Cisco IOS Software Release 11.1, 11.1AA and 11.1CA Caveats

11.1(17) Caveats

This section describes possibly unexpected behavior by Release 11.1(17). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(17).

AppleTalk

A router running ARAP may reload when an invalid packet is received. The workaround is to disable ARAP smart buffering by configuring arap nosmartbuffer on the lines. [CSCdi84322]
---------- Release-note -------------

: When using ARA ver 3.0 the cisco router allocates an Appletalk node address of 0 and ppp negotiation fails. [CSCdj77846]

Basic System Services

If connection accounting is enabled without also enabling exec accounting, the system unexpectedly reloads when a user attempts their second connection. [CSCdi42252]
On a Cisco 7000 series router, if you replace one interface processor (for example, a TRIP or an FSIP) with a different type of interface processor online, the show ip interface brief and show interface commands display information for both the old and new controllers. Rarely, this also results in the continual reinitialization of the newly inserted controller.

: The only known workaround is to completely unconfigure the old card before replacing it with the new card. Sometimes, it might even be necessary to issue a write erase command, reboot the router, and then redefine the existing interfaces to completely remove all configuration traces of the old card. Once the information that is displayed by the show commands is self-consistent, the newly inserted card behaves normally. [CSCdi49800]

The DHCP proxy client feature should send unicast Discover messages to the DHCP servers. [CSCdi52819]
If you issue a boot system command to boot a Cisco 7000 router image on a Cisco 7500, the router reboots forever, reporting a "bad file magic number" each time. [CSCdi52921]
If you see the message "%RSP-3-RESTART: interface Serial x/y, output stuck" on an RSP-based platform, you might have problems with the output interfaces. This problem can occur when bursty traffic is optimum-switched to an output interface on which either fair queue or transmit-buffers backing-store is enabled. A possible workaround is to disable optimum switching. [CSCdi56782]
There are legitimate cases where packets are counted placed within the custom/weighted-fair/priority queues in DRAM and yet have not been swapped out. In particular, packets that have been generated by the router itself, keepalives or route updates, are created in DRAM, and hence have no need to be swapped out. If the packet is copied to DRAM as part of the activity of creating a cache entry for one of the fast switching mechanisms, it is copied there at the input interface side, and is not charged with being swapped out to the outbound interface, since the outbound interface is not known at the time of swapping. As a result, it is possible for more packets to be shown in the show queueing output than are shown swapped out from the show interface output. This is not a problem. [CSCdi59949]
IOS web console feature includes a behavior which adds "/-" to URLs which did not contain them to force all URLs to use the web console HTML Form. Behavior is dropped in this fix to prevent unusual/unintended web console contexts (not harmful), and also to allow the display of URL command results without the web console HTML Form when desired. [CSCdi59969]
If an authorization method generates a ERROR and falls over to the next method, even though the authorization may eventually succeed, the error message "%Authorization failed" is still printed. [CSCdi60517]
DHCP proxy-client feature does not accept DHCP packets from the DHCP server with any DHCP option that has a length of 0. [CSCdi60953]
Cisco IOS Release 11.1(471) had a build error possibly caused by a mishap in the build execution. The follow-up build of Cisco IOS Release 11.1(472) resolved this issue. If you are now using Cisco IOS Release 11.1(471), do not reformat the boot Flash or PCMCIA Flash cards. You should upgrade to Cisco IOS Release 11.1(472) or later. [CSCdi61255]
The size of a write-protected 20Mb flash card is misreported in the output of show version as 16Mb. The size is reported correctly for flash cards that do not have the write-protect tab set to write-protect the card. [CSCdi61561]
The router might reload when trying to process the show accounting command. [CSCdi69364]
The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]
Encrypted Password bug (CSCdi75034) ------------------------------------ A bug occurs when the enable password is encrypted and is more than 11 chararacters long. When system flash is upgraded from and 11.0(8) rsp image to an 11.1(6) rsp image, and if the encrypted enable password is greater than 11 chars then the password is truncated to the first 11 chars of the original password.

: Central Issue ------------- In actuality, the encrypted password is not truncated in revision 11.1(6). In fact the encrypted password was actually truncated in rsp revision 11.0(8). Bug fix CSCdi13190 was made to correct the maximum lengths of encrypted passwords. Originally the maximum length of a non encrypted password was 25 characters while an ecrypted password was restricted to 11 characters. The parser would allow the user to enter more characters but would truncate them internally at the maximum length.
: What does this mean to customers upgrading from 110-8? ------------------------------------------------------ According to DDTS, the code for CSCdi13190 was checked into releases: 11.1(1.0.1) 11.1(1.0.3) 10.3(13.0.1)
: If a router is running a release without this fix and the enable password is "secretpassword" (14 characters) and password encryption is enabled. Internally that ecnrypted password is truncated to "secretpassw" (11 characters) and stored this way in the config file (NVRAM). Unfortunately, at this revision the user may not understand this truncation is going on.
: If the router is upgraded to a release containing bug fix CSCdi13190. When the user enters "secretpassword" as the enable password, the full 14 bytes are encrypted and compared against the config. Unfortunately the two will not match and the verification will fail with message similar to the following.
: "% Bad passwords"
: Only when the user explicitly enters only the first 11 characters of the password will the encrypted password match the encrypted password in NVRAM.
: What about downgrading? ----------------------- The situation can be even worse when downgrading from a revision containing fix CSCdi13190 to a revision without it.
: If the encrypted password is "secretpassword". The fully encrypted password is now in NVRAM. Then the rsp release is downgraded to the earlier revision.
: When the user enters the password they will have an issue. At this rev only a maximum of 11 characters can be encrypted, the rest is truncated and ignored. Therefore, it will be impossible for the user to ever match the 14 character encrypted password stored in NVRAM and they will not be able to log in. [CSCdi75034]

Tacacs+ Network accounting packets for SLIP session have some cosmetic issues, the most serious of which is that "protocol=ip" is missing (although this is certainly implied by the fact that it's SLIP!) [CSCdi78663]
Add the command 'show controller cbus utilization' to provide cybus utilization statistics for 7500 platforms. [CSCdi81082]
If an interface card is added by Online Insertion and Removal (OIR), a Cisco 7000 series router with an SSP, FIP, and AIP may fast switch some packets that were being silicon switched before the OIR. The symptom of the problem will be increased cpu utilization after the OIR. A workaround for the problem is to issue the "microcode reload" configuration command after the OIR. [CSCdj08762]
A problem was found when retreiving the atEntry.atPhysAddress against arp entries that were learned from an atm lane interface. An snmp get operation will fail with "noSuchName" despite the fact that an snmp getnext operation against the same object id will succeed. [CSCdj18075]
When a R4500 router is booted using 11.1(11) boot-flash with PRI-NPM, following error message come up.

: %SYS-3-SUPNONE: Registry 23 doesn't exist [CSCdj19276]

On all rsp-based platforms, the diagnostic printout which follows an %RSP-2-QAERROR message may contain the following misleading information:

: %QA-3-DIAG: Illegal buffer 0x0010 found on queue 0x38, element 1 %QA-3-DIAG: Queue 0x38 (480001C0) has 1 elements %QA-3-DIAG: At least one QA queue is broken
: These messages should be ignored. [CSCdj20298]

Customer is doing snmpwalk of mib-2 on 7513 running 11.1(8), and getting looping in at table.

: possibly introduced by CSCdi68943 (which added static arp entries into atTable). [CSCdj24582]

If a tunnel interface is configured with custom queuing, all outgoing traffic stops. The workaround is to take the custom queuing off the interface and reload the router. [CSCdj30690]
The exception address (e.g. parity error address) is not saved by the ROM monitor on some platforms (MIPS and 68360 based). [CSCdj32197]
If a loopback interface is configured then removed then re-installed it will not show up in the interface index until the router is reloaded. The only way to have the interface show up in the ifIndex is to reboot the router [CSCdj42687]
Customer entered:-

: no int atm x/x.x int atm x/x.x point-to-point
: results in error message:-
: % Warning: cannot change link type
: Workaround:
: int atm x/x.x point-to-point no int atm x/x.x int atm x/x.x point-to-point [CSCdj43221]

NTP slave takes a long time so synchronize after the server's clock is manually reset.

: Currently the work around (have the clock synchronize in a short time interval) is to deconfigure and reconfigure NTP in the slave system. [CSCdj51376]

ipRouteIfIndex returns illegal value of 0 [CSCdj52228]
Fastboot was successfully implemented for the AS-5200 platform; there is now a call for full support of this feature on other platforms. Fastboot can be invoked by turning on bit 4 of the configuration register; when fully functional, the router boots directly to the IOS by skipping the loading of a boot image. The chief advantage would be to conserve memory; however, on a 7000, three minor errors have been discovered. [CSCdj54935]
Packets might not be forward correctly and cause problems if fancy queueing (e.g. fair-queue) is enable along with compress service adaptor (CSA). [CSCdj64898]
When a copy flash slot0: command is issued to copy the file on the on board flash of an RP 7000 router to the flash card in the SAME RP, the command successfully copies the file in 11.0.17. In 11.1.15 and 11.2.9, an Lseek file flash:filename error (file not a direcotry) message is issued.

: This is a problem when copying from the flash to the slot of the SAME router. There is no problem copying the file on flash to a flash card on another router that is set up as a tftp server. [CSCdj65335]

When using autocommand telnet, in some situations when shutting down the TCP connection, the TCP session will hang on the router in the CLOSED state, making the async line unusable, until manually cleared with "clear line". [CSCdj71357]
snmp query for ifAlias fails to return anything for sub interfaces on 7000 type routers.

: rp-cisco75>sh ver Cisco Internetwork Operating System Software IOS (tm) GS Software (RSP-J-M), Version 11.1(11), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Mon 21-Apr-97 16:39 by dschwart Image text-base: 0x600108A0, data-base: 0x60766000
: ROM: System Bootstrap, Version 11.1(2) [nitin 2], RELEASE SOFTWARE (fc1) ROM: GS Software (RSP-BOOT-M), Version 11.1(472), RELEASE SOFTWARE (fc1)
: rp-cisco75 uptime is 9 weeks, 3 days, 27 minutes System restarted by reload System image file is "slot0:rsp-j-mz_111-11.bin", booted via slot0
: cisco RSP2 (R4600) processor with 32768K bytes of memory. R4700 processor, Implementation 33, Revision 1.0 Last reset from power-on G.703/E1 software, Version 1.0. SuperLAT software copyright 1990 by Meridian Technology Corp). Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. TN3270 Emulation software (copyright 1994 by TGV Inc). Chassis Interface. 1 EIP controller (6 Ethernet). 1 FSIP controller (8 Serial). 2 FEIP controllers (4 FastEthernet). 6 Ethernet/IEEE 802.3 interfaces. 4 FastEthernet/IEEE 802.3 interfaces. 8 Serial network interfaces. 123K bytes of non-volatile configuration memory. [CSCdj71661]

EXEC and Configuration Parser

"SETUP" mode for async does not support the new features available in version 11.0 of the IOS. [CSCdi45894]
The router crashes when you enter the no boot system flash command while in configuration mode. To keep the router from crashing, enter the complete filename in the command. [CSCdi70404]
The parser allows multiple dialer map snapshot statements per sequence number when configured as the client. Only the first dialer map will be used to dial out. [CSCdi82652]
Customer states order commands are inserted in config causes router to generate error messages to console when doing cut/paste or config net. [CSCdi86080]
The IOS contains invalid routing processes options in it's parser. The invalid options are: static, hello, conected, mobile and floating-static.

: There is no operational impact due to their presence and/or use. This is a cosmetic problem. [CSCdj18849]

The 'any' and 'host' keywords will not appear when using the access-template command with privilege levels less than 15. [CSCdj25093]
It is not possible on a cisco 7200 to configure a core dump with protocol ftp with c7200-dr-mz.111-14.5.bin. Workaround is to use rcp. [CSCdj53825]
For ATM subinterfaces specifying link-type will be a must i.e. there will be no default link-type as shown below:

: goldy(config)#int atm0.1 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link goldy(config)#int atm0.1 % Incomplete command.
: Previously multipoint type used to be the default for ATM sub-interfaces. [CSCdj68721]

When 'privilege configure level x ntp server' is configured, where x is privilege level other than default (15) following occurs: You are able to configure 'ntp server' from privilege level x. Once router is reloaded 'ntp server' can not be configured from privilege level x anymore. [CSCdj74729]

IBM Connectivity

NCP V7 requires the following PTF to be applied before non-activation XID3 processing can proceed.

: APAR Identifier ...... IR30678 Last Changed ........ 95/11/02 CPCP SESSION WON'T ACTIVATE AFTER TAKEOVER CONTACT.
: Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 4 Date Closed ......... 95/09/27 Component .......... 564806300 Duplicate of ........ Reported Release ......... 303 Fixed Release ............ 999 Component Name NCP V7 Special Notice Current Target Date ..95/11/13 Flags SCP ................... Platform ............
: Status Detail: APARCLOSURE - APAR is being closed.
: PE PTF List:
: PTF List: Release 303 : UR44944 available 95/10/23 (F510 ) Release 732 : UR44945 available 95/10/19 (9510 )
: Parent APAR: Child APAR list:
: ERROR DESCRIPTION: CPCP session won't activate after takeover contact. The logic in the code comparing the ACTPU requirements in the XID(NA) to the initial XID is bad causing the XID(NA) to be rejected with a CV22. LOCAL FIX:
: PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All SNA * **************************************************************** * PROBLEM DESCRIPTION: Session won't activate after takeover * * contact. XID(NA) is rejected with * * CV22. * **************************************************************** * RECOMMENDATION: Apply appropriate PTF. * **************************************************************** CPCP sessions won't activate after takeover contact. The logic in the code comparing the ACTPU requirements in the XID(NA) to the initial XID is bad causing the XID(NA) to be rejected with a CV22. The CV22 is as follows: 2203000900.
: PROBLEM CONCLUSION: The incorrect logic was caused by a compiler problem. To correct the problem, the CHKCV61 routine was moved from CXDXIDV to CXDDUM1.
: TEMPORARY FIX:
: COMMENTS:
: MODULES/MACROS: CXDDUM1 CXDXIDV SRLS: NONE
: RTN CODES:
: CIRCUMVENTION:
: MESSAGE TO SUBMITTER: [CSCdi31041]

When retrieving COS objects from the APPN MIB and there are Node or TG rows that have consecutive row numbers, the MIB will only return the first of the two. So if a COS has 8 rows defined, only rows 1,3,5 and 7 will be returned. This effects ibmappnCosNodeRow* and ibmappnCosTgRow* objects. [CSCdi40262]
When the user attempts to start a link station and sense code 08500001 (link activation limit reached for a port) is returned when the number of links is below the limit of the port, this bug may have been encountered. [CSCdi40760]
When configuring multiple DLUS (node default primary and backup DLUS and/or link default primary and backup) and DLUR attempts an activation to a DLUS other than the node default, the show appn dlus exec command may incorrectly display DLUS information. [CSCdi45125]
DLUR fails to account for Session Control (SC) RUs which include sense codes. The message is a warning that the code received an unexpected SC RU. [CSCdi45176]
XID3 sent by the Cisco APPN node indicates that we support SIM/RIM, when we really don't. It also indicates that we only support TWA (two way alternate), when we really support TWS (two way simultaneous), on all media except SDLC. [CSCdi47166]
When using APPN/DLUR on a Cisco 4500, a Cisco 4700, or on Cisco 7500 series routers, DLUR may accept only one downstream PU for dependent session activation at a time. [CSCdi47584]
Useing APPN/DLUR, dlur may reject or hang a session which specifies an RU size greater than 4096 bytes. [CSCdi47589]
When using APPN/DLUR, if a dependent session (non LU6.2) session is established with a maximum ru size specified in the bind which is larger than 4096 bytes, and and actual ru is received which is larger than 4096 bytes and must be segmented to fit on a link with a smaller btu than it arrived on, the session may terminate or pause indefinately. [CSCdi48050]
There is a problem when changing encapsulations on a serial interface after fras has been configured. The fras commands are not removed and the router will not let you remove the offending command until the encapsulation is changed back to sdlc.

: Workaround: Remove all fras commands before chaninging from sdlc encapsulation. [CSCdi48091]

When STUN is configured on an interface, tracebacks will result from an informational message about the change in mtu for that interface. No functionality is compromised, the interface mtu may be viewed w/ either 'show interface' or 'show controller cbus'. [CSCdi48777]
OID returned on an SNMP GetNext on ciscoDlswTConn objects is not incremented.

: This may cause the application on the management station issuing this command to go into an infinite loop. [CSCdi48891]

The router crashes when a management station issues an SNMP Get message for the DLSw MIB object ciscoDlswIfSapList. [CSCdi49400]
OID is returned on an SNMP GetNext message for the MIB object ciscoDlswIfRowStatus, and the MIB object ciscoDlswIfVirtualSegment is not incremented. This behavior may cause the application on the management station issuing this command to go into an infinite loop. [CSCdi49401]
The Cisco DLSw MIB returns an incorrect value for the MIB object ciscoDlswVersions, which is inconsistent with the Cisco DLSw MIB definition. [CSCdi49426]
The Cisco DLSw MIB returns an incorrect value for the MIB object ciscoDlswVendorID, which is inconsistent with the Cisco DLSw MIB definition. [CSCdi49430]
OID returned on an SNMP GetNext command for the MIB object ciscoDlswCircuit is not incremented. This problem may cause the application on the management station issuing this command to go into an infinite loop. [CSCdi49437]
The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]
User was not able to query CIP LLC stats for memd waits/drops from RP console or SNMP. [CSCdi57533]
Cisco 7000 series routers running RSRB fail to see responses to ARE frames that are transmitted on Token Ring interfaces. [CSCdi60824]
The "dspu enable-host sdlc " doesn't get cleaned up properly when the sdlc encapsulation is removed.

: A sample configuration would be: interface Serial0 encapsulation sdlc sdlc role secondary sdlc address C1 sdlc address C2 dspu enable-host sdlc C1 dspu enable-host sdlc C2 no shutdown
: All sdlc configuration commands would be removed by changing the encapsulation; i.e "no encapsulation sdlc":
: int serial 0 no encapsulation sdlc
: So the configuration would show:
: interface Serial0 no ip address no keepalive no fair-queue no cdp enable no shutdown
: If sdlc encapsulation is configured again then the previous "dspu enable" configuration commands re-appear:
: interface serial 0 encapsulation sdlc
: interface Serial0 no ip address encapsulation sdlc no keepalive dspu enable-host sdlc c1 dspu enable-host sdlc c2 no shutdown
: A work around for this problem would be to reload the router inorder to clean up properly. [CSCdi62105]

In a scenario where DSPU is configured to run over x25, attempting to ACTIVATE host-pu connection where the host's definition does not match any of the downstream PU definitions, the downstream router will cause a system reload after a few seconds. [CSCdi62899]
The TDU count kept by the APPN MIB, may not be correct. [CSCdi76866]
Issuing consecutive microcode reload commands on a router equipped with a CIP can cause the router to lock up if the microcode reload commands are issued back to back without an delay between them. [CSCdi87939]
There have been rare instances on Cisco AGS/MGS and 2500 series platforms where these routers can cause errors on the Token Ring interface that show up as FCS errors on a trace tool. Some end devices work and some do not. The errors are fixed in Cisco IOS Release 11.0(8) and later releases. [CSCdi92817]
It is necessary to code sdlc line-speed to the correct line speed for correct sdlc operation. If the default line speed of 0 is used, or the coded line speed is significantly different than the actual line speed, then SDLC may send a RR poll frame directly after an I frame with the poll bit set. The only known problem is that the sdlc t1 timer appears to be operating incorrectly. [CSCdj05987]
Enhancement request to the sh appn init and sh appn sess so enable the sessions associated with a particular Port/TGnumber combination to be displayed. [CSCdj12189]
SDLC CRC errors may occur on slow-speed ports on a Cisco 2523 router platform. These errors could be due to incompatibilites between a DCA SDLC adaptor and the Cirrus Chip on the Cisco 2523. A Select Communications Server acting as PU 2.1 is connected to the slow-speed port. The router is acting as DCE primary to the server and secondary DTE to the host. The CRC errors start to increase when the clockrate is greater than 32K. A workaround is to keep the clockrate less than or equal to 32K or move the device to a high-speed port. [CSCdj29086]
When running Cisco IOS 11.1.14 on a 7000, issuing the SH LNM STATION output varies from the output of SH LNM INT X/Y .

: The WORKAROUND is to do a SH LNM INT X/Y where X is the slot and Y is the interface. [CSCdj54171]

The range for the cipCardAdminMaxLlc2Sessions and cipCardOperMaxLlc2Sessions CISCO-CIPCSNA-MIB objects should be changed from (0..4000) to (0..6000) to reflect the max llc2 session limit in the IOS code.

: The description for the cipCardAdminMaxLlc2Sessions object does not match the behavior of the max llc2 session configuration parameter. [CSCdj72029]

Release-Note: Fras with sdlc role secondary may fail to process the snrm fromthe sdlc host if a cls error occurs with the fras feature. [CSCdj77883]
A router configured for APPN may crash due to a bus error at PC 0x8F946C (mds_mgr). The stack trace may not show the routines called prior to the crash. The router needs to be set up for a core dump in that case.

: There is currently no known workaround [CSCdj77893]

A router configured for APPN may crash due to a bus error at PC 0x902FA6 (asm_mainline). The stack trace may not show the routines called prior to the crash. In that case, the router needs to be set up for a core dump

: There is currently no known workaround [CSCdj77914]

Interfaces and Bridging

SNMP illegal address trap for Cisco 2507 is only reported once when there is more than one Hub port detecting an illegal address. In this case, only one Hub port will report an illegal address trap. [CSCdi46558]
Token Ring interfaces are put into the reset state after the interface reports ring beaconing, and the interface is not brought back into the ring. This problem occurs because when the interface changes state, it causes IGRP (or other routing protocol) to recompute the route and cause other problems. Error messages on the console indicate that the Token Ring interface is in the reset state. To bring the interface back online, the user should issue the clear interface or no shut command. [CSCdi48080]
show ip local pool [poolname] does not paginate if the length of the output exceeds a single screen. [CSCdi48996]
Issuing the ip-cache optimum command on an FDDI interface and then rebooting might add the no ip-cache optimum command to the configuration instead. [CSCdi50778]
Version 1.6 Revision C0 EIP cards might cause cache parity errors on all Cisco 7500 series and Cisco RSP7000 systems. The cache parity errors can cause system reloads. The hardware revision and version can be determined from the show diagbus command output. This problem is resolved in RSP EIP microcode version 20.2 and higher. The microcode has been changed to alleviate the hardware problem with the "f" transceivers. The board has been revised to 1.6 D0 to replace the "f" transceivers with the "fr" part. [CSCdi52082]
Under very rare circumstances, when using software flow control on the AUX port under heavy load, the line may end up in a hung 0 state. The output of a show line command indicates "Status: Ready, Connected, Active, Waiting for XON, Sent XOFF." If XOFF has been sent and the device is waiting for XON, issue a clear line command to recover. [CSCdi56432]
When the user types the command "show controller tokenring ..." the values of the following 10 'since last reboot' error counters may be less than the actual counts:

: Internal controller counts:
: line errors: 0/1309, internal errors: 0/0 ^^^^ ^ burst errors: 0/11224, ari/fci errors: 0/0 ^^^^^ ^ abort errors: 0/0, lost frame: 0/2 ^ ^ copy errors: 0/0, rcvr congestion: 0/0 ^ ^ token errors: 0/16575, frequency errors: 0/0 ^^^^^ ^ [CSCdi62392]

Bridged traffic is not currently payload-compressed when compression is enabled. This is due to problems caused in some instances by the combination of software bridging and payload compression. [CSCdi63268]
Under a sudden burst of moderate load, MIP controllers cycle, taking all attached interfaces down. This behavior is sporadic (that is, it does not usually occur), and the router recovers without any user intervention within a few minutes. [CSCdi65044]
A MultiChannel Interface Processor (MIP) card can cause frames to change formats from Super Frame (SF) to Extended Superframe Format (ESF) after a microcode reload operation. [CSCdi71556]
Certain types of source-route bridge explorers are process switched instead of fast-switched. [CSCdi72488]
A MultiChannel Interface Processor (MIP) card can cause interfaces output stuck if configure channel-groups in reverse order. Starting from 23 on T1 applique or 29 on E1 applique. After the configuration, the MIP stops working on other channels. However, those stucked channels will be automatically reseted by RSP driver output stuck assertion operation. [CSCdi74075]
On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]
LMI becomes unknown to remote DTE with 2 or more frame-relay sub-interfaces - configured with - apparently after traffic transported over the link (before traffic sent - all stable). All DLCI's under physical interface are subsequently deleted. [CSCdi81761]
On Cisco 7000 series routers with a Silicon Switch Processor and with IP or IPX silicon switching enabled, the available memory is reduced continuously. If you issue the show processor memory command several days in a row, you might observe that the silicon switching engine (SSE) manager is causing the memory reduction. In one case, issuing a configure network command caused the SSE manager to hold on to an additional 300 KB of memory. Under normal operation, the available memory would decrease slowly. [CSCdi86421]
Cannot ping/telnet to HSRP virtual address on FastEthernet that is multiprotocol running.

: I checked 'show smf'. When 16 MAC addresses is registered on FE, I cannot ping/telnet HSRP virtual address. But HSRP replies ARP request. If I delete or disable any protocol, and the number of MAC decrease less than 16 (i.e. 15 or fewer), HSRP works fine. [CSCdi92485]

Under unusual circumstances the cbus will restart. This seems to happen because there is a bit set that requires a response within 20ms. It appears that under high stressed conditions the cbus was unable to respond in time and a restart was caused. [CSCdi92811]
A Cisco 7500 series router might resign its active HSRP status when configured on an FEIP, if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]
overrun/drop may be seen on serial interfaces on a FSIP on 7500 series. showdown and no shutdown will not clear this condition, clear interface will neither.

: The workaround is to do a command that will cause 'cbus complex' restart, e.g. configure the mtu size to a different value (and then change it back to your proper configuration), e.g. -- assuming the mtu was default 1500
: interface s 1/0 mtu 8000 ! to cause a cbus complex restart mtu 1500 ! change back to the proper value [CSCdj03047]

Multiring IP/IPX is not functional on Cisco 7200 Fddi interface. There is no workaround. [CSCdj11924]
When using the X.25 encapsulation on a serial link, the parser still shows the command "compress stac" as being available. This is misleading since X.25 payload compression is enabled through the X.25 map statements. [CSCdj12373]
Enabling an FEIP card that is in shutdown state in a Cisco 7000 router with an RP/SP may cause the error "CBUS-3-INITERR with error (8021)," which causes the active interfaces on the router to go down and come back up. Keeping the FEIP in shutdown does not affect the operation of other active interfaces.

: This problem has been observed on a Cisco 7000 with RP and SP cards only.
: The problem is found to be caused by FEIP microcode feip10-6, and is now fixed with new FEIP microcodes. The new microcode can be downloaded from ftp-eng.cisco.com, under /ftp/shhwang, with feip10-7 for 7000 platform and rsp_feip20-6 for 75xx platform. To install them, follow these steps:
: 1. Download the microcode to the router's configuration file (either PCMCIA or onboard Flash module) by using the copy command.
: 2. Enter into configuration mode by issuing a configure command in enable mode.
: 3. Use the microcode feip flash flash-device feip10-7 command for the Cisco 7000.
: 4. Issue the microcode reload command to reload the FEIP with the new microcode. This command causes all IP cards to be reloaded.
: 5. Exit glogal configuration mode, and enter a write command to make the configuration permanent.
: For the 7500 platform, replace feip10-7 in step 3 with rsp_feip20-6. [CSCdj14743]

The config command no exec-banner should suppress both the two banners: exec banner motd banner on all the following interfaces CON, AUX, vty sessions, async lines

: However, this is not true when you reverse telnet to any of the async lines. In other words, if you config the async line to be no exec-banner
: then you reverse telnet to this async line, then you will see the MOTD banner in addition to the INCOMING banner. [CSCdj16789]

Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload. OR, change the T1 framing setting from sf to esf at both end (including Central Office and the C2524 router). [CSCdj22485]
show ip local pool poolname does not display usernames of non-interactive users (coming in via autoselect). [CSCdj27334]
Gratuitous ARPS should be generated for SLIP users. [CSCdj28084]
In C7000 and C7500 (RSP) platforms, changing some encapsulations can cause cbus complex restart. There is no workaround for this. [CSCdj29409]
If a copy flash running-config is done with a config that has ISL config, the IP address config of all the VLANs/ISL sub-interface will be lost. No other negative effect will occur. [CSCdj31031]
If there's a 'microcode reload' command in configuration, and if there's FIP in the box. The 7000 has problem while booting up. [CSCdj32533]
TTY lines on access servers may hang when control characters are sent in dumb terminal mode (no PPP or SLIP). A show line will show the TTY line in a ready state, but no response or prompt is seen from the access server when the activation-character is sent (default is a return). Doing a clear line # does allow for the line to recover and respond to the acitvation-character. [CSCdj46760]
Customer has had two receint outage which have the following characteristics.

: As can be seen via the sniffer traces from 11/17 and 11/24 there are several similarities between the two outages.
: 1. There was a sua change to pull fb99 from the ring. 2. Several purge frames. 3. Streaming of claim tokens from by b782for .95 seconds. 4. Streaming of Beacons by fb99 for approx. 16 sec. 5. DLS4 interface token 2 link state change.
: Differences: 11/24 had a second period of streaming claims from 3793 followed by steaming beacons from 3793. 11/24 had DLS6 interface token 2 link state change. 11/17 sniffer trace shows mac frames out of order in respect to the token ring archetechure manual. However, we cannot confirm this is a topology change.
: I would like to note that this appears to be a firmware fix identified in CSCdj22150 and CSCdi93243 which was integrated into release 11.1(13.3). This customer is running 11.1(14). I will be including as an enclosure a copy of the 11/17 11/24 NG sniffer traces along with another enclosure discribing our finding and problem locations. [CSCdj62402]

A packet loop may orrur between RP/SP7000's when using FIP cards and connected in the following configuration, while running IOS releas 11.1.12. No Work around is known.

: +-----------+ | | +---------+ +----+ |Campus FDDI+------7000 P01----------------| 360 | |392 | | | ring group xx x |0x168 | |x188| | | 0x501 |Token | | | |Ring 2730 | |Ring +----ACC----+ | |0xAAA | | | Bridbe | | | +----- 7000 P02----------------| | | | | | ring Group 1490 +---------+ +----+ +-----------+ 0x5D2 | | | To Fep [CSCdj64489]

Cisco 4500 router using channalize E-1 card running PPP encapsulation change encapsulation to HDLC after installing token ring module. The start up config is set up for PPP encapsulation, but the running config shows hdlc. [CSCdj67857]
Packet Buffer usage anomalies associated with the use of STAC compression with frame-relay encapsulation seen in prior version of code have been corrected. [CSCdj68336]
Configuring a bridge-group on a port-channel subinterface (fast etherchannel) with ISL encapsulation will prevent routing IP on any of the subinterfaces in that port-channel interface. This was observed in 11.1(15)CA.

: The workaround is to remove the bridge-group from the subinterface. [CSCdj69528]

On a ISL encapsulated interface, it is not possible to enter the ARP PROBE command to support the HP Probe protocol for IEEE-802.3 networks [CSCdj74635]
On 7200 with the I/O controller with MII only and other platforms (i.e., 4500 and 7500), the regular Fast Ethernet PA media config command is missing the RJ45 option; only the MII option is available. On 7500 platform, to configure for RJ45, use the "no media-type MII" option as a workaround. The workaround is not available for 4500 and 7200 platform. Because all images use RJ45 as the default media type for Fast Ethernet, they will not discard the original configurations that specify RJ45. [CSCdj75983]

IP Routing Protocols

A "spurious memory access" error message may occur during image boot on 7500 series routers. This error should not adversely affect the router's operation. [CSCdi42603]
Without periodic registers, the (S,G) state in the RP has to be kept alive by other means, such as (S,G) joins/prunes. [CSCdi59021]
Beta code may not correctly forward an RSVP message when RSVP is *not* configured [CSCdi61151]
Unequal messages seen on RSP platforms after a route flaps. There is no apparent functionality or performance impact. [CSCdi62271]
When one VC for a subinterface is being released, ATMSIG clears the entire IP cache associated with the global interface. This situation causes a large number of cache invalidations on active networks and affects performance. [CSCdi73935]
When using , only one entry in the route-map is deleted (the one with the lowest sequence number).

: The workaround is to issue the command once for every entry in the route-map. [CSCdi74893]

If a multicast mtrace request is received from the interface that toward the requested (source,group), the mtrace request is not dropped but forwarded back on the incoming interface. [CSCdi78092]
There is no prune sent toward the RP for (*,G) timeout. In the case that OIF is expired after the (*,G) entry, traffic will continue to flow down the shared tree for an extended period until each router along the path individually times out the entry. [CSCdi84784]
When policy routing is applied to use a next hop address on a ip unnumbered BRI interface the matched policy packet is not forwarded out the BRI interface. When the BRI interface is converted to a numbered interface the policy routing works as designed. [CSCdi88858]
The following error messages may appear when the IP PROBE PROXY command is configured on an FDDI interface

: Feb 7 14:40:06: %LINK-3-BADMACREG: Interface Fddi3/0, non-existent MACADDR registry for link 4 -Process= Probe Input, ipl= 0, pid= 20 -Traceback= 1BE42E 12D604 2AB400 2AAD68 2AAF2A [CSCdi93109]

(*,G) prunes should also schedule removal of interfaces from all (S,G) entries which match. Currently, only the (*,G) entry's olist is updated. The work around is to enter clear ip mroute for the specific group. [CSCdj05669]
The output of the debug ip routing command indicates that the route to 0.0.0.0 is removed and reinstalled into the routing table with the same metric. [CSCdj06220]
On an NBMA network OSPF tries to establish neighborships between routers that have ip ospf priority 0 and routers that have a non-zero priority and which are not elected DR/BDR. [CSCdj08518]
A router running 11.2(5.4) won't be able to normally trace to it's own ip address.

: The work around is to do an extended trace and source the packet from a different IP address on the router. [CSCdj13341]

In the PIM/DVMRP border router, (S,G) with null OIF is pruned even if it is still registering. [CSCdj14514]
The command "sh ip bgp neighbor x.x.x.x adv" does not include the originated default information. [CSCdj19834]
If a superset network configuration line exists under OSPF, it may be overwritten after a change in the router ID. Also, any interfaces covered by this line may not be included in the OSPF process.

: The workaround is to include the superset network line in the configuration file. [CSCdj24152]

route-map filtering of routing updates based upon community strings fails [CSCdj34779]
Redistributed RIP routes on AS border router get sent to eigrp neighbor. Neighbor receives them (in event log), but ignores them. [CSCdj37719]
Issueing the ip route-cache SSE command on a ISL interface will cause ip packet corruption.

: Reason:
: SSE switching is not supported on a ISL interface. The command should not be accepted on interface [CSCdj46836]

Under EIGRP, when the router clears a route using the host ip address, the router fails to bring back the route on that subnet into the routing table. The route, howeber, is still in the topology table but not in the routing table. [CSCdj52415]
7000 running 11.1.15 / 11.2.8 - cpu utilization stays at 87% due to the

: IP-RT Background process . [CSCdj54602]

eigrp may crash when receiving updates in a network which has a major topology change in conjunction with a large eigrp topology database. [CSCdj54728]
misconfigured eigrp with a network statement for a non directly connected ip address will auto-summarize the network if it is receiving subnets for the network from its neighbors. [CSCdj57578]
Symptom:

: The BGP MIB variable that indicates the Up/Down time for BGP peers (BgpPeerFsmEstablishedTime) is reset after several weeks. There is no change in the state of the neighbors.
: Conditions:
: This problem can be observed under normal operating conditions.
: Note that there is no impact to the state of the neighbors. [CSCdj60542]

The 'always' option is added to the 'remove-private-as' command to strip the private ASs from the as-path even though there is a mix of private and public ASs. [CSCdj62077]
When spt-thresholds are in use and the last-hop router switches back to the RP tree, the RP-bit on the (S,G)RP-bit Joins are being dropped (not sent) by the next router in the path to the RP. This is resulting in erroneous state being created along the RP-tree and data does not begin to flow down the RP-tree for several minutes. [CSCdj64114]
A router supporting FastEthernet that is configured with ISL encapsulation will place an entry in its ARP Table if a client in one VLAN is incorrectly configured with an IP address in the subnet assigned to another VLAN that is supported within that trunked interface. [CSCdj67271]
EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj68388]
This is a highly redundant network and this false metrics are forcing remote sites two perfer one path verses load balance over two paths.

: Routing protocol in EIGRP. Route 10.31.1.0 and 10.31.2.0 is learned via the next hop of serial 1. The next hop router is the originator of the routes. Therefor, the bandwidth used for metric calculation of 0.0.0.0 should be the bandwidth of serial 1. After analysis I have identified two non-conforming cases in this network. This is generic configuration information for both cases and routers.
: interface Serial0.176 point-to-point ip address 10.x.x.x 255.255.255.252 ip bandwidth-percent eigrp 10 90 bandwidth 30 frame-relay interface-dlci 367
: interface Serial1 ip address 10.y.y.y 255.255.255.252 bandwidth 192
: router eigrp 10 redistribute static network 10.0.0.0
: ip route 0.0.0.0 0.0.0.0 10.31.1.0 ip route 0.0.0.0 0.0.0.0 10.31.2.0
: CASE1: --S1 BW 192 ----- MOSTIXC4 -----s0.x BW 30-------- remote (only one default route with min. BW192) --S1 BW192 ------ MOSTT14 ------S0.x BW 30 ------
: The bandwidth in the 0.0.0.0 metric calculation is taken from serial 1. However, T14700 serial 1 bankdwidth is 192K and the bandwidth in the 0.0.0.0 calculation is 30. IXC4700 serial 1 bandwidth is 192 and bandwidth in the 0.0.0.0 calculation is 192. This does not allow for load balancing at the remote site.
: CASE2: --S1 BW 192 ----- IXC4700 -----s0.x BW 30-------- remote (only one default route with min. 192) --S1 BW192 -------T14700 ------S0.x BW 30 ------
: The bandwidth in the 0.0.0.0 metric calculation is taken from serial 1. However, T14700 serial 1 bankdwidth is 192K and the bandwidth in the 0.0.0.0 calculation is 30. MOSTT14 serial 1 bandwidth is 192 and bandwidth in the 0.0.0.0 calculation is 512K. Frame Relay subinterface have a Bandwith of 30. [CSCdj70556]

An IGMP v2 querier router which is running pim sparse-mode, fails to send IGMP v2 group specific query when a member of the group sends a leave message. This causes other remaining members on the LAN, not to send membership report until the next periodic, general query. These members may see a loss of data during this period.

: A possible work around is to use dense-mode PIM or reduce IGMP query interval by
: [no] ip igmp query-interval
: command. [CSCdj75782]

ISO CLNS

If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]
No ISIS route to reflector over fddi in the routing portion of CRB. [CSCdj55173]

LAT

4700 running 11.1 code will not sho lat services when a fastethernet is configured as a sub-interface.

: It works fine under the main interface...sho lat services will display the correct info. But no info. can be seen with sho lat services when sub- interface is configured. [CSCdj24853]

Protocol Translation

Translation to multiple addresses by using the hostname option in the translate command does not work with dns. The lookup is done just once when the translate command is added and not evertime a translation is done.

: Workaround is to use "autocommand telnet " in the translate command. [CSCdi92593]

TN3270

When using TN3270 under low memory conditions, the router can run out of DRAM memory. Reloading is the only way to recover. [CSCdi77852]
When using TN3270 keymaps, a keymap will not be selected based on a match of the local terminal-type name to the name in terminal type list of the keymap unless the keymap name is equal to the local terminal type.

: Workaround is to explicity select a keymap-type on the line (TTY) or make the keymap name equal to the terminal type name. [CSCdj35972]

VINES

The interface configuration command encapsulation encapsulation-type must precede vines static neighbor configuration. When the encapsulation type changes, new vines static neighbors compatible with the new encapsulation type must be added on that interface. [CSCdi50452]

Wide-Area Networking

PPP reliable mode does not operate correctly when configured on asynchronous network interfaces. [CSCdi33977]
Both the one-word connect feature and the EXEC connect command fail without printing any error indication. This problem occurs only in enterprise software images. [CSCdi41547]
When using a VIP controller in a Cisco 7000 series router with a Silicon Switch Processor (SSP), the SSP cannot access the second port adapter when the VIP is installed in slot 4. As a workaround, install the VIP in slots 0 through 3. [CSCdi41639]
A new command will be added to allow the CHAP Challenge name to be common across multiple boxes in a rotary group. The new command will be 'ppp chap hostname xyz'. [CSCdi44884]
The "no cdp enabled" command configured on async interfaces will disappear from the running-config when a SLIP connection to the async port is made. Saving the configuration at this moment will therefore remove the command from the startup-config. PPP connections do not exhibit this behaviour. [CSCdi45094]
The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]
In RSP systems that have a 4R interface on the RVIP, fast switching does not work and the RSP has errors. However, process switching still works. The workaround is to upgrade to Cisco IOS Release 11.1(5). [CSCdi51744]
The received packet/byte counts for interfaces on which a LANE BUS is running will be low - the counts do not include packets/bytes received by the BUS. The output packet/byte counts are correct. [CSCdi52914]
The interface configuration command ppp chap password password has been added. This command allows a router to respond to multiple unconfigured peers with a single common CHAP secret. [CSCdi54088]
On the AIP when trying to setup a VC, the AIP-3-AIPREJCMD error message may occasionally reject the setup. This was sometimes observed on the 7500. The setup will succeed at next attempt. [CSCdi54829]
[CSCdi55468]
The Viper makefile needs to have make production, modular, and oddballs added so it can be made with a make production.

: *****Note**** make production, modular, and oddballs was added to the svip makefile in California_branch with bug CSCdi52864 ************* [CSCdi55500]

Messages such as the following are printed to the console if data is received on a remotely switched permanent virtual circuit before the tunnel is established:

: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -Traceback= 107EA 1D190C 1EA92 342D2E 34188E 32F100 330378 3328F2 %X25-3-INTIMEQ: Interface Serial1, LCN 2 already in timer queue, new time 310620 -Process= "interrupt level", ipl= 4 -Traceback= 333396 330618 3328F2 332348 331E06 34FA74 6DE0C 1158F2 [CSCdi57343]

A delfault vip microcode vip21-5 needs to be added to the /micro directory so that any "v" image has a microcode to include. (ELC_branch only)

: The default microcode has been made vip21-4 so that it is one version less than is currently being built by the rvip makefile. This is so an engineer knows to build his/her own rvip image and include it if rvip testing needs to be done (one never should test on an old rev) [CSCdi57605]

The controller loopback mode causes our router not tx and rx all of layer 2 and layer 3 packets to and from CO/ISDN Switch. The loss of these packets causes that the remote end and local end active calls out of order.

: It looks like that it's an ISDN problem but actually it's a loopback command problem which doesn't tear down the isdn call before it enters the loopback mode. If we need to tear down isdn calls before the controller being loopback, c7000/c4000/as5200 related products may need to do the same thing to fix this problem. Currently, as far as I know, none of these platforms have teared down the isdn calls under the loopback mode either under controller loopback or serial interface loopback.
: The workaround for this is to clear all of isdn calls before the controller enters the loopback mode or after the controller exits the loopback mode. The command 'clear int s 0:23' or 'clear int s 1:23' will bring down all of active isdn calls under controller 0 or 1. [CSCdi57815]

ISDN PRI routers running primary-5ess switch type may not accept an incoming SETUP message if the Called Party Number IE has an "unknown" numbering plan. [CSCdi59816]
ip tcp header-compression is not compatible with ppp multilink but the config allows both commands to be configured for the same interface.

: A workaround is to remove either ip tcp header-compression or ppp multilink from tne interface configuration. [CSCdi60142]

The parser does not show the ppp quality command as an option. However, you can enter the ppp quality percentage command. [CSCdi61507]
PPP callback over ISDN using a PRI line sometimes fails when the originating call is received by the PRI on channel 31. The PRI router then terminates the call, initiates PPP callback, and returns the error messages "callback timer expired" and "no interface available." [CSCdi65216]
ISDN PRI routers running primary-5ess switch type may not accept an incoming SETUP message if the Called Party Number IE has an "unknown" numbering plan. [CSCdi65484]
When configuring PVCs on the AIP, you may observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

: %AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)
: %ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)
: The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

This problems occurs on a 4500/4000/7200's bri interface (routers with the Siemens Munich32 HDLC controller). After the router is reloaded, the bri interface's line protocol does not come up.

: The 'show interface bri x' command shows BRIx is up, line protocol is down. The work around is to do a clear interface bri x after the system comes up. The correct behavior would be for the system to come up with BRIx is up, line protocol is up(spoofing). [CSCdi68484]

When using encapsulation frame-relay or encapsul ation x25 on routers with Bri interfaces it is possible for the ISDN dialer to produce the following error message, "BRI0: Already 4 call(s) in progress on BRI0, dialing not allowed". This error is sometimes seen when changing encapsulations from PPP to Frame-relay. Also, when bringing up an ISDN connection and pinging a remote node which is not responding. The ping will timeout and could result in the error message above.

: The workaround is to reload the router to clear the dialer problem . The problem is not seen with PPP or HDLC encapsulations. [CSCdi69006]

There is currently no way to configure the Best effort IE in a map class definition. Based on the different other info, the system will or won't add the BE information element in the setup request.

: Specifically, UNI 3 specifies that the combination of traffic parameters allowed for best effort is: - Peak Cell Rate Forward CLP0+1 - Peak Cell Rate Backward CLP0+1
: The router always prefers to signal best effort, but can only do so if only these traffic parameters are requested in map-class. Therefore, if any statements other than:
: atm aal5mux atm broadcast atm layer2-protocol-id atm forward-peak-cell-rate-clp1 atm backward-peak-cell-rate-clp1
: are present in an atm map-class, best effort is not signalled. [CSCdi71934]

This problem only occurs for ip packets forwarded over 5in1 with stand-alone CSU/DSU with x25/x25-ietf encapsulation. The workaround is clear the interface or wait for the interface goes down before sending an ip packets. [CSCdi73354]
If the RADIUS server cannot be reached for PPP authentication, and the router is set to fallback to the local database, the authentication will always fail. [CSCdi76169]
When PPP or SLIP is started from the async interface command prompt, the configured peer IP address pool name is not used. Instead, the peer address will be retrieved from the pool named 'default'. [CSCdi83107]
The output of the show isdn status command numbers the ISDN B channels starting with 1, while in most other places they are numbered starting with 0. [CSCdi88953]
CiscoView fails to display VIP 2 cards on a Cisco 7500 due to errors in the router's MIB database. 7500 series router ifDescr MIB may report a nonexistent FastEthernet port adapter via SNMP if a VIP2 is installed with FastEthernet in one port adapter slot and the other slot is empty. [CSCdj01619]
High number of CRC errors seen between 4500 and LS1010 when using the Version 3 PLIM on the 4500 [CSCdj02665]
If you shut down the D-channels of an E1 PRI that is configured in a three-PRI rotary group and then reenable them, ISDN uses only the last 30 channels (all from one PRI) for outgoing calls, and the router no longer uses the rotary group correctly. The only workaround is to reload the router. [CSCdj03223]
CHAP authentication might fail when you configure the aaa authentication local-override command. [CSCdj08113]
Using the configure memory command might cause CRC errors on the ATM Interface Processor (AIP). A temporary workaround is to issue the clear interface atm command to stop the CRC errors. [CSCdj15813]
When issuing the buffers bri0:1 command on a Cisco 2503 running Cisco IOS Release 11.1(10), the error message "%Incomplete command" is received. [CSCdj16237]
The following message:

: %AIP-3-AIPREJCMD: ATM4/0/0 vip_1a_setup_vc command failed (error code 0x0008)
: is confusing. It appears on the ATM-Lite which is by default configured with atm vc-per-vp = 1024. Although the card supports 8 bits of vpi with 10 bits of vci, the card has only a matrix of 6144 vc*vp. We will be able to define vpi 10,24,48,176,254 but when defining a vc on another vpi, the system will refuse with message show above.
: The work-around is to either - change atm vc-per-vp to a smaller value to be able to define 6144/vc-per-vp differnt vpi. - define vc on the same vpi as the one already used. [CSCdj22781]

In a LANE environment the ATM module on the Cisco routers does not report the correct traffic count on the 'show int'. This problem has been identified and will be fixed in a future release of software. [CSCdj28364]
This DDTS adds the following hardware registers to the crash context for VIP that is displayed in sho diag:

: 1) Nevada Error Interrupt Register 2) CYASIC Error register 3) CYASIC Other Intrpt register 4) CYASIC CYBUS Error register 5) CYASIC PKT Bus Error register 6) PMA error register [CSCdj34783]

MOP remote console connections dont work with ppp encapsulation. [CSCdj35758]
If an asynchronous interface is configured with encapsulation slip (the default), and if it is currently up and running with encapsulation ppp, then the configuration command "encapsulation ppp" will not be saved in the running or nonvolatile configuration. [CSCdj38128]
The input queue on a PA-4T serial port in a Cisco 7206 fills up and eventually wedges. [CSCdj39851]
A serial interface on a Cisco 4000 series router may wedge under certain conditions. This condition is indicated by an input-queue with a figure like 76/75. A workaround is to increase the input-queue size. [CSCdj44136]
The reported bug surfaced when frame relay config commands were entered. On 3 out 5 interfaces, the command syntax no arp frame-relay was written into the config. 11.1.13A Desktop. [CSCdj51033]
IOS support of rfc1315 frame relay mib does not include listing subinterfaces associated with dlci. As a result, any particular dlci will be referenced by the ifIndex of a main interface, rather than the subinterface the particular dlci is associated with. [CSCdj51386]
Under rare circumstances, V.120 ISDN calls into a router will pause for a few seconds (or until a keypress) when carrying a large traffic stream. [CSCdj51657]
The command "isdn caller" does not work together with dialer rotary-group. Moreover, the router accepts all incoming calls when isdn caller is defined. The workaround is to use dialer profiles. [CSCdj56668]
A router can seldom crash with an assiociated message like this:

: LIF_Fatal called from CCPRI 0x600B578C, func =3D CCPRI_Mail, string Couldn't send a package to the HOST: 6 ExecExit called from 0x6008BC0C %SYS-6-STACKLOW: Stack for process ISDN running low, 0/6000(GDB)
: Stack contains : process_run_degraded_or_crash
: Many ISDN line with heavy utilization seems to be associated to the crash.
: NO workaround available up to now. [CSCdj73619]

LANE does not filter multicast packets (like ethernet hardware). As a result, some multicast packets may get to process level and get duplicated. To prevent the router from doing this, configure bridging on the interface. If the protocol is routed and if bridging is configured on the Lane Client configured interface, the multicast packets will get dropped. [CSCdj74418]

11.1(16) Caveats/11.1(17) Modifications

This section describes possibly unexpected behavior by Release 11.1(16). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(16). For additional caveats applicable to Release 11.1(16), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(17).

Basic System Services

The bank number always starts from one in each partition. It should be accumulative and not be relative to each partition. The other incorrect information can't be observed if running from flash. It seems that those information were got when running from network. There is no workaround of the inaccurate bank number. [CSCdj25541]
The general problem is the 7500 may not correctly allocate the right number of a packet memory (memd) buffers to some network interfaces. The problem requires a large number of interfaces whose collective bandwidth is high, but their MTU is smaller than another buffer pool.

: For example, a problem was found with a 7500 using a large number of fast ethernet and/or ethernet interfaces and one or more FDDI interfaces. The pool of packet memory should have allocated 80% of the memory to the ethernet and fast ethernet interfaces which use an MTU of 1536. The error is it got 20% of the memory, and the lone FDDI interface with MTU 4512 got 80% of packet memory.
: The problem occurred with 55 Ethernet, 6 FastEthernet and 1 FDDI network interface. The problem did not occur with fewer interfaces, specifically 36 Ethernet, 5 FastEthernet and 1 FDDI interface.
: The problem may show up a high number of input drops on some router interfaces. [CSCdj55428]

IBM Connectivity

A router may restart unexpectedly with SegV exception, PC 0x0, when the router is configured for DLSw. [CSCdj16559]
A dropped frame-relay link can cause the QLLC to not reactivate. Work-around is to reset the routers. [CSCdj38370]
When running proxy explorer & netbios name caching on a token ring interface of a c7200, alignment errors will occur. [CSCdj52522]
When an actpu is followed by a dactpu from VTAM and there has been no response from the downstream device to either flow, after a disconnect is received from the downstream device, DLUR will send a -rsp(actpu) upstream instead if the proper flow, a +rsp(dactpu). This can cause the PU from the DLUS perspective to hang in PDACP state. [CSCdj61872]
It is rare, but possible, for DLUS to send a -rsp(REQDACTPU). When this happens it indicates that VTAM has already cleaned up the PU in question. When receiving this response, DLUR must clean up the PU it avoid the PU from being stuck in 'stopping' state. [CSCdj61879]
When using APPN/DLUR with a large number of LUs (over 1000), a memory spike can occur during the processing of a downstream PU outage. In extream cases, this memory spike can be large enough to exhaust memory in the APPN/DLUR router, which can cause a reload. [CSCdj61908]
If an RSRB session is disconnected by the local LAN side at exactly the same time as a data message is received from a remote host, a situation can occur which will lead to a crash in llc_get_oqueue_status().

: There is no workaround. [CSCdj62026]

Session attempts fail with DLUR generating a sense 08060000 in a rare case where the LU name list gets corrupted. This problem is easily identified by the VTAM LU showing "active" state, while the show appn dlur-lu name display does not show the lu. [CSCdj62172]
When source route translational bridging is used, llc sessions which are initiated from the transparent domain will result in the source route largest frame to be incorrectly set to 4472 instead of 1500. The result is that SNA and Netbios sessions may fail if the source route station sends a frame with a payload which exceeds the maximum allowable size of 1500 for ethernet media.

: The problem typically occurs when Netbios is utilized to allow workstations to communicate between ethernet and token ring. It will also occur when SNA is used.
: The workaround is to disable fast-switching by using the command no source-bridge transparent fastswitch or configure the end stations to use frames with a payload of less than or equal to 1500 bytes. [CSCdj62385]

DLUR pipe seesions goes on cpsvrmg mode. This mode supports only two sessions. Under some condition, before DLUS cleans up its dlur pipe seesion, it may get request for another session from same DLUR. This time DLUS send +RSP(BIND) followed by UNBIND request. This may cause race condtion in dlur subsystem and causes DLUR FSM in hung state. [CSCdj67223]
APPN/DLUR: In the rare case due to a protocol violation caused by another node (sending data on a lfsid that is not in use), a reload can occur in the Cisco APPN/DLUR router due to trying to look up the unallocated lfsid. [CSCdj67431]
Any dlur installation with over 800-1000 downstream PUs can may experience a reload with the following backtrace:

: [abort(0x601f2c3c)+0x8] [crashdump(0x601f0b20)+0x94] [process_handle_watchdog(0x601c2f08)+0xb4] [signal_receive(0x601b7d58)+0xa8] [process_forced_here(0x60169424)+0x68] [locate_node_index(0x607dbcc0)+0x64] [etext(0x60849e00)+0xcbee04] [CSCdj67966]

APPN router may reload in rare situations with the following backtrace:

: RA: 0x607E1724[find_matching_row(0x607e16ec)+0x38] RA: 0x607E1B9C[Tfind_next(0x607e1b70)+0x2c] RA: 0x6071182C[DBfind_next_directory_entry(0x60711814)+0x18] RA: 0x6070BAD8[CPdelete_men(0x6070ba90)+0x48] RA: 0x6070BA78[CPupdate_cp_status(0x6070b9c0)+0xb8] RA: 0x6070B40C[CPmain(0x6070b300)+0x10c] RA: 0x6070AC2C[newdss00(0x6070ab60)+0xcc] RA: 0x60183F80[r4k_process_dispatch(0x60183f6c)+0x14] [CSCdj70817]

APPN leaks memory when directory services processing unknown locate replies. [CSCdj70886]

Interfaces and Bridging

When adding or removing a sub-interface to a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. Two problems are associated with this caveat:

: The whole interface will be reset when a user tries to add the ip address command. Caveat CSCdj02488 (integrated into 11.1(11) and 11.2(5.1)) fixed this problem.
: A workaround for the other problem is to turn off CDP globally ("no cdp run") BEFORE adding/removing new/old sub-interfaces and turn cdp back on AFTER that. [CSCdj07291]

Under certain conditions packets may stay on the input queue.

: The condition which caused packets to stay on the input queue has been removed. [CSCdj30087]

A Cisco 2520 low-speed port may sometimes ignore group polls. This problem occurs on average once per minute and appears to occur only when the router is configured for half duplex and is using a DTE cable.

: This problem has minimal impact on the performance of the customer's multidrop line because a FEP usually resorts to individual polling. [CSCdj33392]

The ethernet interface on the AS5200, 4x00 and 2500 platforms log BADCABLE messages with the console periodically when the interface is under load. [CSCdj35951]
When transparent bridging to a tokenring interface it is possible for the interface to read in a frame it has forwarded onto the tokenring interface. This will cause the bridge table to be incorrect.

: The problem only affects the mid-range and low-end platforms. [CSCdj41666]

cisco has identified an issue with 4700 with Fast ethernet interface may freeze for a few seconds with Receive FIFO overflow messages.

: Pending further investigation. [CSCdj45097]

The Fastethernet might hang when process switching 1518 bytes frames. The workaround for this problem is to configure the following buffer allocation commands,

: buffers big min-free 5 buffers large max-free 10 buffers huge max-free 4 [CSCdj50120]

A 2500 router configured for source route bridging on a token ring interface may crash on bootup or during a 'no shutdown' on the token ring interface. This can only occur if the source-bridge is configured with the wrong number (a ring number mismatch with other devices already on the ring). Once the interface is properly configured and brought up, this problem cannot occur. [CSCdj68265]

IP Routing Protocols

When the fragments arrives at the destination out-of-order, router may fails to reassemble the packet. Typical example is when it has several lays of fragmentations along the path and fragments arrives at the tunnlel destination out-of-order because small fragments got fast-switched and large fragments got process switched(since it needs to be fragment again in process level). [CSCdj03076]
If OSPF external routes are summarized using the summary-address command, and the number of external routes being covered by this summary address drops to zero, the external summary will be flushed, but the router originating the summary will not install any matching external or nssa routes that may be present in its database.

: The router can be forced to install the matching route by using the clear ip route * command. [CSCdj32471]

If a tunnel built on top of a dialer interface, turn on multicast fastswitch will crash the router. The work around is to configure 'no ip mroute-cache' on the tunnel interface. [CSCdj44432]
*** Release Notes ***

: The Proteon router's Internal Address is advertised as a Host Route not a network in the router's LSA. A Host Route is represented as a Type 3 link ( Stub Network ) whose link ID is the host's IP address and whose Link Data is the mask of all ones ( 0xffffffff ). This Host Route is advertise into all OSPF Areas.
: The interoperatbility issue with the Cisco routers is that we will install the latest 'learnt' route to the Proteon's Internal address - this may not be the Shortest Path. See descriptions enclosures for a full explanation. [CSCdj56079]

With EIGRP routing configured, redistribution of of the following type of routes into the EIGRP process will not work correctly:

: A directly connected route A static route with the next hop set to an interface A static route with the next hop set to a dynamically learned route
: The nature of the defect is that it will only occur after a dynamic event. If redistribution is manually configured, EIGRP will initially reflect correct information in the topology table, however after any sort of dynamic event the topology table becomes invalid and routing updates sent are inaccurate. [CSCdj58676]

Customer moved the IP multicast tunnels (DVMRP, GRE) from a serial interface to an ATM interface on an 4700. The packets are now process switched instead of fast switched, which causes a lot of CPU (IP INPUT).

: When we use the serial interface for incoming packets and the ATM for outgoing there's no problem. Incoming on ATM, outgoing on serial also has this problem.
: We used several IOS versions, always the same effect. In the config I tried ATM subinterfaces, ATM map-list, aal5mux and aal5snap.
: It seems that incoming (IP multicast?) packets are not fast switched.
: sh atm int atm0: 3869452 input, 2950238 output, 0 IN fast, 1097846 OUT fast [CSCdj59076]

Dynamic redistribution into EIGRP from another routing protocol fails if the routes being redistributed fall within the same major network as EIGRP. A temporary workaround is to remove the redistribution statement from the EIGRP configuration, then re-insert the redistribution statement. [CSCdj65737]

Novell IPX, XNS, and Apollo Domain

If the command no ipx default-route is configured, the interface command [no] ipx down is ignore and non functional.

: Workaround is to enable processing of the default route. [CSCdj63007]

TCP/IP Host-Mode Services

Summary

: Somebody has released a program, known as land.c, which⁺ can be used to launch denial of service attacks against various TCP implementations. The program sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination.
: For in-depth information including workarounds and information on other Cisco product vulnerabilities, please see:
: http://www.cisco.com/warp/customer/770/land-pub.shtml [CSCdj61324]

Wide-Area Networking

When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface may bounce once or continually bounce during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

: During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]

A router is configured "isdn switch-type ntt" and "dialer hold-queue" occurs memory leak when failed to call to remote routers. [CSCdj21281]
When running 11.1.11 on a 4700 you may run into possible memory corruption which will cause the router to reload. [CSCdj24418]
The SSCOP layer sequence number wraparound conditions leads to memory leaks and memory fragmentation problems. The problem occurs when the the sscop's send sequence number reaches a maximum value of 16777215. The switch needs to be reset to continue normal functionality. [CSCdj45157]
When the commands ip tcp header-compression and ppp multilink are configured together on the same interface, it can cause the router to crash.

: The workaround is to remove the ip tcp header-compression or ppp multilink command. [CSCdj53093]

RSP crashes at rsp_fs_free_memd_pack may be caused by down rev AIP microcode in the router that is crashing or in routers that are "feeding" this router in the same network. [CSCdj59745]

11.1(15) Caveats/11.1(16) Modifications

This section describes possibly unexpected behavior by Release 11.1(15). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(15). For additional caveats applicable to Release 11.1(15), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(16).

Basic System Services

A timing conflict between the HTTP server and tacacs+ code can cause the HTTP process to hang when configured to use tacacs+ for authentication. Since the HTTP server uses a tty to handle I/O for the request, these hung processes can tie up all available tty's. [CSCdi84657]
If a 'map list' is configured; the 'show running' command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]
When custom or priority queueing is turned off on an interface that does not support fair queueing, the queueing data structures associated with the interface are left in an incosistent state.

: In particular the enqueue and the dequeue routines are not reset and this causes the box to crash, the moment the routines are invoked next time. However, once the box is rebooted the inconsistency is cleared. [CSCdj29439]

The following warning message is likely to occur on low-end machines: "get_man_dev:Warning! Device is not formatted. Invalid DIB." If the bootflash is correctly formatted with the flash filesystem the warning should never appear. If the bootflash is formated but not with the flash filesystem, the warning will appear and may be ignored. In both cases the image will boot. [CSCdj36699]
This is a generic problem found in 11.1, 11.2 and 11.3 (the fix has been patched to all three trains as of 11/10/97) [CSCdj49461]
The input queue may be wedged with ip packets if the exception dump command is configured.

: The Known workarounds are: 1)Increase the input queue to 175 ([75]Original Queue amount+[100] per exception dump x.x.x.x cmd) 2)Remove exception dump x.x.x.x command [CSCdj58035]

EXEC and Configuration Parser

Entering the privilege route-map level x set as-path prepend x command in configure mode may cause the router to reload, even though the number after prepend is not necessary. The workaround is to not enter a number after prepend. [CSCdj37035]

IBM Connectivity

Running either CMPC or TN3270 and CSNA on the CIP can cause the Router Process (RP or RSP) to mistakenly think that the CIP virtual interface, /2, is stuck or hung. The result of this is that the RP/RSP will either reset the CIP virtual interface or reset the Cbus complex. Resetting the CIP virtual interface will cause all sessions using the virtual interface (CSNA/LLC2, TN3270) to fail. Resetting the Cbus complex will cause all sessions (CSNA/LLC2, TN3270 or OFFLOAD/TCPIP) on all every CIP in the router to fail. [CSCdi82710]
The following error message and traceback can be generated if lnm rps is enabled on the tokenring interface for a 75xx router running 11.1.9, turning off this function will eliminate the error message and traceback. [CSCdj10473]
A small window exists in which it is possible after a transmission group reinitialization that only one CP-CP session is established between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. Once this occurs, the CP-CP contention winner session will only activate if the APPN subsystem is stopped and started.

: There is no known workaround. [CSCdj25859]

The APPN router may crash during an snmp access to the appn mib. This problem only occurs after an unused appn node is garbage collected. The crash has the following backtrace.

: System was restarted by bus error at PC 0x8B5902, address 0x4AFC4AFC PC: process_snmp_trs_tg_inc
: 0x8B5CAC:_process_ms_data_req_trs(0x8b5aaa)+0x202 0x87E5FE:_xxxtos00(0x87d6b0)+0xf4e 0x180E5C:_process_hari_kari(0x180e5c)+0x0 [CSCdj36824]

On RSP-based routers the pseudo MAC address assigned to a bridge port on a source route bridge virtual ring group is incorrectly formatted to ethernet format during IOS start up. This MAC address is used to establish a bridge link from IBM Lan Network Manager and can be shown by using the "show lnm config" exec command. [CSCdj38360]
DLSw FST may corrupt frame header if the riflen is different on both sides. [CSCdj40582]
The APPN router may crash with a bus error if a race condition is hit during cleanup processing. The stacktrace shows the crash occurred in Qfind_front while executing a psp00 function. The stacktrace for this particular crash is shown below.

: System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]

In recent versions in 11.0 could see problems when appn cp/cp session are split across multiple tgs. Workaround is to force cp/cp session to use a single tg. [CSCdj46413]
When RSRB with TCP encapsulation is configured with priority peers and some of the priority peers are closed/dead, an explorer packet may continuously try to open the closed/dead priority peer. After several tries, the router may crash with memory corruption. [CSCdj47493]
Router will not pass SRB directed frames if the SRB proxy-explorer feature is configured. SRB proxy-explorer is used with NetBios name caching. [CSCdj47797]
Some 68K-based routers (7000, 4000, 2500) running APPN may crash with the following stacktrace. This memory corruption may occur after a rare combination of appn detail displays, following by a "show appn stat" display.

: PC 0x1EA33A[_crashdump(0x1ea2b8)+0x82] FP: 0xA6D9F0[_etext(0x8f2d38)+0x17acb8], RA: 0x1660DE[_validate_sum(0x16602a)+0xb4] FP: 0xA6DA14[_etext(0x8f2d38)+0x17acdc], RA: 0x141154[_checkheaps_process(0x1410b2)+0xa2] FP: 0xA6DA30[_etext(0x8f2d38)+0x17acf8], RA: 0x180FB8[_process_hari_kari(0x180fb8)+0x0] [CSCdj47941]

An APPN router may fail the ACT_ROUTE if using parallel TGs. This problem may occur when an APPN router has two parallel links defined with the adjacent node. If the adjacent node activated a link to the network node (NN) requesting a TG number that had previously been used for a different defined link activation, the NN may fail the ACTIVATE_ROUTE. The APPN router sometimes tried to incorrectly activate the route using the other inactive link which still had the same TG number. [CSCdj49814]
Executing a show source command may cause the router to restart unexpectedly if a virtual ring group or remote peer is deconfigured when the source source bridge command output is waiting at the -- more -- prompt.

: The workaround is do not reconfigure virtual rings or remote peers while executing a show source command. [CSCdj49973]

Normal non-extended unbind (0x3201) was extended with corrupted information which caused rejection by the host. As far as the host is concerned, the session is still active. User can not cleanup this session without bringing down the link. [CSCdj50581]
Under certain circumstances, APPN may crash with the following stack trace.

: > System was restarted by bus error at PC 0x6C75DC[_Mfree(0x6c75b6)+0x26], address 0xFFFFFFF8[_etext(0x73ab50)+0xff8c54a8] > Image text-base: 0x00012000[__start(0x12000)+0x0], data-base: 0x0073AB50[__etext(0x73ab50)+0x0] > FP: 0x872C74[_etext(0x73ab50)+0x138124], RA: 0x6588BC[_session_failure_clean_up(0x658502)+0x3ba] > FP: 0x872EB8[_etext(0x73ab50)+0x138368], RA: 0x65C6E6[_process_cp_status_sig(0x65c2da)+0x40c] > FP: 0x8730F0[_etext(0x73ab50)+0x1385a0], RA: 0x64D820[_xxxmss00(0x64d64e)+0x1d2] > FP: 0x873210[_etext(0x73ab50)+0x1386c0], RA: 0xB720C[_process_hari_kari(0xb720c)+0x0] [CSCdj51051]

Interfaces and Bridging

In certain cases the router decides to bring layer 1 down without any apparent reason. Hereafter, a new TEI is negotiated with the switch. The latter still keeps all call references belonging to the previous TEI, since no DISCONNECT was seen on L3. [CSCdj11840]
FastEthernet port on a 4500 running a half duplex does not count collisions or defers. 0 collisions and 0 defers are reported for 500091725 packets output. The NP-1FE is connected to a 3COM 100-Base-FX hub. IOS is 11.1.11. [CSCdj34846]
The receiver would hang and there is no workaround. [CSCdj44144]
A bug in the fddi driver is hogging the CPU for up to 1.5 seconds, while waiting for the ucode to bring up CMT. [CSCdj47916]
The PA-4R may incorrectly adjust the datagram size of an incoming packet to include extra padding at the end of the packet. This problem only occurs under moderate/heavy traffic load where multiple PA-4R interfaces are consuming many particle buffers. The problem also only occurs on packets with a packet length that is a multiple of 512 bytes, 513 bytes, 514 bytes or 515 bytes. On Cisco 7xxx family VIP PA-4R systems any type of packet may be subject to this corruption. On Cisco 720x family systems with PA-4R, only source route bridging packets are subject to this corruption. The only workaround is to reduce the token ring interface's MTU to 508 bytes or less. [CSCdj48183]
With two fastethernet subinterfaces configured for VLAN 1, if one of the subinterfaces is removed, the remaining one's VLAN # changes in the configuration. [CSCdj49470]
In Cisco 7500 series routers, sh dialer is not working. The workaround is to use sh dialer int serial x/y . [CSCdj51612]

IP Routing Protocols

EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj28874]
A router may crash with a "System restarted by bus error at PC 0x60394488, address 0xD0D0D0D" message when running Cisco IOS 11.1(9) RSP with a heavy load of EIGRP and CSNA traffic. [CSCdj29447]
BOOTP requests being sent to 0.0.0.0 get forwarded to the gateway of last resort when there is one. [CSCdj33809]
A C7513 router running EIGRP reloads with the following message :-

: "System restarted by error - an arithmetic exception, PC 0x60286234".
: The program counter value points to an EIGRP IOS routine. [CSCdj38361]

Router has a high cpu utilization only in the ip background process, with 11.1(13.4). [CSCdj38748]
Cisco routers in certain circumstances will receive LSA type 6 ( MOSPF ) even if the other router(s) would have seen we don't support MOSPF. This would be the case in Broadcast networks where the DR would talk MOSPF, in which case according to the spec - "a non-multicast neighbour may (inadvertenty) receive group membership LSAs. The non-multicast router will then simply discard the LSA, however the Cisco will generate a syslog message for every "unknown LStype" received which results in a large amount of syslog messages.

: This fix add the ospf ignore lsa mospf router command. When this command is configured, the router will not generate the syslog message when MOSPF LSA is received. [CSCdj42242]

ICMP unreachables are wrongly sent out for multicast packets. [CSCdj43447]
When running dense-mode groups over routers with NBMA mode or PIM p2mp signalling enabled. The incoming interface will often be put in the outgoing interface list, resulting in RPF failures and duplicate packets on the network. [CSCdj45345]
Rip version 2 clear-text authentication failure. [CSCdj46674]
If the OSPF summary host route is overwritten by a route from another routing process which has lower administrative distance, it is possible that the OSPF summary host route will not be reinstalled after the latter route is removed. In particular, it only happens if the host route address is also the router ID of some ASBR. [CSCdj49161]
Spurious access errors appear while running IP Multicast. No operational impact. [CSCdj50963]
When a receiver joins a group after source starts sending (and source is also joined to the same group), RP may not trigger a PIM join immidiately, resulting in approximately one minute join latency for the receiver. [CSCdj51633]
When one of the routers on a broadcast network has been partitioned in which at least one partition has only one router, OSPF will generate a stub advertisement for this network in the isolated router's router LSA. This stub route will overwrite the normal network route calculated using the network LSA, regardless of the path cost.

: This problem exists in all releases starting 10.3. This will be fixed in 11.1 and newer releases. [CSCdj53804]

If a router is running out of memory while running OSPF, OSPF does not check to see if one of its structures has been properly allocated. This may result in a SegV exception, thus causing the router to reload. [CSCdj54524]

ISO CLNS

Under certain circumstances, a Cisco 7505 router running 11.1(13a)CA1 will reload if the netID is changed under the IS-IS routing process. [CSCdj49485]

Novell IPX, XNS, and Apollo Domain

Using any of the xns flooding command may cause the router to reload, give alignment, bad pool, or buffer warnings. [CSCdj23479]
If a route goes away via aging (180 seconds) and the default route is known a cache entry may be installed for this network using the default route path. If the network comes back within the next 60 seconds a new cache entry pointing to the now valid path may not be installed, the cache will still point to the default route path for this network. Workaround is to clear ipx route-cache, or run without using the default route. [CSCdj47705]

Protocol Translation

A translation from tcp to either LAT or X.25 using the printer option may fail to close the outgoing connection under rare conditions. This will make the vty line unusable for protocol translation. If an exec session is started on that line, the line will be usable again for translation after the exec ends. [CSCdj40442]

TCP/IP Host-Mode Services

A router may restart with a bus error at address 0xD0D0D5D in module tcpdriver_del. [CSCdj26703]
Sometimes a TCP control block structure is mistakenly freed during timeout processing, and the next reference to the structure will cause the router to crash. [CSCdj55793]

Wide-Area Networking

The "%SYS-2-GETBUF" error message may appear. [CSCdi92482]
Cisco products may fail to interoperate with certain PPP implementations of Stacker (Stac) compression, notably Microsoft dial up networking and Ascend stac9 mode. Cisco supports Stac Check byte mode(1) and Sequence Number mode(3), which is default, but Microsoft and Ascend support only Extended mode(4). Stac negotiation might fail or the connection may hang when packets are lost. A workaround for Microsoft Windows 95 is to upgrade with ISDN 1.1 Accelerator Pack or later. To check the version of the Dial-Up Adapter on a system, check the file version for PPPMAC.VXD in WindowsSystem. File versions of "4.00.1150" and later support Sequence mode. [CSCdj08064]
On RSP platforms, if the load on a LEX interface increases to the point where the fast switching code decides to put packets on the process-level output queue, the system will crash. [CSCdj26184]
Using NBF (NetBIOS over PPP) may result in traceback messages complaining about invalid memory action at interrupt :

: %SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
: with traceback information appended. [CSCdj42341]

The patch prevents the use of an invalid pak->info_start pointer when doing payload compression on RSP platforms, thus avoiding a crash. [CSCdj43332]
Release-note: A remote DLSw peering router may send a DM response just after the LLC2 connection is established if the router is very busy and the PC station responds immediately to the UA with a RR. The client will need to reestablish the connection. [CSCdj47782]
A boot image without a subsystem containing IPCP will restart the router.

: There is no workaround. [CSCdj48085]

The router crash with software force crash in process_suspend.

: This bug is very similar to CSCdj15399. [CSCdj50030]

The show x25 vc command will cause the router to unexpectedly restart if there is a combination of locally switched virtual circuits and other virtual circuits. [CSCdj50405]
A boot image for version 11.003(000.012) will cause the router to reload if a variant of the "compress" command is configured for a PPP encapsulated interface.

: This has not been observed on any other release. [CSCdj56450]

11.1(14) Caveats/11.1(15) Modifications

This section describes possibly unexpected behavior by Release 11.1(14). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(14). For additional caveats applicable to Release 11.1(14), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(15).

AppleTalk

ATCP may cause AppleTalk to trash memory and reload the router. There is no workaround. [CSCdj23355]

Basic System Services

Concurrent pings started via the Cisco Ping MIB were subject to having their messages mixed due to using the same message ID sequence. Although not observed this could also happen with pings started with the ping command. This problem was fixed by using a random number as the base for the message ID in both situations. [CSCdi84475]
Inability to password protect the slave from console access. [CSCdj15265]
On Single Flash Bank 2500 devices, when the device is running from the image on flash (RFF), SNMP operation of copy to flash using CISCO-FLASH-MIB doesn't work.

: The work around is to use the (C)ommand (L)ine (I)nterface: "copy tftp flash" This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]

RMON alarms will not work properly on a number of MIBS which use internal MIB caching to speed up mib object value retrieval. The only possible workaround is to set up an snmp get poll on these objects to force an update to the MIB cache, with a poll period within the alarmInterval time. The following MIBs have this problem :

: APPN-DLUR-MIB IBM-6611-APPN-MIB CISCO-CIPCSNA-MIB CISCO-CIPLAN-MIB CISCO-CIPTCPIP-MIB CISCO-SNA-LLC-MIB SNA-NAU-MIB CISCO-TN3270SERVER-MIB OLD-CISCO-IP-MIB BGP4-MIB LAN-EMULATION-CLIENT-MIB RFC1406-MIB RMON-MIB IF-MIB RFC1398-MIB OLD-CISCO-INTERFACES-MIB CISCO-PING-MIB CISCO-QLLC01-MIB [CSCdj34766]

The problem was caused by the changes made to fix CSCdj21539. We now use a different approach to solve the CSCdj21539 problem so that ip pings will not fail again because of the CSCdj21539. [CSCdj37942]
An SNMP Get of an individual instance from the ipNetToMediaTable may fail, even though an SNMP Get-next will successfully retrieve the instance. This is likely to be seen on table entries referring to software interfaces (e.g. subinterfaces, loopbacks, tunnels) or hardware interfaces that have been hot-swapped in. There is no known workaround. [CSCdj43639]
4500 running 11.0.13 crashes in fr_fair_queue_flow_id .

: The crash occured in the frame-relay packet classifier fuction called by the WFQ routine. The work around of this problem will be to disable wfq on the interfafce with frame-relay encapsulation. [CSCdj45516]

IBM Connectivity

A 1500-byte frame sent to the srtlb code is dropped because the srtlb mtu is set to 1492. [CSCdj18838]
A router configured for DLSw has a buffer leak in the middle and big buffers. Eventually, the router runs out of I/O memory.

: The problem is related to the way DLSw backup peers are configured. This problem will only occur if the local router is configured with backup peer commands and the remote router also has a configured peer and is not promiscuous.
: The workaround is to remove the DLSw backup peer configuration. [CSCdj21664]

On a Cisco 7200 router, duplicate ring entries may be seen in the RIF cache and when using the debug source bridge command. The duplicate ring entries lead to connectivity problems for end systems. [CSCdj21876]
When using the configuration command

: netbios access-list host
: multiple times, it was discovered that in the IP/IPX Feature Set of IOS Releases after 10.2(5), not all of the entries in the list made it into the configuration. The parser accepted the commands, as it should given that they were syntactically correct, but a subsequent "show running-configuration" was missing some of the entries. For example, entering
: Router(config)#netbios access-list host TEST1 permit ONE Router(config)#netbios access-list host TEST1 permit TWO Router(config)#netbios access-list host TEST1 permit THREE Router(config)#netbios access-list host TEST1 permit FOUR Router(config)#netbios access-list host TEST1 permit FIVE Router(config)#netbios access-list host TEST1 deny * Router(config)#^Z
: yields
: Router#show run
: [omitted] ! netbios access-list host TEST1 permit ONE netbios access-list host TEST1 permit THREE netbios access-list host TEST1 permit FOUR netbios access-list host TEST1 deny * !
: [omitted]
: -------------------
: Why entries TWO and FIVE are missing is not determined at the time this bug is filed.
: The workaround is to upgrade the IOS image to any Feature Set that includes the IBM Feature Set (such as IP/IPX/IBM) or Enterprise Feature set. This bug affects only images lacking the IBM Feature Set. [CSCdj26084]

appn image may restart because of a CPU HOG problem in processing a link failure event by the Directory Service appn process (xxxdns00) in an extreme condition when a lot of locate requests were pending with the node with which link failure has occurred.

: There is no alternative workaround when this happens. The router is forced to restart by the system watchdog process (software-forced reload event).
: The fix is to give up the cpu by the xxxdns00 process after processing certain number of requests at a time. [CSCdj26423]

Align-3-correct errors are detected in srb_common and lnm processes. [CSCdj29840]
A DLUR router may reject unbind requests from the host if it has not received a bind response from the downstream LU.

: If the downstream device never responds to the outstanding bind, the DLUR router will wait indefinitely and not free the local-form session ID (lfsid). This may cause a situation in which the host tries to reuse a lfsid after it has sent an unbind request, but the DLUR rejects the new bind request because it believes that this lfsid is in use. If the host continuously tries to use this lfsid which the DLUR believes is in use, then no new sessions can be established. This problem occurs only when the downstream device does not respond to a bind request. [CSCdj30386]

A router configured with RSRB may crash upon RSRB keepalive failure if (and only if) SRB debugging is enabled.

: The work-around is to disable SRB debugging or if SRB debugging is required, disable RSRB keepalives. [CSCdj31101]

The DLUR router may display a display a spurious memory access during a pipe failure.

: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x60700B84 reading 0xA4 [CSCdj33097]

The APPN router may display the following "Unanticipated CP_STATUS" message when the conloser cp-cp session goes down and comes back up without the conwinner session being deactivated.

: %APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1 %APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4 %APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received
: Each subsequent broadcast locate received by this router causes the following messages to be displayed and about 1920 bytes of appn memory to be leaked.
: %APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080 %APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0
: This problem was found when 2 links were active to the same node, and the cp-cp sessions were split between these 2 links. The problem would occur if the link with conloser was stopped.
: The appn subsystem should be stopped and restarted to clear this problem. If these cp-cp sessions are between the router and the host, terminating either cp-cp session on the host will also clear this problem. [CSCdj33718]

There may be intermittent failures when trying to link to bridges over the DLSw remote peers when running LNM over DLSw. The workaround is to reload the router that is directly attached to the LNM device. [CSCdj34112]
When an LLC2 connection is configured to work over ATM LANE for DLSW, the connection succeeds until a retransmission is required, at which time it fails. [CSCdj34873]
If the DLUR router received fixed session-level pacing values on the primary stage, it may modify these pacing values before forwarding the bind to the secondary stage. [CSCdj36195]
APPN dlur router may reload with SegV exception in ndr_sndtp_encap_mu in a timing window where the DLUR supported device disconnects before a request_actpu is sent to the dlus for that device. [CSCdj37172]
After a DLSw peer is disconnected and reconnects the circuit count will be in error. An example of this is:

: Router A config: dlsw local-peer peer-id 10.1.3.1 dlsw remote-peer 0 tcp 10.1.4.1
: Router B config: dlsw local-peer peer-id 10.1.4.1 dlsw remote-peer 0 tcp 10.1.3.1
: On router B, the remote peer statement is removed and re-entered several times, causing the peer to disconnect and connect. Then on router A, issue the command:
: Merlot#sh dlsw pe Peers: state pkts_rx pkts_tx type drops ckts TCP uptime TCP 10.1.4.1 CONNECT 57484 57476 conf 0 3 0 00:09:54
: Every time the peer comes back up, the circuit count for the peer has been incremented. There is only one real circuit across this peer connection. [CSCdj37235]

A show lnm interface tokenring X will even display active stations on the tokenring when the actual interface on the router is shutdown. [CSCdj37458]
The problem would appear to be when a LU node specific node attempts to start a session with a set of invalid Bind parameters. This results in a locate-find ( with the bind in the CDINIT ) being sent through the Cisco APPN network to the end VTAM CP who rejects the Locate-Find with a 0835003A sense and sends this back with a control vector CV35 of minimum length 8 bytes to the originator via the Cisco APPN NN.. The APPN NN then rejects the frame with a 08953500 sense and drops the CP-CP session between the CISCO and VTAM CP's. [CSCdj37479]
APPN enforces the maximum size of a CV10 (product set identifer) on XID to not exceed 60 bytes. Some products include a CV10 which is larger than the 60 byte value. These products will fail xid negotiation with APPN. [CSCdj40144]
In the event that APPN/DLUR has processed and sent a bind request to a downstream device, and that device has not responded to the bind, a vary,inact on the host for the lu name that the bind is destined for will not completely clean up the session as it should. [CSCdj40147]
When a connection is attempted over a port defined with the len-connection operand, appn can loose 128 bytes of memory for each connection attempt. [CSCdj40190]
7200 may crash on receiving a frame from a token ring. No workaround is present for this bug. [CSCdj40568]
appn TPsend_search leaks memory while sending locate search requests to adjacent nodes at certain condition (when lik failure occurred). [CSCdj40915]
If keepalive 0 is explicitly specified on a dynamic DLSw dlsw remote-peer statement, a display of the running configuration does not show keepalive 0.

: Operationally, dynamic peers do not send keepalives. Whether the keepalive is specified or not, keepalive 0 is assumed. [CSCdj41601]

When RSRB with TCP encapsulation is configured and remwait/dead peers exist, an explorer packet may continuously try to open the remwait/dead peer.

: After several tries, the router may crash with memory corruption.
: The workaround is to remove any remwait/dead peer statements. [CSCdj42427]

Cisco 7206 with IOS 11.1(13.5)CA restarts with the following: System was restarted by error - a Software forced crash, PC 0x60278214

: The protocols running on the router are Remote source route bridging (RSRB), dlsw, Decnet, and IPX. [CSCdj42431]

The 3640 router crashes when a UI LLC frame is received on the token-ring interface. [CSCdj43755]
APPN crashed when it received a CV35 without the Termination Procedure Origin Name (TPON) field. [CSCdj44661]
When link failed or inactivated, link inactive message doesn't display. This happens only with links configured with "retry limit". [CSCdj44687]
Configuration of SRB on second interface yields traceback from LNM:

: %LNMC-3-BADCLSIRET: bogus Invalid ret code (0x7007) init_clsi_op_proc, bogus -Traceback= 60791120 6078FE48 6078FDC4 607890E0 6078ED48 60226648 60226634 [CSCdj45268]

DLUR bind processing can cause stack corruption which leads to a reload with PC 0x0. This is caused by attempting to parse the user data subfields beyond the location where the subfields exist. The reload will only occur of the byte two bytes beyond the end of the user data area is 0x3 or 0x4. This is a very rare occurance. [CSCdj45676]
In a large (over 200 NNs) APPN network environment, during initial start up or intermediate links recovery, numerous broadcast searches could happen and melt down the entire network due to the serge of memory usage for these broadcast.

: Even tremendous efforts were spent on the network design trying to reduce the number of broadcast searches as much as possible, as the APPN network continues to grow, it simply doesn't scale.
: One of the problems is that even the location path is predefined or known one way or the other, if the directed-search fails for whatever reason, according to the APPN architecture, a broadcast search should follow. This creates the broadcast storm unneccessarily if nothing has been changed except the intermediate links just went down and in the process of coming up. [CSCdj45705]

The message %APPN-0-APPNEMERG: Mfreeing bad storage, addr = 60BB7188, header = 60BB6B20, 00000218 -Process= "ndrmain", ipl= 0, pid= 62 may be issued when a dlur served PU disconnects. This defect was caused by the fix for CSCdj37172. [CSCdj46783]

Interfaces and Bridging

When connecting a Canary Fast Ethernet transceiver to the MII connector on VIP port adapters, reload the microcode so that the port will function properly. [CSCdi64606]
Removes the auto-enable feature for packet-by-packet frame-relay compression, and allows this form of compression to be manually enabled. [CSCdi85183]
Bridging from serial interface to fastethernet interface with ISL encapsulation fails because serial input queue is not cleaned up. [CSCdj01443]
Hardware platforms which use Cirrus Logic serial line controllers may experience the following behavior:

: If the system tries to discard output for a line while there is output data in the buffer, the line may become unresponsive to input. This happens most frequently when the user attempts to abort output from a network connection. For example: sending CTL-C on a LAT connection or sending a break character during a PAD connection may cause this symptom.
: The affected platforms are:
: 2509 - 2512, 2520 - 2523 AS5200 NP-2T16S - module for 4500 and 4700 NM-4A/S, NM-8A/S, NM-16A, NM-32A - modules for 3600 [CSCdj02282]

In bridging, router fails to translate from a 802.10 fddi packet to a native ethernet packet. The failure is that router fails to de-encap "SDE information" before sending the packet out on a ethernet interface.

: As a result, the first icmp arp broadcast message fails to reach the destination when ping is used. [CSCdj21365]

SNMP agent returning erroneous values. Under some conditions, the ifInUcastPkts counter was observed returning decreasing values, which is incorrect. [CSCdj23790]
Setting encapsulation fddi without bridging enabled on VIP2/FDDI and FIP in RSP causes the interface to bridge transparently.

: encapsulation fddi should only be used with bridging enabled.
: Workaround: Use no bridge-group 1 to disable bridging. [CSCdj24479]

Please note that ppp-compression and custom-queueing are not compatible features. We are currently trying to reproduce this bug with all forms of fancy queueing turned off.

: Assuming we cannot reproduce, this bug will be reclassified at a lower priority, with the trust being to do a command-parser change to prevent use of fancy queueing and ppp-compression.
: Please note, however, that we ackowledge that use of mutually- incompatible features should not cause the router to crash. Further, why the crash is occuring in the compression engine is something we do not currently understand.
: For the present, please turn off all fancy queueing. [CSCdj25503]

When configured for greater than 10 HSRP standby groups, the active VIP FE card will not respond to packets destined to the virtual addresses for HSRP groups greater than 10. [CSCdj29466]
Under certain circumstances, the fastethernet interface could stop passing traffic. The reason for this behaviour is being investigated. Resetting the interface in this condition with the shut/no shut command could result in the router reloading itself. Since the hanging problem doesn't occur any more, this ddts only resolves the crash problem due to bus error when shut/no shut command is issued while there are traffic on fastethernet interface. [CSCdj33727]
On an experimental image corresponding to 11.1(12.5)CA, it was observed that if one uses a point-to-point subinterface on the ATM interface of the CES card of the 7200, then IP connectivity will break if transparent bridging is configured on the subinterface (via the "bridge-group") command. IP connectivity can be restored by unconfiguring transparent bridging.

: The workaround is to do RFC1483 over a PVC using a multipoint subinterface with a map-list defined. Using the map-group command on a multipoint subinterface does not exhibit breakage.
: To tell if you have this bug, do a "show arp." If there is an entry for the other end of the PVC showing "incomplete" for the MAC address, then you have this bug.
: It is not currently (8/14/97) not known what if any major revision images exhibit this behavior or not. [CSCdj34217]

NFS transmission problem and fddi excessive claims after installing 11.1(9) through 11.1(14) and 11.2(1) through 11.2(9). This problem is specific to the CX-FIP interface board. This problem does not apply to 11.0, 10.3 or older IOS releases. [CSCdj38715]
This patch adds code that was left out of the 11.1 tree when committing CSCdj02259. Basically, disable the compression auto-enable feature for Frame Relay, and prevent all FR traffic from being fast-switched when compression is turned on. [CSCdj45550]

IP Routing Protocols

When ip multicast rate-limit is configured on an interface with no source and no group ACLs, rate limiting is not performed based on the total aggregate multicast traffic processed through that interface. [CSCdi74132]
A router with equal cost paths to a unicast route, requires that all interfaces leading to that route be configured for PIM to have that route advertised via DVMRP. [CSCdj25619]
when using ip bgp-community new-format option, show ip bgp community 0:N command doesn't filter the displayed output according to the specified community, but rather displays the entire bgp routing table. [CSCdj28386]
The first unicast route is never included in DVMRP Reports on interfaces configured with ip dvmrp default originate. A workaround is to use ip dvmrp default only which still includes default in DVMRP Reports but does not include any unicast routes. [CSCdj30275]
When an administratively scoped boundary is configured on the incoming interface of a multicast forwarding entry, it does not send prunes upstream. As a result, traffic is continuously sent to the boundary router. Note this bug does not result in leakage of unwanted packets across the boundary. [CSCdj30423]
"clear ip rout *" does not clear redistributed routes. [CSCdj30913]
If the system receives an Assert containing a worse metric, the system may unexpectedly fail to send an Assert override. As a result, the wrong system may end up forwarding onto the LAN. In certain topologies this could result in loss of connectivity. [CSCdj32145]
Router crashes on receiving multicast packets with illegal source address 0.0.0.0. The work around is to configure access list to filter out packets with source ip address 0.0.0.0. [CSCdj32995]
Old incoming interface is not populated in the OIF during RPF transitions. [CSCdj34457]
When the OSPF interface command ip ospf authentication-key key is configured with key which length, including any trailing space, is longer than 19 characters, then the OSPF internal data will be corrupted. The following write terminal command could reload the router.

: The workaround is not to enter key longer than 19 characters, either encrypted or not.
: The same problem happen with the ip ospf messge-digest key-id md5 key command, the key length in this case should not be longer than 36 characters.
: This fix will resolve the problem with both commands. [CSCdj37583]

In some instance, a configured 'bgp router-id' is not used after the router reloads. Instead, the router uses the highest ip interface address as its router id, until 'clear ip bgp' is performed.

: A workaround is to configure loopback interface, whose address is greater than any other address on the router. [CSCdj37962]

BGP dampening can not be re-enabled after configuring no router bgp xxx and router bgp xxx.

: Workaround is to configure no bgp dampening first, and then configure bgp dampening. [CSCdj39076]

When the last forwarding interface does down for a group which has at least 1 other pruned interface, the Prune flag may not be properly set. This may result in failures to send Prunes as well as failures to send Grafts. Workaround is to clear the affected group by issuing a clear ip mroutegroup. [CSCdj39109]

LAT

The following message may be erroneously displayed:

: %LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet
: When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full ethernet frame. Data for the slot is discarded. [CSCdi82343]

Novell IPX, XNS, and Apollo Domain

The fix for CSCdj20438 in 11.1 did not completely fix the problem with connected networks not learning new paths, it may have introduced a problem where static routes may age in the table when they should not age. [CSCdj45340]
Running IPX EIGRP with maximum path set greater than one, the router may not remove the SAP after the interface is down if it is learned via more than one path. [CSCdj45364]

TCP/IP Host-Mode Services

In Cisco IOS Release 11.1(10), forwarding UDP broadcast packets to the helpered addresses seems to be broken. Cisco IOS Release 11.1(4) is not affected. [CSCdj13548]

VINES

If the system has corrupt vines access lists, show vines access displays debug information. To suppress this debug information, added a new hidden command. Use show vines bad-access [] to display corrupt vines access lists. [CSCdj37856]
A router may unexpectedly reload when VINES SRTP routing is configured. The workaround is to remove the vines srtp-enabled command. [CSCdj37888]

Wide-Area Networking

CMNS connections may suffer spurious X25 RESETS under traffic load. [CSCdi40875]
PPP IPCP negotiation will be changed after Cisco IOS Release 11.0(11).

: In Cisco IOS Release 11.0(11) the software accepts the remote peer's "Her" proposed address regardless, and the "Her" address is subsequently added to the IP routing table as a host route.
: With Cisco IOS Releases later than 11.0(11) the software will check the "Her" address against the corresponding dialer map and if the address is different than the IP address detailed within the dialer map, a NAK will be sent and the dialer map IP address will be added as a host route in the IP routing table.
: It is possible to revert to the previous operation using the hidden interface command ppp ipcp accept-address. When enabled the peer IP address will be accepted but is still subject to AAA verification, it will have precedence over any local address pool however. [CSCdj04128]

On a Cisco 4500 running Cisco IOS Release 11.0(11) and RSRB, there may be a crash in the "llc2_timer" routine causing a system reload. [CSCdj13175]
Code was added to decode the CYA error registers on the VIP2 during a crash.

: The new error messages for the CYASIC Error Interrupt register are:
: "Forced Error Interrupt" "Bus Error from PMA on CYA master cycle" "Error in handling soft DBus data port" "Overflow of internal arbitration FIFO" "Unknown CYA eisr bit 0x08000000" "DMA Transmit Error" "DMA Receive Error" "Queueing Engine LOW Priority Interrupt" "Queueing Engine Program Memory Parity Error" "ORION re-used read-ahead register" "Readback from unused posted read" "Readback of bad posted read data" "Global Lock requested when unavailable" "CBus read during CBus stall" "Posted read not complete" "Overflow of ORION write FIFO to MEMD" "Illegal address from ORION" "Re-try at end of I/O Stall is not the same" "ORION re-used read-ahead register (Stall)" "Unknown CYA eisr bit 0x00001000" "Unknown CYA eisr bit 0x00000800" "Unknown CYA eisr bit 0x00000400" "Invalid byte enables from ORION" "Single idle cycle between packet bus grants" "Odd number of packet bus grant cycles" "Unknown CYA eisr bit 0x00000040" "Unknown CYA eisr bit 0x00000020" "Parity Error in data from Packet Bus" "Parity Error internal to CYA" "Parity Error in data from CyBus" "Missing ACK on CyBus access" "NACK present on CyBus access"
: The new error messages for the CYASIC Other Interrupt register are:
: "CBus Stall (raw)" "Stall Handling in progress" "CBus Stall (forced)" "CBus Stall starting" "CBus Stall ending" "Unknown CYA oisr bit 0x04000000" "Unknown CYA oisr bit 0x02000000" "Unknown CYA oisr bit 0x01000000" "ORION re-used read-ahead register (Stall)" "Unknown CYA oisr bit 0x00400000" "Unknown CYA oisr bit 0x00200000" "Unknown CYA oisr bit 0x00100000" "Unknown CYA oisr bit 0x00080000" "Unknown CYA oisr bit 0x00040000" "Unknown CYA oisr bit 0x00020000" "Unknown CYA oisr bit 0x00010000" "Unknown CYA oisr bit 0x00008000" "Unknown CYA oisr bit 0x00004000" "Exception Interrupt (forced)" "Unknown CYA oisr bit 0x00001000" "Unknown CYA oisr bit 0x00000800" "Unknown CYA oisr bit 0x00000400" "QE Interrupt (forced)" "QE HIGH Priority Interrupt" "Unknown CYA oisr bit 0x00000080" "Unknown CYA oisr bit 0x00000040" "DBus Interrupt (forced)" "DBus Interrupt" "Unknown CYA oisr bit 0x00000008" "Unknown CYA oisr bit 0x00000004" "Attention (forced)" "Attention" [CSCdj26377]

ATCP negotiation fails when an ARAP 3.0f1c4 client attempts to connect to an IOS access server. This was found during Beta testing of the ARAP 3.0 software. The actual ARAP protocol works fine, it is only ATCP which is failing. [CSCdj31323]
When an ATM interface is running with an MTU size larger than 1500 (such as 4470) and then a sub-interface is configured with an MTU size of 1500, then the router upon a reload will assume a 1500 mtu size on the major atm interface. Cisco is currently working on this and will provide a fix in a future software release. [CSCdj36131]
The system may unexpectedly restart when the "show x25 vc" command is executed, if a virtual circuit is cleared while the display of that circuit is paused. [CSCdj36880]
Router might crash in fr_lmi_tx_process. The occurences of such problem are pretty rare and have been reported only on the low-end routers. There is no workaround other than to disable LMI (no keepalive). This problem should not occur in 11.2. [CSCdj36899]

11.1(13) Caveats/11.1(14) Modifications

This section describes possibly unexpected behavior by Release 11.1(13). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(13). For additional caveats applicable to Release 11.1(13), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(14).

AppleTalk

A special character in an AppleTalk zone name does not work correctly when using the appletalk static command. If the special character is between :80 and :ff, it will be changed in running-config. This change only occurs when using the appletalk static command. [CSCdj25241]

Basic System Services

When using AAA, it is not possible to duplicate the precise sequence of prompts that dialup users have become accustomed to from using XTACACS. This makes moving from XTACACS to AAA problematic for users who do not wish to rewrite their dial-in scripts. [CSCdi42842]
The system may reload when writing a core file via tftp if the core file already exists on the tftp server. [CSCdi83485]
Connected routes stay in the routing table when a card is disabled and in an analyzed wedged state. There is no workaround. [CSCdj08355]
This bug is seen only for asynchronous interfaces and may be caused by the following situations: 1. The configuration is read after a reload. 2. Asynchronous interfaces are configured via Group-Async commands but snmp-server is not yet running.

: To work around this problem, do one of the following: 1. For scenario 1 above, reread the configuration, or go to the Group-Async interface commandline and configure no snmp trap link-status again. 2. For scenario 2, start snmp-server before configuring the no snmp trap link-status command. [CSCdj13769]

Configuration commands priority-list protocol compressedtcp [args] and queue-list protocol compressedtcp [args]

: are respectively saved as
: priority-list protocol compressed-tcp [args] and queue-list protocol compressed-tcp [args]
: in the NVRAM. As a result of change in the string from "compressedtcp" to "compressed-tcp", when you reload the router, these commands are not executed successfully. The workaround will be to reconfigure these commands after reloading the router. [CSCdj13848]

The error "System restarted by bus error at invalid address" is caused by intermittent Telnet sessions on a Cisco AS500 platform running Cisco IOS Release 11.1(10)AA.

: This problem occurs because of a race condition when doing DNS name query, and DNS name cache is removed in the middle of the process.
: There is no workaround on the router side. On the DNS server side, configuring DNS TTL to be one minute or longer may work around this problem. However, this workaround may not be acceptable for some applications. [CSCdj16824]

This problem presented in all images. Prior to this fix, if the users manually specify any types of fancy queuing on the interface (FIFO, priority, custom, etc...), and then, when the interface encapsulation gets changed, the queuing will revert back to "fair-queuing". This is not desirable.

: We want to have the user's specified queuing maintain accross the encapsulation change. Only in the special case where if the type of encap doesn't support fancy queuing, then the queuing will be the default of that encapsulation.
: Tom Vo [CSCdj20358]

During a boot Flash format, systems with earlier release images will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).

: To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20681]

An ARAP session attempt causes NAS to reload when running AAA accounting with ARAP. [CSCdj21751]
This ddts enhances Console error message upon Cbus errors that have virtual address information. The virtual address is decoded and mapped to the slot number for older type interface processors like EIP, FIP, HIP, TRIP. A sample error message is: %RSP-3-ERROR: MD error 00F000F000000000 %RSP-3-ERROR: MC Control parity error 3F %RSP-3-ERROR: CyBus1 error 44 %RSP-3-ERROR: page map parity error %RSP-3-ERROR: address parity error %RSP-3-ERROR: address parity error 23:16 0, 15:8 0, 7:0 0 %RSP-3-ERROR: bus command write 4bytes (0xE) %RSP-3-ERROR: virtual address (bits 23:17) F40000 %RSP-3-ERROR: virtual address corresponds to slot10 %RSP-3-ERROR: MEMD parity error condition [CSCdj25303]

IBM Connectivity

QLLC/RSRB forwards IEEE XID frames like other XID frames to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]
When LNM is enabled on 4000 (or other series), it is possible that there will be a bus error leading to a crash. [CSCdi87220]
*** Release Notes ***

: Multiple "%ALIGN-3-SPURIOUS: Spurious memory access made at xxxxx", are being reported by all DLSW+ routers running c4500-ir-mz.110-13 IOS. [CSCdj02472]

When an LNM queries the router with a report station address, the router answers correctly with a report station address. However, 0.001 seconds later, the router sends a second report station address to the LNM with all zeros in the frame. This causes the LNM to work incorrectly. [CSCdj04559]
A memory corruption causes the router to crash when a NETBIOS DATAGRAM explorer is received by a Cisco 7200 router. This problem can occur for any non-explorer frame also. There is no workaround for this problem. [CSCdj04944]
Issuing the show lnm station command may cause the routers to reload, especially when the stations are getting in and out of the ring. [CSCdj09905]
When SRB and transparent bridging are both configured on two interfaces, Sr frames with an Ethernet type of 0x600 or 0x800 will not be forwarded and do not show up as source errors. This problem first appeared in Cisco IOS Release 11.1(12). [CSCdj18483]
Continuously issuing the appn ping command causes the router to hang indefinitely. [CSCdj19525]
Endstations that have LSAPs other than 0x04 will not work with FRAS/BAN. At present, the LSAPs are defaulted in the code to be 0x04. This poses a problem when a device with multiple PUs are defined on a single endstation with single NIC. Since there is only one mac-address associated with the single NIC only one PU will successfully establish a connection. [CSCdj20685]
This DDTS describes problem with Router SNA Service Point command response errors experienced with 11.1(12) and 11.0(14.4)BT. When we use the NetMaster "RUNCMD" facility to send an IOS "show" command to a router configured with SNA Service Point, one of the lines of output is split into two lines at a seemingly random point [CSCdj22139]
When using RSRB local-ack with priority queuing on a Cisco 7200 platform running Cisco IOS Release 11.1, a severe performance degradation has been seen. The root cause is an alignment error in the priority module. [CSCdj22593]
When RSRB with TCP encapsulation is configured and there are dead peers, an explorer packet may continuously try to open the dead peer. After several tries, the router may crash with memory corruption. The workaround is to remove any dead peer statements. [CSCdj24658]
During certain race conditions, an APPN router may crash with the following stack trace:

: PC= 0x606079a4[psbmfrm(0x60607930)+0x74], 32 bytes
: PC= 0x606094d0[psp00(0x60609380)+0x150], 320 bytes [CSCdj25484]

ReqActPU continuously fails with sense 8170001. This problem may occur when there are two parallel links to the same adjacent CP and the links are frequently stopped and started. The reason this may occur is because someone could try to activate a route over an inactive link. [CSCdj26027]
When promiscuous or peer-on-demand peers are used and there are more than 100 circuits connected, a memory corruption crash may result when the promiscuous or peer-on-demand peers disconnect. The corruption occurs when circuit cleanup is delayed due to end station delay, LAN network delay, or high router CPU usage. [CSCdj26284]
When a Cisco DLSw router starts a circuit (by sending CUR_cs) to another vendor's DLSw implementation, the Cisco DLSw incorrectly sets the lf bits in the CUR_cs header. [CSCdj26402]
Using 11.2.4 with qllc, npsi-poll, and rsrb, the router does not forward the null-xid from the host. The LLC session fails to establish.

: Workaround is to configure using dlsw. [CSCdj26404]

An APPN router may crash with the following stack trace:

: 606CD174[Qfind_front+0x24]
: 606C7D80[timer_process+0x300]
: 606C8070[csweotsk+0x1d0]
: A router may experience this problem after displaying several messages when the output buffer was full. If the crash was related to displaying "incomplete definition in configuration" warnings, the workaround is too remove these incomplete definitions. [CSCdj26701]

DLSw may send NetbIOS NameQueries to the local attached ring instead of using the known rif when verifying the path for netbios-names. This appears only to the first NQ, subseqeuent retries are sent as explorers. [CSCdj27350]
DSPU router sometimes doesn't send SSCP-LU data to the terminal. It seems if router receives NOTIFY during handling SSCP-LU data(logon message), stops sending SSCP-LU data to terminal. [CSCdj28164]
Customer reports blank entries in a show dlsw reachability netbios.

: Router1#sh dlsw reachability netbios-names DLSw NetBIOS Name reachability cache list NetBIOS Name status Loc. peer/port rif FOUND REMOTE 10.9.254.1(0) FOUND REMOTE 10.5.254.1(0) FOUND REMOTE 10.8.254.1(0)
: These entries do not have any functional impact. [CSCdj28173]

The timer that controls the daily cleanup of APPN topology and the 5-day rebroadcast of topology resources owned by this APPN node can fail after 45 days. At this time, other nodes where the timer is still functioning properly may age out the topology of the node with the failed timer after 15 days. Thus, after a total of 60 days, APPN routing failures and failed CP-CP sessions may result between APPN network nodes.

: Because other network events (link outages, and so forth) can trigger a node to send a TDU, this problem will not necessarily appear exactly after a 60-day uptime -- it may occur much later or not at all. However, any APPN router running in the network for over 60 days is at risk for seeing this problem.
: Stopping and restarting APPN will work around this problem until the next timer wrap, which can be up to 45 days, but may be less depending on the current value of the timer. Reloading the router will reset the timer and avoid the problem for an additional 60 days. [CSCdj29014]

A router configured for RSRB may crash with a watchdog timeout during low memory conditions and/or continual peer state changes. [CSCdj30381]
Sometimes the linkstations may get stuck in a XIDSENT state when an APPN linkstation fails and recovery is attempted.

: Caveat CSCdi77040 provides a fix for this problem in the system side. This caveat provides the corresponding fix for APPN. [CSCdj30552]

When using APPN/DLUR with the prefer-active-dlus configuration command specified on the APPN control point, DLUR may not properly connect to a backup DLUS in cases where the primary DLUS is available in the network but has the served PUs varied inactive. [CSCdj31261]
When using the len-connection configuration command on the APPN port and there are at least 30 XID3 devices connecting in through that port, a rare sequence of events of devices connecting and reconnecting can cause a reload. [CSCdj31264]
A dlsw backup peer will connect every 15 seconds for 30 seconds when the remote router is neither passive nor promiscous. [CSCdj31961]
Any device connecting to APPN/DLUR that does not carry a cv0E with a CPname specified on XID (any PU2.0 and some older PU2.1 implementations) causes APPN to fail to release 536 bytes of memory each time the device disconnects and reconnects. Any device connecting on a port with LEN-connection defined also exhibits this behavior.

: When memory is exhausted, the APPN subsystem may stop or the router may reload. [CSCdj33429]

Interfaces and Bridging

A Cisco 4700 router crashed in ip_input because of a bad packet on the IP input queue. [CSCdi46479]
In some cases, a Cisco 4000 router with Token Ring NIM and running xx-p-mz image displays the "%SYS-3-SUPNONE: Registry 6 doesn't exist" error message repeatedly on the console after bootup. [CSCdi70834]
On Cisco 7500 RSP platforms, FSIP serial interfaces may display the following panic messages on the RSP console:

: %RSP-3-IP_PANIC: Panic: Serial12/2 800003E8 00000120 0000800D 0000534C
: %DBUS-3-CXBUSERR: Slot 12, CBus Error
: %RSP-3-RESTART: cbus complex
: If the string "0000800D" is included in the panic message, the problem is related to this bug. The workaround is to load a new image that contains the fix for this bug. [CSCdi78086]

On Cisco 2500 series routers, the Token Ring interfaces run FastMac Plus microcode version 1.28, even though the latest microcode version available is 1.61. [CSCdi93243]
When using Token Ring Adapter in a Cisco 7200 router, a very large number of receive errors on the Token Ring interface may cause the router to reload. [CSCdj16191]
Routers running RSRB from a Cisco 7200 or 7500 series router with a PA-4R Token Ring insert an invalid Token Ring frame check sequence (FCS) in frames sent to remote peers. The invalid FCS will cause data frames to be dropped on some remote peer routers. Affected remote peer routers are Cisco 2500 series, Cisco 4000 series, Cisco 4500 series, and Cisco 4700 series routers running Cisco IOS Release 10.2 or earlier. Other router models and routers running Cisco IOS Release 10.3 or later are not affected. [CSCdj21539]
When bridging IP and routing AppleTalk, assigning the bridge-group to the LEX interface causes AARP entries to disappear and become no longer resolved. [CSCdj22825]
When PIM is configured on a Fast Ethernet PA on a Cisco 7200, the interface enters promiscuous mode and receives all packets on the LAN, possibly interrupting unicast traffic between other stations on the LAN. [CSCdj28007]

IP Routing Protocols

Under unusual circumstances, EIGRP may reinitialize multiple peers when a stuck-in-active condition occurs, instead of just the peer through which the route was stuck. [CSCdi83660]
In bgp/ospf/rip, a crash can occur in using an extended access list with the command default-originate route-map or default-information originate route-map.

: By design, an extended access list can not be used as a condition to originate a default. The document is being fixed. This ddts will fix the crash.
: A workaround (the right approach) is to use a standard access list in default origination. [CSCdj02583]

Under certain circumstances, if the Cisco router received a route with a lower rip2 metric, the router may go to hold down with infinite metric. [CSCdj15295]
The exec command parser does not sanity check the combination of the global command

: router(config-router)#area range
: So for instance it is possible for a user to enter an inconsistent and on the command line, as shown: ========================================= A5-R2#config t Enter configuration commands, one per line. End with CNTL/Z. A5-R2(config)#router ospf 2 A5-R2(config-router)#area 150 range 161.68.24.0 255.255.240.0 A5-R2(config-router)#^Z A5-R2# =========================================
: Note the parser doesn't complain that 161.68.24.0 is a network id that is inconsistent with the mask 255.255.240.0.
: Workaround is to make sure that the mask and network id are consistent. In the example shown, either the netid should be "161.68.16.0" or the mask should be "255.255.248.0" [CSCdj16943]

A router may crash after the fifth EIGRP process is configured. CSCdi36031 is a related caveat. [CSCdj17508]
Multicast groups are sometimes pruned when the router has locally joined the group on the incoming serial interface. Workaround is to configure this on another interface. [CSCdj19385]
Under certain conditions, the EIGRP variance command may not remove routes that have a higher next hop metric. To resolve the problem, issue the clear ip route command. [CSCdj19634]
Multicast prunes sent on serial links give priority to Non-RPF rather than RPF prunes. No workaround till this bug is integrated. [CSCdj20857]
When redistributing routes from one OSPF process into another if both the metric-type 1 and match internal parameters are used, then the metric-type 1 parameter is ignored.

: For example, in the following configuration:
: ! router ospf 100 redistribute ospf 4 metric-type 1 subnets match internal network 136.96.0.0 0.0.255.255 area 0 ! router ospf 4 network 192.161.10.0 0.0.0.255 area 0 !
: Routes redistributed into ospf 100 from ospf 4 would have metric type 2 instead of metric type 1.
: A workaround is to use a route-map for the redistribution:
: ! router ospf 100 redistribute ospf 4 subnets route-map OSPF4 network 136.96.0.0 0.0.255.255 area 0 ! router ospf 4 network 192.161.10.0 0.0.0.255 area 0 ! route-map OSPF4 permit 10 match route-type internal set metric-type type-1 ! [CSCdj21048]

The IP route associated with an OSPF virtual link is not updated, or is very slow to update (30 minutes) when the virtual link is re-routed over a lower cost link. When this occurs, the output of show ip ospf virtual-link will show a different next hop than show ip route.

: The impact is that backbone transit traffic is routed over a slower link when a faster one is available. Manually removing and re-adding the virtual link will cause the route to be updated immediately. [CSCdj21134]

Routes come back that are injected and then take precedence over the unicast route. Then the unicast route stops getting advertised. There is counting to infinity with no reachability in the meantime then the route starts back again. [CSCdj22506]
There is no easy way to set OSPF route adminstrative distance based on route type. The current method is to use distance command with access-list to selectively set adminstrative distance based on route prefixes, which is very inconvenient and result in huge configuration.

: This fix introduces a new command distance ospf which allows the customer to set the distance of intra-area, inter-area and/or external routes with a single command. [CSCdj23621]

When a router is no longer the DR, it should not keep a sparse-mode interface in its outgoing interface list, even if a connected group member exists on that LAN. The sparse-mode interface should expire unless it is refreshed by a join message from a downstream router. [CSCdj25373]
Turning on IP routing after assigning IP addresses to the interfaces does not take effect.

: The workaround is to turn on IP routing and then assign the IP addresses to the interfaces. [CSCdj26052]

IP cache is not being invalidated for destinations which use the default routes even after the next hop is down. Workaround is to do 'clear ip cache'. [CSCdj26446]
Major net summarization is incorrectly done if you have two equal cost direct connect interfaces.

: clear ip rou * is the workaround. [CSCdj30971]

Dense mode interfaces are not always populated in the outgoing interfaces of a multicast route. This was introduced by CSCdi25373. [CSCdj32187]
If dvmrp route-limit is exceeded while sending reports over a DVMRP interface(tunnel or LAN), reports are not send over subsequent DVMRP interfaces. [CSCdj32464]

ISO CLNS

CLNS fast switching is not working between PVCs defined on ATM subinterfaces. [CSCdj23817]

LAT

When performing protocol translation from X.25 to LAT, spurious memory accesses may be seen in console messages as well as in the output from the show alignment EXEC command. [CSCdj18470]

Novell IPX, XNS, and Apollo Domain

A CPUHOG warning message may occur on a system when it is busy handling large numbers of echo packets, or discarding broadcasts messages which are not forwarded by an ipx helper-address. [CSCdj11342]
If Cisco IOS Release 11.1(10) is running with IPX NLSP, IPX EIGRP, and IPX RIP, and IPX EIGRP is redistributed into NLSP and vice versa, the router may reload when receiving certain NLSP updates and redistributing them into IPX EIGRP. [CSCdj11870]
If an ethernet fails in a manner similar to the cable being unplugged, the local XNS network stays in the table as "(down)" and a new path to that network is not learned. [CSCdj20438]
Apollo packets arriving on an interface not enabled for Apollo, while Apollo is anabled in the unit, may accumulate on the interface input queue and are not discarded or processed causing the queue to fill. [CSCdj27002]
IPX fast switching might fail over a PRI interface, resulting in IPX client connections not being established over the PRI even though the IPX servers are visible. The workaround is to configure no ipx route-cache on the PRI interface. [CSCdj29133]
XNS does not learn the new non-canonical format of Token ring MAC addresses. It retains the old canonical format address for its node address. This would cause routing failure. The workaround is to disable and renable xns network on all the token-ring interfaces. This affects only RSP platforms and when you upgrade a XNS configured router from a version which has the bug CSCdi48110 to a version which has this bug fixed. [CSCdj29916]

TCP/IP Host-Mode Services

An interface may become wedged with input queue 76/75. This is caused by both syslog and SNMP traps.

: The workaround is to disable both syslog and SNMP traps. The commands to do this are no snmp-server host ip-address and no logging ip-address. [CSCdj27567]

New TCP connections may become stuck in SYNSENT state when router is low on memory. [CSCdj30008]

VINES

Issuing the write memory command may cause the system to reload while writing the VINES access list to memory. Issuing the write terminal or show vines acc commands may also halt the system. The workaround is to delete the configuration file and reconfigure the system. [CSCdi49737]

Wide-Area Networking

When bridging from an interface with an MTU greater than the target Ethernet interface you may get the following message:

: %LINK-3-TOOBIG: Interface Ethernetx, Output packet size of 1552 bytes too big"
: followed by a traceback message.
: Workaround is to set the MTU of the source interface to 1500. [CSCdi88531]

A problem seems to exist with the lower bound of the frame-relay broadcast queue parameters. [CSCdj04561]
Packets which are exactly encsize long are not bridged. This means that TEST and XID frames will not be bridged. Instead, they are passed up to process level, which will respond to them. [CSCdj14748]
If a Group Async interface is configured with more than 20 lines than the lines after the 20th line will not be applied to the member interfaces after a unit (re)starts. All of the commands will show up in the 'show running' output. This defect will be removed in a future release of IOS> As a workaround, you can remove and re-enter each of the unapplied to the Group Async interface. [CSCdj14946]
Under a high CPU load, it may be possible for the number of active calls and the number of available B channels displayed by the show isdn status command to be incorrect. Duplicate caveats are CSCdj23944, CSCdj27419, CSCdj15811, CSCdi82010 and CSCdj28147. [CSCdj18895]
This memory allocation error problem occurs after a large number of modem calls to an AS5200 configured for PRI ISDN. After the AS5200 starts to generate a number of these memory allocation error messages, calls cannot be answered.

: The following are indicators that may be used to determine if the AS5200 is encountering this problem:
: 1) When the AS5200 runs out of memory, MALLOC Failure messages will be displayed similar to the one below:
: 1d19h: %SYS-2-MALLOCFAIL: Memory allocation of 1056 bytes failed from 0x2214E776, pool Processor, alignment 0 -Process= "Net Periodic", ipl= 0, pid= 34 -Traceback= 2214D3E0 2214E542 2214E77E 2214BEC6 2214C12A 22159466 2215E86E 22140BDE 2213B688 2213B6E0
: 2) Below is an example of the output from "show process" command. If there is no process by the name "ISDN" in the list, and if the customer starts to see SYS-2-MALLOCFAIL error messages, then you know that the memory leak was caused by the bug reported in this ddts.
: Router#show processes
: CPU utilization for five seconds: 16%/8%; one minute: 23%; five minutes: 22%
: PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process 1 Csp 14985E 832 4547 182 740/1000 0 Load Meter 2 M* 0 84100 1492 56367 1804/4000 0 Exec 3 Lst 1377C4 1089260 9534 114250 1724/2000 0 Check heaps 4 Cwe 13D382 96 19 5052 1728/2000 0 Pool Manager ...
: 3) Below is an example of the output from "show isdn history" command. If there are more than 46 entries marked "Active" in the list, then you can tell that the memory on this router is leaking due to the bug reported in this ddts.
: Router#show isdn history ------------------------------------------------------------- ISDN CALL HISTORY ------------------------------------------------------------- History Table MaxLength = 100 entries History Retain Timer = 15 Minutes ------------------------------------------------------------- Call Calling Called Duration Remote Time until Type Number Number Seconds Name Disconnect ------------------------------------------------------------- In Active(1312) In Active(1238) In Active(176) ------------------------------------------------------------- [CSCdj21944]

A Cisco Access server may fail to start PPP mode for dialup connections when the line is configured with the autoselect ppp command. This results in the dialup connection getting dropped.

: To work around this problem, do one of the following:
: - Use async mode dedicated if no login is required.
: - If a login is required, configure no flush-at-activation, change the q2 register in the modem database, and configure modem autoconfigure type. [CSCdj25443]

Routers running with x25 routing enabled on releases after 11.0(14.1), 11.1(10.1) and 11.2(4.4) are susceptible to the router processor pausing indefinitely when malformed connections are made to the X25-Over-TCP (XOT) port. If this occurs, the router must be reloaded to recover.

: The following error message can be seen scrolling on the console if the router is in the above state:
: %X25-4-VCLOSTSYNC: Interface TCP/PVC, VC 0 TCP connection corrupted
: This does not seem to occur in a normal XOT switching environment. [CSCdj25846]

Some PC based PPP clients are not correctly autoselected into PPP mode by the Cisco Access Servers. This results in numerous drop calls. This problem is usually noticed when an automated dialer is used.

: The workaround is to configure the asynchronous interfaces using the async mode dedicated command. Sometimes, adding a second or two delay in the automated dialer's script also fixes the problem. [CSCdj26647]

The CHAP debug message which includes the text "Waiting for peer to authenticate first" will be output with an invalid interface name. [CSCdj27861]

11.1(12) Caveats/11.1(13) Modifications

This section describes possibly unexpected behavior by Release 11.1(12). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(12). For additional caveats applicable to Release 11.1(12), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(13).

AppleTalk

ATCP and ARAP code will not work with all-router node addresses. NBP lookup to ATCP/ARAP clients may fail. There is no workaround. [CSCdj02390]
A router may prevent Macs from coming up because of duplicate provisional addresses. A work around is to issue the clear appletalk arp command. [CSCdj16510]

Basic System Services

Under some circumstances, the RADIUS CLASS attribute sent to a cisco during radius authentication may be corrupted when it is included in accounting packets originated by the cisco IOS. The MERIT radius server uses this as a "session-ident", and the corrupted values can cause problems in billing applications. [CSCdi63648]
ifSpeed for Subinterfaces will currently reflect the bandwidth setting of the primary (lowest layer) interface. Changes to the subinterface bandwidth via the cli command option will not be reflected in the snmp ifSpeed object instance for that subinteface. [CSCdi89245]
The 7200 will fail when trying to perform a copy tftp if the tftp server resides on a PC. In order for this operation to be successful, the tftp server must be a multi-threaded application (typically a unix machine). [CSCdj14349]
If a Cisco Catalyst 3000 on an adjacent network does not have a protocol address configured and it sends CDP updates, the router may be reset when the show cdp neighbor detail command is used. [CSCdj15708]
Distributed access-lists with a large number of statements may not behave properly when the RSP reloads. A workaround is to execute the microcode reload command. [CSCdj17068]
This DDTS enhances the displayed error message upon a Cache Parity exception error. It now displays the virtual address that got cache parity exception, and also saves the console error message in NVRAM for systems with 11.1(2) Boot Rom monitor for subsequent retrieval of error message via a 'show context' command. The failing address reported by 'show version' for processor memory parity error still remains to incorrect value 0x0.

: SAMPLE CONSOLE OUTPUT ===================== Error: primary data cache, fields: data, physical addr(21:3) 0x1585E8, vAddr(14:12) 0x0000, virtual addr 0x609585E8 *** System received a Cache Parity Exception *** signal= 0x14, code= 0xa01585e8, context= 0x608dfa00 PC = 0x600f5844, Cause = 0x2020, Status Reg = 0x34008002 DCL Masked Interrupt Register = 0x000000bf DCL Interrupt Value Register = 0x0000001c MEMD Int 6 Status Register = 0x00000000
: rommon 2 > > SAMPLE 'show context' OUTPUT ============================ Fault History Buffer: GS Software (RSP-PV-M), Experimental Version 11.1(1909) [ganesh 374] Compiled Tue 27-May-97 18:09 by ganesh Signal = 20, Code = 0xA01585E8, Uptime 00:02:03 $0 : 00000000, AT : 608E0048, v0 : 00000001, v1 : 00000F8C a0 : 609585E8, a1 : 00001770, a2 : 0000FFFF, a3 : 00000000 t0 : 60A77574, t1 : 8000FD80, t2 : 34008700, t3 : FFFF00FF t4 : 00000083, t5 : 3E840024, t6 : 00000000, t7 : ABCDABCD s0 : 60958DF4, s1 : 00002830, s2 : 60925EF0, s3 : 60925EE8 s4 : 00000001, s5 : 00000000, s6 : 00000000, s7 : 00000000 t8 : 600F5E8C, t9 : 00000000, k0 : 30408401, k1 : 00100000 gp : 60860F80, sp : 60A774C0, s8 : 00000000, ra : 60110DC0 EPC : 600FBD78, SREG : 3400E704, Cause : 00000000 Cache Parity Error Buffer Contents:
: Error: primary data cache, fields: data, physical addr(21:3) 0x1585E8, vAddr(14:12) 0x0000, virtual addr 0x609585E8 [CSCdj18350]

Control characters in chat-script commands that are specified using backslash-octal representation are not stored properly in the config. [CSCdj18869]

IBM Connectivity

When using RSRB/Direct, fast-switched, the output packet are counted twice on low-end platforms. Thus when doing a "show interface stat" the number under Pkts Out is twice the number of incoming packets. The code path reponsible for this double count has been identified. A fix has been tested and will be available in the next interim release pending approval of the release program managers. [CSCdi49232]
When doing a show lnm station all stations are displayed even if you shut down the token ring interface over which they were learned.

: These entries do not time out. [CSCdi88082]

router behavior includes crash in ibmnm_su when running the lnm enable features. lnm eventually memory leaks the router into a crash... [CSCdj07103]
The APPN router may crash with a SegV exception in ptp06a. [CSCdj09026]
Cisco APPN currently does not support undefined appn modes which may be used by end devices. It is required to configure the mode and associated class-of-service on the appn router.

: This ddts will fix this problem by selecting a default COS (#CONNECT) when a BIND is received for an unknown MODE to the router. [CSCdj09309]

During IBM-LNAMAN tests, after lan manager was shutdown, router crashed on command "show buffer" Then, router crashed with a bus error. This happened to c4000 router on image: c4000-js-mz.112-5.1.F [CSCdj09919]
During certain race conditions, the DLUR router may hang the dlur/dlus pipe in a "pending inactive" or "pending active" state. [CSCdj10176]
release note

: LOCACK: recv DM, bogus, state NO_ONES_HOME can prevent netbios sessions from coming up in a busy system. [CSCdj11152]

A system was restarted by the error "Software forced crash." The stack trace points to the LAN Manager process.

: The current workaround is to disable LNM.
: > [CSCdj11711]

Enhance APPN PING command to take optimal path though network every time the command is invoked not just on the first instance. [CSCdj12188]
Cisco 7204 router with 11.2(4) version. Its feature is rsr-bridging. The router is intermittenly reloaded by itself with a software foced crash due to memory corruption. [CSCdj13017]
Source-routed frames with a destination address of FFFF.FFFF.FFFF will not be forwarded between Token Rings when SRB is configured on the router. Source-routed frames with destination addresses other than an all Fs broadcast address will be forwarded.

: In some application environments, certain 3270 emulators will not direct a test poll to a specific media access control address and will use an all Fs address to create the frame. It is this all Fs frame in an SRB configuration that will not be forwarded by the router. This configuration impacts workstations that are attempting to connect to host devices. The broadcast frame will never leave the local ring.
: Most emulators will use the destination media access control address of the host device to create a frame containing the test poll. With some proprietary implementations, the MAC address of the host device does not have to be known by the end device. [CSCdj13563]

Cisco APPN/DLUR is not able to establish dynamic link stations with a device that sends xid3 but does not include a cpname on xid3. [CSCdj15606]
When modifying a peer statement for a DLSw remote peer we added a cost parameter and the cost parameter was not accepted by the parser and saved in the config. Even when a "wr mem" was executed the router did not save the cost statement in the config. The cost statement did work as designed and this can be observed when looking at the sh dls capabilities command but if the router is reloaded the command must be reentered to get it to work. [CSCdj16627]
When running Cisco IOS Release 11.1(11) with BSTUN configured, the router may reload under certain conditions. This problem may be minimized by configuring HOSTTIMEOUT to a large value. However, this will have a significant impact in detecting device outages. [CSCdj16888]
Cisco DLSw appears to shift the lf bits in the SSP header when peering to other vendors DLSw implementations. This may cause circuits to connect using a (smaller) non-optimal largest frame size or may cause cicruits not to be able to connect at all. [CSCdj17372]
Cisco 2522 routers running Cisco IOS Release 11.0(11) may have problems with the SDLC state machine. When a large amount of data is input into the router from a PU (for example, during a file transfer), the router may poll the next PU without receiving a poll final in a frame and without T1 expiring. The router may also expect data from the PU, even though it did not poll the PU.

: A workaround is to ensure there are no unnecessary PUs configured on a line that is continually sending SNRMs. [CSCdj17630]

When in the network with a VTAM4.4 node, Cisco APPN improperly clears a bit in the TDU CV45 which is set by VTAM 4.4. This can cause improper tdu information to be dispersed to the network and can cause a topology trashing condition in some situations where a router is positioned between two vtam 4.4 nodes. [CSCdj18360]
An APPN router may fail with a SegV exception when reporting an xid negotiation error during appn link activation. The decoded PC is in cs_send_alert. [CSCdj18565]
The DLUR router may display an Mfree error in the ndrmain process when issuing an "appn stop". This message does not effect the performance of the DLUR router. [CSCdj19884]
A 4500 can crash sometimes if it has "source-bridge local-route" configured. [CSCdj20420]
Buffers classified as linktype IBMNM may leak in the LNM process. A workaround is to disable the LNM process. [CSCdj20441]
The router is unable to link router with LAN Network Manager. [CSCdj20748]
When a directory cache entry exists for a resource and a broadcast search arrives for that same resource name, the intermediate node broadcast processing will delete the valid cache entry that existed previously. This defect will cause excessive locate broadcast traffic. [CSCdj21343]
Using the dlsw ring-list or dlsw port-list configuration commands can cause a SegV exception when executing the show dlsw reachability command. [CSCdj21894]
The DLUR router may get into a tight loop, in which it continuously retries to start the DLUR/DLUS pipe to the same DLUS without waiting the specified retry time. This problem could cause the router to crash or continuously display pipe retry messages without waiting the specified retry time. It may also result in high CPU usage. [CSCdj22330]
When establishing a DLSw session, the circuit priority field in the SSP header of the CUR_cs, ICR_cs, and/or REACH_ACK SSP frames may be set to a reserved value (5, 6, or 7). While this value will not cause problems when sent to a Cisco router peer, it may cause interoperability problems when peering to another vendor's equipment. This problem may manifest itself as an inability to start the circuit. [CSCdj22482]
When the first attempt to link a Cisco router with the LAN Network Manager fails, it is not possible to link this bridge again because of a hanging LLC2 session in status ADM. To clear this session, reload the router. [CSCdj23142]
With APPN/DLUR, caveat CSCdj18360 caused a regression in APPN images, which creates thrashing topology updates (topology war) for any topology with more than one CP-CP session. Cisco recommends that an image containing CSCdj18360 should not be used in an APPN network without also having this fix applied. All APPN images containing CSCdj18360 and not this fix have been deferred as production images. [CSCdj23165]
To avoid getting bad refcount message at the time of router boot. [CSCdj23422]
Under certain circumstances, the router will fail to create a dynamic link station. The workaround is to restart APPN on the router. This is caused by a small buffer leak that occurs for each actpu processed by DLUR. After some time, enough buffers may be lost as to cause session failures and dynamic link station failures due to insufficent buffers. [CSCdj23782]
Len-connection mode of operation on an APPN port is designed to allow len-level connectivity between a DLUR and its downstream devices. Independent session activation (LU6.2) through ports with len-connection fails with the message "no route for session." This problem does not affect dependent session activation (LU 0,1,2 etc). [CSCdj24777]

Interfaces and Bridging

In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory.

: %CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
: A possible workaround is to issue a microcode reload command or load a new system image and corresponding bootloader(rsp-boot-mz...) image that has the fix for this bug. [CSCdj00013]

The probrem occurs when use OIR with any interfaces with a sub-interface, e.g. 4T, 8T, 4E, on 7200 platforms, and is 7200 specific. After the OIR, the communication between two routers is stopped.

: The workaround is to reload the router. [CSCdj02122]

removing 10base/2 cable doesnt change the status of aui port. [CSCdj11247]
The Bridge ID may choose a Cisco random address even for the Ethernet interface which has the MAC address. It mostly happens in the first Ethernet interface. [CSCdj13302]
The VIP PA-4R was bridging frames that were aborted by the sender. The frame is now dropped when the abort is detected. [CSCdj13409]
An ARP/RARP packet is dropped on a Cisco 7000 ISL subinterface. [CSCdj17002]
IEEE spanning tree BPDU's are not recognized by a VIP2 with a NP-4R running IOS 11.1(10)CA or 11.1(11)a. [CSCdj18696]
The FDDI PA versions that support CAM are properly recognized before attempting CAM operations. CSCdi51248 must also include CSCdj23259 to avoid problems with old FDDI hardware. [CSCdj23259]

IP Routing Protocols

Cisco 4500 routers may not correctly policy-route when serial subinterfaces are configured and the fast-switching cache is populated. The workaround is to disable fast switching on all interfaces. [CSCdi86063]
icmp redirect is not sent if icmp type of incoming packet is echo-reply [CSCdj00809]
A router may reload if it receives an ARP request frame from a token ring interface and the frame has been incorrectly formatted as a frame relay ARP. ARP request frames that are correctly formatted for IEEE LAN media will not cause this problem. The only workaround is to remove the station sending the illegal frame from the network. [CSCdj05170]
Under certain conditions a static route with a next hop reachable via a static interface route is not installed in the routing table. [CSCdj08220]
DVMRP routes not preferred in comparison with recursive routes [CSCdj14507]
(S, G, RP) bit prunes not sent in some cases [CSCdj14513]
A locally joined group configured with the ip igmp join-group command may lose its local status if either one of the following occurs:

: 1) the RP which services the group was statically configured with the ip pim rp-address and the configuration is removed and then readded, or 2) the group is deleted with the clear ip mroute command.
: A group is considered to have local status when the "L" flag appears in show ip mroute. If the "L" flag is not set for the Auto-RP Discover group (224.0.1.40), the system will not process Auto-RP Discover packets and will not have the correct group-to-RP mappings. [CSCdj14929]

Changing the ip address or ip unnumbered configuration on an interface will not change the IP address announced in Auto-RP Announce messages. To work around this, deconfigure and reconfigure the appropriate ip pim send-rp-announce configuration command. [CSCdj14930]
An ICMP redirect will not be sent if there is a destination IP address entry in the fast cache. An ICMP redirect is only sent when the packet is process-switched. [CSCdj16708]
Systems to which there are either directly connected sources or receivers or both may inadvertently result in group state becoming sparse, even though ip pim accept-rp is configured to reject the use of a RP for that group. There is no workaround if the group to RP mapping is learned dynamically via Auto-RP. [CSCdj16823]
In some cases a CGMP Join message sent by the system may contain a bogus IP Multicast address. This includes cases where the system has detected a mrouted-capable router on a LAN connected to the interface, and when the system is configured with an ip igmp join-group or ip igmp static-group command on the interface. [CSCdj20903]
The system may erroneously prune a point-to-point input interface if no packets were successfully forwarded out any interface due to IP TTL thresholding, outbound access list control or outbound rate limiting. [CSCdj22078]
There are cases for sparse-mode groups, that an olist interface may get inadvertently deleted from an (S,G) entry. This can happen when the router is on the border between a DVMRP domain and a PIM-SM domain. The situation occurs when a member joins and then leaves group G on the interface where there is a DVMRP neighbor present. This can also occur if a PIM neighbor becomes active and then inactive on that same interface. [CSCdj23572]
Regression bugs found by ARF requre us to do a paritial backout of CSCdi73194 until all regression problems have been found and fixed.

: The following Cisco IOS Releases are affected: 011.001(012.004) 011.002(007.002) 11.2(07.02)P 011.000(016.001) 11.1(12.04)AA 11.2(07.02)F 11.0(16.01)BT 11.1(12.04)IA 11.1(12.05)CA and subsequent versions of those releases until this fix is integrated. Also relevant are other releases where the fix for CSCdi73194 got integrated. [CSCdj31496]

LAT

Illegal LAT STOP slots may be sent if a line is disconnected immediately after initiating a LAT connection. This is more likely to be seen when using protocol translation. These illegal slots cause the LAT virtual circuit to be disconnected, affecting all connections to the host. [CSCdj09876]

Novell IPX, XNS, and Apollo Domain

When two routers are connected to the same destination, outbound IPX fast switching on dialer interfaces does not work on the more recently connected interface. Under certain circumstances a system reload may occur with traceback pointing to ipx fastswitching. The workaround is to turn off fast switching on the DDR interfaces using the no ipx route-cache command. [CSCdi78766]
IPX cache corruption occurs when you have two Fast Ethernets in a VIP carrier (one configured for ISL) connecting to a single server with dual NIC's (different external numbers, same frame type), and IPX max-paths set to 2. A workaround is to disable fast-switching for IPX. [CSCdj17470]
When using weighted fair queueing IP RIP, and IPX RIP/SAP packets may be dropped, this might lead to losses of connectivity if three updates in a row are dropped. [CSCdj18092]

TCP/IP Host-Mode Services

Previously, DLWS connect to a down interface on the peer succeeded. This has been fixed so that a DLSW connect to a down interface on the peer will not succeed. This is the correct behavior. [CSCdj00448]

VINES

When 'no vines time participate' is configured on the router, the router no longer responds correctly to vines time requests. This results in mail messages from clients on serverless segments having timestamps that are 3 hours earlier than the time configured on the router and vines server. [CSCdj13232]

Wide-Area Networking

PPP CHAP authentication has a serious security vulnerability that allows a moderately sophisticated programmer, armed with knowledge of the vulnerability and some basic information about the network to be attacked, to set up unauthorized PPP connections. There is no workaround. Customers who rely on CHAP authentication should upgrade their software to avoid this problem. More information is available on the Worldwide Web at http://www.cisco.com/warp/public/770/chapvuln-pub.shtml. [CSCdi91594]
SegV crash in RSP2.

: This problem causes a crash in situations where SDLLC is used. If a connection comes in over LLC2 for a device configured for SDLC, and the line or station isn't up, or doesn't accept the connection, this crash may occur. [CSCdi92210]

After a data-direct VCC is created, the ATM-SIG input holding value increases. After it is cleared by a timeout, the ATM-SIG continues to hold onto memory, causing a memory leak. [CSCdj02779]
Occasionally, an RSP router running Cisco IOS Release 11.1 would crash with invalid pointers. This problem has not been identified on other platforms or other software releases. [CSCdj17033]
On a 7000 router, the following console messages may be logged:

: %AIP-3-AIPREJCMD: Interface ATM3/0, AIP driver rejected Teardown VC command (error code 0x8000)
: Such error is associated to the AIP not being able to receive packets. It is reproducible only if there are long periods (minutes) where no traffic crosses the ATM interface.
: The workaround is to reload the box or to perform microcode reload. This does not occur on the 7500 family (including the RSP7000). [CSCdj20667]

: "atm multipoint-signalling"
: interface subcommand is currently only available on the main ATM interface. The effect is that signalling behavior, point-to-point or point-to-multipoint, for all clients on all subinterfaces is determined by the command on the main interface.
: Clients on different subinterfaces can have different behavior, specifically 1577 requires point-to-point, and PIM allows point-to-multipoint, the command should be on a per subinterface basis.
: ***************** Special Configuration Note ********************
: Users will have to enable the "atm multipoint-signalling" command on all those subinterfaces which require it. Previously they only needed to enable it on the main interface. [CSCdj20944]

Defect Description:

: Upon bootup, OIR, microcode reload, & cbus complex restarts, the router shows CCBTIMEOUT error messages on VIPs that result in a disabled wedged status.
: Conditions:
: This has been seen to happen with bad PAs and PAs in a "not-ready" state. A PCI access is tried and the PA does not respond thus resulting in CCBTIMEOUTS.
: Workarounds/Fixes:
: Microcode reloads had limited success, but this fix of moving the PMA software fix should take care of the problem. [CSCdj21639]

VIP2 packet bus parity errors are not reported. [CSCdj23431]

11.1(11) Caveats/11.1(12) Modifications

This section describes possibly unexpected behavior by Release 11.1(11). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(11). For additional caveats applicable to Release 11.1(11), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(12).

AppleTalk

When using ARAP on a terminal server users may experience issues with modem answering calls with no connection. Messages similar to the following may be displayed on the console:

: %SYS-2-MALLOCFAIL: Memory allocation of 41394 bytes failed from 0x35DD24E Traceback= 30E83CC 30E94CA 35DD25 35D8CBE 35DCD5C 35D9CF0
: This occurs primarily under heavy load. [CSCdi79459]

The ability to route AppleTalk with EIGRP on the 1005 was present in 10.3 and 11.0 but is not in 11.1. [CSCdj09990]
Memory leak can occur when an ARAP user fails to connect due to initialization failure. [CSCdj14393]

Basic System Services

In RSP-based Cisco routers, a CyBus transaction with bad parity can cause a cache parity exception and system reload. This problem is rare but is more likely to occur in routers that have many active interfaces, each with moderate to high traffic load. [CSCdi47784]
HTTP Proxy Servers and MS Internet Explorer (see CSCdi67032) encode '' as '%5c' when submitting a URL to the router; the router does not decode encoded characters. [CSCdi78160]
The Group-Async command will add a bogus entry into the ifTable. This entry does not reflect what is going on in the async interfaces combined under this group-async command. It applies only to the group-async itself (as in the internal logical structure). [CSCdj00853]
When ntp broadcast client is enabled, packet buffer leaks may occur unexpectedly. Deconfigure the command if this condition occurs. [CSCdj03162]
Telnet packets from an async port will never be larger than 536 bytes. [CSCdj03682]
On RSP systems, when maximum-size MTU packets are received by serial interface processors (including the FSIP, HIP, MIP, POSIP, and serial port adapters on VIPs that forward data to the RSP to be routed), up to 8 bytes of data might be written into the next datagram's packet memory. This could result in anomalous system behavior, including software-caused system crashes and dropped datagrams. This problem is never seen on RSP systems that do not have serial interfaces. [CSCdj08573]
Release-Note:

: The 'copy tftp' command does not appear to work correctly on a router that is running late 11.1(x)CA code. The router on which the command is issued attempts to locate the file from it's own local flash card, without trying to find the TFTP server. This has been verified to affect 11.1(8)CA1, 11.1(9)CA, and 11.1(10-6.4)CA IOS. [CSCdj09479]

A reverse telnet connection to an async line via a raw TCP port (40xx) may result in a 30 second pause before data is passed. Pressing a will bypass the pause, as will using a telnet protocol port number (20xx). [CSCdj11084]
Under certain circumstances alignment warnings may appear when fastswitching with custom or priority queueing enabled.These warnings signal that extra CPU cycles are necessary to process the packet. Despite the warnings, the packet is still switched correctly. [CSCdj12269]
Symptom ------- Under extremely heavy CPU interrupt states a router with FSIP, CT3 or any serial interface may experience the following "output stuck" error message...

: %RSP-3-RESTART: interface Serial12/0/0:28, output stuck %RSP-3-RESTART: interface Serial12/0/0:6, output stuck %RSP-3-RESTART: interface Serial12/0/0:12, output stuck %RSP-3-RESTART: interface Serial12/0/0:2, output stuck
: This is a result of a internal timer utility that can incorrectly return false value under extreme interrupt situations. And that causes transmit-buffers backing-store mechanism faulty declare serial interface "output stuck".
: Conditions ---------- The symptom occurs on Cisco routers in the 7000 family using the CT3 or 4/8 port FSIP cards or any serial interface under IOS version 11.1(10)CA, 11.1(11), and 11.2. It only observed under oversubscribed traffic load.
: Workaround ---------- Configure interface to FIFO queueing via the no fair-queue command.
: The command transmit-buffers backing-store is on by default when an interface is configured for weighted fair-queueing. If the interface command no fair-queue is used which changes the queueing strategy to FIFO then transmit-buffers backing-store is off by default. [CSCdj12815]

Even if the rlogin command command has its privilege altered to level 0, it will still be treated as though its privilege level is 1 by AAA command authorization. [CSCdj14206]
Release-note:

: Configuring a byte-count larger than 65535 for a custom queue does not work correctly. When a value larger than 65535 is used the resulting command in the configuration will not display the value which was set for the queue. [CSCdj14347]

IBM Connectivity

When certain flow control situations occur between LLC2 partners, a message indicating that the T1 timer should be increased is printed. This is usually misleading. When the message is printed, the retransmission cycle is delayed by a T1 interval. This is wrong, and may lead to delays. This fix corrects the problem. [CSCdi84471]
Source-route bridging over FDDI may not be passing all frames following the spanning or all-routes explorers. This problem occurs in Release 11.2(9). A workaround is to run Release 11.1(8)CA1. [CSCdi92160]
Configuring direct frame-relay on one remote peer and promiscuous on the other peer, results in peers coming up as Direct Fr on one and Direct Serial on the other. [CSCdi92441]
The DLUR router should not tear the downstream link down when it receives a dactpu "not final use" for the downstream pu. [CSCdi92973]
When both BNN and BAN sessions are configured on the same SLDC interface, all sessions will come down when the user deconfigures the BAN sessions. This is disruptive to existing BNN sessions.

: The fix corrects the deconfiguration by only taking down BAN-SDLC sessions. Testing the changes are straightforward. Do the BNN-SDLC sessions stay up when deconfiguring BAN? Test results prove that they do. [CSCdj00497]

A router configured for DSPU may crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdj02005]
Original complaint:

: The value returned from an SNMP get for the oid:
: .iso.org.dod.internet.private.enterprise.cisco.ciscoMgmt.channel. cipCard.cipCardTable.cipCardEntry.cipCardEntryCpuUtilization (.1.3.6.1.4.1.9.9.20.1.1.1.5)
: is a constant 89 (also observerd was the value 90), regardless of the real CIP CPU utilization. The 'show controller cbus' command can be used to retrieve the real CPU utilization on the Channel Interface Processor.
: Fix provided:
: The SNMP MIB has been enhanced to return the CIP Load Metrics for CPU Load, DMA Load, and Channel Adapter Load. The old value for CPU Utilization is retained but has been marked in the MIB as deprecated. The MIB was also brought up to date with respect to the reporting of Broadcast Enable and Row Status for the CIP Claw Config. [CSCdj04309]

When the first connection to an SDLC-attached OS/2 system in a FRAS BNN environment fails, a successful connection can be made only by issuing the shutdown and no shutdown commands on the router's SDLC interface. [CSCdj04321]
The 'sh appn sessions' command only displays one path between a CP-CP pair even though the 2 sessions can be running over 2 different paths/TGs [CSCdj04484]
IOS improperly ignores IPX SAP packets received from a VIP/4R token ring interface if the SAP packets have a destination MAC address of "all stations broadcast" and a RIF (routing information field). [CSCdj04552]
RSRB lack was wrongly freeing a packet if RSRB local-ack state ever enters a busy/await state. The traceback would only occur, if there are packet drops or congestion, since then this path would be executed, wherein the rsrb lack code frees the packet that llc2 code has already freed. [CSCdj05810]
Packets with the TRACE_ORIG bit set will not be forwarded. The problem can be seen when the Lan Manager trace function is enabled on the end station.

: This problem can prevent session establishment. [CSCdj05978]

When running DLSw remote switching on 7200 alignment errors may be seen. [CSCdj06022]
This DDTS has the following changes implemented. 1. An idnum/idblk(adjacent node id ) information field was added to the sh appn link deta command. The output of sh appn link deta will now be:

: ibm3-4kb#sh appn link deta Number of links 1
: 1>Link name LNK02 Port name T1 Interface name TokenRing1 Destination DLC address (remote SAP) 0000.302C.292F (04) Link activated Remotely Link state Active * Adjacent Node Id X'ABCDEFAB' Deactivating link No Max send frame data (BTU) size 4096 Adjacent node CP name CSCO.CP Adjacent node type Network node CP-CP session support Yes Link station role Secondary Line type Shared access transport facility Transmission group number 21 Effective capacity 16000000 bits per second Cost per connect time 0 Cost per byte 0 Propagation delay 384 microseconds (local area network) User defined parameter 1 128 User defined parameter 2 128 User defined parameter 3 128 Security Nonsecure
: 2. The sh appn link will now have two additional filters xid and cpname.
: ibm3-4kb#sh appn link ? show appn link-station [filters] [brief|detail] brief Show brief APPN link station information * cpname Show specific appn link stations by CP name detail Show detailed APPN link station information name Show specific APPN link stations by link name port Show specific APPN link stations by port name * xid Show specific APPN link stations by idnum/idblk
: ibm3-4kb#sh appn link xid abcdefab Number of links 1 APPN Logical Links Link Name State Port Name Adjacent CP Name Node Type --------- -------- --------- ----------------- ------------ 1> LNK02 Active T1 CSCO.CP Network Node ibm3-4kb# [CSCdj07270]

The show appn dlur-lu and show appn dlur-pu can fail to filter out the correct lu the user is looking to display. The symptom is no matches will be found even though the filter should have matched. [CSCdj07924]
When running APPN/DLUR, if the downstream device has a different netid from the netid specified on the APPN CP name, the binds for the dependent sessions will fail. [CSCdj08190]
Details:

: The router crashes when either a no fras backup dlsw ... or no fras backup rsrb ...
: command is issued ONLY WHEN the backup code is invoked. For example, when the serial line to the FR cloud is lost, and backup is configured.
: When the no backup command is invoked, the cleanup for the backup functions are invoked. The bug in the code is that the backup function removes the lan-cep, instead of the backup-cep. When the lan-cep structure is referenced, the structure is garbage, and the router crashes.
: No workaround at this point in the code. [CSCdj08577]

APPN/DLUR downstream PU may get stuck in a "stopping" state in a timing situation when a dactlu is outstanding to a downstream PU and the the PU disconnects. After this point, the PU may no longer be able to connect. [CSCdj08833]
In some circumstances, specifically when DLSw is required to verify the NetBIOS reachability cache entry, there may be a 1 second delay before a NetBIOS FIND_NAME is forwarded to the LAN interface. [CSCdj09865]
A DLUR router (which has PU2.0 pus connecting in) may try to start the dlur/dlus pipe connection repeatedly, instead of waiting 30 seconds (default) between attempts. This condition may occur if ANS=CONTINUE is coded for an nsp pu, and the host link is stopped. [CSCdj10157]
Buffer leak causes crash when NSP is used over DLUR. [CSCdj10387]
The DLUR router may send a corrupt APPC frame to a DLUS if a timing window is hit when accessing multiple DLUSs. This problem may occur if there is both a primary and a backup dlus configured and at least one pu that cannot get in to the primary dlus (pu inactive) while other pus are active with the primary dlus.

: This problem may cause vtam to refuse to activate subsequent dlur/dlus pipes for all dlur NNs. "/d net,dlurs" shows the dlus conwinner state as reset and the conloser as active.
: The workaround is to prevent the dlur router from sending this corrupt frame is to reconfigure the DLUR routers without a backup dlus coded. [CSCdj10485]

Running dlsw and rsrb in the same box with lan mgr can cause disruption of lan mgr on the rsrb connections. [CSCdj11691]
Under certain circumstances, particularly when there is race condition due to different link speeds between downstream and upstream routers, certain UNBINDs are not getting to the router of a lower speed link. This causes subsequent session failure with sense code LFSID_IN_USE. [CSCdj12673]
Unable to enter de as valid sdlc address in sdlc dlsw command. Conflicts with sdlc dlsw default. [CSCdj13052]
Any existing sessions or circuits over the backup peer will be brought down immediately after the primary peer is up. This occurs even though the backup peer linger timer has been configured for a higher value. [CSCdj13159]
On the 11.1 version, "clear dlsw" command works the same as at the enable mode. [CSCdj13728]
Using QLLC/DLSw+, QLLC connections fail to be established when non-default saps are used. [CSCdj14080]
When issueing a vary inact,giveback to a DLUR served PU (or entire DLUR), the DLUR will put the PU in timer retry and may retry the original DLUS instead of retrying the next-best dlus. [CSCdj14214]
DLSw searching remote and local behavior was observed in Cisco IOS Release 11.1(11). A workaround is to not allow CUR frames to go from hub router to the peered (remote) router. [CSCdj16711]

Interfaces and Bridging

Translational bridging to frame-relay ietf and cisco will fail ONLY on MIP interface on rsp ONLY due to incorrect datagramsize calculation in the translation to MIP encapsulation output. There is no workaround for this. [CSCdi86940]
OIR removal of a FIP from one slot into another will cause the FDDI to permanently remain in DOWN/DOWN. A reload is needed to get it up. OIR removal and putting it back into the same slot works fine. [CSCdi87221]
Under heavy load condition it is possible for the keepalive timer to go off and cause resets on the token ring interface. [CSCdi88713]
(1) The config command no exec-banner should suppress both the two banners: exec banner motd banner on all the following interfaces CON, AUX, vty sessions, async lines

: However, this is not true when you reverse telnet to any of the async lines. In other words, if you config the async line to be no exec-banner
: then you reverse telnet to this async line, then you will see the MOTD banner in addition to the INCOMING banner.
: (2) A new configuration command [no] motd-banner has been created to suppress the display of MOTD banner. The default is always to display the MOTD banner. This configuration command works for all the following interfaces: CON, AUX, all vty sessions, and all async lines. [CSCdj00076]

Async controller hang and causes four modems to go into hang state [CSCdj01441]
On the Serial interfaces MK5025, HD64570 and CD2430, the debug command 'debug serial interface' shows the up/down status of only the input signals.

: The assert and deassert of any output signal are not shown. [CSCdj05352]

I have to add sth. to release-note to commit the fix to 11.1 throttle.

: This is a vLAN problem, starts from 11.1. [CSCdj08697]

A problem occurs when the VIP2 FIFO buffers overflow, causing a write of data to SRAM to fail silently. This may cause a number of protocol-related failures including, but not limited to, TCP checksum errors and other possible packet data errors. This problem is not limited to any particular network configuration, traffic load or other specific circumstances.

: The solution to this problem involved a change to the PCI bridge parameters to avoid VIP2 FIFO buffer overflows. There is no manual avoidance - all customers using VIP2 products are strongly encouraged to upgrade to an image containing this solution. Refer to "Field Alert: VIP2 Cisco Software Release Deferrals" for image availability and additional information. [CSCdj08722]

When the 90-compatible OUI is used on a 'source-bridge transparent' statement, the command is accepted and translational bridging operates correctly. A display of the configuration shows the OUI option as '90compat' instead of '90-compatible'. If the router is reloaded, an error message is generated pointing to the 'c' in '90compat' and the resulting configuration does not have the 'source-bridge transparent' command included. If the command with the 90-compatible OUI is configured again, normal operation is restored. [CSCdj09688]
Low-speed sync/async ports are unable to receive packets with size greater than 1500 bytes. The workaround is to set the MTU on both sides of the link to less than 1498. [CSCdj11304]
When a serial is configured as half-duplex a 4000 series, but that some other serial used in full duplex is shut/no shut, then a cisco router may happen to appear totally non responsive. A power-cycling of the router is required. [CSCdj13056]

IP Routing Protocols

cpuhog and traceback generated when 'wr t' is executed [CSCdi48656]
Systems running OSPF might experience a software-forced crash. There is no known workaround. [CSCdi81510]
When using PIM nbma mode in certain configurations, some interfaces will not be populated in the outgoing interface lists upon receipt of sparse-mode joins. [CSCdj01906]
Removing the RIP routing process via the no router rip command produces tracebacks. [CSCdj02661]
A router running BGP4 may, under unusual circumstances, advertise it's router ID as 0.0.0.0.

: This condition will cause other routers to not form a new neighbor relationship with the offending router.
: The problem can be cleared by reloading the router. [CSCdj04131]

BGP routers with many peers and many possible alternative paths can have a severe memory fragmentation. The symptom of this is a very small largest free memory block, as can be seen in the last field of the output of show memory command. [CSCdj08054]
Router restarted by unexpected interupt at ospf_if_get_def_type_cost. [CSCdj08125]
The router may reload when removing OSPF from the configuration. [CSCdj09036]
static routes entered in the form:

: ip route
: may not appear in the eigrp topology table .
: The routes can be 'recovered' (reinstalled in the topology table) by either using or by unconfiguring the redistribution and configuring it again.
: In the first case (), the routes go away again after a short time. In the second case, the routes are present in the topology table for a longer period, but eventually go away too. [CSCdj09571]

PIM RP Reachable packets are unexpectedly ignored if the input interface on the (*,G) entry is empty. As a result, the RP for the group may never be learned. Issuing a clear ip mroutegroup to clear the entry should restore RP information for the group. [CSCdj11339]
In a Router with a Simplex interface configuration, IP route cache in invalidated on the RECEIVE interface only. The IP route cache should also be invalidated for the TRANSMIT interface. [CSCdj11960]
The reception of a DVMRP Graft for a group for which an administrative multicast boundary has been defined may unexpectedly halt the system. [CSCdj12029]
A multicast boundary on the incoming interface does not stop the router from giving packets to its local process, although these packets can not be forwarded out any interface due to this boundary. [CSCdj12030]
The ip nhrp map destinationIP NBMA address command on tunnel interface is incorrectly parsed to add unnecessary IP mask. The workaround is to always specify the mask and reenter ip nhrp maps without masks. This caveat exists in all IOSs since 10.3(10.3), 11.0(7.1), 11.1(2.0.1) and 11.2(0.1). [CSCdj13220]
When an RP mapping agent is configured on a border router, an administrative boundary is usually set up on the external link for group 224.0.1.40 (CISCO-RP-DISCOVERY). In the absence of a properly configured TTL-threshold on that link, the RP-discovery packets can leak out across the administrative boundary. [CSCdj14326]
Issuing a no ip pim send-rp-announce interface when interface does not have an IP address and is not unnumbered may halt the system. Workaround is to either assign an IP address to the interface or make it unnumbered before issuing the command. [CSCdj14928]
Lower distance DVMRP route does not override previous route [CSCdj15445]
Configuring ip igmp query-interval0 on an interface will hang the system. To avoid this problem, never configure a query interval to be less than 1 second. [CSCdj15467]
Use of the now outdated mrbranch and mbranch commands on a router not configured to run multicast can cause alignment errors and even crashes. Workaround is to avoid these commands.

: -Chris [CSCdj16450]

DNS names are not accepted for the source address supplied in clear ip mr.

: -Chris [CSCdj16696]

After OSPF received a its own router LSA from its neighbor and that LSA has a higher sequence number than the one OSPF have currently, it is possible for OSPF to corrupt its router LSA for at most 5 sec (the minimal interval between LSA generation). If this corrupted LSA is sent to other neighbor, and the neighbor would generate OSPF-4-BADLSATYPE message about bad LSA checksum. This is no workaround but the corruption will be corrected when the next router LSA is created within 5 sec. The same problem can happen with network LSA too. [CSCdj16784]

Novell IPX, XNS, and Apollo Domain

When enabling or disabling IPX routing interface resets are done, this may cause disruption of some services in particular on token rings. [CSCdi17856]
If IPXWAN is configured and the remote router is configured to allow IPXWAN Client mode the local router will reset the link upon receiving the IPXWAN Timer Reuqest. IPXWAN debugging will show "IPXWAN: Rcv TIMER_REQ reject Router asking for Client mode". The workaround is to disable IXPWAN Client mode negotiation on the remote router. [CSCdi93285]
When trying to stop ipx sap updates from going out ipx-eigrp the distribute-sap-list command does not stop the saps when the filter is applied [CSCdj09678]
Under certain circumstance alignment warnings may be reported in conjunction with CDR and IPX RIP. [CSCdj09921]
distribute-sap-list command doesn't work when used to filter saps into a ipx routing protocol instance. This could be workarounded by filtering the same saps when they get redistributed, using distribute-sap-list out command. [CSCdj15889]

Protocol Translation

Systems doing vty-async protocol translation of SLIP or PPP over X.25 may unexpectedly restart when the incoming connection is closed, due to a race condition. This problem was introduced in 11.1(10.4) and 11.2(5.1). [CSCdj15471]

TCP/IP Host-Mode Services

A TCP packet still in use may accidentally get freed in IP when the packet is going out a Frame Relay interface on which TCP header compression is configured. When this happens, the following messages are logged on console:

: Mar 19 08:41:23: %TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 -Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C Mar 19 08:41:50: %X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted Mar 19 08:41:52: TCP0: extra packet reference for pak 0x60A031D8 found: Mar 19 08:41:52: %TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 -Process= "TCP Driver", ipl= 0, pid= 26 -Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4 [CSCdj06781]

Memory allocated for a new TCP connection will not be freed after receiving an ICMP unreachble if the new connection has it's own listeners for processing of incoming connections. [CSCdj07761]
Cisco boxes running small numbers of outging telnet sessions (ie being used as terminal servers) will show unexpectedly high CPU utilizations. This is somewhat an artifact of the way CPU usage is measured, and not cause for too much concern. This is a regession introduced in 11.1(10.3) and 11.2(5.1) [CSCdj11528]

Wide-Area Networking

When using Frame Relay IETF encapsulation, bridging fails for Token Ring-to-serial-to-Token Ring connections. [CSCdi70653]
We verified that 11.1.6 + rsp_aip205-5 does now correct traffic shaping. However there are still 2 issues: - The sho int atm reports traffic without this traffic shaping (which is therefore totally incorrect) - There is nowhere an indication of packets dropped/ignored due to this traffic metering/shaping [CSCdi72246]
When running over X25, ISIS should extract the called X.121 address and use it as the SNPA. If the x25 suppress-calling command is configured on the router, ISIS does not seem to find any called address, nor can it find the SNPA. Apparently, the routine that extracts the X.121 address fails if the calling address is not present. [CSCdj00315]
The problem described by this DDTS and duplicates CSCdj02168, CSCdj07119, CSCdj08187 and CSCdi82010 results on AS5200 platforms in hung calls, ISDN data structure memory leaks and inability to either call out or accept incoming calls.

: Other ISDN platforms are affected largely by that described in CSCdj07119 or CSCdi82010 depending upon their particular ISDN usage characteristics. [CSCdj05355]

Deleting a subinterface causes the main interface and associated subinterfaces to vanish from the configuration. This happens when the main interface uses Frame Relay encapsulation and is a member of a channel group. A workaround is to re-create the main interface by issuing the interface serial command. [CSCdj05415]
For TS014 (Australia, PRI) switchtypes: When a clear collision occurs between the CE and the network simulteneously transfering a DISCONNECT message specifying the same call, the call is not properly cleared. Neither side sends the RELEASE message to release the call, and hence the call reference and the associated call control block (CCB). [CSCdj06157]
Router reacts incorrectly to REJ frame. It seems we need a REJ frame with the P-bit set to send the requested frames. Furthermore, frames seem to be queued and sent twice. [CSCdj08607]
ISDN PRI for Hong Kong needs some Layer 3 fixes to pass the NET5 homologation tests. [CSCdj09573]
A router may reload without producing a stack trace or otherwise behave unpredictably on routing an X25 call that contains 16 bytes of Call User Data. There is no known work-around. [CSCdj10216]
The number of available B channels is incorrectly incremented by the total number of B channels per interface whenever the controller or the interface is reset. This results in dialer attempting to place calls incorrectly on resources that are actually inuse. [CSCdj11181]
The Broadband Send Complete IE is processed incorrectly. This could cause interoperability problems with public networks is the IE is used. [CSCdj11953]
In X25 over TCP (XOT) configuration, Call Request packets with the delivery confirmation bit (D Bit) set are forwarded to a serial interface with D bit reset set to 0.

: This could cause some problems in X25 hosts which require the D bit to be passed during the call setup phase.
: This behavior is not see in software releases of 11.2(4)F and above. [CSCdj12847]

When using LAN Extender (LEX) devices on Cisco 7500, Cisco 4500, Cisco 4700, or Cisco 7200 systems, you may see a SPURIOUS error message. The LEX Host router may also crash if the LEX inteface is not bound to any serial interface. [CSCdj13342]
When the router receives an incorrectly formed LCP NAK frame, a 'software forced crash' may occur. The actual problem is in the peer PPP software, but IOS will be enhanced in a future release to handle such frames. [CSCdj15209]
Unicast routed packets sent on BUS are throttled to 10 frames per second. [CSCdj15327]
Release-note The router is crashing with "System was restarted by error - Software forced crash, PC 0x1E8E76". When decode the stacktrace results are :_crashdump, _process_suspend ,_process_may_suspend_inline, _process_may_suspend, _doprintc, _doprnt, _printf ,_frame_relay_map_delete _fr_clear_dynamic_entries. [CSCdj15399]

11.1(10) Caveats/11.1(11) Modifications

This section describes possibly unexpected behavior by Release 11.1(10). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(10). For additional caveats applicable to Release 11.1(10), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(11).

Basic System Services

When running the TN3270 client to a slow TN3270 server, the router might reload. The following error will be seen on the console or in the logs prior to the reload:

: %SCHED-3-PAGEZERO: Low memory modified by Exec
: Issuing the show version command after the reload displays the following:
: System restarted by unknown reload cause - ptr to non-ascii bytes 0x4 [CSCdi73404]

When using RSP code with HIP, TRIP, or FIP interfaces, and when the MTU is larger than 4096 bytes on TRIP or FIP interfaces or larger than 8192 on HIP interfaces, there is a rare chance that a system error might occur. When this happens, the error message "CYBus error 8" or "CYBus error 10" is displayed. [CSCdi75522]
Modem reset script will not run after PPP sessions if the user exits gracefully. If user exits by quitting his application, or if the sysadmin clears the line, the script runs. When the script doesn't run, the line stands about a 50% chance of being un-useable by subsequent callers. [CSCdi78178]
If the IP address on one or more interfaces is changed, NTP may continue to use the old address as the source address in packets sent to some peers. The workaround is to deconfigure and reconfigure any "ntp peer" or "ntp server" statements after changing interface addresses. [CSCdi84318]
Symptom: Packets are not switched over a GRE Tunnel.

: Condtions: This could occur when access-lists are applied to the input interfaces.
: Workaround: Disable access-lists on the input interfaces or add the tunnel source address to the access-list.
: Problem Description: It is possible, after an incoming packet has been encapsulated for a tunnel, that an access-list check could prevent the packet from being switched. This is caused by the access-list checking the new source of the tunnel packet, resulting from the encapsulation, against the interface the packet arrived on. This issue has been corrected. [CSCdi87500]

A memeory leak was introduced whenever Tacacs+ was enabled. The memory is released to the exec process as seen on the sh memory. The leak does not appear in 11.0.9 only 11.0.10 and above. [CSCdi89479]
When enabling ip accounting on a tokenring interface configured for optimum or flow switching, the customer encounters %ALIGN-3-CORRECT errors. [CSCdi92814]
The Network Time Protocol (NTP) will not respond to packets sent to an address defined with the Hot Standby Routing Protocol (HSRP).

: There is no workaround to this problem. [CSCdj00240]

The copy tftp flash is not using as source ip address the ip address configured with ip tftp source-interface. Other commands like copy running-config tftp use the correct ip source address. [CSCdj00334]
Release-Note

: The reason that the 'hold-queue out'command is not accepted is that the output interface is configured for fair queueing. Fair queueing is the default queueing mode for low-speed (<2Mbps) serial interfaces.
: The 'hold-queue' command is intended to configure the number of output hold queue buffers for FIFO (or FCFS) queueing. It has no meaning in the context of fair queueing. So the (intentional) design was that this command would be ignored when fair queueing was enabled.
: When fair queueing has been configured, you may use the 'fair-queue' command to control the number of ouptut buffers which may be used by fair queueing. [CSCdj01870]

Under unknown circumstances, the router may restart due to a Bus Error. This defect will be fixed in a future release of IOS. [CSCdj02493]
Telnet sessions can pause for up to 20 seconds. To interrupt the pause, press any key. [CSCdj06450]

DECnet

When DECnet is configured on the ATM interfaces, the routing updates may not be received properly by the routers. This is due to the size of the packet being larger than the expected value. This will be fixed in the next maintenance release. To get around the problem, turn off DECnet on the ATM interface and configure DECnet again. [CSCdj04027]

EXEC and Configuration Parser

The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software as is available with the enable password. Take care when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, and user IDs and passwords before sending. [CSCdj06881]

IBM Connectivity

On very rare occasions, issuing the command show source can cause the IOS software to reload. [CSCdi35216]
This crash is caused by the SP microcode on the C7000 whereby a buffer copy by the SP makes the RP wait too long and it takes a bus error.

: There is precedence for this problem and the fix is to lower the size of the block of data being copied at any one time. [CSCdi77785]

This DDTS corrects a problem with STUN TG. If multiple SDLC INN links are used between FEPs, then it was possible for the first nine messages to be lost when the links were deactivated and reactivated again. [CSCdi83119]
When source-route bridging is enabled on a Cisco 7500 router in a Token Ring environment, if the router receives a packet that is to be routed but that contains a RIF, the router misclassifies the packet, treating it as a source-route bridge packet, which causes it to be discarded. This may cause intermittent failures of routed protocol sessions. There is no known workaround. [CSCdi87321]
Router gets 'System Restarted by bus error' message when removing the Frame Relay interface cable from the router serial port on a router configured with ISDN backup. [CSCdi87777]
When configuring IPX routing, a serial interface running BSTUN was put into a down state and then came up again. Restarting the host session brought the end-end connection back up. [CSCdi89005]
QLLC tries to activate an LLC-2 session to the host after receiving a RESET with a cause of NETWORK_OUT_OF_ORDER or OUT_OF_ORDER. [CSCdi90114]
The DLUR router may start failing to establish new lu lu sessions after hitting a race condition during session activation and deactivation. Messages similar to the following may be displayed on the router console when attempting to start new sessions. APPN must be stopped and restarted to clear the problem.

: IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5 %APPN-0-APPNEMERG: Assertion failed in ../scm/xxximndr.c at line 158 -Process= "xxxims00", ipl= 0, pid= 58 -Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4 [CSCdi90117]

APPN ping does not return to the router command prompt. Instead the user must press enter. [CSCdi90959]
When running DLSw+/LLC2 over FDDI, when an REJ frame is received from an FDDI end station, the router sends a corrupted retransmitted I-frame. The last byte of the SMAC gets replaced by the DMAC value. [CSCdi91063]
When an end station caches rif's that it learns from broadcasts or when there are duplicate mac addresses on each side of the DLSw cloud, DLSw will local switch circuits between 2 local srb capable interfaces. This degrades srb performace. [CSCdi91204]
When VTAM switched major node PU is deactivated while running NSP(with VDLC port) via DLSW, the router NSP connection does not come up again. This will require de-configure and re-configure the NSP on the router in order to get the connection to come up. [CSCdi91310]
A router configured for DSPU may crash with the error "Software forced crash, PC 0x31598BC" if end stations are continually activating and deactivating. [CSCdi91368]
When using LAN Net Manager, the LanSuppManager process may cause the router to run out of memory if the router is receiving UI-frames destinated to sap 0xF4 and sourced by another sap. If the router runs out of memory it may reload or pause indefinitely. [CSCdi91571]
The router might crash if you enter the debug source error, debug llc2, or debug local command. [CSCdi92503]
When running DLSw+ local switching from SDLC/QLLC to Token Ring/Ethernet, if the XID negotiation is delayed or ends abnormally, a memory leak may occur. [CSCdi92511]
Removeing dead peers bu the config comamnd 'no source-bridge remote-peer...' can sometimes cause the router to crash, if that peer is trying to open up. [CSCdi93052]
If you configure more than 8 digits on the xid-snd parameter for a dspu host command, or more than 8 digits on the xid-rcv parameter for a dspu pu command, then the system reloads. Note that the maximum valid length for an XID is 8 digits, and is accepted without problem. [CSCdj00228]
APPN End Nodes with the duplicate CP name will not be able to establish link to the Network Node. This ddts will add a configurable override on the port that ignores cpnames on inbound xid3 and instead treats them much like pu2.0s... with a dynamic cp name generated from the dynamic LS name. [CSCdj01044]
When ruuning dlsw on a 7500 with 11.0(13) it is posible for entries in the reachabilty cache to stay in a searching or found state beyond the default 16 minute timeout. If you enter this condition issue a "clear dlsw reach" command to clear the entries. [CSCdj01288]
The SDLC output queue can get stuck if the sdlc line-speed command is not set or if it is set to an incorrect value. The symptom is that the router stops sending SDLC frames out the serial interface, resulting in SNA session drops. The interface needs to be recycled or reset to clear the condition. The workaround is to configure the sdlc line-speed parameter to be equal to the actual line speed being used. [CSCdj01434]
The Cisco 2520, 2521, 2522, and 2523 routers may report SDLC abort frames on low-speed ports that do not get reported on the high-speed ports or other platforms. This is because the low-speed ports count all aborts and the high-speed ports and other platforms count only aborts that are longer than 2 bytes. This is cosmetic and does not result in retransmitted frames. There is no performance impact. It is merely an indication that the transmitting device is sending erroneous bits after the trailing flag. These bits are simply ignored. No workaround is necessary. [CSCdj01488]
Currently, the APPN/DLUR subsystem can only access 64M of main memory. With this fix, the upper bound and default maximum memory will be changed to 128M. [CSCdj01587]
The router can only backup 1 BAN session over dial back up over RSRB. [CSCdj02136]
A race condition may occur during session cleanup which causes the DLUR router to crash or display a "Mfreeing bad storage" message for the "psp00" process. [CSCdj02249]
DSPU/VDLC may not reconnect to the host if the switched major node is brought down and then back up. Work-around is to manually bounce the VDLC connection with the "no dspu start/dspu start" configuration commands. [CSCdj03475]
When the user gives the "show fras" command, it might sometimes reload the router, if there are sessions trying to come up, or there are sessions going down. [CSCdj03482]
Release-note: This DDTS adds handling for frame-reject SDLC frames. When the router is configured as SDLC primary, and the secondary device is configured as switched, then if the router receives a frame reject in response to XID, it will send an SDLC disconnect to reset the secondary devices SDLC state. [CSCdj03735]
Exclusively configuring DLSw+ with the icanreach netbios-name command prevents some applications, including Microsoft Windows applications, from making NetBIOS connections. The workaround is to add as asterisk (*) to the end of the NetBIOS names configured with the icanreach netbios-name command. [CSCdj04936]
SDLC on serial interface(s) s2 though s9 on a 25xx router will use a shared trailing and starting flag between frames. This is valid SDLC, however, some older equipment does not operate with shared flags. The symptom is that some frames will be ignored by the receiving station, resulting in retransmissions and poor performance. The workaround it to configure transmitter-delay 2 on the interface. This will cause the router to include separate trailing and starting flags between frames. [CSCdj06044]
The LSAP parameter is incorrectly set to 0 on the SNA HOST, DSPU HOST and DSPU PU commands when the DLCI parameter (i.e. Frame Relay) is also used. [CSCdj06152]
Dlsw circuit is staying in a remote_resolve state. This is an uncommon state for dlsw to stay in, if you encounter this do a dlsw disable and then re-enable dlsw and this will correct the problem [CSCdj07098]

Interfaces and Bridging

7500 in transparent bridging environment suffered memory fragmentation such that the largest available memory block was 120k. [CSCdi67513]
When TRANSIT FAST bridging from frame-relay ietf (rfc1490) atm(rfc1483) or smds encapsulating FDDI or token ring MAC packets (ethernet not affected) TO a process switched bridging mode (X25, ppp, isdn, atm_dxi (a frame relay derivative)), the FDDI or token ring MAC packet address structure will become corrupted (byte shifted) in the transition on the bridge translation resulting in bridge table and packet data corruption on this bridge transition (on the process switched link). Bridging the other way (slowswitch TO frame-relay ietf, atm, or smds) has always worked properly. There are no workarounds to this specific issue, but user may consider bridging FROM atm, frame relay, or smds TO another fast bridged wan link (such as atm, frame relay, or hdlc) instead of a process switched bridge mode.

: Note: In 11.0 smds is process bridged on input to bridge and therefore does not exhibit issue (but in 11.0 still issue for frame_relay ietf and atm) [CSCdi71927]

SMDS interfaces use buffers from the Very Big Buffer pool and will have 1/4 the number of buffers as other serial interfaces using different encapsulations. This may cause input drops. As a workaround, you can manually tune the number of very big buffers and the number of permanent buffers for the serial interface. [CSCdi75945]
A 4000 series Fast Ethernet Network Processor Module (NPM) does not respond to its virtual MAC addresses. This makes HSRP fail. [CSCdi80641]
When a router is configured as a RARP server and is also configured for transparent bridging on the same interface, the router does not respond to reverse ARP requests.

: After the fix, the router box can provide RARP service if configured as a RARP server regardless of it's being configured as later 2 bridge only [CSCdi83480]

There appear to be situations where HSRP running on VIP-Ethernet fail to result in an active router at some times. While CISCO is exploring the source of this problem we are recommending that customers use the "use-bia" option as well as removing the use of the preempt feature if this problem is experienced until this problem is resolved. CSCdi85537 corrects the limitation where you should not use preempt with use-bia. [CSCdi83940]
7200 configured for HSRP on ethernet interface may send duplicate packets out the interface. [CSCdi85866]
ISL subinterface can not be set arp timeout. "sh interface" shows always 0 which means never age-out. This means it is going to be memory resourse problem. [CSCdi86434]
When a FIP FDDI interface is under very heavy load, the FIP may not reply to queries resulting from 'show controller fddi' or 'show interface fddi' commands soon enough, causing a command timeout, causing the software to unnecessarily reset the FDDI interface. [CSCdi87020]
7200 with 4T serial port adapter doesn't handle eia leads properly. The interface only goes down if both DCD and DSR are down. [CSCdi90896]
As system resources become maximized FDDI interfaces stop accepting multicast packets. [CSCdi92156]
Packets destined to the HSRP virtual MAC address will not be routed if received on a 802.10 sub-interface. [CSCdj01435]
When configuring IPX routing, a serial interface running BSTUN was put into a down state and then came up again. Restarting the host seesion brought the end-end connection back up. [CSCdj02488]
Transparent bridging may cause high CPU utilization in 11.1(8) IOS. A SHOW ALIGN can be used to confirm whether large 'counts' of alignment errors are the source of the problem. The SHOW ALIGN will also yield TRACE information which can be decode to determine the source of the problem. [CSCdj03267]
802.10 encapsulation does not work over serial interface as it should be for 7500 and 7000 platforms. [CSCdj04777]
A Cisco 7500 series router may report spurious errors such as the following:

: *Dec 20 06:53:08: %RSP-3-ERROR: CyBus0 error 78
: *Dec 20 06:53:08: %RSP-3-ERROR: invalid page map register
: *Dec 20 06:53:08: %RSP-3-ERROR: command/address mismatch
: *Dec 20 06:53:08: %RSP-3-ERROR: invalid command
: *Dec 20 06:53:08: %RSP-3-ERROR: address parity error
: *Dec 20 06:53:08: %RSP-3-ERROR: address parity error 23:16 1, 15:8 1, 7:0 1
: *Dec 20 06:53:08: %RSP-3-ERROR: bus command invalid (0xF)
: *Dec 20 06:53:08: %RSP-3-ERROR: address offset (bits 3:1) 14
: *Dec 20 06:53:08: %RSP-3-ERROR: virtual address (bits 23:17) FE0000
: *Dec 20 06:53:09: %RSP-3-RESTART: cbus complex
: or
: 09:53:32.607 EST: %RSP-3-ERROR: MD error 0080008030003000
: 09:53:32.607 EST: %RSP-3-ERROR: SRAM parity error (bytes 0:7) 0F
: 09:53:33.363 EST: %RSP-3-RESTART: cbus complex
: CyBus errors similar to the above errors have two known causes. If there are HIPs in the router and on the bus reporting the CyBus error, a race condition may exist with the HIP microcode on an oversubscribed bus. The workaround on dual-CyBus platforms is to move all the HIPs onto a CyBus that is not oversubscribed.
: The errors can also be caused by the failure of a marginal CI arbiter board or an RSP board. As a result of this problem, all interfaces are reset, causing forwarding to be stopped for a few seconds. [CSCdj06566]

SMDS transparent bridging to process path (ie X25, PPP) never worked until my fixes for CSCdi71927. But CSCdi71927 uncovered a PRE-EXISTING "hidden" bug for transparent bridging for packets to the process level, that would fail to swap a encapsulated fddi mac address for packets destined to the process level ONLY if smds transparent bridging was deconfigured on the interface AND another transit wan bridge encapsulation (ie ppp) was reconfigured WITHOUT a reload OR another transit wan bridge encapsulation was configured also on the router on another interface. This issue, while internal to the code before CSCdi71927, does NOT exhibit its symptoms as described above until the CSCdi71927 commit, and in many practical applications (ie bridging all done in the fastpath) these symptoms will not arise. [CSCdj07756]

IP Routing Protocols

Problem sympton: snmpwalk self looping on bgp table entries on 3000 running IGS-IN-L 11.0(9).

: Resolution: Modified iprouting on bgp.c and Reset peer_addr only when finished traversing all paths in a prefix and are moving on to the next prefix on the link list.
: Fix is integraded into the following codes: 011.002(004.003) 11.2(04.03)F 11.2(04.03)P 011.001(010.001) 11.1(10.01)AA [CSCdi87071]

The system might reload after a show ip bgp inconsistent-as is executed. [CSCdi88669]
The router does not forward BOOTP request broadcasts when the broadcast address is 0.0.0.0. [CSCdi88723]
Cisco 4500 running IOS version 10.3(16) reloads and provides stack trace:

: System was restarted by bus error at PC 0x601E4CD0, address 0xD0D0D0D 4500 Software (C4500-P-M), Version 10.3(16), RELEASE SOFTWARE (fc1) Compiled Thu 24-Oct-96 18:32 by richardd (current version) Image text-base: 0x600087E0, data-base: 0x60370000
: Stack trace from system failure: FP: 0x605D46B8, RA: 0x601E4CD0 FP: 0x605D46D8, RA: 0x601E4D88 FP: 0x605D46F8, RA: 0x601E50EC FP: 0x605D4710, RA: 0x601C88E0 FP: 0x605D4740, RA: 0x601E4998 FP: 0x605D4760, RA: 0x601E5174 FP: 0x605D4778, RA: 0x60081D04 FP: 0x605D47B8, RA: 0x6006C8A4
: Which decodes as follows:
: Symbols
: nhrp_cache_clear_nei nhrp_cache_clear_nei nhrp_cache_delete_subr nhrp_cache_age_subr rn_walktree_blocking_list nhrp_cache_walk nhrp_cache_age registry_list net_oneminute [CSCdi90523]

Removing secondary address on an interface may cause EIGRP stops sending hellos/updates to an unnumbered link which uses that interface's primary address.

: Reload is the only way to recover. [CSCdi92226]

The header details stored in the ip route-cache do not correctly reflect the MAC details of the next hop for remote destinations if the next hop MAC address changes. [CSCdi92668]
After 'clear ip route ', where is a host route, EIGRP will not reinstall the associated route.

: 'clear ip route *' will force EIGRP to reinstall it. [CSCdi92753]

Rate-limited prunes not sent on p2p interfaces [CSCdi92785]
An extented access-list that denies IP traffic and that does not require transport layer information may let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]
The RP, when placed at the PIM/DVMRP border, should send prunes to the DVMRP neighbor, if its (S,G) outgoing interface list no longer has interfaces in forwarding state. This bug does not affect the pruning behavior when the RP is not at the border. [CSCdj00745]
After major topology changes, it is possible that OSPF neighbor list is corrupted. Under show ip ospf neighbor, it could be found that OSPF has adjacency with itself. It prevents OSPF from establishing adjacency with other routers on the network. More seriously, This could lead to router crash. [CSCdj01682]
When set interface selects a multiacess network there should be a route in the routing table that matches the interface to determine the next hop. If the interface is point to point, there is no reason for the routing table entry. The workaround is to use set ip next-hop. [CSCdj01894]
Potential memory corruption and memory leaks when send PIM packets out. [CSCdj02092]
The router will crash in nhrp_find_nhs when attempting to access a network which is not being served by nhs. [CSCdj03224]
When igrp installs a majornet route it could possibly black hole the majornet for unknown subnet routes. [CSCdj03421]
When a dense mode graft message needs to be sent upstream, a join might have been sent instead. This happens when the number of sources sending to the group is large and the graft message does not fit in one packet. [CSCdj05431]
When the LSA with the host bits is generated, OSPF ABR handles the LSA incorrectly and reports the OSPF-3-DBEXIST error message for type 3 LSAs. [CSCdj08699]

ISO CLNS

CLNS PING intermittently result in cannot send ECHO [CSCdi91861]

Novell IPX, XNS, and Apollo Domain

If a non-cisco router running NLSP has multiple NIC cards on the same network with NLSP enabled, a cisco router will establish an adjacency with only one of the NIC cards. There is no workaround to this problem. [CSCdi82730]
When a device running LANE is configured as a LEC, it does not acknowledge any secondary IPX networks with frame types different from the primary. The debug ipx packet command displays these received packets as "bad pkt." Only packets that arrive with the same IPX frame type as the primary IPX network on the ATM interface of the router are properly accepted. [CSCdi85215]
XNS RIP requests for all networks causes normal periodic RIP updates to be delayed or skipped. [CSCdi90419]
When IPX incremental SAP is running, the router's SAP table may not contain all the SAPs in the network if one of it interfaces goes down and comes back up later. [CSCdi90899]
When running IPX incremental sap, the router may not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]
When a router running NLSP receives an IPX aggregate route, SAPs whose source networks match that aggregate route will be installed into the SAP with a route hop count of 255, making those services unreachable. [CSCdi91209]
On a Cisco C7200 series router running IOS Release 11.1 or 11.2, fastswitching IPX traffic to a GRE tunnel can cause unexpected system reload. The workaround is to disable fastswitching on the tunnel. [CSCdj01107]
The "ipx nlsp retransmit-interval" interface config command always fails with the message:

: %IPX unknown NLSP interface command [CSCdj01189]

Connected routes are not redistributed to IPX Enhanced IGRP with the proper metrics. This may cause the remote routers to use a suboptimal route if multiple autonomous systems are configured and routes are mutually redistributed. [CSCdj04141]
On a router that is configured for NLSP, when a more distant route is replaced by a better route, RIP might advertised two routes for the same network. [CSCdj04543]
The IPX route table may be incomplete after an interface is shut down and more than one IPX Enhanced IGRP autonomous system is configured. [CSCdj07334]
The router may reload if NLSP is disabled on an interface. [CSCdj08009]

TCP/IP Host-Mode Services

The initiation of telnet or other TCP connection may fail with an the error message "%Out of local ports." A workaround is to attempt the connection a second time. [CSCdi60974]
Customer has a crash that looks similar CSCdi61278 [CSCdj01350]
IP packets with valid TTLs (of varying values) received on a VIP2 serial PA or FSIP (both on RSP2 platform) with tcp header compression are intermittently dropped. The router sends an ICMP Time Exceeded message to the source.

: show ip traffic will show ICMP Time Exceeded counter incrementing.
: Workaround is to turn off tcp header compression. [CSCdj01681]

Wide-Area Networking

The output from "show lane server" sometimes contains misleading information, leading to an erroneous impression that an error has occurred. [CSCdi57788]
This is a display error. The counters are not actually negative. [CSCdi68753]
This problems occurs on a 25xx/1003's bri interface (with hdlc encaps) After the router is reloaded, the bri interface's line protocol does not come up.

: The show interface bri 0 command shows BRI0 is up, line protocol is down. The work around is to do a clear interface bri 0 after the system comes up. The correct behavior would be for the system to come up with BRI0 is up, line protocol is up(spoofing) [CSCdi78255]

Under periods of high CPU load, the frame relay interface may go down due to LMI packets not being sent. This can be verified by turning on debug frame-relay lmi and observing first whether LMI packets are being sent at intervals specified by the keepalive period for the interface, and if not whether the period is within the tolerance of the receiving frame relay switch. Specific conditions under which frame relay LMI packet transmission delays have been observed include high process-switched traffic load (most protocols) and token ring interface flaps. [CSCdi87513]
Customer has configured for isdn incoming-voice data 56 to specify that incoming data over voice calls are to be taken as 56k calls. When a real data call actually comes in with a bearercap specifying 64k, the router will see it as a voice call and incorrectly interprets the data as 56k. [CSCdi88690]
Under unknown circumstances, the router may be restarted by a bus error. This problem occurs only if PPP is configured. [CSCdi89566]
If a 'no shutdown' command is entered for a Group Async interface, the router may reload. [CSCdi91037]
Enhanced PMA error reporting to include error messages for each of the possible PMA errors that may occur in the VIP system.

: The new error messages are:
: "PCI Transmit Parity error" "PCI Master Transfer Target Abort" "Packet Bus Write Parity error" "PCI Parity error" "PCI Retry time-out" "PCI TRDY time-out" "PCI IRDY time-out" "PCI DEVSEL time-out" "PCI GNT time-out" "PCI Target ADDR exceeds SRAM size" "PCI SERR" "Packet Memory Read Parity error" "Unknown PMA error 0x00000080" "Packet Bus Addr exceeds SRAM size" "PCI Master Access failed" "Packet Bus timeout CYA" "Packet Bus timeout CPU" "Packet Bus State Machine error" "Illegal CPU Burst Write" "PCI Master Access not enabled" [CSCdi92934]

When using AAA accounting, a message similar to the following may be displayed:

: %AAAA-3-BADSTR: Bad accounting data: too many attributes [CSCdj00190]

When the Cisco router is configured for AAA accounting and it has agreed to authenticate with CHAP, each CHAP Challenge results in an accounting attribute being created. If the peer implements the optional mechanism to repeatedly authenticate the peer with multiple CHAP Challenges, this may eventually result in the 'AAAA-3-BADSTR, Too many attributes' message. This defect will be fixed in a later release of IOS. [CSCdj03234]
Last X25 fragment has the M-Bit set improperly when the packet is full, but no additional data is to be sent. [CSCdj03488]
When you are modifying the LANE database, if you lose the Telnet session to the router, the database locks up. This is not a bug in the LANE code. A "dead" telnet session takes approximately 5-8 minutes to be detected from the "alive" side. Once it is detected, the alive side cleans up and releases the lock. This is a Telnet feature and has nothing to do with the LANE database. The workaround is to reload the router. [CSCdj06660]
When the CPU is very busy and running many processes, an attached ATM switch may tear down SSCOP and all SVCs because the SSCOP Poll PDUs sent by the switch are not serviced in time. The workaround is to keep other processes from using too much of the CPU. [CSCdj06928]

11.1(9) Caveats/11.1(10) Modifications

This section describes possibly unexpected behavior by Release 11.1(9). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(9). For additional caveats applicable to Release 11.1(9), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(10).

Access Server

Sometimes on AS5200, the OOB port of a modem may become unresponsive. Issuing a clear modem command will recover the modem from this state. [CSCdi85028]
If an invalid modemcap name is marked for deletion, the user is not informed that the entry does not exist. [CSCdi86924]
When you execute the show modem log command on an AS5200 access server, it may crash with a bus error. [CSCdi91563]

AppleTalk

Router may display assertion messages when nbp filters are activated with a dialer list. The work around is to remove nbp filters or activate nbp filters via the access-group command. [CSCdi83205]

Basic System Services

When using the command "show flash all" or "show flash chips" and specifying a device that is on the slave RSP in a Dual-RSP 7507 or 7513, the chip information for the device is written to the slave processor console which is either inaccessable if the Y-cable is being used or is not supported for any function if two consoles are being used. The end result is that the chip information is not available to the user, and if the user has 2 consoles connected, the console on the slave RSP (which is not supported when the processor is in slave mode) will display some information when this command is used. [CSCdi45489]
When a connection is made to a telnet binary port on a cisco router (60xx, 70xx, etc), from a host that does not implement the telnet protocol RFC, the router will not successfully enter binary mode. [CSCdi49663]
The packet size distribution in "show ip cache flow" has a problem where packets larger than 575 bytes where reported in the next larger size range. [CSCdi58755]
On RSP systems, the router reloads with a SegV error when trying to free a misqueued buffer or a buffer that is an invalid size. The buffer might contain a bad packet passed to it from another router. [CSCdi74039]
The source and destination ports in the show ip cache flow display where swapped. [CSCdi74356]
When rcp from a host is used to copy a large file into 7500 series router flash, the router may print "CCCCCCCCCCCCCCCCCCCCCCCCC...". [CSCdi74684]
On Ethernets that experienced output errors XBUFHDR and INVRTN errors could be seen. This has been fixed in this code. [CSCdi75404]
In some scenarios the SNMP traps sent for interface status (linkUp/linkDown) may contain incorrect ifIndex values.

: The resulting incorrect ifIndex values usually overlap valid ifIndex values for other interfaces in the system and may be incorrectly interpreted as coming from them.
: This problem has been observed with B-channels on a PRI and with interfaces on hot-swappable modules after they have been inserted (or re-inserted). There may be other scenarios as well. This fix should address them as well.
: This defect was originally found on an LS1010 and was fixed in the 11.1(8) software release for LS1010. See CSCdi75534. [CSCdi75531]

When HTTP and AAA are enabled, the login is set to the default of local authentication, and the username is blank, the router enters an infinite loop that sets off the watchdog timer, causing the router to crash. [CSCdi84663]
RSP2 reload at dequeue [CSCdi85492]
Opening the URL http:///platform on a 7200 with a plain I/O Card (no interface) will cause the Status & Configuration Views (HTML Tables) to not appear. [CSCdi86529]
Accessing a non-existent interface followed by a valid interface using the http server may cause the router to crash. [CSCdi87125]
The router may reload inadvertently if you respond improperly to extended ping dialog prompts. [CSCdi88443]
You cannot include any modem command inclucing a colon (:) in a modemcap entry. [CSCdi90443]
If a hex 00 is entered as part of the name string on a Catalyst switch, IOS will incorrectly compare the name string on a received CDP packet to that of the stored CDP packet. The router will continually store the received CDP packet as a "new" device. Eventually, the router will run out of memory.

: One can diagnose this problem by turning on DEBUG CDP PACKETS
: If device is receiving GOOD CDP information, the output will look similar to:
: CDP-PA: Packet received from 008024 3DD610 (wan-sw.3100) on interface Ethernet1 **Entry found in cache**
: If the device is receiving BAD CDP packets, the entry will never be found in the cache (and thus repeatedly added).
: Workarounds: 1. Turn off CDP on the router via the NO CDP RUN command. 2. Change the name on the Catalyst to a Text String; e.g. set system name foobar [CSCdi91300]

DECnet

DECnet is sending Phase IV prime hellos out Ethernet interfaces. [CSCdi83560]
The command "dec advertise " (correctly) creates an entry in NVRAM. However, if there is an entry for the *same* area in the DECnet routing table and that entry was created dynamically (i.e. learned via DECnet), then issuing the command

: "no dec advertise "
: fails to remove the "dec advertise " line from NVRAM. [CSCdi87264]

EXEC and Configuration Parser

Characters received prior to executing an autocommand are discarded even when no flush-at-activation is configured on a line. [CSCdi89236]
Newer telnet clients which support the NAWS option cause line and width line configuration commands to appear on the vty. [CSCdi90442]

IBM Connectivity

On CIP cards, it is possible to see the adapter type in sh int, but this information and version information is not available from the show controller cbus command. [CSCdi26192]
This problem has been more prevalent in STUN/Local-Ack scenarios involving AS/400s. The remote router expects to see an OPCODE called LINK_ESTABLISHED from the host router in order for it to transition the state from USBUSY to CONNECT. While in USBUSY state, the remote router continually sends RNR to the downstream devices. The host router will only send the OPCODE once it sees the first RR/P after a SNRM/UA exchange sequence. With other devices such as a FEP, an I-Frame can be sent out prior to the RR/P which would actually take the remote router state out of USBUSY, but the local-ack states were not corresponding to the actual situation at hand. This was the problem. The fix to CSCdi65599 actually corrected it for the most part. Additional "checking" code was added for exceptional state cases. Workarounds would be to use IOS releases that include the fix for CSCdi65599. [CSCdi61514]
If you have a serial tunnel (STUN) virtual multidrop configuration that is running local acknowledgment and STUN quick-response to accommodate AS/400 polling requirements, an AS/400 NPR time-out will occur if a remote physical unit (PU) T2.1 or T1 controller fails to activate when responding to the initial XID poll. To work around this problem, disable STUN quick-response, issue the sdlc k 1 command on all Synchronous Data Link Control (SDLC) interfaces, and configure idle-character mark on the SDLC line(s) to the AS/400. [CSCdi66681]
LAN applications that use an broadcast xid to a non-zero destination sap will not be able to establish a circuit over DLSw. [CSCdi77862]
Problem happens when u try to do router commands thru nsp. When u come to the Press'Y' for more option, the router aborts the connection. This results in the 'Y' typed from the nsp to go to the run queue on the router instead of the interactive queue. This problem seems to be happening because we terminate connection when PU is not active.. we dont take care of the busy condition.. we should.

: Anyways taking care of the busy condition, the router doesnt abort the conncetion and correctly passes the Y to the interactive queue. [CSCdi81927]

Customer has request that the 'show appn inter' command display the LFSID for that session. [CSCdi81988]
SNMP GET for cipCardClawTable did not return all claw links even though the MIB defined unique information for each link. Conversely, cipCardClawConfigTable was repeating the same information for each subchannel even though it is defined to be identical. [CSCdi82268]
You may experence connection problems with stations running netbios under very old versions of DOS. The only workaround is to use the latest netbios drivers available for the workstation. A tip that you may be experencing this problem is that Windows and O/S2 stations can establish sessions fine, but your DOS based stations can not. [CSCdi83982]
A router might reload when more than 125 sessions on the router are using QLLC/DLSw+ conversion. [CSCdi84896]
When using the feature source-brige local-route you may have a system failure if you issue the command no ip routing. Regular source route bridging isn't affected by this. [CSCdi86240]
QLLC: Connection using a virtual Mac Address from a pool of virtual mac addresses may get connected to the wrong resource on the mainframe. [CSCdi86358]
When a downstream PU2.0 stops by issuing a REQDISCONT to a DLUR router, the DLUR router may loop continuously restarting the link to a downstream PU2. In this case, the DLUR router sends a corrupted packet to the host, instead of a REQDACTPU. [CSCdi86769]
An Invalid packet is being received from the VTAM NN and the CP-CP session is being torn down. [CSCdi87217]
This fixes APPN DLUR router crash and reload. There was a race condition in the APPN/DLUR code, because of which null pointer was accessed sometime casung SegV violation crash. [CSCdi87325]
For LU0-LU0 traffic the extended BIND may contain unformatted user data fields. The NN rejects the BIND and hence the session willk never start. [CSCdi87365]
Release-note: lsap-output-list parameter on a dlsw remote peer statement blocks sna and/or netbios if configured as such, but will only block other types of broadcast traffic from local dlsw interfaces. DLSw routers acting as border peers are not able to use lsap-output-list filters on remote peer definitions.

: Workaround: Configure the required filter at the originating router, either at the interface or dlsw level. This is a large administrative task in large networks. [CSCdi87600]

The "Net Periodic" process takes more CPU than necessary. You can tell if the percentage CPU used in "Net Periodic" has gone up drastically in the output of show process cpu. This is a result of a regression introduced to 11.1(8.1) and 11.2(3.1). [CSCdi88317]
DLSw FST over SMDS uses an incorrect smds header. The 7500 platform works despite this error, but the low-end paltforms do not. This ddts fixes DLSw FST on low end platforms such as 4500 and 4000. [CSCdi88359]
When issuing a "show appn dlur-pu" or "show appn dlur-lu" command and there are more than five elements to display, the display will loop and display the first 5 elements in a loop until the user quits out of the display. This defect was introduced by CSCdi83563. [CSCdi88580]
APPN show commands may cause a DLUR router console to hang. This problem occurs when a race condition is hit during dlur deactivation flows. [CSCdi88581]
Configuring the output-lsap-list command on the local Token Ring interfaces does not block broadcast traffic from a DLSW peer. The workaround is to use a filter at the DLSW level on either router or to block the traffic with an input-lsap-filter command at the remote peer. [CSCdi88593]
Customer has a 3708 controller that is sending a NOTIFY(UNAVALIABLE) when it already has sent an ACTLU +RSP(UNAVAILABLE) and the DSPU sscplu fsm is not handling this properly. [CSCdi89183]
Release note This fix corrects the delay seen in connection establishment for routers configured with DLSw and sdlc "switched" option. XIDs arriving from the DLU (host) system will break the station out of slow-poll and send the XID on the line immediately. Stations that were in slow poll had to wait until they were slow polled again before they would get connected, prior to this fix. [CSCdi89219]
When running multiple large file transfers across DLSW using FST transport sequence errors may occur causing the job to abort. This is viewed by show dlsw peer. A sequence error occurs when a numbered FST (ip) packet is received by the DLSw peer and the sequence number does not match what the peer expects. [CSCdi89838]
Release Note for the fix:

: This fixes the APPN DLUR router crash with memory corruption. This may happen occasionally and the router often crashes in a function call Mget_x. [CSCdi90441]

A reload can occur when using the APPN/DLUR feature in extream stress situations (typcially thousands of sessions being cleaned up). The PC (program counter) at the time of the reload will vary. [CSCdi90518]
PEER INVALID trace messages are displayed on the console. Also, in Releases 11.1 and 11.2, the session on the peer-on-demand does not come up for quite some time. [CSCdi90953]
When running APPN/DLUR, heavy session activation can result in the router using all I/O (buffer) memory available in the router. Often the external symptom of this occurance is the APPN subsystem shutting down. This fix minimizes dlur's buffer usage allowing many more concurrent session activations before I/O memory will be exhasted. [CSCdi91380]
On Cisco 7000 systems, packets that are fast switched from CIP to FDDI might be dropped by some layer 2 switches because one additional byte is being added to the FDDI frame. The problem does not occur on RSP systems. A workaround is to use autonomous or process switching. [CSCdi91417]
When running APPN/DLUR sessions, a reload in check_heaps may occur due to a memory overwrite. The memory overwrite occurs if the amount of control vector data in an extended bind response is larger than the buffer that the bind response arrived in. [CSCdi91432]
The DLUR router may crash with a "SegV exception" or an "Illegal access to a low address" message because of a DLUR memory corruption problem. This error results from a race condition that usually occurs when DLUR sessions are going up and down. The stack trace after the memory corruption usually indicates Mget_x. [CSCdi92947]

Interfaces and Bridging

The show diagnostic command does not display Fast Ethernet Interface Processor port adapter information. [CSCdi33967]
4000 series routers may reload due a PC error. Seems to be related to increasing the bandwidth on the serial interfaces with hardware type MK5025. [CSCdi36722]
A Cisco 7500 series router does not display a token ring interface's "burned-in" MAC address (BIA) in the correct format. Token ring MAC addresses should be in non-canonical format. 7500 series routers incorrectly use the canonical (LSB first) format. [CSCdi48110]
Alignment errors may possibly occur when performing transparent bridging at process level to a token ring interface. [CSCdi48465]
On Cisco 7200 systems, enabling automatic spanning tree on Token Ring interfaces causes the interface to transition. Disconnecting the cable might cause the router to reload with a PC bus error ibm692_lap_read, which results in a booting loop. To recover from this booting loop, reload the router. [CSCdi72257]
On Cisco 7000 and Cisco 7500 series platforms that have FSIPs, transmitter delay does not seem to be working correctly. There is no workaround. The fix for this problem is available from 011.002(003.001) 011.001(008.003) 11.2(03.01)F 11.2(03.01)P. [CSCdi72431]
Release-note: asyn/sync ports on the 252x series routers will reset for a one second period under rare error conditions. [CSCdi77033]
Cann't ping the active/phantom ip address of the router when MHSRP is configured on the VIP2 fast ethernet interface. [CSCdi78368]
On Cisco RP/SP 7000 series routers, if you reload the router after adding new interface processors or swapping interface processors, the configuration for serial interfaces may be lost. Also, the encapsulation may be lost, causing the serial interface configuration to change to the default (HDLC). You can identify this problem if your interface is a serial interface, for example, an FSIP or a HIP, and the show configuration command correctly displays the original configuration for the serial interface. As a workaround, EOIR the new card, configure it, and issue the write memory command before reloading. [CSCdi79523]
MultiChannel Interface Processor (MIP) 'no channel-group' command will causes router to reload if OSPF are configured. [CSCdi79844]
When media-type MII configured on fastethernet interface, if OIR of another card in the router occurs; the fastethernet interface does not recover. Does not show up in sh int output. [CSCdi82350]
FDDI interface on 4x00 platform does not correctly apply/filter MAC address access list. [CSCdi83829]
Issue occurs when performing a getnext operation on the dot1dTpFdbTable in the Bridge MIB. A getnext will not retrieve a request of index+1 and will instead return the lexigraphically next index. Example if the table has the entries with indices of

: 0000.0000.0001 0000.0000.0002 0000.0000.0003 0000.0000.0005
: a getnext of 0000.0000.0002 would return the index 0000.0000.0005
: because 0000.0000.0003 is the index requested + 1
: a getnext of 0000.0000.0003 would return the index 0000.0000.0005
: because 0000.0000.0005 is greater than the requested index + 1 [CSCdi84559]

IP Routing Protocols

When a router joins a multicast group using the "ip igmp join-group" command, the (S,G) entries for this group will be deleted and reentered every 3 minutes unless the router is also forwarding for the (S,G). The router will continue to receive and respond to all the multicast packets it receives. [CSCdi40588]
the MIB variable ospfAreaEntry.ospfAreaLSACount shows incorrect counts in the magnitude of 50,000+. [CSCdi51531]
When using BRI IP unnumbered & static default route 0.0.0.0, the default route entry is removed from the routing table for up to 1 minute - upon ISDN B channel disconnecting.

: The fix for 11.2 introduced CSCdj02347 and CSCdj02729. [CSCdi77493]

When OSPF is configured with the default-information originate router command to generate default information, OSPF is prevented from installing the default information advertised by other OSPF routers. This causes a problem if OSPF does not really generate the default because a certain condition is not satisfied, for example, the gateway of last resort is not set. [CSCdi80474]
The IP Timestamp option is filled in with a nonstandard value. Routers which know the time of day should fill it in with a standard value instead.

: There is no workaround to this problem. [CSCdi82499]

IGMP and PIM should support multicast addresses (for example, c000.0004.0000) as configurable options on Token Ring interfaces instead of requiring broadcast address (for example, ffff.ffff.ffff). [CSCdi83845]
RARP over ISL encapsulated ethernet does not work. [CSCdi84700]
When using UNIX mtrace 5.1 or later, some customers will notice no response from cisco routers which previously worked fine. This is due to the new addition of the router alert option to mtrace packets. Workaround is to use the -O option of mtrace which turns router alert off.

: -Chris [CSCdi84721]

A router might advertise a combination of unicast and DVMRP routes in excess of the configured route limit (but no more that two times the limit). The workaround is to configure a lower route limit. [CSCdi85263]
The BGP neighbor default-originate command does not work if a 0.0.0.0 withdrawn message is sent to a neighbor. The workaround is to issue the clear ip bgp * command. [CSCdi87188]
OSPF fails to install parallel type 1 external paths if the forwarding costs to reach the advertizing router or forwarding address of the LSAs are not the same. [CSCdi88553]
Routes received carrying a community attribute set to 'local-AS' are advertised to eBGP peers (includes peers in other members autonomous systems inside a BGP confederation).

: The workaround is to use a Community Filter List. [CSCdi89176]

When using the extended form of the ping command, the system will not accept the IP address if there are trailing spaces in the input. [CSCdi89510]

ISO CLNS

CSCdi78048 introduced a bug that ISO-IGRP will not redistribute the local ISIS route. [CSCdi85861]
Router memory leaks if router receives a CLNS packet with invalid destination address length.

: There is no workaround of this problem. [CSCdi90052]

If minimum-sized (or sweeping-sized) CLNS pings are done and the CLNS source and destination addresses are very long, the system may fail. The workaround is to raise the minimum ping size to at least 63 bytes. [CSCdi91040]

Novell IPX, XNS, and Apollo Domain

When ipxwan static is configured and negotiated RIP/SAP updates are still being sent. They should be disabled. [CSCdi62418]
A response to a RIP request for an EIGRP locally connected network may use a hop count of 0 in the response. This appears to be a problem for some NetWare clients. Minimum hop count in any RIP packet should always be 1 in these cases. [CSCdi75080]
Changing the NLSP partial route caluculation (PRC) holddown value has no effect. Instead, the default value of 5 seconds is always used. [CSCdi81020]
Routers configuring for IPX Enhanced IGRP with parallel paths might reload. The workaround is to run IPX RIP. [CSCdi84739]
The ipx down network-number command might appear unexpectedly in the output of a write terminal command, and this command might be written to nonvolatile memory with the write memory command when the interface is down but you have not issued a ipx down command on that interface. There is no workaround. The unwanted command does not appear when the interface is up. If the unwanted command appears in nonvolatile memory, issue a no ipx down command followed by a write memory command when the interface is up to clear the undesired command from memory. [CSCdi85453]
In a redundant ipx eigrp network running ipx incremental sap, the router's sap table sap information may contain out of date information, such as the socket number if the socket number is changed from its initial advertisement. [CSCdi85953]
SPX keepalive spoofing will cease to spoof after a router has been up for 24+ days. Debug ipx spx-spoof will show packets being "skip"ped at the time when they should be spoofed. The only workaround is to reload the router once very 3 weeks. [CSCdi86079]
If multiple instances (i.e., multiple NLSP areas) are configured on a router, changing the IPX NLSP router subcommand "lsp-data-hashing" on one instance, may affect other instances.

: There is no problem if all instances of NLSP on the router are consistent (i.e., all instances use the default LSP packing algorithm, or all instances are configured with "lsp-data-hashing"). [CSCdi86503]

Protocol Translation

Protocol translation (tcp to x25) router continually tries to negotiate telnet window-size, causing high cpu utilization. [CSCdi86983]
To log the X.121 calling address, Call User Data (CUD), and the IP address assigned to a VTY-Async connection use the service pt-vty-logging global configuration command.

: The syslog authentication information can be used to associate an incoming PAD VTY-Async connection with an IP address. [CSCdi89272]

TCP/IP Host-Mode Services

Router will reload if TCP tries repacketize a packet that has invalid packet reference count. [CSCdi87175]
TCP data structure gets clobbered if a RST is received while the application is half way thru closing the connection. Local TCP will end up in a endless loop trying to send the last FIN to its peer. A typical symptom for the problem is that the CPU usage becomes very high, and the application that is doing the close will be stuck in TCP forever. [CSCdi88063]
TCP will get into endless ACK war with its peer if application on both ends have stopped reading data. A typical sympton will be that CPU usage becomes very high on the router. A possible workaround for the problem is to clear the tty/vty line that owns the TCP connection in ACK war. [CSCdi88065]
A Telnet session with a nonzero number of unread input bytes cannot be cleared. [CSCdi88267]
The rcp protocol on the router uses a small TCP window. [CSCdi88541]
If you have a route to the all ONES subnet via Null0, a packet that should be interpreted as an all nets broadcast (i.e., when using spanning-tree based udp flooding), is discarded. [CSCdi88587]
Copying to flash via the rcp protocol may fail under some circumstances if the TCP window size is enlarged using the ip tcp window-size command. [CSCdi88754]
Extra characters are sometimes syslogged by TCP when MD5 authentication is configured. [CSCdi89606]

VINES

Routers that are connected via extremely slow links that have a large routing table, for example, a table with more than 300 entries, do not get the full routing update before the reassembly timer expires. The symptom is that routes repeatedly appear and then age out. The workaround is add access lists to eliminate some of the unneeded routes. [CSCdi79355]
If you add a vines static route of equal metric for an alternative path when vines single-route is configured, the system may reload. The workaround is to delete the static route or enter no vines single-route command. [CSCdi92190]

Wide-Area Networking

The output hold queue holds all buffers that are being kept in output queue because of traffic shaping. This slows down traffic for other VCs, causing the traffic to traverse the complete queue before it can leave the system. [CSCdi74940]
interface ATM3/0 no ip address atm pvc 1 0 5 qsaal atm pvc 2 0 16 ilmi

: nestor#conf t Enter configuration commands, one per line. End with CNTL/Z. nestor(config)#int atm 3/0 nestor(config-if)#no atm add nestor(config-if)#end nestor#wr t
: ... interface ATM3/0 no ip address atm pvc 1 0 5 qsaal atm pvc 2 0 16 ilmi atm address-registration .... [CSCdi77801]

In certain environments, I/O and processor memory are being consumed by processes in the router, primarily the Critical Background process, and the router runs out of memory after 29 hours of operation. [CSCdi80450]
When using a 4ESS PRI to place an international call (011), the call might be rejected with the error "cause i = 0x839C - invalid number format." [CSCdi81069]
Using the command no pri-group while traffic is being passed may result in a bus error. The command may be used safely when no traffic is being passed. [CSCdi82055]
In 11.0(13), routers will reload when the "no frame-relay priority-dlci-group" command is entered.

: The work-around is to first remove any "frame-relay interface-dlci" commands and THEN remove the "frame-relay priority-dlci-group" command. [CSCdi85395]

If dlci-prioritization is enabled on an interface and low/medium/normal priority DLCI is same as high priority one, router may not inverse-arp after router-reload, shut/noshut. This may cause loss of ip connectivity as frame-relay map will not exist. Workaround for this bug is to first remove the dlci prioritization and then add it back after the router has inverse-arped for the remote ip address. [CSCdi85414]
When the BRI interface is used as leased line, the interface does not come up after a cable is pulled out/in back if the d-channel interface is shutdown. "clear interface" or reload is required to resolve this problem.

: If d-channel interface is not configured into shutdown mode, this problem will not occur. [CSCdi88014]

When flush packets are received by 7000 series routers, their length is truncated to first 20 bytes only. As a result, flush response from the router will be truncated. This is a problem only when Cisco 7000 router is talking to a non-cisco gear and the other side initiates a flush. [CSCdi90808]
Due to topology changes in a bridge, the router may retain old information about the destination MAC in its cache. The only way to fastswitch packets is to destroy the VC. [CSCdi90864]
When TEST/XID packets are received by a LANE client, the router may crash. There is no workaround for this problem. [CSCdi90868]
A bug prevents ISDN signalling packets from being passed up through the serial driver. This makes BRI and PRI interfaces not able to talk to the phone switch. [CSCdi92159]

11.1(8) Caveats/11.1(9) Modifications

This section describes possibly unexpected behavior by Release 11.1(8). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(8). For additional caveats applicable to Release 11.1(8), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(9).

AppleTalk

Router crash when incomplete AppleTalk fast switching cache entry is used. This happens when the cache entry is updated with another output interface and within a small timing window.

: There is no workaround. Though in most cases, this scenario is unlikely. [CSCdi77772]

Basic System Services

If aaa authorization commands level methods is turned on, every command entered is authorized using methods, which includes configuration commands. Since there are some configuration commands that are identical to exec-level commands, there can be some confusion in the authorization process.

: Using no aaa authorization config-commands causes the Network Access Server (NAS) not to try to authorize configuration level commands.
: Care should be taken, as this reduces the administrative control that can be placed on configuration commands, i.e. it turns into an all-or-none authorization. [CSCdi36536]

AGS+ routers with first generation FDDI cards (CSC-C2FCI) do not support translational bridging, and are no longer supported. They use encapsulated bridging. The second generation AGS+ FDDI cards (CSC-C2FCIT) support both translational and encapsulated bridging.

: Encapsulated bridging does not work on the 7500 router. The workaround at this time, to bridge between the AGS+ and the 7500, is to use CSC-C2FCIT cards in the AGS+ and translational bridging.
: The big disadvantage of using encapsulated bridging is that it cannot use the hardware bridge filtering capabilities of the CSC-C2FCIT cards, which have a CAM built into them which is used to do bridge filtering on the card. When encapsulated bridging is used, the main processor has to do all bridge filtering. This means that one busy encapsulated bridging FDDI network can eat the entire bandwidth of the router's main processor, just for bridge filtering. It should be no surprise that the use of encapsulated bridging is to be vigorously discouraged. [CSCdi46862]

If the user does multiple card removals followed by multiple card insertions in the newly emptied slots with OIR, some of the replaced cards may remain in the administratively down state. For example, pull out a card from slot 1, pull another from slot 2, insert a new card in slot 1, insert another card in slot 2 is a set of actions which will trigger this bug.

: The easy workaround is to simply replace cards one at a time. In the example above, pull slot 1, insert slot 1, pull slot 2, insert slot 2 will avoid the problem entirely. [CSCdi57526]

Copying a text file to Flash memory and displaying it using the show flash filename command causes the router to reload. [CSCdi57527]
Neither RADIUS nor TACACS+ currently passes any information that may be available as to the "dialed number" (DNIS) of an incoming call. This bug addresses only analog modem calls received on an AS5200 PRI. [CSCdi57688]
The NAS-Port value supplied in RADIUS requests does not identify which B channel of a BRI or PRI is being used. [CSCdi60334]
The IOS RADIUS implementation will generate accounting requests with ACCT-STATUS-TYPE = 3 (watchdog/update), which has been deprecated in the current radius specification. [CSCdi62320]
After installing new Interface Processor cards and powering up a 7513 with viper cards one of the viper cards may not come up properly. You will see the following message on the console:

: %CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FFB0, slot 9, cmd code 0 -Traceback= 601D8778 601D8F08 601D46B0 601D78C4 601D7C08 601D1A80 6012B71C 60131 ED4 601260E8 601262AC 60127430 6012741C
: a show diag will show:
: Slot 9: Physical slot 9, ~physical slot 0x6, logical slot 9, CBus 0 Microcode Status 0x4
: Board is disabled wedged Pending I/O Status: None EEPROM format version 1 VIP2 controller, HW rev 2.3, board revision A0 Serial number: 03514247 Part number: 73-1684-03 Test history: 0x00 RMA number: 00-00-00 Flags: cisco 7000 board; 7500 compatible
: EEPROM contents (hex): 0x20: 01 15 02 03 00 35 9F 87 49 06 94 03 00 00 00 00 0x30: 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
: Slot database information: Flags: 0x291 Insertion time: 0x7E04 (00:01:34 ago)
: VIP Controller Memory Size: Unknown
: The workaround to this is to do a microcode reload, however, CISCO recommends that any customer using VIP2s run with a release that contains this bugfix, such as 11.1(8), 11.1(8)CA, 11.2(4) [CSCdi68682]

When customer enables cdp on multipoint frame-relay interface, result is an increase in encapsulation failures. cdp does not work with multipoint , but did work with a frame-relay point-to-point subinterface on the same router . [CSCdi74856]
On 7000 routers a SYS-3-CPUHOG message may appear during initial boot. This does not affect any routing performance. It is a duplicate of CSCdi45511, but now it is fixed in 11.1. [CSCdi75427]
You may experience router reload after seeing following message :

: %SYS-3-TIMERNEG: Cannot start timer (0x1E4388) with negative offset (-495928). -Process= "Per-minute Jobs", ipl= 0, pid= 37 -Traceback= 22157D7A 22154320 221A17EA 2215F45C 2213E074
: High CPU utilization may be seen prior to message and reload. [CSCdi76126]

With the configuration "aaa authentication login default local", if you press return at the username prompt, it will not regenerate a username prompt, instead it will interpret it as a null username.

: To work around this, configure "aaa authentication local-override". [CSCdi76170]

SNMP queries of objects in the MIB-II atTable may cause the device to reload if static ARP entries have been configured. This anomaly was introduced as a byproduct of the fix for CSCdi68943. [CSCdi77494]
Issuing a copy tftp flash command and typing in a source file name with only one : in it to indicate a drive letter on the TFTP server will cause an error, and the TFTP copy will not be initiated. This occurs in all 7500 series routers. There are several workarounds. One workaround is to just specify the source file name without the drive letter (making sure the tftp server is set up to properly to accept this). Other workarounds include preceding the entire file name with the device id "tftp:". For example:

: The following works: #copy tftp:D:test flash Enter destination file name [D:test]: Address or name of remote host [255.255.255.255] ?
: and the following works: #copy tftp flash Enter source file name: tftp:D:test Enter destination file name [D:test]: Address or name of remote host [255.255.255.255] ? [CSCdi78276]

With this change, DFS to serial interfaces with fair-queue configured (the default queueing mode on slower serial interfaces) will fail and packets will take an RSP-switch path. This change will result in fair-queueing to work properly since DFS is not capable of queueing to RSP DRAM. [CSCdi80147]
PCMCIA flash card insertion or removal on a C7200 can, under some conditions, cause a system reload with a PCI bus system/parity error. This caveat has been resolved starting the 11.1(8.1) and 11.2(3.1) releases. [CSCdi80691]

DECnet

Allow DECnet IV router adjacencies to be added to the Phase V (OSI) data base.

: The previous version of the code allowed only end-system adjacencies to be added to the Phase V data base. [CSCdi77560]

EXEC and Configuration Parser

If you are trying to change the prompt for your dialin usersto CR/LF/* this bug will apply to you. [CSCdi77787]

IBM Connectivity

There is some confusion in the way the parser outputs information in the show fras command.

: This is a cosmetic problem only. This bug is a suggested enhancement to show fras.
: The "show fras" command displays incorrect data in some of its fields. For the FRAS/BNN case when attached to SDLC endstations, there is a field called LSap that displays the configured SDLC address. This is not valid and will be fixed in an upcoming release. [CSCdi49137]

When activating more than 8000 LUs, PUs and DLUSs combined, it is possible for the DLUR feature to corrupt storage and cause a router failure. [CSCdi63903]
In certain configurations adding appn control-point statement can cause router to reload. [CSCdi64095]
QLLC DLSw cannot reconnect after a failure. The following assert message is displayed: %CLS-3-CLSFAIL: CLS: Assertion failed: file "../srt/qllc.c", line 4352 !"QSapAddCepFailed". [CSCdi64840]
Issuing a 'show controller cbus' on a cisco 7000 series router with a CIP card installed and all the interfaces on the CIP card shutdown will cause the show command to hang for a couple of minutes and the CIP ucode segments loaded on the CIP are not displayed. [CSCdi65077]
Router is loosing a 'fras map' statement from the config after the router reloads. In boot-up time the following error appears: fras map llc 0200.0060.0080 4 4 Serial0.1 frame-relay 100 4 4 ^ % Invalid input detected at '^' marker.

: Once the router reloads a 'config mem' can be done to add the statement back. [CSCdi67719]

Cisco 4500 and 4700 router Token Ring interfaces intermittently stop working and fails to reinitialize. Problem is seen only during heavy activity and when more than one Token-Ring ports are active. This problem occurs only on the 4500 and 4700 routers. This problem doesn't occur on the 4000. [CSCdi70398]
Release-note: If using cost to control the remote peer for a sdlc device, to ensure the router waits sufficiently for all peers to open and subsequent test responses, dlsw timer explorer-delay-time in minutes, must be configured at the sdlc router. Otherwise the sdlc connection will likely use the first of the peers to connect when DLSw is restarted, regardless of cost. [CSCdi72301]
When using APPN RSRB ports you do not have the ability to configure some key LLC2 parameters. Namely, when a DLUR router activates 4000 downstream PUs over an RSRB port, the CPU will spend considerable time maintaining the LLC2 connections active especially when there is no traffic. That is, the CPU will be spending considerable cycles sending keepalives to all 4000 PUs. [CSCdi72397]
"no lnm rps" is only accepted when a full bridge is configured. During system releod, this command is ignored. The workaround is to configure this command again after reload. [CSCdi72702]
Release Note: sdlc address "switched" operand DDTS: CSCdi73714

: Purpose: Allows the activation sequence for DLSw+ SDLC attached devices to be changed.
: Description: When the router is configured with the following statement: sdlc address xx switched the router will poll the device with an XID before contacting the host. If the device responds, A null XID will be sent from the router to the host. The host XID response will be passed through to the PU 2.x device and the host-pu connection will be established.
: The switched option will work for both PU2.0 and PU2.1 devices. A switched device must be capable of providing its IDBLK/IDNUM, so no 'sdlc xid xxxyyyyy' config statement is necessary. This applies to both PU2.0 and PU2.1 devices.
: Compatibility with previous configurations: This function only affects devices configured with the switched parameter. Other configurations will continue to operate as before.
: Configuration Requirements: 1. Encapsulation type must be sdlc. 2. sdlc role must be primary or prim-xid-poll 3. Configuration is sdlc dlsw. 4. Downstream device must be xid-capable.
: Sample configuration showing switched configuration: interface Serial1 no ip address no ip mroute-cache encapsulation sdlc no ip route-cache bandwidth 9 no keepalive ignore-dcd clockrate 19200 sdlc role primary sdlc vmac 4000.1250.1000 sdlc poll-pause-timer 1000 sdlc address 99 switched sdlc partner 4000.1060.1000 99 sdlc dlsw 99 [CSCdi73414]

APPN alerts are currently only sent over an LU6.2 session. It is a requirement to be able to configure these alerts to be sent over a SSCP-PU NSP session. [CSCdi73663]
Currently the APPN ping command reports the status of the ping, but not the route that was selected. The command needs to be modified to display the route that was selected for the duration of the ping. [CSCdi73673]
When running APPN over RSRB virtual stations where rsrb local-acknolegement is being used, the secondary station may hang upon sending data. The most common symptom is only one of the two CP-CP sessions come active with the partner node. [CSCdi74906]
The DLUR router may send a negative response to a DLUS response for a resource which is no longer available. [CSCdi75547]
When two or more FEPs at a cental site, each with the same TIC address, are connected to a different Token Ring and a different DLSw peer router, a remote SDLC attached PU2.0 device will not establish a session to the back-up FEP if the first is taken offline. This problem does not affect PU2.1 devices. [CSCdi76575]
For an APPN/DLUR router, a "DLUS command" specified on the link station to the downstream DLUR device may not work correctly. The link station defined for the downstream device may repeatedly start and stop. [CSCdi76630]
DSPU configuration of contiguous, dedicated LUs on separate hosts is not written to NVRAM correctly.

: e.g.
: dspu pu TESTPU xid 05d00001 dspu lu 1 1 host host1 1 dspu lu 2 2 host host1 2
: ...is written to NVRAM as...
: dspu pu TESTPU xid 05d00001 dspu lu 1 2 host host2 1 [CSCdi76858]

A CIP2 card (hw version 5.0) is not distinquishable from a CIP1 card in the output of "show version", "show hardware", "show controller cbus", or "show diag". [CSCdi77528]
When a EN connects to the Cisco APPN/DLUR function, there may be problems establishing CP-CP session connectivity if the EN's CP name was previously known to the network topology as a NN. [CSCdi77533]
show dlsw reachability exec command causes the router to crash if a resource like netbios name is reachable through multiple peers or ports and the reacability entry for the resource goes into a VERIFY state. [CSCdi77667]
When running DLSw remote or local switching between QLLC/SDLC/VDLC and a TR, if the TR's largest frame (lf) is less than 4472, the circuit will not connect.

: "debug dlsw reachability" or "debug dlsw reachability error" will indicate an lf mismatch condition detected by DLSw. This condition should not be flagged as an error. The smallest lf across the entire path should be used for the circuit. [CSCdi77805]

Multiple DLSw peerings to remote Routers using Frame Relay direct encapsulation and passthrough does not work.

: The symptoms are sessions failing to establish and existing sessions being torn down.
: The workaround is to configure TCP encapsulation. [CSCdi78017]

The MIB variable ciscoDlswIfSapList is supposed to return an octet string, exactly similar in format to the one returned by ciscoDlswTConnConfigSapList, that conveys the list of all saps that are enabled on an interface. Instead, this object returns a null string. [CSCdi78082]
When using DLSw+ to communicate with non-Cisco devices, the Cisco platform might not deal with incoming transport keepalive packets in an appropriate manner. [CSCdi78202]
When "stun remote-peer-keepalive" is enabled in a locally acknowledged STUN over Frame-Relay configuration, STUN peers are constantly resetting due to incorrect handling of STUN keepalives. [CSCdi78480]
If multiple DLSw remote peers advertise via capabilities exchange that they can reach the same resource, the dlsw reachability cache only indicates that one of the remote peers can reach the resource. [CSCdi78980]
After SDLC sends 3 XID NULLs upstream to a host and receives no response, SDLC stops sending the XID NULLs and the SDLC device will never connect. This condition can occur if the remote peer conection is down because of a WAN connectivity outage or because the host or server is inactive and does not respond to XIDs. To clear this condition, remove the sdlc address address command from the configuration and then reconfigure this command on the SDLC interface. [CSCdi79498]
A SegV exception in CLSCepPongCnf can occur in a rare race condition when APPN to DLC flow control is attempted (internal to the router) simultanously with an APPN link being disconnected. This typically happens on SDLC links, but may not be limited only to SDLC. [CSCdi80473]
It is currently impossible to configure APPN 'route additional resistance' on the appn control point. If the configuration commands are entered, they are ignored and the value for route additional resistance remains the default of 128. [CSCdi81003]
APPN/DLUR can not establish a session with a frame relay-attached downstream PU. [CSCdi81400]
When a NN's name changes the topology database has the old NN name in the database with active TGs. [CSCdi81486]
An APPN connection network will not properly identify a currently active connection between the mac/sap pairs if the connection network is defined over a rsrb or vdlc port ( It works fine over TR and FDDI ports). This causes the session to fail wih sense 80020000. [CSCdi81897]
The show appn dlur-pu and show appn dlur-lu commands do not allow filtering by name like the other appn show commands. [CSCdi83563]
The DLUR router may hang a session after the downstream PU2.0 is IPLed. The DLUR router was not forwarding unbind response with non-zero sequence numbers to the downstream PU. [CSCdi84751]
A CLS assert with traceback information may be displayed on the router during sdlc link deactivation. [CSCdi84944]

Interfaces and Bridging

Under certain circumstances, a group of four serial ports on an AS5100 or 2509/10/11/12 router can become unresponsive. Only a reload will solve the problem. [CSCdi58103]
Kille packets when bridging on FDDI interface receives a packet with DSAP and SSAP = 0xaaaa and length less than 21 bytes, can cause havoc. running IOS 11.0(9.3) or 11.1(4) and the following message is seen:

: CBUS-3-INTERR: Interface 6, Error (8011)
: This is due to the bridging code was seeing aaaa and assuming it as snap encapsulated. Since SNAP encapsulated packets have a minimum length of 21, the bridging code was subtracting 21 from the original length of the packet (20) when queuing it on the outbound interface. Result. Length of outbound packet was -1 or 65535 bytes. This caused the SP to become confused and writing over low core causing the 8011 error. [CSCdi65953]

MultiChannel Interface Processor (MIP) loopback remote command will causes IPs to crash. [CSCdi69074]
The fast ethernet does not remain up like with common ethernet if no cable is inserted and the no keep-alive is configured. The interface goes up and down. [CSCdi72100]
When using FDDI with subinterfaces and encapsulation sde configuring of transparent bridging on a subinterface caused OSPF to die on the complete interface. [CSCdi72969]
Under certain conditions, if an interface on a 5EFL PA is left un-cabled AND in an un-shutdown state, IOS may incorrectly report the interface with the line protocol status as UP.

: Workaround: cable the interface, or place the interface in an admin down state via the SHUTDOWN command. [CSCdi73867]

A MIP interface with more than 64 kbps (more than 2 time slots) may need to be tuned with more tx-limit than the default. The tx-limit can be tuned with tx-queue-limit interface configuration command. In general, the tx-limit should be tuned just to support the interface line rate. This normally can be achieved by the formular - tx-limit = (default tx-limit) * (no of time slot). It is recommended to shut down the interface before changing its tx-limit. [CSCdi74509]
The 7200 router does not accept the early-token-ring command on the 16 meg token ring interface. The command fails with the message: %This interface does not support early token release This command works fine with 11.2 software. [CSCdi74548]
Token ring driver misclassified ipx broadcast packets as srb explorer packets and had them flushed rather than switched while being bridged on LOW end products only (igs xx c4500 platforms). By chance no other protocol packets are affected, this is a ipx broadcast issue only by luck of the logic followed... [CSCdi75134]
VIP2 4r module does not recognize the HSRP virtual ip address, even though it responds to an arp for the virtual ip with the token ring functional mac address for HSRP. [CSCdi77355]
Policy routing on a Cisco 7000 router with silicon-switching enabled does not function correctly. As a workaround, manually disable silicon-switching on each of the interfaces with the no ip route-cache sse command. [CSCdi77492]
This problem can be avoided by not doing a show interface command on a removed FDDI interface. Unfortunately, show techsupport will generate such a command without opportunity for intervention. This patch prevents the software from attempting to read non-existent registers and thereby avoids the errors that result. [CSCdi78254]
In a Cisco 7206 router, when source-bridge is enabled, the router may stop sending packets on the Token Ring interface. [CSCdi78494]
The show vlan command will not display correct VLAN ID sometimes. Another configured VLAN ID may be displayed instead.

: There is no workaround. [CSCdi80987]

The FDDI interface driver can interact poorly with OSPF during OIR, causing SPF recalculations. This occurs only when OSPF is running on a FDDI interface which is not being inserted or removed. This fix eliminates the spurious indication from the driver that the SPF recalculation needs to take place. [CSCdi81407]

IP Routing Protocols

IP multicast fast switching may stop switching traffic through an AGS+ router. To work around, configure no ip mroute-cache on all interfaces forwarding IP multicast packets. [CSCdi45353]
If multicast fastswitching is not working you must configure "no ip mroute-cache" on the token ring interface. [CSCdi46775]
This affects only multicast packets. When multicast fastwitching is enabled on a 7000, and the input rate results in output queue build up, packets are incorrectly dropped and the statistics are not correct. Workaround is to turn off multicast fastswitching on the outgoing interface. [CSCdi65568]
A router running BGP may display a SYS-3-CPUHOG message if the 'BGP Router' process doesn't relinguish the CPU before the maximum allowed time of 2000 ms. [CSCdi69313]
OSPF does not load balance over parallel point-to-point links which belong to the same IP subnet.

: There is no workaround. [CSCdi70260]

When sho standby command is issued on 4700 (10.3.12) with hsrp configured on fddi int, it shows wrong prioriy and tracking interface status.

: After reload with standby track command configured, the tracked interface may be in a wrong state, hence the priority is wrong too.
: For the first time loading the image with the fix, standby track command will be deconfigured, and need to reconfigure it again. [CSCdi72254]

Router running IRDP & IGMP won't accept IGMP reports after a reload.

: Workaround is to issue shut and no shut commands to the interface which isn't receiving the IGMP reports. [CSCdi72642]

Cisco routers do not support Type Of Service, but it should be able to accept Type Of Service Link State Advertisements from non-Cisco routers. [CSCdi72891]
The OSPF Area Border Router does not create Summary Net Link States as long as there are no neighbors in area 0. The result is that networks in area 0 are not reachable from routers in the other area.

: Work-arounds, in order of preference: - add a router in area 0 - put everything in one area as long as there's only one router in area 0 [CSCdi73483]

When using route-maps, if a null entry (no set/match commands) is entered under configuration mode, the entry with the lowest sequence number will be overwriten (as long as the lowest sequence number is not equal to 10).

: This doesn't seem to affect the order in which the route-map is executed. [CSCdi74891]

When more than one router advertise the OSPF external LSA with the same information, it is possible for the routers, except the one with the highest router id, to generate the OSPF-4-NOTREDIST4 message every minute. There is no workaround but the message are harmless. [CSCdi76699]
When a Cisco 4000 series is routing IP and bridges some other protocol on a FDDI interface it may enter a condition where it incorrectly forwards frames received from the FDDI fiber. A possible workaround is to configure no ip route cache on the output interfaces, but this usually leads to excessive CPU utilisation. [CSCdi81114]
DVMRP Tunnels that are shutdown or have no ip address configured still pass reports and accept probes, but do not forward traffic. Make sure that you have configured "ip address" or "ip unnumbered" or that the interface is "no shut" if there appears to be DVMRP traffic but no multicast data traffic. [CSCdi81183]
When a router is the source of multicast packets, and if it is the DR with multiple interfaces, there is a chance it may only send one data register and stop sending subsequent ones. [CSCdi81305]
In very obscure cases involving equal-cost backup routes to a failing route, it is possible for EIGRP to be caught in a "stuck in active" state (self-correcting after several minutes). There is no workaround to this problem. [CSCdi81791]
Help text may not be available for some show ip commands. [CSCdi81808]
Help text may not be available for some IP Multicast show commands. [CSCdi81979]
OSPF can lost neighbor periodically over slow link when ospf database is refreshed, which generate a lot of OSPF packets. There is no workaround. [CSCdi82237]
This bug causes (S,G) state to be immediately deleted in the RP when a Register is received. [CSCdi82581]
While running 11.2(1.5) the following error might occur:

: System restarted by error - Zero Divide, PC 0x38EF0C (0x38EF0C:_igmp_report_delay(0x38eec6)+0x46) [CSCdi83040]

If multiple OSPF processes are configured, each process will get a different router id. However, once the router is rebooted, all OSPF processes will choose the same router id. Although it does not cause any routing problem, it make the configuration of virtual link harder as the router id changed. This fix ensures that different processes choose a different router id all the time. [CSCdi83839]

ISO CLNS

After removing a static CLNS route, ISO-IGRP prefix routes may be seen to count to infinity around a looped topology. The workaround is to use no clns router iso-igrp DOMAIN to break the loops in the CLNS topology untill the routes age out. [CSCdi78048]

Novell IPX, XNS, and Apollo Domain

NLSP links may reflect incorrect source network/node addr in the routing tables. This does not hinder connectivity to other IPX networks when going cisco to cisco. However, certain non cisco routers may not like the incorrect address and NLSP routing may fail. NLSP routers should use the address Internal-Network.0000.0000.0001 when sending NLSP packets, therefor on WAN media which require MAPs for IPX this should be the next hop address in the map statement. [CSCdi68981]
When a packet is too large for the output interface the packet is dropped per IPX specification, the debugging message associate with this action is confusing as it lists only the input interface not the output interface on which this action was taken. The debugging message should list the output interface name. [CSCdi76741]
When the command "ipx maximum-path xx" is entered, a spurious access results on the 4500 and rsp platforms. [CSCdi81824]

Protocol Translation

Session timeout has been implemented for tcp->pad translations. This enables us to monitor the traffic on the translated (tcp->pad) session & clear the call if there is no activity in either direction for the specified amount of time which is configured through session-timeout parameter. [CSCdi59977]

TCP/IP Host-Mode Services

When a Cisco 4500 or Cisco 7000 is configured to use FTP or RCP to take an exception dump and an exception happens with validblock in the stack trace, the core dump operation fails and a core file cannot be obtained. As a workaround, if validblock is in the stack trace, use TFTP to take the exception dump. This means that the exception dump is limited to 16 MB. This is a known TFTP defect. [CSCdi75757]
If the second port sent from remote for a rsh request is zero, the second connection for will not be opened on the router. Blindly close the second connection could cause crash on the box. [CSCdi78028]
Non-TCP reverse connections to lines may corrupt memory, resulting in a software-forced crash. This problem was introduced starting in Releases 10.3(15.1), 11.0(11.1), and 11.1(6.1). [CSCdi79310]

Wide-Area Networking

Outbound OAM cells may cause CBUS-3-OUTHUNG errors on AIP. This will cause a reset of the AIP board causing ATM traffic to be dropped for a few seconds. It occurs only if rate-queue 0 (zero) is explicitely NOT configured, which means that automatic rate-queue configuration is not used AND the rate-queue 0 is not used. [CSCdi60941]
The VIP2 might crash with a context dump that shows register $0 = 0xffffffff. The cause register and S registers might also contain 0xffffffff. This reflects the fact that the VIP2 is experiencing a fatal CyBus or PCI bus error and the context for the processor has not been fully saved. A workaround that allows viewing of the PCI bus or CyBus error is available on a case by case basis by using an undocumented, not fully supported feature of the VIP2. The fix for this problem allows the fatal error to be displayed on the RSP console. [CSCdi66567]
PRI ISDN calls may be dropped on heavily loaded Cisco 7513 routers with multiple PRIs. The following error is displayed when this occurs: BRI Error: isdn_fromrouter() msg dequeue NULL. [CSCdi66816]
Enabling transparent bridging on a Viper port adapter interface apparently alters the switching path of ip traffic from distributed switching to fast switching. IP pings generated from a device off of one port on the PA and directed to a device off of another port on the same PA show up in the distributed switching path of a SHOW INTERFACE ST output. When one of the interfaces is placed in a bridge-group, the IP pings received on that interface show up in the route-cache switching path.

: This problem does not effect the data transferred, just the path which it takes through the router. [CSCdi68769]

This problem is that ATM counter shows a wrong current VCC value under the sh int atm0 command. The VCC value is over the maximum value of the active VCCs. This problem does not happen often, only after many resets. This problem is to be fixed in the future release. [CSCdi69914]
PAD connections made from lines configured with session-timeout values can be incorrectly closed, because data sent or received on the line does not restart the session-timeout timer. [CSCdi74095]
When Insertion and Removal is applied to a VIP2 board, this may cause an ATP interface processor (AIP) to remain stuck into an uninitialised state. The following messages may appear: CBUS-3-CMD: Cmd failed: global ptrs, response 0x8010, AIP1 CBUS-3-AIPRSET: Interface ATM1/0, Error (8010) select - aip_reset() CBUS-3-AIPRSETU: Unit 32, Error (8010) enable - aip_reset() The workaround is to reload the router. [CSCdi75659]
ISDN interfaces under a dialer rotary group do not correctly autodetect the incoming encapsulation. [CSCdi75813]
BRI interfaces will have an extra CCB allocated when the router is configured for switch types basic-5ess, basic-ni1 or basic-dms100 and a SPID is not used. Configuring a SPID for each of the BRI interfaces will prevent an extra CCB from being assigned. [CSCdi77135]
The command to do character mode authentication is

: username ppp nopassword autocommand ppp
: the user then gets authenticated via chap for the pp session and in the show users we should see the chap username but it reports only ppp as the username. [CSCdi77152]

IPX fast switching with multiple route paths over multiple ATM/LANE interfaces/subinterfaces may cause random system reloads. Workaround is to use only one AMT/LANE IPX path, set ipx maximum-path 1, or use ipx per-host-load-balance to force only one interface to be used. [CSCdi77259]
The negotiation of a PPP Callback option, passing a dial string or E.164 number, will fail due to a defect that was introduced into 11.2(1.4), 11.1(7.1), 11.2(1.4)P, 11.2(1.4)F, and 11.0(12.1). The negotiation will appear to complete successfully, but the callback will not succeed. The failure can be seen if 'debug ppp negotiation' is set. The callback option will be marked 'acked', but there will typically be garbage on the debug line between 'allocated' and 'acked', eg 'PPP Callback string allocated ^]" acked'. There is no workaround for this defect. The defect will be fixed in a future release of IOS. [CSCdi77739]
Deb lane cl pa / deb atm pac gives the following:

: ATM3/0.2(I): VCD:0x5 Type:0x6, LANE, ETYPE:0x0006 LECID:0xFF00 Length:0x70 FF00 0101 0008 0000 0000 003A 0003 0000 0000 0000 0000 0000 0001 0000 0C07 AC00 4700 9181 0000 0000 603E 5A45 0200 000C 5B7B 1202 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
: LEC ATM3/0.2: received UNKNOWN on VCD 5
: 0008 looks like an LE_NARP packet which is reported as UNKNOWN by deb lane client. The clearing of the LE_ARP entry occurs correctly.
: During another test, we get for instance:
: nestor#sho lane le-arp Hardware Addr ATM Address VCD Interface 0000.0c5b.7b12 47.00918100000000603E5A4502.00000C5B7B12.02 13 ATM3/0.2 0000.0c07.ac00 47.00918100000000603E5A4502.00000C5B7B12.02 13 ATM3/0.2 0000.0c02.7f86 47.00918100000000603E5A4502.00400BC81840.02 12 ATM3/0.2 nestor# LEC ATM3/0.2: received UNKNOWN on VCD 5 nestor#sho lane le-arp Hardware Addr ATM Address VCD Interface 0000.0c02.7f86 47.00918100000000603E5A4502.00400BC81840.02 12 ATM3/0.2
: This is just a cosmetical problem. [CSCdi78737]

11.1(7) Caveats/11.1(8) Modifications

This section describes possibly unexpected behavior by Release 11.1(7). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(7). For additional caveats applicable to Release 11.1(7), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(8).

AppleTalk

Over a period of three to five weeks, an active commserver will slowly run out of I/O memory. This may be related to ARAP or Tacacs+ usage. [CSCdi61152]
When using ARAP on a terminal server you may experience issues with modem answering calls with no connection. Reloading the router will fix the problem [CSCdi73132]

Basic System Services

When a 1000 router or a 2500 router run low on memory (less than 32K) the command 'write terminal' fails to generate any output. [CSCdi40791]
If an snmp view which had previously been configured with the snmp-server view command is deconfigured, and then reconfigured, any snmp communities which utilized the view will no longer work. [CSCdi47796]
The boot config nvram: configuration command, which was added for the RSP platform, interacts improperly when the service compress-config command is enabled. The boot config command causes the NVRAM to lock up, and the router must be rebooted to free the NVRAM. [CSCdi52587]
When using a Secure Dynamics TACACS+ server for authentication, the server might ask the user to stop and wait for the next token. The user must press any key or provide some sort of input at least every 30 seconds, or the router will time out the user. [CSCdi55474]
When "hold-queue out" command is entered, "show int" reflects the new hold queue value. After "wri mem" and reloading the router, "hold-queue out" disappears from the configuration and "show int" shows the default hold-queue out setting of 40. The "hold-queue out" command has to be reentered everytime a reload happens. [CSCdi58292]
The output of "show queueing" and "show queue int xx" commands were inconsistent. Both the command outputs were not right. The impact was limited to only the show outputs and did not in any way affect the queueing behaviour on the interface. [CSCdi60096]
Occasional SNMP linkDown traps coming from Ethernet interfaces in which the variable locIfReason (the reason why it went down) says, "Keepalive OK." These traps are due to the interface momentarily and harmlessly losing carrier. You can ignore them. If they become a nuisance, you can remove them by issuing a no snmp trap link-status command. [CSCdi63434]
'telnet transparent' in 'line vty' settings causes HTML pages to appear to lose some of the characters in the displayed page due to null characters in the page output. [CSCdi68224]
The IOS implementation of RADIUS does not support the Framed-Netmask radius attibute. A workaround is to include the equivalent Framed-Route attribute instead. (Instead of Framed-IP-Address = 1.1.1.1 with Framed-Netmask=255.255.0.0, use Framed-Route=1.1.0.0 255.255.0.0) Note that only ONE per-user route is permitted in current versions of IOS, so you cannot combine a Framed-netmask with a Framed-route. [CSCdi68264]
When a server has multiple entries defined in the DNS, Tacacs+ will normally try each of these aliases in turn when trying to open a connection to a daemon.

: If a daemon returns an error after a connection has been successfully established however, no more aliases for that daemon will be tried. Instead the daemon will try the next server configured in its list of servers.
: One workaround is to order the list of tacacs-server hosts configured on the NAS to increase the likelihood that the desired daemon will always be selected. [CSCdi68816]

The IOS implementation of RADIUS does not include the Acct-Authentic attribute in accounting packets. [CSCdi69855]
On some devices, SNMP GetNext requests performed on the CISCO-CDP-MIB can cause the device to pause for an extended length of time. [CSCdi69892]
AAA authorization and accounting transactions to the TACACS+ server can be delayed by 9 seconds if DNS is not configured on the router. Workaround is to enable the global configuration "no ip domain-lookup". Whenever the router needs to establish a connection to your Tacacs+ server, it will attempt to look up your server's IP addresses.

: If the IP address of your Tacacs+ server does not exist in your local host table and you do not have DNS configured, you may experience a 9-second delay before connecting to the server.
: To resolve this problem, do at least one of the following:
: 1) add "no ip domain-lookup" to your configuration. 2) add the IP address of your Tacacs+ server to your local host table. [CSCdi70032]

In cases where an accountable task has a duration shorter than the time is takes to contact the tacacs+ accounting server, the stop record may be discarded by IOS without being transmitted to the server. [CSCdi70312]
If you have a standard SunOS/Solaris Telnet server, and if the NAWS option is mistakenly sent, the Telnet server hangs instead of ignoring NAWS. [CSCdi71067]
A problem has been found in RSP code within Cisco IOS releases 10.3, 11.0, 11.1, and 11.2. The failure condition can occur when BACKING-STORE or fair queuing are enabled. The conditions that could cause one of the above behaviors to occur are expected to be extremely rare. However, to avoid these problems, all Cisco IOS RSP releases previous to those listed in the chart below are no longer available.

: Cisco highly recommends upgrading all RSP-based systems to one of the Cisco IOS release identified below. For those systems that cannot upgrade, this problem can be avoided by disabling both BACKING-STORE and fair queuing. Please see instructions for this at the end of this message.
: When packet load on RSP-equipped systems causes datagrams to be forwarded from SRAM to DRAM, a function of BACKING-STORE, 32 bytes of data may be randomly written into DRAM. This could result in several anomalous system behaviors including: - Software-induced system crashes - Dropped datagrams - Other anomalous errors
: To eliminate this problem, Cisco highly recommends downloading and installing one of the following Cisco IOS releases:
: Base Rel. Maint Rel. On CCO 10.3 10.3(16a) 11/15 11.0 11.0(12a) 11/22 11.1 11.1(7)CA1 11/18 11.2 11.2(1a) 12/9
: The default Cisco IOS image for all new RSP-based router shipments is Cisco IOS release 10.3(16a) effective immediately.
: SOLUTION:
: FOR CUSTOMERS WITH RELEASE 10.3 Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
: Option #2: Below are options to work around this bug.
: 1) Simply disable backing store on each interface with IOS command 'no transmit-buffers backing-store' Please note each interface needs this disabled.
: Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
: However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces.
: FOR CUSTOMERS WITH RELEASE 11.0, 11.1 or 11.2
: Option #1: Cisco highly recommends the installation of one of the above listed Cisco IOS releases.
: Option #2: Below are options to work around this bug.
: 1) Disable backing store AND fair queuing on each interface with IOS commands
: 'no transmit-buffers backing-store' 'no fair-queue'
: ALSO disable udp-turbo flooding if the image is 11.0 or later The IOS command to disable UDP turbo flooding is 'no ip forward-protocol turbo-flood' which is OFF by default in all releases.
: Backing store defaulted to OFF in images beginning with ... 10.3 (12.3 ) 11.0 ( 9.2 ) 11.1 ( 4.1 ) 11.2 ( 0.14) from ddts CSCdi57740.
: However, it is important to look at the current configuration. An image configured before backing-store defaulted to OFF may have it ON for router interfaces. [CSCdi71609]

The system may occasionally produce the following error message:

: %SYS-3-MGDTIMER: Running parent with no child
: This message is cosmetic in nature and has no impact on the health of the system. There is no workaround to this problem. [CSCdi72401]

If a system is configured to be both an NTP broadcast client (using the "ntp broadcast client" configuration) as well as an NTP unicast client (using the "ntp server" configuration), and the unicast server is also acting as a broadcast server, the system will not synchronize with the server at all.

: The workaround is to configure the client as either unicast or broadcast, but not both. It may also be necessary to remove and reconfigure the "ntp server" configuration if the system is to be a unicast client. [CSCdi72452]

The command ntp broadcast is not configurable on fast ethernet subinterfaces for both isl and 802.10 vlan encapsulation. [CSCdi72703]
The first attempt to use a menu command fails authorization as it should, but subsequent attempts succeed. [CSCdi72822]
Per-user access-class will not be installed correctly if the Filter-ID is set to ".out". It works correctly if the Filter-ID is "".

: For example, if you have an access-list 101 defined on the router, a Filter-ID of "101" will work, but "101.out" will not. [CSCdi74210]

A device with RMON enabled may reload if free memory gets too low [CSCdi74278]
for the following error messages

: %RSP-3-ERROR: RP parity error %RSP-3-ERROR: SRAM parity error %RSP-3-ERROR: QA parity error %RSP-3-ERROR: CyBus0 parity error %RSP-3-ERROR: CyBus1 parity error
: a bitmask follows to indicates which bytes (0-7) had bad parity. The bits indicating bytes 0 & 1 are actually in bit positions 9 & 8 instead of bit positions 7 & 6. [CSCdi74453]

Timer-related functions, such as NTP and routing update intervals, do not work correctly in Revision D Cisco 4700 routers. Also, Revision E Cisco 4700 routers are recognized by SNMP as "4700" instead of "4700M." [CSCdi75353]
Null passwords do not work with RADIUS. [CSCdi76160]

EXEC and Configuration Parser

The router will crash if you issue a command line that is an alias and that is greater than 256 characters in length after the alias is expanded. [CSCdi63994]
Various parser privilege, authorization, and accounting features have a difficult time recognizing implicit connection commands. [CSCdi70994]

IBM Connectivity

Qualified Logical Link Control (QLLC) devices that are connected through a router using QLLC/Logical Link Connection, type 2 (LLC2) conversion might occasionally experience poor response time. [CSCdi44923]
OIR of an IP in a 75xx router equipped with a CIP and another IP that has the same size MTU as the CIP can cause the router to crash with a cbus error. [CSCdi59377]
The following instruction disappears on reboot on a 7000 running 10.3-9: source-bridge remote-peer 1280 frame-relay interface Serial1/1.3 404 lf 4472 [CSCdi59935]
Extraneous XID packets could cause the following message to be displayed:

: %CLS-3-CLSFAIL CLS Assertion failed file "../cls/cls_entitymanager.c", line 2985 this->fCepState == kCepStateIdReqPending -Traceback= 3272892 304084A 33B8156 33B96E6 3040832 3271056 327118C 326ED4A
: This was an annoyance and the message was eliminated. [CSCdi64207]

This crash occurs when both SRB and other kinds of traffic are used on the same router. It causes a crash with a traceback like the following:

: ALIGN-1-FATAL: Illegal access to a low address addr=0x1, pc=0x60544FE0, ra=0x60544FE8, sp=0x60AEE780
: 0x604C23EC:llc_store_rif(0x604c23c0)+0x2c 0x604BE390:llc2_input(0x604be128)+0x268 0x6014BD28:llc_input(0x6014bc64)+0xc4 ... Somewhere in the drivers.
: It is exacerbated by increasing loads. There is no workaround. [CSCdi69234]

APPN over FDDI support does not work correctly when SRB/FDDI is in use between the APPN endpoints of the connection to bridge either FDDI to FDDI or FDDI to Token Ring. APPN over FDDI does work when both APPN connection endpoints are on the same FDDI ring. [CSCdi69841]
The APPN sub-system may reject a VDLC port definition when removing it and adding it back. This only occurs if you have a single VDLC port definition in APPN and no link station active and no link station definitions. To have the system accept the definition you will need to stop and start APPN. [CSCdi69930]
DLSw may fail to carry circuits when the interface command source-bridge local-ring bridge target-ring is removed and then re-added. [CSCdi70595]
When configured for SDLLC and using 11.0(10) or 11.1(5) and the remote SDLC device goes offline, it may be necassary to clear the LLC session on host end inorder to re-establish the session. [CSCdi70911]
The lnm disable global command sometimes prevents stations from inserting into the ring. The workaround is to issue the no lnm rps or no lnm rem interface command. [CSCdi70962]
DLSw+ MIB: ciscoDlswTConnConfigOpens is always returning 0. ciscoDlswTConnConfigOpens should be returning the number of times the DLSw+ peer entered into the connected state. [CSCdi71150]
When establishing an LU session with the APPN/DLUR router, the downstream LU session may display a x'20110000' pacing protocol error and unbind the session. The APPN/DLUR router was performing pacing incorrectly on the secondary stage. [CSCdi71834]
dlsw fst rsp 7500 token ring input queue on token ring wedged. [CSCdi71840]
An SNMP request for the cipCardEntry information will produce the following message

: %ALIGN-3-SPURIOUS: Spurious memory access made at reading
: on a 75xx. [CSCdi72059]

When segmentation or reassembly is involved in a DLUR-managed LU-LU session (that is, the MTU for the downstream link to the PU is smaller than the MTU for the upstream link toward the host) and the RU size is larger than can be transmitted in a single frame (most common with IND$FILE transfers from a PU to the host), the router may reload with an "intermediate_reassembly" or a memory corruption stack trace. [CSCdi72260]
When using RSRB with FST encapsulation, the router may crash if there is more data to forward onto the virtual ring than there is bandwidth to accept it. [CSCdi72427]
Release-Note:

: On a 7000 running an RSP7000 with IOS Release 11.1(6), CIP microcode cannot be read if it has been loaded into Bootflash. The workaround is to load the CIP microcode into Flash. [CSCdi72463]

DLSw MIB variable ciscoDlswTConnConfigSapList reports the saps configured on the remote peer instead of the local peer. [CSCdi72492]
A bug introduced by CSCdi69231 may cause NSP to stop working. The images affected are 11.0(11.2) 11.1(6.2) 11.2(1.1). The following messages may display when NSP stop working: SNA: Connection to Focal Point SSCP lost. The above message appears for no reason. SNA: MV_SendVector rc = 8001 [CSCdi72696]
Remote source route bridged traffic using FST encapsulation will be process switched under certain circumstances on some platforms. [CSCdi72962]
When doing RSRB with FST encapsulation in 11.0(11) the packet counts reported by the sho interface commands are not necessarily accurate. [CSCdi72968]
A hang of APPN's APPC stack (used to send locates and TDUs) can occur in rare situations when an outbound locate or TDU is in the process of being transmitted on a CP-CP session at the exact time that session is terminated (due to link failure or other reason). The APPC component does not handle this situation properly, and after the condition occurs, APPC and all locates and TDU processing become stuck. [CSCdi73085]
If the ABM indicator (async balanced mode) differs between the way the APPN/DLUR feature sets the indicator and the way the attached node sets the indicator, the xid will fail with sense 10160010. While there is technically a mismatch, this problem is usually caused by incorrect xid3 implementations or bridge implementations which do not convert the indicator appropriately. Cisco NN DLUR is removing the check since it can fail a connection unnecessarily when the xid3 would otherwise succeed. [CSCdi73143]
Data-link switching (DLSw) sometimes cannot handle disconnects being issued by two stations that are in session, if the stations have a requirement to re-establish a session in less than 3 seconds. The first disconnect is answered with a UA message but the second is not responded to until the station resends the disconnect message (DISC). After the DISC is resent, a DM message is sent to answer. [CSCdi73204]
Frames coming from a High-Speed Serial Interface (HSSI) are sometimes dropped. This problem occurs when a Cisco router has remote source-route bridging (RSRB) configured direct over a HSSI interface. The HSSI interface shows that the packets are forwarded on the interface itself, but the packets are not passed to the source-route bridging (SRB) process. The show source command on FHDC-1 shows receive cnt:bytes 0, and the show interface h 5/0 command shows nonzero packets are input. [CSCdi73357]
An APPN/DLUR router cannot establish an lu-lu session with a downstream DSPU router. The bind sent by the host is rejected by the DLUR with a x'0806002b' sense code. [CSCdi73494]
When more than 38 sdlc devices are configured upstream and downstream using DLSw local switching, the router crashes with :

: Exception: Line 1111 Emulator at 0x7E9500 (PC) [CSCdi73675]

When many sessions are created and then torn down over an ISR network, a memory leak might occur in the router. [CSCdi73676]
DLSw+ back up peers continue to accept new connections after the primary link is restored. This continues until the back up link is torn down when the linger time expires. [CSCdi73864]
Due to a bug, appn link station can not be defined as "auto-activateable" link. [CSCdi73918]
When doing dlsw local (same box) the router will issue tracebacks when doing a debug dlsw peer. This is a cosmetic issue and doesn't affect the performance or the sessions in the router. [CSCdi74324]
Show ext ch x/2 tcp-c d doesn't show the relevant output for TN3270 server related sockets and connections. [CSCdi74448]
7206 with 11.1(6.4) fails to source-route-bridge IP packets ("no ip routing"). Workaround is to route ip. [CSCdi75477]
A Format 0 XID may be forwarded on the X.25 interface before a Null XID is received on that X.25 interface when QLLC npsi-poll is configured. [CSCdi75628]
Local switching in DLSw to/from VDLC does not work. Workaround is to configure internal applications to use a local interface. [CSCdi75844]
If SNA/DSPU receives a RECFMS frame that contains control vectors and the RECFMS cannot be forwarded to the focal point host for any reason (for instance, the focal point is inactive), the negative response sent by DSPU causes the router to display the BADSHARE error and deactivate the connection. [CSCdi76030]
If a BIND request is received before the Notify response has arrived, DSPU will reject the BIND request with sense code 0x80050000. [CSCdi76085]
Under certain race conditions a VDLC circuit fails to come up, and the router reloads. [CSCdi76751]

Interfaces and Bridging

2500 token ring interface will not try to reinsert into token ring hub after one failed attempt. [CSCdi41499]
The variable locIfotherInPkts in SNMP might not reflect a correct value compared to the total packets counted. [CSCdi56828]
Bridging between sde encaps and atm (or any encap that we define interface flag span_process_bridge_force such as smds frame relay, X25 )such that slowswitching is the forced output bridging mode, the transition from sde encaps TO a forced slowswitch output encaps (such as atm in 103 code) does not properly prepare this packet for process level. [CSCdi65959]
Alignment warning message can occur at bridge_enq resulting from source-route bridging:

: %ALIGN-3-CORRECT: Alignment correction made at 0x60399C74 reading 0x40002165 [CSCdi68947]

When an arp packet is received from the ATM interface, the router sends out a total of two arp packets to the Ethernet interface. [CSCdi70533]
The c7200 token ring interfaces may become hung when under very high load. The only know work around is clear interface token x/y. [CSCdi70675]
Routers are responding to packets not destined to them because of ISL encapsulation. This creates routing loops. [CSCdi71152]
Token ring interfaces on the c7200 that are configured for both routing and source-route bridging will incorrectly bridge broadcast multiring packets. [CSCdi71398]
If transparent bridging and an IP address is configured on a VIP FastEther or Ether interface, duplicate packets may occur on directly connected LANs to the VIP interface. In particular, Unicast DODIP packets between 2 workstations on a segment on which the VIP2 interface is attached can be incorrectly duplicated by the router. This can also occur when running bridging and any other protocol in this type of configuration.

: In addition, if VIP Ethernet is used with multiple unicast protocols such as HSRP, packet duplication can occur on the LAN segment. These problems can significantly degrade RSP performance, if your configuration is listed here, be sure you obtain the interim or release with this problem corrected. [CSCdi71856]

A fast ethernet viper2 interface may stop listening to unicast packets. The workaround is to do a shut/noshut on the interface. [CSCdi71968]
HSSI interfaces will register overruns on a show interface when low on i/o memory instead of ignores. [CSCdi72025]
Under certain conditions Spanning Tree Protocol can cause a memory leak.

: You'll see the small buffers being created but not released (Created is going up and Trims doesn't in the show buffer) and the show memory will show the memory available going down.
: Spanning Tree BPDUs are handled by small buffers , so when a BPDU comes in a small buffer is used , if at the same time the interface is going down , this small buffer should be released, and that was not the case...
: This problem has been fixed in the IOS software code. [CSCdi72783]

The cxBus controller may end up in an output hung state when using a MIP under moderate load. As a workaround, you can set the MIP tql (tx-queue-limit) to greater than 32 and make sure that fancy queueing (WFQ/CQ/PQ) is not use on the MIP interface. To stop the outhung message cycling, clear the affected T1 controller (clear controller t1 x/y). [CSCdi73106]
In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory, or when changing the serial encapsulation (for example, from HDLC to SMDS) or when doing OIR of another card in the chassis:

: %CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
: The show diag x command reports that the board is disabled, wedged. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi73130]

When doing a "debug vlan packet" on 7010 using 11.1(6), router crashes. [CSCdi73457]
A %VIP2 System Reload Requested crash of a VIP2 with FastEthernet can occur when using HSRP. The crash will cause RSP complex restarts but since they may occur repeatedly, the RSP will defer reloading leaving the interfaces down for extended periods. Customers using this configuration such as with pairs of 75xx routers running HSRP on FastEthernet to Catalyst 5000's should be sure to obtain the interim or release with this problem corrected. [CSCdi73671]
Traceback error messages maybe seen on connect and disconnect of modem calls on access servers. This does not appear to cause a degradation of service. [CSCdi75552]

IP Routing Protocols

The show ip eigrp topology command should show the administrator tag.

: Also need DDTS CSCdi77369. [CSCdi34362]

The command show ip ospf database database-summary can intermittently cause router reloads. [CSCdi63817]
The spurious access errors occur due to a race condition in the intialization code.

: It does not affect the normal running of the router. [CSCdi64005]

Change in network statment does not take effect immediately. Workaround is to restart ospf. [CSCdi64468]
This problem happens with IP tunnel. When the route used to reach the tunnel's destination is pointing to the Null interface, SYS-2-GETBUF messages will appear whenever a packet is sent over the tunnel.

: Besides the messages, there is no bad effect on the network.
: The workaround is to remove the route pointing to the Null interface. [CSCdi65475]

A Management Information Base (MIB) query of the ospfLsdbTable fails because no MIB objects are found under the ospfLsdbTable subtree. However, some subtrees under OSPF can be successfully queried, such as ospfGeneralGroup, ospfAreaTable, and ospfIfTable. [CSCdi69097]
show align reports misaligned memory accesses. This error is reported on a 7513 with a token-ring interface installed. This bug is automaticly detected and corrected by the router. It will not inhibit the normal operation of the router. [CSCdi69939]
When multiple OSPF processes are configured, the administrative distance is ignored when these OSPF processes install route. As a result, the distance command cannot be used to prefer one OSPF process over the others. This fix resolves the problem. [CSCdi70011]
When a data packet arrives on an outgoing interface of a (*,G) entry, the router would create a (S,G) RPbit entry, and send an RP-bit assert. This assert is looped back to itself. It should match this assert on the (S,G) RP-bit just created and schedule to prune this outgoing interface in the (S,G) PR-bit outgoing interface list, instead of in the (*,G). [CSCdi70098]
Clearing an IP host route (i.e. 10.1.1.1/32) learned by OSPF out of the IP routing table can take a long time for the network route (i.e. 10.1.1.0/24) to reappear in the table when done on a stable network, and when only the net route, not the host route, exists in the table. To avoid this problem, clear the network route exactly as it appears in the IP route table; do not clear the host route. [CSCdi70175]
Multicast fastswitching over a GRE tunnel configured on a serial interface will not properly work for inbound packets if the serial interface is not configured for pim. As a work around configure "no ip mroute-cache" on the tunnel interface. [CSCdi70434]
If bridge is enabled on an interface where HSRP is also configured, both active and standby routers start to forward packets when primary active router that has gone down comes back to life . [CSCdi70693]
Static hosts can only be displayed but will not be used or deleted.

: The patch for this ddts causes CSCdi73022. [CSCdi71096]

show ip sdr group does not display entries for which group matches a group address in the media list. [CSCdi72191]
EIGRP may not retain the best route from topology into routing table when variance and metric weights are configured. [CSCdi72459]
ATM blocking with input queue full 151/150. No signalling, just rfc1483 defined for packets blocked and returned by sho bufferes old dump. [CSCdi72840]
The system suffers a gradual loss of free memory whenever ip sd listen or ip sdr listen are enabled. [CSCdi72863]
Use of the DNS Name Service for alias lookups causes the router to reload. Lookups of canonical names do not exhibit this problem. [CSCdi73022]
The password configured in a BGP peer-group will not be used by members of that peer-group. The workaround is to manually configure the password for each neighbor in that peer-group. [CSCdi73179]
When OSPF hello timer, and hence the dead timer, is changed, the wait timer is not changed accordiingly to match the dead timer's value.

: This fix resolves the problem. [CSCdi74009]

This crash happens only in 11.2. In previous releases, this bug causes spurious access.

: The problem happens only when the router have a single interface with OSPF running over it as broadcast/non-broadcast network. If the single interface is shutdown and is brought back up within a 5 seconds interval, it creates a race condition which causes the crash (or spurious access). [CSCdi74044]

Using the "talk" keyword when specifying an ip extended access-list is not functional. Workaround is to use the udp or tcp port number (517) specifically. [CSCdi74214]
When the cache is populated, the system will not perform correctly policy routing on subinterfaces. This has been produced on 4500 with atm lane subinterfaces. The problem does not occur when ip route cache is cleared. [CSCdi74375]
Clear ip nhrp does not always clear all ATM dynamic map entries created by NHRP. The entries that may not clear are those that identify routes behind an egress router. [CSCdi74989]
The parser does not accept show ip pim rp mapping in-use as a valid command. [CSCdi75049]
ARP debugging messages that indicate an ARP response was filtered for being on the wrong cable do not contain information about the source interface making it impossible to troubleshoot. [CSCdi75342]
in 11.1, the output of "show ip route" lists a /16 instead of 255.255.255.0 mask. 11.1 is only listing a mask for the major net, not the subsequent subnetting being used when only one type of subnetting is being used for a major network. This doesn't affect routing but only the display of the mask in "show ip route". It's a cosmetic issue. [CSCdi75408]

ISO CLNS

If encapsulation changes after configuring static CLNS adjacency, it is required to delete the adjacency and reconfigure it. [CSCdi60457]
If the IS-IS or NLSP Designated Router goes down, there may be a delay of 10 seconds or more before routing converges again. There is no workaround to this problem. [CSCdi72234]
If an interface is down when it is configured as passive for IS-IS, it will not be advertised in IS-IS link state packets when the interface comes up. The workaround is to unconfigure the interface and then reconfigure it as passive after it is up. [CSCdi76431]

Novell IPX, XNS, and Apollo Domain

Every time the router receives a sap update..the age timer in show ipx serv det' resets to 0. This is a cosmetic bug does not affect any performance. [CSCdi66723]
Once the apollo network number is configured in the interface, it cannot be removed or modified. [CSCdi71716]
XNS RIP periodic routing updates may not be sent at regular 30 second intervals. [CSCdi72104]
Some Service Advertisement Protocols (SAPs) might not be seen if an interface is flapping while running IPX Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) and the ipx sap-incremental command is configured. As a work around, clear the IPX Enhanced IGRP neighbors. [CSCdi72438]
If the ISIS or NLSP LSP refresh interval and LSP lifetime values are both reduced from the default value, the LSP lifetime will be ignored when the system is restarted.

: The workaround is to hand-configure the parameters in the reverse order. [CSCdi72691]

IPX fastswitching on the c72XX of various encapsulations of IPX including IPX over ISL may produce packets which are ignored by the receiving host. A workaround is to disable IPX fastswitching using the np ipx route-cache command, note: this workaround causes increased router overhead. [CSCdi73231]
NLSP may reflood LSP fragments unnecessarily, including both changed and unchanged fragments. Typically this is not a problem on LAN circuits. However, this can present bandwidth-related problems on low speed WAN circuits, especially as the size of the network increases.

: The flooding behavior covers up a problem where services may be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third party routers are present on the same link. [CSCdi74487]

Protocol Translation

Using one-step Virtual Async Protocol Translation, the PPP/SLIP banner will not display (IP address, MTU size, etc.) but the PPP/SLIP link comes up fine. There does not seem to be a pattern although it happens sporadically. [CSCdi71495]
Under some conditions, the X.29 profile may not be set on a call to a Virtual Async protocol translation address. This may result in the communication failing, if the calling PAD does not already have the correct parameters for transparent communication. [CSCdi73090]
A protocol translator may unexpectedly restart when a translation entry is configured but fails to be successfully added due to system limitations, such as exceeding the number of LAT services that can be advertised. [CSCdi76145]

TCP/IP Host-Mode Services

Cust is seeing a crash in 11.1.5 code PC 0x12CFA8, address 0xD0D0D11 [CSCdi70432]
RIP Request packets are sent out with invalid UDP length fields, thus causing them to be discarded by the receiving system. This can cause delays in network convergence, but won't in and of itself prevent it. [CSCdi73140]

VINES

VINES broadcast packets are forwarded away from the source. If the immediate router toward the source of a broadcast packet has a neighbor entry but no associated path, the system may halt. This kind of dangling route is rare and is considered a timing-related issue. [CSCdi75345]

Wide-Area Networking

Under unusual circumstances, if the keepalive sequence values between mineseq and mineseen vary by greater than three the line protocol will stay up instead of bringing the line down.

: The workaround for this is to shut and no shut the interface. [CSCdi31415]

This fix upgrades the cisco ppp stacker compression implementation to conform to the newly released draft (draft-ietf-pppext-stacker-04.txt).

: Initial testing with this image (11.1(7.3)) has indicated a minor problem with the Lan Extender boxes such as the Cisco 1001 and 1002 running lex software version 2.0
: The Lex box is able to carry out data transfer and is able to get bound to the interface it's connected to. However, if the ppp stacker compression is configured, the negotiations may not succeed. The lex box continues to transfer data, but may not compress/decompress the data.
: The problem with compression is under investigation. [CSCdi44495]

When a PPP connection on any serial interface finishes negotiating the IP address, an attempt is made to generate a 'gratuitous' ARP (an unsolicited ARP reply) on all other interfaces with IP enabled. This can result in extraneous trace messages as well as error messages reported on other hosts on attached LANs. In a future release of IOS, this sending of 'gratuitous' ARPs will be limited to appropriate LAN interfaces and only when no other mechanism is available. [CSCdi48137]
Although it is not common to deconfigure the pri group ('no pri' command) while all of ISDN calls on B channels are still active, we still need to make sure that this action will not cause the router to crash. This action is timing related. Therefore, it may not crash the router all the time. [CSCdi58907]
aip20-8 microcode may cause the AIP board to lock into a state where it transmits corrupted packets, causing debug atm error showing: ATM(ATM9/0.1): VC(1) Bad SAP ... at the receive side of the ATM VC. The transmission of data is usually affected in one direction only. The problem may occur when the input traffic exceeds the average rate configured on the ATM VC, when the bandwidth of the incoming interfaces exceeds the average Rate on the outgoing VC or SVC. A workaround is either to downgrade the AIP microcode to aip20-6 or to upgrade the AIP microcode to rsp_aip205-5, or aip20-9 when available. A short term workaround is clear int atm 5/0 on the transmit side.

: The same problem applies for aip10-15 on RP based platforms. [CSCdi67812]

4500/4700 unable to get complete large (Problem already appears with 1500 bytes frames) if no traffic shaping is performed on the incoming atm traffic. The system will report CRC errors even for a traffic of 500 pps and will only forward 100...300 pps. When traffic shaping is applied on the traffic generated, we get a throughput superior to 2000 pps. [CSCdi68586]
DlSw router with token-ring starts sending frmr responses without i-field, to sna devices, bringing down the llc2 sessions. Reload temporarily fixes. [CSCdi69576]
A PPP line that is looped back will not be explicitly reported in the debug trace. [CSCdi70395]
Some ISDN PRI NET5 switches may send a Restart message with either an invalid or an unused B-channel. The router should answer the Restart message with a Restart Acknowledge message for the valid B-channels. If the router does not answer the Restart message, the switch may place the ISDN PRI interface "out-of-service". [CSCdi70399]
Using TACACS+ with dialback over a rotary group causes the authorization to fail for the user when the callback script aborts or finishes incorrectly, so failover to another line of the rotary occurs. The call is made, but an internal error occurs when debugging TACACS+. [CSCdi70549]
the restart ack messge we sent out in responsding to the incoming restart message with global call reference, we did not set the call reference value flag to 1. we did set the flag correct if it's not a global call reference. [CSCdi71883]
When configured on a point-to-point subinterface, the frame-relay ip tcp header-compression introduces an extraneous no ip route-cache command in the main interface configuration. The workaround is to re-enable the route cache manually. [CSCdi71935]
When an mtu command is applied to an ATM interface, non-default (4470) values don't take effect in 4500 and RSP platforms, if none of the sub-interfaces have a LANE client configured in them. If a change in mtu is required, then the user has to do a "no mtu" followed by "mtu " to have the desired result. This will be fixed in the next release. [CSCdi71966]
If the peer attempts to negotiate an unacceptable STAC history count or check mode, the debug trace will indicate that a Configure NAK will be sent back, but the actual option contents will not be modified with the acceptable history count or check mode. Typically, the peer will repeat its Configure Request ten times and then give up on CCP/STAC. [CSCdi72385]
If a looped line condition is detected during PPP LCP negotiation, debug messages will be output, but the line status will not be changed. [CSCdi72719]
ATM interface on 4x00 may go down in a down/down state with the atm error of "atmzr_dumb_inhand(ATM0):Secondary port error". The interface will not come up untill a reboot is done or interface is flapped by doing a Shutdown and no shutdown. [CSCdi72769]
An async PPP interfaace does not correctly support a reduced MTU using the 'mtu xxx' interface configuration command. Problems will appear when attempting to upload files or other large transactions. [CSCdi72866]
Code changes required for Australia TS013 BRI homologation. [CSCdi73207]
The interface command:

: mac-address XXXX.XXXX.XXXX
: now MAY affect any LANE components' atm and/or mac addresses, since the esi portion of an auto generated atm address is created using the mac address of the interface.
: Also note that this command actually causes a hardware reset on the card that is being executed. Hence, all LANE components on such a card will recycle anyway. But as to whether the atm addresses they listen on after they come back up again will change, actually depends on how those addresses were defined in the first place.
: If they were defined using the "auto" addressing method, obviously their esi portions will be affected.
: In the case of an LEC (LANE Client), the mac address of the client will also change as well.
: ****** Note that this fix broke DECNET, which is now fixed. So, the correct version that has BOTH the fixes in is 11.2 (2.2) ****** [CSCdi73530]

Routers with ISDN BRI interfaces using basic-5ess, basic-dms100 or basic-ni1 may have the first call attempt fail. This is because the Spid, if configured, should be sent out before the call request (Setup message) or before the call is accepted with the Connect message.

: The first call will fail with a cause of "Requested Facility not subscribed". Addtional calls will work fine, but the first call fails. [CSCdi73750]

ISDN PRI routers running 4ESS or 5ESS switchtypes should accept incoming Setup messages with an "abbreviated" type of Called Party Number. [CSCdi74767]
There are a few switches around the world that require the send of the ALERT after a CALL_PROC when accepting an incoming speech call. After researching the issue it should be harmless to other switches to do this. [CSCdi74913]
Incoming speech calls be delivered with a rate of 64kb in the bearar capability when in actuality it is a 56kb call. This only occurs on speech calls. The new command will override the incoming data rate and use the configured value. Note that the dialing side will have to dial at 56kb if this command is used. [CSCdi75090]
After a number of days PRI calls may be dropped, high ISDN CPU utilization may be seen. There may be some discrepancy between 'show dialer' which indicates free B channels available and 'show isdn service' which shows all channels busy. Ultimately, a software forced crash occurs. [CSCdi75167]
If a PAP Authentication Request is resent because of a timeout or missed response and is received after the router has completed processing of the first request, then it will repeat the authentication process. It should not repeat the authentication process. Instead it should send back the same response message that it did for the first message, regardless of the contents of the second (or subsequent PAP Authentication Requests). This defect will be fixed in a future release of IOS. [CSCdi76763]

11.1(6) Caveats/11.1(7) Modifications

This section describes possibly unexpected behavior by Release 11.1(6). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(6). For additional caveats applicable to Release 11.1(6), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(7).

AppleTalk

It is not possible to connect an ara client using a username with 'nopassword' or without a password configured in the router. [CSCdi53202]
This corrects a problem when ARAP is configured and under some conditions the following messages occured:

: %SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=xxxxx %SYS-2-LINKED: Bad enqueue of xxxxx in queue yyyyy
: After which a router reload could occur. [CSCdi63635]

There has been a request for additional debugging messages for the arap logging command. The requested command is arap logging debug-extensions, which enables seven advanced debugging messages in addition to the traditional ARAP logging messages. [CSCdi68276]
There is a cosmetic defect in the appearance of the arap logging debug-extensions command in the output of the write term or show config commands. The appearance is as follows:

: ! appletalk routing appletalk route-redistribution appletalk virtual-net 7554 ATCP dialins debug-extensions debug-extensions arap network 7569 IS Dialup !
: The appropriate display should be:
: ! appletalk routing appletalk route-redistribution appletalk virtual-net 7554 ATCP dialins arap logging debug-extensions arap network 7569 IS Dialup ! [CSCdi68279]

AppleTalk domains do not operate correctly when configured on subinterfaces. The domain properties will be applied to the main interface rather than it's subinterface(s). The workaround is to disable AppleTalk fast-switching. [CSCdi69886]
The AT Domain system process is always started on system bootup, whether or not it is needed. There is no operational impact. [CSCdi71120]

Basic System Services

ipNetToMediaTable entries created via ATM-ARP have ipNetToMediaPhysAddress values that reflect the VC. The values should report the E.164 or NSAP address.

: For ATM SVCs, ipNetToMediaPhysAddress would contain the called party address. For ATM PVCs, ipNetToMediaPhysAddress would still contain VC #.
: "show arp" command would still show VC#'s. [CSCdi39628]

The aaa accounting commands N command is accepted, but no accounting records are generated for the individual commands. A workaround is to use per-command authorization and log the occurrence in the accounting file. [CSCdi44140]
For Release 10.3(9.3) or earlier, if a microcode reload command is issued over a Telnet connection, the router may enter an infinite loop Otherwise, the message "%SYS-3-INTPRINT: Illegal printing attempt from interrupt level" may be displayed whenever microcode is downloaded. You can ignore this message; it indicates a cosmetic problem. [CSCdi47580]
Nondefault method lists are not supporrted on dialer interfaces. [CSCdi49718]
The router may reboot when the following snmp variables are used:

: writeNet, hostConfigSet, netConfigSet [CSCdi50407]

Multiple simultaneous copy operations to the Flash devices on a Cisco 7500 router (bootflash:, slot0: and slot1:) cause the router to crash. This happens only when more than one user is logged in to the router (for example, one at the console and one via Telnet) and both are trying to perform a copy tftp flash at the same time. This is true even if the two users are trying to write to different devices. [CSCdi50888]
The username command only supports usernames 49 characters long. [CSCdi52745]
RADIUS Accounting packets sent by the cisco IOS do not include an Acct-Delay-Time attribute, which may cause some billing systems to compute incorrect charges if the Accounting-Request needs to be retransmitted for an extended period of time. [CSCdi60959]
service password-encryption can't be used with key-string in 11.1(4.2)

: The router will attempt to re-encrypt an encrypted key-string when it's read into the running configuration.
: Work around is:
: 1- don't use "service password-encryption"
: 2 - or don't use "key-string" [CSCdi62490]

When installing HSA, both RSPs must have an equal amount of DRAM, and the slave and master RSPs must both have a minimum of 24 MB of DRAM. [CSCdi62683]
Errant input counters (packets and bytes) may appear "out of the blue" on seemingly unrelated interfaces when DFS is happening on VIP cards. These are false prophets to be ignored. [CSCdi66767]
When using AAA authentication for enable passwords, the HTTP server in the IOS will never allow a user to access it. [CSCdi66938]
-fin- images do not support RIP, but should. [CSCdi67269]
If a system is configured with "ntp master" and has no other NTP associations, it may eventually report that it is unsynchronized.

: A workaround is to ensure that there is at least one other NTP association (by configuring an "ntp server" or "ntp peer" on the system, or by changing one of the other systems to use "ntp peer" with the master rather than "ntp server"). [CSCdi67635]

When service compress-config is configured, accessing the configuration stored in NVRAM from simultaneous Exec sessions might leave the NVRAM locked and inaccessible. The only recourse is to reload the software. [CSCdi68092]
Crash on a 2511 at acct_cleanup(), System restarted by bus error at PC 0x30B65F4, address 0xD0D0D29. The router is running IOS 11.1(5). [CSCdi69068]
The command debug chat line x and parser do not display the chat script components correctly if the octal 7 or 8 bit xxx format is used to specify a byte greater than 0 x7f. [CSCdi69149]
The IP address of the dialup interface that is trying to acquire a temporary IP address for the peer, is not being used as the source of the DHCP proxy client packets sent from the Access Server. [CSCdi69448]
TACACS+ accounting will include an attribute "address", which is not defined in the tacacs+ specification. The correct attibute name is "addr". [CSCdi70146]
Chat scripts cannot send a NULL byte out on the async line. IOS chat scripts do not support N escape-sequence which has been used conventionally for this purpose. [CSCdi70330]
If a new MIP channel group is added after a microcode reload has been performed the system must be rebooted to ensure correct operation. [CSCdi70909]

DECnet

DECnet may fail to work properly when using an area number of 63 for L2 routers. The symptoms are being unable to ping (decnet) between two area routers, one of which is using area 63.x, and having the show dec command report that the 'attached' flag is false even though the show dec route command shows routes to it. The workaround is to use the decnet attach override command to force the router into an attached state. This command is available in Releases 10.2(7.3), 10.3(4.4), 11.0(0.13), and all versions of Release 11.1 and higher. [CSCdi69247]

EXEC and Configuration Parser

Under some circumstances, the AS5200 may run low on memory or may run out of memory after processing more than 11,000 calls. A small amount of memory may be lost under two conditions, only when aaa new-model is configured: when a user hangs up at the "Username:" prompt, or when a user successfully autoselects with the autoselect during-login command configured. [CSCdi67371]
When a show ip arp command is executed on the router, the router sends DNS lookups under following conditions. This is a cosmetic bug in the parser code.

: Router#sh ip arp ? Ethernet IEEE 802.3 H.H.H 48-bit hardware address of ARP entry Hostname or A.B.C.D IP address or hostname of ARP entry Null Null interface Serial Serial cr
: RioGrande#sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.51 - 0000.0ca0.5d00 ARPA Ethernet0/0 Internet 10.6.1.71 1 0000.0c07.9b41 ARPA Ethernet0/0
: RioGrande#sh ip arp 0000.0c07.9b41 Translating "c07.9b41"...domain server (255.255.255.255)
: Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.71 1 0000.0c07.9b41 ARPA Ethernet0/0
: Router#sh ip arp 10.6.1.71 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.71 2 0000.0c07.9b41 ARPA Ethernet0/0 RioGrande#
: Router#sh ip arp e 0/0 Translating "e"...domain server (255.255.255.255)
: Protocol Address Age (min) Hardware Addr Type Interface Internet 10.6.1.51 - 0000.0ca0.5d00 ARPA Ethernet0/0 Internet 10.6.1.71 8 0000.0c07.9b41 ARPA Ethernet0/0 [CSCdi68767]

IBM Connectivity

A message warning of low or exhausted stack space for the LLC2 Timer process will appear if the router is experiencing this problem. [CSCdi44511]
An APPN/DLUR router does not work with FDDI-attached downstream PUs. Vtam displays a '10010000' sense code. [CSCdi48489]
Some IBM llc2 implementation devices send a RNR when they run out of buffer and drops the frame. This will cause no data traffic flow for 30 seconds. Non IBM llc2 devices use IEEE llc2 will send REJ rather than RNR and no delay will be noticed. [CSCdi49447]
An SDLC PU2.0 link station on an APPN DLUR router may get stuck in the "starting" state if "no connect-at-startup" is not specified on the link station definition. (If the user does not configure the PU2.0 link stations, they will be dynamically created.) [CSCdi56633]
With Release 11.0 and a direct Escon-attached CIP, the host may "box" the CIP if the router is reloaded without the CIP being varied offline. This problem has not been seen with CIPs connected through a director or if the CIP is taken offline before the router is reloaded. The workaround is to vary the device offline before reloading the router. [CSCdi59440]
When the PS/2 Link Station Role is configured as Negotiable, the XID(3) Negotiation may not complete. The workaround is to configure the PS/2 Link Station Role as Secondary. [CSCdi60999]
When running CIP SNA over DLSw, the LLC2 control blocks may not get freed even when the LLC2 session is lost and the DLSw circuit is gone. The workaround is to reload the router. [CSCdi62627]
When source-bridge sdllc-local-ack is enabled, the router stays in disconnect after the SDLC PUs are inactivated in VTAM. The workaround is to remove the sdllc-local-ack. [CSCdi64640]
LSAP filters and NetBIOS host filters that are applied to the DLSw remote-peer statements do not work on DLSw border routers. [CSCdi66251]
If the Channel Interface Processor (CIP) card on a Cisco 7000 router is in a hung state, the Cisco IOS software may enter a loop trying to reset it. The following messages will be repeated:

: %CBUS-3-CIPRSET: Interface Channelslot/port, Error (8010) disable - cip_reset() %CBUS-3-INITERR: Interface decimal, Error (8004), idb hex decimal cmd_select - cbus_init() %CBUS-3-INITERR: Interface decimal, Error (8004), idb hex decimal cmd_select -cbus_init() %CBUS-3-CTRLRCMDFAIL1: Controller decimal , cmd (128 hex) failed (0x8010)count (16) %CBUS-3-FCICMDFAIL1: Controller decimal, cmd (32 0x00000001) failed (0x8010) count (1)
: Looping may be severe enough to require a router reboot.
: The looping messages may overrun the logging buffer and thus obviate the reason for the initial attempt to reset the CIP. [CSCdi66420]

When you issue the show controller cxbus command, the CIP utilization and memory statistics are not shown if the router uptime is 49 days. [CSCdi66467]
Reloads due to a Seg-V violation at 0x0 are occurring, but the tracebacks are pointing at DLSw. [CSCdi67085]
The router may reload when a second device tries to connect for reverse QLLC with DLSw+ local switching. [CSCdi67189]
In certain situations, DLSw+ backup peer definitions may be written to NVRAM before the definition of the peer they are backing up. When this happens, the backup-peer definition will not be recognized upon router reload. [CSCdi67272]
When the run commmand Telnet is issued from netview with an address will lock up your session with Netview. [CSCdi67280]
When cfg-ing an APPN class of service (COS), you may get the following error:

: % Error (0x0001,0x00000807) defining class of service.
: If so, here is a workaround until the code is fixed to match what the help says are correct values.
: 1) When cfg-ing a tg-row's prop_delay, only these enumerated values are allowed, not the 0-255 implied by the help:
: AP_PROP_DELAY_MINIMUM (0x00) = 0 AP_PROP_DELAY_LAN (0x4C) = 76 AP_PROP_DELAY_TELEPHONE (0x71) = 113 AP_PROP_DELAY_PKT_SWITCHED_NET (0x91) = 145 AP_PROP_DELAY_SATELLITE (0x99) = 153 AP_PROP_DELAY_MAXIMUM (0xFF) = 255
: 2) When cfg-ing a tg-row's security, only these enumerated values are allowed, not the 0-255 implied by the help:
: AP_SEC_NONSECURE (0x01) = 1 AP_SEC_PUBLIC_SWITCHED_NETWORK (0x20) = 32 AP_SEC_UNDERGROUND_CABLE (0x40) = 64 AP_SEC_SECURE_CONDUIT (0x60) = 96 AP_SEC_GUARDED_CONDUIT (0x80) = 128 AP_SEC_ENCRYPTED (0xA0) = 160 AP_SEC_GUARDED_RADIATION (0xC0) = 192 AP_SEC_MAXIMUM (0xFF) = 255
: 3) 'show appn class det' will show zero values for all values of a TG row of any new COSs. [CSCdi67560]

The router may crash with the message "Illegal access to low address" if it is running low on memory and RSRB is configured. [CSCdi67879]
Direct encapsulation over Ethernet, Token Ring, Loopback blocked at the parser level. These options are not supported. Configuration commands will no longer allow these options.

: Crash in the managed timer, with respect to dlsw, has been fixed. [CSCdi67926]

dlsw with frame relay pass-thru fails to bring up a netbios windows nt session. [CSCdi68970]
Dynamic Peer configured in the 'dlsw remote-peer' command, never gets connected. The dynamic peer options dynamic inactivity and no-llc are broken.

: Backup Peer linger option is broken. The default and zero linger time are not working correctly.
: Other 'dlsw remote-peer' options, destination mac address exclusive (dest-mac) and destination mac address exclusive list (dmac-output-list), are not present. [CSCdi68995]

The router crashes when NSP is configured and is trying to connect back to the owning host. [CSCdi69231]
When reassembly is involved in a DLUR managed LU-LU session (i.e. the mtu for the downstream link to the PU is smaller than the mtu for the upstream link toward the host) and the ru size is larger than can be transmitted in a single frame, (most common with IND$FILE transfers from a PU to the host), the router may reload with "checkheaps" stack trace indicating memory corruption has occured. [CSCdi69283]
SNA and NetBIOS session do not connect using DLSw FST (Fast Sequenced Transport) over SMDS WAN media. [CSCdi69766]
When using fast-switched DLSw+ (FST, direct encapsulations) in environments in which the number of source-route bridge hops between the source station and the DLSw+ cloud differs from the number of source-route bridge hops between the destination station and the DLSw+ cloud, the Source MAC Address may be altered. This will, in many situations, adversely affect connectivity between the two end stations. [CSCdi69891]
When segmentation or reassembly is involved in a DLUR managed LU-LU session (i.e. the mtu for the downstream link to the PU is smaller than the mtu for the upstream link toward the host) and the ru size is larger than can be transmitted in a single frame, (most common with IND$FILE transfers from a PU to the host), the router may reload with "checkheaps" stack trace indicating memory corruption has occured.

: This ddts the complete fix for CSCdi69283. [CSCdi70232]

APPN/DLUR is not working with versions of CM/2 which set the extended binds supported flag in the actlu response. The downstream CM/2 cannot establish an lu-lu session through the DLUR router. [CSCdi70506]
Router interface operating in an SDLC secondary role will not respond to TEST P. [CSCdi70562]
When using DLSw FST, end user sessions may not switch over to an alternate lan or peer path following a connectivity failure. [CSCdi70709]

Interfaces and Bridging

There is a problem with the SNMP Packets in counter on token ring interfaces of Cisco access routers (4000, 2500 series) which can cause these counts to be inaccurate on the low side. In the case of relatively inactive token rings, this counter can actually underflow, causing SNMP to report that a very large number of frames have come into the interface. [CSCdi21699]
A 'write erase' (return to initial configuration) on a 2500 or 4500 has been observed to result in fair queuing being disabled rather than being enabled, but only on serial port 0. [CSCdi46850]
Customer is trying to migrate from ags+ to 4700. They have know problem(s) with excessive collisions on 2 ethernet segments.

: However, interfaces did not go down on AGS+ or other 7000 routers (showing excessive collissions, (rate in excess of 10%) as is the case with the 4700 router with NP-6E card.
: Using AM79970 chipset. Also seeing similiar manifestations as in CSCdi51927 where output of 'sh cont eth is showing 'link state down' while sh int eth sho up/up for state and we're seeing packets inbound/outbound on the interfaces respectively. [CSCdi49380]

Fast-switching of ISL encapsulated IPX packets does not work on the c7200 platform. The workaround to this caveat is to disable fast-switching of IPX packets using the no ipx route-cache interface sub-command. [CSCdi61366]
When you perform buffer changes on a serial interface with SMDS encapsulation, the changes are not taken into account after a reload. [CSCdi62516]
SRB fast-switching is not working in 11.1 or 11.2; SRB traffic is always process-switched through token-ring interfaces [CSCdi62974]
The source-bridge ring-number command allows you to configure a ring-number mismatch. The workaround is to make sure that all bridge devices on ring use same ring number. [CSCdi63700]
In Cisco 7500 series routers, the following error message might be displayed while booting the system image from TFTP or Flash memory, or when changing the serial encapsulation (for example, from HDLC to SMDS):

: %CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot x, cmd code 0
: The show diagnostics x command reports that the board is disabled. The show version command does not show the card in the specified slot. The write terminal command does not show the configuration for the card in the slot. A possible workaround is to issue a microcode reload command or load a new system image that has the fix for this bug. [CSCdi66450]

The MIP interface will not come up automatically after a reload. A quick work around is to issue 'clear controller t1/e1' to manually reset the t1/e1 controller. [CSCdi67143]
Using 802.10 encapsulation on FDDI trunk port, 4700 router cannot form OSPF neighbour adjacency with other routers on the other side of Catalyst switch connected via 10BaseT.

: Configured bridge-group under the fddi subinterface, OSPF works ok in all routers. [CSCdi68923]

Small and middle buffers leak when transparent bridging on ATM is enabled. [CSCdi69237]
The value if a lines exec-timeout can be written to NVM as 30 seconds instead of the correct value if a write command is done while a line is displaying the "login" prompt. [CSCdi69885]
Misaligned data accesses in the packet data may negatively affect CPU usage on RSP based platforms when handling SAP or SNAP frames. [CSCdi70402]
When using custom-queueing feature in conjunction with payload compression on HDLC or Frame-relay encapsulations, traffic regarded as "low-priority" by custom-queueing would be passed uncompressed. This resulted in lower- than-expected compression ratios.

: Please note this bug never existed in versions 11.0. It is not an error that this patch was not applied to that source-tree. [CSCdi71367]

IP Routing Protocols

In an area with more than one area border router (ABR), the Open Shortest Path First (OSPF) routing protocol does not delete old network/mask combinations from the routing table when you change masks for networks or subnetworks in the configuration. The workaround is to issue the no ip address command before issuing the ip address command to change the mask. [CSCdi61022]
Router does not retain the OSPF dead-interval setting after a reload even though the NVRAM config shows the dead-interval set properly. The router sets a default value to the dead-interval instead of what is set under the NVRAM config.

: The problem only happens if the configured value of the dead-interval is the same as the original default - 40 for broadcast network and 120 for non-broadcast network - and the hello-interval is not default.
: The workaround is not setting the dead-interval the same as the original default.
: When the fixed image is first loaded, the problem still happens. To resolve the problem, reconfigure the dead-interval again and do write memory. Then the problem will not happens again with subsequent reloads. [CSCdi62640]

The match keyword is not working with redistirbute command. The workaround is to use route-map. [CSCdi64310]
With IGRP and RIP, IP unnumbered interfaces using PPP encapsulation receive but do not process routing updates of Major Network Summaries correctly. The major networks appear as host routes instead of network routes. This affects all IP unnumbered interfaces using PPP encapsulation that are pointing to different major networks. This affects dedicated links as well as DDR links using RIP or IGRP.

: It is also possible for a race condition to occur, where the majornet route is lost, even after it has been received and installed into the routing table.
: The workaround for this problem is a floating static route for the majornet matching the PPP-created host route using a majornet mask pointing to the PPP-created host route. For example, if the host route is 192.1.1.1, then using the command ip route 192.1.1.0 255.255.255. 0 192.1.1.1 250 should solve the problem. [CSCdi65258]

IPX Enhanced IGRP updates do not propagate if the MTU size is less than the IPX Enhanced IGRP packet size. [CSCdi65486]
Processing of input offset lists in Enhanced IGRP was disabled erroneously, so offset list processing is not available. There is no workaround. [CSCdi65889]
When the router performs DNS name lookups of nicknames, the canonical name is stored in the host name cache, so repeated uses of the nickname will require queries to the name server rather than being satisfied from the name cache.

: Note that releases 11.0(11.1) and 11.1(6.1) contain the fix for this ddts may reload when doing DNS name validation. Check CSCdi70707 and CSCdi71158. Releases 11.0(11.2), 11.1(6.2) and any 11.2 are fine. [CSCdi66910]

When running 10.3(13) IOS, if you have neighbor statements pointing to a subnet broadcast address, it may fail to send updates to that broadcast address. [CSCdi67411]
RIP v2 updates are not received on passive interfaces. [CSCdi69055]
The help for router attribute lists says: <1-199> A standard IP access list number

: However standard IP access lists are in the range 1-99, and the router attribute list accepts access lists in the range 1-199.
: We are modifying the help line to say: <1-199> IP access list number [CSCdi69241]

A router interface that has joined the cisco DISCOVER auto-rp group can only delete membership from that group by unconfiguring PIM on that interface and then rebooting the router. A different interface will then join that group (224.0.1.40) if it is configured using the command ip pim mode. [CSCdi69269]
PIM-NBMA mode will not allow population of outgoing interface list with neighbors that are also on the incoming interface list. The result is that joiners on a single NBMA interface may not be able to exchange traffic with other joiners on the same interface. This only affects interfaces in sparse-mode. [CSCdi69298]
BGP will not be able to establish a password-protected session with a peer when service password-encryption is configured, the configuration is written to NVRAM, and the router is reloaded. A workaround is to remove the password encrytion and re-enter the passwords as cleartext. [CSCdi69978]
OSPF ABR will generate summary for subnet of connected point-to-point interface with wrong cost. The wrong cost is twice as much as the actual OSPF cost of the interface. In topology with more that one ABR, this could create routing loop for the point-to-point interface subnet. In order words, attempt to telnet or to ping the point-to-point interface address from a different area could fail, but the router could still be accessed through other non-point-to-point interface addresses on the router.

: There is no workaround. [CSCdi70406]

Using ip pim send-rp-announce with a group access list that contains entries with zero wildcard masks will result in the first such entry being omitted from RP Announcements. [CSCdi70807]

LAT

When translating LAT to PPP under Protocol Translation, data sent from translator may be lost, causing the PPP negotiation to fail and the LAT session to be disconnected. [CSCdi46164]

Novell IPX, XNS, and Apollo Domain

After upgrading from Release 10.2(11) to Release 11.0(9), a show processor memory command indicated that the IPX SAP table memory usage grew by almost 300%. [CSCdi65740]
Using IPX Enhanced IGRP can cause a memory leak when a link with an Enhanced IGRP neighbor is flapping. The SAP updates are queued and backed up, thus using increasingly more memory. [CSCdi66169]
The IPX SPX spoofing table entries might not begin to age out until sometime after the SPX age timer has gone expired. [CSCdi67901]
SPX spoofing might cause a reload due to a software-forced crash. A workaround is to disable aging of the SPX table by entering the following commands: ipx spx-spoof session-clear 0 and ipx spx-spoof table-clear 0. [CSCdi68150]
When using the 'ipx route default' command, IPX Netbios (type 20) packets are still dropped on a router if the source route is not known and the default route is known. It is strongly recommended that when forwarding IPX NetBIOS broadcasts that the extra input and output checking be enabled. The commands to do this are ipx type-20-output-checks and ipx type20-input-checks. [CSCdi68151]
Valid services may be lost on NLSP routers as a result of normal SAP activity (especially when large numbers of services are poisoned via a RIP/SAP interface on a neighboring router). [CSCdi68274]
When enabling debug ipx nlsp (network#), the system erronenously states "ipx nlsp debugging disabled for net (network#)" This may cause a spurious memory access. [CSCdi68918]
If SPX spoofing fails to send a keepalive a traceback message will be display on the system console. [CSCdi69062]
IPX NetBIOS packets which are filtered by router netbios filters do not get freed and may stay in system memory. [CSCdi69212]
When using EIGRP as a routing protocol show ipx server may display an incorrect negative metric. This error in the display does not affect operations. [CSCdi69226]
High end Cisco routers may send XNS RIP update packets too quickly for older host to receive. A new global command XNS RIP-DELAY will be added to increase the interframe gap to at least 1ms between XNS/RIP update packets. [CSCdi70357]
Under certain circumstances, some IPX services learned via NLSP may not appear in the service table. There is no workaround to this problem. [CSCdi71036]

Protocol Translation

"show translate" may incorrectly indicate the number of active users for translations using TCP as the inbound protocol, if TCP connections fail to be set up properly. [CSCdi70265]

TCP/IP Host-Mode Services

RSH commands executed to the router without a controlling shell only return the first 1608 bytes of data. [CSCdi69424]
The fix of CSCdi66910 introduced this bug and CSCdi71158, system may reload when doing DNS name validation. There is no workaround. [CSCdi70707]
Certain invalid TCP SYN packets can cause infinite looping in the TCP code, either within a single system or involving continuous packet exchange between two systems. This results in serious performance degradation or complete system lockup. Such SYN packets are not sent by normally functioning TCP implementations, and would be unlikely to be generated by any innocent TCP bug or misconfiguration... but might easily be generated by malicious system abusers. One particular case of such a packet is the attack packet sent by the "land.c" program. See http://www.cisco.com/warp/public/770/land-pub.shtml for more information on the land.c attack. [CSCdi71085]

Wide-Area Networking

Under certain unknown circumstances, a neighbor route will not be installed for a SLIP or PPP connection. Debugging output (debug ppp negotiate) indicates that the route was added, but it will not appear in the IP routing table nor be seen in the debug ip rout trace messages. [CSCdi50490]
4500 with ATM card blocking with the following message: atmzr_hi_irq_hand(ATM0): Secondary port error [CSCdi58134]
ISDN NET3 cannot handle incomming FACILITY message when call is connected. [CSCdi60340]
X25 parameters ignored at startup in some cases. Config is still correct though. [CSCdi60529]
RFC 1577 and LANE applications get blocked because of a difference between the VCD known by different parts of the software. This problem has been reported with both RFC 1577 and LANE applciations and in Releases 11.0(8) and 11.1(4). [CSCdi61979]
Dialing into an async line and starting a SLIP/PPP session may fail even though the same IP address was previously allocated successfully for the particular user. [CSCdi63143]
When the router is acting as an X.25 DCE, it will sometimes fail to encode a facilities length field in a switched call connected packet. Some attached DTE's may then clear the call with a diagnostic code of 38, packet too short. This behavior was introduced in 10.3(12), 11.0(9), and 11.1(4). [CSCdi63831]
Exec command Slip /compress and the exec command PPP /compress don't correctly turn on TCP/IP header compression if configuration command service old-slip-prompts is in use, with the async interface configured with ip tcp header-compression passive. [CSCdi64325]
Setting a group range on a pre-Release 11.2 group-async interface while calls are active causes all async modem calls to be disconnected. [CSCdi66297]
The configuration command "no fair-queue" does not get saved to NVRAM for group-async interfaces, so the system reverts to fair-queueing after a reload.

: However, due to the default bandwidth of the group async interface being greater than that for a fair queueing candidate, it is actually not configured for fair queueing which is what it reverts to after a reload.
: A workaround in order to enable and disable fair queueing on the interface is to use the bandwidth command to set an applicable value such that the "fair-queue" command is meaningful thereafter. [CSCdi66301]

The frame-relay interface-dlci statement has the option broadcast available in the documentation and parser. This is misleading as the mapping determines weather or not broadcasts are allowed. [CSCdi66691]
2511 may reload at _bridge_enq when no bridging is configured. [CSCdi67157]
The VIP/VIP2 IPC overlaps some TX accumulators and makes those accumulators spurious. Those accumulators are not used until the number of interfaces is more than 20. [CSCdi67842]
When parallel, non-multilink connections exist in a dialer group, the loss of one connection will remove the route to the peer address even though one or more connections exist to forward packets to the destination. This defect occurred as a side-effect of the fixing of CSCdi59425 and will be fixed in a future release of IOS. [CSCdi67844]
Memory corruption (and subsequent reload of the router) may occur if AAA authorization is enabled and there is no DNS server configured on the router. Enabling "no ip domain-lookup" will decrease the chances of memory corruption. If you are running an enterprise image, you may enable to command "kerberos local-realm " as a workaround for this problem. [CSCdi68041]
LANE does not set up the data direct again after it has been established the first time. This problem was introduced as a result of the commit of the fix for CSCdi61979.

: Any release containing this bug should NOT be used in sites using LANE. The following releases are affected: 11.0(10.3), 11.1(5.3), 11.1(5.4), 11.2(0.23), and 11.2(0.24).
: Note that for 11.0, only the 7000 image will be affected, as the 4500 and rsp platforms do not run LANE in 11.0. [CSCdi68089]

An APPN/DLUR router may not establish a link to an ethernet-attached 3270 workstation which sends tests and xids in both 802.3 format and ethernet 80D5 type format. [CSCdi68201]
When dialing into the AS5200 from an I-Courier modem over sync ISDN and then starting a PPP session, the router may crash. This occurs only when login is done on a non-async interface and when extended TACACS is enabled. A workaround for non-async interfaces is to use AAA/TACACS+. [CSCdi68257]
Under most conditions, dialer maps will be ignored when negotiating the peer's IP address, if a peer IP address pool is configured on an ISDN or Dialer interface. Instead of using the IP address from the dialer map, an address would be acquired from the address pool. This prevents a user from supporting dial-up routers with assigned IP addresses and dial-up clients requiring dynamic IP address assignment. [CSCdi68441]
autodetect encapsulation v120 ... does not correctly sense V120 calls. [CSCdi68446]
If multiple, parallel connections to the same peer are made and one connection drops, the remaining connections may be unusable as packets will not be forwarded over them. [CSCdi68456]
ISDN BRI boxes currently support France switchtype VN3 and no changes are required to support VN4. Customers should see no difference and should continue to use VN3 switchtype on the router. [CSCdi68605]
At NET5 homologation testing for we failed a test for invalid bearer cap. This was caused because we were accepting a trasnfer rate of 384 kbit/sec. The call should be rejected with a cause of Incompatible Destination. There is no workaround. [CSCdi68630]
This problem is that an AAL5-ABORT frame is always followed an OAM cell. This problem happens on 4500 and 4700 when a F5 cell is sent out. This problem is known and to be fixed in the future release. [CSCdi68675]
On a Cisco 4500 or Cisco 4700, a packet may be registered in both the input and output hold queues on when going from ATM to other network links. This may affect the values of the input and output queue length fields in the output of the show interface command. On a Cisco 4500 or Cisco 4700 configured with ATM, another fast network link, and a slow network link, this behavior may have some impact on the overall throughput of the traffic from ATM to another fast network link when the slow link is flooded with too many packets from ATM. However, we are unaware of any environments in which network functionality could be seriously impaired by this. The correct router behavior would be to drop packets over the slow link without affecting the traffic from ATM to another fast link. [CSCdi69441]
ATM F5 OAM segment cells are received by c4500/c4700 as user data cells. As a result, an F5-segment-loopback ping will not succeed. In ATM LANE environment, LE Client up/down state change may occur if a c4500/c4700 receives a F5 OAM segment cell. But Cisco Systems is unaware of any other environments in which network function is seriously impaired. The correct router behavior would identify ATM F5 OAM segment cells and support F5 OAM segment loopback service. Cisco Systems expects to resolve this behavior in a future maintenance release. [CSCdi69513]
When the configuration command 'ppp authentication xxx' is applied to any PPP interface, the connection will be reset to apply the authentication change. If command is applied to a group-async interface, then all member interfaces will be disconnected. This behavior is caused by the fix for CSCdi59213. In a future release, the connection will only be reset if there was no PPP authentication configured and the 'ppp auth xxx' command is entered. [CSCdi69680]
On certain platforms, entering a ip address configuration command while the interface is connected to a SLIP or PPP peer may cause a software-forced reload. [CSCdi69809]
A neighbor route is not installed for PPP connections over an async or a vty-async connection. This defect was introduced by the fix for CSCdi50490. [CSCdi69919]
The system can unexpectedly restart if an outgoing PAD call is placed on an X.25 logical channel that experiences a call collision, when acting as an X.25 DCE. [CSCdi69963]
ISDN BRI routers may have problems bringing up multiple B-channels to the same destination. The router and PBX may also get into a Layer 3 state mismatch and continuously exchange Layer 3 messages. [CSCdi71333]

11.1(5) Caveats/11.1(6) Modifications

This section describes possibly unexpected behavior by Release 11.1(5). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(5). For additional caveats applicable to Release 11.1(5), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(6).

AppleTalk

A router configured with AppleTalk Enhanced IGRP takes too long to age-out routes even when the link is down, causing a long convergence time for features such as backup interface. [CSCdi62796]
In Release 11.1(4), the Cisco IOS software displays the appletalk domain global configuration command after all the interfaces. This causes the appletalk domain-group interface configuration command to be invalid. If the router reloads, the network remapping does not work automatically and causes major network conflicts in AppleTalk. [CSCdi63707]
IPTalk does not function correctly. IPTalk-speaking CAP servers cannot communicate and is not recognized on the network. [CSCdi64165]
Due to the way nbp packets get processed, it is possible that inbound nbp filters may affect outbound nbps. [CSCdi65598]

Basic System Services

[CSCdi42087]
On RSP platforms, the following message might display:

: %DBUS-3-DBUSINTERR: Slot 0, Internal Error
: It may also be accompanied by the following messages:
: "%CBUS-3-CMDTIMEOUT: Cmd time out, CCB 0 x XXXXXXXX slot n, cmd code n"
: "%DBUS-3-WCSLDERR: Slot n, error loading WCS, status 0 x XX cmd/data 0 x XX pos n"
: If the WCSLDERR error displays, the RSP board is disabled and will not be displayed when you issue a write terminal command. Issue a microcode reload command to take the card out of the disabled state. [CSCdi49854]

Under some conditions, the SEEQ will incorrectly pass up runt ethernet packets. We did not previously check for them, and so incorrectly received ethernet runt packets. [CSCdi55978]
During online insertion or removal of slave RSP, the system may reload in rare instances. [CSCdi57076]
If an interface is clocking faster than the configured bandwidth, the load computation is erroneous. [CSCdi57534]
Framed attributes in RADIUS are not correctly ignored when Service-Type is not Framed. This can cause incorrect autocommands to be constructed. [CSCdi58216]
An RSP router can crash with a "reserved exception" error because of a software error or an error in the microcode for an interface processor. More than one problem can generate a similar error message and stack trace, which can make this problem hard to track down. See also CSCdi58999, CSCdi60952, and CSCdi60921. [CSCdi58658]
Under some conditions, an authentication error will result in a login failure instead of trying the next method in the method list. This is particularly noticable when using RADIUS as the first authentication method, when the radius servers are unavailable. [CSCdi59105]
Cisco 7500 series routers cannot fast switch packets larager than 8192 bytes. These packets are switched at process level, a slower performance path. [CSCdi60295]
The session-timeout command will result in immediate connection timeouts if a a value larger than 35792 minutes is configured. Note that a value of zero will result in no timeouts occuring. [CSCdi60377]
HSA and VIP's now can coexist in cisco 7500-series routers. [CSCdi60891]
The RADIUS Acct-Session-Id attribute used in the IOS is reset to 1 each time the router reloads. This can cause problems with some billing applications that need it to be unique within a billing period. [CSCdi60940]
Enabling RMON on an interface may cause the router to crash. The only workaround is to disable RMON. This problem affects only images that support full mon (some Cisco 2500 series images). It does not affect RMON alarms and events running on most Cisco IOS images. Releases prior to Release 11.1(3.2) do not have this problem because it was introduced by the patch for CSCdi55847. [CSCdi62282]
RADIUS passwords are limited to 16 bytes and are truncated if longer. [CSCdi62518]
This problem can show up in different versions of 11.1 and 11.2. It is caused by the patch for CSCdi54840. As such it can show up in an 11.1 (4.1) image or beyond. It will affect platforms supporting cards such as EIP, FIP, FSIP, and similar Interface processor cards. The problem will manifest itself as two ifTable entries per real interface on such cards. The first ifTable entry is valid, the second is bogus. There is no direct workaround for this problem. Indirect workaround would be if the nms were capable of ignoring the repeated ifTable entries. [CSCdi62654]
Control characters are not interpreted properly in chat scripts. [CSCdi62960]
The show microcode command will report rsp-dw-m microcode as revision 200.0. Although it is the correct microcode version, the string should report revision 20.0. [CSCdi63216]
DHCP Proxy client support for IP address pooling does not always get back responses from the DHCP server. IP helper addresses are needed on the intermediate routers if broadcast address is used. In the case of configured DHCP servers the unicasts back from the DHCP server, are sometimes lost. [CSCdi63267]
In some cases the snmp-server party and snmp-server context configuration commands may cause a system reload. Neither of these commands verify that the configured OID is not already in use, permitting multiple records to be configured with the same OID, violating the rule that each record must have a unique OID. A common occurrence is to attempt to configure an initialPartyIdentity or initialContextIdentity that conflicts with the OIDs that are automaticially preconfigured per RFC 1447. A workaround is to not configure OIDs that conflict with the initial party and context OIDs specified in RFC 1447. [CSCdi63694]
Cisco routers with Motorola 68000 microprocessors (such as the Cisco 7000 and Cisco 2500 series) cannot fast switch packets larager than 8192 bytes. These packets are switched at process level, a slower performance path. [CSCdi63695]
Debugging information about telnet subnegotiations is incorrectly sent to the telnet user's line rather than to the console and lines that are monitoring debug output. [CSCdi63963]
The remote file system (RFS), a Cisco IOS facility that allows interface processors the ability to access the RSP flash file system, can fail on RSPs with small RAM configurations (less than 16 MB). Since the Channel Interface Processor (CIP) relies upon the RFS to download run-time code dynamically, it is unusable. Either the CIP must be pulled from the configuration, or the RSP RAM must be increased. [CSCdi64706]
Chat scripts are not sending special characters embedded in send strings. The ignored characters are "
", "
", "s", " " . [CSCdi64886]
When using the autocommand or callback-dialstring options of the username command, extra information will be produced when the configuration is saved. [CSCdi65014]
Bug fix CSCdi55978, which was integrated into the builds 10.003(012.006), 11.001(004.005), 11.000(009.006), 11.000(010.000.001), 11.001(005.000.001), 11.002(000.018), 10.003(013.000.001), introduced the following problems. Cisco 7500 family processors (RSP1, RSP2, and RSP7000) encounter a Reserved Exception crash or encounter a QAERROR causing a switching complex restart when receiving a runt from an Ethernet interface. The Ethernet interfaces are supposed to filter and count the runt packets, so we are never supposed to see them.

: The Reserved Exception crash looks like this:
: Queued messages: Aug 14 10:44:16: %RSP-3-ERROR: memd write exception, addr 08000000 Aug 14 10:44:16: %RSP-3-ERROR: RSP alignment error on write to QA, addr 08000000 *** System received a reserved exception *** signal= 0x9, code= 0x0, context= 0x60c72fd0 PC = 0x60107514, Cause = 0x2020, Status Reg = 0x34008702 DCL Masked Interrupt Register = 0x000000ff DCL Interrupt Value Register = 0x00000000 MEMD Int 6 Status Register = 0x00000000
: The QAERROR looks something like this:
: Jun 17 10:50:23.329: %RSP-2-QAERROR: reused or zero link error, write at addr 0308 (QA) log 260308C0, data A816FFFF 00000000 [CSCdi66673]

EXEC and Configuration Parser

hold-queue is deleted from config upon reload in 11.0. and 11.1 on serial lines. [CSCdi52618]

IBM Connectivity

A Cisco 4500 or Cisco 4700 series router might restart with the error message "%ALIGN-1-FATAL: Illegal access to a low address" if RSRB is configured on the router. [CSCdi35905]
On a c70x0 router installed with a CIP running CSNA, explorers that are not destined for one of the configured CIP internal LAN MAC addresses cause the explorer ouput counter to get incremented erroneously. [CSCdi46834]
In some configurations of DLSW with local ack, the router does not answer the SABME P from an end station properly. The problem manifests itself when the PC sends SABME P (out) and the router sends UA (in). Some end stations treat this as a violation of the LLC2 specification.

: In most instances, the PC sends another SABME P and the router responds appropriately with a UA F.
: The workaround is to ensure that the end station (PC) makes more than one attempt to connect to the host by sending at least two SABME Ps. [CSCdi46918]

DLSW flow control allow max/min flow control window sizes [CSCdi48010]
When multiple Remote Source-Route Bridging virtual interfaces are created by a DLU using CLSI, only one of the virtual interfaces will closed and cleaned up upon termination. The others will be left in an undetermined state and attempts to reopen them will result in ALREADY_ENABLED error codes. [CSCdi49060]
When autonomous switching is enabled on a CIP interface and the packet is larger than the CIP MTU, the packet is not fragmented.

: If this is occurring, use fast switching instead of autonomous switching. [CSCdi52884]

If the message

: %SCHED-2-NOTWATCHTIMER: simple timer 2CFBF8 not being watched. -Process= "BSTUN Background", ipl= 0, pid= 19 -Traceback= F336E 27A0C2 E677E E67F8 EF50E A0BA0 F25B8 27A15C
: appears, as long as bstun is never to be used on the router before the next reload then the router should be fine. If bstun is to be configured again it would be safer to reload the router. [CSCdi53010]

Problem fixed with this DDTS:

: CIP variables not included in the CISCI-CHANNEL-MIB
: Added: cipCardSubChannelCmdretries to cipCardSubChannelTable Added: cipCardDtrBrdLastStat and cipCardDtrBrdNextStat to cipCardDaughterBoardTable [CSCdi55031]

The SDLLC secondary router fails to respond to SNRM input frames. This problem was introduced by CSCdi51341. [CSCdi56398]
The problem is that valid multicast explorers that should be handed to the protocol stack are instead being diverted to the srb module and are being flushed by the srb explorer control mechanism.

: This problem was introduced by some changes to the token ring interrupt handler in 11.0 and later.
: There is no workaround for the diversion, though the flushing can be avoided by raising the explorer maxrate value to some high number. However, this may cause instability in the network.
: Note that this bug fix is comprehensive in that several issues regarding multicast explorers and inbound remote explorers have now been resolved.
: Paul S. [CSCdi59090]

A FRAS BNN-to-SDLC link does not restart when Frame Relay is power-cycled. After the CSU is powered off, the "fras backup rsrb" kicks to put the SDLLC traffic across the RSRB peers. When the CSU is powered back on and the Frame Relay DLCI comes back up, the FRAS BNN connection to the SDLC nodes does not reactivate, although connections to Token Ring nodes do restart. [CSCdi61156]
FRAS remote source-route bridging dial backup fails on SDLC-attached devices if more than one SDLC device is configured. [CSCdi61179]
If the vmac parameter is not specified in the qllc dlsw command, a Cisco 4500, Cisco 4700, or Cisco 7500 router may crash in the function QLLCTestStnReq(). [CSCdi61562]
It is not possible to configure more than 10 saps in the command syntax of 'dlsw icannotreach saps xx xx ....'. There is no work-around for this. [CSCdi61887]
QLLC may try to initate a connection in the middle of activating a connection. [CSCdi62155]
Using DLSw+ local switching and QLLC, the LF field in the RIF of Test Responses sent on Token Ring are not consistent. A workaround is to configure an mtu size of 4500 on the X.25 interface. [CSCdi62416]
A Cisco router may eventually crash if configured with a STUN TCP peer which suffers from hardware issues. [CSCdi62480]
During LLC2 connection failure between CIP and RP, the DISC from RP to CIP may be dropped. However, CIP may continue to send RR_Cmds to its endstation. The RP would attempt to respond to the RR_Cmds resulting alignment and spurious access errors on the RP. This would also cause CIP to generate BADVCN error messages for the virtual port 2. [CSCdi62629]
Connections cannot be established when using IBM process-switched features (e.g. RSRB/TCP, DLSw+/TCP, etc) because of dropped packets

: Symptom is "dropped Routed protocol" messages are output when "debug source-bridge error" is enabled
: This behavior was introduced by CSCdi61267. Integrated into 11.0(9.4) and 11.1(4.3). [CSCdi62738]

DLSW netbios can't connect windows NT. [CSCdi62784]
When using SDLC with a CLS DLU (e.g. APPN, DSPU, etc), a CLS_ASSERT traceback message may be displayed on the console in cases where there is a race condition of data received at the same time the sdlc connection is being disconnected. [CSCdi63154]
DLSw+/QLLC circuits would not activate if a QSM was sent without XIDs being exchanged. [CSCdi63350]
The message "IBM: Unknown L3 PID, fr_doencap failed" is displayed with DLSw. This is caused by race condition when one DLSw peer has come up while other DLSW peer is in the process of coming up. It is a warning message that does not prevent the DLSw peers from coming up. [CSCdi63658]
When you remove a csna path device command from the configuration and then try and display the remaining devices, using the command:

: show ext channel x/0 path stat
: the channels do not appear as expected. [CSCdi64003]

When you issue the show controller cxbus command, the CIP utilization and memory statistics are not shown if all the CIP interfaces are down, or if no device is configured on either the channel slot/0 or channel slot/1 interface.

: In version 11.0 and greater, a workaround is to no shut the CIP virtual interface, channel slot/2 [CSCdi64004]

In extreamly stressful locate traffic scenerios, it is possible for the APPC function in the router to discard APPN locate searches and cause the search proceedure to hang at other nodes. At least several hundred simultanious locates proceedures are required to cause this problem. [CSCdi64045]
APPN: SNA Service Point configured to use an APPN/DLUR link may fails during the xid3 negotiation with a 0x0891004 (invalid netid). [CSCdi64111]
A memory leak in QLLC can result in buffer starvation on the serial interface, and LAPB on the serial interface gets stuck in the RNRSENT state. [CSCdi64333]
Configuring the dlsw remote-peer cost command has no effect on peer selection. All peers displayed in the show dlsw capabilites command show equal costs. [CSCdi64537]
When using APPN-DLUR, if a downstream PU sends a SNA level REQDISCONT on the SSCP-PU session and the device is a PU2.0 device on SDLC, a link level disconnect (X'53') will not be forwarded to the device by DLUR unless the DLUR first receives a link level Request Disconnect (X'53') from the device. This may cause a very limited number of devices that send sna level REQDISCONT but don't send link level RD to hang pending a disconnect. [CSCdi64791]
QLLC may incorrectly set the ABM bit to 0, instead of 1 on Format 3 XIDs that it sends to Token Ring or RSRB. [CSCdi64913]
When the host pu is not activated, the connect in from DSPU is either sent too fast or sent once only. The configuration parameters RETRIES and RETRY-TIMEOUT in the pu configuration are used to control the number of retries and the period of retry. [CSCdi65090]
If infinite retries is enabled for SNA Service Point using an APPN/DLUR link, some routers (4000, 2500, 7000) may fail with a bus error. The "Stack for process TTY Background running low, 0/2000" message is displayed.

: As a temporary work-around, you can specify "retries 1" on the sna host definition. [CSCdi65375]

APPN/DLUR may not allow devices to connect into the router at a high enough rate if many devices are attempting to connect at the same time. [CSCdi65405]
A router running remote source-route bridging where the input explorer queue overflows may crash with the message "%ALIGN-1-FATAL: Illegal access to low address from srb_enq." [CSCdi65489]
On the "show dlsw peer" command, if a peer's state is WAN_BUSY, the tcp queue depth and peer uptime are not displayed. [CSCdi65588]
CSCdi58658 caused DLSw FST on the RSP to break. CSCdi58658 was integrated into 011.011(004.005)

: In addition, DLSw FST is not supported on a Channel Interface Processor (CIP) LAN interface.
: This error caused by CSCdi58658 will result in a buffer leak in the RSP's Token Ring interface buffer pool and the Token Ring interface will eventually hang when it runs out of buffers. Issuing a show controller cbus command will show how many buffers the interfaces thinks are still available in the system.
: The following error messages will occur :
: *Aug 7 11:48:33 mst: %SYS-2-LINKED: Bad enqueue of 60AE6FC0 in queue 60B0EB60 -Process= "interrupt level", ipl= 5 -Traceback= 60110530 6016901C 60169070 60211C8C 600F2E70 600F2B70 600F06D4 601B78E0 60188EB0
: boxer% rsym rsp-j-mz.111-5.0.1.symbols Reading rsp-j-mz.111-5.0.1.symbols rsp-j-mz.111-5.0.1.symbols read in Enter hex value: 60110530 0 x 60110530:p_enqueue(0 x 601104d0)+0 x 60 Enter hex value: 6016901C 0 x 6016901C:process_enqueue_common(0 x 60168fb4)+0 x 68 Enter hex value: 60169070 0 x 60169070:process_enqueue_pak(0 x 6016905c)+0 x 14 Enter hex value: 60211C8C 0 x 60211C8C:ip_simple_enqueue(0 x 60211c74)+0 x 18 Enter hex value: 600F2E70 0 x 600F2E70:dlsw_lan2fst(0 x 600f2c1c)+0 x 254 Enter hex value: 600F2B70 0 x 600F2B70:dlsw_srb_input(0 x 600f2ab0)+0 x c0 Enter hex value: 600F06D4 0 x 600F06D4:fs_srb_to_vring(0 x 600f054c)+0 x 188 Enter hex value: 601B78E0 0 x 601B78E0:rsp_process_rawq(0 x 601b673c)+0 x 11a4 Enter hex value: 60188EB0 0 x 60188EB0:rsp_qa_intr(0 x 60188dec)+0 x c4 [CSCdi65603]

APPN/DLUR service TPs are at risk of hanging indefinately if another node behaves badly (e.g. fails to send pacing responses. Enabled path to deactivate the CP-CP session if a APPC call hangs for 30 seconds or longer. [CSCdi65880]
Route cache counters in "show interface x/x stats" command are incorrect when router is switching R/SRB packets [CSCdi65943]
DLSw may crash when using FST or Direct peer encapsulations on an RSP and using a CIP interface as a LAN port. The crash will occur due to an access to address 0x00. [CSCdi66239]
SNA sessions using QLLC over X.25 PVCs do not become active. The following tracebacks are a symptom of this problem:

: %SYS-2-LINKED: Bad enqueue of 9600E8 in queue 88380. SNA: Alert xxxxx not sent, Focal point buffer overflowed. [CSCdi66340]

In extraordinary circumstances, the APPN/DLUR feature may stop abnormally with the following message: %APPN-6-APPNLOGMSG: APPN Process ended abnormally. Name: xxxcss00. RC: C3E2F0F6. [CSCdi66995]
APPN/DLUR NN with connection network defined on a port that has no other defined links and no active dynamic links can cause a reload when the connection network dynamic links are stopped and then restarted [CSCdi67419]

Interfaces and Bridging

Incomming packets to the Hot Standby Router Protocol (HSRP) MAC address are process-switched, regardless of the route cache status on the interface. [CSCdi44437]
The "hybridge_input" message may be seen when running bridging over a serial link. This should not be seen any longer since how the message is generated has changed. A rate limited "BAD_ENCAP" message is now generated. [CSCdi48388]
If AAA new-model is configured and an attempt is made to allocate an IP address after the 'ppp' or 'slip command is entered, the address allocated may not be the last address the user was allocated, even if that address is available. [CSCdi49571]
Show controller t1 after a clear conters shows that there is remote loss of signal when the t-1 is up. This is a display problem only as the pri can be used to place outbound calls. Resetting the csu clears the problem. [CSCdi52688]
Cisco models 2520-2523, executing early IOS version 11.1 may see problems when serial ports 2-9 are put into loopback mode by the DTE. It is highly recommended that IOS version 11.1(6) or later is used to avoid this problem. Versions 11.0 and 11.2 do not have this problem. [CSCdi54221]
Multi-port SRB traffic gets process switched rather than fast-switched. [CSCdi61600]
Add code to display the active state of payload compression for the "show frame map" command. [CSCdi61758]
Cisco intends to fix the bug in the future releases of the IOS. [CSCdi62177]
Router sends repeated Babble errors without an apparent cause in sniffer traces. [CSCdi62232]
-- Release-note --

: On RSP-ONLY : If HSRP and bridging is configured on a Token Ring interface, the active router fails to forward ip routed packets which arrive at the Token Ring for the standby ip address. [CSCdi63104]

A router running Frame Relay crashes at bridge_enq even when bridging is not configured. The fix put in for this bug does not fix the crash. The fix for CSCdi67157 is the correct fix. [CSCdi63140]
When passing compressed bridged traffic on HDLC WAN links, many errors of the type "Decompression size error" occur. The router sometimes crashes when processing these packets. This fix causes bridged traffic not to be compressed. The fix is considered temporary until process-level bridging can be made compatible with payload compression. [CSCdi63245]
Call "reg_invoke_fast_setup()" when disabling payload compression in order to give fast-switching a chance to re-enable. [CSCdi63479]
ISL bridging fails on Fast Ethernet interface for both the 4500 and 4700 platforms. [CSCdi63701]
This bug was introduced in 11.1 (4.0.2) by CSCdi44333 commit. It will prevent a channel group on the MIP being created on 75xx box in which is loaded with about 32 ports (plugholes). The box will become non responsive after a channel group is created. [CSCdi64153]
On Cisco 2520 through Cisco 2523 router models, which have dual-mode sync/async interfaces, LAPB frames are infrequently sent out of order on X.25 links. This occurs only when two of the async/sync ports are used in sync mode at the same time. [CSCdi64284]
In DTE mode, FSIP was looking for DCD and DSR up before declaring the Line UP. In the new ucode, now FSIP will only look for DCD. This behaviour is same as our low end serials. [CSCdi64735]
On the AS5200, the performance does not scale well when additional async interfaces are deployed. The symptoms include the Ethernet interface showing input drops and frequent throttles. [CSCdi65706]
[CSCdi65825]
%SYS-2-BADSHARE messages may be seen when bridging over serial interfaces configured with SMDS encapsulation. [CSCdi65828]

IP Routing Protocols

In Release 11.0, a customer has trouble forwarding IP packets with options. [CSCdi59020]
When an RP (rendezvous point) was de-configured or when it had expired, the stale information was not removed from the multicast routing entry. When need to remove the obsolete RP information, it was necessary to type "clear ip mroute" command for long lived groups. Now obsolete RP information will automatically disappear from the multicast routing entry, and also from the "show ip pim rp" command output.

: In the past multiple RPs could be used for the same group and their state all cached. Now only one RP for a group is used in one router, at any given time. [CSCdi60059]

A problem introduced in Releases 10.3(11.1), 11.0(7.3), 11.1(2.3), and 11.2(0.5) causes OSPF to crash when an OSPF external LSA with a nonzero forwarding address exists and the router has a non-OSPF route for the forwarding address. If the non-OSPF route is removed, OSPF crashes when it reprocesses the external LSA. There is no workaround for the problem. However, in general, no more than one routing protocol should be run over the same topology. If you follow this guideline, no non-OSPF route for forwarding address will exist and the router will not crash. [CSCdi61864]
Shutdown interfaces with IP addresses or static routes which point to down next-hops or interfaces may cause the IP cache to be partially invalidated more frequently than necessary. This is particularly evident when there are multiple paths. Workaround by removing IP addresses from down interfaces and/or removing static routes through down interfaces. [CSCdi62877]
A Macintosh that receives its IP address from a router acting as a MacIP server is unable to ping any IP interface on that router. There is no other operational impact from this caveat. [CSCdi63477]
The router responds to a Telnet request when the destination of the Telnet is a broadcast address. [CSCdi63787]
A problem introduced in Releases 11.0(9.3), 11.1(4.2), and 11.2(0.14) might cause OSPF to fail to install an external route that has no forwarding address. This occurs if the next hop of the path to the ASBR changes and its cost increases. The workaround is to create an external LSA with forwarding address set. [CSCdi64208]
As per the BGP communities RFC, a BGP community is made up of two parts with each part being 2 bytes long. The first part is the AS number and the second part is a 2 byte number - ie community is of the form AANN.

: The global configuration command ip bgp-community new-format is added to display/parse communities in the new format of form AA:NN. When this command is used, BGP communities will be parsed/displayed with the new format. [CSCdi64437]

The router configuration command neighbor x.x.x.x remove-private-AS could be used to remove Private AS numbers from AS path while sending updates to External neighbors. If the AS-path includes Private and Public AS numbers, Private AS numbers will not be removed.

: When used with neighbors external to the Confederation, Private AS numbers will be removed if it is after the Confederation part of the AS path. [CSCdi64489]

Output in the show ip mroutes and show ip igmp commands is incorrectly formatted causing the appearance of unbelievably long uptimes. [CSCdi64738]
Entries in the IP fast-switching cache can be aged prematurely in some cases. [CSCdi65058]
A directly connected route may disappear from the IPX Enhanced IGRP topology table if the interface that is configured for IPX Enhanced IGRP goes down and comes back up in in brief period of time, on the order of 2 seconds. The workaround is to issue the shut and no shut commands on the interface. [CSCdi65345]

ISO CLNS

The LSP lifetime and LSP refresh intervals are not currently configurable in IS-IS. This can result in high LSP traffic in very large networks.

: There is no workaround for this problem. [CSCdi64256]

This is a refinement on CSCdi57308 (ISIS could detect duplicate system IDs).

: The routers will now make a distinction between possible duplicate system IDs, and spurious LSP purges, which are probably caused by LSP corruption somewhere in the network. [CSCdi64266]

On some media/encapsulation combinations, the system may not send an ES-IS IS Hello packet immediately in response to an ES Hello packet received from a new End System. The normally scheduled IS Hello will eventually be sent. There is no workaround to this problem. [CSCdi64354]
If an IS-IS router is generating a significant number of LSPs, the following erroneous error message may appear when the system is first started:

: %CLNS-4-DUPSYSTEM: ISIS: possible duplicate system ID xxxx.xxxx.xxxx detected
: This is a cosmetic problem only. There is no workaround to this problem. [CSCdi65078]

Under some conditions, purged IS-IS and NLSP link state packets may persist in a network longer than necessary. This has no impact on calculated routes. There is no workaround to this problem. [CSCdi65479]
If the command "no router isis " is issued and the tag is non-null, the system will reload. There is no workaround to this problem. [CSCdi66139]
When configuring the isis router-subcommands max-lsp-lifetime and lsp-refresh-interval, these two lines are saved in the wrong order in NVRAM. This will cause the lsp-refresh-interval to be ignored after a reload (though it stays in NVRAM). During reload the following warning will show up:

: %ISIS: Refresh time must be less than LSP lifetime
: This bug will cause no real harm, as the router will only fall back to the default lsp-refresh-interval of 15 minutes. There is no workaround for this bug. [CSCdi66787]

Novell IPX, XNS, and Apollo Domain

IPXWAN Client mode fails to negotiate properly. [CSCdi42325]
In rare circumstances, NLSP may not report information learned from RIP and SAP. There is no workaround to this problem. [CSCdi45425]
The IPX SAP poison and the RIP poison sent counters on the Show IPX Traffic display are not being incremented.

: There is no way to correctly count these packets any longer (since 9.21). Therefore these counters are being removed. [CSCdi58345]

Under certain conditions an IPX packet may be received which has an incorrect IPX length in the IPX header, the CRC is good and we process this packet. We incorrectly pad the packet to the length specified in the IPX header instead of throwing the malformed packet away. [CSCdi63412]
The SPX spoofing code does not automatically age out old entries from the SPX spoofing table. Over time, this table can grow very large. Some customer sites have reported that when the table is very large, the routers cease to send SPX keepalive acknowledgement spoof packets. At that time, reloading the router is the only way to get SPX spoofing functioning again. The workaround is to issue the command clear ipx spx spoof on a regular basis to clear the SPX spoofing table.

: Commands added to facilitate the timeout process are:
: ipx spx-spoof session-clear [minutes] (default 60) and ipx spx-spoof table-clear [hours] (default 16).
[CSCdi64010]

When using network 'A', it was clashing with the keyword "ALL". So network 'A' could not be used in eigrp routing. This fix will remove that limitation. [CSCdi64830]
Directly connected SAP's which do not have a internal network numbers are being learned via EIGRP interfaces (i.e via serial interfaces) instead of interfaces from which they were originally heard.

: It appears as though the router learns the SAP, sends it into the EIGRP cloud and if the other routers in the cloud do not split-horizon SAP's prefers the SAP being seen from the EIGRP cloud. Once this is created, in certain circumstances it is impossible to remove these SAP's from the table.
: The workaround is to have all routers split-horizon SAP's. [CSCdi66719]

When configuring the nlsp router-subcommands max-lsp-lifetime and lsp-refresh-interval, these two lines are saved in the wrong order in NVRAM. This will cause the lsp-refresh-interval to be ignored after a reload (though it stays in NVRAM). During reload the following warning will show up:

: %NLSP: Refresh time must be less than LSP lifetime
: This bug will cause no real harm, as the router will only fall back to the default lsp-refresh-interval of 15 minutes. There is no workaround for this bug. [CSCdi66788]

Protocol Translation

On PAD-to-TCP and TCP-to-PAD translations, changes in PAD parameter settings can incorrectly cause Telnet option messages to be sent on the corresponding TCP connection even if the stream option is set. [CSCdi62987]
On TCP-X25 one step translations, data is not dispatched to the pad connection when the idle timer set by X.3 parameter 4 expires. A workaround is to use two step translation. [CSCdi64955]

VINES

VINES time server service may get out of synch when the system runs over 49 days. This is because only the low 32 bits of the internal clock counter are used when VINES computes network time. To give accurate time, the total elapsed time since system boot is now taken into account. This problem does not exist post-10.3 releases. When network time is out of synch, it is recommended that you either disable VINES time server service for Cisco IOS Releases 10.2 and 10.3, or upgrade to Cisco IOS Release 11.0 or 11.1. [CSCdi58105]
VINES clients running Oracle application program can not make connection to a server due to packet reordering when vines route cache is enabled. This problem has been addressed in 10.3(13). A suggested workaround is to use process switching for those applications which can not handle out of sequence packets. [CSCdi59059]

Wide-Area Networking

PPP authentication using method none clears the line when using VTY-Async interfaces.

: Workaround is being investigated. [CSCdi50049]

Edits of Default modemcap's is disallowed and if attempted will generate this warning: % Default modemcap entries cannot be edited [CSCdi54592]
ILMI has problems with sub-interfaces greater than or equal to 128 (0x80) and can confuse the switch. This problem appears with LANE on both Cisco 4500 and Cisco 7500 routers, but should not be related directly to LANE. A shut/no shut command sequence on the main interface resolves the problem. [CSCdi56903]
Cisco 7500 Series Routers with ATM Interfaces and SNMP enabled might experience the following timeout error:

: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, Process = IP SNMP -Traceback= 60160DB8 601564AC 601085BC 601D7F8C [CSCdi59897]

Router does not start V120 automatically if an ISDN terminal adapter connecting to an ISDN B-channel fails to signal V120 call type in the LLC information. [CSCdi60568]
Serial lines with SMDS encapsulation may take SegV catstrophic failures when enabled after reboot.

: There is no workaround. [CSCdi60761]

Bridging IP between two routers through an SMDS network may not work correctly if the IP session originates or terminates in the router, such as in the case of remote source-route bridging or data-link switching. If IP routing is turned on, this is not a problem. [CSCdi61364]
Due to a network outage, the router appears to use pvc 0/17 as last ressort to access the LECS. The problem is that when going to that method, the system never comes back to a classical ILMI LECS research. A clear atm-vc, shut/no shut does not help and a complete reboot is required. [CSCdi62111]
If you enter the controller command "pri-group timeslots xx-yy" on an active PRI, all active calls in that range of timeslots will be disconnected. [CSCdi62173]
An error in the AIP ucode introduced in aip177-2/rsp_aip205-2 causes a race condition in the microcode and commands from the RP/RSP are rejected. When this happens, the following console messages are logged:

: %ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1011, VPI=0, VCI=262) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC) %AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Teard own VC command (error code 0x8000) [CSCdi62445]

RFC 1483 transit bridging is broken. It will be fixed in the next release (112-0.17) [CSCdi62961]
The printer printer-name line number global command uses the newline-convert option as default. There is no way to get the router to work without either the newline-convert or formfeed option. [CSCdi63342]
If a Cisco 7000 router is forwarding a NetBIOS or NetBEUI packet from the ATM (LANE) cloud, the packet might be dropped. This occurs only with protocols that cannot be routed. [CSCdi63540]
Router may crash after issuing the sh ilmi command. [CSCdi63616]
The amount of free system memory may decrease when using the command dialer hold-queue over an ISDN interface. [CSCdi63716]
This bug is caused by receiving a message, usually a setup_ack, with the channel id ie and then receiving the connect with the same channel id ie. The router will send a connect_ack followed by a release. This is not the proper behavior and there is no work around. [CSCdi63895]
An unxpected restart or SCHED-3-PAGEZERO error will occur if an attempt is made to delete an undefined x29 profile from the configuration using the command no x29 profile name . [CSCdi64070]
This is a cosmetic fix. The 256kb/s is stated to an internal software define. This cause no harm and the call is actually a 64kb call. [CSCdi64603]
Part of the fix for CSCdi63245 broke bridging on HDLC links. This fix returns the broken code to its original state. [CSCdi64710]
[CSCdi64909]
With VIP1 carriers and two Fast ethernet Port Adaptors you may see the following error messages:

: *Aug 1 06:12:59.663: %RSP-3-RESTART: interface FastEthernet0/0/0, output stuck *Aug 1 06:13:00.179: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0/0, changed state to down *Aug 1 06:13:01.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0/0, changed state to up *
: There is no workaround you need to upgrade the IOS. [CSCdi64994]

The command service slave-log appears in the configurations of routers that do not support VIP cards. [CSCdi65773]
PAP authentication fails when using TACACS+ as authentication method for PPP [CSCdi66077]
Under unknown circumstances, an IPCP neighbor route may not be dynamically created as expected. [CSCdi66132]
The return call of callback may fail, if the initial call was on channel 22 of a primary-dms100 line AND if the enable timeout is less than 10 seconds.

: Increase the enable time to at least 10 seconds. [CSCdi66164]

Interface subcommand ppp max-bad-auth is not displayed in help. [CSCdi66659]

11.1(4) Caveats/11.1(5) Modifications

This section describes possibly unexpected behavior by Release 11.1(4). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(4). For additional caveats applicable to Release 11.1(4), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(5).

AppleTalk

ARAP connection failures resulting in BAD EXIT and FORCE QUIT error messages are occuring at higher rates in 10.3(x) releases with the use of 28,800 kbps (V.34/V.fc/V.FAST) modems. [CSCdi57713]
Router will crash if user queries for services in the virtual zone (configured via the 'appletalk virtual-network' command) from the Mac chooser.

: This only occurs in 11.2. For other releases, the source changes contain only minor internal fix. [CSCdi60845]

MacIP server will not give out IP address to MacIP client if the next address to give out is currently being use by a genuine IP device. The problem is the MacIP server does not skip over that IP address and assign the next available address and the process stucks. [CSCdi61526]
Router crashed when trying to send ZIP Query to a route that has been poisoned. This is a timing problem where a route comes in, ZIP Query are set to be sent out, but then the route is poisoned. Route flapping can cause this problem.

: This only occurs in 11.2. There is minor internal fix to prior releases. [CSCdi61658]

According to Inside AppleTalk, 2nd Edition, page 8-18, the router should convert NBP BrRq to NBP FwdReq packets. Instead, the router sends NBP LkUp packets for nonextended networks.

: Note: For routers that are directly connected to a Phase 1 (non-Phase 2) router in compatibility mode, the appletalk proxy-nbp network zone command must be used. This will allow the router to convert the NBP FwdReq to NBP LkUp to the Phase 1 router. [CSCdi61668]

Basic System Services

This is more a nuisance than problem. The issue is that the idle-timeout timer may be off by the timeout value. In other words, the timeout may not expire for a period of up to 2 * timemout-value. This is a bug in the idle-time code.

: If an idle time of 2 mins. is chosen, then the actual ACL may not idle out until 3.9 minutes after the last packet. Actually, it could idle out at any time between 2 - 3.9 minutes depending on when the last packet arrived. [CSCdi42319]

The queue-list [n] lowest-custom [m] will not appear in a write terminal although it is properly accepted and the functionality is working. [CSCdi46873]
When booting the bootldr image or the system image from flash on the RSP7000 or Cisco 7500 series platforms, the following messages may appear:

: %DBUS-3-NORESP: bad or no response, slot number -Traceback= hex number hex number ... hex number %DBUS-3-BADCTRLRTYPE: Invalid controller type 255 in slot number -Traceback= hex number hex number ... hex number
: These messages are associated with an FEIP, a CIP, or a VIP on the RSP7000 platform or with the VIP on the Cisco 7500 series platform. The messages indicate that the board is initially unresponsive to certain commands being issued at early stages of system initialization. However, the system is able to successfully reset and initialize the cards. As such, the messages represent no functional impact and can be safely ignored. [CSCdi47923]

If you set login local on a line, then try to reverse-telnet to it, the router opens the connection without authenticating. The workaround is to include a password entry on the line. If you do this, the login local command is evaluated and you must enter your user name and password (not the password you set on the line). [CSCdi49270]
In extremely unusual situations the router will display the following error message on a frequent basis:

: %SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000
: This message may eventually lead to the router haning. [CSCdi54119]

In some circumstances involving very large lease time values, DHCP will treat the lease as continuously expired. [CSCdi55476]
User should turn backing store ON for slow interface processors. Routers without slow interface processors suffer performance degradation during peak activity. [CSCdi57740]
No name is shown in the output of systat for PPP clients that were authenticated via CHAP using a RADIUS server. [CSCdi57834]
The first entry of a vty password using password encryption will fail to encrypt the password. In other words, even though password encryption is on, the un-encrypted password will be visible in the configuration. [CSCdi57850]
HSA Phase 1 does not support the VIP or CIP cards. Therefore the system MUST provide the customer with a message instructing them to remove the card. [CSCdi57905]
The "remote address" information from AAA is not propagated to RADIUS packets even when it exists. (This field contains CallerID info for ISDN calls.) [CSCdi58045]
Since the atm layer and the aal5 layer subinterfaces have no configuration options in the command line, it is inappropriate for them to be settable in snmp (ifAdminStatus sets). ifAdminStatus and ifOperStatus for these layers track the values for the main physical interface on which they are stacked. [CSCdi58631]
As of 11.1(1.3) and 11.0(7.1), the username is not displayed in the output of the show users command after Tacacs+ authentication on a vty-async connection. [CSCdi58991]
Autoinstall is not working in RSP. It is reported only in serial media; but, the problem is there in LAN media too. No workaround. Customer needs to upgrade to newer version which includes the fix for this. [CSCdi59063]
7507 with reloads with Segv exception when coded for direct-encapsulated RSRB. Workaround is to use FST or TCP encapsulation. [CSCdi59082]
RMON may cause thrashing on it's own queue while in permiscuous mode. A workaround is to only enable rmon in the native mode. [CSCdi59292]
The commands aaa authentication username-prompt and aaa authentication password-prompt do not exist, and the IOS-default prompts for Username and Password are thus not changable. [CSCdi59376]
If RADIUS servers are marked as dead (because of Radius-server dead-time command), they will not be un-marked even if they begin to respond to requests. This can cause authentication delays if several servers are marked dead, but only some of them are actually dead. [CSCdi60011]
- A user telnets in and enters user@host for a tacacs directed request. - The host is defined as an "ip host" in the config and there are two listed IP addresses. - If the first ip host fails to respond the request will ignore the second defined IP host address and default to the "tacacs-server x.x.x.x" IP address. The customer feels it should use the second defined ip host address.

: See the attached config for "ip host ttt" [CSCdi60064]

A prematurely-closed HTTP connection to the router may cause it to reload. [CSCdi60283]
Configuring ip tacacs source-interfacerequires that the specified interface exist at the time of this configuration. Due to command ordering in config file, this not always the case. [CSCdi60721]
HSA (dual rsp in 7507 or 7513) can now coexist with CIP interface processors. [CSCdi60833]
DHCP proxy-client feature does not release address leases when the router is being reloaded. [CSCdi60979]
An anomaly in the implementation of the Cisco IP Multicast MIB can cause spurious memory accesses, potentially resulting in a system reload. The anomaly, introduced in IOS 11.0(1.0.5), will only cause problems when IP Multicast is enabled and SNMP is used to retrieve certain instances of the ciscoIpMRouteNextHopMacHdr MIB object. Since a "MIB walk" can trigger the problem, the suggested workarounds are to either disable SNMP, or use an SNMP MIB view to exclude access to the ciscoIpMRouteNextHopMacHdr MIB object. [CSCdi61124]
Use of the show rmon filter command in 11.1 can cause a router core dump. A workaround to this is to only use SNMP gets to retrieve the information in the RMON filterTable and channelTable. [CSCdi61957]

DECnet

A router should send a CLNS redirect even if the source NSAP indicates that the sender is a Phase IV host, if the destination NSEL indicates that this packet is part of intra- Phase V cluster traffic.

: The fact that the NSEL indicates intra- Phase V cluster traffic and that the source was a IV host means that the packet was originated by a IV host, converted by the router and sent to one of the Phase V cluster members, who decided that this packet should be sent to one of the other cluster members. In this case, the packet is sent back to the router (since the receiver presumably has no idea where this other cluster member is), and the router should send a redirect to the cluster member who first received the packet, indicating that the intended recipient is on the same LAN. [CSCdi52326]

A DECnet "advertise" route (i.e. one created by the command 'dec advertise..') always remains in the "Down" state even when there is an ISO-IGRP route corresponding to the DECnet area.

: If there is a matching route in the CLNS prefix table, then the DECnet "advertise" route behaves correctly. [CSCdi58806]

A router running DecNet might present ALIGN-3-SPURIOUS error messages. This condition will occur only if the adjacency between neighbors expires.

: It is a cosmetic problem and has no other impact on the router. [CSCdi60716]

EXEC and Configuration Parser

When router reloads, the parser misinterprets the second line of an interface description and issues an error message. [CSCdi53912]
The configuration command ip radius source-interface is lost on reload. [CSCdi62197]

IBM Connectivity

In extremely rare circumstances, the router may crashed while removing RSRB peers. This might occur only when running an AGS+ and the CSC1R/CSC2R Token Ring boards. [CSCdi39270]
When automatic spanning tree (AST) is configured on multiple routers in a high-redundancy topology, a bridge protocol data unit (BPDU) broadcast storm might be triggered. [CSCdi41851]
For 11.1, Boundary Access Node has been implemented in our Frame-Relay Access Support feature set. This uses the Bridged-Format of RFC1490. It allows the user add to stations without having to re-configure the router as in the routed RFC1490 format or BNN(Boundary Network Node). The existing "show fras" command has been updated to include both BNN and BAN formats. There are a couple of problems on how the BAN portion of the show command is displayed. The first one is fairly obvious. The mac-addresses of the endstations are not displayed under the field "Destination Mac-Address". What is displayed is the BNI mac-address, which is not very useful. As a temporary workaround, the "show llc" can be used to verify which endstation mac-addresses the router sees. The second problem is that an extra output is always displayed. This can be disregarded since it does not pertain to any endstation. Both of these caveats will be addressed in an upcoming release. [CSCdi47909]
A Cisco 4700 router running DLSW+ and SDLC might crash in the SDLC process. [CSCdi48414]
When using Cisco's APPN/DLUR feature, a DLUR serviced downstream PU may have difficulty establishing a session with a VTAM host. The sense code issued is 80140001 [CSCdi50504]
- Release Note -

: SDLC test output is now sent to a telnet session when terminal monitor was turned on. If you are logged into the console, then the output is received fine. [CSCdi51539]

When using APPN/DLUR, and using the takeover logic where DLUR attempts to find a new DLUS for its served PUs, a possibility exists that the served PU will be rejected by the dlus on the first retry attempt. Subsequent retrys will succeed.

: In addition, a downstream PU may attempt to connect to a backup dlus prematurely when the primary should have been tried first. [CSCdi52060]

Unnecessary creation of RIF entries for bridged IPX explorers. [CSCdi52464]
When using APPN/DLUR, if the session pair between the DLUR and DLUS which transports SSCP/PU/LU data is interrupted at the exact time that the dlur is receiving data on the session, the DLUR may not recover properly, causing the new recovered dlus/dlur connection to appear up, but not transporting data correctly. [CSCdi53519]
In a parallel SDLLC network, the ACTPU RSP is never received by the host. [CSCdi55142]
The routers APING client which is invoked by the "appn aping" exec command always terminates with a deallocate(ABEND). This will result in an FMH-7 on the session indicating that the transaction terminated abnormally, even though everything was OK.

: This does not seem to have any impact on our users and the work around is to ignore the extraneous FMH-7 frame on any line traces you may be looking at. [CSCdi56698]

The APPN DLUR router may unbind LU sessions with the DLUS and the downstream node if fixed pacing was enabled on the session bind request from the DLUS. If this is the case, when the user attempts to logon from the downstream device, the USS message 7 with a sensec code of 0835 0009 may be displayed. [CSCdi57729]
On rare occassions, CSNA Virtual Port X/2 may hang in down/down state following a Shut/No Shut or Microcode Reload of the Channel Interface. The workaround is to reload the router. [CSCdi58517]
ipx compression cipx not accepted under interfaces configured with ipx ppp-client statements. [CSCdi58638]
When using APPN/DLUR in a multiple VTAM host environment, issueing v inact,force on the lu name from the DLUS host does not cause proper cleanup of the existing LU-LU session that may have been up at the time of the inactivation. When the LU is reactivated, session establishment may be impaired since the application host and the dlur believe the original session is still active. [CSCdi58699]
If you encouter a problem with fras at a level greater that IOS 10.3(7.5) and you receive a message "IBM: Unknown L3 PID, fr_doencap failed" backoff to down to 10.3(7.5) or lower. Engineering is currently investigating. [CSCdi58769]
The router is crashing with message System restarted by bus error at PC 0xD0D0D0D, address 0x0. The crash happens when using promiscuous TCP peers. The crash occurs when peer structures get deleted (transmission line problems, peer routers reloads etc.) while still being used by TCP. THe work around is to define static peers. The fix is now available in 10.3(12.1). If there is a stack trace action_b() will be one of the entries.

: Note: CSCdi61278 is a follow on fix to this problem. [CSCdi58842]

Directed source-route bridge frames with control field of 010 instead of the more usual 010.The architecture supports a control field of 0XX for nonbroadcast frames so this appears to be a bug. [CSCdi59100]
Some recent enhancements to use managed timers in cache management routine resulted in this crash situation.

: This crash was also reported by the ARF group, and has now been fixed in 11.1(4) [CSCdi59856]

LNM Resync command does not work with 10.3(10.2) on 7000 if the router is configured for IBM automatic spanning tree support. [CSCdi59890]
The QLLC features, npsi-poll and proxy XID, were not operating correctly for DLSw+. [CSCdi60002]
DLSW LLC Ethernet 80d5 bad frames after a llc retransmission [CSCdi60102]
The Cisco APPN feature may reject a connection attempt from a partner node which has changed its support of the parallel tgs on xid3 due to reconfiguration, software change, use of a different product, etc. [CSCdi60238]
When the circuit objects are received from the remote router, the Origin MAC address and SAP are shown as the Target information and the Target MAC address and SAP are shown as the Origin information. [CSCdi60286]
When a management station gets DLSw circuit information, the values received for DlswCircuitEntryTime and DlswCircuitStateTime are incorrect. [CSCdi60356]
APPN/DLUR may leak very-big buffers in some situations when it is retrying connections to a DLUS. The show buffer command will show a large number of very-big buffers have been created and relitively few will be in use. [CSCdi60931]
stun schema cnt offset 0 length 1 format hexidecimal must be entered as stun schema cnt offset 0 length 1 format hexadecimal but is saved as stun schema cnt offset 0 length 1 format hexidecimal When the router is reloaded the following error is printed d7c#conf mem

: stun schema cnt offset 0 length 1 format hexidecimal ^ % Invalid input detected at '^' marker. [CSCdi60992]

When using APPN/DLUR, the Cisco network node will never set the response indicator in XID frames that it generates, even if it sends the XID frame in response to a command xid received from the partner node. There are some implementations of pu2.0 and pu2.1 devices that cannot recover from this, even though most do. [CSCdi61157]
Parser help for "fras map" commands is not working perfectly. Workaround is to use manuals. [CSCdi61263]
The router is crashing with message System restarted by bus error at PC 0xD0D0D0D, address 0x0. The crash happens when using promiscuous TCP peers. The crash occurs when peer structures get deleted (transmission line problems, peer routers reloads etc.) while still being used by TCP. The work around is to define static peers. If there is a stack trace action_b() will be one of the entries.

: This ddts is a follow on fix to CSCdi58842. [CSCdi61278]

Enable DSPU/FDDI support for end-stations attached directly to FDDI media [CSCdi61351]
This message is harmless. It was added in a previous release to detect a race condition that caused a crash. This ddts fixes the race condition.

: Previous crashes that were likely caused by this race condition : CSCdi61278 CSCdi58842 [CSCdi61790]

When configured on a Channel Interface Processor (CIP) interface, the ip mtu command is removed from the configuration after a microcode reload or EOIR event. [CSCdi62273]
When an explorer frame is received, if a cache entry is found, CSM gets into verify mode and verifies the reachability entry even when the reachability entry is freah. [CSCdi62434]
End station sessions can not be established using an FST over ATM DLSw peer. [CSCdi62521]
FastEthernet and FDDI interfaces are not supported on the interface parm of the "dspu host/pu" and "sna host" commands [CSCdi62916]
CM/2 1.1 has a problem setting the bind pacing indicator in the bind response which can cause 3270 sessions though Cisco's APPN/DLUR to fail with sense 10020000. Cisco is able to workaround the problem by resetting the bind pacing indicator before passing the bind response on to VTAM. [CSCdi62917]
Several 3270 emulators cannot handle fixed pacing and require a non-paced secondary send stage to function properly. To interoperate with these emulators, Cisco APPN/DLUR must support and default to non-paced traffic on the secondary stage for dependent LU sessions managed by dlur.

: Prior to this fix, an emulator session requireing non-paced traffic would fail with sense 20110005. [CSCdi63136]

Interfaces and Bridging

While doing "show ip cache" when autonomous switching is configured CBUS cache hits always remain at 0. [CSCdi35663]
Turning on ipx route-cache sse with microcode version SSP10-12 or SSP10-13 produces a mismatch between the frame length on odd-byte 802.3 IPX packets and the 802.3 length. Novell devices might not recognize these packets, resulting in communication timeouts.

: The following three workarounds can be used:
: -- Turn off padding on process-switched packets via the command: no ipx pad-process-switched-packets
: -- Configure the router for Autonomous Switching instead of SSE switching via the commands: no ipx route-cache sse ipx route-cache cbus
: -- Turn off SSE switching: no ipx route-cache sse [CSCdi42802]

The channel interface supported by the MIP on 7000/7500 platform cannot adequately sustain bursts using priority/custom/weighted fair queueing due to lack of flow control mechanism designed for each channel interface. The non-busy channels can be starved by an overloaded channel.

: A flow control mechanism is provided to in the RSP platform in Release 11.1 and later Releases. Each interface will be assigned an transmission queue accumulator. The accumulator used can be found using show controller cbus. The value of the accumulator indicates that number of packets the MIP can transmit. The value is set by the system optimally based on the line bandwidth and other resource constraints. However, the limit can be changed by tx-queue limit n. When change the limit, a CE should be consulted.
: The RP platform has to be upgraded with a RSP7000 to get this feature. [CSCdi44333]

FEIP's keepalive will not detect line protocol down (disconnected cable) when configured for full duplex so reliance on this feature to detect cable faults is inaccurate. The only known workaround is the periodic tracking of successful transmissions/reception on the suspect interface. [CSCdi48337]
Under rare conditions packets could leak. The conditions were: - when an incoming compressed frame-relay packet was received but frame-relay compression registry was nnot available - when an incoming compressed fr packet was received but the decompression context did not exist.

: Condition (1) could result in a large leak. Condition (2) would leak until the context was dynamically created, generally in about 1 second. [CSCdi54825]

NO-CARRIER message is displayed for the 1FE port which is configured for MII while booting the predator box. This bug will show up in 11.1(471) and 11.1(472) and is fixed in 11.1(5) release onwards. [CSCdi55145]
After issuing "sh cont cam" and pressing space bar to page down, the router hangs and has to be power cycled to continue. [CSCdi56241]
IP mulitcast traffic will get process switched instead of fastswitched. [CSCdi58035]
If the transaction id of the incoming NIF request is zero the transaction id in the NIF response from the router may not necessarily be zero. [CSCdi58069]
If a serial interface on FSIP sees lots of giants, then there is a chance to get %DBUS-3-CXBUSERR: Slot x, CBus Error. If Slot x has FSIP then look into sh int for this slot. If any of the serial interface on this slot shows giants, then chances are high that this bug is causing the problem. This will happen in both 7000 and RSP. If this error occurs, see sh int of the above slot. The workaround is to load the new image which contains new ucode (fsip10-15 or latter for 7000 and rsp_fsip202-5 or latter for RSP).

: /Ramki [CSCdi58194]

An AGS running 11.0(8) with a CSC-C2FCI doesn't bridge ethernet packets encapsulated in a fddi frame correctly.

: Work aroung is to run 10.3(x). [CSCdi59204]

Transparent bridging over token ring on 2500, 4000, and 4500 failed due to a bug introduced in 11.0(8.4), 11.1(3.1) until today (6/5/95). [CSCdi59627]
7500/RSP performance is degregated with ISL,fast-switching and access-lists applied. Work-around is to disable fast-switching on the main interface.

: Cisco Systems expects to resolve this caveat in a future IOS release. [CSCdi59825]

This only applies to 11.1 (471, 472)

: When a mac-address is changed on any ethernet interfaces on VIP/VIP2, It has to be followed by a micro reload in order to make the mac-address change effective. This will be fixed in upcoming releases 11.1(5). [CSCdi61457]

If IPX broadcast packets are present on a token ring attached to a 4000, 4500, or 4700 router, and neither IPX routing nor bridging is configured on the router, the router will lose other broadcast packets on the token ring. This can cause secondary failures in protocols such as EIGRP and IS-IS.

: A workaround is to configure "ipx routing" (it is not necessary to assign any IPX addresses in the router, so it will not actually participate in IPX.) [CSCdi61501]

Async lines on an AS5200 may become hung and cannot be cleared with "clear line." Issuing the line subcommand "no modem shutdown" on the affected line will restore it to service. [CSCdi62565]

IP Routing Protocols

OSPF fail to install parallel external route, which LSA has no forwarding address set, through multiple ABRs. [CSCdi45110]
IP accounting does not contain valid entries. The source and destination ip addresses do not exist in the network. The invalid host entries in the ip accounting table only appear at power up and only with the aip card in the 7000. This impacts the accounting and the cpu utilization goes up by approx 10%. There is no known workaround except when the customer removes the AIP. This is known the appear in releases 10.3.5.4 and 10.3.7. [CSCdi45135]
The HSRP command standby track interface priority cannot track the status of a subinterface. [CSCdi54969]
If there is a very large set of IP cache entries created because of the same IP route, for example, the default route, CPUHOG would happen for the routing protocol when the original route change and the router clear the related cache entries. Although the cause of the CPUHOG is the IP cache invalidation, but the CPUHOG will indicate the routing protocol as the guilty one. [CSCdi55725]
During show ip ospf, if ospf is unconfigured, probably through a different session, the router would crash. [CSCdi58092]
When there are many HSRP groups configured on a FDDI interface, it becomes more easier to see interface resets.

: When a HSRP group changes from active state to any other non-active state, HSRP will reset the interface to de-register the virtual MAC address from the address filter.
: The disruption may become unexceptable if there are many HSRP groups on a fddi interface change state many times in a short period of time.
: But the bad situation was seen when there were over 60 HSRP groups defined on a fddi interface.
: I would say the severity of this bug depends on the number of HSRP groups defined on a fddi interface.
: Now for this bug to kick in the HSRP state has to change and for that to happen we have to miss 3 HSRP hellos (9-10 secs). [CSCdi59054]

With IGRP and RIP, IP unnumbered interfaces using PPP encapsulation receive but do not process routing updates of Major Network Summaries correctly. The major networks show up as host routes instead of network routes. This affects all ip unnumbered interfaces using PPP encapsulation which are pointing to different major networks. This affects dedicated links as well as DDR links using RIP or IGRP.

: The workaround for this problem is a floating static route for the majornet matching the PPP created host route using a majornet mask pointing to the PPP created host route. i.e., if the host route is 192.1.1.1, then using 'ip route 192.1.1.0 255.255.255.0 192.1.1.1 250' should cure the problem. [CSCdi59425]

If a non-summary route is present in the routing table that exactly matches an EIGRP summary route, but the summary route is not in use (because there are no more specific routes), the route will be advertised only on interfaces on which the summary is configured.

: There is no workaround to this problem. [CSCdi59446]

4500/4700 - HSRP on ethernet interface may come up in a state of init with timers set to 0 upon reloading of the router.

: To recover, perform a shut/no shut on the interface. [CSCdi60445]

Under some circumstances, EIGRP summary routes may remain in the routing table even though all more specific routes that were part of the summary were deleted. The workaround is to delete and reconfigure the summary (if manual) or disable and reenable autosummarization (if automatic). [CSCdi60515]
Deconfiguring an IP output access-group on a subinterface causes the IP output access-list checks to be disabled for other subinterfaces of the same hardware interface. [CSCdi60685]
A router running EIGRP (Appletalk, IPX, or IP) which has input route filters configured may improperly filter routes that it should install.

: Additionally, if a router running IPX-EIGRP receives an update containing an external route that was originated by the router itself, the rest of the update will be ignored.
: There is no workaround to this problem. [CSCdi61491]

IP ARP mobility causes unnecessary routing protocol updates by deleting and then re-adding the same route repeatedly (and hence wastes CPU).

: Also, attempts to refresh ARP entries every minute, rather than every keepalive interval. [CSCdi61730]

Input queues may become full running IP multicats. The only way to clear them is to reload the router. [CSCdi61826]
RIP debug needs to be changed to reflect sending to the subnet address, rather than just to the broadcast 255.255.255.255 [CSCdi61892]
OSPF corrupts memory thus possibly causing the system to reload. [CSCdi61956]
When an interface flaps, it is possible for OSPF to remove a healthy network LSA accidently and result in a missing route. This happens in the situation where a segment flaps causing the interfaces of multiple routers to flap at the same time. The DR will bounce from one interface on one router to another interface on a second router and back to the first router. During the transition the network LSA of the common segment will disappear causing that subnet not to show up in the routing tables. [CSCdi61982]
Regression introduced by CSCdi61328 (in 10.3(12.4), 11.0(9.3), 11.1(4.2) and 11.2(0.14)): A router running OSPF may reload if there are parallel intra-area paths. [CSCdi62870]

ISO CLNS

A router running IS-IS will not clean up its adjacency database properly when switched from being a level-1/level-2 router to being level-1 only. A workaround is to manually clear the adjacency database (using the "clear clns neighbors" command) on the reconfigured router and on all of its neighboring routers, or restarting the router. [CSCdi58953]
If IP-ISIS is configured on an unnumbered interface, the route corresponding to the numbered interface pointed to by the unnumbered interface may be reported multiple times in that system's LSP. There is no workaround for this problem. [CSCdi60661]

Novell IPX, XNS, and Apollo Domain

The NLSP next hop uses a different addressing scheme than RIP. This may cause an issue when setting up dialer maps. A workaround for it is to configure a dialer map that uses the same addressing scheme as NLSP. [CSCdi37797]
IPX SPX spoofing might fail when using RPRINTER across a spoofing interface. [CSCdi42806]
On a router running both IPX RIP and IPX Enhanced IGRP, turning off IPX RIP on the router using the command no ipx router rip and then turning it back on again causes a spurious no redistribute rip command to appear under the ipx router eigrp AS command. [CSCdi47813]
When an EIGRP route is lost, it is placed in holddown. The hold down time takes 300 seconds to expire. This DDTS reduces it to 5 seconds. It also provides a new subinterface command ipx hold-down eigrp AS# xxx where AS# is the autonomous number and xxx is the hold down time in second if the user wants a longer or shorter hold down timer. [CSCdi57042]
This was because 1. we were not looking at the maximum limit on the number of parallel paths, while learning sap's. 2. we were not pruning the sap list, in case the maximum-paths is reduced. [CSCdi59116]
Under certain conditions, an alignment error may be generated when an IPX fastswitch cache entry is created. Specifically This can occur on token ring or fddi when multiring is configured and a RIF is present for an odd number of hops. [CSCdi60014]
Doing 'no ipx router eigrp xxx' may cause the router to reload if there is a lot of saps in the router and while the sap table was changing. [CSCdi60174]
The following new command sets a maximum limit on the number of cache entries:

: ipx route-cache max-size size
: size is the maximum number of entries allowed in the IPX route cache.
: If the cache already has more entries than the specified limit, the extra entries are not deleted. To remove stale entries, use the ipx route-cache inactivity-timeout time command to select a suitable value for the cache aging parameter. [CSCdi60228]

IPX Services with a route metric of 1 tick and 1 hop away will show as "conn" in the show ipx server display. Only those directly connected services should show as "conn". [CSCdi60499]
This bug would have slowed down the cpu a little in doing the alignment correction. Other than that, it wasn't really a bug. [CSCdi61153]
When the optimal sap is lost and NLSP has an alternate path to the same sap, the alternate sap was never installed. [CSCdi61173]
A 7500 fast-switching IPX traffic might demonstrate excessive CPU utilisation in the 90-100% range though forwarding a moderate amount of traffic (less than 5000 pps). Alignment errors in the fast switching path occuring on some specific IPX frames cause this incorrect behaviour. [CSCdi61334]
If an IPX EIGRP distribute list access-list is changed EIGRP might not be notified of the change and the nieghbors may contain information which violates the filter. [CSCdi61632]
Defining a static IPX route using the peer address of an IPXWAN neighbor may fail with a message about multicast addresses. The workaround is to avoid using eight digit IPX Internal Network numbers which have an odd numbered first byte. A 7 digit or fewer length IPX Internal Address also will not give this error message. [CSCdi61993]
CSCdi63412 introduced an alignment error, in particular for IPX frames routed from Token Ring networks with multiring enabled. Alignment errors occur in process-switched and certain fast-switched paths. [CSCdi63741]
CSCdi58363 introduced a problem where NLSP-learned servicex and SAP-learned services overwrite one another, causing unstable service table information. This is particularly a problem in networks with redundant paths. There is no workaround. [CSCdi63771]

Protocol Translation

The count of active users of an inbound TCP protocol translation can be incorrect, if the printer option is used, and outgoing connections fail. [CSCdi59591]
The tcp source-interface option is incorrectly added in NVRAM to a TCP--PPP translation if IPX is also used on the translation. [CSCdi60436]
The stream and binary keywords do not have the correct effect on the outgoing TCP connection when translating from X.25 to TCP, if the swap global option is also used. [CSCdi60641]

Wide-Area Networking

Pings across a BRI ISDN channel when using X.25 encapsulation. [CSCdi33844]
No user action is required when the ATM-4-OVERSUBSCRIBED appears, so this message has been moved to only appear during debugging. [CSCdi55228]
NASI server fails to start automatically after a reload. [CSCdi55494]
The ATM Interface Processor (AIP) used with a RSP processor may stop receiving data if OAM cells are inserted in the incoming cell flow. [CSCdi55512]
Lane interfaces (atm sub-subinterfaces used foe LEC) appear as non-broadcast. This appears for ospf (workaround is to explicitly mention it is broadcast) or with ntp. [CSCdi55849]
When used as a LANE server (LECS, LES, BUS) as well as ARP server with RFC1577 in a network, LANE will work well. However, RFC 1577 will not work correctly. Although the MTU is set to 1500 to support both features, a CIP ARP is not possible. [CSCdi56175]
Under very rare timing circumstances, a router or c5000 running a LANE server-bus (LES/BUS) can issue

: %LANE-3-LANE_SIG_INV_MSG: invalid msg received (4 A8CF4E A)
: The error is harmless .... The LES/BUS continues to operate normally after this message. [CSCdi59010]

When the atm link is up but LANE does not get operationnal to a certain point (for instace ILMI ko), the system will consider subinterfaces as up although associated LECs are not operationnal. By this way, the system will give routing problems. [CSCdi59709]
For MIB-II based mibs which reference ifIndex values, some mib object instances will incorrectly reference the physical ifIndex value instead of the logical ifIndex value a given mib entity was discovered on. There is no workaround for this, other than knowing that the ifIndex value returned is thf physical or lowest layer in the ifStackTable, and referencing that table to see if there are any higher (logical) layers stacked above the physical layer, from which the given information may have been learned. This only affects releases which support rfc1573 (11.1 and beyond). [CSCdi59866]
When configuring on a LANE interface a bridge group, the system will not be able to discover EIGRP neighbors on these ELANs. Removing the bridge group will allow to find neighbors. Problem appears in 11.1.3 and 11.1.3.3 [CSCdi60268]
Release-note This bug was cloned to CSCdi63716, and ultimately fixed in 11.0(10.3), 11.1(5.4) and 11.2(0.22).

: If dialer holdqs are enabled, an outbound call could crash the box. [CSCdi60578]

The Frame Relay MIB counters, including

: frCircuitReceivedFECNs Counter, frCircuitReceivedBECNs Counter, frCircuitSentFrames Counter, frCircuitSentOctets Counter, frCircuitReceivedFrames Counter, frCircuitReceivedOctets Counter,
: would be reset resulted by the "clear counters" exec level command for the interface over which the FR circuits were established. [CSCdi60658]

Configuring the nasi enable command will result in the following unwanted line in the config:

: ipx route-cache nasi-server enable [CSCdi60747]

There is no way to prevent the "Trying..." message when making a pad call using the pad exec command. A new option, /quiet, is provided to suppress these messages. [CSCdi60860]
It is currently not possible to fastswitch between secondary ip networks defined on LANE subinterfaces. This can make LANE less performant than ethernet. A workaround is available if only one vlan needs to be defined (one LEC). We configure it on the main interface which allows fast-switching if 'ip route-cache same-interface' is configured. [CSCdi60896]
For ATM interfaces, MTU is no longer bound by what is configured on the major interface. By default, MTU on a sub-interface will be that of the default MTU (4470). Configuring an MTU value on the major interface does not change the MTU on the sub-interfaces

: If a LANE client is configured on a sub-interface, the MTU on that sub- interface will be 1500. If rfc1483/rfc1577 clients are configured, the MTU is 4470.
: MTU can be changed on a sub-interface basis. The maximum datagram that can be sent out of the ATM interface is governed by the MTU configured (either on the major or on the sub-interface). The largest configured value is used for carving up buffers. [CSCdi61523]

Receipt of a data or reset packet on an X.25 permanent virtual circuit (PVC) that is switched over a TCP connection (XOT), while it is waiting to connect with the remote TCP peer, delays the setup of the TCP connection with that peer. If data or resets are received often enough, the setup can be delayed indefinitely. [CSCdi61933]
The cause of last failure does not appear correctly in the sho lane config. Problem with signed/unsigned integer probably. Cosmetical problem. [CSCdi61984]

11.1(3) Caveats/11.1(4) Modifications

This section describes possibly unexpected behavior by Release 11.1(3). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(3). For additional caveats applicable to Release 11.1(3), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(4).

AppleTalk

The BADEXIT error messages for ARAP need to be more specific about the problem being encountered. [CSCdi57035]
SMRP packets coming in to FDDI interface are dropped.

: Workaround:
: Disable SMRP fastswitching on FDDI interface via "no smrp mroute-cache". [CSCdi57119]

Users may see AT-2-ASSERTFAILED messages when router is misconfigured. [CSCdi57321]

Basic System Services

Reloading the microcode from ROM on an Interface Processor board in a Cisco 7500 series router can cause the system to enter a rebooting loop that requires a system reload for recovery. The ROM-based microcode on the Interface Processors is only compatible with Cisco 7000 series routers. [CSCdi44138]
RADIUS will continue to attempt to authenticate the user even if they have hung up the phone (on a dialin line) or otherwise disconnected. When the authentication fails or succeeds, the software will notice that the line is no longer active. [CSCdi46597]
RLogin will not use an alternate TCP port, even if it is supplied by the user. [CSCdi49556]
A Cisco 7500 series router can crash if Frame Relay interfaces are active. [CSCdi49868]
When authenticating using PAP, AAA and RADIUS or TACACS+, the remote client may retransmit an PAP repsonse if the authentication server is slow to respond. This second authentication may have unexpected side effects in the case of accounting, one-time password systems, or server performance. [CSCdi51333]
On RSP interfaces, optimum switching is supposed to be the default. However, depending on the link order of the image, it can default to off. [CSCdi54567]
The UDP ports used for RADIUS authentication and accounting should be configurable, and it should be possible for accounting and authentication packets to go to different hosts. [CSCdi54704]
The 32mb memory option on the 4000m splits memory up into 2 discontiguous chunks. This breaks the uncompress routine which expects memory to be contiguous as well as making the upper 16Mb of memory inaccessible. The memory test also fails to recognize the 2 chunks. [CSCdi55171]
NTP will occasionally get a %SCHED-3-THRASHING error. There is no workaround to this problem. [CSCdi55346]
An attempt to use the RADIUS "Access-Challenge" feature (used for authentication with some smart-card access systems) will cause a Cisco router running RADIUS to spontaneously reload, indicating a memory allocation failure. [CSCdi55467]
When using Kerberos authentication for dial-in, the router will crash any time the second dial-in connection is initiated if the userid contains a slash. It should be noted that it appears that Microsoft prepends the domain information to the userid and separates the domain and userid with two slashes. [CSCdi55541]
Under some conditions SNMP queries of the CISCO-ENVMON-MIB can cause the system to reload. This occurs when an SNMP get-request is received that tries to retrieve instance 0 of an object in the ciscoEnvMonSupplyStatusTable. Since the instances of this table start with 1, the correct processing is to return a noSuchName error (or noSuchInstance if SNMPv2 is used). A workaround is to not use SNMP get-requests that specify instance 0 for objects in the CISCO-ENVMON-MIB. Instead, applications should either use SNMP get-requests starting with instance 1, or else use SNMP get-next-requests or get-bulk-requests. [CSCdi55599]
All ATM OAM frames will be dropped on the RSP, and will not be processed. [CSCdi55969]
The error message %ALIGN-3-SPURIOUS: Spurious memory access made at 0x........ reading 0x0 may be displayed on a RISC processor based Cisco router when CDP is enabled. This has no observable impact on router behaviour. [CSCdi56020]
Configuring custom/priority queueing on an MBRI interface causes performance degradation. [CSCdi56473]
The IOS will not generate any "system accounting" packets, even though configrued to do so. This is a regression first occuring in 11.1 software. [CSCdi56552]
A router with ip http server configured may pause indefinitely and unexpectedly restart when a connection is attempted from a chimera web browser. A workaround is to use different browser software. [CSCdi56662]
RADIUS accounting packets may contain SERVICE-TYPE=Framed-User attributes with invalid values of the FRAMED-PROTOCOL attribute when the IOS attempts to do connection accounting (which has no exact equivilent in radius.)

: RADIUS accounting packets will not contain a CLASS attribute, even if one was supplied during authentication.
: RADIUS packets may contain a NAS-IP-ADDRESS attibute other than the address of the interface specifed by a ip radius source-interface command.
: A RADIUS REPLY-MESSAGE attribute sent to a cisco in an ACCESS-ACCEPT or ACCESS-REJECT packet will not be displayed to the user. [CSCdi56667]

Gets error messages in log %SYS-2-GETBUF,Bad getbuffer, bytes=64576, Proc=ip snmp upon frequent snmp polling in 11.1 code. [CSCdi56776]
If a user types ENTER at the username prompt, the IOS RADIUS will send an accesss-request packet containing a null username, which is a technical violation of the specification. [CSCdi56854]
RADIUS does not support the if-needed method for PPP CHAP authentication. [CSCdi56920]
Access to the http server on the router should be able to be limited via the use of the access-group command. [CSCdi57075]
If you are running SNMP and have more than approximately 512 interface addresses, you may get the following error messages:

: % Maximum number of parties reached. % Memory allocation failure
: You can ignore this if you are not using SNMPv2 and parties. [CSCdi57672]

RSP-3-RESTART: interface Fddix/0, output stuck might be reported when heavy traffic is switched to a FDDI or HSSI interface. txacc value would show an abnormaly low value on the affected interface. 11.0(8) is the only maintenance release where this occurs. [CSCdi58659]
The privilege, callback-dialstring, and nocallback-verify options to the username global configuration command can be written incorrectly to nvram. [CSCdi58793]

DECnet

When DECnet conversion is enabled, discard routes are inserted into the Connectionless Network Service (CLNS) routing table. [CSCdi40503]

EXEC and Configuration Parser

The terminal download EXEC command cannot have a privilige level assigned to it using the with the privilige command. [CSCdi52164]
When using a backslash ("") in commands, the parser will disregard the backspace if it is preceded or followed by a space. For example, in a chat script, "ATDTT" will be interpreted correctly but "ATDT T" will not. [CSCdi55084]
The "write memory" and "copy running-config startup-config" command now work at privilege level 15.

: The remaining "write" and "copy running-config" commands still operate at the users current privilege level due to security considerations. [CSCdi55809]

The ipx gns-response-delay command will accept a range of values from 0-4294967295. If very large values are entered the configuration will display a negative value and unexpected results will occur. There is no reason to enter such large values (greater than approximately 500 hours). [CSCdi58426]

IBM Connectivity

When a Synchronous Data Link Control (SDLC) device is reloaded, the connection is not automatically reestablished. To reestablish the connection, issue the configuration commands shut and no shut. [CSCdi42369]
We allow the definition of a link as a limited resource, but the function is not supported. [CSCdi45410]
On a c7xxx router installed with a CIP running CSNA, if you turn on 'debug channel vlan', you get the following message

: CIP ILAN(Channelx/2-TokenRing): packet dropped - vencap failed
: for explorers received on the router that are not destined for any of the CIP internal LAN MAC addresses. For these explorers not destined for a CIP internal LAN MAC address, the above debug message should not be displayed. [CSCdi46832]

Interfaces that have physical Units (PU) that are SDLC attached using DLSw+ will hang in the XIDSENT state after forwarding a non-activation XID3 message. Interfaces that have the PU token ring attached are not affected. [CSCdi47090]
DLSW debug - change dlsw debug to allow more options - netbios, no iframes, etc [CSCdi48007]
dlsw netbios slow session bring up [CSCdi50688]
If the link to the host goes down while APPN is active with DLUR sessions, there may be some memory leaks. [CSCdi51537]
A Cisco 4700 router may report intermittent "SYS-2-LINKED" error messages even though there is no memory shortage. [CSCdi52327]
When using DLSw direct encapsulation over frame relay with pass-thru mode, SNA session between PC with Attachmate and the FEP can not established.

: Work around is using direct encapsulation over frame relay with local-ack. [CSCdi52568]

In some mixed vendor bridge environments, Automatic Spanning Tree may not become active if the Cisco platform is the root bridge. The message-age-increment option is now available as part of the source-bridge spanning command to assist with the message age count manipulation. This hidden command may be needed when the existing MAXAGE value is insufficient for network diameter and the maximium age is not configurable by the vendor bridges. [CSCdi53651]
While running APPN with lots of intermediate sessions, a cpuhog message in xxxcss00 may be displayed. [CSCdi53774]
If a new CIP Internal LAN Interface is added following a dbus internal error, the CIP Virtual Port x/2 may not be found. The workaround is to reload the router. [CSCdi54224]
There is a problem which results in token ring ports being enabled for use by DLSw even if they are not defined to bridge to a virtual ring group. [CSCdi54558]
Some NetBIOS applications that require a UI frame in response to Add Name Query cannot connect using a DLSw peer on demand if the NetBIOS circuit is the initial circuit that triggers the peer-on-demand to connect. [CSCdi54796]
A Sniffer trace shows duplicate ring numbers in the RIF when proxy explorers are in use. New SNA sessions fail to connect to the FEP. The workaround is to issue the clear rif command. [CSCdi55032]
When a DLSw peer router is reloaded and a DLSw peer connection is attempted while ip is converging, the peer conection may enter a connect loop that may cause a several minute delay in the peer connection process. [CSCdi55437]
Unable to configure multiple qllc dlsw ... commands. [CSCdi55749]
no source-bridge remote-peer may cause the router to reload. This has been rarely observed. [CSCdi55919]
If frames between Token Rings or to or from Ethernet are handled by SRB/SRTLB and one of the local ports is configured for local switching, frames between the local switch port and other LAN ports are handled by DLSw. But when a test frame from a Non Local switch port is re-tried, the frame is sent incorrectly to all ports (including non-local switch ports) instead of being sent only to Local Switch Ports. Note that when a frame is received from a Local switch port, the correct behavior for re-tries is to send to all ports. [CSCdi56281]
A connection to a DLU (DSPU or APPN) across RSRB may fail if the remote SAP address is not enabled at the destination router. The workaround is to enable the remote SAP address. [CSCdi56660]
Spurious accesses when source-bridge proxy-explorer configured. [CSCdi56744]
A problem has been discovered with the Cisco 2520, 2521, 2522, and 2523 routers where the router can experience poor Synchronous Data Link Control (SDLC) performance on the low speed asynchronous/synchronous serial ports (interfaces serial 2 through serial 9). The low speed asynchronous/synchronous serial interface has trouble maintaining clock synchronization when configured for all of the following parameters at the same time:

: - encapsulation sdlc-primary or encapsulation sdlc-secondary - nrzi-encoding - The interface is configured as a DCE.
: The low speed asynchronous/synchronous serial interface may drop SDLC frames with this configuration. The symptoms of this problem are poor performance and excessive Cyclic Redundancy Check (CRC) errors on the interface (as seen via the show interface command).
: The fix for this problem requires: hardware version 00000002 and a software fix for this defect, which is incorporated into Cisco IOS Release 11.0(9) and 11.1(4), and later. All Cisco 2520, 2521, 2522, and 2523 routers manufactured before May 24, 1996 are subject to this problem.
: To identify whether your router is affected, issue a show version command. The hardware revisions that are subject to the problem are "00000000" and "00000001". Hardware revision "00000002" contains the hardware fix that resolves this problem:
: cisco 2520 (68030) processor (revision E) with 4096K/2048K bytes of memory. Processor board ID 02351913, with hardware revision 00000002 [CSCdi57040]

DLSw FST encapsulation does not work over WAN, Token Ring, or FDDI interfaces. [CSCdi57207]
APPN pings from this NN across a border node fail. (Sessions from attached ENs work correctly.) [CSCdi57323]
An APPN router may unbind an LU6.2 session after receiving an unsolicited IPM with a nonzero next-window size. [CSCdi57730]
For DLSw FST over WAN frame-relay, peers will connect, but user circuits will not connect. [CSCdi57997]
In any software image with CSCdi55177 integrated, you will see the DLSw+ backup-peer brought up while the primary peer is still up, approximately 10-15 seconds later. This backup will stay active despite the fact that the primary is connected. [CSCdi58140]
When a 4000 DLSw router configuration is changed to include DLSw priority, the router may reload. [CSCdi58884]
SDLC serial link wedges at 76/75 in DLSW environment. UA frame leaks while SDLC Primary port is recovering the line. [CSCdi58956]
Four changes need to be made in the support for show dlsw commands: show dlsw peer needs to be modified so the fields line up properly when using frame-relay direct encapsulation peers. show dlsw reachability requires the ability to search the reachability cache for a particular MAC address or Netbios Name. show dlsw circuit requires the ability to show all circuits matching a particular MAC address or SAP. In addition, an option will be added to allow show dlsw circuit detail , which will show additional information about the circuit. show dlsw local-circuit also requires the ability to show all circuits matching a particular MAC address or SAP. [CSCdi59064]
DLSw+ responds to pending explorers as soon as the first response is received from the peers. This may result in DLSw using a peer with a higher cost to setup a circuit.

: This is fixed by providing the user with the following command to set up the amount of time DLSw should wait for responses from other peers. [no] dlsw timer explorer-wait-time seconds
: The default value of the timer is zero. This causes DLSw to respond as soon a response is received (current behaviour).
: Note 1: This may cause the first circuit (when the cache is NOT fresh) to be delayed by the amount of time configured. Once the cache is fresh, circuits will come up normally.
: Note 2: If this timer is changed, DLSw will use the new value only for new explorers and the old explorers pending if any will contine to have the old value. [CSCdi59181]

Interfaces and Bridging

On the high-end routers, empty FDDI 17 byte frames without LLC layer were counted as runts though being enabled by the standards. [CSCdi45026]
Ping fails when transparent bridging over SMDS. This occurs when 7000 is one of the bridge and the software is 11.1. There is no workaround. [CSCdi45937]
The MIP T1 and E1 interfaces do not support enhanced online insertion and removal (EOIR/OIR). There is no workaround. This bug is fixed in Release 11.0(8) and later, and requires a minimum of MIP hardware version 1.1 (73-0903-08 Rev A0).

: In addition to the hardware requirement, the fix for this bug that is in Release 11.0(8) and later releases requires that you allow a minimum of 15 seconds to elapse between OIR events. Removal of one interface counts as one event, and insertion of one interface counts as one event.
: If your MIP hardware is not at least hardware version 1.1, it will not EOIR or OIR correctly!
: Failure to allow this time for the router to stabilize between OIR events can result in the reset performed for one event corrupting the reset performed for another event, which could require interfaces to be reconfigured or reinitialized manually. This reset requires even more time if additional channel-groups are defined within the router. The time between OIR events should be increased to as much as 30 seconds if three or more MIP cards are fully channelized in the router. While the corruption of this reset activity might occur only occasionally if OIR events are too closely timed, it is mandatory to allow the correct interval to guarantee the benefits of EOIR/OIR. [CSCdi46137]

Groups of 4 ports on Cisco 2511 may have DSR behaving in unison on a single stimulus. Reloading the router is the only workaround. [CSCdi49127]
Customers running with the old non EOIR capable 1.0 hardware version MIP will notice that a controller reset is necessary on the MIP for it to work again after adding or removing another card when running the new MIP EOIR capable code in the 11.0(8) and later code. This controller reset should not be necessary. [CSCdi49807]
On a 7000 with a Silicon Switch Processor, access lists used for packet filtering which contain an entry matching all IP packets followed by two or more entries can cause the router to reload.

: As a workaround, one can remove all access list entries following the entry which matches all packets. Doing so will not change the behavior of the access list.
: As an example, change:
: access-list 116 permit ip any any access-list 116 permit tcp any any gt 1023 access-list 116 permit tcp any any eq smtp
: to:
: access-list 116 permit ip any any [CSCdi50886]

Bridging of ipx raw between ethernet and fddi on 4500 does not work in 10.2 for unicast packets. With 11.1 the problem appear for both unicast and broadcasts. 7000 bridging of ipx raw is correct for 10.2 (11.1 untested). [CSCdi53363]
While booting a Cisco 7500 router, the FIP FDDI interface might momentarily beacon the ring, causing ring instability. [CSCdi54444]
If an Ip address is defined on an fddi subinterface with 802.10 encap and we connect A port to B port (sort of loop back ) the router crashes. Tested with 4700 and not 7000/7500. [CSCdi54936]
If a TRIP (token ring interface processor) is present in cisco 7000 series routers, token rings which beacon frequently may cause performance degradation of the router. The source of the problem is tql may increase when a beacon occurs, causing the interface to hold more memd buffers. Performance degradation will result. This is not a problem on cisco series 7500 routers. [CSCdi55758]
SNA traffic's not forwarded correctly with ISL configuration between FastEthernet(Catalyst) in FEIP ( 7513).

: Workaround: Disable ISL. [CSCdi57265]

Under certain conditions, a SLIP interface may show as 'looped'. SLIP does not have the ability to detect looped interfaces, so this display is incorrect. [CSCdi58271]
SABME (for Netbios) are not correctly bridged from FDDI to serial lines (using HDLC encap). The bridging of SABME from fddi to ether and reverse is Ok. The problem appears in 10.2, 10.3, 11.0 and 11.1. [CSCdi58733]

IP Routing Protocols

When using Enhanced IGRP, the auto-summaries advertised could be mishandeled by the router.

: This defect will not be fixed in 10.0 because of its low severity and because it was found internally. This is because 10.0 is in its Mature Maintenance Phase. [CSCdi21082]

There is a small delay between the time OSPF marks a LSA as deleted and the time the LSA is actually removed. Within this small window, if OSPF receives an old copy of the LSA which has a higher sequence number, probably from some new neighbors through database exchange, OSPF will be confused and not able to remove the LSA. Customer will observe self-originated LSA stuck in the database. The stucked LSA would be removed automatically when the router regenerate a new instance of the LSA. This fix resolves the problem for 10.2 and later releases. [CSCdi48102]
OSPF put incorrect information in the source field for stub route. It prevents BGP to adverstise this stub route to peer as the route will not be synchronized. This fix put the advertising router in the source field for stub route and avoid the problem. [CSCdi49377]
The error message DUAL-3-SIA may occasionally appear when route flapping occurs in a meshed EIGRP topology. The EIGRP neighgour sourcing the flapped route is reset and routing resumes. [CSCdi54781]
When booting a Cisco 7000 series router with a Release 11.1(2.2) or 11.1(2.3) software image, the router will crash. To work around, deconfigure ip sd listen on the interface. [CSCdi55369]
RIP fails to send broadcasts to the proper broadcast address when subnet broadcasts are defined on the interface. This results in loss of network connectivity at the affected device.

: A workaround is to disable subnet broadcasts on the affected interfaces. using the interface sub-command ip broadcast-address 255.255.255.255 which is the default. [CSCdi56737]

Policy route matches via BRI, are load balanced with serial interface. [CSCdi57188]
After a reload EIGRP does not redistribute static routes which are not directly connected. i.e. static routes pointing to a destination beyond another EIGRP router. The workaround is to reconfigure such static routes. [CSCdi57743]
The system may fail when a no router eigrp as-number command is issued and there are summary routes present. A workaround is to turn off auto-summary and deconfigure all manual summaries before deconfiguring Enhanced IGRP. [CSCdi57814]
This bug is introduced in 10.3(10.1), 11.0(7.1) and 11.1(2.0.2). The router could crash when ip address change or upon unconfiguring OSPF following the ip address change. [CSCdi58029]
Attempting to copy an empty startup-configuration to the network will cause the router to reload. [CSCdi58040]
A router that receives an ICMP echo request for a network or subnet address that it is directly connected to may send an echo reply with a source address that has nothing to do with the destination network or subnet address in the initial echo request. [CSCdi58660]
OSPF default-information originate command limits the metric value to be no larger than 65535. However, this value should be allowed to be 24 bits in length. A workaround using route maps exists. [CSCdi58666]
Disabling optimum switching on an RSP platform has no effect. [CSCdi59203]
If an EIGRP candidate default route is overwritten by another protocol, the EIGRP topology table may be left in a state where the candidate default route will not return to the routing table. A workaround to this problem is to clear all EIGRP neighbors. [CSCdi59276]

ISO CLNS

There is no method for altering the transmission rate of IS-IS link state packets in cases where the rate would add undue load to the receiving system. There is no workaround for this problem. [CSCdi54576]
The CLNS cache gets invalidated too frequently, and in an environment with heavy traffic, can cause the CPU to spend too much time just purging and re-populating the cache.

: The fix is to delay the cache invalidation, and have an appropriate knob to control the frequency of invalidation. [CSCdi56559]

If IS-IS is running, and a CLNS static route is configured that points to a point-to-point interface on which IS-IS is not configured, and the static route is removed, the system may crash.

: A workaround is to either disable IS-IS before removing the static route, or to enable IS-IS on the interface before removing the static route. [CSCdi56815]

A router reload may occur when CLNS traffic is fast-switched. This regression affects 10.3(12) and 11.0(9) maintenance releases. [CSCdi57629]
There were two bugs that were found during interoperability testing with Fujitsu devices at Ameritech:

: 1. Overwriting the NSEL byte in the "TAR-POR" field to "AF" during TARP packet propagation.
: 2. Not 'quenching' looping packets, as specified in the amended TARP specs. [CSCdi57772]

Under situations of extreme load, ISIS and NLSP may cause packets to be dropped unnecessarily. There is no workaround to this problem. [CSCdi58433]
If a non-cisco router running IS-IS on a level-1-only circuit is also sending ES-IS End System Hello (ESH) messages, it is possible for the cisco router to not recognize the other router for IS-IS.

: A workaround is to filter out the ESH packets using the "clns adjacency-filter es" configuration command in conjunction with an appropriate filter set (which should specify a wildcard, "**", in the last byte of the address). [CSCdi58621]

Novell IPX, XNS, and Apollo Domain

An IPX ping sent from a router to it's own ethernet IPX address does not report successful echo on the low end routers. [CSCdi35609]
'show access-list xxx' may cause the router to reload while another telnet session is removing the same access list. [CSCdi51235]
If the NLSP database is cleared using "clear ipx nlsp *", any static routes or services installed in that router will no longer be advertised via NLSP.

: The workaround is to add or delete another static route or service, or restart the NLSP process by deconfiguring and then reconfiguring it. [CSCdi52574]

Doing a "no ipx router eigrp xx" may cause the router to access illegal memory. On the 4500 and rsp, this causes an error message to be displayed. [CSCdi55250]
If SAP entries remain to be transmitted when the last IPX-EIGRP or RSUP neighbor on an interface goes down, those SAP entries will remain enqueued, and will be transmitted when a new neighbor is detected.

: There is no workaround to this problem. [CSCdi55252]

The default for ipx eigrp-sap-split-horizon needs to be changed to off. [CSCdi55576]
Adding the command distribute-list access-list out rip to an active IPX ROUTER NLSP process causes the router to display the following error message, after which the router reloads:

: Local Timeout (control reg=0x118) Error, address: 0x4000C74 at 0x30F4D7C (PC)
: The existence or absence of the access-list in the configuration does not effect the behavior of the router. [CSCdi55681]

If there are more than 42 neighbors on a single LAN interface, ISIS and NLSP will be unable to establish neighbor adjacencies. The workaround is to limit the number of neighbors to 42 or less. [CSCdi56547]
IPX SAP table may not accurately reflect SAP entries learned locally if IPX EIGRP and IPX RIP/SAP is configured at the same time. Some of the SAP entries may show up on the SAP table as EIGRP derived rather than RIP/SAP derived even when the local LAN where the problem SAP sourced, is not running EIGRP. [CSCdi56588]
When IPX services learned via EIGRP are present and EIGRP is disabled via the "no ipx router eigrp" command, a spurious access may result. [CSCdi57038]
IPX SNMP request sent to the router may accumulate in the input queue when SNMP is disabled, these packets are not processed, possibly causing full input queues. [CSCdi57589]
The router may reload when turning off and on immediately on an interface that is running IPX. [CSCdi57683]
The router may reload when running IPX EIGRP due to illegal access to memory. [CSCdi57728]
Under osbscure circumstances, some ISIS and NLSP link-state packets (LSPs) may not be transmitted on some point-to-point interfaces. There is no workaround to this problem. [CSCdi58613]

Protocol Translation

Deleting a translate statement using an X.25 permanent virtual circuit as the inbound connection will cause an unscheduled restart. [CSCdi49877]
If you perform large file transfers on VTY-asynchronous interfaces that cross an X.25 network that has a large round-trip time (RTT), a TCP implementation with a large send window can cause return traffic on the VTY-asynchronous interface to be delayed. [CSCdi54905]

VINES

Segments running FDDI/Ethernet may experience disconnects when using certain NICs. The router is dropping packets that are being padded due to the packet length being less than 64 bytes. The fix is to check only if the data packet is greater than the actual buffer size allocated. [CSCdi55508]
SNAP is the default vines encapsulation on a LAN Extender interface while VINES servers and clients on Ethernet support ARPA. This discrepancy causes network connectivity problem when remote LAN is connected to a core router via LAN Extender. Now the VINES router defaults to ARPA on a LEX interface and either ARPA or SNAP can be configured on LEX interfaces. [CSCdi57934]
VINES Sequenced RTP (SRTP) broadcasts an RTP update with metric 0xFFFF when a existing route ages out. This is an implicit RTP request. Upon receipt of a route with metric 0xFFFF, all routers, if they know better routes, immediately generate an RTP update to the originator. However, the originator ignores these RTP updates from neighbor routers if the sequence number is older than that of the route just aged out, thus losing the route. This caveat was introduced in 10.2(11.4), 10.3(9.2), 11.0(5.2) and 11.1(1.4). The correct router behavior is to accept any route information when the route is in garbage collection state. [CSCdi58038]

Wide-Area Networking

The calling party number field of a setup message is sometimes incorrect when using Classic IP over ATM. [CSCdi41888]
If the cell burst size is a multiple of 64 the AIP may reset with the error: CBUS-3-OUTHUNG: ATM3/0: tx0 output hung (800E = queue full) This incurs a short temporary interruption of the ATM traffic.

: The correction of this fix also enforces the parser to restrict the range allowed for the burst size parameter of the atm pvc command to the legal values [1-63]. [CSCdi45984]

When using a MIP for ISDN in a 7507/7513, the MIP(s) must be installed in the first 5 slots of the chassis or a "Software Error: Illegal Interface # or dsl: xx" will be displayed and the MIP will not be usable. [CSCdi46413]
PPP Authentication Changes

: Several requests have come in for modifications to the PPP Authentication feature. At the same time, a fundamental security hole (remote PAP gives away the router's hostname and matching password) was identified. Here are the changes made. Note that three DDTS were opened (CSCdi49278, CSCdi54088 and CSCdi44884). These changes were integrated into 11.0(8.1), 11.1(3.0.2) and 11.2(0.7).
: For the purposes of this document, 'remote authentication' will mean authentication BY the remote PPP unit of the local router. Similarly, 'local authentication' is the authentication OF the remote PPP unit by the local router. The unit doing the authentication (the authenticator) is the unit checking the other ends password. Another way of looking at it is that the terms, 'local' and 'remote', refer to the location of the applicable 'ppp authentication {chap|pap}' configuration command. The terms 'local authentication' and 'remote authentication' are confusing but slightly better than 'inbound authentication' and 'outbound authentication'.
: Goals: -disable remote PAP authentication unless explicitly configured -allow multiple servers to appear as a single server to ease configs -allow remote peer to authenticate to multiple unknown servers
: New PPP Authentication Commands
: ppp pap sent-username xxxx password yyyy ppp chap hostname xxxx ppp chap password [n] zzzz
: All commands are interface configuration commands. Since they are PPP commands they are entered in the dialer group or async group or BRI/PRI interface as applicable.
: ppp pap sent-username xxxx password yyyy
: Remote PAP has been disabled by default. This command will re- enable remote PAP support for the specific interface and use the 'sent-username' and 'password' in the PAP Authentication Request packet to the peer. Remote PAP is when the peer requests that you authenticate or prove yourself to him. This change was done because a security hole exists in the present code. Prior to this change, we would send out our hostname and password in the PAP Authentication Request packet. The same password that the peer is supposed to know in order to do local CHAP authentication.
: ppp chap hostname xxxx
: This command is added to allow ISPs to create a pool of dial-up routers all appearing to be the same host when authenticating with CHAP. Currently, the ISP's customers need to have username entries for any possible router they might attach to. This will allow them to have a single entry as all ISP routers will challenge with a common hostname. This command is normally used with local CHAP authentication (when we are authenticating the peer) but it can also be used for remote authentication.
: ppp chap password [n] zzzz
: This command is added to allow a router dialing to a collection of routers not supporting the 'ppp chap hostname xxxx' command (such as units running older IOS images) to configure a common password (ie CHAP secret) to use in responding to challenges from an unknown peer. Thus a customer can replace several username/password config commands with a single copy of this command (per interface or dialer/async group interface). Note that this command is only used for remote CHAP authentication, ie. when we are authenticating for the peer. It does not affect local CHAP authentication.
: Example configurations (most non-authentication details left out)
: Remote router dialing multiple servers in a single rotary (w/out dialin)
: hostname customer451 ! interface bri0 encap ppp ppp chap password 7 jfdjla
: Central site router (one of many in a single rotary)
: hostname 3rdfromtop ! username customer451 password 7 jfdjla (probably uses TACACS+ instead) ! interface dialer0 encap ppp ppp authentication chap callin ppp chap hostname ISPCorp
: Central site router (as above but requiring support for older PAP clients)
: hostname 3rdfromtop ! username customer451 password 7 jfdjla (probably uses TACACS+ instead) ! interface dialer0 encap ppp ppp authentication chap pap callin ppp chap hostname ISPCorp ppp pap sent-username ISPCorp password 7 fjhfeu [CSCdi49278]

Frame Relay switching across an IP tunnel does not work if one of the Frame Relay serial interfaces is configured to be frame-relay intf-type dte.

: In addition, when the serial line is configured to be frame-relay intf-type dce or frame-relay intf-type nni, if a frame-relay intf-type command is entered after the desired PVCs have been configured, then the router will fail to send the correct LMI Full Status message. [CSCdi52339]

The number of packets descriptors is hardcoded to 256. Rx count is 192 and Tx count is 64 which can lead to problems with configurations of up to 20 Emulated LANs or many virtual circuit (VC) connections. The router shows normal CPU usage. To view the Pktdescriptor-miss, issue a sho cont atm 0 command. [CSCdi54770]
When using isdn leased lines, if the BRI is administratively shutdown, and the isdn leased-line command is issued for that BRI, it is taken out of shutdown. [CSCdi55144]
A heavily loaded X.25 link that is experiencing congestion can, under rare conditions, enter a state where it oscilates between sending a RNR and a REJ. [CSCdi55677]
With ILMI-resolution of the switch portion of ATM NSAP addresses, an attempt to place a multipoint call to a destination can occur (and with PIM, always will occur) before the switch part of the address is discovered. This leaves the router in a state where it will never place calls to that static map again. To work around, do not use ILMI negotiation. [CSCdi55904]
The 7500 (rsp image tested) can block some packets in its incoming queue and after a while the atm interface won't accept new data. This occur with LANE (~50 ELANS defined) and bridging between some of them. [CSCdi56897]
If the router receives an incoming ATM SVC call with an SDU size incompatible with the configured MTU on the ATM interface, the router may crash. The problem is present in release 11.0(8.3), 11.0(8.4), 11.1(3.1), and 11.1(3.2). If the router is generating the following warning messages in earlier releases, it is likely that the defect will affect them if the images listed above are installed:

: %ATM-4-MTUCALLMISMATCH: Incoming call has mismatched maximum transmission unit
: If the remote device is re-configured with the correct SDU size, the problem will not occur. [CSCdi57676]

uni 3.0 sscop will not return BeginAck PDU back if the Begin PDU is from uni 3.1 version. [CSCdi57785]
If two interfaces connect to the same destination but are not part of a dialer group or ISDN interface, and one interface goes down, then the neighbor route (if applicable) may be removed from both interfaces. A neighbor route is a directly connected route with zero metrics that is installed if the peer's IP address is negotiated and no other to that address exists for the interface. [CSCdi57995]
Routers using basic-net3 switchtype may Release a call when an incoming INFORMATION message is received. [CSCdi58183]
The system may unexpectedly restart or print error messages of the form %SCHED-3-PAGEZERO: Low memory modified by Exec, when a pad connection is made specifying an X.29 profile on the command line. A workaround is to turn on debug pad. [CSCdi58587]
OSPF routing doesn't work over LANE subinterfaces unless "ip ospf network broadcast" is explicitly configured on the subinterface. [CSCdi58610]
QSAAL and ILMI PVC's may only be created on the major interface, not the subinterface.

: This is a change from SW Ver. 10.3.
: The reason for this is because it was possible to configure multiple QSAAL and ILMI PVC's on multiple subinterfaces which lead to problems. This should not have been allowed. [CSCdi58635]

The router may reload if you run "debug ppp negotiation" while negotiating the compression control protocol (CCP). [CSCdi58710]

11.1(2) Caveats/11.1(3) Modifications

This section describes possibly unexpected behavior by Release 11.1(2). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(2). For additional caveats applicable to Release 11.1(2), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(3).

AppleTalk

Adding the command appletalk virtual-net network-number zone-name to the configuration of a Cisco 4000 router running Release 11.0(5) can cause the router to reload. [CSCdi51787]

Basic System Services

There is no way to configure an async line so that software flowcontrol may NOT be turned off by the remote tcp host.

: Line command flowcontrol software lock may now be used to specify a flow control configuration that will not change when connected to remote network hosts, using telnet or rlogin protocols. [CSCdi33144]

The IF-MIB is missing support for the ATM and AAL5 interface layers of the ATM specification. [CSCdi46300]
A transmit buffer mismanagement problem on the EIP on an RSP-based router can cause the message RSP-3-XBUFHDR to be generated. [CSCdi46905]
An AAA accounting record does not contain the IP address of the user if the session starts via autoselect. [CSCdi49184]
When trying to set the MTU on an interface in an RSP chassis (Cisco 7500 series or RSP7000) larger than 8192, the MTU change will fail and report the error message "can't carve anything." [CSCdi50133]
Under certain circumstances, the "IP SNMP" process can consume almost all of the CPU resources, starving other processes and causing erratic behavior in the device. The most obvious symptom is the loss of TCP connections to the device. The most likely cause of the problem is a flurry of SNMP requests being sent to the device in a short period of time, retrieving large amounts of data. This behavior is usually associated with network auto-discovery mechanisms which retrieve the device's entire ARP cache and IP routing table on a periodic basis. The problem is exacerbated by the fact that some network management applications, by default, perform auto-discovery as often as every five minutes.

: A partial work-around is to identify those devices which are performing auto-discovery, and modify their default behavior so that they perform auto-discover on a less frequent basis, if at all.
: The permanent solution is to lower the priority of the "IP SNMP" process so that it doesn't starve other processes in the system. [CSCdi50399]

The cisco RADIUS implementation will only attempt to contact a singe RADIUS server instead of stepping to the next servrer defined in the config file. [CSCdi50545]
The command priority-list is not written correctly in NVRAM. This problem affects prioritization after reload of the router. [CSCdi51014]
If the first radius server configured becomes unavailable, the cisco radius implementation will continue to try to use it for each request anyway, leading to apparent slow response (waiting for the timeout) until the server becomes available again. The cisco should ignore servers that are detected as unavailable for a configurable time period. [CSCdi51316]
no linkDown trap generated in IOS 11.0(5). [CSCdi51575]
locIfReason shows 'administratively down' for linkUp trap instead of 'up' [CSCdi51613]
If you remove the slave from a running HSA system, it remains flagged as "present" in the chassis MIB (although it's state does go to DOWN). [CSCdi51848]
The router may produce spurious %SCHED-2-SEMUNLOCK error messages. [CSCdi52328]
Transparent bridging with Cisco 7500 series routers may fail if frame crosses HDLC link. [CSCdi52360]
A system that is booted as a single CPU system will not reload a slave which is hot-swapped in. A system that has been booted with two CPUs does allow the slave to be removed and replaced without problem. [CSCdi52519]
RMON events added via the command line interface will result in a bogus initial setting for the eventLastTimeSent. A workaround would be to only add rmon events via snmp. [CSCdi53050]
Memory allocated at system initialization time is displayed as belonging to the "*Dead*" process when a show process memory command is issued. This memory should be displayed as belonging to "*Init*" instead. There is no workaround. [CSCdi53190]
The cisco implementation of the SNMPv2 Simplified Security Conventions was based on the following IETF Internet Drafts: draft-waldbusser-conventions-00.txt, draft-waldbusser-ssecimpl-00.txt, and draft-waldbusser-ssecov-00.txt. These were later obsoleted by the following documents: draft-waldbusser-conventions-01.txt, draft-waldbusser-ssecimpl-01.txt, and draft-waldbusser-ssecov-01.txt.

: Since the differences between the -00 and -01 versions were never incorporated, and since the -01 documents have been expired by the IETF, and since the SNMPv2 party-based model (RFCs 1445-1447) that these documents rely upon has been relegated to historic status by the IETF, support for the Simplified Security Conventions will be removed from all software images.
: This is the first step in replacing all support for party-based SNMP with support for SNMPv2C as outlined in RFCs 1901-1908, as well as supporting any new secure SNMP standard produced by the IETF. [CSCdi53343]

EXEC and Configuration Parser

The exec command "show tech-support" command has been added to help collect general information about the router when reporting problems.

: The command does the equivalent to the following show commands: show version show running-config show controllers show stacks show interfaces show buffers show process memory show process cpu [CSCdi47180]

Allow non-printable data to be encoded into string with the use of Quoted string and the "" prefix.

: For example to set an IPX static NDS service name which contains encoded data. This presently display as:
: P 26B CISCO2_______________ 307C3EC4.0000.0000.0001:0005 2/01 1 Et0 Full name: 'CISCO2__________________________^Ust^FL@@@@@D^EPJ'
: The binary will now display as xXX where XX is the Hexidecimal value of that character in that quoted sting.
: ipx sap 26b "CISCO2____ xXXst xXXL@@@@@D5 2
: where XX are the hex values for ^U, ^F, and ^E
: to enter the character "" will require using two ""s, e.g. "\" . [CSCdi53685]

IBM Connectivity

A router running RFC 1490 support over Frame Relay does not properly swap the direction bit in the RIF frame. [CSCdi36042]
When a MAC Address cache entry is configured with a mask or a NetBIOS name is added with wildcards to the cache, they are not handled correctly by the DLSw+ reachability cache. The same problem exists when the resource names are received with wild card or mask from the remote peer as part of the peer capabilities exchange process. [CSCdi36046]
Input bridge access-lists applied to the virtual bridge interface in DLSw+ will cause SYS-2-SHARED error messages and Tracebacks. There is also a minor memory leak as the result of this bug. [CSCdi44347]
When stopping and starting APPN, or when deactivating links when sessions exist on those links, a bus error may occur. [CSCdi45190]
When the dlsw icanreach mac-exclusive and dlsw icanreach mac-address mac-addr commands are issued to specify a single MAC address to be filtered, all traffic is filtered instead. [CSCdi45773]
An incorrect timer reference causes explorer frames to be flushed on interfaces, even when the maximum data rate for explorers on the interface is not exceeded. [CSCdi47456]
Low-end platforms cache invalid RIF entries when using any form of the multiring command. This problem can also be seen in the DLSw reachability cache and with possible loops with LNM. [CSCdi50344]
RSRB does not declare the peer dead until the keepalive times out. In order for RSRB to detect the dead peer so that the ring list can be cleaned up properly, set the keepalive value as small as possible. [CSCdi50513]
During normal operation of the APPN feature, it is possible for the following message to be displayed:

: %APPN-7-APPNETERROR: Inconsistent TG information TG=21 ADJ_NODE=AWWUKIBdWdr
: The ADJ_NODE name is displayed using the incorrect format.
: The "Inconsistent TG info" message is displayed when the NN receives a TDU with the same sequence number that has different information. VTAM sent a tdu for a NN with a different netid. If the link to that NN was stopped and restarted, VTAM sometimes sent a TDU with the same sequence number but different information. This problem was reported to IBM. [CSCdi50674]

In some cases, the RIF of explorer frames is not checked to ensure that the ring defined as the DLSw+ ring-group has not already been traversed. In the majority of situations, this should not be an issue, but in some topologies it may result in moderately higher explorer traffic loads than are strictly required. Note, there are not any situations in which this would cause an explorer loop. [CSCdi50712]
Data Link Switching (DLSw+) will attempt to update its reachability cache based on explorers received on interfaces that have SRB configured, but are not bridged to a ring-group (port-to-port SRB). This causes some unnecessary explorer overhead in these environments. [CSCdi50717]
The following message may appear when microcode is downloaded to a CIP with 128M DRAM. DBUS-3-SW_NOTRDY: DBUS software not ready after cxbus_soft_reset(), or DBUS-3-SW_NOTRDY: DBUS software not ready after dbus_slot_enable()

: The CIP will be unable to successfully initialize. This may result in other messages, like: CBUS-3-CTRLRCMDFAIL1: CBUS-3-DAUGHTER_NO_RSP:, or CBUS-3-CCBPTIMEOUT: associated with the slot that the CIP is in. [CSCdi50739]

When using the DSPU feature to map upstream LUs to downstream LUs, the downstream LU may not recover properly after the upstream LU is deactivated and reactivated.

: Work-around to avoid this problem is to ensure that deactivation of the upstream LU is complete (i.e. DSPU has deactivated the downstream LU) before reactivating the upstream LU.
: Work-around to recover a lost LU is to deactivate/reactivate the downstream PU. [CSCdi51042]

Removing a DLSw configuration by configuring no dlsw local-peer and adding the DLSw configuration back can cause a memory leak in the middle buffer. [CSCdi51479]
Applying a source-bridge output-lsap-list to a Token Ring interface when source-bridge explorer-fastswitch is enabled may cause packets permitted by the output-lsap-list to be dropped. The workaround is no source-bridge explorer-fastswitch. [CSCdi51754]
A spurious memory message may be displayed when receiving a deactivate PU while sessions are still coming up. [CSCdi52001]
When using APPN/DLUR, a CLEAR session control ru received on an appn/dlur managed dependent session will cause that session to hang indefinately. [CSCdi52065]
When a very large number of I-frames are sent by an end station to a DLSw router at the same instant, the following message may appear on the console :

: DLSW:CPUHOG in CLS background, PC=0x60549f3c
: Since the CPU is being occupied by the CLS background process for a period of time, protocols that involve polling may lose their connections because of to poll starvation. [CSCdi52382]

When running DLSw+ over Ethernet, the router transmits corrupted frames on retransmission. The restransmission occurs on receipt of a REJ frame from the end station or if an acknowledgement of the frame is not received within the LLC2 t1 timeout. [CSCdi52934]
A list number greater than 255 on the dlsw remote-peer 0 tcp 172.22.12.128 lsap-output-list list_num command will not be parsed properly. [CSCdi52957]
A configured explorer maxrate value is lost when the rsp reloads. It is replaced by the default maxrate value.

: There is no workaround and the impact can be substantial for large networks, resulting in increased delays for srb connections. [CSCdi53357]

The LAN Network Manager (LNM) fails to link to the router's source bridge after the Token Ring interface is shut down on the remote router. The show lnm bridge command continues to display Active Link to the LNM. This problem does not occur when bridges are linked locally to the LNM. The workaround is to remove the source-bridge command from the Token Ring interface and configure it back in. [CSCdi53954]
When the router is configured to use the DSPU feature, it may crash during deactivation of multiple downstream physical units (PUs). [CSCdi54114]
A minor formatting error may occur on the display of an appn port where the port name is 8 characters. [CSCdi54262]
A router may crash when DSPU debugging is enabled on a Cisco 4500 or Cisco 7500 router. [CSCdi54277]
If sdlc xid address ... command is not configured for an SDLC address, the xid-n2 option will show up on the sdlc address ... definition. [CSCdi54389]
Very small SRB bridged frames on a large FDDI ring are not properly stripped from the ring and continue to loop indefinitely. [CSCdi54594]
The interface had the correct group number the first time it was configured. Do not issue the bstun group command to the same interface with the same number. [CSCdi54900]
When using "dlsw peer-on-demand-defaults fst", the FST peer-on-demand may pass user data frames before the FST peer is connected. This may result in the user session bouncing if the peer does not successfully connect. [CSCdi55172]

Interfaces and Bridging

The concurrent routing and bridging (CRB) feature does not bridge IP traffic if the destination IP address is internal to the router. Also, IP packets with a destination IP address internal to the router are not responded to. [CSCdi48117]
%LINK-4-NOMAC: A random default MAC address ... error message is issued at router reload when the FIP is the only LAN interface (no EIP nor TRIP). This may lead to some issues whe transparent bridging is configured as two routers with similar configuration on the same FDDI ring running 10.2 may end up using the same default-mac-addr and same Bridge Identifier. The duplicate default-mac-addr value may impact IPX and XNS as well. [CSCdi49616]
This bug fixes transparently bridged arp replies that were handled slightly differently through code path in 11.0 and 11.1. Workaround is static arp entries. [CSCdi50570]
Transparent bridge ports in the blocking state do not respond to ARP broadcasts. This problem will be acute only when there is no other IP route to the blocking port. A workaround is available in the form of a static ARP entry in the host. [CSCdi51444]
When shutting or unshutting an interface, the driver could create a zero-length received packet. If compression was enabled on the interface, the packet length passed to the decompression engine would appear to be a very large number. The decompression engine would then proceed to overwrite memory and crash the router.

: This fix prevents zero- or outlandishly-sized packets from reaching the decompression engine. [CSCdi51869]

3102 with IOS(tm) igs-j-l.110-5 loaded in flash would continually restart after receiving the following message on the console:

: %SCHED-2-WATCH: Attempt to set uninitialized watched boolean (address 0). -Process= "*Sched*", ipl= 7 -Traceback= F82C6 11FAEA Exception: Level 3 at 0xA49F4 (PC)
: Workaround: Removing the serial cable from the router allowed the machine to boot correctly. At that point, the cables could be re-attached and the machine would function normally. [CSCdi51928]

A bug exists in the MEMD carve code on the Cisco 7000 that can cause bandwidth considerations to be ignored. This might result in nonoptimal MEMD carving. [CSCdi52227]
In a 4700 with two fddi interfaces configured for bridging, when one of the interfaces moves from a blocking state to a forwarding state that interface may fail to pass unicast traffic. This condition can be cleared by entering a clear interface fddi x, where x is the interface that moved from blocking to forwarding. [CSCdi52756]
A router may pause indefinitely when the configuration command encapsulation ppp is entered for Async-Group Interfaces. The configuration command async mode dedicated has the same effect. [CSCdi53185]
The IP pooling information for the member interfaces of a dialer rotary group is configured in the dialer interface. If SLIP is started on an async interface that is part of a dialer rotary-group, the dialer interface's "peer default ip address" command will be ignored. This defect was added in 11.0(3) and will be fixed in a future release. [CSCdi53389]
It is possible to configure to configure a specific peer address on a group-async interface with the command "peer default ip address a.b.c.d". Since the group-async interface configuration is mapped to all of its member interfaces, this will result in multiple interfaces using the same peer address. This defect will be removed in a future release by preventing the configuring of a specific peer address. [CSCdi53596]
Asynchronous TTY lines on Cisco 2509 through Cisco 2512 devices sometimes stop answering new modem calls. The show line x command output shows the line with modem state in Idle and Hanging-up. A workaround is to configure session-timeout 0 for asynchronous lines. [CSCdi54196]

IP Routing Protocols

Running multiple Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) autonomous systems might consume all available memory in the router. [CSCdi36031]
The router attempts to make a routing decision assuming the broadcast packet is a directed broadcast. After the routing decision is made, it discovers that it isn't a directed broadcast and then attempts to forward the packet to the helper address(es). Unfortunately, it remembers the interface from the previous routing decision and uses that instaed of the correct path to the helper address.

: The workaround for this bug is to use 255.255.255.255 as the broadcast address. [CSCdi50629]

Unconfiguring OSPF can cause the router to reload. [CSCdi51283]
BGP: backdoor does not work as expected and bgp routes are preferred over IGP routes for same network.

: This bug could also cause the router crash when network command is deleted. network command with route-map option should be used to cause the crash. [CSCdi51820]

If two IP-Enhanced IGRP autonomous systems are configured, and an interface address is changed so that the interface moves from one autonomous system to the other, Enhanced IGRP will fail to operate on that interface. The workaround is to delete the IP address (using the no ip address command) before configuring the new address. [CSCdi52078]
BOOTP broadcasts which are forwarded from unnumbered interfaces using ip helpering do not properly populate the BOOTP giaddr field. [CSCdi52246]
The set metric subcommand of the route-map command causes an incorrect value to be advertised for the bandwidth metric for IGRP and Enhanced IGRP. The units of the default-metric subcommand to the router eigrp are improper. An improper value is advertised for the delay metric in Enhanced IGRP if it is set using the metric option of the redistribute subcommand to the router eigrp command. There are no workarounds for these problems. [CSCdi52277]
Under certain conditions, Enhanced IGRP may stop transmitting packets. This may manifest itself as large numbers of routes repeatedly Stuck-In-Active. The workaround is to deconfigure and restart Enhanced IGRP, or reload the system. [CSCdi53466]
Regular expressions longer than 59 characters in the ip as-path access-list configuration command will cause the router to reload. [CSCdi53503]
Enhanced IGRP will stop working on an interface if the interface goes down for some reason and then comes back up. There is no workaround to this problem. [CSCdi53903]
Due to an uninitialized variable, multipoint GRE tunnels in Releases 10.3 and 11.0 may allow non-IP network protocols to be forwarded to all endpoints of the tunnel. This can give the perception that non-IP protocols are capable of being routed over the multipoint tunnel in these versions. Only IP multipoint tunnels are supported in these versions. In Release 11.1, routing IPX over GRE multipoint tunnels will fail. [CSCdi54192]

ISO CLNS

If two routers running Intermediate System-to-Intermediate System protocol (IS-IS) are connected via multiple point-to-point links and one of the links fails in only one direction, it is possible for traffic to be sent down the failing link and subsequently lost. This is because of a deficiency in the IS-IS protocol specification. There is no workaround to this problem. [CSCdi48351]
ISO-IGRP fails to install parallel routes into the CLNS prefix table under certain conditions. [CSCdi50714]
CLNS packets whose NSAP's have a non-zero N-selector byte are not fast-switched.

: The result of this situation is a high CPU utilization, and is more pronounced in an environment where there is heavy CLNS traffic (e.g. large file transfers), [CSCdi52752]

Routes that are redistributed into ISO-IGRP from another protocol (e.g. ISIS), or from another ISO-IGRP domain, are stored as prefix routes.

: When the redistribution is disabled, ISO-IGRP should poison all prefix routes that were being learnt from the protocol that was being redistributed.
: ISO-IGRP currently does not do this, and as a result, can cause the routes to count to infinity. [CSCdi53023]

When the extended option of CLNS ping is used, one of the options that can be specified is the source NSAP that is to be used in the ping packet.

: The ping command does not accept any NSAP (for the source NSAP) other than the default value (i.e. the sender's own NSAP). [CSCdi54904]

Novell IPX, XNS, and Apollo Domain

On a Cisco 4000 running Enhanced IGRP for IPX, the router may generate CPU-HOG messages for the IPX SAP process. [CSCdi39057]
On RSP systems using MIP with either HDLC or PPP encapsulation can produce alignment warning message. [CSCdi51183]
access-list 1200-1299 are not displayed when show access-list command is entered. [CSCdi51564]
The primary interface on a LAN and the subinterface associated with the same interface will be advertised with the same metric immediately after adding an IPX network number to an interface but shortly afterward they are advertised with different ticks metric, they should be advertised with the same metrics at all times unless one of the interfaces has been configure with an ipx delay value. [CSCdi51858]
When an interface starts up IPX RIP/SAP networking extra General RIP request, General SAP request, and flash updates are sent. In addition on IPXWAN interfaces configure and negotiated for NLSP the RIP/SAP General Queries are sent which may trigger NLSP "auto" mode in our WAN neighor to switch to sending RIP/SAP packets, which in turn causes us to send RIP/SAP packets resulting in routes being learned via RIP on an NLSP interface. [CSCdi52030]
Configure ipx update-time on the router without any ipx network number may generate traceback error messages. [CSCdi52234]
Under conditions where many routes are changing, IPX-EIGRP can block the transmission of service information for long periods of time, resulting in excessive memory utilization. There is no workaround to this problem. [CSCdi52398]
When services are poisonsed, we send an update with the poisoned saps back out the interface they were learned on (i.e., we violate split horizon). [CSCdi52523]
When using IPX static routes and services over WANs clients may receive "Error receiving from device NETWORK" messages and abort the connection process, most commonly during the attempt to download and run LOGIN.EXE. A workaround is to increase the ipx delay of the Client and Server LAN interfaces on each side of the WAN, this has the effect of increasing the metric associated with the static route and therefor increasing the timeout values used for the connection. Static routes should have a configurable routing metric. [CSCdi52606]
"show ipx nlsp database" and "show ipx nlsp neighbor" do not display any information if all nlsp instances are tagged with an identifier. It needs to display information of all instances if no tag is entered on the command line. In order to display information about the instance that has no tag, use the keyword "notag". For example, "show ipx nlsp notag database" displays the link state database of the instance without a tag. "show ipx nlsp database" display the link state database of all the instances. [CSCdi52812]
IPX-EIGRP SAP packets may not be processed for all neighbors. There is no workaround to this problem. [CSCdi52997]
Clearing the SPX spoofing table with either the clear ipx spx-spoof command or by removing the ipx spx-spoof command from the last interface left spoofing may cause a system reload. [CSCdi53070]
RIP format error counter is displayed twice on the show ipx traffice screen. [CSCdi53167]
The system may reload if NLSP is enabled and SNMP queries are done of the NLSP neighbor table. [CSCdi54546]
The message "before is_idb" will be seen when configuring an IPX static route, it was a debugging statement accidently left in the software, it may be ignored. [CSCdi54677]
ipx eigrp-sap-split-horizon is off by default. It should be on by default according to our documentation. [CSCdi54690]

Protocol Translation

A traceback message, "SYS-2-NOTQ: unqueue didn't find xxx in queue yyy" is printed when closing connections to an X.25 translation using the printer option. [CSCdi38602]
Release-note:

: Only 5 translate statements using X.25 permanent virtual circuits can be read from non-volatile memory upon boot up. If more are required, a work around is to configure them after booting from a terminal or using TFTP. [CSCdi52043]

TCP/IP Host-Mode Services

Forwarding of UDP broadcasts to IP multicast addresses using ip helper-address is not functional. [CSCdi49709]

TN3270

When TN3270 goes into insert mode, it will not send feedback to the terminal. It should send the contents of vs or ve in the ttycap, like an IBM 7171 would. [CSCdi12246]
TN3270 should support type-ahead, accepting input while in system locked state. TN3270 should also support distinct cursor in insert-mode. TN3270 should also optimize on screen drawing for null areas. [CSCdi51821]

VINES

Receiving errors when enabling vines routing or applying vines metric to an ATM interface.

: Mar 12 083512 143.182.21.2 117 %SYS-3-MGDTIMER Uninitialized timer, timer stop, timer = 60B117F8 Mar 12 083512 143.182.21.2 118 -Process= "VINES Protocols", ipl= 0, pid= 44 Mar 12 083512 143.182.21.2 119 -Traceback= 60112410 60113238 6034CBC0 6034D204 6034E114 6034E24C 6034E580 6033C990 6033CB10 600EC980 600EC96C [CSCdi51689]

Vines recompute does the same calculations as enalbing VINES routing. It should do some different calculations to come up with a different network number. This gives the potential of routers with different mac addresses calculating the same network addresses. The work around is to manually enter a unique address on your network. [CSCdi51823]

Wide-Area Networking

Removing a TRIP card and replacing it with a MIP card in the same slot of a 7000 will cause memory allocation errors. [CSCdi24243]
A "shutdown" on the subinterface which has an ATM ARP client doesn't tear down the SVC.

: The workaround is to manually clear the VC with the command
: "clear atm-vc atm x/0 VCD"
: where x/0 is the interface and VCD is the VC number to be cleared. [CSCdi35689]

VTY Async connections running PPP do not appear to close correctly if sent an LCP Terminate Request. The required Terminate ACK is not output. The peer should still drop the connection per RFC 1661, but the delay may be several seconds. [CSCdi42544]
When an ATM interface that has associated ARP cache entries resets, SYS-3-INVMEMINT error messages and Traceback messages may be observed. [CSCdi43183]
Under certain conditions, the router can reload with the message "System was restarted by error - Illegal Instruction, PC 0x300D646." This problem is related to ISDN. There is currently no workaround. [CSCdi45085]
The no x25 address interface subcommand does not remove the X.121 address from an interface. The correct behavior is to remove the address, unless the interface is configured with the DDN or BFE option, in which case the correct behavior is to recalculate the default X.121 address from the IP address configured on the interface. [CSCdi45936]
The boot helper prints out a message indicating that the ILMI subsystem has been specified as a requirement for Signalling but has not been included in the boot helper image. This will lead to the signalling sub-system not being brought up. As a result it is not possible to netboot the system using Signalling/SVCs. [CSCdi48594]
A Cisco 7000 with two ATM interfaces running RFC 1577 ARP server will not register its own IP address. There are two workarounds:

: -- Specify the full NSAP address of the ARP Server interface, using the atm nsap-address nsap-address command, instead of just the ESI portion. -- After boot-up, issue a no atm arp-server command and then reissue the atm arp-server command. [CSCdi50592]

The dialer fails to bring up an additional BRI interface when both BRI B channels are active and the dialer load threshold load is exceeded. [CSCdi50619]
Under some unknown circumstances, a Cisco 4000 series router with MBRI will stop transmitting on an ISDN interface. Only a reload of the router can correct this. [CSCdi50628]
The ATM ARP Server will accept a badly formed ARP Response packet (one with no ATM NSAP address) and will mispopulate the ARP Server cache. This is not a problem with a correctly functioning ARP Client (such as Cisco's). [CSCdi50951]
When an interface Group-Async is defined it may not be possible to change from an ip address pool to a peer default ip address for each member of the group. The commands will be accepted but will be lost by the running configuration. On a reload the following message may be seen: "Interface AsyncX is already a ppp-client." [CSCdi50974]
When configuring atm rate-queue and mtu on the same time, the atm rate-queue configuration may not be processed properly, such AIP may not be able to process outgoing traffic correctly, and lead the error of %CBUS-3-OUTHUNG to occur, after the presence of traffic for a couple of minutes. However, The %CBUS-3-OUTHUNG will then result in an atm interface reset which will bring everything back to normal.

: The problem will show up only when the two configuration commands are issued quick and close enough. So, the problem will most likely to occur when booting a router with such configurations. The problem will likely not to show up when these two configuration commands are issued sequentially from command line, as the two commands could not be entered so quick and so close to each other (to introduce the problem).
: So, the output hang caused by this should recover without human interferring, although it may take a few minutes. On the other hand, 'shutdown' and 'no shutdown' on the atm interface with the configurations, as soon as the router is reloaded, should let everything work normally from the very beginning, without seeing the output hang. [CSCdi51013]

Connecting a Cisco router (ARP client) to an IBM system with ATM (25 Mbits) works only when the router makes the call. The problem caused by the router's CONNECT packet, which does not include AAL5 IE. AAL5 IE is mandatory for IP according to RFC 1755. [CSCdi51037]
This bug was introduced when atm fastbridging feature was introduced in 11.0. Since spanning tree configuration bpdus do not propogate further that peer bridges on the atm link, cisco to cisco atm spanning tree config bpdus allowed spanning tree convergence, thus no symptoms or problems in many topologies. But this bug resulted in non 1483 standard atm spanning tree bpdus that could result in non converging spanning trees over an 1483 compliant atm cloud with 1483 clients. The impact here is possible bridge loops with atm 1483 bridging applications. This fix stops potential loops by allowing the spanning tree to converge properly with all atm 1483 AAL5SNAP complient clients. [CSCdi51054]
Asynchronous DLCI status changes from 0x02 (buffer-treshold-normal) to 0x03 (buffer-treshold-exceeded) will generate useless error messages: FR-5-DLCICHANGE: Interface Serial0 - DLCI YYY state changed to ACTIVE There is no impact on router functionality. [CSCdi51629]
When bridging between a Cisco 7500 and an ISDN router running Cisco IOS software, data is not successfully passed if multilink PPP is used. [CSCdi51813]
No action is taken when an X.29 Set or Set and Read message containing no parameters is received. The proper action is to reset X.3 parameters to their initial values, and, in the case of a Set and Read, to respond with an appropriate Parameter Indication message. [CSCdi52237]
If the LAN Extender (LEX) interface in a router running Cisco IOS Release 11.1(1) or 11.1(2) is shutdown, and a no shutdown command is issued on the interface, the LEX interface will not come up. To recover, reboot the router or run Release 11.0. [CSCdi52515]
IP multicast packets do not fastswitch to LANE subinterfaces. [CSCdi52538]
If a switched X.25 over TCP (XOT) permanent virtual circuit (PVC) receives a RESET REQUEST from the locally attached device within 2 seconds of an X.25 packet level RESTART REQUEST, the PVC will remain in an unusable state indefinitely. [CSCdi52548]
The SHOW ATM ARP command's display output does not page to the screen, it scrolls continously until end of output is reached. [CSCdi52749]
Changes to the primary-dms100 ISDN PRI switchtype code to make it conform with the NorTel PRI specification. Changes were not made in response to any field related problems. [CSCdi52751]
Using multidrop lines on a 5ESS ISDN switch is not recommended. If used, they will have SPIDs. Currently, the SPIDs are send out BRI0 only, so on a router equipped with an MBRI, lines other than BRI0 will not be able to place calls. The workaround is to get point-to-point lines from the telco. [CSCdi53168]
The state of a point-to-point subinterface may become out of sync with the state of the associated DLCI. This can occur if the subinterface is in the administrative down state prior to the DLCI being assigned to the subinterface.

: For instance, assume DLCI 300 is marked DELETED and subinterface s0.300 is shut down. The commands
: int s0.300 frame-relay interface-dlci 300 broadcast no shut
: will result in s0.300 being shown as up while the associated DLCI is deleted.
: Reversing the above commands will avoid this behavior. [CSCdi53328]

The DEC Spanning Tree Protocol does not function properly in a LANE environment. To work around, use IEEE Spanning Tree Protocol. [CSCdi53442]
Unable to remove "frame-relay de-group" command from interface. [CSCdi54672]
The interface statistic 'Last input' is not set for fast-switched IP packets on an async interface. The statistic will be set by any other traffic including link protocol keepalives. [CSCdi54972]
The number of unicast frames forwarded by the LANE BUS is missing from the "show lane bus" output. [CSCdi55100]

11.1(1) Caveats/11.1(2) Modifications

This section describes possibly unexpected behavior by Release 11.1(1). Unless otherwise noted, these caveats apply to all 11.1 releases up to and including 11.1(1). For additional caveats applicable to Release 11.1(1), see the caveats sections for newer 11.1 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(2).

AppleTalk

ZIP Queries may unexpectedly not be sent to a neighbor if that neighbor has been up for more than approximately 3 weeks. The symptom can be seen by doing "show apple route" and "no zone set" are seen in the routing entries. [CSCdi42908]
Due to the bug in the low end fastswitching code, the 802.3 header will contain a wrong length when small packets (less than 60 bytes) are fastswitched on the ethernet media. [CSCdi45581]
The parser places the Distribute-list command in a location preceding the AppleTalk Protocol command on a Tunnel Interface. When the router is reloaded, the access-list will not be applied to the interface because AppleTalk will not yet have been configured for the interface.

: Workaround: Configure system from memory after a reload to restore access-list to interface.
: This problem is fixed in 11.1 and later images. [CSCdi45795]

Multiple Cayman tunnels does not work because routes do not arrive correctly from remote side of tunnels. To workaround, use only one Cayman tunnel. [CSCdi50981]

Basic System Services

The password obfuscation algorithm does not encrypt the whole password if the length of the password is too big. As much password as is accepted should be encrypted. [CSCdi13190]
The show version output for a cisco 2500 or 3000 reports a processor memory size that is less than the actual size by 4096 bytes. The 4096 bytes are subtracted because they are used for a special purpose - as a console output logging buffer during Flash upgrades via the Flash Load Helper feature - and are unavailable for normal use as processor memory.

: This size reduction is, however, a source of confusion since it is not accounted for in any of the show outputs. The show version output is therefore being changed so that it shows the true physical size of processor memory even though the 4096 byte chunk will continue to be used for the special purpose. This change is cosmetic and does not affect the operation of the system in any way. [CSCdi30593]

Netbooting an image from a tftp server that is not on a directly connected network may sometimes fail. [CSCdi43020]
The cisco implementation of RADIUS does not support PPP authentication via CHAP. PAP may be used, or CHAP can be used with tacacs+ instead. [CSCdi43679]
The "magic" ip addresses that can be returned durring radius authentication ("pick a default address", "allow a user to pick the address") are not supported by the cisco RADIUS implementation. [CSCdi43680]
Available memory will slowly decrease on a router that is bridging IP and that has more than one interface with the same IP address. [CSCdi44023]
No AAA accounting records are generated for one-step protocol translation sessions, no matter what types of accounting are configured. [CSCdi44863]
A Cisco 7500 that is fast switching SRB explorers, fast switching IP multicasts, or bridge-flooding packets might crash with a SEGV exception error message and a stack trace that ends in the rsp_fastsend().

: A workaround is to disable fast switching of IP multicasting, or fast switching of source-route bridging (SRB) fast explorers by using the no source explorer-fastswitch command. Another possible workaround is to remove or add an IP card, particularly of a different media type. [CSCdi45887]

Unconfiguring and then reconfiguring the timeslots on a MIP interface or a Cisco 4000 series E1/T1 interface may cause the router to hang. [CSCdi46506]
Under unknown conditions, a non-fatal error may be displayed that an attempt was made to dismiss while 'blocking is disabled' or that an 'Invalid memory action' was attempted from interrupt level. [CSCdi47152]
Under heavy load conditions it is possible for a Cisco 2509 through Cisco 2512 access server to pause indefinitely and report a bus error. [CSCdi47190]
MBRI and PRI hunt groups do not propagate queue management algorithms from the D channel to the B channels. [CSCdi47191]
Currently, the "slave image" and "slave reload" commands do not exist. This means the slave can only run the slave image bundled in the master image, and that the slave cannot be individually reloaded.

: The "microcode reload" command will force the slave to be reloaded. This has the unwanted side affect that it will also reload all IPs, causing TRIPs etc. to drop out of rings. [CSCdi47229]

The keyword 'connection', if entered as part of a 'aaa authorization' command, was accepted, even though the keyword was not shown in the on-line help. The configuration command 'aaa authorization connection' is not currently supported. Support for this feature will be added in a future release of IOS.

: The keyword 'connection', if entered as part of a 'aaa accounting' command, is not shown in the on-line help even though the command is accepted and supported. [CSCdi47394]

If an NTP packet is sent to one of a system's secondary addresses, the system will reply with the primary address of the outgoing interface in the source address field.

: There is no workaround to this problem. [CSCdi47415]

hostname "" doesn't let router to use the default hostname of "Router". Some protocol usage in this configuration may cause router to hang. [CSCdi47506]
When the router attempts write a core file it pauses indefinitely. [CSCdi47877]
When configuring many different MTU sizes on an RSP based system, message %CBUS-3-NOBUF: Buffer allocation failure: can't carve anything may appear on the console. A workaround can be to use the same MTU on different interfaces. [CSCdi48055]
An error messsage "AAA/AUTHEN/CHAP not supported by method" will appear when PPP CHAP logins are attempted using a protocol other than RADIUS. The message is spurious (should be conditional on debug aaa authentication), does not affect correct operation of the IOS, and may be safely ignored. [CSCdi48056]
The electrically eraseable programmable read-only memory (EEPROM) in some chassis interfaces is misprogrammed. A show diagbus command indicates that the chassis interface incorrectly has "07" in the first byte of the EEPROM, instead of "01." The system software does not recognize chassis interfaces that have this error. At startup, the following message appears:

: %CI-3-CTRLRTYPE: Wrong controller type 10 %CI-4-NOTFOUND: Chassis Interface not found
: The output of the show version command indicates:
: WARNING: Chassis Interface not present
: When these messages appear, the show environment commands do not work, and no environmental monitoring takes place. [CSCdi48075]

RFC 1877 is not supported. This prevents Windows 95 and CiscoRemote from learning their DNS servers and NBNS (WINS) servers dynamically. When this feature is added, you will be able to configure the following on the Cisco:

: async-bootp dns-server x.x.x.x y.y.y.y async-bootp nbns-server z.z.z.z w.w.w.w
: Where:
: x.x.x.x is the primary DNS server y.y.y.y is the secondary DNS server z.z.z.z is the primary NBNS/WINS server w.w.w.w is the secondary NBNS/WINS server
: To tell if you version has support, issue the configuration command "async bootp ?". Is "nbns-server" appears in the list of valid completions, you have RFC 1877 support. [CSCdi48113]

A software reload may occur when snmp packet debugging has been enabled and large octet strings, such as those associated with the rmon packet capture objects, are retrieved via snmp. [CSCdi48221]
When capturing packets with RMON, the captureBufferPacketTime is the same for all packets. [CSCdi48455]
Under extrememly low memory conditions, i.e. when less than 256 bytes of free memory is available, and when rmon has been configured on an ethernet interface, the router may reload. [CSCdi48508]
The cisco radius implementation will incorrectly handle the Callback-Id, Callback-number, Class, and Vendor-Specific RADIUS attributes. [CSCdi48611]
The alarmValue RMON MIB object always returns the sampled value at the end of the sampling period. This is incorrect behavior when the alarmSampleType is deltaValue(2) [CSCdi48677]
OLD-CHASSIS-MIB.my changes for 11.1(1) included an expansion in the interpretation of cardSlotNumber in the cardTable. The cardSlotNumber DESCRIPTION refers to "Chassis slot number", although it should read that the slot number is relative to either the Chassis or to a card which can contain other cards. [CSCdi48766]
With 11.1(1), the GS7 images {-k, -j, -p, -ak, -aj} include the large VIP microcode. This inflates the microcode bundle by approximately 600KB; taking memory from other processes even without VIPs installed which could be severe with 16MB RP's. Therefore, future 11.1 maintenance releases will only include the VIP microcode in subset images {-kv, -jv, -pv, -akv, -ajv}. [CSCdi48845]
If requested to do so via an snmp set request, the remote monitoring feature (rmon) may consume all available memory. [CSCdi48853]
After some time running with RADIUS configured, the cisco will no longer successfully receive packets from the ethernet, and communications will cease. A show interface command will show that the interface on which radius responses are received has a full "input queue". [CSCdi49072]
Adding a snmp-server chassis-id value gets lost when the router is rebooted. [CSCdi49086]
When one or more RMON alarms are enabled, each sample interval will result in a small amount of memory becoming unavailable to the system, potentially resulting in the consumption of all free memory in the system. [CSCdi49291]
With 11.1(1), the RSP images {-k, -j, -p, -ak, -aj} include the large VIP microcode. This inflates the microcode bundle by approximately 600KB; taking memory from other processes even without VIPs installed which could be severe with 16MB RSP's. Therefore, future 11.1 maintenance releases will only include the VIP microcode in subset images {-kv, -jv, -pv, -akv, -ajv}. [CSCdi49379]
RADIUS only works 255 times, after which it will fail to recognize responses to the requests that the router sends. The rest of the software continues to function normally. [CSCdi49412]
RADIUS is listed as an option of the rlogin trusted-localuser-source command, but will result in a message saying that radius is not supported. [CSCdi49552]
In RSP equipped routers, fast switched explorers which were flushed due to maxrate exceeded, were counted as input queue drops in a show interface, in addition to incrementing the flushed explorer count in a show source. This occurred even when the size of the input queue was not exceeded, and there was no shortage of buffers. This change causes the flushed explorers to only be counted in the show source output. This is a cosmetic change only. [CSCdi49673]
Under certain circumstances, a router will detect and report a Bus Error while attempting to output a debug message. The defect will not be seen unless 'debug aaa authorization' has been set. One case where this defect was seen occurred when a connection was dropped due to too many lost PPP echoes. On the next connection, the defect was seen. Analysis indicates that this defect is unlikely to be seen, and of course, can be avoided by not setting 'debug aaa authorization'. [CSCdi50216]
According to documentation and online help, it's not possible to increase the queue size of output queue 0. [CSCdi50233]
If you've misconfigured the microcode, and pointed it at a file that does not exist, you will see a message similar to:

: big-bang(config)#mic rel big-bang(config)# %UCODE-3-NOFILE: Ucode file slot0:nofile not found, system ucode loaded in slot 0 %UCODE-3-LDFAIL: Unable to download ucode from slot0:nofile in slot 0, trying system ucode
: However, if the IP to which this message relates is a non-onboard-ucode IP (CIP, VIP, FEIP etc), then even though the backup image will be successfully loaded from the bundle, the IP will not be started. [CSCdi50584]

The software does not currently prevent you from using a slave device (for example, slaveslot0:) in the "slave image" command. However, when you attempt to use this image, it will not work, because slave images are unavailable during slave downloads.

: Do not specify slave devices to the "slave image" command. [CSCdi50824]

Configuration command IPX Nasi-server enable is not recognized in igs-j-l image. [CSCdi50944]
For PPP sessions, or for the end of SLIP sessions, a RADIUS accounting packet may have a NAS-PORT attribute of zero instead of properly reflecting the port number that accounting is being done for. [CSCdi50948]
When using the RMON events feature---either through the command line interface, or through SNMP sets---to create rows in the RMON MIB eventTable, the effectiveness of the alarmTable is limited. As long as there are no eventTable entries in the MIB, the rest of the RMON MIB can be used, from feature sets where it is available. [CSCdi50963]
A Cisco device using TACACS+ accounting will experience a slow reduction in the amount of available system memory. A show memory command will show many small pieces of memory allocated to AAA AV Last. Eventually (usually over several weeks), the system will become unusable. A workaround is to periodically reboot the router. [CSCdi51197]
A router containing a CIP card does not become fully operational when Cisco IOS software is loaded. [CSCdi51441]

DECnet

The 'show dec static' command shows bogus SNPA's if the static route that is being displayed points to a non p2p interface, and the SNPA does not have an 'ethernet-like' format (an example is an X.121 address).

: This is a cosmetic bug only. [CSCdi46327]

DECnet Phase IV-to-Phase V conversion might introduce incorrect area routes into the ISO Interior Gateway Routing Protocol (IGRP), if there are DECnet L2 routes on the DECnet side. These area routes show up as "AA00" and are propagated to other routers. [CSCdi47315]
This is a feature request to have support for DEC MOP over Frame Relay implemented. [CSCdi49406]

EXEC and Configuration Parser

The uses statistic shown by the show line exec command does not include packet-mode uses of the line (slip, xremote, ppp, etc.) [CSCdi46565]
Configuration line command autobaud does not appear in the output of write terminal or the nvram configuration file generated by write memory. [CSCdi48971]
Privilege level definition cannot define 'hub ether'. [CSCdi49001]
Many people use "u" as an alias for "undebug." This no longer works. [CSCdi49916]

IBM Connectivity

Commands are no longer tied to encapsulation type and are translated as follows:

: sdlc hdx becomes half-duplex bsc fdx becomes full-duplex sdlc rts-timeout val becomes half-duplex timer rts-timeout newval sdlc cts-delay val becomes half-duplex timer cts-delay newval
: Note that the units for newval are in milliseconds while the v alues for val were in microcode cycles. These values are translated by the code. [CSCdi30258]

If the router receives an LLC2 XID packet destined for an X.25 connection (QLLC) that is not yet established, it will drop the packet instead of buffering it until the X.25 connection completes. This behavior will cause connection problems for devices that do not automatically retry and resend the XID pacet. [CSCdi36695]
You have to configure access-expression on an interface before adding source- bridge input-lsap-list; you get the error: EXPR: access-expression must be specified alone on interface in the opposite order. [CSCdi37685]
Command syntax: netbios input-access-filter session-bytes name netbios output-access-filter session-bytes name

: Example:
: !to filter SMB 73 packet netbios access-list byte SMB deny 18 73
: int tok 0 source-bridge 100 1 200 source-bridge spanning netbios input-access-filter session-bytes SMB
: int tok 0 source-bridge 200 1 100 source-bridge spanning netbios output-access-filter session-bytes SMB [CSCdi40165]

When router is configured with SRB/RSRB it may experience loss of memory. [CSCdi40888]
When source-route transparent (SRT) bridging is configured on the router, calls to management functions that are related to source-route bridging (SRB) might not work correctly. [CSCdi42298]
CIPs with hardware revisions 4.0 and 4.1 are not compatible with the 7500 line of routers. This was not properly reflected in the output of the "show diagbus" command, which marked every CIP as "7500 compatible" regardless of its hardware revision. [CSCdi42373]
On the 7500 platform, all IP packets from the CIP are processed switched, even though the interface has been configured for fast switching. [CSCdi43990]
When a front-end processor (FEP) initiates a Qualified Logical Link Control (QLLC) connection, a virtual circuit is established, but the exchange identification (XID) negotiation never proceeds to completion. The router sends XID responses as commands, rather than as responses. [CSCdi44435]
The 11.1(1) version may experience a problem

: %SCHED-3-STUCKTMR: Sleep w/expired timer 5B9E98, time 0x8A38 (23:05:32 ago). -Process= "BSTUN Background", ipl= 6, pid= 25
: when bstun keepalives are configured on.
: Do not run with bstun keepalives with 11.1(1).
: A problem with not using keepalives is that line outages across the tunnel will not be detected and reported.
: This problem will be fixed in version after 11.1(1.0) . [CSCdi44604]

On a c70x0 router installed with a CIP running CSNA, process and fast switching of packets to the CIP on the virtual interface (Chx/2) can cause all CSNA LLC2 sessions to be abruptly disconnected. [CSCdi45011]
When two or more routers are connected to the same Token Rings, and each uses source-route bridging (SRB), a station on one of the rings might choose a non-optimal route with a path through both routers. In typical (large) networks, this behavior might result in explorer storms as well as suboptimal routes. [CSCdi45116]
A router might crash if running QLLC and using remote source-route bridging (RSRB) over a serial line to provide the Logical Link Control, type 2 (LLC2) connection from QLLC to an end station or host. The crash only occurs if multiple changes are made to the encapsulation type on the RSRB serial line. [CSCdi45231]
There is no currently way to configure APPN to run over a Dialer interface. This is required for APPN to run over ISDN or to utilize multilink capabilities. [CSCdi45288]
Use TRIP microcode version 10.2 for a workaround. [CSCdi46309]
When concurrent or multiple link activations are requested from or to the same interface or service access point (SAP) of a Cisco Link Services (CLS) user (typically APPN or DSPU) to multiple devices, some of the link activations might fail in random fashion. The problem is more likely to be evident when in networks where test polls are outstanding for longer periods of time, and when many links are auto-activated at the same time. [CSCdi46491]
A Cisco router might report inaccurate traffic statistics. In particular, non-broadcast frame counts might be incorrect if the router is acting as a source bridge on a Token Ring. [CSCdi46631]
When configuring dspu for sdlc connection to a fep there is no way to not code a xid; code a dummy xid. The xid will not be used. [CSCdi46728]
If a CIP is in the lowest numbered occupied slot in a 7000 or 7500 series router, it will not download microcode properly. The router will display the DBUS-3-WCSLDERR message at boot time. A subsequent "microcode reload" or EOIR of the CIP will work. [CSCdi46899]
Router configured for DLSw+ getting repeated CLS-3-CLSFAIL and DLSWC-3-BADCLSI error messages under show log. [CSCdi46944]
Explorers are not forwarded to the CIP CSNA feature from DLSw+. [CSCdi47239]
A Cisco Link Services component (such as APPN or DSPU) may be unable to reconnect after it is disconneted when running over a CLS controlled locally acknowledged RSRB connection. This problem only affects reconnecting after an LLC2 outage when the RSRB peer remains up throughout the disconnect/reconnect process. [CSCdi47275]
When an IP peering protocol is in use in the router (for example, RSRB, STUN, or BSTUN) CLS DLUS (such as APPN and DSPU) may have difficulty establishing LLC2 sessions over RSRB virtual interfaces when the LLC2 path is bridged SRB only (that is, it does not traverse an IP cloud local to this router). [CSCdi47301]
When configuring a name for a CIP CSNA LAN adapter, no check is done to ensure that the name does not exceed the maximum length, which is 8 characters. Configuring the adapter to have a name longer than 8 characters may produce the following message:

: %CIP0-3-MSG: %MSG802-3-INVALID_VCN2: LAN has configured for vcn=decimal, adapter=decimal lan=decimal ran=decimal [CSCdi47478]

Using a CIP with CSNA configured in a Cisco 7500 series router causes cBus complex restarts and output stuck messages for the CIP virtual inteface (ch x/2). [CSCdi47536]
If a router receives a source-route bridging (SRB) packet with bit 2 of the routing control field set, the router might send back a bridge path trace report frame to a group address, instead of to the source of the original frame. This can cause congestion. [CSCdi47561]
On the 7000 series with a CIP card, if the flash card media with the CIP image is not present in slot0: when the router is rebooted, the interfaces for that card will be in the shutdown state. Make sure that those interfaces are "no-shut" before using. [CSCdi47707]
A downstream physical unit (DSPU) sometimes retries connecting to the host too rapidly, with as many as sixty tries per second, flooding the host with XID packets. This problem causes the NetView log to get congested and run out of storage, which might bring down the host. [CSCdi47803]
If DLSw with FST is configured, an LLC2 session should not be set up. [CSCdi47888]
Using the no lnm disable command in conjunction with a CSNA internal Token Ring adapter can cause a bus error. [CSCdi47898]
The DLSw SDLC ABM bit is not turned off in the first XID sent to an SCLC station. [CSCdi47942]
There is a mistake in the prompting of the FRAS BAN code that indicates it is possible to enter a range of 1-4095 as possible ring numbers. This should be 1-15. The user can enter 4095 and the config will accept it and display it but it will not work.

: The work around is to limit bridge numbers to the legal range of 1-15. [CSCdi48278]

The direct command is not supported in the bisync interface. It should not be configured. [CSCdi48520]
Under the condition where two token ring interfaces are attached to the same physical token ring and where either:

: A) an all routes explorer is generated on that ring
: B) a packet with a rif that indicates that the packet should go back onto the token ring it originated on
: will cause a bridge loop and cause router cpu to rise as well as increase ring utilization.
: This bug fix makes the router check the rif in further detail. [CSCdi48577]

When using appn on a c4500, c4700 or c7500, a spurious memory access message may occur. [CSCdi48608]
During cross-domain file transfers via Data Link Switching Plus (DLSw+) on a Logical Link Control (LLC) connection, frames might be sent out of sequence. This problem can cause a receiving Physical Unit 4 (PU 4) or Physical Unit 5 (PU 5) to disconnect. [CSCdi48915]
When a router running DSPU over Frame Relay in communication with a frame device breaks the session, it does not try to reconnect after DM is received. [CSCdi49044]
NETBIOS name recognized frames are now filtered by NETBIOS access-lists as a result of CSCdi36649. This can break some applications and needs to be optional. [CSCdi49101]
When attempting to run APPN over Frame Relay, the router generates error and traceback messages: "APPN-6-APPNSENDMSG," "APPN-7-APPNETERROR," and "SYS-2-BADSHARE." [CSCdi49162]
On Cisco 7000 series routers installed with a CIP, the commands csna, llc2, offload , and show extended channel tcp-stack fail after a router reload or reboot. To workaround, reboot the microcode. [CSCdi49312]
Router Crashes when a get many command is issued for ciscoDlswTConn MIB object from a management station. [CSCdi49393]
Accessing the object ciscoDlswVirtualSegmentLFSize returns a value of 17800 instead of the valid value defined in the MIB (17749). [CSCdi49435]
Zero ia returned for SNMP gets on ciscoDlswActiveCircuits, ciscoDlswCircuitCreates, even when circuits are open through DLSw. [CSCdi49441]
The number of downstream PUs supported should be increased from 256 to 1024. [CSCdi49448]
When using an APPN Connection Network over FDDI, sessions that utilize the router as a member of the FDDI connection network will fail to activate. [CSCdi49560]
dlsw remote-peer 0 tcp ip @ tcp-queue-max incorrect. It cant be set to a value greater than 255. [CSCdi49687]
DSPU error message, DSPU-3-LSXIDNegotiationError, incorrectly reports the bad byte and bad bit fields from the CV 0x22 error vector of an XID3.

: The sense data from the CV 0x22 (when present) is also not provided in the DSPU error message. [CSCdi49863]

Connections to a host cannot be established from a DSPU using virtual telecommunications access method (VTAM) through a Cisco 3172 Channel Interface Processor (CIP). [CSCdi49872]
When doing large unidirectional files transfers that do not require application level acknowledgements, DLSw does not increment the circuit flow control window fast enough to allow more user I-frame data to flow. [CSCdi49900]
Users can not control the tcp-queue-max on peer-on-demand peers (those learned about through a border peer). The "tcp-queue-max" keyword was ommitted from the "dlsw peer-on-demand-defaults" configuration command. This ddts adds this keyword.

: Additionally, this ddts enhances the "show dlsw peers" output to show the current congestion level of a TCP peer's outbound tcp queue and also displays the amount of time a peer is connected. [CSCdi49949]

DLSW+ on C4700 crashes on 'show dlsw reachability' when there are a large no. of local 'icanreach' nodes. [CSCdi50102]
If peer A and peer B are DLSw priority peers (the keyword priority is on the remote peer definition), and peer A is reloaded, peer B may crash. [CSCdi50155]
netbios dlsw should not send a test_cmd after a name recognized is received. [CSCdi50382]
Peer on Demand peers (peers that learn of each other through Border Peers) do not connect. The options inactivity timeout and lf lfsize should be added to the dlsw peer-on-demand-defaults command. [CSCdi50574]
This ddts adds lf options to the dlsw peer-on-demand-defaults command. This change is required to properly complete existing features.

: dlsw peer-on-demand-defaults lf lf_size
: lf_size is the largest frame size that circuits over this peer will negotiate down to. DEfault is 17800. Valid values are: 11407 11407 byte maximum frame size 11454 11454 byte maximum frame size 1470 1470 byte maximum frame size 1500 1500 byte maximum frame size 17800 17800 byte maximum frame size 2052 2052 byte maximum frame size 4472 4472 byte maximum frame size 516 516 byte maximum frame size 8144 8144 byte maximum frame size [CSCdi50687]

This ddts allows cisco to interoperate with other vendors' DLSw 1795 compatible implementations in the area of capability exchange. cisco DLSw was not sending or receiving the Vendor Context control vector that must preceed any vendor specific control vectors. For more detail regarding the DLSw capabilities exchange, please refer to RFC1795.

: This ddts also fixes a "bad p_enqueue NULL" traceback in cls_entitymanager.c that is preceeded by a CLS_ASSERT traceback with text "connInd != NULL". [CSCdi50868]

Interfaces and Bridging

On a Cisco 4500 router, if you issue the no shutdown command on a Fiber Distributed Data Interface (FDDI) interface, the router will reboot. [CSCdi42429]
BRI commands not recognized by system with both MBRI NPM and CT1/CE1 NPM installed. Work around is to remove the CT1/CE1 NPM. [CSCdi43998]
The FDDI interface becomes deaf to data traffic, but not SMT traffic. The command clear interface fddi {number} may provide a workaround. [CSCdi44246]
When a Cisco 2500 runs X.25 over the B channel of a Basic Rate Interface (BRI), it sends the idle character 0xFF (mark) instead of the idle character 0x7E (flag). X.25 requires flags, not marks, for the idle character. [CSCdi44262]
This defect prevents using the RSP bootldr image to netboot with an FEIP. So, until this is fixed, one must netboot through non-FEIP interfaces. [CSCdi44459]
VIP supports EOIR starting 11.1 (2). [CSCdi45136]
When a Cisco 7000 router Ethernet interface is the root of a spanning tree and UDP flooding is configured with turbo flooding, packet loops occur. The workaround is to disable turbo flooding. [CSCdi45659]
Fair queueing is not disabled on the interface when encap sdlc is issue. Circumvention is to do a no fair-queue prior to doing sdlc encap. [CSCdi46765]
If AAA authorization is used on an interface that is configured for local address pooling, an IP address may be allocated from the pool, authorized by AAA and then returned to the pool before IP traffic starts. However, the IP address will be still be used as the peer address. Since it is now considered 'free' in the local address pool, it may be handed out to another interface resulting in a duplicate peer address on another interface. One sympton of this would be two neightbor routes in the IP routing table pointing to different interfaces. [CSCdi47583]
Transparent bridging and the HSRP protocol cannnot be simultaneously enabled on Fast Ethernet interfaces. Random crashes occur, which can result in image or memory corruption. [CSCdi48646]
Bridging from a Token Ring through an ATM cloud via RFC 1483 AAL5-SNAP encapsulation back to a Token Ring does not function because of an incorrect CTL/OUI. There is no workaround. [CSCdi49151]
Serial interfaces that are down but not administratively disabled might periodically reset with the error "(8010) disable - fsip_reset()". [CSCdi49431]
During topology changes and bridge table clearing, %SYS-3-TIMERNEG messages may be logged. As a side effect, bridge table entries may not expire early, but will remain in the bridge table for the full aging interval.

: The complete message is of the form:
: %SYS-3-TIMERNEG: Cannot start timer (0x...) with negative offset (-...). -Process= "Spanning Tree", ipl= ..., pid= ... -Traceback= ... [CSCdi50360]

IP Routing Protocols

ARP throttling not working [CSCdi43596]
Under some circumstances, when a DVMRP neighbor becomes active over a DVMRP tunnel, the tunnel will not be added to the outgoing interface list for existing multicast routing table entries.

: Workaround is to do a "clear ip mroute *" after the neighbor becomes active. [CSCdi46003]

If a router is incorrectly configured with an autonomous system (AS) placed in a confederation it is not part of, the confederation information within the AS path will be incorrectly propogated. The workaround is to configure the router correctly. [CSCdi46449]
Fair queue size is limited to 512 elements. [CSCdi46763]
OSPF is not able to do load balancing on multiple connected interface which is configured on the same subnet. This fix solves the problem for 11.0 and later release. [CSCdi47030]
EIGRP packets are sent out on async interfaces which normally should not be routing unless configured with async default routing. [CSCdi47184]
NHRP may cause memory corruption when attempting to send an NHRP purge packet. Specifically, if the network layer route to the destination no longer would cause the purge packet to be transmitted out the NBMA interface, NHRP attempts to modify low memory. On some systems, this could cause the system to reload. [CSCdi47623]
On a Cisco AGS+ router with FDDI interfaces and 181-1 cBus microcode on the interface, enhanced IGRP does not discover neighbors when bridge-group is configured on that interface. [CSCdi48057]
If there is a gateway of last resort in the routing table, packets that should be forwarded to a helper address are instead send out the interface to the gateway of last resort. The destination ip address is filled in with 0.0.0.0 in the packet header. If there is no gateway of last resort, this problem should not occur.

: There is no workaround for this problem. [CSCdi48312]

On a system with both PPP encapsulated and SMDS encapsulated interfaces, unsolicited ARP packets are sent over the SMDS interfaces. These packets cause spurious memory accesses. [CSCdi48436]
On a router that borders a PIM/DVMRP multicast environment, DVMRP graft messages fail to be generated causing latency in joining an IP multicast group. [CSCdi49375]
Packet corruption might occur when fast-switching IP packets from ATM interfaces to Token Ring interfaces configured with the multiring command. [CSCdi49734]
Multicast fast switching is not functional for ATM subinterfaces. A workaround is to configure no ip mroute-cache on the incoming subinterface. [CSCdi51178]

ISO CLNS

When using RFC1490 encapsulation for OSI protocols, the system inserts an extra byte into the header. When communication is between two Cisco devices, Cisco encapsulation can be used to work around this problem. [CSCdi40775]
When ISO-IGRP is running on a router, and a CLNS default route is configured, the ISO-IGRP routing table entry corresponding to the local entry shows "*Unknown SNPA*", instead of the usual "--".

: This is purely cosmetic in nature, and has no impact on CLNS routing functionality. [CSCdi47322]

Typing "?" at the router prompt shows a list of all commands, and some associated help text with each command.

: There is no associated help text for the 'tarp' entry. [CSCdi47719]

ISIS fails to install more then one Level2 route in the CLNS routing table, when there are multiple equal-cost paths to the other area available. As a result there is no CLNS loadbalancing for destinations in another area. [CSCdi48162]
When DECnet IV/V conversion is on, and the Phase V protocol is ISIS, ISIS adjacencies in the adjacency data base can end up with an adjacency format of "Phase IV".

: This can happen if a DECnet IV hello was received first, in which case DECnet creates a Phase V adjacency in the adjacency data base, and marks it as "Phase IV". When the ISIS hello comes in a little later, ISIS fails to modify the adjacency format to be "Phase V".
: A snippet of a display from the customer's router is attached below:
: KCCR01# sh clns is
: System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase IV ...
: Clearing the table and re-issuing the "show" command shows:
: KCCR01# sh clns is
: System Id Interface State Type Priority Circuit Id Format AA00.0400.2204 Ethernet0 Up IS 0 0000.0000.0000.00 Phase V
: Basically, the problem will show up when the DECnet hello comes in first. [CSCdi48461]

ISIS doesn't allow multiple NET's.

: gray(config)#router isis gray(config-router)#net 39.840f.1135.6700.26.55.0020.0054.d900 gray(config-router)#net 39.840f.1135.6700.27.55.0020.0054.d900 % Ambiguous command: "net 39.840f.1135.6700.27.55.0020.0054.d900"
: This is because the parser generates another command at the 'router isis' level which makes the 'net' command ambiguous. The other command ('network') actually applies to BGP and should not be generated by the parser at the 'router isis' level.
: gray(config)#router isis gray(config-router)#net 39.840f.1135.6700.27.55.0020.0054.d900 gray(config-router)#? Router configuration commands: ... ... lsp-gen-interval Minimum interval between SPF calculations lsp-mtu Set maximum LSP size maximum-paths Forward packets over multiple paths net A Network Entity Title for this process (OSI only) network Specify a network to announce via BGP [CSCdi48790]

Issuing a CLNS ping to one of the router's own address will cause the router to reload if debug clns packet is on. The workaround is to not have this particular debug on if you need to ping to one of the router's own addresses. [CSCdi50789]

Novell IPX, XNS, and Apollo Domain

The behavior of the "ipx route-cache" command is inconsistent when IPX is not configured on the interface. In particular, when IPX is configured only on subinterfaces, "ipx route-cache cbus" is lost from the primary interface following a reload with this message:

: %Invalid IPX command - IPX not enabled on interface
: Note that this can be corrected by issuing a "config mem". A workaround is to always configure at least one IPX network on the primary interface. [CSCdi45840]

Cisco 1003, Cisco 1004, and Cisco 1005 routers advertise all IPX services with a SAP hop count of zero. Both dynamically learned and static SAPs are sent out every interface with a zero hop count, which makes remote services invisible to Novell servers connected directly to the router (for example, on the LAN interface).

: Clients on LANs with no server can connect correctly, because the router answers the GetNearestServer request. However, whenever a Novell server resides on the same LAN as the client, the client will not be able to connect to any remote services.
: Use the show ipx servers command to determine whether any SAPs are being seen with zero hop count from the neighboring router. [CSCdi46488]

Use of the command no ipx sap-uses-routing-info causes Services learned after sap-uses-routing-info was disabled to not be propagated out other interfaces, included responses to SAP queries and GNS queries.

: Workaround is to enable ipx sap-uses-routing-info. [CSCdi46812]

The IPX fastswitch cache (IPX route cache) can grow large over time if many end hosts are active and the network and configuration are stable. This is because cache entries are not normally invalidated as long as the destination network is reachable. On routers which are already low on memory, this can create various problems. A workaround is to issue the "clear ipx cache" exec command periodically. [CSCdi46978]
When an IPX static route is configured to be associated with an ipx interface which is presently down the static network defined in the static route is advertised as reachable until the interface state changes, it should not be advertised until the link comes up. [CSCdi47023]
the configuration of ipx delay to set a ticks value for an interface allows too large a value, the current range is 0 thru 1000000, the maximum value should be 65535. [CSCdi47086]
Parallel equal bandwidth IPXWAN links may calculate different NLSP metrics. [CSCdi47276]
Network FFFFFFFE is ignored when the handling of FFFFFFFE as the 'The IPX Default Route" is disabled, when default route handling is disabled FFFFFFFE shouold just be another ipx network as is is in 10.2 and earlier releases. [CSCdi47314]
When debugging ipx sap events debugging is displayed for failure to forward packets which are not sap packets. [CSCdi47413]
NLSP and ISIS may report corrupted LSP checksums. There is no workaround to this problem. [CSCdi47916]
The ipx accounting command does not get removed after no ipx routing is configured. The workaround is to issue no ipx accounting command before disabling routing. [CSCdi48651]
IPXWAN calculates the wrong NLSP metric for the serial interface. Therefore, NLSP may use the serial interface as the next hop router instead of the LAN interface. [CSCdi48717]
On 4500 systems using token ring IPX SNAP encapsulation can produce alignment warning message. [CSCdi49352]
When an Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) route is advertised back into Routing Information Protocol (RIP), the delay within the Enhanced IGRP cloud is not properly taken into account in the tics metric value of the route when it is redistributed into RIP. The RIP advertised route might then look closer than it really is. [CSCdi49360]
When an interface goes down, services that are not learned over that interface are marked as down. This behavior might cause excessive SAP packet generation because packets are flooded first as down, are then learned, and are finally flooded again as new. [CSCdi49369]
If IPX Enhanced IGRP is running, the following command sequence might cause the router to reload: interface serial no ipx network no ipx routing [CSCdi49577]
IPX Services advertised by SAP with a missing Servicename are accepted by the Service table, they should be rejected. NetWare Servers when seeing this Service advertised in NLSP LSPs will complain about an "LSP L1 packet received ... has malformed option code 0xc3" [CSCdi50223]
An IPX fastswitch cache entry created from an (NLSP) aggregated route may not be correctly invalidated when the aggregated route is lost. A workaround would be to clear the cache using the "clear ipx cache" command. [CSCdi50473]
Zero prefix route is not processed correctly by the router and the router should only generate the longest match aggregated route. [CSCdi50715]
When an interfaces goes down SAP poisons for Services learned over that interface are sent twice out all other interfaces. [CSCdi50745]
show xns interface did not show the line protocol status. [CSCdi50905]
The ipx interface values of rip and sap triggered delays will get change after a system relaod if you have a global ipx default output rip/sap delay configured. [CSCdi51038]

Protocol Translation

An access-class applied to a virtual terminal takes precedence over an access-class specified in a translate command. [CSCdi46038]
A translate statement specifying ppp authentication erroneously uses an access class. The workaround is to specify an access list matching the access class, permitting all connections. [CSCdi51039]

TCP/IP Host-Mode Services

Under unknown circumstances, random lines on an ASM will pause indefinitely in Carrier Dropped state. The only way to clear the line is to reload the ASM. [CSCdi44663]
If an IP helper-address is configured on an interface, the router will fail to forward directed broadcasts sent to a MAC broadcast address. [CSCdi47639]
When a DLSw remote peer brings down a TCP connection during the peer connection sequence, the partner DLSw router may crash. This ddts fixes this problem by adding better communication between DLSw and the tcp driver. [CSCdi47801]
Opening hundreds of simultaneous telnet connections from a TTY or VTY can cause the software to reload with a watchdog timeout error. [CSCdi47841]
Receiving malformed TCP options on a connection can cause the software to reload. [CSCdi49358]
A router running DLSw may print the following error message when a peer reloads:

: %SYS-6-STACKLOW: Stack for process TCP Driver running low, 36/1000 [CSCdi50306]

TN3270

Async lines connected via TN3270 to remote hosts, receive TN3270 Cursor-move escape strings for each data byte. [CSCdi48513]

VINES

VINES servers located downstream might unexpectedly lose routes that were learned via Sequenced Routing Update Protocol (SRTP). This behavior results from improper handling of network sequences numbers by the system. Issuing a clear vines neighbor or disabling SRTP are suggested workarounds. [CSCdi45774]
A Cisco router reloads when it receives incorrectly formatted Interprocess Communications Protocol (IPC) packets from the VINES application software Streetprint. The VINES IPC length field should contain the number of bytes that follow the long IPC header in a data packet, but Streetprint incorrectly sets the IPC length in each IPC message to the total number of bytes of all IPC messages. [CSCdi47766]
If a Vines-configured serial interface is down, then a small-buffer memory will occur. This leak will occur for as long as Vines is configured on the interface, or as long as the interface is down. [CSCdi48180]
Vines clients using Bluemail get the message "time not available" on serverless segments connected to a 4500 or a 4700. The only workaround is putting a Vines file server on the segment. [CSCdi48247]
Lost connectivity to Vines server co-incides with appearance of Align-3 message on console. Router is configured for Vines SRTP routing. SH ALIGN reports a number of spurious memory access errors pointing to the same SRTP procedures. [CSCdi48252]
A simple vines access list (in the range 200-299) is used to filter time updates. This should be applied with the global configuration command vines time access-group 2xx.

: The parser incorrectly accepts the interface configuration command vines access-group 2xx which can yield unexpected results.
: The workaround is to use the correct configuration as specified in the "Router Products Configuration Guide". The example in the "Router Products Command Reference" under the vines access-list (simple) is incorrect up to and including the 11.0 documentation. [CSCdi49568]

VINES SRTP on serverless segements running Release 10.3(8) do not send the redirect to the correct network number (layer 3) address. The workaround is to turn off VINES redirects on the serverless segment interface. A sniffer trace of this packet will show an "abnormal end of Vines SRTP." [CSCdi50536]

Wide-Area Networking

Each interface can be configured to authenticate using either CHAP or PAP.

: There is currently no mechanism to switch to a different protocol if the default authentication protocol is not supported on the remote client. [CSCdi35908]

When routing an X.25 call request packet containing a Calling/Called Address Extension facility, sometimes the Calling/Called Address Extension facility is inadvertently modified. [CSCdi41580]
An X.25 interface might hang if the Link Access Procedure, Balanced (LAPB) layer gets stuck in the RNRsent state. This might occur if virtual circuits (VCs) receive encapsulated datagram fragments that are held for reassembly, and the number of these fragments approaches the interface input queue count. The LAPB protocol will not exit the RNRsent state until the number of held buffers decreases. This condition can be cleared if a shut /no shut is performed on the interface, or if the other end of the LAPB connection resets the protocol. [CSCdi41923]
The subinterface shutdown command is ignored by ATM subinterfaces. Existing SVCs are not deleted and processing of traffic continues. [CSCdi43692]
If a new permanent virtual circuit (PVC) is defined on an ATM Interface Processor (AIP) when existing switched virtual circuits (SVCs) and PVCs are already defined, an interface reset might occur with a subsequent restart of all SVCs. [CSCdi43779]
When IP traffic is fast switched from an AIP onto an FDDI interface, an extra byte added to the end of the packets. [CSCdi44580]
If you are connected to the VIP card by the unsupported RVIP console interface, the 7000 will crash if you remove the VIP card. This problem does not exist on the 7500 series and customers who purchase the VIP hardware should be using newer software to be announced. [CSCdi45132]
The traffic counters of the show atm traffic command for ATM interfaces may not reflect all of the traffic counted in show int atm command.

: show atm traffic command output looks as follows now:
: router#show atm traffic 279548 Input packets 15025 Output packets 17 Broadcast packets 0 Packets received on non-existent VC 0 Packets attempted to send on non-existent VC 129 OAM cells received 134 OAM cells sent
: where Input packets include all input packets on the atm interfaces i.e. process , fast and autonomous switched as well as those received on non-existent VC.
: Similarly Output packets include all process, fast and autonomous switched out- going packets including broadcast packets.
: Packets attempting to be sent on non-existent VC are just displayed and not counted as Output packets since they are never sent. [CSCdi45189]

On reload an X.25 interface can enter the 'protocol up' state before all of the interface's configuration commands have been processed. This can cause problems if the X.25 configuration includes commands that will not take effect while the protocol is up (i.e. modulo, default window and packet sizes and the VC range parameters).

: The symptom of this problem is the printing of 'Parameter held until RESTART' messages while the router image has not completed its startup. In particular, the PVC configuration commands will be refused if commands to modify the default VC ranges are held off. [CSCdi45199]

Under unknown conditions, debug ppp packet may cause the router to stop processing packets. [CSCdi45322]
When a Cisco 4000 with a Basic Rate Interface (BRI) has the isdn tei powerup configuration flag set, the watchdog timeout will crash the router. A workaround is to configure the router with the isdn tei first-call command. [CSCdi45360]
When running ATM on a 7000, memory corruption may occur. [CSCdi45540]
Running X.25 Defense Data Network (DDN) encapsulation on a Cisco 2500 serial port might cause the router to reload. This problem appears to be the result of mixing x.25 switching and X.25 DDN. A workaround is to shut down the serial interface. [CSCdi45673]
When configuring 2 routers back-to-back via ATM using SMDS encapsulation, you may experience intermittent ping failures.

: Cisco Systems expects to resolve this caveat in a future AIP microcode version. [CSCdi45807]

Under certain conditions XOT data might be delayed by the router. [CSCdi45992]
Fix is as follows:

: This is regarding an internet draft from S. Cobb of Microsoft [to update RFC 1332].
: We currently implement the IP DNS [main, secondary] configuration ["tell me who your DNS server is"] portion of this draft but it was suggested that we give the server configured by the async-bootp command instead, if configured. This has been implemented.
: A separate bug will be added for configuration of the WINS name server information. [CSCdi46322]

The router can reload if two PAD connections were initiated if "debug x25" and "terminal monitor" are enabled on one of the PAD connections while the other connection is doing constant pings. [CSCdi46665]
Routers with ISDN BRI interfaces which use the isdn switch-type basic-net3 command may experience BRI port failures dues to all network layer control blocks (NLCB's) being used and never released. Once all NCLB's and call control blocks (CCB's) are used and hung, a reload of the router is required to use the BRI interface. The problem does not apply to ISDN Primary Rate interfaces (PRI).

: A possible workaround is to set the dialer idle-timeout value on the BRI routers connected to NET3 switches higher than the timeout value of the other router or routers connecting via ISDN. This assumes the other router or routers do not have BRI's connected to NET3 switches, as they would have the same problem. This also requires knowledge of the dialer idle-timeout value configured on the other router or routers.
: The problem does not occur if the call hangup is initiated by the ISDN network rather than the BRI router connected to a NET3 switch.
: 11.0(2.1), 10.3(6.1) and 10.2(8.5) were the first available versions which exhibited the problem. [CSCdi46668]

A Cisco 4000 series router with ISDN BRI interfaces can run out of timer blocks and crash. Use the show isdn memory command to see if memory is not being freed. [CSCdi47302]
Systems using the ATM Interface Processor (AIP) card may restart with the error message "System was restarted by error - Illegal Instruction, PC 0x0." [CSCdi47523]
When LANE Clients are configured as part of bridge groups, in a redundant configuration, spanning tree may move one of the clients to blocked state. When an LE_ARP request comes in for a MAC, for which there is a proper bridge table entry, then the blocked lane client may respond to such requests. The effect of this is that a data direct VC could be established to a blocked client and the traffic cannot get through.

: When a LANE client learns a MAC address on an interface, it may respond to LE_ARP requests for that MAC address,coming in on the same interface. This will also lead to the data direct being setup to the wrong client. [CSCdi47734]

Async interface connections hung up in heavy load conditions. Async interfaces use standard keepalives suited to faster and high bandwidth interfaces. [CSCdi48054]
Under some unknown conditions, an ISDN B Channel may fail to disconnect. The PPP keepalive feature detects the partially disconnected link and repeatedly reports "exceeded max retries taking LCP down" every few minutes. This defect was introduced in software version 11.0(3.2). [CSCdi48111]
The IPXCP Configuration Complete option is not supported. This is an advisory option to indicate that the sender thinks that no more negotiation is necessary. The option will be supported in a future release of IOS. [CSCdi48135]
Some PPP clients will not negotiate the IPCP IP address option, either because they have been pre-configured or because they captured the IP address from the login session. As a result, the IPCP code will not install a neighbor route or dialer map to the peer's address. In a future release, a neighbor route and dialer map will always be installed to the peer address which may have been pre-configured or entered at the command prompt. [CSCdi48136]
The cisco will have problems running the primary-dms100 switchtype against a Meridian 1 configured running SL1 network mode. The channel-id, called party and call ref length are not compatible. [CSCdi48239]
Packets fastswitched to an ELAN by a 4500, 4700, or 7500 may have six extra bytes added to the end of the packet. Packets that are over 1494 bytes will not get the extra bytes, so "giant" packets are never seen. [CSCdi48298]
Changes required to pass ISDN BRI NET3 France Delta testing. [CSCdi48422]
When packets are lost because of hold queue overflow or line errors, multilink PPP may incorrectly discard packets that were properly received.

: To prevent this behavior, remove the cause of the line errors or increase the hold-queue size. [CSCdi48424]

Incoming 64kb voice calls will not work. An incorrect assumption was made at implementation. [CSCdi48606]
There are some errors in the prompts when configuring frame relay.

: In some instances the user is given a help prompt that indicates RFC1294 encapsulation is about to be configured.
: This is erroneous. RFC1294 is obsoleted by RFC1490.
: As of IOS release 10.3 Cisco uses RFC1490 for bridged and routed protocols.
: These errors are all cosmetic.
: No work around is required. [CSCdi48715]

If parallel connections are made to a dialer group or ISDN interface that use the same IP address and a neighbor route is necessary, then the neighbor route is added for the first connection only. Subsequent connections will detect that a route already exists and do not add another route. This situation works until the first connection closes and its neighbor route is removed. The other connections remain but no neighbor route is installed for them. This problem applies to parallel connections not to multilink bundles. [CSCdi49007]
When booting a router on which all ATM interfaces are in a no shut state, you need to issue a shutdown and no shutdown command sequence on one of the ATM interfaces to make Service-Specific Connection-Oriented Protocol (SSCOP) fully initialized and to allow ATM signaling to function properly. [CSCdi49275]
If Cisco's enhanced Terminal Access Controller Access Control System (TACACS+) is enabled, you cannot specify inbound authentication on the Point-to-Point Protocol (PPP) authentication configuration line. [CSCdi49280]
Nondefault IPX encapsulation on an ATM subinterface using the ipx encaps xxx command does not work. To configure the nondefault encapsulation, use the ipx network network encapsulation encapsulation-type command. [CSCdi49729]
Cisco IOS Release 11.0(6), Release 11.1(2), and Catalyst 5000 ATM software release 2.1 and later contain a fix for an Emulated LAN defect. If you deploy Release 11.0(6), Release 11.1(2), or Catalyst 5000 ATM software release 2.1 or later releases in your network, and you use Emulated LAN bridging features, you must upgrade the Cisco IOS software in all routers and Catalyst 5000 switches in your network to use a version of Cisco IOS software that contains the fix. Failure to upgrade all devices in a particular Emulated LAN will result in interoperability problems between Cisco devices.

: If you choose to continue to use Cisco IOS Release 11.0(5), Release 11.1(1) or earlier releases, the Catalyst 5000 requires ATM software release 1.1. [CSCdi49790]

IPX packets fastswitched by a 4500, 4700, or 75xx to a an Emulated LAN (LANE) subinterface using SAP, SNAP, or novell-ether encapsulation may be dropped by the receiving IPX server or client because of a mismatch between the length indicated in the ethernet packet header and the actual packet length.

: The workaround is to disable IPX fastswitching ("no ipx route-cache") on the ATM interface. [CSCdi50312]

IPX packets transmitted over LANE, and then bridged onto a real ethernet, can have odd length. Some IPX clients and servers will drop ethernet packets whose length is not an even number of bytes.

: There is no workaround. [CSCdi50313]

If a backup interface is brought up, a floating static route will point through the backup interface to the remote node and network. When the original interface comes back up, the floating static route is removed. The backup interface will not see any traffic and an idle timeout will bring down the backup connection. If, however, the original interface comes back up before the backup connection is complete, the floating static route will have been removed and a neighbor route will be added to the peer address. This route will carry routing updates to the peer over the backup and thus reset the idle timeout with each packet. The backup interface will never disconnect. This behaviour was not present before Release 11.0(3). [CSCdi50489]
Fast switching IP traffic may fail from an ATM Interface Processor (AIP) onto an FDDI with RIF presence. [CSCdi50609]
When bridging is enabled on a LANE client in all platforms supporting LANE (in 11.1(1)), a flush request is sent out to clear the BUS path of any outstanding packets before using the data direct. If the flush response doesn't come back, then no traffic can go through as packets will get dropped by the bridge as it is waiting for the Flush response.

: This problem is fixed in 11.1 (2) version, by having a timer associated with the flush requests. When the timer expires, we would have waited long enough to send further traffic through the data direct path. [CSCdi50636]

International calls being placed using the Australian Primary Rate switch type of primary-ts014 do not tag the format of the called address field correctly. This results in calls to locations outside of Australia being rejected as unassigned. [CSCdi50927]
Cisco LANE clients will not interoperate with non-Cisco BUS's that deliver data to the client on multicast-send VCCs. Packets sent to the client on the multicast-send are discarded. In addition, the error message "%LINK-2-NOSOURCE: Source idb not set" may appear when these packets arrive. There is no workaround. [CSCdi50945]

XRemote

Tracebacks indicating Xremote is firing timers with negative offset are noticed on router's console and syslog. [CSCdi49796]
Xremote does not work if attempted from telnet connections. [CSCdi49862]

11.1(17)AA Caveats

This section describes possibly unexpected behavior by Release 11.1(17)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(17)AA.

AppleTalk

The performance of ARAP clients during file transfer is poor. The clients are using analog and ISDN connections. IBM PC users, which are also using analog and ISDN connections, are not affected. [CSCdi87229]

Basic System Services

The router might reload when trying to process the show accounting command. [CSCdi69364]
The 3640 may experience NVRAM corruption when using an ISDN BRI network module when compression is enabled. Symptoms include SegV exceptions, and missing configurations. [CSCdj03841]

Interfaces and Bridging

T1 channelize port doesn't come up getting an loss of signal on a 3620 using a 2 port channelize card, but a 2524 with a FT1 doesn't have any problem. [CSCdj70072]
Turning bridging on an ethernet interface caused a memory corruption. [CSCdj72902]

Wide-Area Networking

The remote user came in Group-Async1 as analog call with it's own ip address, but the as5200 still tried assign the ip address from the pool to the remote router. [CSCdj06944]
Router keeps stacking UA packets in the output queue. The ISDN switch never receives them because packets were stuck at the output queue of the D-channel interface in the router. [CSCdj46140]
There is a memory leak in the isdn process present in 11.1(14AA) code on the 3640. Symptoms are that the router hangs periodically. Only a reboot will free the unused but allocated memory. The exec command show proc mem will report the amount of allocated/freed/holding memory that each process is using. Issue the command every few hours and compare to see which process is holding memory. An example output is below:

: router>show proc mem Total: 8118000, Used: 6219252, Free: 1898748 PID TTY Allocated Freed Holding Getbufs Retbufs Process 1 0 1464060 1294600 15700 0 0 PPP auth 2 0 67097692 65024344 3988404 0 0 ISDN
: router>show proc mem Total: 8118000, Used: 7908580, Free: 209420 PID TTY Allocated Freed Holding Getbufs Retbufs Process 1 0 2302812 2044864 15248 0 0 PPP auth 2 0 103842164 101087932 5684824 0 0 ISDN
: (output will vary from router to router)
: The amount of time before the router hangs depends on many factors such as the number of isdn sessions and the amount of memory. If you look at process id (PID) 2 you see that the isdn process is holding memory and not freeing it after use. If one process's holding figure continually increments until the router runs out of memory, then a memory leak is present regarding that process. [CSCdj62833]

11.1(16)AA Caveats/11.1(17)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(16)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(16)AA. For additional caveats applicable to Release 11.1(16)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(17)AA.

Wide-Area Networking

On a 3600 series router, HSRP hellos are not received on a token ring interface with multiring all configured. [CSCdj47021]

11.1(15)AA Caveats/11.1(16)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(15)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(15)AA. For additional caveats applicable to Release 11.1(15)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(16)AA.

11.1(14)AA Caveats/11.1(15)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(14)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(14)AA. For additional caveats applicable to Release 11.1(14)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(15)AA.

IBM Connectivity

Attachmate Advanced Function SDLC adapter is limited to 19.2 kbps on a Cisco 3600 asynchronous/synchronous port. Setting the clock rate above 19.2 kbps will eventually cause an abort in an I-Frame which inactivates the PU. The router SNRMs the device, but it does not respond to the UA from the Attachmate SDLC adapter. Issuing the clear interface command or the shut and no shut commands will restart the device.

: Issue a show controller serial command, then look for the "residual indication count". If the counter is at "0," then this caveat is not the problem. If it is a non-zero value, then this caveat may the problem. [CSCdj17394]

Interfaces and Bridging

This autoconfig procedure should only be used for running back to back tests with 2.1.9 f/w when using IOS versions 11.1(9)AA, 11.2(3), or above, and then autoconfig should be disabled or the modemcap changes removed for production (regular) operation.

: Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#modemcap edit microcom_mfg_1 template microcom_hdms Router(config)#modemcap edit microcom_mfg_1 best-error-control
0-k0 Router(config)modemcap edit microcom_mfg_1 misc %g1%b28800 Router(config)#li 1 48 Router(config-line)#modem auto type microcom_mfg_1 Router(config-line)stopbit 1 Router(config-line)flow hardware Router(config-line)speed 115200 Router(config-line)parity none Router(config-line)modem InOut Router(config-line)#exit Router(config)#conf 0x2 Router(config)#exit [CSCdj04947]

Dialer in-band does not work with 3600 platforms when the interface used is X.21 cable on the 5-in-1 WIC. [CSCdj40826]

Wide-Area Networking

Taking out the clock source command for E1 controller does not affect 36xx platform as the clock selection for E1 is automatic. [CSCdj12808]

11.1(13)AA Caveats/11.1(14)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(13)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(13)AA. For additional caveats applicable to Release 11.1(13)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(14)AA.

Basic System Services

The Cisco 3600 series is missing the modemcap and modem auto discovery subsystems in the Service Provider subset images (c3620-p-mz and c3640-p-mz) in Release 11.1AA and Release 11.2P.

: Note that the other Cisco 3600 series image subsets are not affected by this bug. [CSCdj27391]

When configured for autoboot the system will fall into a boot loop if all attempts to boot according to the user configured boot commands fail. This error occurs in systems running rom monitor version 474, 474A with system images 11.1(8)AA and 11.2(6.1)P or greater.

: The workarounds are to avoid configuring boot commands unless we need to boot an image that is not the first image in system flash or to add last resort boot command(s). The example below will force the system to boot the first image in flash, first image in 2nd partition of system flash, and first image bootflash respectively if all else fails.
: (e.g. boot system flash flash:, boot system flash flash:2:, boot system flash bootflash: ) [CSCdj34884]

11.1(12)AA Caveats/11.1(13)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(12)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(12)AA. For additional caveats applicable to Release 11.1(12)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(13)AA.

Access Server

An AS5200 may sometimes crash with the following stack trace :

: 0x221FF150:_mai_handle_b2b_connect(0x2202ea38+0x1d069c)+0x7c 0x221FC394:_mai_execute_proc(0x2202ea38+0x1cd908)+0x54 0x221FC492:_mai_queue_handler(0x2202ea38+0x1cda2c)+0x2e 0x221FC530:_mai_maintn_process(0x2202ea38+0x1cda72)+0x86 [CSCdj20121]

11.1(11)AA Caveats/11.1(12)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(11)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(11)AA. For additional caveats applicable to Release 11.1(11)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(12)AA.

Basic System Services

The message:

: %SYS-3-SUPNONE: Registry 23 doesn't exist
: May appear at boot time. The message is displayed in error, and there is no operational effect on the router. It can safely be ignored. [CSCdj04776]

The format of the boot command is incorrect, thus when configured to autoboot the router will always boot the first image from the default device since all attempts to boot according the user's boot configuration will fail. Note the user must enter a new config command in order to corrupt the previous settings. [CSCdj11951]
During Customer configuration of a 3640 from multiple telnet sessions or from console and a telnet session the following sequence causes a NVRAM corruption:

: From one of the sessions: sho conf
: From the other session: wr m
: These commands occur at the same point in time causing the router to do any of the following: a) Seg V b) PCI Master Abort c) Spirous memory access d) NVRAM corruption e) "trash" displayed to screen of "^@^@^@..." [CSCdj17520]

Interfaces and Bridging

The command 'dce-terminal-timing-enable' command is used to prevent phase shifting of the data with respect to the clock when running the line at high speeds over long distances.

: This command is currently not supported on Cisco 1600 and 3600 series of Routers. [CSCdj05354]

TCP/IP Host-Mode Services

No more than one DLSw peer comes active in a 3640 running 11.1(10) IOS. It is possible to configure the second peer, but this one will never be in a CONNECT state.

: Workaround is to configure no transport input on the auxport line. [CSCdj09782]

11.1(10)AA Caveats/11.1(11)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(10)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(10)AA. For additional caveats applicable to Release 11.1(10)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(11)AA.

Interfaces and Bridging

The signal status shows that the DSR and RTS signal to be up even when the serial interface is administratively down. [CSCdi66746]

Wide-Area Networking

ISDN leased-line does not come up after reload on 36xx platforms. [CSCdj03228]

11.1(9)AA Caveats/11.1(10)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(9)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(9)AA. For additional caveats applicable to Release 11.1(9)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(10)AA.

On Cisco 3600 platforms, when fair queueing with schedule interval is configured and multiple protocols (for example, transparent bridging, IP, IPX, AppleTalk, and CLNS) are running at the same time, and the

On Cisco 3600 platforms, when fair queueing with schedule interval is configured and multiple protocols (for example, transparent bridging, IP, IPX, AppleTalk, and CLNS) are running at the same time, and the load is extremely heavy, a memory leak can occur. To work around, do not configure fair queueing and schedule interval at the same time on systems with extremely heavy traffic (greater than 99% CPU utilization). [CSCdi79081]

11.1(8)AA Caveats/11.1(9)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(8)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(8)AA. For additional caveats applicable to Release 11.1(8)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(9)AA.

IBM Connectivity

APPN/DLUR does not provide you the ability to limit the number of dependent PUs it may support. This may be desirable when designing networks using some of the fault-tolerant and redundancy features available to you when using APPN/DLUR in conjunction with RSRB or DLSW+. [CSCdi72398]

11.1(7)AA Caveats/11.1(8)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(7)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(7)AA. For additional caveats applicable to Release 11.1(7)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(8)AA.

Basic System Services

The Cisco CSU/DSU MIB is currently not supported on the 1602. [CSCdi69377]
CardIfIndexTable does not show entries corresponding to T1/E1 ports. This does not affect the normal operation of the PRI network module. [CSCdi69480]
The mib entry dsx1IfIndex does not conform to its definition in rfc 1406. This does affect any normal operation of PRI network module. [CSCdi71115]

Interfaces and Bridging

This condition may occur if two token ring cables are removed from the MAU simultaneously while the token ring interfaces are heavily loaded with traffic. To avoid this, do not remove the two cables simultaneously while using those interfaces. [CSCdi63197]
This problem will cause the buffer consumption of the router excessively high when the router has to forward bridging packets over a serial interface with low baud rate such as 128kbps. The interface must also be configured with "fair-queue" and the then router must have been reloaded after "fair-queue" was configured.

: The excessive buffer consumption only lasts during the high volume of bridging traffic going through for a sustaining period. Once the traffic slow down, the buffers are returned.
: The work around of the problem is by not using "fair-queue" scheme with bridging on slow speed serial interfaces. [CSCdi70429]

11.1(5)AA Caveats/11.1(7)AA Modifications

This section describes possibly unexpected behavior by Release 11.1(5)AA. Unless otherwise noted, these caveats apply to all 11.1 AA releases up to and including 11.1(5)AA. For additional caveats applicable to Release 11.1(5)AA, see the caveats sections for newer 11.1 AA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(7)AA.

11.1(17)CA Caveats

This section describes possibly unexpected behavior by Release 11.1(17)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(17)CA.

Basic System Services

CSCdj12951:Need better crash information to debug data/stack corruption crashes

: SOLUTION: Write crash information to default bootflash:crashinfo in RSP and flash:crashinfo in RP. A series of "test crash" command selections are used to control and change the crashinfo collection mechanism.
: The crash information contains: . up to 32 KB in RSP of errmsg log plus command history including config commands that user enters or "copy". In RP, it is 20 KB . contains up to 32 KB on RSP and 20 KB on RP for all the following informatrion . crash stack trace . crash context . stack dump at crash . dump memory for each register containing "valid" RAM address . add errmsg display on invalid length of bcopy . add two commands to "test crash" . "sh stack" will display ("cat" as in UNIX) the bootflash:crashinfo file if there was a crash. User can also do "copy flash tftp" to dump the ASCII file bootflash/flash:crashinfo to server. . the size is 16 KB of errmsg/command plus up to 16 KB of memory dump and other crash information. There is one 16 KB DRAM declared for this crash information collection mechanism. . Only c7000 and RSP are activated with new crashinfo mechanism and the 16 KB. 4500 and others will see no difference. . memory dump on malloc/free trace [CSCdj12951]

Register dump has provided valuable information to find out root cause of a crash especially for memory corruption crashes.

: This fix enchanced the register dump and crashinfo in general by providing: . not only deallocator of a freed block but also the previous deallocator . better early memory corruption detection when "debug sanity" is on . dectect whether data in register is inside a malloc block. if so dump the entire malloc block (up to 1 KB) . check the contents of register memory dump for valid RAM address and dump them as well. This is useful to dump places such as pak->datagramstart or hwidb->next etc. . consolidates all memory dump into up to 96 dump blocks to eliminate duplicate dump on same/nearby area. [CSCdj18684]

In certain low memory cases, the initialization of the netflow cache can fail and not generate an error message. [CSCdj21130]
Netflow data export will not set the source prefix mask bits and source AS for flows which are either unroutable or are destined for the box. [CSCdj36616]
In 7513 router, there are the error messages "%RSP-2-QAERROR: reused or zero link error, write at addr 0160 (QA). This messages mean that may occur due to the duplication of a packet pointer, which is an invalid state. [CSCdj41153]
If a loopback interface is configured then removed then re-installed it will not show up in the interface index until the router is reloaded. The only way to have the interface show up in the ifIndex is to reboot the router [CSCdj42687]
On a 7200 platform, netflow cache entries may not be created if largest memory size is less than 1/4 of the free memory.

: Workaround: reboot the router and enable the netflow before the memory become fragmented. [CSCdj51159]

the console/virtual-terminal exec on 7500 HSA systems may become unresponsive with configurations larger than 128K and service compress-config. the console can lock up on "wr mem" or "copy running" commands, and the configuration nvram can become corrupted and inaccessible. other vtys and packet forwarding and routing operations will continue operating unimpeded while the console or telnet exec is nonresponsive.

: a workaround is to store the configuration in flash. for example, "copy running slot0:config" and configure "boot config slot0:config", and "service compress", and "boot buffersize N", where N is at least three times the configuration size in bytes. then the "wr mem" command will work slowly - 10 minutes elapsed time for each 128k block of configuration text.
: the method to recover configuration nvram after nvram is corrupted is: send RS232 break to the console of both master and slave. use rommon "confreg" on master and slave to ignore system config. use rommon "reset" command on master & slave and boot a slave-capable image. on the master console, copy good config file from flash or tftp into running-config. turn off the 0x40 bit in the configuration register by using the "sh ver" exec command and the "config-register" configuration command. reload the master. [CSCdj63926]

When using boot config slot0:(filename) command to store and boot configuration from the flash card, it is unable to save running configurations larger than the NVRAM size to the flash card by the use of the write mem command.

: service compress-config command can normally be used as a workaround, but it may be affected by DDTS CSCdj63926. The safe workaround is to use tftp to save the larger configurations. [CSCdj69777]

A corrupt buffer header is causing 7500 Routers to restart with bus error. This occurs about twice a day. They are running IOS 11.1.(15.05)CA. [CSCdj70296]
A 7513 running 11.1(15)CA fails to generate a SYS Error Message (or send a trap) when power supply number 2 loses (or regains) electrical power. [CSCdj76078]
Router forwards packets out of sequence with WFQ. [CSCdj77694]

EXEC and Configuration Parser

Configuring a "keepalive 1200" argument in the dlsw local peer definition causes the rtr to automatically add a "timeout 3600" to the dlsw remote peer statements. If the rtr reloads the parser will see the "3600" as an invalid argument. This will cause the remote peer statements to be removed.

: These symptoms have been observed in 11.1CA releases. [CSCdj30005]

IBM Connectivity

*** Release-Note ***

: LLC2 circuit establishment intermittently fails when DLSW is transported across ATM LANE. [CSCdj40095]

With SRB is configured, OIR removing a token ring port adapter (ex: PA-4R) followed by adding a different token ring port adapter type (ex: PA-4R-DTR), the user must reconfigure SRB on the ports. The problem is that this creates duplicate ring numbers and SRB fails to bridge traffic on those ports. [CSCdj66310]
After configuring srb on fddi a huge amount of ignored packets is visible on a cisco 7500 with viper fddi pa.

: Old FIP cards did not show the ignored packets.
: Workaround is to use FIP cards. [CSCdj76260]

Interfaces and Bridging

When running IP Multicast over LAN Emulation on the ATM port adapter, there is a possibility that the ATM port adapter will receive cell FIFO overrun. This will subsequently cause related input packets to be dropped. This condition has been observed in the lab when the IP Multicast traffic reaches a certain rate. We are investigating the cause of this condition. While this problem is negligible when the source traffic is shaped at a lower rate, we recommend that this feature, that is, IP Multicast over LANE, not be used until the cause is found and a fix determined. [CSCdj02702]
On a c7200 system, when ip mroute-cache is enabled on the atm-lite interface, the system will slowly lose some fastswitching resource. Eventually, the system will not be able to perform fastswitching of any protocol any more and all traffic will be process switched. [CSCdj16067]
When an new E1 is added, PA-8T may go into unstable "up-down" situation. The instablility may cause VIP2-20 to restart. [CSCdj24584]
The pos specify-s1s0 and pos specify-c2 POS interface specific configuration commands do not work correctly. [CSCdj25166]
A checkheaps crash on the VIP can occur with a POSIP when the line is flapping continuously. This is due to the POSIP getting reset during line up/down events. Line flapping can be minimized by disabling keepalives or reloading the one router at a time. [CSCdj26511]
The "no buffer" counter on the ATM interface of the CES Card for the 7200 Series does not increment correctly. It will spuriously record a "no buffer" even if hardware buffers are available. [CSCdj31158]
7500's with OC3 POSIP interfaces do not support the Path Trace Buffer feature that the GSR (c12000) supports which indicates the name, interface, IP address, etc. of the remote connection.

: On a GSR that is connected to a 7500, the Path Trace Buffer information available via the "show controller pos" command will be blank.
: This will not impact the functionality of the router, but the presence of the feature makes misconnections easier to debug. [CSCdj31880]

Sometimes the message 'COMPRESS: bad hwidb or comp_db not set up! 0, 0' is generated from the router, even though debugging is not turned on. [CSCdj54173]
ATM interface in VIP crashed [CSCdj66230]
A configured mtu size on a token ring interface on a 7500 router running 11.1(14)CA will not save that configuration upon reload even after writing the change to nvram. No other part of the configuration is erased or changed. [CSCdj67165]
The router is working just fine when only bridging is configured. If, while bridging is configured, and ip address is added to that interface, and you attempt to send an IP ping down that interface, the CT3 reports bad 'vc', and the link stops carrying traffic. It's inability to carry traffic is easily explained after a bunch of bad 'vc' messages. The bad 'vc' messages would appear to be some nasty interaction between bridging and IP. [CSCdj68602]
When running 11.1.15 (CA) with HSA enabled you may get the following message when creating a pvc. If the router actually switches over to the slave. So far only if you boot up with only one RSP4 in the box will it work.

: %AIP-3-AIPREJCMD: ATM1/0/0 vip_1a_teardown_vc command failed (error code 0x0008) [CSCdj69076]

With CE1-PAs and weighted fair queueing configured all intefaces of channelized E1 port adaptors have a lot of drop packets. [CSCdj69502]
Release-note ------------ "Received broadcast" counter not incrementing on PA-4R but does on TRIP-4. [CSCdj70644]
Customer reported the following error message on two 7500 routers with PA4R port adaptors on vip2-40 cards.

: %TR-3-ADPCHK: Interface TokenRing1/0/1, adapter check error (0001 0002 954A 8C0D)
: This error was caused by physical ring problem which was fixed later on. However, out of 29 Cisco routers on the same Backbone ring the above two required manual intervention.
: The interface status showed reset, and the only way to get the interface back up was by doing a shut, no shut on the interfaces. [CSCdj75820]

On 7200 with the I/O controller with MII only and other platforms (i.e., 4500 and 7500), the regular Fast Ethernet PA media config command is missing the RJ45 option; only the MII option is available. On 7500 platform, to configure for RJ45, use the "no media-type MII" option as a workaround. The workaround is not available for 4500 and 7200 platform. Because all images use RJ45 as the default media type for Fast Ethernet, they will not discard the original configurations that specify RJ45. [CSCdj75983]
PA-4T+ or PA-8T will show default clockrate when it is used as a DTE interface but before cable is connected or interface is enabled. This is because in some IOS re;eases, default is set to be DCE, and the interface will continue to act so until the interface is up and the DTE cable is detected. [CSCdj76240]

IP Routing Protocols

OSPF neighbor adjacency doesn't get removed on adminstratively shutdown point-to-point 'ip unnumbered' atm interface until the OSPF dead timer expires. [CSCdi92187]
BGP: Setting origin type on inbound BGP routes fails [CSCdj01570]
A spurious alignment may be recorded on an RSP4 if pim multicast routing and OSPF are both configured on an RFC1483 ATM installation.

: No harmful effects have noted for user data. The problem was observed in 11.1(11)CA but not in 11.1(12)CA in the affected routers. [CSCdj20752]

Routers running IOS 11.1(13)CA or 11.1(13)CA with IP access-list logging for inbound access-groups does not perform logging unless router is reloaded. [CSCdj40503]
In some instances, when running OSPF on 11.1(13), router will have increased ospf route calculation, and reload giving a bus error. There is no work-around at this time, and problem is intermitant at best. [CSCdj57321]
The "distribute-list in" does not filter static/summary (null0) routes ("distribute-list out" works fine). [CSCdj62406]
A static summary route (pointing to null0) that it is redistributed in eigrp, and that covers the address space of any connected interface used in eigrp, will not be in the topology until the router is reloaded. [CSCdj62409]
The order of the communities in the "sh ip bgp community" command has a big impact on the command output:

: Router#sh ip b community local-AS 111:12345 ^ % Invalid input detected at '^' marker.
: Router#
: Router#sh ip b community 111:12345 local-AS BGP table version is 10, local router ID is 224.0.0.10 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
: Network Next Hop Metric LocPrf Weight Path *> 2.2.2.2/32 158.43.222.2 0 0 222 ? *> 111.0.0.0 158.43.222.2 0 0 222 ? [CSCdj64067]

Packets multicast packets or packets that get process switched due to a fast cache miss can see a double ttl decrement. [CSCdj66566]
In RFC2178 the summary cost calculation has changed. The cost of the summary route should be equal to the highest cost of the more specific routes the summary includes (current ospf implementation takes the lowest cost). [CSCdj77692]

ISO CLNS

A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem was a result of the node being deleted and freed in the middle of tree walk. This is an IS-IS (using AVL tree) specific problem. [CSCdj18685]
When an ISIS router has an IP summary configured, it advertises that summary to other L2 routers. But it does not have a route in the routing table for that route. When there are two L2 routers in an area advertising the same IP summary, the two routers will install an IP route for that summary pointing to each other. This can cause forwarding loops for packet for non-exisiting more-specifics of that summary. The solution is to install an IP route to the null0 interface for that summary. [CSCdj62664]
In ISIS each metric consists of 6 bits. There is an extra bit called the internal/external bit. This functions like E1 and E2 external routes in OSPF. Our current implementation lets you set this bit at redistribution, but we will never look at this bit when calculating routes. [CSCdj62665]
In ISIS all areas are stub areas. This means that no routing information is leaked from the backbone (L2) into areas (L1). Level-1-only routers will use default routing to the closest L1L2 router in their area. This new feature will enable one to redistribute L2 IP routes into L1 areas. This enables L1-only routers to pick the best path for an IP prefix to get out of the area. This is an IP-only feature, CLNS routing is still stub. Which L2 IP routes can be redistributed into L1 can be controlled via distribute-lists for more control and scalability. [CSCdj62666]
When a node is directly connected via a LAN interface, but also has other equal-cost paths via other nodes, only the directly connected path over the LAN is used. [CSCdj70485]

Wide-Area Networking

When performing an OIR of a VIP PA it is possible to get a CPU hog in OIR handler and performance may be affected. Avoiding an OIR is the workaround for the problem. [CSCdj66959]
LANE does not filter multicast packets (like ethernet hardware). As a result, some multicast packets may get to process level and get duplicated. To prevent the router from doing this, configure bridging on the interface. If the protocol is routed and if bridging is configured on the Lane Client configured interface, the multicast packets will get dropped. [CSCdj74418]
IPC-2-CONSISTENCY: Message failed consistency check message in the logs probably after some command was issued. [CSCdj75613]

11.1(16)CA Caveats/11.1(17)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(16)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(16)CA. For additional caveats applicable to Release 11.1(16)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(17)CA.

Basic System Services

"show memory
" can cause an RSP4 to reload if an invalid address is specified. [CSCdi78714]
Some commonly used TCP ports are missing from the show ip cache flow command output. [CSCdj19275]
The write-back view of packet memory is no longer used, and is thus redundant. Additionally the commands test rsp cache memd-optimum-and-flow caching-method and test rsp cache memd-fastswitch caching-method do the same thing. [CSCdj34218]
if an IP fails, the interfaces on it may be removed from the configuration without appropriate notification to protocols running on those interfaces. [CSCdj34427]
On Cisco IOS Release 11.1(14)CA image, the ip telnet source-interface loopback0 command does not work on rsp based images. When telnetting from the router the ip address does not change to the address of the loopback. [CSCdj52163]
Netflow data export out a ISL encapsulated link will cause UDP checksum errors to occur in the packets. The workaround is to export via a plain ether. [CSCdj54222]
After a user sends a break command to the console, the cont command does not work - it does not restart the running IOS. Instead the system will crash again and drop to the ROMMON prompt. The break command also does not work properly - it may hang, and the ROMMON command stack will report the wrong backtrace.

: This bug affects all platforms with MIPS R4700 and R4600 chips, including all RSP-based platforms. [CSCdj58608]

When running 11.1(15)CA on a 7500 series router, the router will accept netflow configuration commands for PRI interfaces, but will not enable netflow switching. The netflow switching configuration doesn't appear in the current running configuration, and when "show ip interfaces sx/x/x:23" is performed, flow switching is listed as disabled. [CSCdj66264]
telnet tos is saved in hex format instead of decimal. riw [CSCdj73718]

IBM Connectivity

A router using 11.1(10)CA for DLSw QLLC conversion may output messages of the form:

: %SYS-2-LINKED: Bad enqueue of 612207C0 in queue 60D2BE40 -Process= "X25 Timer", ipl= 5, pid= 56 -Traceback= 601176B0 606925D4 60691258 60733898 60691774 6068EFF0 6068B46C 60130DFC 6059B924 6058D850 6059E878 6059EDA4 6059D4A0 60593088 6012D200 6012D1EC
: There is no workaround for this problem. [CSCdj39765]

Interfaces and Bridging

A situation has been found when bridging between LANE and FDDI that a Cisco router is not handling the packets appropriatly. This case is still under investigation. If a bug is found, then it will be fixed in a future release of software. [CSCdj51644]
In rare cases a Cisco 7200 router with a token ring port adapter may crash if one of it's token ring ports attempts to insert into the ring and fails due to a ring error. [CSCdj59796]
Symptom: The Serial Links on PA-4T+, PA-8T flap when exposed to Moderate traffic load on the VIP or the c7200. This causes spurious interface resets.

: Workaround: turn off fancy queueing, i.e. use FIFO for queueing strategy. WFQ is enabled by default and should be disabled by the command: no fair. However under severe traffic conditions some isolated interface reset might be observed with the workaround being applied. [CSCdj60813]

3Com G703 to X21 converters do not resynch after failure on 7200 serial interfaces. The converters loose their timing and crc errors increment on each end of the link. Manual intervention is required to have converters resynch. The problem is not appearant on other platform serial interfaces. [CSCdj65162]
Release-Note ------------ In rare circumstances, a 7200 containing FDDI pa's and configured for source-route bridging, will incorrectly forward an IP packet that contains a RIF field back out onto the same interface that it came. This behavior will result in IP packets "looping" around the FDDI ring until the Time To Live counter reaches 0. There is no known workaround. [CSCdj71082]

IP Routing Protocols

With certain route-map configuration or soft-reconfiguration, the LOCAL_PREF for a path may be set to 0, resulting in wrong path being selected. [CSCdj55839]
The error message displayed at the console when dampening "reuse" is higher than "suppress" is bogus. [CSCdj62820]
Under rare ciscumstances a BGP router sends bgp updates with a duplicate community attribute, which triggers the neighbor reset. [CSCdj64103]
ospf ignore lsa mospf does not suppress all error messages related to MOSPF. In particular, error messages about receiving MOSPF LSA in link state acknowlegement packet are still generated. These error messages will appear if there are more than 2 MOSPF routers on the same LAN as the Cisco router.

: This fix suppress error messages for link state acknowlegment packet too. [CSCdj66792]

When inbound soft-reconfiguration is configured, this bug may cause bgp attributes to be set incorrectly for received prefixes. [CSCdj73336]

Wide-Area Networking

The 100VG and 4R (half and full duplex) Port Adaptors require a VIP2-50 HW rev 2.03 to be enabled on the VIP2-50 product. VIP2-50 HW Revisions of 2.00, 2.01, 2.02 or lower do not support the 100VG and 4R. The VIP2-50 HW rev 2.03 will be available in late Q1, CY98.

: The minimum IOS revision for the 4R and 100VG on the VIP2-50 is 11.1(16)CA. Attempts to use the 4R and 100VG on VIP2-50 SW Releases prior to 11.1(16)CA will result in the VIP crashing.
: The following sample error messages will appear in the RSP log when a 4R or 100VG port adaptor is installed on a VIP2-50 HW rev 2.02 (or lower).
: %VIP2 R5K-1-MSG: slot2 IBM2692 in bay 0 requires VIP2-50 HW rev 2.03 or higher. %VIP2 R5K-1-MSG: slot3 HP100VG in bay 1 requires VIP2-50 HW rev 2.03 or higher.
: The VIP2-50 software will disable the 4R and 100VG port adaptors on the VIP, however the VIP will continue to service any supported port adaptor in the other bay.
: The output of "sho diag" also contains information that indicates that the 4R and 100VG PAs are not supported on the VIP2-50 HW rev 2.02 (or lower). The output of several sample "sho diag" commands is provided below.
: Slot 3: Physical slot 3, ~physical slot 0xC, logical slot 3, CBus 0 Microcode Status 0x4 Master Enable, LED, WCS Loaded Board is analyzed Pending I/O Status: None EEPROM format version 1 VIP2 R5K controller, HW rev 2.00, board revision UNKNOWN Serial number: 04530042 Part number: 73-2167-03 Test history: 0x00 RMA number: 00-00-00 Flags: cisco 7000 board; 7500 compatible
: EEPROM contents (hex): 0x20: 01 1E 02 00 00 45 1F 7A 49 08 77 03 00 00 00 00 0x30: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
: Slot database information: Flags: 0x4 Insertion time: 0x1B60 (00:02:04 ago)
: Controller Memory Size: 32 MBytes DRAM, 4096 KBytes SRAM
: PA Bay 0 Information: FDDI PA, 1 ports, PA-F/FD-MM EEPROM format version 1 HW rev 1.13, Board revision A0 Serial number: 06288604 Part number: 73-2138-03
: --Boot log begin--
: Cisco Internetwork Operating System Software IOS (tm) VIP Software (SVIP-DW-M), Experimental Version 11.1(4995) [dtaubert 125] Synced to mainline version: 11.1(15.3) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Thu 18-Dec-97 15:50 by dtaubert Image text-base: 0x600108D0, data-base: 0x6014E000
: IBM2692 in bay 1 requires VIP2-50 HW rev 2.03 or higher. --Boot log end--
: Slot 4: Physical slot 4, ~physical slot 0xB, logical slot 4, CBus 0 Microcode Status 0x4 Master Enable, LED, WCS Loaded Board is analyzed Pending I/O Status: None EEPROM format version 1 VIP2 R5K controller, HW rev 2.00, board revision UNKNOWN Serial number: 06349968 Part number: 73-2167-03 Test history: 0x00 RMA number: 00-00-00 Flags: cisco 7000 board; 7500 compatible
: EEPROM contents (hex): 0x20: 01 1E 02 00 00 60 E4 90 49 08 77 03 00 00 00 00 0x30: 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
: Slot database information: Flags: 0x4 Insertion time: 0x1B60 (00:02:25 ago)
: VIP Controller Memory Size: Unknown
: --Boot log begin--
: Cisco Internetwork Operating System Software IOS (tm) VIP Software (SVIP-DW-M), Experimental Version 11.1(4995) [dtaubert 125] Synced to mainline version: 11.1(15.3) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Thu 18-Dec-97 15:50 by dtaubert Image text-base: 0x600108D0, data-base: 0x6014E000
: IBM2692 in bay 0 requires VIP2-50 HW rev 2.03 or higher. IBM2692 in bay 1 requires VIP2-50 HW rev 2.03 or higher. --Boot log end--
: Slot 5: Physical slot 5, ~physical slot 0xA, logical slot 5, CBus 0 Microcode Status 0x4 Master Enable, LED, WCS Loaded Board is analyzed Pending I/O Status: None EEPROM format version 1 VIP2 R5K controller, HW rev 2.01, board revision UNKNOWN Serial number: 06349983 Part number: 73-2167-03 Test history: 0x00 RMA number: 00-00-00 Flags: cisco 7000 board; 7500 compatible
: EEPROM contents (hex): 0x20: 01 1E 02 01 00 60 E4 9F 49 08 77 03 00 00 00 00 0x30: 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
: Slot database information: Flags: 0x4 Insertion time: 0x1B60 (00:02:32 ago)
: Controller Memory Size: 64 MBytes DRAM, 8192 KBytes SRAM
: PA Bay 1 Information: FDDI PA, 1 ports, PA-F/FD-MM EEPROM format version 1 HW rev 1.00, Board revision A0 Serial number: 03546761 Part number: 73-1558-02
: --Boot log begin--
: Cisco Internetwork Operating System Software IOS (tm) VIP Software (SVIP-DW-M), Experimental Version 11.1(4995) [dtaubert 125] Synced to mainline version: 11.1(15.3) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Thu 18-Dec-97 15:50 by dtaubert Image text-base: 0x600108D0, data-base: 0x6014E000
: HP100VG in bay 0 requires VIP2-50 HW rev 2.03 or higher. --Boot log end-- [CSCdj52240]

The CyBus error reporting has been improved to help diagnose problems caused by VIP cards. Following the normal RSP-3-ERROR:

: %RSP-3-ERROR: CyBus0 error 10 %RSP-3-ERROR: command/address mismatch %RSP-3-ERROR: bus command read 4bytes (0x8) %RSP-3-ERROR: address offset (bits 3:1) 0 %RSP-3-ERROR: virtual address (bits 23:17) 000000
: The presence of a DBUS-3-CXBUSERR can help identify a possible cause of the error:
: %DBUS-3-CXBUSERR: Slot 2, CBus Error
: And additional information about the CyBus error may be provided via the VIP2-1-MSG logging mechanism:
: %VIP2-1-MSG: slot2 Nevada Error Interrupt Register = 0xA01 %VIP2-1-MSG: slot2 CYASIC Error Interrupt register 0x2010000F %VIP2-1-MSG: slot2 Readback of bad posted read data %VIP2-1-MSG: slot2 Parity Error internal to CYA %VIP2-1-MSG: slot2 Parity Error in data from CyBus %VIP2-1-MSG: slot2 Missing ACK on CyBus access %VIP2-1-MSG: slot2 NACK present on CyBus access %VIP2-1-MSG: slot2 CYASIC Other Interrupt register 0x100000 %VIP2-1-MSG: slot2 Unknown CYA oisr bit 0x00100000 %VIP2-1-MSG: slot2 CYBUS Error register 0x8001A10, PKT Bus Error register 0x41000001 %VIP2-1-MSG: slot2 Reno read parity error - bytes 0 & 1 %VIP2-1-MSG: slot2 Reno read parity error - bytes 2 & 3
: The CyBus error will then still result in a cbus complex restart:
: %RSP-3-RESTART: cbus complex [CSCdj74213]

11.1(15)CA Caveats/11.1(16)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(15)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(15)CA. For additional caveats applicable to Release 11.1(15)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(16)CA.

Basic System Services

On Cisco 7000 series routers, in the output of the show interface serial command, the packet input field reports the incorrect number of received packets. The workaround is to enable SSE switching on all MIP interfaces. [CSCdj01844]
RSP based platforms will reload at rsp_fs_free_memd_pack() caused by packets the need to be fragmented that have the dontfrag bit set in the IP header.

: This issue has shown itself in several different ways which include bus errors at XX200001, bus errors at 3DFEFEFEF, and process stack corruption due overflowing process switched packet queues (process stacks). [CSCdj20725]

Normal notification of change of state on the Slave RSP in HSA systems leads to an incorrect diagnosis of bugs. The messages are caused by CBus resets, and merely indicate that the slave is progressing through a normal series of states as it resets. The messages look like :

: %RSP-3-SLAVECHANGE: Slave changed state from Slave to Non-participant %RSP-3-SLAVECHANGE: Slave changed state from Non-participant to Slave %RSP-3-SLAVECHANGE: Slave changed state from Slave to Non-participant %RSP-3-SLAVECHANGE: Slave changed state from Non-participant to Slave [CSCdj40662]

On a 7500 router with HSA, the slave config will not be updated via the first "write mem" or "copy running-config startup-config" command. There is no warning to the user other than the absence of the "[OK]" on the slave console. The slave configuration will be updated on all subsequent "write mem" and "copy run start" commands, so the workaround is to repeat the command. [CSCdj50727]
Using hardware or distributed compression on the VIP may result in occasional "output stuck" messages. There are many problems that have this symptom, this is one of them. This commit fixes this problem. [CSCdj51983]
CSCdj17314 found a bug in RSP where radix walktree routine was suspended unexpectedly. This ddts put a detection mechanism to check whether there is other place radix walktree routine could suspend unexpectedly to cause various crashes on rn_walktree_* routine. [CSCdj52129]
When turning off netflow via ip route-cache optimum, a spurious access can occur. [CSCdj54246]

Interfaces and Bridging

When "ip route-cache cbus" is configured on an interface, there is the potential for intermittent router crashes due to an incoherent cache entry data structure.

: If this incoherency occurs and does not cause a router crash, it may instead cause cbus switching to be automatically disabled, and the interface would resort to fast switching (or sse switching if sse switching were also configured). [CSCdi43526]

In the case where a T1 is broken out of the CT3 bundle, and sent to one of the test/external ports, *and* that T1 is also configured as an IOS interface at the CT3, the following unintended side effects can be observed:

: . data arriving on that T1 from the CT3 bundle is sent to the test/external port as intended, but also sent towards the IOS interface configured at the CT3. Depending on the router configuration, this may in turn cause each such packet to be received twice, once (correctly) by the MIP (or whatever is connected to the test/external port) and once (incorrectly) by the CT3.
: . any FDL, IBCD or BOC messages sent from the remote T1 end (arriving via the CT3 bundle) will be sent to the test/external port as intended, but also interpreted by T1 framer at the CT3. When the message requests some loopbacks (most notably line loopback), that T1 will be looped at the CT3. The CT3 should be completely transparent for any T1s sent to the test/external ports. [CSCdj42171]

In certain conditions, bridged traffic through a 7206 running 11.1(13a)CA1 coming in on a Frame Relay Interface may have the last four bytes corrupted. The same problem has also been reported on a 3640 running 11.2(8)P. It is also expected that the problem might occur when the inbound is atm(aal3/4), smds, lane-ether or the outbound media has enabled ppp compression, priority queueing or outbound media is isdn, dialer interface. [CSCdj47881]
Problem has been identified in the code where buffer size of 256 is used by the vip if the vip card is a vip2-20 and the PA is a PA-4R-FDX. The right buffer size should be 512 which is what the 4R driver is using. The difference in buffer size betw [CSCdj49030]
ATM lite port adapter on VIP2 platform does not function. The symptom is the interface gets output stuck and going up and down repeatedly. [CSCdj51923]
Current "show controller t3 x/0/0 tabular" output is based on UTC (Coordinated Universal Time). Which does not match with the local "show clock" output. Since "show clock" output will offset UTC with local time zone value.

: It is prefered the "show controller t3 x/0/0 tabular" output use the time displayed by "show clock". [CSCdj53768]

IP Routing Protocols

CPUHOG with process= virtual exec. [CSCdi76019]
. New configuration command, "ip spd mode aggressive" is provided. When configured, all IP packets fail sanity check such as bad checksum not version 4, and bad TTL, will be dropped aggressively to guard against bad IP packets spoofing. "show ip spd" display whether aggressive mode is enabled or not. . SPD random drop in RSP is supported

: When enabled, SPD now works as follows: . When "ip spd mode aggressive" is enabled, IP packets fail sanity checks are classified as aggressive droppable packet. . when IP input queue reaches SPD min-threshold (specified by "ip spd queue min-threshold N"), all aggressive droppable packets are dropped immediately while normal IP packets (not high priority SPD packets) are dropped with increasing probability as length of IP input queue grows. . when IP input queue reaches SPD max-threshold (specified by "ip spd queue max-threshold N"), all normal IP packets are dropped at 100%. . The default SPD min-threshold is 10 while max-threshold is 75 . To avoid an input interface takes too many router resources, new packet (SPD or not) received from that interface are dropped when the interface has more than input hold queue limit of input packets floating somewhere in the router. [CSCdj45202]

If the BGP neighbor has the default-originate defined and then the AS of the BGP neighbor is changed, then default-originate will no longer be in wr t. Workaround is to add it back in. [CSCdj45721]
With dampening on, BGP is assigning penalty and incrementing the flap statistics even when a withdrawn prefix is re-announced. [CSCdj45833]
In the presence of large number of subnets, a CPUHOG msg like the following may be generated:

: 7000 running 11.0.16 getting :
: .Sep 30 17:55:32: %SYS-3-CPUHOG: Task ran for 2608 msec (73/65), Process = BGP scanner, PC = 176388 [CSCdj45966]

Set metric 0 configuration doesn't work in a BGP neighbor outbound route-map. A workaround is to use "set metric 1" in the route-map instead. [CSCdj49095]
To help in troubleshooting and avoid any confusion, the 'show ip bgp' output should show the default local preference of 100 for ebgp learnt routes as we do for the ibgp learnt routes. [CSCdj49566]
Currently bgp does not check the number of outstanding messages when receiving from TCP. This behavior could weaken the TCP flow control in some cases. This fix will cap the number of outstanding messages in bgp receiving queue to 600. [CSCdj51596]
In c75xx platforms, if the inbound SMDS encapsulated packet size is greater than the MTU of outbound media, then the packet transmission failure is expected. This problem will occur only if the optimum switching is turned-off (no ip route-cache opt) and fast switching is turned-on. A possible workaround is to issue a ip route-cache optimum on the serial interface which has SMDS encapsulation. [CSCdj62042]

TCP/IP Host-Mode Services

The router sets the type of service precedence bits to 0C (internetwork control) in the IP header of telnet packets. Macintosh telnet clients are not able to handle this and they abort the TCP connection.

: This is a change in behavior from the 11.2 mainline code.
: The only workaround is to run IOS other than 11.2(x)P. [CSCdj36238]

Wide-Area Networking

Optimum switching is enabled by default for LANE interfaces. This is supported in 11.3 and in 11.1(16)CA. To turn off optimum switching one can use "no ip route-cache optimum" command on the ATM interface. That would effectively set the switching mode to fast switching for the interface. [CSCdi64260]
VIP requires and does not have a mechanism to determine the health/status of a VIP card. Specifically there needs to be a way to show tech-support, alignment, and logging information. The "show controllers" command should be extended to provide this information like "show controllers vip X COMMAND" where X is the vip slot number, and COMMAND is either tech-support, alignment, or logging. [CSCdj17006]
Conditions Under Which the Problem Occurs: While using Distributed Fast Switching, buffer headers can be stranded in the outgoing VIPs transmit queue when that interface has been taken down. This is more likely to occur when a faster interface is switching to a slower one.

: Symptoms: Ignores/drops may increase on the input interface as it fails to obtain a needed buffer header to switch the packet. The rxcurr on the input interface will also remain above rxlow even when traffic is not arriving on the interface.
: Solution: The VIP will now continue to "drain" the transnit queue of the interface even when it is administratively down. This will allow the buffer headers to be returned to the originating local free queue.
: This may cause the number of drops on outbound interface to jump up when the interface is taken down. However, this behavior is normal as the downed interface will drop any packets sent to it when it is not up. [CSCdj21693]

A VIP2 with an incompatable or unsupported PA in bay0 causes the VIP to be disabled/wedged. The following error message is displayed in this condition:

: %DBUS-3-SW_NOTRDY: DBUS software not ready after dbus_slot_enable(), elapsed 12032, -Traceback= 601D6164 601D6ED8 601E79D8 601E09A0 601903BC 60193480 6011FF34 6012013C %CBUS-3-CCBPTIMEOUT: CCB handover timed out, CCB 0x5800FF30, slot 1 -Traceback= 601E9284 601E7568 601E7AB4 601E09A0 601903BC 60193480 6011FF34 6012013C
: Since the VIP is wedged, valid and supported PA's in slot 1 will be down as well. If a VIP2 is disabled/wedged with this condition:
: 1) Check to make the version of software your running supports this PA type. 2) Reseat the PA's to insure a proper connection is made. 3) Swap the PA's to opposite bays to further isolate the issue. [CSCdj21814]

While debugging distributed multicast, it was noted that get_drq_entries was causing a crashdump. While analyzing the cause, we determined the get_drq_entries algorithm was not safe for recurssion, causing some outstanding cybus errors [CSCdj49417]
The output from the "show diagbus" command has been extended to provide additional information about VIP cards. Under normal circumstances, the image version information for the code running on a VIP will appear in a new boot log section:

: --Boot log begin--
: Cisco Internetwork Operating System Software IOS (tm) VIP Software (SVIP-DW-M), Experimental Version 11.3(19971023:025153) [dtaubert-11_3 123] Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Wed 22-Oct-97 23:06 by dtaubert Image text-base: 0x600108D0, data-base: 0x60150000
: --Boot log end--
: When a VIP experiences problems during initialization that cause the board to be marked as wedged, additional error information may be included here after the image version information. In addition, the existing crash context and error logging mechanisms were extended to provide information when VIP cards are marked as wedged. [CSCdj49779]

If LES/BUS is configured on the cat5k, pulling down one client in the ELAN can affect other clients. This problem happens very rarely. The workaround is to restart the LES/BUS on the cat5k. 3.2(6) fixes this problem. [CSCdj54587]

11.1(14)CA Caveats/11.1(15)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(14)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(14)CA. For additional caveats applicable to Release 11.1(14)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(15)CA.

Basic System Services

When h/w compression is utilized in a 7200 or 7500/VIP2 platform, show compress counters may wrap after 4 billion bytes indicating the wrong compression ratio. A "clear counters" will temporarily remedy this until the counters wrap again. [CSCdi91385]
FDDI ring transitions noticed on the VIP/FDDI level and the RSP level will not be the same . RSP level will be less than or equal to the VIP level due to the dampening effect per the FDDI spec. [CSCdi93209]
With encap isl on a 7206 netflow switching does not report any statistics. [CSCdj11060]
If one person is doing a write mem and another does a show config at the same time, the router may crash. Seems to be same as CSCdi51059. [CSCdj16985]
The source IP address used for netflow data export can change as routes to the collector change. If the collector uses the source address to distinguish between routers, this type of change can make it look like there are two distinct routers. The interface needs to provide a means of configuring the address used to the loopback interface which will not change with route flaps. [CSCdj20571]
IP packet with DF (Don't Fragment) set was fragmented and switched in optimum switching path instead of being dropped and replied with ICMP packet. The workaround is to disable optimum switching and let process level handles the IP fragmenation. With this fix, the workaround is not needed. [CSCdj22469]
On a Cisco RSP7000 or 7500, optimum switching appears to negatively interfere with Frame Relay switching. An IP route cache is created and connectivity between sites is lost. The behavior appears to be sporadic. [CSCdj26122]
The cause of this message is that the IOS is unable to allocate one buffer for core dump subsystem. Normal operations should not be affected, only core dumps. [CSCdj32215]
When memory corruption in malloc or free routine is found, errmsg_mtrace is called to displayed the contents of corrupted memory blocks. The old errmsg_mtrace has a bug so that incorrect information is reported. This is fixed now. [CSCdj49778]

Interfaces and Bridging

A POS configuration command to specify Sectionsub Overhead byte J0 is added. Also, the existing POS configuration commands were modified to be in line with existing commands. Old commands are hidden, and will not be written into NVRAM configuration. If a old style configuration comand is present when booting with IOS release that has this fix, a error message like "Invalid input detected ..." will appear at bootup time. If you have some configuration commands that uses 'old' style syntax, we recommend that it be changed to the 'new' style.

: Old commands: ============
: pos framing-sdh pos specify-c2 pos specify-s1s0 pos internal-clock pos transmitter-delay
: is now changed to these New style:
: pos framing {sdh|sonet} pos flag {c2|j0|s1s0} clock source {internal|line} transmitter-delay [CSCdj06064]

PAs using posted read registers should use different PMA Posted read registers. [CSCdj13511]
MultiChannel Interface Processor (MIP) on Cisco c7000 routers, interface loopback remote command will stays on "remote pending" state after issue. [CSCdj19606]
In rare circumstances, a router containing FDDI VIP2 pa's and configured for source-route bridging, will incorrectly forward an IP packet that contains a RIF field back out onto the same interface that it came. This behavior will result in IP packets "looping" around the FDDI ring until the Time To Live counter reaches 0. To reslove this problem upgrade the router to one of the images that contain the software fix. [CSCdj32518]
When the T3 performance monitoring algorithms enter Unavailable State, as defined in rfc1407, we no longer continue to count Line Code Violations, P-bit Coding Violations and C-bit Coding Violations. Without these counters, it's very difficult to diagnose the cause of the Unavailable State. In addition, the lack of increasing counts may mislead the diagnosis effort into thinking there are no physical/framing problems present.

: Similarly, when the T1 performance monitoring algorithms enter Unavailable State, as defined in rfc1406, we no longer continue to count Line Code Violations and Path Code Violations. [CSCdj45821]

7505 / rsp4 / E1 PA / 11.1.14CA - custom queueing does not seem to work ... [CSCdj47294]
7206 with PA-A1-OC3MM running returns "unknown" to snmp queries for card type and description. This behavior seen with 11.1(9)CA, 11.1(14)CA, and 11.2(8)P

: from snmpwalk (ATM card installed in slot 1, corresponds to index 2 below):
: cisco.temporary.chassis.cardTable.cardTableEntry.cardIndex.1 : INTEGER: 1 cisco.temporary.chassis.cardTable.cardTableEntry.cardIndex.2 : INTEGER: 2 cisco.temporary.chassis.cardTable.cardTableEntry.cardIndex.3 : INTEGER: 3 cisco.temporary.chassis.cardTable.cardTableEntry.cardIndex.4 : INTEGER: 4 cisco.temporary.chassis.cardTable.cardTableEntry.cardIndex.5 : INTEGER: 5 cisco.temporary.chassis.cardTable.cardTableEntry.cardIndex.6 : INTEGER: 6 cisco.temporary.chassis.cardTable.cardTableEntry.cardType.1 : INTEGER: c7200-io1fe cisco.temporary.chassis.cardTable.cardTableEntry.cardType.2 : INTEGER: unknown cisco.temporary.chassis.cardTable.cardTableEntry.cardType.3 : INTEGER: pa-4e cisco.temporary.chassis.cardTable.cardTableEntry.cardType.4 : INTEGER: pa-4r cisco.temporary.chassis.cardTable.cardTableEntry.cardType.5 : INTEGER: pa-4t cisco.temporary.chassis.cardTable.cardTableEntry.cardType.6 : INTEGER: cpu-7200 cisco.temporary.chassis.cardTable.cardTableEntry.cardDescr.1 : DISPLAY STRING- (ascii): I/O FastEthernet cisco.temporary.chassis.cardTable.cardTableEntry.cardDescr.2 : DISPLAY STRING- (ascii): Unknown cisco.temporary.chassis.cardTable.cardTableEntry.cardDescr.3 : DISPLAY STRING- (ascii): Ethernet cisco.temporary.chassis.cardTable.cardTableEntry.cardDescr.4 : DISPLAY STRING- (ascii): Token Ring cisco.temporary.chassis.cardTable.cardTableEntry.cardDescr.5 : DISPLAY STRING- (ascii): Serial cisco.temporary.chassis.cardTable.cardTableEntry.cardDescr.6 : DISPLAY STRING- (ascii): 7206 [CSCdj48073]

IP Routing Protocols

A routing node is removed from the IP cache Radix tree and then the buffer is freed, but somehow it can still be traversed from the treetop and cause a crash (access after free). [CSCdj17314]
Router will crash when it tries to flood bootp request packets that have been reassembled by the router.

: The workaround (cumbersome, but will work) is ensure that bootp packets are not fragmented either by the bootp client or somewhere along the way. [CSCdj25137]

When re-configuring route reflectors clients peer-groups without making any change (typically cut/paste) a reset of all peers within the group occurs. [CSCdj25866]
After aggregate-address x.x.x.x x.x.x.x summary-only is configured, the same command without "summary-only" will not unsuppress the more specifics of the aggregate.

: A work around is to negate the whole aggregate-address command first. [CSCdj42066]

If a peer-group is not configured with the "soft-reconfiguration in", then members of the peer-group will not have this command in nvgen even if they are individually configured with the command. Thus, the command will be lost with router reload.

: A work around is to re-confgiure this command after a reload. [CSCdj43966]

Wide-Area Networking

When using the show diagbus command, the minor version number in the "HW rev" field for VIP port adapters displays in hexadecimal rather than decimal. For example, HW rev 1.10 would display as HW rev 1.A. [CSCdi65281]
When using VIP2 based interface processor on a 7500 under high load or during an OIR event, A cybus error might sometimes spuriously occur and indicate:

: %RSP-3-ERROR: CyBus0 error 10 %RSP-3-ERROR: command/address mismatch %RSP-3-ERROR: bus command write 2bytes (0xD) %RSP-3-ERROR: address offset (bits 3:1) 0 %RSP-3-ERROR: virtual address (bits 23:17) 000000 %RSP-3-ERROR: MEMD parity error condition %RSP-2-QAERROR: reused or zero link error, write at addr 0100 (QA) log 22010000, data 00000000 00000000 %QA-3-DIAG: Failed to enqueue buffer header 0x0 %QA-3-DIAG: Approximate stack backtrace prior to interrupt: %QA-3-DIAG: -Traceback= 60100DA4 601CD870 6019B980 %CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF50, slot 3, cmd code 2 -Traceback= 601F1234 601F1544 601EAF90 601F4A6C 600583C8 60137D38 601232E0 6012348C 601338E0 601338CC
: The cybus will reset all interfaces and cause routing protocol and spanning tree updates to occur. [CSCdi80769]

VIP2 log messages are currently displayed in the format "VIP23-1-MSG:", where the number after VIP2 indicates the slot of the card generating the message, the center number is the severity, and the third component is the type of error. The new format is "VIP2-1-MSG: slot3" which more clearly identifies the slot number. [CSCdj31248]
A 7500 router crash may occur after online insertion of a VIP with a FDDI PA. [CSCdj37841]
This problem has two ways of manifesting itself. First is when ATM-lite is the 3rd of the three fast PAs on a NPE-150, it's rx pool will be forced to operate out of DRAM. And the second is when ATM-lite is running in a NPE-100, where it's designed to operate out of DRAM.

: The problem behaves in such way that sometimes, packets that are to be handled at the process level will end up in wrong queues. For instance, a routing packet could end up in a SSCOP queue, or a LANE queue, causing the SSCOP or LANE to operate abnormally and sometimes resulting in the interface flapping. [CSCdj46634]

11.1(13)CA Caveats/11.1(14)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(13)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(13)CA. For additional caveats applicable to Release 11.1(13)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(14)CA.

Basic System Services

Flow and optimum switching don't demux FR or ATM VCs to the appropriate subinterface, causing packets to be fast switched when input access lists are configured on subinterfaces. [CSCdj12543]
Show ip int does not always show the state of flow and distributed switching. [CSCdj16071]
For 11.1 CA images the SNMP sysDescr string exceeds 255 characters in length. Some NMS platforms may have difficulty with sysDescr strings this long. [CSCdj25961]
On RSP-based platforms, the following error may occur, indicating a problem with a hardware enqueue:

: %RSP-2-QAERROR: reused or zero link error, write at addr 00C0 (QA) log 2600C040, data 00070000 00000000
: This message may be followed by the following error and a crash:
: Unexpected exception, CPU signal 10, PC = 0x601C4658
: This message is caused by a memory access problem in the diagnostic code handling the original QA error. [CSCdj29751]

In certain cases, packets which saw a optimum cache miss and an input access list failure could cause another packet to be corrupted. [CSCdj44697]

IBM Connectivity

When doing source route bridging, specifically routed or directed frames will have 4 bytes appended to the frames.

: The workaround is to turn off fastswitching. [CSCdj42984]

Interfaces and Bridging

If there is an attempt to report status by the MIP just as the memory recarving is being done during reboot, this message will appear. No workaround is needed, and the message is benign, since during the rest of the subsequent reboot, all MIP statistics will be cleared anyway. [CSCdi63580]
Call setup failures with AIPREJCMD & AIP-3-FAILCREATEVC messages on ATM Lite PA(VIP). The problem is currently being investigated and a resolution will be available in the near future. [CSCdj25270]
The clockrate command cannot be removed from interface configuration. Router put the default clockrate to 1200. [CSCdj25502]
Workaround: Disable FDDI full duplex then enable FDDI full duplex.

: For example, int fddi 6/0/0 no full full [CSCdj26471]

When more than 10 consectutive P-bit Severely Errored Seconds (PSESs) are received on the DS3, the CT3IP does not properly enter unavailable state as defined in rfc1407. When the PSESs desist, the counters are left in undefined states. [CSCdj26801]
The external/test port status display, shown in the output from "show cont t3" is not reliable. It may show:

: Ext1: OK, Ext2: OK, Ext3: OK, Test: OK
: regardless of their real state.
: If the state of any port changes sometime after booting, then all four will then display their actual state. But if no such change happens, they will remain stuck at OK, OK, OK, OK, regardless of their actual state. [CSCdj29082]

In order to better diagnose T1 provisioning problems, it is now possible to place the remote SmartJack into loopback. Previously, only the remote CSU could be placed into loopback. As a result of this limitation, wiring problems between the remote SmartJack and the remote CSU were difficult to diagnose.

: There are now two options under the "loop remote line fdl" interface config command that allow you to place either the CSU or the SmartJack into loopback:
: Bowl(config-if)#loop remote line fdl ? ansi Per ANSI T1.403 Spec. (remote CSU) bellcore Per TR-TSY-000312 Spec. (remote SmartJack)
: One further note, when both are configured, transmission of LOF indication (aka yellow alarms) takes priority over transmission of some FDL messages.
: If the remote loopback appears not to be working, use the "show cont t3 0/0/0:n" command to determine if the given T1 is currently attempting to transmit a LOF indication (yellow alarm):
: Bowl#show cont t3 0/0/0:2 T3 0/0/0 is up. CT3 H/W Version: 5, CT3 ROM Version: 1.2, CT3 F/W Version: 2.5.9 Mx H/W version: 2, Mx ucode ver: 1.34
: T1 2 is down, speed: 1536 kbs, non-inverted data timeslots: 1-24 FDL per AT&T 54016 spec. Transmitter is sending LOF Indication. <------- YES Receiver is getting AIS.
: If so, as in the case above, inhibit the transmission of the LOF indication (yellow alarm) with the "no t1 yellow generation" config command as follows:
: Bowl(config-if)#cont t3 0/0/0 Bowl(config-controlle)#no t1 2 yellow generation
: Having done that, "show cont t3 0/0/0:n" should now show:
: Bowl#show cont t3 0/0/0:2 T3 0/0/0 is up. CT3 H/W Version: 5, CT3 ROM Version: 1.2, CT3 F/W Version: 2.5.9 Mx H/W version: 2, Mx ucode ver: 1.34
: T1 2 is down, speed: 1536 kbs, non-inverted data timeslots: 1-24 FDL per AT&T 54016 spec. Receiver is getting AIS. Framing is ESF, Line Code is B8ZS, Clock Source is Internal. Yellow Alarm Generation is disabled <---------
: Now retry the remote loopback command. When diagnosis is complete, remember to re-enable yellow alarm generation. [CSCdj29185]

"show diag" does not display the atm lite port adapter board type (single mode or multimode). [CSCdj29690]
This ddts is caused by a timing problem in the microcode so that the sw driver and microcode get out of sync. When the problem occurs, you will see output stuck or interface flapping if the keep alive timer is configurated. This ddts will affect 4T+, 8T and CT3 PAs. [CSCdj29805]
The router will not respond to ARP's correctly when bridging IP on a channelized T1 interface . Therefore, telnets to and from the router will fail. [CSCdj31285]
The atm lite port adapter's pci bus latency timer value is too small which may causes some inefficiency on the pci bus utilization on vip2. [CSCdj32880]
Data corruption is not been found on CT3IP. However, the 4 channel Mueslix ucode version 1.30 which CT3IP were used may cause data corruption.

: No workaround available. [CSCdj33491]

When a vc creation fails because the maximum number of VP's are used up, it wastes the the VCD being used and does not recycle it. And that VCD remains unusable afterwards. [CSCdj34424]

IP Routing Protocols

A spurious memory access can occur when switching from flow switching to process switching using the no ip route-cache command and then back to flow switching using the ip route-cache flow command. [CSCdj08350]
Private ASNs are not removed by the neighbor option in BGP if the AS path length is more than one.

: This problem occurs when the AS_PATH has been created by using . The fix should be applied to the router originating the prefix, not the one stripping the private ASNs. [CSCdj19299]

When configuring route-maps with set community, the sequence of the community strings have an impact on what the parser store in the config. If you specify well-known communities at the begin of the string they will override the rest. Problem happens with all 11.1 and 11.1CA images. [CSCdj24387]
When service password-encryption and BGP neighbor passwords are configured, TCP resets for the neighbor connections will contain invalid MD5 signatures. When this happens, the recipient of the reset will log the following error message:

: %TCP-6-BADAUTH: Invalid MD5 digest from :179 to :11256 (RST) [CSCdj25706]

This will let a route-reflector-client peer with RRs of more than one clusters and thus break away from the heirarchical topology. This is used in tie-breaking between the paths which are common upto and including IGP metric. [CSCdj28525]
ALIGN-3-SPURIOUS messages may occur if the BGP SNMP MIB is polled when BGP is not configured. This error is cosmetic and will not affect the operation of the router. [CSCdj32320]
Currently all packets denied by an access list are sent to the process level to generate an ICMP administratively prohibited message. Some of these packets are dropped because Cisco routers limit ICMP generation to two packets per second. This behavior results in excessive CPU load. [CSCdj35407]

Novell IPX, XNS, and Apollo Domain

When incoming IPX packet's encapsulation is smaller than the outgoing IPX/LANE encapsulation, the packets fastswitched will be truncated. This results in some IPX packets fastswitched over LANE to be invalidated by the next hop. Process switched IPX packets over LANE don't have this problem. [CSCdj31950]

Wide-Area Networking

Back to back branch instructions can cause unpredictable things to happen with the mips processor. As one was found in the no_throttling() function, a nop was inserted to avoid possible problems. [CSCdj29854]

11.1(12)CA Caveats/11.1(13)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(12)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(12)CA. For additional caveats applicable to Release 11.1(12)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(13)CA.

Basic System Services

When asymetrical compression algorithms are configured ie, "compress stac" on one router and "compress predictor" on another, both routers can crash or lock up. Realizing that the migration to stac from predictor will encounter this problem, the workaround is to shut the interfaces, change compression algorithms on both ends, then start up or "no shut" the interfaces. [CSCdj13405]
The time since last statistics clearing displayed in show ip cache flow could sometimes be inaccurate. [CSCdj14560]
The size of the memory used for the netflow cache is shown incorrectly in show ip cache flow. [CSCdj17950]
In RSP-based platforms, the following error may be printed with no accompanying diagnostic information:

: %RSP-2-QAERROR: reused or zero link error, write at addr 0100 (QA) log 220100BB, data E9603440 E9603440
: See bug CSCdj11175 for more information on the error message itself. This bug number tracks the lack of diagnostics only. [CSCdj19653]

Operational impact: no change to existing images. This change repackages L2 cache code for compatibility with VIP3, which requires both the galileo cache and the R5K on-chip cache. [CSCdj19664]
With certain traffic netflow switching can cause a loss of MEMD buffers resulting in interface hangs. [CSCdj19970]
A new global configuration command was added to configure the size of the netflow cache. The format for the command is:

: ip flow-cache entries <# entries> [CSCdj21538]

When channelized interfaces were present in a router, the SNMP indices exported by netflow could be incorrect. [CSCdj23329]

Interfaces and Bridging

The ATM-lite's CRC error could happen as a result of receive FIFO overrun. The CRC error happened in this way is re-distributed to "abort" error counter periodically. This gives an impression that the CRC counter is fluctuating. With this fix, the CRC counter only reports the real CRC errors caused by bit corruption and so on. The input packet error caused by overrun continues to be reported in the "abort" counter and will never show up on the CRC counter. [CSCdj06050]
When a shutdown is issued on an ATM-lite interface while it's transmitting large packets (>512 bytes) at a high rate, there is a chance that it will crash the router. Similarily, when a shutdown is done while it's receiving traffic, there is a chance it will lose some buffers. [CSCdj09796]
This bug is caused by the 8T and 4T+ on the VIP could not send out a dial string. The fix was committed and it should me available at 11.1(13)CA and 11.2(8)P. Without the fix, the above synchronous interface (on VIP) can not support Dial on Demand feature. [CSCdj12144]
When using diagnostic loopbacks on CT3 t1 channels (i.e. looped back at the hdlc controller) overruns and ping failures may be observed, because the data is being loop backed at much higher data rates then intended.

: Workaround: use "loop local" instead (i.e. loop the data back at the t1 framer chip). This provides identical functionality from the user's point of view, and correctly clocks the looped data at t1 rates.
: The "loop diagnostic" option will be decommmissioned. [CSCdj18768]

When putting the T3 controller into local loopback mode, "loop local" will be generated in running-config other then just "loop" keyword.

: It dose not change any loopback behavior. [CSCdj18771]

OVERVIEW: This update provides information on bug fixes for the CT3IP available in the 11.1(12)CA1 IOS software release. Becasue of these fixes, 11.1(12)CA1 will be the minimum IOS for new CT3IP orders.

: PROBLEMS: 1. Problems with packet error accounting. Ignores on the CT3IP were regularly being counted as overruns. Incorrect error accounting can lead to erroneous information on network status being provided to network operations personnel.
: 2. Packet handling errors: In lab tests Cisco engineers discovered a latent bug in the CT3IP that can result in abnormal packet handling under unusually severe operating conditions. While Cisco is taking preemptive action to correct this bug, Cisco does not expect this bug to manifest itself in operational networks.
: SOLUTION: Cisco suggests that customers who:
: - are sensitive to error accounting accuracy OR - regularly run the CT3 above 80Kpps on average per direction,
: upgrade to IOS 11.1(12)CA1 available on CCO now. [CSCdj23299]

The OutPkts and InBytes per vc statistics counter shown by the show atm vc command is wrong. [CSCdj24569]
The Internal Clock of ATM-lite is not initialized properly. This cause loopback ping to fail because neither end is providing clock. [CSCdj24890]

IP Routing Protocols

A BGP router running experimental code and configured using the soft configuration feature may accept a path with its own autonomous system. [CSCdj11588]
Using the show ip bgp neighbors address adv with the route-map deny community command does not work. [CSCdj16922]

Wide-Area Networking

Please note that this bug was committed to 11.2P but was _not_ committed to 11.2 mainline because of the significant differences between those branches with respect to SVIP distributed switching. [CSCdj02247]
VIPs may become disabled wedged during power up, bootup, cybus complex resets, microcode reload, etc.

: The problem does not occur in 11.1 Mainline. It does occur in all 11.1CA releases preceding 11.1(12)CA. It is fixed in 11.1(12)CA.
: Please also see CSCdj21639 Moving PMA Posted Read Software Fix for more information on subsequent (i.e. post 11.1(12)CA) modifications to resolve this problem. [CSCdj02993]

It was found that the DRQ was becoming corrupted as a result of recursive invocation of drq_io (IPC packet passed to IPC code via dtq_consumer could result in a packet being returned via drq). drq_io was made safe for recursion. [CSCdj17845]
With changes made for CSCdj17845 (recursive drq_io allowed), it became possible for QE to start work on a DRQ transfer entry, only to have the kernel code later change that entry. Solution is to write transfer entry after all other data entries. [CSCdj24827]

11.1(11)CA Caveats/11.1(12)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(11)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(11)CA. For additional caveats applicable to Release 11.1(11)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(12)CA.

Basic System Services

The index used by netflow data export for unroutable flows or flows destined for the router was 0xffff, which is a legal SNMP index. Netflow now uses 0x0000 for these cases. [CSCdj14607]
Optimum and flow switching were not being allowed on interfaces with input access lists. Packets were fast switched instead. [CSCdj16156]
sh diag output is jumbled with VIP2/FDDI PAs

: Output from "sh diag":
: ... ...
: PA Bay 0 Information: FDDI PA, 1 portsPA-F-MM EEPROM format version 1 HW rev 1.D, Board revision A0 Serial number: 04759259 Part number: 73-1558-05 ... ...
: When FDDI PA are displayed, between "1 port" and "PA-F-MM" are missing a comma "," and a space. [CSCdj16873]

The packet counts in show ip cache flow could show up as a negative number after a large number of packets were switched. [CSCdj17100]

Interfaces and Bridging

The total_vc counter in the show controller of atm-lite interfaces does not go down when a vc is removed. [CSCdj06198]
When there is another Port Adapter (could be another FDDI FDX PA) besides the FDDI FDX PA in the same VIP2, the PA could

: 1) takes a long time or forever to go into FDX operation, 2) after goes into FDX operation, falles out of FDX mode for no good reason, 3) sees lots of claims at the interface
: Without the fix, the workaround is to have FDDI FDX PA only in one VIP2, leave the other bay empty. [CSCdj11249]

On a 7206 running version 11.1.10.4 CA1 when ipx route-cache is enabled on an interface clients are unable to connect to novell servers through the router. When ipx route-cach is disabled they are able to connect. [CSCdj11354]
Although not explicitly configured, pos specify-c2 207 shows up in the configuration. [CSCdj12946]
Under stress condition, when OIR another interface process card in the same system, the VIP2 with atm lite port adapter reloads. During the reload period, the atm interface is down and cannot transmit or receive packets. [CSCdj13110]
When using access list and distributed flow switching on VIP2, error may occur due to some data in the cache is not invalidated properly. The fix is to adjust the alignment of the receive data structure so the data cache is always invalidated for a newly received packet. [CSCdj13118]
7500 can only support 12 FDDI interfaces. [CSCdj13377]
When an INARP vc is configured when the atm-lite interface is in a shutdown state, then after the interface is brought up, there is a chance that it will crash the router when the next time an INARP packet is received. [CSCdj17858]
Selecting line (recovered) clocking on the CT3's t1 #23 does not work. There is no known workaround, other then to not do it, i.e. always use internal clocking on t1 #23. Depending on what equipment is at the remote end, this workaround may cause the remote end to slip.

: This is fixed in CT3 f/w version 2.2.0. To determine your current CT3 f/w version, use the "show cont t3" exec command:
: CT3 H/W Version : 5, CT3 ROM Version : 1.2, CT3 F/W Version : 2.2.0 ^^^^^
: must be 2.2.0 or greater in order to use line clocking on t1 #23.
: Other t1s are not affected. [CSCdj18588]

IP Routing Protocols

If a router is running out of memory while running OSPF, OSPF does not check to see if one of its structures has been properly allocated. This may result in a SegV exception, thus causing the router to reload. [CSCdi64972]

Wide-Area Networking

When AAL5 packets received by the ATM-Lite are of size that is near the multiple of buffer size boundary (480 bytes), the driver will potentially misadjuct the AAL5 trailer bytes and pass along packets of exccessive bytes. [CSCdj16672]

11.1(10)CA Caveats/11.1(11)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(10)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(10)CA. For additional caveats applicable to Release 11.1(10)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(11)CA.

Basic System Services

A second flow data export record format was added to include source and destination prefix mask bits, the AS of the source and destination ip addresses and an export packet sequence number.

: The ip flow-export command was extended to allow selection of either export record format version 1 or 5 and whether to use origin or peer AS. The new command format is: ip flow-export [version 1] for version 1 records or ip flow-export version 5 [origin-as | peer-as] for version 5 records.
: The version field is the first two bytes of export record and can be used to determine if an export datagram contains version 1 or 5 records. The number of records stored in the datagram is variable and between 1 and 24 for version 1 and between 1 and 30 for version 5.
: The version 5 format is described by: #define MAX_FLOWS_PER_V5_PAK 30
: typedef struct { ushort version; /* Current version */ ushort count; /* The number of records in PDU. */ ulong SysUptime; /* Current time in millisecs since router booted */ ulong unix_secs; /* Current seconds since 0000 UTC 1970 */ ulong unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ ulong flow_sequence; /* Seq counter of total flows seen */ ulong reserved; } FlowStatHdrV5;
: typedef struct { ipaddrtype srcaddr; /* Source IP Address */ ipaddrtype dstaddr; /* Destination IP Address */ ipaddrtype nexthop; /* Next hop router's IP Address */ ushort input; /* Input interface index */ ushort output; /* Output interface index */
: ulong dPkts; /* Packets sent in Duration */ ulong dOctets; /* Octets sent in Duration. */ ulong First; /* SysUptime at start of flow */ ulong Last; /* and of last packet of flow */
: ushort srcport; /* TCP/UDP source port number or equivalent */ ushort dstport; /* TCP/UDP destination port number or equivalent */ uchar rsvd; uchar tcp_flags; /* Cumulative OR of tcp flags */ uchar prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ uchar tos; /* IP Type-of-Service */ ushort src_as; /* originating AS of source address */ ushort dst_as; /* originating AS of destination address */ uchar src_mask; /* source address prefix mask bits */ uchar dst_mask; /* destination address prefix mask bits */ ushort pad; } IPFlowStatV5;
: typedef struct { FlowStatHdrV5 header; IPFlowStatV5 records[0]; } IPStatMsgV5; [CSCdi62492]

Compression ratio may indicate 0.000 when a large percentage of packets are process switched. This is limited to PPP hardware compression using the CSA on the 7200 and an 11.1(6)CA thru 11.1(10)CA image. [CSCdj11586]
Encapsulation Frame-relay cisco is fast-switching. The workaround is to use encapsulation frame-relay ietf. [CSCdj11883]
The interface config command "no ip route-cache flow" on RSPs and 7200s would not reenable the default optimum switching. [CSCdj13424]

Interfaces and Bridging

In 11.1(8)CA images and later, when transparent bridging is configured on the c7200 platform, a system reload can happen under heavy loads. The error message issued by the system will indicate a bus error due to an illegal access to a low address. [CSCdj14850]

IP Routing Protocols

Internal BGP, which uses confederations is seeing an apparent routing loop. The two routers involved are running different IOS images. [CSCdj08110]
RSP2 reload at bc_odd_src_dst [CSCdj11540]

ISO CLNS

Under certain circumstances ISIS can install a recursive route in the routing table. This route will not be removed by ISIS anymore. ISIS should never install recusrive routes, so this behaviour can lead to suboptimal routing.

: One of the reasons why this can happen is when two adjacenct routers are misconfigured with IP addresses on directly connected interfaces that are not taken from the same prefix.
: The workaround for this problem is to configure matching interface IP addresses. The wrong route can be removed with the "clear ip route a.b.c.d" command.
: Be carefull, the fix for this problem causes the crash reported and fixed in CSCdj21555 (Watchdog crash after ISIS list inconsistencies). Make sure you run software that includes this fix. [CSCdj03684]

The command "show isis spf-log" is enhanced to include the the LSP id of the last LSP that caused a full spf calculation. This is done for the triggers NEWLSP, LSPEXPIRED, LSPHEADER, TLVCODE and TLVCONTENT. When multiple LSPs changed, only the last one that arrived at the router will show up in the log. Example output:

: tomyum#show isis spf-log
: Level 1 SPF log When Duration Nodes Count Last trigger LSP Triggers 00:49:31 0 2 11 THOMKHAKAI.00-00 NEWADJ NEWLSP 00:49:26 4 5 2 PADTHAI.00-00 TLVCONTENT 00:47:46 4 6 2 PADTHAI.04-00 NEWLSP TLVCONTENT 00:47:30 4 5 1 PADTHAI.00-00 TLVCONTENT 00:34:36 0 5 1 PERIODIC 00:30:49 0 2 3 TOMYUM.03-00 IPBACKUP TLVCONTENT 00:30:31 4 5 4 TOMYUM.03-00 NEWADJ TLVCONTENT 00:19:37 0 5 1 PERIODIC 00:04:36 4 5 1 PERIODIC [CSCdj07248]

11.1(9)CA Caveats/11.1(10)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(9)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(9)CA. For additional caveats applicable to Release 11.1(9)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(10)CA.

Basic System Services

In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]
On RSPs, the interface indices reported in the flow data export records used a number which differed from the SNMP index. On 7200s, the interface indices were 0. [CSCdi74357]
Access lists on the AIP might disable optimum switching. [CSCdi90600]
The TOS field in the netflow data export records was not being correctly set. [CSCdi91870]
In certain cases of high netflow switched traffic, performance could drop off steeply. [CSCdi91872]
An error in the command structure would allow meaningless show ip cache commands like "show ip cache flow cbus optimum" to be entered. [CSCdi93093]
A new command was added to allow for the clearing of the ip flow cache statistics. The new command is "clear ip flow stats". [CSCdj03165]
SYS-2-MALLOCFAIL traceback pointed to wr net [CSCdj03198]
A timing window within ccp_up could cause the router to crash if a packet gets sent to the hardware or distributed compressor while CCP is coming up. [CSCdj12504]

Interfaces and Bridging

Router with VIP controller containing PA-4R module displays the following error messages:

: > %IPC-5-SLAVELOG: VIP-SLOT1: > SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=643BDAA4, count=0 > %IPC-5-SLAVELOG: VIP-SLOT1: > Traceback= 6420B87C 642DF428 642E570C 642DCD48 > %IPC-5-SLAVELOG: VIP-SLOT1: > SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=643BDAA4, count=0 > %IPC-5-SLAVELOG: VIP-SLOT1: > Traceback= 6420B87C 642DF428 642E570C 642DCD48
: No effect on network traffic was reported. [CSCdi80758]

Multiring IP/IPX is not functional on Cisco 7200 Fddi interface. There is no workaround. [CSCdi85841]
Improved CT3 external ports AIS/LOS displays.

: The following line has been added to the output of "show cont t3"
: Ext1: LOS, Ext2: LOS, Ext3: LOS, Test: OK
: This line reveals the linestatus of each of the 4 t1 ports (External1, External2, External3 and the Test port, respectively).
: For each of the four ports, the current linestatus will be displayed as one of the following strings:
: LOS - Loss of signal (to be expected when nothing is connected to that external/test port)
: AIS - Alarm Indication Signal, the port is receiving an all-ones signal
: OK - A valid signal is being received, and the signal is not an all-ones signal
: Note that the display is relevant regardless of whether or not that external/test port is currently configured. This enables the user to determine if the external device connected to the t1 port is correctly configured and cabled, before breaking out a t1 signal to it. [CSCdj01045]

Enhanced CT3 performance report display.

: router#sh controllers t3 3/0/0 ? : ':' followed by T1 number brief List only a brief T3/T1 information remote Far end tabular List T3/T1 information in tabular format <== New command [CSCdj01085]

CT3 BERT test result "Bits Received : x Mbits" will display incorrect value. [CSCdj02288]
"show controller fddi" or "show controller pos" will also shows t3 controller internal state. No work-around available. [CSCdj02747]
The pos interface specific configuration commands pos specify-s1s0 and pos specify-c2 do not work correctly. [CSCdj09646]

IP Routing Protocols

RSP7000 reload (bus error) at ipfrag_fail_bufhdr [CSCdi87202]
The user may see the error messages

: %SYS-2-NOBLOCK: idle with blocking disabled -Process= "TCP Listener", ipl= 0, pid= 40 %SYS-2-BLOCKHUNG: Task hung with blocking disabled, value = 0x1 -Process= "TCP Listener", ipl= 0, pid= 40
: when running BGP. Certain BGP related SNMP traps may be lost. [CSCdi89683]

IP transmit accounting not done for wfq/backing-store packets [CSCdj02741]
IP network precedence not set for telnet nor icmp [CSCdj04125]
show ip cache optimum, show ip cache flow and show ip cache cbus now only appear on platforms which support these cache mechanisms. [CSCdj04867]
%ALIGN-3-SPURIOUS: Spurious memory access at route_map_ip_check [CSCdj06528]

11.1(8)CA Caveats/11.1(9)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(8)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(8)CA. For additional caveats applicable to Release 11.1(8)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(9)CA.

Basic System Services

Operational impact: implements TEST RSP CACHE SECONDARY command, with the following formats:

: TEST RSP CACHE SECONDARY ENABLE TEST RSP CACHE SECONDARY DISABLE [CSCdi76436]

Operational impact: precludes possible errors in 7200 and VIP images due to inclusion of c4700 values in platform header files. [CSCdi83643]
Operational impact: none. [CSCdi83645]
After OIR CT3IP, interface counters are incorrectly counted. It result shows incorrect number of serial interfaces. [CSCdi85865]
Operational impact: none. [CSCdi90513]
Operational impact: Provides system-image compatibility with RSP4-compatible ROMMON file-system code. Allows interchange of flash-card file systems between RSP1/2/4. [CSCdi90552]

Interfaces and Bridging

CT3IP Phase 2 features: . Fractional T1 . 56K support . 3 T1 port support and external T1 test port support . smds and frame relay encaps . performance monitoring local - with show controlller t3 . full OIR support . FDL loopbacks . FDL perf monitoring - rfc1406 and rfc1407 . SNMP MIB support . flow control . queueing (wfq, priority) . BERT . MDL [CSCdi88683]
Spelling Correction on CT3IP controller command help text.

: router(config-controller)#t1 1 framing ? esf Extended Superframe Framing format sf Superframe Framing Format [CSCdi88969]

Change CT3IP CT3_FIFO_PREFILL value from 4 to 8. [CSCdi89860]
CT3 module code cleanup (Remove unused defines). [CSCdi91652]

IP Routing Protocols

When using BGP, prepending autonomous system paths using an incoming route map can cause a memory shortage in the router. The workaround is to use other methods, for example, setting the neighbor weight, to influence path selection. [CSCdi84419]

Wide-Area Networking

The algorithm to allocate particles for use by the VIP kernel transmitter was modified to use memory size as a parameter. The cache used to hold these particles needs to be dynamically allocated instead of being fixed size. The results of cache overflow are corruption of DRAM data structures. [CSCdi85178]

11.1(7)CA Caveats/11.1(8)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(7)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(7)CA. For additional caveats applicable to Release 11.1(7)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(8)CA.

Basic System Services

High CPU utilization is seen on RSP systems, but there is not indication of which process is causing this problem. [CSCdi77519]

IBM Connectivity

When using APPN/DLUR and starting and stopping many sessions to downstream dependent LUs, the router may stop with a bus error at ndr_queue_handler. [CSCdi52377]
When a user writes a previously configured APPN configuration, and then reloads it, the following message may be displayed for each link station defined:

: dlur-dspu-name > % Incomplete command.
: This message, while a nuisance, does not cause any problems. [CSCdi76709]

Interfaces and Bridging

If a CT3 t1 timeslot is configured, but the corresponding interface is shutdown, the alarm status as displayed in "show cont t3" output cannot be relied on.

: For example,
: Bowl(config-if)#int s0/0/0:1 Bowl(config-if)#shut
: Then...
: Bowl#show cont t3 ....
: T1 1 is down, speed: 1536 kbs, non-inverted data timeslots: 1-24 No alarms detected. <----- not reliable when interface is shutdown [CSCdi83613]

The step to reproduce this 1. Shutdown the interface. 2. Remove this corresponded T1 with the command "no t1 <1-28> timeslots 1-24" 3. Create the T1 again with the command "t1 <1-28> timeslots 1-24.

: Result: The interface will not come up.
: Work around: Manually do a "no shut" on the interface. [CSCdi83681]

IP Routing Protocols

When using MED information that is learned from multiple providers, the sequence in which BGP prefixes are installed in the BGP table could cause BGP to pick the wrong path. [CSCdi69580]
The BGP route-map set metric will always set MED to zero. [CSCdi83759]

11.1(6)CA Caveats/11.1(7)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(6)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(6)CA. For additional caveats applicable to Release 11.1(6)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(7)CA.

A MIP interface with more than 64 kbps (more than 2 time slots) may need to be tuned with more tx-limit than the default if the interface is experiencing output stuck.

A MIP interface with more than 64 kbps (more than 2 time slots) may need to be tuned with more tx-limit than the default if the interface is experiencing output stuck. The tx-limit can be tuned with tx-queue-limit interface configuration command. In general, the tx-limit should be tuned just to support the interface line rate. This normally can be achieved by the formular - tx-limit = (default tx-limit) * (no of time slot). After the tx-limit is tuned, it is recommended to reload the router. [CSCdi70535]

11.1(5)CA Caveats/11.1(6)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(5)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(5)CA. For additional caveats applicable to Release 11.1(5)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(6)CA.

Interfaces and Bridging

SRB is now supported over Fddi on 7200 platforms. [CSCdi68351]

11.1(4)CA Caveats/11.1(5)CA Modifications

This section describes possibly unexpected behavior by Release 11.1(4)CA. Unless otherwise noted, these caveats apply to all 11.1 CA releases up to and including 11.1(4)CA. For additional caveats applicable to Release 11.1(4)CA, see the caveats sections for newer 11.1 CA releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.1(5)CA.

Basic System Services

Interrupt-level IP fragmentation is not supported. [CSCdi60461]

Table of Contents