Release Notes for the Cisco 1000 Series Routers for Cisco IOS Release 11.2

January 12, 1998

These release notes describe the new features and significant software components for Cisco IOS Release 11.2, up to and including Release 11.2(11) for Cisco 1000 series routers.

Introduction

These release notes discusses the following topics:

• Cisco IOS Release 11.2 Paradigm, page 2

• Cisco 1000 Series Routers and Platforms Supported, page 3

• Documentation, page 4

• New Features in Release 11.2(1), page 6

• Cisco IOS Feature Sets for Cisco 1000 Series Routers, page 22

• Upgrading to a New Software Release, page 27

• Memory Requirements, page 28

• Important Notes, page 29

• Caveats for Release 11.2(1) Through 11.2(11), page 30

• Caveats for Release 11.2(1) Through 11.2(10), page 45

• Caveats for Release 11.2(1) Through 11.2(9), page 53

• Caveats for Release 11.2(1) Through 11.2(8), page 59

• Caveats for Release 11.2(1) Through 11.2(7), page 65

• Caveats for Release 11.2(1) Through 11.2(6), page 70

• Caveats for Release 11.2(1) Through 11.2(5), page 75

• Caveats for Release 11.2(1) Through 11.2(4), page 80

• Caveats for Release 11.2(1) Through 11.2(3), page 84

• Caveats for Release 11.2(1) Through 11.2(2), page 88

• Caveats for Release 11.2(1), page 92

• Cisco Connection Online, page 95

• Documentation CD-ROM, page 96

Cisco IOS Release 11.2 Paradigm

Similar to a train rolling down a track and picking up passengers, after a release of Cisco IOS software is released to customers it picks up software fixes along the way and is rereleased as maintenance releases. Maintenance releases provide the most stable software for your network, for the features you need. In addition to the mainline software "train," there is an early deployment (ED) train. The ED train-Release 11.2(11) P-delivers fixes to software defects and support for new Cisco platforms and features. Figure 1 shows the Cisco IOS 11.2(11) and 11.2(11) P train software releases.

Figure 1:

Cisco IOS Software Releases

• The new features in the section "New Features in Release 11.2(1), page 6"

• All the functionality of each feature set as described in Table 3 through Table 5

• Plus all the software caveats for Release 11.2 for each maintenance release of software

To view the version of Cisco IOS software that is running on your Cisco 1000 series router, log in to the router and enter the show version user EXEC command:

router> show version
Cisco Internetwork Operating System Software
IOS (tm) 1005 Software (C1005-Y-M), Version 11.2(7a), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Tue 01-Jul-97 14:22 by kuong
Image text-base: 0x02004000, data-base: 0x022665E0
ROM: System Bootstrap, Version 5.3(17727) [enf 129], INTERIM SOFTWARE
BOOTFLASH: 1000 Bootstrap Software (C1000-RBOOT-R), Experimental Version
10.3(17727) [enf 100]
althame uptime is 1 minute
System restarted by reload
System image file is "master/c1005-y-mz.112-7a", booted via tftp from
223.255.254.254
cisco 1000 (68360) processor (revision @) with 3584K/512K bytes of memory.
Processor board ID 01329973
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
8K bytes of non-volatile configuration memory.
2048K bytes of processor board PCMCIA flash (Read/Write)

Cisco 1000 Series Routers and Platforms Supported

The following routers are supported by Cisco IOS Release 11.2:

• Cisco 1003 and Cisco 1004 ISDN routers

• Cisco 1005 router

• Cisco 1000 LAN Extender

Table 1 and Table 1 summarize the LAN and WAN interfaces supported on each Cisco 1000 series router. "Yes" means that a particular interface is supported. "No" means it is not supported.

Documentation

For Cisco IOS Release 11.2, the Cisco IOS documentation set consists of eight documentation modules. Each documentation module has a configuration guide, a command reference, and five supporting documents.

The books and chapter topics are as follows:

These documents are available as printed manuals or electronic documents. For electronic documentation of Release 11.2 router and access server software features, refer to the Cisco IOS Release 11.2 configuration guides and command references located in the Cisco IOS Release 11.2 database on the Documentation CD-ROM. You can also access Cisco technical documentation on the World Wide Web at http://www.cisco.com.

New Features in Release 11.2(1)

The following software enhancements have been added to Release 11.2, which are divided into the following subjects:

• Routing Protocols

• Desktop Protocols

• Wide-Area Networking Features

• IBM Functionality

• Security Features

• Network Management

Routing Protocols

This section describes routing protocol features that are new in the initial release of Cisco IOS Release 11.2.

IP Protocol and Feature Enhancements

The following new IP protocol software features are available:

• On Demand Routing--On Demand Routing (ODR) is a mechanism that provides minimum-overhead IP routing for stub sites. The overhead of a general dynamic routing protocol is avoided, without incurring the configuration and management overhead of using static routing.

A stub router is the peripheral router in a hub-and-spoke network topology. Stub routers commonly have a WAN connection to the hub router and a small number of LAN network segments (stub networks) that are connected directly to the stub router. To provide full connectivity, the hub routers can be statically configured to know that a particular stub network is reachable via a specified access router. However, if there are multiple hub routers, many stub networks, or asynchronous connections between hubs and spokes, the overhead required to statically configure knowledge of the stub networks on the hub routers becomes too great.

ODR simplifies installation of IP stub networks in which the hub routers dynamically maintain routes to the stub networks. This is accomplished without requiring the configuration of an IP routing protocol at the stub routers. With ODR, the stub advertises IP prefixes corresponding to the IP networks that are configured on its directly connected interfaces. Because ODR advertises IP prefixes, rather than IP network numbers, ODR is able to carry Variable Length Subnet Mask (VLSM) information.

Once ODR is enabled on a hub router, the router begins installing stub network routes in the IP forwarding table. The hub router can also be configured to redistribute these routes into any configured dynamic IP routing protocols. IP does not need to be configured on the stub router. With ODR, a router is automatically considered to be a stub when no IP routing protocols have been configured on it.

The routing protocol that ODR generates is propagated between routers using Cisco Discovery Protocol (CDP). Thus, ODR is partially controlled by the configuration of CDP. Specifically,

• If CDP is disabled, the propagation of ODR routing information will cease.

• By default, CDP sends updates every 60 seconds. This update interval might not be frequent enough to provide fast reconvergence of IP routers on the hub router side of the network. A faster reconvergence rate might be necessary if the stub connects to several hub routers via asynchronous interfaces (such as modem lines).

• ODR might not work well with dial-on-demand routing (DDR) interfaces, as CDP packets will not cause a DDR connection to be made.

It is recommended that IP filtering be used to limit the network prefixes that the hub router will permit to be learned dynamically through ODR. If the interface has multiple logical IP networks configured (via the IP secondary command), only the primary IP network is advertised through ODR.

Open Shortest Path First (OSPF) Enhancements

The following features have been added to Cisco's OSPF software:

• OSPF On-Demand Circuit--OSPF On-Demand Circuit is an enhancement to the OSPF protocol, as described in RFC 1793, that allows efficient operation over demand circuits such as ISDN, X.25 SVCs, and dial-up lines. Previously, the period nature of OSPF routing traffic mandated that the underlying data-link connection needed to be open constantly, resulting in unwanted usage charges. With this feature, OSPF Hellos and the refresh of OSPF routing information is suppressed for on-demand circuits (and reachability is presumed), allowing the underlying data-link connections to be closed when not carrying application traffic.

The feature allows the consolidation on a single routing protocol and the benefits of the OSPF routing protocol across the entire network, without incurring excess connection costs.

If the router is part of a point-to-point topology, only one end of the demand circuit needs to be configured for OSPF On-Demand Circuit operation. In point-to-multipoint topologies, all appropriate routers must be configured with OSPF On-Demand Circuit. All routers in an area must support this feature--that is, be running Cisco IOS Software Release 11.2 or greater.

• OSPF Not-So-Stubby Areas (NSSA)--As part of the OSPF protocol's support for scalable, hierarchical routing, peripheral portions of the network can be defined as "stub" areas, so that they do not receive and process external OSPF advertisements. Stub areas are generally defined for low end routers with limited memory and CPU, that have low-speed connections, and are in a default route configuration.

OSPF Not-So-Stubby-Areas (NSSA) defines a more flexible, hybrid method, whereby stub areas can import external OSPF routes in a limited fashion, so that OSPF can be extended across the stub to backbone connection.

NSSA enables OSPF to be extended across a stub area to backbone area connection to become logically part of the same network.

Border Gateway Protocol version 4 (BGP4) Enhancements

The following features have been added to Cisco's BGP4 software:

• BGP4 Soft Configuration--BGP4 soft configuration allows BGP4 policies to be configured and activated without clearing the BGP session, hence without invalidating the forwarding cache. This enables policy reconfiguration without causing short-term interruptions to traffic being forwarded in the network.

• BGP4 Multipath Support-- BGP4 Multipath Support provides BGP load balancing between multiple Exterior BGP (EBGP) sessions. If there are multiple EBGP sessions between the local autonomous system (AS) and the neighboring AS, multipath support allows BGP to load balance among these sessions. Depending on the switching mode, per packet or per destination load balancing is performed.

BGP4 Multipath Support can support up to six paths.

• BGP4 Prefix Filtering with Inbound Route Maps--This feature allows prefix-based matching support to the inbound neighbor route map. This feature allows an inbound route map to be used to enforce prefix-based policies.

Network Address Translation

Network Address Translation (NAT) provides a mechanism for a privately addressed network to access registered networks, such as the Internet, without requiring a registered subnet address. This eliminates the need for host renumbering and allows the same IP address range to be used in multiple intranets.

With NAT, the privately addressed network (designated as "inside") continues to use its existing private or obsolete addresses. These addresses are converted into legal addresses before packets are forwarded onto the registered network (designated as "outside"). The translation function is compatible with standard routing; the feature is required only on the router connecting the inside network to the outside domain.

Translations can be static or dynamic in nature. A static address translation establishes a one-to-one mapping between the inside network and the outside domain. Dynamic address translations are defined by describing the local addresses to be translated and the pool of addresses from which to allocate outside addresses. Allocation is done in numeric order and multiple pools of contiguous address blocks can be defined.

NAT:

• Eliminates readdressing overhead. NAT eliminates the need to readdress all hosts that require external access, saving time and money.

• Conserves addresses through application port-level multiplexing. With NAT, internal hosts can share a single registered IP address for all external communications. In this type of configuration, relatively few external addresses are required to support many internal hosts, thus conserving IP addresses.

• Protects network security. Because private networks do not advertise their addresses or internal topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external access.

Because the addressing scheme on the inside network might conflict with registered addresses already assigned within the Internet, NAT can support a separate address pool for overlapping networks and translate as appropriate.

Applications that use raw IP addresses as a part of their protocol exchanges are incompatible with NAT. Typically, these are less common applications that do not use fully qualified domain names.

Named IP Access Control List

The Named IP Access Control List (ACL) feature gives network managers the option of using names for their access control lists. Named IP ACL function similarly to their numbered counter-parts, except that they use names instead of numbers.

This feature also includes a new configuration mode, which supports addition and deletion of single lines in a multiline access control list.

This feature eliminates some of the confusion associated with maintaining long access control lists. Meaningful names can be assigned, making it easier to remember which service is controlled by which access control list. Moreover, this feature removes the limit of 100 extended and 99 standard access control lists, so that additional IP access control lists can be configured.

The new configuration feature allows a network manager to edit access control lists, rather than re-creating the entire list.

Currently, only packet and route filters can use Named IP ACL. Also, named IP ACLs are not backward-compatible with earlier releases of Cisco IOS software.

Named IP ACLs are not currently supported with Distributed Fast Switching.

Multimedia and Quality of Service

The following features have been added to Cisco's multimedia and quality of service software:

• Resource Reservation Protocol--Resource Reservation Protocol (RSVP) enables applications to dynamically reserve necessary network resources from end-to-end for different classes of service. An application, which acts as a receiver for a traffic stream, initiates a request for reservation of resources (bandwidth) from the network, based on the application's required quality of service. The first RSVP-enabled router that receives the request informs the requesting host whether the requested resources are available or not. The request is forwarded to the next router, towards the sender of the traffic stream. If the reservations are successful, an end-to-end pipeline of resources is available for the application to obtain the required quality of service. RSVP enables applications with real-time traffic needs, such as multimedia applications, to coexist with bursty applications on the same network. RSVP works with both unicast and multicast applications.

RSVP requires both a network implementation and a client implementation. Applications need to be RSVP-enabled to take advantage of RSVP functionality. Currently, Precept provides an implementation of RSVP for Windows-based PCs. Companies such as Sun and Silicon Graphics have demonstrated RSVP on their platforms. Several application developers are planning to take advantage of RSVP in their applications.

• Random Early Detection--Random Early Detection (RED) helps eliminate network congestion during peak traffic loads. RED uses the characteristics of a robust transport protocol (TCP) to reduce transmission volume at the source when traffic volume threatens to overload a router's buffer resources. RED is designed to relieve congestion on TCP/IP networks.

RED is enabled on a per-interface basis. It "throttles back" lower-priority traffic first, allowing higher-priority traffic (as designated by an RSVP reservation or the IP precedence value) to continue unabated.

RED works with RSVP to maintain end-to-end quality of service during peak traffic loads. Congestion is avoided by selectively dropping traffic during peak load periods. This is performed in a manner designed to damp out waves of sessions going through TCP slow start.

Existing networks can be upgraded to better handle RSVP and priority traffic. Additionally, RED can be used in existing networks to manage congestion more effectively on higher-speed links where fair queuing is expensive.

Exercise caution when enabling RED on interfaces that support multiprotocol traffic (in addition to TCP/IP), such as IPX or AppleTalk. RED is not designed for use with these protocols and could have deleterious affects.

RED is a queuing technique; it cannot be used on the same interface as other queuing techniques, such as Standard Queuing, Custom Queuing, Priority Queuing, or Fair Queuing.

• Generic Traffic Shaping--Generic Traffic Shaping (also called Interface Independent Traffic Shaping) helps reduce the flow of outbound traffic from a router interface into a backbone transport network when congestion is detected in the downstream portions of the backbone transport network or in a downstream router. Unlike the Traffic Shaping over Frame Relay features which are specifically designed to work on interfaces to Frame Relay networks, Generic Traffic Shaping works on interfaces to a variety of Layer 2 data-link technologies (including Frame Relay, SMDS, Ethernet, and so on.)

Topologies that have high-speed links feeding into lower-speed links--such as a central site to a remote or branch sites--often experience bottlenecks at the remote end because of the speed mismatch. Generic Traffic Shaping helps eliminate the bottleneck situation by throttling back traffic volume at the source end.

Routers can be configured to transmit at a lower bit rate than the interface bit rate. Service providers or large enterprises can use the feature to partition, for example, T1 or T3 links into smaller channels to match service ordered by customers.

Generic Traffic Shaping implements a Weighted Fair Queuing (WFQ) on an interface or subinterface to allow the desired level of traffic flow. The feature consumes router memory and CPU resources, so it must be used judiciously to regulate critical traffic flows while not degrading overall router performance.

Multiprotocol Routing

The following enchancement has been made to Cisco's multiprotocol routing:

• Enhanced IGRP Optimizations--With the wide-scale deployment of Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) in increasingly large and complex customer networks, Cisco has been able to continuously monitor and refine Enhanced IGRP operation, integrating several key optimizations. Optimizations have been made in the allocation of bandwidth, use of processor and memory resources, and mechanisms for maintaining information about peer routers, as described below.

  • Intelligent Bandwidth Control: In network congestion scenarios, packet loss, especially the dropping of routing protocol messages, adversely affects convergence time and overall stability. To prevent this problem, Enhanced IGRP now takes into consideration the available bandwidth (at a granularity of per subinterface/virtual circuit if appropriate) when determining the rate at which it will transmit updates. Interfaces can also be configured to use a certain (maximum) percentage of the bandwidth, so that even during routing topology computations, a defined portion of the link capacity remains available for data traffic.

  • Improved Processor and Memory Utilization: Enhanced IGRP derives the distributed routing tables from topology databases that are exchanged between peer routers. This CPU computation has now been made significantly more efficient as has the protocol's queuing algorithm, resulting in improved memory utilization. The combination of these factors further increases Enhanced IGRP's suitability for deployment, particularly on low-end routers.

  • Implicit Protocol Acknowledgments: Enhanced IGRP running within a router maintains state and reachability information about other neighboring routers. This mechanism has been modified so that it no longer requires explicit notifications to be exchanged but rather will accept any traffic originating from a peer as a valid indication that the router is operational. This provides greater resilience under extreme load.

  • IPX Service Advertisement Interleaving: Large IPX environments are typically characterized by many Service Advertisements, which can saturate lower-speed links at the expense of routing protocol messages. Enhanced IGRP now employs an interleaving technique to ensure that both traffic types receive sufficient bandwidth in large IPX networks.

These enhancements are particularly applicable in networking environments having many low-speed links (typically in hub-and-spoke topologies); in Non-Broadcast-Multiple-Access (NBMA) wide-area networks such as Frame Relay, ATM, or X.25 backbones; and in highly redundant, dense router-router peering configurations. It should be noted that the basic Enhanced IGRP routing algorithm that exhibits very fast convergence and guaranteed loop-free paths has not changed, so there are no backwards compatibility issues with earlier versions of Cisco IOS software.

Switching Features

The following feature has been added to Cisco's switching software:

• Integrated Routing and Bridging--Integrated routing and bridging (IRB) delivers the functionality to extend VLANs and Layer 2 bridged domains across the groups of interfaces on Cisco IOS software-based routers and interconnect them to the routed domains within the same router.

The ability to route and bridge the same protocol on multiple independent sets of interfaces of the same Cisco IOS software-based router makes it possible to route between these routed and the bridged domains within that router. IRB provides a scalable mechanism for integration of Layer 2 and Layer 3 domains within the same device.

Integrated routing and bridging provides:

• Scalable, efficient integration of Layer 2 and Layer 3 domains: The IRB functionality allows you to extend the bridge domains or VLANs across routers while maintaining the ability to interconnect them to the routed domains through the same router.

• Layer 3 address conservation: You can extend the bridge domains and the VLAN environments across the routers to conserve the Layer 3 address space and still use the same router to interconnect the VLANs and bridged domains to the routed domain.

• Flexible network reconfiguration: Network administrators gain the flexibility of being able to extend the bridge domain across the router's interfaces to provide temporary solution for moves, adds, and changes. This can be useful during migration from a bridged environment to a routed environment, or when making address changes on a scheduled basis.

Note that:

• Currently, IRB supports three protocols: IP, IPX, and AppleTalk, in both fast-switching and process-switching modes.

• IRB is supported for transparent bridging, but not for source-route bridging.

• IRB is supported on all media-type interfaces except X.25 and ISDN bridged interfaces.

• IRB and concurrent routing and bridging (CRB) cannot operate at the same time.

Desktop Protocols

This section describes the desktop protocol features that are new in the initial release of Cisco IOS Release 11.2.

AppleTalk Features

The following feature has been added to Cisco's AppleTalk software:

• AppleTalk Load Balancing--This feature allows AppleTalk data traffic to be distributed more evenly across redundant links in a network.

AppleTalk load balancing can reduce network costs by allowing more efficient use of network resources. Network reliability is improved because the chance that network paths between nodes will become overloaded is reduced. For convenience, load balancing is provided for networks using native AppleTalk routing protocols such as Routing Table Maintenance Protocol (RTMP) and Enhanced IGRP.

AppleTalk load balancing operates with process and fast switching.

Novell Features

The following features have been added to Cisco's Novell software:

• Display SAP by Name--This feature allows network managers to display Service Advertisement Protocol (SAP) entries that match a particular server name or other specific value. The current command that displays IPX servers has been extended to allow the use of any regular expression (including supported special characters) for matching against the router's SAP table.

• IPX Access Control List Violation Logging--With this feature, routers can use existing router logging facilities to log IPX access control list (ACL) violations whenever a packet matches a particular access-list entry. The first packet to match an entry is logged immediately; updates are sent at approximately five minute intervals.

This feature allows logging of:

• Source and destination addresses

• Source and destination socket numbers

• Protocol (or packet) type (for example, IPX, SPX, or NCP)

• Action taken (permit/deny)

Matching packets and logging-enabled ACLs are sent at the process level. Router logging facilities use the IP protocol.

• Plain English IPX access list--Through the use of this feature, the most common protocol and socket numbers used in IPX extended ACLs can be specified by either name or number instead of numbers, as required previously.

Protocol types supported include RIP, SAP, NCP, and NetBIOS. Supported socket types include Novell Diagnostics Packet Enhanced IGRP, and NLSP.

Plain English IPX Access Lists greatly reduce the complexity and increase the readability of IPX extended access control lists, reducing network management expense by making it easier to build and analyze the access control mechanisms used in IPX networks.

Wide-Area Networking Features

This section describes the wide-area networking features that are new in the initial release of Cisco IOS Release 11.2:

ISDN/DDR Enhancements

The following features have been added to Cisco's ISDN and DDR software:

• Multichassis Multilink PPP (MMP)--Multichassis Multilink Point-to-Point Protocol (MMP) extends Multilink PPP (MLP) by providing a mechanism to aggregate B-channels transparently across multiple routers or access servers. MMP defines the methodology for sharing individual links in a MLP bundle across multiple, independent platforms. The primary application for MMP is the ISDN dial-up pool; however, it can also be used in a mixed technology environment.

MMP is based on the concept of a stackgroup--a group of routers or access servers that operate as a group when receiving MLP calls. Any member of the stackgroup can answer any call into the single access number applied to all WAN interfaces. Typically, the access number corresponds to a telco hunt group.

Cross-platform aggregation is performed via tunneling between members of a stackgroup using the Level 2 Forwarding (L2F) protocol, a draft IETF standard.

MMP is flexible and scalable. Because the L2F protocol is IP based, members of a stackgroup can be connected over many types of LAN or WAN media. Stackgroup size can be increased by increasing the bandwidth available to the L2F protocol--for example, by moving from shared to switched Ethernet.

With Multichassis Multilink PPP:

• New devices can be added to the dial-up pool at any time.

• The load for reassembly and resequencing can be shared across all devices in the stackgroup. MMP is less CPU-intensive than MLP.

• MMP provides an interoperable multivendor solution because it does not require any special software capabilities at the remote sites. The only remote requirement is support for industry standard MLP (RFC 1717).

---

Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference.

---

• Virtual Private Dial-up Network-- Virtual Private Dial-up Network (VPDN) allows users from multiple disparate domains to gain secure access to their corporate home gateways via public networks or the Internet. This functionality is based on the Layer 2 Forwarding (L2F) specification that Cisco has proposed as an industry standard to the Internet Engineering Task Force (IETF).

Service providers who wish to offer private dial-up network services can use VPDN to provide a single telephone number for all their client organizations. A customer can use dial-up access to a local point of presence where the access server identifies the customer by PPP user name. The PPP username is also used to establish a home gateway destination. When the home gateway is identified, the access server builds a secure tunnel across the service provider's backbone to the customer's home gateway. The PPP session is also transported to this home gateway, where local security measures can ensure the person is allowed access to the network behind the home gateway.

Of special interest to service providers is VPDN's independence of WAN technology. Since L2F is TCP/IP-based, it can be used over any type of service provider backbone network.

---

Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference.

---

• Dialer Profiles--Dialer profiles allow the user to separate the network layer, encapsulation, and dialer parameters portion of the configuration from that of the interface used to place or receive calls.

Dialer profile extends the flexibility of current dial-up configurations. For example, on a single ISDN PRI or PRI rotary group it is now possible to allocate separate profiles for different classes of user. These profiles might define normal DDR usage or backup usage.

Each dialer profile uses an Interface Descriptor Block (IDB) distinct from the IDB of the physical interface used to place or receive calls. When a call is established, both IDBs are bound together so that traffic can flow. As a result, dialer profiles use more IDBs than normal DDR.

This initial release of dialer profiles does not support Frame Relay, X.25, or Link Access Procedure Balance (LAPB) encapsulation on DDR links or Snapshot Routing capabilities.

• Combinet Packet Protocol (CPP) Support--Combinet Packet Protocol (CPP) is a proprietary encapsulation used by legacy Combinet products for data transport. CPP also defines a methodology for performing compression and load sharing across ISDN links. The Cisco IOS software implementation of CPP supports both compression and load sharing using this proprietary encapsulation.

A large installed base of early Combinet product users cannot upgrade to later software releases that support interoperability standards such as PPP. With CPP support, these users can integrate their existing product base into new Cisco IOS software -based internetworks.

CPP does not provide many of the functions available in Cisco's implementation of the PPP standards. These functions include address negotiation and support for protocols like AppleTalk. Where possible, Cisco recommends that customers migrate to software that supports PPP.

• Half Bridge/Half Router for Combinet Packet Protocol (CPP) and PPP--Half bridge/half router allows low-end, simply configured bridge devices to bridge either PPP or Combinet Packet Protocol (CPP)-encapsulated data to a Cisco IOS core network router. Half bridge/half router is designed for networks that have small-remote Ethernet segments, each with a single PPP- or CPP-compatible bridging device connected to a core network. The serial or ISDN interface on the core network router appears as a virtual Ethernet port to the network. Layer 3 data packets transported across this type of link are first encapsulated within an Ethernet encapsulation. A PPP or CPP bridging header is then added. This facility allows bridged traffic arriving at the core device to be routed from that point on.

This feature is process switched.

Frame Relay Enhancements

The following features have been added to Cisco's Frame Relay software:

• Frame Relay SVC Support (DTE)--Currently, access to Frame Relay networks is through private leased lines at speeds ranging from 56 kbps to 45 Mbps. Bandwidth within the Frame Relay network is permanently committed to providing permanent virtual circuits (PVCs) between the endpoints. Switched virtual circuits (SVCs) allow access through a Frame Relay network by setting up a path to the destination endpoints only when the need arises. This is similar to X.25 SVCs, which allow connections to be set up and torn down based upon data traffic requirements. Although SVCs entail overhead for setting up and tearing down links, the VC is only established when data must be transferred, so the number of VCs is proportional to the number of actual conversations between sites rather than the number of sites.

Frame Relay SVCs offer cost savings via usage-based pricing instead of fixed pricing for a PVC connection, dynamic modification of network topologies with any-to-any connectivity, dynamic network bandwidth allocation or bandwidth-on-demand for large data transfers such as FTP traffic, backup for PVC backbones, and conservation of resources in private networks.

To use Frame Relay SVCs, Frame Relay SVC must be supported by the Frame Relay switches used in the network. Also, a Physical Local Loop Connection, such as a leased or dedicated line, must exist between the router (DTE) and the local Frame Relay switch.

• Traffic Shaping over Frame Relay

  ---

  Note Traffic shaping over Frame Relay is not available in Release 11.2(1). This feature will be available in a subsequent maintenance release of Release 11.2. Refer to software defect ID CSCdi60734.

  ---

The Frame Relay protocol defines several parameters that are useful for managing network traffic congestion. These include Committed Information Rate (CIR), Forward/Backward Explicit Congestion Notification (FECN/BECN), and Discard Eligibility (DE) bit. Cisco already provides support for FECN for DECnet and OSI, BECN for Systems Network Architecture (SNA) traffic using direct LLC2 encapsulation via RFC 1490, and DE bit support. The Frame Relay Traffic Shaping feature builds upon this support by providing the following three capabilities:

• Rate Enforcement on a per virtual circuit (VC) basis: A peak rate can be configured to limit outbound traffic to either the CIR or some other defined value such as the Excess Information Rate (EIR).

• Generalized BECN support on a per VC basis: The router can monitor BECNs and throttle traffic based upon BECN marked packet feedback from the Frame Relay network.

• Priority/Custom/First In, First Out Queuing (PQ/CQ/FIFO) support at the VC level: This allows for finer granularity in the prioritization and queuing of traffic, providing more control over the traffic flow on an individual VC.

Frame Relay Traffic Shaping:

• Eliminates bottlenecks in Frame Relay network topologies with high-speed connections at the central site, and low-speed connections at the branch sites. Rate Enforcement can be used to limit the rate at which data is sent on the VC at the central site.

• Provides a mechanism for sharing media by multiple VCs. Rate Enforcement allows the transmission speed used by the router to be controlled by criteria other than line speed, such as the CIR or EIR. The Rate Enforcement feature can also be used to pre-allocate bandwidth to each VC, creating a Virtual Time Division Multiplexing network.

• Dynamically throttles traffic, based on information contained in BECN-tagged packets received from the network. With BECN-based throttling, packets are held in the router's buffers to reduce the data flow from the router into the Frame Relay network. The throttling is done on a per VC basis and the transmission rate is adjusted based on the number of BECN-tagged packets received.

• Defines queuing at the VC or subinterface level. Custom Queuing with the Per VC Queuing and Rate Enforcement capabilities enable Frame Relay VCs to be configured to carry multiple traffic types (such as IP, SNA and IPX), with bandwidth guaranteed for each traffic type.

The three capabilities of the Traffic Shaping for Frame Relay feature require the router to buffer packets to control traffic flow and compute data rate tables. Because of this router memory and CPU utilization, these features must be used judiciously to regulate critical traffic flows while not degrading overall Frame Relay performance.

IBM Functionality

This section describes the IBM network software features and support that are new in the initial release of Cisco IOS Release 11.2.

New Features

The following new IBM software features are available:

• Native Client Interface Architecture (NCIA) Server--The native client interface architecture (NCIA) server, introduced by Cisco Systems for access of IBM SNA applications over routed internetworks, has been enhanced to be more flexible and scalable. The NCIA client, implemented in the client workstation, encapsulates the full SNA stack inside TCP/IP packets. These packets are sent to the NCIA Server implemented in Cisco IOS software. The NCIA server de-encapsulates the TCP/IP packet and sends the LLC data to the host processor via remote source-route bridging (RSRB) or Data Data link switching plus (DLSw+).

The NCIA server supports SNA and NetBIOS sessions over a variety of LAN and WAN connections, including dial-up connections. The NCIA architecture supports clients with full SNA stacks--providing all advanced SNA capabilities, unlike some split-stack solutions.

NCIA server enhancements provide:

• Simplified client configuration: It is no longer necessary to predefine ring numbers, and the NCIA erver supports optional dynamic assignment of MAC addresses. There is no Logical Link Control, type 2 (LLC2), at the client. The client is configured as an end station, not a router peer.

• Scalability: The limit is based on the number of LLC connections in the central site router rather than RSRB peer connections.

Note that each client is a full SNA physical unit (PU) with one or more logical unit (LU)s. As such, each device requires one LLC connection at the central site router. The Cisco 4700 currently supports 3000 to 4000 LLC connections.

• TN3270 Server--The TN3270 Server is a new feature of the Channel Interface Processor (CIP) for the Cisco 7000 family of routers. The TN3270 Server allows TN3270 and TN3270E clients access to IBM and IBM-compatible mainframes without the limitations of existing alternatives. It off loads 100 percent of the TCP/IP and TN3270 cycles from the mainframe, and offers a robust, scalable, and dynamic implementation that meets the stringent requirements of the data center.

The TN3270 Server on the CIP supports up to 8000 concurrent sessions on a CIP and up to 16000 concurrent sessions on a CIP2 card. The TN3270 Server offers the following advanced capabilities:

• Load Balancing and Redundancy: Provides effective utilization of CIP resources and more consistent response times.

• End-to-End Session Visibility: Provides enhanced management of resources.

• SNA Session Switching: The SNA Session Switch enables cross-domain traffic to bypass the owning virtual telecommunications access method (VTAM).

• TN3270E Support: In combination with a TN3270E client, provides advanced SNA management and SNA functionality, including printer support.

• Dynamic Definition of Dependent LUs: Provides simplified configuration and network definition at the router and in VTAM.

• Dynamic Allocation of LUs: Removes the need to pool LU resources while supporting multiple SNA model types.

TN3270 Server requires 32 MB of CIP DRAM to support up to 4000 sessions, 64 MB to support 8000 sessions, and 128 MB to support 16000 sessions. TN3270 Server can run concurrently with any of the other CIP applications (IP Datagram, TCP/IP Off-load, or CSNA), but operation of any of these features will affect the total number of sessions supported due to contention for CIP processor cycles.

• Fast Switched Source-Route Translational Bridging --With Cisco IOS Software Release 11.2, Switched Source-Route Translational Bridging (SR/TLB) is fast switched. No queuing is done and resource utilization is low. This enhancement is on by default, but can be disabled. It is supported across all router platforms.

Fast Switched SR/TLB improves performance on all platforms by a factor of at least two. It is ideal for IBM environments (for example, where low-cost Ethernet adapters are being installed on campus, but Token Ring connectivity to a front-end processor(FEP) is still required) and for campus environments with a mix of Token Ring and Ethernet LANs and/or switches that rely on the Cisco IOS software for translational bridging.

• Response Time Reporter--The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications and pre-problem analysis. RTR offers enhanced functionality over a similar IBM product, NetView Performance Monitor.

RTR enables the following functions to be performed:

• Troubleshoot problems by checking the time delays between devices (such as a router and a MVS host) and the time delays on the path from the source device to the destination device at the protocol level.

• Send Simple Network Management Protocol (SNMP) traps and/or SNA Alerts/Resolutions when one of the following has occurred: a user-configured threshold is exceeded, a connection is lost and reestablished, or a timeout occurs and clears. Thresholds can also be used to trigger additional collection of time delay statistics.

• Perform pre-problem analysis by scheduling the RTR and collecting the results as history and accumulated statistics. The statistics can be used to model and predict future network topologies.

The RTR feature is currently available only with feature sets that include IBM support. A CiscoWorks Blue network management application will be available to support the RTR feature. Both the CiscoWorks Blue network management application and the router use the Cisco Round Trip Time Monitor (RTTMON) MIB. This MIB is also available with Release 11.2.

APPN Enhancements

The following features have been added to Cisco's Advanced Peer-to-Peer Networking (APPN) software:

• APPN Central Resource Registration--APPN Central Resource Registration (CRR) support allows a Cisco IOS software-based router acting as a network node (NN) to register the resources of end nodes (ENs) to the Central Directory Service (CDS) on advanced communication facility/virtual telecommunication Access Method (ACF/VTAM). A Cisco IOS NN will now register resource names with a VTAM CDS as soon as it establishes connectivity with it. Prior to this enhancement, the router acting as a NN could not register EN resources. ACF/VTAM could, however, query the router to find these resources.

The CDS reduces broadcast traffic in the network. Without an active CDS on ACF/VTAM, the NN must send a broadcast message to the network to locate nonlocal resources required for a session. With an active CDS, the NN sends a single request directly to the CDS for the location of the resource. A network broadcast is used only if the resource has not registered with the CDS.

ACF/VTAM must be configured as a CDS. The Cisco IOS NN learns of the capability when network topology is exchanged. To most effectively use the CDS, ENs should register the resources with the NN. Depending on the EN implementation, registration might occur automatically, might require configuration on the EN, or might not be a function of the EN.

• APPN DLUR MIB--The existing APPN Management Information Base (MIB) does not contain information about Dependent Logical Units (DLUs) accessing the APPN network through the DLU Requester (DLUR) function in the Cisco IOS NN. A standard MIB for DLUR has been defined by the APPN Implementers Workshop (AIW), the standards body for APPN, and is implemented in this release of the Cisco IOS software.

With the APPN DLUR MIB, users have access to information collected about the DLUR function in the Cisco IOS NN and the DLUs attached to it for more complete network management information.

Data Link Switching+ (DLSw+) Features and Enhancements

The following features have been added to Cisco's DLSw+ software. These features had previously been available with Remote Source-Route Bridging (RSRB). To provide these features for DLSw+, the Cisco IOS software uses a component known as Virtual Data Link Control (VDLC) that allows one software component to use another software component as a data link.

• LAN Network Manager (LNM) over DLSw+--LAN Network Manager (LNM) over DLSw+ allows DLSw+ to be used in Token Ring networks that are managed via IBM's LNM software.

With this feature, LNM can be used to manage Token Ring LANs, Control Access Units (CAUs), and Token Ring attached devices over a DLSw+ network. All management functions continue to operate as they would in an RSRB network or source-route bridged network.

• Native Service Point (NSP) over DLSw+--Native Service Point (NSP) over DLSw+ allows Cisco's NSP feature to be used in conjunction with DLSw+ in the same router.

With this feature, NSP can be configured in remote routers, and DLSw+ can provide the path for the remote service point PU to communicate with NetView. This allows full management visibility of resources from a NetView 390 console, while concurrently offering the value-added features of DLSw+ in an SNA network.

• Down Stream Physical Unit (DSPU) over DLSw+--Down Stream Physical Unit (DSPU) over DLSw+ allows Cisco's DSPU feature to operate in conjunction with DLSw+ in the same router. DLSw+ can be used either upstream (towards the mainframe) or downstream (away from the mainframe) of DSPU.

DSPU concentration consolidates the appearance of up to 255 physical units into a single PU appearance to VTAM, minimizing memory and cycles in central site resources (VTAM, NCP, and routers) and speeding network startup. Used in conjunction with DLSw+, network availability and scalability can be maximized.

• Advanced Peer-to-Peer Networking (APPN) over DLSw+--Advanced Peer-to-Peer Networking (APPN) over DLSw+ allows Cisco's APPN feature to be used in conjunction with DLSw+ in the same router.

With this feature, DLSw+ can be used as a low-cost way to access an APPN backbone or APPN in the data center. In addition, DLSw+ can be used as a transport for APPN, providing nondisruptive recovery from failures and high-speed intermediate routing. In this case, the DLSw+ network appears as a connection network to the APPN network nodes (NNs).

• Source-Route Bridging (SRB) over FDDI to DLSw+--This feature allows access to DLSw+ over source-route bridged Fiber Distributed Data Interface (FDDI) LANs. In the past, the supported local DLCs were only Token Ring, Ethernet, or SDLC. With this extension, Token Ring-attached devices can access a DLSw+ router using source-route bridging over an FDDI backbone. At the remote site, the device can be attached over Token Ring, Ethernet, SDLC, or FDDI. This is useful either in environments with Token Ring switches that use FDDI as a campus backbone or in environments with Cisco 7000 and Cisco 7500 series routers providing SRB over an FDDI backbone.

This feature allows SRB over FDDI to provide the highest speed access between campus resources, while concurrently allowing DLSw+ for access to remote resources.

Currently, SRB over FDDI is supported by the Cisco 7000 and Cisco 7500 series platforms only.

Security Features

This section describes the security features that are new in the initial release of Cisco IOS Release 11.2.

New Features

• Router Authentication and Network-Layer Encryption--This feature provides a mechanism for secure data transmission. It consists of two components:

  • Router Authentication: Prior to passing encrypted traffic, two routers perform a one-time, two-way authentication by exchanging Digital Signature Standard (DSS) public keys. The hash signatures of these keys are compared to authenticate the routers.

  • Network-Layer Encryption: For IP payload encryption, the routers use Diffie-Hellman key exchange to securely generate a DES 40- or 56-bit session key. New session keys are generated on a configurable basis. Encryption policy is set by crypto-maps that use extended IP Access Lists to define which network, subnet, host, or protocol pairs are to be encrypted between routers.

This feature can be used to build multiprotocol Virtual Private Networks (VPNs), using encrypted Generic Routing Encapsulation (GRE) tunnels. It can also be used to deploy secure telecommuting services, intranet privacy, and virtual collaborative or community-of-interest networks.

All components of this feature are subject to U.S. Department of Commerce export regulations. Encryption is currently IP only, though it does support multiprotocol GRE tunnels. This feature is most appropriately deployed in a relatively small number of routers, with a logically flat or star-shaped encryption topology. Load-sharing of the encryption/decryption function is not supported. Without a Certification Authority (CA), the one-time authentication effort increases exponentially with the number of routers. Router authentication requires the network administrator to compare the hashes produced by the routers once during initial configuration. This version of encryption is not IPSEC compliant.

• Kerberos V Client Support--This feature provides full support of Kerberos V client authentication, including credential forwarding.

Systems with existing Kerberos V infrastructures can use their Key Distribution Centers (KDCs) to authenticate end users for network or router access.

This is a client implementation, not a Kerberos KDC. Kerberos is generally considered a legacy security service and is most beneficial in networks already using Kerberos.

TACACS+ Enhancements

The following features have been added to Cisco's Terminal Access Controller Access Control System (TACACS)+ software:

• TACACS+ Single Connection--Single Connection is an enhancement to the network access server that increases the number of transactions per second supported. Prior to this enhancement, separate TCP connections would be opened and closed for each of the TACACS+ services: authentication, authorization, and accounting. This became a bottleneck for improving throughput on authentication services for large networks.

Single Connection is an optimization whereby the network access server maintains a single TCP connection to one or more TACACS+ daemons. The connection is maintained in an open state for as long as possible, instead of being opened and closed each time a session is negotiated. It is expected that Single Connection will yield performance improvements on a suitably constructed daemon.

Currently, only the CiscoSecure daemon V1.0.1 supports Single Connection. The network access server must be explicitly configured to support a Single Connection daemon. Configuring Single Connection for a daemon that does not support this feature will generate errors when TACACS+ is used.

• TACACS+ SENDAUTH Function--SENDAUTH is a TACACS+ protocol change to increase security. SENDAUTH supersedes SENDPASS. SENDAUTH and SENDPASS are documented in Version 1.63 of the TACACS+ protocol specification, which is available from CCO or via anonymous FTP from ftp-eng.cisco.com.

The network access server can support both SENDAUTH and SENDPASS simultaneously. It detects if the daemon is able to support SENDAUTH and, if not, will use SENDPASS instead. This negotiation is virtually transparent to the user, with the exception that the down-rev daemon can log the initial SENDAUTH packet as unrecognized.

SENDAUTH functionality requires support from the daemon, as well as the network access server.

Network Management

This section describes the network management features that are new in the initial release of Cisco IOS Release 11.2.

New Features

• ClickStart--ClickStart is a powerful Web-based software solution that enables users to install a Cisco router in minutes. ClickStart enables Cisco 1000 series ISDN access routers to be accessed by any Web browser on any desktop platform including MS Windows, Windows 95, Windows NT, UNIX and, MacOS. The easy-to-use Web-based interface guides users through the router installation process. By completing an initial setup form, a user can easily configure the router and bring up the ISDN network connection. The router is then manageable from a central location, so that fine-tuning and upgrades can be performed remotely.

MIBs Supported

The following MIB support has been added:

• APPN DLUR MIB

See the "APPN Enhancements" section for details.

• RTTMON Support

See the "New Features" subsection in the "IBM Functionality" section for details.

• Cisco IP Encryption MIB

• Cisco Modem Management MIB

• Cisco SYSLOG MIB

• Cisco TN3270 Server MIB

Cisco IOS Feature Sets for Cisco 1000 Series Routers

This section lists Cisco IOS software feature sets available in Cisco IOS Release 11.2.
These features are available in specific features sets on specific platforms.

Table 2 through Table 5 use these feature set matrix symbols to identify features:

Cisco IOS images with 40-bit Data Encryption Standard (DES) support might legally be distributed to any party eligible to receive Cisco IOS software. 40-bit DES is not a cryptographically strong solution and should not be used to protect sensitive data.

Cisco IOS images with 56-bit DES are subject to International Traffic in Arms Regulations (ITAR) controls and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders might be denied or subject to delay because of U.S. government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.

Table 5 provides a matrix of the new feature set organization and shows which feature sets are available on the various hardware platforms. These feature sets only apply to Cisco IOS Release 11.2.

Feature Set Tables

The Cisco IOS software is available in different feature sets depending upon the platform. Table 4 and Table 5 list the available feature sets for the Cisco series routers.

Upgrading to a New Software Release

If you are upgrading to Cisco IOS Release 11.2 from an earlier Cisco IOS software release, you should save your current configuration file before configuring your access server with the Cisco IOS Release 11.2 software. An unrecoverable error could occur during download or configuration.

Cisco IOS Upgrade Procedure

For instructions on downloading a current Cisco IOS release from the CCO Trivial File Transfer Protocol (TFTP) server, go to the following URL. This URL is subject to change without notice.

http://www.cisco.com/kobayashi/sw-center

The Software Center window is displayed.

Step 1 Click Cisco IOS Software. The Cisco IOS Software window is displayed.

Step 2 Click Cisco IOS 11.2. The Cisco 11.2 Software Upgrade Planner window is displayed.

Step 3 Click Download Cisco IOS 11.2 Software. The Software Checklist window is displayed.

Step 4 Select the appropriate information in each section of the Software Checklist window.

• Hardware

• Release

• Software and hardware release

Step 5 Click Execute. The software release is downloaded to your desktop computer.

Step 6 Transfer the software release to a local TFTP server on your network using a terminal emulation software application such as TCP Connect.

Step 7 Log on to your router. Copy the software release from your TFTP server to your router, using the copy tftp command.

Memory Requirements

Beginning with Cisco IOS Release 10.3, some software image sizes exceed 4 MB and, when compressed, exceed 2 MB. Also, some systems now require more than 1 MB of main system memory for data structure tables.

For Cisco routers to take advantage of the Release 11.2 features, you must upgrade the code or main system memory. Some platforms have specific chip or architecture requirements that affect what can be upgraded and in what increments.

Table 6 and Table 7 describe the memory requirements for each Cisco 1000 series router's feature set supported by Cisco IOS Release 11.2.

Important Notes

This section describes warnings and cautions about using the Cisco IOS Release 11.2 software. It discusses the following topics:

• Traffic Shaping over Frame Relay

• LAN Extension

• Forwarding of Locally Sourced AppleTalk Packets

Traffic Shaping over Frame Relay

Traffic shaping over Frame Relay is available only in Release 11.2(8) and above. Refer to software defect ID CSCdi60734 and CSCdi 88662.

LAN Extension

The LAN extension interface does not function correctly in Release 11.2(1). The behavior is that the LAN extension NCP negotiates and sets the LAN extension interface state to "up" and the show controller lex number command displays the message "No inventory message received from LAN Extender." Turning on the LAN extension RCMD debugging shows that every remote command is being rejected with the message "LEX-RCMD: encapsulation failure." There is no workaround. Refer to software defect ID CSCdi66478. This defect is fixed in software Release 11.2(2) and above.

Forwarding of Locally Sourced AppleTalk Packets

Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.

Caveats for Release 11.2(1) Through 11.2(11)

This section describes possibly unexpected behavior by Release 11.2(11). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(11). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• Under rare circumstances, a Cisco AS5200 may crash after displaying either a "%SYS-2-BLOCK" or "%SYS-2-BLOCKHUNG" message. [CSCdj30206]

• Under unknown circumstances, an AS5200 PRI D channel may get stuck in the state "TEI_ASSIGNED" rather than "MULTIPLE FRAME ESTABLISHED" which is the normal operating condition. This state is shown by the show isdn status command.

The workaround at this time is to reload the router. Issuing the shut and no shut commands on the affected interface does not help. [CSCdj41613]

• Running Cirrus' microcode version less than 0x1F will cause high CPU utilization on the Cisco AS5200, which can cause existing calls to drop. [CSCdj68729]

AppleTalk

• The system may unexpectedly stop sending AARP request packets. Turning on AARP gleaning may help alleviate the problem. [CSCdi41414]

• When using the ARAP client 2.1, the user is not able to dial in to an AS5200 with Cisco IOS Release 11.1 if the AS5200 has autoselect configured.

To work around this problem, do one of the following:

- Remove autoselect and use ARAP dedicated.

- Use the ARAP 2.0.1 client.

- Turn on MNP10 on the ARAP 2.1 client.

- Modify the client CCL script to extend the pause to 3 seconds before exiting. [CSCdj09817]

• The Catalyst 5000 RSM with only 16 MB of RAM may experience a system reload at initialization if running the -jsv image. The workaround is to add more memory. [CSCdj63501]

Basic System Services

• On RSP interfaces, optimum switching is supposed to be the default. However, depending on the link order of the image, it can default to off. [CSCdi54567]

• If you see the message "%RSP-3-RESTART: interface Serial x/y, output stuck" on an RSP-based platform, you might have problems with the output interfaces. This problem can occur when bursty traffic is optimum-switched to an output interface on which either fair queue or transmit-buffers backing-store is enabled. A possible workaround is to disable optimum switching. [CSCdi56782]

• The router might reload when trying to process the show accounting command. [CSCdi69364]

• In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• Adding an RSRB peer with direct encapsulation on a Cisco 7000 router configured with CSNA causes a "%RSP-3-RESTART: cbus complex restart" message and takes down the CIP interface. [CSCdi82836]

• Fast switching and optimum switching counters should be broken out separately in the output of the show interface switching command. [CSCdi87008]

• Enabling custom queuing on a Cisco 7200 router may result in an excessive increase in CPU use. [CSCdj05099]

• A timing window within ccp_up could cause the router to crash if a packet gets sent to the hardware or distributed compressor while CCP is coming up. [CSCdj12504]

• Under heavy interrupt load, driver instrumentation gets hit repeatedly while processes are accessing the instrumentation variables (for example, last output time). This causes a number of problems, including stuck output and incorrect user displays. There is no known workaround. [CSCdj15583]

• A router configured with the ip identd and with aaa authentication login default tacacs+ enable commands reloads itself under these conditions:

- The router is resolving host names via an external DNS server.

- The TACACS server is down.

- The user gains access to the router via the backup "enable" method.

- The user attempts to Telnet from the router to a host on the network.

After the Telnet is initiated, the router immediately reloads.

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default). [CSCdj19961]

• A recovery mechanism for misaligned 64-bit accesses has been added. This new functionality is similar to the current misaligned handler for shorter misaligned accesses. [CSCdj20738]

• Currently, Cisco 7200 series routers do not produce a core dump for the I/O memory region in any Cisco IOS release. Sometimes it is necessary to get this information if memory corruption is suspected. [CSCdj25189]

• On a Cisco RSP7000 or 7500, optimum switching appears to negatively interfere with Frame Relay switching. An IP route cache is created and connectivity between sites is lost. The behavior appears to be sporadic. [CSCdj26122]

• The tacacs-server directed-request restricted command applies only to authentication, not to accounting or authorization. Therefore, there is no way to restrict a user's authorization or accounting to a given set of servers, which can lead to inconsistencies. For example, authentication for a directed user can be attempted only on the restricted servers, whereas authorization or accounting can be attempted on nonrestricted servers as well. This inconsistency can cause authentication to pass while authorization fails for a given user. [CSCdj37496]

• In rare cases, an error may occur in Cisco routers. It may be seen as an error message describing an inconsistent state in allocating or deallocating blocks of memory.

An error was introduced by CSCdj42505 in Release 11.2 P and CSCdj22736 in Release 11.1CC. It does not exist in other IOS releases. [CSCdj44667]

• A Cisco router reloads with a bus error after adding three to four segments on a Cisco 7206 running Release 11.2(8)P. [CSCdj57506]

• An SNMP trap process can cause high CPU utilization. The workaround is to remove SNMP. [CSCdj63629]

• The patch added in CSCdi37706 and incorporated into Cisco IOS Releases 11.2(8.1), 11.2(8.1)P, 11.3(0.2) and 11.2(8.1)BC was intended to correct a cosmetic problem with command authorization.

Instead it exposed a bug in older implementations of the developers kit TACACS+ daemon (freeware) and will cause certain command authorizations to fail.

All freeware daemon versions prior to version 3.0.13 are subject to this problem including the ACE Safeword Security Server daemon. CiscoSecure daemons are not affected. [CSCdj66657]

• When a user dials into an AS5200/AS5300 using ISDN, the cpmActiveUserID object in the CISCO-POP-MGMT.mib is not updated and is left blank. [CSCdj66942]

• ARAP (ARA 2.1 & 3.0 client) with single line password using TACACS+ does not work.

To use the single line option, specify username*password in the username field and the word "arap" (lower case) in the password field.

The ARA 2.1 client returns the error "The connection attempt has failed. The server you called is not a valid Remote Access."

The ARA 3.0 client returns the error "User authentication failed. Check your user name and password and try again." [CSCdj68015]

EXEC and Configuration Parser

• When the encapsulation is changed on an interface from one that supports weighted fair queueing to one that does not, and the change is made from the console or auxiliary port, there may be an 8-Kb memory loss each time the encapsulation is changed. To identify this problem, examine the output of the show memory allocating-process command, which shows that the number of memory blocks allocated by the EXEC increases each time you change the encapsulation. If you do not change the encapsulation on an interface often, this problem should not have a significant impact on system performance. [CSCdi89723]

• If the line speed on an AS5300 is configured for tty lines that span a Microcom modem followed by a Moca modem, the output of the show running-config and copy running-config startup-config commands is wrong for the speed commands on those lines. [CSCdj41555]

IBM Connectivity

• Low-end platforms cache invalid RIF entries when using any form of the multiring command. This problem can also be seen in the DLSw reachability cache and with possible loops with LNM. [CSCdi50344]

• RSRB does not declare the peer dead until the keepalive times out. In order for RSRB to detect the dead peer so that the ring list can be cleaned up properly, set the keepalive value as small as possible. [CSCdi50513]

• Removing a DLSw configuration by configuring no dlsw local-peer and adding the DLSw configuration back can cause a memory leak in the middle buffer. [CSCdi51479]

• In some mixed-vendor bridge environments, Automatic Spanning Tree (AST) may not become active if the Cisco platform is the root bridge. The message-age-increment option is now available as part of the source-bridge spanning command to assist with the message-age count manipulation. This hidden command may be needed when the existing MAXAGE value is insufficient for network diameter and the maximum age is not configurable by the vendor bridges. [CSCdi53651]

• The LAN Network Manager (LNM) fails to link to the router's source bridge after the Token Ring interface is shut down on the remote router. The show lnm bridge command continues to display "Active Link" to the LNM. This problem does not occur when bridges are linked locally to the LNM. The workaround is to remove the source-bridge command from the Token Ring interface and configure it back in. [CSCdi53954]

• When the router is configured to use the DSPU feature, it may crash during deactivation of multiple downstream physical units (PUs). [CSCdi54114]

• A router may crash when DSPU debugging is enabled on a Cisco 4500 or Cisco 7500 router. [CSCdi54277]

• The BADLINESTATE message indicates that a frame was received while the router was transmitting. This points to a misconfiguration somewhere in the system as the bisync protocol is supposed to ensure half-duplex operation.

  • If the connecting device is configured FULL-DUPLEX or CONSTANT RTS, configure the interface bsc fdx.

  • The poll-timeout of the connecting HOST may be too short. To recover, issue the shut command on the interface. [CSCdi54541]

• Some NetBIOS applications that require a UI frame in response to Add Name Query cannot connect using a DLSw peer on demand if the NetBIOS circuit is the initial circuit that triggers the peer-on-demand to connect. [CSCdi54796]

• A sniffer trace shows duplicate ring numbers in the RIF when proxy explorers are in use. New SNA sessions fail to connect to the FEP. The workaround is to issue the clear rif command. [CSCdi55032]

• It is not possible to configure more than one DLSw remote peer using direct encapsulation for the same Frame Relay interface. The following error message is produced when the second peer is defined:

%Must remove the remote-peer to change the lf

The workaround is to use TCP encapsulation. [CSCdi55075]

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]

• A connection to a DLU (DSPU or APPN) across RSRB may fail if the remote SAP address is not enabled at the destination router. The workaround is to enable the remote SAP address. [CSCdi56660]

• DLSw FST encapsulation does not work over WAN, Token Ring, or FDDI interfaces. [CSCdi57207]

• An APPN router may unbind an LU6.2 session after receiving an unsolicited IPM with a nonzero next-window size. [CSCdi57730]

• A FRAS BNN-to-SDLC link does not restart when a Frame Relay interface is power-cycled. After the CSU is powered off, the "fras backup rsrb" kicks to put the SDLLC traffic across the RSRB peers. When the CSU is powered back on and the Frame Relay DLCI comes back up, the FRAS BNN connection to the SDLC nodes does not reactivate, although connections to Token Ring nodes do restart. [CSCdi61156]

• When an AS400 is configured as a network management focal point, it will initiate the MDS transaction program. The router does not handle it properly and corrupts memory.

The workaround is to turn off the focal point feature in the AS400. See the network attribute configuration panel in the AS/400. [CSCdi67820]

• A bus error occurred at PC0x169a46. The stack trace indicates a problem in the LNX process. This problem occurs on X.25. [CSCdi73516]

• When the fast source-route translational bridging feature is configured, packets are corrupted. The workaround is to issue the no source-bridge fastswitch ring-group fastswitch command, which disables the fast source-route translational bridging feature. [CSCdi87612]

• A Cisco 7204 router running Cisco IOS Release 11.2(4) and the rsr-bridging feature is intermittently reloaded by itself with a software-forced crash resulting from memory corruption. [CSCdj13017]

• A router configured for DLSw has a buffer leak in the middle and big buffers. Eventually, the router runs out of I/O memory.

The problem is related to the way DLSw backup peers are configured. This problem occurs only if the local router is configured with backup peer commands and the remote router also has a configured peer and is not promiscuous.

The workaround is to remove the DLSw backup peer configuration. [CSCdj21664]

• The backup is not invoked until the interface transitions to the down state. [CSCdj22613]

• When testing FRAS BAN for SDLC attached PU 2.1 and PU 2.0 and using RSRB backup over PSTN, the PUs failed to connect after the Frame Relay interface was brought back up after a link failure.

The output of the show fras command showed ls-reset backup enabled. In order to reconnect the PUs, the fras backup rsrb statement must be removed or the serial interfaces configuration deleted and then readded. [CSCdj39306]

• When using APPN ISR over an RSRB port over FDDI, a Cisco 7200 series router may start sending frames with the non-bitswapped address of the target device.

To work around this problem, configure a MAC address on the target device that is always the same whether it is canonical or non-canonical (for example, 4242.6666.ffff). [CSCdj48606]

• An APPN router may fail the ACT_ROUTE if using parallel transmission groups (TGs). This problem may occur when an APPN router has two parallel links defined with the adjacent node. If the adjacent node activated a link to the network node (NN) requesting a TG number that had previously been used for a different defined link activation, the NN may fail the ACTIVATE_ROUTE. The APPN router sometimes tries to incorrectly activate the route using the other inactive link that has the same TG number. [CSCdj49814]

• Under certain circumstances, APPN may crash with the following stack trace.

> System was restarted by bus error at PC 0x6C75DC[_Mfree(0x6c75b6)+0x26], address 0xFFFFFFF8[_etext(0x73ab50)+0xff8c54a8]
> Image text-base: 0x00012000[__start(0x12000)+0x0], data-base: 0x0073AB50[__etext(0x73ab50)+0x0]
> FP: 0x872C74[_etext(0x73ab50)+0x138124], RA: 0x6588BC[_session_failure_clean_up(0x658502)+0x3ba]
> FP: 0x872EB8[_etext(0x73ab50)+0x138368], RA: 0x65C6E6[_process_cp_status_sig(0x65c2da)+0x40c]
> FP: 0x8730F0[_etext(0x73ab50)+0x1385a0], RA: 0x64D820[_xxxmss00(0x64d64e)+0x1d2]
> FP: 0x873210[_etext(0x73ab50)+0x1386c0], RA: 0xB720C[_process_hari_kari(0xb720c)+0x0]

[CSCdj51051]

• Frames may get corrupted while moving from an Ethernet segment to a FRAS-BAN interface. This is because of a problem in transparent bridging with Frame Relay. This caveat is the same as CSCdj47881. [CSCdj58692]

• A Cisco 2500 series router can crash when configuring the x25 map qllc ntn command in a DSPU PU over X25 configuration. There is no known workaround. [CSCdj61675]

• When source-route translational bridging is used, LLC sessions initiated from the transparent domain results in the source route's largest frame being incorrectly set to 4472 bytes instead of 1500 bytes. The result is that SNA and NetBIOS sessions may fail if the source-route station sends a frame with a payload that exceeds the maximum allowable size of 1500 bytes for Ethernet media.

The problem typically occurs when NetBIOS is utilized to allow workstations to communicate between Ethernet and Token Ring. It also occurs when SNA is used.

The workaround is to disable fast-switching by using the no source-bridge transparent fastswitch command or configuring the end stations to use frames with a payload of less than or equal to 1500 bytes. [CSCdj62385]

• The APPN router may have an excessive amount of processor memory allocated to APPN after experiencing several spikes in APPN processing. The APPN memory manager was optimized to release groups of unused pools back to the operating system. [CSCdj62502]

• A Cisco 4500 router running Release 11.2(9.1) crashed when configured for bisync (BSC) [CSCdj65763]

• The router may send a FRMR when the role is primary. The default behavior is changed so that it can only send FRMR as a secondary. If this presents a problem, use the frmr-disable interface configuration option to prevent a FRMR from being sent as a primary or secondary. [CSCdj66967]

• Any DLUR installation with over 800 to 1000 downstream PUs may experience a reload with the following backtrace:

[abort(0x601f2c3c)+0x8]
[crashdump(0x601f0b20)+0x94]
[process_handle_watchdog(0x601c2f08)+0xb4]
[signal_receive(0x601b7d58)+0xa8]
[process_forced_here(0x60169424)+0x68]
[locate_node_index(0x607dbcc0)+0x64]
[etext(0x60849e00)+0xcbee04]

[CSCdj67966]

• DSPU over RSRB with FST encapsulation reloads with a bus error similar to the following, when an upstream or downstream connection is initializing:

System was restarted by bus error at PC 0xCC6B8, address 0xFC4AFC82 4000 Software (C4000-JS-M), Version 11.2(10.3), MAINTENANCE INTERIM SOFTWARE Compiled Mon 01-Dec-97 19:45 by ckralik (current version) Image text-base: 0x00012000, data-base: 0x0076AE64

The workaround is to use TCP encapsulation for RSRB or to switch to DLSw. [CSCdj68261]

Interfaces and Bridging

• The serial interface on a Cisco 2500 series router enters a looped state if it is configured as a backup DTE interface and if the cable is disconnected and reconnected a few times. To fix the problem, enter the clear interface command. [CSCdi32528]

• Running SRB over FDDI on Cisco 4000 series routers may not perform as well as expected. However, this behavior should not seriously impact network functionality. [CSCdi69101]

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]

• The FDDI interface driver can interact poorly with OSPF during OIR, causing SPF recalculations. This occurs only when OSPF is running on a FDDI interface that is not being inserted or removed. This fix eliminates the spurious indication from the driver that the SPF recalculation needs to take place. [CSCdi81407]

• Running high traffic on a Cisco 3620 that is running Cisco IOS Release 11.1 AA images on a two Ethernet in/two Ethernet out testbed shows that the sustained performance for fast-switching drops dramatically at near-line rate. The problem disappears once traffic is reduced. This problem does not occur with Release 11.2 P images. [CSCdi83922]

• OIR removal of a FIP from one slot into another will cause the FDDI to permanently remain in DOWN/DOWN. A reload is needed to get it up. OIR removal and putting it back into the same slot works fine. [CSCdi87221]

• A TRIP interface configured for transparent bridging but not configured for source-route bridging may silently drop some incoming frames. Specifically, if the interface receives a frame with a length less than 120 bytes and the RII bit is set (indicating a source-route bridging frame) it may drop the next frame received. This can cause the interface's keepalive processing to fail and can lead to sporadic resets on the interface. [CSCdi88756]

• A Cisco 7500 series router might resign its active HSRP status when configured on an FEIP, if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• The POS interface specific configuration commands pos specify-s1s0 and pos specify-c2 do not work correctly. [CSCdj09646]

• A Cisco AS5200 crashes with a bus error if it is powered on without any modem modules plugged into it. [CSCdj20225]

• Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload. [CSCdj22485]

• The V.110 modules in an AS5200 fails the first time the autoselect ppp command is used after power up or when the modem hold-reset command is used on all 12 ports simultaneously.

A workaround for this problem is to execute the clear line command on all V.110 lines after the following events:

• Power up initialization.

• Using the modem hold-reset command on all 12 ports. [CSCdj23972]

• Setting encapsulation fddi without bridging enabled on a VIP2/FDDI and FIP in RSP causes the interface to bridge transparently. The encapsulation fddi command should only be used with bridging enabled. As a workaround, use the no bridge-group 1 command to disable bridging. [CSCdj24479]

• The pos specify-s1s0 and pos specify-c2 POS-interface-specific configuration commands do not work correctly. [CSCdj25166]

• When a Token Ring interface is configured with a small MTU size, it could crash when it receives a frame larger than the MTU size. [CSCdj27678]

• The router does not respond to ARPs correctly when bridging IP on a channelized T1 interface. Therefore, Telnets to and from the router will fail. [CSCdj31285]

• A Cisco 2520 low-speed port may sometimes ignore group polls. This problem occurs on average once per minute and appears to occur only when the router is configured for half duplex and is using a DTE cable.

This problem has minimal impact on the performance of the multidrop line because a FEP usually resorts to individual polling. [CSCdj33392]

• IOS does not correctly return values for Token Ring soft error counters via SNMP. This may cause some SNMP management applications that query the Token Ring MIB to report errors. [CSCdj35713]

• Data corruption has been experienced at high bidirectional traffic rates. Corruption can also occur at high bidirectional traffic rates (when interface is throttling) when issuing the shut command.

Data corruption is possible if you are using Rev2 Mueslix and an release earlier than Release 11.2(9)P. [CSCdj43672]

• An AS5300 system with Microcom and Mica modems can crash if fast ring is disabled. The problem occurs because the code does not check for a Microcom or Mica carrier card before accessing registers on the board. The current code assumes a Microcom card.

Mixed Microcom/Mica configurations cannot be supported with this bug present. A similar crash with the same stack trace was also seen with only Microcom modems, but this is much harder to reproduce. [CSCdj44456]

• TTY lines on access servers may hang when control characters are sent in dumb terminal mode (no PPP or SLIP). A show line shows the TTY line in a ready state, but no response or prompt is seen from the access server when the activation character is sent (default is a return). Doing a clear line # does allow for the line to recover and respond to the activation character. [CSCdj46760]

• A "System restarted by bus error at PC 0x4262AA, address 0xFFFFFFFC" message may be received when the frame-relay payload-compression packet-by-packet command is entered under the subinterface. [CSCdj49344]

• On the Cisco AS5200 platform, a group of four ports may stop processing PPP packets on the interface. You can identify this problem by looking for a group of four contiguous ports that have a much higher volume of calls than the other ports on the AS5200. Currently, the only workaround is to reload the router. The port modems should be busied out until the router can be reloaded. [CSCdj51974]

• In rare cases, a Cisco 7200 series router with a Token Ring port adapter may crash if one of its Token Ring ports attempts to insert into the ring and fails due to a ring error. [CSCdj59796]

• With BVI used to route 802.2, the input queue counters might increment to the limit and then the BVI interface wedges until the router is reset. One possible workaround is to set the values high enough that the router stays up until it can be reset. [CSCdj68273]

• When IRB is enabled, the BVI interface may not overwrite the real incoming interface in the ARP response, so an incomplete ARP entry is installed and "wrong cable" is listed in the debug arp output. [CSCdj68785]

• The "%LINK-3-TOOBIG: Interface Lex1, Output packet size of= 1520 bytes too big" error occurred on a Cisco 4500 router after upgrading to Cisco IOS Release 11.2(9). [CSCdj69018]

• On a Cisco AS5100, the "%CIRRUS-3-SETCHAN: Serial3: setchan called in CD2430 interrupt context" error continuously appeared on the console. Users were still able to call into and connect with the router but performance was significantly impacted. [CSCdj69387]

IP Routing Protocols

• A spurious memory access can occur when switching from flow switching to process switching using the no ip route-cache command and then back to flow switching using the ip route-cache flow command. [CSCdj08350]

• A routing node is removed from the IP cache Radix tree and then the buffer is freed, but somehow it can still be traversed from the treetop and cause a crash (access after free). [CSCdj17314]

• A crash occurred because of a memory leak. Output from the show memory command shows "IP Input" and "Pool Manager" holding onto memory. [CSCdj23080]

• Currently all packets denied by an access list are sent to the process level to generate an ICMP administratively prohibited message. Some of these packets are dropped because Cisco routers limit ICMP generation to two packets per second. This behavior results in excessive CPU load. [CSCdj35407]

• In some instances, a configured BGP router ID is not used after the router reloads. Instead, the router uses the highest IP interface address as its router ID, until the clear ip bgp command is executed.

A workaround is to configure a loopback on the interface whose address is greater than any other address on the router. [CSCdj37962]

• If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]

• When attempting to set the ipNetToMediaType value with SNMP, the following error is returned and the value is not set:

snmpset: The value given has incorrect type or length. [CSCdj43710]

• In the presence of a large number of subnets, a CPUHOG message similar to the following may be generated:

%SYS-3-CPUHOG: Task ran for 2608 msec (73/65), Process = BGP scanner, PC = 176388

[CSCdj45966]

• Manual summarization with EIGRP does not work correctly. A summary route does not get advertised but one or more of the more specific routes do. [CSCdj46525]

• A router is crashing in GRE fast-switching routines without any changes in topology or configuration. [CSCdj50361]

• RIP might cause a "SYS-3-CPUHOG" message. [CSCdj51693]

• Remote routers connected to a Cisco 7513 used as hub Frame Relay router cannot see the IPX servers local to the Cisco 7513. The Cisco 7513 reloaded afterwards. [CSCdj54367]

• A Cisco 7000 series running Cisco IOS Release 11.2(9) crashes in dual_rtupdate. [CSCdj54728]

• Under certain conditions, an LS type 5 is not generated by the ABR in response to a received LS type 7. [CSCdj55301]

• A router may crash when configured with a very large IP accounting threshold. A workaround is to configure a small threshold or to leave it at the default. [CSCdj55512]

• With certain route-map configurations or a soft-reconfiguration, the LOCAL_PREF for a path may be set to zero, resulting in the wrong path being selected. [CSCdj55839]

• A problem occurs when a third EIP6 is added to a Cisco 7000 series already running EIGRP on two EIP6s, a TRIP4 and an FIP in an EIGRP topology. In the EIGRP topology, some of the networks that connect to the existing Ethernet interfaces may be lost. The IP routing table still shows the routes but not all connected networks are advertised in EIGRP. A workaround is to issue the redistribute connected command. [CSCdj57362]

• Under rare circumstances, a BGP router sends BGP updates with a duplicate community attribute, which triggers the neighbor reset. [CSCdj64103]

• EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj68388]

• When an interface is configured to send RIP V1 packets while running RIP V2, the router sends out corrupt packets. V2 packets are not effected. There is no known workaround. [CSCdj69026]

ISO CLNS

• If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]

• A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem is a result of the node being deleted and freed in the middle of tree walk. This is an IS-IS (using AVL tree) specific problem. [CSCdj18685]

• A dynamically discovered CLNS route does not overwrite a static CLNS route pointing to a down interface. As a workaround, remove the static route definition from the configuration and issue the clear clns route command. [CSCdj31228]

LAT

• LAT services are not available on the router when IRB is enabled. [CSCdj52841]

LLC Type 2

• A Cisco 4700 router may report intermittent "SYS-2-LINKED" error messages even though there is no memory shortage. [CSCdi52327]

• When running DLSw+ over Ethernet, the router transmits corrupted frames on retransmission. The retransmission occurs on receipt of a REJ frame from the end station or if an acknowledgement of the frame is not received within the LLC2 T1 timeout. [CSCdi52934]

• Timers are not cleaned up properly in LLC2. This may result in crashes when RSRB local acknowledgment is used under a high load. [CSCdj42474]

Miscellaneous

• Netview Service Point acquires but does not free VTY lines. The only way to recover the VTY lines is by using the clear line command. [CSCdi51685]

• A memory leak can occur that is related to the traffic rate and the TCP process. This leak is difficult to reproduce, but can be identified by an input queue wedge on a router configured for RSRB with TCP encapsulation. The output of a show buffer command indicates memory errors. Other symptoms include small buffers being created but not trimmed, and explorers being received with a wrong SNAP type value. [CSCdi54739]

• Only the Cisco 7500 family running encryption over VIP interfaces is affected by this problem.

RSP software based encryption does not work when encrypted traffic is flowing over any Cisco 7500 VIP interface. Customers with VIP2-40 or higher interfaces need to run VIP distributed encryption. There is no workaround for other VIP2 models other than using an older non-VIP interface. [CSCdi74884]

• Packets may become stuck in the input queue of the destination interface if traffic sent over a GRE tunnel is encrypted. The packets become stuck in the input queue when the encrypted session between the peer routers is not established. The not established condition exists when traffic to be encrypted first begins flowing and also when the encrypted session time duration expires. The impact of this caveat can be lessened by configuring the encrypted session timeout to be substantially longer than the 30 minute default with the crypto key-timeout minutes command. [CSCdi90177]

• When a no shut command is issued on the ISDN interface, and logging and logging trap is configured, the router crashes. [CSCdj05365]

• If a CIP TN3270 PU is configured to connect from the host to the CIP via NCP, the link may fail. The workaround is to configure the CIP TN3270 PUs as connecting at the host. [CSCdj07152]

• Configuring both ISL and Multilink Multichassis PPP can cause a memory consistency check failure. The failure may lead to a software forced crash after a few calls have been received. [CSCdj22189]

• Under rare circumstances, the Cisco AS5200 may issue the "%SYS-3-BADMAGIC: Corrupt block at 20000000 (magic xxxxxxxx)" message and crash with a software forced crash. There is no workaround at this time. [CSCdj22429]

• HSRP can raise the CPU while the peer HSRP router is reloaded. The problem occurs when there is more than one HSRP group and the two peer routers have many HSRP peers. This caveat addresses HSRP scalability. The workaround is to reduce the HSPP groups, and/or increase the HSRP hello and hold time. Another symptom is that the interface resets go up until HSRP is stabilized. [CSCdj29595]

• Both HSRP routers on a FDDI ring go active and stay active on a Cisco 7000 series FDDI port adapter. Network instability can cause a FDDI ring to partition or be disrupted in a manner that causes HSRP peers to not receive hellos from their neighbors and therefore become active.

HSRP routers send hello packets from a virtual MAC address, which is a function of the standby group number. When the ring heals, both routers are active and sourcing hellos from the same (virtual) MAC address.

FDDI devices must strip their frames off the ring. One method of doing this is to recognize frames by source MAC address. When the problem occurs, the FDDI PAs will mistakenly strip the other router's packets from the FDDI ring without processing them. This causes both routers to remain active since they do not hear hellos from their neighbors.

This problem can also occur when FDDI PAs are used in conjunction with other FDDI interfaces, such as the FIP or Cisco 4000 series FDDI module.

If only one standby group is in use, the standby use-bia command can be used on both routers to cause hellos to be sourced from the burned in address instead of the virtual MAC address. This will prevent the problem.

If the problem occurs, performing an interface reset by issuing the shut and no shut commands returns the routers to a normal state.

Increasing the HSRP hello intervals causes the problem to occur less often since the routers will be able to tolerate a longer period of instability before missing enough hellos to go active. [CSCdj30049]

• An AppleTalk packet traveling through RSM from one VLAN to another receives an improper 802.3 packet length. This affects other network devices that use this field. [CSCdj36862]

• A router running encryption may show "%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60825E" messages. This means that the router had to access from memory twice in order to execute an instruction. It does not affect the connectivity operation of the router. At this time, the CPU overhead has been minimal. [CSCdj43491]

• A Cisco 7513 running Cisco IOS Release 11.2(9)P with a channelized E1 card and channel-group configured has a problem when a 40-bit crypto session is configured. When the crypto session from the Cisco 7513 side is started, the session is set up fine. However, the interface link protocol will go up and down. The only way to recover is to remove the channel-group and add it back on without crypto configuration [CSCdj50970]

• A Cisco 3620 router restarts after a software-forced crash at PC 0x60198F78. The decoded stack indicates memory corruption. [CSCdj51896]

• BOOTP/DHCP fails when attempted over an encryption session between routers if the BOOTP/DHCP traffic will be encrypted by matching the access list. This failure also affects any packets that are forwarded by the ip helper address command, such as Windows 95 Netbios over TCP/IP. The workaround is to adjust the access list so that these packets are not encrypted. [CSCdj54355]

• A router crashed after adding a new crypto link. [CSCdj60818]

• RBE from RSP2 to Cisco 4000 over Frame Relay subinterfaces fails. Other combinations do not fail. [CSCdj65337]

Novell IPX, XNS, and Apollo Domain

• Adding XNS back into a router's configuration after it has been removed may cause a system to restart by bus error. This may only be a one-time event if it occurs at all. [CSCdj16694]

• When using IPX-EIGRP over ISDN with floating static routes, there may be a short delay (about 10 seconds) before the application is able to get through. [CSCdj38031]

• Before a floating static route is installed, a waiting period is observed when the network is down and unreachable. If IPX watchdogs or SPX keepalives arrive during this time, they will be dropped, leading to session timeouts. [CSCdj50629]

• A problem occurs when using a floating static route across an ISDN link and IPX EIGRP is the primary dynamic routing protocol. When the link goes down, the EIGRP route is installed but after the floating static is configured and the line goes down and then back up there is no route to that network. The EIGRP route is received but never fully installed because of what seems to be incomplete removal of the floating static route. [CSCdj52947]

TCP/IP Host-Mode Services

• Under rare circumstances, a router reload may occur while running TCP to X.25 protocol translation. [CSCdj23230]

Wide-Area Networking

• When using a VIP controller in a Cisco 7000 series router with a Silicon Switch Processor (SSP), the SSP cannot access the second port adapter when the VIP is installed in slot 4. As a workaround, install the VIP in slots 0 through 3. [CSCdi41639]

• When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command. [CSCdi45360]

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should be also configured on the serial interface to achieve effective traffic prioritization.

See associated caveat CSCdi52882. [CSCdi52067]

• When configuring PVCs on the AIP, you may observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)

%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• On a Cisco 4500 or Cisco 4700, a packet may be registered in both the input and output hold queues when going from ATM to other network links. This may affect the values of the input and output queue length fields in the output of the show interface command. On a Cisco 4500 or Cisco 4700 configured with ATM, another fast network link, and a slow network link, this behavior may have some impact on the overall throughput of the traffic from ATM to another fast network link when the slow link is flooded with too many packets from ATM. However, we are unaware of any environments in which network functionality could be seriously impaired by this. The correct router behavior would be to drop packets over the slow link without affecting the traffic from ATM to another fast link. [CSCdi69441]

• ARP replies are not sent over a PPP multilink interface. As a workaround, you can configure a static ARP on the remote device or disable PPP multilink. [CSCdi88185]

• The transmitter on an ATM interface on a Cisco 4000 series router could hang if PVCs or SVCs are cleared (torn down/ removed using command line interface) when the OUTPUT queue is wedged. [CSCdi90150]

• ISDN leased-line does not come up after a reload on a Cisco 3600 series router. [CSCdj03228]

• A problem has been observed on a Cisco 3640 router running Cisco IOS 11.1(8) with an 8-port MultiBRI with built-in NT-1 module. Upon power up, the user is unable to use the BRI interfaces. These interfaces report not receiving TEI or EID information from the local switch. The local switch is an AT&T 5ESS emulating NI-1.

A workaround is to disconnect and reconnect every BRI interface once the router is fully operational.

This problem seems to be related to CSCdj04241. [CSCdj04625]

• Configuring STUN peers on a DLSw network causes the DLSw peers to disconnect.The debug on DLSw shows a "DLSw: keepalive failure for peer on interface Serial" message. The STUN process looks like it is intercepting the DLSw keepalives. [CSCdj08875]

• When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fails, the subinterface may bounce once or continually during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]

• Dynamic DLCI mappings may inadvertently remain mapped after switched virtual circuit teardown, as can be seen using the command show frame-relay map. [CSCdj11851]

• In some circumstances, the system may reload when using the dialer hold queue.

As a workaround, configure the no dialer hold-queue command. [CSCdj12397]

• Intermittent ping failure may occur when pinging over a DDR interface using LAPD encapsulation. There is no workaround [CSCdj20072]

• Frame Relay SVC calls may give the following Traceback message:

%SYS-2-LINKED: Bad enqueue of 8F3288 in queue 9570C8
-Process= "LAPF Input", ipl= 6, pid= 36
-Traceback= EBE30 EAA88 4A73B4 4A8E10

[CSCdj29721]

• Back-to-back branch instructions can cause unpredictable things to happen with the MIPS processor. When one was found in the no_throttling() function, a nop was inserted to avoid possible problems. [CSCdj29854]

• In the ISDN Layer2, Layer3, and management entity tasks, memory pointers become invalid. The problem results from a race condition between tasks when memory is freed in one task and then another task attempts to access this now invalid pointer. This scenario has been seen only on ISDN BRI platforms in which a number of the BRI interfaces experience persistent deactivation causing the management entity to be shut down. Add validmem_complete() checks before accessing or freeing pkt, pkg or primitive pointers. [CSCdj40403]

• When ATM traffic-shaping is enabled on an ATM interface along with priority-queueing, priority queuing does not work as desired.

To work around this problem, turn off ATM traffic-shaping over that interface. Another workaround is to use Cisco IOS Release 11.2(2) or earlier, including Release 11.1. [CSCdj45778]

• A problem occurs when memory is low and someone executes a show isdn history command. [CSCdj46541]

• When the ip tcp header-compression and ppp multilink commands are configured together on the same interface, the router may crash.

The workaround is to remove the ip tcp header-compression or ppp multilink commands. [CSCdj53093]

• Multilink will only bring one link when used as backup on a DDR interface even though dialer-load threshold is configured. To work around this problem, configure the no ppp multilink command. [CSCdj56109]

• A problem has been identified with traffic shaping on the Cisco 4500 ATM NIMs. [CSCdj56673]

• Under rare conditions, an RSP4 may reload when an FSIP with active HDLC encapsulation interfaces is in use. [CSCdj57591]

• A Cisco 7500 series router with an AIP running Cisco IOS Releaes 11.2(6) might give out the following error messages:

atm_parse_packet(ATM2/0):Invalid VC(0) received, type=A2D2
atm_parse_packet(ATM2/0):Invalid VC(0) received, type=A2D2
atm_parse_packet(ATM2/0):Invalid VC(0) received, type=A2D2

In addition, the input errors displayed by the show interface atm command increase.

This problem seems to occur only with Release 11.2(6). The workaround is to downgrade to Release 11.2(4) [CSCdj57704]

• When configuring map-class frame-relay BC committed-burst-size, the system may encounter a CPU exception with reason = EXEC_ADERR(1200) and restart.

There is no workaround, for this intermittent problem. [CSCdj62139]

• When using Frame Relay SVCs, Cisco IOS appears to not include the magnitude parameters for Be and Bc on the SVC CONNECT message. It only includes them in the SETUP message. The SVC circuits are on S4/0 for both routers. Without the magnitude parameters, the biggest value Bc and Be can be is approximately 130 Kb. There is no known workaround. [CSCdj63173]

• Some Windows 95 dial sessions that use script files do not connect to an asynchronous interface on Cisco access servers. [CSCdj63311]

• A Frame Relay interface configured for ANSI LMI will acknowledge a Cisco LMI update when the router should ignore it. [CSCdj64207]

• A Cisco LS1010 may not be able to establish an SVC when acting as an RFC1577 ARP client. Debugs reveal "Quality of Service Unavailable." [CSCdj64327]

• The map-class commands frame-relay bc out and frame-relay be out are accepted by the Enterprise image. These parameters are relevant for SVC setup. However, the traffic shaping code does not use them As a result, the values appear to be unset. This behavior can be avoided by using the commands frame-relay bc number and frame-relay be number [CSCdj65624]

• When running LAPB over a DDR interface with dialer hold-queue configured, a traceback error message is generated when dialing out and the call connects. The traceback is not catastrophic but indicates a 20-byte memory leak on every dial attempt. As a workaround, configure the no dialer hold-queue command on the DDR interface. [CSCdj65756]

• The router may reload when booting up an image from a saved X.25 routing configuration. This problem was introduced in Release 11.2(10.1). [CSCdj67115]

• When the system is reducing its rate in response to the receipt of BEcNS, the reduction may not be predictable. Rate adjustments are made once per interval if any number of BECNs were received during that interval. [CSCdj67297]

• Configuring a PVC via the frame-relay interface-dlci command on multipoint subinterfaces causes a system reload if the PVC was previously learned via inverse ARP. [CSCdj67510]

• A BRI interface may lose a TEI after it is reset. The router fails to request a second TEI after the reset. If the BRI is reset a second time, the router regains both of the TEIs. [CSCdj69824]

Caveats for Release 11.2(1) Through 11.2(10)

This section describes possibly unexpected behavior by Release 11.2(10). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(10). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• When Frame Relay over ISDN is configured on a LES-typed driver based platform (such as a Cisco 7500, 5200, or 7200 series router), and the input packets are fast-switched (for example, the output interface has fast switch mode enabled), the BRI/PRI interface has an input queue wedge problem. The symptom was that the input queue count was incremented up to the maximum queue length and then began to drop input packets. [CSCdj45631]

AppleTalk

• When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• IPTALK is completely broken in Release 11.2 because the llap header is missing in all IPTALK packets. There is no workaround. [CSCdj50179]

• An IPTALK interface will not come up after a reboot if the order of tunnel interface precedes its physical interface (for example, Ethernet or serial). The symptom is that the iptalk command from tunnel interface disappears after reboot. There is no workaround. [CSCdj58363]

Basic System Services

• Sometimes a memory leak that consumes I/O memory can be triggered in the pool manager. [CSCdi90521]

• Under extremely heavy CPU interrupt states, a router with FSIP, CT3 or any serial interface may experience the following "output stuck" error message:

%RSP-3-RESTART: interface Serial12/0/0:28, output stuck

The problem occurs on Cisco routers in the 7000 family using the CT3 or 4/8 port FSIP cards or any serial interface under Cisco IOS Release 11.1(10)CA, 11.1(11), and 11.2. It has been observed only under oversubscribed traffic load.

As a workaround, configure the interface for FIFO queueing via the no fair-queue command.

The command transmit-buffers backing-store is on by default when an interface is configured for weighted fair-queueing. If the no fair-queue interface command is used, which changes the queueing strategy to FIFO, then transmit-buffers backing-store is off by default.

This caveat has been resolved in the following Cisco IOS releases: 11.2(6.2)P 11.1(11.4) 11.1(11)CA 11.1(11.4)IA [CSCdj12815]

• If a map-list is configured, the show running command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]

• An EXEC prompt does not appear until the TCP connection for accounting EXEC is sent and acknowledged. Accounting EXEC acts like wait-start, even though start-stop is configured. [CSCdj27123]

• Performing a Telnet from the router with TACACS configured might cause a router to reload with a bus error. The exact cause is still under investigation.

This problem has been seen only with Cisco IOS Release 11.2 or later. [CSCdj36356]

• A Cisco 7200 or 3600 series router may crash with a bus error when doing protocol translation between X.25 and PPP. The workaround for the problem is to turn on header-compression passive in the translate statement. [CSCdj37556]

• When traffic shaping on the Cisco 7500 series routers, enough traffic may not be switched to achieve the specified traffic level. [CSCdj50861]

• The Cisco 7500 series routers may not correctly allocate the right number of packet memory (memd) buffers to some network interfaces. The problem requires a large number of interfaces whose collective bandwidth is high, but their MTU is smaller than another buffer pool.

For example, a problem was found with a Cisco 7500 using a large number of Fast Ethernet and/or Ethernet interfaces and one or more FDDI interfaces. The pool of packet memory should have allocated 80 percent of the memory to the Ethernet and Fast Ethernet interfaces, which use an MTU of 1536. Instead it received 20 percent of the memory, and the lone FDDI interface with MTU 4512 got 80 percent of the packet memory.

The problem occurred with 55 Ethernet, 6 Fast Ethernet, and 1 FDDI network interfaces. The problem did not occur with fewer interfaces, specifically 36 Ethernet, 5 Fast Ethernet, and 1 FDDI interfaces.

The problem may show up as a high number of input drops on some router interfaces. [CSCdj55428]

• At times, a Cisco 1000 series router sends SNTP queries to the next hop on the route instead of to the address configured in the SNTP server statement in the configuration. [CSCdj56216]

• The input queue may be wedged with IP packets if the exception dump command is configured.

The following are known workarounds:

- Increase the input queue to 175. ([75]Original Queue amount+[100] per exception dump x.x.x.x command)

- Remove the exception dump x.x.x.x command.

[CSCdj58035]

• When Frame Relay traffic shaping is enabled on a serial interface, disabling and reenabling weighted fair queuing will cause a system restart. [CSCdj58431]

• When a router is highly loaded and traffic-shaping is active on the outgoing interface, it might be possible that LMI control messages get queued in traffic-shaping queues, causing LMI protocol to go down. [CSCdj64221]

• When frame-relay traffic-shaping is enabled and the clear counters command is issued, the system may restart.

The workaround is to remove and then reenable frame-relay traffic-shaping to clear its counters. [CSCdj65742]

IBM Connectivity

• The APPN router may crash during an SNMP access to the APPN MIB. This problem occurs only after an unused APPN node is garbage-collected. The crash has the following backtrace:

System was restarted by bus error at PC 0x8B5902, address 0x4AFC4AFC PC: process_snmp_trs_tg_inc

0x8B5CAC:_process_ms_data_req_trs(0x8b5aaa)+0x202 0x87E5FE:_xxxtos00(0x87d6b0)+0xf4e 0x180E5C:_process_hari_kari(0x180e5c)+0x0

[CSCdj36824]

• On RSP-based routers, the pseudo-MAC address assigned to a bridge port on a source-route bridge virtual ring group is incorrectly formatted to Ethernet format during Cisco IOS startup. This MAC address is used to establish a bridge link from IBM LAN Network Manager and can be shown by using the show lnm config EXEC command. [CSCdj38360]

• A downstream LU is unable to get the logo screen from the host even though other LUs on the downstream PU can. The router shows the DSPU state of that LU to be Reset or dsLUStart, while the host shows the state as Active. The LU is recovered by deactivating, then reactivating the LU at the host.

This state may occur if the downstream LU has previously failed to reply to ACTLU, or if the host has failed to respond to a NOTIFY (available or not available) from DSPU within a timeout period of 20 seconds.

Recovery requires the host operator to recycle the LU at the host. [CSCdj45783]

• When RSRB with TCP encapsulation is configured with priority peers and some of the priority peers are closed or dead, an explorer packet may continuously try to open the closed or dead priority peer. After several tries, the router may crash with memory corruption. [CSCdj47493]

• Executing a show source command may cause the router to restart unexpectedly if a virtual ring group or remote peer is deconfigured when the source-bridge command output is waiting at the -- more -- prompt.

The workaround is to not reconfigure virtual rings or remote peers while executing a show source command. [CSCdj49973]

• Normal nonextended unbind (0x3201) was extended with corrupted information, which caused rejection by the host. As far as the host is concerned, the session is still active. A user cannot clean up this session without bringing down the link. [CSCdj50581]

• RIF may be modified incorrectly when multiring and SRB proxy explorer are configured on an interface but the SRB triplet is not configured, as shown in the following example:

interface TokenRing0/0
ip address
multiring ip
source-bridge proxy-explorer

Note the absence of the source-bridge locRn bn remRn command.

The source-bridge proxy-explorer statement does not show up in the configuration unless the SRB triplet is configured.

A workaround for this problem is to configure the no source-bridge proxy-explorer command. [CSCdj51631]

• When running proxy explorer and NetBIOS name caching on a Token Ring interface of a Cisco 7200, alignment errors occur. [CSCdj52522]

• A router may reload when removing configuration of X.25 PVCs for QLLC. [CSCdj57872]

• When an actpu is followed by a dactpu from VTAM and there is no response from the downstream device to either flow, after a disconnect is received from the downstream device, DLUR will send a -rsp(actpu) upstream instead of the proper flow, a +rsp(dactpu). This can cause the PU from the DLUS perspective to hang in the PDACP state. [CSCdj61872]

• It is rare, but possible, for DLUS to send a -rsp(REQDACTPU). When this happens, it indicates that VTAM has already cleaned up the PU in question. When receiving this response, DLUR must clean up the PU in order to keep the PU from being stuck in the "stopping" state. [CSCdj61879]

• When using APPN/DLUR with a large number of LUs (over 1000), a memory spike can occur during the processing of a downstream PU outage. In extreme cases, this memory spike can be large enough to exhaust memory in the APPN/DLUR router, which can cause a reload. [CSCdj61908]

• Session attempts fail with DLUR generating a sense 08060000 in a rare case where the LU name list gets corrupted. This problem is easily identified by the VTAM LU showing active state, while the show appn dlur-lu name display does not show the LU. [CSCdj62172]

Interfaces and Bridging

• When ip route-cache cbus is configured on an interface, intermittent router crashes could occur because of an incoherent cache entry data structure.

If this incoherency occurs and does not cause a router crash, it may instead cause cbus switching to be automatically disabled, and the interface resorts to fast switching (or SSE switching if SSE switching were also configured). [CSCdi43526]

• When adding to or removing a subinterface from a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. The whole interface resets when a user tries to add the ip address command. A workaround for part of the problem is to turn off CDP globally or on individual interfaces. In this case, turn off CDP on the serial interface before adding or removing subinterfaces. CSCdj02488 (integrated into Cisco IOS Release 11.1(11) and 11.2(5.1)) fixed the rest of the problem.[CSCdj07291]

• Under certain conditions, packets may stay on the input queue. The condition that caused packets to stay on the input queue has been removed. [CSCdj30087]

• When transparent bridging to a Token Ring interface, the interface can read in a frame it has forwarded onto the Token Ring interface. This will cause the bridge table to be incorrect. This problem affects only the mid-range and low-end platforms. [CSCdj41666]

• A Catalyst 5000 RSM populated with an ATM Port Adapter with LANE client(s) configured can get its ATM interface stuck in a down state if a user creates new VLAN interfaces.

Symptoms include the following message being displayed to the console:

%CBUS-3-CATMREJCMD: ATM0/0 Teardown VC command failed (error code 0x0008)

Saving the RSM configuration and reloading its image will clear the error condition. [CSCdj41802]

• Compression for HDLC encapsulated bridging only payload compresses Spanning Protocol packets. Actual bridged packets are forwarded with their payloads uncompressed. Prior to this release, bridged packets may have had their MAC addresses corrupted if STAC compression was enabled with HDLC encapsulation. [CSCdj50894]

• In Cisco 7500 series routers, sh dialer is not working. The workaround is to use sh dialer int serial x/y . [CSCdj51612]

• A Cisco Catalyst 5000 cannot change packet format from SNAP to ARPA. [CSCdj53698]

• With IRB configured on the router, IPX clients cannot log into services on a bridged interface. Removing the IPX routing from the BVI fixes the bridged interface but you lose the routing. At this time, this feature is not supported. [CSCdj54050]

• If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies, such as ARP resolution not working or ARP resolutions taking place but you cannot ping the neighboring device. [CSCdj54558]

• AppleTalk might fail when packets are bridged through PPP transit. [CSCdj61857]

IP Routing Protocols

• A router may crash with a "System restarted by bus error at PC 0x60394488, address 0xD0D0D0D" message when running Cisco IOS 11.1(9) RSP with a heavy load of EIGRP and CSNA traffic. [CSCdj29447]

• If OSPF external routes are summarized using the summary-address command, and the number of external routes being covered by this summary address drops to zero, the external summary will be flushed, but the router originating the summary will not install any matching external or nssa routes that may be present in its database.

The router can be forced to install the matching route by using the clear ip route * command. [CSCdj32471]

• BOOTP requests being sent to 0.0.0.0 get forwarded to the gateway of last resort when there is one. [CSCdj33809]

• If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]

• A Cisco 7513 router running EIGRP reloads with the following message:

"System restarted by error - an arithmetic exception, PC 0x60286234"

The program counter value points to an EIGRP IOS routine. [CSCdj38361]

• Under some circumstances, the router will crash when removing a static IP route. [CSCdj45152]

• Multicast forwarding stops if fast-switching is turned on on an incoming ATM LANE subinterface. A workaround is to disable fast-switching on that interface by issuing the no ip mroute-cache command. [CSCdj45777]

• If the OSPF summary host route is overwritten by a route from another routing process which has lower administrative distance, it is possible that the OSPF summary host route will not be reinstalled after the latter route is removed. In particular, it only happens if the host route address is also the router ID of some ASBR. [CSCdj49161]

• Entering the no ipx routing command then enabling EIGRP can crash the router. This is a regression of CSCdj54141. [CSCdj53541]

• When one of the routers on a broadcast network has been partitioned in which at least one partition has only one router, OSPF will generate a stub advertisement for this network in the isolated router's router LSA. This stub route will overwrite the normal network route calculated using the network LSA, regardless of the path cost.

This problem exists in all releases starting with Release 10.3. This will be fixed in 11.1 and newer releases. [CSCdj53804]

• The Proteon router's internal address is advertised as a host route instead of a network in the router's LSA. A host route is represented as a Type 3 link (Stub Network) whose link ID is the host's IP address and whose link data is the mask of all ones (0xffffffff). This host route is advertised into all OSPF areas. [CSCdj56079]

• If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies such as ARP resolution not working or ARP resolutions taking place but you cannot ping the neighboring device. [CSCdj58194]

• Customer moved the IP multicast tunnels (DVMRP, GRE) from a serial interface to an ATM interface on a Cisco 4700 router. The packets are now process-switched instead of fast-switched, which causes a lot of CPU (IP INPUT).

When the serial interface is used for incoming packets and the ATM interface for outgoing packets, there is no problem. Incoming packets on the ATM interface and outgoing packets on the serial interface also experience this problem.

We used several Cisco IOS releases, with always the same effect. It seems that incoming packets are not fast switched. [CSCdj59076]

• SYS-3-CPUHOG error messages occurred after the software was upgraded from Release 11.0 to Release 11.2(8) or 11.2(9). The error messages may occur because the OSPF database refreshes every 30 minutes. This problem occurs with large IP OSPF networks with multiple areas. There is no known workaround. [CSCdj60461]

• The ARP lookup routine may suspend, causing unexpected behaviors for IP protocols. For example; if the OSPF routing process is traversing a list of neighbors to send LSA packets and the ARP routine is called, the ARP routine suspension could cause a system reset. The problem was resolved in Release 11.2(10a). [CSCdj60533]

• OSPF ABR does not generate a summary for some connected networks. This problem occurs when an unnumbered interface is used with OSPF. A summary for a connected network that is put in the same area as the unnumbered interface might not be generated to other areas.

The workaround is to redistribute the connected network into OSPF to retain connectivity to those networks. [CSCdj60959]

• Dynamic redistribution into EIGRP from another routing protocol fails if the routes being redistributed fall within the same major network as EIGRP. A temporary workaround is to remove the redistribution statement from the EIGRP configuration, then reinsert the redistribution statement. [CSCdj65737]

ISO CLNS

• Under certain circumstances, a Cisco 7505 router running Release 11.1(13a)CA1 reloads if the netID is changed under the IS-IS routing process. [CSCdj49485]

LLC Type 2

• If an RSRB session is disconnected by the local LAN side at exactly the same time as a data message is received from a remote host, a situation can occur which will lead to a crash in llc_get_oqueue_status().

There is no workaround. [CSCdj62026]

Miscellaneous

• Although a router configured for HSRP on LANE replies correctly with the HSRP MAC address in an ARP reply, all packets issued by the router with a virtual IP address use the BIA MAC address as the source address. This makes it difficult for switches to know the forwarding port. [CSCdj28865]

Novell IPX, XNS, and Apollo Domain

• Using any of the xns flooding commands may cause the router to reload and issue alignment, bad pool, or buffer warnings. [CSCdj23479]

• With LAPB/Frame Relay encapsulation, you might see "%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level" messages on the console. It is possible (rarely) that an XNS connected route for this interface doesn't get installed in the route table.

As a workaround, try one of the following:

• Issue the shut and no shut commands on the affected interface.

• Reconfigure the IPX network using the no ipx network command, followed by ipx network. [CSCdj53721]

• There are two problems associated with this caveat:

  • Sometimes a connected network does not appear in the routing table just after reload. Issuing the shut and no shut commands should correct the behavior.

  • If ipx routing is disabled (using the no ipx routing command), you could see something like a steady memory leak, unexpected router behavior, or a router crash. The only known resolution is to power cycle the router every time you issue the no ipx routing command. [CSCdj54141]

• If some interfaces change state when you disable and re-enable IPX/XNS routing, there is a possibility of loosing the IPX/XNS background process.

Symptoms could be loss of network connectivity or a slow memory leak until the router cannot allocate any more memory. You need to reload the router to correct this situation. [CSCdj57257]

Wide-Area Networking

• With a router running NetBIOS Frames Protocol (NBF) over Token Ring, a device connected via async or ISDN with PPP encapsulation appears to connect successfully but is unable to see other NetBIOS devices in a domain. [CSCdi72429]

• VIP requires but does not have a mechanism to determine the health or status of a VIP card. Specifically, there needs to be a way to show tech-support, alignment, and logging information. The show controllers command should be extended to provide this information: show controllers vip x command where x is the VIP slot number and command is either tech-support, alignment, or logging. [CSCdj17006]

• A Cisco router running Release 11.1(6.1) can experience an input queue wedge on the serial interface. The symptoms are dropped packets on the interface. The only way to clear this problem is to reload or power cycle the router. [CSCdj17547]

• A router may stop making Frame Relay SVC calls after a long time. [CSCdj29722]

• When a dialer profile is in standby mode, backing up a serial interface with the backup interface dialer command still allows incoming calls to this profile. Because the profile is in standby mode, this behavior should not be possible. [CSCdj34108]

• Routers configured for Frame Relay switching will lose a frame-relay route command in the running configuration when the corresponding DLCI has been deleted. To restore the original configuration, execute the copy start run or config memory command or reload the router. [CSCdj43340]

• SSCOP sequence number is a 3-byte field. Because the SSCOP code in Cisco IOS Releases 11.0, 11.1, and 11.2 code does not handle the wraparound elegantly, in some conditions when the sequence number wraparound after exceeding the maximum of 16777215, a large number of buffers are queued and eventually cause the memory leak/starvation on the router. [CSCdj45157]

• Direct broadcast with the physical-broadcast destination MAC address is not forwarded to the helper address over ATM/LANE interface. [CSCdj51378]

• A router crashed with a bus error while running the output for show dialer map. [CSCdj52360]

• When a configuration of two systems has Frame Relay LMI timeouts set differently on DTE and DCE systems, the PVCs could remain active but no data is transferred because one system declared the connection inactive while the other system still thought it was active.

The workaround is to set the timeout values the same using the lmi-t392dce parameter. [CSCdj53354]

• If LES/BUS is configured on the Catalyst 5000, pulling down one client in the ELAN can affect other clients. This problem happens very rarely. The workaround is to restart the LES/BUS on the Catalyst 5000. [CSCdj54587]

• When a static map is deleted, calls associated with that map are not disconnected. For point-to-point calls, this does not cause any problems. However, for point-to-multipoint ATM calls, the leaf on the multipoint VC will be left in place. If the map to that same NSAP is replaced, a new call is attempted instead of reusing the existing leaf on the existing VC. The result is that an add-party message is delivered to the remote router and is subsequently rejected. The end result is no broadcast connectivity. The workaround is to clear the existing calls when changing the map configuration with a clear int atm interface command. [CSCdj57309]

• Cisco IOS Releases 11.2(1) through 11.2(10) are technically not in compliance with RFC 1990. The RFC requires that the first multilink fragment that is transmitted after adding a second link to a bundle which previously only had one link must be transmitted over the first link in the bundle. Instead, the first fragment is being transmitted over the newly added link. This can result in the peer receiving packets out of sequence.

There is no known workaround. [CSCdj57498]

• A Cisco 4000 Router reloads when frame-relay traffic-shaping is unconfigured. The only workaround is to destroy the configuration on the router, reload it, and restore the configuration. [CSCdj61097]

• Frame Relay is broken. Most of the protocols on Frame Relay may not work and packets may get dropped or misbehave because parsing of packets is not properly done in some cases. [CSCdj67384]

Caveats for Release 11.2(1) Through 11.2(9)

This section describes possibly unexpected behavior by Release 11.2(9). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(9). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Basic System Services

• In extremely unusual situations the router displays the following error message on a frequent basis:

%SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000

This message might eventually lead to the router hanging. [CSCdi54119]

• A timing conflict between the HTTP server and TACACS+ code can cause the HTTP process to hang when configured to use TACACS+ for authentication. Since the HTTP server uses a tty to handle I/O for the request, these hung processes can tie up all available ttys. [CSCdi84657]

• When custom or priority queuing is turned off on an interface that does not support fair queuing, the queuing data structures associated with the interface are left in an inconsistent state. In particular, the enqueue and the dequeue routines are not reset and this causes the system to crash when the routines are invoked the next time. Once the system is rebooted the inconsistency is cleared. [CSCdj29439]

• RMON alarms do not work properly on a number of MIBs that use internal MIB caching to speed up MIB object value retrieval. The only workaround is to set up an SNMP get poll on these objects to force an update to the MIB cache, with a poll period within the alarmInterval time. The following MIBs have this problem:

APPN-DLUR-MIB
IBM-6611-APPN-MIB
CISCO-CIPCSNA-MIB
CISCO-CIPLAN-MIB
CISCO-CIPTCPIP-MIB
CISCO-SNA-LLC-MIB
SNA-NAU-MIB
CISCO-TN3270SERVER-MIB
OLD-CISCO-IP-MIB
BGP4-MIB
LAN-EMULATION-CLIENT-MIB
RFC1406-MIB
RMON-MIB
IF-MIB
RFC1398-MIB
OLD-CISCO-INTERFACES-MIB
CISCO-PING-MIB
CISCO-QLLC01-MIB [CSCdj34766]

• A memory leak exists in the Flash file system. Using SNMP to poll the ciscoFlashMIB objects, or using the show flash command line interface (CLI) commands can result in non-trivial amounts of memory being allocated and never freed. Repeating these polls or CLI commands eventually results in the system using up all available memory. The ciscoFlashMIB can be disabled (SNMP is prevented from polling this MIB) using SNMP views. For example, the SNMP configuration snmp-server community public ro can be changed to the following:

snmp-server view no-flash internet included

snmp-server view no-flash ciscoFlashMIB excluded

snmp-server community public view no-flash ro

The result is the SNMP polls using the public community string can access objects in the entire MIB space (internet) except for those objects in the ciscoFlashMIB space. This affects any NMS applications that rely on the ciscoFlashMIB objects. [CSCdj35443]

• When issuing the no snmp trap link-status command on an ISDN interface on both the Virtual-Template and the D-channel, the router still sends traps whenever a B-channel changes state. [CSCdj38266]

• An SNMP Get of an individual instance from the ipNetToMediaTable might fail, even though an SNMP Get-next successfully retrieves the instance. This might occur on table entries referring to software interfaces (for example, subinterfaces, loopbacks, or tunnels) or hardware interfaces that have been hot-swapped. There is no workaround. [CSCdj43639]

• A crash occurred in the Frame Relay packet classifier function called by the WFQ routine. A workaround for this problem is to disable WFQ on the interface with Frame Relay encapsulation. [CSCdj45516]

IBM Connectivity

• A small window exists in which it is possible after a transmission group reinitialization that only one CP-CP session is established between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. Once this occurs, the CP-CP contention winner session only activates if the APPN subsystem is stopped and started. There is no workaround. [CSCdj25859]

• An APPN router might display the following "Unanticipated CP_STATUS" message when the contention loser CP-CP session goes down and comes back up without the contention winner session being deactivated:

%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1

%APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN

%APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4

%APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received

Each subsequent broadcast locate received by the router causes the following messages to be displayed and about 1920 bytes of APPN memory to be leaked:

%APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080

%APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0

This problem occurs when two links are active to the same node and the CP-CP sessions are split between these two links and the link with contention loser is stopped. To clear this problem, stop and restart the APPN subsystem. If the CP-CP sessions are between the router and the host, you can also clear this problem by terminating either CP-CP session on the host. [CSCdj33718]

• There might be intermittent failures when trying to link to bridges over the DLSw remote peers when running LNM over DLSw. The workaround is to reload the router that is directly attached to the LNM device. [CSCdj34112]

• An APPN DLUR router might reload with SegV exception in ndr_sndtp_encap_mu in a timing window where the DLUR supported device disconnects before a request_actpu is sent to the DLUS for that device. [CSCdj37172]

• A DSPU router with an SDLC attached 3174 leaves a terminal hung after a terminal power-reset. Vtam inact/act of LU fixes. A workaround is to remove the DWSPU and connect the 3174 via DLSw. [CSCdj37185]

• APPN enforces the maximum size of a CV10 (product set identifier) on XID to not exceed 60 bytes. Some products include a CV10 that is larger than the 60 byte value. These products fail XID negotiation with APPN. [CSCdj40144]

• In the event that APPN/DLUR has processed and sent a bind request to a downstream device and that device has not responded to the bind, issuing a vary,inact command on the host for the LU name for which that bind is destined does not completely clean up the session as it should. [CSCdj40147]

• When a connection is attempted over a port defined with the len-connection operand, APPN can loose 128 bytes of memory for each connection attempt. [CSCdj40190]

• DLSw FST might corrupt the frame header if the riflen is different on both sides. [CSCdj40582]

• Memory leaks occur when APPN TPsend_search is sending locate search requests to adjacent nodes when a link failure occurs. [CSCdj40915]

• When RSRB with TCP encapsulation is configured and remwait or dead peers exist, an explorer packet might continuously try to open the remwait or dead peer. After several tries, the router might crash with memory corruption. A workaround is to remove any remwait or dead peer statements. [CSCdj42427]

• An APPN router might crash with a bus error if a race condition is experienced during cleanup processing. The stacktrace shows the crash occurred in Qfind_front while executing a psp00 function. An example stacktrace for this problem is shown below.

System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]

• APPN crashed when it received a CV35 without the Termination Procedure Origin Name (TPON) field. [CSCdj44661]

• Configuration of SRB on a second interface yields the following traceback information from LNM:

%LNMC-3-BADCLSIRET: bogus Invalid ret code (0x7007) init_clsi_op_proc, bogus -Traceback= 60791120 6078FE48 6078FDC4 607890E0 6078ED48 60226648 60226634 [CSCdj45268]

• DLUR bind processing might cause stack corruption, resulting in a reload with PC 0x0. This problem is caused by attempting to parse the user data subfields beyond the location where the subfields exist. The reload only occurs if the byte that is two bytes beyond the end of the user data area is 0x3 or 0x4. This is a very rare occurrence. [CSCdj45676]

• In large APPN network environments over 200 NNs, numerous broadcast searches could happen during initial start up or intermediate links recovery. The memory usage serge might bring down the entire network. [CSCdj45705]

• The message "%APPN-0-APPNEMERG: Mfreeing bad storage, addr = 60BB7188, header = 60BB6B20, 00000218 -Process= "ndrmain", ipl= 0, pid= 62" might be issued when a DLUR served PU disconnects. [CSCdj46783]

• A router does not pass SRB directed frames if the SRB proxy-explorer feature is configured. The SRB proxy-explorer is used with NetBIOS name caching. [CSCdj47797]

• Some 68K-based routers might crash while running APPN. This memory corruption might occur after a rare combination of APPN detail displays, followed by a show appn stat display. [CSCdj47941]

Interfaces and Bridging

• When connecting a Canary Fast Ethernet transceiver to the MII connector on VIP port adapters, reload the microcode so that the port functions properly. [CSCdi64606]

• The auto-enable feature for packet-by-packet Frame Relay compression is removed and this form of compression is allowed to be manually enabled. [CSCdi85183]

• In certain cases, a router might bring Layer 1 down without an apparent reason. Hereafter, a new TEI is negotiated with the switch. The latter still keeps all call references belonging to the previous TEI, since no DISCONNECT is seen on L3. [CSCdj11840]

• An SNMP agent might return erroneous values, and under some conditions the ifInUcastPkts counter returns decreasing values, which is incorrect. [CSCdj23790]

• PPP compression and custom queuing are incompatible features and might cause the router to crash. To work around this problem, turn off all fancy queuing. [CSCdj25503]

• In X.25 packet-by-packet compression, error checking code is fixed after malloc for decompression history buffer. [CSCdj29139]

• dot5StatsTable does not return any value in Cisco IOS Release 11.2 software. [CSCdj32372]

• NFS transmission problems and FDDI excessive claims occur after installing Releases 10.3(9) through 10.3(18), 11.1(9) through 11.1(14), or 11.2(1) through 112(9). This problem is specific to the CX-FIP interface board. [CSCdj38715]

• An NT client/server sending out multiple ARP requests to the BVI interface of the router causes a loss of connection. The workaround is to enable ARP SNAP arp timeout 120. [CSCdj46855]

• The PA-4R might incorrectly adjust the datagram size of an incoming packet to include extra padding at the end of the packet. This problem only occurs under moderate or heavy traffic load where multiple PA-4R interfaces are consuming many particle buffers. The problem also only occurs for packets with a packet length that is a multiple of 512 bytes, 513 bytes, 514 bytes or 515 bytes. The only workaround is to reduce the token ring interface's MTU to 508 bytes or less. [CSCdj48183]

IP Routing Protocols

• IP cache is not invalidated for destinations that use the default routes even after the next hop is down. The workaround is to issue the clear ip cache command. [CSCdj26446]

• After the ip default-network statement is issued, the default network route is not propagated to other routers in the network. There is no workaround for this problem. [CSCdj28362]

• EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively might not clear when an interface goes down. [CSCdj28874]

• A router crashes after receiving multicast packets with the illegal source address 0.0.0.0. The workaround is to configure the access list to filter out packets with a source IP address of 0.0.0.0. [CSCdj32995]

• When the OSPF interface command ip ospf authentication-key key is configured with a key length longer than 19 characters including any trailing space, OSPF internal data is corrupted. The write terminal command might reload the router. The workaround is to not enter a key longer than 19 characters, regardless of whether or not it is encrypted. The same problem occurs with the ip ospf message-digest key-id md5 key command. In this case, the key length should not be longer than 36 characters. [CSCdj37583]

• After the aggregate-address summary-only command is configured, issuing the same command without summary-only does not unsuppress the more specifics of the aggregate. A workaround is to negate the whole aggregate-address command first. [CSCdj42066]

• ICMP unreachables are incorrectly sent out for multicast packets. [CSCdj43447]

• During a ping, each packet takes more than two seconds to be output. With ATM static maps, the wait is not necessary for IP over ATM. [CSCdj47856]

• Entering the no ip gdb rip command twice might crash the router. [CSCdj48291]

LAT

• The following message might be erroneously displayed:

%LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet

When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full Ethernet frame, data for that slot is discarded. [CSCdi82343]

Novell IPX, XNS, and Apollo Domain

• A route might become stuck in a "deletion pending" state after an ipx down command. This could occur if you issue the commands ipx down and no ipx network in the same or reverse order, with very little time between them. The workaround is to disable and reenable IPX routing on the router. [CSCdi91755]

• XNS routes might get deleted on serial interfaces at boot time. The workaround is to issue the shut and no shut commands on the affected interface. [CSCdj25806]

• IPX does not advertise static or floating static routes if they are created before the interface that the routes connected to is up. The workaround is to issue the shut and no shut commands on the interface to which the static or floating static routes are connected. [CSCdj41584]

• Running IPX EIGRP with a maximum path set greater than one, the router might not remove the SAP after the interface is down if it is learned via more than one path. [CSCdj45364]

• If a route goes away via aging (180 seconds) and the default route is known, a cache entry might be installed for the network using the default route path. If the network comes back within the next 60 seconds, a new cache entry pointing to the now valid path might not be installed and the cache still points to the default route path for the network. A workaround is to issue the clear ipx route and clear ipx cache commands, or run without using the default route. [CSCdj47705]

TCP/IP Host-Mode Services

• A router might restart with a bus error at address 0xD0D0D5D in module tcpdriver_del. [CSCdj26703]

VINES

• A router might unexpectedly reload when VINES SRTP routing is configured. The workaround is to remove the vines srtp-enabled command. [CSCdj37888]

Wide-Area Networking

• Under certain conditions, a router might reload during an ISDN call setup with the SPC bit set. This problem only occurs with 1TR6 ISDN switch types. [CSCdj20841]

• While using Distributed Fast Switching, buffer headers can be stranded in the outgoing VIPs transmit queue when that interface has been taken down. This is more likely to occur when a faster interface is switching to a slower one. Ignores and drops might increase on the input interface as it fails to obtain a needed buffer header to switch the packet. The rxcurr on the input interface also remains above rxlow even when traffic is not arriving on the interface. The VIP continues to drain the transmit queue of the interface even when it is administratively down. This allows the buffer headers to be returned to the originating local free queue. This might cause the number of drops on outbound interface to increase significantly when the interface is taken down. However, this behavior is normal as the downed interface drops any packets sent to it when it is not up. [CSCdj21693]

• The Frame Relay LMI Enquiry and Status messages stop being exchanged after a short time of successful communication. The statistics incorrectly report timeouts and message activity. [CSCdj31567]

• If a BRI port attached to an NI-1 ISDN switch using two SPIDs gets a Layer 1 deactivation and reactivation (typically due to adverse line conditions or temporary disconnection of the cable), that port might not be able to reestablish Layer 2 connectivity on the second TEI and, therefore, not be able to use the second B channel. Issuing the show isdn status command reports TEI_ASSIGNED on one of the TEIs instead of MULTIPLE_FRAME_ESTABLISHED on both. A workaround is to have your service provider configure a single SPID that can control two B channels. [CSCdj41311]

• Using NetBIOS over PPP might result in traceback messages complaining about invalid memory action at interrupt with traceback information appended:

%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level

[CSCdj42341]

• This patch prevents the use of an invalid pak-info_start pointer when doing payload compression on RSP platforms, thus avoiding a crash. [CSCdj43332]

• A remote DLSw peering router might send a DM response just after the LLC2 connection is established if the router is very busy and the PC station responds immediately to the UA with a RR. The client needs to reestablish the connection. [CSCdj47782]

• A boot image without a subsystem containing IPCP restarts a router. [CSCdj48085]

• When using the frame-relay map class or frame-relay traffic-rate commands, and when the rate is being reduced in response to BECN, the default lower limit is zero, while the expected default is CIR/2. The workaround for this behavior is to define the rate using the CIR/BC/BE parameters. [CSCdj49145]

• The router might unexpectedly restart when configuring an X.25 PVC that is locally switched. [CSCdj49828]

• The show x25 vc command will cause the router to unexpectedly restart if there is a combination of locally switched virtual circuits and other virtual circuits. [CSCdj50405]

Caveats for Release 11.2(1) Through 11.2(8)

This section describes possibly unexpected behavior by Release 11.2(8). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(8). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• A reload might occur if the command show modem slot/modem-port is issued when the associated modem is in the autoconfigure mode. Autoconfigure mode is normally a short interval during which the modem is reset and reinitialized by the modem autoconfigure command. [CSCdj17224]

AppleTalk

• ATCP might cause AppleTalk to corrupt memory and reload the router. There is no workaround. [CSCdj23355]

Basic System Services

• Connected routes stay in the routing table when a card is disabled and in an analyzed wedged state. [CSCdj08355]

• The error "System restarted by bus error at invalid address" is caused by intermittent Telnet sessions on a Cisco AS500 platform running Cisco IOS Release 11.1(10)AA. This problem occurs because of a race condition when doing DNS name query, and DNS name cache is removed in the middle of the process.

There is no workaround on the router side. On the DNS server side, configuring DNS TTL to be one minute or longer might work around this problem. However, this workaround might not be acceptable for some applications. [CSCdj16824]

• This bug might be user specific; the following error message occurs when a user's script executes the show start command:

% Non-volatile configuration memory has not been set up

The user's script is used to change passwords. Current testing indicates that it might be a software checksum error. [CSCdj18107]

• During a boot Flash format, systems with earlier release images will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).

To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20681]

• On RSP-based platforms, the following error might occur, indicating a problem with a hardware enqueue:

%RSP-2-QAERROR: reused or zero link error, write at addr 00C0 (QA) log 2600C040, data 00070000 00000000

This message might be followed by the following error and a crash:

Unexpected exception, CPU signal 10, PC = 0x601C4658

This message is caused by a memory access problem in the diagnostic code handling the original QA error. [CSCdj29751]

• The object cmInitialLineConnections in the CISCO-MODEM-MGMT-MIB is supposed to return only non-zero values. The current implementation returns all counter values, including zeroes. This problem is not serious if only single-valued SNMP retrievals (getone...) of cmInitialLineConnections are performed. In actuality, SNMP retrievals of multiple values (getmany...) are often used. The problem is much more pronounced in the second case. [CSCdj30171]

• A memory leak exists in the Flash filesystem. Using SNMP to poll the ciscoFlashMIB objects, or using the show flash command line interface (CLI) commands can result in non-trivial amounts of memory being allocated and never freed. Repeating these polls or CLI commands eventually results in the system using up all available memory.

The ciscoFlashMIB can essentially be disabled (SNMP is prevented from polling this MIB) via use of SNMP views. For example, the SNMP configuration snmp-server community public ro can be changed to the following:

snmp-server view no-flash internet included

snmp-server view no-flash ciscoFlashMIB excluded

snmp-server community public view no-flash ro

The result is the SNMP polls using the public community string can access objects in the entire MIB space (internet) except for those objects in the ciscoFlashMIB space. This affects any NMS applications that rely on the ciscoFlashMIB objects. [CSCdj35443]

• When inbound PAP authentication is configured to use TACACS+ with a down-rev daemon (for example, Freeware 2.1) the system leaks one TACACS+ packet for every PAP authentication it performs. Upgrading to a daemon that understands the latest version of the TACACS+ protocol (version 193) is an effective workaround. [CSCdj36449]

DECnet

Enabling DECnet fast switching on inter-area routers causes DECnet routing to fail. A possible workaround is to disable DECnet fast switching on the Ethernet interface. [CSCdj15855]

EXEC and Configuration Parser

• Entering the privilege route-map level x set as-path prepend x command in configure mode might cause the router to reload, even though the number after prepend is not necessary. To work around this problem, do not enter a number after prepend. [CSCdj37035]

IBM Connectivity

• QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]

• Issuing the show lnm station command might cause the routers to reload, especially when the stations are getting in and out of the ring. [CSCdj09905]

• When SRB and transparent bridging are both configured on two interfaces, Sr frames with an Ethernet type of 0x600 or 0x800 are not forwarded and do not show up as source errors. This problem first appeared in Cisco IOS Release 11.1(12). [CSCdj18483]

• Continuously issuing the appn ping command causes the router to hang indefinitely. [CSCdj19525]

• The router might reload unexpectedly with a stack trace pointing to llc2_timer. [CSCdj21370]

• When RSRB with TCP encapsulation is configured and there are dead peers, an explorer packet might continuously try to open the dead peer. After several tries, the router might crash with memory corruption. The workaround is to remove any dead peer statements. [CSCdj24658]

• When using promiscuous or peer-on-demand peers and there are more than 100 circuits connected, a memory corruption crash might result when the promiscuous or peer-on-demand peers disconnect. The corruption occurs when circuit cleanup is delayed due to end station delay, LAN network delay, or high router CPU usage. [CSCdj26284]

An APPN image might restart because of a CPU HOG problem when processing a link failure event by the Directory Service APPN process (xxxdns00). This might occur when a lot of locate requests are pending. There is no known workaround. The router is forced to restart by the system watchdog process (software-forced reload event). [CSCdj26423]

• DLSw local-switching from VDLC to LLC media does not work correctly. [CSCdj28900]

• The timer that controls the daily cleanup of APPN topology and the 5-day rebroadcast of topology resources owned by this APPN node can fail after 45 days. At this time, other nodes where the timer is still functioning properly might age out the topology of the node with the failed timer after 15 days. Thus, after a total of 60 days, APPN routing failures and failed CP-CP sessions might result between APPN network nodes.

Because other network events (link outages, and so forth) can trigger a node to send a TDU, this problem might not appear after a 60-day uptime--it might occur much later or not at all. However, any APPN router running in the network for over 60 days is at risk of experiencing this problem.

Stopping and restarting APPN is a workaround for this problem until the next timer wrap, which can be up to 45 days, but might be less depending on the current value of the timer. Reloading the router will reset the timer and avoid the problem for an additional 60 days. [CSCdj29014]

• A router configured for RSRB might crash with a watchdog timeout during low memory conditions and/or continual peer state changes. [CSCdj30381]

• A DLUR router might reject unbind requests from the host if it has not received a bind response from the downstream LU.

If the downstream device never responds to the outstanding bind, the DLUR router will wait indefinitely and not free the local-form session ID (lfsid). This might cause a situation in which the host tries to reuse an lfsid after it has sent an unbind request, but the DLUR rejects the new bind request because it believes that this lfsid is in use. If the host continuously tries to use the lfsid that the DLUR believes is in use, no new sessions can be established. This problem occurs only when the downstream device does not respond to a bind request. [CSCdj30386]

• Sometimes linkstations might get stuck in a XIDSENT state when an APPN linkstation fails and recovery is attempted. Caveat CSCdi77040 provides a fix for this problem on the system side. This caveat provides the corresponding fix for APPN. [CSCdj30552]

• When using APPN/DLUR with the prefer-active-dlus configuration command specified on the APPN control point, DLUR might not properly connect to a backup DLUS in cases where the primary DLUS is available in the network but has the served PUs varied inactive. [CSCdj31261]

• When using the len-connection configuration command on the APPN port and there are at least 30 XID3 devices connecting in through that port, a rare sequence of events of devices connecting and reconnecting can cause a reload. [CSCdj31264]

• Any device connecting to APPN/DLUR that does not carry a cv0E with a CPname specified on XID (any PU2.0 and some older PU2.1 implementations) causes APPN to fail to release 536 bytes of memory each time the device disconnects and reconnects. Any device connecting on a port with LEN-connection defined also exhibits this behavior. When memory is exhausted, the APPN subsystem might stop or the router might reload. [CSCdj33429]

• An APPN router might display the following "Unanticipated CP_STATUS" message when the contention loser CP-CP session goes down and comes back up without the contention winner session being deactivated:

%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1

%APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN

%APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4

%APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received

Each subsequent broadcast locate received by the router causes the following messages to be displayed and about 1920 bytes of APPN memory to be leaked:

%APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080

%APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0

This problem occurs when two links are active to the same node and the CP-CP sessions are split between these two links and the link with contention loser is stopped. The APPN subsystem should be stopped and restarted to clear this problem. If the CP-CP sessions are between the router and the host, terminating either CP-CP session on the host will also clear this problem. [CSCdj33718]

• When an LLC2 connection is configured to work over ATM LANE for DLSW, the connection succeeds until a retransmission is required, at which time it fails. [CSCdj34873]

• A user is unable to enter an XID option on an interface configured for QLLC and DLSW. [CSCdj35448]

• If the DLUR router received fixed session-level pacing values on the primary stage, it might modify these pacing values before forwarding the bind to the secondary stage. [CSCdj36195]

• The router might reload when reverse-QLLC connections disconnect using QLLC/DLSw+. [CSCdj36613]

• A problem occurs when an LU node specific node attempts to start a session with a set of invalid bind parameters. This results in a locate-find (with the bind in the CDINIT) being sent through the Cisco APPN network to the end VTAM CP. The end VTAM CP rejects the locate-find with a 0835003A sense and sends this back with a control vector CV35 of minimum length of 8 bytes to the originator via the Cisco APPN NN. The APPN NN then rejects the frame with a 08953500 sense and drops the CP-CP session between the Cisco router and VTAM CPs. [CSCdj37479]

Interfaces and Bridging

• Issuing the no channel-group command on a MultiChannel Interface Processor (MIP) causes the router to reload if OSPF is configured. [CSCdi79844]

• Bridging from a serial interface to a Fast Ethernet interface with ISL encapsulation fails because the serial input queue is not cleaned up. [CSCdj01443]

• When bridging IP and routing AppleTalk, assigning the bridge-group to the LEX interface causes AARP entries to disappear and become no longer resolved. [CSCdj22825]

• In X.25 packet by packet compression, error checking code is fixed after malloc for the decompression history buffer. [CSCdj29139]

IP Routing Protocols

• Under unusual circumstances, EIGRP might reinitialize multiple peers when a stuck-in-active condition occurs, instead of just the peer through which the route was stuck. [CSCdi83660]

• Under certain circumstances, if a Cisco router receives a route with a lower rip2 metric, the router might go to into a hold-down state with an infinite metric. [CSCdj15295]

• Under certain circumstances, a Cisco router interprets an IP packet broadcast at the link-layer as an IP-directed broadcast. When the router determines that the original packet was a directed broadcast, it forwards the packet to any other interfaces that belong to the directed broadcast address because Cisco routers forward directed broadcasts by default. Though the destination IP address of the original packet appears to be that of a directed broadcast, the router should not forward the packet, since it is actually a link-layer broadcast. [CSCdj16052]

• A router might crash after the fifth EIGRP process is configured. CSCdi36031 is a related caveat. [CSCdj17508]

• An IP cache is not invalidated for destinations that use the default routes even after the next hop is down. The workaround is to use the clear ip cache command. [CSCdj26446]

• Major net summarization is incorrectly done if there are two equal cost direct connect interfaces. To work around this problem, use the clear ip route * command. [CSCdj30971]

• Dense mode interfaces are not always populated in the outgoing interfaces of a multicast route. This problem was introduced by CSCdi25373. [CSCdj32187]

• When doing a trace route from a router to a broadcast network address, NO ICMP TTL Exceeded is sent back by the next hop Cisco router. [CSCdj33761]

• An old incoming interface is not populated in the OIF during RPF transitions. [CSCdj34457]

ISO CLNS

• CLNS fast switching is not working between PVCs defined on ATM subinterfaces. [CSCdj23817]

LAT

• When performing protocol translation from X.25 to LAT, spurious memory accesses might be seen in console messages as well as in the output from the show alignment EXEC command. [CSCdj18470]

Novell IPX, XNS, and Apollo Domain

• IPX fast switching might fail over a PRI interface, resulting in IPX client connections not being established over the PRI even though the IPX servers are visible. The workaround is to configure no ipx route-cache on the PRI interface. [CSCdj29133]

• XNS does not learn the new non-canonical format of Token Ring MAC addresses. It retains the old canonical format address for its node address. This would cause routing failure. The workaround is to disable and reenableXNS network on all the Token Ring interfaces. This affects only RSP platforms and when you upgrade an XNS configured router from a version that has the bug CSCdi48110 to a version that has this bug fixed. [CSCdj29916]

• The ipx nlsp command tag option is not being displayed as an option, making routing between NLSP areas impossible. [CSCdj33746]

TCP/IP Host-Mode Services

• An interface might become wedged with input queue 76/75. This is caused by both syslog and SNMP traps. The workaround is to disable both syslog and SNMP traps using the commands no snmp-server host ip-address and no logging ip-address. [CSCdj27567]

• New TCP connections might become stuck in SYNSENT state when router is low on memory. [CSCdj30008]

TN3270

• International (8-bit) characters do not echo when using TN3270. [CSCdj22231]

VINES

• Issuing the write memory command might cause the system to reload while writing the VINES access list to memory. Issuing the write terminal or show vines access commands might also halt the system. The workaround is to delete the configuration file and reconfigure the system. [CSCdi49737]

Wide-Area Networking

• CMNS connections might suffer spurious X.25 resets under traffic load. [CSCdi40875]

• There is a problem that only affects the PPP reliable protocol. No other protocols are affected, such as HDLC. [CSCdi70242]

• A BRI interface with Frame Relay encapsulation configured does not function correctly. A call stays up for a few seconds, LMI messages are exchanged, and as soon as the DLCI goes from INACTIVE to DELETED, the BRI is physically reset. Therefore, it is impossible to use Frame Relay over ISDN. [CSCdj09661]

• When a router receives a valid Frame Relay Setup message while the local SVC's map-class is not yet properly configured, the router crashes. The crash point and the stack trace might be like one of the following:

Current PC: 0x90F61C[bcopy(0x90f56c)+0xb0] FP: 0xCC65C4[_etext(0x96f3ec)+0x3571d8] RA: 0x5E1EF2[_fr_svc_send_msg_to_nli(0x5e1eca)+0x28] FP: 0xCC65E8[_etext(0x96f3ec)+0x3571fc] RA: 0x5DD98C[_FRU0_Setup(0x5dd8e2)+0xaa] FP: 0xCC6620[_etext(0x96f3ec)+0x357234] RA: 0x5DD894[_svc_process_l3_event(0x5dd786)+0x10e] FP: 0xCC6664[_etext(0x96f3ec)+0x357278] RA: 0x5DA17A[_l3_ie_parse(0x5d9d32)+0x448] FP: 0xCC66A4[_etext(0x96f3ec)+0x3572b8] RA: 0x5D9B84[_l3_ie_parse_process(0x5d9b14)+0x70] FP: 0xCC66C0[_etext(0x96f3ec)+0x3572d4] RA: 0x1CC372[_process_hari_kari(0x1cc372)+0x0]

Current PC: 0x5E1D8E[_fr_svc_call_id_to_nli(0x5e1cf0)+0x9e] FP: 0xCC5CCC[_etext(0x970900)+0x3553cc] RA: 0x5E2176[_fr_svc_send_msg_to_nli(0x5e214e)+0x28] FP: 0xCC5CF0[_etext(0x970900)+0x3553f0] RA: 0x5DDC10[_FRU0_Setup(0x5ddb66)+0xaa] FP: 0xCC5D28[_etext(0x970900)+0x355428] RA: 0x5DDB18[_svc_process_l3_event(0x5dda0a)+0x10e] FP: 0xCC5D6C[_etext(0x970900)+0x35546c] RA: 0x5DA3FE[_l3_ie_parse(0x5d9fb6)+0x448] FP: 0xCC5DAC[_etext(0x970900)+0x3554ac] RA: 0x5D9E08[_l3_ie_parse_process(0x5d9d98)+0x70] FP: 0xCC5DC8[_etext(0x970900)+0x3554c8] RA: 0x1CC3BA[_process_hari_kari(0x1cc3ba)+0x0] [CSCdj13019]

• Packets that are exactly the size of the MAC encapsulation size are not bridged. This means that TEST and XID frames are not be bridged. Instead, they are passed up to the process level, which responds to them. [CSCdj14748]

• The MAC address of an ATM interface in a router, instead of the actual MAC address of an end station connected to a LANE client, is entered in the ARP cache. This problem occurs after several hours. A temporary workaround is to clear the ARP cache of the router. Other workarounds include removing bridging from LANE subinterfaces, disabling proxy ARP or correctly configuring the subnet mask of end stations in a LANE environment. [CSCdj19293]

• The output of the show dialer command shows that the "dialer state is call pending" and the dialer could not be used after it received a call from the destination. This caveat could be related to CSCdi80876. [CSCdj19790]

Upon bootup, OIR, microcode reload, and cbus complex restarts, the router shows CCBTIMEOUT error messages on VIPs that result in a disabled wedged status. This problem occurs with bad PAs and PAs in a "not-ready" state. The cause of the problem is when PCI access is tried and the PA does not respond, thus resulting in CCBTIMEOUTS. [CSCdj21639]

• When per VC custom or priority queuing is configured prior to the initialization of the VC, the functionality is not correctly initialized and is not activated. [CSCdj28240]

• Use of IPX with very large packet sizes might result in a memory leak when transmitting packets via PPP multilink. [CSCdj29387]

• ATCP negotiation fails when an ARAP 3.0f1c4 client attempts to connect to a Cisco access server. This was found during Beta testing of the ARAP 3.0 software. The actual ARAP protocol works fine; it is only ATCP that fails. [CSCdj31323]

Caveats for Release 11.2(1) Through 11.2(7)

This section describes possibly unexpected behavior by Release 11.2(7). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(7). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

AppleTalk

• ATCP and ARAP code will not work with all-router node addresses. NBP lookup to ATCP/ARAP clients might fail. There is no workaround. [CSCdj02390]

• A router might prevent Macintoshes from coming up because of duplicate provisional addresses. A workaround is to issue the clear appletalk arp command. [CSCdj16510]

• A special character in an AppleTalk zone name does not work correctly when using the appletalk static command. If the special character is between:80 and:ff, it will be changed in running-config. This change only occurs when using the appletalk static command. [CSCdj25241]

Basic System Services

• The tftp-server flash slotx:xxxxxx command does not work in Cisco IOS Release 11.1. The problem occurs somewhere between Release 11.0(14) and 11.1(1).

A workaround is to use the alias keyword.

• The client gets the following error, Accessing file "rsp-pv-mz.1666.kao.112.isp" on 10.1.1.1...NOT FOUND Can not open source file tftp:rsp-pv-mz.1666.kao.112.isp (TFTP read error)

Server debugs says, TFTP: Server request for port 7761, socket_id 0x60989170 TFTP: read request from host 10.1.1.2(7761) via Serial12/0 TFTP: Sending error 1 No such file. [CSCdj09134]

• Configuring net/ov on a router that has the tftp-server flash slot0:xxx alias xxxx command configured resulted in a timeout. [CSCdj15425]

• If the write memory command is executed at the same time as the show config command is executed, the router might crash. This problem appears to be the same as caveat CSCdi51059. [CSCdj16985]

• Distributed access lists with a large number of statements might not behave properly when the RSP reloads. A workaround is to execute the microcode reload command. [CSCdj17068]

• Too many accounting records are sent for a Multi chassis Multilink PPP connection. [CSCdj17870]

• Control characters in chat-script commands that are specified using backslash-octal representation are not accepted and stored properly. [CSCdj18869]

• An ARAP session attempt causes the NAS to reload when running AAA accounting with ARAP. [CSCdj21751]

EXEC and Configuration Parser

• The autohangup command does not work if the user uses the rlogin command. Instead of being disconnected at the end of the rlogin session, the user will be presented back with the prompt (or the menu if you are using one).

A workaround is to use the telnet command in the menu, specifying the rlogin port value (513), which will cause rlogin to be invoked, for example menu test command 1 telnet myhost 513. [CSCdj16600]

• A change to introduce a locking mechanism in the parser is preventing the virtual template interface configuration from being applied when the system is loading. This results in the incorrect application of commands to any virtual access interface that is cloned from the template.

The workaround is to enter the configuration manually after the system has booted. [CSCdj24440]

• When certain configuration commands are entered, the configuration is locked and the commands cannot be executed. When this happens, the message "the configuration has been locked for more than 10 seconds. Please try again in a few moments" appears. [CSCdj24585]

IBM Connectivity

• A system was restarted by the error "Software forced crash." The stack trace points to the LAN Manager process.

The current workaround is to disable LNM.

[CSCdj11711]

• Any existing sessions or circuits over the backup peer will be brought down immediately after the primary peer is up. This occurs even though the backup peer linger timer has been configured for a higher value. [CSCdj13159]

• Source-routed frames with a destination address of FFFF.FFFF.FFFF will not be forwarded between Token Rings when SRB is configured on the router. Source-routed frames with destination addresses other than an all Fs broadcast address will be forwarded.

In some application environments, certain 3270 emulators will not direct a test poll to a specific media access control address and will use an all Fs address to create the frame. It is this all Fs frame in an SRB configuration that will not be forwarded by the router. This configuration impacts workstations that are attempting to connect to host devices. The broadcast frame will never leave the local ring.

Most emulators will use the destination Media Access Control (MAC) address of the host device to create a frame containing the test poll. With some proprietary implementations, the MAC address of the host device does not have to be known by the end device. [CSCdj13563]

• DLSw searching remote and local behavior was observed in Cisco IOS Release 11.1(11). A workaround is to not allow CUR frames to go from the hub router to the peer (remote) router. [CSCdj16711]

• When running Cisco IOS Release 11.1(11) with BSTUN configured, the router might reload under certain conditions. This problem might be minimized by configuring HOSTTIMEOUT to a large value. However, this will have a significant impact in detecting device outages. [CSCdj16888]

• Buffers classified as linktype IBMNM might leak in the LNM process. A workaround is to disable the LNM process. [CSCdj20441]

• The router is unable to link with LAN Network Manager. [CSCdj20748]

• When a directory cache entry exists for a resource and a broadcast search arrives for that same resource name, the intermediate node broadcast processing will delete the valid cache entry that existed previously. This defect will cause excessive local broadcast traffic. [CSCdj21343]

• If APPN directory service receives a search flow that contains a CV35 (extended sense data CV) that has data beyond the point that Cisco APPN recognizes it, Cisco APPN will reject the locate flow in error. [CSCdj21690]

• Using the dlsw ring-list or dlsw port-list configuration commands can cause a SegV exception when executing the show dlsw reachability command. [CSCdj21894]

• A DLSw+ crash will happen when the following occurs:

DLSw+ router A is connected to peer router C and is also peered to router B but is not yet connected to peer router B. Peer C can reach a specific resource (MAC address or NetBIOS name). Peer A can reach the same resource through a local interface. Therefore, at this point peer A can reach the resource both local and remote via peer C.

Now, Peer B has dlsw icanreach mac/netbios-name configured. When peer A connects to peer B, peer A will crash when trying to delete the dynamic reachability for the resource and replace it with the reachability learned through capabilities exchange with peer B. [CSCdj22327]

• The DLUR router might get into a tight loop, in which it continuously retries to start the DLUR/DLUS pipe to the same DLUS without waiting the specified retry time. This problem could cause the router to crash or continuously display pipe retry messages without waiting the specified retry time. It might also result in high CPU usage. [CSCdj22330]

• When establishing a DLSw session, the circuit priority field in the SSP header of the CUR_cs, ICR_cs, and/or REACH_ACK SSP frames might be set to a reserved value (5, 6, or 7). While this value will not cause problems when sent to a Cisco router peer, it might cause interoperability problems when peering to another vendor's equipment. This problem might manifest itself as an inability to start the circuit. [CSCdj22482]

• When the first attempt to link a Cisco router with the LAN Network Manager fails, it is not possible to link this bridge again because of a hanging LLC2 session in status ADM. To clear this session, reload the router. [CSCdj23142]

• With APPN/DLUR, caveat CSCdj18360 caused a regression in APPN images, which creates thrashing topology updates (topology war) for any topology with more than one CP-CP session. Cisco recommends that an image containing CSCdj18360 should not be used in an APPN network without also having this fix applied. All APPN images containing CSCdj18360 and not this fix have been deferred as production images. [CSCdj23165]

• Two Token Ring lane clients configured with the same MAC address can join the same emulated Token Ring LAN. [CSCdj23781]

• Under certain circumstances, the router will fail to create a dynamic link station. The workaround is to restart APPN on the router. This is caused by a small buffer leak that occurs for each actpu processed by DLUR. After some time, enough buffers might be lost as to cause session failures and dynamic link station failures due to insufficient buffers. [CSCdj23782]

• OSPF, EIGRP, and other protocols might not work over FDDI. [CSCdj23804]

• Len-connection mode of operation on an APPN port is designed to allow len-level connectivity between a DLUR and its downstream devices. Independent session activation (LU6.2) through ports with len-connection fails with the message "no route for session." This problem does not affect dependent session activation (LU 0,1,2 etc.). [CSCdj24777]

Interfaces and Bridging

• The Bridge ID might choose a Cisco random address even for the Ethernet interface that has the MAC address. It mostly happens in the first Ethernet interface. [CSCdj13302]

• The VIP PA-4R was bridging frames that were aborted by the sender. The frame is now dropped when the abort is detected. [CSCdj13409]

• For high-end systems, the Token Ring SDE interface failed to translate the packet into a token or FDDI native packet. The ping packet will fail. [CSCdj19749]

IP Routing Protocols

• When the command ip default-network is removed, the gateway of last resort is not removed from the routing table. [CSCdi76285]

• A router might reload if it receives an ARP request frame from a token ring interface and the frame has been incorrectly formatted as a Frame Relay ARP. ARP request frames that are correctly formatted for IEEE LAN media will not cause this problem. The only workaround is to remove the station sending the illegal frame from the network. [CSCdj05170]

• A BGP router running experimental code and configured using the soft configuration feature might accept a path with its own autonomous system. [CSCdj11588]

• Type 7 LSAs from a NSSA OSPF area might not be translated to type 5 LSAs in the backbone when crossing a virtual link. [CSCdj12181]

• An ICMP redirect will not be sent if there is a destination IP address entry in the fast cache. An ICMP redirect is only sent when the packet is processswitched. [CSCdj16708]

• Using the show ip bgp neighbors address adv with the route-map deny community command does not work [CSCdj16922]

• When first configuring IP policy routing on an interface, the requested policy routing will not take effect if the destination IP address is already in the IP route-cache. The workaround is to process the clear ip cache command after configuring IP policy routing. [CSCdj18345]

• The system might reload if AppleTalk is enabled on ATM interfaces. No workaround is available. This caveat is introduced in 11.2(6.2) and the related caveat is CSCdj16317. [CSCdj18531]

• Under certain conditions, the EIGRP variance command might not remove routes that have a higher next hop metric. To resolve the problem, issue the clear ip route command. [CSCdj19634]

• When a router running RSVP receives a PATH message containing an ADSPEC, and the ADSPEC has a Guaranteed Service (GS) fragment with zero length, the router ends up copying more bytes than necessary. This results in a modified ADSPEC that contains invalid information; if this ADSPEC is passed on to the next downstream router, the downstream router might crash.

A workaround is to send an ADSPEC with a non-zero length GS fragment, such as one containing valid GS information. [CSCdj25441]

Novell IPX, XNS, and Apollo Domain

• XNS routing over non-LANE ATM interfaces creates a cache entry that is never used and never freed; this might result in memory starvation. A workaround is to disable XNS route-cache on the non-LANE ATM interfaces. [CSCdj09666]

• IPX cache corruption occurs when you have two Fast Ethernets in a VIP carrier (one configured for ISL) connecting to a single server with dual NICs (different external numbers, same frame type), and IPX max-paths set to 2. A workaround is to disable fast switching for IPX. [CSCdj17470]

TCP/IP Host-Mode Services

• Sometimes a TCP control block structure is mistakenly freed during timeout processing, and the next reference to the structure will cause the router to crash. [CSCdi91097]

• When running the Enterprise version of the Cisco IOS software, the router might not forward UDP broadcasts and UDP unicasts. [CSCdj21684]

Wide-Area Networking

• TCP header compression does not work over Point-to-Point Protocol (PPP), ISDN, and asynchronous dialer interfaces. To work around this problem, turn off ip tcp header-compression. Note that non-dialer asynchronous interfaces used for dial-in PPP access are not affected. [CSCdi19199]

• The Frame Relay traffic shaping and per-VC queuing features do not operate correctly. When you configure the frame-relay traffic-shape command, the required initialization does not occur as expected. The result is that the specified rates for transmission are not observed and the defined queuing method is not properly configured. There is currently no workaround. You are therefore advised not to configure this feature. This problem does not affect the interface-independent traffic shaping function. [CSCdi88662]

• After a data-direct VCC is created, the ATM-SIG input holding value increases. After it is cleared by a timeout, the ATM-SIG continues to hold onto memory, causing a memory leak. [CSCdj02779]

• A system might reload when a bundle is disconnected while receiving data. [CSCdj15340]

• When the shutdown and no shutdown commands are issued on a BRI interface while the primary Frame Relay interface is down, the interface comes back in standby mode. This problem also occurs when the router is reloaded with the BRI in a standby mode and the primary is down. [CSCdj16441]

• VIP2 packet bus parity errors are not reported. [CSCdj23431]

Caveats for Release 11.2(1) Through 11.2(6)

This section describes possibly unexpected behavior by Release 11.2(6). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(6). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

AppleTalk

• You cannot route AppleTalk with EIGRP on a Cisco 1005. [CSCdj09990]

• Spurious memory access might occur due to uninitialized idb sub-block. There is no workaround. [CSCdj12071]

• A memory leak can occur when an ARAP user fails to connect due to initialization failure. [CSCdj14393]

Basic System Services

• When the ntp broadcast client command is enabled, packet buffer leaks might occur unexpectedly. Deconfigure the command if this condition occurs. [CSCdj03162]

• When using compression and traffic shaping over Frame Relay, the traffic shaping uses uncompressed data volumes to calculate load. [CSCdj04312]

• The command copy tftp flash will fail with a TFTP "timed out" error message if the command is used between two routers running Cisco IOS Release 11.1(10) (or later) and 11.2 respectively. [CSCdj05552]

• The next hop address in the flow data export record might incorrectly be output as 0.0.0.0. [CSCdj09896]

• If you have an FDDI interface installed on an RSP router, you might see bad input packets on interfaces which are using the same pool of MEMD buffers. There will be up to one input failure per SMT frame input over each FDDI interface.

A workaround is to execute the command test rsp cache memd-fastswitch uncache each time the router is rebooted. [CSCdj10028]

• The command encapsulation frame-relay cisco erroneously causes fast switching. The workaround is to use encapsulation frame-relay ietf. [CSCdj11883]

• Sometimes, alignment warnings might appear if you are fast switching with custom or priority queueing enabled. These warnings signal that extra CPU cycles are necessary to process the packet. Despite the warnings, the packet is still switched correctly. [CSCdj12269]

• Even if the rlogin command has its privilege altered to level 0, it will still be treated as though its privilege level is 1 by AAA command authorization. [CSCdj14206]

IBM Connectivity

• QLLC cannot use X.25 PVCs for DLSw+. The workaround is to use RSRB or to use X.25 SVCs. [CSCdi58735]

• Certain interface processors send up a set of logger messages which contain the details of a fatal error condition that has been detected on that card. Under some circumstances, the Cisco IOS software resets the card before all the messages have been retrieved and displayed. This results in a loss of useful information necessary to debug the fatal error that occurred on the interface processor. [CSCdi86708]

• Source-route bridging over FDDI might not pass all frames following the spanning or all-routes explorer frames. A workaround is to run Release 11.1(8)CA1. [CSCdi92160]

• A DLUR router will erroneously tear down the downstream link when it receives a dactpu "not final use" message for the downstream physical unit. [CSCdi92973]

• When both BNN and BAN sessions are configured on the same SLDC interface, all sessions will come down when the user deconfigures the BAN sessions. This is disruptive to existing BNN sessions. [CSCdj00497]

• The SDLC output queue can get stuck if the sdlc line-speed command is not set or if it is set to an incorrect value. The symptom is that the router stops sending SDLC frames out the serial interface, resulting in SNA session drops. The interface needs to be recycled or reset to clear the condition. The workaround is to configure the sdlc line-speed parameter to be equal to the actual line speed being used. [CSCdj01434]

• A router configured for DSPU might crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdj02005]

• APPN links over RSRB might not connect if started simultaneously. A workaround is to start only one side of the link at a time. [CSCdj03501]

• In certain cases where the LU gets disconnected, VTAM could get stuck in PALUC state because the DACTLU was not being properly handled. [CSCdj03737]

• When the first connection to an SDLC-attached OS/2 system in a FRAS BNN environment fails, a successful connection can be made only by issuing the shutdown and no shutdown commands on the router's SDLC interface. [CSCdj04321]

• Cisco IOS software improperly ignores IPX SAP packets received from a VIP/4R Token Ring interface if the SAP packets have a destination MAC address of "all stations broadcast" and a RIF (routing information field). [CSCdj04552]

• When configuration changes are made in a TN3270 server such that a new PU is added which uses a new IP address, very rarely a failure might happen and the following message display:

%CIP3-3-MSG: %MEMD-3-VCNREGISTER: Invalid VCN (65535)specified

Failing "Invalid VCN number" could be different than 65535 also.

Also, you might see the following message if SSP is being used:

%SYS-6-STACKLOW: Stack for process SSE Manager running low...

The failure continues until the route-processor is reloaded. There is no known workaround. [CSCdj07773]

• The router crashes when the backup code is invoked and either a no fras backup dlsw or a no fras backup rsrb command is issued. For example, the router crashes when the serial line to the Frame Relay cloud is lost, and backup is configured. [CSCdj08577]

• A buffer leak causes a crash when NSP is used over DLUR. [CSCdj10387]

• NetBIOS sessions might be unable to come up in a busy system. [CSCdj11152]

• Running DLSW and RSRB in the same router with LAN Manager can cause disruption of the LAN Manager on the RSRB connections. [CSCdj11691]

• Using QLLC/DLSw+, QLLC connections fail to be established when non-default SAPs are used. [CSCdj14080]

• In PU4/5 to PU4/5 environments, if both devices send XID NULL at the same time, a DLSw circuit will not connect. [CSCdj14201]

• The Cisco implementation of DLSw appears to shift the lf bits in the SSP header, when peering to other vendors' DLSw implementations. This might cause circuits to connect using a smaller, non-optimal largest frame size, or might cause circuits not to connect. [CSCdj17372]

Interfaces and Bridging

• Under heavy load conditions, it is possible for the keepalive timer to go off and cause resets on the Token Ring interface. [CSCdi88713]

• When the dialer dtr command is configured, the router does not raise the DTR signal. [CSCdi92812]

• A problem occurs when the VIP2 FIFO buffers overflow, causing a write of data to SRAM to silently fail. This failure might cause a number of protocol-related failures, including but not limited to TCP checksum errors and other possible packet data errors. This problem is not limited to any particular network configuration, traffic load or other specific circumstances. [CSCdj08722]

• A problem occurs when the FDDI port adapter experiences a receive ring overrun under heavy traffic load with packet sizes larger than 512 bytes. This might cause a number of protocol-related failures including, but not limited to, TCP checksum errors and other possible packet data errors.

There is no manual avoidance--all customers using VIP2/FDDI PAs are strongly encouraged to upgrade to an image containing this bug fix. Refer to "Field Alert: VIP2 Cisco Software Release Deferrals" for image availability and additional information. [CSCdj09576]

• When the 90-compatible OUI is used on a source-bridge transparent command, the command is accepted and translational bridging operates correctly. A display of the configuration shows the OUI option as "90compat" instead of "90-compatible." If the router is reloaded, an error message is generated pointing to the "c" in "90compat" and the resulting configuration does not have the source-bridge transparent command included. If the command with the 90-compatible OUI is configured again, normal operation is restored. [CSCdj09688]

IP Routing Protocols

• Systems running OSPF might experience a software-forced crash. There is no known workaround. [CSCdi81510]

• Internal BGP, which uses confederations, might see an apparent routing loop. This problem has been observed in two routers that are running different Cisco IOS software images. [CSCdj08110]

• If static routes are entered with the command form ip route prefix mask address, the routes might get be lost from the Enhanced IGRP topology table if they are a subnet of a net that is advertised as unreachable. However, such static routes will continue to show up in the IP routing table. [CSCdj09571]

• In a router with a Simplex interface configuration, IP route cache is invalidated on the RECEIVE interface only. The IP route cache should also be invalidated for the TRANSMIT interface. [CSCdj11960]

• A multicast boundary on an incoming interface does not stop a router from giving packets to its local process, even though these packets cannot be forwarded out any interface due to this boundary. [CSCdj12030]

• The ip nhrp map destination IP NBMA address command on a tunnel interface is incorrectly parsed to add an unnecessary IP mask. The workaround is to always specify the mask, and to reenter the ip nhrp maps command without masks. [CSCdj13220]

• A router will crash if you configure the maximum IRDP advertisement interval and minimum advertisement interval with the same value, as in this example:

int e1
ip irdp
ip irdp max 10
ip irdp min 10 

The workaround is to specify different values for maximum and minimum advertisement values. [CSCdj14903]

• The system might reload if AppleTalk is enabled on ATM interfaces. No workaround is available. This caveat is introduced in Release 11.2(6.2) and a related caveat is CSCdj16317. [CSCdj18531]

LAT

• Illegal LAT STOP slots might be sent if a line is disconnected immediately after initiating a LAT connection. This is more likely to be seen when using protocol translation. These illegal slots cause the LAT virtual circuit to be disconnected, affecting all connections to the host. [CSCdj09876]

Novell IPX, XNS, and Apollo Domain

• XNS routing over non-LANE ATM interfaces creates a cache entry that is never used and never freed; this might result in memory starvation. A workaround is to disable XNS route-cache on the non-LANE ATM interfaces. [CSCdj09666]

• The distribute-sap-list command does not work when used to filter SAPs into an IPX routing protocol instance. You can work around this problem by filtering the same SAPs when they get redistributed, using the distribute-sap-list out command. [CSCdj15889]

• IPX cache corruption occurs when you have two Fast Ethernets in a VIP carrier (one configured for ISL) connecting to a single server with dual NIC's (different external numbers, same frame type), and IPX max-paths set to 2. A workaround is to disable fast-switching for IPX. [CSCdj17470]

Protocol Translation

• Systems doing vty-async protocol translation of SLIP or PPP over X.25 might unexpectedly restart when the incoming connection is closed, due to a rare condition. This problem was introduced in 11.2(6). [CSCdj15471]

TCP/IP Host-Mode Services

• Cisco devices running small numbers of outgoing Telnet sessions (for example, a Cisco device used as a terminal server) will show unexpectedly high CPU utilizations. This is partly because of the way CPU usage is measured, and is not cause for too much concern. This problem was introduced in Release 11.2(6). [CSCdj11528]

Wide-Area Networking

• Incoming calls might be blocked when lines are available. This problem starts after the router has been in use for several hours. Issuing a debug q931 command displays the following:

ISDN Se1:23: RX <- SETUP pd =3D 8 callref =3D 0x0338
        Bearer Capability i =3D 0x8090A2
        Channel ID i =3D 0xA98395
        Called Party Number i =3D 0xC1,'2817924'
ISDN Se1:23: Incoming call id =3D 0x137D
ISDN Se1:23: TX - RELEASE_COMP pd =3D 8 callref =3D 0x83
        Cause i =3D 0x80AC01 - Requested channel not available 

As a workaround, configuring scheduler interval 2500 has been effective in controlling or eliminating the problem. [CSCdi85735]

• When running over X.25, ISIS should extract the called X.121 address and use it as the SNPA. If the x25 suppress-calling command is configured on the router, ISIS does not seem to find any called address, nor can it find the SNPA. Apparently, the routine that extracts the X.121 address fails if the calling address is not present. [CSCdj00315]

• An asynchronous controller might hang and cause modems to go into a hang state. [CSCdj01441]

• Deleting a subinterface causes the main interface and associated subinterfaces to vanish from the configuration. This happens when the main interface uses Frame Relay encapsulation and is a member of a channel group. A workaround is to recreate the main interface by issuing the interface serial command. [CSCdj05415]

• A router reacts incorrectly to REJ frames. Frames seem to be queued and sent twice. CSCdj08607]

• A router might reload without producing a stack trace, or might otherwise behave unpredictably, when routing an X.25 call that contains 16 bytes of Call User Data. There is no known workaround. [CSCdj10216]

• The number of available B channels is incorrectly incremented by the total number of B channels per interface whenever the controller or the interface is reset. This results in the dialer attempting to place calls incorrectly on resources that are actually in use. [CSCdj11181]

• Low-speed synchronous/asynchronous ports are unable to receive packets bigger than 1500 bytes. The workaround is to set the MTU on both sides of the link to less than 1498. [CSCdj11304]

• NetBIOS NBF over asynchronous interfaces does not seem to work correctly after session initialization. [CSCdj12468]

• A reload might be forced if you issue the command show dialer interface x, where x is a PRI, BRI, or dialer interface configured for multilink PPP. A work around is to use show dialer without the interface option. [CSCdj13446]

• A router sometimes fails to install dynamic dialer maps for inbound asynchronous PPP peers. This failure occurs when the router is configured for both inbound and outbound asynchronous dialing using legacy DDR, and when the remote peer is authenticated in character mode and then launched into packet mode from the router's EXEC mode.

A workaround for this is to use PPP authentication and configure the autoselect ppp command on the lines. [CSCdj14047]

• When the router receives an incorrectly formed LCP NAK frame, a "software forced crash" might occur. The actual problem is in the peer PPP software, but Cisco IOS software will be enhanced in a future release to handle such frames. [CSCdj15209]

Caveats for Release 11.2(1) Through 11.2(5)

This section describes possibly unexpected behavior by Release 11.2(5). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(5). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Basic System Services

• When using RSP code with HIP, TRIP, or FIP interfaces, and when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the error message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]

• Packets might not be switched over a GRE tunnel, if access lists are applied to the input interfaces. After an incoming packet has been encapsulated for a tunnel, the access list check could prevent the packet from being switched. This is caused by the access list checking the new source of the tunnel packet resulting from the encapsulation, against the interface the packet arrived on. To work around this problem, disable access lists on the input interfaces or add the tunnel source address to the access list. [CSCdi87500]

• A hold-queue length out command will not be accepted if the output interface is configured for fair queuing. Fair queuing is the default queuing mode for low-speed (less than 2 Mbps) serial interfaces.

The hold-queue command is intended to configure the number of output hold queue buffers for FIFO (or FCFS) queuing. It has no meaning in the context of fair queuing. So the (intentional) design was that this command would be ignored when fair queuing was enabled.

When fair queuing has been configured, you can use the fair-queue command to control the number of output buffers which can be used by fair queuing. [CSCdj01870]

• Telnet sessions might pause for up to 20 seconds at a time. Any keystroke will break the pause. [CSCdj06450]

• On RSP systems, when maximum-size MTU packets are received by serial interface processors (including the FSIP, HIP, MIP, POSIP, and serial port adapters on VIPs that forward data to the RSP to be routed), up to 8 bytes of data might be written into the next datagram's packet memory. This could result in anomalous system behavior, including software-caused system crashes and dropped datagrams. This problem is never seen on RSP systems that do not have serial interfaces. [CSCdj08573]

• The command ntp broadcast is lost after a reload. [CSCdj09473]

EXEC and Configuration Parser

• The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software as is available with the enable password. Take care when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, and user IDs and passwords before sending. [CSCdj06881]

IBM Connectivity

• When an end station caches RIFs that it learns from broadcasts or when there are duplicate MAC addresses on each side of the DLSw cloud, DLSw will local-switch circuits between two local SRB-capable interfaces, thereby degrading SRB performance. [CSCdi91204]

• Source-route bridging over FDDI might not be passing all frames following the spanning or all-routes explorers. This problem occurs in Release 11.1(9) and Release 11.2. A workaround is to run Release 11.1(8)CA1. [CSCdi92160]

• A rare condition might occur during session cleanup, which causes the DLUR router to crash or display a "Mfreeing bad storage" message for the "psp00" process. [CSCdj02249]

• Exclusively configuring DLSw+ with the icanreach netbios-name command prevents some applications, including Microsoft Windows applications, from making NetBIOS connections. The workaround is to add an asterisk (*) to the end of the NetBIOS names configured with the icanreach netbios-name command. [CSCdj04936]

• The router crashes when either a no fras backup dlsw or no fras backup rsrb command is issued only when the backup code is invoked, for example, when the serial line to the Frame Relay cloud is lost, and backup is configured. When the no backup command is used, the cleanup for the backup functions is invoked. The problem is that the backup function removes the lan-cep, instead of the backup-cep. When the lan-cep structure is referenced, the structure is garbage, and the router crashes. No workaround at this point. [CSCdj08577]

• Sometimes when DLSw is required to verify the NetBIOS reachability cache entry, there might be a one -second delay before a NetBIOS FIND_NAME message is forwarded to the LAN interface. [CSCdj09865]

• The DLUR router might send a corrupt APPC frame to a DLUS if a timing window is hit when accessing multiple DLUSs. This problem might occur if there is both a primary and a backup DLUS configured and at least one PU that cannot get in to the primary DLUS (PU inactive) while other PUs are active with the primary DLUS.

This problem might cause VTAM to refuse to activate subsequent DLUR/DLUS pipes for all DLUR NNs. "/d net,dlurs" shows the DLUS conwinner state as reset and the conloser as active.

The workaround to prevent the DLUR router from sending this corrupt frame is to reconfigure the DLUR routers without a backup DLUS coded. [CSCdj10485]

Interfaces and Bridging

• IPX with integrated routing and bridging (IRB) does not work over serial interfaces if the encapsulation on BVI interface for IPX is 802.2(SAP) and 802.3(Novell-ethernet), encap arap(ethernet_ii) works fine. This problem occurs when a serial interface is configured for bridging, Ethernet interface is configured for IPX routing, and IRB is enabled to transport bridging IPX traffic to routing interface. [CSCdi56417]

• When a router is configured as a RARP server and is also configured for transparent bridging on the same interface, the router does not respond to reverse ARP requests.

The fix to this problem means that the router box can provide RARP service if configured as a RARP server regardless of its being configured as a layer 2 bridge only. [CSCdi83480]

• Packets destined to the HSRP virtual MAC address will not be routed if received on a 802.10 subinterface. [CSCdj01435]

• When configuring IPX routing, a serial interface running BSTUN might be put into a down state and then come back up. Restarting the host session will bring the end-to-end connection back up. [CSCdj02488]

• Transparent bridging might cause high CPU utilization in Releases 11.1(8) and 11.2. A show align command can be used to confirm whether large "counts" of alignment errors are the source of the problem. The show align command also yields trace information that can be decoded to determine the source of the problem. [CSCdj03267]

IP Routing Protocols

• If a router is running out of memory while running OSPF, OSPF does not check to see if one of its structures has been properly allocated. This might result in a SegV exception, thus causing the router to reload. [CSCdi64972]

• When fast switching is enabled on the system, an incorrect SVC might be created for NHRP path. A workaround is to disable fast switching. [CSCdi75617]

• If type 5 LSA exists, OSPF crashes if all the configured areas are removed by the no area area-id commands. [CSCdi78012]

• The system might reload after a show ip bgp inconsistent-as command is executed. [CSCdi88669]

• An extended access list that denies IP traffic and that does not require transport layer information might let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]

• After major topology changes, it is possible that the OSPF neighbor list is corrupted. The show ip ospf neighbor command might show that OSPF has adjacency with itself. This prevents OSPF from establishing adjacency with other routers on the network. More seriously, this could lead to a router crash. [CSCdj01682]

• The router will crash in nhrp_find_nhs when attempting to access a network that is not being served by NHS. [CSCdj03224]

• IGRP is erroneously accepting a majornet route over an interface that is directly connected to a different majornet. [CSCdj03421]

• When the LSA with the host bits is generated, OSPF ABR handles the LSA incorrectly and reports the OSPF-3-DBEXIST error message for type 3 LSAs. [CSCdj08699]

Novell IPX, XNS, and Apollo Domain

• When a router running NLSP receives an IPX aggregate route, SAPs whose source networks match that aggregate route will be installed into the SAP with a route hop count of 255, making those services unreachable. [CSCdi91209]

• If IPXWAN is configured and the remote router is configured to allow IPXWAN Client mode, the local router will reset the link upon receiving the IPXWAN Timer Request. IPXWAN debugging will show "IPXWAN: Rcv TIMER_REQ reject Router asking for Client mode." The workaround is to disable IXPWAN Client mode negotiation on the remote router. [CSCdi93285]

• When routing IPX packets between Ethernet segments using different IPX encapsulations, a "TOOBIG" traceback might be generated when a maximum size Ethernet packet from one segment is routed to another Ethernet segment with a slightly larger IPX encapsulation size--for example, when going from Ethernet_802.3 (Novell-Ether) to Ethernet_802.2 (SAP). No actual Giant packet is sent; the large packet is dropped as part of the traceback warning message. [CSCdj00849]

• Connected routes are not redistributed to IPX Enhanced IGRP with the proper metrics. This might cause the remote routers to use a suboptimal route if there are multiple autonomous systems configured and routes are mutually redistributed. [CSCdj04141]

• In an NLSP environment, when a more distant route is replaced by a better route, two routes for the same network might be advertised by RIP. [CSCdj04543]

• A router might reload if the no redistribute eigrp autonomous-system-number command is given under the ipx router eigrp command with a wrong autonomous system number. [CSCdj06394]

• The IPX route table might be incomplete after an interface is shut down and more than one IPX Enhanced IGRP autonomous system is configured. [CSCdj07334]

• The router might reload if NLSP is disabled on an interface. [CSCdj08009]

TCP/IP Host-Mode Services

• The initiation of Telnet or other TCP connection might fail with the error message "%Out of local ports." A workaround is to attempt the connection a second time. [CSCdi60974]

• A TCP packet still in use might accidentally get freed in IP when the packet is going out a Frame Relay interface on which TCP header compression is configured. When this happens, the following messages are logged on console:

Mar 19 08:41:23: %TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 
-Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C 
Mar 19 08:41:50:%X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted
Mar 19 08:41:52: 
TCP0: extra packet reference for pak 0x60A031D8 found: 
Mar 19 08:41:52:%TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 
-Process= "TCP Driver", ipl= 0, pid= 26 
-Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C 
Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 
Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4

[CSCdj06781]

Wide-Area Networking

• On lines running software flow control without modem control, attached devices might get stuck in a flow-controlled state if the Cisco TTY is reset while it is flow-controlling the attached device. [CSCdi60204]

• When using Frame Relay IETF encapsulation, bridging fails for Token Ring-to-serial-to-Token Ring connections. [CSCdi70653]

• The dialer hold-queue command does not queue packets when it is used with dialer profiles. As a workaround, use the legacy DDR configuration, not dialer profiles. [CSCdi84272]

• If a no shutdown command is entered for a Group Async interface, the router might reload. [CSCdi91037]

• When using AAA accounting, a message similar to the following might be displayed:

%AAAA-3-BADSTR: Bad accounting data: too many attributes 

[CSCdj00190]

• When two routers are connected by an encrypted leased line and an ISDN backup line, if the leased line drops, the ISDN link comes up normally. However, when the leased line comes back up again, the router that placed the ISDN call crashes. [CSCdj00310]

• In some rare occasions, especially when a network management station is frequently polling Frame Relay MIB data (of the frCircuitTable) from a router being reloaded and just trying to come up, a crash might occur. [CSCdj00447]

• When the Cisco router is configured for AAA accounting and it has agreed to authenticate with CHAP, each CHAP Challenge results in an accounting attribute being created. If the peer implements the optional mechanism to repeatedly authenticate the peer with multiple CHAP Challenges, this might eventually result in the "AAAA-3-BADSTR, Too many attributes" message. [CSCdj03234]

• It is possible for the last X.25 fragment to have the M-Bit set improperly when the packet is full, but no additional data is to be sent. [CSCdj03488]

• When IRB is enabled and a BVI interface is configured, traffic through an ATM interface will cause the ATM input queue to wedge, while the BVI input queue will display negative numbers. [CSCdj04025]

• For TS014 (Australia, PRI) switch types, the following might happen: When a clear collision occurs between the CE and the network simultaneously transferring a DISCONNECT message specifying the same call, the call is not properly cleared. Neither side sends the RELEASE message to release the call, and hence the call reference and the associated call control block (CCB). [CSCdj06157]

• When you are modifying the LANE database, if you lose the Telnet session to the router, the database locks up. This is not a bug in the LANE code. A dead Telnet session takes approximately five to eight minutes to be detected from the live side. When it is detected, the live side cleans up and releases the lock. This is a Telnet feature and has nothing to do with the LANE database. The workaround is to reload the router. [CSCdj06660]

• When the CPU is very busy and running many processes, an attached ATM switch might tear down SSCOP and all SVCs because the SSCOP Poll PDUs sent by the switch are not serviced in time. The workaround is to keep other processes from using too much of the CPU. [CSCdj06928]

Caveats for Release 11.2(1) Through 11.2(4)

This section describes possibly unexpected behavior by Release 11.2(4). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(4). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• Under certain circumstances, a Cisco AS5200 might reboot with the following message, visible via the show version EXEC command:

System restarted by bus error at PC 

The circumstances that might lead to this event are (in the order shown):



Have active calls on a particular DSX1 (T1/E1) interface. 

Change the DSX1 controller pri-group timeslots configuration for this particular interface. For example, the following sequence:



config terminal 
controller t1 0 
pri-group timeslots 1-4 



Shut down the DSX1 controller via the shutdown interface configuration command. [CSCdi88556]




 Basic System Services

Ethernet interfaces might experience XBUFHDR and INVRTN errors. [CSCdi75404]

The router might reload inadvertently if you respond improperly to extended ping dialog prompts. [CSCdi88443]

A memory leak occurs whenever TACACS+ is enabled. Memory is released to the EXEC process as seen via the show memory command. The leak appears to have originated in Release 11.0(10) and affects Cisco IOS software released thereafter. [CSCdi89479]

Under some circumstances, processing an SNMP Get request might result in a message similar to the following being displayed on the console: 


%SNMP-3-CPUHOG: Processing Get of lifEntry.75.34 


[CSCdi93084]




SNMP traps process can consume memory if presented with a large number of traps to deliver. [CSCdj02181]

Under unknown circumstances, the router might restart due to a Bus Error. [CSCdj02493]



 IBM Connectivity

On CIP cards, it is possible to see the adapter type from the show interface command, but this information and version information are not available from the show controller cbus command. [CSCdi26192]

In extremely rare circumstances, the router might crash while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]

The following problem has been observed in STUN/local acknowledgment scenarios involving AS/400s: The remote router expects to see an OPCODE called LINK_ESTABLISHED from the host router in order for it to transition the state from USBUSY to CONNECT. While in USBUSY state, the remote router continually sends RNR to the downstream devices. The host router will only send the OPCODE once it sees the first RR/P after a SNRM/UA exchange sequence. With other devices such as a FEP, an I-Frame can be sent prior to the RR/P, which would actually take the remote router state out of USBUSY, but the local acknowledgment states were not corresponding to the actual situation at hand. This problem was partially fixed when CSCdi65599 was fixed. Additional "checking" code was added for exceptional state cases. A workaround is to use a Cisco IOS releases that include the fix for CSCdi65599. [CSCdi61514]

You might experience connection problems with stations running NetBIOS under very old versions of DOS. The only workaround is to use the latest NetBIOS drivers available for the workstation. An indication that you might be experiencing this problem is that Windows and OS/2 stations can establish sessions properly, but your DOS-based stations cannot. [CSCdi83982]

In a QLLC environment, connection using a virtual MAC address from a pool of virtual MAC addresses might cause a connection to the wrong resource on the mainframe. [CSCdi86358]

An invalid packet might be received from the VTAM NN, resulting in the CP-CP session being torn down. [CSCdi87217]

When using NSP over DLUR, the router might leak small buffers. [CSCdi87320]

For LU0-LU0, traffic the extended BIND might contain unformatted user data fields. The NN rejects the BIND and hence the session will never start. [CSCdi87365]

Configuring the output-lsap-list command on the local Token Ring interfaces does not block broadcast traffic from a DLSw peer. The workaround is to use a filter at the DLSW level on either router or to block the traffic with an input-lsap-filter command at the remote peer. [CSCdi88593]

When running multiple, large file transfers across DLSw using FST, transport sequence errors might occur causing the job to abort. This can be seen using the show dlsw peer command. A sequence error occurs when a numbered FST (IP) packet is received by the DLSw peer and the sequence number does not match what the peer expects. [CSCdi89838]

The DLUR router might fail to establish new LU-LU sessions after encountering a rare condition during session activation and deactivation. Messages similar to the following might be displayed on the router console when attempting to start new sessions. APPN must be stopped and restarted to clear the problem:


IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5 
%APPN-0-APPNEMERG: Assertion failed in../scm/xxximndr.c at line 158 
-Process= "xxxims00", ipl= 0, pid= 58 
-Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4


[CSCdi90117]




PEER INVALID trace messages are displayed on the console. Also, in Releases 11.1 and 11.2, the session on the peer-on-demand does not come up for quite some time. [CSCdi90953]

A router configured for DSPU might crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdi91368]

The router might crash if you enter the debug source error, debug llc2, or debug local command. [CSCdi92503]

When running DLSw+ local switching from SDLC/QLLC to Token Ring/Ethernet, if the XID negotiation is delayed or ends abnormally, a memory leak might occur. [CSCdi92511]

The DLUR router might crash with a "SegV exception" or an "Illegal access to a low address" message because of a DLUR memory corruption problem. This error results from a rare condition that usually occurs when DLUR sessions are going up and down. The stack trace after the memory corruption usually indicates Mget_x. [CSCdi92947]



 Interfaces and Bridging

The show diagnostic command does not display Fast Ethernet Interface Processor port adapter information. [CSCdi33967]

A problem occurs when performing a getnext operation on the dot1dTpFdbTable in the Bridge MIB. A getnext will not retrieve a request of index + 1 and will instead return the lexicographically next index. An example of this behavior follows:



If the table has the entries with indices of 


0000.0000.0001 0000.0000.0002 0000.0000.0003 0000.0000.0005 


a getnext of 0000.0000.0002 returns the index 0000.0000.0005 because 0000.0000.0003 is the index requested + 1 


a getnext of 0000.0000.0003 returns the index 0000.0000.0005 because 0000.0000.0005 is greater than the requested index + 1. [CSCdi84559]




A problem occurs when the router is configured for Integrated Routing and Bridging (IRB). The problem affects all platforms. A bad decision in the forwarding of packets whose destination is not in the bridge table could cause the router to reload. [CSCdi92194]



 IP Routing Protocols

IGMP and PIM should support multicast addresses (for example, c000.0004.0000) as configurable options on Token Ring interfaces instead of requiring broadcast address (for example, ffff.ffff.ffff). [CSCdi83845]

Configuring OSPF NSSA (Not So Stubby Areas) might affect the way routes are redistributed into OSPF. This defect was first observed in Release 11.2(3). [CSCdi88321]

A prefix that has the "no-export" community string set from an inbound route map is incorrectly advertised to EBGP peers. A workaround is to configure a route map to set "no-export" community on the outbound side of the peering router instead. [CSCdj01351]

It is possible for memory corruption and memory leaks to occur when PIM packets are sent. [CSCdj02092]

Under certain timing-related circumstances, the use of per-user routes might cause a router to reload when the interface that caused the routes to be installed goes down. This is because both the IP background process and the per-user code attempt to remove this route. [CSCdj02347]



 ISO CLNS

If minimum-sized (or sweeping-sized) CLNS pings are performed and the CLNS source and destination addresses are very long, the system might fail. The workaround is to raise the minimum ping size to at least 63 bytes. [CSCdi91040]



 Novell IPX, XNS, and Apollo Domain

When a device running LANE is configured as a LEC, it does not acknowledge any secondary IPX networks with frame types different from the primary. The debug ipx packet command displays these received packets as "bad pkt." Only packets that arrive with the same IPX frame type as the primary IPX network on the ATM interface of the router are properly accepted. [CSCdi85215]

In a redundant IPX Enhanced IGRP network running IPX incremental SAP, the router's SAP table information might contain out-of-date information, such as the socket number if the socket number is changed from its initial advertisement. [CSCdi85953]

SPX keepalive spoofing will cease to spoof after a router has been up for 24+ days. The debug ipx spx-spoof command shows packets being skipped at the time when they should be spoofed. The only workaround is to reload the router once every three weeks. [CSCdi86079] 

XNS RIP requests for all networks causes normal periodic RIP updates to be delayed or skipped. [CSCdi90419]

When IPX incremental SAP is running, the router's SAP table might not contain all the SAPs in the network if one of it interfaces goes down and comes back up later. [CSCdi90899]

When running IPX incremental SAP, the router might not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]



 TCP/IP Host-Mode Services

A Telnet session with a nonzero number of unread input bytes cannot be cleared. [CSCdi88267]

IP packets with valid TTLs (of varying values) received on a VIP2 serial port adapter or FSIP (both on RSP2 platform) with TCP header compression are intermittently dropped. The router sends an, "ICMP Time Exceeded," message to the source. 



The show ip traffic command indicates that the ICMP Time Exceeded counter increments. 


A workaround is to turn off TCP header compression. [CSCdj01681]




 VINES

If you add a VINES static route of equal metric for an alternative path when the vines single-route command is configured, the system might reload. The workaround is to delete the static route or enter a no vines single-route command. [CSCdi92190]



 Wide-Area Networking

In certain environments, I/O and processor memory are being consumed by processes in the router, primarily the Critical Background process, and the router runs out of memory after 29 hours of operation. [CSCdi80450]

When using a 4ESS PRI to place an international call (011), the call might be rejected with the error "cause i = 0x839C - invalid number format." [CSCdi81069]

Using the command no pri-group while traffic is being passed might result in a bus error. The command might be used safely when no traffic is being passed. [CSCdi82055]

The dialer hold-queue command does not queue packets when it is used with dialer profiles. As a workaround, use the legacy DDR configuration, instead of dialer profiles. [CSCdi84272]

Random restarts because of bus errors occur at least two to three times per day. The problem might be in the DDR software. [CSCdi86765]

When TEST/XID packets are received by a LANE client, the router might crash. There is no workaround for this problem. [CSCdi90868]

Under heavy call volume, the router might not return memory to the free pool when it is no longer needed. This will eventually result in a low-memory or no-memory condition, which might manifest itself in several different error messages. [CSCdj02481]



 Caveats for Release 11.2(1) Through 11.2(3)
 This section describes possibly unexpected behavior by Release 11.2(3). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(3). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

 AppleTalk

A router will crash when an incomplete AppleTalk fast-switching cache entry is used. This happens when the cache entry is updated with another output interface and within a small timing window. There is no workaround. [CSCdi77772]



 Basic System Services

The IP named access list cannot be configured via HTTP access. The command works manually (via terminal), but there is no option to enter it via the browser page access. [CSCdi79249]

Authenticated NTP packets will be ignored. There is no workaround to this problem. [CSCdi82459]

A router configured with HTTP enabled, AAA enabled, login set to the default of local authentication, and a blank username will enter an infinite loop which will set off the watchdog timer, causing the router to reload. [CSCdi84663]

Accessing a non-existent interface and then a valid interface using ClickStart might cause the router to crash. [CSCdi87125]



 IBM Connectivity

The router crashes when you enter the show lnm station command. This might happen when there are many ring status changes, for example, when stations are added to or removed from the ring. This problem is platform independent. The workaround is to disable LNM. [CSCdi72954]

APPN alerts are currently only sent over an LU6.2 session. It is a requirement to be able to configure these alerts to be sent over a SSCP-PU NSP session. [CSCdi73663]

When running DLSw remote or local switching between QLLC/SDLC/VDLC and a Token Ring, if the Token Ring's largest frame (lf) is less than 4472, the circuit will not connect. 



The output of debug dlsw reachability or debug dlsw reachability error indicates an lf mismatch condition detected by DLSw. This condition should not be flagged as an error. The smallest lf across the entire path should be used for the circuit. [CSCdi77805] 




If a configuration session timed out or was dropped while in a command configuration mode, the next attempt to enter that configuration mode might fail, with the following message being displayed: 


The TN3270-server feature is currently being configured 


[CSCdi80173]




A router might reload when more than 125 sessions on the router are using QLLC/DLSw+ conversion. [CSCdi84896]

When a downstream PU2.0 stops by issuing a REQDISCONT to a DLUR router, the DLUR router might loop continuously, restarting the link to a downstream PU2. In this case, the DLUR router sends a corrupted packet to the host instead of a REQDACTPU. [CSCdi86769]



 Interfaces and Bridging

Kille packets when bridging on an FDDI interface receive a packet with DSAP and SSAP = 0xaaaa and length less than 21 bytes, can cause havoc. On systems running Release 11.0(9.3) or 11.1(4), the following message appears: 


CBUS-3-INTERR: Interface 6, Error (8011) 


This error occurs because bridging sees "aaaa" and assumes it is SNAP encapsulated. Because SNAP-encapsulated packets have a minimum length of 21, the bridging code subtracts 21 from the original length of the packet (20) when queuing it on the outbound interface. The result is the length of an outbound packet is -1 or 65535 bytes. This causes the SP to become confused and write over low core, causing an 8011 error. [CSCdi65953]




 IP Routing Protocols

When OSPF is configured with the default-information originate router command to generate default information, OSPF is prevented from installing the default information advertised by other OSPF routers. This causes a problem if OSPF does not really generate the default because a certain condition is not satisfied, for example, the gateway of last resort is not set. [CSCdi80474]

In very obscure cases involving equal-cost backup routes to a failing route, it is possible for Enhanced IGRP to be caught in a "stuck in active" state (self-correcting after several minutes). There is no workaround to this problem. [CSCdi81791]

OSPF can lose a neighbor periodically over a slow link when the OSPF database is refreshed, which generates many OSPF packets. There is no workaround. [CSCdi82237]

An error might occur and cause the following messages to appear:


System restarted by error - Zero Divide, PC 0x38EF0C (0x38EF0C:_igmp_report_delay(0x38eec6)+0x46)


[CSCdi83040]




When using BGP, prepending autonomous system paths using an incoming route map can cause a memory shortage in the router. The workaround is to use other methods, for example, setting the neighbor weight, to influence path selection. [CSCdi84419]

A router might advertise a combination of unicast and DVMRP routes in excess of the configured route limit (but no more that two times the limit). The workaround is to configure a lower route limit. [CSCdi85263]



 ISO CLNS

After removing a static CLNS route, ISO-IGRP prefix routes might be seen to count to infinity around a looped topology. The workaround is to use the command clns router iso-igrp domain to break the loops in the CLNS topology until the routes age out. [CSCdi78048]

CSCdi78048 introduced a bug that ISO-IGRP will not redistribute the local ISIS route. [CSCdi85861]



 Novell IPX, XNS, and Apollo Domain

NLSP links might reflect incorrect source network/node addresses in the routing tables. This does not hinder connectivity to other IPX networks when going from a Cisco device to a Cisco device. However, certain non-Cisco routers might not correctly process the incorrect address and NLSP routing might fail. [CSCdi68981]

Routers configuring for IPX Enhanced IGRP with parallel paths might reload. The workaround is to run IPX RIP. [CSCdi84739]

The ipx down network-number command might appear unexpectedly in the output of a write terminal command, and this command might be written to nonvolatile memory with the write memory command when the interface is down but you have not issued an ipx down command on that interface. There is no workaround. The unwanted command does not appear when the interface is up. If the unwanted command appears in nonvolatile memory, issue a no ipx down command followed by a write memory command when the interface is up to clear the undesired command from memory. [CSCdi85453]

IPX does not work in Release 11.2(3.2) because of CSCdi80447, which introduced a broadcast mechanism for clients on the same IPX network separated by WAN links. There is no workaround. [CSCdi85856]



 Protocol Translation

While performing TCP to X.25 protocol translation, the router might continuously try to negotiate Telnet window-size, causing high CPU utilization. [CSCdi86983]



 TCP/IP Host-Mode Services

A router will reload if TCP tries to repacketize a packet that has an invalid packet reference count. [CSCdi87175]

TCP data structure is destroyed if an RST is received while the application is half way through closing the connection. The local TCP will go into an endless loop trying to send the last FIN to its peer. A typical symptom for the problem is that the CPU usage becomes very high, and the application that is doing the close will be stuck in TCP forever. [CSCdi88063]

TCP gets into an endless ACK war with its peer, if the application on both ends has stopped reading data. A typical symptom is that CPU usage becomes very high on the router. A possible workaround for the problem is to clear the tty/vty line that owns the TCP connection in the ACK war. [CSCdi88065]



 VINES 

Routers that are connected via extremely slow links that have a large routing table, for example, a table with more than 300 entries, do not receive a full routing update before the reassembly timer expires. The symptom is that routes repeatedly appear and then age out. The workaround is add access lists to eliminate some of the unneeded routes. [CSCdi79355]



 Wide-Area Networking

The output hold queue holds all buffers that are being kept in output queue because of traffic shaping. This slows down traffic for other VCs, causing the traffic to traverse the complete queue before it can leave the system. [CSCdi74940]

Dial-on-demand (DDR) load balancing does not forward packets correctly when the system dials out via the dialer load-threshold command and more than one remote device is connected by either dial-out or dial-in. This problem typically occurs on a PRI with dialer load threshold configured, but might also occur on BRI or multiple DDR interfaces in a dialer rotary group when more than one remote device is connected. As a workaround, remove the dialer load-threshold command. [CSCdi76324]

IPX fast switching with multiple route paths over multiple ATM/LANE interfaces/subinterfaces might cause random system reloads. The workaround is to use only one ATM/LANE IPX path, set ipx maximum-paths 1, or use ipx per-host-load-share to force only one interface to be used. [CSCdi77259]

The output of the show version might indicate that the system was restarted because of a bus error at PC 0x2227A8F6, address 0xD0D0D39, when there is no apparent cause for the reload. [CSCdi83848]



 Caveats for Release 11.2(1) Through 11.2(2)
 This section describes possibly unexpected behavior by Release 11.2(2). Unless otherwise noted, these caveats apply to Release 11.2, up to and including 11.2(2). The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(2), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
 All the caveats listed in this section are resolved in Releases 11.2(3).

 Basic System Services

In cases where an accountable task has a duration shorter than the time required to contact the TACACS+ accounting server, the stop record might be discarded without being transmitted to the server. [CSCdi70312]

A device with RMON enabled might reload if free memory gets too low. [CSCdi74278]

You might experience router reload after seeing the following message: 


%SYS-3-TIMERNEG: Cannot start timer (0x1E4388) with negative offset (-495928). 
-Process= "Per-minute Jobs", ipl= 0, pid= 37 
-Traceback= 22157D7A 22154320 221A17EA 2215F45C 2213E074 


High CPU utilization might be seen prior to the message and reload event. [CSCdi76126]




 IBM Connectivity

QLLC devices that are connected through a router using QLLC/LLC2 conversion might occasionally experience poor response time. [CSCdi44923]

In a parallel SDLLC network, the ACTPU RSP is never received by the host. [CSCdi55142]

QLLC DLSw cannot reconnect after a failure. The following assert message is displayed:


%CLS-3-CLSFAIL: CLS: Assertion failed: file "../srt/qllc.c", line 4352 !"QSapAddCepFailed"


[CSCdi64840]




Data-link switching (DLSw) sometimes cannot handle disconnects being issued by two stations that are in session if the stations have a requirement to reestablish a session in less than three seconds. The first disconnect is answered with a UA message but the second is not responded to until the station resends the disconnect message (DISC). After the DISC is resent, a DM message is sent to answer. [CSCdi73204]

When many sessions are created and then torn down over an ISR network, a memory leak might occur in the router. [CSCdi73676]

DLSw+ backup peers continue to accept new connections after the primary link is restored. This continues until the backup link is torn down when the linger time expires. [CSCdi73864]

When running APPN over RSRB virtual stations where RSRB local acknowledgment is being used, the secondary station might hang upon sending data. The most common symptom is that only one of the two CP-CP sessions becomes active with the partner node. [CSCdi74906]

If SNA/DSPU receives a RECFMS frame that contains control vectors and the RECFMS cannot be forwarded to the focal point host for any reason (for instance, the focal point is inactive), the negative response sent by DSPU causes the router to display the BADSHARE error and deactivate the connection. [CSCdi76030]

If a BIND request is received before the Notify response has arrived, DSPU will reject the BIND request with sense code 0x80050000. [CSCdi76085]

When two or more FEPs at a central site, each with the same TIC address, are connected to a different Token Ring and a different DLSw peer router, a remote SDLC attached PU2.0 device will not establish a session to the backup FEP if the first is taken offline. This problem does not affect PU2.1 devices. [CSCdi76575]

When using DLSw+ to communicate with non-Cisco devices, the Cisco platform might not deal with incoming transport keepalive packets in an appropriate manner. [CSCdi78202]

When stun remote-peer-keepalive is enabled in a locally acknowledged STUN-over-Frame Relay configuration, STUN peers constantly reset due to incorrect handling of STUN keepalives. [CSCdi78480]

After SDLC sends 3 XID NULLs upstream to a host and receives no response, SDLC stops sending the XID NULLs and the SDLC device will never connect. This condition can occur if the remote peer connection is down because of a WAN connectivity outage or because the host or server is inactive and does not respond to XIDs. To clear this condition, remove the sdlc address address command from the configuration and then reconfigure this command on the SDLC interface. [CSCdi79498]



 Interfaces and Bridging

When IP routing is configured on an ISL subinterface, the extra 26-byte ISL header reduces the maximum IP packet size that can be sent over the ISL subinterface from 1500 to 1498 bytes, 2 bytes less than the normal size. This problem is a result of the fix for CSCdi39484. [CSCdi71140]

If transparent bridging and an IP address are configured on a VIP FastEthernet or Ethernet interface, duplicate packets might occur on LANs directly connected to the VIP interface. In particular, unicast DODIP packets between two workstations on a segment on which the VIP2 interface is attached can be incorrectly duplicated by the router. Duplicate packets can also occur when running bridging and any other protocol in this type of configuration. 



In addition, if VIP Ethernet is used with multiple unicast protocols such as HSRP, packet duplication can occur on the LAN segment. These problems can significantly degrade RSP performance. If your configuration is listed here, obtain a maintenance release that corrects this problem. [CSCdi71856]




Under certain conditions Spanning-Tree Protocol can cause a memory leak. The symptom is small buffers being created but not released. (Created count rises but the Trims count does not in the show buffer. Also, show memory indicates that the memory available is being reduced. [CSCdi72783]



 IP Routing Protocols

A problem occurs when a router with a single interface is running OSPF as a broadcast/nonbroadcast network. If the single interface is shut down and is brought back up within a five-second interval, a rare condition is created that causes the router to crash (or spurious access). The crash occurs if you are running Release 11.2. In previous releases, this bug causes spurious access. [CSCdi74044]

Configuring RSVP over an interface without configuring UDP encapsulation for RSVP can result in memory leaks. 



The workaround is to configure RSVP-UDP encapsulation for all RSVP-enabled interfaces. [CSCdi74212]




If the OSPF demand circuit feature is enabled over an interface which is protocol down, the router will crash. [CSCdi74862]



 ISO CLNS

If an interface is down when it is configured as passive for IS-IS, it will not be advertised in IS-IS link state packets when the interface comes up. The workaround is to unconfigure the interface and then reconfigure it as passive after it is up. [CSCdi76431]



 Novell IPX, XNS, and Apollo Domain

NLSP might reflood LSP fragments unnecessarily, including both changed and unchanged fragments. Typically this is not a problem on LAN circuits. However, this can present bandwidth-related problems on low-speed WAN circuits, especially as the size of the network increases. 



The flooding behavior masks a problem where services might be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third-party routers are present on the same link. [CSCdi74487]




VPDN uses loopback interfaces, but IPX and SPX spoofing are not allowed on loopback interfaces. [CSCdi76227]



 TCP/IP Host-Mode Services

Non-TCP reverse connections to lines might corrupt memory, resulting in a software-forced crash. This problem was introduced starting in Releases 10.3(15.1), 11.0(11.1), and 11.1(6.1). [CSCdi79310]



 VINES

VINES broadcast packets are forwarded away from the source. If the immediate router toward the source of a broadcast packet has a neighbor entry but no associated path, the system might halt. This kind of dangling route is rare and is considered to be a timing-related issue. [CSCdi75345]



 Wide-Area Networking

The VIP2 might crash with a context dump that shows register $0 = 0xffffffff. The cause register and S registers might also contain 0xffffffff. The register content reflects the fact that the VIP2 is experiencing a fatal CyBus or PCI bus error and the context for the processor has not been fully saved. A workaround that allows viewing of the PCI bus or CyBus error is available on a case-by-case basis by using an undocumented, not fully supported feature of the VIP2. The fix for this problem allows the fatal error to be displayed on the RSP console. [CSCdi66567]

Some ISDN PRI NET5 switches might send a Restart message with either an invalid or an unused B channel. The router should answer the Restart message with a Restart Acknowledge message for the valid B channels. If the router does not answer the Restart message, the switch might place the ISDN PRI interface "out-of-service." [CSCdi70399]

Routers are not able to detect VINES servers on LANE interfaces. [CSCdi72706]

The smallest Receive block size announced by the router is 64064 instead of 1498 as it is for Ethernet. This results in a negative smallest router blocksize reported by the show decnet interface command, and in routing problems with DEC systems. These routing problems do not appear with Cisco devices used as end nodes. [CSCdi74046]

Half-bridging of IP on DDR interfaces is broken. The symptom of this problem is that the remote devices on the bridged segment do not receive a valid reply from their ARPs to the router that is configured for IP half-bridging. [CSCdi74185]

Half-bridging of IP over dialer interfaces associated with Dialer Profile feature is broken. The symptom is the inability of remote devices in the bridged domain to communicate with devices in the routed domain. The communication failure appears to be caused by the dialer interface failing to use a valid MAC address to answer ARP requests. [CSCdi74195]

After a number of days, PRI calls might be dropped and high ISDN CPU utilization might be seen. There might be some discrepancy between show dialer, which indicates free B channels available, and show isdn service, which shows all channels busy. Ultimately, a software-forced crash occurs. [CSCdi75167]

IPX routing might stop working because the router cannot find any servers. This might happen because the ipx network command is parsed before LANE commands so that, after a reload, the system reports "IPX encapsulation not allowed on ATM." [CSCdi75283]

When two routers are connected to the same destination, outbound IP fast switching on dialer interfaces does not work on the more recently connected interface. The workaround is to turn off fast switching on the DDR interfaces using the no ip route-cache command. [CSCdi75490]

At system boot-up time the following message might appear:


%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0). 
-Process= "

This message means Frame Relay Inverse ARP packets are received before the InARP input queue is initialized. 


This condition is harmless, but if InARP input queue is initialized later, you will not see this message except at the boot-up time. Frame Relay In ARP function will not be affected. [CSCdi75843]




The negotiation of a PPP Callback option, passing a dial string or E.164 number, will fail due to a defect introduced into Releases 11.2(1.4), 11.1(7.1), 11.2(1.4)P, and 11.0(12.1). The negotiation will appear to complete successfully, but the callback will not succeed. The failure can be seen if debug ppp negotiation is set. The callback option will be marked "acked," but there will typically be nonsensical output on the debug line between "allocated" and "acked," for example, "PPP Callback string allocated ^]" acked." There is no workaround for this defect. [CSCdi77739]



 Caveats for Release 11.2(1)
 This section describes possibly unexpected behavior by Release 11.2(1). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(1). For additional caveats applicable to Release 11.2(1), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
 All the caveats listed in this section are resolved in release 11.2(2).

 AppleTalk

There has been a request for additional debugging messages for the arap logging command. The requested command is arap logging debug-extensions, which enables seven advanced debugging messages in addition to the traditional ARAP logging messages. [CSCdi68276]

AppleTalk domains do not operate correctly when configured on subinterfaces. The domain properties will be applied to the main interface rather than its subinterface(s). The workaround is to disable AppleTalk fast switching. [CSCdi69886]



 Basic System Services

Multiple simultaneous copy operations to the Flash devices on a Cisco 7500 router (bootflash:, slot0:, and slot1:) will cause the router to crash. This only happens when more than one user is logged in to the router (for example, one at the console, and one via Telnet) and both are trying to perform a copy tftp flash at the same time. This is true even if the two users are trying to write to different devices. [CSCdi50888]

On some devices, SNMP GetNext requests performed on the Cisco Discovery Protocol MIB (CISCO-CDP-MIB) can cause the device to pause for an extended length of time. [CSCdi69892]

AAA authorization and accounting transactions to the TACACS+ server can be delayed by nine seconds if the IP address of the TACACS+ server does not exist in the local host table and DNS is not configured on the router. 



To resolve this problem, do at least one of the following: 



Add no ip domain-lookup to the configuration.

Add the IP address of the TACACS+ server to the local host table. 


Whenever the router needs to establish a connection to your TACACS+ server, it will attempt to look up your server's IP addresses. [CSCdi70032]




If a new MIP channel group is added after a microcode reload has been performed, the system must be rebooted to ensure correct operation. [CSCdi70909]

The fix for defect CSCdi51882 causes a problem in standard SunOS/Solaris Telnet servers. If the NAWS option is mistakenly sent, the Telnet server hangs instead of ignoring NAWS. This problem only affects Releases 11.0(10.3) through 11.0(11.3), 11.1(6.1) through 11.1(6.4), and 11.2(0.24) through 11.2(1.2). [CSCdi71067]



 DECnet

DECnet might fail to work properly when using an area number of 63 for L2 routers. The symptoms are being unable to ping (DECnet) between two area routers, one of which is using area 63.x, and having the show dec command report that the "attached" flag is false even though the show dec route command shows routes to it. The workaround is to use the decnet attach override command to force the router into an attached state. This command is available in Releases 10.2(7.3), 10.3(4.4), 11.0(0.13), and all versions of Release 11.1 and higher. [CSCdi69247]



 IBM Connectivity

With Release 11.0 and a direct Escon-attached CIP, the host might "box" the CIP if the router is reloaded without the CIP being varied offline. This problem has not been seen with CIPs connected through a director or if the CIP is taken offline before the router is reloaded. The workaround is to vary the device offline before reloading the router. [CSCdi59440]

When the PS/2 Link Station Role is configured as Negotiable, the XID(3) Negotiation might not complete. The workaround is to configure the PS/2 Link Station Role as Secondary. [CSCdi60999]

When running CIP SNA over DLSw, the LLC2 control blocks might not get freed even when the LLC2 session is lost and the DLSw circuit is gone. The workaround is to reload the router. [CSCdi62627]

The router crashes when NSP is configured and is trying to connect back to the owning host. [CSCdi69231]

A router interface operating in an SDLC secondary role will not respond to TEST P. [CSCdi70562]

When using DLSw FST, end-user sessions might not switch over to an alternate LAN or peer path after a connectivity failure. [CSCdi70709]

A defect introduced by the fix for defect CSCdi69231 might cause NSP to stop working. The releases affected are 11.0(11.2), 11.1(6.2), and 11.2(1.1). The following messages might be displayed when NSP stops working: "SNA: Connection to Focal Point SSCP lost" and "SNA: MV_SendVector rc = 8001." [CSCdi72696]



 Interfaces and Bridging

When you perform buffer changes on a serial interface with SMDS encapsulation, the changes are not recognized after a reload. [CSCdi62516]

The source-bridge ring-number command allows you to configure a ring-number mismatch. The workaround is to make sure that all bridge devices on a ring use the same ring number. [CSCdi63700]

The LAN extension interface does not function correctly. The behavior is that the LAN extension NCP negotiates and sets the LAN extension interface state to "up" and the show controller lex number command displays the message "No inventory message received from LAN Extender." Turning on the LAN extension RCMD debugging shows that every remote command is being rejected with the message "LEX-RCMD: encapsulation failure." There is no workaround. [CSCdi66478]

Small and middle buffers leak when transparent bridging on ATM is enabled. [CSCdi69237]

When using the custom-queuing feature in conjunction with payload compression on HDLC or Frame Relay encapsulations, traffic regarded as "low-priority" by custom queuing might be passed uncompressed. This results in lower-than-expected compression ratios. [CSCdi71367]

When integrated routing and bridging (IRB) is configured, packets less than 60 bytes in size sourced by the BVI interface and going out an ATM bridged interface become runt Ethernet packets without padding inside the RFC 1483 header. [CSCdi71614]



 IP Routing Protocols

IPX Enhanced IGRP updates do not propagate if the MTU size is less than the IPX Enhanced IGRP packet size. [CSCdi65486]

When a primary active router that has gone down comes back up, it is possible that both routers might forward packets instead of just the primary router. [CSCdi70693]

When a virtual link is configured in OSPF, the adjacency over the virtual link will continue to flap if only one of the end-points of the virtual link is running an OSPF DC-capable (Release 11.2) image. 



There is no problem if both end-points are running OSPF DC-capable images or both end-points are running OSPF non-DC-capable images. There is no workaround. [CSCdi71021]




The system suffers a gradual loss of free memory whenever ip sd listen or ip sdr listen are enabled. [CSCdi72863]

It is possible for use of the DNS Name Service for alias lookups to cause the router to reload. Lookups of canonical names do not exhibit this problem. [CSCdi73022]



 Novell IPX, XNS, and Apollo Domain

If SPX spoofing fails to send a keepalive, a traceback message will be display on the system console. [CSCdi69062]

The IPX interface command no ipx route-cache has no effect on the router if an IPX network is not already configured on the interface. Normally, this command should disable fast switching on the interface as well as all its subinterfaces even though the primary interface has no IPX network configured. [CSCdi69726]

High-end Cisco routers might send XNS RIP update packets too quickly for older hosts to receive. A new global command xns rip-delay will be added to increase the interframe gap to at least 1 ms between XNS/RIP update packets. [CSCdi70357]



 TCP/IP Host-Mode Services

RSH commands executed to the router without a controlling shell return only the first 1608 bytes of data. [CSCdi69424]

The system might reload when doing DNS name validation.The fix of defects CSCdi66910 and CSCdi71158 introduced this defect. There is no workaround. [CSCdi70707]



 Wide-Area Networking

In certain circumstances, the router might reload if a dialer interface (ISDN/Serial/Async) is used for load-backup or failure-backup along with an IPX routing protocol like RIP/Enhanced IGRP and the primary and the backup interface are active. This is usually noticed immediately after the dialer interface connects. [CSCdi61504]

The VIP/VIP2 IPC overlaps some TX accumulators and makes those accumulators spurious. Those accumulators are not used until the number of interfaces is more than 20. [CSCdi67842]

A reload might be required when running multilink PPP and dialer profiles. Do not enter the ppp multilink command on an interface that has either dialer pool x or dialer pool-member y configured. [CSCdi69131]

Under certain circumstances, routers hang while executing show vpdn. [CSCdi70008]

Using TACACS+ with dialback over a rotary group causes the authorization to fail for the user when the callback script aborts or finishes incorrectly, so failover to another line of the rotary occurs. The call is made, but an internal error occurs when debugging TACACS+. [CSCdi70549]

Some IPX clients, including Windows 95, change their IPX node number on every connection. This means in a DDR environment it is impossible to create a static dialer map for a dialin Windows 95 IPX client. The workaround is to create a dynamic dialer map for IPX when a client authenticates and provides its IPX node number. [CSCdi70873] 

ISDN BRI routers might have problems bringing up multiple B channels to the same destination. The router and PBX might also get into a Layer 3 state mismatch and continuously exchange Layer 3 messages. [CSCdi71333]



 Cisco Connection Online
 CCO is Cisco Systems' primary, real-time support channel. SMARTnet customers and partners can self-register on CCO to obtain additional content and services.

Note If you purchased your product from a reseller, you can access CCO as a guest. Your reseller offers programs that include direct access to CCO's services.

 Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
 CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously--a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
 You can access CCO in the following ways:

WWW:  http://www.cisco.com.

WWW:  http://www-europe.cisco.com.

WWW:  http://www-china.cisco.com.

Telnet:  cco.cisco.com.

Modem:  From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and baud rates up to 14.4 kbps.


 For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

Note If you need technical assistance with a Cisco product that is under warranty or covered by a Cisco maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. 

 Please use CCO to obtain general information about Cisco Systems, Cisco products, or upgrades. If CCO is not accessible, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.

 Documentation CD-ROM 
 Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.