Release Notes for the Cisco AS5200 and AS5100 for Cisco IOS Release 11.2

• A router configured with more than one attached NSSA area will crash after processing type 7 (NSSA) LSA updates.

The workaround is to avoid configuring a router with more than one attached NSSA area. [CSCdj37551]

• EIGRP failed to advertise a directly connected network. [CSCdj37728]

• If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]

• If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]

• After the aggregate-address summary-only command is configured, issuing the same command without summary-only will not unsuppress the specifics of the aggregate.

A workaround is to negate the whole aggregate-address command first. [CSCdj42066]

ISO CLNS

• If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]

• A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem was a result of the node being deleted and freed in the middle of tree walk. This is an Intermediate System to Intermediate System (using AVL tree) specific problem. [CSCdj18685]

Novell IPX, XNS, and Apollo Domain

• Adding XNS back into a router's configuration after it has been removed might cause a system to restart by bus error. This might only be a one-time event if it occurs at all. [CSCdj16694]

Wide-Area Networking

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should be also configured on the serial interface to achieve effective traffic prioritization. [CSCdi52067]

• When configuring PVCs on the AIP, you might observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)

%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface might bounce once or continually bounce during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined only for that DLCI only will fail. [CSCdj11056]

• A router might randomly and intermittently reload because of an MTU mismatch and generate system error messages similar to the following:

%SYS-3-OVERRUN: Block overrun at 4029DEA8 (redzone 743D3334) [CSCdj19105]

• Although a router configured for HSRP on LANE replies correctly with the HSRP MAC address in an ARP reply, all packets issued by the router with a virtual IP address use the BIA MAC address as the source address. This makes it difficult for switches to know the forwarding port. [CSCdj28865]

• The BREAK sequence might not be received properly on platforms that use the Cirrus Logic asynchronous controllers. This includes the Cisco AS5100 and AS5200. You might have to send the BREAK sequence multiple times before it is interpreted correctly. [CSCdj32121]

• When you configure dial-backup in a Legacy DDR environment, the primary link does not take over and does not clear the ISDN backup link whenever the kickout-load is reached on the primary interface. This works well in a dialer-profile or in a rotary-group environment. [CSCdj33786]

• When a dialer-profile is in standby mode, backing up a serial interface with the backup interface dialer command still allows incoming calls to this profile. Because the profile is in standby-mode this behavior should not be possible. [CSCdj34108]

• Configuration of a dialer interface for load backup (either with dialer profiles or legacy rotaries) could give rise to a flapping ISDN connection. This problem occurs especially when the bandwidth configured on the primary is less than the one on the dialer interface. [CSCdj39723]

• There is a problem with dialer profiles and the dialer load-threshold command in Cisco IOS Release 11.2. The options either and inbound in the dialer load-threshold command do not work when configured under a dialer interface.

A workaround is to duplicate the dialer load configuration from the dialer profile interface on the ISDN interface. [CSCdj40125]

Caveats for Release 11.2(1) Through 11.2(8)

This section describes possibly unexpected behavior by Cisco IOS Release 11.2(8). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(8). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• A reload might occur if the command show modem slot/modem-port is issued when the associated modem is in the autoconfigure mode. Autoconfigure mode is normally a short interval during which the modem is reset and reinitialized by the modem autoconfigure command. [CSCdj17224]

• If both controller T1 interfaces of an AS5200 are configured for robbed bit signaling, but controller T1 0 is configured for type E&M-fgd signaling and controller T1 1 is configured for type fxs-ground-start signaling, controller T1 0 might busy-out (signal offhook) many or all channels. The busy-out signal renders modem access unreliable or nonexistent. [CSCdj19284]

• Under rare circumstances, a Cisco AS5200 might crash after displaying either a "%SYS-2-BLOCK" or "%SYS-2-BLOCKHUNG" message. [CSCdj30206]

AppleTalk

• When using ARAP 2.1 on routers running Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• When using the ARAP client 2.1, the user will not be able to dial in to an AS5200 with Cisco IOS Release 11.1 if the AS5200 has autoselect configured.

To work around this problem, do one of the following:

• Remove autoselect and use ARAP dedicated.

• Use the ARAP 2.0.1 client instead.

• Turn on MNP10 on the ARAP 2.1 client.

• Modify the client CCL script to extend the pause to 3 seconds before exiting.

[CSCdj09817]

Basic System Services

• The router might reload when trying to process the show accounting command. [CSCdi69364]

• In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• Fast switching and optimum switching counters should be broken out separately in the output of the show interface switching command. [CSCdi87008]

• In certain cases of high netflow switched traffic, performance could drop off steeply. [CSCdi91872]

• Connected routes stay in the routing table when a card is disabled and in an analyzed wedged state. There is no workaround. [CSCdj08355]

• When a router is configured with the command ip identd and with aaa authentication login default tacacs+ enable the router will reload itself under these conditions:

  • Router is resolving host names via an external DNS server.

  • TACACS server is down.

  • User gains access to the router via the backup "enable" method.

  • User attempts to Telnet from the router to a host on the network.

After the Telnet is initiated, the router will immediately reload.

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default). [CSCdj19961]

• When formatting boot flash type A7, A6, or AA, boot Flash devices will not be recognized.

To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix, then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20651]

• During a boot Flash format, systems with earlier release images will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).

To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix, and then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20681]

• After extended use, a Cisco AS5200 might begin to report MALLOC failures. The output of the show memory command indicates a possible leak of ppp auth buffers. [CSCdj22107]

• A router might experience an unexpected system reload while creating core dumps and issuing the write route-core command on a tftp server. [CSCdj28213]

• On RSP-based platforms, the following error might occur, indicating a problem with a hardware enqueue:

%RSP-2-QAERROR: reused or zero link error, write at addr 00C0 (QA) log 2600C040, data 00070000 00000000

This message might be followed by the following error and a crash:

Unexpected exception, CPU signal 10, PC = 0x601C4658

This message is caused by a memory access problem in the diagnostic code handling the original QA error. [CSCdj29751]

IBM Connectivity

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]

• On a router running Cisco IOS Release 11.2, Enhanced IGRP fails to connect fully to other Enhanced IGRP routers across a single Token Ring interface, when source-route bridging is configured on the interface but source bridge spanning is not enabled. The workaround is to enable source bridge spanning on the Token Ring interface. [CSCdi70297]

• A bus error occurred at PC0x169a46. The stack trace indicates a problem in the LNX process. This problem occurs on X.25. [CSCdi73516]

• QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]

• Source-route translational bridging corrupts, packets when configured for the fast SR/TLB feature. The workaround is to issue the no source-bridge fastswitch ring-group fastswitch command. [CSCdi87612]

• The router might reload unexpectedly with a stack trace pointing to llc2_timer. [CSCdj21370]

• DLSw local-switching from VDLC to LLC media does not work correctly in Cisco IOS Release 11.2. [CSCdj28900]

• A DLUR router might reject unbind requests from the host if it has not received a bind response from the downstream LU.

If the downstream device never responds to the outstanding bind, the DLUR router will wait indefinitely and not free the lfsid. This might cause a situation in which the host tries to reuse an lfsid after it has sent an unbind request, but the DLUR rejects the new bind request because it believes that this lfsid is in use. If the host continuously tries to use this lfsid which the DLUR believes is in use, then no new sessions can be established. This problem occurs only when the downstream device does not respond to a bind request. [CSCdj30386]

• Sometimes the link stations might get stuck in a XIDSENT state when an APPN link station fails and recovery is attempted.

DDTSCSCdi77040 provides a fix for this problem in the system side. This DDTS provides the corresponding fix for APPN. [CSCdj30552]

• The IP SNMP process on a DLUR router might leak processor memory when executing the DLUR MIB. This memory leak might eventually cause the router to run out of memory and crash. A leak occurs every time the DLUR MIB is run. The workaround is to not execute the DLUR MIB. [CSCdj31236]

Interfaces and Bridging

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• Removing channel groups might cause routers to reload with the message "restarted by error - an arithmetic exception." [CSCdj16862]

• An RSP2 router configured with a Fast Ethernet interface and a slow-speed serial interface might experience output packet drops on the serial interface, with incoming traffic on the Fast-Ethernet interface. This problem occurs even with less traffic, such as during a regular ping.

To work around this problem, disable fast switching on the serial interface. [CSCdj17962]

• Using the encapsulation fddi command without bridging enabled on a VIP2/FDDI and FIP in RSP causes the interface to bridge transparently.

The encapsulation fddi command should only be used with bridging enabled. The workaround is to use the no bridge-group 1 command to disable bridging. [CSCdj24479]

• The pos specify-s1s0 and pos specify-c2 POS interface specific configuration commands do not work correctly. [CSCdj25166]

• The router will not respond to ARPs correctly when bridging IP on a channelized T1 interface. Therefore, Telnets to and from the router will fail. [CSCdj31285]

IP Routing Protocols

• When two virtual links are connected between two points and the interface chosen as the best virtual link is shut down, connectivity will be lost to all routers accessible through this link. [CSCdi71740]

• On a Cisco AS5200, messages of this type might appear on the console:

*Feb 28 19:36:08.595 EST:

%SCHED-3-THRASHING: Process thrashing on watched queue 'IP Packets' (count 36).

-Process= "IP Input", ipl= 6, pid= 14

-Traceback= 22160B0A 22160DB6 221A095E

[CSCdj15244]

• A router might crash after the fifth EIGRP process is configured. CSCdi36031 is a related caveat. [CSCdj17508]

• Although encryption of multicast is explicitly not supported, there is not currently a means to prevent the crypto map from being bound to an access list that would permit multicast/broadcast packets. For example, since OSPF uses well-known multicast addresses 224.0.0.5 and 224.0.0.6, if the access list contains the keyword any without blocking class D addresses, the router will attempt to encrypt the OSPF LSA and subsequently crash.

The workaround is to use a supported configuration in which the access lists bound to the crypto map deny multicast. Then configure OSPF to run unicast either by GRE tunneling or by manually defining all neighbors. [CSCdj18464]

• When a router receives a PATH message that has only a Guaranteed Service fragment (no Controlled Load fragment), it can cause the router to reload.

The workaround is to send a PATH message that has both Guaranteed Service and Controlled Load fragments. [CSCdj30274]

• The router sends blasts of updates to the upstream router, which is a SPARC station running MROUTED. The SPARC station cannot handle these update blasts and will drop some DVMRP updates. The router needs to stagger these DVMRP routes. [CSCdj31786]

ISO CLNS

• If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in Intermediate System-to-Intermediate System. A workaround is to number the interface. [CSCdi60673]

• A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem was a result of the node being deleted and freed in the middle of the tree walk. This is an Intermediate System-to-Intermediate System (using AVL tree) specific problem. [CSCdj18685]

• CLNS fast switching is not working between PVCs defined on ATM subinterfaces. [CSCdj23817]

Novell IPX, XNS, and Apollo Domain

• When upgrading from Cisco IOS Release 10.3(7) on a Cisco 4700 router, an IPX EIGRP memory leak might occur when introducing Frame Relay on subinterfaces. The IPX EIGRP is increasing in the same quantity as the free memory is decreasing. [CSCdi62135]

• Adding XNS back into a router's configuration after it has been removed can cause a system to restart by bus error. This might only be a one time event if it occurs at all. [CSCdj16694]

• Login takes a long time when traversing a router using the Microsoft 32-bit NDS client. The problem does not appear to be related to the Novell or Microsoft clients. [CSCdj25785]

• IPX fast switching might fail over a PRI interface, resulting in IPX client connections not being established over the PRI even though the IPX servers are visible. The workaround is to configure no ipx route-cache on the PRI interface. [CSCdj29133]

• XNS does not learn the new non-canonical format of Token Ring MAC addresses. It retains the old canonical format address for its node address. This would cause routing failure. The workaround is to disable and reenable XNS network on all the Token Ring interfaces. This affects only RSP platforms and when you upgrade an XNS configured router from a version that has the bug CSCdi48110 to a version that has this bug fixed. [CSCdj29916]

TN3270

• International (8-bit) characters will not echo when using TN3270. [CSCdj22231]

Wide-Area Networking

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should be also configured on the serial interface to achieve effective traffic prioritization. [CSCdi52067]

• When configuring PVCs on the AIP, you might observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC) 

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• There is a problem that only affects the PPP reliable protocol. No other protocols are affected, such as HDLC. [CSCdi70242]

• The "%SYS-2-GETBUF" error message might appear. [CSCdi92482]

• A virtual access interface does not inherit the username from its parent interfaces when it hosts a PPP multilink session. Therefore, the show user command does not display the username associated with a virtual access interface, and SLIPON requests in Extended TACACS do not contain the username, resulting in possible authentication failures with Extended TACACS. [CSCdj04600]

• A BRI interface with Frame Relay encapsulation configured does not behave correctly. A call stays up for some seconds, LMI messages are exchanged, and as soon as the DLCI goes from INACTIVE to DELETED, the BRI is physically reset. Therefore, it is impossible to use Frame Relay over ISDN. [CSCdj09661]

• When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface will either bounce once or continually bounce at every subsequent LMI full status reports--depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

Normally, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up but traffic destined only for that DLCI will fail. [CSCdj11056]

• Dynamic DLCI mappings might inadvertently remain mapped after switched virtual circuit teardown, as can be seen using the command show frame-relay map. [CSCdj11851]

• When a router receives a valid Frame Relay Setup message while the local SVC's map-class is not yet properly configured, the router crashes. The crash point and the stack trace might be like one of the following:

Current PC: 0x90F61C[bcopy(0x90f56c)+0xb0] FP: 0xCC65C4[_etext(0x96f3ec)+0x3571d8] RA: 0x5E1EF2[_fr_svc_send_msg_to_nli(0x5e1eca)+0x28] FP: 0xCC65E8[_etext(0x96f3ec)+0x3571fc] RA: 0x5DD98C[_FRU0_Setup(0x5dd8e2)+0xaa] FP: 0xCC6620[_etext(0x96f3ec)+0x357234] RA: 0x5DD894[_svc_process_l3_event(0x5dd786)+0x10e] FP: 0xCC6664[_etext(0x96f3ec)+0x357278] RA: 0x5DA17A[_l3_ie_parse(0x5d9d32)+0x448] FP: 0xCC66A4[_etext(0x96f3ec)+0x3572b8] RA: 0x5D9B84[_l3_ie_parse_process(0x5d9b14)+0x70] FP: 0xCC66C0[_etext(0x96f3ec)+0x3572d4] RA: 0x1CC372[_process_hari_kari(0x1cc372)+0x0]

Current PC: 0x5E1D8E[_fr_svc_call_id_to_nli(0x5e1cf0)+0x9e] FP: 0xCC5CCC[_etext(0x970900)+0x3553cc] RA: 0x5E2176[_fr_svc_send_msg_to_nli(0x5e214e)+0x28] FP: 0xCC5CF0[_etext(0x970900)+0x3553f0] RA: 0x5DDC10[_FRU0_Setup(0x5ddb66)+0xaa] FP: 0xCC5D28[_etext(0x970900)+0x355428] RA: 0x5DDB18[_svc_process_l3_event(0x5dda0a)+0x10e] FP: 0xCC5D6C[_etext(0x970900)+0x35546c] RA: 0x5DA3FE[_l3_ie_parse(0x5d9fb6)+0x448] FP: 0xCC5DAC[_etext(0x970900)+0x3554ac] RA: 0x5D9E08[_l3_ie_parse_process(0x5d9d98)+0x70] FP: 0xCC5DC8[_etext(0x970900)+0x3554c8] RA: 0x1CC3BA[_process_hari_kari(0x1cc3ba)+0x0] [CSCdj13019]

• The system might reload if two dialer string commands are configured on an ISDN PRI or BRI, dialer, asynchronous dialer in-band, or serial dialer in-band interface. Two dialer string configurations are invalid.

The workaround is to remove one of the dialer string commands using the no dialer string abcd command. If you need to use a different dialer string, make sure you remove the existing dialer string before adding another. [CSCdj14387]

• Under high CPU load, it is possible for the number of active calls and the number of available B channels displayed by the show isdn status command to be incorrect.

See also the duplicates of this bug: CSCdj23944, CSCdj27419, CSCdj15811, CSCdi82010 and CSCdj28147. [CSCdj18895]

• A router might randomly and intermittently reload because of an MTU mismatch and generate system error messages similar to the following:

%SYS-3-OVERRUN: Block overrun at 4029DEA8 (redzone 743D3334) [CSCdj19105]

• Crashes are being experienced on a Cisco AS5200 running Cisco IOS Release 11.2(6)P in an evaluation field test. At the time of the crash, there were a few PPP connections on the NAS and no other activity.

Output from the show stacks command looks like this:

Minimum process stacks: 
Free/Size Name 
1824/2000 Reset ipc queue 
1352/2000 Router Init 
2680/4000 Init 
1692/2000 MAI Action Process 
Interrupt level stacks: 
Level Called Unused/Size Name 
1 607 1560/2000 CL-CD2430 transmit interrupts 
2 338 1580/2000 CL-CD2430 receive interrupts 
3 2 1968/2000 Serial interface state change interrupt 
4 825 1560/2000 Network interfaces 
5 5854 1896/2000 Console Uart 
6 5 1848/2000 DSX1 interface 
System was restarted by bus error at PC 0x22260F78, address 0x801C12BA 5200 Software (C5200-IS-L), Version 11.2(6)P, SHARED PLATFORM, RELEASE SOFTWARE) 

[CSCdj23090]

• Although a router configured for HSRP on LANE replies correctly with the HSRP MAC address in an ARP reply, all packets issued by the router with a virtual IP address use the BIA MAC address as the source address. This makes it difficult for switches to know the forwarding port. [CSCdj28865]

Use of IPX with very large packet sizes might result in a memory leak when transmitting packets via PPP multilink. [CSCdj29387]

Caveats for Release 11.2(1) Through 11.2(7)

This section describes possibly unexpected behavior by Release 11.2(7). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(7). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• While running at high load, a Cisco AS5200 might sometimes crash with the following stack trace:

0x22142aa8:_validblock(0x2202e76c+0x11433c)+0x0 0x22329778:_dual_rdbdelete(0x2202e76c+0x2faf1a)+0xf2 0x223297f0:_dual_zapdrdb(0x2202e76c+0x2fb032)+0x52 0x2232bd3c:_dual_rdbclear(0x2202e76c+0x2fd5b0)+0x20 0x2232d88a:_dual_rcvupdate(0x2202e76c+0x2fef6a)+0x1b4 0x2232dd3c:_dual_rcvpkt(0x2202e76c+0x2ff59e)+0x32

[CSCdj12930]

• A reload might occur if the command show modem slot/modem-port is issued when the associated modem is in the autoconfigure mode. Autoconfigure mode is normally a short interval, when the modem is reset and reinitialized by the modem autoconfigure command. [CSCdj17224]

• If both controller T1 interfaces of a Cisco AS5200 are configured for robbed bit signaling, but controller T1 "0" is configured for type E&M-fgd signaling and controller T1 "1" is configured for type fxs-ground-start signaling, controller T1 0 might busy-out (signal offhook) many or all channels. The busy-out renders modem access unreliable or nonexistent. [CSCdj19284]

• Sometimes a Cisco AS5200 might crash with a bus error at PC 0, address 0. [CSCdj19651]

• Sometimes a Cisco AS5200 might crash with the following stack trace:

0x221FF150:_mai_handle_b2b_connect(0x2202ea38+0x1d069c)+0x7c 0x221FC394:_mai_execute_proc(0x2202ea38+0x1cd908)+0x54 0x221FC492:_mai_queue_handler(0x2202ea38+0x1cda2c)+0x2e 0x221FC530:_mai_maintn_process(0x2202ea38+0x1cda72)+0x86

[CSCdj20121]

AppleTalk

• ARAP 2.1 does not work properly on routers running Release 11.2. The client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• Using ARAP client 2.1, the user will not be able to dial in to a Cisco AS5200 with Cisco IOS Release 11.1 if the Cisco AS5200 has autoselect configured. Use any of the following workarounds:

  • Remove autoselect and use ARAP dedicated.

  • Modify the client CCL script to extend the pause before exiting to 3 seconds.

  • Turn on MNP10 on the ARAP 2.1 client.

  • Use the ARAP 2.0.1 client.

[CSCdj09817]

• A router might prevent Macintoshes from coming up, because of duplicate provisional addresses. A workaround is to issue the command clear apple arp. [CSCdj16510]

Basic System Services

• The router might reload when trying to execute the show accounting command. [CSCdi69364]

• In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• The Cisco AS5200 access server sometimes crashes with a bus error when you issue the write core command. [CSCdi90206]

• In certain cases of high netflow switched traffic, performance could drop off steeply. [CSCdi91872]

• Too many accounting records are sent for a multichassis multilink PPP connection. [CSCdj17870]

• Control characters in chat-script commands that are specified using backslash-octal representation are not accepted or stored properly. [CSCdj18869]

• When a router is configured with the command ip identd and with aaa authentication login default tacacs+ enable, the router will reload itself if all the following occur:

  • Router is resolving host names via an external DNS server

  • TACACS server is down

  • User gains access to the router via the backup "enable" method

  • User then attempts to Telnet from the router to a host on the network

After the Telnet is initiated, the router will immediately reload

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default). [CSCdj19961]

• When formatting a boot Flash of type A7, A6, or AA, boot Flash devices will not be recognized.

If you want to run these boot Flash devices and use images prior to this bug fix, you must format the boot Flash with an image containing this bug fix. Then you can load an older image onto the newly formatted boot Flash SIMM. [CSCdj20651]

• During a boot Flash format, systems with earlier release image will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).

To run these boot Flash devices and use images prior to this bug fix, you must format the boot Flash with an image containing this bug fix and then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20681]

IBM Connectivity

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]

• On a router running Cisco IOS Release 11.2, Enhanced IGRP fails to connect fully to other Enhanced IGRP routers across a single Token Ring interface, when source-route bridging is configured on the interface but source bridge spanning is not enabled. The workaround is to enable source bridge spanning on the Token Ring interface. [CSCdi70297]

• QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]

• When fast source-route translational bridging feature is configured, packets are corrupted. The workaround is to issue the no source-bridge fastswitch ring-group fastswitch command, which disables the fast source-route translational bridging feature. [CSCdi87612]

• When an LNM queries the router with a report station address, the router answers correctly with a report station address. However, 0.001 second later, the router sends a second report station address to the LNM with all zeros in the frame. This causes the LNM to work incorrectly. [CSCdj04559]

• A router might reload if it receives an ARP request frame from a Token Ring interface and the frame has been incorrectly formatted as a Frame Relay ARP. ARP request frames that are correctly formatted for IEEE LAN media will not cause this problem. The only workaround is to remove the station sending the illegal frame from the network. [CSCdj05170]

• When using ADT-POLL-SELECT the router local to the ADPLEX alarm device forwards general poll response back to the host, but discards echoed commands. [CSCdj12495]

• A buffer leak occurs in LNM processes. Buffers are classified as link type IBMNM and contain an error report from the router to LNM (that is sector 8611). The workaround is to disable the LNM process. [CSCdj20441]

• The router might reload unexpectedly with a stack trace pointing to llc2_timer. [CSCdj21370]

Interfaces and Bridging

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this, upgrade to microcode version rsp_trip20-1. [CSCdi74639]

• A slow memory leak occurs when sending large multicasting packets over LAN emulation (LANE) for a long period of time. The DMA request (DRQ) within VIP2 direct memory access (DMA) will not return the used buffers to the cache pool after a long period of extensive traffic stress, when a large number of emulated LAN (ELANS) are set up on an s Transfer Mode (ATM)-lite interface. No workaround is known at this time. [CSCdj07627]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• The Bridge ID might choose a Cisco random address even for the Ethernet interface which has the MAC address. It occurs most often in the first Ethernet interface. [CSCdj13302]

• Removing channel groups might cause routers to reload with the message "restarted by error - an arithmetic exception." [CSCdj16862]

• An RSP2 router configured with a FastEthernet and a slow-speed serial interface can observe output packet drops on the serial interface, with traffic coming from the Fast Ethernet. This is observed, even with less traffic such as a regular ping.

A workaround is to disable fast-switching on the serial interface. [CSCdj17962]

• LANalyzer trace indicates that the router is forwarding an RPL request out the same Token Ring interface port from which it received the packet. [CSCdj18835]

IP Routing Protocols

• When two virtual links are connected between two points, and the interface chosen as the best virtual link is shut down, connectivity will be lost to all routers accessible through this link. [CSCdi71740]

• When the command ip default-network is removed, the gateway of last resort is not removed from the routing table. [CSCdi76285]

• An OSPF router might restart when configured to originate default information by using a route map that references an access list. [CSCdi90774]

• The OSPF router process continually recalculates the SPF, and the long-term CPU load remains at 15 percent when there are 6,000 OSPF E2-type routes in the routing table. [CSCdj07301]

• Type 7 LSAs from an NSSA OSPF area might not be translated to type 5 LSAs in the backbone, when crossing a virtual link. [CSCdj12181]

• On a Cisco AS5200, messages of this type might appear on the console:

*Feb 28 19:36:08.595 EST: 
%SCHED-3-THRASHING: Process thrashing on watched queue'IP Packets' (count 36). 
-Process= "IP Input", ipl= 6, pid= 14 
-Traceback= 22160B0A 22160DB6 221A095E 

[CSCdj15244]

• A router might crash with the error message "System was restarted by bus error at PC 0x82ED48, address 0x4AFC4B04." [CSCdj15294]

• Although encryption of multicast is explicitly not supported, there is currently no means to prevent the crypto map from being bound to an access list that would permit multicast/broadcast packets. Since OSPF uses well-known multicast addresses 224.0.0.5 and 224.0.0.6, for example, if the access-list contains the "any" keyword without blocking class D addresses, the router will attempt to encrypt the OSPF LSA and subsequently crash.

The workaround is to use a supported configuration in which the access lists bound to the crypto map deny multicast, and then configuring OSPF to run unicast either by GRE tunneling or by manually defining all neighbors. [CSCdj18464]

• Under certain conditions, Enhanced IGRP variance might not remove routes with a higher next hop metric. Issuing the clear ip route * command will resolve the problem. [CSCdj19634]

ISO CLNS

• If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]

Novell IPX, XNS, and Apollo Domain

• Adding XNS back into a router's configuration after it has been removed can cause a system to restart by bus error. This might only be a one time event if it occurs at all. [CSCdj16694]

Wide-Area Networking

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When configuring PVCs on the AIP, you might run into a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

15:06:19:%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
15:06:19:%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• ARP replies are not sent over a PPP multilink interface. As a workaround, configure a static ARP on the remote device or disable PPP multilink. [CSCdi88185]

• The Frame Relay traffic shaping and per-VC queuing features do not operate correctly. When you configure the frame-relay traffic-shape command, the required initialization does not occur as expected. The result is that the specified rates for transmission are not observed and the defined queuing method is not properly configured. There is currently no workaround. You are therefore advised not to configure this feature. This problem does not affect the interface-independent traffic shaping function. [CSCdi88662]

• When a primary link using subinterfaces is backed up with a dialer interface, and you do a shutdown of the primary subinterface, the dialer interface goes from "standby" mode to "administratively down." The shutdown command is added automatically under the dialer interface part of the configuration.

When you try to remove the shutdown command from the dialer interface, you get an error message: "% Shutdown not allowed on rotary group lead."

The only way to remove this is to remove the complete dialer interface from the configuration and then configure it back again. [CSCdj01394]

• A virtual access interface does not inherit the username from its parent interfaces when it hosts a PPP multilink session. Therefore, the show user command does not display the username associated with a virtual access interface, and SLIPON requests in Extended TACACS do not contain the username, resulting in possible authentication failures with Extended TACACS. [CSCdj04600]

• CHAP authentication might fail when you configure the aaa authentication local-override command. [CSCdj08113]

• On a Cisco AS5200 access server, you might sometimes see messages of the following type:

*Feb 28 20:13:32.799 EST: 
%SCHED-3-THRASHING: Process thrashing on watched queue'PPP Input' (count 439). 
-Process= "PPP manager", ipl= 6, pid= 37 
-Traceback= 2214B4A6 2214B752 222440A0 

[CSCdj08216]

• In an environment with older hardware Revision 1.0 MIPs and newer VIP2 cards, OIR can result in the MIP card hanging or being disabled, or bus errors, or both. To remedy the problem, reset the MIP controller. If this does not work, reload the microcode. [CSCdj08338]

• A BRI interface with Frame Relay encapsulation configured does not behave correctly. A call stays up for some seconds, LMI messages are exchanged, and as soon as the DLCI goes from INACTIVE to DELETED, the BRI is physically reset. Therefore, it is impossible to use Frame Relay over ISDN. [CSCdj09661]

• When assigning a DLCI to an ISDN interface with Frame Relay encapsulation, the DLCI will become and remain ACTIVE even after you enter the shutdown and no shutdown commands for the ISDN interface. [CSCdj09676]

• Using DLCI prioritization on a point-to-point Frame Relay subinterface, if one of the DLCIs fail, the subinterface will either bounce once or will continually bounce at every subsequent LMI full status report--depending on whether LMI reports the DLCI as being DELETED or INACTIVE. The behavior is the same for every DLCI defined in the priority-dlci-group.

Normally, if the primary DLCI fails the Point-to-Point subinterface should go down, while if a secondary DLCI fails, the subinterface stays up but traffic destined only for that DLCI will fail. [CSCdj11056]

• Dynamic DLCI mappings might inadvertently remain mapped after switched virtual circuit teardown, as can be seen using the command show frame-relay map. [CSCdj11851]

• When a router receives a valid Frame Relay Setup message while the local SVC's map-class is not yet properly configured, the router crashes. The crash point and the stack trace might be similar to one of the following:

[CSCdj13019]

• When PPP debugs are turned on, messages of this type might appear on the console:

*Feb 28 22:29:50.351 EST: Se0:19 PPP: dropped, LCP not open. Protocol = 0x21
*Feb 28 22:29:50.423 EST: Se0:18 PPP: dropped, LCP not open. Protocol = 0x21 

[CSCdj14985]

Sometimes a Cisco AS5200 running multichassis multilink PPP might crash with the following messages and stack trace:

%Software-forced reload^M 
^M 
^M 
Unexpected exception to CPU vector 34, PC = 22155788^M 
-Traceback= 22155788 2215954C 22159812 2214CC2A 2214CCF6 220ED388 220ED67C 220ED 
40E 220470FE 22047008 220465A8^M 
^M 
Writing pchebrol/london-5200/london-5200-core ^M 
Queued messages:^M 
*Mar 1 02:49:00.394 EST: LIF_Fatal called from l2 0x22048DAE, func = L2_Mail, s tring = LIF_GetPkt failed^M 
*Mar 1 02:49:00.398 EST: ExecExit called from 0x2205A42E^M 
*Mar 1 02:49:00.402 EST:%SYS-6-STACKLOW: Stack for process ISDN running low, 0 /2000^M 
0x22155788:_crashdump(0x2202ea84+0x126c5a)+0xaa
0x2215954C:_process_run_degraded_or_crash(0x2202ea84+0x12aa78)+0x50
0x22159812:_process_ok_to_reschedule(0x2202ea84+0x12ab12)+0x27c
0x2214CC2A:_process_suspend(0x2202ea84+0x11e18e)+0x18
0x2214CCF6:_process_mightmight_suspend(0x2202ea84+0x11e242)+0x30
0x220ED388:_doprintc(0x2202ea84+0xbe6e0)+0x224
0x220ED67C:__doprnt(0x2202ea84+0xbeb82)+0x76
0x220ED40E:_printf(0x2202ea84+0xbe954)+0x36
0x220470FE:_isdn_memstats(0x2202ea84+0x18666)+0x14
0x22047008:_FinUsr(0x2202ea84+0x18570)+0x14
0x220465A8:_isdnmain(0x2202ea84+0x17b00)+0x24

[CSCdj17876]

• A router might randomly and intermittently reload and generate system error messages similar to the following:

%SYS-3-OVERRUN: Block overrun at 4029DEA8 (redzone 743D3334)

[CSCdj19105]

• The MAC address of an ATM interface in a router, instead of the actual MAC address of an end station connected to a LANE client, is entered in the ARP cache. This occurs after several hours. The problem can be temporarily resolved by clearing the ARP cache of the router. [CSCdj19293]

• A Cisco AS5200 crashes with a bus error if it is powered on without any modem modules plugged into it. [CSCdj20225]

• When debug ppp negotiation is enabled, ISDN calls on a Cisco AS5200 might drop unexpectedly. [CSCdj21487

Catalyst 5000 Route Switch Module (RSM)

Sustained IPX traffic load consisting of 64 byte packets causes the Catalyst 5000 RSM to stop receiving packets. Symptoms include the RSM not routing any traffic, as well as a user being unable to reach the RSM via session or Telnet. Workarounds are to reset the RSM or issue the test rsp stall command from the RSM console. [CSCdj21750]

Access Server

• When using the ground start option for channelized T1 signaling, the Cisco AS5200 universal access server might not reliably indicate which channels are busied out. This occurs when the unit has run out of available modems. [CSCdj00011]

• Under conditions where there is a very high rate of channelized T1/E1 signaling transitions, the Cisco AS5200 might crash with a bus error at PC 0, address 0. This can occur when the Cisco AS5200 is connected to a noisy line. [CSCdj19651]

EXEC and Configuration Parser

The autohangup command does not work if the you use rlogin. Instead of being disconnected at the end of the rlogin session, you will return to the prompt (or the menu if you are using one).

A workaround is to use the telnet command in the menu, specifying the rlogin port value (513), which will cause rlogin to be invoked (for example, menu test command 1 telnet myhost 513). [CSCdj16600]

Wide-Area Networking

• When running Next Hop Resolution Protocol (NHRP) with IP/IPX/AT map-lists on an RSP4, the router might continuously reboot and display the following message on the console [CSCdj22122]:

%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x603CCF3C, sp=0x6110DFD0 
Unexpected exception, CPU signal 10, PC = 0x0 

Caveats for Release 11.2(1) Through 11.2(6)

This section describes possibly unexpected behavior by Release 11.2(6). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(6). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

During normal operation of a Cisco AS5200 access server that has a CAS channelized T1, you might notice that there are no users on the hardware and that when calling the number for the CAS, you get a ring but no answer. [CSCdi92824]

AppleTalk

• When using ARAP 2.1 on routers running Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• Using ARAP client 2.1, you might be unable to dial in to a Cisco AS5200 if the autoselect is configured. To work around this problem, you can do any one of the following:

  • Remove autoselect and use ARAP dedicated.

  • Use ARAP 2.0.2 client instead.

  • Turn on MNP10 on the ARAP 2.1 client.

  • Modify the client CCL script to extend the pause before exiting to 3 seconds. [CSCdj09817]

Basic System Services

• A router might reload when trying to execute the show accounting command. [CSCdi69364]

• In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This specific problem occurs when the Flash version of the Cisco IOS software does not match the running version. [CSCdi74380]

• An RSP2 system might reload while performing RSP fast switching. [CSCdi85578]

• A Cisco AS5200 access server sometimes crashes with a bus error when you issue a write core command. [CSCdi90206]

• In certain cases of high netflow switched traffic, performance could drop off steeply. [CSCdi91872]

• When using compression and traffic shaping over Frame Relay, the traffic shaping uses uncompressed data volumes to calculate load. [CSCdj04312]

• The nexthop address in the flow data export record might be incorrectly output as 0.0.0.0. [CSCdj09896]

IBM Connectivity

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and do LLC mapping. [CSCdi55085]

• QLLC cannot use X.25 PVCs for DLSw+. The workaround is to use RSRB or X.25 SVCs. [CSCdi58735]

• On a router running Cisco IOS Release 11.2, Enhanced IGRP fails to connect fully to other Enhanced IGRP routers across a single Token Ring interface when source-route bridging is configured on the interface but source bridge spanning is not enabled. The workaround is to enable source bridge spanning on the Token Ring interface. [CSCdi70297]

• QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]

• Certain interface processors send a set of logger messages that contain the details of a fatal error condition that has been detected on that card. Under some circumstances, Cisco IOS software resets the card before all the messages have been retrieved and displayed. This results in a loss of useful information necessary to debug the fatal error that occurred on the interface processor. [CSCdi86708]

• Source route translational bridging corrupts packets when configured for the new fast SR/TLB feature. The workaround is to issue the no source-bridge fastswitch ring-group fastswitch command. [CSCdi87612]

• A DLUR router might tear down the downstream link when it receives a dactpu "not final use" message for the downstream PU. [CSCdi92973]

• APPN links over RSRB might not connect if started simultaneously. A workaround is to start only one side of the link or the other. [CSCdj03501]

• In certain cases where the link unit gets disconnected, VTAM could get stuck in a PALUC state, because the DACTLU was not properly handled. [CSCdj03737]

• Any existing session or circuit over a backup peer is brought down immediately after the primary peer comes up, even if the backup peer linger timer has been specified to a longer time (for example, two minutes). [CSCdj13159]

Interfaces and Bridging

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this, upgrade to microcode version rsp_trip20-1. [CSCdi74639]

• Router had bad memory. Problem is resolved by replacing the router. [CSCdi87874]

• Under a heavy load condition, it is possible for the keepalive timer to go off and cause resets on a Token Ring interface. [CSCdi88713]

• When the dialer dtr command is configured, the router does not raise the DTR signal. [CSCdi92812]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• When the 90-compatible OUI is used on a source-bridge transparent command statement, the command is accepted and translational bridging operates correctly. However, a display of the configuration shows the OUI option as "90compat" instead of "90-compatible."

Then, if the router is reloaded, an error message is generated pointing to the "c" in "90compat" and the resulting configuration does not have the source-bridge transparent command included. If the command with the 90-compatible OUI is configured again, normal operation is restored. [CSCdj09688]

IP Routing Protocols

• An OSPF router might restart when conditioned to originate default information by using a route map that makes reference to an access list. [CSCdi90774]

• An unnecessary SVC might be created by NHRP, when using inverse ARP on the PVC used for routing updates. [CSCdj00816]

• The OSPF router process continually recalculates the SPF, and the long-term CPU load remains at 15 percent when there are 6,000 OSPF E2-type routes in the routing table. [CSCdj07301]

• In a router with a Simplex interface configuration, IP route cache is invalidated on the RECEIVE interface only, but not on the TRANSMIT interface. [CSCdj11960]

• Type 7 LSAs from an NSSA OSPF area might not be translated to type 5 LSAs in the backbone when crossing a virtual link. [CSCdj12181]

• A Cisco AS5200 might crash with a bus error at "_ip_fastswitch." [CSCdj07082]

• A Cisco AS5200 might sometimes crash with the following stack trace while running at high load:

0x22142aa8:_validblock(0x2202e76c+0x11433c)+0x0 0x22329778:_dual_rdbdelete(0x2202e76c+0x2faf1a)+0xf2 0x223297f0:_dual_zapdrdb(0x2202e76c+0x2fb032)+0x52 0x2232bd3c:_dual_rdbclear(0x2202e76c+0x2fd5b0)+0x20 0x2232d88a:_dual_rcvupdate(0x2202e76c+0x2fef6a)+0x1b4 0x2232dd3c:_dual_rcvpkt(0x2202e76c+0x2ff59e)+0x32

[CSCdj12930]

ISO CLNS

If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in Intermediate System-to-Intermediate System. A workaround is to number the interface. [CSCdi60673]

TCP/IP Host-Mode Services

Cisco devices running small numbers of outgoing Telnet sessions (for example, if the device is being used as a terminal server), can result in the device showing unexpectedly high CPU utilization. This is somewhat an artifact of the way CPU usage is measured, and not cause for too much concern. [CSCdj11528]

Wide-Area Networking

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When configuring PVCs on the AIP, the router might experience a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit.

The messages that occur due to this type of failure include:

15:06:19:%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
15:06:19:%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values might be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, lowering the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• If a system has the commands encapsulation frame-relay and frame-relay traffic-shaping configured, the frame-relay traffic-shaping command must be removed prior to changing the encapsulation. [CSCdi71686]

• ARP replies are not sent over a PPP multilink interface. As a workaround, you can configure a static ARP on the remote device or disable PPP multilink. [CSCdi88185]

• The Frame Relay Traffic Shaping and Per-VC Queuing feature does not operate correctly.

When enabling the frame-relay traffic-shape command, the initialization required does not occur as expected. The result is that the specified rates for transmission are not observed and the defined queuing method is not properly configured. There is currently no workaround for this behavior. The user is therefore advised not to configure this feature.

The interface-independent traffic shaping function is not impacted by this problem. [CSCdi88662]

• Soon after you disconnect a PRI on which active calls connected, a message such as the following might be displayed:

%SYS-3-CPUHOG: Task ran for 2004 msec (1871/435), Process = ISDN, PC = 2206232E

[CSCdi93207]

• A SegV exception appears when a dialer list is not defined on the remote router and a dialer group is entered on dialer profiles logical interfaces. The workaround is to define a dialer list on the remote router. [CSCdj03726]

• A Virtual-Access interface does not inherit the username from its parent interfaces when it hosts a PPP multilink session. The consequences are that a show user command does not show the username associated with a Virtual-Access interface and SLIPON requests in XTACACS do not contain the username, resulting in possible authentication failures with XTACACS. [CSCdj04600]

• CHAP authentication might fail when you configure the aaa authentication local-override command. [CSCdj08113]

• In an environment with older hardware Revision 1.0 MIPs and newer VIP2 cards, OIR can result in MIP card hanging or being disabled, or bus errors, or both. To remedy the problem, reset a MIP controller. If this does not work, reload the microcode. [CSCdj08338]

• A BRI interface configured with Frame Relay encapsulation might exhibit the following: A call stays up for some seconds, LMI messages are exchanged, and as soon as the DLCI goes from INACTIVE to DELETED, the BRI is physically reset. It is not possible to use Frame Relay over ISDN. [CSCdj09661]

• A router might reload without producing a stack trace, or might otherwise behave unpredictably, if routing an X.25 call that contains 16 bytes of Call User Data. There is no known workaround. [CSCdj10216]

• When static le-ARP entries are configured on an ATM subinterface, the router crashes if there is no LANE client on the subinterface. [CSCdj10839]

• The number of available B channels is incorrectly incremented by the total number of B channels per interface, whenever the controller or the interface is reset. This results in the dialer attempting to place calls incorrectly on resources that are actually in use. [CSCdj11181]

• Dynamic DLCI mappings might inadvertently remain mapped after switched virtual circuit teardown. This problem can be seen if you use the command show frame-relay map. [CSCdj11851]

• The ATM interface might keep resetting because of a microcode bug; there might also be a secondary port error. This reset of the ATM NIM causes LEC, or whatever is running on the ATM interface, to go down. [CSCdj12455]

• NetBIOS NBF over asynchronous lines doesn't work correctly after session initialization. [CSCdj12468]

Access Server

• When using ground start option for channelized T1 signaling, the Cisco AS5200 universal access server might not reliably indicate which channels are busied out. This occurs when the unit has run out of available modems. [CSCdj00011]

Caveats for Release 11.2(1) Through 11.2(5)

This section describes possibly unexpected behavior by Release 11.2(5). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(5). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Basic System Services

• When using RSP code with HIP, TRIP, or FIP interfaces, and when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the error message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]

• Packets might not be switched over a GRE tunnel, if access lists are applied to the input interfaces. After an incoming packet has been encapsulated for a tunnel, the access list check could prevent the packet from being switched. This is caused by the access list checking the new source of the tunnel packet, resulting from the encapsulation, against the interface the packet arrived on. To work around this problem, disable access lists on the input interfaces or add the tunnel source address to the access list. [CSCdi87500]

• A hold-queue length out command will not be accepted if the output interface is configured for fair queuing. Fair queuing is the default queuing mode for low-speed (less than 2 Mbps) serial interfaces.

• The hold-queue command is intended to configure the number of output hold queue buffers for FIFO (or FCFS) queuing. It has no meaning in the context of fair queuing. So the (intentional) design was that this command would be ignored when fair queuing was enabled.

When fair queuing has been configured, you might use the fair-queue command to control the number of output buffers that might be used by fair queuing. [CSCdj01870]

• Telnet sessions might pause for up to 20 seconds at a time. Any keystroke will break the pause. [CSCdj06450]

• On RSP systems, when maximum-size MTU packets are received by serial interface processors (including the FSIP, HIP, MIP, POSIP, and serial port adapters on VIPs that forward data to the RSP to be routed), up to 8 bytes of data might be written into the next datagram's packet memory. This could result in anomalous system behavior, including software-caused system crashes and dropped datagrams. This problem is never seen on RSP systems that do not have serial interfaces. [CSCdj08573]

• The command ntp broadcast is lost after a reload. [CSCdj09473]

EXEC and Configuration Parser

The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software that is available with the enable password. Take care when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, and user IDs and passwords before sending. [CSCdj06881]

IBM Connectivity

• When running DLSw+/LLC2 over FDDI, on receiving a REJ frame from an FDDI end station, the router sends a corrupted retransmitted I-frame. The last byte of the SMAC is replaced by the DMAC value. [CSCdi91063]

• When an end station caches RIFs that it learns from broadcasts or when there are duplicate MAC addresses on each side of the DLSw cloud, DLSw will local-switch circuits between two local SRB-capable interfaces, thereby degrading SRB performance. [CSCdi91204]

• Source-route bridging over FDDI might not be passing all frames following the spanning or all-routes explorers. This problem occurs in Release 11.1(9) and Release 11.2. A workaround is to run Release 11.1(8)CA1. [CSCdi92160]

• A rare condition can occur during session cleanup that causes the DLUR router to crash or display a "Mfreeing bad storage" message for the "psp00" process. [CSCdj02249]

• Exclusively configuring DLSw+ with the icanreach netbios-name command prevents some applications, including Microsoft Windows applications, from making NetBIOS connections. The workaround is to add an asterisk (*) to the end of the NetBIOS names configured with the icanreach netbios-name command. [CSCdj04936]

• The router crashes when either a no fras backup dlsw or no fras backup rsrb command is issued only when the backup code is invoked, for example, when the serial line to the Frame Relay cloud is lost, and backup is configured. When the no backup command is used, the cleanup for the backup functions is invoked. The problem is that the backup function removes the lan-cep, instead of the backup-cep. When the lan-cep structure is referenced, the structure is garbage, and the router crashes. No workaround for this is available at this time. [CSCdj08577]

• Sometimes when DLSw is required to verify the NetBIOS reachability cache entry, there might be a 1-second delay before a NetBIOS FIND_NAME message is forwarded to the LAN interface. [CSCdj09865]

• The DLUR router might send a corrupt APPC frame to a DLUS if a timing window is hit when accessing multiple DLUSes. This problem can occur if there is both a primary and a backup DLUS configured and at least one physical unit that cannot get in to the primary DLUS (physical unit inactive) while other PUs are active with the primary DLUS.

This problem can cause VTAM to refuse to activate subsequent DLUR/DLUS pipes for all DLUR network nodes. The message "/d net,dlurs" shows the DLUS conwinner state as reset and the conloser as active.

The workaround to prevent the DLUR router from sending this corrupt frame is to reconfigure the DLUR routers without a backup DLUS coded. [CSCdj10485]

Interfaces and Bridging

• IPX with integrated routing and bridging (IRB) does not work over serial interfaces if the encapsulation on BVI interface for IPX is 802.2 (SAP) and 802.3 (Novell-ethernet), encap arap(ethernet_ii) works fine. This problem occurs when a serial interface is configured for bridging, Ethernet interface is configured for IPX routing, and IRB is enabled to transport bridging IPX traffic to routing interface. [CSCdi56417]

• When a router is configured as a RARP server and is also configured for transparent bridging on the same interface, the router does not respond to reverse ARP requests.

The fix to this problem means that the router box can provide RARP service if configured as a RARP server regardless of its being configured as later 2 bridge only. [CSCdi83480]

• FDDI interfaces might stop accepting multicast packets. [CSCdi92156]

• Packets destined to the HSRP virtual MAC address will not be routed if received on an 802.10 subinterface. [CSCdj01435]

• When configuring IPX routing, a serial interface running BSTUN might be put into a down state and then come back up. Restarting the host session will bring the end-to-end connection back up. [CSCdj02488]

• Transparent bridging might cause high CPU utilization in Cisco IOS Releases 11.1(8) and 11.2. A show align command can be used to confirm whether large "counts" of alignment errors are the source of the problem. The show align command also yields trace information that can be decoded to determine the source of the problem. [CSCdj03267]

IP Routing Protocols

• If a router is running out of memory while running OSPF, OSPF does not check to see if one of its structures has been properly allocated. This can result in a SegV exception, causing the router to reload. [CSCdi64972]

• When fast switching is enabled on the system, an incorrect SVC might be created for NHRP path. A workaround is to disable fast switching. [CSCdi75617]

• If type 5 LSA exists, OSPF crashes if all the configured areas are removed by the no area area-id commands. [CSCdi78012]

• The system might reload after a show ip bgp inconsistent-as command is executed. [CSCdi88669]

• An extended access list that denies IP traffic and that does not require transport layer information might let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]

• After major topology changes, it is possible that the OSPF neighbor list is corrupted. The show ip ospf neighbor command might show that OSPF has adjacency with itself. This prevents OSPF from establishing adjacency with other routers on the network. More seriously, this could lead to router crash. [CSCdj01682]

• The router will crash in nhrp_find_nhs when attempting to access a network that is not being served by NHS. [CSCdj03224]

• IGRP is erroneously accepting a majornet route over an interface that is directly connected to a different majornet. [CSCdj03421]

• When the LSA with the host bits is generated, OSPF ABR handles the LSA incorrectly and reports the OSPF-3-DBEXIST error message for type 3 LSAs. [CSCdj08699]

Novell IPX, XNS, and Apollo Domain

• When a router running NLSP receives an IPX aggregate route, SAPs whose source networks match that aggregate route will be installed into the SAP with a route hop count of 255, making those services unreachable. [CSCdi91209]

• If IPXWAN is configured and the remote router is configured to allow IPXWAN Client mode, the local router will reset the link upon receiving the IPXWAN Timer Request. IPXWAN debugging will show "IPXWAN: Rcv TIMER_REQ reject Router asking for Client mode." The workaround is to disable IPXWAN Client mode negotiation on the remote router. [CSCdi93285]

• When routing IPX packets between Ethernet segments using different IPX encapsulations, a "TOOBIG" traceback might be generated when a maximum size Ethernet packet from one segment is routed to another Ethernet segment with a slightly larger IPX encapsulation size--for example, when going from Ethernet_802.3 (Novell-Ether) to Ethernet_802.2 (SAP). No actual Giant packet is sent; the large packet is dropped as part of the traceback warning message. [CSCdj00849]

• Connected routes are not redistributed to IPX Enhanced IGRP with the proper metrics. This can cause the remote routers to use a suboptimal route if there are multiple autonomous systems configured and routes are mutually redistributed. [CSCdj04141]

• In an NLSP environment, when a more distant route is replaced by a better route, two routes for the same network might be advertised by RIP. [CSCdj04543]

• A router might reload if the no redistribute eigrp autonomous-system-number command is given under the ipx router eigrp command with a wrong autonomous system number. [CSCdj06394]

• The IPX route table might be incomplete after an interface is shut down and more than one IPX Enhanced IGRP autonomous system is configured. [CSCdj07334]

• The router might reload if NLSP is disabled on an interface. [CSCdj08009]

TCP/IP Host-Mode Services

• The initiation of Telnet or other TCP connection might fail with the error message "%Out of local ports." A workaround is to attempt the connection a second time. [CSCdi60974]

• A TCP packet still in use might accidentally get freed in IP when the packet is going out a Frame Relay interface on which TCP header compression is configured. When this happens, the following messages are logged on the console:

Mar 19 08:41:23:%TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 
-Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C 
Mar 19 08:41:50:%X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted
Mar 19 08:41:52: 
TCP0: extra packet reference for pak 0x60A031D8 found: 
Mar 19 08:41:52:%TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 
-Process= "TCP Driver", ipl= 0, pid= 26 
-Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C 
Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 
Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4

[CSCdj06781]

Wide-Area Networking

• On lines running software flow control without modem control, attached devices can get stuck in a flow-controlled state if the Cisco TTY is reset while it is flow-controlling the attached device. [CSCdi60204]

• When using Frame Relay IETF encapsulation, bridging fails for Token Ring-to-serial-to-Token Ring connections. [CSCdi70653]

• The dialer hold-queue command does not queue packets when it is used with dialer profiles. As a workaround, use the legacy DDR configuration, not dialer profiles. [CSCdi84272]

• If a no shutdown command is entered for a Group Async interface, the router might reload. [CSCdi91037]

• When using AAA accounting, a message similar to the following might be displayed:

%AAAA-3-BADSTR: Bad accounting data: too many attributes 

[CSCdj00190]

• When two routers are connected by an encrypted leased line and an ISDN backup line, if the leased line drops, the ISDN link comes up fine. However, when the leased line comes back up again, the router that placed the ISDN call crashes. [CSCdj00310]

• On some rare occasions, especially when a network management station is frequently polling Frame Relay MIB data (of the frCircuitTable) from a router being reloaded and just trying to come up, a crash might occur. [CSCdj00447]

• When the Cisco router is configured for AAA accounting and it has agreed to authenticate with CHAP, each CHAP challenge results in an accounting attribute being created. If the peer implements the optional mechanism to repeatedly authenticate the peer with multiple CHAP challenges, this might eventually result in the "AAAA-3-BADSTR, Too many attributes" message. [CSCdj03234]

• It is possible for the last X.25 fragment to have the M-Bit set improperly when the packet is full, but no additional data is to be sent. [CSCdj03488]

• If IRB is enabled and a BVI interface is configured, traffic through an ATM interface will cause the ATM input queue to wedge, while the BVI input queue will display negative numbers. [CSCdj04025]

• For TS014 (Australia, PRI) switch types, the following might happen: When a clear collision occurs between the CE and the network simultaneously transferring a DISCONNECT message specifying the same call, the call is not properly cleared. Neither side sends the RELEASE message to release the call, resulting in the call reference and the associated call control block (CCB). [CSCdj06157]

• If you are modifying the LANE database and you lose the Telnet session to the router, the database locks up. This is not a bug in the LANE code. A dead Telnet session takes approximately 5 to 8 minutes to be detected from the live side. When it is detected, the live side cleans up and releases the lock. This is a Telnet feature and has nothing to do with the LANE database. The workaround is to reload the router. [CSCdj06660]

• When the CPU is very busy and running many processes, an attached ATM switch can tear down SSCOP and all SVCs because the SSCOP Poll PDUs sent by the switch are not serviced in time. The workaround is to keep other processes from using too much of the CPU. [CSCdj06928]

Access Server

The user might lose the capability to configure channelized E1 as ISDN PRI after you configure and deconfigure cas-group command. Note that the pri-group command and cas-group command are mutually exclusive from each other. In other words, both commands can not be configured or enabled at the same time. Therefore, when one of them is configured, the other will disable in the options until it is deconfigured. [CSCdj00744]

Caveats for Release 11.2(1) Through 11.2(4)

This section describes possibly unexpected behavior by Release 11.2(4). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(4). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• Under certain circumstances, a Cisco AS5200 might reboot with the following message, visible via the show version EXEC command:

System restarted by bus error at PC 
 The circumstances that might lead to this event are (in the order shown):


Have active calls on a particular DSX1 (T1/E1) interface. 

Change the DSX1 controller pri-group timeslots configuration for this particular interface. For example, the following sequence:



config terminal 


controller t1 0 


pri-group timeslots 1-4 




Shut down the DSX1 controller via the shutdown interface configuration command. [CSCdi88556]


When you execute the show modem log command on a Cisco AS5200 access server, it might crash with a bus error. [CSCdi91563]



 Basic System Services

On RSP systems, the router reloads with a SegV error when trying to free a misqueued buffer or a buffer that is an invalid size. The buffer might contain a bad packet passed to it from another router. [CSCdi74039]

Ethernet interfaces might experience XBUFHDR and INVRTN errors. [CSCdi75404]

On RSP systems with HIP, TRIP, or FIP interfaces, when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]

The router might reload inadvertently if you respond improperly to extended ping dialog prompts. [CSCdi88443]

A memory leak occurs whenever TACACS+ is enabled. Memory is released to the EXEC process as seen via the show memory command. The leak appears to have originated in Release 11.0(10) and affects Cisco IOS software released thereafter. [CSCdi89479]

Under some circumstances, processing an SNMP Get request might result in a message similar to the following being displayed on the console: 


%SNMP-3-CPUHOG: Processing Get of lifEntry.75.34 
[CSCdi93084]


SNMP traps process can consume memory if presented with a large number of traps to deliver. [CSCdj02181]

In some circumstances (not fully determined), the router might restart due to a Bus Error. [CSCdj02493]



 IBM Connectivity

On CIP cards, it is possible to see the adapter type from the show interface command, but this information and version information are not available from the show controller cbus command. [CSCdi26192]

In extremely rare circumstances, the router might crash while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]

The following problem has been observed in STUN/local acknowledgment scenarios involving AS/400s: The remote router expects to see an OPCODE called LINK_ESTABLISHED from the host router in order for it to transition the state from USBUSY to CONNECT. While in USBUSY state, the remote router continually sends RNR to the downstream devices. 



The host router will only send the OPCODE when it sees the first RR/P after an SNRM/UA exchange sequence. With other devices such as a front-end processor, an I-Frame can be sent prior to the RR/P, which would actually take the remote router state out of USBUSY, but the local acknowledgment states were not corresponding to the actual situation at hand. This problem was partially fixed when CSCdi65599 was fixed. Additional "checking" code was added for exceptional state cases. A workaround is to use a Cisco IOS release that includes the fix for CSCdi65599. [CSCdi61514]




Connection problems might occur with stations running NetBIOS under very old versions of DOS. The only workaround is to use the latest NetBIOS drivers available for the workstation. An indication of this problem is that Windows and OS/2 stations can establish sessions properly, but of DOS-based stations cannot. [CSCdi83982]

In a QLLC environment, connection using a virtual MAC address from a pool of virtual MAC addresses might cause a connection to the wrong resource on the mainframe. [CSCdi86358]

An invalid packet might be received from the VTAM network node, resulting in the control point- to-control point session being torn down. [CSCdi87217]

When using NSP over DLUR, the router might leak small buffers. [CSCdi87320]

For LU0-to-LU0 traffic, the extended BIND might contain unformatted user data fields. The network node rejects the BIND and hence the session will never start. [CSCdi87365]

Configuring the output-lsap-list command on the local Token Ring interfaces does not block broadcast traffic from a DLSW peer. The workaround is to use a filter at the DLSW level on either router or to block the traffic with an input-lsap-filter command at the remote peer. [CSCdi88593]

When running multiple, large file transfers across DLSW using FST, transport sequence errors can occur causing the job to abort. This can be seen using the show dlsw peer command. A sequence error occurs when a numbered FST (IP) packet is received by the DLSw peer and the sequence number does not match what the peer expects. [CSCdi89838]

The DLUR router might fail to establish new logical unit. Logical unit. sessions after encountering a rare condition during session activation and deactivation. Messages similar to the following might be displayed on the router console when attempting to start new sessions. APPN must be stopped and restarted to clear the problem:


IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5 
%APPN-0-APPNEMERG: Assertion failed in./scm/xxximndr.c at line 158 
-Process= "xxxims00", ipl= 0, pid= 58 
-Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4





[CSCdi90117]





PEER INVALID trace messages are displayed on the console. Also, in Releases 11.1 and 11.2, the session on the peer-on-demand does not come up for quite some time. [CSCdi90953]

A router configured for DSPU might crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdi91368]

The router might crash if you enter the debug source error, debug llc2, or debug local command. [CSCdi92503]

When running DLSw+ local switching from SDLC/QLLC to Token Ring/Ethernet, if the XID negotiation is delayed or ends abnormally, a memory leak can occur. [CSCdi92511]

The DLUR router might crash with a "SegV exception" or an "Illegal access to a low address" message because of a DLUR memory corruption problem. This error results from a rare condition that usually occurs when DLUR sessions are going up and down. The stack trace after the memory corruption usually indicates Mget_x. [CSCdi92947]



 Interfaces and Bridging

The show diagnostic command does not display Fast Ethernet Interface Processor port adapter information. [CSCdi33967]

A problem occurs when performing a getnext operation on the dot1dTpFdbTable in the Bridge MIB. A getnext will not retrieve a request of index + 1 and will instead return the lexicographically next index. An example of this behavior follows:


If the table has the entries with indices of 
0000.0000.0001 0000.0000.0002 0000.0000.0003 0000.0000.0005 
a getnext of 0000.0000.0002 returns the index 0000.0000.0005 because 0000.0000.0003 is the index requested + 1 
a getnext of 0000.0000.0003 returns the index 0000.0000.0005 because 0000.0000.0005 is greater than the requested index + 1. [CSCdi84559]


A problem occurs when the router is configured for Integrated Routing and Bridging (IRB). The problem affects all platforms. A bad decision in the forwarding of packets whose destination is not in the bridge table could cause the router to reload. [CSCdi92194]



 IP Routing Protocols

IGMP and PIM should support multicast addresses (for example, c000.0004.0000) as configurable options on Token Ring interfaces instead of requiring broadcast address (for example, ffff.ffff.ffff). [CSCdi83845]

Configuring OSPF NSSAs (Not So Stubby Areas) can affect the way routes are redistributed into OSPF. This defect was first observed in Release 11.2(3). [CSCdi88321]

A prefix that has the "no-export" community string set from an inbound route map is incorrectly advertised to EBGP peers. A workaround is to configure a route map to set "no-export" community on the outbound side of the peering router instead. [CSCdj01351]

Memory corruption and memory leaks can occur when PIM packets are sent. [CSCdj02092]

Under certain timing-related circumstances, the use of per-user routes might cause a router to reload when the interface that caused the routes to be installed goes down. This is because both the IP background process and the per-user code attempt to remove this route. [CSCdj02347]



 ISO CLNS

If minimum-sized (or sweeping-sized) CLNS pings are performed and the CLNS source and destination addresses are very long, the system might fail. The workaround is to raise the minimum ping size to at least 63 bytes. [CSCdi91040]



 Novell IPX, XNS, and Apollo Domain

When a device running LANE is configured as a LAN Emulation Configuration (LEC), it does not acknowledge any secondary IPX networks with frame types different from the primary. The debug ipx packet command displays these received packets as "bad pkt." Only packets that arrive with the same IPX frame type as the primary IPX network on the ATM interface of the router are properly accepted. [CSCdi85215]

In a redundant IPX Enhanced IGRP network running IPX incremental SAP, the router's SAP table might contain out-of-date information, such as the socket number if the socket number was changed from its initial advertisement. [CSCdi85953]

SPX keepalive spoofing will cease to spoof after a router has been up for 24 days or longer. The debug ipx spx-spoof command shows packets being skipped at the time when they should be spoofed. The only workaround is to reload the router once every three weeks. [CSCdi86079] 

XNS RIP requests for all networks cause normal periodic RIP updates to be delayed or skipped. [CSCdi90419]

When IPX incremental SAP is running, the router's SAP table might not contain all the SAPs in the network if one of it interfaces goes down and comes back up later. [CSCdi90899]

When running IPX incremental SAP, the router might not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]



 TCP/IP Host-Mode Services

A Telnet session with a nonzero number of unread input bytes cannot be cleared. [CSCdi88267]

IP packets with valid TTLs (of varying values) received on a VIP2 serial port adapter or FSIP (both on RSP2 platform) with TCP header compression are intermittently dropped. The router sends an ICMP Time Exceeded message to the source. 



The show ip traffic command indicates that the ICMP Time Exceeded counter increments. 


A workaround is to turn off TCP header compression. [CSCdj01681]




 VINES

If you add a VINES static route of equal metric for an alternative path when the vines single-route command is configured, the system might reload. The workaround is to delete the static route or enter a no vines single-route command. [CSCdi92190]



 Wide-Area Networking

Under certain circumstances, a group of four serial ports on a Cisco AS5100 access server can become unresponsive. Only a reload will solve the problem. [CSCdi58103]

In certain environments, I/O and processor memory are being consumed by processes in the router, primarily the Critical Background process, and the router runs out of memory after 29 hours of operation. [CSCdi80450]

When using a 4ESS PRI to place an international call (011), the call might be rejected with the error "cause i = 0x839C - invalid number format." [CSCdi81069]

Using the command no pri-group while traffic is being passed can result in a bus error. The command may be used safely when no traffic is being passed. [CSCdi82055]

The dialer hold-queue command does not queue packets when it is used with dialer profiles. As a workaround, use the legacy DDR configuration instead of dialer profiles. [CSCdi84272]

Random restarts because of bus errors occur at least two to three times per day. The problem might be in the DDR software. [CSCdi86765]

When TEST/XID packets are received by a LANE client, the router might crash. There is no workaround for this problem. [CSCdi90868]

Under heavy call volume, the router might not return memory to the free pool when it is no longer needed. This will eventually result in a low-memory or no-memory condition, which might manifest itself in several different error messages. [CSCdj02481]

PPP over ATM does not support bridging in Release 11.2(4)F. [CSCdi84715] 

While processing incoming X.25 calls, the router might lock up. The function x25_context_check(), will appear in the stack trace. [CSCdj01551]

When virtual profiles are configured, IPCP can appear to bounce up and down.[CSCdj03130]

Issuing the show ppp bap queues command might cause the router to crash if a BAP group has a request that has been deemed to have been unfavored through a rare condition scenario, and then the group is removed while the entry is still attached to the group. 



The workaround is to allow the entry to timeout or to not issue the command. [CSCdj03433]




 EXEC and Configuration Parser 

When you change the encapsulation on an interface from one that supports weighted fair queueing to one that does not and you make the change from the console or aux port, there can be a memory loss of 8 KB each time you change the encapsulation. You can identify this problem by examining the output of the show memory allocating-process command, which shows that the number of memory blocks allocated by the exec increases each time you change the encapsulation. If you do not change the encapsulation on an interface often, this problem should not have a significant impact on system performance. [CSCdi89723]



 Caveats for Release 11.2(1) Through 11.2(3)
 This section describes possibly unexpected behavior by Release 11.2(3). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(3). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

 Access Server

In a Cisco AS5200 running Release 11.2(3.0.3), if a T1 interface is placed into loopback as a result of excessive "runt" (short frame) errors, the Cisco AS5200 will not automatically recover (un-loopback) the T1 after the error condition is corrected, even though console messages might indicate this has occurred. 



It is still possible to manually un-loop the T1 via the no loopback interface configuration command. [CSCdi84028]




The OOB port of a modem on a Cisco AS5200 might become unresponsive. To recover the modem, issue a clear modem slot/port command. [CSCdi85028]



 AppleTalk
 A router will crash when an incomplete AppleTalk fast switching cache entry is used. This happens when the cache entry is updated with another output interface and within a small timing window. There is no workaround. [CSCdi77772]

 Basic System Services

The IP named access list cannot be configured via HTTP access. The command works manually (via terminal), but there is no option to enter it via the browser page access. [CSCdi79249]

Authenticated NTP packets will be ignored. There is no workaround to this problem. [CSCdi82459]

A router configured with HTTP enabled, AAA enabled, login set to the default of local authentication, and a blank username will enter an infinite loop that will set off the watchdog timer, causing the router to reload. [CSCdi84663]

Accessing a non-existent interface and then a valid interface using ClickStart might cause the router to crash. [CSCdi87125]



 IBM Connectivity

The router crashes when you enter the show lnm station command. This might happen when there are many ring status changes, for example, when stations are added to or removed from the ring. This problem is platform independent. The workaround is to disable LNM. [CSCdi72954]

APPN alerts are currently only sent over an LU6.2 session. It is a requirement to be able to configure these alerts to be sent over a SSCP-PU NSP session. [CSCdi73663]

When running DLSw remote or local switching between QLLC/SDLC/VDLC and a Token Ring, if the Token Ring's largest frame (lf) is less than 4472, the circuit will not connect. 



The output of debug dlsw reachability or debug dlsw reachability error indicates an lf mismatch condition detected by DLSw. This condition should not be flagged as an error. The smallest lf across the entire path should be used for the circuit. [CSCdi77805] 




If a configuration session timed out or was dropped while in a command configuration mode, the next attempt to enter that configuration mode might fail, with the following message being displayed: 


The TN3270-server feature is currently being configured 


[CSCdi80173]




A router might reload when more than 125 sessions on the router are using QLLC/DLSw+ conversion. [CSCdi84896]

When a downstream PU2.0 stops by issuing a REQDISCONT to a DLUR router, the DLUR router might loop continuously, restarting the link to a downstream PU2. In this case, the DLUR router sends a corrupted packet to the host instead of a REQDACTPU. [CSCdi86769]



 Interfaces and Bridging

Killed packets when bridging on an FDDI interface receive a packet with DSAP and SSAP = 0xaaaa and length less than 21 bytes, can cause havoc. On systems running Release 11.0(9.3) or 11.1(4), the following message appears: 


CBUS-3-INTERR: Interface 6, Error (8011) 


This error occurs because bridging sees "aaaa" and assumes it is SNAP encapsulated. Because SNAP-encapsulated packets have a minimum length of 21, the bridging code subtracts 21 from the original length of the packet (20) when queuing it on the outbound interface. The result is the length of an outbound packet is -1 or 65535 bytes. This causes the Switch Processor to become confused and write over low core, causing an 8011 error. [CSCdi65953]




When using FDDI with subinterfaces and Secure Data Exchange (SDE) encapsulation, configuring transparent bridging on a subinterface caused OSPF to die on the complete interface. [CSCdi72969]



 IP Routing Protocols

When OSPF is configured with the default-information originate router command to generate default information, OSPF is prevented from installing the default information advertised by other OSPF routers. This causes a problem if OSPF does not really generate the default because a certain condition is not satisfied, for example, the gateway of last resort is not set. [CSCdi80474]

In very obscure cases involving equal-cost backup routes to a failing route, it is possible for Enhanced IGRP to be caught in a "stuck in active" state (self-correcting after several minutes). There is no workaround to this problem. [CSCdi81791]

OSPF can lose a neighbor periodically over a slow link when the OSPF database is refreshed, which generates many OSPF packets. There is no workaround. [CSCdi82237]

An error might occur and cause the following messages to appear:


System restarted by error - Zero Divide, PC 0x38EF0C (0x38EF0C:_igmp_report_delay(0x38eec6)+0x46)





[CSCdi83040]





When using BGP, prepending autonomous system paths using an incoming route map can cause a memory shortage in the router. The workaround is to use other methods, for example, setting the neighbor weight, to influence path selection. [CSCdi84419]

A router might advertise a combination of unicast and DVMRP routes in excess of the configured route limit (but no more than two times the limit). The workaround is to configure a lower route limit. [CSCdi85263]



 ISO CLNS

After removing a static CLNS route, ISO-IGRP prefix routes can be seen to count to infinity around a looped topology. The workaround is to use the command clns router iso-igrp domain to break the loops in the CLNS topology until the routes age out. [CSCdi78048]

CSCdi78048 introduced a bug that ISO-IGRP will not redistribute the local ISIS route. [CSCdi85861]



 Novell IPX, XNS, and Apollo Domain

NLSP links might reflect incorrect source network/node addresses in the routing tables. This does not hinder connectivity to other IPX networks when going from a Cisco device to a Cisco device. However, certain non-Cisco routers might not correctly process the incorrect address and NLSP routing might fail. [CSCdi68981]

Routers configuring for IPX Enhanced IGRP with parallel paths might reload. The workaround is to run IPX RIP. [CSCdi84739]

The ipx down network-number command might appear unexpectedly in the output of a write terminal command, and this command might be written to nonvolatile memory with the write memory command when the interface is down but you have not issued an ipx down command on that interface. There is no workaround. The unwanted command does not appear when the interface is up. If the unwanted command appears in nonvolatile memory, issue a no ipx down command followed by a write memory command when the interface is up to clear the undesired command from memory. [CSCdi85453]

IPX does not work in Release 11.2(3.2) because of CSCdi80447, which introduced a broadcast mechanism for clients on the same IPX network separated by WAN links. There is no workaround. [CSCdi85856]

TCP data structure gets clobbered if an RST is received while the application is half way through closing the connection. The local TCP will go into an endless loop trying to send the last finished message FIN to its peer. A typical symptom for the problem is that the CPU usage becomes very high, and the application that is doing the close will be stuck in TCP indefinitely. [CSCdi88063]

TCP gets into an endless ACK war with its peer if the application on both ends has stopped reading data. A typical symptom is that CPU usage becomes very high on the router. A possible workaround for the problem is to clear the tty/vty line that owns the TCP connection in the ACK war. [CSCdi88065]



 VINES 
 Routers connected via extremely slow links that have a large routing table (for example, more than 300 entries), do not receive a full routing update before the reassembly timer expires. The symptom is that routes repeatedly appear and then age out. The workaround is to add access lists to eliminate some of the unneeded routes. [CSCdi79355]

 Wide-Area Networking

The output hold queue holds all buffers that are being kept in output queue because of traffic shaping. This slows down traffic for other VCs, causing the traffic to traverse the complete queue before it can leave the system. [CSCdi74940]

Dial-on-demand router (DDR) load balancing does not forward packets correctly when the system dials out via the dialer load-threshold command and more than one remote device is connected by either dial-out or dial-in. This problem typically occurs on a PRI with dialer load threshold configured, but can also occur on BRI or multiple DDR interfaces in a dialer rotary group when more than one remote device is connected. As a workaround, remove the dialer load-threshold command. [CSCdi76324]

IPX fast switching with multiple route paths over multiple ATM/LANE interfaces/subinterfaces can cause random system reloads. The workaround is to use only one ATM/LANE IPX path, set ipx maximum-paths 1, or use ipx per-host-load-share to force only one interface to be used. [CSCdi77259]

The output of the show version might indicate that the system was restarted because of a bus error at PC 0x2227A8F6, address 0xD0D0D39, when there is no apparent cause for the reload. [CSCdi83848]



 Interfaces and Bridging 
 When pinging over sync DDR with HDLC stack compression, the router will unexpectedly reset. [CSCdi79832]

 Cisco Connection Online
 Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
 Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
 CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
 You can access CCO in the following ways:

WWW:  http://www.cisco.com

WWW:  http://www-europe.cisco.com

WWW:  http://www-china.cisco.com

Telnet:  cco.cisco.com

Modem:  From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.


 For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.


 Documentation CD-ROM 
 Cisco documentation and additional literature are available in a CD-ROM, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM is available as a single unit or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.