cc/td/doc/product/software/ios11
hometocprevnextglossaryfeedbacksearchhelp

Table of Contents

11.0(18) Caveats
11.0(17) Caveats/11.0(18) Modifications
 11.0(16) Caveats/11.0(17) Modifications
 11.0(15) Caveats/11.0(16) Modifications
 11.0(14) Caveats/11.0(15) Modifications
 11.0(13) Caveats/11.0(14) Modifications
 11.0(12) Caveats/11.0(13) Modifications
 11.0(11) Caveats/11.0(12) Modifications
 11.0(10) Caveats/11.0(11) Modifications
 11.0(9) Caveats/11.0(10) Modifications
 11.0(8) Caveats/11.0(9) Modifications
 11.0(7) Caveats/11.0(8) Modifications
 11.0(6) Caveats/11.0(7) Modifications
 11.0(5) Caveats/11.0(6) Modifications
 11.0(4) Caveats/11.0(5) Modifications
 11.0(3) Caveats/11.0(4) Modifications
 11.0(2) Caveats/11.0(3) Modifications
 11.0(1) Caveats/11.0(2) Modifications
 11.0(17)BT Caveats
 11.0(16)BT Caveats/11.0(17)BT Modifications
 11.0(15)BT Caveats/11.0(16)BT Modifications
 11.0(14)BT Caveats/11.0(15)BT Modifications
 11.0(13)BT Caveats/11.0(14)BT Modifications
 11.0(12)BT Caveats/11.0(13)BT Modifications
 11.0(11)BT Caveats/11.0(12)BT Modifications
 11.0(10)BT Caveats/11.0(11)BT Modifications
 11.0(9)BT Caveats/11.0(10)BT Modifications

11.0(18) Caveats

This section describes possibly unexpected behavior by Release 11.0(18). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(18).

AppleTalk

Basic System Services

The only known workaround is to completely unconfigure the old card before replacing it with the new card. Sometimes, it might even be necessary to issue a write erase command, reboot the router, and then redefine the existing interfaces to completely remove all configuration traces of the old card. Once the information that is displayed by the show commands is self-consistent, the newly inserted card behaves normally. [CSCdi49800]
Central Issue ------------- In actuality, the encrypted password is not truncated in revision 11.1(6). In fact the encrypted password was actually truncated in rsp revision 11.0(8). Bug fix CSCdi13190 was made to correct the maximum lengths of encrypted passwords. Originally the maximum length of a non encrypted password was 25 characters while an ecrypted password was restricted to 11 characters. The parser would allow the user to enter more characters but would truncate them internally at the maximum length.
What does this mean to customers upgrading from 110-8? ------------------------------------------------------ According to DDTS, the code for CSCdi13190 was checked into releases: 11.1(1.0.1) 11.1(1.0.3) 10.3(13.0.1)
If a router is running a release without this fix and the enable password is "secretpassword" (14 characters) and password encryption is enabled. Internally that ecnrypted password is truncated to "secretpassw" (11 characters) and stored this way in the config file (NVRAM). Unfortunately, at this revision the user may not understand this truncation is going on.
If the router is upgraded to a release containing bug fix CSCdi13190. When the user enters "secretpassword" as the enable password, the full 14 bytes are encrypted and compared against the config. Unfortunately the two will not match and the verification will fail with message similar to the following.
"% Bad passwords"
Only when the user explicitly enters only the first 11 characters of the password will the encrypted password match the encrypted password in NVRAM.
What about downgrading? ----------------------- The situation can be even worse when downgrading from a revision containing fix CSCdi13190 to a revision without it.
If the encrypted password is "secretpassword". The fully encrypted password is now in NVRAM. Then the rsp release is downgraded to the earlier revision.
When the user enters the password they will have an issue. At this rev only a maximum of 11 characters can be encrypted, the rest is truncated and ignored. Therefore, it will be impossible for the user to ever match the 14 character encrypted password stored in NVRAM and they will not be able to log in. [CSCdi75034]

EXEC and Configuration Parser

There is no operational impact due to their presence and/or use. This is a cosmetic problem. [CSCdj18849]

IBM Connectivity

APAR Identifier ...... IR30678 Last Changed ........ 95/11/02 CPCP SESSION WON'T ACTIVATE AFTER TAKEOVER CONTACT.
Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 4 Date Closed ......... 95/09/27 Component .......... 564806300 Duplicate of ........ Reported Release ......... 303 Fixed Release ............ 999 Component Name NCP V7 Special Notice Current Target Date ..95/11/13 Flags SCP ................... Platform ............
Status Detail: APARCLOSURE - APAR is being closed.
PE PTF List:
PTF List: Release 303 : UR44944 available 95/10/23 (F510 ) Release 732 : UR44945 available 95/10/19 (9510 )
Parent APAR: Child APAR list:
ERROR DESCRIPTION: CPCP session won't activate after takeover contact. The logic in the code comparing the ACTPU requirements in the XID(NA) to the initial XID is bad causing the XID(NA) to be rejected with a CV22. LOCAL FIX:
PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All SNA * **************************************************************** * PROBLEM DESCRIPTION: Session won't activate after takeover * * contact. XID(NA) is rejected with * * CV22. * **************************************************************** * RECOMMENDATION: Apply appropriate PTF. * **************************************************************** CPCP sessions won't activate after takeover contact. The logic in the code comparing the ACTPU requirements in the XID(NA) to the initial XID is bad causing the XID(NA) to be rejected with a CV22. The CV22 is as follows: 2203000900.
PROBLEM CONCLUSION: The incorrect logic was caused by a compiler problem. To correct the problem, the CHKCV61 routine was moved from CXDXIDV to CXDDUM1.
TEMPORARY FIX:
COMMENTS:
MODULES/MACROS: CXDDUM1 CXDXIDV SRLS: NONE
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: [CSCdi31041]
This can be seen when querying the APPN MIB. For exmaple, an ISR using COS #INTER will have TP of LOW vs. HIGH.
This should also be seen when multiple sessions of different COSs are passing through our node and they are each getting equal bandwidth. [CSCdi42514]
Takeover and giveback of a DLUR owned PU does not function correctly. [CSCdi45263]
This fix address the above problem. [CSCdi57749]
The workaround is do not reconfigure virtual rings or remote peers while executing a show source command. [CSCdj49973]
There is no workaround. [CSCdj62026]
The problem typically occurs when Netbios is utilized to allow workstations to communicate between ethernet and token ring. It will also occur when SNA is used.
The workaround is to disable fast-switching by using the command no source-bridge transparent fastswitch or configure the end stations to use frames with a payload of less than or equal to 1500 bytes. [CSCdj62385]
[abort(0x601f2c3c)+0x8] [crashdump(0x601f0b20)+0x94] [process_handle_watchdog(0x601c2f08)+0xb4] [signal_receive(0x601b7d58)+0xa8] [process_forced_here(0x60169424)+0x68] [locate_node_index(0x607dbcc0)+0x64] [etext(0x60849e00)+0xcbee04] [CSCdj67966]
The display show llc2 shows this llc2 session in state ADM, but we have no i.e. dlsw circuit associated with it.
Due to this the end system assosiated with this control block, dmac smac dsap ssap, can not reconnect the llc2 session.
Workaround is either to change one of the addresses or the saps or to reload the router. [CSCdj69274]
RA: 0x607E1724[find_matching_row(0x607e16ec)+0x38] RA: 0x607E1B9C[Tfind_next(0x607e1b70)+0x2c] RA: 0x6071182C[DBfind_next_directory_entry(0x60711814)+0x18] RA: 0x6070BAD8[CPdelete_men(0x6070ba90)+0x48] RA: 0x6070BA78[CPupdate_cp_status(0x6070b9c0)+0xb8] RA: 0x6070B40C[CPmain(0x6070b300)+0x10c] RA: 0x6070AC2C[newdss00(0x6070ab60)+0xcc] RA: 0x60183F80[r4k_process_dispatch(0x60183f6c)+0x14] [CSCdj70817]

Interfaces and Bridging

Internal controller counts:
line errors: 0/1309, internal errors: 0/0 ^^^^ ^ burst errors: 0/11224, ari/fci errors: 0/0 ^^^^^ ^ abort errors: 0/0, lost frame: 0/2 ^ ^ copy errors: 0/0, rcvr congestion: 0/0 ^ ^ token errors: 0/16575, frequency errors: 0/0 ^^^^^ ^ [CSCdi62392]
I checked 'show smf'. When 16 MAC addresses is registered on FE, I cannot ping/telnet HSRP virtual address. But HSRP replies ARP request. If I delete or disable any protocol, and the number of MAC decrease less than 16 (i.e. 15 or fewer), HSRP works fine. [CSCdi92485]
The problem only affects the mid-range and low-end platforms. [CSCdj41666]

IP Routing Protocols

In the following case, rtrA is either configured for "no ip routing" or is trying to boot a new image. In both instances, rtrA needs to obtain the correct ARP entry for the workstation located on the 171.69.214.24 subnet. Router, rtrB, is configure with "ip proxy-arp" on the 171.69.214.17 interface and it is provided with a default route.
workstation(.28) to default net | | 171.69.214.24 171.69.214.8 --------+--------- ---------+---------- |.27 |.10 +----+-----+ | +----+----+ | |.18 | .17| | | rtrA +-------+---------+ rtrB | | | | | | +----------+ | +---------+ 171.69.214.16
When rtrA sends out an ARP request for the workstation, it will be sent out all rtrA interfaces. Although rtrA will receive a response from the workstation, it will also receive a proxy-arp response from rtrB which will overwrite the workstation response giving rtrA an incorrect entry.
There is little reason to run a router in host mode in this network topology, however, if you do, proxy-arp must be turned off on rtrB. If you are trying to netboot from the workstation, you may turn off proxy-arp on rtrB or do not specify the workstation's IP address in the boot command (ie "b image" vs "b image addres>") so the tftpboot request will be broadcast. [CSCdi41856]
% "map1" used as BGP outbound route-map, nexthop match not supported % "map2" used as BGP outbound route-map, exact community match not supported
This is a cosmetic error message as both next hop and community exact matching are supported. [CSCdi66245]
The workaround is to issue the command once for every entry in the route-map. [CSCdi74893]
Result: not all connected networks may be advertised in EIGRP.
Workaround: redistribute connected [CSCdj57362]

ISO CLNS

Novell IPX, XNS, and Apollo Domain

Protocol Translation

translate x25 12345 ppp ip-pool restart 5000
This is implemented only on one-step connections. [CSCdi35040]

TCP/IP Host-Mode Services

For in-depth information including workarounds and information on other Cisco product vulnerabilities, please see:
http://www.cisco.com/warp/customer/770/land-pub.shtml [CSCdj61324]

TN3270

Wide-Area Networking

This will have no effect on connectivity, unless the ARP Server is too busy to accept our follow-on call. But then there are bigger problems to worry about in the network. [CSCdi40765]
See associated BUG CSCdi52882 [CSCdi52067]
See associated bug CSCdi52087 [CSCdi52882]
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -Traceback= 107EA 1D190C 1EA92 342D2E 34188E 32F100 330378 3328F2 %X25-3-INTIMEQ: Interface Serial1, LCN 2 already in timer queue, new time 310620 -Process= "interrupt level", ipl= 4 -Traceback= 333396 330618 3328F2 332348 331E06 34FA74 6DE0C 1158F2 [CSCdi57343]
%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)
The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]
The 'show interface bri x' command shows BRIx is up, line protocol is down. The work around is to do a clear interface bri x after the system comes up. The correct behavior would be for the system to come up with BRIx is up, line protocol is up(spoofing). [CSCdi68484]
This problem is cosmetic as we accept calls and we clear calls due to load activity timeout(idle timeout). [CSCdj07324]
During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]

11.0(17) Caveats/11.0(18) Modifications

This section describes possibly unexpected behavior by Release 11.0(17). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(17). For additional caveats applicable to Release 11.0(17), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(18).

Basic System Services

The work around is to use the (C)ommand (L)ine (I)nterface: "copy tftp flash" This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]
In particular the enqueue and the dequeue routines are not reset and this causes the box to crash, the moment the routines are invoked next time. However, once the box is rebooted the inconsistency is cleared. [CSCdj29439]
The crash occured in the frame-relay packet classifier fuction called by the WFQ routine. The work around of this problem will be to disable wfq on the interfafce with frame-relay encapsulation. [CSCdj45516]
The Known workarounds are: 1)Increase the input queue to 175 ([75]Original Queue amount+[100] per exception dump x.x.x.x cmd) 2)Remove exception dump x.x.x.x command [CSCdj58035]

IBM Connectivity

There is no known workaround. [CSCdj25859]
There is no alternative workaround when this happens. The router is forced to restart by the system watchdog process (software-forced reload event).
The fix is to give up the cpu by the xxxdns00 process after processing certain number of requests at a time. [CSCdj26423]
%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1 %APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4 %APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received
Each subsequent broadcast locate received by this router causes the following messages to be displayed and about 1920 bytes of appn memory to be leaked.
%APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080 %APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0
This problem was found when 2 links were active to the same node, and the cp-cp sessions were split between these 2 links. The problem would occur if the link with conloser was stopped.
The appn subsystem should be stopped and restarted to clear this problem. If these cp-cp sessions are between the router and the host, terminating either cp-cp session on the host will also clear this problem. [CSCdj33718]
System was restarted by bus error at PC 0x8B5902, address 0x4AFC4AFC PC: process_snmp_trs_tg_inc
0x8B5CAC:_process_ms_data_req_trs(0x8b5aaa)+0x202 0x87E5FE:_xxxtos00(0x87d6b0)+0xf4e 0x180E5C:_process_hari_kari(0x180e5c)+0x0 [CSCdj36824]
After several tries, the router may crash with memory corruption.
The workaround is to remove any remwait/dead peer statements. [CSCdj42427]
System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]
PC 0x1EA33A[_crashdump(0x1ea2b8)+0x82] FP: 0xA6D9F0[_etext(0x8f2d38)+0x17acb8], RA: 0x1660DE[_validate_sum(0x16602a)+0xb4] FP: 0xA6DA14[_etext(0x8f2d38)+0x17acdc], RA: 0x141154[_checkheaps_process(0x1410b2)+0xa2] FP: 0xA6DA30[_etext(0x8f2d38)+0x17acf8], RA: 0x180FB8[_process_hari_kari(0x180fb8)+0x0] [CSCdj47941]
> System was restarted by bus error at PC 0x6C75DC[_Mfree(0x6c75b6)+0x26], address 0xFFFFFFF8[_etext(0x73ab50)+0xff8c54a8] > Image text-base: 0x00012000[__start(0x12000)+0x0], data-base: 0x0073AB50[__etext(0x73ab50)+0x0] > FP: 0x872C74[_etext(0x73ab50)+0x138124], RA: 0x6588BC[_session_failure_clean_up(0x658502)+0x3ba] > FP: 0x872EB8[_etext(0x73ab50)+0x138368], RA: 0x65C6E6[_process_cp_status_sig(0x65c2da)+0x40c] > FP: 0x8730F0[_etext(0x73ab50)+0x1385a0], RA: 0x64D820[_xxxmss00(0x64d64e)+0x1d2] > FP: 0x873210[_etext(0x73ab50)+0x1386c0], RA: 0xB720C[_process_hari_kari(0xb720c)+0x0] [CSCdj51051]

Interfaces and Bridging

Assuming we cannot reproduce, this bug will be reclassified at a lower priority, with the trust being to do a command-parser change to prevent use of fancy queueing and ppp-compression.
Please note, however, that we ackowledge that use of mutually- incompatible features should not cause the router to crash. Further, why the crash is occuring in the compression engine is something we do not currently understand.
For the present, please turn off all fancy queueing. [CSCdj25503]

IP Routing Protocols

Novell IPX, XNS, and Apollo Domain

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

In Cisco IOS Release 11.0(11) the software accepts the remote peer's "Her" proposed address regardless, and the "Her" address is subsequently added to the IP routing table as a host route.
With Cisco IOS Releases later than 11.0(11) the software will check the "Her" address against the corresponding dialer map and if the address is different than the IP address detailed within the dialer map, a NAK will be sent and the dialer map IP address will be added as a host route in the IP routing table.
It is possible to revert to the previous operation using the hidden interface command ppp ipcp accept-address. When enabled the peer IP address will be accepted but is still subject to AAA verification, it will have precedence over any local address pool however. [CSCdj04128]
There is no workaround. [CSCdj48085]
This has not been observed on any other release. [CSCdj56450]

11.0(16) Caveats/11.0(17) Modifications

This section describes possibly unexpected behavior by Release 11.0(16). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(16). For additional caveats applicable to Release 11.0(16), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(17).

Basic System Services

IBM Connectivity

This problem has only been seen with local SRB. It has not been seen with RSRB or DLSW.
Serveral workarounds are: increase the MTU size on the local TR interfaces to be greater than or equal to the transmitting station, lower the MTU size of t the transmitting station to be less than or equal to the MTU on the token ring interface, or disable netbios name caching. [CSCdi86423]
PC= 0x606079a4[psbmfrm(0x60607930)+0x74], 32 bytes
PC= 0x606094d0[psp00(0x60609380)+0x150], 320 bytes [CSCdj25484]
Workaround is to configure using dlsw. [CSCdj26404]
606CD174[Qfind_front+0x24]
606C7D80[timer_process+0x300]
606C8070[csweotsk+0x1d0]
A router may experience this problem after displaying several messages when the output buffer was full. If the crash was related to displaying "incomplete definition in configuration" warnings, the workaround is too remove these incomplete definitions. [CSCdj26701]
Because other network events (link outages, and so forth) can trigger a node to send a TDU, this problem will not necessarily appear exactly after a 60-day uptime -- it may occur much later or not at all. However, any APPN router running in the network for over 60 days is at risk for seeing this problem.
Stopping and restarting APPN will work around this problem until the next timer wrap, which can be up to 45 days, but may be less depending on the current value of the timer. Reloading the router will reset the timer and avoid the problem for an additional 60 days. [CSCdj29014]
If the downstream device never responds to the outstanding bind, the DLUR router will wait indefinitely and not free the local-form session ID (lfsid). This may cause a situation in which the host tries to reuse a lfsid after it has sent an unbind request, but the DLUR rejects the new bind request because it believes that this lfsid is in use. If the host continuously tries to use this lfsid which the DLUR believes is in use, then no new sessions can be established. This problem occurs only when the downstream device does not respond to a bind request. [CSCdj30386]
Caveat CSCdi77040 provides a fix for this problem in the system side. This caveat provides the corresponding fix for APPN. [CSCdj30552]
When memory is exhausted, the APPN subsystem may stop or the router may reload. [CSCdj33429]

Interfaces and Bridging

%RSP-3-IP_PANIC: Panic: Serial12/2 800003E8 00000120 0000800D 0000534C
%DBUS-3-CXBUSERR: Slot 12, CBus Error
%RSP-3-RESTART: cbus complex
If the string "0000800D" is included in the panic message, the problem is related to this bug. The workaround is to load a new image that contains the fix for this bug. [CSCdi78086]
Frames are not bridged properly through the SMDS subinterface. Issuing the show bridge command will not show any bridge table entries for hosts through the SMDS subinterface. [CSCdj23544]

IP Routing Protocols

The following Cisco IOS Releases are affected: 011.001(012.004) 011.002(007.002) 11.2(07.02)P 011.000(016.001) 11.1(12.04)AA 11.2(07.02)F 11.0(16.01)BT 11.1(12.04)IA 11.1(12.05)CA and subsequent versions of those releases until this fix is integrated. Also relevant are other releases where the fix for CSCdi73194 got integrated. [CSCdj31496]

LAT

Novell IPX, XNS, and Apollo Domain

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

The following error message can be seen scrolling on the console if the router is in the above state:
%X25-4-VCLOSTSYNC: Interface TCP/PVC, VC 0 TCP connection corrupted
This does not seem to occur in a normal XOT switching environment. [CSCdj25846]

11.0(15) Caveats/11.0(16) Modifications

This section describes possibly unexpected behavior by Release 11.0(15). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(15). For additional caveats applicable to Release 11.0(15), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(16).

Basic System Services

IBM Connectivity

LOCACK: recv DM, bogus, state NO_ONES_HOME can prevent netbios sessions from coming up in a busy system. [CSCdj11152]
The current workaround is to disable LNM.
> [CSCdj11711]
A workaround is to ensure there are no unnecessary PUs configured on a line that is continually sending SNRMs. [CSCdj17630]

Interfaces and Bridging

*Dec 20 06:53:08: %RSP-3-ERROR: CyBus0 error 78
*Dec 20 06:53:08: %RSP-3-ERROR: invalid page map register
*Dec 20 06:53:08: %RSP-3-ERROR: command/address mismatch
*Dec 20 06:53:08: %RSP-3-ERROR: invalid command
*Dec 20 06:53:08: %RSP-3-ERROR: address parity error
*Dec 20 06:53:08: %RSP-3-ERROR: address parity error 23:16 1, 15:8 1, 7:0 1
*Dec 20 06:53:08: %RSP-3-ERROR: bus command invalid (0xF)
*Dec 20 06:53:08: %RSP-3-ERROR: address offset (bits 3:1) 14
*Dec 20 06:53:08: %RSP-3-ERROR: virtual address (bits 23:17) FE0000
*Dec 20 06:53:09: %RSP-3-RESTART: cbus complex
or
09:53:32.607 EST: %RSP-3-ERROR: MD error 0080008030003000
09:53:32.607 EST: %RSP-3-ERROR: SRAM parity error (bytes 0:7) 0F
09:53:33.363 EST: %RSP-3-RESTART: cbus complex
CyBus errors similar to the above errors have two known causes. If there are HIPs in the router and on the bus reporting the CyBus error, a race condition may exist with the HIP microcode on an oversubscribed bus. The workaround on dual-CyBus platforms is to move all the HIPs onto a CyBus that is not oversubscribed.
The errors can also be caused by the failure of a marginal CI arbiter board or an RSP board. As a result of this problem, all interfaces are reset, causing forwarding to be stopped for a few seconds. [CSCdj06566]

IP Routing Protocols

Novell IPX, XNS, and Apollo Domain

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

Other ISDN platforms are affected largely by that described in CSCdj07119 or CSCdi82010 depending upon their particular ISDN usage characteristics. [CSCdj05355]

11.0(14) Caveats/11.0(15) Modifications

This section describes possibly unexpected behavior by Release 11.0(14). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(14). For additional caveats applicable to Release 11.0(14), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(15).

AppleTalk

%SYS-2-MALLOCFAIL: Memory allocation of 41394 bytes failed from 0x35DD24E Traceback= 30E83CC 30E94CA 35DD25 35D8CBE 35DCD5C 35D9CF0
This occurs primarily under heavy load. [CSCdi79459]

Basic System Services

%SCHED-3-PAGEZERO: Low memory modified by Exec
Issuing the show version command after the reload displays the following:
System restarted by unknown reload cause - ptr to non-ascii bytes 0x4 [CSCdi73404]

EXEC and Configuration Parser

IBM Connectivity

There is precedence for this problem and the fix is to lower the size of the block of data being copied at any one time. [CSCdi77785]
IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5 %APPN-0-APPNEMERG: Assertion failed in ../scm/xxximndr.c at line 158 -Process= "xxxims00", ipl= 0, pid= 58 -Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4 [CSCdi90117]
After the fix, the router will correctly send the service point name in the NMVT alert [CSCdj02382]
The value returned from an SNMP get for the oid:
.iso.org.dod.internet.private.enterprise.cisco.ciscoMgmt.channel. cipCard.cipCardTable.cipCardEntry.cipCardEntryCpuUtilization (.1.3.6.1.4.1.9.9.20.1.1.1.5)
is a constant 89 (also observerd was the value 90), regardless of the real CIP CPU utilization. The 'show controller cbus' command can be used to retrieve the real CPU utilization on the Channel Interface Processor.
Fix provided:
The SNMP MIB has been enhanced to return the CIP Load Metrics for CPU Load, DMA Load, and Channel Adapter Load. The old value for CPU Utilization is retained but has been marked in the MIB as deprecated. The MIB was also brought up to date with respect to the reporting of Broadcast Enable and Row Status for the CIP Claw Config. [CSCdj04309]
The router crashes when either a no fras backup dlsw ... or no fras backup rsrb ...
command is issued ONLY WHEN the backup code is invoked. For example, when the serial line to the FR cloud is lost, and backup is configured.
When the no backup command is invoked, the cleanup for the backup functions are invoked. The bug in the code is that the backup function removes the lan-cep, instead of the backup-cep. When the lan-cep structure is referenced, the structure is garbage, and the router crashes.
No workaround at this point in the code. [CSCdj08577]
This problem may cause vtam to refuse to activate subsequent dlur/dlus pipes for all dlur NNs. "/d net,dlurs" shows the dlus conwinner state as reset and the conloser as active.
The workaround is to prevent the dlur router from sending this corrupt frame is to reconfigure the DLUR routers without a backup dlus coded. [CSCdj10485]

Interfaces and Bridging

Note: In 11.0 smds is process bridged on input to bridge and therefore does not exhibit issue (but in 11.0 still issue for frame_relay ietf and atm) [CSCdi71927]
After the fix, the router box can provide RARP service if configured as a RARP server regardless of it's being configured as later 2 bridge only [CSCdi83480]

IP Routing Protocols

System was restarted by bus error at PC 0x601E4CD0, address 0xD0D0D0D 4500 Software (C4500-P-M), Version 10.3(16), RELEASE SOFTWARE (fc1) Compiled Thu 24-Oct-96 18:32 by richardd (current version) Image text-base: 0x600087E0, data-base: 0x60370000
Stack trace from system failure: FP: 0x605D46B8, RA: 0x601E4CD0 FP: 0x605D46D8, RA: 0x601E4D88 FP: 0x605D46F8, RA: 0x601E50EC FP: 0x605D4710, RA: 0x601C88E0 FP: 0x605D4740, RA: 0x601E4998 FP: 0x605D4760, RA: 0x601E5174 FP: 0x605D4778, RA: 0x60081D04 FP: 0x605D47B8, RA: 0x6006C8A4
Which decodes as follows:
Symbols
nhrp_cache_clear_nei nhrp_cache_clear_nei nhrp_cache_delete_subr nhrp_cache_age_subr rn_walktree_blocking_list nhrp_cache_walk nhrp_cache_age registry_list net_oneminute [CSCdi90523]
'clear ip route *' will force EIGRP to reinstall it. [CSCdi92753]
ip route
may not appear in the eigrp topology table .
The routes can be 'recovered' (reinstalled in the topology table) by either using or by unconfiguring the redistribution and configuring it again.
In the first case (), the routes go away again after a short time. In the second case, the routes are present in the topology table for a longer period, but eventually go away too. [CSCdj09571]

LAT

%LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet
When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full ethernet frame. Data for the slot is discarded. [CSCdi82343]

Novell IPX, XNS, and Apollo Domain

TCP/IP Host-Mode Services

Mar 19 08:41:23: %TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 -Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C Mar 19 08:41:50: %X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted Mar 19 08:41:52: TCP0: extra packet reference for pak 0x60A031D8 found: Mar 19 08:41:52: %TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 -Process= "TCP Driver", ipl= 0, pid= 26 -Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4 [CSCdj06781]

Wide-Area Networking

The show interface bri 0 command shows BRI0 is up, line protocol is down. The work around is to do a clear interface bri 0 after the system comes up. The correct behavior would be for the system to come up with BRI0 is up, line protocol is up(spoofing) [CSCdi78255]

11.0(13) Caveats/11.0(14) Modifications

This section describes possibly unexpected behavior by Release 11.0(13). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(13). For additional caveats applicable to Release 11.0(13), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(14).

AppleTalk

There is no workaround. Though in most cases, this scenario is unlikely. [CSCdi77772]

Basic System Services

Using no aaa authorization config-commands causes the Network Access Server (NAS) not to try to authorize configuration level commands.
Care should be taken, as this reduces the administrative control that can be placed on configuration commands, i.e. it turns into an all-or-none authorization. [CSCdi36536]
Encapsulated bridging does not work on the 7500 router. The workaround at this time, to bridge between the AGS+ and the 7500, is to use CSC-C2FCIT cards in the AGS+ and translational bridging.
The big disadvantage of using encapsulated bridging is that it cannot use the hardware bridge filtering capabilities of the CSC-C2FCIT cards, which have a CAM built into them which is used to do bridge filtering on the card. When encapsulated bridging is used, the main processor has to do all bridge filtering. This means that one busy encapsulated bridging FDDI network can eat the entire bandwidth of the router's main processor, just for bridge filtering. It should be no surprise that the use of encapsulated bridging is to be vigorously discouraged. [CSCdi46862]
The easy workaround is to simply replace cards one at a time. In the example above, pull slot 1, insert slot 1, pull slot 2, insert slot 2 will avoid the problem entirely. [CSCdi57526]
To work around this, configure "aaa authentication local-override". [CSCdi76170]
The following works: #copy tftp:D:test flash Enter destination file name [D:test]: Address or name of remote host [255.255.255.255] ?
and the following works: #copy tftp flash Enter source file name: tftp:D:test Enter destination file name [D:test]: Address or name of remote host [255.255.255.255] ? [CSCdi78276]
One can diagnose this problem by turning on DEBUG CDP PACKETS
If device is receiving GOOD CDP information, the output will look similar to:
CDP-PA: Packet received from 008024 3DD610 (wan-sw.3100) on interface Ethernet1 **Entry found in cache**
If the device is receiving BAD CDP packets, the entry will never be found in the cache (and thus repeatedly added).
Workarounds: 1. Turn off CDP on the router via the NO CDP RUN command. 2. Change the name on the Catalyst to a Text String; e.g. set system name foobar [CSCdi91300]
vty 0 telnet refuse-negotiations
This should maintain local echo for duration of Telnet session.
IF the above work-arounds are not accepted, try the following;
1/ when telnetting from a PC or Unix station go into 'line mode':
---------- len-sun% telnet bud Trying 172.17.241.23 ... Connected to bud.cisco.com. Escape character is '^]'.
User Access Verification
Password: bud>Translating "abc"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address bud> (===> no echo: the problem is there) (typed ^]) <=======NOTE this is control-right_square_bracket telnet> mod line
(typed CR)
bud>sho ver (echo is back) ----------------
2/ When telnetting between routers, use: telnet 'ip-address' /line and the echo is back.
---------------- bud> bud> (=> typing commands but no echo) bud>Trying 172.17.241.23 ... Open
User Access Verification
Password: bud>Translating "abcd"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address bud> (=>exiting) [Connection to 172.17.241.23 closed by foreign host] bud> (=> typing telnet 172.17.241.23 /line) bud>Trying 172.17.241.23 ... Open
User Access Verification
Password: ww
bud>sho line
% Type "show ?" for a list of subcommands bud>show vers Cisco Internetwork Operating System Software I [CSCdj05366]

DECnet

"no dec advertise "
fails to remove the "dec advertise " line from NVRAM. [CSCdi87264]

EXEC and Configuration Parser

IBM Connectivity

The symptoms are sessions failing to establish and existing sessions being torn down.
The workaround is to configure TCP encapsulation. [CSCdi78017]
Anyways taking care of the busy condition, the router doesnt abort the conncetion and correctly passes the Y to the interactive queue. [CSCdi81927]
Workaround: Configure the required filter at the originating router, either at the interface or dlsw level. This is a large administrative task in large networks. [CSCdi87600]
This fixes the APPN DLUR router crash with memory corruption. This may happen occasionally and the router often crashes in a function call Mget_x. [CSCdi90441]

Interfaces and Bridging

If this incoherency occurs and does not cause a router crash, it may instead cause cbus switching to be automatically disabled, and the interface would resort to fast switching (or sse switching if sse switching were also configured). [CSCdi43526]
CBUS-3-INTERR: Interface 6, Error (8011)
This is due to the bridging code was seeing aaaa and assuming it as snap encapsulated. Since SNAP encapsulated packets have a minimum length of 21, the bridging code was subtracting 21 from the original length of the packet (20) when queuing it on the outbound interface. Result. Length of outbound packet was -1 or 65535 bytes. This caused the SP to become confused and writing over low core causing the 8011 error. [CSCdi65953]

IP Routing Protocols

After reload with standby track command configured, the tracked interface may be in a wrong state, hence the priority is wrong too.
For the first time loading the image with the fix, standby track command will be deconfigured, and need to reconfigure it again. [CSCdi72254]
This doesn't seem to affect the order in which the route-map is executed. [CSCdi74891]
The fix for 11.2 introduced CSCdj02347 and CSCdj02729. [CSCdi77493]

ISO CLNS

There is no workaround of this problem. [CSCdi90052]

Novell IPX, XNS, and Apollo Domain

The flooding behavior covers up a problem where services may be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third party routers are present on the same link. [CSCdi74487]

Protocol Translation

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

ATM3/0.2(I): VCD:0x5 Type:0x6, LANE, ETYPE:0x0006 LECID:0xFF00 Length:0x70 FF00 0101 0008 0000 0000 003A 0003 0000 0000 0000 0000 0000 0001 0000 0C07 AC00 4700 9181 0000 0000 603E 5A45 0200 000C 5B7B 1202 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
LEC ATM3/0.2: received UNKNOWN on VCD 5
0008 looks like an LE_NARP packet which is reported as UNKNOWN by deb lane client. The clearing of the LE_ARP entry occurs correctly.
During another test, we get for instance:
nestor#sho lane le-arp Hardware Addr ATM Address VCD Interface 0000.0c5b.7b12 47.00918100000000603E5A4502.00000C5B7B12.02 13 ATM3/0.2 0000.0c07.ac00 47.00918100000000603E5A4502.00000C5B7B12.02 13 ATM3/0.2 0000.0c02.7f86 47.00918100000000603E5A4502.00400BC81840.02 12 ATM3/0.2 nestor# LEC ATM3/0.2: received UNKNOWN on VCD 5 nestor#sho lane le-arp Hardware Addr ATM Address VCD Interface 0000.0c02.7f86 47.00918100000000603E5A4502.00400BC81840.02 12 ATM3/0.2
This is just a cosmetical problem. [CSCdi78737]
The work-around is to first remove any "frame-relay interface-dlci" commands and THEN remove the "frame-relay priority-dlci-group" command. [CSCdi85395]
The workaround is to have the LECS configured properly before the LES attempts to connect to it.
In other words, have a completely operational LECS AND configure its address properly for the LES, before the LES comes up. [CSCdi87660]

11.0(12) Caveats/11.0(13) Modifications

This section describes possibly unexpected behavior by Release 11.0(12). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(12). For additional caveats applicable to Release 11.0(12), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(13).

AppleTalk

Basic System Services

If the IP address of your Tacacs+ server does not exist in your local host table and you do not have DNS configured, you may experience a 9-second delay before connecting to the server.
To resolve this problem, do at least one of the following:
1) add "no ip domain-lookup" to your configuration. 2) add the IP address of your Tacacs+ server to your local host table. [CSCdi70032]
%RSP-3-ERROR: RP parity error %RSP-3-ERROR: SRAM parity error %RSP-3-ERROR: QA parity error %RSP-3-ERROR: CyBus0 parity error %RSP-3-ERROR: CyBus1 parity error
a bitmask follows to indicates which bytes (0-7) had bad parity. The bits indicating bytes 0 & 1 are actually in bit positions 9 & 8 instead of bit positions 7 & 6. [CSCdi74453]

DECnet

The previous version of the code allowed only end-system adjacencies to be added to the Phase V data base. [CSCdi77560]

EXEC and Configuration Parser

IBM Connectivity

Once the router reloads a 'config mem' can be done to add the statement back. [CSCdi67719]
ALIGN-1-FATAL: Illegal access to a low address addr=0x1, pc=0x60544FE0, ra=0x60544FE8, sp=0x60AEE780
0x604C23EC:llc_store_rif(0x604c23c0)+0x2c 0x604BE390:llc2_input(0x604be128)+0x268 0x6014BD28:llc_input(0x6014bc64)+0xc4 ... Somewhere in the drivers.
It is exacerbated by increasing loads. There is no workaround. [CSCdi69234]
%ALIGN-3-SPURIOUS: Spurious memory access made at reading
on a 75xx. [CSCdi72059]
Exception: Line 1111 Emulator at 0x7E9500 (PC) [CSCdi73675]
dlur-dspu-name > % Incomplete command.
This message, while a nuisance, does not cause any problems. [CSCdi76709]
e.g.
dspu pu TESTPU xid 05d00001 dspu lu 1 1 host host1 1 dspu lu 2 2 host host1 2
...is written to NVRAM as...
dspu pu TESTPU xid 05d00001 dspu lu 1 2 host host2 1 [CSCdi76858]

Interfaces and Bridging

You'll see the small buffers being created but not released (Created is going up and Trims doesn't in the show buffer) and the show memory will show the memory available going down.
Spanning Tree BPDUs are handled by small buffers , so when a BPDU comes in a small buffer is used , if at the same time the interface is going down , this small buffer should be released, and that was not the case...
This problem has been fixed in the IOS software code. [CSCdi72783]
%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
The show diag x command reports that the board is disabled, wedged. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi73130]

IP Routing Protocols

Also need DDTS CSCdi77369. [CSCdi34362]
It does not affect the normal running of the router. [CSCdi64005]
Workaround is to issue shut and no shut commands to the interface which isn't receiving the IGMP reports. [CSCdi72642]
This fix resolves the problem. [CSCdi74009]
The problem happens only when the router have a single interface with OSPF running over it as broadcast/non-broadcast network. If the single interface is shutdown and is brought back up within a 5 seconds interval, it creates a race condition which causes the crash (or spurious access). [CSCdi74044]

ISO CLNS

Novell IPX, XNS, and Apollo Domain

The workaround is to hand-configure the parameters in the reverse order. [CSCdi72691]

Protocol Translation

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

mac-address XXXX.XXXX.XXXX
now MAY affect any LANE components' atm and/or mac addresses, since the esi portion of an auto generated atm address is created using the mac address of the interface.
Also note that this command actually causes a hardware reset on the card that is being executed. Hence, all LANE components on such a card will recycle anyway. But as to whether the atm addresses they listen on after they come back up again will change, actually depends on how those addresses were defined in the first place.
If they were defined using the "auto" addressing method, obviously their esi portions will be affected.
In the case of an LEC (LANE Client), the mac address of the client will also change as well.
****** Note that this fix broke DECNET, which is now fixed. So, the correct version that has BOTH the fixes in is 11.2 (2.2) ****** [CSCdi73530]

11.0(11) Caveats/11.0(12) Modifications

This section describes possibly unexpected behavior by Release 11.0(11). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(11). For additional caveats applicable to Release 11.0(11), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(12).

AppleTalk

Basic System Services

writeNet, hostConfigSet, netConfigSet [CSCdi50407]
A workaround is to ensure that there is at least one other NTP association (by configuring an "ntp server" or "ntp peer" on the system, or by changing one of the other systems to use "ntp peer" with the master rather than "ntp server"). [CSCdi67635]
If a daemon returns an error after a connection has been successfully established however, no more aliases for that daemon will be tried. Instead the daemon will try the next server configured in its list of servers.
One workaround is to order the list of tacacs-server hosts configured on the NAS to increase the likelihood that the desired daemon will always be selected. [CSCdi68816]
Cisco highly recommends upgrading all RSP-based systems to one of the Cisco IOS release identified below. For those systems that cannot upgrade, this problem can be avoided by disabling both BACKING-STORE and fair queuing. Please see instructions for this at the end of this message.
When packet load on RSP-equipped systems causes datagrams to be forwarded from SRAM to DRAM, a function of BACKING-STORE, 32 bytes of data may be randomly written into DRAM. This could result in several anomalous system behaviors including: - Software-induced system crashes - Dropped datagrams - Other anomalous errors
To eliminate this problem, Cisco highly recommends downloading and installing one of the following Cisco IOS releases:
Base Rel. Maint Rel. On CCO 10.3 10.3(16a) 11/15 11.0 11.0(12a) 11/22 11.1 11.1(7)CA1 11/18 11.2 11.2(1a) 12/9
The default Cisco IOS image for all new RSP-based router shipments is Cisco IOS release 10.3(16a) effective immediately.
SOLUTION:
FOR CUSTOMERS WITH RELEASE 10.3 Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
Option #2: Below are options to work around this bug.
1) Simply disable backing store on each interface with IOS command 'no transmit-buffers backing-store' Please note each interface needs this disabled.
Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces.
FOR CUSTOMERS WITH RELEASE 11.0, 11.1 or 11.2
Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
Option #2: Below are options to work around this bug.
1) Disable backing store AND fair queuing on each interface with IOS commands
'no transmit-buffers backing-store' 'no fair-queue'
ALSO disable udp-turbo flooding if the image is 11.0 or later The IOS command to disable UDP turbo flooding is 'no ip forward-protocol turbo-flood' which is OFF by default in all releases.
Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces. [CSCdi71609]
%SYS-3-MGDTIMER: Running parent with no child
This message is cosmetic in nature and has no impact on the health of the system. There is no workaround to this problem. [CSCdi72401]
The workaround is to configure the client as either unicast or broadcast, but not both. It may also be necessary to remove and reconfigure the "ntp server" configuration if the system is to be a unicast client. [CSCdi72452]

DECnet

EXEC and Configuration Parser

Router#sh ip arp ? Ethernet IEEE 802.3 H.H.H 48-bit hardware address of ARP entry Hostname or A.B.C.D IP address or hostname of ARP entry Null Null interface Serial Serial cr
RioGrande#sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.51 - 0000.0ca0.5d00 ARPA Ethernet0/0 Internet 10.6.1.71 1 0000.0c07.9b41 ARPA Ethernet0/0
RioGrande#sh ip arp 0000.0c07.9b41 Translating "c07.9b41"...domain server (255.255.255.255)
Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.71 1 0000.0c07.9b41 ARPA Ethernet0/0
Router#sh ip arp 10.6.1.71 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.71 2 0000.0c07.9b41 ARPA Ethernet0/0 RioGrande#
Router#sh ip arp e 0/0 Translating "e"...domain server (255.255.255.255)
Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.51 - 0000.0ca0.5d00 ARPA Ethernet0/0 Internet 10.6.1.71 8 0000.0c07.9b41 ARPA Ethernet0/0 [CSCdi68767]

IBM Connectivity

%CLS-3-CLSFAIL CLS Assertion failed file "../cls/cls_entitymanager.c", line 2985 this->fCepState == kCepStateIdReqPending -Traceback= 3272892 304084A 33B8156 33B96E6 3040832 3271056 327118C 326ED4A
This was an annoyance and the message was eliminated. [CSCdi64207]
% Error (0x0001,0x00000807) defining class of service.
If so, here is a workaround until the code is fixed to match what the help says are correct values.
1) When cfg-ing a tg-row's prop_delay, only these enumerated values are allowed, not the 0-255 implied by the help:
AP_PROP_DELAY_MINIMUM (0x00) = 0 AP_PROP_DELAY_LAN (0x4C) = 76 AP_PROP_DELAY_TELEPHONE (0x71) = 113 AP_PROP_DELAY_PKT_SWITCHED_NET (0x91) = 145 AP_PROP_DELAY_SATELLITE (0x99) = 153 AP_PROP_DELAY_MAXIMUM (0xFF) = 255
2) When cfg-ing a tg-row's security, only these enumerated values are allowed, not the 0-255 implied by the help:
AP_SEC_NONSECURE (0x01) = 1 AP_SEC_PUBLIC_SWITCHED_NETWORK (0x20) = 32 AP_SEC_UNDERGROUND_CABLE (0x40) = 64 AP_SEC_SECURE_CONDUIT (0x60) = 96 AP_SEC_GUARDED_CONDUIT (0x80) = 128 AP_SEC_ENCRYPTED (0xA0) = 160 AP_SEC_GUARDED_RADIATION (0xC0) = 192 AP_SEC_MAXIMUM (0xFF) = 255
3) 'show appn class det' will show zero values for all values of a TG row of any new COSs. [CSCdi67560]
This ddts the complete fix for CSCdi69283. [CSCdi70232]
This is fixed by providing the user with the following command to set up the amount of time DLSw should wait for responses from other peers. [no] dlsw timer explorer-wait-time seconds
The default value of the timer is zero. This causes DLSw to respond as soon a response is received (current behaviour).
Note 1: This may cause the first circuit (when the cache is NOT fresh) to be delayed by the amount of time configured. Once the cache is fresh, circuits will come up normally.
Note 2: If this timer is changed, DLSw will use the new value only for new explorers and the old explorers pending if any will contine to have the old value.
This provides the same functionality in IOS 11.0 as CSCdi59181 provides in IOS 11.1 and later. [CSCdi72231]

Interfaces and Bridging

However, interfaces did not go down on AGS+ or other 7000 routers (showing excessive collissions, (rate in excess of 10%) as is the case with the 4700 router with NP-6E card.
Using AM79970 chipset. Also seeing similiar manifestations as in CSCdi51927 where output of 'sh cont eth is showing 'link state down' while sh int eth sho up/up for state and we're seeing packets inbound/outbound on the interfaces respectively. [CSCdi49380]
%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
The show diagnostics x command reports that the board is disabled. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi66450]
%ALIGN-3-CORRECT: Alignment correction made at 0x60399C74 reading 0x40002165 [CSCdi68947]

IP Routing Protocols

The problem only happens if the configured value of the dead-interval is the same as the original default - 40 for broadcast network and 120 for non-broadcast network - and the hello-interval is not default.
The workaround is not setting the dead-interval the same as the original default.
When the fixed image is first loaded, the problem still happens. To resolve the problem, reconfigure the dead-interval again and do write memory. Then the problem will not happens again with subsequent reloads. [CSCdi62640]
Besides the messages, there is no bad effect on the network.
The workaround is to remove the route pointing to the Null interface. [CSCdi65475]
Note that releases 11.0(11.1) and 11.1(6.1) contain the fix for this ddts may reload when doing DNS name validation. Check CSCdi70707 and CSCdi71158. Releases 11.0(11.2), 11.1(6.2) and any 11.2 are fine. [CSCdi66910]
There is no workaround. [CSCdi70406]
The patch for this ddts causes CSCdi73022. [CSCdi71096]

ISO CLNS

LAT

Novell IPX, XNS, and Apollo Domain

Protocol Translation

TCP/IP Host-Mode Services

Wide-Area Networking

The same problem applies for aip10-15 on RP based platforms. [CSCdi67812]
Any release containing this bug should NOT be used in sites using LANE. The following releases are affected: 11.0(10.3), 11.1(5.3), 11.1(5.4), 11.2(0.23), and 11.2(0.24).
Note that for 11.0, only the 7000 image will be affected, as the 4500 and rsp platforms do not run LANE in 11.0. [CSCdi68089]

11.0(10) Caveats/11.0(11) Modifications

This section describes possibly unexpected behavior by Release 11.0(10). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(10). For additional caveats applicable to Release 11.0(10), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(11).

AppleTalk

%SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=xxxxx %SYS-2-LINKED: Bad enqueue of xxxxx in queue yyyyy
After which a router reload could occur. [CSCdi63635]

Basic System Services

10.2 - gs7-k2 gs7-p2 10.3 - gs7-k2 gs7-p2 rsp-k2 rsp-p2 11.0 - gs7-k2-mz gs7-p2-mz gs7-ak2-mz rsp-k2-mz rsp-ak2-mz rsp-p2-mz
CIP2 is a new hardware version that requires one of the previously listed images for a particular release of IOS. [CSCdi61227]
The Reserved Exception crash looks like this:
Queued messages: Aug 14 10:44:16: %RSP-3-ERROR: memd write exception, addr 08000000 Aug 14 10:44:16: %RSP-3-ERROR: RSP alignment error on write to QA, addr 08000000 *** System received a reserved exception *** signal= 0x9, code= 0x0, context= 0x60c72fd0 PC = 0x60107514, Cause = 0x2020, Status Reg = 0x34008702 DCL Masked Interrupt Register = 0x000000ff DCL Interrupt Value Register = 0x00000000 MEMD Int 6 Status Register = 0x00000000
The QAERROR looks something like this:
Jun 17 10:50:23.329: %RSP-2-QAERROR: reused or zero link error, write at addr 0308 (QA) log 260308C0, data A816FFFF 00000000 [CSCdi66673]

EXEC and Configuration Parser

IBM Connectivity

In most instances, the PC sends another SABME P and the router responds appropriately with a UA F.
The workaround is to ensure that the end station (PC) makes more than one attempt to connect to the host by sending at least two SABME Ps. [CSCdi46918]
If this is occurring, use fast switching instead of autonomous switching. [CSCdi52884]
%SCHED-2-NOTWATCHTIMER: simple timer 2CFBF8 not being watched. -Process= "BSTUN Background", ipl= 0, pid= 19 -Traceback= F336E 27A0C2 E677E E67F8 EF50E A0BA0 F25B8 27A15C
appears, as long as bstun is never to be used on the router before the next reload then the router should be fine. If bstun is to be configured again it would be safer to reload the router. [CSCdi53010]
This problem was introduced by some changes to the token ring interrupt handler in 11.0 and later.
There is no workaround for the diversion, though the flushing can be avoided by raising the explorer maxrate value to some high number. However, this may cause instability in the network.
Note that this bug fix is comprehensive in that several issues regarding multicast explorers and inbound remote explorers have now been resolved.
Paul S. [CSCdi59090]
Symptom is "dropped Routed protocol" messages are output when "debug source-bridge error" is enabled
This behavior was introduced by CSCdi61267. Integrated into 11.0(9.4) and 11.1(4.3). [CSCdi62738]
show ext channel x/0 path stat
the channels do not appear as expected. [CSCdi64003]
In version 11.0 and greater, a workaround is to no shut the CIP virtual interface, channel slot/2 [CSCdi64004]
As a temporary work-around, you can specify "retries 1" on the sna host definition. [CSCdi65375]
In addition, DLSw FST is not supported on a Channel Interface Processor (CIP) LAN interface.
This error caused by CSCdi58658 will result in a buffer leak in the RSP's Token Ring interface buffer pool and the Token Ring interface will eventually hang when it runs out of buffers. Issuing a show controller cbus command will show how many buffers the interfaces thinks are still available in the system.
The following error messages will occur :
*Aug 7 11:48:33 mst: %SYS-2-LINKED: Bad enqueue of 60AE6FC0 in queue 60B0EB60 -Process= "interrupt level", ipl= 5 -Traceback= 60110530 6016901C 60169070 60211C8C 600F2E70 600F2B70 600F06D4 601B78E0 60188EB0
boxer% rsym rsp-j-mz.111-5.0.1.symbols Reading rsp-j-mz.111-5.0.1.symbols rsp-j-mz.111-5.0.1.symbols read in Enter hex value: 60110530 0 x 60110530:p_enqueue(0 x 601104d0)+0 x 60 Enter hex value: 6016901C 0 x 6016901C:process_enqueue_common(0 x 60168fb4)+0 x 68 Enter hex value: 60169070 0 x 60169070:process_enqueue_pak(0 x 6016905c)+0 x 14 Enter hex value: 60211C8C 0 x 60211C8C:ip_simple_enqueue(0 x 60211c74)+0 x 18 Enter hex value: 600F2E70 0 x 600F2E70:dlsw_lan2fst(0 x 600f2c1c)+0 x 254 Enter hex value: 600F2B70 0 x 600F2B70:dlsw_srb_input(0 x 600f2ab0)+0 x c0 Enter hex value: 600F06D4 0 x 600F06D4:fs_srb_to_vring(0 x 600f054c)+0 x 188 Enter hex value: 601B78E0 0 x 601B78E0:rsp_process_rawq(0 x 601b673c)+0 x 11a4 Enter hex value: 60188EB0 0 x 60188EB0:rsp_qa_intr(0 x 60188dec)+0 x c4 [CSCdi65603]
%SYS-2-LINKED: Bad enqueue of 9600E8 in queue 88380. SNA: Alert xxxxx not sent, Focal point buffer overflowed. [CSCdi66340]
%CBUS-3-CIPRSET: Interface Channelslot/port, Error (8010) disable - cip_reset() %CBUS-3-INITERR: Interface decimal, Error (8004), idb hex decimal cmd_select - cbus_init() %CBUS-3-INITERR: Interface decimal, Error (8004), idb hex decimal cmd_select -cbus_init() %CBUS-3-CTRLRCMDFAIL1: Controller decimal , cmd (128 hex) failed (0x8010)count (16) %CBUS-3-FCICMDFAIL1: Controller decimal, cmd (32 0x00000001) failed (0x8010) count (1)
Looping may be severe enough to require a router reboot.
The looping messages may overrun the logging buffer and thus obviate the reason for the initial attempt to reset the CIP. [CSCdi66420]

Interfaces and Bridging

On RSP-ONLY : If HSRP and bridging is configured on a Token Ring interface, the active router fails to forward ip routed packets which arrive at the Token Ring for the standby ip address. [CSCdi63104]

IP Routing Protocols

When used with neighbors external to the Confederation, Private AS numbers will be removed if it is after the Confederation part of the AS path. [CSCdi64489]
It is also possible for a race condition to occur, where the majornet route is lost, even after it has been received and installed into the routing table.
The workaround for this problem is a floating static route for the majornet matching the PPP-created host route using a majornet mask pointing to the PPP-created host route. For example, if the host route is 192.1.1.1, then using the command ip route 192.1.1.0 255.255.255. 0 192.1.1.1 250 should solve the problem. [CSCdi65258]

ISO CLNS

There is no workaround for this problem. [CSCdi64256]
The routers will now make a distinction between possible duplicate system IDs, and spurious LSP purges, which are probably caused by LSP corruption somewhere in the network. [CSCdi64266]
%CLNS-4-DUPSYSTEM: ISIS: possible duplicate system ID xxxx.xxxx.xxxx detected
This is a cosmetic problem only. There is no workaround to this problem. [CSCdi65078]
%ISIS: Refresh time must be less than LSP lifetime
This bug will cause no real harm, as the router will only fall back to the default lsp-refresh-interval of 15 minutes. There is no workaround for this bug. [CSCdi66787]

Novell IPX, XNS, and Apollo Domain

%Invalid IPX command - IPX not enabled on interface
Note that this can be corrected by issuing a "config mem". A workaround is to always configure at least one IPX network on the primary interface. [CSCdi45840]
There is no way to correctly count these packets any longer (since 9.21). Therefore these counters are being removed. [CSCdi58345]
Commands added to facilitate the timeout process are:
ipx spx-spoof session-clear [minutes] (default 60) and ipx spx-spoof table-clear [hours] (default 16).

[CSCdi64010]

It appears as though the router learns the SAP, sends it into the EIGRP cloud and if the other routers in the cloud do not split-horizon SAP's prefers the SAP being seen from the EIGRP cloud. Once this is created, in certain circumstances it is impossible to remove these SAP's from the table.
The workaround is to have all routers split-horizon SAP's. [CSCdi66719]
%NLSP: Refresh time must be less than LSP lifetime
This bug will cause no real harm, as the router will only fall back to the default lsp-refresh-interval of 15 minutes. There is no workaround for this bug. [CSCdi66788]

Protocol Translation

VINES

Wide-Area Networking

Workaround is being investigated. [CSCdi50049]
frCircuitReceivedFECNs Counter, frCircuitReceivedBECNs Counter, frCircuitSentFrames Counter, frCircuitSentOctets Counter, frCircuitReceivedFrames Counter, frCircuitReceivedOctets Counter,
would be reset resulted by the "clear counters" exec level command for the interface over which the FR circuits were established. [CSCdi60658]
There is no workaround. [CSCdi60761]
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1011, VPI=0, VCI=262) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC) %AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Teard own VC command (error code 0x8000) [CSCdi62445]
However, due to the default bandwidth of the group async interface being greater than that for a fair queueing candidate, it is actually not configured for fair queueing which is what it reverts to after a reload.
A workaround in order to enable and disable fair queueing on the interface is to use the bandwidth command to set an applicable value such that the "fair-queue" command is meaningful thereafter. [CSCdi66301]

11.0(9) Caveats/11.0(10) Modifications

This section describes possibly unexpected behavior by Release 11.0(9). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(9). For additional caveats applicable to Release 11.0(9), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(10).

AppleTalk

This only occurs in 11.2. For other releases, the source changes contain only minor internal fix. [CSCdi60845]
This only occurs in 11.2. There is minor internal fix to prior releases. [CSCdi61658]
Note: For routers that are directly connected to a Phase 1 (non-Phase 2) router in compatibility mode, the appletalk proxy-nbp network zone command must be used. This will allow the router to convert the NBP FwdReq to NBP LkUp to the Phase 1 router. [CSCdi61668]

Basic System Services

%SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000
This message may eventually lead to the router haning. [CSCdi54119]
See the attached config for "ip host ttt" [CSCdi60064]

DECnet

The fact that the NSEL indicates intra- Phase V cluster traffic and that the source was a IV host means that the packet was originated by a IV host, converted by the router and sent to one of the Phase V cluster members, who decided that this packet should be sent to one of the other cluster members. In this case, the packet is sent back to the router (since the receiver presumably has no idea where this other cluster member is), and the router should send a redirect to the cluster member who first received the packet, indicating that the intended recipient is on the same LAN. [CSCdi52326]
If there is a matching route in the CLNS prefix table, then the DECnet "advertise" route behaves correctly. [CSCdi58806]
It is a cosmetic problem and has no other impact on the router. [CSCdi60716]

EXEC and Configuration Parser

IBM Connectivity

SDLC test output is now sent to a telnet session when terminal monitor was turned on. If you are logged into the console, then the output is received fine. [CSCdi51539]
In addition, a downstream PU may attempt to connect to a backup dlus prematurely when the primary should have been tried first. [CSCdi52060]
CIP variables not included in the CISCI-CHANNEL-MIB
Added: cipCardSubChannelCmdretries to cipCardSubChannelTable Added: cipCardDtrBrdLastStat and cipCardDtrBrdNextStat to cipCardDaughterBoardTable [CSCdi55031]
This does not seem to have any impact on our users and the work around is to ignore the extraneous FMH-7 frame on any line traces you may be looking at. [CSCdi56698]
Note: CSCdi61278 is a follow on fix to this problem. [CSCdi58842]
stun schema cnt offset 0 length 1 format hexidecimal ^ % Invalid input detected at '^' marker. [CSCdi60992]
This ddts is a follow on fix to CSCdi58842. [CSCdi61278]
Previous crashes that were likely caused by this race condition : CSCdi61278 CSCdi58842 [CSCdi61790]
Prior to this fix, an emulator session requireing non-paced traffic would fail with sense 20110005. [CSCdi63136]

Interfaces and Bridging

Condition (1) could result in a large leak. Condition (2) would leak until the context was dynamically created, generally in about 1 second. [CSCdi54825]
/Ramki [CSCdi58194]
Work aroung is to run 10.3(x). [CSCdi59204]
Cisco Systems expects to resolve this caveat in a future IOS release. [CSCdi59825]
A workaround is to configure "ipx routing" (it is not necessary to assign any IPX addresses in the router, so it will not actually participate in IPX.) [CSCdi61501]

IP Routing Protocols

When a HSRP group changes from active state to any other non-active state, HSRP will reset the interface to de-register the virtual MAC address from the address filter.
The disruption may become unexceptable if there are many HSRP groups on a fddi interface change state many times in a short period of time.
But the bad situation was seen when there were over 60 HSRP groups defined on a fddi interface.
I would say the severity of this bug depends on the number of HSRP groups defined on a fddi interface.
Now for this bug to kick in the HSRP state has to change and for that to happen we have to miss 3 HSRP hellos (9-10 secs). [CSCdi59054]
The workaround for this problem is a floating static route for the majornet matching the PPP created host route using a majornet mask pointing to the PPP created host route. i.e., if the host route is 192.1.1.1, then using 'ip route 192.1.1.0 255.255.255.0 192.1.1.1 250' should cure the problem. [CSCdi59425]
There is no workaround to this problem. [CSCdi59446]
To recover, perform a shut/no shut on the interface. [CSCdi60445]
Additionally, if a router running IPX-EIGRP receives an update containing an external route that was originated by the router itself, the rest of the update will be ignored.
There is no workaround to this problem. [CSCdi61491]
Also, attempts to refresh ARP entries every minute, rather than every keepalive interval. [CSCdi61730]

ISO CLNS

Novell IPX, XNS, and Apollo Domain

ipx route-cache max-size size
size is the maximum number of entries allowed in the IPX route cache.
If the cache already has more entries than the specified limit, the extra entries are not deleted. To remove stale entries, use the ipx route-cache inactivity-timeout time command to select a suitable value for the cache aging parameter. [CSCdi60228]

Protocol Translation

VINES

Wide-Area Networking

%ATM-4-MTUCALLMISMATCH: Incoming call has mismatched maximum transmission unit
If the remote device is re-configured with the correct SDU size, the problem will not occur. [CSCdi57676]
%LANE-3-LANE_SIG_INV_MSG: invalid msg received (4 A8CF4E A)
The error is harmless .... The LES/BUS continues to operate normally after this message. [CSCdi59010]
If dialer holdqs are enabled, an outbound call could crash the box. [CSCdi60578]
ipx route-cache nasi-server enable [CSCdi60747]

11.0(8) Caveats/11.0(9) Modifications

This section describes possibly unexpected behavior by Release 11.0(8). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(8). For additional caveats applicable to Release 11.0(8), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(9).

AppleTalk

Basic System Services

% Maximum number of parties reached. % Memory allocation failure
You can ignore this if you are not using SNMPv2 and parties. [CSCdi57672]

DECnet

EXEC and Configuration Parser

The command does the equivalent to the following show commands: show version show running-config show controllers show stacks show interfaces show buffers show process memory show process cpu [CSCdi47180]
The remaining "write" and "copy running-config" commands still operate at the users current privilege level due to security considerations. [CSCdi55809]

IBM Connectivity

CIP ILAN(Channelx/2-TokenRing): packet dropped - vencap failed
for explorers received on the router that are not destined for any of the CIP internal LAN MAC addresses. For these explorers not destined for a CIP internal LAN MAC address, the above debug message should not be displayed. [CSCdi46832]
The CIP will be unable to successfully initialize. This may result in other messages, like: CBUS-3-CTRLRCMDFAIL1: CBUS-3-DAUGHTER_NO_RSP:, or CBUS-3-CCBPTIMEOUT: associated with the slot that the CIP is in. [CSCdi50739]
Work around is using direct encapsulation over frame relay with local-ack. [CSCdi52568]
- encapsulation sdlc-primary or encapsulation sdlc-secondary - nrzi-encoding - The interface is configured as a DCE.
The low speed asynchronous/synchronous serial interface may drop SDLC frames with this configuration. The symptoms of this problem are poor performance and excessive Cyclic Redundancy Check (CRC) errors on the interface (as seen via the show interface command).
The fix for this problem requires: hardware version 00000002 and a software fix for this defect, which is incorporated into Cisco IOS Release 11.0(9) and 11.1(4), and later. All Cisco 2520, 2521, 2522, and 2523 routers manufactured before May 24, 1996 are subject to this problem.
To identify whether your router is affected, issue a show version command. The hardware revisions that are subject to the problem are "00000000" and "00000001". Hardware revision "00000002" contains the hardware fix that resolves this problem:
cisco 2520 (68030) processor (revision E) with 4096K/2048K bytes of memory. Processor board ID 02351913, with hardware revision 00000002 [CSCdi57040]

Interfaces and Bridging

The following three workarounds can be used:
-- Turn off padding on process-switched packets via the command: no ipx pad-process-switched-packets
-- Configure the router for Autonomous Switching instead of SSE switching via the commands: no ipx route-cache sse ipx route-cache cbus
-- Turn off SSE switching: no ipx route-cache sse [CSCdi42802]
As a workaround, one can remove all access list entries following the entry which matches all packets. Doing so will not change the behavior of the access list.
As an example, change:
access-list 116 permit ip any any access-list 116 permit tcp any any gt 1023 access-list 116 permit tcp any any eq smtp
to:
access-list 116 permit ip any any [CSCdi50886]

IP Routing Protocols

This defect will not be fixed in 10.0 because of its low severity and because it was found internally. This is because 10.0 is in its Mature Maintenance Phase. [CSCdi21082]
The workaround for this bug is to use 255.255.255.255 as the broadcast address. [CSCdi50629]

ISO CLNS

The ping command does not accept any NSAP (for the source NSAP) other than the default value (i.e. the sender's own NSAP). [CSCdi54904]
The fix is to delay the cache invalidation, and have an appropriate knob to control the frequency of invalidation. [CSCdi56559]
A workaround is to either disable IS-IS before removing the static route, or to enable IS-IS on the interface before removing the static route. [CSCdi56815]
A workaround is to filter out the ESH packets using the "clns adjacency-filter es" configuration command in conjunction with an appropriate filter set (which should specify a wildcard, "**", in the last byte of the address). [CSCdi58621]

Novell IPX, XNS, and Apollo Domain

The workaround is to add or delete another static route or service, or restart the NLSP process by deconfiguring and then reconfiguring it. [CSCdi52574]
There is no workaround to this problem. [CSCdi55252]
Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC)
The existence or absence of the access-list in the configuration does not effect the behavior of the router. [CSCdi55681]

Protocol Translation

VINES

Wide-Area Networking

The correction of this fix also enforces the parser to restrict the range allowed for the burst size parameter of the atm pvc command to the legal values [1-63]. [CSCdi45984]
Several requests have come in for modifications to the PPP Authentication feature. At the same time, a fundamental security hole (remote PAP gives away the router's hostname and matching password) was identified. Here are the changes made. Note that three DDTS were opened (CSCdi49278, CSCdi54088 and CSCdi44884). These changes were integrated into 11.0(8.1), 11.1(3.0.2) and 11.2(0.7).
For the purposes of this document, 'remote authentication' will mean authentication BY the remote PPP unit of the local router. Similarly, 'local authentication' is the authentication OF the remote PPP unit by the local router. The unit doing the authentication (the authenticator) is the unit checking the other ends password. Another way of looking at it is that the terms, 'local' and 'remote', refer to the location of the applicable 'ppp authentication {chap|pap}' configuration command. The terms 'local authentication' and 'remote authentication' are confusing but slightly better than 'inbound authentication' and 'outbound authentication'.
Goals: -disable remote PAP authentication unless explicitly configured -allow multiple servers to appear as a single server to ease configs -allow remote peer to authenticate to multiple unknown servers
New PPP Authentication Commands
ppp pap sent-username xxxx password yyyy ppp chap hostname xxxx ppp chap password [n] zzzz
All commands are interface configuration commands. Since they are PPP commands they are entered in the dialer group or async group or BRI/PRI interface as applicable.
ppp pap sent-username xxxx password yyyy
Remote PAP has been disabled by default. This command will re- enable remote PAP support for the specific interface and use the 'sent-username' and 'password' in the PAP Authentication Request packet to the peer. Remote PAP is when the peer requests that you authenticate or prove yourself to him. This change was done because a security hole exists in the present code. Prior to this change, we would send out our hostname and password in the PAP Authentication Request packet. The same password that the peer is supposed to know in order to do local CHAP authentication.
ppp chap hostname xxxx
This command is added to allow ISPs to create a pool of dial-up routers all appearing to be the same host when authenticating with CHAP. Currently, the ISP's customers need to have username entries for any possible router they might attach to. This will allow them to have a single entry as all ISP routers will challenge with a common hostname. This command is normally used with local CHAP authentication (when we are authenticating the peer) but it can also be used for remote authentication.
ppp chap password [n] zzzz
This command is added to allow a router dialing to a collection of routers not supporting the 'ppp chap hostname xxxx' command (such as units running older IOS images) to configure a common password (ie CHAP secret) to use in responding to challenges from an unknown peer. Thus a customer can replace several username/password config commands with a single copy of this command (per interface or dialer/async group interface). Note that this command is only used for remote CHAP authentication, ie. when we are authenticating for the peer. It does not affect local CHAP authentication.
Example configurations (most non-authentication details left out)
Remote router dialing multiple servers in a single rotary (w/out dialin)
hostname customer451 ! interface bri0 encap ppp ppp chap password 7 jfdjla
Central site router (one of many in a single rotary)
hostname 3rdfromtop ! username customer451 password 7 jfdjla (probably uses TACACS+ instead) ! interface dialer0 encap ppp ppp authentication chap callin ppp chap hostname ISPCorp
Central site router (as above but requiring support for older PAP clients)
hostname 3rdfromtop ! username customer451 password 7 jfdjla (probably uses TACACS+ instead) ! interface dialer0 encap ppp ppp authentication chap pap callin ppp chap hostname ISPCorp ppp pap sent-username ISPCorp password 7 fjhfeu [CSCdi49278]
In addition, when the serial line is configured to be frame-relay intf-type dce or frame-relay intf-type nni, if a frame-relay intf-type command is entered after the desired PVCs have been configured, then the router will fail to send the correct LMI Full Status message. [CSCdi52339]
This is a change from SW Ver. 10.3.
The reason for this is because it was possible to configure multiple QSAAL and ILMI PVC's on multiple subinterfaces which lead to problems. This should not have been allowed. [CSCdi58635]

11.0(7) Caveats/11.0(8) Modifications

This section describes possibly unexpected behavior by Release 11.0(7). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(7). For additional caveats applicable to Release 11.0(7), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(8).

AppleTalk

Basic System Services

Line command flowcontrol software lock may now be used to specify a flow control configuration that will not change when connected to remote network hosts, using telnet or rlogin protocols. [CSCdi33144]
%DBUS-3-DBUSINTERR: Slot 0, Internal Error
It may also be accompanied by the following messages:
"%CBUS-3-CMDTIMEOUT: Cmd time out, CCB 0 x XXXXXXXX slot n, cmd code n"
"%DBUS-3-WCSLDERR: Slot n, error loading WCS, status 0 x XX cmd/data 0 x XX pos n"
If the WCSLDERR error displays, the RSP board is disabled and will not be displayed when you issue a write terminal command. Issue a microcode reload command to take the card out of the disabled state. [CSCdi49854]
A partial work-around is to identify those devices which are performing auto-discovery, and modify their default behavior so that they perform auto-discover on a less frequent basis, if at all.
The permanent solution is to lower the priority of the "IP SNMP" process so that it doesn't starve other processes in the system. [CSCdi50399]
Since the differences between the -00 and -01 versions were never incorporated, and since the -01 documents have been expired by the IETF, and since the SNMPv2 party-based model (RFCs 1445-1447) that these documents rely upon has been relegated to historic status by the IETF, support for the Simplified Security Conventions will be removed from all software images.
This is the first step in replacing all support for party-based SNMP with support for SNMPv2C as outlined in RFCs 1901-1908, as well as supporting any new secure SNMP standard produced by the IETF. [CSCdi53343]

EXEC and Configuration Parser

For example to set an IPX static NDS service name which contains encoded data. This presently display as:
P 26B CISCO2_______________ 307C3EC4.0000.0000.0001:0005 2/01 1 Et0 Full name: 'CISCO2__________________________^Ust^FL@@@@@D^EPJ'
The binary will now display as xXX where XX is the Hexidecimal value of that character in that quoted sting.
ipx sap 26b "CISCO2____ xXXst xXXL@@@@@D5 2
where XX are the hex values for ^U, ^F, and ^E
to enter the character "" will require using two ""s, e.g. "\" . [CSCdi53685]

IBM Connectivity

Example:
!to filter SMB 73 packet netbios access-list byte SMB deny 18 73
int tok 0 source-bridge 100 1 200 source-bridge spanning netbios input-access-filter session-bytes SMB
int tok 0 source-bridge 200 1 100 source-bridge spanning netbios output-access-filter session-bytes SMB [CSCdi40165]
%APPN-7-APPNETERROR: Inconsistent TG information TG=21 ADJ_NODE=AWWUKIBdWdr
The ADJ_NODE name is displayed using the incorrect format.
The "Inconsistent TG info" message is displayed when the NN receives a TDU with the same sequence number that has different information. VTAM sent a tdu for a NN with a different netid. If the link to that NN was stopped and restarted, VTAM sometimes sent a TDU with the same sequence number but different information. This problem was reported to IBM. [CSCdi50674]
dlsw peer-on-demand-defaults lf lf_size
lf_size is the largest frame size that circuits over this peer will negotiate down to. DEfault is 17800. Valid values are: 11407 11407 byte maximum frame size 11454 11454 byte maximum frame size 1470 1470 byte maximum frame size 1500 1500 byte maximum frame size 17800 17800 byte maximum frame size 2052 2052 byte maximum frame size 4472 4472 byte maximum frame size 516 516 byte maximum frame size 8144 8144 byte maximum frame size [CSCdi50687]
This ddts also fixes a "bad p_enqueue NULL" traceback in cls_entitymanager.c that is preceeded by a CLS_ASSERT traceback with text "connInd != NULL". [CSCdi50868]
Work-around to avoid this problem is to ensure that deactivation of the upstream LU is complete (i.e. DSPU has deactivated the downstream LU) before reactivating the upstream LU.
Work-around to recover a lost LU is to deactivate/reactivate the downstream PU. [CSCdi51042]
DLSW:CPUHOG in CLS background, PC=0x60549f3c
Since the CPU is being occupied by the CLS background process for a period of time, protocols that involve polling may lose their connections because of to poll starvation. [CSCdi52382]
There is no workaround and the impact can be substantial for large networks, resulting in increased delays for srb connections. [CSCdi53357]

Interfaces and Bridging

This fix prevents zero- or outlandishly-sized packets from reaching the decompression engine. [CSCdi51869]
%SCHED-2-WATCH: Attempt to set uninitialized watched boolean (address 0). -Process= "*Sched*", ipl= 7 -Traceback= F82C6 11FAEA Exception: Level 3 at 0xA49F4 (PC)
Workaround: Removing the serial cable from the router allowed the machine to boot correctly. At that point, the cables could be re-attached and the machine would function normally. [CSCdi51928]

IP Routing Protocols

This bug could also cause the router crash when network command is deleted. network command with route-map option should be used to cause the crash. [CSCdi51820]

ISO CLNS

The result of this situation is a high CPU utilization, and is more pronounced in an environment where there is heavy CLNS traffic (e.g. large file transfers), [CSCdi52752]
When the redistribution is disabled, ISO-IGRP should poison all prefix routes that were being learnt from the protocol that was being redistributed.
ISO-IGRP currently does not do this, and as a result, can cause the routes to count to infinity. [CSCdi53023]

Novell IPX, XNS, and Apollo Domain

Protocol Translation

Only 5 translate statements using X.25 permanent virtual circuits can be read from non-volatile memory upon boot up. If more are required, a work around is to configure them after booting from a terminal or using TFTP. [CSCdi52043]

TCP/IP Host-Mode Services

TN3270

VINES

Mar 12 083512 143.182.21.2 117 %SYS-3-MGDTIMER Uninitialized timer, timer stop, timer = 60B117F8 Mar 12 083512 143.182.21.2 118 -Process= "VINES Protocols", ipl= 0, pid= 44 Mar 12 083512 143.182.21.2 119 -Traceback= 60112410 60113238 6034CBC0 6034D204 6034E114 6034E24C 6034E580 6033C990 6033CB10 600EC980 600EC96C [CSCdi51689]

Wide-Area Networking

To prevent this behavior, remove the cause of the line errors or increase the hold-queue size. [CSCdi48424]
There is no workaround. [CSCdi50313]
-- Specify the full NSAP address of the ARP Server interface, using the atm nsap-address nsap-address command, instead of just the ESI portion. -- After boot-up, issue a no atm arp-server command and then reissue the atm arp-server command. [CSCdi50592]
The problem will show up only when the two configuration commands are issued quick and close enough. So, the problem will most likely to occur when booting a router with such configurations. The problem will likely not to show up when these two configuration commands are issued sequentially from command line, as the two commands could not be entered so quick and so close to each other (to introduce the problem).
So, the output hang caused by this should recover without human interferring, although it may take a few minutes. On the other hand, 'shutdown' and 'no shutdown' on the atm interface with the configurations, as soon as the router is reloaded, should let everything work normally from the very beginning, without seeing the output hang. [CSCdi51013]
For instance, assume DLCI 300 is marked DELETED and subinterface s0.300 is shut down. The commands
int s0.300 frame-relay interface-dlci 300 broadcast no shut
will result in s0.300 being shown as up while the associated DLCI is deleted.
Reversing the above commands will avoid this behavior. [CSCdi53328]

11.0(6) Caveats/11.0(7) Modifications

This section describes possibly unexpected behavior by Release 11.0(6). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(6). For additional caveats applicable to Release 11.0(6), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(7).

IBM Connectivity

11.0(5) Caveats/11.0(6) Modifications

This section describes possibly unexpected behavior by Release 11.0(5). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(5). For additional caveats applicable to Release 11.0(5), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(6).

AppleTalk

Basic System Services

This size reduction is, however, a source of confusion since it is not accounted for in any of the show outputs. The show version output is therefore being changed so that it shows the true physical size of processor memory even though the 4096 byte chunk will continue to be used for the special purpose. This change is cosmetic and does not affect the operation of the system in any way. [CSCdi30593]
A workaround is to disable fast switching of IP multicasting, or fast switching of source-route bridging (SRB) fast explorers by using the no source explorer-fastswitch command. Another possible workaround is to remove or add an IP card, particularly of a different media type. [CSCdi45887]
The keyword 'connection', if entered as part of a 'aaa accounting' command, is not shown in the on-line help even though the command is accepted and supported. [CSCdi47394]
There is no workaround to this problem. [CSCdi47415]
%CI-3-CTRLRTYPE: Wrong controller type 10 %CI-4-NOTFOUND: Chassis Interface not found
The output of the show version command indicates:
WARNING: Chassis Interface not present
When these messages appear, the show environment commands do not work, and no environmental monitoring takes place. [CSCdi48075]
async-bootp dns-server x.x.x.x y.y.y.y async-bootp nbns-server z.z.z.z w.w.w.w
Where:
x.x.x.x is the primary DNS server y.y.y.y is the secondary DNS server z.z.z.z is the primary NBNS/WINS server w.w.w.w is the secondary NBNS/WINS server
To tell if you version has support, issue the configuration command "async bootp ?". Is "nbns-server" appears in the list of valid completions, you have RFC 1877 support. [CSCdi48113]

DECnet

EXEC and Configuration Parser

IBM Connectivity

%CIP0-3-MSG: %MSG802-3-INVALID_VCN2: LAN has configured for vcn=decimal, adapter=decimal lan=decimal ran=decimal [CSCdi47478]
A) an all routes explorer is generated on that ring
B) a packet with a rif that indicates that the packet should go back onto the token ring it originated on
will cause a bridge loop and cause router cpu to rise as well as increase ring utilization.
This bug fix makes the router check the rif in further detail. [CSCdi48577]
The sense data from the CV 0x22 (when present) is also not provided in the DSPU error message. [CSCdi49863]
Additionally, this ddts enhances the "show dlsw peers" output to show the current congestion level of a TCP peer's outbound tcp queue and also displays the amount of time a peer is connected. [CSCdi49949]

Interfaces and Bridging

In addition to the hardware requirement, the fix for this bug that is in Release 11.0(8) and later releases requires that you allow a minimum of 15 seconds to elapse between OIR events. Removal of one interface counts as one event, and insertion of one interface counts as one event.
If your MIP hardware is not at least hardware version 1.1, it will not EOIR or OIR correctly!
Failure to allow this time for the router to stabilize between OIR events can result in the reset performed for one event corrupting the reset performed for another event, which could require interfaces to be reconfigured or reinitialized manually. This reset requires even more time if additional channel-groups are defined within the router. The time between OIR events should be increased to as much as 30 seconds if three or more MIP cards are fully channelized in the router. While the corruption of this reset activity might occur only occasionally if OIR events are too closely timed, it is mandatory to allow the correct interval to guarantee the benefits of EOIR/OIR. [CSCdi46137]
Note: that this bug wasn't actually resolved in the 11.0 tree until 11.0(5.1). [CSCdi46908]
no workaround
fixed in next release. [CSCdi49301]
The complete message is of the form:
%SYS-3-TIMERNEG: Cannot start timer (0x...) with negative offset (-...). -Process= "Spanning Tree", ipl= ..., pid= ... -Traceback= ... [CSCdi50360]

IP Routing Protocols

Workaround is to do a "clear ip mroute *" after the neighbor becomes active. [CSCdi46003]
There is no workaround for this problem. [CSCdi48312]

ISO CLNS

This can happen if a DECnet IV hello was received first, in which case DECnet creates a Phase V adjacency in the adjacency data base, and marks it as "Phase IV". When the ISIS hello comes in a little later, ISIS fails to modify the adjacency format to be "Phase V".
A snippet of a display from the customer's router is attached below:
KCCR01# sh clns is
System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase IV ...
Clearing the table and re-issuing the "show" command shows:
KCCR01# sh clns is
System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase V
Basically, the problem will show up when the DECnet hello comes in first. [CSCdi48461]
gray(config)#router isis gray(config-router)#net 39.840f.1135.6700.26.55.0020.0054.d900 gray(config-router)#net 39.840f.1135.6700.27.55.0020.0054.d900 % Ambiguous command: "net 39.840f.1135.6700.27.55.0020.0054.d900"
This is because the parser generates another command at the 'router isis' level which makes the 'net' command ambiguous. The other command ('network') actually applies to BGP and should not be generated by the parser at the 'router isis' level.
gray(config)#router isis gray(config-router)#net 39.840f.1135.6700.27.55.0020.0054.d900 gray(config-router)#? Router configuration commands: ... ... lsp-gen-interval Minimum interval between SPF calculations lsp-mtu Set maximum LSP size maximum-paths Forward packets over multiple paths net A Network Entity Title for this process (OSI only) network Specify a network to announce via BGP [CSCdi48790]

Novell IPX, XNS, and Apollo Domain

Clients on LANs with no server can connect correctly, because the router answers the GetNearestServer request. However, whenever a Novell server resides on the same LAN as the client, the client will not be able to connect to any remote services.
Use the show ipx servers command to determine whether any SAPs are being seen with zero hop count from the neighboring router. [CSCdi46488]
Workaround is to enable ipx sap-uses-routing-info. [CSCdi46812]

TCP/IP Host-Mode Services

%SYS-6-STACKLOW: Stack for process TCP Driver running low, 36/1000 [CSCdi50306]

VINES

The parser incorrectly accepts the interface configuration command vines access-group 2xx which can yield unexpected results.
The workaround is to use the correct configuration as specified in the "Router Products Configuration Guide". The example in the "Router Products Command Reference" under the vines access-list (simple) is incorrect up to and including the 11.0 documentation. [CSCdi49568]

Wide-Area Networking

There is currently no mechanism to switch to a different protocol if the default authentication protocol is not supported on the remote client. [CSCdi35908]
show atm traffic command output looks as follows now:
router#show atm traffic 279548 Input packets 15025 Output packets 17 Broadcast packets 0 Packets received on non-existent VC 0 Packets attempted to send on non-existent VC 129 OAM cells received 134 OAM cells sent
where Input packets include all input packets on the atm interfaces i.e. process , fast and autonomous switched as well as those received on non-existent VC.
Similarly Output packets include all process, fast and autonomous switched out- going packets including broadcast packets.
Packets attempting to be sent on non-existent VC are just displayed and not counted as Output packets since they are never sent. [CSCdi45189]
The symptom of this problem is the printing of 'Parameter held until RESTART' messages while the router image has not completed its startup. In particular, the PVC configuration commands will be refused if commands to modify the default VC ranges are held off. [CSCdi45199]
Cisco Systems expects to resolve this caveat in a future AIP microcode version. [CSCdi45807]
This is regarding an internet draft from S. Cobb of Microsoft [to update RFC 1332].
We currently implement the IP DNS [main, secondary] configuration ["tell me who your DNS server is"] portion of this draft but it was suggested that we give the server configured by the async-bootp command instead, if configured. This has been implemented.
A separate bug will be added for configuration of the WINS name server information. [CSCdi46322]
A possible workaround is to set the dialer idle-timeout value on the BRI routers connected to NET3 switches higher than the timeout value of the other router or routers connecting via ISDN. This assumes the other router or routers do not have BRI's connected to NET3 switches, as they would have the same problem. This also requires knowledge of the dialer idle-timeout value configured on the other router or routers.
The problem does not occur if the call hangup is initiated by the ISDN network rather than the BRI router connected to a NET3 switch.
11.0(2.1), 10.3(6.1) and 10.2(8.5) were the first available versions which exhibited the problem. [CSCdi46668]
In some instances the user is given a help prompt that indicates RFC1294 encapsulation is about to be configured.
This is erroneous. RFC1294 is obsoleted by RFC1490.
As of IOS release 10.3 Cisco uses RFC1490 for bridged and routed protocols.
These errors are all cosmetic.
No work around is required. [CSCdi48715]
If you choose to continue to use Cisco IOS Release 11.0(5), Release 11.1(1) or earlier releases, the Catalyst 5000 requires ATM software release 1.1. [CSCdi49790]

XRemote

11.0(4) Caveats/11.0(5) Modifications

This section describes possibly unexpected behavior by Release 11.0(4). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(4). For additional caveats applicable to Release 11.0(4), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(5).

AppleTalk

Basic System Services

This will cause the discovery mechanism of IBM bridge management software (Lan Network Manager for AIX) to fail against Cisco Routers. [CSCdi46677]
introduced a problem wherein any use of the "snmp-server enable traps" command will automatically enable all envmon SNMP traps. This occurs when the user types in this command, as well as after a router reboot, if any other "snmp-server enable trap" exists in the configuration file. The only workaround is to manually type : no snmp-server enable traps envmon or to disable the envmon traps via SNMP.
Again, this will disable the envmon traps, but the traps will be enabled again on the next reboot. [CSCdi47252]

DECnet

An illustration of this problem can be seen by issuing a 'SET HOST' command from one Phase IV host to another over a Phase V cloud, and noticing that the connect can take about a minute to complete. Normally this operation should take a few seconds. [CSCdi38569]
This is a cosmetic bug only. [CSCdi46327]

EXEC and Configuration Parser

IBM Connectivity

sdlc hdx becomes half-duplex bsc fdx becomes full-duplex sdlc rts-timeout val becomes half-duplex timer rts-timeout newval sdlc cts-delay val becomes half-duplex timer cts-delay newval
Note that the units for newval are in milliseconds while the v alues for val were in microcode cycles. These values are translated by the code. [CSCdi30258]
When a packet cannot be fast switched using the route cache, the packet must be switched by the processor.
The counters for "Route cache" switched packets are incremented even if the fast switch of a packet fails.
The counters for "Processor" switched packets are incremented correctly. [CSCdi41891]
ALIGN-3-SPURIOUS: Spurious memory access made at 0xnnnnnnnn reading 0x1 [CSCdi45258]
When a locally attached SDLLC connection sends a TEST frame to a CIP connected host, the TEST frame is dropped and router reports a Bad VCN error. Frames are in turn received from the host and forwarded to the appropriate destination.
This problem only exists when there are access lists configured on the router interfaces. [CSCdi46474]

Interfaces and Bridging

no workaround.
fixed in next release. [CSCdi44993]
Even without the fix, compression continues to work, but evaluation of compression ratios is complicated. [CSCdi45308]
DBUS-3-DBUSINTERR: Slot 1, Internal Error %CONTROLLER-2-CRASHED: Interface Processor in slot 4 not responding (8004): shutting it down
This error occured because the software was trying to access the card after it had been removed. [CSCdi46228]
no work around.
fixed in next release. [CSCdi46803]

IP Routing Protocols

Symptom:
#sh app int tun 0 Tunnel0 is up, line protocol is up AppleTalk port is an AURP Tunnel AURP Data Sender state is Unconnected AURP Data Receiver state is Waiting for Open Response AURP Tickle Time interval is 90 seconds AppleTalk address gleaning is not supported by hardware AppleTalk route cache is not initialized
Debug:
#sh deb ARP: ARP packet debugging is on UDP: UDP packet debugging is on ATIP: AURP packets debugging is on AURP connection debugging is on
AT: Tunnel0: Open-Req sent UDP: sent src=1.0.0.2(387), dst=1.0.0.1(387) IP ARP: failed to create incomplete entry for IP address: 1.0.0.1
Work-around: Ping the other side of the tunnel (IP address). This will create the ARP entry and AURP will be fine after that. [CSCdi46070]

ISO CLNS

This is purely cosmetic in nature, and has no impact on CLNS routing functionality. [CSCdi47322]

Novell IPX, XNS, and Apollo Domain

If one uses the "ipx network x" and "ipx encapsulation y" form, that is two commands, and the first interface configured in for encapsulation novell-ether then the second interface will complain about encapsulation already in use.
This can be a problem if the subinterface was configured in the following manner in configuration editor:
interface ether 1.3 ipx encap sap ipx network 777
The system will accept this and this will function normally until the next system reload/power-off/on at which time the ipx network 777 will produce an error message and not be accepted. [CSCdi38803]
example: ipx sap 4 "Silly ServerName" 1.0000.0000.0001 453 3 currently is written to NVM as ipx sap 4 Silly ServerName 1.0000.0000.0001 453 3
upon system reload an error is generated for the static sap. [CSCdi45662]

Protocol Translation

TCP/IP Host-Mode Services

TN3270

Wide-Area Networking

Workaround: save off the new configuration and reboot. [CSCdi40580]
LEX interfaces should not be used with the CT1 card prior to this release. [CSCdi42843]
The workaround is to do a shut/no shut on the interface. [CSCdi45544]
Note that if a PVC was present at any point after boot, and then deleted, and the ARP server was declared, this will not crash. But if it is written to NVRAM, there will be a crash on boot. [CSCdi45733]
This patch re-enables those commands. [CSCdi45797]
The matrix is as follows:
NFS Data Voice International
SDN Yes Yes GSDN (Global SDN) MEGACOMM No Yes Yes ACCUNET Yes Yes Yes
Sample config:
isdn switch-type primary-4ess !
controller T1 1/0 framing esf linecode b8zs pri-group timeslots 1-24
interface Serial1/0:23 description This is the DMS D-chan 415-390-9503 ip address 6.1.1.3 255.255.255.0 encapsulation ppp no keepalive dialer map ip 6.1.1.1 name tommyjohn class sdnplan 14085770715 dialer map ip 6.1.1.2 name angus class megaplan 14085773775 dialer map ip 6.1.1.4 name angus class accuplan 14085773778 dialer-group 1 ppp authentication chap
map-class dialer sdnplan dialer outgoing sdn ! map-class dialer megaplan dialer voice-call dialer outgoing mega ! map-class dialer accuplan dialer outgoing accu ! [CSCdi46101]

11.0(3) Caveats/11.0(4) Modifications

This section describes possibly unexpected behavior by Release 11.0(3). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(3). For additional caveats applicable to Release 11.0(3), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(4).

AppleTalk

Workaround:
no appletalk route-cache on serial interfaces. [CSCdi40486]

Basic System Services

The fix involved moving the whitespace stripping to a common function that is called by both the source and destination filename read functions. [CSCdi17352]
% No address for remote. Check 'Peer Default IP Address a.b.c.d' % or configure IP pooling support.
will appear. [CSCdi42183]
A workaround is to reissue the "clock timezone" command. [CSCdi43033]

DECnet

EXEC and Configuration Parser

IBM Connectivity

The SNMP MIB object for the the CIP interface online/offline status (cipCardDtrBrdOnline) was indicating the opposite of the true CIP interface status. [CSCdi41938]
Problem introduced in 11.0(2.3) work-around is to use 11.0(2) or 11.0(2.2) [CSCdi42839]
bstun remote-peer-keepalive where n is the time period between keepalives in seconds
bstun keepalive-count where count is the number of keepalive periods to expire before declaring the TCP session down.
The keepalives can be viewed with debug bstun event
eg. BSTUN: Received Version Reply opcode from (all[2])172.16.12.2/1976 at 1360 BSTUN: Received Version Request opcode from (all[2])172.16.12.2/1976 at 1379 BSTUN: Received Version Reply opcode from (all[2])172.16.12.2/1976 at 1390 [CSCdi42960]
sna start dspu start sna rsrb start dspu rsrb start [CSCdi43278]
work around is to configure one atm vc per sub interface.
fixed in next release. [CSCdi43833]
A workaround is to configure the router for sdllc to start the timer. The sdllc configuration can then be removed and the timer will continue on the 5 second dispatch interval. [CSCdi43856]
The router will not recover this memory without reload. [CSCdi44393]
%SCHED-3-STUCKTMR: Sleep w/expired timer 5B9E98, time 0x8A38 (23:05:32 ago). -Process= "BSTUN Background", ipl= 6, pid= 25
when bstun keepalives are configured on.
Do not run with bstun keepalives with 11.1(1).
A problem with not using keepalives is that line outages across the tunnel will not be detected and reported.
This problem will be fixed in version after 11.1(1.0) . [CSCdi44604]
Work-around problem by loading TRIP10-2 microcode with 11.0(3.2) [CSCdi44617]
Work-around is to use an Enterprise image. [CSCdi44719]

Interfaces and Bridging

no workaround.
fixed in next release. [CSCdi44835]

IP Routing Protocols

ISO CLNS

LAT

Novell IPX, XNS, and Apollo Domain

ipx broadcast-fastswitching
when enabled will permit IPX directed broadcast packets to be fastswitched. (A directed broadcast is one with a network layer destination address of the form, net.ffff.ffff.ffff) This may be useful in certain broadcast-based applications that rely on helpering.
The default setting for this command is off. The default behavior is to always process-switch these packets.
Note that eligible directed broadcast packets are never autonomous switched, even if autonomous switching is enabled on the output interface. Also note that routing and service updates are always exempted from this treatment. [CSCdi37234]
The ipx internal-network command may appear in the configuration file for a short while after removing the ipx internal-network from the configuration. [CSCdi43211]

Protocol Translation

x29 profile default parameter:value [parameter:value]
Where "default" is the name of the default PAD profile script and the parameter:value is the X.3 PAD parameter number and value separated by a colon. [CSCdi14369]

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

1) show atm interface x/0 does not always display active VCCs correctly.
2) show atm vc and write term used to not show inactive PVCs. E.g. if a user configures a PVC that is in the inactive state, user will not see the PVC in either show atm vc, or write term This has caused confusions to some users.
We now change to let show atm vc and write term display any PVC, as long as long the PVC is still being configured and we add a field "Status" to the output of the show atm vc command to differentiate whether a PVC being displayed is an ACTIVE one or an INACTIVE one. [CSCdi31527]
The workaround is to do "no lane server-bus" followed by "lane server-bus ...." on the subinterface where the server-bus is running. [CSCdi42765]
This problem can be avoided if each PPP interface is configured correctly for a peer address, or for address pooling, or with pooling explicitly disabled.
The commands to configure pooling (local or dhcp) are site specific.
If a fixed peer address is acceptable, it can be set with:
name(config-if)#peer default ip address a.b.c.d
where a.b.c.d is the IP network address of the peer. Note that this command replaces the command:
name(config-if)#async default ip address a.b.c.d
for async interfaces, but applies to all PPP and SLIP interfaces including ISDN interfaces.
Pooling can be explicitly disabled on an interface with the command:
name(config-if)#no peer default ip address
This command will have no other effect and can be replaced later with an appropriate address pooling configuration. [CSCdi43677]
Workaround: Turn header compression off. [CSCdi43927]
The workaround is to repeat the "lane server-bus" command on each subinterface after doing the "no shut" on the main interface. [CSCdi44330]

11.0(2) Caveats/11.0(3) Modifications

This section describes possibly unexpected behavior by Release 11.0(2). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(2). For additional caveats applicable to Release 11.0(2), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(3).

AppleTalk

Net10 Net20 Creator ----- Router 1 ----- Member | | -- Router 2 --
Creator creates a group. Member joins group. There will be 2 forwarding paths since since Net10 is local to both routers.
Workaround is to avoid this topology if possible.
The correct behaviour is to only have one path even when the route is locally connected on the routers. [CSCdi39756]

Basic System Services

The only workaround is to delete the Loopback interface. [CSCdi41281]

EXEC and Configuration Parser

IBM Connectivity

The bridge number on the DSPU RSRB statement was originally hard-coded to a 1. Under certain conditions, other vendors routers will modify the RIF based on whether it contains a bridge number 1. [CSCdi38628]
Set the MTU size of the frame-relay interface to be greater than the largest-frame size of RSRB. [CSCdi38633]
Fair Queuing should be disabled on serial interfaces used by RSRB. [CSCdi39023]
The Bad p_enqueue message appears when RSRB local-ack discards packets during normal LLC2 protocol but does not discard the packet correctly.
The Bad p_enqueue message does not indicate a problem in the RSRB network but the side-effect of displaying this message multiple times may affect router performance. [CSCdi39706]
This problem is relatively harmless. It can waste some memory when in the normal (backup disabled) state since the data structures for the virtual ring are not getting cleaned up. [CSCdi40289]
A delay mechanism is to be introduced that will retry the frame relay link a configured number of times before switching over to the backup interface. [CSCdi40292]
The format of this unsolicited message is as follows: LS hostname RNR sent to host
This message does not indicate any problem and may occur during normal data transfer by DSPU. [CSCdi41646]
The work-around for this memory leak is to ensure the MAXDATA for both the upstream and downstream links are set at a maximum of 256 bytes.
If data lengths are 256 bytes or less, data frames will not require fragmentation by QLLC and memory leak should not occur. [CSCdi41663]
The SNANM and/or DSPU commands are accepted for configuration of a Frame-Relay primary interface. [CSCdi42171]
Work-around is to configure DLSw+ peers for TCP encapsulation. [CSCdi42462]

Interfaces and Bridging

%QUICC-3-BADENCAP: Unit 0, bad encapsulation in idb->enctype = 0x22
This is because the C1005 does not support the atm-dxi encapsulation, and it should not be configured on the serial interface. [CSCdi39433]
%SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=hex-value, count=number -Traceback= list-of-hex-values %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=hex-value, count=number -Traceback= list-of-hex-values
Weighted fair queueing cannot be "deconfigured" on serial lines in Release 11.0(1) software due to another problem, so transparent bridging should not be configured on HDLC, Frame Relay, or ATM serial interfaces. On non-serial interfaces, the same problem will occur if you explicitly configure weighted fair queueing. [CSCdi39516]
the work around is to configure the serial interfaces for hdlc or not forcing process level transparent bridging.
fixed in the next release. [CSCdi40560]

IP Routing Protocols

* 144.228.10.1, from 144.228.10.1, via Hssi1/0^AxT
There is no workaround to this problem. It is purely cosmetic in nature. [CSCdi41383]

ISO CLNS

Novell IPX, XNS, and Apollo Domain

The workaround is to disable NLSP on the interface. [CSCdi33185]
There is no workaround to this problem. [CSCdi38152]

Protocol Translation

The following configuration translates incoming PAD connections to multiple Telnet/TCP destinations offered by the IP hostname shadow.
ip host shadow 172.21.9.7 172.21.9.55 172.21.9.60 translate x25 31315555501 tcp shadow host-name
The Protocol Translator attempts to open the next destination if the first one fails. [CSCdi18102]

TCP/IP Host-Mode Services

VINES

Wide-Area Networking

For outgoing calls to be placed as a voice call:
dialer map ip 6.1.1.1 name test class foo 15551212
map-class dialer foo dialer voice-call
For incoming voice calls to be accepted. Currently BRI ignores voice calls and PRI rejects them:
int bri 0 isdn incoming-voice data [CSCdi36915]
There is no workaround. [CSCdi38974]
Workaround: make sure you have IP Addresses on all members of the LIS. [CSCdi40277]
The routers will now change the channels back to "in-service" with a Layer 3 Restart message, a shutdown of the interface as well as with the Service (in-service) message. [CSCdi40762]
- IPCP will cause a host route to be pointed at the D channel (subinterface 23 in the case of a Primary Rate Interface) - IPCP will override a statically defined host route of the calling party - IPCP will only install a single host route even if multiple users are connected - Host routes installed by IPCP will never be cleared
On an asynchronous (incl VTY) interface:
- BOOTP will fail - An IP address entered with a PPP command will be lost during IPCP negotiation
On a Point-to-Point interface (async, VTY, sync, ISDN, etc):
- IP Address Pooling will lose addresses - IPCP will not negotiate the correct IP address
On a VTY interface:
- 'default' is not a valid parameter to 'ppp' or 'slip' on the first command [CSCdi40958]
The DNS address(es) returned in the negotiation are the first (and second) addresses in the 'ip name-server' configuration command. If a DNS address is not available to be given to the client, then the option(s) is rejected. [CSCdi42205]
The workaround is to reboot the router after adding any necessary "micro" commands to the configuration. [CSCdi42371]

11.0(1) Caveats/11.0(2) Modifications

This section describes possibly unexpected behavior by Release 11.0(1). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(1). For additional caveats applicable to Release 11.0(1), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(2).

AppleTalk

Basic System Services

If accepted, the value is correctly interpreted, but will not be saved in the stored configuration. [CSCdi38970]

DECnet

The fix is for DECnet to recognize that this is a special situation which needs to be handled differently, and that the packet should be dropped instead of being returned to the sender of the connect initiate packet.
Once the circuit is established, one of the (numerous) retransmit connect initiate packets will establish the end-to-end session.
This fix is on the DECnet side; the relevant dialer fix appears in CSCdi37919. [CSCdi33368]

EXEC and Configuration Parser

IBM Connectivity

This situation can be detected by the occurrence of a CIP-generated message following the configuration command, such as the following:
%CIP3-3-MSG: %CONFIG-3-NODEVSPC: Error allocating storage for device block [CSCdi25909]
If the remote adapter is queried from the LNM station, the LNM adapter is closed, and no other operation can be performed. [CSCdi38368]
This feature is not supported and is being removed. [CSCdi39276]
1. A corrupt frame is generated on the FDDI when a explorer frame is bridged from the token ring. The resulting FDDI explorer frame has its 'MAC address length bit' set to indicate 2 byte addressing when, in fact, the frame has a 6 byte address. These frames are mis-read by other stations on the FDDI ring.
2. If source route bridging from token ring to FDDI is configured to use a ring group while remote source route bridging (RSRB) is also configured, the router will erroneously attempt to forward FDDI frames over RSRB links. Source route bridging from FDDI to token ring over RSRB is not supported.
3. If the router receives a FDDI frame with a duplicate ring number in the routing information field (i.e. a rif loop), it will erroneously forward the frame. The correct behavior is to drop frames that contain RIF loops. [CSCdi39293]

Interfaces and Bridging

fsip179-0 corrects the problem. [CSCdi30344]

IP Routing Protocols

Jul 27 15:09:54 harvard-gw 526: %SYS-3-CPUHOG: Task ran for 3520 msec (44/7), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 harvard-gw 527: -Traceback= 3E206 24318A 22F204 Jul 27 15:09:54 bbn3-gw 325: %SYS-3-CPUHOG: Task ran for 5964 msec (99/40), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 bbn3-gw 326: -Traceback= 3E206 24318A 22F204 [CSCdi38044]
Tunnel1 is up, line protocol is up Hardware is Tunnel Internet address is 10.0.0.1 255.0.0.0 MTU 1500 bytes, BW 4800 Kbit, DLY 500000 usec, rely 255/255, load 1/255 Encapsulation TUNNEL, loopback not set, keepalive set (10 sec) Tunnel source 171.69.232.7 (Ethernet0), destination 171.69.232.20 Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled Checksumming of packets disabled Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Output queue: 67/64/5 (size/threshold/drops) Conversations 2/2 (active/max active) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 67 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets, 0 restarts 0 output buffer failures, 0 output buffers swapped out [CSCdi39816]

ISO CLNS

null db: null ibn in clns, xs_sending process = clns input, ipl=0, pid=30 traceback = 0x28376, 0x24608C, 0x24652A [CSCdi34841]
This can happen in some unusual circumstances when running ISIS for IP only. [CSCdi37612]
However, if a network has a link which causes data corruption with correct data link checksums, this can cause a continuous cycle of purging and regenerating large numbers of LSPs, rendering the network nonfunctional.
There is no workaround to this problem. [CSCdi37692]
A possible workaround is to perform a "clear clns neighbors" command when this occurs. [CSCdi38310]
This problem does not happen after a reboot, because the interface is configured for ISIS before the ISIS process is set to be L2-only.
A workaround is to configure ISIS on the serial line, followed by the ISIS process. Another workaround is to perform all configuration, save the configuration to non-volatile memory, and restart the system. [CSCdi38585]

Novell IPX, XNS, and Apollo Domain

Protocol Translation

TCP/IP Host-Mode Services

TN3270

VINES

A redirect should to sent to a data link unicast address and a vines network broadcast address. [CSCdi38016]

Wide-Area Networking

The workaround is to use the lower value as the maximum. [CSCdi33266]
There is no workaround. [CSCdi35837]
show isdn history
It will display the call type (outgoing/incoming), called or calling party number and the duration of the call in seconds. [CSCdi36875]
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
%SYS-2-MALLOCFAIL: Memory allocation of 34 bytes failed from 0x748D8, pool Processor, alignment 0
No workaround. [CSCdi38087]
The misunderstanding is that such IP addresses will never appear in the ARP table, by design. PVCs using RFC 1577 inverse ARP will populate the ARP table, static maps will not. [CSCdi38804]
A problem could occur if the line goes down, the switch deletes the NSAP from the routing table, the switch sends the prefix. If the prefix is the same as before, then we did not attempt to reregister with the switch resulting in no calls sent to the router.
The workaround is to do remove then add the ESI address on the ATM interface. Or, remove then add the ilmi pvc on the interface. [CSCdi39215]
There is no workaround for this problem. [CSCdi39757]
There is no work-around for the problem. [CSCdi40023]
There is no workaround. [CSCdi40108]

11.0(17)BT Caveats

This section describes possibly unexpected behavior by Release 11.0(17)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(17)BT.

Basic System Services

IBM Connectivity

11.0(16)BT Caveats/11.0(17)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(16)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(16)BT. For additional caveats applicable to Release 11.0(16)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(17)BT.

TN3270 server lu idle timer wrapped around every 18.2 hours. [CSCdj41564]

11.0(15)BT Caveats/11.0(16)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(15)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(15)BT. For additional caveats applicable to Release 11.0(15)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(16)BT.

11.0(14)BT Caveats/11.0(15)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(14)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(14)BT. For additional caveats applicable to Release 11.0(14)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(15)BT.

IBM Connectivity

%CIP3-3-MSG: %MEMD-3-VCNREGISTER: Invalid VCN (65535)specified
Failing "Invalid VCN number" could be different than 65535 also.
Following message was also reported when SSP is being used:
%SYS-6-STACKLOW: Stack for process SSE Manager running low...
The failure continues until the route-processor is reloaded. There is no known workaround. [CSCdj07773]
The tn3270 server remembers the client IP addresses of active sessions, as well as terminated sessions.What Telstra are concerned about is the amount of output that is displayed as a result of a 'sh ext channel x/y tn3270 client-ip-address' command. This output can sometimes contain data for hunderds of sessions, some active and some terminated.
The enhancement that Telstra ITG are requesting, is the ability to display the status of tn3270 sessions based on the state of a IP address's sessions.
They would like an optional operand to be available at the end of the command which would allow client IP addresses to be queried based on session status. The desired session state such as (ACT/SESS, ACT/NA etc) could be entered into this operand so that only the sessions that were reflecting the requested status be displayed.
Example Current command
show extended channel x/y tn3270 client-ip-address
Example of desired command modification.
show extended channel x/y tn3270 client-ip-address
Status will be available status such as ACT/SESS or ACT/NA [CSCdj07826]

11.0(13)BT Caveats/11.0(14)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(13)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(13)BT. For additional caveats applicable to Release 11.0(13)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(14)BT.

11.0(12)BT Caveats/11.0(13)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(12)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(12)BT. For additional caveats applicable to Release 11.0(12)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(13)BT.

IBM Connectivity

This ddts ensures that tcp-port under tn3270 server won't accept the value of 0 or 65535 [CSCdi64150]
This only affects the show command and doesn't cause any other operational problem. [CSCdi65716]

11.0(11)BT Caveats/11.0(12)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(11)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(11)BT. For additional caveats applicable to Release 11.0(11)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(12)BT.

SNA alerts generated by the CIP TN3270 Server get corrupted and dropped by the IOS. Such behavior can prevent the alerts from being forwarded to the host.

11.0(10)BT Caveats/11.0(11)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(10)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(10)BT. For additional caveats applicable to Release 11.0(10)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(11)BT.

11.0(9)BT Caveats/11.0(10)BT Modifications

This section describes possibly unexpected behavior by Release 11.0(9)BT. Unless otherwise noted, these caveats apply to all 11.0 BT releases up to and including 11.0(9)BT. For additional caveats applicable to Release 11.0(9)BT, see the caveats sections for newer 11.0 BT releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(10)BT.

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.