Important Notes and Caveats for Release 11.3

This section describes important notes and caveats related to Cisco IOS Release 11.3.

Important Notes

This section describes warnings and cautions about using the Cisco IOS Release 11.3 software. It discusses the following topics:

• Upgrading to a New Software Release

• Channel Interface Processor (CIP) Microcode

• Cisco 7500 Series High System Availability (HSA)

• Netbooting from VIP

• Source-Route Bridging (SRB) over FDDI

• Enabling IPX Routing

• Using AIP Cards

• Booting Cisco 4000 Routers

• Using LAN Emulation (LANE)

• Forwarding of Locally Sourced AppleTalk Packets

• Using Source-Route Transparent Bridging (SRT) and Source-Route Bridging (SRB) on Cisco 2500 and Cisco 4000 Routers

• Cisco 7000/7500/RSPx Series

Upgrading to a New Software Release

If you are upgrading to Cisco IOS Release 11.3 from an earlier Cisco IOS software release, you should save your current configuration file before installing Release 11.3 software on your router.

Refer to Product Bulletin 703, Cisco IOS Software Release Upgrade Paths and Packaging Simplification for more information regarding software upgrades.

Channel Interface Processor (CIP) Microcode

CIP microcode is now available as a separate image, unbundled from the Cisco IOS image. CIP microcode (for the CIP or Second-Generation CIP [CIP2] card) resides only in router Flash memory as multiple files. The router loads a "kernel" to the CIP (based upon hardware revision), and the CIP selectively loads and relocates the software it requires from the router's Flash memory. The CIP image is available on preloaded Flash memory cards, on diskette, or via FTP from Cisco. Every version of Cisco IOS Release 11.3 has a corresponding version of CIP microcode. Refer to the Channel Interface Processor (CIP) Microcode Release Note and Microcode Upgrade Requirements publication (Document Number 78-4715-xx) for information about the recommended pairs of Cisco IOS Release 11.3 and CIP microcode.

Consider the following before using Cisco IOS Release 11.3 and CIP microcode:

• If you have a router with Release 11.3 and a Release 11.3 CIP image on a Flash memory card, no action is required. The CIP microcode will load automatically upon booting the router.

• If you have an existing router with Release 11.3 in Flash memory or ROM and a pre-11.1 Flash memory card, either:

  • Replace the Flash memory card with a Release 11.3 preloaded Flash memory card, or

  • Boot the router with Release 11.3 software (CIP load will fail), then copy the Release 11.3 CIP image to the Flash memory card, and reboot the router.

When the CIP image is copied to an existing Flash memory card, the existing flash copy commands are used, just as before. If a CIP image other than the default for the release is being used, then the microcode cip flash configuration command must be issued.

The show microcode command has been expanded to display the default CIP image name for the Cisco IOS release.

---

Note The router must already be running Cisco IOS Release 11.3 before performing a copy of the CIP image to Flash memory because the CIP image must be "exploded" from the single image file on the TFTP server to multiple files in Flash memory. This capability was first available in Release 11.1.

---

There are a number of ways to determine what is loaded on each CIP:

• The CIP MIB has been enhanced to show the segments loaded on each CIP and their version and compilation information.

• The show controller cbus command has been expanded to include segments loaded and their version and compilation information.

Multiple CIP cards of different hardware revisions can run in the same router.

Cisco 7500 Series High System Availability (HSA)

To successfully use the HSA feature, you should take note of the following:

• The HSA feature available on the Cisco 7500 series routers requires a ROM monitor upgrade to ROM monitor version 11.1(2), or later.

• For spare RSP2 cards to function with HSA, they must also be upgraded. Spare Flash cards require Release 11.1(4) or higher boot or system images.

• HSA installation requires that both RSP2s have the same amount of DRAM (32 MB minimum each RSP2).

Netbooting from VIP

To netboot from Ethernet or Fast Ethernet ports on a VIP card, the system must contain version 11.1 boot ROMs. If the system contains version 11.0 boot ROMs, you can work around this requirement by using the boot bootldr device:filename global configuration command to load a bootstrap image from Flash memory.

Source-Route Bridging (SRB) over FDDI

This feature supports forwarding of source-route bridged traffic between Token Ring and FDDI interfaces on the Cisco 7000, Cisco 7010, and Cisco 7500 series routers. Previously, the only way to transport SNA and NetBIOS over FDDI was with remote source-route bridging (RSRB), which is either fast switched (direct or Fast-Sequence Transport [FST] encapsulation) or process switched (TCP encapsulation). With SRB over FDDI, traffic can be autonomously switched, greatly improving performance for SRB traffic that uses FDDI as a backbone. This feature eliminates the need for RSRB peer definitions to connect Token Ring networks over the FDDI backbone.

---

Note SRB over FDDI does not support RSRB traffic forwarded to RSRB peers. Routers that have connections to local Token Ring networks as well as RSRB connections to remote networks cannot use this feature. The workaround is to move the RSRB connections to routers that are not connected to the FDDI backbone.

---

Enabling IPX Routing

The Token Ring interface is reset whenever IPX routing is enabled on that interface.

Using AIP Cards

Cisco 7000 series ATM Interface Processor (AIP) cards that support E3, DS3, or Transport Asynchronous Transmitter/Receiver Interface (TAXI) connections and that were shipped after February 22, 1995, require Cisco IOS Release 10.0(9), 10.2(5), 10.3(1), or later.

Booting Cisco 4000 Routers

You must use the Release 9.14 rxboot image for Cisco 4000 routers because the Release 11.0 rxboot image is too large to fit in the ROMs. (Note that rxboot image size is not a problem for Cisco 4500 routers.) However, because the Release 9.14 rxboot image does not recognize new network processor modules, such as the Multiport Basic Rate Interface (MBRI), its use causes two problems:

• You cannot boot from a network server over BRI lines. Instead, you can boot either from a network server over other media or use the copy tftp flash command to copy images over BRI or other media to Flash memory. If you use the copy tftp flash command over a BRI interface, you must be running the full system image.

• If you use the rxboot image on a Cisco 4000 router that is already configured, the following error messages are displayed, with one pair of messages for each BRI interface configured:

Bad interface specification
No interface specified - IP address
Bad interface specification
No interface specified - IP address

Using LAN Emulation (LANE)

Note the following information regarding the LAN Emulation (LANE) feature in Cisco IOS Release 11.3:

• LANE is available for use with Cisco 4500, 4700, 7000, and 7500 series routers connected to either an LS100 or LS1010 switch. LANE requires at least version 3.1(2) of the LS100 software, which requires a CPU upgrade if you are currently running software prior to version 2.5.

• The LS2020 cannot be used for LANE because it does not support UNI 3.0 and point-to-multipoint SVCs.

• Routing of IP, IPX, AppleTalk, DECnet, VINES, and XNS is supported.

• HSRP is supported.

• LANE does not support CLNS or LANE over PVCs.

• AppleTalk Phase 1 cannot be routed to AppleTalk Phase 2 via LANE.

Forwarding of Locally Sourced AppleTalk Packets

Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.

Using Source-Route Transparent Bridging (SRT) and Source-Route Bridging (SRB) on Cisco 2500 and Cisco 4000 Routers

Certain products containing the Texas Instruments TMS380C26 Token Ring controller do not support SRT. SRT is the concurrent operation of SRB and transparent bridging on the same interface. The affected products, shipped between March 30, 1994, and January 16, 1995, are the Cisco 4000 NP-1R, Cisco 4000 NP-2R, Cisco 2502, Cisco 2504, Cisco 2510, Cisco 2512, Cisco 2513, and Cisco 2515.

Units shipped before March 30, 1994, or after January 16, 1995, are not affected. They use the Texas Instruments TMS380C16 Token Ring controller, which supports SRT.

SRT support is necessary in two situations. In one, Token Ring networks are configured to SRB protocols such as SNA and NetBIOS, and they transparently bridge other protocols, such as IPX. In the other situation, SNA or NetBIOS uses SRB, and Windows NT is configured to use NetBIOS over IP. Certain other configuration alternatives do not require SRT (contact the Technical Assistance Center for more information).

As of Release 10.3(1), SRB in the following Cisco IOS feature sets is no longer supported: IP, IP/IPX, and Desktop. To use SRB, you need one of the following feature sets: IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN. In most non-IBM Token Ring environments, the multiring feature in IP, IP/IPX, and Desktop eliminates the need for IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN.

Cisco 7000/7500/RSPx Series

The Cisco 7000 series previously included the Cisco 7000 and Cisco 7010. These products are not supported in Cisco IOS Release 11.3. The Cisco 7000 series now includes the Cisco 7000 equipped with RSP7000 processor and the Cisco 7010 equipped with RSP7000 processor, which are supported in Cisco IOS Release 11.3. In Release 11.3, all commands supported on the Cisco 7500 series are also supported on the Cisco 7000 series.

The Cisco RSPx series includes the Cisco 7000 equipped with RSP7000 processor, the Cisco 7010 equipped with RSP7000 processor, and the Cisco 7500 series routers.

Caveats for Release 11.3(1)

This section describes possibly unexpected behavior by Release 11.3(1). Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(1) and 11.3(1)T. The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.3, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.

Access Server

• When a modem is resetting or when the B channel is manually busied out, the AS5200 access server does not accept calls on the PRI. [CSCdj01268]

• During reload of 11.2(6.4)F, the following messages are observed on the console:

%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry

%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry

%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry

The Call Management (CM) code maintains a circular buffer from which it retrieves space for its process queue entry. Under normal operating conditions, there is enough space on this buffer to accommodate CM. However, during system start-up, if start-up tests are enabled for a modem, it will behave as if it is connecting a call. This causes messages to be sent to CM. While CM will be able to recognize that no actual call is being set up, the sheer number of messages sent by 48 modems (Brasil) in parallel could result in overflows and thus cause corruptions in the buffer. The manifestation of this problem is the display of the following messages during system startup:

%CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry %CALLS_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entry

If you are running an image that does not have the fix for this problem (CSCdj22879), the workaround would be to disable the startup tests for the modems. This problem has been observed with Microcom modems. Amazon modems are not yet available for testing. [CSCdj22879]

• Under rare circumstances, a Cisco AS5200 may crash after displaying either a "%SYS-2-BLOCK" or "%SYS-2-BLOCKHUNG" message. [CSCdj30206]

• When Frame Relay over ISDN is configured on an LES-type driver-based platform (for example, Cisco 7500, 5200, or 7200), if the input packets get fast switched out (that is, the output interface has fast switch mode enabled), the BRI/PRI interface would have an input queue wedge problem. The symptom is that the input queue count was incremented up to the maximum queue length and then began to drop input packets. [CSCdj45631]

• In an AccessPath, one AS5200 at a time will lock up after a period of about three months. You can not get into the server through a Telnet session or through a console session, and it will no longer receive calls. The only way to recover the server is to reboot the server. [CSCdj49038]

• A problem occurs when running cas-group, signaling type-fgd, and linecode/fram D4/AMI. When a T1 is lost or unplugged and plugged back in, all the channels go off-hook and stay there until a reboot. If a call is placed at this time, you receive a busy signal.

To identify the problem, issue the debug serial interface and show cont t1 commands. You will see a message that txA and txB are all set to one. In normal conditions when there is no call, the values should be txA=txB=0, the same as rxA and rxB.

#show cont t1
T1 0 is up.
No alarms detected.
Version info of slot 0: HW: 1, Firmware: 13, NEAT PLD: 12, NR Bus PLD: 19
Framing is SF, Line Code is AMI, Clock Source is Line Primary.
Data in current interval (418 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 1 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Robbed bit signals state: timeslots rxA rxB txA txB
1 0 0 1 1
2 0 0 1 1

[CSCdj53511]

• Under some circumstances, the AS5200 may experience a bus error when attempting to dial out. [CSCdj64930]

AppleTalk

• When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• When using the ARAP client 2.1, the user is not able to dial in to an AS5200 with Cisco IOS Release 11.1 if the AS5200 has autoselect configured.

To work around this problem, do one of the following:

- Remove autoselect and use ARAP dedicated.

- Use the ARAP 2.0.1 client instead.

- Turn on MNP10 on the ARAP 2.1 client.

- Modify the client CCL script to extend the pause to 3 seconds before exiting. [CSCdj09817]

• Spurious memory access may occur due to uninitialized IDB subblock. There is no workaround. [CSCdj12071]

• AppleTalk may crash on the Cisco 4000 platform due to low stack. There is no workaround. [CSCdj15680]

• IPTalk is broken in Release 11.2 because the LLAP header is missing in all iptalk packets. There is no workaround. [CSCdj50179]

• An IPTalk interface will not come up after a reboot if the order of tunnel interface precedes its physical interface (such as Ethernet or serial). The symptom is that the iptalk command from the tunnel interface disappears after a reboot. There is no workaround. [CSCdj58363]

Basic System Services

• The router might reload when trying to process the show accounting command. [CSCdi69364]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• Adding an RSRB peer with direct encapsulation on a Cisco 7000 router configured with CSNA causes a "%RSP-3-RESTART: cbus complex restart" message and takes down the CIP interface. [CSCdi82836]

• Enabling custom queuing on a Cisco 7200 router may result in an excessive increase in CPU usage. [CSCdj05099]

• If virtual-profile aaa and ppp multilink are both defined, and there is an error in the interface-config AV-pair (downloaded from the AAA server), then multilink will fail to come up, causing the router to reload.

If the interface-config AV-pair has no errors, no reload occurs. [CSCdj08374]

• Flow and optimum switching do not demultiplex FR or ATM VCs to the appropriate subinterface, causing packets to be fast switched when input access lists are configured on subinterfaces. [CSCdj12543]

• If a map list is configured, the show running command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]

• Under heavy interrupt load, driver instrumentation gets hit repeatedly while processes are accessing the instrumentation variables (for example, last output time). This causes a number of problems, including stuck output and incorrect user displays. There is no workaround. [CSCdj15583]

• When a router is configured with the commands ip identd and aaa authentication login default tacacs+ enable, the router will reload itself under these conditions:

- The router is resolving host names via an external DNS server.

- The TACACS server is down.

- The user gains access to the router via the backup "enable" method.

- The user attempts to Telnet from the router to a host on the network.

After the Telnet is initiated, the router will immediately reload.

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default).

[CSCdj19961]

• The router will not allow users who have Ascend-Data-Filter in their RADIUS profile to be passed to PPP using the Username: Password: process. [CSCdj20648]

• A recovery mechanism for misaligned 64-bit accesses has been added. This new functionality is similar to the current misaligned handler for shorter misaligned accesses. [CSCdj20738]

• The D channel interface of the Cisco 1600 series has been seen to stop transmission of packets if it receives a corrupted packet of over 1400 bytes in length. Transmission resumes on receiving an inbound packet from its remote peer. The workaround for this problem is to use the standard IETF method of encapsulation on the D channel interface. This should be applied to the D channel portion of the configuration as shown:

interface BRI0:0
ip address 7.1.1.2 255.255.255.0
x25 address 2222
x25 map ip 7.1.1.1 1111 method ietf

This should provide better recovery from corrupted packets. [CSCdj21710]

• RSP crashed with the following messages:

abort
crashdump
process_run_degraded_or_crash
process_ok_to_reschedule
process_suspend
process_may_suspend
doprintc
_doprnt

[CSCdj29706]

• Performing a Telnet from the router with TACACS configured might cause a router to reload with a bus error.

Decoded stack trace from CCO tool:

_slow_check
_etext
_check_access
_open_connection
_telnet_multiproto_open
_connect_multiproto
_connect_command
_parse_cmd

This problem has been seen only with Cisco IOS Release 11.2 and later releases. [CSCdj36356]

• The tacacs-server directed-request restricted command only applies to authentication, not to accounting or authorization. Therefore, there is no way to restrict a user's authorization or accounting to a given set of servers, which can lead to inconsistencies. For example, authentication for a directed user can be attempted only on the restricted servers, whereas authorization or accounting can be attempted on nonrestricted servers as well. This inconsistency can cause authentication to pass while authorization fails for a given user. [CSCdj37496]

• A periodical chunk sanity check did not check the sibling chunk list. This does not involve normal chunk operation. [CSCdj45167]

• A Cisco 1000 node may send SNTP queries to the next hop along the route, instead of to the address configured in the SNTP server statement in the configuration. [CSCdj56216]

• The input queue may be wedged with IP packets if the exception dump command is configured.

The following are known workarounds:

- Increase the input queue to 175. ([75]Original Queue amount + [100] per exception dump x.x.x.x command.)

- Remove the exception dump x.x.x.x command.

[CSCdj58035]

• When Frame Relay traffic shaping is enabled on a serial interface, disabling and reenabling weighted fair queuing will cause a system restart. [CSCdj58431]

• If there is heavy traffic going into to a Cisco 7500 series router through a VIP2 ATM port adapter, the router might crash or hang if the user tried to add or delete ELANs on the VIP2 card. The router may also crash in a short period of time after the router has booted up even though no ELANs are added or deleted. The length of time it takes to crash really depends on how many ELANs are configured on the VIP2 port and how many data VCs through which the router receives the inbound traffic. In some tests where there are more than fifty ELANs configured on the VIP2 and traffic comes into the VIP2 through 16 data VCs, the router may crash in less than 5 minutes. [CSCdj62545]

• When a router is highly loaded and traffic-shaping is active on the outgoing interface, it might be possible that LMI control messages get queued in traffic-shaping queues, causing the LMI protocol to go down. [CSCdj64221]

• Packets might not be forwarded correctly and may cause problems if fancy queuing (for example, fair-queue) is enabled along with the Compression Service Adapter (CSA). [CSCdj64898]

• When Frame Relay traffic shaping is enabled and the clear counters command is issued, the system may restart.

The workaround is to remove and then reenable Frame Relay traffic shaping to clear its counters. [CSCdj65742]

• The traffic-shape command does not work immediately when queue depth is 64 maximum and BECN receives. To reproduce this, we might need more than 4 queues, which means 4 DLCIs and subinterfaces. [CSCdj66480]

• The patch added in CSCdi37706 is not compatible with the older implementations of the TACACS+ daemon. To keep consistency, this patch should be backed out of Cisco IOS software code. [CSCdj66657]

EXEC and Configuration Parser

• If the line speed on an AS5300 is configured for tty lines that span a Microcom modem followed by a Moca modem, the output of the show running-config and copy running-config startup-config commands will be wrong for the speed commands on those lines. [CSCdj41555]

IBM Connectivity

• QLLC cannot use X.25 PVCs for DLSw+. The workaround is to use RSRB or use X.25 SVCs. [CSCdi58735]

• In a Cisco 4000 or Cisco 7000 series router, running RSRB with TCP Bridge Encapsulation (non-IP traffic such as IPX, XNS, VINES, or CLNS) over FDDI causes peer routers to crash. RSRB will work on these platforms when using any other medium such as serial. Cisco 4500 and Cisco 7500 series routers do not exhibit the problem. [CSCdi78066]

• When SDLLC is configured and active, removing the source-bridge ring group might cause the router to reload. The workaround is to configure the no sdllc traddr command before configuring the no source-bridge ring-group command. [CSCdi85157]

• When the fast source-route translational bridging feature is configured, packets are corrupted. The workaround is to issue the no source-bridge fastswitch ring-group fastswitch command, which disables the fast source-route translational bridging feature. [CSCdi87612]

• QLLC may drop data frames when its transmit queue is full. [CSCdj01480]

• In Cisco IOS Release 11.2(4)F, the x25 map qllc x121 could not be unconfigured. [CSCdj03725]

• During IBM-LNAMAN tests, after LAN Manager was shut down, the router crashed when issuing the show buffer command. Then, the router crashed with a bus error. This problem occurred on a Cisco 4000 router running c4000-js-mz image and Release 11.2(5.1)F. [CSCdj09919]

• When RSRB with TCP encapsulation is used, an explorer triggers the router to bring up the RSRB peer. If the router cannot open the peer, the router cleans up and puts the peer in CLOSED state. If a burst of explorers come in, under some conditions, a race condition can occur which may lead to a software forced reload of the router. [CSCdj10250]

• A compile error exists in the AGS+ build for fast explorers. [CSCdj10452]

• Running DLSw and RSRB in the same box with LAN Manager can cause disruption of LAN Manager on the RSRB connections. [CSCdj11691]

• While running a debug dlsw reachability verbose command, if a clear dlsw reachability command is issued, it will cause a router reload. [CSCdj18267]

• SDLC (acting in the primary role) polls continuously regardless of the value for poll-pause-timer. [CSCdj20174]

• A router configured for DLSw has a buffer leak in the middle and big buffers. Eventually, the router runs out of I/O memory.

The problem is related to the way DLSw backup peers are configured. This problem will only occur if the local router is configured with backup peer commands and the remote router also has a configured peer and is not promiscuous.

The workaround is to remove the DLSw backup peer configuration. [CSCdj21664]

• Two TR-LANE clients configured with the same MAC address can join the same emulated Token Ring LAN. [CSCdj23781]

• OSPF, Enhanced IGRP and other protocols may not work over FDDI. [CSCdj23804]

• A TR-LANE client can only connect to the emulated LAN for about 3 minutes and 45 seconds because the input queue on the ATM interface fills up and the packets are not released any more. A leak in the small buffers is visible at the same time. [CSCdj25276]

• ASCII BiSync local acknowledgment printing is not working due to a Cirrus driver problem. The driver was replaced. [CSCdj32476]

• A crash could occur for STUN DIRECT over Frame Relay if data continues to be received after a STUN peer was deconfigured, or the encapsulation is changed from STUN. [CSCdj48350]

• RIF may be modified incorrectly when multiring and SRB proxy explorer are configured on an interface but the SRB triplet is not configured, as shown in the following example:

interface TokenRing0/0
ip address <ip-address>
multiring ip
source-bridge proxy-explorer

Note the absence of the source-bridge locRn bn remRn command.

The source-bridge proxy-explorer statement will not show up in the configuration unless the SRB triplet is configured.

A workaround for this problem is to configure the no source-bridge proxy-explorer command. [CSCdj51631]

• When running proxy explorer and NetBIOS name caching on a Cisco 7200 Token Ring interface, alignment errors will occur. [CSCdj52522]

• A router may reload when removing configuration of X.25 PVCs for QLLC. [CSCdj57872]

• A router crash occurred while running CMPC over DLSw+ Fast Sequenced Transport (FST). [CSCdj58258]

• When running RSRB direct or FST encapsulation on a Cisco 4000 or Cisco 4500 router, the router is unable to bridge IP over a FDDI WAN. Under this same configuration, NetBIOS will be bridged. Only IP seems to be affected. [CSCdj64999]

• With SRB configured, online removal of a Token Ring port adapter (such as a PA-4R) followed by online insertion of a different Token Ring port adapter type (such as the PA-4R-DTR), the user must reconfigure SRB on the ports. The problem is that this creates duplicate ring numbers and SRB fails to bridge traffic on those ports. [CSCdj66310]

Interfaces and Bridging

• Running SRB over FDDI on Cisco 4000 series routers may not perform as well as expected. However, this behavior should not seriously impact network functionality. [CSCdi69101]

• The auto-enable feature for packet-by-packet Frame Relay compression is removed and this form of compression is allowed to be manually enabled. [CSCdi85183]

• In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory.

%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0

A possible workaround is to issue a microcode reload command or load a new system image and corresponding bootloader (rsp-boot-mz...) image that has the fix for this bug. [CSCdj00013]

• When adding or removing a subinterface to a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. Two problems are associated with this caveat. One problem is that the whole interface will be reset when a user tries to add the ip address command. Caveat CSCdj02488 (integrated into 11.1(11) and 11.2(5.1)) fixed this problem.

A workaround for the second problem is to turn off CDP globally or on individual interfaces. In this case, the user can turn off CDP on the serial interface before adding or removing subinterfaces. [CSCdj07291]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• It is possible by changing tx-queue-limit to cause tx-queue credits lost.

To examine that, issue the show controller cbus command and check the txacc value and the txlimit. The two values should always be equal if the interface is up and no traffic is going through the interface. This problem has not been reproduced in the lab. [CSCdj22296]

• Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload. [CSCdj22485]

• Compression with stac and HDLC had a performance impact, and issuing the encapsulation ppp command didn't do any compression. [CSCdj23273]

• ATCP does not work on a Cisco 3600 router's synchronous or asynchronous interfaces configured for physical-layer async, as well as the PPP interface async configuration. [CSCdj24141]

• A problem occurs when the logger's log message queue overflows. In the configuration tested, there are 48 multilink bundles with two asynchronous lines, each configured using the interface group-async command. The interfaces are defined to be async mode dedicated.

During bootup when the configuration is being applied to the interfaces, the asynchronous interfaces change state and these messages are put in the logger's queue.

[CSCdj25814]

• When a Token Ring interface is configured with a small MTU size, it could crash when it receives a large frame (frame larger then the MTU size). [CSCdj27678]

• In X.25 packet-by-packet compression, error checking code is fixed after malloc for decompression history buffer. [CSCdj29139]

• After unplugging or plugging in the cable, the ATM Lite interface experiences ignores at a low packet rate. The workaround is to issue the shut and no shut commands for the interface. [CSCdj29724]

• Cisco IOS does not correctly return values for Token Ring soft error counters via SNMP. This may cause some SNMP management applications that query the Token Ring MIB to report errors. [CSCdj35713]

• When a Cisco 1600 router serial interface is operating in half duplex DCE mode and the attached DTE device drops RTS too quickly after the end of frame, it is possible that the router will silently ignore the frame.

The workaround is to enable the interface to run in full duplex or DTE mode. [CSCdj36625]

• A Catalyst 5000 RSM populated with an ATM port adapter with LANE client(s) configured can get its ATM interface stuck in a down state if a user creates new VLAN interfaces.

Symptoms include the following message being displayed:

%CBUS-3-CATMREJCMD: ATM0/0 Teardown VC command failed (error code 0x0008)

Saving the RSM configuration and reloading its image will clear the error condition. [CSCdj41802]

• If IRB is configured for traffic between an Ethernet and ATM port adapter, the 5-second CPU utilization may be driven to 95 percent, because at the ATM interface IP traffic is being process switched. This only happens if IRB is configured on the Cisco 7200. [CSCdj48228]

• DECnet is not available over Token Ring-HSSI bridge in a Cisco 3600. [CSCdj50212]

• A Cisco 7200 router continuously reboots when injecting a 1500-byte IP packet to Fast Ethernet. The router is bridging between Fast Ethernet and ATM interfaces and ip routing is disabled. The load is about 50 Mbps, but the router reboots before reaching that input rate. When shutting down the Fast Ethernet interface, the problem doesn't occur. Even if fast switching is enabled and the configuration is saved, no ip route-cache appears in the configuration after reload. [CSCdj60525]

• The MC3810 generates a standard loop-down code on the interface when a loopback that has been in process is terminated by entering the no loopback command. This code is not processed correctly by a Cisco 3640 system attached to the MC3810 and the loop is not terminated. The Cisco 3640 must be restarted to terminate the loop. Loopback codes are processed correctly by the IGX and other WAN switches. [CSCdj60645]

IP Routing Protocols

• OSPF may crash with an "%ALIGN-1-FATAL" error message when configured with X.25 virtual templates. [CSCdj01167]

• A spurious memory access can occur when switching from flow switching to process switching using the no ip route-cache command and then back to flow switching using the ip route-cache flow command. [CSCdj08350]

• An Ethernet interface can get wedged and stop receiving packets when running IPeXchange on the router. [CSCdj12768]

• A routing node is removed from the IP cache Radix tree and then the buffer is freed, but somehow it can still be traversed from the treetop and cause a crash (access after free). [CSCdj17314]

• A crash occurred due to a memory leak. Output from the show memory command shows "IP Input" and "Pool Manager" holding onto memory. [CSCdj23080]

• When a router is no longer the DR, it should not keep a sparse-mode interface in its outgoing interface list, even if a connected group member exists on that LAN. The sparse-mode interface should expire unless it is refreshed by a join message from a downstream router. [CSCdj25373]

• If OSPF external routes are summarized using the summary-address command, and the number of external routes being covered by this summary address drops to zero, the external summary will be flushed, but the router originating the summary will not install any matching external or NSSA routes that may be present in its database.

The router can be forced to install the matching route by using the clear ip route * command. [CSCdj32471]

• BOOTP requests being sent to 0.0.0.0 get forwarded to the gateway of last resort when there is one. [CSCdj33809]

• Currently all packets denied by an access list are sent to the process level to generate an ICMP administratively prohibited message. Some of these packets are dropped because Cisco routers limit ICMP generation to two packets per second. This behavior results in excessive CPU load. [CSCdj35407]

• In some instances, a configured BGP router ID is not used after the router reloads. Instead, the router uses the highest IP interface address as its router ID, until the clear ip bgp command is executed.

A workaround is to configure a loopback on the interface whose address is greater than any other address on the router. [CSCdj37962]

• If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]

• If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]

• A Cisco 7200 may reload with a "%ALIGN-1-FATAL: Corrupted program counter" message when running multicast. The only workaround is to disable multicast on this router. [CSCdj40975]

• You may experience a problem when running Cisco IOS Release 11.2(8)P and running 56-bit encryption and NAT. When pinging the remote router, the encryption session is setup but the ICMP replay does not make it back because the packets are NAT translated first before being de-encrypted. The workaround is to add an access list to permit ICMP with the real source and destination addresses instead of the NAT translated addresses. [CSCdj43508]

• A new configuration command, ip spd mode aggressive, is available. When configured, all IP packets that fail sanity check such as bad checksum not version 4, and bad TTL, will be dropped aggressively to guard against bad IP packets spoofing. The show ip spd command displays whether aggressive mode is enabled or not. SPD random drop in RSP is supported.

When enabled, SPD now works as follows:

• When the ip spd mode aggressive command is issued, IP packets that fail sanity checks are classified as aggressive droppable packets.

• When the IP input queue reaches SPD min-threshold (specified by ip spd queue min-threshold n), all aggressive droppable packets are dropped immediately while normal IP packets (not high-priority SPD packets) are dropped with increasing probability as the length of the IP input queue grows.

• When the IP input queue reaches SPD max-threshold (specified by ip spd queue max-threshold n), all normal IP packets are dropped at 100 percent.

• The default SPD min-threshold is 10 while the default max-threshold is 75.

• To avoid an input interface that takes too many router resources, new packets (SPD or not) received from that interface are dropped when the interface has more than the input hold queue limit of input packets floating somewhere in the router. [CSCdj45202]

• Multicast forwarding stops if fast switching is turned on on an incoming ATM LANE subinterface. A workaround is to disable fast switching on that interface by issuing the no ip mroute-cache command. [CSCdj45777]

• Manual summarization with Enhanced IGRP does not work correctly. A summary route does not get advertised, but one or more of the more specific routes do. [CSCdj46525]

• A router is crashing in GRE fast switching routines without any changes in topology or configuration. [CSCdj50361]

• RIP might cause a "SYS-3-CPUHOG" message. [CSCdj51693]

• Under certain conditions, an LS type 5 is not generated by the ABR in response to a received LS type 7. [CSCdj55301]

• A router may crash when configured with a very large IP accounting threshold. A workaround is to configure a small threshold, or leave it at the default. [CSCdj55512]

• With certain route-map configurations or soft reconfigurations, the LOCAL_PREF for a path may be set to zero, resulting in the wrong path being selected. [CSCdj55839]

• The Proteon router's internal address is advertised as a host route instead of a network in the router's LSA. A host route is represented as a Type 3 link (Stub Network) whose link ID is the host's IP address and whose link data is the mask of all ones (0xffffffff). This host route is advertised into all OSPF areas. [CSCdj56079]

• A problem occurs when a third EIP6 is added to a Cisco 7000 already running Enhanced IGRP on two EIP6s, a TRIP4 and a FIP in a Enhanced IGRP topology. In the Enhanced IGRP topology, some of the connected networks that connect to the existing Ethernet interfaces may be lost. The IP routing table still shows the routes but not all connected networks may be advertised in Enhanced IGRP. A workaround is to issue the redistribute connected command. [CSCdj57362]

• If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies such ARP resolution not working or the ARP resolutions may take place and yet you cannot ping the neighboring device. [CSCdj58194]

• IP multicast tunnels (DVMRP, GRE) were moved from a serial interface to an ATM interface on a Cisco 4700 router. The packets are now process switched instead of fast switched, which causes a lot of CPU (IP INPUT).

When the serial interface was used for incoming packets and the ATM interface for outgoing packets, there was no problem. Incoming packets on the ATM interface and outgoing packets on the serial interface also experiences this problem.

Several Cisco IOS releases were tried, with always the same effect. It appears that incoming packets are not fast switched. [CSCdj59076]

• CPU utilization for RIP and IGRP are higher than expected. [CSCdj62564]

• Dynamic redistribution into Enhanced IGRP from another routing protocol fails if the routes being redistributed fall within the same major network as Enhanced IGRP. A temporary workaround is to remove the redistribution statement from the Enhanced IGRP configuration, then re-insert the redistribution statement. [CSCdj65737]

ISO CLNS

• A dynamically discovered CLNS route does not overwrite a static CLNS route pointing to a down interface. The workaround consists of removing the static route definition from the configuration and issuing the clear clns route command. [CSCdj31228]

Miscellaneous

• When Layer 2 forward fast switching, large packets (~1500 bytes) transmitted into the tunnel on the home gateway/offload system never arrive at the receiver of the remote client. This causes serious performance problems for FTP and HTTP.

As a workaround, configure no ip route-cache on the virtual-template that is cloned on the home gateway. [CSCdi84459]

• If a CIP TN3270 PU is configured to connect from the host to the CIP via NCP, the link may fail. The workaround is to configure the CIP TN3270 PUs as connecting at the host. [CSCdj07152]

• A BRI leased line interface on a Cisco 3600 that has been configured for XNS may not transfer data. A workaround is to either clear the interface or reload the router following the configuration change. [CSCdj08265]

• The router prefers the Ascend-Assign-IP-Pool above the Framed-IP-Address and the user gets an IP address of the pool instead of the configured IP address. This problem first appeared in 11.2(5)F. [CSCdj12219]

• HSRP and PIM do not work together on Fast Ethernet interfaces that use the DEC211140 chipset. The problem does not exist if the CYBUS chipset is used.

The workaround is to manually enable HSRP first and then PIM. This capability is lost if the router is reloaded because PIM is configured before HSRP. [CSCdj20961]

• An access server does not parse Ascend-Data-Filter correctly. [CSCdj21161]

• Configuring both ISL and Multilink Multichassis PPP can cause a memory consistency check failure, which may lead to a software forced crash after a few calls have been received. [CSCdj22189]

• Under rare circumstances, the AS5200 may issue the message "%SYS-3-BADMAGIC: Corrupt block at 20000000 (magic xxxxxxxx)" and crash with a software forced crash. There is no workaround at this time. [CSCdj22429]

• This problem will show up as BSTUN-encapsulated ASP packets being discarded by the "ASP secondary" router, which is usually the router attached to the host. Polls go through fine.

Packets are discarded since an incorrect address is used to encapsulate the ASP packets. The address should be picked up from the poll message rather than the first byte of the response.

Note that this fix does not apply to adt vari-poll. [CSCdj24774]

• Although a router configured for HSRP on LANE replies correctly with the HSRP MAC address in an ARP reply, all packets issued by the router with a virtual IP address use the BIA MAC address as the source address. This makes it difficult for switches to know the forwarding port. [CSCdj28865]

• In certain network topology and configuration, HSRP can raise the CPU while the peer HSRP router is reloaded. The problem occurs especially if there is more than one HSRP group and the two peer routers have many HSRP peers.

This bug addresses HSRP scalability. The workaround is to reduce the HSRP groups, and/or increase the HSRP hello and hold time. One other symptom of this bug is that interface resets go up until HSRP is stabilized. [CSCdj29595]

• Both HSRP routers on a FDDI ring go active and stay active. This problem occurs on the Cisco 7000 series FDDI port adapter.

Network instability can cause a FDDI ring to partition or be disrupted in a manner that causes HSRP peers to not receive hellos from their neighbors and therefore become active.

HSRP routers send hello packets from a virtual MAC address, which is a function of the standby group number. When the ring heals, both routers are active and sourcing hellos from the same (virtual) MAC address.

FDDI devices must strip their frames off the ring. One method of doing this is to recognize frames by source MAC address. When the problem occurs, the FDDI PAs will mistakenly strip the other router's packets from the FDDI ring without processing them. This causes both routers to remain active since they do not hear hellos from their neighbors.

This problem can also occur when FDDI PAs are used in conjunction with other FDDI interfaces such at the FIP or 4000 series FDDI module.

Workarounds: If only one standby group is in use, the standby use-bia command can be used on both routers to cause hellos to be sourced from the burned in address instead of the virtual MAC address. This will prevent the problem.

If the problem is occurring, performing an interface reset by issuing the shut and no shut commands will return the routers to a normal state.

Increasing the HSRP hello intervals will cause the problem to occur less often since the routers will be able to tolerate a longer period of instability before missing enough hellos to go active. [CSCdj30049]

• During a simple connection between two telephones on the same router, at the end of each ringing cycle there is a loud "click" noise. When the connection is established, the call will be completed normally. [CSCdj58574]

• Creating a new Catalyst 5000 RSM VLAN interface while the Catalyst and RSM are under load can cause a CyBus error. The following error msg indicates the error occurred.

%RSP-3-ERROR: CyBus0 error 10 %RSP-3-ERROR: command/address mismatch %RSP-3-ERROR: bus command read 8bytes (0x1)
%RSP-3-ERROR: address offset (bits 3:1) 0
%RSP-3-ERROR: virtual address (bits 23:17) 000000
%RSP-3-ERROR: MEMD parity error condition
%RSP-2-QAERROR: reused or zero link error, write at addr 0100 (QA) log 22010000, data 00000000 00000000
%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF20, slot 0, cmd code 32

The configuration consists of 40 to 50 RSM VLAN interfaces.

Only creating new RSM VLAN interfaces during low traffic load conditions will prevent the defect from occurring. If the defect does occur, issuing the microcode reload command will recover the c5ip. [CSCdj59535]

• "ALIGN-3-SPURIOUS" error messages may be seen on a Cisco 3600 when configuring standby track for asynchronous interfaces. [CSCdj60760]

• An AGS+ was used for routing and was replaced with a Catalyst 5500 with a route-switch module (RSM). It needs to be able to route Ethernet_II and Ethernet_802.3 in order to support HP Probe. [CSCdj63866]

• In certain off-net FXO applications that have long or poor lines, the trans-hybrid loss does not provide a good enough echo return loss to perform echo cancellation reliably. This will cause echoes to appear in the voice stream, especially under doubletalk (both ends talking) conditions. [CSCdj65201]

Novell IPX, XNS, and Apollo Domain

• The route may get stuck in "deletion pending" state after an ipx down command. The only workaround is to disable and reenable IPX routing on the router.

This could happen if the commands ipx down and no ipx network are given in the same or reverse order, with very little time in between. [CSCdi91755]

• CSCdj06080 in Cisco IOS Release 11.2(5.1)F made Novell IPX, XNS, and VINES echoes all ask for a MAC address as if a SRB echo were requested. IPX, XNS, and VINES pingx are therefore inoperable. There is no workaround other than to disable SRB. [CSCdj09827]

• Adding XNS back into a router's configuration after it has been removed may cause a system to restart by bus error. This may only be a one-time event if it occurs at all. [CSCdj16694]

• When using IPX-Enhanced IGRP over ISDN with floating static routes, there may be a short delay (~10 seconds) before the application is able to get through. [CSCdj38031]

• Before a floating static route is installed, a waiting period is observed when the network is down and unreachable. If IPX watchdogs or SPX keepalives arrive during this time, they will be dropped. This may lead to session timeouts. [CSCdj50629]

• The XNS control protocol for PPP XNSCP does not appear to function with virtual profile interfaces. [CSCdj52423]

• A problem occurs when using a floating static route across an ISDN link and IPX Enhanced IGRP is the primary dynamic routing protocol. When the link goes down, the Enhanced IGRP route is installed but after the floating static is configured. When the line goes down and then back up there is no route to that network. The Enhanced IGRP route is received but never fully installed due to what seems to be incomplete removal of the floating static route. [CSCdj52947]

• This defect is only seen if you disable and reenable IPX/XNS routing. If during this disable to reenable window, some interfaces change state, there is a possibility of loosing the IPX/XNS background process.

Symptoms of this problem could be loss of network connectivity, or a slow memory leakage that occurs until the router cannot allocate any more memory and the router needs to be reloaded in order to correct this situation. [CSCdj57257]

Protocol Translation

• Code alignment problems on RISC processor platforms prevent you from using Virtual AppleTalk Remote Access (vty-arap) feature of Release 11.2(4)F to start ARAP sessions with the translate x25 autocommand arap command. The problem does not appear to affect non-RISC-based platforms. [CSCdj08152]

TCP/IP Host-Mode Services

• One step protocol translations using TCP as the inbound protocol cannot be connected. The connection never opens completely. This behavior was introduced in Release 11.2(2.4). A workaround is to configure an equivalent two-step translation. [CSCdi82193]

• A router may reload due to receiving malformed TCP options on a connection. [CSCdj03739]

• A Cisco AS5200 crashes with a bus error while running TCP header-compression and running Cisco IOS Release 11.3. [CSCdj65140]

• TCP sessions originated over a router running Multilink PPP can see sessions reset. This occurs only if there is more than one link in the multilink bundle and is due to the TCP sequencing number being corrupted.

With the enable mode debug ip tcp transactions command you will see a false sequence number of 4278386749.

The current workaround is to either disable Multilink PPP or set the interface command multilink max-fragments 1. [CSCdj66824]

Wide-Area Networking

• When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command. [CSCdi45360]

• When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command.

See associated caveat: CSCdi52882. [CSCdi52067]

• There is a problem that only affects the PPP reliable protocol. No other protocols are affected, such as HDLC. [CSCdi70242]

• Multicasts do not prevent an idle timeout when made uninteresting through the dialer list. However, when the dialer disconnects, the connection is reestablished by a multicast. [CSCdi71202]

• With a router running NetBIOS Frames Protocol (NBF) over Token Ring, a device connected via async or ISDN with PPP encapsulation will appear to connect successfully but will be unable to see other NetBIOS devices in a domain. [CSCdi72429]

• When two routers are connected to the same destination, outbound IP fast switching on dialer interfaces does not work on the more recently connected interface. The workaround is to turn off fast switching on the DDR interfaces using the no ip route-cache command. [CSCdi75490]

• At system boot up time, you may see the following message:

%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0).
-Process= "<interrupt level", ipl= 1, pid= 2

This message means Frame Relay InARP packets are received before InARP input queue is initialized.

This is harmless, but the InARP input queue is initialized right away. You will not see this message except at the boot up time. Frame Relay Inverse ARP function will not be affected. [CSCdi75843]

• ARP replies are not sent over a Multilink PPP interface. As a workaround, you can configure a static ARP on the remote device or disable Multilink PPP. [CSCdi88185]

• A host route installed from PPP IP address negotiation may incorrectly contain the IP address from a previous negotiation. [CSCdi88836]

• The transmitter on an ATM interface on a Cisco 4x00 series router could hang if PVCs or SVCs are cleared when the OUTPUT Q is wedged. [CSCdi90150]

• The symptom of this bug is that the router crashes shortly after bootup--with no call activity happening. This crash only occurs with the Lucent PBX switch and only for ISDN PRI interfaces and has not been seen with Pacific Bell DMS, 4ESS, and 5ESS lines, presumably because the PBX sends NL_MAINT_REQ primitive messages that the Pacific Bell lines appear not to do.

This bug was introduced by CSCdi92810 and is largely fixed by CSCdj02528 and CSCdj03924. [CSCdj00650]

• While processing incoming X.25 calls, the router may lock up. The function, x25_context_check(), will appear in the stack trace. [CSCdj01551]

• When issuing the shutdown command on a subinterface, the box may have a bus error or spurious memory access. [CSCdj03059]

• When virtual profiles are configured, IPCP can appear to bounce up and down. [CSCdj03130]

• If a BAP group has a request that was unfavored through a race condition scenario and then the group is removed while the entry is still attached to the group, it is possible that if the show ppp bap queues command is issued after the group has disappeared that a crash will occur.

The workaround is to allow the entry to timeout or not to issue the command. [CSCdj03433]

• PRIs connected to the AS5200 will stop accepting calls. There is no workaround for this problem-- please downgrade to Release 11.2(4)F. [CSCdj03924]

• Calls containing the Called Line Address Modification or Call Deflection Selection facility may be incorrectly cleared, with Diagnostic 65, facility code not allowed. [CSCdj04558]

• On a router running Release 11.2(4.4)F with an E1/PRI 120 Ohm, the router may continuously reload and display the following traceback:

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Framer background [CSCdj04848]

• Because of a VIP2 problem, the ESA service adapter must be installed in port adapter slot1 rather than slot 0 to function properly. Use the show diagbus command to indicate which slot the ESA is occupying in the VIPs. [CSCdj06072]

• When the CPU is very busy and running many processes, an attached ATM switch may tear down SSCOP and all SVCs because the SSCOP Poll PDUs sent by the switch are not serviced in time. The workaround is to keep other processes from using too much of the CPU. [CSCdj06928]

• Configuring STUN peers on a DLSw network cause the DLSw peers to disconnect. The debug on DLSw shows a "DLSw: keepalive failure for peer on interface Serial" message. The STUN process looks like it is intercepting the DLSw keepalives. [CSCdj08875]

• The restructured XOT service does not yet support PVCs. [CSCdj09039]

• When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface may bounce once or continually bounce during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]

• Dynamic DLCI mappings may inadvertently remain mapped after switched virtual circuit teardown, as can be seen by using the command show frame-relay map. [CSCdj11851]

• In some circumstances, the system may reload when using the dialer hold queue. As a workaround, configure the no dialer hold-queue command. [CSCdj12397]

• x25 pad-access configuration does not restrict PAD access to the router. This could cause existing security access to the router to fail when running this version of software.

This problem applies to Release 11.2 F and may apply to Release 11.3. No current workaround is known. [CSCdj13222]

• Issuing the show dialer interface x command, where x is a PRI, BRI, or dialer interface configured for Multilink PPP, may force a reload. A workaround is to issue show dialer without the interface option. [CSCdj13446]

• A system may reload when a bundle is disconnected while receiving data. [CSCdj15340]

• A Cisco Router running Release 11.1(6.1) can experience an input queue wedge on the serial interface. The symptoms are dropped packets on the interface. The only way to clear this problem is to reload or power cycle the router. [CSCdj17547]

• X.25 may incorrectly clear calls when window size is negotiated, claiming the attempted negotiation is invalid, when the negotiation is in fact legal. [CSCdj18050]

• PPP over ATM may deplete the routers processor memory if the ATM cable is removed (or is otherwise dark). To work around this problem, issue a shutdown command on the ATM interface before removing the cable. [CSCdj19125]

• Difficulty verifying whether or not the LMI is autosensing or LMI is type Cisco. [CSCdj19549]

• Intermittent ping failure occurs when pinging over a DDR interface using LAPB encapsulation. There is no workaround [CSCdj20072]

• ATCP does not work on Cisco 3600 router synchronous/asynchronous interfaces configured for physical-layer async under a dialer interface without using a special AppleTalk configuration. A cable-range and zone must be added to the dialer interface and the async mode dedicated command must be on the asynchronous interface for an ATCP connection to succeed. If the appletalk client-mode command is used on the serial interface without a cable-range and zone specified on the dialer interface, PPP connections are successful to the access server but both the primary (default) zone and zones in the Chooser are not visible. The application normally states that the only recognized zone is the one defined by the dialer interface. [CSCdj22349]

• QLLC packets enqueued in an X.25 output queue never get sent after a QLLC VC is cleared on that interface. [CSCdj24788]

• Frame Relay SVC calls may give the following traceback message:

%SYS-2-LINKED: Bad enqueue of 8F3288 in queue 9570C8
-Process= "LAPF Input", ipl= 6, pid= 36
-Traceback= EBE30 EAA88 4A73B4 4A8E10 [CSCdj29721]

• A router may stop making Frame Relay SVC calls after a long time. [CSCdj29722]

• Using 11.2(7.2)F, LAPB frames are sent out with wrong NR and NS. On the debugs from the Cisco router, the router indicates that the packet received on S1 is sent back on the interface S1. But looking at traces taken by an analyzer, it appears that the packet is sent on the correct interface. [CSCdj32478]

• Cisco has identified that IRB might not be fully functional in the 11.2(7a)P code for the Cisco 7200 series routers when running IPX. There is currently no workaround. [CSCdj34258]

• Bridging of SMDS using MIP interfaces in Cisco 7500 series routers is non-operational. The problem does not occur with other serial interface types, or on other platforms. [CSCdj34587]

• The SSCOP sequence number is a 3-byte field. The SSCOP code in Cisco IOS Releases 11.0, 11.1, and 11.2 code does not handle the wraparound elegantly. In some conditions, when the sequence number wraparounds after exceeding the maximum of 16777215, a large number of buffers are queued and eventually cause memory lead/starvation on the router. [CSCdj45157]

• When the LANE clients are brought up and down for several hours, the system goes out of sync and reloads. This problem occurs only when there are a large number of clients for LANE working over a large LES/BUS configuration. [CSCdj46593]

• Some protocol translation configurations will emit "%ALIGN-3-SPURIOUS: ..." messages. This behavior usually happens when a PPP over LAT session is terminated ungracefully. [CSCdj51284]

• Direct broadcast with physical-broadcast destination MAC address is not forwarded to helper address over ATM/LANE interface. [CSCdj51378]

• When a configuration of two systems has Frame Relay LMI timeouts set differently on DTE and DCE systems, the PVCs could remain active but no data would be transferred because one system would have declared the connection inactive while the other system still thought it was active.

The workaround is to set the timeout values the same using the lmi-t392dce parameter. [CSCdj53354]

• If LES/BUS is configured on the Catalyst 5000, pulling down one client in the ELAN can affect other clients. This problem happens very rarely. The workaround is to restart the LES/BUS on the Catalyst 5000. [CSCdj54587]

• CCP and legacy PPP may not work together. [CSCdj55923]

• When a static map is deleted, calls associated with that map are not disconnected. For point-to-point calls this does not cause any problems. However, for point-to-multipoint ATM calls, the leaf on the multipoint VC will be left in place. If the map to that same NSAP is replaced, a new call is attempted instead of reusing the existing leaf on the existing VC. The result is an add-party message being delivered to the remote router, which is subsequently rejected. The end result being no broadcast connectivity. The work around is to clear the existing calls when changing the map configuration with a clear int atm interface command. [CSCdj57309]

• Under rare conditions, an RSP4 may reload when an FSIP with active HDLC encapsulation interfaces is in use. [CSCdj57591]

• A Cisco 4000 router reloads when frame-relay traffic-shaping is unconfigured. Once configured, the Cisco 4000 router may crash and reload if traffic shaping is unconfigured.

The only workaround seems to be to delete the configuration on the router, reload it, and restore the configuration. [CSCdj61097]

• This bug pertains to utilizing Frame Relay SVCs. Cisco IOS software appears to not include the magnitude parameters for Be and Bc on the SVC CONNECT message (it only includes them in the SETUP message). The SVC circuits are on S4/0 for both routers. Without the magnitude parameters, the biggest value Bc and Be can be is about 130 Kbits.

There are no known workarounds at this time. [CSCdj63173]

• Switching X.25 calls without CUD will result in a bus error and, subsequently, reload of the router. [CSCdj64505]

• The map-class commands frame-relay bc out and frame-relay be out are accepted by the Enterprise image. These parameters are relevant for SVC setup. However, the traffic shaping code does not use them. As a result, the values appear to be unset. This behavior can be avoided by using the commands frame-relay bc number and frame-relay be number. [CSCdj65624]

• When running LAPB over a DDR interface with dialer hold-queue configured, a traceback error message is generated when dialing out and the call connects. The traceback is not catastrophic but indicates a 20-byte memory leak on every dial attempt.

A workaround is to configure no dialer hold-queue on the DDR interface. [CSCdj65756]

• A Cisco AS5200 access server crashes in process_handle_watchdog in the ISDN code while running Release 11.3(0.3) and 11.3(0.4). [CSCdj66719]