Release Notes for the Cisco 4000 and Cisco 4000-M for Cisco IOS Release 11.2

December 9, 1997

These release notes describe the new features and significant software components for the Cisco 4000 and Cisco 4000-M for Cisco IOS Release 11.2(10).

Introduction

These release notes discuss the following topics:

• Cisco IOS Release 11.2 Paradigm, page 2

• Cisco 4000 Series Routers, page 3

• Interfaces Supported on Cisco 4000 Series Routers, page 3

• Cisco IOS Documentation, page 4

• New Features in Release 11.2 for the Cisco 4000 and 4000-M, page 6

• Cisco IOS Feature Sets for Cisco 4000 Series Routers, page 21

• Upgrading to a New Software Release, page 27

• Memory Requirements, page 27

• Caveats for Release 11.2(1) Through 11.2(10), page 28

• Caveats for Release 11.2(1) Through 11.2(9), page 43

• Caveats for Release 11.2(1) Through 11.2(8), page 49

• Caveats for Release 11.2(1) Through 11.2(7), page 55

• Caveats for Release 11.2(1) Through 11.2(6), page 60

• Caveats for Release 11.2(1) Through 11.2(5), page 64

• Caveats for Release 11.2(1) Through 11.2(4), page 70

• Caveats for Release 11.2(1) Through 11.2(3), page 74

• Cisco Connection Online, page 78

Cisco IOS Release 11.2 Paradigm

Before Cisco IOS Release 11.2, maintenance releases of major Cisco IOS software releases were used to deliver additional new features. Beginning with Cisco IOS Release 11.2, Cisco Systems provides as many as two software release "trains" based on a single version of Cisco IOS software. Similar to a train rolling down the track and picking up passengers, after a release of Cisco IOS software is released to customers, it continues to pick up software fixes along the way and is rereleased as maintenance releases. Maintenance releases provide the most stable software for your network, for the features you need. In addition to the major train, there is typically an early deployment (ED) train. The ED train--Release 11.2 P--delivers fixes to software defects and support for new Cisco platforms. Figure 1 shows the Cisco IOS Releases 11.2 and the 11.2 P software releases.

Figure 1:

Cisco IOS Release 11.2 Software Releases

Cisco 4000 and Cisco 4000-M series routers support two releases of software--Release 11.2 and 11.2 P. Here are the basic underlying differences between the two releases of software:

• Release 11.2 includes the following:

  • All the functionality of each feature set as described in Table 1 and Table 2

  • The new features in the section "New Features in Release 11.2"

  • All the software caveats/modifications for Release 11.2 for each maintenance release of software

• Release 11.2 P includes the following:

  • All the functionality of one feature set as described in Table 1 and Table 2

  • The new features in the section "New Features in Release 11.2(1)"

  • All the software caveats/modifications for Release 11.2 for each maintenance release of software

To determine which version of Cisco IOS software is running on your Cisco 4000 series router, log on to the router and enter the show version User EXEC command, as shown below:

router> show version
Cisco Internetwork Operating System Software
IOS (tm) 4500 Software (C4500-J-M), Version 11.2(10), SHARED PLATFORM,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Tue 11-Feb-97 19:32 by tamb
Image text-base: 0x600088A0, data-base: 0x607A4000
ROM: System Bootstrap, Version 5.3(10) [tamb 10], RELEASE SOFTWARE (fc1)
ROM: 4500 Bootstrap Software (C4500-BOOT-M), Version 10.3(10), RELEASE
SOFTWARE (fc1)
4700 uptime is 2 minutes
System restarted by reload
System image file is "flash:c4500-j-mz.112-4.P", booted via flash
cisco 4700 (R4K) processor (revision D) with 16384K/4096K bytes of memory.
Processor board ID 03755623
R4700 processor, Implementation 33, Revision 1.0 (Level 2 Cache)
G.703/E1 software, Version 1.0.
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
TN3270 Emulation software (copyright 1994 by TGV Inc).
6 Ethernet/IEEE 802.3 interface(s)
2 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
4294967294 terminal line(s)
128K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
4096K bytes of processor board Boot flash (Read/Write)
Configuration register is 0x0

Cisco 4000 Series Routers

The Cisco 4000 and Cisco 4000-M routers are supported by Cisco IOS Release 11.2:

Interfaces Supported on Cisco 4000 Series Routers

This section identifies the LAN and WAN interfaces supported on Cisco 4000 series routers.

The following LAN interfaces are supported:

• Ethernet (AUI)

• Ethernet (10BaseT)

• Ethernet (10BaseFL)

• Fast Ethernet (100BaseTX)

• Fast Ethernet (100BaseFX)

• FDDI full duplex

• 4-Mbps Token Ring

• 16-Mbps Token Ring

• FDDI DAS

• FDDI SAS

• FDDI multimode

• FDDI single-mode

• ATM Interface

• 100VG AnyLAN

• Packet-Over-SONET OC-3 Interface

The following WAN interfaces are supported:

• EIA/TIA-232

• X.21

• V.35

• EIA/TIA-449

• EIA-530

• Serial (synchronous and asynchronous)

• 4-wire 56K DSU/CSU

• ISDN BRI S/T

• ISDN BRI U

• ISDN PRI

• Channelized T1 (with and without CSU)

• Channelized E1 (balanced and unbalanced)

• E1-G. 703/G.704

Cisco IOS Documentation

For Cisco IOS Release 11.2 and 11.2(P), the Cisco IOS documentation set consists of eight modules, each module consisting of a configuration guide and a command reference. The documentation set also includes five supporting documents.

The books and chapter topics are as follows:

For Cisco IOS Release and 11.2 P, the Cisco IOS documentation is expanded to include the Feature Guide for Cisco IOS Release 11.2 P.

All the documents mentioned are available as printed manuals or electronic documents.

For electronic documentation of Cisco IOS Release 11.2 router and access server software features, refer to the Cisco IOS Release 11.2 configuration guides and command references, which are located in the Cisco IOS Release 11.2 database, on the Documentation CD-ROM.

You can also access Cisco technical documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

New Features in Release 11.2 for the Cisco 4000 and 4000-M

The features described in this section are also supported in 11.2 P. This section is divided into the following subjects:

• Routing Protocols

• Desktop Protocols

• Wide-Area Networking Features

• IBM Functionality

• Security Features

• Network Management

Routing Protocols

This section describes routing protocol features that are new in the initial release of Cisco IOS Release 11.2.

IP Protocol and Feature Enhancements

The following new IP protocol software features are available:

• On Demand Routing--On Demand Routing (ODR) is a mechanism that provides minimum-overhead IP routing for stub sites. The overhead of a general dynamic routing protocol is avoided, without incurring the configuration and management overhead of using static routing.

A stub router is the peripheral router in a hub-and-spoke network topology. Stub routers commonly have a WAN connection to the hub router and a small number of LAN network segments (stub networks) that are connected directly to the stub router. To provide full connectivity, the hub routers can be statically configured to know that a particular stub network is reachable via a specified access router. However, if there are multiple hub routers, many stub networks, or asynchronous connections between hubs and spokes, the overhead required to statically configure knowledge of the stub networks on the hub routers becomes too great.

ODR simplifies installation of IP stub networks in which the hub routers dynamically maintain routes to the stub networks. This is accomplished without requiring the configuration of an IP routing protocol at the stub routers. With ODR, the stub advertises IP prefixes corresponding to the IP networks that are configured on its directly connected interfaces. Because ODR advertises IP prefixes, rather than IP network numbers, ODR is able to carry Variable Length Subnet Mask (VLSM) information.

After ODR is enabled on a hub router, the router begins installing stub network routes in the IP forwarding table. The hub router can also be configured to redistribute these routes into any configured dynamic IP routing protocols. IP does not need to be configured on the stub router. With ODR, a router is automatically considered to be a stub when no IP routing protocols have been configured on it.

The routing protocol that ODR generates is propagated between routers using Cisco Discovery Protocol (CDP). Thus, ODR is partially controlled by the configuration of CDP:

• If CDP is disabled, the propagation of ODR routing information might stop.

• By default, CDP sends updates every 60 seconds. This update interval may not be frequent enough to provide fast reconvergence of IP routers on the hub router side of the network. A faster reconvergence rate may be necessary if the stub connects to several hub routers via asynchronous interfaces (such as modem lines).

• ODR may not work well with dial-on-demand routing (DDR) interfaces, because CDP packets will not cause a DDR connection to be made.

It is recommended that IP filtering be used to limit the network prefixes that the hub router will permit to be learned dynamically through ODR. If the interface has multiple logical IP networks configured (via the IP secondary command), only the primary IP network is advertised through ODR.

Open Shortest Path First (OSPF) Enhancements

The following features have been added to the Cisco OSPF software:

• OSPF On-Demand Circuit--OSPF On-Demand Circuit is an enhancement to the OSPF protocol, as described in RFC 1793, which allows efficient operation over demand circuits such as ISDN, X.25 SVCs, and dial-up lines. Previously, the period nature of OSPF routing traffic mandated that the underlying data-link connection needed to be constantly open, resulting in unwanted usage charges. With this feature, OSPF Hellos and the refresh of OSPF routing information is suppressed for on-demand circuits (and reachability is presumed), allowing the underlying data-link connections to be closed when not carrying application traffic.

The feature allows the consolidation on a single routing protocol and the benefits of the OSPF routing protocol across the entire network, without incurring excess connection costs.

If the router is part of a point-to-point topology, only one end of the demand circuit needs to be configured for OSPF On-Demand Circuit operation. In point-to-multipoint topologies, all appropriate routers must be configured with the OSPF On-Demand Circuit. All routers in an area must support this feature--that is, be running Cisco IOS Release 11.2 or greater.

• OSPF Not-So-Stubby Areas (NSSA)--As part of the OSPF protocol's support for scalable, hierarchical routing, peripheral portions of the network can be defined as "stub" areas, so that they do not receive and process external OSPF advertisements. Stub areas are generally defined for low-end routers with limited memory and CPU, that have low-speed connections, and are in a default route configuration.

OSPF Not-So-Stubby-Areas (NSSA) defines a more flexible, hybrid method, whereby stub areas can import external OSPF routes in a limited fashion, so that OSPF can be extended across the stub to the backbone connection.

NSSA enables OSPF to be extended across a stub area to the backbone area connection to become logically part of the same network.

Border Gateway Protocol Version 4 (BGP4) Enhancements

The following features have been added to the Cisco BGP4 software:

• BGP4 Soft Configuration--BGP4 soft configuration allows BGP4 policies to be configured and activated without clearing the BGP session, hence without invalidating the forwarding cache. This enables policy reconfiguration without causing short-term interruptions to traffic being forwarded in the network.

• BGP4 Multipath Support-- BGP4 Multipath Support provides BGP load balancing between multiple Exterior BGP (EBGP) sessions. If there are multiple EBGP sessions between the local autonomous system (AS) and the neighboring AS, multipath support allows BGP to load balance among these sessions. Depending on the switching mode, per packet or per destination, load balancing is performed. BGP4 Multipath Support can support up to six paths.

• BGP4 Prefix Filtering with Inbound Route Maps--This feature allows prefix-based matching support to the inbound neighbor route map. This feature allows an inbound route map to be used to enforce prefix-based policies.

Network Address Translation

Network Address Translation (NAT) provides a mechanism for a privately addressed network to access registered networks, such as the Internet, without requiring a registered subnet address. This eliminates the need for host renumbering and allows the same IP address range to be used in multiple intranets.

With NAT, the privately addressed network (designated as "inside") continues to use its existing private or obsolete addresses. These addresses are converted into legal addresses before packets are forwarded onto the registered network (designated as "outside"). The translation function is compatible with standard routing; the feature is required only on the router connecting the inside network to the outside domain.

Translations can be static or dynamic in nature. A static address translation establishes a one-to-one mapping between the inside network and the outside domain. Dynamic address translations are defined by describing the local addresses to be translated and the pool of addresses from which to allocate outside addresses. Allocation is done in numeric order and multiple pools of contiguous address blocks can be defined.

NAT:

• Eliminates readdressing overhead. NAT eliminates the need to readdress all hosts that require external access, saving time and money.

• Conserves addresses through application port-level multiplexing. With NAT, internal hosts can share a single registered IP address for all external communications. In this type of configuration, relatively few external addresses are required to support many internal hosts, thus conserving IP addresses.

• Protects network security. Because private networks do not advertise their addresses or internal topology, they remain reasonably secure when used in conjunction with NAT to gain controlled external access.

Because the addressing scheme on the inside network may conflict with registered addresses already assigned within the Internet, NAT can support a separate address pool for overlapping networks and translate as appropriate.

Applications that use raw IP addresses as a part of their protocol exchanges are incompatible with NAT. Typically, these are less common applications that do not use fully qualified domain names.

Named IP Access Control List

The Named IP Access Control List (ACL) feature gives network managers the option of using names for their access control lists. Named IP ACLS function similarly to their numbered counterparts, except that they use names instead of numbers.

This feature also includes a new configuration mode, which supports addition and deletion of single lines in a multiline access control list.

This feature eliminates some of the confusion associated with maintaining long access control lists. Meaningful names can be assigned, making it easier to remember which service is controlled by which access control list. Moreover, this feature removes the limit of 100 extended and 99 standard access control lists, so that additional IP access control lists can be configured.

The new configuration feature allows a network manager to edit access control lists, rather than re-creating the entire list.

Currently, only packet and route filters can use Named IP ACL. Also, named IP ACLs are not backward-compatible with earlier releases of Cisco IOS software.

Named IP ACLs are not currently supported with Distributed Fast Switching.

Multimedia and Quality of Service

The following features have been added to the Cisco multimedia and quality of service software:

• Resource Reservation Protocol--Resource Reservation Protocol (RSVP) enables applications to dynamically reserve necessary network resources from end-to-end for different classes of service. An application, which acts as a receiver for a traffic stream, initiates a request for reservation of resources (bandwidth) from the network, based on the application's required quality of service. The first RSVP-enabled router that receives the request informs the requesting host whether the requested resources are available or not. The request is forwarded to the next router, towards the sender of the traffic stream. If the reservations are successful, an end-to-end pipeline of resources is available for the application to obtain the required quality of service. RSVP enables applications with real-time traffic needs, such as multimedia applications, to coexist with bursty applications on the same network. RSVP works with both unicast and multicast applications.

RSVP requires both a network implementation and a client implementation. Applications need to be RSVP enabled to take advantage of RSVP functionality. Currently, Precept provides an implementation of RSVP for Windows-based PCs. Companies such as Sun and Silicon Graphics have demonstrated RSVP on their platforms. Several application developers are planning to take advantage of RSVP in their applications.

• Random Early Detection--Random Early Detection (RED) helps eliminate network congestion during peak traffic loads. RED uses the characteristics of a robust transport protocol (TCP) to reduce transmission volume at the source when traffic volume threatens to overload a router's buffer resources. RED is designed to relieve congestion on TCP/IP networks.

RED is enabled on a per-interface basis. It "throttles back" lower-priority traffic first, allowing higher-priority traffic (as designated by an RSVP reservation or the IP precedence value) to continue unabated.

RED works with RSVP to maintain end-to-end quality of service during peak traffic loads. Congestion is avoided by selectively dropping traffic during peak load periods. This is performed in a manner designed to damp out waves of sessions going through TCP slow start.

Existing networks can be upgraded to better handle RSVP and priority traffic. Additionally, RED can be used in existing networks to manage congestion more effectively on higher-speed links where fair queuing is expensive.

Exercise caution when enabling RED on interfaces that support multiprotocol traffic (in addition to TCP/IP), such as IPX or AppleTalk. RED is not designed for use with these protocols and could have unexpected affects.

RED is a queuing technique; it cannot be used on the same interface as other queuing techniques, such as Standard Queuing, Custom Queuing, Priority Queuing, or Fair Queuing.

• Generic Traffic Shaping--Generic Traffic Shaping (also called Interface Independent Traffic Shaping) helps reduce the flow of outbound traffic from a router interface into a backbone transport network when congestion is detected in the downstream portions of the backbone transport network or in a downstream router. Unlike the Traffic Shaping over Frame Relay features, which are specifically designed to work on interfaces to Frame Relay networks, Generic Traffic Shaping works on interfaces to a variety of Layer 2 data-link technologies (including Frame Relay, SMDS, Ethernet, and so on).

Topologies that have high-speed links feeding into lower-speed links--such as a central site to a remote or branch sites--often experience bottlenecks at the remote end because of the speed mismatch. Generic Traffic Shaping helps eliminate the bottleneck situation by throttling back traffic volume at the source end.

Routers can be configured to transmit at a lower bit rate than the interface bit rate. Service providers or large enterprises can use the feature to partition, for example, T1 or T3 links into smaller channels to match service ordered by customers.

Generic Traffic Shaping implements a Weighted Fair Queuing (WFQ) on an interface or subinterface to allow the desired level of traffic flow. The feature consumes router memory and CPU resources, so it must be used judiciously to regulate critical traffic flows while not degrading overall router performance.

Multiprotocol Routing

The following enchancement has been made to the Cisco multiprotocol routing:

• Enhanced IGRP Optimizations--With the wide-scale deployment of Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) in increasingly large and complex customer networks, Cisco has been able to continuously monitor and refine Enhanced IGRP operation, integrating several key optimizations. Optimizations have been made in the allocation of bandwidth, use of processor and memory resources, and mechanisms for maintaining information about peer routers. For example:

  • Intelligent Bandwidth Control: In network congestion scenarios, packet loss, especially the dropping of routing protocol messages, adversely affects convergence time and overall stability. To prevent this problem, Enhanced IGRP now takes into consideration the available bandwidth (at a granularity of per subinterface/virtual circuit if appropriate) when determining the rate at which it will transmit updates. Interfaces can also be configured to use a certain (maximum) percentage of the bandwidth, so that even during routing topology computations, a defined portion of the link capacity remains available for data traffic.

  • Improved Processor and Memory Utilization: Enhanced IGRP derives the distributed routing tables from topology databases that are exchanged between peer routers. This CPU computation has now been made significantly more efficient as has the protocol's queuing algorithm, resulting in improved memory utilization. The combination of these factors further increases Enhanced IGRP's suitability for deployment, particularly on low-end routers.

  • Implicit Protocol Acknowledgments: Enhanced IGRP running within a router maintains state and reachability information about other neighboring routers. This mechanism has been modified so that it no longer requires explicit notifications to be exchanged but rather will accept any traffic originating from a peer as a valid indication that the router is operational. This provides greater resilience under extreme load.

  • IPX Service Advertisement Interleaving: Large IPX environments are typically characterized by many Service Advertisements, which can saturate lower-speed links at the expense of routing protocol messages. Enhanced IGRP now employs an interleaving technique to ensure that both traffic types receive sufficient bandwidth in large IPX networks.

These enhancements are particularly applicable in networking environments having many low-speed links (typically in hub-and-spoke topologies); in Non-Broadcast-Multiple-Access (NBMA) wide-area networks such as Frame Relay, ATM, or X.25 backbones; and in highly redundant, dense router-router peering configurations. It should be noted that the basic Enhanced IGRP routing algorithm that exhibits very fast convergence and guaranteed loop-free paths has not changed, so there are no backward compatibility issues with earlier versions of Cisco IOS software.

Switching Features

The following feature has been added to the Cisco switching software:

• Integrated Routing and Bridging--Integrated routing and bridging (IRB) delivers the functionality to extend VLANs and Layer 2 bridged domains across the groups of interfaces on Cisco IOS software-based routers and interconnect them to the routed domains within the same router.

The ability to route and bridge the same protocol on multiple independent sets of interfaces of the same Cisco IOS software-based router makes it possible to route between these routed and the bridged domains within that router. IRB provides a scalable mechanism for integration of Layer 2 and Layer 3 domains within the same device.

Integrated routing and bridging provides:

• Scalable, efficient integration of Layer 2 and Layer 3 domains: The IRB functionality allows you to extend the bridge domains or VLANs across routers while maintaining the ability to interconnect them to the routed domains through the same router.

• Layer 3 address conservation: You can extend the bridge domains and the VLAN environments across the routers to conserve the Layer 3 address space and still use the same router to interconnect the VLANs and bridged domains to the routed domain.

• Flexible network reconfiguration: Network administrators gain the flexibility of being able to extend the bridge domain across the router's interfaces to provide a temporary solution for moves, adds, and changes. This can be useful during migration from a bridged environment to a routed environment, or when making address changes on a scheduled basis.

Note that:

• Currently, IRB supports three protocols: IP, IPX, and AppleTalk, in both fast-switching and process-switching modes.

• IRB is supported for transparent bridging, but not for source-route bridging.

• IRB is supported on all media-type interfaces except X.25 and ISDN bridged interfaces.

• IRB and concurrent routing and bridging (CRB) cannot operate at the same time.

Desktop Protocols

This section describes the desktop protocol features that are new in the initial release of Cisco IOS Release 11.2.

AppleTalk Features

The following feature has been added to the Cisco AppleTalk software:

• AppleTalk Load Balancing--This feature allows AppleTalk data traffic to be distributed more evenly across redundant links in a network.

AppleTalk load balancing can reduce network costs by allowing more efficient use of network resources. Network reliability is improved because the chance that network paths between nodes will become overloaded is reduced. For convenience, load balancing is provided for networks using native AppleTalk routing protocols such as Routing Table Maintenance Protocol (RTMP) and Enhanced IGRP.

AppleTalk load balancing operates with process and fast switching.

Novell Features

The following features have been added to the Cisco Novell software:

• Display SAP by Name--This feature allows network managers to display Service Advertisement Protocol (SAP) entries that match a particular server name or other specific value. The current command that displays IPX servers has been extended to allow the use of any regular expression (including supported special characters) for matching against the router's SAP table.

• IPX Access Control List Violation Logging--With this feature, routers can use existing router logging facilities to log IPX access control list (ACL) violations whenever a packet matches a particular access-list entry. The first packet to match an entry is logged immediately; updates are sent at approximately five minute intervals.

This feature allows logging of:

• Source and destination addresses

• Source and destination socket numbers

• Protocol (or packet) type (for example, IPX, SPX, or NCP)

• Action taken (permit or deny)

Matching packets and logging-enabled ACLs are sent at the process level. Router logging facilities use IP.

• Plain English IPX Access List--Through the use of this feature, the most common protocol and socket numbers used in IPX extended ACLs can be specified by either name or number instead of numbers, as required previously.

Protocol types supported include RIP, SAP, NCP, and NetBIOS. Supported socket types include Novell Diagnostics Packet Enhanced IGRP and NLSP.

Plain English IPX Access Lists greatly reduce the complexity and increase the readability of IPX extended access control lists, reducing network management expense by making it easier to build and analyze the access control mechanisms used in IPX networks.

Wide-Area Networking Features

This section describes the wide-area networking features that are new in the initial release of Cisco IOS Release 11.2.

ISDN/DDR Enhancements

The following features have been added to the Cisco ISDN and DDR software:

• Multichassis Multilink PPP--Multichassis Multilink Point-to-Point Protocol (MMP) extends Multilink PPP (MLP) by providing a mechanism to aggregate B-channels transparently across multiple routers or access servers. MMP defines the methodology for sharing individual links in a MLP bundle across multiple, independent platforms. The primary application for MMP is the ISDN dial-up pool; however, it can also be used in a mixed technology environment.

MMP is based on the concept of a stackgroup--a group of routers or access servers that operate as a group when receiving MLP calls. Any member of the stackgroup can answer any call into the single access number applied to all WAN interfaces. Typically, the access number corresponds to a telco hunt group.

Cross-platform aggregation is performed via tunneling between members of a stackgroup using the Level 2 Forwarding (L2F) protocol, a draft IETF standard.

MMP is flexible and scalable. Because the L2F protocol is IP-based, members of a stackgroup can be connected over many types of LAN or WAN media. Stackgroup size can be increased by increasing the bandwidth available to the L2F protocol--for example, by moving from shared to switched Ethernet.

With Multichassis Multilink PPP:

• New devices can be added to the dial-up pool at any time.

• The load for reassembly and resequencing can be shared across all devices in the stackgroup. MMP is less CPU-intensive than MLP.

• MMP provides an interoperable multivendor solution because it does not require any special software capabilities at the remote sites. The only remote requirement is support for industry standard MLP (RFC 1717).

---

Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference.

---

• Virtual Private Dialup Network-- Virtual Private Dialup Network (VPDN) allows users from multiple disparate domains to gain secure access to their corporate home gateways via public networks or the Internet. This functionality is based on the Layer 2 Forwarding (L2F) specification which Cisco has proposed as an industry standard to the Internet Engineering Task Force (IETF).

Service providers who wish to offer private dial-up network services can use VPDN to provide a single telephone number for all their client organizations. A customer can use dial-up access to a local point of presence where the access server identifies the customer by PPP user name. The PPP username is also used to establish a home gateway destination.

After the home gateway is identified, the access server builds a secure tunnel across the service provider's backbone to the customer's home gateway. The PPP session is also transported to this home gateway, where local security measures can ensure the person is allowed access to the network behind the home gateway.

Of special interest to service providers is VPDN's independence of WAN technology. Since L2F is TCP/IP-based, it can be used over any type of service provider backbone network.

---

Note This feature is documented in the PPP for wide-area networking chapters of the Wide-Area Networking Configuration Guide and the Wide-Area Networking Command Reference.

---

• Dialer Profiles--Dialer profiles allow the user to separate the network layer, encapsulation, and dialer parameters portion of the configuration from that of the interface used to place or receive calls.

Dialer profile extends the flexibility of current dial-up configurations. For example, on a single ISDN PRI or PRI rotary group it is now possible to allocate separate profiles for different classes of users. These profiles may define normal DDR usage or backup usage.

Each dialer profile uses an Interface Descriptor Block (IDB) distinct from the IDB of the physical interface used to place or receive calls. When a call is established, both IDBs are bound together so that traffic can flow. As a result, dialer profiles use more IDBs than normal DDR.

This initial release of dialer profiles does not support Frame Relay, X.25, or LAPB encapsulation on DDR links or Snapshot Routing capabilities.

• Combinet Packet Protocol support--Combinet Packet Protocol (CPP) is a proprietary encapsulation used by legacy Combinet products for data transport. CPP also defines a methodology for performing compression and load sharing across ISDN links. The Cisco IOS software implementation of CPP supports both compression and load sharing using this proprietary encapsulation.

A large installed base of early Combinet product users cannot upgrade to later software releases that support interoperability standards such as PPP. With CPP support, these users can integrate their existing product base into new Cisco IOS software-based internetworks.

CPP does not provide many of the functions available in the Cisco implementation of the PPP standards. These functions include address negotiation and support for protocols like AppleTalk. Where possible, Cisco recommends that customers migrate to software that supports PPP.

• Half Bridge/Half Router for CPP and PPP--Half bridge/half router allows low-end, simply configured bridge devices to bridge either PPP or CPP encapsulated data to a Cisco IOS core network router. Half bridge/half router is designed for networks that have small remote Ethernet segments, each with a single PPP- or CPP-compatible bridging device connected to a core network. The serial or ISDN interface on the core network router appears as a virtual Ethernet port to the network. Layer 3 data packets transported across this type of link are first encapsulated within an Ethernet encapsulation. A PPP or CPP bridging header is then added. This facility allows bridged traffic arriving at the core device to be routed from that point on. This feature is process switched.

Frame Relay Enhancements

The following features have been added to the Cisco Frame Relay software:

• Frame Relay SVC support (DTE)--Currently, access to Frame Relay networks is through private leased lines at speeds ranging from 56 kbps to 45 Mbps. Bandwidth within the Frame Relay network is permanently committed to providing permanent virtual circuits (PVCs) between the endpoints. Switched virtual circuits (SVCs) allow access through a Frame Relay network by setting up a path to the destination endpoints only when the need arises. This is similar to X.25 SVCs, which allow connections to be set up and torn down based upon data traffic requirements. Although SVCs entail overhead for setting up and tearing down links, the VC is only established when data must be transferred, so the number of VCs is proportional to the number of actual conversations between sites rather than the number of sites.

Frame Relay SVCs offer cost savings via usage-based pricing instead of fixed pricing for a PVC connection, dynamic modification of network topologies with any-to-any connectivity, dynamic network bandwidth allocation or bandwidth-on-demand for large data transfers such as FTP traffic, backup for PVC backbones, and conservation of resources in private networks.

To use Frame Relay SVCs, Frame Relay SVC must be supported by the Frame Relay switches used in the network. Also, a Physical Local Loop Connection, such as a leased or dedicated line, must exist between the router (DTE) and the local Frame Relay switch.

• Traffic Shaping over Frame Relay--The Frame Relay protocol defines several parameters that are useful for managing network traffic congestion. These include Committed Information Rate (CIR), Forward/Backward Explicit Congestion Notification (FECN/BECN), and Discard Eligibility (DE) bit.

Cisco already provides support for FECN for DECnet and OSI, BECN for SNA traffic using direct LLC2 encapsulation via RFC 1490, and DE bit support. The Frame Relay Traffic Shaping feature builds on this support by providing the following three capabilities:

• Rate enforcement on a per virtual circuit (VC) basis: A peak rate can be configured to limit outbound traffic to either the CIR or some other defined value such as the Excess Information Rate (EIR).

• Generalized BECN support on a per-VC basis: The router can monitor BECNs and throttle traffic based upon BECN marked packet feedback from the Frame Relay network.

• Priority/Custom/First In, First Out Queuing (PQ/CQ/FIFO) support at the VC level: This allows for finer granularity in the prioritization and queuing of traffic, providing more control over the traffic flow on an individual VC.

Frame Relay Traffic Shaping offers these advantages:

• Eliminates bottlenecks in Frame Relay network topologies with high-speed connections at the central site, and low-speed connections at the branch sites. Rate Enforcement can be used to limit the rate at which data is sent on the VC at the central site.

• Provides a mechanism for sharing media by multiple VCs. Rate Enforcement allows the transmission speed used by the router to be controlled by criteria other than line speed, such as the CIR or EIR. The Rate enforcement feature can also be used to pre-allocate bandwidth to each VC, creating a Virtual Time-Division Multiplexing network.

• Dynamically throttles traffic, based on information contained in BECN-tagged packets received from the network. With BECN based throttling, packets are held in the router's buffers to reduce the data flow from the router into the Frame Relay network. The throttling is done on a per-VC basis and the transmission rate is adjusted based on the number of BECN-tagged packets received.

• Defines queuing at the VC or subinterface level. Custom Queuing with the per-VC queuing and Rate Enforcement capabilities enable Frame Relay VCs to be configured to carry multiple traffic types (such as IP, SNA, and IPX), with bandwidth guaranteed for each traffic type.

The three capabilities of the Traffic Shaping for Frame Relay feature require the router to buffer packets to control traffic flow and compute data rate tables. Because of this router memory and CPU utilization, these features must be used judiciously to regulate critical traffic flows while not degrading overall Frame Relay performance.

IBM Functionality

This section describes the IBM network software features and support that are new in the initial release of Cisco IOS Release 11.2.

New Features

The following new IBM software features are available:

• Native Client Interface Architecture (NCIA) Server--The Native Client Interface Architecture (NCIA) server, introduced by Cisco Systems for access of IBM SNA applications over routed internetworks, has been enhanced to be more flexible and scalable. The NCIA Client, implemented in the client workstation, encapsulates the full SNA stack inside TCP/IP packets. These packets are sent to the NCIA Server implemented in Cisco IOS software. The NCIA Server de-encapsulates the TCP/IP packet and sends the LLC data to the host processor via RSRB or DLSw+.

The NCIA Server supports SNA and NetBIOS sessions over a variety of LAN and WAN connections, including dial-up connections. The NCIA architecture supports clients with full SNA stacks--providing all advanced SNA capabilities, unlike some split-stack solutions.

NCIA Server enhancements provide:

• Simplified client configuration: It is no longer necessary to predefine ring numbers, and the NCIA Server supports optional dynamic assignment of MAC addresses. There is no Logical Link Control, type 2 (LLC2), at the client. The client is configured as an end station, not as a router peer.

• Scalability: The limit is based on the number of LLC connections in the central site router rather than RSRB peer connections.

• Fast Switched Source-Route Translational Bridging (SR/TLB)--With Cisco IOS Software Release 11.2, SR/TLB is fast switched. No queuing is done and resource utilization is low. This enhancement is on by default, but can be disabled. It is supported across all router platforms.

• Response Time Reporter--The Response Time Reporter (RTR) feature allows you to monitor network performance, network resources, and applications by measuring response times and availability. RTR statistics can be used to perform troubleshooting, problem notifications, and pre problem analysis. RTR offers enhanced functionality over a similar IBM product, NetView Performance Monitor.

RTR enables the following functions to be performed:

• Troubleshoot problems by checking the time delays between devices (such as a router and an MVS host) and the time delays on the path from the source device to the destination device at the protocol level.

• Send SNMP traps and/or SNA Alerts/Resolutions when one of the following has occurred: a user-configured threshold is exceeded, a connection is lost and reestablished, or a timeout occurs and clears. Thresholds can also be used to trigger additional collection of time delay statistics.

• Perform pre-problem analysis by scheduling the RTR and collecting the results as history and accumulated statistics. The statistics can be used to model and predict future network topologies.

The RTR feature is currently available only with feature sets that include IBM support. A CiscoWorks Blue network management application will be available to support the RTR feature. Both the CiscoWorks Blue network management application and the router use the Cisco Round Trip Time Monitor (RTTMON) MIB. This MIB is also available with Cisco IOS Release 11.2.

APPN Enhancements

The following features have been added to the Cisco Advanced Peer-to-Peer Networking (APPN) software:

• APPN Central Resource Registration--APPN Central Resource Registration (CRR) support allows a Cisco IOS software-based router acting as a network node to register the resources of end nodes to the Central Directory Service (CDS) on Advanced Communication Facility/Virtual Telecommunication Access Method (ACF/VTAM). A Cisco IOS network node will now register resource names with a VTAN CDS as soon as it establishes connectivity with it. Prior to this enhancement, the router acting as a network node could not register end-node resources. ACF/VTAM could, however, query the router to find these resources.

The CDS reduces broadcast traffic in the network. Without an active CDS on ACF/VTAM, the network node must send a broadcast message to the network to locate nonlocal resources required for a session. With an active CDS, the network node sends a single request directly to the CDS for the location of the resource. A network broadcast is used only if the resource has not registered with the CDS.

ACF/VTAM must be configured as a CDS. The Cisco IOS network node learns of the capability when network topology is exchanged. To most effectively use the CDS, end nodes should register the resources with the network node. Depending on the end node implementation, registration might occur automatically, may require configuration on the end node, or might not be a function of the end node.

• APPN DLUR MIB--The existing APPN Management Information Base (MIB) does not contain information about Dependent Logical Units (DLUs) accessing the APPN network through the DLU Requester (DLUR) function in the Cisco IOS NN. A standard MIB for DLUR has been defined by the APPN Implementors Workshop (AIW), the standards body for APPN, and is implemented in this release of the Cisco IOS software.

With the APPN DLUR MIB, users have access to information collected about the DLUR function in the Cisco IOS NN and the DLUs attached to it for more complete network management information.

Data Link Switching+ Features and Enhancements

The following features have been added to the Cisco Data Link Switching (DLSw+) software. These features had previously been available with Remote Source-Route Bridging (RSRB). To provide these features for DLSw+, the Cisco IOS software uses a component known as Virtual Data Link Control (VDLC) that allows one software component to use another software component as a data link.

• LAN Network Manager (LNM) over DLSw+--LAN Network Manager (LNM) over DLSw+ allows DLSw+ to be used in Token Ring networks that are managed via IBM's LNM software.

With this feature, LNM can be used to manage Token Ring LANs, Control Access Units (CAUs), and Token Ring attached devices over a DLSw+ network. All management functions continue to operate as they would in an RSRB network or source-route bridged network.

• Native Service Point (NSP) over DLSw+--Native Service Point (NSP) over DLSw+ allows the Cisco NSP feature to be used in conjunction with DLSw+ in the same router.

With this feature, NSP can be configured in remote routers, and DLSw+ can provide the path for the remote service point PU to communicate with NetView. This allows full management visibility of resources from a NetView 390 console, while concurrently offering the value-added features of DLSw+ in an SNA network.

• Down Stream Physical Unit (DSPU) over DLSw+--Down Stream Physical Unit (DSPU) over DLSw+ allows the Cisco DSPU feature to operate in conjunction with DLSw+ in the same router. DLSw+ can be used either upstream (towards the mainframe) or downstream (away from the mainframe) of DSPU.

DSPU concentration consolidates the appearance of up to 255 physical units into a single physical unit appearance to VTAM, minimizing memory and cycles in central site resources (VTAM, NCP, and routers) and speeding network startup. Used in conjunction with DLSw+, network availability and scalability can be maximized.

• Advanced Peer-to-Peer Networking (APPN) over DLSw+--Advanced Peer-to-Peer Networking (APPN) over DLSw+ allows the Cisco APPN feature to be used in conjunction with DLSw+ in the same router.

With this feature, DLSw+ can be used as a low-cost way to access an APPN backbone or APPN in the data center. In addition, DLSw+ can be used as a transport for APPN, providing nondisruptive recovery from failures and high-speed intermediate routing. In this case, the DLSw+ network appears as a connection network to the APPN network nodes (NNs).

• Source-Route Bridging (SRB) over FDDI to DLSw+--This feature allows access to DLSw+ over source-route bridged FDDI LANs. In the past, the supported local DLCs were only Token Ring, Ethernet, or SDLC. With this extension, Token Ring-attached devices can access a DLSw+ router using source-route bridging over an FDDI backbone. At the remote site, the device can be attached over Token Ring, Ethernet, SDLC, or FDDI. This feature allows SRB over FDDI to provide the highest speed access between campus resources, while concurrently allowing DLSw+ for access to remote resources.

Security Features

This section describes the security features that are new in the initial release of Cisco IOS Release 11.2.

New Features

• Router Authentication and Network-Layer Encryption--This feature provides a mechanism for secure data transmission. It consists of two components:

  • Router Authentication: Prior to passing encrypted traffic, two routers perform a one-time, two-way authentication by exchanging Digital Signature Standard (DSS) public keys. The hash signatures of these keys are compared to authenticate the routers.

  • Network-Layer Encryption: For IP payload encryption, the routers use Diffie-Hellman key exchange to securely generate a DES 40- or 56-bit session key. New session keys are generated on a configurable basis. Encryption policy is set by crypto-maps that use extended IP Access Lists to define which network, subnet, host, or protocol pairs are to be encrypted between routers.

This feature can be used to build multiprotocol Virtual Private Networks (VPNs), using encrypted Generic Routing Encapsulation (GRE) tunnels. It can also be used to deploy secure telecommuting services, Intranet privacy, and virtual collaborative or community-of-interest networks.

All components of this feature are subject to U.S. Department of Commerce export regulations. Encryption is currently IP only, although it does support multiprotocol GRE tunnels. This feature is most appropriately deployed in a relatively small number of routers, with a logically flat or star-shaped encryption topology.

Load-sharing of the encryption/decryption function is not supported. Without a Certification Authority (CA), the one-time authentication effort increases exponentially with the number of routers. Router authentication requires the network administrator to compare the hashes produced by the routers, once during initial configuration. This version of encryption is not IPSEC compliant.

• Kerberos V Client Support--This feature provides full support of Kerberos V client authentication, including credential forwarding. Systems with existing Kerberos V infrastructures can use their Key Distribution Centers (KDCs) to authenticate end-users for network or router access. This is a client implementation, not a Kerberos KDC. Kerberos is generally considered a legacy security service and is most beneficial in networks already using Kerberos.

TACACS+ Enhancements

The following features have been added to the Cisco Terminal Access Controller Access Control System (TACACS)+ software:

• TACACS+ Single Connection--Single Connection is an enhancement to the network access server that increases the supported number of transactions per second. Prior to this enhancement, separate TCP connections would be opened and closed for each of the TACACS+ services: authentication, authorization, and accounting. This became a bottleneck for improving throughput on authentication services for large networks.

Single Connection is an optimization whereby the network access server maintains a single TCP connection to one or more TACACS+ daemons. The connection is maintained in an open state for as long as possible, instead of being opened and closed each time a session is negotiated. It is expected that Single Connection will yield performance improvements on a suitably constructed daemon.

Currently, only the CiscoSecure daemon V1.0.1 supports Single Connection. The network access server must be explicitly configured to support a Single Connection daemon. Configuring Single Connection for a daemon that does not support this feature will generate errors when TACACS+ is used.

• TACACS+ SENDAUTH Function--SENDAUTH is a TACACS+ protocol change to increase security. SENDAUTH supersedes SENDPASS. SENDAUTH and SENDPASS are documented in Version 1.63 of the TACACS+ protocol specification, which is available from CCO (see the section "Cisco Connection Online" at the end of this document or via anonymous FTP from ftp-eng.cisco.com).

The network access server can support both SENDAUTH and SENDPASS simultaneously. It detects if the daemon is able to support SENDAUTH and, if not, will use SENDPASS instead. This negotiation is virtually transparent to the user, with the exception that the down-rev daemon may log the initial SENDAUTH packet as unrecognized.

SENDAUTH functionality requires support from the daemon, and the network access server.

Network Management

This section describes the network management features that are new in the initial release of Cisco IOS Release 11.2.

MIBs Supported

The following MIB's are supported:

• APPN DLUR MIB

• Cisco IP Encryption MIB

• Cisco Modem Management MIB

• Cisco SYSLOG MIB

Cisco IOS Feature Sets for Cisco 4000 Series Routers

This section lists Cisco IOS software feature sets available in Cisco IOS Release 11.2.
These features are available in specific feature sets on specific platforms.

Table 1 and Table 2 use these feature set matrix symbols to identify features:

Cisco IOS images with 40-bit Data Encryption Standard (DES) support may legally be distributed to any party eligible to receive Cisco IOS software. The 40-bit DES is not a cryptographically strong solution and should not be used to protect sensitive data.

Cisco IOS images with 56-bit DES are subject to International Traffic in Arms Regulations (ITAR) controls and have a limited distribution. Images to be installed outside the United States. require an export license. Customer orders may be denied or subject to delay because of U.S. government regulations. Contact your sales representative or distributor for more information, or send e-mail to export@cisco.com.

Table 1 and Table 2 list the standard feature sets supported in Cisco IOS Release 11.2.

Memory Requirements

Table 3 describes the memory requirements for the Cisco 4000 series platform's feature set supported by Cisco IOS Release 11.2.

Upgrading to a New Software Release

If you are upgrading to Cisco IOS Release 11.2 from an earlier Cisco IOS software release, you should save your current configuration file before configuring your access server with the Cisco IOS Release 11.2 software. An unrecoverable error could occur during download or configuration.

Cisco IOS Upgrade Procedure

If you have a maintenance contract (SMARTnet), go to the following URL to download a Cisco IOS release from the CCO Trivial File Transfer Protocol (TFTP) server:

http://www.cisco.com/kobayashi/sw-center

The Software Center window is displayed.

Step 1 Click Cisco IOS Software. The Cisco IOS Software window is displayed.

Step 2 Click Cisco IOS 11.2. The Cisco 11.2 Software Upgrade Planner window is displayed.

Step 3 Click Download Cisco IOS 11.2 Software. The Software Checklist window is displayed.

Step 4 Select the appropriate information in each section of the Software Checklist window.

• Hardware

• Release

• Software and hardware release

Step 5 Click Execute. The software release is downloaded to your desktop computer.

Step 6 Transfer the software release to a local TFTP server on your network using a terminal emulation application, such as TCP Connect.

Step 7 Log in to your router. Copy the software release from your TFTP server to your router, using the copy tftp command.

Caveats for Release 11.2(1) Through 11.2(10)

This section describes possibly unexpected behavior by Cisco IOS Release 11.2(10). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(10). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online " later in this document.

AppleTalk

• When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

Basic System Services

• The router might reload when trying to process the show accounting command. [CSCdi69364]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• Fast switching and optimum switching counters should be broken out separately in the output of the show interface switching command. [CSCdi87008]

• Traffic shaping is not currently supported over tunnels of any type or switching mode. The feature is currently under development. [CSCdi88997]

• If the map-list command is configured, issuing the show running command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]

• When a router is configured with the command ip identd and with aaa authentication login default tacacs+ enable the router will reload itself under these conditions:

- The router is resolving host names via an external DNS server.

- The TACACS server is down.

- The user gains access to the router via the backup "enable" method.

- The user attempts to Telnet from the router to a host on the network.

After the Telnet is initiated, the router will immediately reload.

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default). [CSCdj19961]

• Boot Flash devices are not recognized when formatting boot Flash type A7, A6, or AA.

To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20651]

• An EXEC prompt does not appear until the TCP connection for accounting EXEC is sent and acknowledged. Accounting EXEC acts like wait-start, even though start-stop is configured. [CSCdj27123]

• The tacacs-server directed-request restricted command only applies to authentication, not to accounting or authorization. Therefore, there is no way to restrict a user's authorization or accounting to a given set of servers, which can lead to inconsistencies. For example, authentication for a directed user can be attempted only on the restricted servers, whereas authorization or accounting can be attempted on non-restricted servers as well. This inconsistency can cause authentication to pass while authorization fails for a given user. [CSCdj37496]

• When ATM traffic-shaping is enabled on an ATM interface along with priority-queueing, priority queuing does not work as desired.

To work around this problem, turn off ATM traffic-shaping over that interface. Another workaround is to use Cisco IOS Release 11.2(2) or earlier, including Release 11.1. [CSCdj45778]

• High CPU utilization exists on a Cisco 4000-M using IP-SNMP after upgrading to Cisco IOS Release 11.2(9). [CSCdj56722]

IBM Connectivity

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do LLC mapping. [CSCdi55085]

• A bus error occurred at PC0x169a46. The stack trace indicates a problem in the LNX process. This problem occurs on X.25. [CSCdi73516]

• This caveat fixed an unimplemented trap, cipCardLinkFailure by deprecating it and implementing a new trap cipCardDtrBrdLinkFailure. Use the snmp-server enable traps channel-failures command to enable this new trap. [CSCdj32297]

• An APPN router may crash during an SNMP access to the APPN MIB. This problem only occurs after an unused APPN node is garbage collected. The crash has the following stack trace:

System was restarted by bus error at PC 0x8B5902, address 0x4AFC4AFC PC: process_snmp_trs_tg_inc

0x8B5CAC:_process_ms_data_req_trs(0x8b5aaa)+0x202 0x87E5FE:_xxxtos00(0x87d6b0)+0xf4e 0x180E5C:_process_hari_kari(0x180e5c)+0x0 [CSCdj36824]

• When testing FRAS BAN for SDLC attached PU 2.1 and PU 2.0 and using RSRB backup over PSTN, the PUs failed to connect after the Frame Relay interface was brought back up after a link failure.

The output of the show fras command showed ls-reset backup enabled. In order to reconnect the PUs, the fras backup rsrb statement had to be removed or the serial interfaces configuration had to be deleted and then readded. [CSCdj39306]

• When RSRB with TCP encapsulation is configured with priority peers and some of the priority peers are closed/dead, an explorer packet may continuously try to open the closed/dead priority peer. After several tries, the router may crash with memory corruption. [CSCdj47493]

• When using APPN ISR over an RSRB port over FDDI, a Cisco 7200 may start sending frames with the non-bitswapped address of the target device.

To work around this problem, configure a MAC address on the target device that is always the same whether it is canonical or non-canonical (for example, 4242.6666.ffff). [CSCdj48606]

• Normal non-extended unbind (0x3201) was extended with corrupted information which caused rejection by the host. As far as the host is concerned, the session is still active. A user cannot clean up this session without bringing down the link. [CSCdj50581]

• SNA sessions running over DLSw hang when a NetBIOS file transfer is running. This problem has been experienced on the Cisco 7206 router only. [CSCdj53691]

Interfaces and Bridging

• Running SRB over FDDI on Cisco 4000 series routers may not perform as well as expected. However, this behavior should not seriously impact network functionality. [CSCdi69101]

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]

• A Cisco 7500 series router might resign its active HSRP status when configured on an FEIP, if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]

• Under certain conditions, a memory leak may cause a router to reset if the bridge-group virtual interfaces for the new integrated routing and bridging (IRB) feature are not configured correctly.

A workaround is to ensure that there aren't any bridge-group virtual interfaces configured for logical/physical router interfaces that do not exist. [CSCdj02283]

• Enabling custom queuing on a Cisco 7200 router may result in an excessive increase in CPU use. [CSCdj05099]

• When adding or removing a subinterface to a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. The whole interface will be reset when a user tries to add the ip address command. A workaround for part of the problem is to turn off CDP globally or on individual interfaces. In this case, the user can turn off CDP on the serial interface before adding or removing subinterfaces. CSCdj02488 (integrated into Cisco IOS Release 11.1(11) and 11.2(5.1)) fixed the rest of the problem.[CSCdj07291]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload. [CSCdj22485]

• The pos specify-s1s0 and pos specify-c2 POS interface specific configuration commands do not work correctly. [CSCdj25166]

• A "System restarted by bus error at PC 0x4262AA, address 0xFFFFFFFC" message may be received when the frame-relay payload-compression packet-by-packet command is entered under the subinterface. [CSCdj49344]

• Compression for HDLC encapsulated bridging only payload compresses Spanning Protocol packets. Actual bridged packets are forwarded with their payloads uncompressed. Prior to this release, bridged packets may have had their MAC addresses corrupted if STAC compression was enabled with HDLC encapsulation. [CSCdj50894]

• Void frames generated by a Cisco 4500 appear to be valid data frames without LLC. [CSCdj51861]

• On the Cisco AS5200 platform, a group of four ports may stop processing PPP packets on the interface. You can identify this problem by looking for a group of four contiguous ports that have a much higher volume of calls than the other ports on the AS5200. Currently, the only workaround is to reload the router. The port modems should be busied out until the router can be reloaded. [CSCdj51974]

• A Cisco Catalyst 5000 cannot change packet format from SNAP to ARPA. [CSCdj53698]

• With IRB configured on the router, IPX clients cannot log into services on a bridged interface. Removing the IPX routing from the BVI fixes the bridged interface but you'll loose the routing. At this time, this feature is not supported. [CSCdj54050]

• If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies such as ARP resolution not working or the ARP resolutions take place yet you cannot ping the neighboring device. [CSCdj54558]

• A Cisco 7500 router may see "RSP-3-RESTART" messages. In this case, there may not be additional messages prior to the "RSP-3-RESTART" message that provides information on the cause of the cBus complex restart. [CSCdj55380]

IP Routing Protocols

• If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]

• If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]

• When attempting to set the ipNetToMediaType value with SNMP the following error is returned and the value is not set:

snmpset: The value given has incorrect type or length. [CSCdj43710]

• In the presence of a large number of subnets, a CPUHOG message like the following may be generated:

%SYS-3-CPUHOG: Task ran for 2608 msec (73/65), Process = BGP scanner, PC = 176388

[CSCdj45966]

• Manual summarization with EIGRP does not work correctly. A summary route does not get advertised but one or more of the more specific routes do. [CSCdj46525]

• Under certain conditions, an LS type 5 is not generated by the ABR in response to a received LS type 7. [CSCdj55301]

• The router's internal address is advertised as a host route instead of a network in the router's LSA. A host route is represented as a Type 3 link (Stub Network) whose link ID is the host's IP address and whose link data is the mask of all ones (0xffffffff). This host route is advertised into all OSPF areas. [CSCdj56079]

ISO CLNS

• If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-IS. A workaround is to number the interface. [CSCdi60673]

• A crash was caused by an AVL node that was freed but was still accessed during tree traversing. This problem was a result of the node being deleted and freed in the middle of tree walk. This is an IS-IS (using AVL tree) specific problem. [CSCdj18685]

LAT

• LAT services are not available on the router when IRB is enabled. [CSCdj52841]

Novell IPX, XNS, and Apollo Domain

• Adding XNS back into a router's configuration after it has been removed may cause a system to restart by bus error. This may only be a one-time event if it occurs at all. [CSCdj16694]

• With the Cisco 3600 in the circuit, the client broadcasts an RPL request. The packet reaches the router's Token Ring interface, which recognizes it as a local packet and sends the packet back out the same interface it was received on. This results in two RPL requests: one from the client and one from the router. The server receives the packet from the router first and responds to it. The packet from the client is seen as a separate client and also gets a response. After a few packets, the client gets confused and gives a boot load error.

This problem appears to be a race issue and does not occur with a Cisco 2500 router in place of the Cisco 3600 because the Cisco 2500 is slower to route the packet. The packet is sent out the same interface it received it from, which appears to be normal behavior, but the server receives the client's packet first, so the RPL request is built properly. With debugging enabled on the Cisco 3600, this is sufficient to slow down the router, allowing the client packet to reach the server first and build the request properly. [CSCdj18835]

• When using IPX-EIGRP over ISDN with floating static routes, there may be a short delay (about 10 seconds) before the application is able to get through. [CSCdj38031]

• Before a floating static route is installed, a waiting period is observed when the network is down and unreachable. If IPX watchdogs or SPX keepalives arrive during this time, they will be dropped, leading to session timeouts. [CSCdj50629]

• Remote routers connected to a Cisco 7513 used as hub Frame Relay router cannot see the IPX servers local to the Cisco 7513. The Cisco 7513 reloaded afterwards. [CSCdj54367]

TCP/IP Host-Mode Services

• A direct broadcast with a physical-broadcast destination MAC address is not forwarded to helper address over ATM/LANE interfaces. [CSCdj51378]

TN3270

• TN3270 keymaps with three keystrokes defined for a TN3270 key will append the last character to the screen. The cursor will then move to the next cursor position on the screen. [CSCdj51702]

Wide-Area Networking

• When using a VIP controller in a Cisco 7000 series router with a Silicon Switch Processor (SSP), the SSP cannot access the second port adapter when the VIP is installed in slot 4. As a workaround, install the VIP in slots 0 through 3. [CSCdi41639]

• The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]

• When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should also be configured on the serial interface to achieve effective traffic prioritization. [CSCdi52067]

• When configuring PVCs on the AIP, you may observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)

%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

• When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface may bounce once or continually bounce during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]

• Type of serial and ISDN B-channels using MPPP over dialer profiles leads to situations where serial joins and leaves bundle ad infinitum. [CSCdj18693]

• When the dialer rotary-group command is entered on an interface that has ongoing calls, a crash may occur.

The workaround is to bring down all ongoing calls by disconnecting or shutting down the interface and then adding the dialer rotary-group command. [CSCdj35360]

• The Cisco 3600 ISDN BRI-U WIC does not send an IDCKRP within 200 ms in response to the ISDN NI-1 switch's IDCKRQ. This causes the NI-1 switch to drop the previously assigned TEI on the second B-Channel. The NI-1 switch does not reassign a TEI to B-Channel 2 in Cisco IOS images earlier than Release 11.2(8). In Cisco IOS images that are Release 11.2(8) or newer, a new TEI is assigned to B-Channel 2.

The confusion over TEI assignment for B-Channel 2 causes severed connections or Multilink PPP problems in Cisco IOS Release 11.2(8) or later. In older Cisco IOS images, the BRI interface may hang or act as if it were administratively shutdown. [CSCdj52727]

• A problem has been identified with traffic shaping on the Cisco 4500 ATM NIMs. There is no known workaround. [CSCdj56673]

Basic System Services

• In extremely unusual situations the router will display the following error message on a frequent basis:

%SYS-6-STACKLOW: Stack for level CXBus Interfaces running low, 0/1000

This message may eventually lead to the router hanging. [CSCdi54119]

• A timing conflict between the HTTP server and TACACS+ code can cause the HTTP process to hang when configured to use TACACS+ for authentication. Since the HTTP server uses a tty to handle I/O for the request, these hung processes can tie up all available ttys. [CSCdi84657]

• On Cisco 7000 series routers, in the output of the show interface serial command, the packet input field reports the incorrect number of received packets. The workaround is to enable SSE switching on all MIP interfaces. [CSCdj01844]

• On Single Flash Bank 2500 devices, when the device is running from the image on Flash (RFF), the SNMP operation of copy to Flash using CISCO-FLASH-MIB does not work.

The work around is to use the command line interface command copy tftp flash. This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]

• When custom or priority queuing is turned off on an interface that does not support fair queuing, the queuing data structures associated with the interface are left in an inconsistent state.

In particular, the enqueue and the dequeue routines are not reset and this causes the box to crash when the routines are invoked the next time. Once the box is rebooted the inconsistency is cleared. [CSCdj29439]

• RMON alarms will not work properly on a number of MIBs that use internal MIB caching to speed up MIB object value retrieval. The only possible workaround is to set up an SNMP get poll on these objects to force an update to the MIB cache, with a poll period within the alarmInterval time. The following MIBs have this problem:

APPN-DLUR-MIB
IBM-6611-APPN-MIB
CISCO-CIPCSNA-MIB
CISCO-CIPLAN-MIB
CISCO-CIPTCPIP-MIB
CISCO-SNA-LLC-MIB
SNA-NAU-MIB
CISCO-TN3270SERVER-MIB
OLD-CISCO-IP-MIB
BGP4-MIB
LAN-EMULATION-CLIENT-MIB
RFC1406-MIB
RMON-MIB
IF-MIB
RFC1398-MIB
OLD-CISCO-INTERFACES-MIB
CISCO-PING-MIB
CISCO-QLLC01-MIB [CSCdj34766]

• A memory leak exists in the Flash file system. Using SNMP to poll the ciscoFlashMIB objects, or using the show flash command line interface (CLI) commands can result in non-trivial amounts of memory being allocated and never freed. Repeating these polls or CLI commands will eventually result in the system using up all available memory.

The ciscoFlashMIB can essentially be disabled (SNMP is prevented from polling this MIB) via use of SNMP views. For example, the SNMP configuration snmp-server community public ro can be changed to the following:

snmp-server view no-flash internet included

snmp-server view no-flash ciscoFlashMIB excluded

snmp-server community public view no-flash ro

The result is the SNMP polls using the public community string can access objects in the entire MIB space (internet) except for those objects in the ciscoFlashMIB space.

This will affect any NMS applications that rely on the ciscoFlashMIB objects. [CSCdj35443]

• When issuing the no snmp trap link-status command on an ISDN interface on both the Virtual-Template and the D-channel, the router still sends traps whenever a B-channel changes state. [CSCdj38266]

• After a Cisco AS5200 has been running for 4 to 5 days, it may experience a severe memory leak that requires the router to be rebooted. [CSCdj41164]

• An SNMP Get of an individual instance from the ipNetToMediaTable may fail, even though an SNMP Get-next will successfully retrieve the instance. This is likely to be seen on table entries referring to software interfaces (for example, subinterfaces, loopbacks or tunnels) or hardware interfaces that have been hot-swapped in. There is no known workaround. [CSCdj43639]

• A crash occurred in the Frame Relay packet classifier function called by the WFQ routine. A workaround for this problem is to disable WFQ on the interface with Frame Relay encapsulation. [CSCdj45516]

IBM Connectivity

• When an IBM AS/400 end system is attempting to communicate with an IBM 5494 controller through Cisco 4700 routers, the Token Ring interface on the router uses its Token Ring MAC address as the source address when sending DM command messages to the AS/400. The AS/400 discards these messages because it does not recognize the source address, and it continues to poll the IBM 5494, which causes it to hang. The workaround is to reload the router. [CSCdi87648]

• A small window exists in which it is possible after a transmission group reinitialization that only one CP-CP session is established between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. Once this occurs, the CP-CP contention winner session will only activate if the APPN subsystem is stopped and started.

There is no known workaround. [CSCdj25859]

• An APPN router may display the following "Unanticipated CP_STATUS" message when the contention loser CP-CP session goes down and comes back up without the contention winner session being deactivated:

%APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1

%APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN

%APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4

%APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received

Each subsequent broadcast locate received by the router causes the following messages to be displayed and about 1920 bytes of APPN memory to be leaked:

%APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080

%APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0

This problem occurs when two links are active to the same node and the CP-CP sessions are split between these two links and the link with contention loser is stopped.

The APPN subsystem should be stopped and restarted to clear this problem. If the CP-CP sessions are between the router and the host, terminating either CP-CP session on the host will also clear this problem. [CSCdj33718]

• There may be intermittent failures when trying to link to bridges over the DLSw remote peers when running LNM over DLSw. The workaround is to reload the router that is directly attached to the LNM device. [CSCdj34112]

• An APPN DLUR router may reload with SegV exception in ndr_sndtp_encap_mu in a timing window where the DLUR supported device disconnects before a request_actpu is sent to the DLUS for that device. [CSCdj37172]

• A DSPU router with an SDLC attached 3174 leaves a terminal hung after a terminal power-reset. Vtam inact/act of LU fixes. A workaround is to remove the DWSPU and connect the 3174 via DLSw. [CSCdj37185]

• APPN enforces the maximum size of a CV10 (product set identifier) on XID to not exceed 60 bytes. Some products include a CV10 that is larger than the 60 byte value. These products will fail XID negotiation with APPN. [CSCdj40144]

• In the event that APPN/DLUR has processed and sent a bind request to a downstream device, and that device has not responded to the bind, issuing a vary,inact command on the host for the LU name that the bind is destined for will not completely clean up the session as it should. [CSCdj40147]

• When a connection is attempted over a port defined with the len-connection operand, APPN can loose 128 bytes of memory for each connection attempt. [CSCdj40190]

• DLSw FST may corrupt the frame header if the riflen is different on both sides. [CSCdj40582]

• Memory leaks occur when APPN TPsend_search is sending locate search requests to adjacent nodes when a link failure occurs. [CSCdj40915]

• When RSRB with TCP encapsulation is configured and remwait/dead peers exist, an explorer packet may continuously try to open the remwait/dead peer. After several tries, the router may crash with memory corruption.

A workaround is to remove any remwait/dead peer statements. [CSCdj42427]

• A Cisco 3640 router crashes when a UI LLC frame is received on the Token Ring interface. [CSCdj43755]

• An APPN router may crash with a bus error if a race condition is experienced during cleanup processing. The stacktrace shows the crash occurred in Qfind_front while executing a psp00 function. An example stacktrace for this problem is shown below.

System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]

• APPN crashed when it received a CV35 without the Termination Procedure Origin Name (TPON) field. [CSCdj44661]

• Configuration of SRB on a second interface yields the following traceback information from LNM:

%LNMC-3-BADCLSIRET: bogus Invalid ret code (0x7007) init_clsi_op_proc, bogus -Traceback= 60791120 6078FE48 6078FDC4 607890E0 6078ED48 60226648 60226634 [CSCdj45268]

• DLUR bind processing may cause stack corruption, resulting in a reload with PC 0x0. This problem is caused by attempting to parse the user data subfields beyond the location where the subfields exist. The reload will only occur if the byte two bytes beyond the end of the user data area is 0x3 or 0x4. This is a very rare occurrence. [CSCdj45676]

• In large APPN network environments over 200 NNs, numerous broadcast searches could happen during initial start up or intermediate links recovery. The memory usage serge may bring down the entire network. [CSCdj45705]

• The message "%APPN-0-APPNEMERG: Mfreeing bad storage, addr = 60BB7188, header = 60BB6B20, 00000218 -Process= "ndrmain", ipl= 0, pid= 62" may be issued when a DLUR served PU disconnects. [CSCdj46783]

• Router will not pass SRB directed frames if the SRB proxy-explorer feature is configured. SRB proxy-explorer is used with NetBIOS name caching. [CSCdj47797]

• Some 68K-based routers, such as the Cisco 7000, Cisco 4000, and Cisco 2500 routers, may crash while running APPN. This memory corruption may occur after a rare combination of APPN detail displays, followed by a show appn stat display.

[CSCdj47941]

Interfaces and Bridging

• When connecting a Canary Fast Ethernet transceiver to the MII connector on VIP port adapters, reload the microcode so that the port will function properly. [CSCdi64606]

• The auto-enable feature for packet-by-packet Frame Relay compression is removed and this form of compression is allowed to be manually enabled. [CSCdi85183]

• Hardware platforms that use Cirrus Logic serial line controllers may experience the following behavior:

If the system tries to discard output for a line while there is output data in the buffer, the line may become unresponsive to input. This happens most frequently when the user attempts to abort output from a network connection. For example, sending CTL-C on a LAT connection or sending a break character during a PAD connection may cause this symptom.

The affected platforms are: Cisco 2509 through Cisco 2512, Cisco 2520 through Cisco 2523, Cisco AS5200, the NP-2T16S module for the Cisco 4500 and Cisco 4700, and the NM-4A/S, NM-8A/S, NM-16A, and NM-32A modules for the Cisco 3600. [CSCdj02282]

• In certain cases, a router may bring Layer 1 down without an apparent reason. Hereafter, a new TEI is negotiated with the switch. The latter still keeps all call references belonging to the previous TEI, since no DISCONNECT was seen on L3. [CSCdj11840]

• An SNMP agent was returning erroneous values. Under some conditions, the ifInUcastPkts counter was observed returning decreasing values, which is incorrect. [CSCdj23790]

• PPP compression and custom queuing are incompatible features and may cause the router to crash. To work around this problem, turn off all fancy queuing. [CSCdj25503]

• In X.25 packet-by-packet compression, error checking code is fixed after malloc for decompression history buffer. [CSCdj29139]

• The BREAK sequence may not be received properly on platforms that use the Cirrus Logic asynchronous controllers. This includes the Cisco 2509, 2511, AS5100, and AS5200. You may have to send the BREAK sequence multiple times before it is interpreted correctly. [CSCdj32121]

• dot5StatsTable does not return any value in Cisco IOS Release 11.2 software. [CSCdj32372]

• NFS transmission problems and FDDI excessive claims occur after installing Releases 10.3(9) through 10.3(18), 11.1(9) through 11.1(14), or 11.2(1) through 112(9). This problem is specific to the CX-FIP interface board. [CSCdj38715]

• When IRB is configured with a FDDI interface on a Cisco 4000 series router, some packets will not be forwarded through the FDDI interface. [CSCdj40769]

• An NT client/server sending out multiple ARP requests to the BVI interface of the router causes a loss of connection. The workaround is to enable ARP SNAP arp timeout 120. [CSCdj46855]

• The PA-4R may incorrectly adjust the datagram size of an incoming packet to include extra padding at the end of the packet. This problem only occurs under moderate/heavy traffic load where multiple PA-4R interfaces are consuming many particle buffers. The problem also only occurs on packets with a packet length that is a multiple of 512 bytes, 513 bytes, 514 bytes or 515 bytes. On Cisco 7xxx family VIP PA-4R systems any type of packet may be subject to this corruption. On Cisco 720x family systems with PA-4R, only source route bridging packets are subject to this corruption. The only workaround is to reduce the token ring interface's MTU to 508 bytes or less. [CSCdj48183]

IP Routing Protocols

• IP cache is not invalidated for destinations that use the default routes even after the next hop is down. The workaround is to issue the clear ip cache command. [CSCdj26446]

• After the ip default-network statement is issued, the default network route does not get propagated to other routers in the network. There is no known workaround for this problem. [CSCdj28362]

• EIGRP topology entries from the redistribution of connected routes where EIGRP is already running natively may not clear when the interface goes down. [CSCdj28874]

• A router crashes after receiving multicast packets with the illegal source address 0.0.0.0. The workaround is to configure the access list to filter out packets with a source IP address of 0.0.0.0. [CSCdj32995]

• User cannot enter the ip accounting command on a Frame Relay subinterface with this Cisco IOS Release on a Cisco 4500 router. [CSCdj33780]

• When the OSPF interface command ip ospf authentication-key key is configured with key length longer than 19 characters, including any trailing space, then the OSPF internal data will be corrupted. The write terminal command could reload the router.

The workaround is not to enter a key longer than 19 characters, either encrypted or not.

The same problem happens with the ip ospf message-digest key-id md5 key command. In this case, the key length should not be longer than 36 characters. [CSCdj37583]

• On a Cisco 4700, RIP cannot handle more than 1800 routes received back to back without inter-frame gap. [CSCdj40042]

• After the aggregate-address summary-only command is configured, issuing the same command without summary-only will not unsuppress the more specifics of the aggregate.

A workaround is to negate the whole aggregate-address command first. [CSCdj42066]

• ICMP unreachables are wrongly sent out for multicast packets. [CSCdj43447]

• During a ping, each packet took more than 2 seconds to output. With ATM static maps, the wait is not necessary for IP over ATM. [CSCdj47856]

• Entering the no ip gdb rip command twice may crash the router. [CSCdj48291]

• A problem will be caused by entering the ipx router command followed at anytime by a no ipx router command. The effects can be anything from to a steady memory leak, to unexpected router behavior to (as in this case) a router crash. This problem affects all routers. As a workaround, cycle power on the router after a no ipx router command is issued. [CSCdj51185]

LAT

• The following message may be erroneously displayed:

%LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet

When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full Ethernet frame, data for that slot is discarded. [CSCdi82343]

Novell IPX, XNS, and Apollo Domain

• Route stuck in "deletion pending" state after an ipx down command. The only workaround is to disable and reenable IPX routing on the router.

This could happen if the commands ipx down and no ipx network are given in the same or reverse order, with very little time in between. [CSCdi91755]

• XNS standard access lists may produce incorrect "permit" results on Cisco 4500 series routers. In one case, this caused an XNS RIP packet to bring up BRI/DDR lines every 30 seconds. If similar false "permit" results happen in forwarding filters, supposedly filtered traffic could be permitted through the router instead of denied. [CSCdj25490]

• XNS routes may get deleted on serial interfaces at boot time. The workaround is to issue the shut and no shut commands on the affected interface. [CSCdj25806]

• IPX does not advertise static/floating static routes if they are created before the interface that the routes connected to is up. The workaround is to issue the shut and no shut commands on the interface that the static/floating static routes are connected to. [CSCdj41584]

• Running IPX EIGRP with a maximum path set greater than one, the router may not remove the SAP after the interface is down if it is learned via more than one path. [CSCdj45364]

• If a route goes away via aging (180 seconds) and the default route is known, a cache entry may be installed for the network using the default route path. If the network comes back within the next 60 seconds, a new cache entry pointing to the now valid path may not be installed and the cache will still point to the default route path for the network. A workaround is to issue the clear ipx route and clear ipx cache commands, or run without using the default route. [CSCdj47705]

TCP/IP Host-Mode Services

• A router may restart with a bus error at address 0xD0D0D5D in module tcpdriver_del. [CSCdj26703]

VINES

• A router may unexpectedly reload when VINES SRTP routing is configured. The workaround is to remove the vines srtp-enabled command. [CSCdj37888]

Wide-Area Networking

• On a 7000 router, the following console messages may be logged:

%AIP-3-AIPREJCMD: Interface ATM3/0, AIP driver rejected Teardown VC command (error code 0x8000)

Such an error is associated to the AIP not being able to receive packets. It is reproducible only if there are long periods (minutes) where no traffic crosses the ATM interface.

The workaround is to reload the box or to perform a microcode reload. This does not occur on the Cisco 7500 family (including the RSP7000). [CSCdj20667]

• Under certain conditions, the router may reload during an ISDN call setup with the SPC bit set. This problem only occurs with 1TR6 ISDN switch types. [CSCdj20841]

• While using Distributed Fast Switching, buffer headers can be stranded in the outgoing VIPs transmit queue when that interface has been taken down. This is more likely to occur when a faster interface is switching to a slower one.

Ignores and drops may increase on the input interface as it fails to obtain a needed buffer header to switch the packet. The rxcurr on the input interface will also remain above rxlow even when traffic is not arriving on the interface.

The VIP will now continue to drain the transmit queue of the interface even when it is administratively down. This will allow the buffer headers to be returned to the originating local free queue.

This may cause the number of drops on outbound interface to jump up when the interface is taken down. However, this behavior is normal as the downed interface will drop any packets sent to it when it is not up. [CSCdj21693]

• The Frame Relay LMI Enquiry and Status messages stop being exchanged after a short time of successful communication. The statistics incorrectly report timeouts and message activity. There is no workaround. [CSCdj31567]

• A user has an AS5200 running Cisco IOS 11.2(5)P (Enterprise Plus Feature Set). A LINE FEED (<LF or 0A hex) should be inserted after echoing a <CR to the remote host. This is not working. [CSCdj33431]

• If a BRI port attached to an NI-1 ISDN switch using two SPIDs gets a Layer 1 deactivation and reactivation (typically due to adverse line conditions or temporary disconnection of the cable), that port may not be able to reestablish Layer 2 connectivity on the second TEI and, therefore, not be able to use the second B channel. Issuing the show isdn status command will report TEI_ASSIGNED on one of the TEIs instead of MULTIPLE_FRAME_ESTABLISHED on both. A workaround is to have your service provider configure a single SPID that can control two B channels. [CSCdj41311]

• Using NetBIOS over PPP may result in traceback messages complaining about invalid memory action at interrupt with traceback information appended:

%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level

[CSCdj42341]

• This patch prevents the use of an invalid pak-info_start pointer when doing payload compression on RSP platforms, thus avoiding a crash. [CSCdj43332]

• A remote DLSw peering router may send a DM response just after the LLC2 connection is established if the router is very busy and the PC station responds immediately to the UA with a RR. The client will need to reestablish the connection. [CSCdj47782]

• A boot image without a subsystem containing IPCP will restart the router. There is no workaround. [CSCdj48085]

• When using the frame-relay map class or frame-relay traffic-rate commands, and when the rate is being reduced in response to BECN, the default lower limit is zero, while the expected default is CIR/2.

The workaround for this behavior is to define the rate using the CIR/BC/BE parameters. [CSCdj49145]

• The router may unexpectedly restart when configuring an X.25 PVC that is locally switched. [CSCdj49828]

• The show x25 vc command will cause the router to unexpectedly restart if there is a combination of locally switched virtual circuits and other virtual circuits. [CSCdj50405]

This section describes possibly unexpected behavior by Release 11.2(10)P. Unless otherwise noted, these caveats apply to all 11.2 P releases up to and including 11.2(10)P.

Basic System Services

• Because of a VIP2 problem the ESA service adapter must be installed in port adapter slot1 rather than slot 0 to function properly. Use the show diag command to indicate which slot the ESA is occupying in the VIPs. [CSCdj06072]

• CSCdj12951:Need better crash information to debug data/stack corruption crashes

SOLUTION: Write crash information to default boot Flash:crashinfo in RSP and Flash:crashinfo in RP. A series of "test crash" command selections are used to control and change the crashinfo collection mechanism.

The crash information contains: up to 32 KB in RSP of errmsg log plus command history including config commands that user enters or "copy". In RP, it is 20 KB. contains up to 32 KB on RSP and 20 KB on RP for all the following information. crash stack trace. crash context. stack dump at crash. dump memory for each register containing "valid" RAM address. add errmsg display on invalid length of copy. add two commands to "test crash". "sh stack" will display ("cat" as in UNIX) the boot Flash:crashinfo file if there was a crash. User can also do "copy Flash tftp" to dump the ASCII file boot Flash/Flash:crashinfo to server. .the size is 16 KB of errmsg/command plus up to 16 KB of memory dump and other crash information. There is one 16 KB DRAM declared for this crash information collection mechanism. Only c7000 and RSP are activated with new crashinfo mechanism and the 16 KB. 4500 and others will see no difference.. memory dump on malloc/free trace [CSCdj12951]

• The input counters from the show frame-relay pvc command are NOT correctly update if using optimum or netflow switching. [CSCdj25759]

• If a telnet session is originated from a Cisco router and the command <ip telnet source-interface xx is enabled, the IP address of the outgoing interface is used as the source instead of the one from the specified interface. [CSCdj51149]

IBM Connectivity

• When configuring srb on a fddi interface on a cisco 7200 and using IOS 11.2 ip routing protocols on the same fddi may stop working. [CSCdj48508]

Interfaces and Bridging

• ATCP does not work on 3600 Router sync/async interfaces configured for physical-layer async, as well as the PPP interface async configuration.

The configuration used is the same configuration sample suggested in the Access Services Configuration Guide for IOS 11.2. The example in this guide (II-103 & II-104) is WRONG to begin with, but the style it suggests is no longer applicable to the 3600 serial interfaces being configure for physical-layer async in order to support ATCP. It seems that the AppleTalk Virtual Network is being ignored.

The 3600 IOS implementation of ATCP requires correction in order to be in line with the current ATCP configuration style of existing access servers. The Access Service Configuration Guide requires correction to its ATCP example. [CSCdj24141]

• The work around is to turn the logg console debug in the config mode for the box: "no logg console", or to selectively turn of the interface state change debug from being printed in the console by turning of the interface state change messages: "no logg events link-status" [CSCdj25814]

• When a 3600 router serial interface is operating in HDX DCE mode and the attached DTE device drops RTS too quickly after the end of frame, it is possible that router will silently ignore the frame.

As a workaround enable the interface to run in FDX or DTE mode. [CSCdj36625]

• A Catalyst 5000 RSM populated with an ATM Port Adapter with LANE client(s) configured can get its ATM interface stuck in a down state if a user creates new vlan interfaces.

Symptoms include the following message being displayed to the console

%CBUS-3-CATMREJCMD: ATM0/0 Teardown VC command failed (error code 0x0008)

Saving the RSM configuration and reloading its image will clear the error condition. [CSCdj41802]

• PA-8T on VIP2-40 interfaces flap intermittently when you turn on hardware compression. Moreover, this problem didn't occur when no compression was used.

Wide-Area Networking

• ATCP does not work on 3600 Router sync/async interfaces configured for physical-layer async under a Dialer interface without using a special AppleTalk configuration. A "cable-range" and "zone" must be added to the Dialer interface and the "async mode dedicated" command must be on the async interface for an ATCP connection to succeed. If the "appletalk client-mode" command is used on the serial interface without a cable-range and zone specified on the Dialer interface, PPP connections are successful to the access server but both the primary (default) zone and zones in the Chooser are not visible. The application normally states that the only recognized zone is the one defined by the Dialer interface.

The resulting configuration is radically different from the configuration sample suggested in the Access Services Configuration Guide for IOS 11.2. The example in this guide is WRONG to begin with, but the style it suggests is no longer applicable to the 3600 serial interfaces being configure for physical-layer async in order to support ATCP. It seems that the AppleTalk Virtual Network is being ignored. [CSCdj22349]

• Sometimes ip_get_pool will fail to assign an IP address out of a local pool, even though there are plenty of free addresses. DEBUG IP PEER will show: "ip_get_pool: As49: no address available". IPCP will attempt to negotiate an address of 0.0.0.0 for the peer, with the result that IPCP will ultimately fail. [CSCdj41331]

Caveats for Release 11.2(1) Through 11.2(9)

This section describes possibly unexpected behavior by Cisco IOS Release 11.2(9). Unless otherwise noted, these caveats apply to Release 11.2 up to and including 11.2(9). The caveats listed here describe only the serious problems. For the complete list of caveats against Release 11.2, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection OnLine" later in this document.

AppleTalk

• When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]

• When using the ARAP client 2.1, the user is not able to dial in to an AS5200 with Cisco IOS Release 11.1 if the AS5200 has autoselect configured.

As a workaround, do one of the following:

- Remove autoselect and use ARAP dedicated.

- Use the ARAP 2.0.1 client instead.

- Turn on MNP10 on the ARAP 2.1 client.

- Modify the client CCL script to extend the pause to 3 seconds before exiting. [CSCdj09817]

• Mounting an AFP volume fails with the following error in ARAP 3.0:

%ARAP-6-MAXRESENDS: TTY 1%ARAP-6-BADEXIT: TTY 1: exited user cisco: ARAP connection was terminated. TTY1: Line reset by "ARAP" [CSCdj39623]

Basic System Services

• The router might reload when trying to process the show accounting command. [CSCdi69364]

• The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash memory version of the Cisco IOS software does not match the running version of code. [CSCdi74380]

• Fast switching and optimum switching counters should be broken out separately in the output of the show interface switching command. [CSCdi87008]

• Traffic shaping is not currently supported over tunnels of any type or switching mode. The feature is currently under development. [CSCdi88997]

• When a router is configured with the command ip identd and with aaa authentication login default tacacs+ enable the router will reload itself under these conditions:

- The router is resolving host names via an external DNS server.

- The TACACS server is down.

- The user gains access to the router via the backup "enable" method.

- The user attempts to Telnet from the router to a host on the network.

After the Telnet is initiated, the router will immediately reload.

The workaround for this problem is to not configure the ip identd command or to disable the identd process with the global command no ip identd (which is the default). [CSCdj19961]

• Boot Flash memory devices are not recognized when formatting boot Flash memory type A7, A6, or AA.

To run type A7, A6, or AA boot Flash memory devices and use images prior to this bug fix, format boot Flash memory with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20651]

• On Single Flash Bank 2500 devices running from the image on Flash memory (RFF), copying to Flash memory using CISCO-FLASH-MIB does not work.

As a workaround. use the copy tftp flash command line interface command. This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]

• The tacacs-server directed-request restricted command only applies to authentication, not to accounting or authorization. Therefore, there is no way to restrict a user's authorization or accounting to a given set of servers, which can lead to inconsistencies. For example, authentication for a directed user can be attempted only on the restricted servers, whereas authorization or accounting can also be attempted on nonrestricted servers. This inconsistency can cause authentication to pass while authorization fails for a given user. [CSCdj37496]

• When issuing the no snmp trap link-status command on an ISDN interface on both the Virtual-Template and the D-channel, the router still sends traps whenever a B-channel changes state. [CSCdj38266]

IBM Connectivity

• The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. As a workaround, use multipoint and to do LLC mapping. [CSCdi55085]

• A bus error occurred at PC0x169a46. The stack trace indicates a problem in the LNX process. This problem occurs on X.25. [CSCdi73516]

• Adding an RSRB peer with direct encapsulation on a Cisco 7000 router configured with CSNA causes a "%RSP-3-RESTART: cbus complex" error and takes down the CIP interface. [CSCdi82836]

• When the fast source-route translational bridging feature is configured, packets are corrupted. As a workaround, issue the no source-bridge fastswitch ring-group fastswitch command, which disables the fast source-route translational bridging feature. [CSCdi87612]

• After a transmission group reinitialization, a small window exists in which it is possible for only one CP-CP session to establish between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. Once this occurs, the CP-CP contention winner session will only activate if the APPN subsystem is stopped and started.

There is no known workaround. [CSCdj25859]

• When testing FRAS BAN for SDLC attached PU 2.1 and PU 2.0 and using RSRB backup over PSTN, the PUs failed to connect after the Frame Relay interface was brought back up after a link failure.

The output of the show fras command showed ls-reset backup enabled. In order to reconnect the PUs, the fras backup rsrb statement had to be removed or the serial interfaces configuration had to be deleted and then readded. [CSCdj39306]

• Memory leaks occur when appn TPsend_search is sending locate search requests to adjacent nodes when a link failure occurs. [CSCdj40915]

Interfaces and Bridging

• When connecting a Fast Ethernet transceiver to the MII connector on VIP port adapters, reload the microcode so that the port will function properly. [CSCdi64606]

• Running SRB over FDDI on Cisco 4000 series routers may not perform as well as expected. However, this behavior should not seriously impact network functionality. [CSCdi69101]

• On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]

• The error "%CBUS-3-CTRUCHECK: Unit 0, Microcode Check Error" occurs on Token Ring interfaces, causing the interface to reset. [CSCdj08654]

• In certain cases, a router may bring Layer 1 down without an apparent reason. Hereafter, a new TEI is negotiated with the switch. The latter still keeps all call references belonging to the previous TEI, because no DISCONNECT was seen on L3. [CSCdj11840]

• An RSP2 router configured with a Fast Ethernet interface and a slow-speed serial interface might experience output packet drops on the serial interface, with incoming traffic on the Fast Ethernet interface. This problem occurs even with less traffic, such as during a regular ping.

The workaround is to disable fast switching on the serial interface. [CSCdj17962]

• A LANalyzer trace indicates that the router is forwarding RPL requests out the same Token Ring interface port on which it received the packet. [CSCdj18835]

• A Cisco 4700 router with Fast Ethernet interfaces might experience its input or output queues filling up and eventually hanging. This problem occurs when the router is configured for inter-VLAN routing with an ISL connection to a Catalyst 5000 server switch. There is no known workaround. [CSCdj22841]

• The pos specify-s1s0 and pos specify-c2 POS interface specific configuration commands do not work correctly. [CSCdj25166]

• Input from some interfaces is not reaching the processor on a Cisco 7000 series router. Although the cards are connected to the correct Ethernet and serial interfaces, no input is received from these interfaces. To recover from this situation, reboot the router. The output from the show controllers cbus command shows rql greater than 0. Using the show interface command does not indicate input traffic or hangup issues. [CSCdj29154]

• dot5StatsTable does not return any value in Cisco IOS Release 11.2 software. [CSCdj32372]

• An Ethernet interface on a Cisco 7000 series router shows status as "protocol down." This status is caused by MEMD corruption on the router after upgrading to Cisco IOS Release 11.2(8). [CSCdj42307]

IP Routing Protocols

• If your system reboots and displays output such as the following, upgrade to a Cisco IOS software release that contains the fix for this caveat. There is no known workaround.

#show version

Cisco Internetwork Operating System Software

IOS (tm) 5200 Software (C5200-IS-L), Version 11.2(9)P, SHARED PLATFORM, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1997 by cisco Systems, Inc.

Compiled Mon 12-May-97 15:06 by tej

Imagetext-base: 0x2202F744, data-base: 0x00005000

ROM: System Bootstrap, Version 11.1(474) [tamb 474], RELEASE SOFTWARE (fc1)

ROM: 5200 Software (AS5200-BOOT-L), Version 11.1(474), RELEASE SOFTWARE (fc1)

uptime is 5 minutes

System restarted by bus error at PC 0x221AC3C0, address 0xFD0110EB

cisco AS5200 (68030) processor (revision A) with 8192K/4096K bytes of memory.

Processor board ID 03572663

Bridging software.

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

Primary Rate ISDN software, Version 1.0.

Mother board without terminator card.

1 Ethernet/IEEE 802.3 interface(s)

50 Serial network interface(s)

48 terminal line(s)

2 Channelized T1/PRI port(s)

128K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read ONLY)

4096K bytes of processor board Boot flash (Read/Write)

Configuration register is 0x2102

#show stack

Minimum process stacks:

Free/Size Name

1820/2000 Reset ipc queue

2648/4000 Init

1648/2000 MAI Action Process

1344/2000 Modem Autoconfigure

2608/4000 Exec

Interrupt level stacks:

Level Called Unused/Size Name

1 7105 1596/2000 CL-CD2430 transmit interrupts

2 7223 1540/2000 CL-CD2430 receive interrupts

3 24 1968/2000 Serial interface state change interrupt

4 5698 1540/2000 Network interfaces

5 10971 1896/2000 Console Uart

6 2 1884/2000 DSX1 interface

System was restarted by bus error at PC 0x221AC3C0, address 0xFD0110EB 5200 Software (C5200-IS-L), Version 11.2(6)P, SHARED PLATFORM, RELEASE SOFTWARE (fc1)

Compiled Mon 12-May-97 15:06 by tej (current version)

Image text-base: 0x2202F744, data-base: 0x00005000

Stack trace from system failure:

FP: 0x49EB48, RA: 0x221ACF1A

FP: 0x49EB84, RA: 0x22195E4A

FP: 0x49EC10, RA: 0x22199C64

FP: 0x49ECFC, RA: 0x220ECF90

FP: 0x49ED1C, RA: 0x220ED26E

FP: 0x49ED48, RA: 0x22109BA0

FP: 0x49ED70, RA: 0x222A7798

FP: 0x49ED98, RA: 0x22109BA0

[CSCdj36356]

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC) 

15:06:19:%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
15:06:19:%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

*Feb 28 22:29:50.351 EST: Se0:19 PPP: dropped, LCP not open. Protocol = 0x21
*Feb 28 22:29:50.423 EST: Se0:18 PPP: dropped, LCP not open. Protocol = 0x21 

%SYS-3-OVERRUN: Block overrun at 4029DEA8 (redzone 743D3334)

%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x603CCF3C, sp=0x6110DFD0 
Unexpected exception, CPU signal 10, PC = 0x0 

15:06:19:%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
15:06:19:%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

%SYS-3-CPUHOG: Task ran for 2004 msec (1871/435), Process = ISDN, PC = 2206232E

System was restarted by bus error at PC 0x601E4CD0, address 0xD0D0D0D
4500 Software (C4500-P-M), Version 10.3(16), RELEASE SOFTWARE (fc1)
Compiled Thu 24-Oct-96 18:32 by richardd (current version)
Image text-base: 0x600087E0, data-base: 0x60370000

FP: 0x605D46B8, RA: 0x601E4CD0
FP: 0x605D46D8, RA: 0x601E4D88
FP: 0x605D46F8, RA: 0x601E50EC
FP: 0x605D4710, RA: 0x601C88E0
FP: 0x605D4740, RA: 0x601E4998
FP: 0x605D4760, RA: 0x601E5174
FP: 0x605D4778, RA: 0x60081D04
FP: 0x605D47B8, RA: 0x6006C8A4

Symbols
nhrp_cache_clear_nei
nhrp_cache_clear_nei
nhrp_cache_delete_subr
nhrp_cache_age_subr
rn_walktree_blocking_list
nhrp_cache_walk
nhrp_cache_age
registry_list
net_oneminute

Mar 19 08:41:23:%TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4 
-Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C 
Mar 19 08:41:50:%X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted
Mar 19 08:41:52: 
TCP0: extra packet reference for pak 0x60A031D8 found: 
Mar 19 08:41:52:%TCP-2-BADQUEUE: Multiple entry for packet 60A031D8 
-Process= "TCP Driver", ipl= 0, pid= 26 
-Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C 
Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213 length 47 
Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4

%SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=60C43314 -Traceback= 60037A78 60039F6C 6003EF98 

%AAAA-3-BADSTR: Bad accounting data: too many attributes 

%SNMP-3-CPUHOG: Processing Get of lifEntry.75.34 

IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5 
%APPN-0-APPNEMERG: Assertion failed in./scm/xxximndr.c at line 158 
-Process= "xxxims00", ipl= 0, pid= 58 
-Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4

0000.0000.0001 0000.0000.0002 0000.0000.0003 0000.0000.0005 

CBUS-3-INTERR: Interface 6, Error (8011)

System restarted by error - Zero Divide, PC 0x38EF0C (0x38EF0C:_igmp_report_delay(0x38eec6)+0x46)