Release Notes for Cisco IOS Release 11.2

January 12, 1998

These release notes describe the features and caveats for Cisco IOS Release 11.2, up to and including Release 11.2(11). They include all routing and access server features.

Introduction

These release notes discuss the following topics:

• Documentation, page 2

• Platform Support for Release 11.2, page 5

• Cisco IOS Packaging, page 8

• Memory Requirements for Release 11.2, page 36

• Microcode Software, page 45

• New Feature Set in Release 11.2(4), page 46

• New Features in Release 11.2(1), page 46

• Important Notes, page 65

• Caveats for Release 11.2(1) through 11.2(11), page 71

• Caveats for Release 11.2(1) through 11.2(10), page 87

• Caveats for Release 11.2(1) through 11.2(9), page 95

• Caveats for Release 11.2(1) through 11.2(8), page 102

• Caveats for Release 11.2(1) through 11.2(7), page 110

• Caveats for Release 11.2(1) through 11.2(6), page 118

• Caveats for Release 11.2(1) through 11.2(5), page 124

• Caveats for Release 11.2(1) through 11.2(4), page 130

• Caveats for Release 11.2(1) through 11.2(3), page 135

• Caveats for Release 11.2(1) through 11.2(2), page 139

• Caveats for Release 11.2(1), page 144

• Microcode Revision History, page 148

• Route Switch Processor (RSP) Microcode Revision History, page 152

• Cisco Connection Online, page 156

• Documentation CD-ROM, page 157

Documentation

For Cisco IOS Release 11.2, the Cisco IOS documentation set consists of eight modules, each module consisting of a configuration guide and a command reference. The documentation set also includes five supporting documents.

---

Note The most up-to-date Cisco IOS documentation can be found on the latest Documentation CD-ROM and on the Web. These electronic documents contain updates and modifications made after the paper documents were printed.

---

The books and chapter topics are as follows:

Books	Chapter Topics
· Configuration Fundamentals Configuration Guide · Configuration Fundamentals Command Reference	Access Server and Router Product Overview User Interface System Images and Configuration Files Using ClickStart, AutoInstall, and Setup Interfaces System Management
· Security Configuration Guide · Security Command Reference	Network Access Security Terminal Access Security Accounting and Billing Traffic Filters Controlling Router Access Network Data Encryption with Router Authentication
· Access Services Configuration Guide · Access Services Command Reference	Terminal Lines and Modem Support Network Connections AppleTalk Remote Access SLIP and PPP XRemote LAT Telnet TN3270 Protocol Translation Configuring Modem Support and Chat Scripts X.3 PAD Regular Expressions
· Wide-Area Networking Configuration Guide · Wide-Area Networking Command Reference	ATM Dial-on-Demand Routing (DDR) Frame Relay ISDN LANE PPP for Wide-Area Networking SMDS X.25 and LAPB
· Network Protocols Configuration Guide, Part 1 · Network Protocols Command Reference, Part 1	IP IP Routing
· Network Protocols Configuration Guide, Part 2 · Network Protocols Command Reference, Part 2	AppleTalk Novell IPX
· Network Protocols Configuration Guide, Part 3 · Network Protocols Command Reference, Part 3	Apollo Domain Banyan VINES DECnet ISO CLNS XNS
· Bridging and IBM Networking Configuration Guide · Bridging and IBM Networking Command Reference	Transparent Bridging Source-Route Bridging Remote Source-Route Bridging DLSw+ STUN and BSTUN LLC2 and SDLC IBM Network Media Translation DSPU and SNA Service Point Support SNA Frame Relay Access Support APPN NCIA Client/Server Topologies IBM Channel Attach
· Cisco IOS Software Command Summary · Access Services Quick Configuration Guide · System Error Messages · Debug Command Reference · Cisco Management Information Base (MIB) User Quick Reference

These documents are available as printed manuals or electronic documents.

You can access the electronic documents either on the Cisco Documentation CD-ROM or at Cisco Connection Online (CCO) on the World Wide Web.

On the Documentation CD-ROM, go to the Cisco IOS Software Configuration database, select Cisco IOS Release 11.2, and follow the link to the Cisco IOS Configuration Guides and Command References.

Additional information about CCO and the Documentation CD-ROM is in the sections "Cisco Connection Online" and "Documentation CD-ROM" at the end of these release notes.

Platform Support for Release 11.2

Cisco IOS Release 11.2 supports the following router platforms:

• Cisco 7500 series

• Cisco 7200 series

• Cisco 7000 series

• Cisco 4000 series (Cisco 4000, Cisco 4000-M, Cisco 4500, Cisco 4500-M, Cisco 4700, and Cisco 4700-M)

• Cisco 3000 series (except the Cisco 3202)

• Cisco 2500 series

• Cisco 1003 and Cisco 1004 ISDN routers

• Cisco 1005 router

• Cisco 1000 LAN Extender

• AccessPro PC Card

• Cisco AS5100

• Cisco AS5200

Table 1 and Table 2 summarize the LAN interfaces supported on each platform.

Table 3 and Table 4 summarize the WAN data rates and interfaces supported on each platform.

Table  1: LAN Interfaces Supported by Router Platforms, Part 1

Interface	Cisco 7500 Series	Cisco 7200 Series	Cisco 7000 Series	Cisco 4000 Series	Cisco 3000 Series1	Cisco 2500 Series
Ethernet (AUI)	Yes	Yes	Yes	Yes	Yes	Yes
Ethernet (10BaseT)	Yes	Yes	Yes	Yes	No	Yes (2505, 2507, 2516, 2518, 2520, 2522, and 2524 only)
Ethernet (10BaseFL)	Yes	Yes	Yes	No	No	No
Fast Ethernet (100BaseTX)	Yes	Yes	Yes	No	No	No
Fast Ethernet (100BaseFX)	Yes	Yes	Yes	No	No	No
4-Mbps Token Ring	Yes	Yes	Yes	Yes	Yes	Yes
16-Mbps Token Ring	Yes	Yes	Yes	Yes	Yes	Yes
FDDI DAS	Yes	Yes	Yes	Yes	No	No
FDDI SAS	Yes	No	Yes	Yes	No	No
FDDI multimode	Yes	Yes	Yes	Yes (DAS/ SAS)	No	No
FDDI single-mode	Yes	Yes	Yes	Yes	No	No
ATM Interface	Yes	No	Yes	Yes	No	No
Channel Interface	Yes	No	Yes	No	No	No
Second-Generation Channel Interface 2	Yes	No	Yes	No	No	No
Parallel Channel Adapter (Bus and Tag)	Yes	No	Yes	No	No	No
ESCON Channel Adapter (ECA)	Yes	No	Yes	No	No	No
Versatile Interface	Yes	No	Yes	No	No	No
Second-Generation Versatile Interface 2	Yes	No	Yes	No	No	No
MultiChannel Interface (Channelized E1/T1)	Yes	No	Yes	Yes	No	No
Packet-Over-SONET OC-3 Interface2	Yes	No	Yes	Yes	No	No
Synchronous Serial	Yes	Yes	Yes	Yes	Yes	Yes

Table  2: LAN Interfaces Supported by Router Platforms, Part 2

Interface	Cisco 1003/ 1004	Cisco 1005	Cisco 1000 LAN Extender	Access- Pro PC Card	AS5100	AS5200
Ethernet (AUI)	No	No	Yes	No	Yes	Yes
Ethernet (10BaseT)	Yes	Yes	Yes	Yes	No	No
Ethernet (10BaseFL)	No	No	No	No	No	No
Fast Ethernet (100BaseTX)	No	No	No	No	No	No
Fast Ethernet (100BaseFX)	No	No	No	No	No	No
4-Mbps Token Ring	No	No	No	Yes	No	No
16-Mbps Token Ring	No	No	No	Yes	No	No
FDDI DAS	No	No	No	No	No	No
FDDI SAS	No	No	No	No	No	No
FDDI multimode	No	No	No	No	No	No
FDDI single-mode	No	No	No	No	No	No
ATM Interface	No	No	No	No	No	No
Channel Interface	No	No	No	No	No	No
Second-Generation Channel Interface	No	No	No	No	No	No
Parallel Channel Adapter (Bus and Tag)	No	No	No	No	No	No
ESCON Channel Adapter (ECA)	No	No	No	No	No	No
Versatile Interface	No	No	No	No	No	No
Second-Generation Versatile Interface	No	No	No	No	No	No
MultiChannel Interface (Channelized E1/T1)	No	No	No	No	No	Yes
Packet-Over-SONET OC-3 Interface	No	No	No	No	No	No
Synchronous Serial	No	No	No	No	Yes	No

Table  3: WAN Data Rates and Interfaces Supported by Router Platforms, Part 1

	Cisco 7500 Series	Cisco 7200 Series	Cisco 7000 Series	Cisco 4000 Series	Cisco 3000 Series1	Cisco 2500 Series
Data Rate
48/56/64 kbps	Yes	Yes	Yes	Yes	Yes	Yes
1.544/2.048 Mbps	Yes	Yes	Yes	Yes	Yes	Yes
34/45/52 Mbps	Yes	Yes	Yes	No	No	No
Interface
EIA/TIA-232	Yes	Yes	Yes	Yes	Yes	Yes
X.21	Yes	Yes	Yes	Yes	Yes	Yes
V.35	Yes	Yes	Yes	Yes	Yes	Yes
EIA/TIA-449	Yes	Yes	Yes	Yes	Yes	Yes
EIA-530	Yes	Yes	Yes	Yes	Yes	Yes
EIA/TIA-613 (HSSI)	Yes	No	Yes	No	No	No
ISDN BRI	No	No	No	Yes	Yes	Yes
ISDN PRI	Yes	No	Yes	Yes	No	No
E1-G.703/G.704	Yes	No	Yes	Yes	No	No

Table  4: WAN Data Rates and Interfaces Supported by Router Platforms, Part 2

	Cisco 1003/ 1004	Cisco 1005	Cisco 1000 LAN Extender	Access-Pro PC Card	AS5100	AS5200
Data Rate
48/56/64 kbps	Yes	Yes	Yes	Yes	Yes	Yes
1.544/2.048 Mbps	No	Yes	Yes	Yes	Yes	Yes
34/45/52 Mbps	No	No	No	No	No	No
Interface
EIA/TIA-232	No	Yes	No	Yes	Yes	Yes
X.21	No	Yes	Yes	Yes	Yes	Yes
V.35	No	Yes	Yes	Yes	Yes	Yes
EIA/TIA-449	No	Yes	No	Yes	Yes	Yes
EIA-530	No	Yes	No	Yes	Yes	Yes
EIA/TIA-613 (HSSI)	No	No	No	No	No	No
ISDN BRI	Yes	Yes	No	Yes	No	No
ISDN PRI	No	No	No	No	No	Yes
E1-G.703/G.704	No	No	No	No	No	Yes

Cisco IOS Packaging

In Cisco IOS Release 11.2, feature sets have been updated to make it easier to select the exact feature sets you need. Feature set names are simplified and are more consistent across Cisco hardware platforms. In addition, you can add options to the standard feature set offerings. These options provide additional features and value, based on the hardware platform selected. Cisco also continues to offer specialized feature sets for key applications.

Table 5 provides a matrix of the new feature set organization and shows which feature sets are available on the various hardware platforms. These feature sets only apply to Cisco IOS Release 11.2.

An explanation of the table entries follows:

• Basic. The basic feature set for the hardware platform.

• Plus. The basic feature set plus a variable set of additional features depending on the hardware platform selected.

• Encryption. The addition of 40-bit (Plus 40) or 56-bit (Plus 56) data encryption feature sets.

Cisco IOS images with strong encryption (including, but not limited to 56-bit DES) are subject to U.S. Government export controls, and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders may be denied or subject to delay due to U.S. Government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.

---

Note Release 11.2 introduces new feature-set image names for several feature sets that were available in earlier releases. For example, the prefix "igs-" has been replaced with "c2500-." Image names have been changed to facilitate identifying the platform on which the image runs. See the section "Memory Requirements for Release 11.2" for more information.

---

Table  5: Cisco IOS Release 11.2 Feature Set Matrix

Feature Set	Hardware Platform
	Cisco 1000 Series	Cisco 2500 Series and AS5100	Cisco 4000 Series	Cisco 7000 Series1, 2	Cisco 7200 Series1	Cisco 7500 Series1	Cisco AS5200
Standard Feature Sets
IP	Basic	Basic, Plus, and Encryption	Basic, Plus, and Encryption	Basic	Basic	Basic and Encryption	Basic and Plus
Desktop (IP/IPX/AppleTalk/DEC)	-	Basic, Plus, and Encryption	Basic, Plus, and Encryption	Basic	Basic	Basic and Encryption	Basic and Plus
Enterprise	-	Basic, Plus, and Encryption	Basic, Plus, and Encryption	Basic	Basic	Basic and Encryption	Basic and Plus
Enterprise and APPN	-	Plus and Encryption	Plus and Encryption	Basic	Basic	Basic and Encryption	-
IP/IPX/IBM and APPN	-	Basic	Basic	-	-	-	-
Desktop/IBM and APPN	-	-	-	Basic	Basic	Basic	-
Cisco 1000 Series Only Feature Sets
IP/IPX	Basic	-	-	-	-	-	-
IP/AppleTalk	Basic	-	-	-	-	-	-
IP/IPX/AppleTalk	Basic, Plus, and Encryption	-	-	-	-	-	-
IP/OSPF/PIM	Basic	-	-	-	-	-	-
IP/Async	Basic	-	-	-	-	-	-
IP/IPX/Async	Basic	-	-	-	-	-	-
Special Applications		-	-	-	-	-	-
Layer 3 Bridging	-	-	-	-	Basic	-	-
CFRAD	-	Basic	-	-	-	-	-
LANFRAD	-	Basic	-	-	-	-	-
ISDN	-	Basic	-	-	-	-	-
Remote Access Server	-	Basic	-	-	-	-	-

Feature Set Tables

The Cisco IOS software is available in different feature sets depending upon the platform. Table 6 lists the feature sets for the Cisco 7500 and Cisco 7000 series. Table 7 lists the feature sets for the Cisco 7200 series. Table 8 lists the optional feature set licenses for the Cisco 7000, Cisco 7200, and Cisco 7500 series. Table 9 lists the feature sets for the Cisco 2500 series, Cisco 4000, Cisco 4500, and Cisco 4700 series. Table 10 lists platform-specific feature sets for the Cisco 2500 series and Cisco AS5100. Table 11 lists the feature sets for the Cisco AS5200. Table 12 lists the software for the Cisco 1003 and Cisco 1004 ISDN routers and the Cisco 1005 router. Table 13 lists platform-specific software for the Cisco 1005 router.

The tables use the following conventions to identify features:

• Yes: the feature is offered in the basic feature set

• -- : the feature is not offered in the feature set

• Plus: the feature is offered only in the Plus feature sets, not in the basic feature set

• Encrypt: for the Cisco 7500 series, the feature is offered only in the encryption feature sets (Encryption 40, Plus 40, Encryption 56, or Plus 56), not in the basic feature set

---

Note Encryption is not available on the Cisco AS5200, Cisco 7000 series, and Cisco 7200 series platforms.

Some Cisco platforms incorporate plus features into their basic feature sets.

---

Table 6: Cisco 7000 Series and Cisco 7500 Series Software Feature Sets

	Feature Set
Feature	IP Routing	Desktop/IBM1	Enterprise1
LAN Support
Apollo Domain	--	--	Yes
AppleTalk 1 and 22	--	Yes	Yes
Banyan VINES	--	--	Yes
Concurrent routing and bridging (CRB)3	Yes	Yes	Yes
DECnet IV	--	Yes	Yes
DECnet V	--	--	Yes
GRE	Yes	Yes	Yes
Integrated routing and bridging (IRB)4	Yes	Yes	Yes
IP	Yes	Yes	Yes
LAN extension host	Yes	Yes	Yes
Multiring	Yes	Yes	Yes
Novell IPX5	--	Yes	Yes
OSI	--	--	Yes
Transparent and translational bridging	Yes	Yes	Yes
VLANs (ISL6 and IEEE 802.10)	Yes	Yes	Yes
XNS	--	--	Yes
WAN Services
ATM LAN emulation: DECnet routing, XNS routing, and Banyan VINES support	Yes	Yes	Yes
ATM LAN emulation: Hot Standby Router Protocol (HSRP) and Simple Server Redundancy Protocol (SSRP)	Yes	Yes	Yes
ATM: Rate queues for SVC per subinterface	Yes	Yes	Yes
ATM: UNI 3.1 signaling for ATM	Yes	Yes	Yes
Combinet Packet Protocol (CPP)	Yes	Yes	Yes
Dialer profiles	Yes	Yes	Yes
Half bridge/half router for CPP and PPP	Yes	Yes	Yes
HDLC	Yes	Yes	Yes
IPXWAN 2.0	--	Yes	Yes
ISDN7	Yes	Yes	Yes
Multichassis Multilink PPP (MMP)	--	--	Yes
NetBEUI over PPP	Yes (7000 series only)	Yes (7000 series only)	Yes
PPP8	Yes	Yes	Yes
Virtual Private Dial-up Network (VPDN)	Yes	Yes	Yes
WAN Optimization
Bandwidth-on-demand	Yes	Yes	Yes
Custom and priority queuing9	Yes	Yes	Yes
Dial backup	Yes	Yes	Yes
Dial-on-demand	Yes	Yes	Yes
Header10, link and payload compression11	Yes	Yes	Yes
Named IP Access Control List	Yes	Yes	Yes
NetFlow Switching (NFS)12	Yes	Yes	Yes
Snapshot routing	Yes	Yes	Yes
Weighted fair queuing9	Yes	Yes	Yes
IP Routing
Enhanced IGRP	Yes	Yes	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes
ES-IS	--	--	Yes
IGRP	Yes	Yes	Yes
IS-IS	--	--	Yes
Named IP Access Control List13	Yes	Yes	Yes
NHRP	Yes	Yes	Yes
Network Address Translation (NAT)14	Yes	Yes	Yes
On Demand Routing (ODR)	Yes	Yes	Yes
OSPF	Yes	Yes	Yes
OSPF Not-So-Stubby-Areas (NSSA)	Yes	Yes	Yes
OSPF On Demand Circuit (RFC 1793)	Yes	Yes	Yes
PIM	Yes	Yes	Yes
Policy-based routing	Yes	Yes	Yes
RIP	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes
Other Routing
AURP	--	Yes	Yes
IPX RIP	--	Yes	Yes
NLSP	--	Yes	Yes
RTMP	--	Yes	Yes
SMRP	--	Yes	Yes
SRTP	--	--	Yes
Multimedia and Quality of Service
Generic traffic shaping	Yes	Yes	Yes
Random Early Detection (RED)	Yes	Yes	Yes
Resource Reservation Protocol (RSVP)	Yes	Yes	Yes
Management
AutoInstall	Yes	Yes	Yes
Automatic modem configuration	Yes	Yes	Yes
HTTP Server	Yes	Yes	Yes
RMON events and alarms	Yes	Yes	Yes
SNMP	Yes	Yes	Yes
Telnet	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes
Access security	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes
Kerberized login	--	--	Yes
Kerberos V client support	--	--	Yes
Lock and Key	Yes	Yes	Yes
MD5 routing authentication	Yes	Yes	Yes
Router authentication and network layer encryption (40-bit or export controlled 56-bit DES)15	Encrypt	Encrypt	Encrypt
RADIUS	Yes	Yes	Yes
TACACS+16	Yes	Yes	Yes
IBM Support
APPN (optional)1	--	Yes	Yes
BAN for SNA Frame Relay support	--	Yes	Yes
Caching and filtering	--	Yes	Yes
DLSW+17, 18	--	Yes	Yes
Downstream PU concentration (DSPU)	--	Yes	Yes
Frame Relay SNA support (RFC 1490)	--	Yes	Yes
Native Client Interface Architecture (NCIA) Server	--	Yes	Yes
NetView Native Service Point	--	Yes	Yes
QLLC	--	Yes	Yes
Response Time Reporter (RTR)	--	Yes	Yes
SDLC integration	--	Yes	Yes
SDLC transport (STUN)	--	Yes	Yes
SDLC-to-LAN conversion (SDLLC)	--	Yes	Yes
SNA and NetBIOS WAN optimization via local acknowledgment	--	Yes	Yes
SRB/RSRB19	--	Yes	Yes
SRT	--	Yes	Yes
TG/COS	--	--	Yes
TN3270 Server (CIP only)	--	Yes	Yes
VIP and HSA
VIP and HSA20	Yes	Yes	Yes
VIP221	Yes	Yes	Yes

Table  7: Cisco 7200 Series Software Feature Sets

	Feature Set
Feature	Network Layer 3 Switching	IP Routing	Desktop/IBM1	Enterprise1
LAN Support
Apollo Domain	--	--	--	Yes
AppleTalk 1 and 22	--	--	Yes	Yes
Banyan VINES	--	--	--	Yes
Concurrent routing and bridging (CRB)3	Yes	Yes	Yes	Yes
DECnet IV	--	--	Yes	Yes
DECnet V	--	--	--	Yes
GRE	--	Yes	Yes	Yes
Integrated routing and bridging (IRB)4	--	--	--	--
IP	Yes	Yes	Yes	Yes
LAN extension host	Yes	Yes	Yes	Yes
Multiring	Yes	Yes	Yes	Yes
Novell IPX5	Yes	--	Yes	Yes
OSI	--	--	--	Yes
Transparent and translational bridging	Yes	Yes	Yes	Yes
VLANs (ISL6 and IEEE 802.10)	Yes	Yes	Yes	Yes
XNS	--	--	--	Yes
WAN Services
Combinet Packet Protocol (CPP)	Yes	Yes	Yes	Yes
Dialer profiles	Yes	Yes	Yes	Yes
Half bridge/half router for CPP and PPP	Yes	Yes	Yes	Yes
HDLC	Yes	Yes	Yes	Yes
IPXWAN 2.0	Yes	--	Yes	Yes
ISDN7	--	Yes	Yes	Yes
Multichassis Multilink PPP (MMP)	--	Yes	Yes	Yes
NetBEUI over PPP	--	--	--	Yes
PPP8	--	Yes	Yes	Yes
Virtual Private Dial-up Network (VPDN)	--	Yes	Yes	Yes
WAN Optimization
Bandwidth-on-demand	--	Yes	Yes	Yes
Custom and priority queuing	--	Yes	Yes	Yes
Dial backup	--	Yes	Yes	Yes
Dial-on-demand	--	Yes	Yes	Yes
Header9, link and payload compression10	--	Yes	Yes	Yes
NetFlow Switching (NFS)11	--	Yes	Yes	Yes
Snapshot routing	Yes	Yes	Yes	Yes
Weighted fair queuing	--	Yes	Yes	Yes
IP Routing
Enhanced IGRP	Yes	Yes	Yes	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes	Yes
ES-IS	--	--	--	Yes
IGRP	Yes	Yes	Yes	Yes
IS-IS	--	--	--	Yes
Named IP Access Control List12	--	Yes	Yes	Yes
Network Address Translation (NAT)	Yes	Yes	Yes	Yes
NHRP	Yes	Yes	Yes	Yes
On Demand Routing (ODR)	Yes	Yes	Yes	Yes
OSPF	Yes	Yes	Yes	Yes
OSPF Not-So-Stubby-Areas (NSSA)	Yes	Yes	Yes	Yes
OSPF On Demand Circuit (RFC 1793)	Yes	Yes	Yes	Yes
PIM	Yes	Yes	Yes	Yes
Policy-based routing	Yes	Yes	Yes	Yes
RIP	Yes	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes	Yes
Other Routing
AURP	--	--	Yes	Yes
IPX RIP	Yes	--	Yes	Yes
NLSP	Yes	--	Yes	Yes
RTMP	Yes	Yes	Yes	Yes
SMRP	--	--	Yes	Yes
SRTP	--	--	--	Yes
Multimedia and Quality of Service
Generic traffic shaping	Yes	Yes	Yes	Yes
Random Early Detection (RED)	Yes	Yes	Yes	Yes
Resource Reservation Protocol (RSVP)	Yes	Yes	Yes	Yes
Management
AutoInstall	Yes	Yes	Yes	Yes
HTTP Server	Yes	Yes	Yes	Yes
RMON events and alarms	Yes	Yes	Yes	Yes
SNMP	Yes	Yes	Yes	Yes
Telnet	Yes	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes	Yes
Access security	Yes	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes	Yes
Kerberized login	--	--	--	Yes
Kerberos V client support	--	--	--	Yes
Lock and key	Yes	Yes	Yes	Yes
MD5 routing authentication	Yes	Yes	Yes	Yes
RADIUS	Yes	Yes	Yes	Yes
TACACS+13	Yes	Yes	Yes	Yes
IBM Support
APPN (optional)1	--	--	Yes	Yes
BAN for SNA Frame Relay support	--	--	Yes	--
Caching and filtering	--	--	Yes	Yes
DLSw+14, 15	--	--	Yes	Yes
Downstream PU concentration (DSPU)	--	--	Yes	Yes
Frame Relay SNA support (RFC 1490)	--	--	Yes	Yes
Native Client Interface Architecture (NCIA) Server	--	--	Yes	Yes
NetView Native Service Point	--	--	Yes	Yes
Response Time Reporter (RTR)	--	--	Yes	Yes
QLLC	--	--	Yes	Yes
SDLC integration	--	--	Yes	Yes
SDLC transport (STUN)	--	--	Yes	Yes
SDLC-to-LAN conversion (SDLLC)	--	--	Yes	Yes
SNA and NetBIOS WAN optimization via local acknowledgment	--	--	Yes	Yes
SRB/RSRB16	Yes	--	Yes	Yes
SRT	Yes	--	Yes	Yes
TG/COS	--	--	--	Yes

Table 8: Optional Feature Set Licenses--Cisco 7000 Series,
Cisco 7200 Series, and Cisco 7500 Series

Cisco 7000 Series, Cisco 7200 Series, and Cisco 7500 Series  Optional Feature Set Licenses

WAN Packet Protocols

ATM DXI

Frame Relay

Frame Relay switching

Frame Relay SVC support (DTE)

Frame Relay traffic shaping

SMDS over ATM

X.25

X.25 switching

Interdomain Routing1

BGP

BGP42

EGP for Internet scale routing

VIP/VIP2 support3

Included automatically with VIP order

CIP Support3, 4

SNA support

TCP/IP offload

NetFlow Switching5

NetFlow Switching software

Table  9: Cisco 2500 Series, Cisco 4000, Cisco 4500, and Cisco 4700 Software Feature Sets

	Feature Set
Feature	IP Routing	IP/IPX/IBM/APPN1	Desktop (IP/IPX/AppleTalk/DEC)	Enterprise2
LAN Support
Apollo Domain	--	--	--	Yes
AppleTalk 1 and 23	--	--	Yes	Yes
Banyan VINES	--	--	--	Yes
Concurrent routing and bridging (CRB)	Yes	Yes	Yes	Yes
DECnet IV	--	--	Yes	Yes
DECnet V	--	--	--	Yes
GRE	Yes	Yes	Yes	Yes
Integrated routing and bridging (IRB)4	Yes	Yes	Yes	Yes
IP	Yes	Yes	Yes	Yes
LAN extension host	Yes	Yes	Yes	Yes
Multiring	Yes	Yes	Yes	Yes
Novell IPX5	--	Yes	Yes	Yes
OSI	--	--	--	Yes
Source-route bridging6	--	--	--	--
Transparent and translational bridging	Yes	Yes	Yes	Yes
VLANs (ISL7 and IEEE 802.10) (Cisco 4500 only)	Plus	--	Plus	Plus
XNS	--	--	--	Yes
WAN Services
ATM LAN emulation: DECnet routing, XNS routing, and Banyan VINES support (Cisco  4500 and 4700 only)8	--	--	Plus	Plus
ATM LAN emulation: Hot Standby Router Protocol (HSRP) and Simple Server Redundancy Protocol (SSRP) (Cisco 4500 and 4700 only)	Plus	--	Plus	Plus
ATM: Rate queues for SVC per subinterface (Cisco 4000, 4500, and 4700 only)	Plus	--	Plus	Plus
ATM: UNI 3.1 signaling for ATM (Cisco 4500 and 4700 only)	Plus	--	Plus	Plus
Combinet Packet Protocol (CPP)	Yes	Yes	Yes	Yes
Dialer profiles	Yes	Yes	Yes	Yes
Frame Relay	Yes	Yes	Yes	Yes
Frame Relay SVC Support (DTE)	--	--	--	Yes
Frame Relay traffic shaping	Yes	Yes	Yes	Yes
Half bridge/half router for CPP and PPP	Yes	Yes	Yes	Yes
HDLC	Yes	Yes	Yes	Yes
IPXWAN 2.0	--	Yes	Yes	Yes
ISDN9	Yes	Yes	Yes	Yes
Multichassis Multilink PPP (MMP)	--	--	--	Yes
NetBEUI over PPP	--	--	--	Yes
PPP10	Yes	Yes	Yes	Yes
SMDS	Yes	Yes	Yes	Yes
Switched 56	Yes	Yes	Yes	Yes
Virtual Private Dial-up Network (VPDN)	Plus	--	Plus	Yes
X.2511	Yes	Yes	Yes	Yes
WAN Optimization
Bandwidth-on-demand	Yes	Yes	Yes	Yes
Custom and priority queuing	Yes	Yes	Yes	Yes
Dial backup	Yes	Yes	Yes	Yes
Dial-on-demand	Yes	Yes	Yes	Yes
Header12, link and payload compression	Yes	Yes	Yes	Yes
Snapshot routing	Yes	Yes	Yes	Yes
Weighted fair queuing	Yes	Yes	Yes	Yes
IP Routing
BGP	Yes	Yes	Yes	Yes
BGP413	Yes	Yes	Yes	Yes
EGP	Yes	Yes	Yes	Yes
Enhanced IGRP	Yes	Yes	Yes	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes	Yes
ES-IS	--	--	--	Yes
IGRP	Yes	Yes	Yes	Yes
IS-IS	--	--	--	Yes
Named IP Access Control List	Yes	Yes	Yes	Yes
Network Address Translation (NAT)	Plus	--	Plus	Plus
NHRP	Yes	Yes	Yes	Yes
On Demand Routing (ODR)	Yes	Yes	Yes	Yes
OSPF	Yes	Yes	Yes	Yes
OSPF Not-So-Stubby-Areas (NSSA)	Yes	Yes	Yes	Yes
OSPF On Demand Circuit (RFC 1793)	Yes	Yes	Yes	Yes
PIM	Yes	Yes	Yes	Yes
Policy-based routing	Yes	Yes	Yes	Yes
RIP	Yes	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes	Yes
Other Routing
AURP	--	--	Yes	Yes
IPX RIP	--	Yes	Yes	Yes
NLSP	--	Yes	Yes	Yes
RTMP	--	--	Yes	Yes
SMRP	--	--	Yes	Yes
SRTP	--	--	--	Yes
Multimedia and Quality of Service
Generic traffic shaping	Yes	Yes	Yes	Yes
Random Early Detection (RED)14	Yes	Yes	Yes	Yes
Resource Reservation Protocol (RSVP)14	Yes	Yes	Yes	Yes
Management
AutoInstall	Yes	Yes	Yes	Yes
Automatic modem configuration	Yes	Yes	Yes	Yes
HTTP Server	Yes	Yes	Yes	Yes
RMON events and alarms15	Yes	Yes	Yes	Yes
RMON full (Cisco 2500 only)	Plus	Plus	Plus	Plus
SNMP	Yes	Yes	Yes	Yes
Telnet	Yes	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes	Yes
Access security	Yes	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes	Yes
Kerberized login	--	--	--	Yes
Kerberos V client support	--	--	--	Yes
Lock and key	Yes	Yes	Yes	Yes
MAC security for hubs16	Yes	Yes	Yes	Yes
MD5 routing authentication	Yes	Yes	Yes	Yes
Router authentication and network layer encryption (40-bit or export controlled 56-bit DES)17	Encrypt	--	Encrypt	Encrypt
RADIUS	Yes	Yes	Yes	Yes
TACACS+18	Yes	Yes	Yes	Yes
IBM Support (Optional)
APPN (optional)2	--	Yes	--	Yes
BAN for SNA Frame Relay support	Plus	Yes	Plus	Yes
Bisync	Plus	Yes	Plus	Yes
Caching and filtering	Plus	Yes	Plus	Yes
DLSw+ 19	Plus	Yes	Plus	Yes
Downstream PU concentration (DSPU)	Plus	Yes	Plus	Yes
Frame Relay SNA support (RFC 1490)	Plus	Yes	Plus	Yes
Native Client Interface Architecture (NCIA) Server	Plus	Yes	Plus	Yes
NetView Native Service Point	Plus	Yes	Plus	Yes
QLLC	Plus	Yes	Plus	Yes
Response Time Reporter (RTR)	Plus	Yes	Plus	Yes
SDLC integration	Plus	Yes	Plus	Yes
SDLC transport (STUN)	Plus	Yes	Plus	Yes
SDLC-to-LAN conversion (SDLLC)	Plus	Yes	Plus	Yes
SNA and NetBIOS WAN optimization via local acknowledgment	Plus	Yes	Plus	Yes
SRB/RSRB20	Plus	Yes	Plus	Yes
SRT	Plus	Yes	Plus	Yes
TG/COS	--	--	--	Yes
TN3270	--	--	--	Yes
Protocol Translation
LAT	--	--	--	Yes
Rlogin	--	--	--	Yes
Remote Node21
ARAP 1.0/2.022	--	--	Yes	Yes
Asynchronous master interfaces	Yes	Yes	Yes	Yes
ATCP	--	--	Yes	Yes
CPPP	Yes	Yes	Yes	Yes
CSLIP	Yes	Yes	Yes	Yes
DHCP	Yes	Yes	Yes	Yes
IP pooling	Yes	Yes	Yes	Yes
IPX and ARAP on virtual async interfaces	--	--	--	Yes
IPXCP12	--	Yes	Yes	Yes
MacIP	--	--	Yes	Yes
NASI	--	Yes	Yes	Yes
PPP	Yes	Yes	Yes	Yes
SLIP	Yes	Yes	Yes	Yes
Terminal Services21
LAT23	--	--	--	Yes
Rlogin	Yes	Yes	Yes	Yes
Telnet	Yes	Yes	Yes	Yes
TN3270	--	--	--	Yes
X.25 PAD	Yes	Yes	Yes	Yes
Xremote	--	--	--	Yes

Table  10: Platform-Specific Cisco 2500 Series and AS5100 Access Server Software Feature Sets

	Feature Set
Feature	ISDN	CFRAD	LAN FRAD	OSPF LANFRAD1	Remote Access Server
Platforms Supported
Cisco 2500 series routers: models 2501, 2502, 2505, 2507, 2509-2515, 2524	--	--	--	--	--
Cisco 2503I,  Cisco 2504I	Yes	--	--	--	--
Cisco 2501CF, Cisco 2502CF, Cisco 2520CF-2523CF	--	Yes	--	--	--
Cisco 2501LF, Cisco 2502LF, Cisco 2520LF-2523LF	--	--	Yes	Yes	--
Cisco 2509-2512, Cisco AS5100	--	--	--	--	Yes
LAN Support
AppleTalk 1 and 22	Yes	--	--	--	Yes
Concurrent routing and bridging (CRB)	--	--	--	--	--
DECnet IV	--	--	--	--	--
GRE	Yes	--	Yes	Yes	Yes
Integrated routing and bridging (IRB)3	Yes	Yes	Yes	Yes	Yes
IP	Yes	Yes	Yes	Yes	Yes
Multiring	Yes	--	Yes	Yes	Yes
Novell IPX4	Yes	--	Yes	Yes	Yes
Source-route bridging	--	Yes	Yes	Yes	--
Transparent bridging	--	Yes	Yes	Yes	Yes
Transparent and translational bridging5	Yes	Yes	Yes	Yes	Yes
WAN Services
Combinet Packet Protocol (CPP)	Yes	Yes	Yes	Yes	Yes
Dialer profiles	Yes	Yes	Yes	Yes	Yes
Frame Relay	--	Yes	Yes	Yes	Yes
Frame Relay traffic shaping	Yes	Yes	Yes	Yes	Yes
Half bridge/half router for CPP and PPP	Yes	Yes	Yes	Yes	Yes
HDLC	--	--	--	--	Yes
IPXWAN 2.0	--	--	Yes	Yes	Yes
ISDN6	Yes	--	--	--	--
Multichassis Multilink PPP (MMP)	--	--	--	--	Yes
NetBEUI over PPP	--	--	--	--	Yes
PPP7	Yes	Yes	Yes	Yes	Yes
SMDS	--	--	--	--	--
Switched 56	--	--	--	--	Yes
Virtual Private Dial-up Network (VPDN)	--	--	--	--	Yes
X.258	--	--	--	--	Yes
WAN Optimization
Bandwidth-on-demand9	Yes	--	--	--	Yes
Custom and priority queuing	Yes	Yes	Yes	Yes	Yes
Dial backup	Yes	--	--	--	Yes
Dial-on-demand	Yes	--	--	--	Yes
Header10, link and payload compression11	--	Yes	Yes	Yes	Yes
Header11 and link compression	Yes	--	--	--	--
Snapshot routing	Yes	--	--	--	Yes
Weighted fair queuing	Yes	Yes	Yes	Yes	Yes
IP Routing
BGP	Yes	--	--	--	--
BGP412	Yes	Yes	--	--	--
EGP	Yes	--	--	--	--
Enhanced IGRP	Yes	Yes	Yes	Yes13	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes	Yes13	Yes
IGRP	Yes	Yes	Yes	Yes	Yes
NHRP	Yes	--	--	--	--
On Demand Routing (ODR)	Yes	Yes	Yes	Yes	Yes
OSPF	Yes	Yes	--	Yes	--
OSPF Not-So-Stubby-Areas (NSSA)	Yes	Yes	--	Yes	--
OSPF On Demand Circuit (RFC 1793)	Yes	Yes	--	Yes	--
PIM	Yes	--	--	--	Yes
Policy-based routing	Yes	--	--	--	Yes
RIP	Yes	Yes	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes	Yes	Yes
Other Routing
AURP	Yes	--	--	--	Yes
IPX RIP	Yes	--	Yes	Yes	Yes
NLSP	--	--	--	--	--
RTMP	Yes	--	--	--	Yes
Multimedia and  Quality of Service
Generic traffic shaping	Yes	Yes	Yes	Yes	Yes
Random Early Detection (RED)	Yes	Yes	Yes	Yes	Yes
Resource Reservation Protocol (RSVP)	Yes	Yes	Yes	Yes	Yes
Management
AutoInstall	--	Yes	Yes	Yes	Yes
Automatic modem configuration	--	--	--	--	Yes
HTTP Server	Yes	Yes	Yes	Yes	Yes
RMON events and alarms14	Yes	Yes	Yes	Yes	Yes
SNMP	Yes	Yes	Yes	Yes	Yes
Telnet	Yes	Yes	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes	Yes	Yes
Access security	Yes	Yes	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes	Yes	Yes
Kerberos V client support	Yes	Yes	Yes	Yes	Yes
Lock and Key	Yes	Yes	Yes	Yes	Yes
MAC security for hubs15	--	--	--	--	--
MD5 routing authentication	Yes	Yes	Yes	Yes	Yes
RADIUS	--	--	--	--	Yes
TACACS+16	Yes	Yes	Yes	Yes	Yes
IBM Support (Optional)
BAN for SNA Frame Relay support	--	Yes	Yes	Yes	--
Bisync	--	Yes	Yes	Yes	--
Caching and filtering	--	Yes	Yes	Yes	--
DLSw+17	--	Yes	Yes	Yes	--
Frame Relay SNA support (RFC 1490)	--	Yes	Yes	Yes	--
Native Client Interface Architecture (NICA) Server	--	--	--	--	--
NetView Native Service Point	--	Yes	Yes	Yes	--
Polled async (ADT, ADPLEX)	--	Yes	Yes	Yes	--
QLLC	--	Yes	Yes	Yes	--
DLSw (RFC 1795)	--	Yes	Yes	Yes	--
RSRB	--	Yes	--	--	--
SDLC integration	--	Yes	Yes	Yes	--
SDLC transport (STUN)	--	Yes	Yes	Yes	--
SDLC-to-LAN conversion (SDLLC)	--	Yes	Yes	Yes	--
SNA and NetBIOS WAN optimization via local acknowledgment	--	Yes	Yes	Yes	--
SRB/RSRB18	--	--	Yes	Yes	--
SRT	--	--	Yes	Yes	--
Protocol Translation
LAT	--	--	--	--	Yes
PPP	--	--	--	--	Yes
Rlogin	--	--	--	--	Yes
Telnet	--	--	--	--	Yes
TN3270	--	--	--	--	Yes
X.25	--	--	--	--	Yes
Remote Node19
ARAP 1.0/2.020	--	--	--	--	Yes
Asynchronous master interfaces	--	--	--	--	Yes
ATCP	--	--	--	--	Yes
CPPP	--	--	--	--	Yes
CSLIP	--	--	--	--	Yes
DHCP	--	--	--	--	Yes
IP pooling	--	--	--	--	Yes
IPX and ARAP on virtual async interfaces	--	--	--	--	Yes
IPXCP21	--	--	--	--	Yes
MacIP	--	--	--	--	Yes
PPP	--	--	--	--	Yes
SLIP	--	--	--	--	Yes
Terminal Services19
LAT22	--	--	--	--	Yes
Rlogin	--	--	--	--	Yes
Telnet	--	--	--	--	Yes
TN3270	--	--	--	--	Yes
X.25 PAD	--	--	--	--	Yes
Xremote	--	--	--	--	Yes

Table 11: Cisco AS5200 Access Server Software Feature Sets

	Feature Set
Feature	IP Routing	Desktop (IP/IPX/AppleTalk/DEC)	Enterprise1
LAN Support
Apollo Domain	--	--	Yes
AppleTalk 1 and 22	--	Yes	Yes
Banyan VINES	--	--	Yes
Concurrent routing and bridging (CRB)	Yes	Yes	Yes
DECnet IV	--	Yes	Yes
DECnet V	--	--	Yes
GRE	Yes	Yes	Yes
Integrated routing and bridging (IRB)3	Yes	Yes	Yes
IP	Yes	Yes	Yes
LAN extension host	Yes	Yes	Yes
Multiring	Yes	Yes	Yes
Novell IPX4	--	Yes	Yes
OSI	--	--	Yes
Source-route bridging (SRB)	--	--	Yes
Transparent and translational bridging	Yes	Yes	Yes
XNS	--	--	Yes
WAN Services
ATM LAN emulation: Rate queues for SVC per subinterface	--	--	Yes
Combinet Packet Protocol (CPP)	Yes	Yes	Yes
Dialer profiles	Yes	Yes	Yes
Frame Relay	Yes	Yes	Yes
Frame Relay SVC Support (DTE)	--	--	Yes
Frame Relay traffic shaping	Yes	Yes	Yes
Half bridge/half router for CPP and PPP	Yes	Yes	Yes
HDLC	Yes	Yes	Yes
IPXWAN 2.0	--	Yes	Yes
ISDN5	Yes	Yes	Yes
Multichassis Multilink PPP (MMP)	--	--	Yes
NetBEUI over PPP	--	--	Yes
PPP6	Yes	Yes	Yes
SMDS	Yes	Yes	Yes
Switched 56	Yes	Yes	Yes
Virtual Private Dial-up Network (VPDN)	Plus	Plus	Yes
X.257	Yes	Yes	Yes
WAN Optimization
Bandwidth-on-demand	Yes	Yes	Yes
Custom and priority queuing	Yes	Yes	Yes
Dial backup	Yes	Yes	Yes
Dial-on-demand	Yes	Yes	Yes
Header8, link and payload compression9	Yes	Yes	Yes
Snapshot routing	Yes	Yes	Yes
Weighted fair queuing	Yes	Yes	Yes
IP Routing
BGP	Yes	Yes	Yes
BGP410	Yes	Yes	Yes
EGP	Yes	Yes	Yes
Enhanced IGRP	Yes	Yes	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes
ES-IS	--	--	Yes
IGRP	Yes	Yes	Yes
IS-IS	--	--	Yes
Named IP Access Control List	Yes	Yes	Yes
Network Address Translation (NAT)	Plus	Plus	Plus
NHRP	Yes	Yes	Yes
On Demand Routing (ODR)	Yes	Yes	Yes
OSPF	Yes	Yes	Yes
OSPF Not-So-Stubby-Areas (NSSA)	Yes	Yes	Yes
OSPF On Demand Circuit (RFC 1793)	Yes	Yes	Yes
PIM	Yes	Yes	Yes
Policy-based routing	Yes	Yes	Yes
RIP	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes
Other Routing
AURP	--	Yes	Yes
IPX RIP	--	Yes	Yes
NLSP	--	Yes	Yes
RTMP	--	Yes	Yes
SMRP	--	Yes	Yes
SRTP	--	--	Yes
Multimedia and Quality of Service
Generic traffic shaping	Yes	Yes	Yes
Random Early Detection (RED)	Yes	Yes	Yes
Resource Reservation Protocol (RSVP)	Yes	Yes	Yes
Management
AutoInstall	Yes	Yes	Yes
Automatic modem configuration	Yes	Yes	Yes
HTTP Server	Yes	Yes	Yes
Modem Management	Plus	Plus	Plus
RMON events and alarms11	Yes	Yes	Yes
RMON full	Plus	Plus	Plus
SNMP	Yes	Yes	Yes
Telnet	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes
Access security	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes
Kerberized login	--	--	Yes
Kerberos V client support	--	--	Yes
Lock and key	Yes	Yes	Yes
MAC security for hubs	Yes	Yes	Yes
MD5 routing authentication	Yes	Yes	Yes
RADIUS	Yes	Yes	Yes
TACACS+12	Yes	Yes	Yes
IBM Support (Optional)
APPN (optional)2	--	--	--
BAN for SNA Frame Relay support	Plus	Plus	Yes
Bisync	Plus	Plus	Yes
Caching and filtering	Plus	Plus	Yes
DLSw+ 13	Plus	Plus	Yes
Downstream PU concentration (DSPU)	Plus	Plus	Yes
Frame Relay SNA support (RFC 1490)	Plus	Plus	Yes
Native Client Interface Architecture (NCIA) Server	Plus	Plus	Yes
NetView Native Service Point	Plus	Plus	Yes
QLLC	Plus	Plus	Yes
Response Time Reporter (RTR)	Plus	Plus	Yes
SDLC integration	Plus	Plus	Yes
DLSw (RFC 1795)	Plus	Plus	Yes
SDLC transport (STUN)	Plus	Plus	Yes
SDLC-to-LAN conversion (SDLLC)	Plus	Plus	Yes
SNA and NetBIOS WAN optimization via local acknowledgment	Plus	Plus	Yes
SRB/RSRB14	Plus	Plus	Yes
SRT	Plus	Plus	Yes
TG/COS	--	--	Yes
TN3270	--	--	Yes
Protocol Translation
LAT	--	--	Yes
Rlogin	--	--	Yes
Remote Node15
ARAP 1.0/2.0	--	Yes	Yes
Asynchronous master interfaces	Yes	Yes	Yes
ATCP	--	Yes	Yes
CPPP	Yes	Yes	Yes
CSLIP	Yes	Yes	Yes
DHCP	Yes	Yes	Yes
IP pooling	Yes	Yes	Yes
IPX and ARAP on virtual async interfaces	--	--	Yes
IPXCP	--	Yes	Yes
MacIP	--	Yes	Yes
NASI	--	--	--
SLIP	Yes	Yes	Yes
Terminal Services15
LAT16	--	--	Yes
Rlogin	Yes	Yes	Yes
Telnet	Yes	Yes	Yes
TN3270	--	--	Yes
X.25 PAD	Yes	Yes	Yes
Xremote	--	--	Yes

Table  12: Cisco 1003, Cisco 1004, and Cisco 1005 Routers Software Feature Sets

	Feature Set1
Feature	IP Routing2	IP/IPX Routing2	IP/AppleTalk Routing2	IP/IPX/AppleTalk Routing
LAN Support
AppleTalk 1 and 23	--	--	Yes	Yes
GRE	Yes	Yes	Yes	Yes
Integrated routing and bridging (IRB)4	Yes	Yes	Yes	Yes
IP	Yes	Yes	Yes	Yes
Novell IPX5	--	Yes	--	Yes
Transparent and translational bridging6	Yes	Yes	Yes	Yes
WAN Services7
Dialer profiles	Yes	Yes	Yes	Yes
Frame Relay (Cisco 1005 only)	Yes	Yes	Yes	Yes
Frame Relay SVC Support (DTE) (Cisco 1005 only)	Plus	Plus	Plus	Plus
Frame Relay traffic shaping (Cisco 1005 only)	Yes	Yes	Yes	Yes
HDLC	Yes	Yes	Yes	Yes
ISDN (Cisco 1003 and Cisco 1004)8	Yes	Yes	Yes	Yes
PPP	Yes	Yes	Yes	Yes
SLIP (Cisco 1005 only)	Yes	Yes	--	--
SMDS (Cisco 1005 only)	Yes	Yes	Yes	Yes
Switched 56 (Cisco 1005 only)	Yes	Yes	Yes	Yes
Virtual Private Dial-up Network (VPDN)	--	--	--	Plus
X.25	Yes	Yes	Yes	Yes
WAN Optimization
Bandwidth-on-demand (Cisco 1003 and Cisco 1004)	Yes	Yes	Yes	Yes
Custom and priority queuing	Yes	Yes	Yes	Yes
Dial backup	Yes	Yes	Yes	Yes
Dial-on-demand9	Yes	Yes	Yes	Yes
Header10 and link compression11 (Cisco 1003 and Cisco 1004)	Yes	Yes	Yes	Yes
Payload compression (Cisco 1005 only)	Yes	Yes	Yes	Yes
Snapshot routing12	Yes	Yes	Yes	Yes
Weighted fair queuing	Yes	Yes	Yes	Yes
IP Routing
Enhanced IGRP	Yes	Yes	Yes	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes	Yes
IGRP	Yes	Yes	Yes	Yes
Network Address Translation Table (NAT)	Plus	Plus	Plus	Plus
On Demand Routing (ODR)	Yes	Yes	Yes	Yes
OSPF	Plus	Plus	Plus	Plus
OSPF Not-So-Stubby-Areas (NSSA)	Plus	Plus	Plus	Plus
OSPF On Demand Circuit (RFC 1793)	Plus	Plus	Plus	Plus
PIM	Plus	Plus	Plus	Plus
RIP	Yes	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes	Yes
Other Routing
AURP	--	--	Plus	Plus
IPX RIP	--	Yes	--	Yes
NLSP	Plus	Plus	Plus	Plus
SMRP	Plus	Plus	Plus	Plus
RTMP	--	--	Yes	Yes
Multimedia and Quality of Service
Random Early Detection (RED)	Plus	Plus	Plus	Plus
Resource Reservation Protocol (RSVP)	Plus	Plus	Plus	Plus
Management
ClickStart	Yes	Yes	Yes	Yes
HTTP Server	Yes	Yes	Yes	Yes
SNMP	Yes	Yes	Yes	Yes
Telnet	Yes	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes	Yes
Access security	Yes	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes	Yes
Lock and key	Yes	Yes	Yes	Yes
Router authentication and network layer encryption (40-bit or export controlled 56-bit DES)	Encrypt	Encrypt	Encrypt	Encrypt
TACACS+13	Yes	Yes	Yes	Yes

Table 13: Cisco 1005 Platform-Specific Software Feature Sets

	Feature Set
Feature	IP/OSPF/PIM Routing1	IP/Async1	IP/IPX/Async1
LAN Support
AppleTalk 1 and 2	--	--	--
GRE	Yes	Yes	Yes
Integrated routing and bridging (IRB)2	Yes	Yes	Yes
IP	Yes	Yes	Yes
Novell IPX3	--	--	Yes
Transparent and translational bridging4	Yes	Yes	Yes
WAN Services5
Async	--	Yes	Yes
Dialer profiles	Yes	Yes	Yes
Frame Relay	Yes	--	--
Frame Relay traffic shaping	Yes	--	--
HDLC	Yes	--	--
PPP6	Yes	Yes	Yes
SLIP	--	Yes	Yes
SMDS	Yes	--	--
Switched 56	Yes	--	--
Virtual Private Dial-up Network (VPDN)	--	--	--
X.257	Yes	--	--
WAN Optimization
Custom and priority queuing	Yes	Yes	Yes
Dial-on-demand8	Yes	Yes	Yes
Header9, link and payload compression 10	Yes	Yes	Yes
Snapshot routing11	Yes	Yes	Yes
Weighted fair queuing	Yes	Yes	Yes
IP Routing
Enhanced IGRP	Yes	Yes	Yes
Enhanced IGRP Optimizations	Yes	Yes	Yes
IGRP	Yes	Yes	Yes
On Demand Routing (ODR)	Yes	Yes	Yes
OSPF	Yes	--	--
OSPF Not-So-Stubby-Areas (NSSA)	Yes	--	--
OSPF On Demand Circuit (RFC 1793)	Yes	--	--
PIM	Yes	--	--
RIP	Yes	Yes	Yes
RIP Version 2	Yes	Yes	Yes
Other Routing
IPX RIP	--	--	Yes
Management
ClickStart	Yes	Yes	Yes
HTTP Server	Yes	Yes	Yes
SNMP	Yes	Yes	Yes
Telnet	Yes	Yes	Yes
Security
Access lists	Yes	Yes	Yes
Access security	Yes	Yes	Yes
Extended access lists	Yes	Yes	Yes
Kerberos V client support	--	--	--
Lock and key	Yes	Yes	Yes
TACACS+12	Yes	Yes	Yes

Memory Requirements for Release 11.2

Beginning with Cisco IOS Release 10.3, some software image sizes exceed 4 MB and, when compressed, exceed 2 MB. Also, some systems now require more than 1 MB of main system memory for data structure tables.

For Cisco routers to take advantage of the Release 11.2 features, you must upgrade the code or main system memory as listed in Table 16. Some platforms have specific chip or architecture requirements that affect what can be upgraded and in what increments.

---

Note For the Cisco 7000 and Cisco 7010 routers to recognize Flash memory cards, 11.0 boot ROMs (or later) are required.

---

Image Naming in Release 11.2

Release 11.2 introduces new feature-set image names for several feature sets that were available in earlier releases. For example, the prefix "igs-" has been replaced with "c2500-." Image names have been changed to facilitate identifying the platform on which the image runs. New prefixes are shown in Table 14.

Table 14: Old and New Image Name Prefixes

Old Prefix	New Prefix in Release 11.2
igs	c2500
xx	c4000
as5200	c5200
gs7	c7000

The contents of feature sets for some platforms has changed in Release 11.2. Table 15 lists image names in Release 11.1 that have been replaced by new sets in Release 11.2. If you normally use an image from Release 11.1 or earlier that is not available in Release 11.2, use the equivalent image shown in Table 15. New images contain as many features as earlier ones, and include new features for Release 11.2.

Table 15: Image Name Mapping from Release 11.1 to Release 11.2

Image Name in Release 11.1 or Earlier	Image Name in Release 11.2
Cisco 1005
c1005-bnxy-mz	c1005-bny-mz
c1005-bxy-mz	c1005-by-mz
c1005-nxy-mz	c1005-ny-mz
c1005-xy-mz	c1005-y-mz
c1005-xy2-mz	c1005-y2-mz
Cisco 2500 Series
igs-ainr-l	c2500-ainr-l
igs-aj-l	c2500-ajs-l
igs-c-l	c2500-c-l
igs-d-l	c2500-d-l
igs-dr-l	c2500-ds-l
igs-f-l	c2500-f-l
igs-fin-l	c2500-fin-l
igs-g-l	c2500-g-l
igs-i-l	c2500-i-l
igs-im-l	c2500-is-l
igs-imn-l	c2500-ds-l
igs-imnr-l	c2500-ds-l
igs-imr-l	c2500-is-l
igs-in-l	c2500-d-l
igs-ir-l	c2500-is-l
igs-inr-l	c2500-ds-l
igs-jm-l	c2500-js-l
igs-j-l	c2500-j-l
Cisco AS5200
as5200-iz-l	c5200-is-l
as5200-dz-l	c5200-ds-l
as5200-jmz-l	c5200-js-l
Cisco 4000 Series
xx-ainr-mz	c4000-ainr-mz
xx-aj-mz	c4000-ajs-mz
xx-d-mz	c4000-d-mz
xx-dr-mz	c4000-ds-mz
xx-i-mz	c4000-is-mz
xx-in-mz	c4000-d-mz
xx-inr-mz	c4000-ds-mz
xx-ir-mz	c4000-is-mz
xx-j-mz	c4000-j-mz
Cisco 4500 Series
c4500-aj-mz	c4500-ajs-mz
c4500-dr-mz	c4500-ds-mz
c4500-ir-mz	c4500-is-mz
c4500-in-mz	c4500-d-mz
c4500-inr-mz	c4500-ds-mz
Cisco 7000 Series
gs7-aj-mz	c7000-aj-mz
gs7-ajv-mz	c7000-ajv-mz
gs7-jv-mz	c7000-jv-mz
gs7-j-mz	c7000-j-mz
Cisco 7200 Series
c7200-aj-mz	c7200-ajs-mz
c7200-dr-mz	c7200-ds-mz
c7200-j-mz	c7200-js-mz
Cisco 7500 Series and Cisco 7000 with RSP7000
rsp-aj-mz	rsp-ajsv-mz
rsp-j-mz	rsp-jsv-mz
rsp-ajv-mz	rsp-ajsv-mz
rsp-jv-mz	rsp-jsv-mz

Table 16: Release 11.2 Memory Requirements

Router	Minimum Required Code Memory	Required Main Memory		Release 11.2 Runs from
Cisco 1003 and Cisco 1004 ISDN Routers1
IP Set	2/4 MB optional Flash	8 MB RAM2		RAM
IP Plus3 Set	2/4 MB optional Flash	8 MB RAM		RAM
IP Plus 40 Set	2/4 MB optional Flash	8 MB RAM		RAM
IP Plus 56 Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/IPX Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/AT Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/IPX/AT Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/IPX/AT Plus Set	4 MB Flash4	8 MB RAM		RAM
IP/IPX/AT Plus 40 Set	4 MB Flash4	8 MB RAM		RAM
IP/IPX/AT Plus 56 Set	4 MB Flash4	8 MB RAM		RAM
Cisco 1005 Router1
IP Set	2/4 MB optional Flash	8 MB RAM2		RAM
IP Plus5 Set	4 MB Flash4	8 MB RAM		RAM
IP Plus 40 Set	4 MB Flash4	8 MB RAM		RAM
IP Plus 56 Set	4 MB Flash4	8 MB RAM		RAM
IP/IPX Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/AT Set	2/4 MB optional Flash	8 MB RAM2		RAM
IP/IPX/AT Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/IPX/AT Plus Set	4 MB Flash4	8 MB RAM		RAM
IP/IPX/AT Plus 40 Set	4 MB Flash4	8 MB RAM		RAM
IP/IPX/AT Plus 56 Set	4 MB Flash4	8 MB RAM		RAM
IP/OSPF/PIM Set	2/4 MB optional Flash	8 MB RAM		RAM
IP/Async Set	2/4 MB optional Flash	8 MB RAM2		RAM
IP/IPX/Async Set	2/4 MB optional Flash	8 MB RAM		RAM
Cisco 2500 Series
IP Set	8 MB Flash	4 MB RAM6		Flash
IP Plus7 Set	8 MB Flash	4 MB RAM		Flash
IP Plus 40 Set	8 MB Flash	4 MB RAM		Flash
IP Plus 56 Set	8 MB Flash	4 MB RAM		Flash
IP/IPX/IBM/APPN Set	8 MB Flash	8 MB RAM		Flash
IP/IPX/AT/DEC Set	8 MB Flash	4 MB RAM		Flash
IP/IPX/AT/DEC Plus Set	8 MB Flash	4 MB RAM		Flash
IP/IPX/AT/DEC Plus 40 Set	8 MB Flash	4 MB RAM		Flash
IP/IPX/AT/DEC Plus 56 Set	8 MB Flash	4 MB RAM		Flash
Enterprise Set	8 MB Flash	6 MB RAM		Flash
Enterprise Plus Set	8 MB Flash	6 MB RAM		Flash
Enterprise Plus 40 Set	8 MB Flash	6 MB RAM		Flash
Enterprise Plus 56 Set	8 MB Flash	6 MB RAM		Flash
Enterprise/APPN Plus Set	16 MB Flash	8 MB RAM		Flash
Enterprise/APPN Plus 40 Set	16 MB Flash	8 MB RAM		Flash
Enterprise/APPN Plus 56 Set	16 MB Flash	8 MB RAM		Flash
Cisco Frame Relay Access Device (CFRAD) Set	4 MB Flash	4 MB RAM6		Flash
Remote Access Server	8 MB Flash	4 MB RAM		Flash
ISDN Set	8 MB Flash	4 MB RAM		Flash
LAN FRAD Set	4 MB Flash	4 MB RAM		Flash
OSPF LANFRAD Set8	4 MB Flash	4 MB RAM		Flash
Cisco 2501 - Cisco 2508
IP Set	8 MB Flash	4 MB RAM		Flash
Cisco 2509 - Cisco 2512
IP Set	8 MB Flash	4 MB RAM		Flash
Remote Access Server	8 MB Flash	4 MB RAM		Flash
Cisco 2513 - Cisco 2519
IP Set	8 MB Flash	4 MB RAM		Flash
Cisco 2522 - Cisco 2523
IP Set	8 MB Flash	4 MB RAM		Flash
Cisco Frame Relay Access Device (CFRAD) Set	4 MB Flash	4 MB RAM		Flash
Cisco 2524- Cisco 2525
LAN FRAD Set	4 MB Flash	4 MB RAM		Flash
Cisco AS51009
IP Set	8 MB Flash per card	6 MB RAM per card		Flash
IP/IPX/AT/DEC Set	8 MB Flash	6 MB RAM		Flash
Remote Access Server	8 MB Flash	6 MB RAM		Flash
Enterprise Set	8 MB Flash	6 MB RAM		Flash
Cisco AS5200
IP Set	8 MB Flash	8 MB RAM		Flash
IP Plus10 Set	8 MB Flash	8 MB RAM		Flash
Desktop Set	8 MB Flash	8 MB RAM		Flash
Desktop Plus Set	8 MB Flash	8 MB RAM		Flash
Enterprise Set	8 MB Flash	8 MB RAM		Flash
Enterprise Plus Set	8 MB Flash	8 MB RAM		Flash
Cisco 3101, Cisco 3102, Cisco 3103	8 MB Flash	6 MB RAM		Flash
	8 MB Flash	16 MB RAM		RAM
Cisco 3104, Cisco 3204	8 MB Flash	6 MB RAM		Flash
	8 MB Flash	6 MB RAM11		RAM12
Cisco 4000/4000-M		Cisco 4000	Cisco 4000-M
IP Set	4 MB Flash	16 MB RAM	8 MB RAM	RAM
IP Plus13 Set	4 MB Flash	16 MB RAM	8 MB RAM	RAM
IP Plus 40 Set	4 MB Flash	16 MB RAM	8 MB RAM	RAM
IP Plus 56 Set	4 MB Flash	16 MB RAM	8 MB RAM	RAM
IP/IPX/AT/DEC Set	4 MB Flash	16 MB RAM	8 MB RAM	RAM
IP/IPX/AT/DEC Plus Set	4 MB Flash	16 MB RAM	16 MB RAM	RAM
IP/IPX/AT/DEC Plus 40 Set	4 MB Flash	16 MB RAM	16 MB RAM	RAM
IP/IPX/AT/DEC Plus 56 Set	4 MB Flash	16 MB RAM	16 MB RAM	RAM
IP/IPX/IBM/APPN Set	4 MB Flash	32 MB RAM	32 MB RAM	RAM
Enterprise Set	4 MB Flash	16 MB RAM	16 MB RAM	RAM
Enterprise Plus Set	8 MB Flash	16 MB RAM	16 MB RAM	RAM
Enterprise Plus 40 Set	8 MB Flash	16 MB RAM	16 MB RAM	RAM
Enterprise Plus 56 Set	8 MB Flash	16 MB RAM	16 MB RAM	RAM
Enterprise/APPN Plus Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN Plus 40 Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN Plus 56 Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Cisco 4500/4500-M		Cisco 4500	Cisco 4500-M
IP Set	4 MB Flash	32 MB RAM	16 MB RAM14	RAM
IP Plus15 Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP Plus 40 Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP Plus 56 Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP/IPX/AT/DEC Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP/IPX/AT/DEC Plus Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP/IPX/AT/DEC Plus 40 Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP/IPX/AT/DEC Plus 56 Set	4 MB Flash	32 MB RAM	16 MB RAM	RAM
IP/IPX/IBM/APPN Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Enterprise Set	8 MB Flash	32 MB RAM	16 MB RAM	RAM
Enterprise Plus Set	8 MB Flash	32 MB RAM	16 MB RAM	RAM
Enterprise Plus 40 Set	8 MB Flash	32 MB RAM	16 MB RAM	RAM
Enterprise Plus 56 Set	8 MB Flash	32 MB RAM	16 MB RAM	RAM
Enterprise/APPN Plus Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN Plus 40 Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN Plus 56 Set	8 MB Flash	32 MB RAM	32 MB RAM	RAM
Cisco 4700/4700-M
IP Set	4 MB Flash	16 MB RAM		RAM
IP Plus15 Set	4 MB Flash	16 MB RAM		RAM
IP Plus 40 Set	4 MB Flash	16 MB RAM		RAM
IP Plus 56 Set	4 MB Flash	16 MB RAM		RAM
IP//IPX/AT/DEC Set	4 MB Flash	16 MB RAM		RAM
IP//IPX/AT/DEC Plus Set	4 MB Flash	16 MB RAM		RAM
IP//IPX/AT/DEC Plus 40 Set	4 MB Flash	16 MB RAM		RAM
IP//IPX/AT/DEC Plus 56 Set	4 MB Flash	16 MB RAM		RAM
IP/IPX/IBM/APPN Set	8 MB Flash	32 MB RAM		RAM
Enterprise Set	8 MB Flash	16 MB RAM		RAM
Enterprise Plus Set	8 MB Flash	16 MB RAM		RAM
Enterprise Plus 40 Set	8 MB Flash	16 MB RAM		RAM
Enterprise Plus 56 Set	8 MB Flash	16 MB RAM		RAM
Enterprise/APPN Plus Set	8 MB Flash	32 MB RAM		RAM
Enterprise/APPN Plus 40 Set	8 MB Flash	32 MB RAM		RAM
Enterprise/APPN Plus 56 Set	8 MB Flash	32 MB RAM		RAM
Cisco 700016, Cisco 7010
IP Set	8 MB Flash	16 MB RAM		RAM
IP/Basic VIP Set	8 MB Flash	16 MB RAM		RAM
Desktop/IBM Set	8 MB Flash	16 MB RAM		RAM
Desktop/IBM/Basic VIP Set	8 MB Flash	16 MB RAM		RAM
Desktop/IBM/APPN Set	8 MB Flash	16 MB RAM		RAM
Desktop/IBM/APPN/ Basic VIP Set	8 MB Flash	16 MB RAM		RAM
Enterprise Set	8 MB Flash memory card	16 MB RAM		RAM
Enterprise/Basic VIP Set	8 MB Flash	16 MB RAM		RAM
Enterprise/APPN Set	8 MB Flash	16 MB RAM		RAM
Enterprise/APPN/Basic VIP Set	8 MB Flash	16 MB RAM		RAM
Source-Route Switch	4 MB Flash	16 MB RAM		RAM
Cisco 7200
IP Set	8/16/20 MB Flash memory card	16 MB RAM		Flash
Desktop/IBM/APPN Set	8/16/20 MB Flash memory card	24 MB RAM		Flash
Enterprise Set	8/16/20 MB Flash memory card	16 MB RAM		Flash
Enterprise/APPN Set	8/16/20 MB Flash memory card	24 MB RAM		Flash
Desktop/IBM Set	8/16/20 MB Flash memory card	16 MB RAM		Flash
Network Layer 3 Switching Set	8/16/20 MB Flash memory card	16 MB RAM		Flash
Cisco 7500 Series and Cisco 7000 with RSP700017		Cisco 7513 only	All Others
IP Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
IP/Encryption 40 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
IP/Encryption 56 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Desktop/IBM Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Desktop/IBM/APPN Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Desktop/IBM/ Encryption 40 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Desktop/IBM/ Encryption 56 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Enterprise Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Enterprise/Encryption 40 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Enterprise/Encryption 56 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN/ Encryption 40 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM
Enterprise/APPN/ Encryption 56 Set	16/20 MB Flash memory card	32 MB RAM	32 MB RAM	RAM

Microcode Software

Table 17 lists the current microcode versions for the Cisco 7000 series. Table 18 lists the current microcode versions for the Cisco 7500 series. Note that for the Cisco 7000 and Cisco 7500 series, microcode software images are bundled with the system software image--with the exception of the Channel Interface Processor (CIP) microcode (all system software images) and Versatile Interface Processor (VIP) microcode (certain system software images). Bundling eliminates the need to store separate microcode images. When the router starts, the system software unpacks the microcode software bundle and loads the proper software on all the interface processor boards. Versatile Interface Processor (VIP and VIP2) microcode is bundled into all Cisco 7500 series feature sets listed in Table 16.

---

Note For the Cisco 7000 series, all boards must use the Level 10 (or greater) microcode that is bundled (except CIP) with the system image.

---

Table  17: Bundled Microcode Versions, by Release, for the Cisco 7000 Series

	Processor or Module1
Cisco IOS Release	AIP	EIP	FEIP	FIP	FSIP	HIP	MIP	SP	SSP	TRIP	VIP2
Minimum Version Required	10.15	10.1	10.4	10.2	10.18	10.2	12.0	11.15	11.15	10.3	22.20
11.2(1)	10.15	10.1	10.4	10.2	10.18	10.2	12.0	11.15	11.15	10.3	22.20
11.2(2)	10.15	10.1	10.4	10.2	10.18	10.2	12.0	11.15	11.15	10.3	22.20
11.2(3)	10.17	10.1	10.4	10.2	10.18	10.2	12.2	11.15	11.15	10.4	22.20
11.2(4)	10.17	10.1	10.4	10.2	10.19	10.2	12.2	11.15	11.15	10.4	22.20
11.2(5)	10.18	10.1	10.5	10.2	10.19	10.2	12.2	11.15	11.15	10.4	22.20
11.2(6)	10.19	10.1	10.6	10.2	10.19	10.2	12.2	11.15	11.15	10.4	22.20
11.2(7)	10.20	10.1	10.6	10.2	10.19	10.2	12.2	11.15	11.15	10.4	22.20
11.2(8)	10.20	10.1	10.6	10.2	10.19	10.3	12.2	11.15	11.15	10.4	22.20
11.2(9)	10.20	10.1	10.7	10.2	10.19	10.3	12.2	11.15	11.15	10.4	22.20
11.2(10)	10.22	10.1	10.7	10.2	10.19	10.3	12.2	11.15	11.15	10.4	22.20
11.2(11)	10.22	10.1	10.7	10.2	10.19	10.3	12.2	11.15	11.15	10.4	22.20

Table  18: Bundled RSP Microcode Versions, by Release, for the Cisco 7500 Series

	Processor or Module3
Cisco IOS Release	AIP	EIP	FEIP	FIP	FSIP	HIP	MIP	POSIP	RSP24	TRIP	VIP2	VIP22	VIP2C2,
Minimum Version Required	20.8	20.2	20.3	20.1	20.4	20.0	22.0	20.0	20.0	20.0	22.20	22.20	22.20
11.2(1)	20.8	20.2	20.3	20.1	20.4	20.0	22.0	20.0	20.0	20.0	22.20	22.20	--
11.2(2)	20.8	20.2	20.3	20.1	20.4	20.0	22.0	20.0	20.0	20.0	22.20	22.20	22.20
11.2(3)	20.10	20.2	20.3	20.1	20.4	20.0	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(4)	20.10	20.2	20.3	20.1	20.6	20.0	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(5)	20.12	20.3	20.4	20.1	20.6	20.0	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(6)	20.12	20.3	20.5	20.1	20.6	20.0	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(7)	20.13	20.3	20.5	20.1	20.6	20.0	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(8)	20.13	20.3	20.5	20.1	20.8	20.1	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(9)	20.13	20.3	20.6	20.1	20.8	20.1	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(10)	20.15	20.3	20.6	20.1	20.8	20.1	22.2	20.0	20.0	20.1	22.20	22.20	22.20
11.2(11)	20.15	20.3	20.6	20.1	20.8	20.1	22.2	20.0	20.0	20.1	22.20	22.20	22.20

Channel Interface Processor (CIP) Microcode

Beginning with Cisco IOS Release 11.1, the CIP microcode is no longer bundled with the Cisco IOS software image. You must have Flash memory installed on the Route Processor (RP) card and 8 MB RAM installed on your CIP card to use the IBM channel attach features in Cisco IOS Release 11.1 and later. See the "Important Notes" section for more information about CIP microcode.

New Feature Set in Release 11.2(4)

A new feature set, OSPF LANFRAD, is available in Release 11.2(4) for Cisco 2500 series platforms. Table 10 shows the features available in this new feature set. Table 16 shows the memory requirements for this new feature set. No new functionality is contained in this feature set. This feature set is not available in Release 11.2 F.

New Features in Release 11.2(1)

Previously, maintenance releases of major Cisco IOS software releases were used to deliver additional new features. Beginning with Cisco IOS Release 11.2, Cisco Systems provides as many as three software release "trains" based on a single version of Cisco IOS software. Maintenance releases of the Major train software deliver fixes to software defects only, thus providing the most stable software for your network, for the features you need. In addition to the Major train, there are up to two Early Deployment (ED) trains. One ED train delivers both fixes to software defects and support for new Cisco platforms. The other ED train delivers fixes to software defects, new platform support, and new cross-platform functionality. Software releases from the ED trains typically lag the maintenance releases of the Major train by a few weeks.

Caution When determining whether to deploy software from the Major or Early Deployment release train, you should weigh the importance you place on maximizing product capability versus maximizing operational stability. Regardless of the train you choose, an early release of software should always be tried in a test network before being deployed in a production network.

The following software enhancements have been added to Release 11.2. These features are available in all software trains of Release 11.2. Separate documentation that is available with each release of the ED software trains describes the additional functionality that is available in ED software releases.

This section is divided into the following subjects:

• Routing Protocols

• Desktop Protocols

• Wide-Area Networking Features

• IBM Functionality

• Security Features

• Network Management

Routing Protocols

This section describes routing protocol features that are new in the initial release of Cisco IOS Release 11.2.

IP Protocol and Feature Enhancements

The following new IP protocol software features are available:

• On Demand Routing--On Demand Routing (ODR) is a mechanism that provides minimum-overhead IP routing for stub sites. The overhead of a general dynamic routing protocol is avoided, without incurring the configuration and management overhead of using static routing.

A stub router is the peripheral router in a hub-and-spoke network topology. Stub routers commonly have a WAN connection to the hub router and a small number of LAN network segments (stub networks) that are connected directly to the stub router. To provide full connectivity, the hub routers can be statically configured to know that a particular stub network is reachable via a specified access router. However, if there are multiple hub routers, many stub networks, or asynchronous connections between hubs and spokes, the overhead required to statically configure knowledge of the stub networks on the hub routers becomes too great.

ODR simplifies installation of IP stub networks in which the hub routers dynamically maintain routes to the stub networks. This is accomplished without requiring the configuration of an IP routing protocol at the stub routers. With ODR, the stub advertises IP prefixes corresponding to the IP networks that are configured on its directly connected interfaces. Because ODR advertises IP prefixes, rather than IP network numbers, ODR is able to carry Variable Length Subnet Mask (VLSM) information.

Once ODR is enabled on a hub router, the router begins installing stub network routes in the IP forwarding table. The hub router can also be configured to redistribute these routes into any configured dynamic IP routing protocols. IP does not need to be configured on the stub router. With ODR, a router is automatically considered to be a stub when no IP routing protocols have been configured on it.

The routing protocol that ODR generates is propagated between routers using Cisco Discovery Protocol (CDP). Thus, ODR is partially controlled by the configuration of CDP. Specifically,

• If CDP is disabled, the propagation of ODR routing information will cease.

• By default, CDP sends updates every 60 seconds. This update interval may not be frequent enough to provide fast reconvergence of IP routers on the hub router side of the network. A faster reconvergence rate may be necessary if the stub connects to several hub routers via asynchronous interfaces (such as modem lines).

• ODR may not work well with dial-on-demand routing (DDR) interfaces, as CDP packets will not cause a DDR connection to be made.

It is recommended that IP filtering be used to limit the network prefixes that the hub router will permit to be learned dynamically through ODR. If the interface has multiple logical IP networks configured (via the IP secondary command), only the primary IP network is advertised through ODR.

Open Shortest Path First (OSPF) Enhancements

The following features have been added to Cisco's OSPF software:

• OSPF On-Demand Circuit--OSPF On-Demand Circuit is an enhancement to the OSPF protocol, as described in RFC 1793, that allows efficient operation over demand circuits such as ISDN, X.25 SVCs, and dial-up lines. Previously, the period nature of OSPF routing traffic mandated that the underlying data-link connection needed to be open constantly, resulting in unwanted usage charges. With this feature, OSPF Hellos and the refresh of OSPF routing information is suppressed for on-demand circuits (and reachability is presumed), allowing the underlying data-link connections to be closed when not carrying application traffic.

The feature allows the consolidation on a single routing protocol and the benefits of the OSPF routing protocol across the entire network, without incurring excess connection costs.

If the router is part of a point-to-point topology, only one end of the demand circuit needs to be configured for OSPF On-Demand Circuit operation. In point-to-multipoint topologies, all appropriate routers must be configured with OSPF On-Demand Circuit. All routers in an area must support this feature--that is, be running Cisco IOS Software Release 11.2 or greater.

• OSPF Not-So-Stubby Areas (NSSA)--As part of the OSPF protocol's support for scalable, hierarchical routing, peripheral portions of the network can be defined as "stub" areas, so that they do not receive and process external OSPF advertisements. Stub areas are generally defined for low end routers with limited memory and CPU, that have low-speed connections, and are in a default route configuration.

OSPF Not-So-Stubby-Areas (NSSA) defines a more flexible, hybrid method, whereby stub areas can import external OSPF routes in a limited fashion, so that OSPF can be extended across the stub to backbone connection.

NSSA enables OSPF to be extended across a stub area to backbone area connection to become logically part of the same network.

Border Gateway Protocol version 4 (BGP4) Enhancements

The following features have been added to Cisco's BGP4 software:

• BGP4 Soft Configuration--BGP4 soft configuration allows BGP4 policies to be configured and activated without clearing the BGP session, hence without invalidating the forwarding cache. This enables policy reconfiguration without causing short-term interruptions to traffic being forwarded in the network.

• BGP4 Multipath Support-- BGP4 Multipath Support provides BGP load balancing between multiple Exterior BGP (EBGP) sessions. If there are multiple EBGP sessions between the local autonomous system (AS) and the neighboring AS, multipath support allows BGP to load balance among these sessions. Depending on the switching mode, per packet or per destination load balancing is performed.

BGP4 Multipath Support can support up to six paths.

• BGP4 Prefix Filtering with Inbound Route Maps--This feature allows prefix-based matching support to the inbound neighbor route map. This feature allows an inbound route map to be used to enforce prefix-based policies.

Network Address Translation

Network Address Translation (NAT) provides a mechanism for a privately addressed network to access registered networks, such as the Internet, without requiring a registered subnet address. This eliminates the need for host renumbering and allows the same IP address range to be used in multiple intranets.

With NAT, the privately addressed network (designated as "inside") continues to use its existing private or obsolete addresses. These addresses are converted into legal addresses before packets are forwarded onto the registered network (designated as "outside"). The translation function is compatible with standard routing; the feature is required only on the router connecting the inside network to the outside domain.

Translations can be static or dynamic in nature. A static address translation establishes a one-to-one mapping between the inside network and the outside domain. Dynamic address translations are defined by describing the local addresses to be translated and the pool of addresses from which to allocate outside addresses. Allocation is done in numeric order and multiple pools of contiguous address blocks can be defined.

NAT:

• Eliminates readdressing overhead. NAT eliminates the need to readdress all hosts that require external access, saving time and money.

• Conserves addresses through application port-level multiplexing. With NAT, internal hosts can share a single registered IP address for all external communications. In this type of configuration, relatively few external addresses are required to support many internal hosts, thus conserving IP addresses.

• Protects network security. Because private networks do not advertise their addresses or internal topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external access.

Because the addressing scheme on the inside network may conflict with registered addresses already assigned within the Internet, NAT can support a separate address pool for overlapping networks and translate as appropriate.

Applications that use raw IP addresses as a part of their protocol exchanges are incompatible with NAT. Typically, these are less common applications that do not use fully qualified domain names.

Named IP Access Control List

The Named IP Access Control List (ACL) feature gives network managers the option of using names for their access control lists. Named IP ACL function similarly to their numbered counter-parts, except that they use names instead of numbers.

This feature also includes a new configuration mode, which supports addition and deletion of single lines in a multiline access control list.

This feature eliminates some of the confusion associated with maintaining long access control lists. Meaningful names can be assigned, making it easier to remember which service is controlled by which access control list. Moreover, this feature removes the limit of 100 extended and 99 standard access control lists, so that additional IP access control lists can be configured.

The new configuration feature allows a network manager to edit access control lists, rather than re-creating the entire list.

Currently, only packet and route filters can use Named IP ACL. Also, named IP ACLs are not backward-compatible with earlier releases of Cisco IOS software.

Named IP ACLs are not currently supported with Distributed Fast Switching.

Multimedia and Quality of Service

The following features have been added to Cisco's multimedia and quality of service software:

• Resource Reservation Protocol--Resource Reservation Protocol (RSVP) enables applications to dynamically reserve necessary network resources from end-to-end for different classes of service. An application, which acts as a receiver for a traffic stream, initiates a request for reservation of resources (bandwidth) from the network, based on the application's required quality of service. The first RSVP-enabled router that receives the request informs the requesting host whether the requested resources are available or not. The request is forwarded to the next router, towards the sender of the traffic stream. If the reservations are successful, an end-to-end pipeline of resources is available for the application to obtain the required quality of service. RSVP enables applications with real-time traffic needs, such as multimedia applications, to coexist with bursty applications on the same network. RSVP works with both unicast and multicast applications.

RSVP requires both a network implementation and a client implementation. Applications need to be RSVP-enabled to take advantage of RSVP functionality. Currently, Precept provides an implementation of RSVP for Windows-based PCs. Companies such as Sun and Silicon Graphics have demonstrated RSVP on their platforms. Several application developers are planning to take advantage of RSVP in their applications.

• Random Early Detection--Random Early Detection (RED) helps eliminate network congestion during peak traffic loads. RED uses the characteristics of a robust transport protocol (TCP) to reduce transmission volume at the source when traffic volume threatens to overload a router's buffer resources. RED is designed to relieve congestion on TCP/IP networks.

RED is enabled on a per-interface basis. It "throttles back" lower-priority traffic first, allowing higher-priority traffic (as designated by an RSVP reservation or the IP precedence value) to continue unabated.

RED works with RSVP to maintain end-to-end quality of service during peak traffic loads. Congestion is avoided by selectively dropping traffic during peak load periods. This is performed in a manner designed to damp out waves of sessions going through TCP slow start.

Existing networks can be upgraded to better handle RSVP and priority traffic. Additionally, RED can be used in existing networks to manage congestion more effectively on higher-speed links where fair queuing is expensive.

Exercise caution when enabling RED on interfaces that support multiprotocol traffic (in addition to TCP/IP), such as IPX or AppleTalk. RED is not designed for use with these protocols and could have deleterious affects.

RED is a queuing technique; it cannot be used on the same interface as other queuing techniques, such as Standard Queuing, Custom Queuing, Priority Queuing, or Fair Queuing.

• Generic Traffic Shaping--Generic Traffic Shaping (also called Interface Independent Traffic Shaping) helps reduce the flow of outbound traffic from a router interface into a backbone transport network when congestion is detected in the downstream portions of the backbone transport network or in a downstream router. Unlike the Traffic Shaping over Frame Relay features which are specifically designed to work on interfaces to Frame Relay networks, Generic Traffic Shaping works on interfaces to a variety of Layer 2 data-link technologies (including Frame Relay, SMDS, Ethernet, etc.)

Topologies that have high-speed links feeding into lower-speed links--such as a central site to a remote or branch sites--often experience bottlenecks at the remote end because of the speed mismatch. Generic Traffic Shaping helps eliminate the bottleneck situation by throttling back traffic volume at the source end.

Routers can be configured to transmit at a lower bit rate than the interface bit rate. Service providers or large enterprises can use the feature to partition, for example, T1 or T3 links into smaller channels to match service ordered by customers.

Generic Traffic Shaping implements a Weighted Fair Queuing (WFQ) on an interface or subinterface to allow the desired level of traffic flow. The feature consumes router memory and CPU resources, so it must be used judiciously to regulate critical traffic flows while not degrading overall router performance.

Multiprotocol Routing

The following enchancement has been made to Cisco's multiprotocol routing:

• Enhanced IGRP Optimizations--With the wide-scale deployment of Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) in increasingly large and complex customer networks, Cisco has been able to continuously monitor and refine Enhanced IGRP operation, integrating several key optimizations. Optimizations have been made in the allocation of bandwidth, use of processor and memory resources, and mechanisms for maintaining information about peer routers, as described below.

  • Intelligent Bandwidth Control: In network congestion scenarios, packet loss, especially the dropping of routing protocol messages, adversely affects convergence time and overall stability. To prevent this problem, Enhanced IGRP now takes into consideration the available bandwidth (at a granularity of per subinterface/virtual circuit if appropriate) when determining the rate at which it will transmit updates. Interfaces can also be configured to use a certain (maximum) percentage of the bandwidth, so that even during routing topology computations, a defined portion of the link capacity remains available for data traffic.

  • Improved Processor and Memory Utilization: Enhanced IGRP derives the distributed routing tables from topology databases that are exchanged between peer routers. This CPU computation has now been made significantly more efficient as has the protocol's queuing algorithm, resulting in improved memory utilization. The combination of these factors further increases Enhanced IGRP's suitability for deployment, particularly on low-end routers.

  • Implicit Protocol Acknowledgments: Enhanced IGRP running within a router maintains state and reachability information about other neighboring routers. This mechanism has been modified so that it no longer requires explicit notifications to be exchanged but rather will accept any traffic originating from a peer as a valid indication that the router is operational. This provides greater resilience under extreme load.

  • IPX Service Advertisement Interleaving: Large IPX environments are typically characterized by many Service Advertisements, which can saturate lower-speed links at the expense of routing protocol messages. Enhanced IGRP now employs an interleaving technique to ensure that both traffic types receive sufficient bandwidth in large IPX networks.

These enhancements are particularly applicable in networking environments having many low-speed links (typically in hub-and-spoke topologies); in Non-Broadcast-Multiple-Access (NBMA) wide-area networks such as Frame Relay, ATM, or X.25 backbones; and in highly redundant, dense router-router peering configurations. It should be noted that the basic Enhanced IGRP routing algorithm that exhibits very fast convergence and guaranteed loop-free paths has not changed, so there are no backwards compatibility issues with earlier versions of Cisco IOS software.

Switching Features

The following feature has been added to Cisco's switching software:

• Integrated Routing and Bridging--Integrated routing and bridging (IRB) delivers the functionality to extend VLANs and Layer 2 bridged domains across the groups of interfaces on Cisco IOS software-based routers and interconnect them to the routed domains within the same router.

The ability to route and bridge the same protocol on multiple independent sets of interfaces of the same Cisco IOS software-based router makes it possible to route between these routed and the bridged domains within that router. IRB provides a scalable mechanism for integration of Layer 2 and Layer 3 domains within the same device.

Integrated routing and bridging provides:

• Scalable, efficient integration of Layer 2 and Layer 3 domains: The IRB functionality allows you to extend the bridge domains or VLANs across routers while maintaining the ability to interconnect them to the routed domains through the same router.

• Layer 3 address conservation: You can extend the bridge domains and the VLAN environments across the routers to conserve the Layer 3 address space and still use the same router to interconnect the VLANs and bridged domains to the routed domain.

• Flexible network reconfiguration: Network administrators gain the flexibility of being able to extend the bridge domain across the router's interfaces to provide temporary solution for moves, adds, and changes. This can be useful during migration from a bridged environment to a routed environment, or when making address changes on a scheduled basis.

Note that:

• Currently, IRB supports three protocols: IP, IPX, and AppleTalk, in both fast switching and process switching modes.

• IRB is not supported on ciscoBus bus platforms (the AGS+ and Cisco 7000 series).

• IRB is supported for transparent bridging, but not for source-route bridging.

• IRB is supported on all media-type interfaces except X.25 and ISDN bridged interfaces.

• IRB and concurrent routing and bridging (CRB) cannot operate at the same time.

Desktop Protocols

This section describes the desktop protocol features that are new in the initial release of Cisco IOS Release 11.2.

AppleTalk Features

The following feature has been added to Cisco's AppleTalk software:

• AppleTalk Load Balancing--This feature allows AppleTalk data traffic to be distributed more evenly across redundant links in a network.

AppleTalk load balancing can reduce network costs by allowing more efficient use of network resources. Network reliability is improved because the chance that network paths between nodes will become overloaded is reduced. For convenience, load balancing is provided for networks using native AppleTalk routing protocols such as Routing Table Maintenance Protocol (RTMP) and Enhanced IGRP.

AppleTalk load balancing operates with process and fast switching.

Novell Features

The following features have been added to Cisco's Novell software:

• Display SAP by Name--This feature allows network managers to display Service Advertisement Protocol (SAP) entries that match a particular server name or other specific value. The current command that displays IPX servers has been extended to allow the use of any regular expression (including supported special characters) for matching against the router's SAP table.

• IPX Access Control List Violation Logging--With this feature, routers can use existing router logging facilities to log IPX access control list (ACL) violations whenever a packet matches a particular access-list entry. The first packet to match an entry is logged immediately; updates are sent at approximately 5-minute intervals.

This feature allows logging of:

• Source and destination addresses

• Source and destination socket numbers

• Protocol (or packet) type (for example, IPX, SPX, or NCP)

• Action taken (permit/deny)

Matching packets and logging-enabled ACLs are sent at the process level. Router logging facilities use the IP protocol.

• Plain English IPX Access List--Through the use of this feature, the most common protocol and socket numbers used in IPX extended ACLs can be specified by either name or number instead of numbers, as required previously.

Protocol types supported include RIP, SAP, NCP, and NetBIOS. Supported socket types include Novell Diagnostics Packet Enhanced IGRP, and NLSP.

Plain English IPX Access Lists greatly reduce the complexity and increase the readability of IPX extended access control lists, reducing network management expense by making it easier to build and analyze the access control mechanisms used in IPX networks.

Wide-Area Networking Features

This section describes the wide-area networking features that are new in the initial release of Cisco IOS Release 11.2.

ISDN/DDR Enhancements

The following features have been added to Cisco's ISDN and DDR software:

• Multichassis Multilink PPP (MMP)--Multichassis Multilink Point-to-Point Protocol (MMP) extends Multilink PPP (MLP) by providing a mechanism to aggregate B-channels transparently across multiple routers or access servers. MMP defines the methodology for sharing individual links in a MLP bundle across multiple, independent platforms. The primary application for MMP is the ISDN dial-up pool; however, it can also be used in a mixed technology environment.

MMP is based on the concept of a stackgroup--a group of routers or access servers that operate as a group when receiving MLP calls. Any member of the stackgroup can answer any call into the single access number applied to all WAN interfaces. Typically, the access number corresponds to a telco hunt group.

Cross-platform aggregation is performed via tunneling between members of a stackgroup using the Level 2 Forwarding (L2F) protocol, a draft IETF standard.

MMP is flexible and scalable. Because the L2F protocol is IP-based, members of a stackgroup can be connected over many types of LAN or WAN media. Stackgroup size can be increased by increasing the bandwidth available to the L2F protocol--for example, by moving from shared to switched Ethernet.

With Multichassis Multilink PPP:

• New devices can be added to the dial-up pool at any time.

• The load for reassembly and resequencing can be shared across all devices in the stackgroup. MMP is less CPU-intensive than MLP.

• MMP provides an interoperable multivendor solution since it does not require any special software capabilities at the remote sites. The only remote requirement is support for industry standard MLP (RFC 1717).

Universal access servers such as the Cisco 5200 should not be combined with ISDN-only access servers such as the Cisco 4000 series router in a MMP stackgroup. Because calls are allocated by the central office in an arbitrary manner, it is possible that this scenario could lead to an analog call being delivered to a digital-only access server.

---

Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference.

---

• Virtual Private Dial-up Network-- Virtual Private Dial-up Network (VPDN) allows users from multiple disparate domains to gain secure access to their corporate home gateways via public networks or the Internet. This functionality is based on the Layer 2 Forwarding (L2F) specification which Cisco has proposed as an industry standard to the Internet Engineering Task Force (IETF).

Service providers who wish to offer private dial-up network services can use VPDN to provide a single telephone number for all their client organizations. A customer can use dial-up access to a local point of presence where the access server identifies the customer by PPP user name. The PPP username is also used to establish a home gateway destination. Once the home gateway is identified, the access server builds a secure tunnel across the service provider's backbone to the customer's home gateway. The PPP session is also transported to this home gateway, where local security measures can ensure the person is allowed access to the network behind the home gateway.

Of special interest to service providers is VPDN's independence of WAN technology. Since L2F is TCP/IP-based, it can be used over any type of service provider backbone network.

---

Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference.

---

• Dialer Profiles--Dialer profiles allow the user to separate the network layer, encapsulation, and dialer parameters portion of the configuration from that of the interface used to place or receive calls.

Dialer profile extends the flexibility of current dial-up configurations. For example, on a single ISDN PRI or PRI rotary group it is now possible to allocate separate profiles for different classes of user. These profiles may define normal DDR usage or backup usage.

Each dialer profile uses an Interface Descriptor Block (IDB) distinct from the IDB of the physical interface used to place or receive calls. When a call is established, both IDBs are bound together so that traffic can flow. As a result, dialer profiles use more IDBs than normal DDR.

This initial release of dialer profiles does not support Frame Relay, X.25, or LAPB encapsulation on DDR links or Snapshot Routing capabilities.

• Combinet Packet Protocol (CPP) Support--Combinet Packet Protocol (CPP) is a proprietary encapsulation used by legacy Combinet products for data transport. CPP also defines a methodology for performing compression and load sharing across ISDN links. The Cisco IOS software implementation of CPP supports both compression and load sharing using this proprietary encapsulation.

A large installed base of early Combinet product users cannot upgrade to later software releases that support interoperability standards such as PPP. With CPP support, these users can integrate their existing product base into new Cisco IOS-based internetworks.

CPP does not provide many of the functions available in Cisco's implementation of the PPP standards. These functions include address negotiation and support for protocols like AppleTalk. Where possible, Cisco recommends that customers migrate to software that supports PPP.

• Half Bridge/Half Router for Combinet Packet Protocol (CPP) and PPP--Half bridge/half router allows low-end, simply configured bridge devices to bridge either PPP or Combinet Packet Protocol (CPP) encapsulated data to a Cisco IOS core network router. Half bridge/half router is designed for networks that have small remote Ethernet segments, each with a single PPP- or CPP-compatible bridging device connected to a core network. The serial or ISDN interface on the core network router appears as a virtual Ethernet port to the network. Layer 3 data packets transported across this type of link are first encapsulated within an Ethernet encapsulation. A PPP or CPP bridging header is then added. This facility allows bridged traffic arriving at the core device to be routed from that point on.

This feature is process switched.

Frame Relay Enhancements

The following features have been added to Cisco's Frame Relay software:

• Frame Relay SVC Support (DTE)--Currently, access to Frame Relay networks is through private leased lines at speeds ranging from 56 kbps to 45 Mbps. Bandwidth within the Frame Relay network is permanently committed to providing permanent virtual circuits (PVCs) between the endpoints. Switched virtual circuits (SVCs) allow access through a Frame Relay network by setting up a path to the destination endpoints only when the need arises. This is similar to X.25 SVCs, which allow connections to be set up and torn down based upon data traffic requirements. Although SVCs entail overhead for setting up and tearing down links, the VC is only established when data must be transferred, so the number of VCs is proportional to the number of actual conversations between sites rather than the number of sites.

Frame Relay SVCs offer cost savings via usage-based pricing instead of fixed pricing for a PVC connection, dynamic modification of network topologies with any-to-any connectivity, dynamic network bandwidth allocation or bandwidth-on-demand for large data transfers such as FTP traffic, backup for PVC backbones, and conservation of resources in private networks.

To use Frame Relay SVCs, Frame Relay SVC must be supported by the Frame Relay switches used in the network. Also, a Physical Local Loop Connection, such as a leased or dedicated line, must exist between the router (DTE) and the local Frame Relay switch.

• Traffic Shaping over Frame Relay

  ---

  Note Traffic shaping over Frame Relay is not available in Release 11.2(1). This feature will be available in a subsequent maintenance release of Release 11.2. Refer to software defect ID CSCdi60734.

  ---

The Frame Relay protocol defines several parameters that are useful for managing network traffic congestion. These include Committed Information Rate (CIR), Forward/Backward Explicit Congestion Notification (FECN/BECN), and Discard Eligibility (DE) bit. Cisco already provides support for FECN for DECnet and OSI, BECN for SNA traffic using direct LLC2 encapsulation via RFC 1490, and DE bit support. The Frame Relay Traffic Shaping feature builds upon this support by providing the following three capabilities:

• Rate Enforcement on a per virtual circuit (VC) basis: A peak rate can be configured to limit outbound traffic to either the CIR or some other defined value such as the Excess Information Rate (EIR).

• Generalized BECN support on a per VC basis: The router can monitor BECNs and throttle traffic based upon BECN marked packet feedback from the Frame Relay network.

• Priority/Custom/First In, First Out Queuing (PQ/CQ/FIFO) support at the VC level: This allows for finer granularity in the prioritization and queuing of traffic, providing more control over the traffic flow on an individual VC.

Frame Relay Traffic Shaping:

• Eliminates bottlenecks in Frame Relay network topologies with high-speed connections at the central site, and low-speed connections at the branch sites. Rate Enforcement can be used to limit the rate at which data is sent on the VC at the central site.

• Provides a mechanism for sharing media by multiple VCs. Rate Enforcement allows the transmission speed used by the router to be controlled by criteria other than line speed, such as the CIR or EIR. The Rate Enforcement feature can also be used to pre-allocate bandwidth to each VC, creating a Virtual Time Division Multiplexing network.

• Dynamically throttles traffic, based on information contained in BECN-tagged packets received from the network. With BECN based throttling, packets are held in the router's buffers to reduce the data flow from the router into the Frame Relay network. The throttling is done on a per VC basis and the transmission rate is adjusted based on the number of BECN-tagged packets received.

• Defines queuing at the VC or subinterface level. Custom Queuing with the Per VC Queuing and Rate Enforcement capabilities enable Frame Relay VCs to be configured to carry multiple traffic types (such as IP, SNA and IPX), with bandwidth guaranteed for each traffic type.

The three capabilities of the Traffic Shaping for Frame Relay feature require the router to buffer packets to control traffic flow and compute data rate tables. Because of this router memory and CPU utilization, these features must be used judiciously to regulate critical traffic flows while not degrading overall Frame Relay performance.

ATM Enhancements

The following features have been added to Cisco's Asynchronous Transfer Mode (ATM) software:

• Simple Server Redundancy Protocol (SSRP) for LAN Emulation--The Simple Server Redundancy Protocol (SSRP) provides stand-by redundancy for the following services used by clients in an ATM LAN Emulation (LANE) network: LAN Emulation Configuration Server (LECS), LAN Emulation Server (LES), and Broadcast-and-Unknown Server (BUS). As many as 16 LECSs can be defined for LightStream 1010 switches whereas LS100 switches support only four LECSs. Additionally, LECS addresses can be defined in ILMI on a per-port basis in the LightStream 1010.

LAN Emulation uses one LES/BUS per emulated LAN and one LECS per multiple emulated LANs. These service components represent single points of failure for each emulated LAN. SSRP removes these single points of failure, providing network managers the redundancy they need for campus ATM backbones with LAN Emulation without adding administrative overhead. A completely redundant, dual-homed ATM backbone can be built without any failure points when SSRP is combined with Hot Standby Router Protocol (HSRP), the dual-phy LANE card for the Catalyst 5000, and support for Spanning Tree on a per VLAN-basis.

Full implementation of SSRP requires Cisco platforms. Currently, LECS and LES/BUS are available on the Cisco 7000 series, Cisco 7500 series, Cisco 4000 series routers, and the Catalyst 5000. Any LAN Emulation Client (LEC), such as an ATM adapter from one of Cisco's interoperability partners, can take advantage of the LES/BUS redundancy without additional capability. To fully implement LECS redundancy, a LEC must also:

• Provide complete support for ILMI, allowing multiple server ATM addresses to be given to a client.

• Try to contact the next LECS from that list, should the previous LECS not respond during initialization.

The Catalyst 5000 LAN Emulation module will support SSRP when configured to run the LECS and LES/BUS in LS1010 software Release 3.1.

Non-Cisco LECs that can only communicate to the well-known LECS address can also take advantage of SSRP, provided:

• They do not bypass the configuration phase, which is optional in the LANE 1.0 specification

• When LAN Emulation clients (LECs) lose BUS connections, they should go back to the configuration phase.

• Hot Standby Router Protocol (HSRP) support for LAN Emulation--If there is more than one router connected to an emulated LAN, Cisco's Hot Stand-by Router Protocol (HSRP) allows one of those routers to monitor the status of the other and take over the functions of that router should it fail or become unavailable.

HSRP provides inter-ELAN (or inter-VLAN) routing redundancy. HSRP over LANE is transparent to hosts expecting to always to be able to reach their default gateway (router). Without HSRP, IP hosts would need to be configured with RIP to recover from a failure of its default gateway. This method can result in a 10-minute delay before the host can use its second default gateway. A completely redundant, dual-homed ATM backbone can be built without any failure points when HSRP is combined with Simple Server Redundancy Protocol (SSRP), the dual-phy LANE card for the Catalyst 5000, and support for Spanning Tree on a per VLAN-basis.

HSRP is a unique protocol developed by Cisco and used only by Cisco IOS software-based routers. HSRP over LAN Emulation is available in Cisco devices that support ATM interfaces such as the Cisco 7000 series, Cisco 7500 series, and Cisco 4000 series routers.

• Additional Protocol Routing Support for LAN Emulation--This feature adds the ability to route DECnet, Banyan VINES, and XNS from a subinterface on an ATM router port running LAN Emulation client to any other subinterface on an ATM router port running LAN Emulation client or any other router port. Support for DECnet routing between VLANs for ATM LAN Emulation requires DECnet Phase IV.

When DECnet routing is configured, there is a one-time reset of the interface so that the MAC address of the interface can reflect the DECnet Phase IV MAC address conventions. If SSRP is also configured, there is a switchover to the secondary LECS and back as a result of configuring DECnet.

• UNI 3.1 Signaling Support--The full breadth of UNI signaling protocol support is available. The ATM Forum submitted the UNI 3.0 signaling specification to the ITU, which subsequently made changes to the SSCOP encapsulation used to make signaling reliable. UNI 3.1 was published later by the ATM Forum to align with the ITU, otherwise there is no difference in functionality between UNI 3.0, currently supported on all Cisco ATM platforms, and UNI 3.1.

• Rate Queues for SVCs per subinterface--In previous releases, SVCs which do not use static maps could not participate in traffic shaping--they were assigned to a rate queue at the interface line rate. In Release 11.2, all SVCs on an interface for which explicit traffic-shaping parameters have not been specified can be assigned a set of traffic-shaping parameters via a map-class tied to the interface. These parameters can, for example, be assigned to SVCs used to run RFC 1577 Classical IP over ATM.

  ---

  Note The interface-level traffic shaping parameters are not applied to SVCs used for LAN Emulation (LANE). These SVCs continue to be unshaped.

  ---

• AToM MIB Support--This provides support for the AToM Management Information Base (MIB), described in IETF RFC 1695, which defines configuration information as well as error and cell-level counters. Release 11.2 provides a standard AToM MIB instrumentation for many of the counters already provided in the router's ATM interfaces.

AToM MIB instrumentation is used by network management applications, such as Cisco's AtmDirector, to perform topology auto-discovery and status checking.

Core Enhancements

The following feature has been added to the Cisco 7000 series, Cisco 7200 series, and Cisco 7500 series routers:

• NetFlow Switching--NetFlow Switching is a new software switching mechanism that allows Cisco routers to combine high-performance network-layer switching with the application of network services. To achieve this high performance, NetFlow Switching identifies traffic flows between internetwork endpoints and then, on a connection-oriented basis, switches packets in these streams at the same time that it applies relevant services. By identifying flows using both network-layer and transport-layer information, NetFlow Switching allows Cisco IOS services to be applied on a per-user, per-application basis.

With NetFlow Switching, network users can extend their use of existing Cisco IOS services, such as security access lists or the collection of traffic statistics, without paying the performance penalty usually associated with such processing-intensive functions. This increase in performance allows these services to be used in more places within the network and on a larger scale. Extending network security is increasingly important as networks need to support access from remote users and across public Internet services. Detailed information on traffic flows helps network managers to grow their networks in the most cost-effective way.

NetFlow Switching provides increased performance for the application of existing Cisco IOS services such as security access lists and accounting. Previously, system performance could be affected by as much as 30 percent for each service invoked. With NetFlow Switching, system switching performance can be maintained within 10 to 15 percent of optimum levels for all supported services. As with any connection-oriented technique, the performance of NetFlow Switching is affected by the total number of active flows.

Cisco's initial implementation of NetFlow Switching supports Internet Protocol (IP) traffic over all interface types and provides optimal performance with Ethernet, Fiber Distributed Data Interface (FDDI), and High-Level Data Link Control (HDLC) serial interfaces.

NetFlow Switching is supported on the Cisco 7500 series and Cisco 7000 series routers with a Route Switch Processor (RSP). On these routers, NetFlow Switching can operate on the master RSP or on a distributed basis on individual Versatile Interface Processors (VIPs).

IBM Functionality

This section describes the IBM network software features and support that are new in the initial release of Cisco IOS Release 11.2.

New Features

The following new IBM software features are available:

• Native Client Interface Architecture (NCIA) Server--The Native Client Interface Architecture (NCIA) server, introduced by Cisco Systems for access of IBM SNA applications over routed internetworks, has been enhanced to be more flexible and scalable. The NCIA Client, implemented in the client workstation, encapsulates the full SNA stack inside TCP/IP packets. These packets are sent to the NCIA Server implemented in Cisco IOS software. The NCIA Server de-encapsulates the TCP/IP packet and sends the LLC data to the host processor via RSRB or DLSw+.

The NCIA Server supports SNA and NetBIOS sessions over a variety of LAN and WAN connections, including dial-up connections. The NCIA architecture supports clients with full SNA stacks--providing all advanced SNA capabilities, unlike some split-stack solutions.

NCIA Server enhancements provide:

• Simplified client configuration: It is no longer necessary to predefine ring numbers, and the NCIA Server supports optional dynamic assignment of MAC addresses. There is no Logical Link Control, type 2 (LLC2), at the client. The client is configured as an end station, not a router peer.

• Scalability: The limit is based on the number of LLC connections in the central site router rather than RSRB peer connections.

Note that each client is a full SNA PU with one or more LUs. As such, each device requires one LLC connection at the central site router. The Cisco 4700 currently supports 3000-4000 LLC connections.

• TN3270 Server--The TN3270 Server is a new feature of the Channel Interface Processor (CIP) of the Cisco 7000 family of routers. The TN3270 Server allows TN3270 and TN3270E clients access to IBM and IBM-compatible mainframes without the limitations of existing alternatives. It off-loads 100 percent of the TCP/IP and TN3270 cycles from the mainframe, and offers a robust, scalable and dynamic implementation that meets the stringent requirements of the Data Center.

The TN3270 Server on the CIP supports up to 8000 concurrent sessions on a CIP and up to 16000 concurrent sessions on a CIP2 card. The TN3270 Server offers the following advanced capabilities:

• Load Balancing and Redundancy: Provides effective utilization of CIP resources and more consistent response times.

• End-to-End Session Visibility: Provides enhanced management of resources.

• SNA Session Switching: The SNA Session Switch enables cross-domain traffic to bypass the owning VTAM.

• TN3270E Support: In combination with a TN3270E client, provides advanced SNA management and SNA functionality, including printer support.

• Dynamic Definition of Dependent LUs: Provides simplified configuration and network definition at the router and in VTAM.

• Dynamic Allocation of LUs: Removes the need to pool LU resources while supporting multiple SNA model types.

TN3270 Server requires 32 MB of CIP DRAM to support up to 4000 sessions, 64 MB to support 8000 sessions, and 128 MB to support 16000 sessions. TN3270 Server can run concurrently with any of the other CIP applications (IP Datagram, TCP/IP Off-load, or CSNA), but operation of any of these features will affect the total number of sessions supported due to contention for CIP processor cycles.

• Fast Switched Source-Route Translational Bridging (SR/TLB)--With Cisco IOS Software Release 11.2, SR/TLB is fast switched. No queuing is done and resource utilization is low. This enhancement is on by default, but can be disabled. It is supported across all router platforms except the Cisco 7200. For the Cisco 7200, fast switching is only supported in Release 11.2 P.

Fast Switched SR/TLB improves performance on all platforms by a factor of at least 2; for the Cisco 4500 and Cisco 4700, by a factor of 3. It is ideal for IBM environments (for example, where low-cost Ethernet adapters are being installed on campus, but Token Ring connectivity to a FEP is still required) and for campus environments with a mix of Token Ring and Ethernet LANs and/or switches that rely on the Cisco IOS software for translational bridging.

• Response Time Reporter--The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications and pre-problem analysis. RTR offers enhanced functionality over a similar IBM product, NetView Performance Monitor.

RTR enables the following functions to be performed:

• Troubleshoot problems by checking the time delays between devices (such as a router and a MVS host) and the time delays on the path from the source device to the destination device at the protocol level.

• Send SNMP traps and/or SNA Alerts/Resolutions when one of the following has occurred: a user-configured threshold is exceeded, a connection is lost and reestablished, or a timeout occurs and clears. Thresholds can also be used to trigger additional collection of time delay statistics.

• Perform pre-problem analysis by scheduling the RTR and collecting the results as history and accumulated statistics. The statistics can be used to model and predict future network topologies.

The RTR feature is currently available only with feature sets that include IBM support. A CiscoWorks Blue network management application will be available to support the RTR feature. Both the CiscoWorks Blue network management application and the router use the Cisco Round Trip Time Monitor (RTTMON) MIB. This MIB is also available with Release 11.2.

APPN Enhancements

The following features have been added to Cisco's APPN software:

• APPN Central Resource Registration--APPN Central Resource Registration (CRR) support allows a Cisco IOS software-based router acting as a network node (NN) to register the resources of end nodes (ENs) to the Central Directory Service (CDS) on Advanced Communication Facility/Virtual Telecommunication Access Method (ACF/VTAM). A Cisco IOS NN will now register resource names with a VTAN CDS as soon as it establishes connectivity with it. Prior to this enhancement, the router acting as a NN could not register EN resources. ACF/VTAM could, however, query the router to find these resources.

The CDS reduces broadcast traffic in the network. Without an active CDS on ACF/VTAM, the NN must send a broadcast message to the network to locate nonlocal resources required for a session. With an active CDS, the NN sends a single request directly to the CDS for the location of the resource. A network broadcast is used only if the resource has not registered with the CDS.

ACF/VTAM must be configured as a CDS. The Cisco IOS NN learns of the capability when network topology is exchanged. To most effectively use the CDS, ENs should register the resources with the NN. Depending on the EN implementation, registration may occur automatically, may require configuration on the EN, or may not be a function of the EN.

• APPN DLUR MIB--The existing APPN Management Information Base (MIB) does not contain information about Dependent Logical Units (DLUs) accessing the APPN network through the DLU Requester (DLUR) function in the Cisco IOS NN. A standard MIB for DLUR has been defined by the APPN Implementers Workshop (AIW), the standards body for APPN, and is implemented in this release of the Cisco IOS software.

With the APPN DLUR MIB, users have access to information collected about the DLUR function in the Cisco IOS NN and the DLUs attached to it for more complete network management information.

Data Link Switching+ (DLSw+) Features and Enhancements

The following features have been added to Cisco's DLSw+ software. These features had previously been available with Remote Source-Route Bridging (RSRB). To provide these features for DLSw+, the Cisco IOS software uses a component known as Virtual Data Link Control (VDLC) that allows one software component to use another software component as a data link.

• LAN Network Manager (LNM) over DLSw+--LAN Network Manager (LNM) over DLSw+ allows DLSw+ to be used in Token Ring networks that are managed via IBM's LNM software.

With this feature, LNM can be used to manage Token Ring LANs, Control Access Units (CAUs), and Token Ring attached devices over a DLSw+ network. All management functions continue to operate as they would in an RSRB network or source-route bridged network.

• Native Service Point (NSP) over DLSw+--Native Service Point (NSP) over DLSw+ allows Cisco's NSP feature to be used in conjunction with DLSw+ in the same router.

With this feature, NSP can be configured in remote routers, and DLSw+ can provide the path for the remote service point PU to communicate with NetView. This allows full management visibility of resources from a NetView 390 console, while concurrently offering the value-added features of DLSw+ in an SNA network.

• Down Stream Physical Unit (DSPU) over DLSw+--Down Stream Physical Unit (DSPU) over DLSw+ allows Cisco's DSPU feature to operate in conjunction with DLSw+ in the same router. DLSw+ can be used either upstream (towards the mainframe) or downstream (away from the mainframe) of DSPU.

DSPU concentration consolidates the appearance of up to 255 physical units into a single PU appearance to VTAM, minimizing memory and cycles in central site resources (VTAM, NCP, and routers) and speeding network startup. Used in conjunction with DLSw+, network availability and scalability can be maximized.

• Advanced Peer-to-Peer Networking (APPN) over DLSw+--Advanced Peer-to-Peer Networking (APPN) over DLSw+ allows Cisco's APPN feature to be used in conjunction with DLSw+ in the same router.

With this feature, DLSw+ can be used as a low-cost way to access an APPN backbone or APPN in the data center. In addition, DLSw+ can be used as a transport for APPN, providing nondisruptive recovery from failures and high speed intermediate routing. In this case, the DLSw+ network appears as a connection network to the APPN network nodes (NNs).

• Source-Route Bridging (SRB) over FDDI to DLSw+--This feature allows access to DLSw+ over source-route bridged FDDI LANs. In the past, the supported local DLCs were only Token Ring, Ethernet, or SDLC. With this extension, Token Ring-attached devices can access a DLSw+ router using source-route bridging over an FDDI backbone. At the remote site, the device can be attached over Token Ring, Ethernet, SDLC, or FDDI. This is useful either in environments with Token Ring switches that use FDDI as a campus backbone or in environments with Cisco 7000 and Cisco 7500 series routers providing SRB over an FDDI backbone.

This feature allows SRB over FDDI to provide the highest speed access between campus resources, while concurrently allowing DLSw+ for access to remote resources.

Currently, SRB over FDDI is supported by the Cisco 7000 and Cisco 7500 series platforms only.

Security Features

This section describes the security features that are new in the initial release of Cisco IOS Release 11.2.

New Features

• Router Authentication and Network-Layer Encryption--This feature provides a mechanism for secure data transmission. It consists of two components:

  • Router Authentication: Prior to passing encrypted traffic, two routers perform a one-time, two-way authentication by exchanging Digital Signature Standard (DSS) public keys. The hash signatures of these keys are compared to authenticate the routers.

  • Network-Layer Encryption: For IP payload encryption, the routers use Diffie-Hellman key exchange to securely generate a DES 40- or 56-bit session key. New session keys are generated on a configurable basis. Encryption policy is set by crypto-maps that use extended IP Access Lists to define which network, subnet, host, or protocol pairs are to be encrypted between routers.

This feature can be used to build multiprotocol Virtual Private Networks (VPNs), using encrypted Generic Routing Encapsulation (GRE) tunnels. It can also be used to deploy secure telecommuting services, Intranet privacy, and virtual collaborative or community-of-interest networks.

All components of this feature are subject to U.S. Department of Commerce export regulations. Encryption is currently IP only, though it does support multiprotocol GRE tunnels. This feature is most appropriately deployed in a relatively small number of routers, with a logically flat or star-shaped encryption topology. Load-sharing of the encryption/decryption function is not supported. Without a Certification Authority (CA), the one-time authentication effort increases exponentially with the number of routers. Router authentication requires the network administrator to compare the hashes produced by the routers, once during initial configuration. This version of encryption is not IPSEC compliant.

• Kerberos V Client Support--This feature provides full support of Kerberos V client authentication, including credential forwarding.

Systems with existing Kerberos V infrastructures can use their Key Distribution Centers (KDCs) to authenticate end-users for network or router access.

This is a client implementation, not a Kerberos KDC. Kerberos is generally considered a legacy security service and is most beneficial in networks already using Kerberos.

TACACS+ Enhancements

The following features have been added to Cisco's TACACS+ software:

• TACACS+ Single Connection--Single Connection is an enhancement to the network access server that increases the number of transactions per second supported. Prior to this enhancement, separate TCP connections would be opened and closed for each of the TACACS+ services: authentication, authorization, and accounting. This became a bottleneck for improving throughput on authentication services for large networks.

Single Connection is an optimization whereby the network access server maintains a single TCP connection to one or more TACACS+ daemons. The connection is maintained in an open state for as long as possible, instead of being opened and closed each time a session is negotiated. It is expected that Single Connection will yield performance improvements on a suitably constructed daemon.

Currently, only the CiscoSecure daemon V1.0.1 supports Single Connection. The network access server must be explicitly configured to support a Single Connection daemon. Configuring Single Connection for a daemon that does not support this feature will generate errors when TACACS+ is used.

• TACACS+ SENDAUTH Function--SENDAUTH is a TACACS+ protocol change to increase security. SENDAUTH supersedes SENDPASS. SENDAUTH and SENDPASS are documented in Version 1.63 of the TACACS+ protocol specification, which is available from CCO or via anonymous FTP from ftp-eng.cisco.com.

The network access server can support both SENDAUTH and SENDPASS simultaneously. It detects if the daemon is able to support SENDAUTH and, if not, will use SENDPASS instead. This negotiation is virtually transparent to the user, with the exception that the down-rev daemon may log the initial SENDAUTH packet as unrecognized.

SENDAUTH functionality requires support from the daemon, as well as the network access server.

Network Management

This section describes the network management features that are new in the initial release of Cisco IOS Release 11.2.

New Features

• HTTP Server--The Cisco 7200 series introduces an HTML management tool. This tool allows customers to navigate through the command line interface via Web-like hot links. It also displays a logical view of the hardware configuration. Customers can point and click on interfaces to check status or to modify the configuration. Because the tool resides in Flash memory, Web pages can be customized to add frequently used hot links, for example, or to add a company logo.

• ClickStart--ClickStart is a powerful Web-based software solution that enables users to install a Cisco router in minutes. ClickStart enables Cisco 1000 series ISDN access routers to be accessed by any Web browser on any desktop platform including MS Windows, Windows 95, Windows NT, UNIX and MacOS. The easy-to-use Web-based interface guides users through the router installation process. By completing an initial setup form, a user can easily configure the router and bring up the ISDN network connection. The router is then manageable from a central location, so that fine-tuning and upgrades can be performed remotely.

MIBs Supported

The following MIB support has been added:

• APPN DLUR MIB

Please see the "APPN Enhancements" section for details.

• AToM MIB Support

Please see the "ATM Enhancements" section for details.

• RTTMON Support

Please see the "New Features" subsection in the "IBM Functionality" section for details.

• Cisco IP Encryption MIB

• Cisco Modem Management MIB

• Cisco SYSLOG MIB

• Cisco TN3270 Server MIB

Important Notes

This section describes warnings and cautions about using the Cisco IOS Release 11.2 software. It discusses the following topics:

• Upgrading to a New Software Release

• Traffic Shaping over Frame Relay in Release 11.2(1)

• LAN Extension in Release 11.2(1)

• Changes to LANE Commands

• Channel Interface Processor (CIP) Microcode

• Cisco 7500 Series High System Availability (HSA)

• Netbooting from VIP

• Source-Route Bridging (SRB) over FDDI

• Enabling IPX Routing

• Using AIP Cards

• Booting Cisco 4000 Routers

• Using LAN Emulation (LANE)

• Forwarding of Locally Sourced AppleTalk Packets

• Using Source-Route Transparent Bridging (SRT) and Source-Route Bridging (SRB) on Cisco 2500 and Cisco 4000 Routers

• Release 11.2(7a) Fixes Caveats CSCdj24132 and CSCdj21944

• ATM Multipoint Signaling

• Release 11.2(10a) Fixes Caveats CSCdj58676 and CSCdj60533

• Release 11.2(11) Reintroduces Caveat CSCdj28874

Upgrading to a New Software Release

If you are upgrading to Cisco IOS Release 11.2 from an earlier Cisco IOS software release, you should save your current configuration file before installing Release 11.2 software on your router.

Traffic Shaping over Frame Relay in Release 11.2(1)

Traffic shaping over Frame Relay is not available in Release 11.2(1). This feature will be available in a subsequent maintenance release of Release 11.2. Refer to software defect ID CSCdi60734.

LAN Extension in Release 11.2(1)

The LAN extension interface does not function correctly in Release 11.2(1). The behavior is that the LAN extension NCP negotiates and sets the LAN extension interface state to "up" and the show controller lex number command displays the message "No inventory message received from LAN Extender." Turning on the LAN extension RCMD debugging shows that every remote command is being rejected with the message "LEX-RCMD: encapsulation failure." There is no workaround. This problem is being tracked as bug ID CSCdi66478.

Changes to LANE Commands

The commands lane auto-config-atm-address, lane fixed-config-atm-address, and lane config-atm-address have been changed. Previously, the effect of these commands depended on whether they were used on a major interface or on a subinterface. In Release 11.2(1) and later releases, an optional keyword config indicates that the command causes the configuration server to listen on the designated address. If the keyword is not used, the command causes the other LANE clients and servers on the interface to use the designated address to locate the configuration server. Refer to the Wide-Area Networking Command Reference publication for more information about these commands.

Channel Interface Processor (CIP) Microcode

CIP microcode is now available as a separate image, unbundled from the Cisco IOS image. CIP microcode (for the CIP or Second-Generation CIP [CIP2] card) resides only in router Flash memory as multiple files. The router loads a "kernel" to the CIP (based upon hardware revision), and the CIP selectively loads and relocates the software it requires from the router's Flash memory. The CIP image is available on pre-loaded Flash memory cards, on floppy diskette, or via FTP from Cisco. Every version of Cisco IOS Release 11.2 has a corresponding version of CIP microcode. Refer to the Channel Interface Processor (CIP) Microcode Release Note and Microcode Upgrade Requirements publication (Document Number 78-4715-xx) for information about the recommended pairs of Cisco IOS Release 11.2 and CIP microcode.

Consider the following before using Cisco IOS Release 11.2 and CIP microcode:

• If you have a router with Release 11.2 and a Release 11.2 CIP image on a Flash memory card, no action is required. The CIP microcode will load automatically upon booting the router.

• If you have an existing router with Release 11.2 in Flash memory or ROM and a pre-11.1 Flash memory card, either:

  • Replace the Flash memory card with a Release 11.2 pre-loaded Flash memory card, or

  • Boot the router with Release 11.2 software (CIP load will fail), then copy the Release 11.2 CIP image to the Flash memory card, and reboot the router.

When the CIP image is copied to an existing Flash memory card, the existing flash copy commands are used, just as before. If a CIP image other than the default for the release is being used, then the microcode cip flash configuration command must be issued.

The show microcode command has been expanded to display the default CIP image name for the Cisco IOS release.

---

Note The router must already be running Cisco IOS Release 11.2 before performing a copy of the CIP image to Flash memory because the CIP image must be "exploded" from the single image file on the TFTP server to multiple files in Flash memory. This capability was first available in Release 11.1.

---

There are a number of ways to determine what is loaded on each CIP:

• The CIP MIB has been enhanced to show the segments loaded on each CIP and their version and compilation information.

• The show controller cbus command has been expanded to include segments loaded and their version and compilation information.

Multiple CIP cards of different hardware revisions can run in the same router.

Cisco 7500 Series High System Availability (HSA)

To successfully use the HSA feature, you should take note of the following:

• The HSA feature available on the Cisco 7500 series routers requires a ROM monitor upgrade to ROM monitor version 11.1(2), or later.

• For spare RSP2 cards to function with HSA, they must also be upgraded. Spare Flash cards require Release 11.1(4) or higher boot or system images.

• HSA installation requires that both RSP2s have the same amount of DRAM (32 MB minimum each RSP2).

Netbooting from VIP

To netboot from Ethernet or Fast Ethernet ports on a VIP card, the system must contain version 11.1 boot ROMs. If the system contains version 11.0 boot ROMs, you can work around this requirement by using the boot bootldr device:filename global configuration command to load a bootstrap image from Flash memory.

Source-Route Bridging (SRB) over FDDI

This feature supports forwarding of source-route bridged traffic between Token Ring and FDDI interfaces on the Cisco 7000, Cisco 7010, and Cisco 7500 series routers. Previously, the only way to transport SNA and NetBIOS over FDDI was with remote source-route bridging (RSRB), which is either fast switched (direct or Fast-Sequence Transport (FST) encapsulation) or process-switched (TCP encapsulation). With SRB over FDDI, traffic can be autonomously switched, greatly improving performance for SRB traffic that uses FDDI as a backbone. This feature eliminates the need for RSRB peer definitions to connect Token Ring networks over the FDDI backbone.

---

Note SRB over FDDI does not support RSRB traffic forwarded to RSRB peers. Routers that have connections to local Token Ring networks as well as RSRB connections to remote networks cannot use this feature. The workaround is to move the RSRB connections to routers that are not connected to the FDDI backbone.

---

Enabling IPX Routing

The Token Ring interface is reset whenever IPX routing is enabled on that interface.

Using AIP Cards

Cisco 7000 series ATM Interface Processor (AIP) cards that support E3, DS3, or Transport Asynchronous Transmitter/Receiver Interface (TAXI) connections and that were shipped after February 22, 1995, require Cisco IOS Release 10.0(9), 10.2(5), 10.3(1), or later.

Booting Cisco 4000 Routers

You must use the Release 9.14 rxboot image for Cisco 4000 routers because the Release 11.0 rxboot image is too large to fit in the ROMs. (Note that rxboot image size is not a problem for Cisco 4500 routers.) However, because the Release 9.14 rxboot image does not recognize new network processor modules, such as the Multiport Basic Rate Interface (MBRI), its use causes two problems:

• You cannot boot from a network server over BRI lines. Instead, you can boot either from a network server over other media or use the copy tftp flash command to copy images over BRI or other media to Flash memory. If you use the copy tftp flash command over a BRI interface, you must be running the full system image.

• If you use the rxboot image on a Cisco 4000 router that is already configured, the following error messages are displayed, with one pair of messages for each BRI interface configured:

Bad interface specification
No interface specified - IP address
Bad interface specification
No interface specified - IP address

Using LAN Emulation (LANE)

Note the following information regarding the LAN Emulation (LANE) feature in Cisco IOS Release 11.2:

• LANE is available for use with Cisco 4500, 4700, 7000, and 7500 series routers connected to either an LS100 or LS1010 switch. LANE requires at least version 3.1(2) of the LS100 software, which requires a CPU upgrade if you are currently running software prior to version 2.5.

• The LS2020 cannot be used for LANE because it does not support UNI 3.0 and point-to-multipoint SVCs.

• Routing of IP, IPX, AppleTalk, DECnet, VINES, and XNS is supported.

• HSRP is supported.

• LANE does not support CLNS or LANE over PVCs.

• AppleTalk Phase 1 cannot be routed to AppleTalk Phase 2 via LANE.

Forwarding of Locally Sourced AppleTalk Packets

Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.

Using Source-Route Transparent Bridging (SRT) and Source-Route Bridging (SRB) on Cisco 2500 and Cisco 4000 Routers

Certain products containing the Texas Instruments TMS380C26 Token Ring controller do not support SRT. SRT is the concurrent operation of SRB and transparent bridging on the same interface. The affected products, shipped between March 30, 1994, and January 16, 1995, are the Cisco 4000 NP-1R, Cisco 4000 NP-2R, Cisco 2502, Cisco 2504, Cisco 2510, Cisco 2512, Cisco 2513, and Cisco 2515.

Units shipped before March 30, 1994, or after January 16, 1995, are not affected. They use the Texas Instruments TMS380C16 Token Ring controller, which supports SRT.

SRT support is necessary in two situations. In one, Token Ring networks are configured to SRB protocols such as SNA and NetBIOS, and they transparently bridge other protocols, such as IPX. In the other situation, SNA or NetBIOS uses SRB and Windows NT is configured to use NetBIOS over IP. Certain other configuration alternatives do not require SRT (contact the Technical Assistance Center for more information).

As of Release 10.3(1), SRB in the following Cisco IOS features sets is no longer supported: IP, IP/IPX, and Desktop. To use SRB, you need one of the following feature sets: IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN. In most non-IBM Token Ring environments, the multiring feature in IP, IP/IPX, and Desktop eliminates the need for IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN.

Release 11.2(7a) Fixes Caveats CSCdj24132 and CSCdj21944

Cisco IOS software releases 11.2(7) and 11.2(7)P were deferred due to two severe defects. It was determined that these caveats were significant enough to merit a software rebuild. The rebuild includes the caveat fixes and is renumbered to 11.2(7a).

These defects are bugs CSCdj24132 and CSCdj21944 and are described as follows:

• A router crashes every time it receives an ISDN Q.931 DISCONNECT message. This problem only affects net3 switch types.

A router may also crash if the clear interface bri command is issued. This problem only affects net3, vn2/vn3, and ts013 switch types. [CSCdj24132]

• A memory allocation error occurs after a large number of modem calls are placed to an AS5200 configured for PRI ISDN. After the AS5200 starts to generate a number of these memory allocation error messages, calls cannot be answered.

The following are indicators that may be used to determine if the AS5200 is encountering this problem:

• When the AS5200 runs out of memory, MALLOC Failure messages similar to the one shown will be displayed:

%SYS-2-MALLOCFAIL: Memory allocation of 1056 bytes failed from 0x2214E776, pool Processor, alignment 0
-Process= "Net Periodic", ipl= 0, pid= 34
-Traceback= 2214D3E0 2214E542 2214E77E 2214BEC6 2214C12A 22159466 2215E86E 22140BDE 2213B688 2213B6E0

• If there is no ISDN process in the output from the show process command, and you start to see "%SYS-2-MALLOCFAIL" error messages, then the memory leak was caused by this bug.

• If there are more than 46 entries marked "Active" in the output from the show isdn history command, then the memory leak was caused by this bug.

[CSCdj21944]

Release 11.2(7a) and all subsequent releases of Cisco IOS software include the fix for these caveats.

ATM Multipoint Signaling

Prior to Cisco IOS Release 11.1(13) and 11.2(8), the atm multipoint-signaling command was used on the main interface and affected all subinterfaces. For Release 11.1(13), 11.2(8) and later releases, explicit configuration on each subinterface is required to obtain the same functionality. Refer to bug CSCdj20944, which is described as follows:

• The atm multipoint-signaling interface command is currently only available on the main ATM interface. The effect is that signaling behavior (point-to-point or point-to-multipoint) for all clients on all subinterfaces is determined by the command on the main interface.

Clients on different subinterfaces can have different behavior. Specifically 1577 requires point-to-point, and PIM allows point-to-multipoint. The command should be on a per subinterface basis.

Users will have to enable the atm multipoint-signaling command on all subinterfaces that require it. Previously, they only needed to enable it on the main interface.

Release 11.2(10a) Fixes Caveats CSCdj58676 and CSCdj60533

Cisco IOS software releases 11.2(10) and 11.2(10)P were deferred due to two severe defects. It was determined that these caveats were significant enough to merit a software rebuild. The rebuild includes the caveat fixes and is renumbered to 11.2(10a).

These defects are bugs CSCdj58676 and CSCdj60533 and are described as follows:

• With EIGRP routing configured, redistribution of the following type of routes into the EIGRP process will not work correctly:

  • A directly connected route

  • A static route with the next hop set to an interface

  • A static route with the next hop set to a dynamically learned route

The nature of the defect is that it will only occur after a dynamic event. If redistribution is manually configured, EIGRP will initially reflect correct information in the topology table. However, after any sort of dynamic event the topology table becomes invalid and routing updates sent are inaccurate. [CSCdj58676]

---

Note The code changes committed by CSCdj58676 resolved some issues but created the symptoms reported in CSCdj65737. The code changes for CSCdj58676 were only committed to releases 11.2(10a), 11.2(10a)BC and 11.2(10a)P, therefore they are the only ones affected by CSCdj65737. See the section "Release 11.2(11) Reintroduces Caveat CSCdj28874" for more information related to CSCdj58676 and CSCdj65737.

---

• The ARP lookup routine may suspend, causing unexpected behaviors for IP protocols. For example, if the OSPF routing process is traversing a list of neighbors to send LSA packets and the ARP routine is called, the ARP routine suspension could cause a system reset. [CSCdj60533]

Release 11.2(11) Reintroduces Caveat CSCdj28874

CSCdj65737 was introduced by code changes associated with CSCdj58676. The issue is that routes are not being redistributed into EIGRP from other routing protocols if both protocols are routing for the same major network.

The code changes for CSCdj58676 were only applied to 11.2(10a), 11.2(10a)BC and 11.2(10a)P releases, therefore, those releases are the only ones impacted by CSCdj65737. The fix to CSCdj65737 will be to back out the code changes committed by CSCdj58676 and CSCdj28874. That change will have the effect of reintroducing the behavior reported by CSCdj28874, which is described as follows:

• When a network is included in the EIGRP routing process because it is specified with the network x.x.x.x command and that same network is redistributed into EIGRP via the redistribute connected command, there will be two entries for the network in the EIGRP topology table.

If the interface connecting that network goes down, only one of the two entries will be removed from the topology table. The entry learned via redistribution will remain in the topology table and be advertised, even though it is no longer valid. [CSCdj28874]

The code back-outs of CSCdj65737 and reintroduction of CSCdj28874 will appear in the following releases:

• 11.2: 11.2(11), 11.2(11)BC, 11.2(11)P

• 11.1: 11.1(16), 11.1(16)AA, 11.1(16)CA, 11.1(16)IA

All defect resolution information pertaining to CSCdj58676 is superseded by the details relating to CSCdj65737.

The symptoms of CSCdj28874 may be avoided by not using the redistributed connected command and instead specifying the individual networks to be redistributed into EIGRP.

Caveats for Release 11.2(1) through 11.2(11)

This section describes possibly unexpected behavior by Release 11.2(11). Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(11) and 11.2(11)P. The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" later in this document.

Access Server

• Under rare circumstances, a Cisco AS5200 may crash after displaying either a "%SYS-2-BLOCK" or "%SYS-2-BLOCKHUNG" message. [CSCdj30206]

• Under unknown circumstances, an AS5200 PRI D channel may get stuck in the state "TEI_ASSIGNED" rather than "MULTIPLE FRAME ESTABLISHED" which is the normal operating condition. This state is shown by the show isdn status command.

The workaround at this time is to reload the router. Issuing the shut and no shut commands on the affected interface does not help. [CSCdj41613]

• Running Cirrus' microcode version less than 0x1F will cause high CPU utilization on the Cisco AS5200, which can cause existing calls to drop. [CSCdj68729]

AppleTalk

• The system may unexpectedly stop sending AARP request packets. Turning on AARP gleaning may help alleviate the problem. [CSCdi41414]

• When using the ARAP client 2.1, the user is not able to dial in to an AS5200 with Cisco IOS Release 11.1 if the AS5200 has autoselect configured.

To work around this problem, do one of the following:

- Remove autoselect and use ARAP dedicated.

- Use the ARAP 2.0.1 client.

- Turn on MNP10 on the ARAP 2.1 client.

- Modify the client CCL script to extend the pause to 3 seconds before exiting. [CSCdj09817]

• The Catalyst 5000 RSM with only 16 MB of RAM may experience a system reload at initialization if running the -jsv image. The workaround is to add more memory. [CSCdj63501]

Basic System Services

• On RSP interfaces, optimum switching is supposed to be the default. However, depending on the link order of the image, it can default to off. [CSCdi54567]

• If you see the message "%RSP-3-RESTART: interface Serial x/y, output stuck" on an RSP-based platform, you might have problems with the output interfaces. This problem can occur when bursty traffic is optimum-switched to an output interface on which either fair queue or transmit-buffers backing-store is enabled. A possible workaround is to disable optimum switching. [CSCdi56782]

• The router might reload when trying to process the show accounting command. [CSCdi69364]

• In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• Adding an RSRB peer with direct encapsulation on a Cisco 7000 router configured with CSNA causes a "%RSP-3-RESTART: cbus complex restart" message and takes down the CIP interface. [CSCdi82836]

• Fast switching and optimum switching counters should be broken out separately in the output of the show interface switching command. [CSCdi87008]

• Enabling custom queuing on a Cisco 7200 router may result in an excessive increase in CPU use. [CSCdj05099]

• A timing window within ccp_up could cause the router to crash if a packet gets sent to the hardware or distributed compressor while CCP is coming up. [CSCdj12504]

• Under heavy interrupt load, driver instrumentation gets hit repeatedly while processes are accessing the instrumentation variables (for example, last output time). This causes a number of problems, including stuck output and incorrect user displays. There is no known workaround. [CSCdj15583]

• A router configured with the ip identd and with aaa authentication login default tacacs+ enable commands reloads itself under these conditions:

- The router is resolving host names via an external DNS server.

- The TACACS server is down.

- The user gains access to the router via the backup "enable" method.

- The user attempts to Telnet from the router to a host on the network.

After the Telnet is initiated, the router immediately reloads.

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default). [CSCdj19961]

• A recovery mechanism for misaligned 64-bit accesses has been added. This new functionality is similar to the current misaligned handler for shorter misaligned accesses. [CSCdj20738]

• Currently, Cisco 7200 series routers do not produce a core dump for the I/O memory region in any Cisco IOS release. Sometimes it is necessary to get this information if memory corruption is suspected. [CSCdj25189]

• On a Cisco RSP7000 or 7500, optimum switching appears to negatively interfere with Frame Relay switching. An IP route cache is created and connectivity between sites is lost. The behavior appears to be sporadic. [CSCdj26122]

• The tacacs-server directed-request restricted command applies only to authentication, not to accounting or authorization. Therefore, there is no way to restrict a user's authorization or accounting to a given set of servers, which can lead to inconsistencies. For example, authentication for a directed user can be attempted only on the restricted servers, whereas authorization or accounting can be attempted on nonrestricted servers as well. This inconsistency can cause authentication to pass while authorization fails for a given user. [CSCdj37496]

• In rare cases, an error may occur in Cisco routers. It may be seen as an error message describing an inconsistent state in allocating or deallocating blocks of memory.

An error was introduced by CSCdj42505 in Release 11.2 P and CSCdj22736 in Release 11.1CC. It does not exist in other IOS releases. [CSCdj44667]

• A Cisco router reloads with a bus error after adding three to four segments on a Cisco 7206 running Release 11.2(8)P. [CSCdj57506]

• An SNMP trap process can cause high CPU utilization. The workaround is to remove SNMP. [CSCdj63629]

• The patch added in CSCdi37706 and incorporated into Cisco IOS Releases 11.2(8.1), 11.2(8.1)P, 11.3(0.2) and 11.2(8.1)BC was intended to correct a cosmetic problem with command authorization.

Instead it exposed a bug in older implementations of the developers kit TACACS+ daemon (freeware) and will cause certain command authorizations to fail.

All freeware daemon versions prior to version 3.0.13 are subject to this problem including the ACE Safeword Security Server daemon. CiscoSecure daemons are not affected. [CSCdj66657]

• When a user dials into an AS5200/AS5300 using ISDN, the cpmActiveUserID object in the CISCO-POP-MGMT.mib is not updated and is left blank. [CSCdj66942]

• ARAP (ARA 2.1 & 3.0 client) with single line password using TACACS+ does not work.

To use the single line option, specify username*password in the username field and the word "arap" (lower case) in the password field.

The ARA 2.1 client returns the error "The connection attempt has failed. The server you called is not a valid Remote Access."

The ARA 3.0 client returns the error "User authentication failed. Check your user name and password and try again." [CSCdj68015]

EXEC and Configuration Parser

• When the encapsulation is changed on an interface from one that supports weighted fair queueing to one that does not, and the change is made from the console or auxiliary port, there may be an 8-Kb memory loss each time the encapsulation is changed. To identify this problem, examine the output of the show memory allocating-process command, which shows that the number of memory blocks allocated by the EXEC increases each time you change the encapsulation. If you do not change the encapsulation on an interface often, this problem should not have a significant impact on system performance. [CSCdi89723]

• If the line speed on an AS5300 is configured for tty lines that span a Microcom modem followed by a Moca modem, the output of the show running-config and copy running-config startup-config commands is wrong for the speed commands on those lines. [CSCdj41555]

IBM Connectivity

• Low-end platforms cache invalid RIF entries when using any form of the multiring command. This problem can also be seen in the DLSw reachability cache and with possible loops with LNM. [CSCdi50344]

• RSRB does not declare the peer dead until the keepalive times out. In order for RSRB to detect the dead peer so that the ring list can be cleaned up properly, set the keepalive value as small as possible. [CSCdi50513]

• Removing a DLSw configuration by configuring no dlsw local-peer and adding the DLSw configuration back can cause a memory leak in the middle buffer. [CSCdi51479]

• In some mixed-vendor bridge environments, Automatic Spanning Tree (AST) may not become active if the Cisco platform is the root bridge. The message-age-increment option is now available as part of the source-bridge spanning command to assist with the message-age count manipulation. This hidden command may be needed when the existing MAXAGE value is insufficient for network diameter and the maximum age is not configurable by the vendor bridges. [CSCdi53651]

• The LAN Network Manager (LNM) fails to link to the router's source bridge after the Token Ring interface is shut down on the remote router. The show lnm bridge command continues to display "Active Link" to the LNM. This problem does not occur when bridges are linked locally to the LNM. The workaround is to remove the source-bridge command from the Token Ring interface and configure it back in. [CSCdi53954]

• When the router is configured to use the DSPU feature, it may crash during deactivation of multiple downstream physical units (PUs). [CSCdi54114]

• A router may crash when DSPU debugging is enabled on a Cisco 4500 or Cisco 7500 router. [CSCdi54277]

• The BADLINESTATE message indicates that a frame was received while the router was transmitting. This points to a misconfiguration somewhere in the system as the bisync protocol is supposed to ensure half-duplex operation.

  • If the connecting device is configured FULL-DUPLEX or CONSTANT RTS, configure the interface bsc fdx.

  • The poll-timeout of the connecting HOST may be too short. To recover, issue the shut command on the interface. [CSCdi54541]

• Some NetBIOS applications that require a UI frame in response to Add Name Query cannot connect using a DLSw peer on demand if the NetBIOS circuit is the initial circuit that triggers the peer-on-demand to connect. [CSCdi54796]

• A sniffer trace shows duplicate ring numbers in the RIF when proxy explorers are in use. New SNA sessions fail to connect to the FEP. The workaround is to issue the clear rif command. [CSCdi55032]

• It is not possible to configure more than one DLSw remote peer using direct encapsulation for the same Frame Relay interface. The following error message is produced when the second peer is defined:

%Must remove the remote-peer to change the lf

The workaround is to use TCP encapsulation. [CSCdi55075]

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]

• A connection to a DLU (DSPU or APPN) across RSRB may fail if the remote SAP address is not enabled at the destination router. The workaround is to enable the remote SAP address. [CSCdi56660]

• DLSw FST encapsulation does not work over WAN, Token Ring, or FDDI interfaces. [CSCdi57207]

• An APPN router may unbind an LU6.2 session after receiving an unsolicited IPM with a nonzero next-window size. [CSCdi57730]

• A FRAS BNN-to-SDLC link does not restart when a Frame Relay interface is power-cycled. After the CSU is powered off, the "fras backup rsrb" kicks to put the SDLLC traffic across the RSRB peers. When the CSU is powered back on and the Frame Relay DLCI comes back up, the FRAS BNN connection to the SDLC nodes does not reactivate, although connections to Token Ring nodes do restart. [CSCdi61156]

• When an AS400 is configured as a network management focal point, it will initiate the MDS transaction program. The router does not handle it properly and corrupts memory.

The workaround is to turn off the focal point feature in the AS400. See the network attribute configuration panel in the AS/400. [CSCdi67820]

• A bus error occurred at PC0x169a46. The stack trace indicates a problem in the LNX process. This problem occurs on X.25. [CSCdi73516]

• When the fast source-route translational bridging feature is configured, packets are corrupted. The workaround is to issue the no source-bridge fastswitch ring-group fastswitch command, which disables the fast source-route translational bridging feature. [CSCdi87612]

• A Cisco 7204 router running Cisco IOS Release 11.2(4) and the rsr-bridging feature is intermittently reloaded by itself with a software-forced crash resulting from memory corruption. [CSCdj13017]

• A router configured for DLSw has a buffer leak in the middle and big buffers. Eventually, the router runs out of I/O memory.

The problem is related to the way DLSw backup peers are configured. This problem occurs only if the local router is configured with backup peer commands and the remote router also has a configured peer and is not promiscuous.

The workaround is to remove the DLSw backup peer configuration. [CSCdj21664]

• The backup is not invoked until the interface transitions to the down state. [CSCdj22613]

• When testing FRAS BAN for SDLC attached PU 2.1 and PU 2.0 and using RSRB backup over PSTN, the PUs failed to connect after the Frame Relay interface was brought back up after a link failure.

The output of the show fras command showed ls-reset backup enabled. In order to reconnect the PUs, the fras backup rsrb statement must be removed or the serial interfaces configuration deleted and then readded. [CSCdj39306]

• When using APPN ISR over an RSRB port over FDDI, a Cisco 7200 series router may start sending frames with the non-bitswapped address of the target device.

To work around this problem, configure a MAC address on the target device that is always the same whether it is canonical or non-canonical (for example, 4242.6666.ffff). [CSCdj48606]

• An APPN router may fail the ACT_ROUTE if using parallel transmission groups (TGs). This problem may occur when an APPN router has two parallel links defined with the adjacent node. If the adjacent node activated a link to the network node (NN) requesting a TG number that had previously been used for a different defined link activation, the NN may fail the ACTIVATE_ROUTE. The APPN router sometimes tries to incorrectly activate the route using the other inactive link that has the same TG number. [CSCdj49814]

• Under certain circumstances, APPN may crash with the following stack trace.

> System was restarted by bus error at PC 0x6C75DC[_Mfree(0x6c75b6)+0x26], address 0xFFFFFFF8[_etext(0x73ab50)+0xff8c54a8]
> Image text-base: 0x00012000[__start(0x12000)+0x0], data-base: 0x0073AB50[__etext(0x73ab50)+0x0]
> FP: 0x872C74[_etext(0x73ab50)+0x138124], RA: 0x6588BC[_session_failure_clean_up(0x658502)+0x3ba]
> FP: 0x872EB8[_etext(0x73ab50)+0x138368], RA: 0x65C6E6[_process_cp_status_sig(0x65c2da)+0x40c]
> FP: 0x8730F0[_etext(0x73ab50)+0x1385a0], RA: 0x64D820[_xxxmss00(0x64d64e)+0x1d2]
> FP: 0x873210[_etext(0x73ab50)+0x1386c0], RA: 0xB720C[_process_hari_kari(0xb720c)+0x0]

[CSCdj51051]

• Frames may get corrupted while moving from an Ethernet segment to a FRAS-BAN interface. This is because of a problem in transparent bridging with Frame Relay. This caveat is the same as CSCdj47881. [CSCdj58692]

• A Cisco 2500 series router can crash when configuring the x25 map qllc ntn command in a DSPU PU over X25 configuration. There is no known workaround. [CSCdj61675]

• When source-route translational bridging is used, LLC sessions initiated from the transparent domain results in the source route's largest frame being incorrectly set to 4472 bytes instead of 1500 bytes. The result is that SNA and NetBIOS sessions may fail if the source-route station sends a frame with a payload that exceeds the maximum allowable size of 1500 bytes for Ethernet media.

The problem typically occurs when NetBIOS is utilized to allow workstations to communicate between Ethernet and Token Ring. It also occurs when SNA is used.

The workaround is to disable fast-switching by using the no source-bridge transparent fastswitch command or configuring the end stations to use frames with a payload of less than or equal to 1500 bytes. [CSCdj62385]

• The APPN router may have an excessive amount of processor memory allocated to APPN after experiencing several spikes in APPN processing. The APPN memory manager was optimized to release groups of unused pools back to the operating system. [CSCdj62502]

• A Cisco 4500 router running Release 11.2(9.1) crashed when configured for bisync (BSC) [CSCdj65763]

• The router may send a FRMR when the role is primary. The default behavior is changed so that it can only send FRMR as a secondary. If this presents a problem, use the frmr-disable interface configuration option to prevent a FRMR from being sent as a primary or secondary. [CSCdj66967]

• Any DLUR installation with over 800 to 1000 downstream PUs may experience a reload with the following backtrace:

[abort(0x601f2c3c)+0x8]
[crashdump(0x601f0b20)+0x94]
[process_handle_watchdog(0x601c2f08)+0xb4]
[signal_receive(0x601b7d58)+0xa8]
[process_forced_here(0x60169424)+0x68]
[locate_node_index(0x607dbcc0)+0x64]
[etext(0x60849e00)+0xcbee04]

[CSCdj67966]

• DSPU over RSRB with FST encapsulation reloads with a bus error similar to the following, when an upstream or downstream connection is initializing:

System was restarted by bus error at PC 0xCC6B8, address 0xFC4AFC82 4000 Software (C4000-JS-M), Version 11.2(10.3), MAINTENANCE INTERIM SOFTWARE Compiled Mon 01-Dec-97 19:45 by ckralik (current version) Image text-base: 0x00012000, data-base: 0x0076AE64

The workaround is to use TCP encapsulation for RSRB or to switch to DLSw. [CSCdj68261]

Interfaces and Bridging

• The serial interface on a Cisco 2500 series router enters a looped state if it is configured as a backup DTE interface and if the cable is disconnected and reconnected a few times. To fix the problem, enter the clear interface command. [CSCdi32528]

• Running SRB over FDDI on Cisco 4000 series routers may not perform as well as expected. However, this behavior should not seriously impact network functionality. [CSCdi69101]

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]

• The FDDI interface driver can interact poorly with OSPF during OIR, causing SPF recalculations. This occurs only when OSPF is running on a FDDI interface that is not being inserted or removed. This fix eliminates the spurious indication from the driver that the SPF recalculation needs to take place. [CSCdi81407]

• Running high traffic on a Cisco 3620 that is running Cisco IOS Release 11.1 AA images on a two Ethernet in/two Ethernet out testbed shows that the sustained performance for fast-switching drops dramatically at near-line rate. The problem disappears once traffic is reduced. This problem does not occur with Release 11.2 P images. [CSCdi83922]

• OIR removal of a FIP from one slot into another will cause the FDDI to permanently remain in DOWN/DOWN. A reload is needed to get it up. OIR removal and putting it back into the same slot works fine. [CSCdi87221]

• A TRIP interface configured for transparent bridging but not configured for source-route bridging may silently drop some incoming frames. Specifically, if the interface receives a frame with a length less than 120 bytes and the RII bit is set (indicating a source-route bridging frame) it may drop the next frame received. This can cause the interface's keepalive processing to fail and can lead to sporadic resets on the interface. [CSCdi88756]

• A Cisco 7500 series router might resign its active HSRP status when configured on an FEIP, if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• The POS interface specific configuration commands pos specify-s1s0 and pos specify-c2 do not work correctly. [CSCdj09646]

• A Cisco AS5200 crashes with a bus error if it is powered on without any modem modules plugged into it. [CSCdj20225]

• Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload. [CSCdj22485]

• The V.110 modules in an AS5200 fails the first time the autoselect ppp command is used after power up or when the modem hold-reset command is used on all 12 ports simultaneously.

A workaround for this problem is to execute the clear line command on all V.110 lines after the following events:

• Power up initialization.

• Using the modem hold-reset command on all 12 ports.

[CSCdj23972]

• Setting encapsulation fddi without bridging enabled on a VIP2/FDDI and FIP in RSP causes the interface to bridge transparently. The encapsulation fddi command should only be used with bridging enabled. As a workaround, use the no bridge-group 1 command to disable bridging. [CSCdj24479]

• The pos specify-s1s0 and pos specify-c2 POS-interface-specific configuration commands do not work correctly. [CSCdj25166]

• When a Token Ring interface is configured with a small MTU size, it could crash when it receives a frame larger than the MTU size. [CSCdj27678]

• The router does not respond to ARPs correctly when bridging IP on a channelized T1 interface. Therefore, Telnets to and from the router will fail. [CSCdj31285]

• A Cisco 2520 low-speed port may sometimes ignore group polls. This problem occurs on average once per minute and appears to occur only when the router is configured for half duplex and is using a DTE cable.

This problem has minimal impact on the performance of the multidrop line because a FEP usually resorts to individual polling. [CSCdj33392]

• IOS does not correctly return values for Token Ring soft error counters via SNMP. This may cause some SNMP management applications that query the Token Ring MIB to report errors. [CSCdj35713]

• Data corruption has been experienced at high bidirectional traffic rates. Corruption can also occur at high bidirectional traffic rates (when interface is throttling) when issuing the shut command.

Data corruption is possible if you are using Rev2 Mueslix and an release earlier than Release 11.2(9)P. [CSCdj43672]

• An AS5300 system with Microcom and Mica modems can crash if fast ring is disabled. The problem occurs because the code does not check for a Microcom or Mica carrier card before accessing registers on the board. The current code assumes a Microcom card.

Mixed Microcom/Mica configurations cannot be supported with this bug present. A similar crash with the same stack trace was also seen with only Microcom modems, but this is much harder to reproduce. [CSCdj44456]

• TTY lines on access servers may hang when control characters are sent in dumb terminal mode (no PPP or SLIP). A show line shows the TTY line in a ready state, but no response or prompt is seen from the access server when the activation character is sent (default is a return). Doing a clear line # does allow for the line to recover and respond to the activation character. [CSCdj46760]

• A "System restarted by bus error at PC 0x4262AA, address 0xFFFFFFFC" message may be received when the frame-relay payload-compression packet-by-packet command is entered under the subinterface. [CSCdj49344]

• On the Cisco AS5200 platform, a group of four ports may stop processing PPP packets on the interface. You can identify this problem by looking for a group of four contiguous ports that have a much higher volume of calls than the other ports on the AS5200. Currently, the only workaround is to reload the router. The port modems should be busied out until the router can be reloaded. [CSCdj51974]

• In rare cases, a Cisco 7200 series router with a Token Ring port adapter may crash if one of its Token Ring ports attempts to insert into the ring and fails due to a ring error. [CSCdj59796]

• With BVI used to route 802.2, the input queue counters might increment to the limit and then the BVI interface wedges until the router is reset. One possible workaround is to set the values high enough that the router stays up until it can be reset. [CSCdj68273]

• When IRB is enabled, the BVI interface may not overwrite the real incoming interface in the ARP response, so an incomplete ARP entry is installed and "wrong cable" is listed in the debug arp output. [CSCdj68785]

• The "%LINK-3-TOOBIG: Interface Lex1, Output packet size of= 1520 bytes too big" error occurred on a Cisco 4500 router after upgrading to Cisco IOS Release 11.2(9). [CSCdj69018]

• On a Cisco AS5100, the "%CIRRUS-3-SETCHAN: Serial3: setchan called in CD2430 interrupt context" error continuously appeared on the console. Users were still able to call into and connect with the router but performance was significantly impacted. [CSCdj69387]

IP Routing Protocols

• A spurious memory access can occur when switching from flow switching to process switching using the no ip route-cache command and then back to flow switching using the ip route-cache flow command. [CSCdj08350]

• A routing node is removed from the IP cache Radix tree and then the buffer is freed, but somehow it can still be traversed from the treetop and cause a crash (access after free). [CSCdj17314]

• A crash occurred because of a memory leak. Output from the show memory command shows "IP Input" and "Pool Manager" holding onto memory. [CSCdj23080]

• Currently all packets denied by an access list are sent to the process level to generate an ICMP administratively prohibited message. Some of these packets are dropped because Cisco routers limit ICMP generation to two packets per second. This behavior results in excessive CPU load. [CSCdj35407]

• In some instances, a configured BGP router ID is not used after the router reloads. Instead, the router uses the highest IP interface address as its router ID, until the clear ip bgp command is executed.

A workaround is to configure a loopback on the interface whose address is greater than any other address on the router. [CSCdj37962]

• If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]

• When attempting to set the ipNetToMediaType value with SNMP, the following error is returned and the value is not set:

snmpset: The value given has incorrect type or length. [CSCdj43710]

• In the presence of a large number of subnets, a CPUHOG message similar to the following may be generated:

%SYS-3-CPUHOG: Task ran for 2608 msec (73/65), Process = BGP scanner, PC = 176388

[CSCdj45966]

• Manual summarization with EIGRP does not work correctly. A summary route does not get advertised but one or more of the more specific routes do. [CSCdj46525]

• A router is crashing in GRE fast-switching routines without any changes in topology or configuration. [CSCdj50361]

• RIP might cause a "SYS-3-CPUHOG" message. [CSCdj51693]

• Remote routers connected to a Cisco 7513 used as hub Frame Relay router cannot see the IPX servers local to the Cisco 7513. The Cisco 7513 reloaded afterwards. [CSCdj54367]

• A Cisco 7000 series running Cisco IOS Release 11.2(9) crashes in dual_rtupdate. [CSCdj54728]

• Under certain conditions, an LS type 5 is not generated by the ABR in response to a received LS type 7. [CSCdj55301]

• A router may crash when configured with a very large IP accounting threshold. A workaround is to configure a small threshold or to leave it at the default. [CSCdj55512]

• With certain route-map configurations or a soft-reconfiguration, the LOCAL_PREF for a path may be set to zero, resulting in the wrong path being selected. [CSCdj55839]

• A problem occurs when a third EIP6 is added to a Cisco 7000 series already running EIGRP on two EIP6s, a TRIP4 and an FIP in an EIGRP topology. In the EIGRP topology, some of the networks that connect to the existing Ethernet interfaces may be lost. The IP routing table still shows the routes but not all connected networks are advertised in EIGRP. A workaround is to issue the redistribute connected command. [CSCdj57362]

• Under rare circumstances, a BGP router sends BGP updates with a duplicate community attribute, which triggers the neighbor reset. [CSCdj64103]

• EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj68388]

• When an interface is configured to send RIP V1 packets while running RIP V2, the router sends out corrupt packets. V2 packets are not effected. There is no known workaround. [CSCdj69026]

ISO CLNS

• If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]

• A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem is a result of the node being deleted and freed in the middle of tree walk. This is an IS-IS (using AVL tree) specific problem. [CSCdj18685]

• A dynamically discovered CLNS route does not overwrite a static CLNS route pointing to a down interface. As a workaround, remove the static route definition from the configuration and issue the clear clns route command. [CSCdj31228]

LAT

• LAT services are not available on the router when IRB is enabled. [CSCdj52841]

LLC Type 2

• A Cisco 4700 router may report intermittent "SYS-2-LINKED" error messages even though there is no memory shortage. [CSCdi52327]

• When running DLSw+ over Ethernet, the router transmits corrupted frames on retransmission. The retransmission occurs on receipt of a REJ frame from the end station or if an acknowledgement of the frame is not received within the LLC2 T1 timeout. [CSCdi52934]

• Timers are not cleaned up properly in LLC2. This may result in crashes when RSRB local acknowledgment is used under a high load. [CSCdj42474]

Miscellaneous

• Netview Service Point acquires but does not free VTY lines. The only way to recover the VTY lines is by using the clear line command. [CSCdi51685]

• A memory leak can occur that is related to the traffic rate and the TCP process. This leak is difficult to reproduce, but can be identified by an input queue wedge on a router configured for RSRB with TCP encapsulation. The output of a show buffer command indicates memory errors. Other symptoms include small buffers being created but not trimmed, and explorers being received with a wrong SNAP type value. [CSCdi54739]

• Only the Cisco 7500 family running encryption over VIP interfaces is affected by this problem.

RSP software based encryption does not work when encrypted traffic is flowing over any Cisco 7500 VIP interface. Customers with VIP2-40 or higher interfaces need to run VIP distributed encryption. There is no workaround for other VIP2 models other than using an older non-VIP interface. [CSCdi74884]

• Packets may become stuck in the input queue of the destination interface if traffic sent over a GRE tunnel is encrypted. The packets become stuck in the input queue when the encrypted session between the peer routers is not established. The not established condition exists when traffic to be encrypted first begins flowing and also when the encrypted session time duration expires. The impact of this caveat can be lessened by configuring the encrypted session timeout to be substantially longer than the 30 minute default with the crypto key-timeout minutes command. [CSCdi90177]

• When a no shut command is issued on the ISDN interface, and logging and logging trap is configured, the router crashes. [CSCdj05365]

• If a CIP TN3270 PU is configured to connect from the host to the CIP via NCP, the link may fail. The workaround is to configure the CIP TN3270 PUs as connecting at the host. [CSCdj07152]

• Configuring both ISL and Multilink Multichassis PPP can cause a memory consistency check failure. The failure may lead to a software forced crash after a few calls have been received. [CSCdj22189]

• Under rare circumstances, the Cisco AS5200 may issue the "%SYS-3-BADMAGIC: Corrupt block at 20000000 (magic xxxxxxxx)" message and crash with a software forced crash. There is no workaround at this time. [CSCdj22429]

• HSRP can raise the CPU while the peer HSRP router is reloaded. The problem occurs when there is more than one HSRP group and the two peer routers have many HSRP peers. This caveat addresses HSRP scalability. The workaround is to reduce the HSPP groups, and/or increase the HSRP hello and hold time. Another symptom is that the interface resets go up until HSRP is stabilized. [CSCdj29595]

• Both HSRP routers on a FDDI ring go active and stay active on a Cisco 7000 series FDDI port adapter. Network instability can cause a FDDI ring to partition or be disrupted in a manner that causes HSRP peers to not receive hellos from their neighbors and therefore become active.

HSRP routers send hello packets from a virtual MAC address, which is a function of the standby group number. When the ring heals, both routers are active and sourcing hellos from the same (virtual) MAC address.

FDDI devices must strip their frames off the ring. One method of doing this is to recognize frames by source MAC address. When the problem occurs, the FDDI PAs will mistakenly strip the other router's packets from the FDDI ring without processing them. This causes both routers to remain active since they do not hear hellos from their neighbors.

This problem can also occur when FDDI PAs are used in conjunction with other FDDI interfaces, such as the FIP or Cisco 4000 series FDDI module.

If only one standby group is in use, the standby use-bia command can be used on both routers to cause hellos to be sourced from the burned in address instead of the virtual MAC address. This will prevent the problem.

If the problem occurs, performing an interface reset by issuing the shut and no shut commands returns the routers to a normal state.

Increasing the HSRP hello intervals causes the problem to occur less often since the routers will be able to tolerate a longer period of instability before missing enough hellos to go active. [CSCdj30049]

• An AppleTalk packet traveling through RSM from one VLAN to another receives an improper 802.3 packet length. This affects other network devices that use this field. [CSCdj36862]

• A router running encryption may show "%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60825E" messages. This means that the router had to access from memory twice in order to execute an instruction. It does not affect the connectivity operation of the router. At this time, the CPU overhead has been minimal. [CSCdj43491]

• A Cisco 7513 running Cisco IOS Release 11.2(9)P with a channelized E1 card and channel-group configured has a problem when a 40-bit crypto session is configured. When the crypto session from the Cisco 7513 side is started, the session is set up fine. However, the interface link protocol will go up and down. The only way to recover is to remove the channel-group and add it back on without crypto configuration [CSCdj50970]

• A Cisco 3620 router restarts after a software-forced crash at PC 0x60198F78. The decoded stack indicates memory corruption. [CSCdj51896]

• BOOTP/DHCP fails when attempted over an encryption session between routers if the BOOTP/DHCP traffic will be encrypted by matching the access list. This failure also affects any packets that are forwarded by the ip helper address command, such as Windows 95 Netbios over TCP/IP. The workaround is to adjust the access list so that these packets are not encrypted. [CSCdj54355]

• A router crashed after adding a new crypto link. [CSCdj60818]

• RBE from RSP2 to Cisco 4000 over Frame Relay subinterfaces fails. Other combinations do not fail. [CSCdj65337]

Novell IPX, XNS, and Apollo Domain

• Adding XNS back into a router's configuration after it has been removed may cause a system to restart by bus error. This may only be a one-time event if it occurs at all. [CSCdj16694]

• When using IPX-EIGRP over ISDN with floating static routes, there may be a short delay (about 10 seconds) before the application is able to get through. [CSCdj38031]

• Before a floating static route is installed, a waiting period is observed when the network is down and unreachable. If IPX watchdogs or SPX keepalives arrive during this time, they will be dropped, leading to session timeouts. [CSCdj50629]

• A problem occurs when using a floating static route across an ISDN link and IPX EIGRP is the primary dynamic routing protocol. When the link goes down, the EIGRP route is installed but after the floating static is configured and the line goes down and then back up there is no route to that network. The EIGRP route is received but never fully installed because of what seems to be incomplete removal of the floating static route. [CSCdj52947]

TCP/IP Host-Mode Services

• Under rare circumstances, a router reload may occur while running TCP to X.25 protocol translation. [CSCdj23230]

Wide-Area Networking

• When using a VIP controller in a Cisco 7000 series router with a Silicon Switch Processor (SSP), the SSP cannot access the second port adapter when the VIP is installed in slot 4. As a workaround, install the VIP in slots 0 through 3. [CSCdi41639]

• When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command. [CSCdi45360]

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should be also configured on the serial interface to achieve effective traffic prioritization.

See associated caveat CSCdi52882. [CSCdi52067]

• When configuring PVCs on the AIP, you may observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)

%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• On a Cisco 4500 or Cisco 4700, a packet may be registered in both the input and output hold queues when going from ATM to other network links. This may affect the values of the input and output queue length fields in the output of the show interface command. On a Cisco 4500 or Cisco 4700 configured with ATM, another fast network link, and a slow network link, this behavior may have some impact on the overall throughput of the traffic from ATM to another fast network link when the slow link is flooded with too many packets from ATM. However, we are unaware of any environments in which network functionality could be seriously impaired by this. The correct router behavior would be to drop packets over the slow link without affecting the traffic from ATM to another fast link. [CSCdi69441]

• ARP replies are not sent over a PPP multilink interface. As a workaround, you can configure a static ARP on the remote device or disable PPP multilink. [CSCdi88185]

• The transmitter on an ATM interface on a Cisco 4000 series router could hang if PVCs or SVCs are cleared (torn down/ removed using command line interface) when the OUTPUT queue is wedged. [CSCdi90150]

• ISDN leased-line does not come up after a reload on a Cisco 3600 series router. [CSCdj03228]

• A problem has been observed on a Cisco 3640 router running Cisco IOS 11.1(8) with an 8-port MultiBRI with built-in NT-1 module. Upon power up, the user is unable to use the BRI interfaces. These interfaces report not receiving TEI or EID information from the local switch. The local switch is an AT&T 5ESS emulating NI-1.

A workaround is to disconnect and reconnect every BRI interface once the router is fully operational.

This problem seems to be related to CSCdj04241. [CSCdj04625]

• Configuring STUN peers on a DLSw network causes the DLSw peers to disconnect.The debug on DLSw shows a "DLSw: keepalive failure for peer on interface Serial" message. The STUN process looks like it is intercepting the DLSw keepalives. [CSCdj08875]

• When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fails, the subinterface may bounce once or continually during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]

• Dynamic DLCI mappings may inadvertently remain mapped after switched virtual circuit teardown, as can be seen using the command show frame-relay map. [CSCdj11851]

• In some circumstances, the system may reload when using the dialer hold queue.

As a workaround, configure the no dialer hold-queue command. [CSCdj12397]

• Intermittent ping failure may occur when pinging over a DDR interface using LAPD encapsulation. There is no workaround [CSCdj20072]

• Frame Relay SVC calls may give the following Traceback message:

%SYS-2-LINKED: Bad enqueue of 8F3288 in queue 9570C8
-Process= "LAPF Input", ipl= 6, pid= 36
-Traceback= EBE30 EAA88 4A73B4 4A8E10

[CSCdj29721]

• Back-to-back branch instructions can cause unpredictable things to happen with the MIPS processor. When one was found in the no_throttling() function, a nop was inserted to avoid possible problems. [CSCdj29854]

• In the ISDN Layer2, Layer3, and management entity tasks, memory pointers become invalid. The problem results from a race condition between tasks when memory is freed in one task and then another task attempts to access this now invalid pointer. This scenario has been seen only on ISDN BRI platforms in which a number of the BRI interfaces experience persistent deactivation causing the management entity to be shut down. Add validmem_complete() checks before accessing or freeing pkt, pkg or primitive pointers. [CSCdj40403]

• When ATM traffic-shaping is enabled on an ATM interface along with priority-queueing, priority queuing does not work as desired.

To work around this problem, turn off ATM traffic-shaping over that interface. Another workaround is to use Cisco IOS Release 11.2(2) or earlier, including Release 11.1. [CSCdj45778]

• A problem occurs when memory is low and someone executes a show isdn history command. [CSCdj46541]

• When the ip tcp header-compression and ppp multilink commands are configured together on the same interface, the router may crash.

The workaround is to remove the ip tcp header-compression or ppp multilink commands. [CSCdj53093]

• Multilink will only bring one link when used as backup on a DDR interface even though dialer-load threshold is configured. To work around this problem, configure the no ppp multilink command. [CSCdj56109]

• A problem has been identified with traffic shaping on the Cisco 4500 ATM NIMs. [CSCdj56673]

• Under rare conditions, an RSP4 may reload when an FSIP with active HDLC encapsulation interfaces is in use. [CSCdj57591]

• A Cisco 7500 series router with an AIP running Cisco IOS Releaes 11.2(6) might give out the following error messages:

atm_parse_packet(ATM2/0):Invalid VC(0) received, type=A2D2
atm_parse_packet(ATM2/0):Invalid VC(0) received, type=A2D2
atm_parse_packet(ATM2/0):Invalid VC(0) received, type=A2D2

In addition, the input errors displayed by the show interface atm command increase.

This problem seems to occur only with Release 11.2(6). The workaround is to downgrade to Release 11.2(4) [CSCdj57704]

• When configuring map-class frame-relay BC committed-burst-size, the system may encounter a CPU exception with reason = EXEC_ADERR(1200) and restart.

There is no workaround, for this intermittent problem. [CSCdj62139]

• When using Frame Relay SVCs, Cisco IOS appears to not include the magnitude parameters for Be and Bc on the SVC CONNECT message. It only includes them in the SETUP message. The SVC circuits are on S4/0 for both routers. Without the magnitude parameters, the biggest value Bc and Be can be is approximately 130 Kb. There is no known workaround. [CSCdj63173]

• Some Windows 95 dial sessions that use script files do not connect to an asynchronous interface on Cisco access servers. [CSCdj63311]

• A Frame Relay interface configured for ANSI LMI will acknowledge a Cisco LMI update when the router should ignore it. [CSCdj64207]

• A Cisco LS1010 may not be able to establish an SVC when acting as an RFC1577 ARP client. Debugs reveal "Quality of Service Unavailable." [CSCdj64327]

• The map-class commands frame-relay bc out and frame-relay be out are accepted by the Enterprise image. These parameters are relevant for SVC setup. However, the traffic shaping code does not use them As a result, the values appear to be unset. This behavior can be avoided by using the commands frame-relay bc number and frame-relay be number [CSCdj65624]

• When running LAPB over a DDR interface with dialer hold-queue configured, a traceback error message is generated when dialing out and the call connects. The traceback is not catastrophic but indicates a 20-byte memory leak on every dial attempt. As a workaround, configure the no dialer hold-queue command on the DDR interface. [CSCdj65756]

• The router may reload when booting up an image from a saved X.25 routing configuration. This problem was introduced in Release 11.2(10.1). [CSCdj67115]

• When the system is reducing its rate in response to the receipt of BEcNS, the reduction may not be predictable. Rate adjustments are made once per interval if any number of BECNs were received during that interval. [CSCdj67297]

• Configuring a PVC via the frame-relay interface-dlci command on multipoint subinterfaces causes a system reload if the PVC was previously learned via inverse ARP. [CSCdj67510]

• A BRI interface may lose a TEI after it is reset. The router fails to request a second TEI after the reset. If the BRI is reset a second time, the router regains both of the TEIs. [CSCdj69824]

Caveats for Release 11.2(1) through 11.2(10)

This section describes possibly unexpected behavior by Releases 11.2(10) and 11.2(10)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(10) and 11.2(10)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(10) and 11.2(10)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(11) and 11.2(11)P.

Access Server

• When Frame Relay over ISDN is configured on a LES-typed driver based platform (such as a Cisco 7500, 5200, or 7200 series router), and the input packets are fast-switched (for example, the output interface has fast switch mode enabled), the BRI/PRI interface has an input queue wedge problem. The symptom was that the input queue count was incremented up to the maximum queue length and then began to drop input packets. [CSCdj45631]

AppleTalk

• When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• IPTALK is completely broken in Release 11.2 because the llap header is missing in all IPTALK packets. There is no workaround. [CSCdj50179]

• An IPTALK interface will not come up after a reboot if the order of tunnel interface precedes its physical interface (for example, Ethernet or serial). The symptom is that the iptalk command from tunnel interface disappears after reboot. There is no workaround. [CSCdj58363]

Basic System Services

• Sometimes a memory leak that consumes I/O memory can be triggered in the pool manager. [CSCdi90521]

• Under extremely heavy CPU interrupt states, a router with FSIP, CT3 or any serial interface may experience the following "output stuck" error message:

%RSP-3-RESTART: interface Serial12/0/0:28, output stuck

The problem occurs on Cisco routers in the 7000 family using the CT3 or 4/8 port FSIP cards or any serial interface under Cisco IOS Release 11.1(10)CA, 11.1(11), and 11.2. It has been observed only under oversubscribed traffic load.

As a workaround, configure the interface for FIFO queueing via the no fair-queue command.

The command transmit-buffers backing-store is on by default when an interface is configured for weighted fair-queueing. If the no fair-queue interface command is used, which changes the queueing strategy to FIFO, then transmit-buffers backing-store is off by default.

This caveat has been resolved in the following Cisco IOS releases: 11.2(6.2)P 11.1(11.4) 11.1(11)CA 11.1(11.4)IA [CSCdj12815]

• If a map-list is configured, the show running command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]

• An EXEC prompt does not appear until the TCP connection for accounting EXEC is sent and acknowledged. Accounting EXEC acts like wait-start, even though start-stop is configured. [CSCdj27123]

• Performing a Telnet from the router with TACACS configured might cause a router to reload with a bus error. The exact cause is still under investigation.

This problem has been seen only with Cisco IOS Release 11.2 or later. [CSCdj36356]

• A Cisco 7200 or 3600 series router may crash with a bus error when doing protocol translation between X.25 and PPP. The workaround for the problem is to turn on header-compression passive in the translate statement. [CSCdj37556]

• When traffic shaping on the Cisco 7500 series routers, enough traffic may not be switched to achieve the specified traffic level. [CSCdj50861]

• The Cisco 7500 series routers may not correctly allocate the right number of packet memory (memd) buffers to some network interfaces. The problem requires a large number of interfaces whose collective bandwidth is high, but their MTU is smaller than another buffer pool.

For example, a problem was found with a Cisco 7500 using a large number of Fast Ethernet and/or Ethernet interfaces and one or more FDDI interfaces. The pool of packet memory should have allocated 80 percent of the memory to the Ethernet and Fast Ethernet interfaces, which use an MTU of 1536. Instead it received 20 percent of the memory, and the lone FDDI interface with MTU 4512 got 80 percent of the packet memory.

The problem occurred with 55 Ethernet, 6 Fast Ethernet, and 1 FDDI network interfaces. The problem did not occur with fewer interfaces, specifically 36 Ethernet, 5 Fast Ethernet, and 1 FDDI interfaces.

The problem may show up as a high number of input drops on some router interfaces. [CSCdj55428]

• At times, a Cisco 1000 series router sends SNTP queries to the next hop on the route instead of to the address configured in the SNTP server statement in the configuration. [CSCdj56216]

• The input queue may be wedged with IP packets if the exception dump command is configured.

The following are known workarounds:

- Increase the input queue to 175. ([75]Original Queue amount+[100] per exception dump x.x.x.x command)

- Remove the exception dump x.x.x.x command.

[CSCdj58035]

• When Frame Relay traffic shaping is enabled on a serial interface, disabling and reenabling weighted fair queuing will cause a system restart. [CSCdj58431]

• When a router is highly loaded and traffic-shaping is active on the outgoing interface, it might be possible that LMI control messages get queued in traffic-shaping queues, causing LMI protocol to go down. [CSCdj64221]

• When frame-relay traffic-shaping is enabled and the clear counters command is issued, the system may restart.

The workaround is to remove and then reenable frame-relay traffic-shaping to clear its counters. [CSCdj65742]

IBM Connectivity

• The APPN router may crash during an SNMP access to the APPN MIB. This problem occurs only after an unused APPN node is garbage-collected. The crash has the following backtrace:

System was restarted by bus error at PC 0x8B5902, address 0x4AFC4AFC PC: process_snmp_trs_tg_inc

0x8B5CAC:_process_ms_data_req_trs(0x8b5aaa)+0x202 0x87E5FE:_xxxtos00(0x87d6b0)+0xf4e 0x180E5C:_process_hari_kari(0x180e5c)+0x0

[CSCdj36824]

• On RSP-based routers, the pseudo-MAC address assigned to a bridge port on a source-route bridge virtual ring group is incorrectly formatted to Ethernet format during Cisco IOS startup. This MAC address is used to establish a bridge link from IBM LAN Network Manager and can be shown by using the show lnm config EXEC command. [CSCdj38360]

• A downstream LU is unable to get the logo screen from the host even though other LUs on the downstream PU can. The router shows the DSPU state of that LU to be Reset or dsLUStart, while the host shows the state as Active. The LU is recovered by deactivating, then reactivating the LU at the host.

This state may occur if the downstream LU has previously failed to reply to ACTLU, or if the host has failed to respond to a NOTIFY (available or not available) from DSPU within a timeout period of 20 seconds.

Recovery requires the host operator to recycle the LU at the host. [CSCdj45783]

• When RSRB with TCP encapsulation is configured with priority peers and some of the priority peers are closed or dead, an explorer packet may continuously try to open the closed or dead priority peer. After several tries, the router may crash with memory corruption. [CSCdj47493]

• Executing a show source command may cause the router to restart unexpectedly if a virtual ring group or remote peer is deconfigured when the source-bridge command output is waiting at the -- more -- prompt.

The workaround is to not reconfigure virtual rings or remote peers while executing a show source command. [CSCdj49973]

• Normal nonextended unbind (0x3201) was extended with corrupted information, which caused rejection by the host. As far as the host is concerned, the session is still active. A user cannot clean up this session without bringing down the link. [CSCdj50581]

• RIF may be modified incorrectly when multiring and SRB proxy explorer are configured on an interface but the SRB triplet is not configured, as shown in the following example:

interface TokenRing0/0
ip address
multiring ip
source-bridge proxy-explorer

Note the absence of the source-bridge locRn bn remRn command.

The source-bridge proxy-explorer statement does not show up in the configuration unless the SRB triplet is configured.

A workaround for this problem is to configure the no source-bridge proxy-explorer command. [CSCdj51631]

• When running proxy explorer and NetBIOS name caching on a Token Ring interface of a Cisco 7200, alignment errors occur. [CSCdj52522]

• A router may reload when removing configuration of X.25 PVCs for QLLC. [CSCdj57872]

• When an actpu is followed by a dactpu from VTAM and there is no response from the downstream device to either flow, after a disconnect is received from the downstream device, DLUR will send a -rsp(actpu) upstream instead of the proper flow, a +rsp(dactpu). This can cause the PU from the DLUS perspective to hang in the PDACP state. [CSCdj61872]

• It is rare, but possible, for DLUS to send a -rsp(REQDACTPU). When this happens, it indicates that VTAM has already cleaned up the PU in question. When receiving this response, DLUR must clean up the PU in order to keep the PU from being stuck in the "stopping" state. [CSCdj61879]

• When using APPN/DLUR with a large number of LUs (over 1000), a memory spike can occur during the processing of a downstream PU outage. In extreme cases, this memory spike can be large enough to exhaust memory in the APPN/DLUR router, which can cause a reload. [CSCdj61908]

• Session attempts fail with DLUR generating a sense 08060000 in a rare case where the LU name list gets corrupted. This problem is easily identified by the VTAM LU showing active state, while the show appn dlur-lu name display does not show the LU. [CSCdj62172]

Interfaces and Bridging

• When ip route-cache cbus is configured on an interface, intermittent router crashes could occur because of an incoherent cache entry data structure.

If this incoherency occurs and does not cause a router crash, it may instead cause cbus switching to be automatically disabled, and the interface resorts to fast switching (or SSE switching if SSE switching were also configured). [CSCdi43526]

• When adding to or removing a subinterface from a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. The whole interface resets when a user tries to add the ip address command. A workaround for part of the problem is to turn off CDP globally or on individual interfaces. In this case, turn off CDP on the serial interface before adding or removing subinterfaces. CSCdj02488 (integrated into Cisco IOS Release 11.1(11) and 11.2(5.1)) fixed the rest of the problem.[CSCdj07291]

• Under certain conditions, packets may stay on the input queue. The condition that caused packets to stay on the input queue has been removed. [CSCdj30087]

• When transparent bridging to a Token Ring interface, the interface can read in a frame it has forwarded onto the Token Ring interface. This will cause the bridge table to be incorrect. This problem affects only the mid-range and low-end platforms. [CSCdj41666]

• A Catalyst 5000 RSM populated with an ATM Port Adapter with LANE client(s) configured can get its ATM interface stuck in a down state if a user creates new VLAN interfaces.

Symptoms include the following message being displayed to the console:

%CBUS-3-CATMREJCMD: ATM0/0 Teardown VC command failed (error code 0x0008)

Saving the RSM configuration and reloading its image will clear the error condition. [CSCdj41802]

• Compression for HDLC encapsulated bridging only payload compresses Spanning Protocol packets. Actual bridged packets are forwarded with their payloads uncompressed. Prior to this release, bridged packets may have had their MAC addresses corrupted if STAC compression was enabled with HDLC encapsulation. [CSCdj50894]

• In Cisco 7500 series routers, sh dialer is not working. The workaround is to use sh dialer int serial x/y . [CSCdj51612]

• A Cisco Catalyst 5000 cannot change packet format from SNAP to ARPA. [CSCdj53698]

• With IRB configured on the router, IPX clients cannot log into services on a bridged interface. Removing the IPX routing from the BVI fixes the bridged interface but you lose the routing. At this time, this feature is not supported. [CSCdj54050]

• If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies, such as ARP resolution not working or ARP resolutions taking place but you cannot ping the neighboring device. [CSCdj54558]

• AppleTalk might fail when packets are bridged through PPP transit. [CSCdj61857]

IP Routing Protocols

• A router may crash with a "System restarted by bus error at PC 0x60394488, address 0xD0D0D0D" message when running Cisco IOS 11.1(9) RSP with a heavy load of EIGRP and CSNA traffic. [CSCdj29447]

• If OSPF external routes are summarized using the summary-address command, and the number of external routes being covered by this summary address drops to zero, the external summary will be flushed, but the router originating the summary will not install any matching external or nssa routes that may be present in its database.

The router can be forced to install the matching route by using the clear ip route * command. [CSCdj32471]

• BOOTP requests being sent to 0.0.0.0 get forwarded to the gateway of last resort when there is one. [CSCdj33809]

• If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]

• A Cisco 7513 router running EIGRP reloads with the following message:

"System restarted by error - an arithmetic exception, PC 0x60286234"

The program counter value points to an EIGRP IOS routine. [CSCdj38361]

• Under some circumstances, the router will crash when removing a static IP route. [CSCdj45152]

• Multicast forwarding stops if fast-switching is turned on on an incoming ATM LANE subinterface. A workaround is to disable fast-switching on that interface by issuing the no ip mroute-cache command. [CSCdj45777]

• If the OSPF summary host route is overwritten by a route from another routing process which has lower administrative distance, it is possible that the OSPF summary host route will not be reinstalled after the latter route is removed. In particular, it only happens if the host route address is also the router ID of some ASBR. [CSCdj49161]

• Entering the no ipx routing command then enabling EIGRP can crash the router. This is a regression of CSCdj54141. [CSCdj53541]

• When one of the routers on a broadcast network has been partitioned in which at least one partition has only one router, OSPF will generate a stub advertisement for this network in the isolated router's router LSA. This stub route will overwrite the normal network route calculated using the network LSA, regardless of the path cost.

This problem exists in all releases starting with Release 10.3. This will be fixed in 11.1 and newer releases. [CSCdj53804]

• The Proteon router's internal address is advertised as a host route instead of a network in the router's LSA. A host route is represented as a Type 3 link (Stub Network) whose link ID is the host's IP address and whose link data is the mask of all ones (0xffffffff). This host route is advertised into all OSPF areas. [CSCdj56079]

• If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies such as ARP resolution not working or ARP resolutions taking place but you cannot ping the neighboring device. [CSCdj58194]

• Customer moved the IP multicast tunnels (DVMRP, GRE) from a serial interface to an ATM interface on a Cisco 4700 router. The packets are now process-switched instead of fast-switched, which causes a lot of CPU (IP INPUT).

When the serial interface is used for incoming packets and the ATM interface for outgoing packets, there is no problem. Incoming packets on the ATM interface and outgoing packets on the serial interface also experience this problem.

We used several Cisco IOS releases, with always the same effect. It seems that incoming packets are not fast switched. [CSCdj59076]

• SYS-3-CPUHOG error messages occurred after the software was upgraded from Release 11.0 to Release 11.2(8) or 11.2(9). The error messages may occur because the OSPF database refreshes every 30 minutes. This problem occurs with large IP OSPF networks with multiple areas. There is no known workaround. [CSCdj60461]

• The ARP lookup routine may suspend, causing unexpected behaviors for IP protocols. For example; if the OSPF routing process is traversing a list of neighbors to send LSA packets and the ARP routine is called, the ARP routine suspension could cause a system reset. The problem was resolved in Release 11.2(10a). [CSCdj60533]

• OSPF ABR does not generate a summary for some connected networks. This problem occurs when an unnumbered interface is used with OSPF. A summary for a connected network that is put in the same area as the unnumbered interface might not be generated to other areas.

The workaround is to redistribute the connected network into OSPF to retain connectivity to those networks. [CSCdj60959]

• Dynamic redistribution into EIGRP from another routing protocol fails if the routes being redistributed fall within the same major network as EIGRP. A temporary workaround is to remove the redistribution statement from the EIGRP configuration, then reinsert the redistribution statement. This caveat only affects Releases 11.2(10a), 11.2(10a)BC and 11.2(10a)P. [CSCdj65737]

ISO CLNS

• Under certain circumstances, a Cisco 7505 router running Release 11.1(13a)CA1 reloads if the netID is changed under the IS-IS routing process. [CSCdj49485]

LLC Type 2

• If an RSRB session is disconnected by the local LAN side at exactly the same time as a data message is received from a remote host, a situation can occur which will lead to a crash in llc_get_oqueue_status().

There is no workaround. [CSCdj62026]

Miscellaneous

• Although a router configured for HSRP on LANE replies correctly with the HSRP MAC address in an ARP reply, all packets issued by the router with a virtual IP address use the BIA MAC address as the source address. This makes it difficult for switches to know the forwarding port. [CSCdj28865]

Novell IPX, XNS, and Apollo Domain

• Using any of the xns flooding commands may cause the router to reload and issue alignment, bad pool, or buffer warnings. [CSCdj23479]

• With LAPB/Frame Relay encapsulation, you might see "%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level" messages on the console. It is possible (rarely) that an XNS connected route for this interface doesn't get installed in the route table.

As a workaround, try one of the following:

• Issue the shut and no shut commands on the affected interface.

• Reconfigure the IPX network using the no ipx network command, followed by ipx network. [CSCdj53721]

• There are two problems associated with this caveat:

  • Sometimes a connected network does not appear in the routing table just after reload. Issuing the shut and no shut commands should correct the behavior.

  • If ipx routing is disabled (using the no ipx routing command), you could see something like a steady memory leak, unexpected router behavior, or a router crash. The only known resolution is to power cycle the router every time you issue the no ipx routing command. [CSCdj54141]

• If some interfaces change state when you disable and re-enable IPX/XNS routing, there is a possibility of loosing the IPX/XNS background process.

Symptoms could be loss of network connectivity or a slow memory leak until the router cannot allocate any more memory. You need to reload the router to correct this situation. [CSCdj57257]

Wide-Area Networking

• With a router running NetBIOS Frames Protocol (NBF) over Token Ring, a device connected via async or ISDN with PPP encapsulation appears to connect successfully but is unable to see other NetBIOS devices in a domain. [CSCdi72429]

• VIP requires but does not have a mechanism to determine the health or status of a VIP card. Specifically, there needs to be a way to show tech-support, alignment, and logging information. The show controllers command should be extended to provide this information: show controllers vip x command where x is the VIP slot number and command is either tech-support, alignment, or logging. [CSCdj17006]

• A Cisco router running Release 11.1(6.1) can experience an input queue wedge on the serial interface. The symptoms are dropped packets on the interface. The only way to clear this problem is to reload or power cycle the router. [CSCdj17547]

• A router may stop making Frame Relay SVC calls after a long time. [CSCdj29722]

• When a dialer profile is in standby mode, backing up a serial interface with the backup interface dialer command still allows incoming calls to this profile. Because the profile is in standby mode, this behavior should not be possible. [CSCdj34108]

• Routers configured for Frame Relay switching will lose a frame-relay route command in the running configuration when the corresponding DLCI has been deleted. To restore the original configuration, execute the copy start run or config memory command or reload the router. [CSCdj43340]

• SSCOP sequence number is a 3-byte field. Because the SSCOP code in Cisco IOS Releases 11.0, 11.1, and 11.2 code does not handle the wraparound elegantly, in some conditions when the sequence number wraparound after exceeding the maximum of 16777215, a large number of buffers are queued and eventually cause the memory leak/starvation on the router. [CSCdj45157]

• Direct broadcast with the physical-broadcast destination MAC address is not forwarded to the helper address over ATM/LANE interface. [CSCdj51378]

• A router crashed with a bus error while running the output for show dialer map. [CSCdj52360]

• When a configuration of two systems has Frame Relay LMI timeouts set differently on DTE and DCE systems, the PVCs could remain active but no data is transferred because one system declared the connection inactive while the other system still thought it was active.

The workaround is to set the timeout values the same using the lmi-t392dce parameter. [CSCdj53354]

• If LES/BUS is configured on the Catalyst 5000, pulling down one client in the ELAN can affect other clients. This problem happens very rarely. The workaround is to restart the LES/BUS on the Catalyst 5000. [CSCdj54587]

• When a static map is deleted, calls associated with that map are not disconnected. For point-to-point calls, this does not cause any problems. However, for point-to-multipoint ATM calls, the leaf on the multipoint VC will be left in place. If the map to that same NSAP is replaced, a new call is attempted instead of reusing the existing leaf on the existing VC. The result is that an add-party message is delivered to the remote router and is subsequently rejected. The end result is no broadcast connectivity. The workaround is to clear the existing calls when changing the map configuration with a clear int atm interface command. [CSCdj57309]

• Cisco IOS Releases 11.2(1) through 11.2(10) are technically not in compliance with RFC 1990. The RFC requires that the first multilink fragment that is transmitted after adding a second link to a bundle which previously only had one link must be transmitted over the first link in the bundle. Instead, the first fragment is being transmitted over the newly added link. This can result in the peer receiving packets out of sequence.

There is no known workaround. [CSCdj57498]

• A Cisco 4000 Router reloads when frame-relay traffic-shaping is unconfigured. The only workaround is to destroy the configuration on the router, reload it, and restore the configuration. [CSCdj61097]

• Frame Relay is broken. Most of the protocols on Frame Relay may not work and packets may get dropped or misbehave because parsing of packets is not properly done in some cases. [CSCdj67384]

Caveats for Release 11.2(1) through 11.2(9)

This section describes possibly unexpected behavior by Releases 11.2(9) and 11.2(9)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(9) and 11.2(9)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(9) and 11.2(9)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(10) and 11.2(10)P.

Basic System Services

• In extremely unusual situations the router will display the following error message on a frequent basis:

%SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000

This message may eventually lead to the router hanging. [CSCdi54119]

• A timing conflict between the HTTP server and TACACS+ code can cause the HTTP process to hang when configured to use TACACS+ for authentication. Since the HTTP server uses a tty to handle I/O for the request, these hung processes can tie up all available ttys. [CSCdi84657]

• On Cisco 7000 series routers, in the output of the show interface serial command, the packet input field reports the incorrect number of received packets. The workaround is to enable SSE switching on all MIP interfaces. [CSCdj01844]

• On Single Flash Bank 2500 devices, when the device is running from the image on Flash (RFF), the SNMP operation of copy to Flash using CISCO-FLASH-MIB does not work.

The work around is to use the command line interface command copy tftp flash. This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]

• When custom or priority queuing is turned off on an interface that does not support fair queuing, the queuing data structures associated with the interface are left in an inconsistent state.

In particular, the enqueue and the dequeue routines are not reset and this causes the box to crash when the routines are invoked the next time. Once the box is rebooted the inconsistency is cleared. [CSCdj29439]

• RMON alarms will not work properly on a number of MIBs that use internal MIB caching to speed up MIB object value retrieval. The only possible workaround is to set up an SNMP get poll on these objects to force an update to the MIB cache, with a poll period within the alarmInterval time. The following MIBs have this problem:

APPN-DLUR-MIB
IBM-6611-APPN-MIB
CISCO-CIPCSNA-MIB
CISCO-CIPLAN-MIB
CISCO-CIPTCPIP-MIB
CISCO-SNA-LLC-MIB
SNA-NAU-MIB
CISCO-TN3270SERVER-MIB
OLD-CISCO-IP-MIB
BGP4-MIB
LAN-EMULATION-CLIENT-MIB
RFC1406-MIB
RMON-MIB
IF-MIB
RFC1398-MIB
OLD-CISCO-INTERFACES-MIB
CISCO-PING-MIB
CISCO-QLLC01-MIB [CSCdj34766]

• A memory leak exists in the Flash file system. Using SNMP to poll the ciscoFlashMIB objects, or using the show flash command line interface (CLI) commands can result in non-trivial amounts of memory being allocated and never freed. Repeating these polls or CLI commands will eventually result in the system using up all available memory.

The ciscoFlashMIB can essentially be disabled (SNMP is prevented from polling this MIB) via use of SNMP views. For example, the SNMP configuration snmp-server community public ro can be changed to the following:

snmp-server view no-flash internet included

snmp-server view no-flash ciscoFlashMIB excluded

snmp-server community public view no-flash ro

The result is the SNMP polls using the public community string can access objects in the entire MIB space (internet) except for those objects in the ciscoFlashMIB space.

This will affect any NMS applications that rely on the ciscoFlashMIB objects. [CSCdj35443]

• When issuing the no snmp trap link-status command on an ISDN interface on both the Virtual-Template and the D-channel, the router still sends traps whenever a B-channel changes state. [CSCdj38266]

• After a Cisco AS5200 has been running for 4 to 5 days, it may experience a severe memory leak that requires the router to be rebooted. [CSCdj41164]

• An SNMP Get of an individual instance from the ipNetToMediaTable may fail, even though an SNMP Get-next will successfully retrieve the instance. This is likely to be seen on table entries referring to software interfaces (for example, subinterfaces, loopbacks or tunnels) or hardware interfaces that have been hot-swapped in. There is no known workaround. [CSCdj43639]

• A crash occurred in the Frame Relay packet classifier function called by the WFQ routine. A workaround for this problem is to disable WFQ on the interface with Frame Relay encapsulation. [CSCdj45516]

IBM Connectivity

• When an IBM AS/400 end system is attempting to communicate with an IBM 5494 controller through Cisco 4700 routers, the Token Ring interface on the router uses its Token Ring MAC address as the source address when sending DM command messages to the AS/400. The AS/400 discards these messages because it does not recognize the source address, and it continues to poll the IBM 5494, which causes it to hang. The workaround is to reload the router. [CSCdi87648]

• A small window exists in which it is possible after a transmission group reinitialization that only one CP-CP session is established between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. Once this occurs, the CP-CP contention winner session will only activate if the APPN subsystem is stopped and started.

There is no known workaround. [CSCdj25859]

• An APPN router may display the following "Unanticipated CP_STATUS" message when the contention loser CP-CP session goes down and comes back up without the contention winner session being deactivated:

%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1

%APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN

%APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4

%APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received

Each subsequent broadcast locate received by the router causes the following messages to be displayed and about 1920 bytes of APPN memory to be leaked:

%APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080

%APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0

This problem occurs when two links are active to the same node and the CP-CP sessions are split between these two links and the link with contention loser is stopped.

The APPN subsystem should be stopped and restarted to clear this problem. If the CP-CP sessions are between the router and the host, terminating either CP-CP session on the host will also clear this problem. [CSCdj33718]

• There may be intermittent failures when trying to link to bridges over the DLSw remote peers when running LNM over DLSw. The workaround is to reload the router that is directly attached to the LNM device. [CSCdj34112]

• An APPN DLUR router may reload with SegV exception in ndr_sndtp_encap_mu in a timing window where the DLUR supported device disconnects before a request_actpu is sent to the DLUS for that device. [CSCdj37172]

• A DSPU router with an SDLC attached 3174 leaves a terminal hung after a terminal power-reset. Vtam inact/act of LU fixes. A workaround is to remove the DWSPU and connect the 3174 via DLSw. [CSCdj37185]

• APPN enforces the maximum size of a CV10 (product set identifier) on XID to not exceed 60 bytes. Some products include a CV10 that is larger than the 60 byte value. These products will fail XID negotiation with APPN. [CSCdj40144]

• In the event that APPN/DLUR has processed and sent a bind request to a downstream device, and that device has not responded to the bind, issuing a vary,inact command on the host for the LU name that the bind is destined for will not completely clean up the session as it should. [CSCdj40147]

• When a connection is attempted over a port defined with the len-connection operand, APPN can loose 128 bytes of memory for each connection attempt. [CSCdj40190]

• DLSw FST may corrupt the frame header if the riflen is different on both sides. [CSCdj40582]

• Memory leaks occur when APPN TPsend_search is sending locate search requests to adjacent nodes when a link failure occurs. [CSCdj40915]

• When RSRB with TCP encapsulation is configured and remwait/dead peers exist, an explorer packet may continuously try to open the remwait/dead peer. After several tries, the router may crash with memory corruption.

A workaround is to remove any remwait/dead peer statements. [CSCdj42427]

• A Cisco 3640 router crashes when a UI LLC frame is received on the Token Ring interface. [CSCdj43755]

• An APPN router may crash with a bus error if a race condition is experienced during cleanup processing. The stacktrace shows the crash occurred in Qfind_front while executing a psp00 function. An example stacktrace for this problem is shown below.

System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]

• APPN crashed when it received a CV35 without the Termination Procedure Origin Name (TPON) field. [CSCdj44661]

• Configuration of SRB on a second interface yields the following traceback information from LNM:

%LNMC-3-BADCLSIRET: bogus Invalid ret code (0x7007) init_clsi_op_proc, bogus -Traceback= 60791120 6078FE48 6078FDC4 607890E0 6078ED48 60226648 60226634 [CSCdj45268]

• DLUR bind processing may cause stack corruption, resulting in a reload with PC 0x0. This problem is caused by attempting to parse the user data subfields beyond the location where the subfields exist. The reload will only occur if the byte two bytes beyond the end of the user data area is 0x3 or 0x4. This is a very rare occurrence. [CSCdj45676]

• In large APPN network environments over 200 NNs, numerous broadcast searches could happen during initial start up or intermediate links recovery. The memory usage serge may bring down the entire network. [CSCdj45705]

• The message "%APPN-0-APPNEMERG: Mfreeing bad storage, addr = 60BB7188, header = 60BB6B20, 00000218 -Process= "ndrmain", ipl= 0, pid= 62" may be issued when a DLUR served PU disconnects. [CSCdj46783]

• Router will not pass SRB directed frames if the SRB proxy-explorer feature is configured. SRB proxy-explorer is used with NetBIOS name caching. [CSCdj47797]

• Some 68K-based routers, such as the Cisco 7000, Cisco 4000, and Cisco 2500 routers, may crash while running APPN. This memory corruption may occur after a rare combination of APPN detail displays, followed by a show appn stat display.

[CSCdj47941]

Interfaces and Bridging

• When connecting a Canary Fast Ethernet transceiver to the MII connector on VIP port adapters, reload the microcode so that the port will function properly. [CSCdi64606]

• The auto-enable feature for packet-by-packet Frame Relay compression is removed and this form of compression is allowed to be manually enabled. [CSCdi85183]

• Hardware platforms that use Cirrus Logic serial line controllers may experience the following behavior:

If the system tries to discard output for a line while there is output data in the buffer, the line may become unresponsive to input. This happens most frequently when the user attempts to abort output from a network connection. For example, sending CTL-C on a LAT connection or sending a break character during a PAD connection may cause this symptom.

The affected platforms are: Cisco 2509 through Cisco 2512, Cisco 2520 through Cisco 2523, Cisco AS5200, the NP-2T16S module for the Cisco 4500 and Cisco 4700, and the NM-4A/S, NM-8A/S, NM-16A, and NM-32A modules for the Cisco 3600. [CSCdj02282]

• In certain cases, a router may bring Layer 1 down without an apparent reason. Hereafter, a new TEI is negotiated with the switch. The latter still keeps all call references belonging to the previous TEI, since no DISCONNECT was seen on L3. [CSCdj11840]

• An SNMP agent was returning erroneous values. Under some conditions, the ifInUcastPkts counter was observed returning decreasing values, which is incorrect. [CSCdj23790]

• PPP compression and custom queuing are incompatible features and may cause the router to crash. To work around this problem, turn off all fancy queuing. [CSCdj25503]

• In X.25 packet-by-packet compression, error checking code is fixed after malloc for decompression history buffer. [CSCdj29139]

• The BREAK sequence may not be received properly on platforms that use the Cirrus Logic asynchronous controllers. This includes the Cisco 2509, 2511, AS5100, and AS5200. You may have to send the BREAK sequence multiple times before it is interpreted correctly. [CSCdj32121]

• dot5StatsTable does not return any value in Cisco IOS Release 11.2 software. [CSCdj32372]

• NFS transmission problems and FDDI excessive claims occur after installing Releases 10.3(9) through 10.3(18), 11.1(9) through 11.1(14), or 11.2(1) through 112(9). This problem is specific to the CX-FIP interface board. [CSCdj38715]

• When IRB is configured with a FDDI interface on a Cisco 4000 series router, some packets will not be forwarded through the FDDI interface. [CSCdj40769]

• An NT client/server sending out multiple ARP requests to the BVI interface of the router causes a loss of connection. The workaround is to enable ARP SNAP arp timeout 120. [CSCdj46855]

• The PA-4R may incorrectly adjust the datagram size of an incoming packet to include extra padding at the end of the packet. This problem only occurs under moderate/heavy traffic load where multiple PA-4R interfaces are consuming many particle buffers. The problem also only occurs on packets with a packet length that is a multiple of 512 bytes, 513 bytes, 514 bytes or 515 bytes. On Cisco 7xxx family VIP PA-4R systems any type of packet may be subject to this corruption. On Cisco 720x family systems with PA-4R, only source route bridging packets are subject to this corruption. The only workaround is to reduce the token ring interface's MTU to 508 bytes or less. [CSCdj48183]

IP Routing Protocols

• IP cache is not invalidated for destinations that use the default routes even after the next hop is down. The workaround is to issue the clear ip cache command. [CSCdj26446]

• After the ip default-network statement is issued, the default network route does not get propagated to other routers in the network. There is no known workaround for this problem. [CSCdj28362]

• EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj28874]

• A router crashes after receiving multicast packets with the illegal source address 0.0.0.0. The workaround is to configure the access list to filter out packets with a source IP address of 0.0.0.0. [CSCdj32995]

• User cannot enter the ip accounting command on a Frame Relay subinterface with this Cisco IOS Release on a Cisco 4500 router. [CSCdj33780]

• When the OSPF interface command ip ospf authentication-key key is configured with key length longer than 19 characters, including any trailing space, then the OSPF internal data will be corrupted. The write terminal command could reload the router.

The workaround is not to enter a key longer than 19 characters, either encrypted or not.

The same problem happens with the ip ospf message-digest key-id md5 key command. In this case, the key length should not be longer than 36 characters. [CSCdj37583]

• On a Cisco 4700, RIP cannot handle more than 1800 routes received back to back without inter-frame gap. [CSCdj40042]

• After the aggregate-address summary-only command is configured, issuing the same command without summary-only will not unsuppress the more specifics of the aggregate.

A workaround is to negate the whole aggregate-address command first. [CSCdj42066]

• ICMP unreachables are wrongly sent out for multicast packets. [CSCdj43447]

• During a ping, each packet took more than 2 seconds to output. With ATM static maps, the wait is not necessary for IP over ATM. [CSCdj47856]

• Entering the no ip gdb rip command twice may crash the router. [CSCdj48291]

LAT

• The following message may be erroneously displayed:

%LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet

When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full Ethernet frame, data for that slot is discarded. [CSCdi82343]

Novell IPX, XNS, and Apollo Domain

• Route stuck in "deletion pending" state after an ipx down command. The only workaround is to disable and reenable IPX routing on the router.

This could happen if the commands ipx down and no ipx network are given in the same or reverse order, with very little time in between. [CSCdi91755]

• XNS standard access lists may produce incorrect "permit" results on Cisco 4500 series routers. In one case, this caused an XNS RIP packet to bring up BRI/DDR lines every 30 seconds. If similar false "permit" results happen in forwarding filters, supposedly filtered traffic could be permitted through the router instead of denied. [CSCdj25490]

• XNS routes may get deleted on serial interfaces at boot time. The workaround is to issue the shut and no shut commands on the affected interface. [CSCdj25806]

• IPX does not advertise static/floating static routes if they are created before the interface that the routes connected to is up. The workaround is to issue the shut and no shut commands on the interface that the static/floating static routes are connected to. [CSCdj41584]

• Running IPX EIGRP with a maximum path set greater than one, the router may not remove the SAP after the interface is down if it is learned via more than one path. [CSCdj45364]

• If a route goes away via aging (180 seconds) and the default route is known, a cache entry may be installed for the network using the default route path. If the network comes back within the next 60 seconds, a new cache entry pointing to the now valid path may not be installed and the cache will still point to the default route path for the network. A workaround is to issue the clear ipx route and clear ipx cache commands, or run without using the default route. [CSCdj47705]

TCP/IP Host-Mode Services

• A router may restart with a bus error at address 0xD0D0D5D in module tcpdriver_del. [CSCdj26703]

VINES

• A router may unexpectedly reload when VINES SRTP routing is configured. The workaround is to remove the vines srtp-enabled command. [CSCdj37888]

Wide-Area Networking

• On a 7000 router, the following console messages may be logged:

%AIP-3-AIPREJCMD: Interface ATM3/0, AIP driver rejected Teardown VC command (error code 0x8000)

Such an error is associated to the AIP not being able to receive packets. It is reproducible only if there are long periods (minutes) where no traffic crosses the ATM interface.

The workaround is to reload the box or to perform a microcode reload. This does not occur on the Cisco 7500 family (including the RSP7000). [CSCdj20667]

• Under certain conditions, the router may reload during an ISDN call setup with the SPC bit set. This problem only occurs with 1TR6 ISDN switch types. [CSCdj20841]

• While using Distributed Fast Switching, buffer headers can be stranded in the outgoing VIPs transmit queue when that interface has been taken down. This is more likely to occur when a faster interface is switching to a slower one.

Ignores and drops may increase on the input interface as it fails to obtain a needed buffer header to switch the packet. The rxcurr on the input interface will also remain above rxlow even when traffic is not arriving on the interface.

The VIP will now continue to drain the transmit queue of the interface even when it is administratively down. This will allow the buffer headers to be returned to the originating local free queue.

This may cause the number of drops on outbound interface to jump up when the interface is taken down. However, this behavior is normal as the downed interface will drop any packets sent to it when it is not up. [CSCdj21693]

• The Frame Relay LMI Enquiry and Status messages stop being exchanged after a short time of successful communication. The statistics incorrectly report timeouts and message activity. There is no workaround. [CSCdj31567]

• A user has an AS5200 running Cisco IOS 11.2(5)P (Enterprise Plus Feature Set). A LINE FEED (

• If a BRI port attached to an NI-1 ISDN switch using two SPIDs gets a Layer 1 deactivation and reactivation (typically due to adverse line conditions or temporary disconnection of the cable), that port may not be able to reestablish Layer 2 connectivity on the second TEI and, therefore, not be able to use the second B channel. Issuing the show isdn status command will report TEI_ASSIGNED on one of the TEIs instead of MULTIPLE_FRAME_ESTABLISHED on both. A workaround is to have your service provider configure a single SPID that can control two B channels. [CSCdj41311]

• Using NetBIOS over PPP may result in traceback messages complaining about invalid memory action at interrupt with traceback information appended:

%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level

[CSCdj42341]

• This patch prevents the use of an invalid pak-info_start pointer when doing payload compression on RSP platforms, thus avoiding a crash. [CSCdj43332]

• When a PPP connection is disconnected due to a keepalive timeout (for example when the other end of the link is reset), the PPP internal state will be left in a confused state and unable to negotiate with the peer. This will manifest itself as an interface where LCP is Open and IPCP and other NCPs are Closed.

This defect can be cleared by entering the shut command followed by the no shut command on the interface in question. The defect was discovered in 11.2(8.1) and 11.2(8.1)P. [CSCdj44339]

• A remote DLSw peering router may send a DM response just after the LLC2 connection is established if the router is very busy and the PC station responds immediately to the UA with a RR. The client will need to reestablish the connection. [CSCdj47782]

• A boot image without a subsystem containing IPCP will restart the router. There is no workaround. [CSCdj48085]

• When using the frame-relay map class or frame-relay traffic-rate commands, and when the rate is being reduced in response to BECN, the default lower limit is zero, while the expected default is CIR/2.

The workaround for this behavior is to define the rate using the CIR/BC/BE parameters. [CSCdj49145]

• The router may unexpectedly restart when configuring an X.25 PVC that is locally switched. [CSCdj49828]

• The show x25 vc command will cause the router to unexpectedly restart if there is a combination of locally switched virtual circuits and other virtual circuits. [CSCdj50405]

Caveats for Release 11.2(1) through 11.2(8)

This section describes possibly unexpected behavior by Releases 11.2(8) and 11.2(8)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(8) and 11.2(8)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(8) and 11.2(8)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(9) and 11.2(9)P.

Access Server

• A reload might occur if the command show modem slot/modem-port is issued when the associated modem is in the autoconfigure mode. Autoconfigure mode is normally a short interval during which the modem is reset and reinitialized by the modem autoconfigure command. [CSCdj17224]

AppleTalk

• ATCP may cause AppleTalk to trash memory and reload the router. There is no workaround. [CSCdj23355]

Basic System Services

• Connected routes stay in the routing table when a card is disabled and in an analyzed wedged state. There is no workaround. [CSCdj08355]

• The error "System restarted by bus error at invalid address" is caused by intermittent Telnet sessions on a Cisco AS500 platform running Cisco IOS Release 11.1(10)AA.

This problem occurs because of a race condition when doing DNS name query, and DNS name cache is removed in the middle of the process.

There is no workaround on the router side. On the DNS server side, configuring DNS TTL to be one minute or longer may work around this problem. However, this workaround may not be acceptable for some applications. [CSCdj16824]

• This bug may be user specific; the following error message occurs when a user's script executes the show start command:

% Non-volatile configuration memory has not been set up

The user's script is used to change passwords. Current testing indicates that it may be a software checksum error. [CSCdj18107]

• During a boot Flash format, systems with earlier release images will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).

To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20681]

• After extended use, a Cisco AS5200 may begin to report MALLOC failures. The output of the show memory command indicates a possible leak of ppp authentication buffers. [CSCdj22107]

• On RSP-based platforms, the following error may occur, indicating a problem with a hardware enqueue:

%RSP-2-QAERROR: reused or zero link error, write at addr 00C0 (QA) log 2600C040, data 00070000 00000000

This message may be followed by the following error and a crash:

Unexpected exception, CPU signal 10, PC = 0x601C4658

This message is caused by a memory access problem in the diagnostic code handling the original QA error. [CSCdj29751]

• The object cmInitialLineConnections in the CISCO-MODEM-MGMT-MIB is supposed to return only non-zero values. The current implementation returns all counter values, including zeroes. This problem is not too serious if only single-valued SNMP retrievals (getone...) of cmInitialLineConnections are performed. In actuality, SNMP retrievals of multiple values (getmany...) are often used. The problem is much more pronounced in the second case. On an AS5200, there are 48 modems and 31 possible modulation speeds. A single issue of the getmany command on cmInitialLineConnections will result in roughly 1500 values being returned, most of which are zeroes and will be ignored. This is inefficient and causes a lot of unnecessary traffic on the network.

There is no workaround for this caveat. [CSCdj30171]

• A memory leak exists in the Flash filesystem. Using SNMP to poll the ciscoFlashMIB objects, or using the show flash command line interface (CLI) commands can result in non-trivial amounts of memory being allocated and never freed. Repeating these polls or CLI commands will eventually result in the system using up all available memory.

The ciscoFlashMIB can essentially be disabled (SNMP is prevented from polling this MIB) via use of SNMP views. For example, the SNMP configuration snmp-server community public ro can be changed to the following:

snmp-server view no-flash internet included

snmp-server view no-flash ciscoFlashMIB excluded

snmp-server community public view no-flash ro

The result is the SNMP polls using the public community string can access objects in the entire MIB space (internet) except for those objects in the ciscoFlashMIB space.

This will affect any NMS applications that rely on the ciscoFlashMIB objects. [CSCdj35443]

• When inbound PAP authentication is configured to use TACACS+ with a down-rev daemon (for example, Freeware 2.1) the system will leak one TACACS+ packet for every PAP authentication it performs.

Upgrading to a daemon that understands the latest version of the TACACS+ protocol (version 193) is an effective workaround. [CSCdj36449]

DECnet

Enabling DECnet fast switching on inter-area routers will cause DECnet routing to fail. A possible workaround is to disable DECnet fast switching on the Ethernet interface. [CSCdj15855]

EXEC and Configuration Parser

• Entering the privilege route-map level x set as-path prepend x command in configure mode may cause the router to reload, even though the number after prepend is not necessary. The workaround is to not enter a number after prepend. [CSCdj37035]

IBM Connectivity

• QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]

• A memory corruption causes the router to crash when a NetBIOS datagram explorer is received by a Cisco 7200 router. This problem can occur for any non-explorer frame also. There is no workaround for this problem. [CSCdj04944]

• Issuing the show lnm station command may cause the routers to reload, especially when the stations are getting in and out of the ring. [CSCdj09905]

• Attachmate Advanced Function SDLC adapter is limited to 19.2 kbps on a Cisco 3600 asynchronous/synchronous port. Setting the clock rate above 19.2 kbps will eventually cause an abort in an I-Frame which inactivates the PU. The router SNRMs the device, but it does not respond to the UA from the Attachmate SDLC adapter. Issuing the clear interface command or the shut and no shut commands will restart the device.

Issue a show controller serial command, then look for the "residual indication count." If the counter is at "0," then this caveat is not the problem. If it is a non-zero value, then this caveat may be the problem. [CSCdj17394]

• When SRB and transparent bridging are both configured on two interfaces, Sr frames with an Ethernet type of 0x600 or 0x800 will not be forwarded and do not show up as source errors. This problem first appeared in Cisco IOS Release 11.1(12). [CSCdj18483]

• Continuously issuing the appn ping command causes the router to hang indefinitely. [CSCdj19525]

• The router may reload unexpectedly with a stack trace pointing to llc2_timer. [CSCdj21370]

• On a Cisco 7200 router, duplicate ring entries may be seen in the RIF cache and when using the debug source bridge command. The duplicate ring entries lead to connectivity problems for end systems. [CSCdj21876]

• When RSRB with TCP encapsulation is configured and there are dead peers, an explorer packet may continuously try to open the dead peer. After several tries, the router may crash with memory corruption. The workaround is to remove any dead peer statements. [CSCdj24658]

• When promiscuous or peer-on-demand peers are used and there are more than 100 circuits connected, a memory corruption crash may result when the promiscuous or peer-on-demand peers disconnect. The corruption occurs when circuit cleanup is delayed due to end station delay, LAN network delay, or high router CPU usage. [CSCdj26284]

An APPN image may restart because of a CPU HOG problem when processing a link failure event by the Directory Service APPN process (xxxdns00). This may occur when a lot of locate requests are pending. There is no known workaround. The router is forced to restart by the system watchdog process (software-forced reload event). [CSCdj26423]

• DLSw local-switching from VDLC to LLC media does not work correctly. [CSCdj28900]

• The timer that controls the daily cleanup of APPN topology and the 5-day rebroadcast of topology resources owned by this APPN node can fail after 45 days. At this time, other nodes where the timer is still functioning properly may age out the topology of the node with the failed timer after 15 days. Thus, after a total of 60 days, APPN routing failures and failed CP-CP sessions may result between APPN network nodes.

Because other network events (link outages, and so forth) can trigger a node to send a TDU, this problem will not necessarily appear exactly after a 60-day uptime--it may occur much later or not at all. However, any APPN router running in the network for over 60 days is at risk for seeing this problem.

Stopping and restarting APPN will work around this problem until the next timer wrap, which can be up to 45 days, but may be less depending on the current value of the timer. Reloading the router will reset the timer and avoid the problem for an additional 60 days. [CSCdj29014]

• A router configured for RSRB may crash with a watchdog timeout during low memory conditions and/or continual peer state changes. [CSCdj30381]

• A DLUR router may reject unbind requests from the host if it has not received a bind response from the downstream LU.

If the downstream device never responds to the outstanding bind, the DLUR router will wait indefinitely and not free the local-form session ID (lfsid). This may cause a situation in which the host tries to reuse a lfsid after it has sent an unbind request, but the DLUR rejects the new bind request because it believes that this lfsid is in use. If the host continuously tries to use this lfsid that the DLUR believes is in use, then no new sessions can be established. This problem occurs only when the downstream device does not respond to a bind request. [CSCdj30386]

• Sometimes the linkstations may get stuck in a XIDSENT state when an APPN linkstation fails and recovery is attempted.

Caveat CSCdi77040 provides a fix for this problem in the system side. This caveat provides the corresponding fix for APPN. [CSCdj30552]

• DLSw is running between an IBM 6611 and a Cisco 4500 router running Cisco IOS Release 11.0(16). On the IBM 6611 side, the network is Token Ring. On the Cisco 4500 side, there is an Ethernet segment. SNA is working correctly, but some NetBIOS sessions do not connect. [CSCdj31233]

• When using APPN/DLUR with the prefer-active-dlus configuration command specified on the APPN control point, DLUR may not properly connect to a backup DLUS in cases where the primary DLUS is available in the network but has the served PUs varied inactive. [CSCdj31261]

• When using the len-connection configuration command on the APPN port and there are at least 30 XID3 devices connecting in through that port, a rare sequence of events of devices connecting and reconnecting can cause a reload. [CSCdj31264]

• Any device connecting to APPN/DLUR that does not carry a cv0E with a CPname specified on XID (any PU2.0 and some older PU2.1 implementations) causes APPN to fail to release 536 bytes of memory each time the device disconnects and reconnects. Any device connecting on a port with LEN-connection defined also exhibits this behavior.

When memory is exhausted, the APPN subsystem may stop or the router may reload. [CSCdj33429]

• An APPN router may display the following "Unanticipated CP_STATUS" message when the contention loser CP-CP session goes down and comes back up without the contention winner session being deactivated:

%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1

%APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN

%APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4

%APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received

Each subsequent broadcast locate received by the router causes the following messages to be displayed and about 1920 bytes of APPN memory to be leaked:

%APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080

%APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0

This problem occurs when two links are active to the same node and the CP-CP sessions are split between these two links and the link with contention loser is stopped.

The APPN subsystem should be stopped and restarted to clear this problem. If the CP-CP sessions are between the router and the host, terminating either CP-CP session on the host will also clear this problem. [CSCdj33718]

• When an LLC2 connection is configured to work over ATM LANE for DLSw, the connection succeeds until a retransmission is required, at which time it fails. [CSCdj34873]

• A user is unable to enter an XID option on an interface configured for QLLC and DLSw. [CSCdj35448]

• If the DLUR router received fixed session-level pacing values on the primary stage, it may modify these pacing values before forwarding the bind to the secondary stage. [CSCdj36195]

• The router may reload when reverse-QLLC connections disconnect using QLLC/DLSw+. [CSCdj36613]

• A problem occurs when an LU node specific node attempts to start a session with a set of invalid bind parameters. This results in a locate-find (with the bind in the CDINIT) being sent through the Cisco APPN network to the end VTAM CP. The end VTAM CP rejects the locate-find with a 0835003A sense and sends this back with a control vector CV35 of minimum length of 8 bytes to the originator via the Cisco APPN NN. The APPN NN then rejects the frame with a 08953500 sense and drops the CP-CP session between the Cisco router and VTAM CPs. [CSCdj37479]

Interfaces and Bridging

• A Cisco 4700 router crashed in ip_input because of a bad packet on the IP input queue. [CSCdi46479]

• Issuing the no channel-group command on a MultiChannel Interface Processor (MIP) causes the router to reload if OSPF is configured. [CSCdi79844]

• On Cisco 2500 series routers, the Token Ring interfaces run FastMac Plus microcode version 1.28, even though the latest microcode version available is 1.61. [CSCdi93243]

• Bridging from a serial interface to a Fast Ethernet interface with ISL encapsulation fails because the serial input queue is not cleaned up. [CSCdj01443]

• When bridging IP and routing AppleTalk, assigning the bridge-group to the LEX interface causes AARP entries to disappear and become no longer resolved. [CSCdj22825]

• When PIM is configured on a Fast Ethernet PA on a Cisco 7200, the interface enters promiscuous mode and receives all packets on the LAN, possibly interrupting unicast traffic between other stations on the LAN. [CSCdj28007]

• In X.25 packet by packet compression, error checking code is fixed after malloc for decompression history buffer. [CSCdj29139]

• On an experimental image corresponding to Release 11.1(12.5)CA, when using a point-to-point subinterface on the ATM interface of the CES card of the 7200, the IP connectivity will break if transparent bridging is configured on the subinterface via the bridge-group command. IP connectivity can be restored by unconfiguring transparent bridging.

The workaround is to do RFC1483 over a PVC using a multipoint subinterface with a map-list defined. Using the map-group command on a multipoint subinterface does not exhibit breakage.

To determine if you have this bug, enter the show arp command. If there is an entry for the other end of the PVC showing "incomplete" for the MAC address, then you are affected by this caveat. [CSCdj34217]

IP Routing Protocols

• Under unusual circumstances, EIGRP may reinitialize multiple peers when a stuck-in-active condition occurs, instead of just the peer through which the route was stuck. [CSCdi83660]

• Under certain circumstances, if the Cisco router received a route with a lower rip2 metric, the router may go to hold down with infinite metric. [CSCdj15295]

• Under certain circumstances, a Cisco router will interpret an IP packet that was broadcasted at the link-layer as an IP directed broadcast. Once the router determines that the original packet was a directed broadcast, it forwards the packet to any other interfaces that belong to the directed broadcast address because Cisco routers forward directed broadcasts by default.

Though the destination IP address of the original packet appears to be that of a directed broadcast, the router should not forward the packet since it is actually a link-layer broadcast. [CSCdj16052]

• A router may crash after the fifth EIGRP process is configured. CSCdi36031 is a related caveat. [CSCdj17508]

• IP cache is not invalidated for destinations that use the default routes even after the next hop is down. The workaround is to issue the clear ip cache command. [CSCdj26446]

• Major net summarization is incorrectly done if there are two equal cost direct connect interfaces. To work around this problem, issue the clear ip route * command. [CSCdj30971]

• Dense mode interfaces are not always populated in the outgoing interfaces of a multicast route. This problem was introduced by CSCdi25373. [CSCdj32187]

• When doing a trace route from a router to a broadcast network address, NO ICMP TTL Exceeded is sent back by the next hop Cisco router. [CSCdj33761]

• An old incoming interface is not populated in the OIF during RPF transitions. [CSCdj34457]

ISO CLNS

• CLNS fast switching is not working between PVCs defined on ATM subinterfaces. [CSCdj23817]

LAT

• When performing protocol translation from X.25 to LAT, spurious memory accesses may be seen in console messages as well as in the output from the show alignment EXEC command. [CSCdj18470]

Novell IPX, XNS, and Apollo Domain

• When upgrading from Cisco IOS Release 10.3(7) on a Cisco 4700 router, an IPX EIGRP memory leak may occur when introducing Frame Relay on subinterfaces. The IPX EIGRP is increasing in the same quantity as the free memory is decreasing. [CSCdi62135]

• IPX fast switching might fail over a PRI interface, resulting in IPX client connections not being established over the PRI even though the IPX servers are visible. The workaround is to configure no ipx route-cache on the PRI interface. [CSCdj29133]

• XNS does not learn the new non-canonical format of Token Ring MAC addresses. It retains the old canonical format address for its node address. This would cause routing failure. The workaround is to disable and reenable XNS network on all the Token Ring interfaces. This affects only RSP platforms and when you upgrade an XNS-configured router from a version that has the bug CSCdi48110 to a version that has this bug fixed. [CSCdj29916]

• The ipx nlsp command tag option is not being displayed as an option, making routing between NLSP areas impossible. [CSCdj33746]

TCP/IP Host-Mode Services

• An interface may become wedged with input queue 76/75. This is caused by both syslog and SNMP traps.

The workaround is to disable both syslog and SNMP traps. The commands to do this are no snmp-server host ip-address and no logging ip-address. [CSCdj27567]

• New TCP connections may become stuck in SYNSENT state when router is low on memory. [CSCdj30008]

TN3270

• International (8-bit) characters will not echo when using TN3270. [CSCdj22231]

VINES

• Issuing the write memory command may cause the system to reload while writing the VINES access list to memory. Issuing the write terminal or show vines access commands may also halt the system. The workaround is to delete the configuration file and reconfigure the system. [CSCdi49737]

Wide-Area Networking

• CMNS connections may suffer spurious X.25 resets under traffic load. [CSCdi40875]

• There is a problem that only affects the PPP reliable protocol. No other protocols are affected, such as HDLC. [CSCdi70242]

• A BRI interface with Frame Relay encapsulation configured does not behave correctly. A call stays up for a few seconds, LMI messages are exchanged, and as soon as the DLCI goes from INACTIVE to DELETED, the BRI is physically reset. Therefore, it is impossible to use Frame Relay over ISDN. [CSCdj09661]

• When a router receives a valid Frame Relay Setup message while the local SVC's map-class is not yet properly configured, the router crashes. The crash point and the stack trace may be like one of the following:

Current PC: 0x90F61C[bcopy(0x90f56c)+0xb0] FP: 0xCC65C4[_etext(0x96f3ec)+0x3571d8] RA: 0x5E1EF2[_fr_svc_send_msg_to_nli(0x5e1eca)+0x28] FP: 0xCC65E8[_etext(0x96f3ec)+0x3571fc] RA: 0x5DD98C[_FRU0_Setup(0x5dd8e2)+0xaa] FP: 0xCC6620[_etext(0x96f3ec)+0x357234] RA: 0x5DD894[_svc_process_l3_event(0x5dd786)+0x10e] FP: 0xCC6664[_etext(0x96f3ec)+0x357278] RA: 0x5DA17A[_l3_ie_parse(0x5d9d32)+0x448] FP: 0xCC66A4[_etext(0x96f3ec)+0x3572b8] RA: 0x5D9B84[_l3_ie_parse_process(0x5d9b14)+0x70] FP: 0xCC66C0[_etext(0x96f3ec)+0x3572d4] RA: 0x1CC372[_process_hari_kari(0x1cc372)+0x0]

Current PC: 0x5E1D8E[_fr_svc_call_id_to_nli(0x5e1cf0)+0x9e] FP: 0xCC5CCC[_etext(0x970900)+0x3553cc] RA: 0x5E2176[_fr_svc_send_msg_to_nli(0x5e214e)+0x28] FP: 0xCC5CF0[_etext(0x970900)+0x3553f0] RA: 0x5DDC10[_FRU0_Setup(0x5ddb66)+0xaa] FP: 0xCC5D28[_etext(0x970900)+0x355428] RA: 0x5DDB18[_svc_process_l3_event(0x5dda0a)+0x10e] FP: 0xCC5D6C[_etext(0x970900)+0x35546c] RA: 0x5DA3FE[_l3_ie_parse(0x5d9fb6)+0x448] FP: 0xCC5DAC[_etext(0x970900)+0x3554ac] RA: 0x5D9E08[_l3_ie_parse_process(0x5d9d98)+0x70] FP: 0xCC5DC8[_etext(0x970900)+0x3554c8] RA: 0x1CC3BA[_process_hari_kari(0x1cc3ba)+0x0] [CSCdj13019]

• Packets that are exactly the size of the MAC encapsulation size are not bridged. This means that TEST and XID frames will not be bridged. Instead, they are passed up to the process level, which responds to them. [CSCdj14748]

• The MAC address of an ATM interface in a router, instead of the actual MAC address of an end station connected to a LANE client, is entered in the ARP cache. This problem occurs after several hours. A temporary workaround is to clear the ARP cache of the router.

Other workarounds include removing bridging from LANE subinterfaces, disabling proxy ARP or correctly configuring the subnet mask of end stations in a LANE environment. [CSCdj19293]

• The output of the show dialer command shows that the "dialer state is call pending" and the dialer could not be used after it received a call from the destination. This caveat may be related to CSCdi80876. [CSCdj19790]

Upon bootup, OIR, microcode reload, and cbus complex restarts, the router shows CCBTIMEOUT error messages on VIPs that result in a disabled wedged status. This problem occurs with bad PAs and PAs in a "not-ready" state. The cause of the problem is when PCI access is tried and the PA does not respond, thus resulting in CCBTIMEOUTS. [CSCdj21639]

• When per VC custom or priority queuing is configured prior to the initialization of the VC, the functionality is not correctly initialized and is not activated. [CSCdj28240]

• Use of IPX with very large packet sizes may result in a memory leak when transmitting packets via PPP multilink. [CSCdj29387]

• ATCP negotiation fails when an ARAP 3.0f1c4 client attempts to connect to a Cisco access server. This was found during Beta testing of the ARAP 3.0 software. The actual ARAP protocol works fine; it is only ATCP that is failing. [CSCdj31323]

Caveats for Release 11.2(1) through 11.2(7)

This section describes possibly unexpected behavior by Releases 11.2(7) and 11.2(7)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(7) and 11.2(7)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(7) and 11.2(7)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(8) and 11.2(8)P.

Access Server

• A bus error may occur when the asynchronous interfaces on an AS5200 are not configured and there is asynchronous call activity on the unit. [CSCdj14683]

• An AS5200 may sometimes crash with the following stack trace:

0x221FF150:_mai_handle_b2b_connect(0x2202ea38+0x1d069c)+0x7c 0x221FC394:_mai_execute_proc(0x2202ea38+0x1cd908)+0x54 0x221FC492:_mai_queue_handler(0x2202ea38+0x1cda2c)+0x2e 0x221FC530:_mai_maintn_process(0x2202ea38+0x1cda72)+0x86

[CSCdj20121]

AppleTalk

• ATCP and ARAP code will not work with all-router node addresses. NBP lookup to ATCP/ARAP clients may fail. There is no workaround. [CSCdj02390]

• A router may prevent Macintoshes from coming up because of duplicate provisional addresses. A workaround is to issue the clear appletalk arp command. [CSCdj16510]

• A special character in an AppleTalk zone name does not work correctly when using the appletalk static command. If the special character is between :80 and :ff, it will be changed in running-config. This change only occurs when using the appletalk static command. [CSCdj25241]

Basic System Services

• When using AAA, it is not possible to duplicate the precise sequence of prompts that dialup users have become accustomed to from using XTACACS. This makes moving from XTACACS to AAA problematic for users who do not wish to rewrite their dial-in scripts. [CSCdi42842]

• This bug is seen only for asynchronous interfaces and may be caused by the following situations:

1. The configuration is read after a reload.

2. Asynchronous interfaces are configured via Group-Async commands but the snmp-server command is not yet running.

To work around this problem, do one of the following:

• For scenario 1 above, reread the configuration, or go to the Group-Async interface command line and configure the no snmp trap link-status command again.

• For scenario 2, start the snmp-server command before configuring the no snmp trap link-status command. [CSCdj13769]

• Configuring net/ov on a router that has the tftp-server flash slot0:xxx alias xxxx command configured resulted in a timeout. [CSCdj15425]

• If the write memory command is issued at the same time as the show config command is issued, the router may crash. This problem appears to be the same as caveat CSCdi51059. [CSCdj16985]

• Distributed access lists with a large number of statements may not behave properly when the RSP reloads. A workaround is to execute the microcode reload command. [CSCdj17068]

• Too many accounting records are sent for a Multichassis Multilink PPP connection. [CSCdj17870]

• Control characters in chat-script commands that are specified using backslash-octal representation are not accepted and stored properly. [CSCdj18869]

• An ARAP session attempt causes NAS to reload when running AAA accounting with ARAP. [CSCdj21751]

• An AS5200 may reload if Van-Jacobsen TCP/IP header compression is enabled on the asynchronous interfaces. As a temporary workaround, remove the configuration line ip tcp header-compression. [CSCdj22168]

EXEC and Configuration Parser

• The autohangup command does not work if the user uses the rlogin command. Instead of being disconnected at the end of the rlogin session, the user will be presented back with the prompt (or the menu if you are using one).

A workaround is to use the telnet command in the menu, specifying the rlogin port value (513), which will cause rlogin to be invoked; for example, menu test command 1 telnet myhost 513.

[CSCdj16600]

• A change to introduce a locking mechanism in the parser is preventing the virtual template interface configuration from being applied when the system is loading. This results in the incorrect application of commands to any virtual access interface which is cloned from the template.

The workaround is to enter the configuration manually after the system has booted. [CSCdj24440]

• When certain configuration commands are entered, the configuration is locked and the commands cannot be executed. When this happens, the following message appears: "The configuration has been locked for more than 10 seconds. Please try again in a few moments". [CSCdj24585]

IBM Connectivity

• When an LNM queries the router with a report station address, the router answers correctly with a report station address. However, 0.001 seconds later, the router sends a second report station address to the LNM with all zeros in the frame. This causes the LNM to work incorrectly. [CSCdj04559]

• A system was restarted by the error "Software forced crash." The stack trace points to the LAN Manager process.

The current workaround is to disable LNM. [CSCdj11711]

• Any existing sessions or circuits over the backup peer will be brought down immediately after the primary peer is up. This problem occurs even though the backup peer linger timer has been configured for a higher value. [CSCdj13159]

• Source-routed frames with a destination address of FFFF.FFFF.FFFF will not be forwarded between Token Rings when SRB is configured on the router. Source-routed frames with destination addresses other than an all Fs broadcast address will be forwarded.

In some application environments, certain 3270 emulators will not direct a test poll to a specific media access control address and will use an all Fs address to create the frame. It is this all Fs frame in an SRB configuration that will not be forwarded by the router. This configuration impacts workstations that are attempting to connect to host devices. The broadcast frame will never leave the local ring.

Most emulators will use the destination media access control address of the host device to create a frame containing the test poll. With some proprietary implementations, the MAC address of the host device does not have to be known by the end device. [CSCdj13563]

• DLSw searching remote and local behavior was observed in Cisco IOS Release 11.1(11). A workaround is to not allow CUR frames to go from the hub router to the peered (remote) router. [CSCdj16711]

• When running Cisco IOS Release 11.1(11) with BSTUN configured, the router may reload under certain conditions. This problem may be minimized by configuring HOSTTIMEOUT to a large value. However, this will have a significant impact in detecting device outages. [CSCdj16888]

• Cisco DLSw appears to shift the lf bits in the SSP header when peering to other vendors DLSw implementations. This may cause circuits to connect using a (smaller) non-optimal largest frame size or may cause circuits not to be able to connect at all. [CSCdj17372]

• Cisco 2522 routers running Cisco IOS Release 11.0(11) may have problems with the SDLC state machine. When a large amount of data is input into the router from a PU (for example, during a file transfer), the router may poll the next PU without receiving a poll final in a frame and without T1 expiring. The router may also expect data from the PU, even though it did not poll the PU.

A workaround is to ensure there are no unnecessary PUs configured on a line that is continually sending SNRMs. [CSCdj17630]

• Buffers classified as linktype IBMNM may leak in the LNM process. A workaround is to disable the LNM process. [CSCdj20441]

• The router is unable to link with LAN Network Manager. [CSCdj20748]

• When a directory cache entry exists for a resource and a broadcast search arrives for that same resource name, the intermediate node broadcast processing will delete the valid cache entry that existed previously. This defect will cause excessive locate broadcast traffic. [CSCdj21343]

• If APPN directory services receive a search flow that contains a CV35 (extended sense data CV), which has data beyond the point that Cisco APPN recognizes it, Cisco APPN will reject the located flow in error. [CSCdj21690]

• Using the dlsw ring-list or dlsw port-list configuration commands can cause a SegV exception when executing the show dlsw reachability command. [CSCdj21894]

• A DLSw+ crash will happen when the following occurs:

DLSw+ router A is connected to peer router C and is also peered to router B but is not yet connected to peer router B. Peer C can reach a specific resource (MAC address or NetBIOS name). Peer A can reach the same resource through a local interface. Therefore, at this point peer A can reach the resource both local and remote via peer C.

Now, Peer B has dlsw icanreach mac/netbios-name configured. When peer A connects to peer B, peer A will crash when trying to delete the dynamic reachability for the resource and replace it with the reachability learned through capabilities exchange with peer B. [CSCdj22327]

• The DLUR router may get into a tight loop, in which it continuously retries to start the DLUR/DLUS pipe to the same DLUS without waiting the specified retry time. This problem could cause the router to crash or continuously display pipe retry messages without waiting the specified retry time. It may also result in high CPU usage. [CSCdj22330]

• When establishing a DLSw session, the circuit priority field in the SSP header of the CUR_cs, ICR_cs, and/or REACH_ACK SSP frames may be set to a reserved value (5, 6, or 7). While this value will not cause problems when sent to a Cisco router peer, it may cause interoperability problems when peering to another vendor's equipment. This problem may manifest itself as an inability to start the circuit. [CSCdj22482]

• When the first attempt to link a Cisco router with the LAN Network Manager fails, it is not possible to link this bridge again because of a hanging LLC2 session in status ADM. To clear this session, reload the router. [CSCdj23142]

• With APPN/DLUR, caveat CSCdj18360 caused a regression in APPN images, which creates thrashing topology updates (topology war) for any topology with more than one CP-CP session. Cisco recommends that an image containing CSCdj18360 should not be used in an APPN network without also having this fix applied. All APPN images containing CSCdj18360 and not this fix have been deferred as production images. [CSCdj23165]

• Two TRLANE clients configured with the same MAC address can join the same emulated Token Ring LAN. [CSCdj23781]

• Under certain circumstances, the router will fail to create a dynamic link station. The workaround is to restart APPN on the router. This is caused by a small buffer leak that occurs for each actpu processed by DLUR. After some time, enough buffers may be lost as to cause session failures and dynamic link station failures due to insufficient buffers. [CSCdj23782]

• OSPF, EIGRP, and other protocols may not work over FDDI. [CSCdj23804]

• Len-connection mode of operation on an APPN port is designed to allow len-level connectivity between a DLUR and its downstream devices. Independent session activation (LU6.2) through ports with len-connection fails with the message "no route for session." This problem does not affect dependent session activation (LU 0, 1, 2 etc.). [CSCdj24777]

• During certain race conditions, an APPN router may crash with a stacktrace showing psbmfrm. [CSCdj25484]

• An APPN router may crash with the following stack trace:

606CD174[Qfind_front+0x24] 606C7D80[timer_process+0x300] 606C8070[csweotsk+0x1d0]

A router may hit this problem after displaying several messages when the output buffer was full. If the crash was related to displaying "incomplete definition in configuration" warnings, the workaround is too remove these incomplete definitions. [CSCdj26701]

Interfaces and Bridging

• In some cases, a Cisco 4000 router running Token Ring NIM and an xx-p-mz image may display the "%SYS-3-SUPNONE: Registry 6 doesn't exist" error message repeatedly on the console after bootup. [CSCdi70834]

• On Cisco 7500 RSP platforms, FSIP serial interfaces may display the following panic messages on the RSP console:

%RSP-3-IP_PANIC: Panic: Serial12/2 800003E8 00000120 0000800D 0000534C

%DBUS-3-CXBUSERR: Slot 12, CBus Error

%RSP-3-RESTART: cbus complex

If the string "0000800D" is included in the panic message, the problem is related to this bug. The workaround is to load a new image that contains the fix for this bug. [CSCdi78086]

• A Cisco 7500 series router may report spurious errors such as the following:

*Dec 20 06:53:08: %RSP-3-ERROR: CyBus0 error 78 
*Dec 20 06:53:08: %RSP-3-ERROR: invalid page map register 
*Dec 20 06:53:08: %RSP-3-ERROR: command/address mismatch 
*Dec 20 06:53:08: %RSP-3-ERROR: invalid command 
*Dec 20 06:53:08: %RSP-3-ERROR: address parity error 
*Dec 20 06:53:08: %RSP-3-ERROR: address parity error 23:16 1, 15:8 1, 7:0 1 
*Dec 20 06:53:08: %RSP-3-ERROR: bus command invalid (0xF) 
*Dec 20 06:53:08: %RSP-3-ERROR: address offset (bits 3:1) 14 
*Dec 20 06:53:08: %RSP-3-ERROR: virtual address (bits 23:17) FE0000 
*Dec 20 06:53:09: %RSP-3-RESTART: cbus complex 

or

09:53:32.607 EST: %RSP-3-ERROR: MD error 0080008030003000 
09:53:32.607 EST: %RSP-3-ERROR: SRAM parity error (bytes 0:7) 0F 
09:53:33.363 EST: %RSP-3-RESTART: cbus complex 

CyBus errors similar to the above errors have two known causes. If there are HIPs in the router and on the bus reporting the CyBus error, a race condition may exist with the HIP microcode on an oversubscribed bus. The workaround on dual-CyBus platforms is to move all the HIPs onto a CyBus that is not oversubscribed.

The errors can also be caused by the failure of a marginal CI arbiter board or an RSP board. As a result of this problem, all interfaces are reset, causing forwarding to be stopped for a few seconds. [CSCdj06566]

• The bridge ID may choose a Cisco random address even for the Ethernet interface that has the MAC address. The behavior mostly happens in the first Ethernet interface. [CSCdj13302]

• The VIP PA-4R was bridging frames that were aborted by the sender. The frame is now dropped when the abort is detected. [CSCdj13409]

• When using Token Ring Adapter in a Cisco 7200 router, a very large number of receive errors on the Token Ring interface may cause the router to reload. [CSCdj16191]

• An ARP/RARP packet is dropped on a Cisco 7000 ISL subinterface. [CSCdj17002]

• For high-end systems, the Token Ring SDE interface failed to translate the packet into a token or FDDI native packet. The ping packet will fail. [CSCdj19749]

• The FDDI PA versions that support CAM are properly recognized before attempting CAM operations. CSCdi51248 must also include CSCdj23259 to avoid problems with old FDDI hardware. [CSCdj23259]

IP Routing Protocols

• When the command ip default-network is removed, the Gateway of last resort is not removed from the routing table. [CSCdi76285]

• Cisco 4500 routers may not correctly policy route when serial subinterfaces are configured and the fast-switching cache is populated. The workaround is to disable fast switching on all interfaces. [CSCdi86063]

• A router may reload if it receives an ARP request frame from a Token Ring interface and the frame has been incorrectly formatted as a Frame Relay ARP. ARP request frames that are correctly formatted for IEEE LAN media will not cause this problem. The only workaround is to remove the station sending the illegal frame from the network. [CSCdj05170]

• A BGP router running experimental code and configured using the soft configuration feature may accept a path with its own autonomous system. [CSCdj11588]

• Type 7 LSAs from a NSSA OSPF area may not be translated to type 5 LSAs in the backbone when crossing a virtual link. [CSCdj12181]

• An ICMP redirect will not be sent if there is a destination IP address entry in the fast cache. An ICMP redirect is only sent when the packet is process switched. [CSCdj16708]

• Using the show ip bgp neighbors command with the route-map deny community command does not work. [CSCdj16922]

• When first configuring IP policy routing on an interface, the requested policy routing will not take effect if the destination IP address is already in the IP route-cache. The workaround is to process the clear ip cache command after configuring IP policy routing. [CSCdj18345]

• The system may reload if AppleTalk is enabled on ATM interfaces. No workaround is available. This caveat is introduced in 11.2(6.2) and the related caveat is CSCdj16317. [CSCdj18531]

• Under certain conditions, the EIGRP variance command may not remove routes that have a higher next hop metric. To resolve the problem, issue the clear ip route command. [CSCdj19634]

• When a router is no longer the DR, it should not keep a sparse-mode interface in its outgoing interface list, even if a connected group member exists on that LAN. The sparse-mode interface should expire unless it is refreshed by a join message from a downstream router. [CSCdj25373]

• When a router running RSVP receives a PATH message containing an ADSPEC, and the ADSPEC has a Guaranteed Service (GS) fragment with zero length, the router ends up copying more bytes than necessary. This results in a modified ADSPEC that contains invalid information; if this ADSPEC is passed on to the next downstream router, the downstream router may crash.

A workaround is to send an ADSPEC with a non-zero length GS fragment, such as one containing valid GS information. [CSCdj25441]

• Turning on IP routing after assigning IP addresses to the interfaces does not take effect. The workaround is to turn on IP routing and then assign the IP addresses to the interfaces. [CSCdj26052]

Novell IPX, XNS, and Apollo Domain

• XNS routing over non-LANE ATM interfaces creates a cache entry that is never used and never freed; this may result in memory starvation. A workaround is to disable XNS route cache on the non-LANE ATM interfaces. [CSCdj09666]

• IPX cache corruption occurs when you have two Fast Ethernets in a VIP carrier (one configured for ISL) connecting to a single server with dual NICs (different external numbers, same frame type), and IPX max-paths set to 2. A workaround is to disable fast switching for IPX. [CSCdj17470]

• When LANE is configured on an ATM interface, IPX may be using the wrong encapsulation type (SNAP) rather than the default (NOVELL_ETHER) after the router is reloaded. [CSCdj21874]

TCP/IP Host-Mode Services

• Sometimes a TCP control block structure is mistakenly freed during timeout processing, and the next reference to the structure will cause the router to crash. [CSCdi91097]

• When running the Enterprise version of the Cisco IOS software, the router may not forward UDP broadcasts and UDP unicasts. [CSCdj21684]

Wide-Area Networking

• TCP header compression does not work over Point-to-Point Protocol (PPP), ISDN, and asynchronous dialer interfaces. To work around this problem, turn off ip tcp header-compression. Note that non-dialer asynchronous interfaces used for dial-in PPP access are not affected. [CSCdi19199]

• The Frame Relay traffic shaping and per-VC queuing features do not operate correctly. When you configure the frame-relay traffic-shape command, the required initialization does not occur as expected. The result is that the specified rates for transmission are not observed and the defined queuing method is not properly configured. There is currently no workaround. You are therefore advised not to configure this feature. This problem does not affect the interface-independent traffic shaping function. [CSCdi88662]

• After a data-direct VCC is created, the ATM-SIG input holding value increases. After it is cleared by a timeout, the ATM-SIG continues to hold onto memory, causing a memory leak. [CSCdj02779]

• A system may reload when a bundle is disconnected while receiving data. [CSCdj15340]

• When the shutdown and no shutdown commands are issued on a BRI interface while the primary Frame Relay interface is down, the interface comes back in standby mode. This problem also occurs when the router is reloaded with the BRI in a standby mode and the primary is down. [CSCdj16441]

• A broadcast packet is not sent over Frame Relay over an ISDN (BRI or PRI) interface resulting in loss of IP routing. The following error message is generated:

%FR-3-INCORRECT_INT: Incorrect output (sub)interface

[CSCdj16593]

• A memory allocation error occurs after a large number of modem calls are placed to an AS5200 configured for PRI ISDN. After the AS5200 starts to generate a number of these memory allocation error messages, calls cannot be answered.

The following are indicators that may be used to determine if the AS5200 is encountering this problem:

• When the AS5200 runs out of memory, MALLOC Failure messages similar to the one shown will be displayed:

%SYS-2-MALLOCFAIL: Memory allocation of 1056 bytes failed from 0x2214E776, pool Processor, alignment 0 -Process= "Net Periodic", ipl= 0, pid= 34 -Traceback= 2214D3E0 2214E542 2214E77E 2214BEC6 2214C12A 22159466 2215E86E 22140BDE 2213B688 2213B6E0

• If there is no ISDN process in the output from the show process command, and you start to see "%SYS-2-MALLOCFAIL" error messages, then the memory leak was caused by this bug.

• If there are more than 46 entries marked "Active" in the output from the show isdn history command, then the memory leak was caused by this bug. [CSCdj21944]

• VIP2 packet bus parity errors are not reported. [CSCdj23431]

• A Cisco access server may not start PPP mode for dialup connections when the line is configured with autoselect ppp. This results in the dialup connection getting dropped.

To work around this problem, use the async mode dedicated command if no login is required. If a login is required, configure no flush-at-activation, change the q2 register in the modem database, and configure for modem autoconfigure type. [CSCdj25443]

• Routers running with x25 routing enabled on releases after 11.0(14.1), 11.1(10.1), and 11.2(4.4) are susceptible to the router processor pausing indefinitely when malformed connections are made to the X.25-over-TCP (XOT) port. If this occurs the router must be reloaded to recover.

The following error message can be seen scrolling on the console if the router is in the above state.

%X25-4-VCLOSTSYNC: Interface TCP/PVC, VC 0 TCP connection corrupted

This message does not seem to occur in a normal XOT switching environment. [CSCdj25846]

• When the primary interface goes down, the secondary interface may not come up if there is a specific backup load configured. This problem does not affect backing up for a subinterface, since the backup load command does not apply. [CSCdj26048]

• Some PC-based PPP clients are not correctly autoselected into PPP mode by the Cisco access servers. This results in numerous drop calls. This problem is usually noticed when an automated dialer is used.

A workaround is to configure the asynchronous interfaces using the async mode dedicated command. Adding a second or two delay in the automated dialer's script may also fix the problem. [CSCdj26647]

• When per VC custom or priority queuing is configured prior to VC initialization, the functionality is not correctly initialized and is not activated. [CSCdj28240]

Caveats for Release 11.2(1) through 11.2(6)

This section describes possibly unexpected behavior by Releases 11.2(6) and 11.2(6)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(6) and 11.2(6)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(6) and 11.2(6)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(7) and 11.2(7)P.

Access Server

• A bus error may occur when the asynchronous interfaces of an AS5200 are not configured and there is asynchronous call activity on the unit. [CSCdj14683]

AppleTalk

• You cannot route AppleTalk with EIGRP on a Cisco 1005. [CSCdj09990]

• Spurious memory access may occur due to uninitialized idb sub-block. There is no workaround. [CSCdj12071]

• A memory leak can occur when an ARAP user fails to connect due to initialization failure. [CSCdj14393]

• AppleTalk may crash on a Cisco 4000 series platform, due to low stack. There is no work around. [CSCdj15680]

Basic System Services

• Configuring advanced queuing algorithms on a Cisco 7000 series router caused failures in IP Multicast Fast switching. To workaround this problem, use the no ip mroute-cache or no fair-queue command. [CSCdi65270]

• On a Cisco 2511 system that is configured with multiple TACACS server hosts, when the directed-request servers are down, the router traverses the entire list of configured TACACS servers before determining that TACACS is not available to use for AAA. Because directed TACACS users use a AAA system that is different from what default users use, when both directed TACACS servers are down, user authentication fails. [CSCdi92011]

• When the ntp broadcast client command is enabled, packet buffer leaks may occur unexpectedly. Deconfigure the command if this condition occurs. [CSCdj03162]

• When using compression and traffic shaping over frame relay, the traffic shaping uses uncompressed data volumes to calculate load. [CSCdj04312]

• The command copy tftp flash will fail with a TFTP "timed out" error message if the command is used between two routers running 11.1(10) (or later) and 11.2 respectively. [CSCdj05552]

• The nexthop address in the flow data export record might incorrectly be output as 0.0.0.0. [CSCdj09896]

• If you have an FDDI interface installed on an RSP router, you may see bad input packets on interfaces which are using the same pool of MEMD buffers. There will be up to one input failure per SMT frame input over each FDDI interface.

A workaround is to execute the command test rsp cache memd-fastswitch uncache each time the router is rebooted. [CSCdj10028]

• The command encapsulation frame-relay cisco erroneously causes fast-switching. The workaround is to use encapsulation frame-relay ietf. [CSCdj11883]

• Sometimes, alignment warnings may appear if you are fastswitching with custom or priority queueing enabled. These warnings signal that extra CPU cycles are necessary to process the packet. Despite the warnings, the packet is still switched correctly. [CSCdj12269]

• Even if the rlogin command has its privilege altered to level 0, it will still be treated as though its privilege level is 1 by AAA command authorization. [CSCdj14206]

• If a Catalyst 3000 on an adjacent network without any protocol address configured sends CDP updates, the command show cdp neighbor detail may reset the router. [CSCdj15708]

IBM Connectivity

• QLLC cannot use X.25 PVCs for DLSw+. The workaround is to use RSRB or to use X.25 SVCs. [CSCdi58735]

• A Cisco 7000 or 7500 series router might erroneously put the Cisco 1000 series product ID in NMVT, instead of the Cisco 7500 or 7000 series product ID. [CSCdi66847]

• Certain interface processors send up a set of logger messages which contain the details of a fatal error condition that has been detected on that card. Under some circumstances, the Cisco IOS software resets the card before all the messages have been retrieved and displayed. This results in a loss of useful information necessary to debug the fatal error that occurred on the interface processor. [CSCdi86708]

• Source-route bridging over FDDI might not pass all frames following the spanning or all-routes explorer frames. A workaround is to run Release 11.1(8)CA1. [CSCdi92160]

• A DLUR router will erroneously tear down the downstream link when it receives a dactpu "not final use" message for the downstream PU. [CSCdi92973]

• When both BNN and BAN sessions are configured on the same SLDC interface, all sessions will come down when the user deconfigures the BAN sessions. This is disruptive to existing BNN sessions. [CSCdj00497]

• The SDLC output queue can get stuck if the sdlc line-speed command is not set or if it is set to an incorrect value. The symptom is that the router stops sending SDLC frames out the serial interface, resulting in SNA session drops. The interface needs to be recycled or reset to clear the condition. The workaround is to configure the sdlc line-speed parameter to be equal to the actual line speed being used. [CSCdj01434]

• The Cisco 2520, 2521, 2522, and 2523 routers may report SDLC abort frames on low-speed ports that do not get reported on the high-speed ports or other platforms. This is because the low-speed ports count all aborts and the high-speed ports and other platforms count only aborts that are longer than 2 bytes. This is cosmetic and does not result in retransmitted frames. There is no performance impact. It is merely an indication that the transmitting device is sending erroneous bits after the trailing flag. These bits are simply ignored. No workaround is necessary. [CSCdj01488]

• A router configured for DSPU may crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdj02005]

• APPN links over RSRB might not connect if started simultaneously. A workaround is to start only one side of the link or the other. [CSCdj03501]

• In certain cases where the LU gets disconnected, VTAM could get stuck in PALUC state since the DACTLU was not being properly handled. [CSCdj03737]

• When the first connection to an SDLC-attached OS/2 system in a FRAS BNN environment fails, a successful connection can be made only by issuing the shutdown and no shutdown commands on the router's SDLC interface. [CSCdj04321]

• Cisco IOS software improperly ignores IPX SAP packets received from a VIP/4R Token Ring interface, if the SAP packets have a destination MAC address of "all stations broadcast" and a RIF (routing information field). [CSCdj04552]

• When configuration changes are made in a TN3270 server such that a new PU is added that uses a new IP address, very rarely a failure might happen and the following message is displayed:

%CIP3-3-MSG: %MEMD-3-VCNREGISTER: Invalid VCN (65535)specified

The failing "Invalid VCN number" could be different than 65535.

Also, you might see the following message if SSP is being used:

%SYS-6-STACKLOW: Stack for process SSE Manager running low...

The failure continues until the Route Processor is reloaded. There is no known workaround. [CSCdj07773]

• The router crashes when the backup code is invoked and either a no fras backup dlsw or a no fras backup rsrb command is issued. For example, the router crashes when the serial line to the Frame Relay cloud is lost, and backup is configured. [CSCdj08577]

• A buffer leak causes a crash when NSP is used over DLUR. [CSCdj10387]

• NetBIOS sessions might be unable to come up in a busy system. [CSCdj11152]

• Running DLSW and RSRB in the same router with LAN Manager can cause disruption of the LAN Manager on the RSRB connections. [CSCdj11691]

• Using QLLC/DLSw+, QLLC connections fail to be established when non-default SAPs are used. [CSCdj14080]

• In PU4/5 to PU4/5 environments, if both devices send XID NULL at the same time, a DLSw circuit will not connect. [CSCdj14201]

• The Cisco implementation of DLSw appears to shift the lf bits in the SSP header, when peering to other vendors' DLSw implementations. This may cause circuits to connect using a smaller, non-optimal largest frame size, or may cause circuits not to be able to connect at all. [CSCdj17372]

Interfaces and Bridging

• Under heavy load conditions, it is possible for the keepalive timer to go off and cause resets on the Token Ring interface. [CSCdi88713]

• When the dialer dtr command is configured, the router does not raise the DTR signal. [CSCdi92812]

• A problem occurs when the VIP2 FIFO buffers overflow, causing a write of data to SRAM to silently fail. This failure may cause a number of protocol-related failures, including but not limited to TCP checksum errors and other possible packet data errors. This problem is not limited to any particular network configuration, traffic load or other specific circumstances. [CSCdj08722]

• A problem occurs when the FDDI port adapter experiences a receive ring overrun under heavy traffic load with packet sizes larger than 512 bytes. This may cause a number of protocol-related failures including, but not limited to, TCP checksum errors and other possible packet data errors.

There is no manual avoidance - all customers using VIP2/FDDI PAs are strongly encouraged to upgrade to an image containing this bug fix. Refer to Field Alert: VIP2 Cisco Software Release Deferrals for image availability and additional information. [CSCdj09576]

• When the 90-compatible OUI is used on a source-bridge transparent command, the command is accepted and translational bridging operates correctly. A display of the configuration shows the OUI option as "90compat" instead of "90-compatible." If the router is reloaded, an error message is generated pointing to the "c" in "90compat" and the resulting configuration does not have the source-bridge transparent command included. If the command with the 90-compatible OUI is configured again, normal operation is restored. [CSCdj09688]

• On a Cisco 4000 series router, when a serial interface is configured as half-duplex, but the shut and no shut commands are issued for some other serial interface used in full duplex, then the router might become unresponsive. You must power-cycle the router. [CSCdj13056]

• PA-4R Token Ring interfaces will not completely initialize on VIP1 based Cisco 7000 systems. Attempts to initialize an interface with the no shutdown configuration command will cause the interface to go into the "initializing" state indefinitely. TRIP and RSP based VIP2 PA-4R Token Ring interfaces are not affected by this problem. [CSCdj17807]

IP Routing Protocols

• Systems running OSPF might experience a software-forced crash. There is no known workaround. [CSCdi81510]

• Internal BGP, which uses confederations, might see an apparent routing loop. This problem has been observed in two routers which are running different Cisco IOS software images. [CSCdj08110]

• If static routes are entered with the ip route command, the routes may be lost from the Enhanced IGRP topology table if they are a subnet of a network that is advertised as unreachable. However, such static routes will continue to show up in the IP routing table. [CSCdj09571]

• An RSP2 might unexpectedly reload. [CSCdj11540]

• In a router with a Simplex interface configuration, IP route cache is invalidated on the RECEIVE interface only. The IP route cache should also be invalidated for the TRANSMIT interface. [CSCdj11960]

• A multicast boundary on an incoming interface does not stop a router from giving packets to its local process, even though these packets cannot be forwarded out any interface due to this boundary. [CSCdj12030]

• The ip nhrp map command on a tunnel interface is incorrectly parsed to add an unnecessary IP mask. The workaround is to always specify the mask, and to reenter the ip nhrp maps command without masks. [CSCdj13220]

• A router will crash if you configure the maximum IRDP advertisement interval and minimum advertisement interval with the same value, as in this example:

interface e1
ip irdp
ip irdp max 10
ip irdp min 10 

The workaround is to specify different values for maximum and minimum advertisement values. [CSCdj14903]

• The system may reload if AppleTalk is enabled on ATM interfaces. No workaround is available. This caveat is introduced in 11.2(6.2) and a related caveat is CSCdj16317. [CSCdj18531]

LAT

• Illegal LAT STOP slots may be sent if a line is disconnected immediately after initiating a LAT connection. This is more likely to be seen when using protocol translation. These illegal slots cause the LAT virtual circuit to be disconnected, affecting all connections to the host. [CSCdj09876]

Novell IPX, XNS, and Apollo Domain

• XNS routing over non-LANE ATM interfaces creates a cache entry which is never used and never freed; this may result in memory starvation. A workaround is to disable XNS route-cache on the non-LANE ATM interfaces. [CSCdj09666]

• The distribute-sap-list command does not work when used to filter SAPs into an IPX routing protocol instance. You can work around this problem by filtering the same SAPs when they get redistributed, using the distribute-sap-list out command. [CSCdj15889]

• IPX cache corruption occurs when you have two Fast Ethernets in a VIP carrier (one configured for ISL) connecting to a single server with dual NIC's (different external numbers, same frame type), and IPX max-paths set to 2. A workaround is to disable fast-switching for IPX. [CSCdj17470]

Protocol Translation

• Systems doing vty-async protocol translation of SLIP or PPP over X.25 may unexpectedly restart when the incoming connection is closed, due to a race condition. This problem was introduced in 11.2(6). [CSCdj15471]

TCP/IP Host-Mode Services

• Cisco devices running small numbers of outgoing Telnet sessions (for example, a Cisco device used as a terminal server) will show unexpectedly high CPU utilizations. This is partly because of the way CPU usage is measured, and is not cause for too much concern. This problem was introduced in 11.2(6). [CSCdj11528]

Wide-Area Networking

• A Cisco 4000 series router with MBRI runs out of LIF timer blocks and NLCBs, and the ISDN interface goes up and then down. [CSCdi75469]

• Incoming calls may be blocked when lines are available. This problem starts after the router has been in use for several hours. Issuing a debug q931 command displays the following:

ISDN Se1:23: RX <- SETUP pd =3D 8 callref =3D 0x0338
        Bearer Capability i =3D 0x8090A2
        Channel ID i =3D 0xA98395
        Called Party Number i =3D 0xC1, '2817924'
ISDN Se1:23: Incoming call id =3D 0x137D
ISDN Se1:23: TX - RELEASE_COMP pd =3D 8 callref =3D 0x83
        Cause i =3D 0x80AC01 - Requested channel not available 

As a workaround, configuring scheduler interval 2500 has been effective in controlling or eliminating the problem. [CSCdi85735]

• When running over X.25, ISIS should extract the called X.121 address and use it as the SNPA. If the x25 suppress-calling command is configured on the router, ISIS does not seem to find any called address, nor can it find the SNPA. Apparently, the routine that extracts the X.121 address fails if the calling address is not present. [CSCdj00315]

• An asynchronous controller might hang and cause modems to go into a hang state. [CSCdj01441]

• This DDTS duplicates CSCdj02168, CSCdj07119, CSCdj08187 and CSCdi82010. AS5200 platforms might have hung calls; the ISDN data structure causes memory leaks and an inability to either call out or accept incoming calls.

Other ISDN platforms are affected by this bug are described in CSCdj07119 or CSCdi82010, depending upon their particular ISDN usage characteristics. [CSCdj05355]

• Deleting a subinterface causes the main interface and associated subinterfaces to vanish from the configuration. This happens when the main interface uses Frame Relay encapsulation and is a member of a channel group. A workaround is to recreate the main interface by issuing the interface serial command. [CSCdj05415]

• A router reacts incorrectly to REJ frames. Frames seem to be queued and sent twice. CSCdj08607]

• A router may reload without producing a stack trace, or might otherwise behave unpredictably, when routing an X.25 call that contains 16 bytes of Call User Data. There is no known workaround. [CSCdj10216]

• When static le-ARP entries are configured on an ATM subinterface, a router might crash if there is no LANE client on the sub-interface. [CSCdj10839]

• The number of available B channels is incorrectly incremented by the total number of B channels per interface whenever the controller or the interface is reset. This results in the dialer attempting to place calls incorrectly on resources that are actually in use. [CSCdj11181]

• Low-speed synchronous/asynchronous ports are unable to receive packets bigger than 1500 bytes. The workaround is to set the MTU on both sides of the link to less than 1498. [CSCdj11304]

• NetBIOS NBF over asynchronous interfaces does not seem to work correctly after session initialization. [CSCdj12468]

• A reload might be forced if you issue the command show dialer interface x, where x is a PRI, BRI, or dialer interface configured for multilink PPP. A work around is to use show dialer without the interface option. [CSCdj13446]

• A router sometimes fails to install dynamic dialer maps for inbound asynchronous PPP peers. This failure occurs when the router is configured for both inbound and outbound asynchronous dialing using legacy DDR, and when the remote peer is authenticated in character mode and then launched into packet mode from the router's EXEC mode.

A workaround for this is to use PPP authentication and configure the autoselect ppp command on the lines. [CSCdj14047]

• When the router receives an incorrectly formed LCP NAK frame, a "software forced crash" might occur. The actual problem is in the peer PPP software, but Cisco IOS software will be enhanced in a future release to handle such frames. [CSCdj15209]

Caveats for Release 11.2(1) through 11.2(5)

This section describes possibly unexpected behavior by Releases 11.2(5) and 11.2(5)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(5) and 11.2(5)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(5) and 11.2(5)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(6) and 11.2(6)P.

Basic System Services

• When using RSP code with HIP, TRIP, or FIP interfaces, and when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the error message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]

• Packets might not be switched over a GRE tunnel, if access lists are applied to the input interfaces. After an incoming packet has been encapsulated for a tunnel, the access list check could prevent the packet from being switched. This is caused by the access list checking the new source of the tunnel packet, resulting from the encapsulation, against the interface the packet arrived on. To work around this problem, disable access lists on the input interfaces or add the tunnel source address to the access list. [CSCdi87500]

• For Cisco 7500 series routers with multiple VIPs, if a crypto map is applied to even one interface of any VIP, one or more VIPs will crash. [CSCdi88459]

• A hold-queue length out command will not be accepted if the output interface is configured for fair queuing. Fair queuing is the default queuing mode for low-speed (less than 2Mbps) serial interfaces.

The hold-queue command is intended to configure the number of output hold queue buffers for FIFO (or FCFS) queuing. It has no meaning in the context of fair queuing. So the (intentional) design was that this command would be ignored when fair queuing was enabled.

When fair queuing has been configured, you may use the fair-queue command to control the number of output buffers which may be used by fair queuing. [CSCdj01870]

• Telnet sessions may pause for up to 20 seconds at a time. Any keystroke will break the pause. [CSCdj06450]

• An error was introduced by CSCdi75522, but only in Release 11.2. Releases beginning with 11.2(4.5), 11.2(4.5)F and 11.2(4.5)P have this error.

A symptom of this bug is intermittent dropping of datagrams through a TRIP, FIP, or HIP interface on a Cisco 7500. Another symptom is the console message "CYBus Error 08, invalid page map register." This problem does not apply to VIP interface processors on Cisco 7500 series routers. [CSCdj06955]

• On RSP systems, when maximum-size MTU packets are received by serial interface processors (including the FSIP, HIP, MIP, POSIP, and serial port adapters on VIPs that forward data to the RSP to be routed), up to 8 bytes of data might be written into the next datagram's packet memory. This could result in anomalous system behavior, including software-caused system crashes and dropped datagrams. This problem is never seen on RSP systems that do not have serial interfaces. [CSCdj08573]

• The command ntp broadcast is lost after a reload. [CSCdj09473]

EXEC and Configuration Parser

• The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software as is available with the enable password. Take care when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, and user IDs and passwords before sending. [CSCdj06881]

IBM Connectivity

• A router crash is caused by the SP microcode on a Cisco 7000 series router, whereby a buffer copy by the SP makes the RP wait too long and it takes a bus error.

There is precedence for this problem and the fix is to lower the size of the block of data being copied at any one time. [CSCdi77785]

• When running DLSw+/LLC2 over FDDI, on receiving a REJ frame from an FDDI end station, the router sends a corrupted retransmitted I-frame. The last byte of the SMAC is replaced by the DMAC value. [CSCdi91063]

• When an end station caches RIFs that it learns from broadcasts or when there are duplicate MAC addresses on each side of the DLSw cloud, DLSw will local-switch circuits between two local SRB-capable interfaces, thereby degrading SRB performance. [CSCdi91204]

• Source-route bridging over FDDI may not be passing all frames following the spanning or all-routes explorers. This problem occurs in Release 11.1(9) and Release 11.2. A workaround is to run Release 11.1(8)CA1. [CSCdi92160]

• A race condition may occur during session cleanup, which causes the DLUR router to crash or display a "Mfreeing bad storage" message for the "psp00" process. [CSCdj02249]

• Exclusively configuring DLSw+ with the icanreach netbios-name command prevents some applications, including Microsoft Windows applications, from making NetBIOS connections. The workaround is to add an asterisk (*) to the end of the NetBIOS names configured with the icanreach netbios-name command. [CSCdj04936]

• The router crashes when either a no fras backup dlsw or no fras backup rsrb command is issued only when the backup code is invoked, for example, when the serial line to the frame relay cloud is lost, and backup is configured. When the no backup command is used, the cleanup for the backup functions is invoked. The problem is that the backup function removes the lan-cep, instead of the backup-cep. When the lan-cep structure is referenced, the structure is garbage, and the router crashes. No workaround at this point. [CSCdj08577]

• Sometimes when DLSw is required to verify the NetBIOS reachability cache entry, there may be a 1-second delay before a NetBIOS FIND_NAME message is forwarded to the LAN interface. [CSCdj09865]

• The DLUR router may send a corrupt APPC frame to a DLUS if a timing window is hit when accessing multiple DLUSs. This problem may occur if there is both a primary and a backup DLUS configured and at least one PU that cannot get in to the primary DLUS (PU inactive) while other PUs are active with the primary DLUS.

This problem may cause VTAM to refuse to activate subsequent DLUR/DLUS pipes for all DLUR NNs. "/d net,dlurs" shows the DLUS conwinner state as reset and the conloser as active.

The workaround to prevent the DLUR router from sending this corrupt frame is to reconfigure the DLUR routers without a backup DLUS coded. [CSCdj10485]

Interfaces and Bridging

• IPX with integrated routing and bridging (IRB) does not work over serial interfaces if the encapsulation on BVI interface for IPX is 802.2(SAP) and 802.3(Novell-ethernet), encap arap(ethernet_ii) works fine. This problem occurs when a serial interface is configured for bridging, Ethernet interface is configured for IPX routing, and IRB is enabled to transport bridging IPX traffic to routing interface. [CSCdi56417]

• When a router is configured as a RARP server and is also configured for transparent bridging on the same interface, the router does not respond to reverse ARP requests.

The fix to this problem means that the router box can provide RARP service if configured as a RARP server regardless of its being configured as later 2 bridge only. [CSCdi83480]

• A Cisco 7200 router configured for HSRP on an Ethernet interface may send duplicate packets out the interface. [CSCdi85866]

• FDDI interfaces might stop accepting multicast packets. [CSCdi92156]

• Packets destined to the HSRP virtual MAC address will not be routed if received on a 802.10 subinterface. [CSCdj01435]

• When configuring IPX routing, a serial interface running BSTUN might be put into a down state and then come back up. Restarting the host session will bring the end-end connection back up. [CSCdj02488]

• Transparent bridging may cause high CPU utilization in Releases 11.1(8) and 11.2. A show align command can be used to confirm whether large "counts" of alignment errors are the source of the problem. The show align command also yields trace information that can be decoded to determine the source of the problem. [CSCdj03267]

• 802.10 encapsulation does not work over serial interface as it should be for Cisco 7500 and Cisco 7000 series routers. [CSCdj04777]

IP Routing Protocols

• If a router is running out of memory while running OSPF, OSPF does not check to see if one of its structures has been properly allocated. This may result in a SegV exception, thus causing the router to reload. [CSCdi64972]

• When fast switching is enabled on the system, an incorrect SVC may be created for NHRP path. A workaround is to disable fast switching. [CSCdi75617]

• If type 5 LSA exists, OSPF crashes if all the configured areas are removed by the no area area-id commands. [CSCdi78012]

• The system might reload after a show ip bgp inconsistent-as command is executed. [CSCdi88669]

• A Cisco 4500 might reload with the following message:

System was restarted by bus error at PC 0x601E4CD0, address 0xD0D0D0D
4500 Software (C4500-P-M), Version 10.3(16), RELEASE SOFTWARE (fc1)
Compiled Thu 24-Oct-96 18:32 by richardd (current version)
Image text-base: 0x600087E0, data-base: 0x60370000

The stack trace from system failure is as follows:

FP: 0x605D46B8, RA: 0x601E4CD0
FP: 0x605D46D8, RA: 0x601E4D88
FP: 0x605D46F8, RA: 0x601E50EC
FP: 0x605D4710, RA: 0x601C88E0
FP: 0x605D4740, RA: 0x601E4998
FP: 0x605D4760, RA: 0x601E5174
FP: 0x605D4778, RA: 0x60081D04
FP: 0x605D47B8, RA: 0x6006C8A4

This stack track decodes as follows:

Symbols
nhrp_cache_clear_nei
nhrp_cache_clear_nei
nhrp_cache_delete_subr
nhrp_cache_age_subr
rn_walktree_blocking_list
nhrp_cache_walk
nhrp_cache_age
registry_list
net_oneminute

[CSCdi90523]

• An extended access list that denies IP traffic and that does not require transport layer information may let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]

• After major topology changes, it is possible that the OSPF neighbor list is corrupted. The show ip ospf neighbor command might show that OSPF has adjacency with itself. This prevents OSPF from establishing adjacency with other routers on the network. More seriously, this could lead to router crash. [CSCdj01682]

• The router will crash in nhrp_find_nhs when attempting to access a network that is not being served by NHS. [CSCdj03224]

• IGRP is erroneously accepting a majornet route over an interface that is directly connected to a different majornet. [CSCdj03421]

• When the LSA with the host bits is generated, OSPF ABR handles the LSA incorrectly and reports the OSPF-3-DBEXIST error message for type 3 LSAs. [CSCdj08699]

Novell IPX, XNS, and Apollo Domain

• When a router running NLSP receives an IPX aggregate route, SAPs whose source networks match that aggregate route will be installed into the SAP with a route hop count of 255, making those services unreachable. [CSCdi91209]

• If IPXWAN is configured and the remote router is configured to allow IPXWAN Client mode, the local router will reset the link upon receiving the IPXWAN Timer Request. IPXWAN debugging will show "IPXWAN: Rcv TIMER_REQ reject Router asking for Client mode." The workaround is to disable IXPWAN Client mode negotiation on the remote router. [CSCdi93285]

• When routing IPX packets between Ethernet segments using different IPX encapsulations, a "TOOBIG" traceback might be generated when a maximum size Ethernet packet from one segment is routed to another Ethernet segment with a slightly larger IPX encapsulation size--for example, when going from Ethernet_802.3 (Novell-ether) to Ethernet_802.2 (SAP). No actual Giant packet is sent; the large packet is dropped as part of the traceback warning message. [CSCdj00849]

• On a Cisco 7200 series router running Release 11.1 or 11.2, fast switching IPX traffic to a GRE tunnel can cause unexpected system reload. The workaround is to disable fast switching on the tunnel. [CSCdj01107]

• Connected routes are not redistributed to IPX Enhanced IGRP with the proper metrics. This may cause the remote routers to use a suboptimal route if there are multiple autonomous systems configured and routes are mutually redistributed. [CSCdj04141]

• In an NLSP environment, when a more distant route is replaced by a better route, two routes for the same network might be advertised by RIP. [CSCdj04543]

• A router might reload if the no redistribute eigrp autonomous-system-number command is given under the ipx router eigrp command with a wrong autonomous system number. [CSCdj06394]

• The IPX route table may be incomplete after an interface is shut down and more than one IPX Enhanced IGRP autonomous system is configured. [CSCdj07334]

• The router may reload if NLSP is disabled on an interface. [CSCdj08009]

TCP/IP Host-Mode Services

• The initiation of Telnet or other TCP connection may fail with the error message "%Out of local ports." A workaround is to attempt the connection a second time. [CSCdi60974]

• A TCP packet still in use may accidentally get freed in IP when the packet is going out a Frame Relay interface on which TCP header compression is configured. When this happens, the following messages are logged on console:

Mar 19 08:41:23: %TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 
-Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C 
Mar 19 08:41:50: %X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted
Mar 19 08:41:52: 
TCP0: extra packet reference for pak 0x60A031D8 found: 
Mar 19 08:41:52: %TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 
-Process= "TCP Driver", ipl= 0, pid= 26 
-Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C 
Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 
Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4

[CSCdj06781]

Wide-Area Networking

• On lines running software flow control without modem control, attached devices may get stuck in a flow-controlled state if the Cisco TTY is reset while it is flow-controlling the attached device. [CSCdi60204]

• When using Frame Relay IETF encapsulation, bridging fails for Token Ring-to-serial-to-Token Ring connections. [CSCdi70653]

• The dialer hold-queue command does not queue packets when it is used with dialer profiles. As a workaround, use the legacy DDR configuration, not dialer profiles. [CSCdi84272]

• When using LAN Extender devices on a Cisco 4500, Cisco 4700, Cisco 7200, or Cisco 7500 systems, you may see a SPURIOUS error message. [CSCdi86587]

• A Cisco 4700 might repeat the following error messages:

%SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=60C43314 -Traceback= 60037A78 60039F6C 6003EF98 

There is no workaround. [CSCdi87914]

• If a no shutdown command is entered for a Group Async interface, the router might reload. [CSCdi91037]

• When using AAA accounting, a message similar to the following may be displayed:

%AAAA-3-BADSTR: Bad accounting data: too many attributes 

[CSCdj00190]

• When two routers are connected by an encrypted leased line and an ISDN backup line, if the leased line drops, the ISDN link comes up fine. However, when the leased line comes back up again, the router that placed the ISDN call crashes. [CSCdj00310]

• In some rare occasions, especially when a network management station is frequently polling Frame Relay MIB data (of the frCircuitTable) from a router being reloaded and just trying to come up, a crash might occur. [CSCdj00447]

• When the Cisco router is configured for AAA accounting and it has agreed to authenticate with CHAP, each CHAP Challenge results in an accounting attribute being created. If the peer implements the optional mechanism to repeatedly authenticate the peer with multiple CHAP Challenges, this may eventually result in the "AAAA-3-BADSTR, Too many attributes" message. [CSCdj03234]

• It is possible for the last X.25 fragment to have the M-Bit set improperly when the packet is full, but no additional data is to be sent. [CSCdj03488]

• When IRB is enabled and a BVI interface is configured, traffic through an ATM interface will cause the ATM input queue to wedge, while the BVI input queue will display negative numbers. [CSCdj04025]

• For TS014 (Australia, PRI) switch types, the following might happen: When a clear collision occurs between the CE and the network simultaneously transferring a DISCONNECT message specifying the same call, the call is not properly cleared. Neither side sends the RELEASE message to release the call, and hence the call reference and the associated call control block (CCB). [CSCdj06157]

• When you are modifying the LANE database, if you lose the Telnet session to the router, the database locks up. This is not a bug in the LANE code. A dead Telnet session takes approximately 5 to 8 minutes to be detected from the live side. Once it is detected, the live side cleans up and releases the lock. This is a Telnet feature and has nothing to do with the LANE database. The workaround is to reload the router. [CSCdj06660]

• When the CPU is very busy and running many processes, an attached ATM switch may tear down SSCOP and all SVCs because the SSCOP Poll PDUs sent by the switch are not serviced in time. The workaround is to keep other processes from using too much of the CPU. [CSCdj06928]

Caveats for Release 11.2(1) through 11.2(4)

This section describes possibly unexpected behavior by Releases 11.2(4), 11.2(4)P, and 11.2(4)F. Unless otherwise noted, these caveats apply to all 11.2, 11.2 P, and 11.2 F releases up to and including 11.2(4), 11.2(4)P, and 11.2(4)F. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(4), 11.2(4)P, and 11.2(4)F, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.2(5) and 11.2(5)P.

Access Server

• Under certain circumstances a Cisco AS5200 might reboot with the following message, visible via the show version EXEC command:

System restarted by bus error at PC 

The circumstances that might lead to this event are (in the order shown):



Have active calls on a particular DSX1 (T1/E1) interface. 

Change the DSX1 controller pri-group timeslots configuration for this particular interface. For example, the following sequence:



config terminal 
controller t1 0 
pri-group timeslots 1-4 



Shutdown the DSX1 controller via the shutdown interface configuration command. [CSCdi88556]


When you execute the show modem log command on an AS5200 access server, it may crash with a bus error. [CSCdi91563]



 Basic System Services

On RSP systems, the router reloads with a SegV error when trying to free a misqueued buffer or a buffer that is an invalid size. The buffer might contain a bad packet passed to it from another router. [CSCdi74039]

Ethernet interfaces might experience XBUFHDR and INVRTN errors. [CSCdi75404]

On RSP systems with HIP, TRIP, or FIP interfaces, when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]

The router may reload inadvertently if you respond improperly to extended ping dialog prompts. [CSCdi88443]

A memory leak occurs whenever TACACS+ is enabled. Memory is released to the EXEC process as seen via the show memory command. The leak appears to have originated in Release 11.0(10) and affects Cisco IOS software released thereafter. [CSCdi89479]

Under some circumstances, processing an SNMP Get request might result in a message similar to the following being displayed on the console: 


%SNMP-3-CPUHOG: Processing Get of lifEntry.75.34 


[CSCdi93084]




SNMP traps process can consume memory if presented with a large number of traps to deliver. [CSCdj02181]

Under unknown circumstances, the router might restart due to a Bus Error. [CSCdj02493]



 IBM Connectivity

On CIP cards, it is possible to see the adapter type from the show interface command, but this information and version information are not available from the show controller cbus command. [CSCdi26192]

In extremely rare circumstances, the router might crash while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]

The following problem has been observed in STUN/local acknowledgment scenarios involving AS/400s: The remote router expects to see an OPCODE called LINK_ESTABLISHED from the host router in order for it to transition the state from USBUSY to CONNECT. While in USBUSY state, the remote router continually sends RNR to the downstream devices. The host router will only send the OPCODE once it sees the first RR/P after a SNRM/UA exchange sequence. With other devices such as a FEP, an I-Frame can be sent prior to the RR/P, which would actually take the remote router state out of USBUSY, but the local acknowledgment states were not corresponding to the actual situation at hand. This problem was partially fixed when CSCdi65599 was fixed. Additional "checking" code was added for exceptional state cases. A workaround is to use a Cisco IOS releases that include the fix for CSCdi65599. [CSCdi61514]

You may experience connection problems with stations running NetBIOS under very old versions of DOS. The only workaround is to use the latest NetBIOS drivers available for the workstation. An indication that you may be experiencing this problem is that Windows and OS/2 stations can establish sessions properly, but your DOS-based stations cannot. [CSCdi83982]

In a QLLC environment, connection using a virtual MAC address from a pool of virtual MAC addresses may cause a connection to the wrong resource on the mainframe. [CSCdi86358]

An invalid packet might be received from the VTAM NN, resulting in the CP-CP session being torn down. [CSCdi87217]

When using NSP over DLUR, the router may leak small buffers. [CSCdi87320]

When source-route bridging is enabled on a Cisco 7500 router in a Token Ring environment, if the router receives a packet that is to be routed but that contains a RIF, the router misclassifies the packet, treating it as a source-route bridge packet, which causes it to be discarded. This may cause intermittent failures of routed protocol sessions. There is no known workaround. [CSCdi87321]

For LU0-LU0 traffic the extended BIND may contain unformatted user data fields. The NN rejects the BIND and hence the session will never start. [CSCdi87365]

Configuring the output-lsap-list command on the local Token Ring interfaces does not block broadcast traffic from a DLSW peer. The workaround is to use a filter at the DLSW level on either router or to block the traffic with an input-lsap-filter command at the remote peer. [CSCdi88593]

When running multiple, large file transfers across DLSW using FST, transport sequence errors may occur causing the job to abort. This can be seen using the show dlsw peer command. A sequence error occurs when a numbered FST (IP) packet is received by the DLSw peer and the sequence number does not match what the peer expects. [CSCdi89838]

The DLUR router may fail to establish new LU-LU sessions after encountering a race condition during session activation and deactivation. Messages similar to the following may be displayed on the router console when attempting to start new sessions. APPN must be stopped and restarted to clear the problem:


IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5 
%APPN-0-APPNEMERG: Assertion failed in ../scm/xxximndr.c at line 158 
-Process= "xxxims00", ipl= 0, pid= 58 
-Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4


[CSCdi90117]




PEER INVALID trace messages are displayed on the console. Also, in Releases 11.1 and 11.2, the session on the peer-on-demand does not come up for quite some time. [CSCdi90953]

A router configured for DSPU may crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdi91368]

On Cisco 7000 systems, packets that are fast switched from CIP to FDDI might be dropped by some Layer 2 switches because one additional byte is being added to the FDDI frame. The problem does not occur on RSP systems. A workaround is to use autonomous or process switching. [CSCdi91417]

The router might crash if you enter the debug source error, debug llc2, or debug local command. [CSCdi92503]

When running DLSw+ local switching from SDLC/QLLC to Token Ring/Ethernet, if the XID negotiation is delayed or ends abnormally, a memory leak may occur. [CSCdi92511]

The DLUR router may crash with a "SegV exception" or an "Illegal access to a low address" message because of a DLUR memory corruption problem. This error results from a race condition that usually occurs when DLUR sessions are going up and down. The stack trace after the memory corruption usually indicates Mget_x. [CSCdi92947]



 Interfaces and Bridging

The show diagnostic command does not display Fast Ethernet Interface Processor port adapter information. [CSCdi33967]

The Cisco 7500 router in a transparent bridging environment might suffer memory fragmentation such that the largest available memory block is 120k. [CSCdi67513]

A problem occurs when performing a getnext operation on the dot1dTpFdbTable in the Bridge MIB. A getnext will not retrieve a request of index + 1 and will instead return the lexicographically next index. An example of this behavior follows:



If the table has the entries with indices of 


0000.0000.0001 0000.0000.0002 0000.0000.0003 0000.0000.0005 


a getnext of 0000.0000.0002 returns the index 0000.0000.0005 because 0000.0000.0003 is the index requested + 1 


a getnext of 0000.0000.0003 returns the index 0000.0000.0005 because 0000.0000.0005 is greater than the requested index + 1. [CSCdi84559]




A problem occurs when the router is configured for Integrated Routing and Bridging (IRB). The problem affects all platforms. A bad decision in the forwarding of packets whose destination is not in the bridge table could cause the router to reload. [CSCdi92194]



 IP Routing Protocols

IGMP and PIM should support multicast addresses (for example, c000.0004.0000) as configurable options on Token Ring interfaces instead of requiring broadcast address (for example, ffff.ffff.ffff). [CSCdi83845]

Configuring OSPF NSSA (Not So Stubby Areas) may affect the way routes are redistributed into OSPF. This defect was first observed in Release 11.2(3). [CSCdi88321]

A prefix that has the "no-export" community string set from an inbound route map is incorrectly advertised to EBGP peers. A workaround is to configure a route map to set "no-export" community on the outbound side of the peering router instead. [CSCdj01351]

It is possible for memory corruption and memory leaks to occur when PIM packets are sent. [CSCdj02092]

Under certain timing-related circumstances, the use of per-user routes might cause a router to reload when the interface that caused the routes to be installed goes down. This is because both the IP background process and the per-user code attempt to remove this route. [CSCdj02347]



 ISO CLNS

If minimum-sized (or sweeping-sized) CLNS pings are performed and the CLNS source and destination addresses are very long, the system may fail. The workaround is to raise the minimum ping size to at least 63 bytes. [CSCdi91040]



 Novell IPX, XNS, and Apollo Domain

When a device running LANE is configured as a LEC, it does not acknowledge any secondary IPX networks with frame types different from the primary. The debug ipx packet command displays these received packets as "bad pkt." Only packets that arrive with the same IPX frame type as the primary IPX network on the ATM interface of the router are properly accepted. [CSCdi85215]

In a redundant IPX Enhanced IGRP network running IPX incremental SAP, the router's SAP table SAP information may contain out of date information, such as the socket number if the socket number is changed from its initial advertisement. [CSCdi85953]

SPX keepalive spoofing will cease to spoof after a router has been up for 24+ days. The debug ipx spx-spoof command shows packets being skipped at the time when they should be spoofed. The only workaround is to reload the router once every three weeks. [CSCdi86079] 

XNS RIP requests for all networks causes normal periodic RIP updates to be delayed or skipped. [CSCdi90419]

When IPX incremental SAP is running, the router's SAP table may not contain all the SAPs in the network if one of it interfaces goes down and comes back up later. [CSCdi90899]

When running IPX incremental SAP, the router may not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]



 TCP/IP Host-Mode Services

A Telnet session with a nonzero number of unread input bytes cannot be cleared. [CSCdi88267]

IP packets with valid TTLs (of varying values) received on a VIP2 serial port adapter or FSIP (both on RSP2 platform) with TCP header compression are intermittently dropped. The router sends an ICMP Time Exceeded message to the source. 



The show ip traffic command indicates that the ICMP Time Exceeded counter increments. 


A workaround is to turn off TCP header compression. [CSCdj01681]




 VINES

If you add a VINES static route of equal metric for an alternative path when the vines single-route command is configured, the system may reload. The workaround is to delete the static route or enter a no vines single-route command. [CSCdi92190]



 Wide-Area Networking

Under certain circumstances, a group of four serial ports on a Cisco AS5100, Cisco 2509, 2510, 2511, or 2512 router can become unresponsive. Only a reload will solve the problem. [CSCdi58103]

In certain environments, I/O and processor memory are being consumed by processes in the router, primarily the Critical Background process, and the router runs out of memory after 29 hours of operation. [CSCdi80450]

When using a 4ESS PRI to place an international call (011), the call might be rejected with the error "cause i = 0x839C - invalid number format." [CSCdi81069]

Using the command no pri-group while traffic is being passed may result in a bus error. The command may be used safely when no traffic is being passed. [CSCdi82055]

The dialer hold-queue command does not queue packets when it is used with dialer profiles. As a workaround, use the legacy DDR configuration, instead of dialer profiles. [CSCdi84272]

Random restarts because of bus errors occur at least two to three times per day. The problem may be in the DDR software. [CSCdi86765]

When TEST/XID packets are received by a LANE client, the router may crash. There is no workaround for this problem. [CSCdi90868]

Under heavy call volume, the router may not return memory to the free pool when it is no longer needed. This will eventually result in a low-memory or no-memory condition, which may manifest itself in several different error messages. [CSCdj02481]



 Caveats for Release 11.2(1) through 11.2(3)
 This section describes possibly unexpected behavior by Releases 11.2(3), 11.2(3)P, and 11.2(3)F. Unless otherwise noted, these caveats apply to all 11.2, 11.2 P, and 11.2 F releases up to and including 11.2(3), 11.2(3)P, and 11.2(3)F. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(3), 11.2(3)P, and 11.2(3)F, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
 All the caveats listed in this section are resolved in Releases 11.2(4), 11.2(4)P and 11.2(4)F.

 Access Server

In a Cisco 5200 running Release 11.2(3.0.3), if a T1 interface is placed into loopback as a result of excessive "runt" (short frame) errors, the Cisco AS5200 will not automatically recover (un-loopback) the T1 after the error condition is corrected, even though console messages may indicate this has occurred. 



It is still possible to manually un-loop the T1 via the no loopback interface configuration command. [CSCdi84028]




The OOB port of a modem on a Cisco 5200 might become unresponsive. To recover the modem, issue a clear modem slot/port command. [CSCdi85028]



 AppleTalk

A router will crash when an incomplete AppleTalk fast switching cache entry is used. This happens when the cache entry is updated with another output interface and within a small timing window. There is no workaround. [CSCdi77772]



 Basic System Services

On a Cisco 7000 router, some process stacks can run low on heap space, possibly causing memory corruption under the following conditions: debug messages are enabled, logging is output to a buffer rather than to the console (via the no logging console command), OSPF is the routing protocol in use (router ospf n), routes are redistributed into OSPF from another protocol (for example, via the redistribute rip subnets command), and the OSPF or redistributed networks are in flux (flapping). Under these conditions, logging the debug messages to the console has no adverse effects. [CSCdi68387]

The IP named access list cannot be configured via HTTP access. The command works manually (via terminal), but there is no option to enter it via the browser page access. [CSCdi79249]

On a Cisco 7200, PCMCIA Flash card insertion or removal might, under some conditions, cause a system reload with a PCI bus system/parity error. This defect is resolved in Release 11.1(8.1), 11.2(3.1), and later releases. [CSCdi80691]

Authenticated NTP packets will be ignored. There is no workaround to this problem. [CSCdi82459]

A router configured with HTTP enabled, AAA enabled, login set to the default of local authentication, and a blank username will enter an infinite loop which will set off the watchdog timer, causing the router to reload. [CSCdi84663]

Accessing a non-existent interface and then a valid interface using ClickStart may cause the router to crash. [CSCdi87125]



 IBM Connectivity

Cisco 4700 router Token Ring interfaces intermittently fail. You must recycle the router to bring back the interfaces. [CSCdi70398]

The router crashes when you enter the show lnm station command. This might happen when there are many ring status changes, for example, when stations are added to or removed from the ring. This problem is platform independent. The workaround is to disable LNM. [CSCdi72954]

APPN alerts are currently only sent over an LU6.2 session. It is a requirement to be able to configure these alerts to be sent over a SSCP-PU NSP session. [CSCdi73663]

When running DLSw remote or local switching between QLLC/SDLC/VDLC and a Token Ring, if the Token Ring's largest frame (lf) is less than 4472, the circuit will not connect. 



The output of debug dlsw reachability or debug dlsw reachability error indicates an lf mismatch condition detected by DLSw. This condition should not be flagged as an error. The smallest lf across the entire path should be used for the circuit. [CSCdi77805] 




If a configuration session timed out or was dropped while in a command configuration mode, the next attempt to enter that configuration mode might fail, with the following message being displayed: 


The TN3270-server feature is currently being configured 


[CSCdi80173]




A router might reload when more than 125 sessions on the router are using QLLC/DLSw+ conversion. [CSCdi84896]

When a downstream PU2.0 stops by issuing a REQDISCONT to a DLUR router, the DLUR router may loop continuously, restarting the link to a downstream PU2. In this case, the DLUR router sends a corrupted packet to the host instead of a REQDACTPU. [CSCdi86769]



 Interfaces and Bridging

Kille packets when bridging on an FDDI interface receive a packet with DSAP and SSAP = 0xaaaa and length less than 21 bytes, can cause havoc. On systems running Release 11.0(9.3) or 11.1(4), the following message is seen: 


CBUS-3-INTERR: Interface 6, Error (8011) 


This error occurs because bridging sees "aaaa" and assumes it is SNAP encapsulated. Because SNAP-encapsulated packets have a minimum length of 21, the bridging code subtracts 21 from the original length of the packet (20) when queuing it on the outbound interface. The result is the length of an outbound packet is -1 or 65535 bytes. This causes the SP to become confused and write over low core, causing an 8011 error. [CSCdi65953]




On Cisco 7000 and Cisco 7500 series platforms that have FSIPs, transmitter delay does not seem to be working correctly. There is no workaround. The fix for this problem is fixed in Releases 11.2(3.1), 11.1(8.3), 11.2(3.1)F, and 11.2(3.1)P. [CSCdi72431] 

When using FDDI with subinterfaces and Secure Data Exchange (SDE) encapsulation, configuring transparent bridging on a subinterface caused OSPF to die on the complete interface. [CSCdi72969]

On Cisco 7000 series RP/SP routers, reloading the router after adding new interfaces (IPs) or swapping different IPs in slots (for example, a FIP and a FSIP) might result in losing the configurations for the serial subinterfaces. The interface command encapsulation may also be lost. The serial interface configuration changes back to default state of HDLC. 



You can determine if this defect is affecting your system by checking the output of the show config command. If the affected interface is a serial interface (for example, FSIP or HIP), and the original configuration for the serial interface is displayed, it is this defect. 


A workaround is to EOIR the new card, configure it, and perform write memory prior to reloading. [CSCdi79523]




 IP Routing Protocols

When OSPF is configured with the default-information originate router command to generate default information, OSPF is prevented from installing the default information advertised by other OSPF routers. This causes a problem if OSPF does not really generate the default because a certain condition is not satisfied, for example, the gateway of last resort is not set. [CSCdi80474]

In very obscure cases involving equal-cost backup routes to a failing route, it is possible for Enhanced IGRP to be caught in a "stuck in active" state (self-correcting after several minutes). There is no workaround to this problem. [CSCdi81791]

OSPF can lose a neighbor periodically over a slow link when the OSPF database is refreshed, which generates many OSPF packets. There is no workaround. [CSCdi82237]

An error might occur and cause the following messages to appear:


System restarted by error - Zero Divide, PC 0x38EF0C (0x38EF0C:_igmp_report_delay(0x38eec6)+0x46)


[CSCdi83040]




When using BGP, prepending autonomous system paths using an incoming route map can cause a memory shortage in the router. The workaround is to use other methods, for example, setting the neighbor weight, to influence path selection. [CSCdi84419]

A router might advertise a combination of unicast and DVMRP routes in excess of the configured route limit (but no more that two times the limit). The workaround is to configure a lower route limit. [CSCdi85263]



 ISO CLNS

After removing a static CLNS route, ISO-IGRP prefix routes may be seen to count to infinity around a looped topology. The workaround is to use the command clns router iso-igrp domain to break the loops in the CLNS topology until the routes age out. [CSCdi78048]

CSCdi78048 introduced a bug that ISO-IGRP will not redistribute the local ISIS route. [CSCdi85861]



 Novell IPX, XNS, and Apollo Domain

NLSP links may reflect incorrect source network/node addresses in the routing tables. This does not hinder connectivity to other IPX networks when going from a Cisco device to a Cisco device. However, certain non-Cisco routers may not correctly process the incorrect address and NLSP routing might fail. [CSCdi68981]

Routers configuring for IPX Enhanced IGRP with parallel paths might reload. The workaround is to run IPX RIP. [CSCdi84739]

The ipx down network-number command might appear unexpectedly in the output of a write terminal command, and this command might be written to nonvolatile memory with the write memory command when the interface is down but you have not issued an ipx down command on that interface. There is no workaround. The unwanted command does not appear when the interface is up. If the unwanted command appears in nonvolatile memory, issue a no ipx down command followed by a write memory command when the interface is up to clear the undesired command from memory. [CSCdi85453]

IPX does not work in Release 11.2(3.2) because of CSCdi80447, which introduced a broadcast mechanism for clients on the same IPX network separated by WAN links. There is no workaround. [CSCdi85856]



 Protocol Translation

While performing TCP to X.25 protocol translation, the router might continuously try to negotiate Telnet window-size, causing high CPU utilization. [CSCdi86983]



 TCP/IP Host-Mode Services

A router will reload if TCP tries to repacketize a packet that has an invalid packet reference count. [CSCdi87175]

TCP data structure gets clobbered if an RST is received while the application is half way through closing the connection. The local TCP will go into an endless loop trying to send the last FIN to its peer. A typical symptom for the problem is that the CPU usage becomes very high, and the application that is doing the close will be stuck in TCP forever. [CSCdi88063]

TCP gets into an endless ACK war with its peer, if the application on both ends has stopped reading data. A typical symptom is that CPU usage becomes very high on the router. A possible workaround for the problem is to clear the tty/vty line that owns the TCP connection in the ACK war. [CSCdi88065]



 VINES 

Routers that are connected via extremely slow links that have a large routing table, for example, a table with more than 300 entries, do not receive a full routing update before the reassembly timer expires. The symptom is that routes repeatedly appear and then age out. The workaround is add access lists to eliminate some of the unneeded routes. [CSCdi79355]



 Wide-Area Networking

The output hold queue holds all buffers that are being kept in output queue because of traffic shaping. This slows down traffic for other VCs, causing the traffic to traverse the complete queue before it can leave the system. [CSCdi74940]

Dial-on-demand (DDR) load balancing does not forward packets correctly when the system dials out via the dialer load-threshold command and more than one remote device is connected by either dial-out or dial-in. This problem typically occurs on a PRI with dialer load threshold configured, but may also occur on BRI or multiple DDR interfaces in a dialer rotary group when more than one remote device is connected. As a workaround, remove the dialer load-threshold command. [CSCdi76324]

IPX fast switching with multiple route paths over multiple ATM/LANE interfaces/subinterfaces may cause random system reloads. The workaround is to use only one ATM/LANE IPX path, set ipx maximum-paths 1, or use ipx per-host-load-share to force only one interface to be used. [CSCdi77259]

The output of the show version may indicate that the system was restarted because of a bus error at PC 0x2227A8F6, address 0xD0D0D39, when there is no apparent cause for the reload. [CSCdi83848]



 Caveats for Release 11.2(1) through 11.2(2)
 This section describes possibly unexpected behavior by Releases 11.2(2) and 11.2(2)P. Unless otherwise noted, these caveats apply to all 11.2 and 11.2 P releases up to and including 11.2(2) and 11.2(2)P. The caveats listed here describe only the serious problems. For additional caveats applicable to Release 11.2(2) and 11.2(2)P, see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
 All the caveats listed in this section are resolved in Release 11.2(3) and Release 11.2(3)P.

 Basic System Services

AGS+ routers with first generation FDDI cards (CSC-C2FCI) do not support translational bridging, and are no longer supported. They use encapsulated bridging. The second-generation AGS+ FDDI cards (CSC-C2FCIT) support both translational and encapsulated bridging. 



Encapsulated bridging does not work on the Cisco 7500 router. The workaround to bridge between the AGS+ and a Cisco 7500 router is to use CSC-C2FCIT cards in the AGS+ and configure translational bridging. 


The disadvantage of using encapsulated bridging is that it cannot use the hardware bridge filtering capabilities of the CSC-C2FCIT cards, which have a CAM built into them that is used to perform bridge filtering. When encapsulated bridging is used, the main processor must perform all bridge filtering. This means that one busy encapsulated bridging FDDI network can consume the entire bandwidth of the router's main processor, just for bridge filtering. Cisco discourages the use of encapsulated bridging. [CSCdi46862]




In cases where an accountable task has a duration shorter than the time required to contact the TACACS+ accounting server, the stop record may be discarded without being transmitted to the server. [CSCdi70312]

A device with RMON enabled may reload if free memory gets too low. [CSCdi74278]

Timer-related functions, such as NTP and routing update intervals, do not work correctly in Revision D Cisco 4700 routers. Also, Revision E Cisco 4700 routers are recognized by SNMP as "4700" instead of "4700M." [CSCdi75353]

You may experience router reload after seeing the following message: 


%SYS-3-TIMERNEG: Cannot start timer (0x1E4388) with negative offset (-495928). 
-Process= "Per-minute Jobs", ipl= 0, pid= 37 
-Traceback= 22157D7A 22154320 221A17EA 2215F45C 2213E074 


High CPU utilization may be seen prior to the message and reload event. [CSCdi76126]




 IBM Connectivity

QLLC devices that are connected through a router using QLLC/LLC2 conversion might occasionally experience poor response time. [CSCdi44923]

In a parallel SDLLC network, the ACTPU RSP is never received by the host. [CSCdi55142]

Online insertion and removal (OIR) of an IP in a Cisco 7500 series router equipped with a CIP and another IP that has the same size MTU as the CIP can cause the router to crash with a cBus error. [CSCdi59377]

QLLC DLSw cannot reconnect after a failure. The following assert message is displayed:


%CLS-3-CLSFAIL: CLS: Assertion failed: file "../srt/qllc.c", line 4352 !"QSapAddCepFailed"


[CSCdi64840]




On a Cisco 7000 router running an RSP7000 with Release 11.1(6), CIP microcode cannot be read if it has been loaded into bootflash. The workaround is to load the CIP microcode into Flash. [CSCdi72463]

Data-link switching (DLSw) sometimes cannot handle disconnects being issued by two stations that are in session if the stations have a requirement to reestablish a session in less than 3 seconds. The first disconnect is answered with a UA message but the second is not responded to until the station resends the disconnect message (DISC). After the DISC is resent, a DM message is sent to answer. [CSCdi73204]

Frames coming from a High-Speed Serial Interface (HSSI) are sometimes dropped. This problem occurs when a Cisco router has remote source-route bridging (RSRB) configured direct over a HSSI interface. The HSSI interface shows that the packets are forwarded on the interface itself, but the packets are not passed to the source-route bridging (SRB) process. The show source command on FHDC-1 shows receive cnt:bytes 0, and the show interface h 5/0 command shows nonzero packets are input. [CSCdi73357]

When many sessions are created and then torn down over an ISR network, a memory leak might occur in the router. [CSCdi73676]

DLSw+ backup peers continue to accept new connections after the primary link is restored. This continues until the backup link is torn down when the linger time expires. [CSCdi73864]

When running APPN over RSRB virtual stations where RSRB local acknowledgment is being used, the secondary station may hang upon sending data. The most common symptom is that only one of the two CP-CP sessions becomes active with the partner node. [CSCdi74906]

A Cisco 7206 running Release 11.1(6.4) fails to source-route-bridge IP packets (no ip routing). The workaround is to route IP. [CSCdi75477]

If SNA/DSPU receives a RECFMS frame that contains control vectors and the RECFMS cannot be forwarded to the focal point host for any reason (for instance, the focal point is inactive), the negative response sent by DSPU causes the router to display the BADSHARE error and deactivate the connection. [CSCdi76030]

If a BIND request is received before the Notify response has arrived, DSPU will reject the BIND request with sense code 0x80050000. [CSCdi76085]

When two or more FEPs at a central site, each with the same TIC address, are connected to a different Token Ring and a different DLSw peer router, a remote SDLC attached PU2.0 device will not establish a session to the back-up FEP if the first is taken offline. This problem does not affect PU2.1 devices. [CSCdi76575]

When using DLSw+ to communicate with non-Cisco devices, the Cisco platform might not deal with incoming transport keepalive packets in an appropriate manner. [CSCdi78202]

When stun remote-peer-keepalive is enabled in a locally acknowledged STUN-over-Frame Relay configuration, STUN peers constantly reset due to incorrect handling of STUN keepalives. [CSCdi78480]

After SDLC sends 3 XID NULLs upstream to a host and receives no response, SDLC stops sending the XID NULLs and the SDLC device will never connect. This condition can occur if the remote peer connection is down because of a WAN connectivity outage or because the host or server is inactive and does not respond to XIDs. To clear this condition, remove the sdlc address address command from the configuration and then reconfigure this command on the SDLC interface. [CSCdi79498]



 Interfaces and Bridging

When IP routing is configured on an ISL subinterface, the extra 26-byte ISL header reduces the maximum IP packet size that can be sent over the ISL subinterface from 1500 to 1498 bytes, 2 bytes less than the normal size. This problem is a result of the fix for CSCdi39484. [CSCdi71140]

Cisco 3000 series routers with MK5025 serial interfaces may halt unexpectedly on system startup. There is no workaround. [CSCdi71715]

If transparent bridging and an IP address are configured on a VIP FastEthernet or Ethernet interface, duplicate packets may occur on LANs directly connected to the VIP interface. In particular, Unicast DODIP packets between two workstations on a segment on which the VIP2 interface is attached can be incorrectly duplicated by the router. Duplicate packets can also occur when running bridging and any other protocol in this type of configuration. 



In addition, if VIP Ethernet is used with multiple unicast protocols such as HSRP, packet duplication can occur on the LAN segment. These problems can significantly degrade RSP performance. If your configuration is listed here, obtain a maintenance release that corrects this problem. [CSCdi71856]




Under certain conditions Spanning-Tree Protocol can cause a memory leak. The symptom is small buffers being created but not released. (Created count rises but the Trims count does not in the show buffer. Also, show memory indicates that the memory available is being reduced. [CSCdi72783]

In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory, or when changing the serial encapsulation (for example, from HDLC to SMDS) or when doing OIR of another card in the chassis: 


%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0 


The show diag x command reports that the board is disabled, wedged. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi73130]




Policy routing on a Cisco 7000 router with silicon-switching enabled does not function correctly. As a workaround, manually disable silicon-switching on each of the interfaces with the no ip route-cache sse command. [CSCdi77492]

In a Cisco 7206 router, when source-bridge is enabled, the router may stop sending packets on the Token Ring interface. [CSCdi78494]



 IP Routing Protocols

ATM (RFC 1483) input queue becomes blocked with queue full 151/150. This causes the PIM process to terminate under certain conditions such as deconfigurng PIM on an interface. [CSCdi72840]

A problem occurs when a router with a single interface is running OSPF as a broadcast/nonbroadcast network. If the single interface is shut down and is brought back up within a 5-second interval, a race condition is created that causes the router to crash (or spurious access). The crash occurs if you are running Release 11.2. In previous releases, this bug causes spurious access. [CSCdi74044]

Configuring RSVP over an interface without configuring UDP encapsulation for RSVP can result in memory leaks. 



The workaround is to configure RSVP-UDP encapsulation for all RSVP-enabled interfaces. [CSCdi74212]




If OSPF demand circuit feature is enabled over interface which is protocol down, the router will crash. [CSCdi74862]



 ISO CLNS

If an interface is down when it is configured as passive for IS-IS, it will not be advertised in IS-IS link state packets when the interface comes up. The workaround is to unconfigure the interface and then reconfigure it as passive after it is up. [CSCdi76431]



 Novell IPX, XNS, and Apollo Domain

On Cisco 7200 series routers, IPX fast switching of various encapsulations of IPX including IPX over ISL may produce packets that are ignored by the receiving host. A workaround is to disable IPX fast switching using the no ipx route-cache command. Note that this workaround causes increased router overhead. [CSCdi73231]

NLSP may reflood LSP fragments unnecessarily, including both changed and unchanged fragments. Typically this is not a problem on LAN circuits. However, this can present bandwidth-related problems on low speed WAN circuits, especially as the size of the network increases. 



The flooding behavior masks a problem where services may be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third-party routers are present on the same link. [CSCdi74487]




VPDN uses loopback interfaces, but IPX and SPX spoofing are not allowed on loopback interfaces. [CSCdi76227]



 TCP/IP Host-Mode Services

When a Cisco 4500 or Cisco 7000 router is configured to use FTP or RCP to take an exception dump and an exception happens with validblock in the stack trace, the core dump operation fails and a core file cannot be obtained. As a workaround, if validblock is in the stack trace, use TFTP to take the exception dump. This means that the exception dump is limited to 16 MB. This is a known TFTP defect. [CSCdi75757]

Non-TCP reverse connections to lines may corrupt memory, resulting in a software-forced crash. This problem was introduced starting in Releases 10.3(15.1), 11.0(11.1), and 11.1(6.1). [CSCdi79310]



 VINES

VINES broadcast packets are forwarded away from the source. If the immediate router toward the source of a broadcast packet has a neighbor entry but no associated path, the system may halt. This kind of dangling route is rare and is considered to be a timing-related issue. [CSCdi75345]



 Wide-Area Networking

The VIP2 might crash with a context dump that shows register $0 = 0xffffffff. The cause register and S registers might also contain 0xffffffff. The register content reflects the fact that the VIP2 is experiencing a fatal CyBus or PCI bus error and the context for the processor has not been fully saved. A workaround that allows viewing of the PCI bus or CyBus error is available on a case-by-case basis by using an undocumented, not fully supported feature of the VIP2. The fix for this problem allows the fatal error to be displayed on the RSP console. [CSCdi66567]

PRI ISDN calls may be dropped on heavily loaded Cisco 7513 routers with multiple PRIs. The following error is displayed when this occurs: "BRI Error: isdn_fromrouter() msg dequeue NULL." [CSCdi66816]

Some ISDN PRI NET5 switches may send a Restart message with either an invalid or an unused B channel. The router should answer the Restart message with a Restart Acknowledge message for the valid B channels. If the router does not answer the Restart message, the switch may place the ISDN PRI interface "out-of-service." [CSCdi70399]

Routers are not able to detect VINES servers on LANE interfaces. [CSCdi72706]

The smallest Receive block size announced by the router is 64064 instead of 1498 as it is for Ethernet. This results in a negative smallest router blocksize reported by the show decnet interface command, and in routing problems with DEC systems. These routing problems do not appear with Cisco devices used as end nodes. [CSCdi74046]

Half-bridging of IP on DDR interfaces is broken. The symptom of this problem is that the remote devices on the bridged segment do not receive a valid reply from their ARPs to the router that is configured for IP half-bridging. [CSCdi74185]

Half-bridging of IP over dialer interfaces associated with Dialer Profile feature is broken. The symptom is the inability of remote devices in the bridged domain to communicate with devices in the routed domain. The communication failure appears to be caused by the dialer interface failing to use a valid MAC address to answer ARP requests. [CSCdi74195]

After a number of days PRI calls may be dropped and high ISDN CPU utilization may be seen. There may be some discrepancy between show dialer, which indicates free B channels available, and show isdn service, which shows all channels busy. Ultimately, a software-forced crash occurs. [CSCdi75167]

IPX routing might stop working because the router cannot find any servers. This might happen because the ipx network command is parsed before LANE commands so that, after a reload, the system reports "IPX encapsulation not allowed on ATM." [CSCdi75283]

When two routers are connected to the same destination, outbound IP fast switching on dialer interfaces does not work on the more recently connected interface. The workaround is to turn off fast switching on the DDR interfaces using the no ip route-cache command. [CSCdi75490]

At system boot-up time the following message may appear:


%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0). 
-Process= "interrupt level", ipl= 1, pid= 2 


This message means Frame Relay Inverse ARP packets are received before InARP input queue is initialized. 


This condition is harmless, but if InARP input queue is initialized later, you will not see this message except at the boot-up time. Frame Relay In ARP function will not be affected. [CSCdi75843]




The negotiation of a PPP Callback option, passing a dial string or E.164 number, will fail due to a defect introduced into Releases 11.2(1.4), 11.1(7.1), 11.2(1.4)P, 11.2(1.4)F, and 11.0(12.1). The negotiation will appear to complete successfully, but the callback will not succeed. The failure can be seen if debug ppp negotiation is set. The callback option will be marked "acked," but there will typically be nonsensical output on the debug line between "allocated" and "acked," for example, "PPP Callback string allocated ^]" acked." There is no workaround for this defect. [CSCdi77739]



 Caveats for Release 11.2(1)
 This section describes possibly unexpected behavior by Release 11.2(1). Unless otherwise noted, these caveats apply to all 11.2 releases up to and including 11.2(1). For additional caveats applicable to Release 11.2(1), see the caveats sections for newer 11.2 releases. The caveats for newer releases precede this section.
 All the caveats listed in this section are resolved in release 11.2(2).

 AppleTalk

There has been a request for additional debugging messages for the arap logging command. The requested command is arap logging debug-extensions, which enables seven advanced debugging messages in addition to the traditional ARAP logging messages. [CSCdi68276]

AppleTalk domains do not operate correctly when configured on subinterfaces. The domain properties will be applied to the main interface rather than its subinterface(s). The workaround is to disable AppleTalk fast switching. [CSCdi69886]



 Basic System Services

Multiple simultaneous copy operations to the Flash devices on a Cisco 7500 router (bootflash:, slot0:, and slot1:) will cause the router to crash. This only happens when more than one user is logged in to the router (for example, one at the console, and one via Telnet) and both are trying to perform a copy tftp flash at the same time. This is true even if the two users are trying to write to different devices. [CSCdi50888]

An RSP router can crash with a "reserved exception" error because of a software error or an error in the microcode for an interface processor. More than one problem can generate a similar error message and stack trace, which can make this problem hard to track down. See also CSCdi58999, CSCdi60952, and CSCdi60921. [CSCdi58658]

A Cisco 2511 router may reset with the error message "System restarted by bus error at PC 0x30B65F4, address 0xD0D0D29." [CSCdi69068]

On some devices, SNMP GetNext requests performed on the Cisco Discovery Protocol MIB (CISCO-CDP-MIB) can cause the device to pause for an extended length of time. [CSCdi69892]

AAA authorization and accounting transactions to the TACACS+ server can be delayed by 9 seconds if the IP address of the TACACS+ server does not exist in the local host table and DNS is not configured on the router. 



To resolve this problem, do at least one of the following: 



Add no ip domain-lookup to the configuration.

Add the IP address of the TACACS+ server to the local host table. 


Whenever the router needs to establish a connection to your TACACS+ server, it will attempt to look up your server's IP addresses. [CSCdi70032]




If a new MIP channel group is added after a microcode reload has been performed, the system must be rebooted to ensure correct operation. [CSCdi70909]

The fix for defect CSCdi51882 causes a problem in standard SunOS/Solaris Telnet servers. If the NAWS option is mistakenly sent, the Telnet server hangs instead of ignoring NAWS. This problem only affects Releases 11.0(10.3) through 11.0(11.3), 11.1(6.1) through 11.1(6.4), and 11.2(0.24) through 11.2(1.2). [CSCdi71067]



 DECnet

DECnet may fail to work properly when using an area number of 63 for L2 routers. The symptoms are being unable to ping (DECnet) between two area routers, one of which is using area 63.x, and having the show dec command report that the "attached" flag is false even though the show dec route command shows routes to it. The workaround is to use the decnet attach override command to force the router into an attached state. This command is available in Releases 10.2(7.3), 10.3(4.4), 11.0(0.13), and all versions of Release 11.1 and higher. [CSCdi69247]



 EXEC and Configuration Parser

Under some circumstances, a Cisco AS5200 may run low on memory or may run out of memory after processing more than 11,000 calls. A small amount of memory may be lost under two conditions, only when aaa new-model is configured: when a user hangs up at the "Username:" prompt, or when a user successfully autoselects with the autoselect during-login command configured. [CSCdi67371]



 IBM Connectivity

With Release 11.0 and a direct Escon-attached CIP, the host may "box" the CIP if the router is reloaded without the CIP being varied offline. This problem has not been seen with CIPs connected through a director or if the CIP is taken offline before the router is reloaded. The workaround is to vary the device offline before reloading the router. [CSCdi59440]

When the PS/2 Link Station Role is configured as Negotiable, the XID(3) Negotiation may not complete. The workaround is to configure the PS/2 Link Station Role as Secondary. [CSCdi60999]

When running CIP SNA over DLSw, the LLC2 control blocks may not get freed even when the LLC2 session is lost and the DLSw circuit is gone. The workaround is to reload the router. [CSCdi62627]

The router crashes when NSP is configured and is trying to connect back to the owning host. [CSCdi69231]

Cisco RSP7000 routers that have mixed non-VIP/VIP interfaces (e.g., TRIP and VIP-4R in the same router) may crash when configuring/unconfiguring SRB. [CSCdi69873]

A router interface operating in an SDLC secondary role will not respond to TEST P. [CSCdi70562]

When using DLSw FST, end-user sessions may not switch over to an alternate LAN or peer path after a connectivity failure. [CSCdi70709]

A defect introduced by the fix for defect CSCdi69231 may cause NSP to stop working. The releases affected are 11.0(11.2), 11.1(6.2), and 11.2(1.1). The following messages may be displayed when NSP stops working: "SNA: Connection to Focal Point SSCP lost" and "SNA: MV_SendVector rc = 8001." [CSCdi72696]



 Interfaces and Bridging

When you perform buffer changes on a serial interface with SMDS encapsulation, the changes are not recognized after a reload. [CSCdi62516]

The source-bridge ring-number command allows you to configure a ring-number mismatch. The workaround is to make sure that all bridge devices on a ring use the same ring number. [CSCdi63700]

The LAN extension interface does not function correctly. The behavior is that the LAN extension NCP negotiates and sets the LAN extension interface state to "up" and the show controller lex number command displays the message "No inventory message received from LAN Extender." Turning on the LAN extension RCMD debugging shows that every remote command is being rejected with the message "LEX-RCMD: encapsulation failure." There is no workaround. [CSCdi66478]

Small and middle buffers leak when transparent bridging on ATM is enabled. [CSCdi69237]

When an ARP packet is received from an ATM interface, the router might send out a total of two ARP packets to the Ethernet interface. [CSCdi70533]

When using the custom-queuing feature in conjunction with payload compression on HDLC or Frame Relay encapsulations, traffic regarded as "low-priority" by custom queuing might be passed uncompressed. This results in lower than expected compression ratios. [CSCdi71367]

When integrated routing and bridging (IRB) is configured, packets less than 60 bytes in size sourced by the BVI interface and going out an ATM bridged interface become runt Ethernet packets without padding inside the RFC 1483 header. [CSCdi71614]



 IP Routing Protocols

IPX Enhanced IGRP updates do not propagate if the MTU size is less than the IPX Enhanced IGRP packet size. [CSCdi65486]

When a primary active router that has gone down comes back up, it is possible that both routers might forward packets instead of just the primary. [CSCdi70693]

When virtual link is configured in OSPF, the adjacency over the virtual link will continue to flap if only one of the end points of the virtual link is running an OSPF DC-capable (11.2) image. 



There is no problem if both end points are running OSPF DC-capable images or both end points are running OSPF non-DC-capable images. There is no workaround. [CSCdi71021]




The system suffers a gradual loss of free memory whenever ip sd listen or ip sdr listen are enabled. [CSCdi72863]

It is possible for use of the DNS Name Service for alias lookups to cause the router to reload. Lookups of canonical names do not exhibit this problem. [CSCdi73022]



 Novell IPX, XNS, and Apollo Domain

If SPX spoofing fails to send a keepalive, a traceback message will be display on the system console. [CSCdi69062]

The IPX interface command no ipx route-cache has no effect on the router if an IPX network is not already configured on the interface. Normally, this command should disable fast switching on the interface as well as all its subinterfaces even though the primary interface has no IPX network configured. [CSCdi69726]

High-end Cisco routers may send XNS RIP update packets too quickly for older hosts to receive. A new global command xns rip-delay will be added to increase the interframe gap to at least 1 ms between XNS/RIP update packets. [CSCdi70357]



 TCP/IP Host-Mode Services

RSH commands executed to the router without a controlling shell return only the first 1608 bytes of data. [CSCdi69424]

The system may reload when doing DNS name validation.The fix of defects CSCdi66910 and CSCdi71158 introduced this defect. There is no workaround. [CSCdi70707]



 Wide-Area Networking

In certain circumstances, the router might reload if a dialer interface (ISDN/Serial/Async) is used for load-backup or failure-backup along with an IPX routing protocol like RIP/Enhanced IGRP and the primary and the backup interface are active. This is usually noticed immediately after the dialer interface connects. [CSCdi61504]

The VIP/VIP2 IPC overlaps some TX accumulators and makes those accumulators spurious. Those accumulators are not used until the number of interfaces is more than 20. [CSCdi67842]

Using ATM PVC and bridging, the number of ARP requests sent out depends on the number of subinterfaces created under the ATM interface. [CSCdi67980]

A reload may be required when running multilink PPP and dialer profiles. Do not enter the ppp multilink command on an interface that has either dialer pool x or dialer pool-member y configured. [CSCdi69131]

Under certain circumstances, routers hang while executing show vpdn. [CSCdi70008]

Using TACACS+ with dialback over a rotary group causes the authorization to fail for the user when the callback script aborts or finishes incorrectly, so failover to another line of the rotary occurs. The call is made, but an internal error occurs when debugging TACACS+. [CSCdi70549]

Some IPX clients, including Windows 95, change their IPX node number on every connection. This means in a DDR environment it is impossible to create a static dialer map for a dial-in Windows 95 IPX client. The workaround is to create a dynamic dialer map for IPX when a client authenticates and provides its IPX node number. [CSCdi70873] 

ISDN BRI routers may have problems bringing up multiple B-channels to the same destination. The router and PBX may also get into a Layer 3 state mismatch and continuously exchange Layer 3 messages. [CSCdi71333]



 Microcode Revision History
 The following sections describe each revision of microcode for the


Cisco 7000 series routers using a Route Processor/Silicon Switch Processor (RP/SSP) or Route Processor/Switch Processor (RP/SP) combination

Cisco 7500 series routers and Cisco 7000 series using an RSP7000 (see the section "Route Switch Processor (RSP) Microcode Revision History")




 ATM Interface Processor (AIP) Microcode Revision Summary

 AIP Microcode Version 10.16

 Modifications
 AIP Microcode Version 10.16 fixes the following:

AIP Microcode Version 20.8 may cause the AIP card to lock into a state where it transmits corrupted packets, causing a debug ATM error showing "ATM(ATM9/0.1): VC(1) Bad SAP ..." at the receive side of the ATM VC. The transmission of data is usually affected in one direction only. The problem may occur when the input traffic exceeds the average rate configured on the ATM VC, when the bandwidth of the incoming interfaces exceeds the average rate on the outgoing VC or SVC.



A workaround is either to downgrade the AIP microcode to aip20-6 or to upgrade the AIP microcode to rsp_aip205-5, or aip20-9 when available. A short-term workaround is clear interface atm 5/0 on the transmit side.


The same problem applies for aip10-15 on RP-based platforms. [CSCdi67812]




ATM traffic is lost during an online insertion or removal (OIR) event of an RSP4 card. [CSCdi66076]



 AIP Microcode Version 10.17

 Modifications
 AIP Microcode Version 10.17 fixes the following:

Online insertion and removal (OIR) causes ATM to fail in Cisco 7507 routers. [CSCdi75659]

The AIP sometimes hangs. [CSCdi60941]

The AIP microcode does not support configurable LBO settings. [CSCdi72800]

The AIP sometimes fails to set up a DS3 scramble. [CSCdi57924]



 AIP Microcode Version 10.18

 Modification
 AIP Microcode Version 10.18 fixes the following:

The VPI/VCI hash lookup in AIP is not optimal. [CSCdi69673]



 AIP Microcode Version 10.19

 Modification
 AIP Microcode Version 10.19 fixes the following:

LANE should support 9K MTU for Ethernet ELANs. [CSCdj06005]



 AIP Microcode Version 10.20

 Modification
 AIP Microcode Version 10.20 fixes the following:

The AIP does not show packets dropped due to traffic shaping. [CSCdi72246]



 AIP Microcode Version 10.21

 Modification
 AIP Microcode Version 10.21 fixes the following:

%AIP-3-AIPREJCMD with error code 0x8000 + %SYS-3-CPUHOG [CSCdj20667]



 AIP Microcode Version 10.22

 Modification
 AIP Microcode Version 10.22 fixes the following:

OIR of any card with AIP in box causes problems. [CSCdj37259]



 Fast Ethernet Interface Processor (FEIP) Microcode Revision Summary

 FEIP Microcode Version 10.5

 Modifications
 FEIP Microcode Version 10.5 fixes the following:

The FEIP MII interface fails to reset if there is OIR of another card in the router. [CSCdi82350]

There is a failure of both ping and telnet to HSRP virtual addresses on FastEthernet. [CSCdi92485]



 FEIP Microcode Version 10.6

 Modifications
 FEIP Microcode Version 10.6 fixes the following:

Under unusual circumstances the cBus restarts. This seems to happen because there is a bit set that requires a response within 20 ms. It appears that under high stress conditions the cBus is unable to respond appropriately, causing a restart. [CSCdi92811]

A Cisco 7500 router may resign its active HSRP status when configured on an FEIP if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]



 FEIP Microcode Version 10.7

 Modification
 FEIP Microcode Version 10.7 fixes the following:

Enabling FEIP in RP/SP 7000 causes the error message "CBUS-3-INITERR with Error (8021)." [CSCdj14743]



 Fast Serial Interface Processor (FSIP) Microcode Revision Summary

 FSIP Microcode Version 10.19

 Modification
 FSIP Microcode Version 10.19 fixes the following:

Transmitter-Delay does not work in DTE/DCE mode. [CSCdi72431]



 MultiChannel Interface Processor (MIP) Microcode Revision Summary

 MIP Microcode Version 12.1

 Modification
 MIP Microcode Version 12.1 fixes the following:

A channelized T1 remote interface loop might report failure. [CSCdi76327]



 MIP Microcode Version 12.2

 Modifications
 MIP Microcode Version 12.2 fixes the following:

The MIP loopback remote command causes IPs to crash. [CSCdi69074]

MIP framing changes from Super Frame (SF) to Extended Superframe (ESF) after a microcode reload. [CSCdi71556]

MIP channel creation may cause output stuck on others. [CSCdi74075]



 Token Ring Interface Processor (TRIP) Microcode Revision Summary

 TRIP Microcode Version 10.4

 Modification
 TRIP Microcode Version 10.4 fixes the following:

A SpyGlass problem causes the command queue to the Spyglass to overflow. The symptom of this problem is a "ctrucheck" at location 0x925 in trip10-3. 



 Route Switch Processor (RSP) Microcode Revision History

 ATM Interface Processor (AIP) Microcode Revision Summary

 AIP Microcode Version 20.9

 Modifications
 AIP Microcode Version 20.9 fixes the following:

AIP Microcode Version 20.8 may cause the AIP card to lock into a state where it transmits corrupted packets, causing a debug ATM error showing "ATM(ATM9/0.1): VC(1) Bad SAP ..." at the receive side of the ATM VC. The transmission of data is usually affected in one direction only. The problem may occur when the input traffic exceeds the average rate configured on the ATM VC, when the bandwidth of the incoming interfaces exceeds the average rate on the outgoing VC or SVC.



A workaround is either to downgrade the AIP microcode to aip20-6 or to upgrade the AIP microcode to rsp_aip205-5, or aip20-9 when available. A short-term workaround is clear interface atm 5/0 on the transmit side.


The same problem applies for aip10-15 on RP-based platforms. [CSCdi67812]




ATM traffic is lost during an online insertion or removal (OIR) event of an RSP4 card. [CSCdi66076]



 AIP Microcode Version 20.10

 Modifications
 AIP Microcode Version 20.10 fixes the following:

Online insertion and removal (OIR) causes ATM to fail in Cisco 7507 routers. [CSCdi75659]

The AIP sometimes hangs. [CSCdi60941]

The AIP microcode does not support configurable LBO settings. [CSCdi72800]

The AIP sometimes fails to set up a DS3 scramble. [CSCdi57924]



 AIP Microcode Version 20.11

 Modification
 AIP Microcode Version 20.11 fixes the following:

VPI/VCI hash lookup in AIP is not optimal. [CSCdi69673]



 AIP Microcode Version 20.12

 Modification
 AIP Microcode Version 20.12 fixes the following:

LANE should support 9K MTU for Ethernet ELANs. [CSCdj06005]



 AIP Microcode Version 20.13

 Modification
 AIP Microcode Version 20.13 fixes the following:

The AIP does not show packets dropped due to traffic shaping. [CSCdi72246]



 AIP Microcode Version 20.14

 Modification
 AIP Microcode Version 20.14 fixes the following:

%AIP-3-AIPREJCMD with error code 0x8000 + %SYS-3-CPUHOG [CSCdj20667]



 AIP Microcode Version 20.15

 Modification
 AIP Microcode Version 20.15 fixes the following:

OIR of any card with AIP in box causes problems. [CSCdj37259]



 Ethernet Interface Processor (EIP) Microcode Revision Summary

 EIP Microcode Version 20.3

 Modification
 EIP Microcode Version 20.3 fixes the following:

A bad R4600 processor causes router crashes with errors such as XBUFHDR errors, INVRTN errors, and GETBUF errors. [CSCdi75404]



 Fast Ethernet Interface Processor (FEIP) Microcode Revision Summary

 FEIP Microcode Version 20.4

 Modifications
 FEIP Microcode Version 20.4 fixes the following:

The FEIP MII interface fails to reset if there is OIR of another card in the router. [CSCdi82350]

There is a failure of both ping and telnet to HSRP virtual addresses on FastEthernet. [CSCdi92485]



 FEIP Microcode Version 20.5

 Modifications
 FEIP Microcode Version 20.5 fixes the following:

Under unusual circumstances the cBus restarts. This seems to happen because there is a bit set that requires a response within 20 ms. It appears that under high stress conditions the cBus is unable to respond appropriately, causing a restart. [CSCdi92811]

A Cisco 7500 router may resign its active HSRP status when configured on an FEIP if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]



 FEIP Microcode Version 20.6

 Modification
 FEIP Microcode Version 20.6 fixes the following:

Enabling FEIP in RP/SP 7000 causes the error message "CBUS-3-INITERR with Error (8021)." [CSCdj14743]



 Fast Serial Interface Processor (FSIP) Microcode Revision Summary

 FSIP Microcode Version 20.6

 Modification
 FSIP Microcode Version 20.6 fixes the following:

Transmitter-Delay does not work. [CSCdi72431]



 FSIP Microcode Version 20.7

 Modification
 FSIP Microcode Version 20.7 fixes the following:

%CBUS-3-CMDTIMEOUT error message causes FSIP to vanish. [CSCdj00013]



 FSIP Microcode Version 20.8

 Modification
 FSIP Microcode Version 20.8 fixes the following:

%RSP-3-IP_PANIC error message causes interface resets and buffer misses. [CSCdi78086]



 MultiChannel Interface Processor (MIP) Microcode Revision Summary

 MIP Microcode Version 22.1

 Modification
 MIP Microcode Version 22.1 fixes the following:

A channelized T1 remote interface loop could report failure. [CSCdi76327]



 MIP Microcode Version 22.2

 Modifications
 MIP Microcode Version 22.2 fixes the following:

The MIP loopback remote command causes IPs to crash. [CSCdi69074]

MIP framing changes from Super Frame (SF) to Extended Superframe (ESF) after a microcode reload. [CSCdi71556]

MIP channel creation may cause output stuck on others. [CSCdi74075]



 Token Ring Interface Processor (TRIP) Microcode Revision Summary

 TRIP Microcode Version 20.1

 Modifications
 TRIP Microcode Version 20.1 fixes the following:

A SpyGlass problem causes the command queue to the Spyglass to overflow. The symptom of this problem is a "ctrucheck" at location 0x925 in trip10-3. 

The DMA engine appears to "clock in" the memd address an extra time or increment the memd address an extra time. The obvious symptom is an "800E" (output stuck).

With transmit frames, the prototype Access Control byte is invalid (bit 0x10 is set).



 Cisco Connection Online
 Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
 Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
 CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
 You can access CCO in the following ways:

WWW:  http://www.cisco.com

WWW:  http://www-europe.cisco.com

WWW:  http://www-china.cisco.com

Telnet:  cco.cisco.com

Modem:  From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.


 For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.


 Documentation CD-ROM
 Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
 If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar, select Documentation, and click Enter the feedback form. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.