem is currently being investigated and a resolution will be available in the near future. [CSCdj25270]
The clockrate command cannot be removed from interface configuration. Router put the default clockrate to 1200. [CSCdj25502]
When more than 10 consectutive P-bit Severely Errored Seconds (PSESs) are received on the DS3, the CT3IP does not properly enter unavailable state as defined in rfc1407. When the PSESs desist, the counters are left in undefined states. [CSCdj26801]
The 7200 do not support both IRB and multicast enabled. The following error messages may be generated if configured.
%SYS-2-BADBUFFER: Attempt to use scattered buffer as contiguous src, ptr= 60C0C3BC, pool= 60C0AC28 %ALIGN-3-CORRECT: Alignment correction made at 0x6026ADB0 reading 0x1AA0056 %ALIGN-3-CORRECT: Alignment correction made at 0x6026B078 reading 0x1AA0046 [CSCdj28940]
The external/test port status display, shown in the output from "show cont t3" is not reliable. It may show:
Ext1: OK, Ext2: OK, Ext3: OK, Test: OK
regardless of their real state.
If the state of any port changes sometime after booting, then all four will then display their actual state. But if no such change happens, they will remain stuck at OK, OK, OK, OK, regardless of their actual state. [CSCdj29082]
In order to better diagnose T1 provisioning problems, it is now possible to place the remote SmartJack into loopback. Previously, only the remote CSU could be placed into loopback. As a result of this limitation, wiring problems between the remote SmartJack and the remote CSU were difficult to diagnose.
There are now two options under the "loop remote line fdl" interface config command that allow you to place either the CSU or the SmartJack into loopback:
Bowl(config-if)#loop remote line fdl ? ansi Per ANSI T1.403 Spec. (remote CSU) bellcore Per TR-TSY-000312 Spec. (remote SmartJack)
One further note, when both are configured, transmission of LOF indication (aka yellow alarms) takes priority over transmission of some FDL messages.
If the remote loopback appears not to be working, use the "show cont t3 0/0/0:n" command to determine if the given T1 is currently attempting to transmit a LOF indication (yellow alarm):
Bowl#show cont t3 0/0/0:2 T3 0/0/0 is up. CT3 H/W Version: 5, CT3 ROM Version: 1.2, CT3 F/W Version: 2.5.9 Mx H/W version: 2, Mx ucode ver: 1.34
T1 2 is down, speed: 1536 kbs, non-inverted data timeslots: 1-24 FDL per AT&T 54016 spec. Transmitter is sending LOF Indication. <------- YES Receiver is getting AIS.
If so, as in the case above, inhibit the transmission of the LOF indication (yellow alarm) with the "no t1 yellow generation" config command as follows:
Bowl(config-if)#cont t3 0/0/0 Bowl(config-controlle)#no t1 2 yellow generation
Having done that, "show cont t3 0/0/0:n" should now show:
Bowl#show cont t3 0/0/0:2 T3 0/0/0 is up. CT3 H/W Version: 5, CT3 ROM Version: 1.2, CT3 F/W Version: 2.5.9 Mx H/W version: 2, Mx ucode ver: 1.34
T1 2 is down, speed: 1536 kbs, non-inverted data timeslots: 1-24 FDL per AT&T 54016 spec. Receiver is getting AIS. Framing is ESF, Line Code is B8ZS, Clock Source is Internal. Yellow Alarm Generation is disabled <---------
Now retry the remote loopback command. When diagnosis is complete, remember to re-enable yellow alarm generation. [CSCdj29185]
"show diag" does not display the atm lite port adapter board type (single mode or multimode). [CSCdj29690]
This ddts is caused by a timing problem in the microcode so that the sw driver and microcode get out of sync. When the problem occurs, you will see output stuck or interface flapping if the keep alive timer is configurated. This ddts will affect 4T+, 8T and CT3 PAs. [CSCdj29805]
The router will not respond to ARP's correctly when bridging IP on a channelized T1 interface . Therefore, telnets to and from the router will fail. [CSCdj31285]
In rare circumstances, a router containing FDDI VIP2 pa's and configured for source-route bridging, will incorrectly forward an IP packet that contains a RIF field back out onto the same interface that it came. This behavior will result in IP packets "looping" around the FDDI ring until the Time To Live counter reaches 0. To reslove this problem upgrade the router to one of the images that contain the software fix. [CSCdj32518]
The atm lite port adapter's pci bus latency timer value is too small which may causes some inefficiency on the pci bus utilization on vip2. [CSCdj32880]
Data corruption is not been found on CT3IP. However, the 4 channel Mueslix ucode version 1.30 which CT3IP were used may cause data corruption.
No workaround available. [CSCdj33491]
Under certain circumstances, the fastethernet interface could stop passing traffic. The reason for this behaviour is being investigated. Resetting the interface in this condition with the shut/no shut command could result in the router reloading itself. Since the hanging problem doesn't occur any more, this ddts only resolves the crash problem due to bus error when shut/no shut command is issued while there are traffic on fastethernet interface. [CSCdj33727]
When a vc creation fails because the maximum number of VP's are used up, it wastes the the VCD being used and does not recycle it. And that VCD remains unusable afterwards. [CSCdj34424]
Please note that this bug was committed to 11.2P but was _not_ committed to 11.2 mainline because of the significant differences between those branches with respect to SVIP distributed switching. [CSCdj02247]
Taking out the clock source command for E1 controller does not affect 36xx platform as the clock selection for E1 is automatic. [CSCdj12808]
This section describes possibly unexpected behavior by Release 11.2(7)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(7)P. For additional caveats applicable to Release 11.2(7)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(8)P.
When asymetrical compression algorithms are configured ie, "compress stac" on one router and "compress predictor" on another, both routers can crash or lock up. Realizing that the migration to stac from predictor will encounter this problem, the workaround is to shut the interfaces, change compression algorithms on both ends, then start up or "no shut" the interfaces. [CSCdj13405]
This fix did not go into the 11.2(7)P throttle branch. As a result, any number of problems might come up with GRE tunnels on the 7200. Crypto traffic may fail to decrypt properly for all transfers through the tunnel for size starting at around 500 bytes. If there is a problem seen, a workaround would be to turn off fast tunneling. The easiest way to do that would be to define the same tunnel key at both tunnel endpoints. [CSCdj20568]
The ATM-lite's CRC error could happen as a result of receive FIFO overrun. The CRC error happened in this way is re-distributed to "abort" error counter periodically. This gives an impression that the CRC counter is fluctuating. With this fix, the CRC counter only reports the real CRC errors caused by bit corruption and so on. The input packet error caused by overrun continues to be reported in the "abort" counter and will never show up on the CRC counter. [CSCdj06050]
When a shutdown is issued on an ATM-lite interface while it's transmitting large packets (>512 bytes) at a high rate, there is a chance that it will crash the router. Similarily, when a shutdown is done while it's receiving traffic, there is a chance it will lose some buffers. [CSCdj09796]
This bug is caused by the 8T and 4T+ on the VIP could not send out a dial string. The fix was committed and it should me available at 11.1(13)CA and 11.2(8)P. Without the fix, the above synchronous interface (on VIP) can not support Dial on Demand feature. [CSCdj12144]
The 3600 allocates a minimum of 25% of DRAM to I/O memory. For large amounts of DRAM (64MB, 128MB), this results in too much I/O memory. [CSCdj18131]
When using diagnostic loopbacks on CT3 t1 channels (i.e. looped back at the hdlc controller) overruns and ping failures may be observed, because the data is being loop backed at much higher data rates then intended.
Workaround: use "loop local" instead (i.e. loop the data back at the t1 framer chip). This provides identical functionality from the user's point of view, and correctly clocks the looped data at t1 rates.
The "loop diagnostic" option will be decommmissioned. [CSCdj18768]
When putting the T3 controller into local loopback mode, "loop local" will be generated in running-config other then just "loop" keyword.
It dose not change any loopback behavior. [CSCdj18771]
This fix will be checked into cal_p and 11.2(7)P throttle branch. VIP crash due to a NULL pointer (in v0) can now be avoided. [CSCdj20028]
AS5200 crashes with a bus error if it is powered on with out any modem modules plugged into it. [CSCdj20225]
MultiChannel Interface Processor (MIP), when controller t1 X/X is configured for a pri test on a 7k router instead of the serial X/X:23 interface getting configured, the ether X/X:23 interface gets configured. After this point, any attempt to configure the interface crashes the router.
This is not happening with the rsp[7513]. [CSCdj20356]
The async/sync interfaces in async. mode did not support group-async until 11.2(6.01)P. This problem was addressed by CSCdi86295 which was fixed and was put in 11.2(6.01)P in general. But for 3600 platform with 4/8 A/S Network Module in particular, the group-async command still does not work properly with the current release. It would result in loosing configuration for those async/sync interfaces in async mode under group-async after reload. The work around is to avoid using the group-async command with 4/8 A/S Network Module interafces in async. mode. Each 4/8 A/S in aysnc. mode must configured individually. [CSCdj22705]
Compression with stac and HDLC had performance impact and encapsulation PPP didn't do any compression. [CSCdj23273]
OVERVIEW: This update provides information on bug fixes for the CT3IP available in the 11.1(12)CA1 IOS software release. Becasue of these fixes, 11.1(12)CA1 will be the minimum IOS for new CT3IP orders.
PROBLEMS: 1. Problems with packet error accounting. Ignores on the CT3IP were regularly being counted as overruns. Incorrect error accounting can lead to erroneous information on network status being provided to network operations personnel.
2. Packet handling errors: In lab tests Cisco engineers discovered a latent bug in the CT3IP that can result in abnormal packet handling under unusually severe operating conditions. While Cisco is taking preemptive action to correct this bug, Cisco does not expect this bug to manifest itself in operational networks.
SOLUTION: Cisco suggests that customers who:
- are sensitive to error accounting accuracy OR - regularly run the CT3 above 80Kpps on average per direction,
upgrade to IOS 11.1(12)CA1 available on CCO now. [CSCdj23299]
The V.110 modules in an AS5200 fails the first time the autoselect ppp command is used after power up or when the modem hold-reset command is used on all 12 ports simultaneously.
A workaround for this problem is to execute the clear line command on all V.110 lines after the following events:
Power up initialization.
Using the modem hold-reset on all 12 ports. [CSCdj23972]
The OutPkts and InBytes per vc statistics counter shown by the show atm vc command is wrong. [CSCdj24569]
When configuring 'connectionless service' using the clns command, the 3800 will reload with a bus-error after entering the clns route command. There is no workaround, this feature should be avoided. [CSCdj22028]
It was found that the DRQ was becoming corrupted as a result of recursive invocation of drq_io (IPC packet passed to IPC code via dtq_consumer could result in a packet being returned via drq). drq_io was made safe for recursion. [CSCdj17845]
With changes made for CSCdj17845 (recursive drq_io allowed), it became possible for QE to start work on a DRQ transfer entry, only to have the kernel code later change that entry. Solution is to write transfer entry after all other data entries. [CSCdj24827]
This section describes possibly unexpected behavior by Release 11.2(6)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(6)P. For additional caveats applicable to Release 11.2(6)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(7)P.
The system image must copy the boot config into the rom monitor's nvram area in order to support bypassing of boothelper when booting images already in flash. [CSCdj02209]
For the general case of 2500 series router images supporting full RMON - this enhancement will show improved performance for RMON based on less CPU time in the RMON process, and decreased packets dropped from RMON processing due to queue overflow. For systems which have hardware based counters, this enhancement will show improved performance over this as well. [CSCdj09595]
Under some configurations, an SNMP poll of the csmStackName MIB object can cause the router to crash. This object exists in the ciscoStackMakerMIB (CISCO-STACKMAKER-MIB.my).
This MIB can essentially be disabled (SNMP is prevented from polling this MIB) via use of SNMP views. For example, given the following SNMP configuration: snmp-server community public ro
This can be changed to: snmp-server view no-stackmib internet included snmp-server view no-stackmib ciscoStackMakerMIB excluded snmp-server community public view no-stackmib ro
The result is that SNMP polls using the "public" community string can access objects in the entire MIB space (internet) except for those objects in the ciscoStackMakerMIB space.
This workaround will, of course, affect any NMS applications which rely on the ciscoStackMakerMIB objects. [CSCdj11115]
sh diag output is jumbled with VIP2/FDDI PAs
Output from "sh diag":
... ...
PA Bay 0 Information: FDDI PA, 1 portsPA-F-MM EEPROM format version 1 HW rev 1.D, Board revision A0 Serial number: 04759259 Part number: 73-1558-05 ... ...
When FDDI PA are displayed, between "1 port" and "PA-F-MM" are missing a comma "," and a space. [CSCdj16873]
During Customer configuration of a 3640 from multiple telnet sessions or from console and a telnet session the following sequence causes a NVRAM corruption:
From one of the sessions: sho conf
From the other session: wr m
These commands occur at the same point in time causing the router to do any of the following: a) Seg V b) PCI Master Abort c) Spirous memory access d) NVRAM corruption e) "trash" displayed to screen of "^@^@^@..." [CSCdj17520]
A problem has been found in RSP code within Cisco IOS 11.2P images. The failure condition can occur when BACKING-STORE or fair queuing are enabled. The conditions that could cause one of the above behaviors to occur are expected to be extremely rare.
For those customers running 11.2P, Cisco highly recommends upgrading all RSP-based systems to one of the Cisco IOS release 11.2(6)P or later. For those systems that cannot upgrade, this problem can be avoided by disabling both BACKING-STORE and fair queuing. Please see instructions for this at the end of this message.
When packet load on RSP-equipped systems causes datagrams to be forwarded from SRAM to DRAM, a function of BACKING-STORE, 32 bytes of data may be randomly written into DRAM. This could result in several anomalous system behaviors including: - Software-induced system crashes - Dropped datagrams - Other anomalous errors
SOLUTION:
FOR CUSTOMERS WITH RELEASE 11.2P
Option #1: Cisco highly recommends the installation of 11.2(6)P or later for 11.2(x)P images.
This problem was fixed as bug CSCdi71609 in images 10.3 through 11.2. Unfortunately it was reintroduced as a result of merged code in ONLY 11.2P.
Option #2: Below are options to work around this bug.
Disable backing store AND fair queuing on each interface with IOS commands
ALSO disable udp-turbo flooding if the image is 11.0 or later The IOS command to disable UDP turbo flooding is 'no ip forward-protocol turbo-flood' which is OFF by default in all releases.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces. [CSCdj19231]
This defect does not affect normal operations of the router. [CSCdi78401]
When using the sw56k CSU/DSU WIC card on the c3600, the following extraneous output is displayed on bootup for each sw56k card: SERVICE_MODULE(): self test finished: Passed [CSCdi84649]
The pos interface specific configuration commands pos specify-s1s0 and pos specify-c2 do not work correctly. [CSCdj09646]
When there is another Port Adapter (could be another FDDI FDX PA) besides the FDDI FDX PA in the same VIP2, the PA could
1) takes a long time or forever to go into FDX operation, 2) after goes into FDX operation, falles out of FDX mode for no good reason, 3) sees lots of claims at the interface
Without the fix, the workaround is to have FDDI FDX PA only in one VIP2, leave the other bay empty. [CSCdj11249]
On a 7206 running version 11.1.10.4 CA1 when ipx route-cache is enabled on an interface clients are unable to connect to novell servers through the router. When ipx route-cach is disabled they are able to connect. [CSCdj11354]
Symptom of this problem: 'full-duplex' command for FDDI FDX PA is not recognized
Workaround: Use the old 'fddi full-duplex' command instead [CSCdj11501]
Although not explicitly configured, pos specify-c2 207 shows up in the configuration. [CSCdj12946]
When using access list and distributed flow switching on VIP2, error may occur due to some data in the cache is not invalidated properly. The fix is to adjust the alignment of the receive data structure so the data cache is always invalidated for a newly received packet. [CSCdj13118]
In 11.1(8)CA images and later, when transparent bridging is configured on the c7200 platform, a system reload can happen under heavy loads. The error message issued by the system will indicate a bus error due to an illegal access to a low address. [CSCdj14850]
ISL VLAN support is not included in any of the 11.2(6)P Plus feature sets. It is recommended to use the Enterprise feature set until this issue is resolved. [CSCdj17661]
Selecting line (recovered) clocking on the CT3's t1 #23 does not work. There is no known workaround, other then to not do it, i.e. always use internal clocking on t1 #23. Depending on what equipment is at the remote end, this workaround may cause the remote end to slip.
This is fixed in CT3 f/w version 2.2.0. To determine your current CT3 f/w version, use the "show cont t3" exec command:
CT3 H/W Version : 5, CT3 ROM Version : 1.2, CT3 F/W Version : 2.2.0 ^^^^^
must be 2.2.0 or greater in order to use line clocking on t1 #23.
No more than one DLSw peer comes active in a 3640 running 11.1(10) IOS. It is possible to configure the second peer, but this one will never be in a CONNECT state.
Workaround is to configure no transport input on the auxport line. [CSCdj09782]
User Datagram Protocol (UDP) turbo flooding is now supported on the Cisco 3600 series. [CSCdj16381]
When AAL5 packets received by the ATM-Lite are of size that is near the multiple of buffer size boundary (480 bytes), the driver will potentially misadjuct the AAL5 trailer bytes and pass along packets of exccessive bytes. [CSCdj16672]
This section describes possibly unexpected behavior by Release 11.2(5)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(5)P. For additional caveats applicable to Release 11.2(5)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(6)P.
A 4000 series Fast Ethernet Network Processor Module (NPM) does not respond to its virtual MAC addresses. This makes HSRP fail. [CSCdi80641]
When integrated routing and bridging (IRB) is configured on a Cisco 4500 series router in order to route AppleTalk across an Interswitch Link (ISL) trunk, the input queue may fill up and stop receiving traffic. There is no workaround. [CSCdj01341]
The command 'dce-terminal-timing-enable' command is used to prevent phase shifting of the data with respect to the clock when running the line at high speeds over long distances.
This command is currently not supported on Cisco 1600 and 3600 series of Routers. [CSCdj05354]
IP network precedence not set for telnet nor icmp [CSCdj04125]
On a Cisco 7500 RSP system, access list processing does not work with optimum switching. Packets that should be dropped are forwarded, and packets that should be forwarded are switched via the slower fast switching. The workaround is not to use optimum switching if access lists are defined. [CSCdj04279]
IPX packets are getting corrupted with MIP and CT3 hardware with fast switching. Work around is to disable ipx fastswitching on these interfaces. [CSCdj06068]
The LZS Reset Request and Reset ACK functions do not match the RFC 1967 spec. Thus a Cisco IOS router will not be able to correctly introperate with other vendors implementing this mechanism. Defective IOS images will correctly interoperate with each other. This defect will be fixed in a future release of IOS. When the defect is fixed, fixed IOS images will not be able to correctly interoperate with defective images. [CSCdi78786]
This error message is sometimes displayed when you configure 6 PRI interfaces and all of them carry heavy traffic on a 3600 router. This error message does not affect the normal operation of the router. [CSCdi92522]
ISDN leased-line does not come up after reload on 36xx platforms. [CSCdj03228]
This section describes possibly unexpected behavior by Release 11.2(4)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(4)P. For additional caveats applicable to Release 11.2(4)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(5)P.
When the encapsulation is changed on an interface from one that supports weighted fair queueing to one that does not, and the change is made from the console or auxilary port, there may be an 8-KB memory loss each time the encapsulation is changed. To identify this problem, examine the output of the show memory allocating-process command, which shows that the number of memory blocks allocated by the EXEC increases each time you change the encapsulation. If you do not change the encapsulation on an interface often, this problem should not have a significant impact on system performance. [CSCdi89723]
When enabling or disabling Token Ring SRB (Source Route Bridging) on a Cisco 3620 or 3640 router with the configuration command: source-bridgelocal-ring-number bridge-number target-ring-number, the configuration does not immediately take effect. The workaround is to follow this command with the clear interfaceTokenRing command. [CSCdi86081]
This section describes possibly unexpected behavior by Release 11.2(3)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(3)P. For additional caveats applicable to Release 11.2(3)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(4)P.
The fast ethernet does not remain up like with common ethernet if no cable is inserted and the no keep-alive is configured. The interface goes up and down. [CSCdi72100]
On the Cisco 4500/4700, NPMs with async interfaces and the ARAP protocol are not yet supported. [CSCdi83510]
This section describes possibly unexpected behavior by Release 11.2(1)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(1)P. For additional caveats applicable to Release 11.2(1)P, see the caveats sections for newer 11.2 P releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.2(3)P.
A hang of APPN's APPC stack (used to send locates and TDUs) can occur in rare situations when an outbound locate or TDU is in the process of being transmitted on a CP-CP session at the exact time that session is terminated (due to link failure or other reason). The APPC component does not handle this situation properly, and after the condition occurs, APPC and all locates and TDU processing become stuck. [CSCdi73085]
This section describes possibly unexpected behavior by Release 11.2BC. Unless otherwise noted, these caveats apply to all 11.2BC BC releases up to and including 11.2BC.
The counters for CSNA Virtual Port X/2 do not get cleared when CLEAR COUNT CHANNEL x/2 command is issued. Workaround is to issue Shut/No Shut on the Interface. [CSCdi51387]
