These release notes describe the features, modifications, and caveats for Software Release 9.1, up to and including Release 9.1(16). Refer to the Router Products Configuration and Reference publication, dated September 1992, for complete router product documentation for Software Release 9.1.
Note Release 9.1(16) is the last maintenance release of Release 9.1. If you want to continue to use Release 9.1 after Cisco maintenance releases end, you must maintain a version of the software on a TFTP server at your site. If you are considering upgrading your software, the preferred upgrade path for Release 9.1 users as of April 17, 1995, is Cisco Internetwork Operating System (IOS) Release 10.0(9) or Release 10.2(5).
These release notes discuss the following topics:
- Current Software Versions, page 2
- New Features in Release 9.1(9), page 2
- New Features in Release 9.1(8), page 3
- New Features in Release 9.1(7), page 3
- Hardware Features, page 3
- Software Features, page 4
- Important Notes, page 18
This section describes warnings and cautions about using the Release 9.1 software. One note of general interest discusses how to boot modular routers that have a CSC/3 card.
- 9.1(16) Caveats, page 25
- 9.1(15) Caveats/9.1(16) Modifications, page 26
- 9.1(13) and 9.1(14) Caveats/9.1(15) Modifications, page 26
- 9.1(12) Caveats/9.1(13) Modifications, page 27
- 9.1(11) Caveats/9.1(12) Modifications, page 29
- 9.1(10) Caveats/9.1(11) Modifications, page 34
- 9.1(9) Caveats/9.1(10) Modifications, page 36
- 9.1(8) Caveats/9.1(9) Modifications, page 38
- 9.1(7) Caveats/9.1(8) Modifications, page 40
- 9.1(6) Caveats/9.1(7) Modifications, page 43
- 9.1(5) Caveats/9.1(6) Modifications, page 45
- 9.1(4) Caveats/9.1(5) Modifications, page 49
- 9.1(3) Caveats/9.1(4) Modifications, page 52
- 9.1(2) Caveats/9.1(3) Modifications, page 56
- 9.1(1) Caveats/9.1(2) Modifications, page 61
- Cisco Information Online, page 66
- UniverCD, page 66
As of Software Release 9.1, all software capabilities are included in a single image. The only exceptions are the IGS and Cisco 3000 platforms, which have two images. According to the software license agreement that accompanies each system, you are restricted to using only those software capabilities that you ordered from Cisco Systems. Refer to the Cisco price list for the version number and ordering instructions.
The following new features have been added in Release 9.1(9):
- IPX over dial-on-demand routing (DDR).
- LSAP/DSAP prioritization. This feature allows you to use SAP priority lists and filters to specify the priority of one protocol over another across a remote source-route bridging/SDLLC WAN.
- The TCP_USE_IF_DEFS switch has been added to the x25 routing command. This switch may be needed when receiving remotely routed calls from Cisco routers using older software versions.
Reverse SDLLC, which previously was undergoing extended testing, has completed this testing.
The source-bridge max-output-hops and source-bridge max-input-hops commands have been added to source-route bridging. These commands are described on page 15.
The following features, which previously were undergoing extended testing, have completed this testing:
- Dial-on-demand rotary group support
- Class of Service (COS)
- Multiple-link transmission group support
Release 9.1(7) supports half-duplex mode on SDLC interfaces. Previously, only full-duplex mode was supported. The commands for configuring half-duplex mode are described on page 16 of this document and in the Router Products Configuration and Reference Addendum.
The following new hardware features are supported in Release 9.1:
- CSC-CCTL2--ciscoBus2 controller
- CSC-C2CTR--ciscoBus2 Token Ring card
- CSC-C2FCIT--ciscoBus2 FDDI card
- Cisco 4000 series (serial, Ethernet, Token Ring)
- Cisco 3000 series (serial, Ethernet, Token Ring, BRI)
- Cisco 2000 series (serial, Ethernet, Token Ring, BRI)
- 500-CS communication server
- IGS Token Ring
- IGS Token Ring Flash
- G.703 applique interface support for modular router platforms
Note that the CSC-R Token Ring card does not operate with the Release 9.1 software.
Note For all low-end platforms, you now must set configuration register switches via software rather than through hardware DIP switches. Refer to the appropriate hardware manuals for details.
This section describes features and enhancements for the router system software.
This section describes features and enhancements for the router system and interface configuration software.
An automatic installation (AutoInstall) procedure is provided with the 9.1 software. This is documented in the 9.1 errata.
In certain instances when powering up your system, the system gives you an opportunity to boot your system even though there are problems with the configuration file you are attempting to netboot or you have rxboot ROMs installed.
You can increase access security on your router by encrypting both the privileged command password and the console and virtual terminal line access passwords using the following new command:
[no] service password-encryption
The system keeps interface statistics for the number of packets of each protocol type that have been sent through the interface. The accounting keyword has been added to the show interfaces command, as follows:
show interfaces [type unit] [accounting]
On the Cisco 4000, you can specify the Ethernet network interface module configuration with the following new interface subcommands:
[no] media-type [aui|10BaseT]
[no] squelch [normal|reduced]
This section describes new features that support FDDI interfaces.
CMT Microcode
The CSC-C2FCIT interface card provides connection management (CMT) functions in microcode separate from those provided on the processor card. The following new interface subcommand controls whether the CMT onboard functions are on or off:
[no] fddi if-cmt
FDDI Encapsulation
The new CSC-C2FCIT card, which supports both transparent and translational bridging, allows you to specify the encapsulation mode when bridging. In transparent mode, the FCIT interface interoperates with earlier versions of the CSC-FCI encapsulating interfaces when performing bridging functions on the same ring.
The new command is as follows:
[no] fddi encapsulate
The no form of the command returns the CSC-C2FCIT to native translational, nonencapsulating mode.
On the Cisco 4000, you can specify the serial Network Interface Module timing signal configuration with the following new interface subcommands:
[no] dce-terminal-timing-enable
[no] dte-invert-txc
The transmitter-delay command now supports Token Ring interfaces.
You can now configure loopback interfaces using the interface command. The syntax for this command is as follows:
interface type unit
This section describes enhancements to Cisco's support of MIBs.
This set of MIB variables enables each Cisco router's Flash EPROM in a distributed network to be monitored and controlled from a central, standards-based SNMP management platform.
The MIB that Cisco supports is a subset of the Token Ring MIB as defined in RFC 1231. Of the three tables of variables specified in RFC 1231, Cisco implements only the two mandatory tables.
Cisco also supports the source-route bridging (SRB) component of the Bridge MIB (RFC 1286).
The TR and SRB MIBs are supported on the A, M, and C chassis routers only.
Cisco complies with the FDDI SMT 6.2 specification, supporting all mandatory portions.
This section describes changes and enhancements to Cisco's support of WAN features.
Cisco has added support for the encapsulation of IP packets in conformance with IETF RFC 1294 entitled "Multiprotocol Interconnect over Frame Relay."
The new command is as follows:
[no] encapsulation frame-relay [ietf]
Frame Relay switches can set congestion bits in packets (Forward Explicit Congestion Notification [FECN]) as they transit the Frame Relay Network. This feature allows promotion of FECN bits from the Frame Relay network to the appropriate congestion management fields of OSI and DECnet Phase IV packets. The protocols are expected to recognize the fields and provide some congestion relief by whatever mechanism that is available to them. There are no new commands associated with this feature.
T3/E3 SMDS access has been available from Cisco since Software Release 9.0. To fully use the bandwidth, Cisco has added support for SMDS fast switching for IP in Release 9.1. (For the IGS, Cisco 3000, and Cisco 4000, this works only on serial-to-Ethernet connections). There are no new commands associated with this feature.
The best T3/E3 SMDS performance is seen on an AGS+ router with the following configuration:
- HSSI interface
- CSC/4
- CSC-CCTL2--ciscoBus2 controller
- Fast switching enabled
The Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) is currently supported on the Cisco 3000 only. The BRI includes one Ethernet connection and one ISDN Basic Rate connection. The Basic Rate connection consists of a D channel and two B channels, both of which are full-duplex, 64-kbps channels. The D channel is used for call setup only; the B channels transmit user data. The B channels are treated as serial lines and support HDLC and PPP encapsulation.
New commands include the following:
interface bri 0
isdn switch switch-type
show interface bri 0 [first] [last]
DDR Hunt Group support allows a router to configure multiple serial interfaces as a dialer group (rotary dialer) and to place calls to a destination using any of the interfaces in the dialer group. The dialer groups are used with the standard DDR commands. A set of interfaces can be assigned to a rotary dialer group and can be used as a single interface for multiple destinations.
In addition, the router accepts calls from all destinations on serial interfaces. This is useful if you have an inbound rotary group telephone number that connects to the first available serial port. The dialer group allows the router to accept calls on any of the interfaces.
New commands are as follows:
dialer map protocol next-hop-address username name
interface dialer n
dialer rotary-group n
X.25 Blacker Emergency Mode
Blacker Front End (BFE) encryption is required in secure DDN X.25 network applications. The Cisco router is considered to be the host that is connected to the BFE.
The Blacker Emergency Mode feature allows the router to support BFE if the routing host or gateway is unavailable. The BFE device, upon discovering the loss of the routing host, enters Blacker Emergency Mode and sends a message to the router that it is entering or requesting to enter Blacker Emergency Mode. At this point the router, depending upon the user configuration, also enters Blacker Emergency Mode. It then either ignores the message or approves or denies authorization to enter Blacker Emergency Mode.
You can administratively configure the router to enter Blacker Emergency Mode. The choices are never, always, or based upon a decision. The decision depends on the specific configuration of BFE, which may or may not be allowed to enter Blacker Emergency Mode. Once it enters Emergency Mode, the router has the additional facility for address translation information for the Blacker internet addresses of remote hosts and gateways.
New commands are as follows:
x25 remote-red host-ip-address remote-black blacker-internet-address
x25 bfe-emergency {never|always|decision}
x25 bfe-decision {no|yes|ask}
bfe {enter|leave} interface-type unit
show x25 remote-red
Dial-on-demand routing (DDR) was provided in the 9.0 software release. No security features were built into the support for DDR until the support for the Challenge Handshake Authentication Protocol (CHAP). CHAP is defined in RFC 1334 and is part of the PPP protocol Link Control Procedures. It defines the process by which a router that is called is able to verify and control the access of a remote calling router.
The CHAP implementation in Software Releases 9.1(2) and later now complies with RFC 1334 and interoperates with other conforming implementations. With this change, CHAP in Release 9.1(2) and subsequent releases do not interoperate with the implementation in Release 9.1(1), although the CHAP feature in 9.1(1) interoperates with other Cisco routers using Release 9.1(1).
New commands are as follows:
ppp authentication chap
username name password secret
These commands allow you to add special graphical and international characters in banners and prompts and to add special characters such as software flow control characters.
New commands are as follows:
exec-character-bits {8|7}
special-character-bits {8|7}
terminal exec-character-bits {8|7}
terminal special-character-bits {8|7}
This section describes performance enhancements in Software Release 9.1.
Autonomous switching for the following protocols is supported:
- IP autonomous switching over the CSC-C2CTR interface
- SRB autonomous switching over the CSC-C2CTR interface
- IP autonomous switching over the CSC-C2FCIT interface
Fast switching for the following protocols is supported:
- IP fast switching over Token Ring (excluding the IGS, Cisco 3000, and Cisco 4000)
- SRB fast switching over Token Ring
- RSRB (SRB over a tunnel) fast switching over Token Ring
- IPX fast switching over Token Ring (excluding the IGS, Cisco 3000, and Cisco 4000)
- Transparent bridging fast switching over the CSC-C2CTR interface
- SMDS fast switching for IP on selected interfaces
- Translational, encapsulation, and RSRB (SRB over a tunnel) bridging fast switching over a tunnel
- Transparent bridging fast switching over Ethernet and HDLC serial links on the Cisco 4000
This section describes protocol features and enhancements provided with Software Release 9.1.
This section describes changes and enhancements to Cisco's support of DECnet.
DECnet over Token Ring
The Cisco router can now communicate with a DECnet host on a Token Ring. Cisco follows Digital's specification for DECnet on Token Ring. Using the pre-dec command option, you can configure a Cisco router for operation on the same Token Ring with routers running pre-9.1 software versions. This specifies Cisco-style encapsulation. DECnet-style encapsulation is the default.
The new command is as follows:
decnet encapsulation {pre-dec|dec}
Additional Command Aliases
The following aliases have been implemented in order to be compatible with DEC LAT terminal servers:
help
logout
Use the help command to obtain information about EXEC commands. Use the logout command to exit EXEC mode and free the line.
This section describes changes and enhancements to Cisco's support of IP routing protocols.
BGP Enhancements
Various enhancements have been made to Cisco's implementation of BGP, as well as to a number of already existing BGP commands.
New commands now include the following:
[no] neighbor any [list]
[no] synchronization
neighbor address ebgp-multihop
show ip bgp neighbors [address [routes]]
debug ip-bgp-updates
The following display has been modified:
show ip bgp [network]
New displays include the following:
show ip bgp summary
show ip bgp paths
ICMP Router Discovery Protocol
The Router Discovery Protocol (RDP) outlined in RFC 1256 provides a standard way for IP hosts to discover routers. When operating as an IP router, RDP packets are generated, and when operating as a host, RDP packets are received.
The new interface subcommands are as follows:
[no] ip irdp
show ip irdp
Use the following interface subcommands to change IRDP parameters:
ip irdp preference number
ip irdp maxadvertinterval seconds
ip irdp minadvertinterval seconds
ip irdp holdtime seconds
ip irdp address address [number]
This section describes changes and enhancements to Cisco's support of ISO CLNS.
CLNS Name Mapping
The output for a number of show clns commands now displays a name mapping of CLNS host names to addresses. There are no new configuration commands.
This section describes changes and enhancements to Cisco's support of Novell.
Multiple Helper Addresses for Novell
Cisco now supports multiple Novell helper addresses to allow broadcast packet forwarding to multiple servers on different LANs. There are no new commands associated with this feature.
Static SAPs for Novell
Cisco routers now support static SAP configuration, which allows the router to advertise on behalf of a distant Novell server.
The new command is as follows:
novell sap service-type name network.address socket hop-count
This section describes changes and enhancements to Cisco's support of OSPF.
Variable Length Subnet Mask Support (OSPF and Static Routes Only)
A Cisco router now can support more than one mask for the same network number. All masks must be left-contiguous; that is, there cannot be any zero bits to the left of a one bit.
The command changes that follow apply to static routes only.
The following display has been modified:
show ip route [network [mask]]
A new command has been added to display the masks used for network [address] and the number of subnets using each mask. This command is used mostly for debugging:
show ip masks [address]
Each of these commands adds an optional mask:
show ip route [address [mask]]
clear ip route [address [mask]]
For the following command, a mandatory mask has been added:
ip route network mask {address|interface} [distance]
The following command has been obsoleted:
ip default-network [subnet]
Default subnets can now be translated into network-level routes.
This section describes changes and enhancements to Cisco's support of bridging.
This section describes new transparent bridging features.
Replacement Command
A new command is provided for selecting the OUI code to be used in the encapsulation of Ethernet Type II frames across Token Ring backbone networks. This command replaces and extends the bridge old-oui command (as documented in the Router Products Configuration and Reference Errata for Release 9.0) or the source-bridge old-oui command (as documented in the Release 9.0 Router Products Configuration and Reference publication). Specify the following new command on a per-interface basis:
[no] ethernet-transit-oui [90-compatible | standard | cisco]
Extended Access Lists for Transparent Bridging
Access lists for transparent bridging have been extended to allow you to set filters on arbitrary bytes in the packet. The following is the extended version of the access-list subcommand:
access-list list {permit|deny} source source-mask destination destination-mask
byte-offset-in-packet size operator operand
This section describes changes and enhancements to Cisco's support of IBM networks.
This section describes new source-route bridging features.
Replacement Command
The command to transfer data between IBM Ethernet/Token Ring 8209 bridges and Cisco routers running the SR/TLB software has changed. The source-bridge old-oui command has been replaced by the following:
[no] ethernet-transit-oui standard
SRB Autonomous Switching
There is a new command option, cbus, in the source-bridge route-cache command for local source-route bridging between ciscoBus Token Ring cards and 4/16-MB Token Ring interfaces in the same router.
The new command option is as follows:
[no] source-bridge route-cache [cbus]
Fast Sequenced Transport (FST)
FST is a new encapsulation method that consumes less CPU and bandwidth than TCP encapsulation for SDLLC and RSRB. This feature preserves the dynamic media-independent nature of IP routing to support SNA and NetBIOS applications.
The new commands are as follows:
[no] source-bridge fst-peername local-interface-address
[no] source-bridge remote peer ring-group fst ip-address [lf size]
[version number]
Class of Service (COS)
This feature allows the router to prioritize SNA traffic across an SNA backbone network by enabling the router to read the Format Identification 4 (FID4) frames and extract the COS information from them.
The new commands are as follows:
[no] source-bridge cos-enable
[no] stun cos-enable
SNA Local LU Address Prioritization
The SNA Local LU Address Prioritization feature allows SNA traffic to be prioritized according to the address of the Logical Units (LUs) on the FID2 transmission headers. Currently, only dependent LUs are supported. The prioritization takes place on LU-LU traffic between an SNA Node type 5 or Node type 4, and an SNA Node type 2.
This feature prioritizes SNA traffic on either serial tunnel (STUN) or remote source-route bridging (RSRB). LU address prioritization requires local acknowledgment (local termination) of SDLC and LLC2 sessions.
The new commands are as follows:
[no] locaddr-priority-list list address-number queue-keyword
[no] locaddr-priority list
The new keyword priority in the source-bridge remote-peer command supports Class of Service (COS) and SNA Local LU Address Prioritization over a TCP/IP network. The new command option is as follows:
source-bridge remote-peer ring-group tcp ip-address [lf size] [local-ack]
[priority] [version number]
NetBIOS Name Caching
This feature allows a router to maintain a cache of NetBIOS names in order to avoid the high overhead of many broadcasts in SRB environments. When NetBIOS name caching is enabled and default parameters are set on the router, the NetBIOS name server, and the NetBIOS name client, approximately 20 broadcast packets per login are kept on the local ring on which they are generated.
The new commands are as follows:
[no] netbios name-cache timeout minutes
[no] netbios name-cache query-timeout seconds
[no] netbios name-cache recognized-timeout seconds
netbios name-cache MAC-address NetBIOS-name interface-name
netbios name-cache MAC-address NetBIOS-name ring-group group-number
no netbios name-cache MAC-address NetBIOS-name
[no] netbios enable-name-cache
source-bridge proxy-netbios-only
show netbios-cache
clear netbios-cache
You can limit the number of source-route bridging spanning output and input hops for your network.
To limit the maximum number of source-route bridging spanning output hops for your network, use the following command:
source-bridge max-output-hops count
The argument count is the number of bridges spanning explorer packet can traverse. It is checked against outgoing packets.
To limit the maximum number of source-route bridging spanning input hops for your network, use the following command:
source-bridge max-input-hops count
The argument count is the number of bridges spanning explorer packet can traverse. It is checked against incoming packets.
This section describes new STUN and SDLC transport features.
STUN SDLC Local Acknowledgment and Prioritization
SDLC Local Acknowledgment allows the router next to the SDLC device to terminate the SDLC session to eliminate polls and acknowledgments across the WAN. This feature is an enhancement to the SDLC Transport feature. SDLC Transport carries SDLC traffic through Cisco routers using serial tunneling (STUN).
The new commands are as follows:
stun route address address-number tcp ip-address [local-ack] [priority]
no stun route address address-number tcp ip-address
To support Class of Service (COS), SNA Local LU Address Prioritization, and SDLC Address Prioritization over a TCP/IP network, specify the priority keyword.
Note The STUN SDLC Local Acknowledgment feature enhances and supersedes the functions provided by the proxy polling feature of Release 8.3. The proxy polling feature has been retained for compatibility with prior software releases. Cisco recommends that you use STUN SDLC Local Acknowledgment rather than proxy polling.
To synchronize the state machines of STUN remote peer routers, use the following command:
stun remote-peer-keepalive
SDLC Address Prioritization
SDLC Address Prioritization allows STUN traffic to be prioritized according to the address of the SDLC frame.
Use the priority-list global configuration command to establish queuing priorities based on the address of the SDLC link.
The new command is as follows:
[no] priority-list list stun queue-keyword address group-number address-number
Multiple-Link Transmission Group Support
Multiple-link SDLC transmission groups (TGs) can be accommodated across STUN connections between IBM communications controllers, such as IBM 37x5s.
To establish the TG, use the following command:
stun protocol-group group-number sdlc-tg
Previously, SDLC interfaces could operate only in full-duplex mode. They can now operate in half-duplex mode.
Use the following command to configure an SDLC interface for half-duplex mode:
[no] sdlc hdx
Use the following command to adjust the delay between the detection of a Request To Send (RTS) signal and the assertion of a Clear To Send (CTS) signal:
sdlc cts-delay time
Use the following command to adjust the time the interface waits for the DCE to assert a CTS signal before dropping an RTS signal:
sdlc rts-timeout time
This section describes new SDLLC features.
SDLLC Serial Primary
SDLLC is Cisco's term for media translation between IBM's Synchronous Data Link Control (SDLC) data link protocol for serial lines and ISO's Logical Link Control (LLC) Type 2 data link protocol used over a LAN. SDLLC permits you to connect front-end processors and cluster controllers across an arbitrary topology of Cisco routers. Traffic is routed across the topology with SRB/RSRB techniques.
The serial primary feature allows a front-end processor to be attached to a serial SDLC line while the cluster controller is attached to the LAN media. Starting with Software Release 9.1(9), the front-end processor can now be attached to a serial SDLC line while the cluster controller is attached to a Token Ring. There are no new commands associated with this feature.
SDLLC for Ethernet
SDLLC for Ethernet allows Ethernet-based devices to communicate with SDLC-based devices over an arbitrary topology using SRB/RSRB in combination with the SR/TLB bridging technique. There are no new commands associated with this feature.
SDLLC Local Acknowledgment
SDLLC local acknowledgment allows the Cisco router to locally terminate the LLC2 session on the Token Ring side in an SDLLC connection. (The SDLC side is always locally terminated by the conversion process.) This feature provides a great deal of flexibility and allows both SDLC and LLC2 to be locally acknowledged. SDLLC Local Acknowledgment for Ethernet is not supported. The new command is as follows:
[no] source-bridge sdllc-local-ack
Various Token Ring and source-route bridging MIB variables are now supported.
The following feature is currently undergoing extended testing.
Protocol translation is now offered as an option on the IGS/L, IGS/TR, and Cisco 3000. Note, however, that IGS chassis with 512 KB do not support the 9.1 software with protocol translation; this software requires a minimum of 1 MB.
IP static routes now require that a mask be specified with the destination address. A mask is automatically inserted into old static route entries.
The new ip route command is as follows:
ip route network mask {address|interface} [distance]
This section describes warnings and cautions about using the Release 9.1 software. The information in this section supplements that given in the section 9.1(16) Caveats, page 25.
Release 9.1 is no longer supported on the Cisco 4000 series routers. You must use Release 9.14.
The size of the router software image has increased by approximately 512 KB between Software Release 9.0 and 9.1. This may limit the upgrade possibilities for some users. The router software needs at least 200 KB of free memory in order to run reliably and with reasonable performance. If your free memory when running 9.0 is greater than 512 KB, you should not run into memory problems with 9.1.
Users with CSC/3 processors should determine whether they have sufficient free memory available before upgrading to 9.1. Do this using the show memory command, which displays memory usage information, including the total free memory available. Since the memory usage fluctuates over time, it is advisable to sample this value several times if there is any possibility of being close to the limit. If you do not have enough free memory, you will have to upgrade your systems to a CSC/4 processor.
For all new IGS/L and IGS/R routers, 1 MB of DRAM is now standard. This is the minimum memory required to run Software Release 9.1. If you are upgrading an IGS/L or IGS/R router with 0.5 MB of memory from Release 9.0 to Release 9.1, you should also upgrade the memory in your system to 1 MB.
IGS chassis with 512 KB do not support the 9.1 software with protocol translation; this software requires a minimum of 1 MB. Specifically, with the IGS-BRPX image, the IGS will boot and run as a bridge/router with 1 MB of system memory. However, to support protocol translation, the IGS must have 4 MB of system memory.
Additionally, customers with A and AGS+, M, and C chassis with CSC/3 processors will not be able to netboot or boot from Flash the 9.1(1) image prior to upgrading to 9.1(1) ROMs. Also, if you have 9.1(1) in ROM, you can netboot 9.1(3).
The following discussion concerns all users whose routers meet the following conditions:
- The router is using a CSC/3 processor.
- You want to boot 9.1 router software from either Flash or over the network.
When attempting to boot a 9.1 software image, you may see a message indicating a buffer overflow error. If you see this message, you must compress the software image before booting it.
When a server netboots or Flash boots software, the image being booted and the running image must both fit into memory.
The uncompressed 9.1 software image is in certain cases larger than half the available memory of a CSC/3 processor. However, a compressed 9.1 image is smaller than half the available memory and can be network-booted or Flash-booted into the CSC/3.
You can produce a compressed software image on any UNIX platform using the "compress" program. Refer to your UNIX platform's documentation for the exact usage of the "compress" program.
Note Many UNIX "compress" programs produce a file whose name ends in
.Z. In certain instances (notably, when booting with the
b command from the ROM monitor), the system does not understand uppercase names. To ensure the ability to boot the software in all cases, rename the output files from the UNIX "compress" facility to a name that does not contain any uppercase characters.
When booting the system software from a TFTP server, do not copy the 9.1(3) system software image to the TFTP server, then copy it a second time. If you do, the second image will be appended to the first image rather than writing over it, and the image will not function in your routers. If you want to copy the image a second time, first delete the image from the destination directory on the server, then recopy the image.
Also, do not make any typographical errors while typing the name of the system software image you are copying. If you type the name of a file that does not actually exist, and then tell the router to erase the existing image in Flash memory, you erase the only working system software image in Flash memory. You still have a working image in RAM, so your router should still function normally. At this point, do not reboot the router. If you do, your router will not function and you must restart and reconfigure it. To recover from the accidental Flash memory erasure, execute the copy tftp flash command again to load the appropriate image into Flash memory.
On page 2-16 in the Router Products Configuration and Reference publication, in the section "Loading Configuration Files," enabling the loading of network configuration files via the service config command is now the default. This change affects software release 9.1(2) and later.
When booting a low-end router (IGS, Cisco 2000, Cisco 3000, or Cisco 4000), the Token Ring interface fails to initialize on the first attempt and prints a series of failure messages. Please ignore these messages. After the first unsuccessful attempt to join the ring, the interface then loads successfully. This is reported as caveat CSCdi11616.
If you have a modular chassis-based router that has a CSC/3 processor and you cannot netboot due to a "buffer overflow" error, you must load the bootstrap program gs3-boot. This program is available either on floppy disk or from Cisco CIO by way of File Transfer Protocol (FTP). Once you have the program, transfer it to your system using Trivial File Transfer Protocol (TFTP). In addition, you must access the front edge of the CSC/3 processor card and verify the positions of three jumpers in the configuration register. You also must enter a combination of software commands in your configuration file. To load the bootstrap program and enable the system to first boot the bootstrap program and then boot the system image, follow this procedure:
Step 1: Use appropriate procedures to make the gs3-boot file available:
- Floppy disk version--Establish network access to a PC (with an appropriate 3.5-inch floppy disk drive) that is configured as a TFTP server
- Electronic version--Establish network access to a TFTP server that holds the file
Step 2: Access the configuration register on the front edge of your CSC/3 processor card by following the procedure in your hardware installation and maintenance publication.
Step 3: Reset bit 0 on the configuration register to 0 (remove the jumper). This disables booting from system read-only memory (ROM). Refer to your hardware installation and maintenance publication for details.
Step 4: Using the jumper removed from bit 0, set bit 1 of the configuration register to 1 (insert the jumper). This enables netbooting.
Step 5: Using the extra jumper provided with the gs3-boot software, set bit 9 of the configuration register to 1. This causes the system to look for and load the secondary bootstrap procedure (bootstrap program).
Step 6: If your router has Flash capability, enter the following commands in the configuration memory. Otherwise, proceed to Step 7.
boot bootstrap flash gs3-boot
boot system flash filename
^z
router# write memory
filename is the name of your 9.1(9) or later image.
The system then looks for and loads the bootstrap program, and then looks for and loads the 9.1(9) system image as defined by filename.
Step 7: If your system does not have Flash capability, enter the following commands in the configuration memory:
boot bootstrap gs3-boot
boot system filename
^z
router# write memory
filename is the name of your 9.1(9) or later image.
The system then looks for and loads the bootstrap program, and then looks for and loads the 9.1(9) system image as defined by filename.
There is an interoperability issue between the Cisco Novell IPX fast-switching in Release 9.1 and that in releases prior to 8.3(7.2) and 9.0(5.1). In releases prior to 9.1, fast switching on FDDI and serial links was supported only between Cisco routers, and communication with FDDI end hosts was done by process switching. Any improper frames were corrected by the receiving Cisco router. Release 9.1, when used with a CSC-FCIT controller card, supports fast switching to FDDI end hosts and sends the frames in the proper format. This change leads to the following interoperability issue: When a Release 9.1 router is forwarding fast-switched Ethernet Novell frames via a serial or an FDDI interface to routers running Release 8.2 and releases prior to 8.3(7.2) and 9.0(5.1), frames fast-switched by the older router from FDDI or serial links onto Ethernet are not guaranteed to have even frame lengths.
This does not pose any problem with most PC Ethernet network controllers. However, some older PC Ethernet controllers require even-length frames and will not accept the odd-length frames that may be sent by the Release 9.1 software. Maintenance releases later than 9.0(5.1) for Release 9.0 and 8.3(7.2) for Release 8.3 make each of these previous releases fully compatible with the Release 9.1 software. Note that these patches also allow Release 9.0 and 8.3 software to guarantee even-length Ethernet frames when fast switching packets originally sent by an FDDI end host.
You also can achieve full backward compatibility without upgrading the 9.0 or 8.3 (or 8.2) router software by configuring the router to process-switch frames to the FDDI or serial interface. To do this, use the no novell route-cache command on an FDDI or a serial interface running Release 9.1, or on an Ethernet interface on routers running the older software releases.
When setting the bandwidth, the bandwidth that is displayed with the show interfaces command may not match for some higher bandwidths because some roundoff is performed on the number you entered. The values shown match those seen in IGRP update packets and hence are more useful for debugging.
As of Software Release 9.1, the router automatically translates old default network commands into appropriate static routes. The translation is completely transparent.
On the Cisco 4000, when building the receive rings for the serial and Ethernet interfaces, if a buffer request fails (that is, there is not enough of a particular buffer size left in the pool), the interface is marked as down and the initialization is abandoned at that point.The interface will later initialize as more buffers are created to fill the demand. This problem is most noticeable in the 1E4T configuration. The serial 3 interface may take as long as 5 minutes before that interface becomes usable.
However, buffer pool allocation is a user-tunable parameter. The buffer pool to tune depends on the type of encapsulation used by the interfaces. Correspondingly, the ring size changes with the size of buffer required.Table 1 shows the mapping between buffer and ring size on the Cisco 4000.
Mapping between Buffer and Ring Size
Maximum Transmission Unit (MTU)
| Receive Ring Size
|
|---|
| MTU < 1524
| 32
|
| 1524 < MTU < 5024
| 8
|
| 5024 < MTU < 18024
| 4
|
Example 1
On a Cisco 4000 1E4T box using HDLC encapsulation, there are five receive rings, each with 32 entries. The cache size is 32 buffers. The MTU for this encapsulation is less than 1524 bytes (the same as for Ethernet), so you must use buffers from the "big" pool. The basic number of "big" buffers required is (5 + 1) ¥ 32 = 192. Adding a bit of "comfort" space, you can configure the buffer pool by entering the following command:
buffers big permanent 200
This increases the permanent buffer pool allocation for big buffers to 200.
Example 2
On a Cisco 4000 6T box, using X.25 encapsulation, there are six receive rings, each with eight entries, plus a cache ring of eight entries. The MTU for this encapsulation is less than 5024 bytes but greater than 1524, so you must use buffers from the "large" pool. The basic number of "large" buffers required is (6 + 1) ¥ 8 = 56. Adding a bit of "comfort" space, you can configure the buffer pool by entering the following command:
buffers large permanent 60
This increases the permanent buffer pool allocation for large buffers to 60.
In general, a rule of thumb is to boot the box, check for whichever buffer pool is depleted, and increase that one. The figures used in the preceding examples are just estimates.
The CSC-C2CTR Token Ring interface card uses an MTU size of 4464 bytes, and the CSC-R16M, CSC-1R, and CSC-2R cards use an MTU size of 4464 bytes when running at 4 MB and an MTU size of 8136 bytes when running at 16 MB. Token Ring interfaces between a CSC-C2CTR card and a different Token Ring card must use the lower MTU size of 4464 bytes. This is especially important when using CLNS, because two neighboring routers can send hello packets to form IS-IS adjacencies only if the MTU size is the same at both ends of the interface.
To set the MTU size, use the mtu interface subcommand.
To make changes to parameters on X.25 interfaces, you must first shut down the interface.
Access control lists assigned to an AppleTalk interface using the appletalk access-group interface subcommand deny access to packets that originate at the source router. This behavior is contrary to ACL behavior for other protocols, such as TCP/IP, in which access is denied only to packets that the local router is forwarding.
If you are using AppleTalk on FDDI or Token Ring interfaces, you must specify the following command to ensure full connectivity:
no appletalk glean-packets
After you enter this command, execute a write memory command to store the command in the router's configuration file.
The following two examples show how you might configure FDDI and Token Ring interfaces using the no appletalk glean-packets command:
For an FDDI interface:
interface fddi 0
appletalk cable-range 100-102
appletalk zone Marketing
no appletalk glean-packets
For a Token Ring interface:
interface tokenring 1
appletalk cable-range 103-103
appletalk zone Sales
no appletalk glean-packets
Our implementation of AppleTalk does not forward packets with local source and destination network addresses. This behavior does not conform with the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AARP table in any AppleTalk node that is performing MAC-address gleaning.
Page 25-2 of the Router Products Configuration and Reference publication mistakenly represents that Cisco's SDLLC can support IBM 5494 devices. SDLLC supports only SDLC-attached PU type 2 devices; it does not support PU type 1, PU type 2.1, PU type 4, or PU type 5 devices. However, on the Token Ring side of the SDLLC interface, it is possible to connect a PU type 4 (front-end processor) or type 5 device (host), or an AS/400 computer, which operates in PU2.1 and host emulation modes.
Note that these restrictions do not exist with STUN (SDLC to SDLC). STUN supports any PU type running over SDLC.
When applying a SAP update delay to a Novell interface, Novell indicates that the delay should not exceed 120 ms and recommends that it be much smaller than 120 ms. Delay values in the range of 2 to 8 ms are common. If you need to use a larger SAP update delay time, you should increase the size of the input hold queue using the hold-queue length in interface subcommand.
In BSD-derived UNIX systems, the block number in the TFTP header file is a short instead of as unsigned short. Because of this, you cannot write core on a 16M CSC4 to some UNIX systems because the last block will never be accepted by the UNIX TFTP daemon. However, the entire core file, except for the last 512-byte block is successfully written, so you still can use the incomplete core file for debugging system problems. This was previously reported as Cisco bug CSCdi07776.
This section describes possibly unexpected behavior by Release 9.1(16). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(16). The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
- On a Cisco 4000, the serial line suffers an input queue jam. Issuing the show interfaces command reveals about 50 buffers accumulating per week. Eventually the input queue hits the limit of 76/75, and access across the serial link stops. This problem seems to be related to the routing of DECnet or the bridging of LAT. [CSCdi13564]
- In an environment where OSPF is redistributed into RIP and RIP into OSPF, under certain circumstances, the RIP updates are no longer interpreted by the router. Instead, they are forwarded to the gateway of last resort. [CSCdi18372]
This section describes possibly unexpected behavior by Release 9.1(15). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(15). For additional caveats applicable to Release 9.1(15), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
No serious bugs were resolved in Release 9.1(16). For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
This section describes possibly unexpected behavior by Releases 9.1(13) and 9.1(14). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(14). For additional caveats applicable to Releases 9.1(13) and 9.1(14), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For a most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(15).
- Setting the llc2 ack-max parameter to the value n actually causes the router to acknowledge every n + 1 packets. Because this value cannot be set to zero, it is impossible to tell the router to acknowledge every packet. [CSCdi27034]
- If an R16M Token Ring card is administratively down and the router is reloaded or powered off and back on, the card will try to initialize its interface and will no longer be administratively down. This appears to happen only on the R16M card. [CSCdi17976]
This section describes possibly unexpected behavior by Release 9.1(12). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(12). For additional caveats applicable to Release 9.1(12), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For a most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(13).
- When system uptime exceeds approximately 24.45 days, AppleTalk interfaces can unexpectedly hang during restarts and never become operational. The only workaround is to reload the system. [CSCdi20052]
- A router that has been configured as a Level 1 router should not send out Level 2 routing updates. [CSCdi20884]
- The netbios enable-name-cache command does not work in a topology that has two or more paths to access to the workstations. The show rif command shows both paths, but the show netbios-cache command shows only one path. [CSCdi18524]
- When running remote source-route bridging with local acknowledgment, certain topologies may cause the input queue to fill up. The result is that the interface with the filled input queue will no longer pass traffic. [CSCdi22676]
- On half-duplex SDLC serial interfaces, the show interface serial n command returns incorrect information regarding the RTS and CTS signal timing information. This has no operational impact on the SDLC link. [CSCdi23781]
- On Cisco remote access routers, the configuration interface subcommand bridge-group group output-pattern grouplist does not function properly. All packets will be passed through this interface regardless of the filters set in this command. [CSCdi13619]
- Translational bridging of Novell IPX packets from Ethernet to FDDI and back to Ethernet fails if the source MAC address ends with 0xff . All other protocols bridge correctly with this MAC address, and all other MAC addresses bridge correctly with all protocols. [CSCdi21873]
- A bus error may occur on a Cisco 4000 router when connecting to a 3-COM Netbuilder II, version 7.1 via a serial line configured for PPP encapsulation. The following error messages may be seen with debug PPP turned on: [CSCdi22454]
LINK-2-NOSOURCE: source IDB not set
SYS-2-INLIST:Buffer in list
SYS-2-LINKED: Bad p_enqueue
SYS-2-BADSHARE: Bad refcount in pak_duplicate.
- In OSPF, when a neighbor goes down, a host route for that neighbor is incorrectly added. A possible workaround is to trigger the rebuild of OSPF router link state advertisement by changing the interface metric or by rebooting. [CSCdi21103]
- The system may crash and reload itself while the route described in (c) is removed from the routing table. A combination of the following conditions causes this to happen: (a) There is a variably subnetted route; (b) Multiple routes hash into the same subnet table hash bucket; (c) There is a subnet with netnumber == major_net and mask == major_net_mask; and (d) Another subnet follows. The root cause is the same as CSCdi20345. [CSCdi18659]
- The original default of the ipx gns-response-delay command was 500 ms. This value fixes an issue in NetWare 2.x with dual-connected servers in parallel with a router NetWare 2.x was the most common release. NetWare 3.x and later do not have the same issue, and a nonzero GNS response delay may cause problems in certain situations. The default of the ipx gns-response-delay command has been changed to 0. [CSCdi22285]
- Fast switching large IPX packets from a high MTU interface (such as Token Ring or FDDI) to an MCI serial card may corrupt MCI memory resulting in an %MCI-3-SETUPERR message. This is only an issue if you use a version of IPX that uses packets larger than the default 576 (using LIPX or BIGPAK). [CSCdi22888]
- When forwarding a StreetTalk broadcast from a server, if there is no routing table entry for the source network, the broadcast will be flooded out all interfaces (including the source interface). This can cause broadcast storms since the packet will be propogated forever. Note: A likely cause of this problem is a bug in Banyan's SRTP implementation whereby the server stops sending compatibility updates. This can be fixed by applying the 5.52(5) "LJ" patch, or the 5.53(6) "LF" patch. [CSCdi22844]
- When X.25-over-TCP (XOT) sends a Call Confirm that modifies one of the two proposed flow control facilities (window sizes or maximum packet sizes), the values may be set to 0, which is illegal. [CSCdi21602]
This section describes possibly unexpected behavior by Release 9.1(11). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(11). For additional caveats applicable to Release 9.1(11), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(12).
- Executing the show appletalk interface command may cause the system to restart itself. This happened on interfaces configured with many zones. [CSCdi18875]
- Rarely, the clear line command fails to clear the process running on that line. A show process command shows that the process on that line has an inappropriate and rapidly increasing number in the "invoked" column. [CSCdi16063]
- If a SAP update packet is received with an invalid length, much larger than the data actually contained in the packet, the system may reload. It is also possible, but unlikely, that invalid server entries may appear in the show ipx server table. When these packets are received, they should be counted as SAP format errors and the counter displayed by the show ipx traffic command should increment. [CSCdi19010]
- While converting from DECnet Phase IV to Phase V (and vice versa), the router holds back a converted packet once in a while and sends it out when some other event happens (for example, routing update and keepalives). This sporadic delay in packet transmission results in degradation of end-to-end DECnet performance. [CSCdi20151]
- A problem due to an incorrect interface MTU negotiation is seen on any interface whose default MTU is larger than the Ethernet MTU (for example, FDDI). When the VAX comes up, the router negotiates a block size that is larger than the maximum value that it can process (1524). Consequently, all adjacent routers send larger-sized updates, which the router rejects. This makes all destinations behind the router unreachable. [CSCdi20225]
- FEP-to-FEP local acknowledgment sessions are blocked when an SDLC-TG packet SQN=1 was delivered before a packet SQN=0. The code has been optimized to prevent this from happening (automatic resequencing). [CSCdi17904]
- If an RSRB remote-peer is defined but not currently in use, the router may reload due to a software forced crash. [CSCdi17934]
- After running for an extended period of time with remote source-route bridging configured, the console may display "%SYS-2-LINKED: Bad enqueue of nnnnnn in queue nnnnn" messages. These will be followed by a traceback message containing several hex numbers. RSRB will continue to function normally. [CSCdi18003]
- In low-end routers such as the Cisco 4000 and Cisco 3000, the Token Ring interface ignores IP packets that have single-route or all-route broadcast RIF. The correct behavior is to accept the packet and subsequently route it when IP routing is enabled. [CSCdi18131]
- When source-route translational bridging is used in a dual TIC (Token Ring interface) environment, the RIF is cached for the first return explorer from the destination. Subsequently, if another return explorer from the same destination is seen with a shorter RIF, the RIF cache on the router is updated. This causes the end-stations to re-initiate their sessions. The correct behavior for source-route translational bridging in a dual TIC environment is to cache the shortest RIF based on the fastest return and locks it. A timer is then started. If there is no packet from the destination and timer expires, the RIF cache for the destination is removed. Subsequently, new returns from an alternate route may be cached. If there are packets from the destination station, then the RIF from the cache is applied and the timer is reset. [CSCdi18169]
- In a local acknowledgment environment, incoming disconnect packets were not handled properly and remained on the input queue. The Token Ring input queue would fill up completely and cause continuous Token Ring resetting. [CSCdi18222]
- For SDLLC, there are certain situations in which LLC2 congestion across the RSRB connection can cause the LLC transmit queue to be overrun. If this is the case, a packet which has been acknowledged on the SDLC interface can get dropped on the LLC queue and cause a session interruption. One of the symptoms of this occurring is the SNA LU-LU session ending with an UNBIND due to a skipped sequence number in the TH header. Changes have been made in the SDLLC code to allow the system to sense congestion on the LLC2 side and apply back pressure on the SDLC side by sending RNRs. The current/maximum values of the LLC transmit queue can now be displayed with the show llc2 command. The default value is 200, with a maximum of 2000 allowed. The value can be changed with the llc2 txq number interface configuration command. [CSCdi18898]
- SDLLC configurations with System 88 machines may fail due to a known limitation in their ability to handle the direction bit in the RIF field. The fix modifies the router behavior to allow for this contingency. [CSCdi18921]
- When applying NetBIOS access lists with rsrb remote-peer access list statements on a system with active SRB traffic, the router may reload due to a bus error. The fix changes the system code so that it handles these conditions in a more graceful manner. [CSCdi18993]
- A reverse Ethernet SDLLC configuration with local acknowledgment enabled may cause a reload due to a software forced crash (jump to zero). [CSCdi19067]
- Use of the rsrb remote-peer 100 tcp n.n.n.n lsap-output-list number causes a slow memory leak under heavy RSRB load. The show process memory command will show an increasing amount of memory taken by the SRB background process. The workaround is to remove the access list and achieve the same desired behavior through the use of access lists applied on the Token Ring interfaces. [CSCdi19106]
- A configuration in which SDLLC and Reverse SDLLC are configured back to back does not work properly. A sample of this configuration would be an SDLC attached FEP going to a TR through the router (Reverse SDLLC) to another router to an SDLC attached PU. This configuration is common where a TIC for a FEP is not available and the customer requires both remote SDLC and Token Ring connectivity through the router network to a single SDLC line on the host side. The fix will ensure this configuration works. The workaround is to configure STUN for SDLC attached PUs and Reverse SDLLC for Token Ring attached PUs going to separate SDLC FEP lines on the host side. [CSCdi19148]
- Access lists of the form rsrb remote-peer nnn tcp ip address netbios-output-list host access list name do not function properly. The workaround is to use the same access list applied on the Token Ring interface to achieve the desired result. [CSCdi19198]
- The stun cos-enable causes unnecessary FID4 frame resequencing. The network gains no benefit and the routers are performing unnecessary work, so the feature is being removed. In addition, the feature was causing packets to be delivered out of TG sequence, which in rare occasions causes blocking TGs. [CSCdi19357]
- When the T1 timer is coded too short on a multidrop SDLC line, SDLC messages of the form "nn data from wrong address! got address" (where nn are SDLC poll addresses in hex) appear on the console. In a large multidrop configuration, the number of these messages is excessive. The code changes this behavior so that the messages appear only when debug sdlc is turned on. Note that these messages are informational only and that polling of the downstream SDLC devices continues. [CSCdi19376]
- This fix allows a FEP operating as a secondary SDLC station to load a remote FEP operating as a primary SDLC station. The opposite has been possible since 9.1(9). Before a FEP is loaded with an NCP Gen, it does not have an SDLC role. The SDLC role is negotiated via XID exchange when the remote FEP is activated. [CSCdi20463]
- In systems configured to support the spanning-tree bridging protocol, the root bridge BPDUs reappear at the root bridge in a HSSI environment. [CSCdi18812]
- When transparently bridging from Token Ring to serial on a Cisco 4000, a 2-byte length field is inserted without correcting the frame size. During the copy the last two bytes of the packet get lost. This only happens when flooding packets. [CSCdi18814]
- On Cisco 3000 series routers, when using dial-on-demand routing, a transition of CTS or DSR can appear as a transition of DCD when spoofing. [CSCdi19053]
- The router continually reports "%SYS-2-NOBLOCK: event dismiss with blocking disabled" errors preventing the router from processing other information. Reloading the router temporarily resolves the issue. [CSCdi18565]
- The default network does not work properly depending on the subnet used. [CSCdi18743]
- If an FDDI interface on a router reset via the no shut command, IP routes would be deleted from that interface. But since the FDDI ring is still in operational mode, there is no event generate to let OSPF know that routes has gone and recalculate SPF. [CSCdi19255]
- The source address-sensitive form of the distance command now works for OSPF. It formerly was silently ignored. Note that, for OSPF, this command has slightly different semantics, since the source address is matched based on the router ID of the router that originated the route within the OSPF area, rather than the next-hop router. [CSCdi19369]
- The router and communication servers allow remote users to Telnet into VTY ports by connecting to ports 20xx/40xx/60xx/80xx. All the standard VTY/TTY security features, such as passwords, TACACS, and the ability to block access with the access-class ... in command have always been supported, even when connecting to a high port. However, since many customers are unaware of this functionality, they do not take it into account when constructing packet filtering firewalls. Since this functionality can be explicitly enabled and configured by use of the VTY rotary feature, the default behavior is not necessary. This is not a security bug or hole, but rather a behavior that should be avoided as a matter of prevention due to its obscurity. [CSCdi20050]
- OSPF can choose and install nonoptimal interarea and external routes when there are multiple link state advertisements for the same destination advertised by multiple Area Border Routers (or Autonomous System Boundary Routers for external routes). This can cause a routing loop if other neighboring routers still install the shortest path to the destination. This problem will happen only after the system has been up for a period of time. The length of this period depends on how much connectivity changes have occurred. In a fairly busy network, the estimated length of this period is five to six weeks. [CSCdi20071]
- After an OSPF router installed a default route to network 0.0.0.0 that is advertised in an external link state advertisement (LSA) by an Autonomous System Boundary Router (ASBR) and a connectivity change happens in the network that triggers SPF calculation, the router will not reinstall the default route. This problem is introduced in the following software versions: 9.1(11.4), 9.17(9.2) and 9.21(3.1). There is no workaround. [CSCdi20401]
- Every time an OSPF router notices its neighbor state change on an interface (either by seeing new Hello packets or the lack of Hello packets for a RouterDeadInterval) and attempts to reoriginate its own router link state advertisement (LSA) but there is no change that needs to be reflected in the router LSA, a piece of memory of the size of the router LSA would be permanently consumed. This problem manifests itself by a slowly declining amount of free memory shown in show memory command. There is no workaround to this problem. This problem is introduced in software version 9.1(11.5). [CSCdi20849]
- The IS does not put dynamically learned ESs over point-to-point links in the L1 LSP, so the other ISs do not have a route to that ES. [CSCdi18856]
- In 9.1 releases beginning with 9.1(6.4), the router does not correctly honor the vines propagate command. Broadcast packets will be dropped when they should be forwarded. This is most noticeable when performing a newrev command on a serverless client when there is a serial line separating the client and the server. [CSCdi20428]
- On MCI/ciscoBus serial cards, when DDR is configured with priority queuing, a packet may get stuck in the output queue and get released only when the next packet replaces it in the queue. This one-packet delay may cause packets to be delayed, increasing response time or causing packet drops in case of timeout. [CSCdi17666]
- In X.25 environments, the message "System restarted by error - Jump to zero" appears. If you issue a show stack command, you see a two-line stack trace. The cause is related to failed PAD calls; an area of memory is modified after it has been returned as no longer in use. When the load is heavy or X.25 performance is slow, this invalid reference may modify critical data, causing unpredictable results. [CSCdi17688]
- Bridged IP packets for router management are sent with the wrong size. If you are bridging IP and using IP for router management, packets sourced by the router for the second frame-relay bridge entry are truncated. [CSCdi18862]
- Cisco routers with an ISDN BRI interface running the basic-dms100 or basic-ni1 switchtype may have B-channels become unavailable for usage. This may occur if there are long dialing delays for outgoing calls through an ISDN network. Also, when a call is connected on channel B2 and the dialer idle timer attempts to hang up the call, the B-channels may become stranded and unavailable for usage. [CSCdi19671]
- There is a problem with type 4 NetBIOS broadcast traffic looping in redundant topologies. The workaround is to eliminate redundancy. [CSCdi18824]
- When an output-sap-delay is configured and an update is in progress and service entries are timing out (older than 4 times the sap update interval) and a Get Nearest Server request is received, the router may restart. [CSCdi20370]
This section describes possibly unexpected behavior by Release 9.1(10). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(10). For additional caveats applicable to Release 9.1(10), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(11).
- If the source-route bridging is used, the LAN Network Manager functions such as CRS, REM, and RPS are automatically turned on. An error in the system code causes rapid accumulation of small buffers. The workaround is to put the configuration statement no lnm crs. [CSCdi16384]
- When remote source-bridging is enabled between multiple peers, one or more of the peers maybe stuck in REMOPEN state. This is observable via the show source-bridging command. The correct behavior is to transit from REMWAIT to OPEN state. [CSCdi17149]
- When transparent bridging is enabled Multibus Token Ring cards, the monitor bit is not cleared in the token when the packet is flooded to another Token Ring interface. The Active Monitor on the destination ring will see this bit set, assume the packet has already passed around the ring, purge it, and reissue a new free token. The workaround for this problem is to add a static bridge table entry for each destination address, for example, bridge 1 addr 0208.6ce2.088e forward t 0. Note that the address must be in Ethernet canonical format. This ensures that packets destined for this address will not have to be flooded via transparent bridging. This problem may not happen consistently, since the location of the active monitor on the destination ring may change over time. [CSCdi12451]
- The commands for manipulating the manual forward and discard functions of transparent bridging require fields that the manual has marked as optional. The correct behavior is to infer a "reasonable default" in the absence of an explicit optional parameter. [CSCdi17121]
- When setting queue-limits on any interface, the ciscoBus complex will reset itself. This will cause Token Rings to reinitialize. [CSCdi17646]
- At system boot time, TACACS code dies because it fails to establish a UDP socket with which to talk to the TACACS server. [CSCdi17830]
- When using the printer option for a TCP-LAT translation, one packet erroneously remains in the input queue on the receiving interface for each translation attempt which fails. [CSCdi17681]
- Disabling vines split-horizon does not allow VINES StreetTalk broadcasts to be forwarded out an interface that they were received on. This breaks "hub-and-spoke" Frame Relay networks, because spoke StreetTalk broadcasts are not forwarded from the hub router to other spoke sites. [CSCdi17488]
- Configuring SMDS on serial lines that are shutdown and subsequently reenabling them can in some circumstances cause a reload. A Token Ring interface appears to be required to trigger this problem. [CSCdi15880]
- X.25 calls received on a serial interface cannot be routed to a CMNS host. [CSCdi17212]
- After ISDN DDR connection is already established, sometimes the line gets a DISCONNECT message from the remote end and the line drops. The only way to get the line back to where you can redial the distant end is to issue a clear int bri 0 command.[CSCdi17908]
- A router with an ISDN BRI configured for the basic-1tr6 switchtype may have problems connecting on Channel B2. An incoming SETUP message using Channel B2 can be incorrectly answered using Channel B1. This may cause the PPP protocol to keep the BRI channel interface in a Protocol-Up and Line-Down situation. It will also prevent the B2 channel from receiving any more calls. [CSCdi18562]
This section describes possibly unexpected behavior by Release 9.1(9). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(9). For additional caveats applicable to Release 9.1(9), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(10).
- The zone list presented to an Appletalk Remote Access client may omit valid zones names. [CSCdi16652]
- Ethernet frames containing an invalid LLC header length and a DSAP equal to 0xF4 or 0x7E cause memory corruption and cause the system to reload. [CSCdi15699]
- When changing the bridge number of a SRB interface using LAN Network Manager platform, the router crashed. [CSCdi16403]
- CTR cards hear their own DECnet hellos, resulting in a "%DNET-3-HEARSELF: Hello type 1 for my address" error message. This has no operational impact. [CSCdi07368]
- OSPF does not sufficiently validate received data, which in some cases can cause system failure. [CSCdi16521]
- When an interface goes down, the system fails to poison the corresponding subnet route in RIP or HELLO routing advertisements sent out other interfaces that are part of the same major network number. The system also fails to poison a network summary route advertised by RIP or HELLO to other networks. The result is that adjacent routers must time out the corresponding route in their tables, instead of being notified of the routing change immediately. [CSCdi16698]
- VINES may not work properly on CTR interfaces that are also part of a transparent bridge group. [CSCdi16797]
- The system fails to reply to a DO TIMEMARK when translating from Telnet to X.25. This may result in a Telnet session hang between the router and the machine sending the DO TIMEMARK. [CSCdi16405]
This section describes possibly unexpected behavior by Release 9.1(8). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(8). For additional caveats applicable to Release 9.1(8), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(9).
- Gleaning of MAC addresses from AppleTalk Phase 2 packets does not work properly on Token Ring and FDDI interfaces. A low impact workaround is to disable gleaning by issuing the command no apple gleaning on the affected interfaces. It may also be necessary to clear the AARP cache to flush out any corrupt entries. This may be done by issuing the EXEC command, clear arp. [CSCdi14227]
- When NBP BrRq and NBP FwdReq packets are converted to NBP LkUps, the source address is not preserved. This can cause access-groups to inadvertently filter out the LkUps. The workaround is to disable access-groups. [CSCdi14245]
- Devices that perform gleaning of MAC addresses from AppleTalk Phase 2 packets may experience connectivity problems. This problem can manifest itself as services on the local network appearing and disappearing in Mac Choosers. There is no workaround. An upgrade is necessary. [CSCdi14732]
- CiscoBus tokens do not populate the memory location that SNMP looks in for the data. Therefore the Token Ring upstream neighbor is always reported as 0000.0000.0000 [CSCdi13489]
- The CSC/3 processor card may be unable to load newer software images from FLASH or TFTP servers due to memory constraints. For example, the 9.1(7) or later images may be too large to fit in the system boot buffer memory. The factors affecting the size of available system boot buffer memory include the following:
- --Features enabled (more features reduce memory available)
- --Number of cards in the router (more cards reduce memory available)
- --Version of system code in ROM (newer system code reduces available memory)
- The short term workaround for systems unable to load the never software images is to downgrade the version of system code in ROM. Alternatively, cards may be removed or features disabled. This only affects the CSC/3 cards at this time. [CSCdi14366]
- The router apparently ignores the command decnet routing-timer xxx and sends Level 2 routing updates at a higher interval. [CSCdi12802]
- The rif validate-age command initializes to 0 upon boot up on a Cisco 4000. This is a function that works with source-bridge proxy-explorer only and it has no other impact. The workaround is to set this timer to 2 seconds by configuring rif validate-age 2. [CSCdi13833]
- When a bridge number of a Token Ring interface is changed using LAN Network Manager, the output of show source still displays the old bridge number. [CSCdi14351]
- After an uptime of nearly 25 days the IS-IS Level 2 LSP may stop being sent, causing the IS-IS routing entry to disappear in the neighbor router. This is likely to happen if a router has only one level 2 adjacency. [CSCdi13482]
- AppleTalk fails over BRI interfaces on the Cisco 3000. The port on the far-end router will never complete initialization. [CSCdi12456]
- Prior to software version 9.1(4.1), problem CSCdi01624 (X.25 switching over TCP does not convey window and packet information) required, for correct operation, that all Cisco interfaces routing via a TCP connection be configured with the same default flow control values (that is, window sizes and maximum packet sizes; parameters win, wout, ips and ops). This is because the receiving router may not be able to determine what flow control values apply to the VC. The design of Cisco's X.25 routing capability requires that, for proper operation, both ends of the VC have complimentary flow control values. With the resolution of CSCdi01624, it was decided that CALLs received on a TCP connection that do not indicate one or both of the flow control facilities should have the universally acceptable value(s) (that is, window sizes of 2/2 packets and maximum packet sizes of 128/128 bytes) forced onto the connection and indicated on the CALL CONFIRM returned over the TCP connection. While the decision to force the universally acceptable values on a connection with unknown values should offer correct X.25 operation for all connections (albeit with possibly degraded performance), it does create a migration problem for those routers running pre-9.1(4.1) software connecting X.25-capable equipment that cannot accept flow control values in the CALL CONFIRM. Configurations that once worked may no longer work when the far end is upgraded to 9.1(4.1) or better, because if the parameters indicated on the CALL CONFIRM from the far end do not match the interface defaults, the router will include them in the CALL CONFIRM to the equipment that then CLEARs the CALL because of its inability to modify the connection flow control parameters. To address this migration issue, a switch has been added to the global x25 routing command--this switch, which takes the form x25 routing TCP_USE_IF_DEFS, will cause the router to force the outgoing interface defaults into the CALL CONFIRM sent back over the TCP connection. The pre-9.1(4.1) software, then, should remove these values from the CALL CONFIRM sent to the connecting equipment. Note, however, that if the forced values do not match the interface defaults that the values should still appear in the CALL CONFIRM and cause a CLEAR, which is preferable behavior to setting up a connection with mismatched values which may cause far more subtle and mysterious misbehavior. [CSCdi13759]
- Due to a parsing error, the interface subcommand frame-relay lmi-type ANNEX D is not accepted. This occurs even when the system is reading a configuration file written by the software, as from nonvolatile memory. A workaround is to load a configuration file at boot time containing the alternative form, frame-relay lmi-type ansi, which is accepted. [CSCdi15175]
- In a topology where multiple equal cost routes exist to a destination and novell maximum-path is still at the default value of one a situation can happen such that an old route-cache entry exists pointing to a route that no longer exists. Using a nondefault value of novell maximum-path will avoid this issue, which will clear itself the next time the route cache changes, or when a clear novell cache is done. [CSCdi14410]
- Novell IPX "flash" poison SAPs received are not propagated out onto other interfaces as quickly as they should be propagated. Novell services in the SAP table should not be allowed for devices on networks for which the router does not have entries in the routing table. [CSCdi15324]
This section describes possibly unexpected behavior by Release 9.1(7). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(7). For additional caveats applicable to Release 9.1(7), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(8).
- When converting NBP BrRq packets into NBP FwdReq, the system does not preserve the original DDP source address. It, instead, uses the address of the outgoing interface. This can short-circuit access-group filtering. [CSCdi13287]
- Multipacket responses to requests (RTMP Route Data Requests and ZIP GetZoneLists, for example) can be partially lost if no AARP entry exists for the requesting node. A workaround is to populate the AARP cache before the request; sending a ping packet from the requestor will suffice. Alternatively, send the request twice. [CSCdi13758]
- Possibly due to a condition where all valid interfaces are in a down state, TACACS (or SYSLOG, or other datagram-oriented protocols running above IP) may begin sourcing packets from a downed interface. This situation can be verified with the show ip sockets command. It can be remedied by shutting down an interface (which may already be shut down). A workaround is to assign an IP address to the loopback interface. [CSCdi12845]
- DECnet does not accept HELLOs from nodes with node-address greater than the max-address configuration parameter if the HELLO contains an area address which is different from the router's area address. [CSCdi13136]
- After power-cycling, RSRB peers may not renegotiate properly. The state will be OPEN, but no traffic will pass. [CSCdi12749]
- The ethernet-transit-oui standard command does not function as described in the manual for 8209 compatibility. When going from Token Ring to Ethernet, with the ethernet-transit-oui command on the Token Ring interface, the router should convert all frames to Ethernet II frames, regardless of the SNAP OUI field. Instead, frames with an OUI of 000000 (all frames from an 8209) are translated to an 802.3 frame with the SNAP header intact. [CSCdi12844]
- If unexpected input in an SDLC connect state occurs, the input interface can lock up after a while. If you turn on debug sdllc and watch state transitions of the SDLC lines you will see exception conditions causing state transitions from a CONNECT state (CONNECT, USBUSY, and so forth) to DISCONNECT and then back up. Further you will see the input hold count on the input interface rising. When it reaches its maximum all input to this interface will stop including other PU traffic (associated with this serial interface). [CSCdi13441]
- Two RSRB peers are running with local acknowledgment turned on (either RSRB/LA or SDLLC/LA). If one of these routers reboots, it can come up so fast that the other router fails to time the other peer out and the peer reconnects. In doing so the local acknowledgment sessions will get out of sync. There is no workaround. This fix is required and will cause any local acknowledgment sessions to be reset upon a reconnect from a rebooted router. [CSCdi13677]
- A system reload may occur when shutting down a Token Ring interface. This seems to occur only with SBEMON 3.2 and the CSC-R16 and software version 9.1. [CSCdi11764]
- An unterminated Ethernet connection on a system with FCIT and ciscoBus2 controller may result in a reset of the ciscoBus. [CSCdi13045]
- After a reload, an OSPF area border router fails to advertise some networks over an X.25 network. The workaround is to do a shut/no shut of the X25 interface. [CSCdi13027]
- In some cases, taking down an adjacent OSPF peer may cause the router to reload. [CSCdi13736]
- When a network with servers is configured as a serverless network, received packets that are passed through the helper code may not be returned to the free buffer pool. Eventually, the interface stops receiving because it has exceeded the input queue count. This problem exist only in releases 9.1(6.1) through 9.1(6.5). [CSCdi12842]
- The fix submitted for CSCdi12849 is incomplete; X.25 INTERRUPT packets are still mishandled in switched VCs. [CSCdi13369]
- When responding to a RIP request from a NetWare 3.1x/4.x server/router, the response is sent to an incorrect MAC address (0000.0000.0001) and therefore is never received. This will happen only on NetWare devices that use an internal network number. [CSCdi13400]
This section describes possibly unexpected behavior by Release 9.1(6). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(6). For additional caveats applicable to Release 9.1(6), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(7).
- This correction prevents 32808 bytes from being lost each time a write memory command is executed on systems which utilize the MC or MC+ NVRAM board for its NVRAM configuration. [CSCdi11659]
- A router running with IV/V conversion enabled converts any Phase IV hellos it receives and adds it to the Phase V adjacency data base. The format of this entry in the Phase V data base is recorded as "Phase IV". If a corresponding Phase V hello comes in (that is, the other router is also running Phase V), it should overwrite the entry in the Phase V adjacency data base that was always forwarding to the final destination instead of the next hop. A IV adjacency is stored in the V adjacency data base. This information is also entered into the V routing table, so that it is propagated through the OSI cloud. The caveat results in the router not updating this route, so the route would go into holddown and ultimately go away. Therefore, Phase IV ES information never stays long enough in the V routing table. [CSCdi11174]
- The system did not learn the burned-in address of the Token Ring adapter card until after the interface inserted onto the ring. If the interface was shutdown when the router was booted and the router was configured for bridging, the virtual ring address would be configured with the address 4000.0000.0000, which is clearly invalid. This happened because the virtual ring uses the burned-in address of the adapter, logically ORed with the 4 to obtain its unique address, which is a problem in the above scenario. [CSCdi07105]
- The LLC2 and SDLC sessions of the downstream router hang when the upstream router of a SNA link configured with SRB/SDLLC and local-ack is power cycled. The show llc2 and show interface commands on the downstream router will provide erroneous display of the llc2 and sdlc sessions. The workaround is to reload the downstream router. [CSCdi10477]
- The router would reload with the error message of "restarted by bus error at PC 0x1ADF00." This points to the local acknowledgment routine. Turning off Local Ack functions as a workaround. [CSCdi10718]
- If a server was rebooted, it would report duplicate server names on the net. When the RIF times out, it would be able enter the ring. In a RSRB environment with duplicate routers on a single ring, within the same ring group packets can be placed on the ring from which they came. The routers need to have remote peer statements to each other and also have proxy explorer enabled to cause this problem. The workaround is to turn off proxy explorer, and the solution is to upgrade to 9.1(6) or above.[CSCdi11016]
- CiscoBus interfaces do not filter out packets that want to be bridged when the protocol is configured for routing instead. The Multibus interfaces already do the right thing. [CSCdi10989]
- The router may fail to bridge certain protocols upon initial startup. Reloading the router will correct this condition. [CSCdi11480]
- The bridge is not forwarding broadcast packets over a bridge circuit group. The packets propagate on both serial links but are blocked at the second serial interface on the other end. The show span command will display that the second interface is in the blocking state. [CSCdi11811]
- In certain environments, the use of source-bridge proxy-explorer may cause a router to reload, reporting a "Jump to Zero" error. [CSCdi12328]
- Under extreme circumstances if autonomous switching is enabled (that is, ip route-cache cbus is configured), the router will reload. [CSCdi12415]
- When an interface is shut down on a router running OSPF, the OSPF process will try to learn the routes through a different interface. This results in a very high CPU utilization on the router (above 95%) for a few minutes until the SPF algorithm has recalculated all the routes. [CSCdi10108]
- The formula for metric calculation was not correct; in particular, setting K4 to zero and K5 to 1 would make the denominator of the expression to be zero, causing a "zero error divide." [CSCdi11705]
- The M bit is set improperly in the last packet when the packet is full but there is no additional data to be sent. [CSCdi12080]
- When applying an extended access list, packets using IPX packet type 4 (PEP) are forwarded only when there is already an entry in the IPX route cache for this IPX destination. If there is no entry, or if IPX route caching has been turned off, no frames are forwarded. The access list itself works fine, but devices trying to communicate using PEP-packets seem to get filtered. [CSCdi11730]
- There exists a condition which may cause a system reload if a Novell or XNS route is being removed from the routing table at the same moment the show novell route or show xns route is accessing that information from the routing table. [CSCdi12101]
- If a Novell SAP update is received which has more than the normal seven services per frame advertised and all those services are new, there is a strong possibility that memory will be corrupted. [CSCdi12108]
- The optional behavior of the rip-check command installed as of CSCdi09056 is now the default. To turn off the RIP-check handling of RIP requests, use the no novell rip-check command. Two new counters have been added to the show novell traffic display: SAP format errors and RIP format errors. If these counters are incrementing on a router, you should investigate which client is sending malformed RIP requests by turning on debug novell-rip-event to display information about the next arriving packet and information about other RIP events that may be interesting. Turning on debugging can cause unwanted overhead on the router; use of an analyzer might also be warranted. [CSCdi12244]
This section describes possibly unexpected behavior by Release 9.1(5). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(5). For additional caveats applicable to Release 9.1(5), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(6).
- When a Phase IV node initiates a connection to a Phase V cluster alias, the connection fails. The router has incorrectly obtained Phase IV adjacency information from the Phase V cluster HELLOs and forwards packets with Phase IV (DECnet) encapsulation. [CSCdi10436]
- The no exec-banner command is documented in the router software manual, but is in fact only implemented on communications servers. [CSCdi11290]
- Under heavy traffic loads, the SDLC T1 timer can expire prematurely. This premature expiration may result in multidrop circuits where the T1 timer has been set to a value of 1. The cause is the delay between the time the T1 timer is set in the system software and the time the packet actually is sent out on the line. As packets are queued at the interface, this delay becomes significant. You must now specify the interface subcommand line-speed to compensate for this delay:
[no]sdlc line-speed rate
- rate is in bits per second. For DCE, this value should be the same as the clockrate on the interface. For DTE, this value should be the clock rate on the DCE device to which DTE is connected. [CSCdi09719]
- The CTR "open complete" function did not reconfigure the keepalive timers if the open failed and so the keepalive process would quit trying to restart the interface. [CSCdi09910]
- The Token Ring interface was sending ring status messages to the LAN Manager when it was in the down state. The status messages are valid only after the interface has begun the insertion process. [CSCdi10364]
- SR/TLB in a Token Ring to FDDI to Token Ring environment had a number of problems. First the FCIT card has a feature that reduces TX underruns (this is important) but that causes 16-byte frames such as a SABME to get lost. This causes connectivity for NetBIOS and any other LLC2-based protocol not to work. In addition, the LF bits negotiated on the Token Ring were too large, causing packets larger than 1500 bytes to get dropped. Note that the Cisco 7000's FIP did not have the first problem, but did have the others. [CSCdi11186]
- If the IP MTU size is set to less than the interface MTU size , packets are process-switched rather than fast-switched. [CSCdi09453]
- When bridging between more than two locations on X.25 (that is, multiple x25 map statements, multicasts on some logical channels have the Ethernet header (addresses and type) truncated. Unicasts are not effected by this problem. There is no workaround. Users encountering this problem are advised to contact the Cisco TAC for upgrade information. [CSCdi10063]
- If the ciscoBus complex does not return a result to an OPEN command from the system to a CTR Token Ring interface, the system state will not resolve out of "initializing." There are a number of conditions on the CTR that can prevent a response. The issue here is the system not detecting a problem and failing the OPEN attempt, but instead it waits indefinitely for a result. [CSCdi10392]
- On the Cisco 4000 router configured for bridging, it is possible to run out of memory in the I/O buffers. This occurs when flooding packets from dissimilar media (Ethernet and Token Ring for example) where the MTU of the destination interface is smaller than the MTU of the source interface. Memory that should be deallocated during this type of flooding is instead held. This problem can be identified with the output of show memory. The I/O memory will be found to be steadily decreasing. In addition, the output of show buffers will also show a large number of big buffers being created. There is no workaround; however, increasing the number of big buffers will delay the memory loss. [CSCdi10586]
- Source-bridge proxy explorer will cache invalid RIFs to all routes explorers. The problem occurs only if source-bridge proxy-explorer is configured on Token Ring and if the explorer type is all routes broadcast. This command is disabled by default. The workaround is to turn off source-bridge proxy-explorer. The symptom of this problem can be seen in the router's RIF entry. A show rif command will display the RIF cache and there will be invalid bridge and ring numbers in the RIF field. [CSCdi10750]
- There is a window in which commands to the interface get dropped. The fix is to protect against interrupts when issuing commands. In this case, the system drops the command to throttle the interface. When the system later tries to unthrottle the interface it can get passed random pointer values to the interfaces shared memory. Also, store the throttle count in idb and display in show controller. [CSCdi11046]
- Upon receipt of IP directed broadcast packets, the system erroneously attempts to resolve the directed broadcast address via HP Probe address resolution broadcasts. This occurs if the directed broadcast is destined for a directly connected interface, and that interface is configured for arp probe. The system then also correctly forwards the directed broadcast as a data link layer broadcast (if not disabled via the configuration command no ip directed-broadcast). The system should be sending the directed broadcast as a (data link layer) broadcast out the directly connected interface, but should not be attempting to perform address resolution on the IP directed broadcast address. [CSCdi09627]
- If many hundreds of subnets are being transmitted via IGRP, the IGRP routing process can detrimentally impact the performance of other portions of the router. The symptom generally seen are extremely long delays through the router when routing updates occur. [CSCdi11284]
- The router will reject IS-IS packets when more than one SNPA with the same address is present in the CLNS neighbor table. This can be determined with the EXEC command debug clns-routing. [CSCdi10931]
- When clns route-cache is enabled (default) and a DECnet Phase IV adjacency has been established, it is possible for the Phase IV-Phase V conversion routine to forward Phase V packets (CLNS) to the Phase IV end system. This would result in a loss of connectivity when the Phase IV end system is attempting to connect to a Phase V host. Turning off the CLNS route cache via the interface subcommand no clns route-cache will act as a workaround, but may negatively impact performance. [CSCdi10980]
- Sending remote source-route data utilizing FST encapsulation on a Frame Relay wide-area network did not work with the Cisco 4000, Cisco 3000, and IGS. You would see broadcast traffic but unicast data was not going over the routers. [CSCdi10799]
- A Cisco 3103 with an ISDN BRI cannot support calls simultaneously at 64 kbps on one B channel and 56 kbps on the other; the second call interferes with the first. The only workaround is to establish both calls at the same data rate. [CSCdi10851]
- This fixes a bug where the SMDS PAD bytes were being fast switched to the next hop interface as garbage bytes. For IP this was not a problem since the true PDU length is in the IP header but it does cause an additional 0-3 bytes to be added to each fast-switched packet. [CSCdi11015]
- For encapsulation DDNX25, DDN Precedence facility is allowed in X25 CALL CONNECTED frames. The DDN Precedence (or absence) must agree with that of the X25 CALL REQUEST frame. [CSCdi11405]
- The SAP Flash updates that result from adding a static SAP to a router are not filtered according to any assigned SAP filter list. SAP poison packets, hop count 16, are not filtered according to the configured SAP filter access list on the outgoing interface. Static SAP entries are Flash-announced to the world at the wrong hop count; when the correct hop count is sent in the periodic updates it will cause neighbor routers to think the topology has changed and to place the service into hold down, timeout, and flash an advertisement of hops equal 16 before advertising the correct hop count. [CSCdi10834]
- When bringing up an interface which has been down since system startup, on a router running with xns ub-emulation configured for over four weeks, the newly installed XNS interface will not send out UB XNS RIP packets after the initial update at interface startup. A workaround is to briefly turn off xns ub-emulation and then turn xns ub-emulation back on. This may cause a couple minutes of UB route disruption on routes using this router. [CSCdi11543]
This section describes possibly unexpected behavior by Release 9.1(4). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(4). For additional caveats applicable to Release 9.1(4), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(5).
- Sometimes, the multiring all or multiring appletalk command keeps the router from acquiring an AppleTalk address, thereby preventing the interface from routing. To detect this condition, use the debug apple-arp command, which shows the router probing for an address indefinitely, incrementing the requested node address at each cycle. To avoid the condition, remove the multiring command from the interface. (Multiring is necessary only if AppleTalk traffic is source-routed from the adjacent Token Ring to remote Token Rings.) If multiring is necessary, a workaround is to disable multiring only during the AppleTalk ARP process. Once AppleTalk starts on the interface, apply multiring to the interface. However, if the interface restarts for any reason, AppleTalk will again be disabled. [CSCdi09753]
- AppleTalk packets cannot be fast switched between MEC Ethernet controllers and HSSI serial controllers when the Ethernet interface is running Phase I AppleTalk, and the HSSI interface is running Phase II AppleTalk. This problem will be fixed in a future release. [CSCdi09818]
- Under unknown circumstances, entering the show process command can cause the router to reload. [CSCdi09760]
- The terminal down command is rejected as an ambiguous terminal command, even though it doesn't conflict with any other terminal commands. [CSCdi10637]
- When DECnet is enabled on a Cisco router with multiple Token Ring interfaces, there are duplicate Token Ring MAC addresses on the bridge network because the Cisco implementation of DECnet modifies all the Token Ring MAC addresses to the same address. The IBM LNM protocol does not allow multiple stations with the same MAC addresses to exist on the bridged network. All the LNM functionality related to the duplicate MAC address will not perform normally, like path-test, station profile, and link with bridge. A configuration command is added to allow an LNM module in the router to accept a link request from the adapter that is not closer to the LNM station ring. Normally, an LNM station links with the adapter of a bridge that is closer to the LNM ring and expects to receive an error otherwise. The new command allows a Cisco router to stay linked with LNM station and report problems, but other LNM station-related functionality still does not act properly. To configure the router and LNM station, define the Cisco router as a bridge on the LNM station using the burned-in address and virtual interface address, and athen issue the lnm duplicate-address global configuration command on the router to enable the option. [CSCdi09396]
- Transparent bridging with Multibus Token Ring media (CSC-1R, CSC-2R, CSC-R16, CSC-R16M) discards all bridged packets forwarded or flooded on these media. There is no indication in the interface statistics either that the packets are being bridged or that they are being discarded. [CSCdi09746]
- A TCP connection that has transmitted a large amount of data (about 2 billion bytes) can remove packets from the retransmission queue prematurely, causing the connection to unexpectedly close due to a retransmission timeout, even though the network path is working correctly. This closure can affect router functions like remote source-route bridging, which can transmit large amounts of data over a long period of time. [CSCdi09764]
- In the function for dealing with ring status messages there is a test for the state "DOWN" that declares the interface "UP", the assumption being that the interface does not issue ring status messages until it's inserted onto the ring. This is a breach of the keepalive process and preempts an attempt to put the ring into state "TESTING". The offending code has been removed. [CSCdi09742]
- While priority queuing with the input interface being serial and the output interface being serial, the first 4 bytes of the destination MAC address are munged. The workaround is to disable priority queuing if possible. [CSCdi09799]
- When bridging AppleTalk Phase II (802.3 SNAP encapsulation) and using LSAP filters to specify SNAP encapsulated packets (access-list 201 permit 0xAAAA 0x0000 for example), AppleTalk Phase II packets fail the access control and are dropped. A temporary workaround is to permit all SNAP frames using a modified filter (access-list 201 permit 0x0000 0xffff, for example) and then use a type filter to further restrict the desired traffic. [CSCdi10062]
- The system does not issue an RX_FLUSH to the ciscoBus if multibus Token Ring interfaces run out of buffers. This causes an 800D error and resets the whole ciscoBus complex. [CSCdi10119]
- The message "SETFUNFAIL" appears on the console as an error when in fact it is an informational message that should be masked by the debug token-event command. This has been done for all of 9.1 and is already done in 9.0 for the CSC-R16M. This bug has been submitted for the CSC-2R only. [CSCdi10147]
- When the system attempts to add connected routes for an interface's primary and secondary IP addresses, it may fail to add some of the routes for the secondary addresses. This failure occurs if the interface changes from an up to down state while the system is in the process of establishing the connected routes for the interface. This problem is most readily seen when these connected routes pertain to an FDDI interface and OSPF is being used. You may need to defer the specification of the interface's secondary IP addresses until the interface's state has stabilized. [CSCdi09744]
- The problem was that the LAN Net Manager "frame forward" used to verify an SRB route was causing a call to the function "send_trace_report( )" with parameters in reverse order. This caused an attempt to jump to a null vector, thus "jump to zero error." The patches not only fix the function call, but also puts in paranoid code to check for invalid pointers. [CSCdi09980]
- If two routers exchange an external BGP route over IBGP and that external route is removed, the routers can converge on the IBGP route. This forms a static routing loop. This behavior was introduced in 9.1(4.5). [CSCdi10733]
- When CLNS receives a packet that needs to be fragmented, but the "segmentation permitted" bit in the packet is off, it should send back an error packet (ERPDU) indicating this situation. [CSCdi09413]
- When a TCP connection has a closed window, packets containing valid ACKs are discarded if they also contain any data (since the data is outside of the window). The correct behavior is to continue to process the ACKs for segments with reasonable ACK values. This is especially a problem in the initial stages of a connection, when we send the SYN-ACK with a 0 window. If the ACK to our SYN contains data also, we will not process that ACK, and the connection never gets to ESTABLISHED state. [CSCdi05962]
- The fix for CSCdi10017 broke the hangup process. [CSCdi10351]
- Novell encapsulations other than the system defaults on Token Ring or FDDI interfaces are not written out in the write term, write network, or write memory commands. If the Novell encapsulation on Token Ring or FDDI is changed from the default, it will revert to the default Novell encapsulation after the next system restart. [CSCdi09892]
- Odd-length Token Ring Novell IPX frames that are fast-switched from a ciscoBus Token Ring to an MCI Ethernet have a padding byte missing from the frame. Certain Ethernet NIC drivers will work fine with this frame, while others will count this frame as an error packet resulting in connection failures. A workaround is to turn off Novell route-cache on the destination Ethernet, be advised that this will slow down all Novell traffic destined for that Ethernet. [CSCdi10159]
- When fast switching from SBE Token Ring interfaces to HDLC encapsulated serial interfaces the last 7 bytes of data in an odd length frame and 8 bytes of data in even length frames will become corrupted. Turning off Novell route-cache on the output serial interface will allow the frames to be forwarded properly. [CSCdi10230]
This section describes possibly unexpected behavior by Release 9.1(3). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(3). For additional caveats applicable to Release 9.1(3), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section are resolved in Release 9.1(4).
- If dialer interfaces are created using the interface dialer n command, they can never be deleted from the configuration. [CSCdi07979]
- If nonvolatile memory is erased, corrupted, or does not exist, the router will exhibit new behavior. In any of the above cases, the router now enters the service config mode before it goes into setup. If any of the interfaces gets configured automatically from BootP, RARP, or SLARP, you will see the router attempting to netboot its name and ultimately a configuration file from a server. This will be seen by the output "Booting network-confg...". It is possible for a new router to exhibit this behavior if it is connected to an active router's serial line from SLARP resolution. This is desired behavior and is not considered a bug, though it might be a nuisance if it is not expected. The experienced bug is if we answer "no" to setup's prompt to continue, service config is still valid, and attempts to netboot the configuration file will continue. The router should assume to turn off service config if a human is around to type "no". If we type "yes" and provide a valid configuration, it will turn off service config. Manually turning off service config from configure terminal will be necessary if we type "no." [CSCdi09049]
- Misconfiguration of the router with peers that don't exist or are powered down can cause the box to loose all memory. [CSCdi09041]
- A low-end router couldn't forward an RSRB packet with RIFs longer than 8 bytes. [CSCdi09429]
- RSRB peers that use TCP formerly relied on TCP to inform it that the remote side had gone away. However, TCP can take a very long time to time out and this delay is not acceptable in an IBM environment. Consequently, e have implemented the concept of remote-peer keepalives to ensure that the other side is healthy. Messages are sent only if there is not other traffic. [CSCdi09596]
- Configuring SRT on the Cisco 4000 crashes the box. There is no workaround. [CSCdi09708]
- When receiving routed IP frames on a CSC-R16 or STR interface, the IP TTL field is decremented twice. This causes the router to appear twice in a traceroute display. This is a bug in the SBEMON 3.0 and STRMON 1.0 interface firmware. It will be fixed in the next versions of this firmware, but has little user impact. [CSCdi05925]
- In bridge tables with large numbers of entries or more than one bridge group, dynamic station entries may appear with an "S" in the Age field. These entries will then not be properly aged or relearned. This may result in a station being unreachable from a bridge should the spanning tree reform. These entries may be removed manually using the no bridge group address MAC-address command. This action will allow the entry to be relearned. These entries can be removed from the bridge table as a whole only by reconfiguring the affected bridge group. Cisco Systems expects to resolve this behavior in a future release. [CSCdi08239]
- The VINES protocol fails to run over an FDDI interface configured for transparent bridging. Routing information passes in only one direction across the FDDI link. There is no workaround to this problem yet. Routing VINES across FDDI links is not affected by this problem. This caveat was introduced in the 9.1(0.24) release. This caveat has been resolved in release 9.1(1.4). [CSCdi08288]
- If an async interface is unnumbered, and an IP address is assigned from the EXEC, the async interface should not be renumbered. If SLIP routing is started, but the address does not belong to the subnet that is already configured on the terminal servers primary interface, the address will be rejected. [CSCdi08621]
- Transparently bridging on a serial interface and turning on priority queuing, X.25, or Frame Relay encapsulation causes a packet to be tossed, in effect to halt bridging. The workaround is to use different serial encapsulations and disable priority queuing. [CSCdi09489]
- Due to interactions between the bridging and driver code, the spanning tree state would be handled correctly. In pre-9.1, this would show up most readily on serial lines. If a serial line was shut and then no-shut, the port would go into blocking and then stay there. This same bug also shows up in other ways. Namely, if you have an Ethernet port and you pull the cable out, the port will go down. But if you wait for a minute or so (give the spanning tree protocol time to recompute) and then plug the cable back in, you'll see the port go into Forwarding immediately. This can cause temporary network meltdowns. [CSCdi09535]
- The active monitor of the ring is not seen at initial boot time of the router. The active monitor will be seen only if a soft error occurs on the ring. There is no workaround. [CSCdi09830]
- A router may experience large processing demands for a TCP connection on closure if the TCP protocol exchange for the close is unduly delayed. This was detected and traced in connection with Cisco X.25-over-TCP implementation where X.25 caused the connection to linger in a half-closed state. The X.25 behavior was reported and fixed as bug report CSCdi05031. [CSCdi05515]
- When using multiple addresses on a single interface from different major networks and with different sized subnet masks, sometimes an address overlap is reported where none exists. [CSCdi09104]
- Source routed IP packets which are supposed to be discarded by the system sometimes are not. Such packets are being packet switched when the local system does not appear as the next hop in the source route. These packets should never be packet switched when the user has entered the no ip source-route configuration command. This unexpected behavior can pose a security problem for sites who use this command to restrict access. Access lists can probably be used as a substitute means of restricting access. [CSCdi09517]
- Sometimes when OSPF processes the link state advertisement retransmission list, the system reloads. This happens right after the system starts up. [CSCdi04617]
- BGP does not accept advertisements of network 0.0.0.0. [CSCdi08880]
- System normally disallows multiple interfaces to be configured with IP addresses on the same subnet. Such IP address overlap should be allowed when it occurs between a transmit only interface and its associated receive interface, as designated by the transmit-interface interface subcommand. [CSCdi09300]
- This message appears when a LAN Net Manager trace frame is accepted by the router and forwarded onto other interfaces on that router.
%SYS-2-SHARED: Attempt to return buffer with sharecount 0, prt= 365180
-process= "*sched*", ipl=4
-traceback = 60bc 14343c 15c092 7368a 72328 1798 104c 100068a
%SYS2-INLIST: Buffer in list, prt= 1ccdf8
-process = "*sched*" , ipl=4
-traceback= 6172 14343c 15c092 7368a 72328 1798 12ad68 21fc
- This causes a minor memory leak in that the wrong packet inside the router is trying to be freed. There is no workaround. [CSCdi07950]
- CLNS fast switching over a serial interface with HDLC encapsulation falls back to slow switching. [CSCdi09172]
- A minor memory leak occurs in the Cisco 4000 while bridging. [CSCdi09183]
- There is a condition where some serverless networks will have extreme difficulty logging into any server. This is caused by a packet sent by the router not being understood by a VINES server. The workaround to this problem is to shorten the name of the Cisco router to be 15 characters or fewer. [CSCdi09372]
- When a client is initially powered on and the first login attempt results in a forced password change, the user will not be able to change their password, and will not be able to log in. The workaround is to have another user login and logout at that client, and the affected user will be able to login and change their password. [CSCdi09467]
- Fast switching of Frame Relay, HDLC, and SMDS across both serial interfaces does not work. [CSCdi09107]
This section describes possibly unexpected behavior by Release 9.1(2). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(2). For additional caveats applicable to Release 9.1(2), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section were resolved in Release 9.1(3).
- When a router is configured with an AppleTalk zone name that begins or ends with a special 8-bit graphics character, NBP lookup queries made to this zone in the router cause the router to reload. The workaround is not to configure zone names that begin or end in 8-bit characters. A crash can also occur when na NBP search is performed with graphics characters at the beginning or end of the type field. For example, a router crashes if a server with a trademark symbol at the end of the server-type name is installed on a zone connected to the router. The workaround is to move the server to a zone not assigned to the router so that lookups requests for this type of service are not directed at the router. [CSCdi07672]
- An "event-dismiss" error message can be encountered when debug output is being output on the console while running a bootstrap system image, such as igs-rxboot, xx-rxboot, and csc3-boot: [CSCdi08533]
(boot)ROUTER#debug tokenring
%SYS-2-INTSCHED: event dismiss at level 4
-Process = "Exec", level= 4, pid= 11 -Traceback= A87C A8D6 1418C 9422 9EB2 15FA 304D8 70DEC
%SYS-2-INTSCHED: event dismiss at level 4
-Process = "Exec", level= 4, pid= 11
-Traceback= A87C A8D6 1418C 9422 9
- DECnet address translation fails on IGS platform routers in the cases where both interfaces are not fast switched and one of the interfaces is capable of being fast switched. The workaround is to configure both interfaces for DECnet fast switching. Since this is not possible for all interfaces and encapsulations, such as Token Ring, X.25, and Frame Relay interfaces, some configurations cannot support ATG on IGS platform routers. [CSCdi07652]
- When a DECnet extended access list is configured with a destination address, the code ignores the destination and mask information . If a match is found in the connect part of the access list, it grants access, regardless of the destination and mask information. F or example, access-list 300 permit 1.400 0.0 1.999 0.0 eq any should allow only packets from 1.400 to 1.999. The observed behavior is that all packets pass through regardless of destination. The fix is to check that the source address and mask (and destination and mask, if applicable) specified in the access list matches the corresponding values in the incoming packet. [CSCdi08760] [CSCdi08818]
- The DECnet fast-switching code will not process an extended access list if no standard access list is present. To be consistent with the process-switched case, the check for the presence of a standard access list should be removed so that a list consisting of only extended access lists is processed. [CSCdi08875]
- The Ethernet driver on the Cisco 4000 platform currently fails to record some error occurrences reported by the controller hardware. The errors affected by this problem are Babble, Miss, Memory Error and Spurious Initialization Done. None of these errors will be counted and, as a consequence, will appear always as zero in driver status commands. There is no workaround for this problem. [CSCdi08371]
- Initializing Token Ring causes existing LNM link to be dropped. There is no further information available concerning this problem. [CSCdi07235]
- When the router is configured with the netbios enable-name-cache command it does not modify the Largest Frame (LF) field within the Routing Control field of All-Routes and Spanning Tree explorer frames. Stations communicating across a source-routed network connected by routers experiencing this condition may not be able to establish a connection. Because stations do not see the LF reduced, they may transmit a frame larger than the maximum size that can successfully cross a router. The router drops the large frame and the connection is not established. The proper behavior is for the LF field of All-Routes and Spanning Tree explorer frames to be reduced to indicate the maximum frame size that can be transferred across the bridge. The maximum frame size is the minimum of the frames sizes supported by the input interface, the transit media, and the output interface. A workaround is to disable NetBIOS name caching with a no netbios enable-name-cache command. The router will properly process and reduce the LF field with name caching disabled. The behavior is present in all versions of the router supporting NetBIOS name caching. [CSCdi08170]
- Entering the diagnostic command test leds will cause the Cisco 4000 platform to reboot immediately. There is no exception error created and the router will reload and restart as if the command reload had been typed at the command prompt. There is no workaround for this problem. [CSCdi08380]
- Transparent bridging between two Token Rings is broken. Basically, the checksum for the packet is incorrect. There is no workaround. [CSCdi08655]
- Frame Relay and X.25 bridging are broken on the low-end systems. They do not pass packets if the input interface is Ethernet or serial. There is no workaround. [CSCdi08779]
- MCI/SCI will become unusable when the MTU is 4 KB or above because there is only one buffer for the receive side. We recommend that MTU should be less than 4.5 KB. Fixed in 9.(3.4) 8.3(6.2) 9.1(2.2). [CSCdi08842]
- There is a messaging scheme whereby the Token Ring interface board can send status information to the system. There was no protection against a runaway board dominating the system with interrupts. The fix is to watch for excessive amounts of interrupts over a short period and reset the board if necessary. [CSCdi09022]
- A Cisco router sends VINES routing updates as spanning tree explorers whereas a VINES server sends routing updates as all-routes explorers. The Cisco implementation provides lower explorer impact upon the network, whereas the Banyan implementation finds the shortest path between any two nodes. This bug fix provides a method of choosing between spanning tree explorers and all-routes explorers on a per protocol basis. This is an extension to the multiring command. The new command syntax is:
[no] multiring ( |all) multiring ( |all) [all-routes|spanning]
The default is to use spanning-tree explorers. [CSCdi09091]
- There was a condition whereby the Token Ring chipset would become the Ring Parameter Server but the LAN Manager could not discover this fact and so would not respond to requests by other stations to insert onto the ring. [CSCdi09108]
- Under unknown circumstances, IP routing has a memory leak and will slowly use up all available memory on the router. [CSCdi07288]
- If a summary LSA is regenerated within 5 seconds, the flooding of the LSA may not happen resulting in inconsistent database. The fix will be available in a future release. [CSCdi08463]
- When there are subnet routes in IP routing table for a major net and if there is a route for that major net from EGP, the EGP route will not be aged. This will result in keeping invalid route entries from EGP. There is no workaround for this. The fix will be available in 9.1(2.1) [CSCdi08512]
- The system does not properly process RARP response packets received where these packets are responses for requests not initiated by the system. The system allows such packets to remain in the input queue, resulting in two user visible problems. First, the network interface input queue can fill up with RARP response packets, causing all subsequent packets destined for the system to be dropped. Second, the system fails to bridge these RARP response packets. The correct behavior is to bridge such packets in the case where the system is configured to bridge RARP packets, otherwise to ignore these packets. [CSCdi08651]
- The distribute-list command sometimes makes access list changes even when a parsing error is detected and an error message is printed. The software continues processing this command even though an error has been detected. Because of this, the system treats a distribute-list command that specifies a nonexistent interface as if no interface has been specified, thus unexpectedly applying the access list to all interfaces. If you receive parser errors in response to their distribute-list configuration commands, verify that the system has not wrongly interpreted their commands by examining the distribute-list commands reported by write terminal. [CSCdi08668]
- There are some cases when OSPF processes an incoming summary link state advertisement, the system will reload. This problem occurs under heavy OSPF load conditions. [CSCdi09090]
- When using ISIS as the OSI routing protocol, any static routes that are configured are not entered into the level-1 ISIS routing table. As a result, route table look-ups on the static address fail. The ISIS code will add a route to the routing table if the route is ISIS or ESIS derived; it should also add the route if the route is a static one. [CSCdi09053]
- When fast switching IP packets on the SBE Token Ring to and from serial lines, now all forms of encapsulations are supported. [CSCdi09187]
- Redirect messages are ignored. [CSCdi09088]
- On the IGS, transparent bridging over Frame Relay does not work. [CSCdi05664]
- If the dialer string or dialer map entries in a configuration are changed, the show dialer displays incorrect values for the number of successful and failed calls. This is due to the new dialer string simply replacing the old dialer string, rather than starting a whole new entry with new statistics. [CSCdi05886]
- There is a race condition where if a show dialer command is issued after the idle timer expires, but before the call is disconnected, the output may show a large negative number. Issuing the show dialer command again shows the correct value. [CSCdi06415]
- The x25 pvc bridge number interface command is not properly stored in the router's configuration memory. [CSCdi06683]
- The Cisco 3103 does not support the 1TR6 German ISDN Basic Rate Interface. It must pass the necessary homologation tests in Germany before it can be used with these switch types. [CSCdi08786]
- Certain destination addresses will not be correctly placed into the FDDI fast switching cache for XNS or Novell. As such, certain addresses will always be slow switched. This problem will be fixed in a future release. [CSCdi08373]
- When a Cisco router generates a XNS error response packet it is sent out with a source address equal to the original source of the packet which caused the error response. The source address should be that of the router itself. [CSCdi08377]
- When fast switching Novell Ethernet frames which have an 802.3 length less than the minimum Ethernet size, the 802.3 length field is incorrectly set to 60. Some Novell hosts will then count this as an error when they receive it. The frame which might often been seen with the error would be a NetWare "Create Service Connection Reply" packet coming from a server through a Cisco to a client, if the client rejects this packet then the connection attempt fails. Only some clients and some servers will see this problem, depending on the vendor and version of the Ethernet driver on the PC. When fast switching is off we put the correct 802.3 length in the packet. This happens between any two MEC Ethernet ports in the same router, or between any two Ethernet ports on the same MCI card. [CSCdi08547]
- Certain Ethernet drivers (cards) used by workstations running Novell/IPX when using the novell encapsulation type on an Ethernet of novell encapsulation novell-ether cannot have their packets fast switched. There are two workarounds to this problem. The first is to make the workstations use the encapsulation compatible with the novell encapsulation arpa for Ethernet interfaces. The second is to enable slow switching on the Ethernet interfaces. This compatibility issue will be addressed in an upcoming release of software. [CSCdi08577]
- XNS was treating all serial lines as HDLC encapsulation and attempted to fast switch packets to/from these lines. This is a problem for SMDS encapsulated lines. XNS fast switching was modified to force process-switching of all SMDS encapsulated serial lines. [CSCdi09121]
This section describes possibly unexpected behavior by Release 9.1(1). Unless otherwise noted, these caveats apply to all 9.1 releases up to and including 9.1(1). For additional caveats applicable to Release 9.1(1), see the caveats sections for newer 9.1 releases. The caveats for newer releases precede this section.
The caveats listed here describe only the serious problems. For the most current list of caveats against this release, access CIO as described in the section "Cisco Information Online" later in this document.
All the caveats listed in this section were resolved in Release 9.1(2).
- AppleTalk implementations on some other vendor's equipment can generate incorrectly addressed packets that could cause Cisco routers to retransmit a packet out the interface on which it was received. This unexpected behavior occurs only on wide extended-cable configurations. [CSCdi07345]
- An error in the AppleTalk fast-switching functionality results in invalid AppleTalk packets being generated in the case of a packet being received on a ciscoBus FDDI interface running extended AppleTalk and being destined for a nonextended Ethernet MEC interface. The workaround is to disabled the AppleTalk route cache on either the MEC Ethernet or FDDI interface. [CSCdi08211]
- Configuring a location string longer than 69 characters can cause the system to reload. After configuring, the system prints out a message saying that the system was configured from and gives the location. If the location is greater than 69 characters in length, it can cause a system reload. The correct behavior would be to truncate the location string and will be implemented in a future release. [CSCdi07834]
- A packet going from one DECnet host to another on the same LAN should not be subject to access control checks. Making these packets go through the access control check serves no useful purpose since end systems can easily discover that they are on the same LAN and bypass the router altogether. This makes any access control setup useless for such packets. Also, the result of this is that two end systems on the same LAN cannot talk to each other if they end up using the router to "discover" each other for the first time. [CSCdi08121]
- Prior to 9.1(1.5) and 9.17(0.7), DECnet failed. [CSCdi08515]
- The Cisco 3000 and IGS platforms may display the message "Cannot pass serial packet to SDLC! Insufficient internal buffer..." when configured for SDLC local termination. Serial Tunnel (STUN) operating in passthrough mode does not experience the problem. For remote SNA device support, the IGS or Cisco 3000 would be configured as a primary SDLC device. If local termination of the SDLC connections is also desired, it is possible to adjust the poll timer to be a larger value and therefore reduce the number of SDLC-induced interrupts in the router. This is done with configuring a large value for the sdlc poll-pause-timer command, such as 500 or 1000. For local SNA device support (for example, if the IGS or Cisco 3000 is attached to a FEP), it would be necessary to adjust the poll interval on the NCP gen to slow it down enough for the IGS to "catch its breath." This problem will be fixed in a future release. [CSCdi07580]
- There is an internal memory leak problem when the source route bridge is used and error condition continue happening on the Token Ring. It shows a low number of medium size buffer when users issue a show buffer command. This problem will be fixed in a future release. [CSCdi07851]
- Repeated disconnections of the router, especially during LAN Manager sessions, can cause the router to hang. [CSCdi08350]
- The LAN Manager starts up XID transmissions and does not clean them up when the session terminates. When another LAN Manager session is started for the same machine, a duplicate entries are created on the timer blocks causing indeterminate events to occur--that is, sometime the first timer block gets the event and sometimes the other timer block gets the event. [CSCdi08488]
- IBM OS/2 2.0 generates an incorrect response to received SABME frames with the Poll bit set to zero. OS/2 responds with a UA frame with the Poll bit set to one. The LLC2 standard requires that an outstanding SABME be acknowledged by a UA frame that has its final bit set to the state of the Poll bit of the SABME, therefore, the LLC2 component in the Cisco router ignores the acknowledgment and the connection is never made. Therefore, attempts to link to the LAN Network Manager of the Cisco router with LAN Manager or LAN Network Manager running under OS/2 2.0 fail, and it is impossible to manage or monitor the IBM features of the router from an OS/2 2.0-based management platform. Two workarounds are to manage the router with management software running under older versions of OS/2 2.0 or to manage the router with NetCentral or another management agent that does not exhibit this bug. [CSCdi07429] [CSCdi08704]
- Copy to/erase of the MC+ fails: _str_mc_write_short. [CSCdi07314]
- When there is a single fiber break or the neighbor station sends constant halt line state(HLS), system CPU utilization will reach 100%. [CSCdi07682]
- Due to a race-condition present in the Siemens MK5025 serial controller used in the dual-port serial NIM for the Cisco 4000, the MK5025 initializes into a state with the interrupt enable bit set off. Normally, this isn't an issue, as keepalives or routing updates cause a transmit request to happen, which has the side effect of always enabling the interrupt enable bit. However, with the Cisco 4000 set to be a secondary SDLC station, no frames are sent until a frame from the primary station is received. As the interrupt enable bit is disabled, this never occurs and the Cisco 4000 appears to be deaf. The workaround is to use the Cisco 4000 as the primary station when running SDLC or Serial Tunnel software. [CSCdi07691]
- A bridge configured with no bridge acquire will continue to flood and forward packets for other than statically configured MAC addresses. In some cases, bridge filters may be used instead to achieve the desired pattern of traffic containment. [CSCdi07934]
- When running DECnet on a CTR interface, the address filter is improperly initialized thus preventing any communication. The workaround for this problem is to issue a clear interface command on any Token Rings that are running DECnet. [CSCdi08009]
- The bit to turn on RP functionality was erroneously turned on when inserting the low-end Token Ring interface into the ring. This is value added code, and our LAN Network Manager code was not running therefore unable to answer ring parameter server (RPS) requests. The symptoms are that any Token Ring device trying to insert onto the ring after the router will not be able to insert onto the ring unless there is really an RPS server on the ring. Introduced in 9.1(1). Fixed in 9.1(2). The correct behavior is to only turn on the RPS bit when configured by the user. A simple workaround is to configure SRB, RSRB or AppleTalk and unconfigure it right away. [CSCdi08073]
- When the system is bridging IP, ARPs originated by the system cause an error message to be generated. This behavior is seen only with packets originated by the system and impacts the use of IP for management of a bridge with a Frame Relay interface. [CSCdi08293]
- Under certain circumstances a pure IP bridge (no ip routing) wouldn't be able to communicate with other IP hosts in the presence of topology changes. [CSCdi08349]
- When using process PCM and dual-homing connection, if the user issues a cmt disconnect command to a standby port, the CPU utilization will go very high. Fixed in 9.1(1.5) 9.0(3.2) 8.3(6.1). [CSCdi08427]
- Duplicate RIF entries pointing to the same MAC address were populating the RIF cache. In some instances there were different RIF entries which pointed to the same mac address. We need to check only the destination address to see if an entry exists in the RIF cache irrespective of which interface it came on. [CSCdi08493]
- Executing the command show ip ospf database may cause a system reload to occur. [CSCdi05692]
- When there are multiple External LSAs for the default route (0.0.0.0) in OSPF domain, there is a possibility for the default route to disappear from the IP routing table. There is no workaround. The fix for this will be available in a future release. [CSCdi07576]
- OSPF may stop working after 49 days. The workaround is to deconfigure, then reconfigure, OSPF. [CSCdi07671]
- If extended access lists are used on an MCI, SCI or ciscoBus interface, the IP route cache is enabled, and the "established" keyword is used, it can be improperly evaluated. This can permit packets which should be filtered and exclude packets which should be permitted. This behavior was first introduced in 8.2. [CSCdi07901]
- In a very large networks, fragmentation can occur on OSPF packets. This can cause problems with routers that do not do proper reassembly. [CSCdi08210]
- On an interface configured with both primary and secondary IP addresses, RIP, HELLO, and IGRP fail to propagate the subnet information for the secondary IP address if the network mask of the secondary address differs from that of the primary address. [CSCdi08483]
- When an NSAP address with length of 0 is present in a CLNS packet, the fast switching routines corrupt memory and causes the system to reload. [CSCdi06370]
- When doing ISO-IGRP interdomain routing over links on which split horizon is not performed, including X.25 PDNs, Frame Relay, and SMDS networks, prefix route advertisements count to infinity over networks when a prefix goes unreachable. [CSCdi07379]
- If there exists any IS-IS routers in a network that originates LSPs with an LSP number of nonzero, the destinations in that LSP will not be inserted into the routing table. The only workaround is for LSPIDs of the form xxxx.xxxx.xxxx.yy-zz, zz must be 00. [CSCdi07491]
- When deconfiguring IS-IS, the system may reload when the last IS-IS LSP is deleted from the link state database. [CSCdi07846]
- TCP connections can exhibit long pauses in data delivery if the router is attempting to send data faster than the foreign host can use that data. This happens most often in cases of protocol translation, SDLC tunneling, remote source route bridging, and X.25 switching. [CSCdi07964]
- The X.25 PAD code will return a list of ALL X.3 parameters if we received an x.29 "read request" message with more than one parameter requested. This is improper, and will cause some X.25 implementations to clear the connection. [CSCdi06432]
- Issuing a clear x25-vc command for a locally switched PVC or its interface will cause the PVC to be continually RESET. The PVC may be restored to operation by shutting down the interface and re-enabling it. [CSCdi07166]
- The error message and traceback:
- is used as a diagnostic aid; although an unexpected condition was detected and reported, the operation of the router and the X.25 protocol are not affected. If this message is displayed, contact technical support. [CSCdi07238]
- If a virtual circuit is established in order to forward a packet, the packet may not be forwarded immediately on receipt of the CALL CONFIRM. [CSCdi07560]
- When using an interface for dial-on-demand routing, keepalives must be disabled, or the call will be disconnected incorrectly. This is due to keepalives not being correctly passed through dial on demand interfaces. [CSCdi07654]
- "Passive" dial-on-demand interfaces. are not handled correctly[CSCdi07993]
- The command dialer in-band now supports specification of parity. The new command is dialer in-band [no-parity|odd-parity]. The parity applies to the dialer string that is sent to the V.25bis modem. If no parity keyword is specified or if no-parity is entered, then no parity is applied to the output number. If odd-parity is configured, the dialed number will have odd parity (7-bit ASCII characters and 8th bit (msb) being the parity bit). [CSCdi08276]
- Software prior to 9.1(2) on the Cisco 3103 would not free the TEI assigned to it when the BRI interface was shutdown. [CSCdi08281]
- Prior to 9.1(2), the ISDN software could cause a system to reload. This occurs if calls are received by the 3103 router which it ignores. This would include voice calls, or calls to another device in a multidrop situation. [CSCdi08401]
- The dialer map command applied to a dialer rotary group is not propagated to interfaces in that dialer rotary group. [CSCdi08412]
- There is a window where the XNS and Novell routing code can learn the wrong MAC address for a CTR interface. This only happens when DECnet is being used on the same CTR interface as XNS or Novell. The workaround is to reissue the xns network xxx or novell network xxx command. [CSCdi07895]
Cisco Information Online (CIO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CIO to obtain additional content and services.
Available 24 hours a day, 7 days a week, CIO provides a wealth of standard and value-added services to Cisco's customers and business partners. CIO services include product information, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CIO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously--a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CIO (called "CIO Classic") supports Zmodem, Kermit, Xmodem, FTP, Internet e-mail, and fax download options, and is excellent for quick access to information over lower bandwidths. The WWW version of CIO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CIO in the following ways:
- WWW:
http://www.cisco.com.
- Telnet:
cio.cisco.com (198.92.32.130).
- Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and baud rates up to 14.4 kbps.
For a copy of CIO's Frequently Asked Questions (FAQ), contact cio-help@cisco.com. For additional information, contact cio-team@cisco.com.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or
tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or
cs-rep@cisco.com.
The complete caveats against this release are available on UniverCD, which is the Cisco Systems library of product information on CD-ROM. On UniverCD, access the Release 9.1 Caveats in the Release 9.1 database.
