9.17(16) Caveats

This section describes possibly unexpected behavior by Release 9.17(16). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(16).

Basic System Services

• Customer was seeing large amount of ignores on token ring and serial interfaces. A combnation of the new bufferin code, and tx-queue-limit tuning on the FSIP solved the problem. trip171-0 and sp10-3 are the required. [CSCdi19241]

• When some routers on the path taken by the Path Tool have routing table misconfigured, the Path Tool detects a cyclic path and displays an error message to remind you to check the routing configuration on these routers. [CSCdi21237]

IBM Connectivity

• Local SRB between TRIP Token Ring interfaces on the 7000 does not function properly when a virtual ring is configured between them. The fix modifies the SP microcode to handle this configuration properly. [CSCdi08232]

• Remote Source Route Bridging using direct encapsulation across a token ring does not work. [CSCdi13077]

• On a 7000 with SRB configuration, when a packet with path tracing(e.g: decnet pings) passes thourgh a CTR interface, the following message will be displayed on the router console:

  %LINK-3-BADMACREG : Interface, non-existant MACADDR registry for link 0 -Process= "*Sched*", ipl = x -Traceback = hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh [CSCdi16761]
  

• The source-bridge remote-peer configuration command accepts the version number statement but it is not saved in the configuration. After 9.1.9, forcing the RSRB peer connection to a specific level is no longer required or supported. This negotiation is done automatically during the remote peer connection start up. Future versions of software will alert the user of this when the configuration command is entered with the version keyword. [CSCdi17754]

• On a router configured with RSRB through Frame Relay, the RSRB peer state remains stuck at "REMWAIT" and "REMOPEN" after a Frame Relay link recovery. [CSCdi21067]

Interfaces and Bridging

• If a very large FDDI SMT frame is received or sent by the router, and debug fddi-smt is configured, the debug output for that frame may be corrupted. [CSCdi09114]

• Don't enable autonomous switching on HSSI when using FST. Autonomous switching causes out of order packets. Packets greater than 1500 bytes are automatically fast switched. Packets less than 1500 bytes are autonomously switched causing smaller packets to arrive at destination ahead of larger, autonomously switched packets. [CSCdi13053]

• When routing NetBIOS traffic encapsulated in FST/IP from FDDI to an FSIP port that has traffic flowing in both directions, packets smaller then 60 bytes that flow into the FSIP port are delayed by approximately 100 ms. This delay is very detrimental to end-to-end throughput. The affected frames are LLC2 Receiver Ready (RR) and NetBIOS acknowledgments. [CSCdi15040]

• Fast FDDI ring claims my result in inaccurate show interface transition counts and debug fddi-cmt-event messages saying

  FDDI interface is up FDDI interface is up
  

  instead of the expected
  

  FDDI interface is down FDDI interface is up [CSCdi18551]
  

• On an FDDI ring composed of many stations, if a station is powered down and powered up again, the 7000 may re-initialize the ring after it has become stable. This is caused by a network timer not being reset at the time of the ring initialization. The same behaviour can be observed if the 7000 is connected to the neighbor using single-mode cable of length 15 km. or greater. An upgrade to the FDDI microcode version fip161-5 is recommended. [CSCdi20410]

• The EIP microcode was modified to improve buffer handling in extremely high traffic situations where bus contention might cause overrun situations [CSCdi20774]

• On a very heavy usage router with FDDI interface, message %CBUS-3-OUTHUNG: Ethernet1/0: tx0 output hung (800E - tx queue full), may appear. Work around is to clear the interfaces. [CSCdi27335]

• This problem occurs in bufferin fsip code. Custom/priority queueing will not work properly on an overdriven (high traffic) serial link. This has been fixed in 10.0(8.3), 10.2(5.1) and 10.3(2.2) - bundled with fsip10-7. [CSCdi28181]

IP Routing Protocols

• TCP/IP sessions may not connect if the client application uses IP types of service other than the default of 0. Invalid MAC addresses may also be seen on the token ring. [CSCdi11291]

• If a UDP broadcast is sent as a physical layer unicast, it will be forwarded even if the protocol is not enabled for forwarding. [CSCdi23360]

TCP/IP Host-Mode Services

• Under certain circumstances an RSRB peer going down can cause RSRB/TCP to consume large amounts of CPU time, possibly interfering with existing bridging activity. [CSCdi18544]

VINES

• The problem is with access-list of the vines. The access list gets wiped out after router power on and off. This occurs with 9.1 software and the problem will not be fixed in 9.1 releases. This does not occur with 10.0 and above software. [CSCdi31778]

Wide-Area Networking

• With DDR and PPP the same protocols must be defined at each end of a connection. As an example if IP were defined on one side, and IP and IPX defined on the other then the call would be dropped because the IPX negotiation would fail. Deleting IPX from the other side or adding it to the one side works around this. This is due to PPP protocol rejects not being handled correctly for network control protocols.

  This occurs in 9.1, 9.14, and 9.17 only versions, in versions starting at 9.1(7), 9.14(3), and 9.17(5). [CSCdi29802]
  

9.17(15) Caveats/9.17(16) Modifications

This section describes possibly unexpected behavior by Release 9.17(15). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(15). For additional caveats applicable to Release 9.17(15), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(16).

DECnet

• A router receiving a MOP connection request through its serial port for one of its LAN port addresses responds with the LAN port's burnt-in address instead of the actual hardware address. If the requesting host uses the DECnet-style MAC address of the router in the request packet, the host will not recognize the response packet sent by the router because it sees a different address in the "source" field. This causes the requesting host to time out on the connect request. [CSCdi26991]

Interfaces and Bridging

9.17(12) Caveats/9.17(15) Modifications

This section describes possibly unexpected behavior by Release 9.17(12). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(12). For additional caveats applicable to Release 9.17(12), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(15).

Basic System Services

• Excessive processor utilization can result from the tty_background process running more than once per second due to a timer error. This also results in keepalives being sent more often than the configured keepalive interval. This has been observed on systems with an uptime of greater than 49 days. [CSCdi25372]

• A protocol translator could get into a telnet TTY-TYPE negotiation loop with a device that does not negotiate TTY-TYPE. [CSCdi26990]

IBM Connectivity

• Setting the llc2 ack-max parameter to value n actually causes router to acknowledge every n+1 packets. Since this value cannot be set to zero, this makes it impossible to tell the router to acknowledge every packet. [CSCdi27034]

• If there is no SRB configured, the router should not check for ring number mismatches. [CSCdi28023]

• If the route attempts to transmit a packet that is close to the

• If a R16M Token Ring card is Administratively Down and the router is reloaded or powered off and back on, the R16M will try to initialize its interface and no longer be Administratively Down. This only appears to happen on R16 [CSCdi17976]

• When multiple FDDI cards are present in the router, the interfaces in the lower slot positions may lose their downstream neighbors. [CSCdi25764] largest MTU size, a false 8007 error (No buffers available) may result. This error causes the SP and all IPs to be reset. [CSCdi26908]

ISO CLNS

• The clns fastswitching from FDDI to Ethernet on a different MCI interface is broken. The last byte of the fastswitched packet is corrupted. The only way to prevent corruption is to turn off fastswitching on FDDI.

  The fix solves the problem for 9.1, 10.0 and 10.2. [CSCdi25950]
  

VINES

9.17(11) Caveats/9.17(12) Modifications

This section describes possibly unexpected behavior by Release 9.17(11). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(11). For additional caveats applicable to Release 9.17(11), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(12).

IBM Connectivity

• The netbios enable-name-cache command is not working in a topology that has two or more paths to access to the workstations. The show rif command shows both paths, but the show netbios-cache command shows only one path. [CSCdi18524]

• When an explorer packet is received by the router and the requested hardware address in the explorer packet cannot be verified, it re-transmits the explorer packet out all interfaces at a high rate for several seconds. This behavior manifests itself as a sudden increase in token ring traffic for several seconds. [CSCdi22541]

• The SMAC and SSAP options are added to the RSRB case.

  locaddr-priority-list list lu-address queue-keyword [dsap ds] [dmac dm] [ssap ss] [smac sm] The new syntax of the locaddr-priority-list global command is :
  

  where the argument "list" is an arbitrary integer between 1 and 10 that identifies the priority list.
  

  the argument "lu-address" is the value of the LOCADDR= parameter on the LU macro which is a one-byte address of the LU in hex.
  

  the argument "queue-keyword" is a priority queue name, one of high, medium, normal, or low.
  

  the keyword "dsap" indicates the next (hex) byte ds represents the destination service access point address. If these are not specified, the defalut is all dsaps.
  

  the keyword "dmac" indicates the next argument dm is the destination mac address, written as a dotted triple of four-digit hexdecimal number. If these are not specified, the default is all dmacs.
  

  the keyword "ssap" indicates the next (hex) byte ss represents the source service access point address. If these are not specified, the defalut is all ssaps.
  

  the keyword "smac" indicates the next argument sm is the source mac address, written as a dotted triple of four-digit hexdecimal number. If these are not specified, the default is all smacs. [CSCdi23323]
  

• On half-duplex SDLC serial interfaces, the show interface serial n command returns incorrect information regarding the RTS and CTS signal timing information. This has no operational impact on the SDLC link. [CSCdi23781]

Interfaces and Bridging

• A bus error may occur on a cisco 4000 router when connecting to a 3COM Netbuilder II, ver 7.1 via a serial line configured for PPP encapsulation. The following error messages may be seen with debug PPP turned on: LINK-2-NOSOURCE: source IDB not set, SYS-2-INLIST:Buffer in list, SYS-2-LINKED: Bad p_enqueue, and SYS-2-BADSHARE: Bad refcount in pak_duplicate. [CSCdi22454]

IP Routing Protocols

• Broadcast addresses can sometimes be put in the IP route cache. This can cause routing updates to stop. [CSCdi22737]

Novell IPX, XNS, and Apollo Domain

• Fast switching large IPX packets from a high-MTU interface (such as Token Ring or FDDI) to an MCI serial card may corrupt MCI memory, resulting in an %MCI-3-SETUPERR message. This is an issue only if you use a version of IPX that uses packets larger than the default 576 (using LIPX or BIGPAK). [CSCdi22888]

• Memory corruption with ipx causes software forced crash. It has been fixed and been integrated in later releases. [CSCdi22929]

• A Server might get added to the Service Table when a SAP is received and we do not have a route to the Server's network. [CSCdi23367]

Protocol Translation

• Removing a translate command from the configuration can cause other translations using the same inbound ip address to stop working. A workaround is to configure the remaining translations again, e.g. by doing write memory and config memory . [CSCdi23621]

• In LAT to PAD (X25) translated sessions, a CTRL-S followed by the entry of any character can sometimes cause a continuous stream of empty LAT messages, causing a session disconnect. [CSCdi24491]

TCP/IP Host-Mode Services

• Under rare circumstances, an opening TCP connection can get stuck in CLOSEWAIT state. This can also result in a STUN peer session getting stuck in an OPENING state at the same time. [CSCdi23455]

Wide-Area Networking

• If a switched VC is connected without explicit flow control negotiation, an interface that is not configured with the correct maximum packet size values may exhibit mysterious problems without an obvious cause.

  When a partial data packet is switched on such a VC (and the D-bit is zero), the M-bit is forced to zero; this behavior is required per the standards and GOSIP certification, but the VC's message boundaries are lost. [CSCdi23465]
  

9.17(10) Caveats/9.17(11) Modifications

This section describes possibly unexpected behavior by Release 9.17(10). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(10). For additional caveats applicable to Release 9.17(10), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(11).

AppleTalk

• On an AppleTalk network with no routers, it is possible to configure a communication server with arbitrary network numbers and zones. Other AppleTalk devices on the network will pick these up and function correctly; however, ARAP connections made to the communication server will be unable to do NBP lookups on the network. The workaround is to use the appletalk zone * command to configure a network address in the start-up range. [CSCdi19202]

• When system uptime exceeds approximately 24.45 days, AppleTalk interfaces can unexpectedly hang during restarts and never become operational. The only workaround is to reload the system. [CSCdi20052]

• MNP4 can get random value for packet address. This may cause the system to crash. [CSCdi21656]

Basic System Services

• System can either hang or reload during FSIP SNMP query. [CSCdi23331]

DECnet

• A router that has been configured as a Level 1 router should not send out Level 2 routing updates. [CSCdi20884]

EXEC and Configuration Parser

• Enabling ip split-horizon on an interface set to frame- relay IETF encapsulation causes a problem with the command parser. The IETF keyword is not displayed properly in the configuration file. If the configuration file is saved with this error a system reload will cause the interface encapsulation to revert to the default frame-relay type. [CSCdi22134]

IBM Connectivity

• Some packets are discarded when TCP queue runs full. This caused various symptoms such as : Peers closing due to keepalive failure, synchronization losss with local-ack sessions, extremely long sessions setup times. [CSCdi19493]

• When running RSRB with local-ack, certain topologies may cause the input queue to fill up. The result is that the interface with the filled input queue will no longer pass traffic. [CSCdi22676]

Interfaces and Bridging

• On Cisco remote access routers, the configuration interface subcommand bridge-group group output-pattern grouplist does not function properly. All packets will be passed through this interface regardless of the filters set in this command. [CSCdi13619]

• Using FST encapsulation on a 4000 does not change the MTU size. If the MTU size is changed on a 4000 serial interface 0 and 1, size on interface serial 0 is changed immediatly. Serial one MTU size is not changed untill clear inter- face command is issued, however if the router is reloaded default values are returned. This causes a problem when transmitting SNA trafic that is greater then 1500 bytes. [CSCdi21023]

• Translational bridging of Novell IPX packets from Ethernet to FDDI and back to Ethernet fails if the source MAC address ends with 0xff All other protocols bridge correctly with this MAC address, and all other MAC addresses bridge correctly with all protocols. [CSCdi21873]

• The error message generated when a G.703 interface is incorrectly configured is incorrect. The stop slot must be greater than the start slot. [CSCdi21919]

IP Routing Protocols

• Invalid packets can be accepted by the router resulting in an exception dump. [CSCdi18314]

• In OSPF, when a neighbor goes down, a host route for that neighbor is incorrectly added. A possible workaround is to trigger the rebuild of OSPF router link state advertisement by changing the interface metric or by rebooting. [CSCdi21103]

ISO CLNS

• The system may crash and reload itself while the route described in (c) is removed from the routing table. A combination of the following conditions causes this to happen: (a) There is a variably subnetted route; (b) Multiple routes hash into the same subnet table hash bucket; (c) There is a subnet with netnumber == major_net and mask == major_net_mask; and (d) Another subnet follows. The root cause is the same as CSCdi20345. [CSCdi18659]

• Starting in 9.1, it is possible for the CLNS Input process to hog the CPU under heavy clns traffic. No workaround is available. This fix solves the problem for 9.1 and on. [CSCdi21418]

Novell IPX, XNS, and Apollo Domain

• The original default of the ipx gns-response-delay command was 500 ms. This value fixes an issue in NetWare 2.x with dual-connected servers in parallel with a router NetWare 2.x was the most common release. NetWare 3.x and later do not have the same issue, and a nonzero GNS response delay may cause problems in certain situations. The default of the ipx gns-response-delay command has been changed to 0. [CSCdi22285]

Protocol Translation

• A pre-mature termination of LAT TCP translate sessions could prevent removing the translate commands from the configuration file. Current active users will contain a non-zero count in "show translate" command. [CSCdi21414]

• The password is echoed and the username is double echoed if the "login" option is specified in a translate command for TCP to PAD connections. Remote telnet option negotiation should happen before the login sequence. [CSCdi22864]

TCP/IP Host-Mode Services

• Under certain conditions, failed protocol translation connections between TCP and either X.25 or LAT using the translate command's printer option can cause a reload of the Protocol Translator. More specifically, the problem occurs when the software detects an error on the incoming TCP connection after the outgoing X.25 or LAT connection has been set up. [CSCdi22217]

• UDP broadcasts can be flooded even if TTL checks fail. [CSCdi22568]

VINES

• When forwarding a Streettalk broadcast from a server, if there is no routing table entry for the source network, the broadcast will be flooded out all interfaces (including the source interface). This can cause broadcast storms since the packet will be propogated forever.

  Note: A likely cause of this problem is a bug in Banyan's SRTP implementation whereby the server stops sending compatibility updates. This can be fixed by applying the 5.52(5) "LJ" patch, or the 5.53(6) "LF" patch.
  

  Note2: This problem never existed in release 9.21 or later. [CSCdi22844]
  

Wide-Area Networking

• When a held-down Virtual Circuit (VC state = X1) receives a packet other than a Call Request, the router will reload; this circumstance is unusual because standard operation will not result in any packet type other than a Call. [CSCdi21078]

• When X.25-over-TCP (XOT) sends a Call Confirm that modifies one of the two proposed flow control facilities (window sizes or maximum packet sizes), the values may be set to 0, which is illegal. [CSCdi21602]

9.17(9) Caveats/9.17(10) Modifications

This section describes possibly unexpected behavior by Release 9.17(9). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(9). For additional caveats applicable to Release 9.17(9), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(10).

AppleTalk

• When there are multiple appletalk routers on the same LAN (either ethernet, Token Ring or FDDI) the ARP tables may show different MAC addresses for the a particular end-node DDP address.

  This problem can be worked around by disabling gleaning with the command:
  

  no appletalk gleaning [CSCdi18817]
  

• Executing the show apple interface command may cause the system to restart itself. This happened on interfaces configured with many zones. [CSCdi18875]

• MacIP servers with a significant number of attached clients (25 or more) may unexpectedly drop the connections to those clients that have been inactive for more than a ten minutes. Workarounds include limiting the number of attached clients to less than 25 and/or insuring that no client is inactive for more than ten minutes. [CSCdi18893]

• When the command no appletalk permit-partial-zones is enabled, multi-zoned cable-ranges that have one or more restricted zones may be unexpectedly omitted from RTMP routing updates as a result of access control provided by the appletalk distribute-list facility. [CSCdi20945]

Basic System Services

• Under rare circumstances, the clear line command fails to clear the process running on that line. A show process command shows that the process on that line has an inappropriate and rapidly increasing number in the "invoked" column. [CSCdi16063]

• If a SAP update packet is received with an invalid length, much larger than the data actually contained in the packet, the system may reload. It is also possible, but unlikely, that invalid server entries may appear in the show ipx server table. When these packets are received, they should be counted as SAP format errors and the counter displayed by the show ipx traffic command should increment. [CSCdi19010]

• A new error message has been added to the system. It has the form: %SYS-3-CPUHOG: Task ran for nnn msec, Process = xxx, PC = yyyyy If you encounter this message, please contact customer support. [CSCdi19294]

• Changes to various makefile files seem to make it possible for me to build 9.1 boot and sys images on colby (a Solaris 2.3 SparcCenter 2000 box).

  These changes in conjunction with the changed versions of the {update,prep}_{sys,boot}_tree scripts (the generated symbols.sh will use 'nm.930630.68k' instead of 'nm') I have provided to each of the 9.1/9.14/91.7 release masters should make it possible to build 9.1 images on colby.
  

  The changes provided to close this report make it desirable that the release-engineering folks make controlled copies of /router/bin/{size,strip,nm}.930630.68k as well as /router/bin/m4 . [CSCdi19971]
  

• CISCO 7000 "BUFFERIN" MICROCODE USER NOTES ------------------------------------------

  I. INTRODUCTION
  

  BUFFERIN is an enhanced buffer management algorithm implemented in microcode on the Cisco 7000 Switch Processor and Interface Processors. This document describes BUFFERIN from a customer perspective.
  

  II. PERFORMANCE ENHANCEMENTS
  

  A number of micorcode performance enhancements were made during IOS 10.0 development for the Cisco 7000.
  

  A. Faster Buffer Allocation
  

  Each enabled interface now gets a local free queue for faster receive buffer allocation for receiving back-to-back bursts of traffic. This lowers likelihood of intermittent "ignores" on bursty networks.
  

  B. More Sharing of Receive Buffers
  

  The receive buffer allocation algorithm was enhanced to allow busy interfaces to use more buffers than idle interfaces, yet still guarantee that no interface is starved. This also helps to avoid input "ignores" on heavily used interfaces.
  

  C. Autonomous Switching Performance
  

  The SP microcode was optimized to support autonomous switching rates of up to 200 Kpps.
  

  D. Media Performance
  

  a. Ethernet
  

  The EIP microcode was optimized on both receive and transmit to support wire rate for back-to-back minimum sized Ethernet packets across all interfaces. The EIP was benchmarked at over 89 Kpps per controller.
  

  b. Serial
  

  The new FSIP microcode now employs local receive and transmit buffering of up to 100 buffers per interface. This lowers transmit drops when higher speed LAN interfaces burst data to lower speed serial interfaces.
  

  c. FDDI
  

  The new FIP microcode was benchmarked at over 150 Kpps per controller.
  

  d. Tokenring and HSSI
  

  Aggregate performance for small packets was increased by about 10% for the TRIP and HIP controllers.
  

  III. IDENTIFYING BUFFERIN MICROCODE
  

  Bufferin microcode can be identified by its version number.
  

  A. Bufferin Version Number Range
  

  Microcode with a released version number between 10.0 and 19.X may be assumed to be Bufferin compatible. Beta versions of Bufferin microcode falls into the range of 170.0 to 179.255.
  

  IV. COMPATIBILITY ISSUES
  

  Bufferin microcode is required for Cisco IOS 10.x system code. It is also phased into gs7-k.9.17-10 (and higher) maintainance releases, though the older microcode versions will also be available in special 9.17 microcode bundles for a limited time.
  

  When downloaded from flash, Bufferin microcode is backwards compatible with all versions of 9.17 and 9.21. However, the user must ensure that *ALL* controllers in the box contain consistent microcode (either all Bufferin, or all pre-Bufferin). Otherwise, all interfaces that have mismatched microcode will be non-functional, and may result in unexpected errors.
  

  V. SHOW CONTROLLER CBUS
  

  1. Old 7000 Microcode Loaded on SP and EIP
  

  When non-Bufferin microcode is loaded, the microcode version will be in the range 1.0 to 9.255, 160.0 to 169.255, or 180.0 to 189.255.
  

  The "ift" (Interface Type) field should contain "0000" for EIP, "0001" for serial, "0004" for HSSI, "0005" for TRIP, "0006" for FIP, and "0007" for AIP. The "rql" (Receive Queue Limit) field for should be equal or slightly less than the "RX queue threshold" field for idle interfaces. The rql may drop as low as zero when under high receive load, but should quickly return to its threshold when the recieve load dies down.
  

  The "tq" (Transmit Queue) head and tail fields should both be "0000" on interfaces with empty transmit queues.
  

  Example 1:
  

  Jordan#show controller cbus
  

  Switch Processor 5, hardware version 11.1, microcode version 1.5 Microcode loaded from rom 512 Kbytes of main memory, 128 Kbytes cache memory 302 1520 byte buffers Restarts: 0 line down, 0 hung output, 0 controller error EIP 3, hardware version 1.0, microcode version 1.0 Microcode loaded from rom Interface 24 - Ethernet3/0, station addr 0000.0c03.62ab (bia 0000.0c02.ef42) 52 buffer RX queue threshold, 88 buffer TX queue limit, buffer size 1520 ift 0000, rql 52, tq 0000 0000, tql 88 Transmitter delay is 0 microseconds
  

  2. Bufferin 7000 Microcode on SP and EIP
  

  When Bufferin microcode is loaded, the microcode version will be in the range 10.0 to 19.255, or 170.0 to 179.255.
  

  Just as with the old microcode, the "ift" (Interface Type) field should contain "0000" for EIP, "0001" for serial, ...
  

  The "rql" (Receive Queue Limit) field is initialized to a little above half of the "RX queue threshold" field. It is decremented as receive buffers are temporarily locked down to that interface on an as-needed basis, and incremented as these buffers are restored for global sharing (when the interface is shutdown or receive traffic slows down). Note that when an interface stops receiving traffic, it may take many seconds (possibly minutes) for the rql to climb back up to its idle threshold. This is a feature to ensure quick access to local buffers for those interfaces with a history of heavy receive traffic.
  

  The "tq" (Transmit Queue) head and tail fields should both be "0000" for shutdown interfaces. The 2nd field (tail) should be non-zero if the interface has ever transmitted. Both fields should be non-zero if buffers are currently on the interface's transmit queue.
  

  Example 2:
  

  Jordan#show controller cbus
  

  Switch Processor 5, hardware version 11.1, microcode version 10.3 Microcode loaded from system 512 Kbytes of main memory, 128 Kbytes cache memory 302 1520 byte buffers Restarts: 0 line down, 0 hung output, 0 controller error EIP 3, hardware version 1.0, microcode version 10.0 Microcode loaded from rom Interface 24 - Ethernet3/0, station addr 0000.0c03.62ab (bia 0000.0c02.ef42) 52 buffer RX queue threshold, 88 buffer TX queue limit, buffer size 1520 ift 0000, rql 27, tq 0000 0190, tql 88 Transmitter delay is 0 microseconds
  

  3. Mismatched Bufferin SP and non-Bufferin Interface
  

  If there is a misconfiguration such that the SP is running Bufferin microcode but an interface controller is running old microcode, then the interface controller will be inoperable. It will pass selftests, but will not be able to send or receive packets.
  

  This mis-configuration is detectable from "show controller cbus" by inspection of the microcode versions. It is also flagged by an "ift" (Interface Type) field of "8000" or higher.
  

  Example 3 (*MISCONFIGURED*):
  

  Jordan#show controller cbus
  

  Switch Processor 5, hardware version 11.1, microcode version 10.3 Microcode loaded from rom 512 Kbytes of main memory, 128 Kbytes cache memory 302 1520 byte buffers Restarts: 0 line down, 0 hung output, 0 controller error EIP 3, hardware version 1.0, microcode version 1.0 Microcode loaded from rom Interface 24 - Ethernet3/0, station addr 0000.0c03.62ab (bia 0000.0c02.ef42) 52 buffer RX queue threshold, 88 buffer TX queue limit, buffer size 1520 ift 8000, rql 27, tq 0 0000, tql 88 Transmitter delay is 0 microseconds [CSCdi21069]
  

DECnet

• When updating DECnet access-lists, the new entries are improperly appended to the access-list. This behaviour deviates from the standard access-list behaviour. [CSCdi12660]

• For a router that is connected to a LAN where ANOTHER router is elected designated router, the show decnet interface command displays the wrong designated router. The displayed designated router is to the one we received the latest router hello from. This has no practical impact at all, the selection process works fine, even if the router it self becomes the designated router. [CSCdi18497]

  The symptoms exhibited by this caveat is a large value for the encapsulation failure count maintained by the DECnet process as seen in the output of a sh decnet traffic . This happens because the "ALL PHASE IV L2" routers encapsulation type on the token ring was not being recognized by the router. [CSCdi18783]
  

• If decnet conversion is enabled but the clns router isis is not set on the pt-to-pt interface from which decnet adjacency is came from, the information of this ES decnet adjacency will not be put inside the L1 LSP even the clns router isis command is set later.

  This fix take care about it and make sure decnet adjacency information will be put into the L1 LSP immediately whenever clns router isis is set on the interface. [CSCdi19190]
  

• While converting from DECnet Phase IV to Phase V (and vice versa), the router holds back a converted packet once in a while and sends it out when some other event happens (for example, routing update and keepalives). This sporadic delay in packet transmission results in degradation of end-to-end DECnet performance. [CSCdi20151]

• A problem due to an incorrect interface MTU negotiation is seen on any interface whose default MTU is larger than the Ethernet MTU (for example, FDDI). When the VAX comes up, the router negotiates a block size that is larger than the maximum value that it can process (1524). Consequently, all adjacent routers send larger-sized updates, which the router rejects. This makes all destinations behind the router unreachable. [CSCdi20225]

EXEC and Configuration Parser

• Any use of the commands

  lookup domain lookup no lookup domian no lookup
  

  will cause the router to crash. [CSCdi19499]
  

IBM Connectivity

• Command show interface show double the rate of the five minute input rate/second when using RSRB. [CSCdi13041]

• The local-ack rnr-disable function / extended UA feature was removed from the new local-ack code. 5494 controllers were not able to connect to AS400 anymore. The function was restored as a work-around for te LLC2-level failure. [CSCdi15950]

• FEP-to-FEP local acknowledgment sessions are blocked when an SDLC-TG packet SQN=1 was delivered before a packet SQN=0. The code has been optimized to prevent this from happening (automatic resequencing). [CSCdi17904]

• If an RSRB remote-peer is defined but not currently in use, the router may reload due to a software forced crash. [CSCdi17934]

• After running for an extended period of time with remote source-route bridging configured, the console may display "%SYS-2-LINKED: Bad enqueue of nnnnnn in queue nnnnn" messages. These will be followed by a traceback message containing several hex numbers. RSRB will continue to function normally. [CSCdi18003]

• In low-end routers such as the Cisco 4000 and Cisco 3000, the Token Ring interface ignores IP packets that have single-route or all-route broadcast RIF. The correct behavior is to accept the packet and subsequently route it when IP routing is enabled. [CSCdi18131]

• When source-route translational bridging is used in a dual TIC (Token Ring interface) environment, the RIF is cached for the first return explorer from the destination. Subsequently, if another return explorer from the same destination is seen with a shorter RIF, the RIF cache on the router is updated. This causes the end-stations to reinitiate their sessions. The correct behavior for source-route translational bridging in a dual TIC environment is to cache the shortest RIF based on the fastest return and lock it. A timer is then started. If there is no packet from the destination and timer expires, the RIF cache for the destination is removed. Subsequently, new returns from an alternate route may be cached. If there are packets from the destination station, then the RIF from the cache is applied and the timer is reset. [CSCdi18169]

• In a local acknowledgment environment, incoming disconnect packets were not handled properly and remained on the input queue. The Token Ring input queue would fill up completely and cause continuous Token Ring resetting. [CSCdi18222]

• Clear netbios-cache does not completely clear the netbios cache. [CSCdi18521]

• Support Broadcast 0xFF SDLC address on SNRM for TG. [CSCdi18897]

• For SDLLC, there are certain situations in which LLC2 congestion across the RSRB connection can cause the LLC transmit queue to be overrun. If this is the case, a packet that has been acknowledged on the SDLC interface can get dropped on the LLC queue and cause a session interuption. One of the symptoms of this occurring is the SNA LU-LU session ending with an UNBIND due to a skipped sequence number in the TH header. Changes have been made in the SDLLC code to allow the system to sense congestion on the LLC2 side and apply back pressure on the SDLC side by sending RNRs. The current/maximum values of the LLC transmit queue can now be displayed with the show llc2 command. The default value is 200, with a maximum of 2000 allowed. The value can be changed with the llc2 txq number interface configuration subcommand. [CSCdi18898]

• SDLLC configurations with System 88 machines may fail due to a known limitation in their ability to handle the direction bit in the RIF field. The fix modifies the router behavior to allow for this contingency. [CSCdi18921]

• When applying NetBIOS access lists with rsrb remote-peer access list statements on a system with active SRB traffic, the router may reload due to a bus error. The fix changes the system code so that it handles these conditions in a more graceful manner. [CSCdi18993]

• A reverse Ethernet SDLLC configuration with local acknowledgment enabled may cause a reload due to a software forced crash (jump to zero). [CSCdi19067]

• Use of the rsrb remote-peer 100 tcp n.n.n.n lsap-output-list num causes a slow memory leak under heavy RSRB load. The show process memory command will show an increasing amount of memory taken by the SRB background process. The workaround is to remove the access list and achieve the same desired behavior through the use of access lists applied on the Token Ring interfaces. [CSCdi19106]

• A configuration in which SDLLC and reverse SDLLC are configured back to back does not work properly. A sample of this configuration would be an SDLC attached FEP going to a Token Ring through the router (reverse SDLLC) to another router to an SDLC attached PU. This configuration is common where a TIC for a FEP is not available and the customer requires both remote SDLC and Token Ring connectivity through the router network to a single SDLC line on the host side. The fix will ensure this configuration works. The workaround is to configure STUN for SDLC attached PUs and reverse SDLLC for Token Ring attached PUs going to separate SDLC FEP lines on the host side. [CSCdi19148]

• Access lists of the form rsrb remote-peer nnn tcp ip address netbios-output-list host access-list-name do not function properly. The workaround is to use the same access list applied on the Token Ring interface to achieve the desired result. [CSCdi19198]

• The stun cos-enable causes unnecessary FID4 frame resequencing. The network gains no benefit and the routers are performing unnecessary work, so the feature is being removed. In addition, the feature was causing packets to be delivered out of transmission group (TG) sequence, which on rare occasions causes blocking TGs. [CSCdi19357]

• When the T1 timer is coded too short on a multidrop SDLC line, SDLC messages of the form "nn data from wrong address! got address " (where nn are SDLC poll addresses in hex) appear on the console. In a large multidrop configuration, the number of these messages is excessive. The code changes this behavior so that the messages appear only when debug sdlc is turned on. Note that these messages are informational only and that polling of the downstream SDLC devices continues. [CSCdi19376]

• -- Release-note -- Removing sdlc address configuration command before other stun commands can cause router to crash with bus error. [CSCdi19714]

• Support was added to allow multiple Netbios sessions to one work-station when doing local acknowledgement [CSCdi19806]

• In a local acknowledgment startup phase, the router was dropping the first I-frame received when the peers were still in pending state. For some end-stations, this causes session startup failures. [CSCdi19999]

• Router accepts stun interface commands even though interface has not been placed in stun group. This causes later confusion when user does write term, and none of the previous commands are displayed even though router apparently accepts them. [CSCdi20191]

• Debug stun packet only displays half of the data when router is configured for stun basic. For example, when the stun packet is an RR, only one byte of data is displayed when it there should be 2. [CSCdi20210]

• This fix allows a FEP operating as a secondary SDLC station to load a remote FEP operating as a primary SDLC station. The opposite has been possible since Release 9.1(9). Before a FEP is loaded with an NCP Gen, it does not have an SDLC role. The SDLC role is negotiated via XID exchange when the remote FEP is activated. [CSCdi20463]

• When source-route translational bridging is used in a dual TIC (Token Ring interface) environment, the RIF is cached for the first return explorer from the destination. Subsequently, if another return explorer from the same destination is seen with a shorter RIF, the RIF cache on the router is updated. This causes the end-stations to reinitiate their sessions. The correct behavior for source-route translational bridging in a dual TIC environment is to cache the shortest RIF based on the fastest return and lock it. A timer is then started. If there is no packet from the destination and timer expires, the RIF cache for the destination is removed. Subsequently, new returns from an alternate route may be cached. If there are packets from the destination station, then the RIF from the cache is applied and the timer is reset. [CSCdi23429]

Interfaces and Bridging

• Routers configured for transparent bridging over a frame relay link will continue to transmit HELLO BPDUs every second, even if the serial interface linking the router to the frame relay link goes down. This consumes CPU bandwidth, which may have [CSCdi15576]

• Show interface on a 4000 in RSRB environment show incorrect input rate. This only happen's when DIRECT encapsulation is used. Using FST, TCP, TCP/LACK ip encapsulation does not exhibit same problem. [CSCdi17353]

• On the 7000 series, the show version command does not display the FIP or HIP boards. This has no effect on the operation of either board. [CSCdi17890]

• Under certain rare events minor token ring errors can cause the router to report this message. [CSCdi17977]

• In systems configured to support the spanning-tree bridging protocol, the root bridge BPDUs reappear at the root bridge in a HSSI environment. [CSCdi18812]

• When transparently bridging from Token Ring to serial on a Cisco 4000, a 2-byte length field is inserted without correcting the frame size. During the copy, the last two bytes of the packet get lost. This happens only when flooding packets. [CSCdi18814]

• fddiMACFrameCts does not get incremented. The value returned is always zero. [CSCdi18904]

• On Cisco 3000 series routers, when using dial-on-demand routing, a transition of CTS or DSR can appear as a transition of DCD when spoofing. [CSCdi19053]

• On systems configured to tranparently bridge AppleTalk, AARP packets belonging to one segment incorrectly get bridged to other segments. [CSCdi19056]

• Interfaces configured to support X.25 cannot be configured for bridging. Attempting to do so will result in an error similar to the following:

• Briding is not supported on LAPB-encapsulated interfaces: Serial0 [CSCdi19121]

• Duplicate address checking on FDDI is not performed in the Ring Operational state. Duplicate address checking in the Ring Non-Operational state is only performed when the command fddi duplicate-address-check is enabled. [CSCdi19899]

• The code structure of the routine that is handling the buffers for FDDI packets to be placed on the output queue has been improved. The routine now handles errors relating to the unavailability of the buffers more effectively. To take advantage, us [CSCdi20040]

• Formatting of token ring output from show controller is not correct. [CSCdi20105]

• G.703/E1 software version 1.0 is added for display for the purpose of compliance testing. [CSCdi20494]

• Multiple-lapb serial lines running at 64K each, with compression after a while lose some of its ip routes. It also loses the route to the connected serial line, all the pings across the line will not work. [CSCdi20497]

• Miscellaneous clean up changes for G.703. Shift command codes for MCI_ to FCI_, clean up unused loopback modes and put banner on end of G.703 banner. [CSCdi21133]

IP Routing Protocols

• The router continually reports '%SYS-2-NOBLOCK: event dismiss with blocking disabled' errors preventing the router from processing other information. Reloading the router temporarily resolves the issue. [CSCdi18565]

• The default network does not work properly depending on the subnet used. [CSCdi18743]

• When a router is reloaded or powercycled, IP fast switching will not be enabled by default for an unnumbered serial interface. The workaround is to either explicitly enable fast switching on the unnumbered interface using the ip route-cache command or to assign an IP address to the interface, remove the IP address, and then make it unnumbered. This needs to be done every time the router is reloaded or power-cycled. [CSCdi18748]

• If an FDDI interface on a router was reset via the no shut command, IP routes would be deleted from that interface. However, because the FDDI ring is still operational, no event would be generated to let OSPF know that routes were gone and that it should recalculate the SPF. [CSCdi19255]

• [CSCdi19270]

• The source address-sensitive form of the "distance" command now works for OSPF. It formerly was silently ignored.

  Note that, for OSPF, this command has slightly different semantics, since the source address is matched based on the router ID of the router that originated the route within the OSPF area, rather than the next-hop router. [CSCdi19369]
  

• [CSCdi19612]

• OSPF crashes in db_install, receiving an old self-originated LSA. This happens when the box received an old router LSA (with the same router ID that it is using) generated by itself in the past, that had already been deleted from the database. We call db_add_lsa() to handle this old self-originated LSA for all type of LSA, except for router LSA. [CSCdi19826]

• [CSCdi19842]

• $IGNORE [CSCdi19957]

• OSPF should not check mask in Hello packet on point-to-point link. OSPF should not check mask in Hello packet on point-to-point link [CSCdi19959]

• The router and communication servers allow remote users to Telnet into VTY ports by connecting to ports 20xx/40xx/60xx/80xx. All the standard VTY/TTY security features, such as passwords, TACACS, and the ability to block access with the access-class ... in command have always been supported, even when connecting to a high port. However, since many customers are unaware of this functionality, they do not take it into account when constructing packet filtering firewalls. Since this functionality can be explicitly enabled and configured by use of the VTY rotary feature, the default behavior is not necessary. This is not a security bug or hole, but rather a behavior that should be avoided as a matter of prevention due to its obscurity. [CSCdi20050]

• OSPF can choose and install nonoptimal interarea and external routes when there are multiple link state advertisements for the same destination advertised by multiple Area Border Routers (or Autonomous System Boundary Routers for external routes). This can cause a routing loop if other neighboring routers still install the shortest path to the destination. This problem will happen only after the system has been up for a period of time. The length of this period depends on how much connectivity changes have occurred. In a fairly busy network, the estimated length of this period is five to six weeks. [CSCdi20071]

• Defining the 'ip alias' can defeat fire-wall security of the router [CSCdi20075]

• When different sessions on a router do a 'clear ip route *' and a 'sh ip route', the router crashes. [CSCdi20099]

• $IGNORE

  A minor bug using an obscure, undocumented command. [CSCdi20200]
  

• The system reloads when it receives new link state advertisement and there is no free memory. [CSCdi20231]

• After an OSPF router installed a default route to network 0.0.0.0 that is advertised in an external link state advertisement (LSA) by an Autonomous System Boundary Router (ASBR) and a connectivity change happens in the network that triggers SPF calculation, the router will not reinstall the default route. This problem is introduced in the following software versions: 9.1(11.4), 9.17(9.2), and 9.21(3.1). There is no workaround. [CSCdi20401]

• Crash in _is_db_in_nbr_retrans after 'config net' [CSCdi20427]

• Every time an OSPF router noticed its neighbor state change on an interface (either by seeing new Hello packets or the lack of Hello packets for a RouterDeadInterval) and attempts to reoriginate its own router link state advertisement (LSA) but there is no change that needs to be reflected in the router LSA, a piece of memory of the size of the router LSA would be permanently consumed. This problem manifests itself by a slowly declining amount of free memory as shown in the show memory command. There is no workaround to this problem. This problem was introduced in Release 9.1(11.5). [CSCdi20849]

ISO CLNS

• The IS does not put dynamically learned ESs over point-to-point links in the L1 LSP, so the other ISs do not have a route to that ES. [CSCdi18856]

• When a no net XXXX.XXXX. ... .XX router command is executed to remove the last NET for the router and is immediately followed by another net XXXX.XXXX. ... .XX router command to set a new NET for the box, the adjacency count of the ISIS router process will become zero and never recover, even though show clns ne command says that there is L1/L2 adjacency. If a clear clns ne command is issued under this circumstances, the adjacency count will have a value of -1 and later back to 0.

  This fix takes care of the problem. [CSCdi18902]
  

• The clns adjacency count of an interface becomes greater than the actually number of adjacencies. Back to back clear clns neighbour commands will illustrate the bug.

  The bug is caused by the fact that the adjacency count (per interface) is increased when the adjacency state become INIT while it should not. This fix take care about the problem to ensure that the adjacency count is only increased when the adjacency state change to UP. [CSCdi19192]
  

• Router fails to do load balancing to the end node for equal cost paths. This will result the router uses only one path to reach to the destination. [CSCdi19538]

• Under some circumstances the IS-IS process can use 100% of the system processor for up to three seconds. This situation will remedy itself. There is no workaround to this problem. [CSCdi19752]

Novell IPX, XNS, and Apollo Domain

• There is a problem with type 4 NetBIOS broadcast traffic looping in redundant topologies. The workaround is to eliminate the redundancy. [CSCdi18824]

• Doing the interface command "no apollo network x", where x is the apollo network number of the interface has no effect. Apollo is not disabled on this interface and write terminal still shows the network number assigned. An alternative method to remove Apollo routing from an interface is to use the command "no apollo network" without a network number, then the network number will be removed. [CSCdi19240]

• Under unknown rare conditions the system may restart while processing a RIP or SAP specific (not all nets, not GNS) request packet. [CSCdi19769]

• When an ipx output-sap-delay command is configured, if an update is in progress and service entries are timing out (older than four times the SAP update interval) and a GNS request is received, the router may restart. [CSCdi20370]

Protocol Translation

• [CSCdi18908]

TCP/IP Host-Mode Services

• When a vty accepts a telnet connection, it will not request tty-type from the telnet client. [CSCdi18905]

• The system implements diagnostic TCP servers on ports 7 (ECHO) and 9 (DISCARD). 10.0 adds a server on port 19 (CHARGEN). These services cannot be disabled, which is worrisome to users implementing firewalls. Also, the system mistakenly listens for XRemote connections on port 10000, corresponding to the non-existent rotary group 0. [CSCdi20077]

VINES

• When VINES is disabled on an interface, neighbors and routes reached via that interface are not flushed immediately. They will age out of the tables after the normal aging interval. [CSCdi19397]

• In 9.1 releases beginning with 9.1(6.4), the router does not correctly honor the vines propagate command. Broadcast packets are dropped when the should be forwarded. This is most noticeable when performing a newrev command on a serverless client when a serial line separates the client and server. [CSCdi20428]

Wide-Area Networking

• On MCI/ciscoBus serial cards, when DDR is configured with priority queuing, a packet may get stuck in the output queue and get released only when the next packet replaces it in the queue. This one-packet delay may cause packets to be delayed, increasing response time or causing packet drops in case of timeout. [CSCdi17666]

• In X.25 environments, the message "System restarted by error - Jump to zero" appears. If you issue a show stack command, you see a two-line stack trace. The cause is related to failed PAD calls; an area of memory is modified after it has been returned as no longer in use. When the load is heavy or X.25 performance is slow, this invalid reference may modify critical data, causing unpredictable results. [CSCdi17688]

• Protocol Translators running X25 will reload when a PVC is configured in the translate statement and the command sh x25 vc or sh x25 pad is entered.

  For example:
  

  translate x25 11111 pvc 1 tcp 149.25.40.100
  

  Performing either sh x25 vc or sh x25 pad will cause the router to reload. [CSCdi18239]
  

• Bridged IP packets for router management are sent with the wrong size. If you are bridging IP and using IP for router management, packets sourced by the router for the second Frame Relay bridge entry are truncated. [CSCdi18862]

• If you configure ppp restart 1, when you write to term or to memory, ppp restart 1000 gets saved/displayed. [CSCdi19495]

• User may recieve the error message Address already in map when attempting to add a frame-relay map statment to his configuration, where the DLCI differs from an existing one by a value of 255. This error would occur if an existing map stamtment was frame-relay map ip x.x.x.x 105 broadcast and user attempts to enter frame-relay map ip x.x.x.x 360 broadcast . [CSCdi19526]

• Cisco routers with an ISDN BRI interface running the basic-dms100 or basic-ni1 switchtype may have B-channels become unavailable for usage. This may occur if there are long dialing delays for outgoing calls through an ISDN network. Also, when a call is connected on channel B2 and the dialer idle timer attempts to hang up the call, the B-channels may become stranded and unavailable for usage. [CSCdi19671]

• A router with an ISDN BRI interface using switchtype basic-5ess may not properly support a spid. The spid is not required, but some customers may want the overhead.

  The router sends a spid, the network responds with an endpoint identifier. The router will then send an endpoint identifier acknowledgement. [CSCdi20515]
  

9.17(8) Caveats/9.17(9) Modifications

This section describes possibly unexpected behavior by Release 9.17(8). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(8). For additional caveats applicable to Release 9.17(8), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(9).

AppleTalk

• NBP FwdReq and LkUp packets outgoing the same interface on which the original request was received may unexpectedly use the source address of the request packet on AppleTalk interfaces configured with a wide cable-range. As a result devices performing MAC address gleaning may enter incorrect information into their AARP caches. A wide cable-range is defined as a cable-range with different starting and ending network numbers. [CSCdi17628]

Basic System Services

• If the source-route bridging is used, the Lan Network Manager functions such as CRS, REM, and RPS are automatically turned on. An error in the system code causes rapid accumulation of small buffers. The work around is to put the configuration statement no lnm crs. [CSCdi16384]

• When setting up priority queueing, if you try to change the default sizes of the queues without actually creating a priority list, the changes to the queue sizes will go into effect immediately (as seen in a sh int), but the change won't appear in the config, and will be lost at reload, even if you do a write. [CSCdi17082]

• When doing an snmpget on the following mib value, snmp fails to return the modem inout as tsLineModem: cisco.local.lts.ltsLineTable.ltsLineEntry.tsLineModem

  For example, notice the following "show line" command showing modem inout is set:
  

  *126 TTY 19200/19200 - inout 126 1 - 126 0 14631 127 TTY 19200/19200 - inout 127 1 - 127 0 0 *130 TTY 19200/19200 - inout 130 1 - 128 0 20370 *131 TTY 19200/19200 - inout 131 1 - 143 0 791 *132 TTY 19200/19200 - inout 132 1 - 124 0 3085 *133 TTY 19200/19200 - inout 133 1 - 103 0 430 134 TTY 19200/19200 - inout 134 1 - 113 0 40 *135 TTY 19200/19200 - inout 135 1 - 106 0 1 136 TTY 19200/19200 - inout 136 1 - 100 0 2934 *137 TTY 19200/19200 - inout 137 1 - 95 0 0 140 TTY 19200/19200 - inout 140 1 - 3 0 0
  

  snmp result for the some of the same lines (decimal not octal)
  

  cisco.local.lts.ltsLineTable.ltsLineEntry.tsLineModem.86 none cisco.local.lts.ltsLineTable.ltsLineEntry.tsLineModem.87 none cisco.local.lts.ltsLineTable.ltsLineEntry.tsLineModem.88 none cisco.local.lts.ltsLineTable.ltsLineEntry.tsLineModem.89 none cisco.local.lts.ltsLineTable.ltsLineEntry.tsLineModem.90 none
  

  Any other modem control is returned properly. [CSCdi17661]
  

Communication Server

• When a username command is used with an autocommand that connects to a remote host using telnet or rlogin, the screen size reported to the remote host will not match the configuration of the line. [CSCdi16661]

• Under certain sequences of telnet option negotiation, the telnet local echo fails to work as expected. [CSCdi17185]

DECnet

• The router goes into a state where it stops sending out DECnet Level1 routing updates. The number of Level1 adjacencies will show 0 though the router does have adjacent Level1 nodes. In some instances the Level1 adjacency count will go to 65,363. The impact of this is DECnet Level1 routing breaks down. The workaround is to reinitalize the DECnet routing process in the router by removing and re-entering the DECnet routing commands. [CSCdi15732]

• The DECnet router maintains routes through a router in Initializing state. The correct behaviour is to purge the routes through the 'Intializing' router. The impact is that packets are sent to the router in Initalizing state. [CSCdi17171]

• On a router running DECnet IV to V conversion, the phase IV adjacencies are not entered in the phase V table. The impact is the functioning of the phase IV - phase V conversion is affected. [CSCdi17520]

• In ISO-IGRP adjacent Phase IV-only routers and End-Nodes are NOT recognized as adjacent when the routing-table is calculated, but may instead be reachable via another adjacent router. This causes the adjacent node to be 1 hop away in the ISO-IGRP routing table even if it is adjacent. [CSCdi18483]

• In a Token Ring enviornment, when an encapsulation failure occurs on a router running DECnet, a memory leak is caused. The impact is that the router could lose memory and maynot be able to allocate memory to other process. [CSCdi18525]

EXEC and Configuration Parser

• Release Note

  The command 'Copy tftp flash' had to be in lower case to be accepted. It can be done with either upper or lower case now. [CSCdi18472]
  

IBM Connectivity

• When the system is Source Route Bridging Novell packets, the RIF cache is not updated as Novell packets are passed through the system. When the RIF entry is aged out for the Novell network nodes a loss of session may occur. [CSCdi14618]

• When removing SDLC encapsulation from an FSIP interface with the no encapsulation sdlc-primary or no encapsulation sdlc-secondary configuration commands, the CxBus complex is reset. The fix prevents this from happening by negating the need to reallocate the CxBus buffers for this encapsulation change. [CSCdi16767]

• Due to the incorrect frame translation when SR/TLB is enable. Bridging access-list ([input/ouput]-lsap-list) will fail to stop the frame correctly. [CSCdi17037]

• During SDLLC start-up, the system does not respond to the XID POLL frame sent by some up-stream devices which require a reponse to properly bring up the LLC2 session. [CSCdi17093]

• When removing the global source-bridge ring-group configuration command, the router may crash due to an invalid memory pointer. [CSCdi17134]

• When remote source-bridging is enabled between multiple peers, one or more of the peers maybe stuck in REMOPEN state. This is observable via show source-bridging. The correct behavior is to transit from REMWAIT to OPEN state. [CSCdi17149]

• The netbios access-list feature does not function properly for permit/deny decisions against NETBIOS names which contain special non-alphanumeric characters. The workaround is to change the NETBIOS names of the end stations to use only alphanumeric characters. [CSCdi17163]

• For an interface with SDLC encapsulation, many fields in output from the show interface command do not have units associated with them. The code fix adds units and other cosmetic changes to make the display easier to interpret. [CSCdi17210]

• Output from the show source-bridge command erroneously shows the transmit count value as "u" instead of the actual value. This is a cosmetic error only and does not effect the forwarding of SRB traffic. [CSCdi17337]

• A system reload may occur when attempting to remove stun process by entering no stun peer-name ip-address. This seems to be occured only after the stun sessions are up and run for a while. The router won't reload if the above command is entered right after a session is established. [CSCdi17657]

• When source-route bridging is enabled, a show interface tokenring unit display is scrolled off the screen. [CSCdi17746]

• A system reload may happen while configure source-route bridging, and a no vines routing is entered. [CSCdi17862]

• More thoroughly documented System Code to make maintenance much easier. [CSCdi17939]

• When trying to open more than one FST remote peer version 3 connection, only one peer can open successfully. The remaining FST remote peers stay in a closed state. The work around is to use TCP or direct encapsulation. The problem was due to an internal data structure not being initialized properly and has been fixed. [CSCdi18117]

• When using FST encapsulation for Remote Source Route Bridging the FWD field in the show source-bridge output is erroneous. The number of frames forwarded to the local rings is displayed as twice the actual value. This problem [CSCdi18316]

• sdlc rts-timeout can now be configured on AGS+. [CSCdi18323]

• The old default sdlc hold queue depth of 50 is too low in some configurations and does not allow sufficient time to apply back pressure on the LLC connection before packets are dropped. The default sdlc hold queue value has been changed to 200. The value is still user configurable via the sdlc holdq interface configuration sub-command. This problem is most likely to be an issue in configurations with high speed RSRB connectivity feeding a slow speed SDLC line. [CSCdi18461]

• The local acknowledgement feature of remote source route bridging sends a SABME to the end station with the incorrect direction bit set in the RIF portion of the MAC frame. The fix corrects this behavior, which existed only in interim releases between 9.1(10.1) and 9.1(10.4) inclusive. [CSCdi18617]

Interfaces and Bridging

• When transparently bridging is turned on Multibus Token Ring cards, the monitor bit is not cleared in the token when the packet is flooded to another Token Ring interface. The Active Monitor on the destination ring will see this bit set, assume the packet has already passed around the ring, purge it, and reissue a new free token. The work around for this problem is to add a static bridge table entry for each destination address, e.g.: bridge 1 addr 0208.6ce2.088e forward t 0. Note that the address must be in Ethernet canonical format. This ensures that packets destined for this address will not have to be flooded via transparent bridging. This problem may not happen consistently, since the location of the Active Monitor on the destination ring may change over time. [CSCdi12451]

• The serial line shows "up" with no cables connected to it. Seen in SDLC environments.

• The workaround is to use "tx-queue-limit" to budget each port in case of being hit by this bug. Set tx-queue-limit to 5 if we have total 15 Tx buffers. [CSCdi15843]

• Fully loaded CSC/4 terminal servers with 96 lines gets wedged occasionally. Recommend to adjust the input hold-queue to 100 and the problem still occur. [CSCdi15849]

• FDDI trace counter can increment when there are no beacons on the ring. [CSCdi16744]

• On low end routers (IGS, 3000, 4000), changing the serial encapsulation from from non-HDLC to HDLC causes all packets to be processed switched, even though fastswitching is possible and configured. The work around is to do a shutdown followed by a no shutdown on that interface. [CSCdi16887]

• The commands for manipulating the manual forward and discard functions of transparent bridging require fields that the manual has marked as optional. The correct behavior is to infer a "reasonable default" in absence of an explicit optional parameter. [CSCdi17121]

• Under certain rare conditions, the Token Ring interface would erroneously increment the token error counter. This counter can be seen with the show controller token command. During certain instances when this counter is increasing rapidly, the affected Token Ring interface will stop processing incoming frames. This problem has been seen only on the Cisco 4000 series. [CSCdi17292]

• When setting queue-limits on any interface, the cbus complex will reset itself. This will cause token rings to re-initialize. [CSCdi17646]

• no fddi if-cmt may cause WRAP B failure. [CSCdi17672]

• In systems with only one up interface, broadcast or multicast bridged packets received will cause the input hold queue counter for that interface to remain at 38/75 when traffic is stopped. [CSCdi17675]

• Code is re-structured so that variables that were initialized with numbers are now initialized with constants that have been defined in header files. This does not affect any functionality of the code. [CSCdi17679]

• In modular systems configured with CSC-1R or CSC-2R Token Ring interface cards running STRMON microcode version 1.2 or older, NetBIOS multicast traffic is not propogated when bridging from Ethernet to Token Ring to Ethernet. [CSCdi17697]

• In SIF configuration response, the Path Descriptor Parameter returns a wrong value for the Connection Resource Index for the MAC.. [CSCdi17836]

• "cmt disconnect" will force bypass switch to bypass mode. But "cmt connect" will fail to set the bypass switch back to connect mode. This fix corrects the mistake. [CSCdi18010]

• The FSIP card now supports the G.703 applique as of 9.17(8.1). [CSCdi18118]

• Problem exists with clocking under DCE mode with multidrop modem. It is fixed by the new board with version 5.1 or above microcode. This DDTS is a co-requisite to the new SCI/HDX board. [CSCdi18325]

• The system software configuration parser incorrectly accepts the interface configuration of bridging over LAPB encapsulation. Interfaces cannot be configured to support both LAPB encapsulation and bridging at the same time. [CSCdi18420]

• The loopback dte, loopback line, loopback remote, and loopback applique are inoperative on the HIP card. [CSCdi18716]

• Revision to reflect comments of parser-police and fix various issues in initial release. G.703 applique interface cmd revesion. [CSCdi18865]

IP Routing Protocols

• Configure doesn't save changes in " ip ospf hello-interval" for non-broadcast networks. The change is seen when doing "show ip ospf int s x" but not when doing "write term". [CSCdi15717]

• The system inside an OSPF stub area receives invalid updates from the area border router (ABR) when the ABR finds that an Autonomous System Boundary Router (ASBR) from other areas is unreachable. This manifests itself by the repeating error messages.

  %OSPF-4-ERRRCV: Received invalid packet: Ext update into stub area
  

  The correct behavior is; the ABR will not send any invalid update into the stub area. There is no workaround for this problem.
  

  The system now has the additional capability to control the amount of information distributed into a stub area. The command area area-id stub no-summary will prevent any summary link state advertisements (LSAs) from being flooded into a stub area, except for the summary LSA for the default route (0.0.0.0). This capability helps to further reduce the size of the database of routers inside the stub area by eliminating inter-area advertisements in addition to external advertisements. [CSCdi16054]
  

• Checking mask in Hello packets received on Virtual-links causes interoperability problem with DEC.

• Since Virtual links are like unnumberd links, masking checking is not needed. [CSCdi16693]

• Duplicate secondary address can be configured on a second interface if the original interface is shutdown at the time of configuration. After the duplicate address is configured it cannot be removed. [CSCdi17109]

• OSPF receives a RIP route thru the secondary address on the interface that has OSPF turned on on the primary address, and redistributes the route into OSPF with the forwarding address set to the secondary address. As a result, SPF on this external LSA fails because it cannot reach the forwarding address (or this address is also imported as external route which we cannot use to get to another external). [CSCdi17369]

• Debugging log information is created for OSPF. [CSCdi17709]

• At system boot time, tacacs code dies because it fails to establish a UDP socket with which to talk to the tacacs server. A change has been made so that UDP socket is successfully established. [CSCdi17830]

• Using both 'loose source route' and 'record route' options simultaneously in ICMP ECHO requests may confuse cisco routers. This may cause problems with normal IP routing. [CSCdi17879]

• When running with synchronization enabled (the default), BGP will install a less preferable external path into the main routing table. If this less preferable external path is installed, there is no way for the internal path to ever get synchronized. Therfore, the behavior should be changed so that lack of synchronization does not affect preferability of a given path, but rather, we should merely never install or advertize an unsynchronized path. [CSCdi18119]

• If a router receives a LSA with invalid LSA type, it can cause a crash as the LSA type is used to index into database Hash table to lookup the LSA. [CSCdi18144]

• OSPF: Doesn't show multiple paths when parallel links are unnumbered [CSCdi18313]

ISO CLNS

• Static ES enteries not inserted in IS-IS non-psudonode. The impact is the system does not put the end node into its IS-IS database. [CSCdi16553]

• There is a potential memory leak in displaying IS-IS database. This happens only when show isis database detail is issued. [CSCdi16952]

• On entering the clns is-neighbour command the IS-IS process stops redistributing CLNS static routes. The impact is that CLNS routing problems may arise, but to incomplete information sent into the network. [CSCdi16954]

• IS-IS routes are dropped after a 24.8 days time. The routes will disappear from the routing table resulted loosing connectivity. [CSCdi17253]

• When CLNS cluster aliasing was enabled on an interface and there were more than 2 members in the cluster, we would have a memory leak. This fix will take care of the general case when we have more than 2 members in a CLNS cluster. [CSCdi18550]

• **** Relase Notes ****

  On configuring IS-IS routing, the IS-IS 'tag' is lost in the configuration file. The impact of this caveat is that when the router reboots, the CLNS NET is lost in the configuration and CLNS routing is disabled. The workaround is to remove all CLNS routing and reconfigure it. [CSCdi18644]
  

• IS-IS stops sending IS-IS Hellos after 49 days. This leads to loose adjacencies. [CSCdi18757]

Novell IPX, XNS, and Apollo Domain

• Novell IPX watchdog-spoof requires no novell route-cache to be configured on the serial interface doing the spoofing. When configuring watchdog-spoof when fastswitching is disable via software but not disabled through the configuration editor there can be confusion as show Novell interface says fastswitching is already disabled.

  Changes made are:
  

  If no novell route-cache has not been configured and watchdog-spoof is attempted:
  

  % IPX fast switching must be disabled Please configure NO NOVELL ROUTE-CACHE
  

  will be displayed instead of just
  

  % IPX fast switching must be disabled first
  

  The Show novell interface display of
  

  NOVELL Fast switching is enabled
  

  changes to
  

  NOVELL Fast switching is configured (enabled)
  

  or
  

  NOVELL Fast switching is configured (disabled)
  

  or
  

  NOVELL Fast switching is not configured
  

  depending on the circumstances. In 9.21 "Fast" is replace with "Autonomous" if autonomous switching is enabled. [CSCdi16953]
  

• The number of learned Novell IPX and XNS routes will be incorrect after a clear novell route * or clear xns route * command is given respectively. [CSCdi17855]

• If a Novell access-list has a host id portion but not a mask the mask portion may take an incorrect value and cause the access-list to fail. A workaround is to always specify a mask even when none should be required.

  access-list 800 permit 1.0000.0000.0001 0000.0000.0000 2.0000.0c00.acbe 0000.0000.0000
  

  instead of
  

  access-list 800 permit 1.0000.0000.0001 2.0000.0c00.acbe [CSCdi17980]
  

Protocol Translation

• X.25 VC's for PAD calls would sometimes be put into hold-down if hold-vc-timer is configured. This could cause random system hangs. This behavior has been corrected.

  Work-around and correct configuration is that hold-vc-timer should not be configured on X.25 interfaces that might make PAD calls, as on a system running protocol translation software. [CSCdi16965]
  

• The Protocol Translator does not handle TCP urgent data. This caused a %TN-3-BADSTATE: Illegal state 4 error message to be displayed. [CSCdi17153]

• Under some circumstances, the system can reload when user reset the connection. [CSCdi18535]

TCP/IP Host-Mode Services

• When using the printer option for a TCP-LAT translation, one packet erroneously remains in the input queue on the receiving interface for each translation attempt which fails. [CSCdi17681]

VINES

• Disabling vines split-horizon does not allow VINES Streettalk broadcasts to be forwarded out an interface that they were received on. This will break "hub-and-spoke" frame relay networks since spoke Streettalk broadcasts will not be forwarded from the hub router to other spoke sites. [CSCdi17488]

Wide-Area Networking

• Configuring SMDS on serial lines which are shutdown, and subsequently re-enabling them can in some circumstances cause a reload. A Token Ring interface appears to be required to trigger this problem. [CSCdi15880]

• X.25 Calls received on a serial interface cannot be routed to a CMNS host. [CSCdi17212]

• Fastswitching of IP over PPP is not disallowed for DDR. This prevents the idle timer to be reset when packets go through. Eventually the idle timer expires and the connection is torn down, even though traffic is still going through. The workaround is to explicitly disable fast switching on the DDR interface. [CSCdi17683]

• When acting as an IP bridge but using IP for management, the system is not recognizing packets destined for one of its IP addresses when received via frame relay. [CSCdi17739]

• After ISDN DDR connection is already established, sometimes the line gets a DISCONNECT message from the remote end and the line drops. The only way to get the line back to where you can redial the distant end is to issue a clear int bri 0 command. [CSCdi17908]

• A router with an ISDN BRI interface configured for the basic-1tr6 switchtype may have problems connecting on Channel B2. An incoming SETUP message using Channel B2 can be incorrectly answered using Channel B1. This may cause the PPP protocol to keep the BRI channel interface in a Protocol-Up and Line-Down situation. It will also prevent the B2 channel from receiving any more calls. [CSCdi18562]

• The ppp restart-timer commands parameter was being used as milliseconds. This should be seconds. Make sure it is scaled accordingly. [CSCdi18599]

9.17(7) Caveats/9.17(8) Modifications

This section describes possibly unexpected behavior by Release 9.17(7). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(7). For additional caveats applicable to Release 9.17(7), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(8).

AppleTalk

• The zone list presented to an Appletalk Remote Access client may omit valid zones names. [CSCdi16652]

• Configuring iptalk for an interface and, then removing it from configuration file. Can not enable back the iptalk configuration to the router. The workaround is to disable the appletalk process by configuring first "no appletalk" and then configur [CSCdi16711]

Basic System Services

• Ethernet frames containing an invalid LLC header length and a DSAP equal to 0xF4 or 0x7E cause memory corruption and cause the system to reload. [CSCdi15699]

• [CSCdi15841]

• An SNMP query of routing information returns a value incorrectly of OTHER for routes that have been discovered using OSPF. [CSCdi16024]

• Several changes have been done to improve timer handling. One occurance would be the FDDI up-time counter that would get stuck on 0 after wrapping. [CSCdi16099]

• In some rare cases, the router may crash due to memory corruption. [CSCdi16226]

• The system fails to reply to a DO TIMEMARK when translating from telnet to X.25. This may result in a telnet session hang between th cisco and the machine sending the DO TIMEMARK. [CSCdi16405]

Communication Server [CSCdi13895]

• There is no way to completely disable the escape-character to prevent users access to the command parser. [CSCdi15220]

DECnet

• Under certain circumstances a router running DECnet may crash when a "show decnet " command is performed. [CSCdi15065]

• There is a known memory leak when running DECNET routing. Obvious symptoms include being unable to telnet into the router until rebooting the system, and encountering '%% Low on memory; try again later' messages when attempting to issue commands from the console port. If you look at the first page of a show memory command output over time, you will notice the amount of free memory decrease continuously. [CSCdi17083]

IBM Connectivity

• A System Reload may happen when there are two PU's connected to a STUN port with only one ever really connected. If the connected PU is pull off, the router may reload. The problem can be avoided if the unused address is removed or if the stun remote-peer-keepalives are set to 60 or a value that doesn't tear down the stun peers prior to establishing an alternate route. [CSCdi14727]

• There is a memory leak in the RSRB process which may occur in certain configurations. Output from show process memory will show the *Dead* process holding an increasing amount of memory over time. [CSCdi15658]

• When Locally Assigned Addresses with the Manufacturers address of 4000.02 is used in conjunction with command netbios enable-name-cache there are no packet savings register. If the mac address is changed to the original vendors number 1000.5A then packet savings counters increment nrmally. [CSCdi15794]

• The Ring Parameter Server functionality has been improved so the system will retransmit MAC frames when acting as the Ring Parameter Server. [CSCdi15810]

• A change was applied to the Lan Network Manager code to cause the system to more effectively report REM and CRS information internally. [CSCdi15811]

• Added support for spanning hopcounts.

  There are two new commands to allow the limitation of source-route bridging spanning output and input hops for the network.
  

  To limit the maximum number of source-route bridging spanning output hops for the network, use the following command:
  

  source-bridge max-output-hops count
  

  To limit the maximum number of source-route bridging spanning input hops for the network, use the following command:
  

  source-bridge max-input-hops count [CSCdi15816]
  

• Problem: cisco router did not respond to a explorer frame when it had a specific sap as the destination. LNM always sends a null explorer frame at session startup.

  Resolution: Code was modified to accept a explorer with a specific dsap. [CSCdi15893]
  

• The stun peer was not completely terminating its SDLC connections when a network tcp session loss was detected. [CSCdi15937]

• in a router with STUN using TCP encapsulation, TCP window may close during file transfer session. This may cause the STUN session to pause indefinitely. [CSCdi16092]

• When STUN with local-ack receives a packet, it copies the packet unnecessarily. For better performance, this duplicate process will be minimized or removed.

  This ddts also will provide message "Interface xx, no buffer available to xx" when STUN gets a buffer miss. [CSCdi16098]
  

• When RSRB and SR/TLB are both configured on a router, a %SYS-2-LINKED error message may be seen, followed by a traceback message from the SRB Background process. [CSCdi16101]

• Netbios can not be prioritized using SAP Prioritization. [CSCdi16188]

• When using the SAP prioritization feature for RSRB, the clear source-bridge command resets the counters for only the high queue. The low, medium, and normal queue counters will not be reset. This is a cosmetic defect and does not effect the operation of the SAP prioritization feature. [CSCdi16233]

• Adding and removing Source-route bridging interface subcommand( source-bridge source-ring# bridge# destination-ring# cause memory leak in the router. The memory is allocated by adding the command but will not release properly when the command is removing, thus causes the memory leak. [CSCdi16275]

• When changing the bridge number of a SRB interface using Lan Network Manager platform, the router crashed. [CSCdi16403]

• Under rare instances the system may reload if the ring number is changed via Lan Network Manager. [CSCdi16752]

Interfaces and Bridging

• CTR cards hear their own DECnet hellos, resulting in a "%DNET-3-HEARSELF: Hello type 1 for my address.." error message. This has no operational impact. [CSCdi07368] [CSCdi09691]

• Certain combinations of system code and FDDI microcode may cause packet duplication on the FDDI ring. [CSCdi14083]

• sh interface FDDI shows neighbor unknown allthough the ring is operational, NIF processing seems correct on the ring, and the interface is active. [CSCdi14360]

• When responding to a test poll frame the router will erroneously insert the DSAP, SSAP and Control field of the test final frame into the RIF field. [CSCdi15029]

• The downstream neighbor in show interface fddi remains 0000.0000.0000. The issue is resolved in microcode and an additional workaround was creaded at system image level. [CSCdi15780]

• On a token ring experiencing errors a systems interface may report itself as being administratively down without being administratively shutdown by the system operator. The only way to reinitialize this previously working interface is to issue a shutdown / no shutdown to the affected interface. This will only affect 1R / 2R cards using microcode prior to release 1.204. [CSCdi15822]

• Systems configured for transparent bridging and DECnet routing will not bridge (forward) DEC multicast traffic after DECnet routing has been turned off. The workaround is to delete those DEC multicast addresses from the bridging table using the gl [CSCdi15827]

• Corrupt / invalid ethernet frames where incorrectly bridged to the FDDI interface resulting in FDDI transitions. The source of the corrupt frame was in this case a Hirschmann hub sending diagnostic packages. [CSCdi15992]

• Systems configured to filter Ethernet- and SNAP-encapsulated packets on input will not bridge (forward) SNAP-encapsulated packets with broadcast destinations. [CSCdi15997]

• The minimum forward delay interval value currently supported is not in line with the IEEE 802.1d standard. The 802.1d standard supports a minimum delay interval of four seconds, while the lowest delay interval supported by Cisco software is 10 sec [CSCdi16114]

• System issues link down traps from the fddi interface when in fact the interface did not go down. debug fddi-cmt-events shows link down and link up trap without any corresponding cmt data. [CSCdi16506]

• When running 19.2K on FSIP, clock devisor table in the system image was not taking into account the 8.064 Mhz reference crystal. Changing the table in the system image took care of problem. All other serial adapter's use the 8.0 Mhz reference crystal. [CSCdi16664]

• Vines may not work properly on CTR interfaces that are also part of a transparent bridge group. [CSCdi16797]

• The bridge-group 1 spanning-disabled interface configuration command is stored incorrectly in NVRAM as bridge-group 1 span-disabled. On subsequent router reloads this command is marked as invalid and removed [CSCdi16892]

• A Token ring interface may return an incorrect error message when an error occurs on the ring. [CSCdi17041]

• The CRC 32 interface subcommand does not work properly for the HIP card. HIP ucode 162-2 is required for this option to be enabled. [CSCdi17633]

IP Routing Protocols

• OSPF neighbor config lost when the interface is shutdown. [CSCdi13549]

• OSPF uses buginf instead of errmsg. [CSCdi15061]

• OSPF redistributes other protocol's route when not configured to. [CSCdi15123]

• Under rare circumstances, When configuring static routes for a major net and its subnets, IGRP may pick the wrong metric when advertising the routes. [CSCdi15686]

• Token ring interface will reset when that interface is added to an OSPF area. This can cause some problems like the RSRB peers may get closed and session may get dropped. [CSCdi15763]

• OSPF Routing Table disappears for no apparent resaon. [CSCdi15845]

• A redistributed RIP route disappears from OSPF routing table for no apparent reason, causing a service disruption for that particular lost route. [CSCdi16196]

• Virtual link fails to come up if the destination router has multiple links in the transit area and if the first link in the lsa could not be reached. [CSCdi16215]

• An active LSA summary is flushed when one of the address that falls in that summary is equal to the summary configured. Workarround: clear the ip routing table: "clear ip ro *". [CSCdi16238]

• Cisco router is not able to recognizea Proteon router as AS Boundary router due to Proteon sending some extra bits in Type of router field in Router LSA. The problem is solved by masking out the extra bits. [CSCdi16363]

• OSPF does not sufficiently validate received data, which in some cases can cause system failure.

  There is no workaround to this problem. [CSCdi16521]
  

• OSPF process logs unnecessary message. No further information available. [CSCdi16592]

• OSPF error messages has too high message level. No further information available. [CSCdi16621]

• When an interface goes down, the system fails to poison the corresponding subnet route in RIP or HELLO routing advertisements sent out other interfaces that are part of the same major network number. The system also fails to poison a network summary route advertised by RIP or HELLO to other networks. The result is that adjacent routers must time out the corresponding route in their tables, instead of being notified of the routing change immediately. [CSCdi16698]

• Show ip ospf database does not stop properly. No further information available. [CSCdi16736]

• Ospf_clean_area() skips every other link state db in the hash chain when clean up. Hence, the database for OSPF Link State Advertisements is not cleaned up properly. [CSCdi16888]

• Issuing the command 'no router ospf' hangs the system. [CSCdi17080]

• Under certain conditions, floating static routes may be incorrectly redistributed into IGRP and RIP with an inaccessible metric. [CSCdi17285]

ISO CLNS

• When the iso-igrp routing for a Serial 1 inteface is changed from Level 1 to Level2, in the configuration the iso-igrp tag changes from the original Serial 1 tag to that of the Serial 0 interface with Level 2 routing. This results in incorrect tagson interfaces. [CSCdi15588]

• If the router hears ES hellos, this may cause the ISO-IGRP process to get called, though the router is not configured for ISO-IGRP. [CSCdi17079]

• IS-IS causes crash dumps appears without termination. [CSCdi17169]

LAT [CSCdi14476]

Novell IPX, XNS, and Apollo Domain

• When bringing up an interface which has been down since system startup, on a router running with XNS routing configured for over two weeks, the newly installed XNS interface will not send out XNS RIP updates. The work around is to power cycle the router. [CSCdi15730]

• Pinging XNS traffic through a frame relay causes a high number of timeouts. [CSCdi16118]

• Some access lists do not work correctly when applied to the interface. Novell and XNS access lists do not look at the destination network in the packet or in the defined access list when novell route cache is enabled. Work around is to turn off fast switching on the interface no novell route-cache [CSCdi16166]

• Novell IPX echoes (ping) do not work to the router's own IPX address on certain kinds of interfaces. [CSCdi16558]

• XNS echoes (ping) do not work to the router's own XNS address on certain kinds of interfaces. [CSCdi16567]

Protocol Translation

• The option "Printer" supports LAT and TCP printing over an X.25 network among multiple sites. The "Printer" option provides an intterlock machanizim between accepting the incomming X.25 connection and the openining of LAT/TCP outgoing connection. Translate x25 55555 Printer tcp TCP-Device configuration command causes the Protocol Translator to confirm the outgoing TCP/LAT connection before sending a Call Confirm to the incoming X.25 connection. An unsuccessful outgoing TCP/LAT connection attempt will result in the incoming X.25 connection to the Protocol Translator to be refused rather than being confirmed followed shortley by being cleared. Note that using the "Printer" option will force the global option "Quiet" to be applied to the translation. [CSCdi14263]

• Protocol Translation queued Host Initiated Connections from LAT to X.25 should be checked every Second instead of 60 Seconds. [CSCdi15819]

• [CSCdi15844]

• A protocol translator used for LAT to X.25 Host-Initiated Connections (such as printing), may run out of memory over time. [CSCdi16105]

Wide-Area Networking

• When bridging over frame relay, data may be sent on inactive DLCIs. [CSCdi13429]

• The MTU of a BRI interface cannot be increased. [CSCdi14913]

• "sh bridge" command does not diplay Frame Relay DLCI. [CSCdi15566]

• The router does an incorrect check for the V.25 dialing frame. [CSCdi15771]

• A Cisco router with an ISDN BRI interface may not properly show dialer information. The show dialer and show dialer interface bri 0 should have the same format and show the same information. [CSCdi16197]

• Invalid DLCI value in frame-relay map command accepted. [CSCdi16326]

• Under some circumstances, the cisco PAD code will fail to actually send an x.29 invitation-to-clear message, even though the output from debug pad indicates that one is being sent. [CSCdi16630]

XRemote

9.17(6) Caveats/9.17(7) Modifications

This section describes possibly unexpected behavior by Release 9.17(6). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(6). For additional caveats applicable to Release 9.17(6), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(7).

AppleTalk

• AARP Packets with bogus protocol type fields in the AARP header are not pitched. There is no significant system impact. [CSCdi13778]

• AARP packets with bogus hardware types, hardware address lengths and protocol address lengths are not dropped. There is no significant system impact. [CSCdi14107]

• Gleaning of MAC addresses from AppleTalk Phase 2 packets does not work properly on Token Ring and FDDI interfaces. A low impact workaround is to disable gleaning by issuing the command no apple gleaning on the affected interfaces. It may also be necessary to clear the AARP cache to flush out any corrupt entries. This may be done by issuing the EXEC command, clear arp. [CSCdi14227]

• When NBP BrRq and NBP FwdReq packets are converted to NBP LkUps, the source address is not preserved. This can cause access-groups to inadvertently filter out the LkUps. The workaround is to disable access-groups. [CSCdi14245]

• Software does not support ARAP feature yet. [CSCdi14301]

• Devices that perform gleaning of MAC addresses from AppleTalk Phase 2 packets may experience connectivity problems. This problem can manifest itself as services on the local network appearing and disappearing in Mac Choosers. There is no workaround. An upgrade is necessary. [CSCdi14732]

• If the router hears a Pre-FDDItalk encapsulated RTMP, would reset the FDDI interface. Appletalk state machine, depends on number of non-seed routers, can take up to few minutes to restart the interface. [CSCdi14993]

• Misconfigured (incorrect address or zone name list) AppleTalk interface causes AppleTalk processes on the router to continuously allocate more memory until the router hangs. [CSCdi15369]

Basic System Services

• There is no way to reduce the number of virtual terminals allocated on a cisco product, even if the box is not intended to support protocol translation. [CSCdi11230]

• The DECnet routing table can become corrupted, resulting in unpredictable behaviour. [CSCdi12840]

• Routers generate excessive snmp "link down" traps with the reason "N2 (Retry Count) Expired" during every restart attempt on an SDLC line rather than whenever the line changes state. [CSCdi13309]

• CBUS tokens do not populate the memory location that SNMP looks in for the data. Therefore the token ring upstream neighbor is always reported as 0000.0000.0000 [CSCdi13489]

• The CSC/3 processor card may be unable to load newer software images from FLASH or TFTP servers due to memory constraints.

  For example, the 9.1(7) or later images may be too large to fit in the system boot buffer memory. The factors affecting the size of available system boot buffer memory include:
  

  - Features enabled (more features reduce memory available)
  

  - Number of cards in the router (more cards reduce memory available)
  

  - Version of system code in ROM (newer system code reduces available memory)
  

  The short term workaround for systems unable to load the never software images is to downgrade the version of system code in ROM. Alternatively, cards may be removed or features disabled.
  

  This only affects the CSC/3 cards at this time. [CSCdi14366]
  

• The dot5 token ring mib implementation does not handle getnext operations correctly. [CSCdi15090]

DECnet

• The router apparently ignores the command decnet routing-timer xxx, and send lvl2 routing updates at a higher interval. [CSCdi12802]

• Router with DECnet routing enabled, gives the error message %SYS-2-LINKED: Bad Enqueue, Process="Virtual Exec". Aside from the error message the router functions normally, the imapct on normal functioning of the router is minimal. [CSCdi13322]

• Under certain circumstances when the router sends packets on an interface which are larger than the MTU size on that interface the router crashes. [CSCdi13994]

• Memory allocation for the CLNS process allocates buffers which are larger than required. This causes low memory problems as other process fail to find buffers they require. [CSCdi14122]

• Cisco routers do not listen to the DECnet multicast address for level-2 only routers. This can create problems in situations where DEC routers are configured level-2 only. The workaround is to configure those routers for both level-1 and level-2 routing. [CSCdi14521]

EXEC and Configuration Parser

• The bandwidth statement configured on a Token Ring interface is removed from a working configuration after a reload, resulting in a difference between the output of show config and write terminalRip redistribution [CSCdi10277]

• This is a dynamic configuration problem. If you issue an area range command while the router is in operation, the router will not remove the summary LSAs that fall into that range. The workaround is that after completing the configuration, do a write memory and remove the OSPF process. Then configure the process again from memory. [CSCdi10293]

• A router which is configured as an area border router in OSPF domain fails to generate a summary network link state advertisement into the backbone area for a network in non-backbone area that is configured as an interface's secondary address. [CSCdi10302]

• Debug messages for BGP updates should be limited to particular networks by using an ACL. BGP should give up the processor to allow other processes to run while servicing callbacks and redistributing routes into BGP from another protocol. The TTL on BGP packets should be set to 1 for external neighbors unless the EBGP-multihop override has been specified. On routers that are not advertising an external path to a network, we should not send unreachables for that network to IBGP neighbors. The IP forwarding table should be immediately pruned of all BGP routes when a global BGP reset is performed. BGP should never take a locally sourced path and inject a route based on that path into the routing table. When BGP determines that it has successfully placed a route into the routing table, it should remove any sourced paths that it has in its path table. BGP should never send an update back to a neighbor for something that we learned from that particular neighbor. BGP should never send inter-AS metrics to internal neighbors. show ip bgp x.x.x.x should not display an inter-AS metric value unless a metric was received, or is being generated. OSPF metrics are carried into BGP as the INTER-AS metric (which in itself is somewhat broken). The default-metric command overwrites these computed OSPF metrics as well as provides an inter-AS metric for all routes learned via protocols other than OSPF. The default metric should not overwrite the computed OSPF metric, but rather just gives metrics to routes that don't have an inter-AS metric already. To explicitly override the OSPF metric, enter the command redist ospf as metric metric-value. A new metacharacter should be added to the regexp parser. The "_" character should match on the beginning of line, end of line, or a single whitespace. [CSCdi10324]

• If a summary route for a major network exists in the routing table and the route is advertised by BGP, a bad NEXT_HOP attribute can be generated in some cases. The summary route must point to a next hop which is not directly connected, and the BGP neighbor must not be directly connected. If a major network is learned initially via BGP and then subsequent subnets are learned from other sources, the network will not be learned by BGP. [CSCdi10358]

• Static IP routes to 0.0.0.0 via an intermediate destination are not removed immediately from the routing table if the interface to the destination goes down. Static IP routes to 0.0.0.0 via an intermediate destination are not removed immediately from the routing table if the interface to the destination goes down. [CSCdi10377]

• A spurious OSPF HELLO packet may be sent during a system reload. The HELLO may not contain proper router ID information and can confuse other vendors OSPF implementations, resulting in improper startup. [CSCdi10516]

• To creat a uncontiguous backbone area a router can be connected to remote backbone router via a virtual link. A router with such a virtual link configured would reload if an interface is shutdown whose IP address is used as a router ID. [CSCdi11217]

• A stub area can be defined as any area that does not allow the advertisement of external routes. Configuring "Stub area" on the system causes the system to loose its neighbor. [CSCdi11218]

ISO CLNS

• A redirect sent out over an X25 interface does not get encapsulated and CLNS returns a failure. [CSCdi04417]

• CLNP packets carrying the Global QoS option will not be fast switched. This option is commonly included by OSI End Systems because it contains the Congestion Experienced bit, which is used by the ISO Transport congestion avoidance mechanism. This will cause reduced CLNP switching capacity. [CSCdi08045]

• ES-IS cache entries for a disabled interface are not flushed when the interface is disabled. This means that packets destined to systems that were formerly reachable through that interface may be lost until the cache entries time out (maximum of five minutes). [CSCdi08490]

• CLNS packets that are slow switched will always have their checksums calculated from scratch, even when the incoming packet has checksums turned off. This has no operational impact, other than slowing down packet forwarding and receipt if the original packet did not have checksums enabled. [CSCdi08567]

• Packets generated by the CLNS ping command do not contain the Global QoS option (which includes the "congestion experienced" bit). Since most typical CLNP packets carry this option, the ping command would be more useful as a test tool if the option were present. [CSCdi08568]

• IS-IS will send level-1 LSPs over a point-to-point link to a level-2 adjacency. The router on the other end discards the packet, and the sending side continually retransmits these LSPs. [CSCdi09335]

• When CLNS receives a packet that needs to be fragmented, but the 'segmentation permitted' bit in the packet is off, it should send back an error packet (ERPDU) indicating this situation. [CSCdi09413]

• There are four obscure cases where IS-IS does not purge its own LSPs. The effect is LSPs harmlessly stay in the database longer than necessary. [CSCdi09526]

• If IS-IS areas are configured in neighboring routers such that they are not in the correct order, a level-1 adjacency will not form. This only occurs in multihomed areas over point-to-point links. [CSCdi09555]

• The Cisco router will create an adjacency with an end-system that has advertised an invalid NSAP format in its ESHes. [CSCdi09670]

• If an OSI end-system advertises an NSAP address that exceeds the legal length (20 octets), the Cisco router will accept and process the NSAP and will build an adjacency. [CSCdi09672]

• There are rare occurences that the system may reload when a "show isis database detail" command is issued when the link state database contents is changing. [CSCdi09805]

• An interface static route requires an snpa if the interface is ethernet or (in the case of serial interfaces) if the encapsulation is of a "WAN" type (i.e. x25, SMDS, FR). In the serial case, the SNPA is not inserted in the NVRAM configuration.

  e.g. for interface s2 with x25 encapsulation:
  

  router# config term Enter configuration commands, one per line. Edit with DELETE, CTRL/W, and CTRL/U; end with CTRL/Z int s 2 clns route 39.0008 serial 2 111111
  

  router# write term ..... int s 2 clns route 39.0008 serial 2 ^^^^^ missing snpa ..... [CSCdi09867]
  

• The NSAP lookup routine goes through the entire hash table even when a matching entry has been found. [CSCdi09915]

• If there are any CLNS discard routes configured and they are redistributed into ISO-IGRP, they will not be advertised. The workaround is to configure a fictitious static route so it can be redistributed. [CSCdi09917]

• Under certain circumstances, CLNS over x.25 would not work because the encapsulation of the CLNS packets would fail. The call to the x.25 address look-up routine did not zero out the structure containing the x.121 address correctly, thus causing the look-up routine to fail; this error was propagated up to the encapsulation routine which also would fail. [CSCdi09966]

• If a static CLNS route to the zero-length prefix ("default") is configured, it will not be written correctly to NVRAM.

  The workaround is to install a small number of static routes of length one instead. [CSCdi09997]
  

• If there is a neighboring IS on a LAN, and a router is configured to run IS-IS on the interface, the router does not advertise the IS as an ES link in the pseudo-node LSP.

  This fix allows ISes that do not run IS-IS to be reachable via the IS-IS running domain. [CSCdi10002]
  

• The active ISIS adjacency count on an interface was being counted incorrectly when the IS was of type level-1-2. [CSCdi10025]

• CLNP packets carrying the Global QoS option will not be fast switched. This option is commonly included by OSI End Systems because it contains the Congestion Experienced bit, which is used by the ISO Transport congestion avoidance mechanism. This will cause reduced CLNP switching capacity. [CSCdi10052]

• When there exists static routes in which the next-hop interface is no longer reachable, and ISO-IGRP is redistributing static routes, it will continue to do so if the interface goes down or the next-hop goes unreachable. [CSCdi10060]

• When deconfiguring an ISO-IGRP routing process, static prefix routes learned by that process are not deleted from the routing table. These routes stay in the table indefinitely. A system reload is the only cure for the problem. [CSCdi10406]

LAT

• A protocol translation to a LAT printer will routinely lose the end of the job. [CSCdi08256]

• If the name specified in the hostname command is illegal as a LAT node name, LAT service advertisements will be sent out with the invalid name and will be ignored by LAT terminal servers on the network. This will cause the Cisco system to be unreachable (via LAT) from those terminal servers. The administrator should either ensure that the hostname is a legal LAT nodename or add an additional lat node-name command to override the use of the hostname. [CSCdi09592]

• If more than one node offers a LAT service with the same name, and one of those nodes crashes, the communications server may reload. [CSCdi09705]

Local Services

• If an attempt is made to either write a read-only object or read a write-only object, the wrong error code is returned. [CSCdi09714]

• The Apollo ping command displays the destination

• Novell encapsulations other than the system defaults on Token Ring or FDDI interfaces are not written out in the write term, write network, or write memory commands. If the Novell encapsulation on Token Ring or FDDI is changed from the default, it will revert to the default Novell encapsulation after the next system restart. [CSCdi09892]

• The SHOW NOVELL/XNS ROUTE display is missing the count of learned routes in the header of the display. [CSCdi09923]

• Novell, XNS, and Apollo maximum-path 0 is accepted and displayed by the system, but the default maximum-paths is 1. If a user types a maximum path of 0, make this return to the default setting of 1. [CSCdi09955]

• - If static saps are present and novell routing is disabled, configuration entries do not disappear.

• - Multicast host addresses are not permitted. Unfortunately, this check is done incorrectly if the static sap is associated with a remote network.

• - The multicast host address check is not performed correctly if the (local) medium is fddi. The same problem exists for static routes. [CSCdi09985]

• Corrupted Novell RIP updates on Token Ring can cause a race condition to occur when trying to free packets for the Token Ring interface. This caveat manifests itself by causing novell network numbers assigned to the Token Ring interface to get switched with another novell network number on a different interface. This usually results in an error on the Novell Fileserver. ie: Router at X claims network Y, should be X. [CSCdi10070]

• The Cisco IPX ping command was limited to a maximum of 1500 bytes. This patch increases the ping maximum to 4096 bytes for segments which supports that size. [CSCdi10130]

• Odd-length Token Ring Novell IPX frames that are fast switched from a ciscoBus Token Ring to an MCI Ethernet have a padding byte missing from the frame. Certain Ethernet NIC drivers will work fine with this frame, while others will count this frame as an error packet, resulting in connection failures. A workaround is to turn off Novell route-cache on the destination Ethernet. However, be advised that this will slow down all IPX traffic destined for that Ethernet. [CSCdi10159]

• When fast switching from SBE Token Ring interfaces to HDLC encapsulated serial interfaces, the last 7 bytes of data in an odd-length frame and 8 bytes of data in even-length frames will become corrupted. Turning off Novell route-cache on the output serial interface will allow the frames to be forwarded properly. [CSCdi10230] network number in decimal; it should be displayed in hexidecimal. The minimum Apollo ping size should be 75 because of Apollo packet header size overhead. [CSCdi10265]

TCP/IP Host-Mode Services

• When a TCP connection has a closed window, packets containing valid ACKs are discarded if they also contain any data (since the data is outside of the window). The correct behavior is to continue to process the ACKs for segments with reasonable ACK values. This is especially a problem in the initial stages of a connection, when we send the SYN-ACK with a 0 window. If the ACK to our SYN contains data also, we will not process that ACK, and the connection never gets to ESTABLISHED state. [CSCdi05962]

• A TCP connection that has transmitted a very large amount of data (on the order of 2 billion bytes) can remove packets from the retransmission queue prematurely, causing the connection to unexpectedly close due to a retransmission timeout, even though the network path is working correctly. This can affect router functions like remote source route bridging, which can transmit large amounts of data over a long period of time. [CSCdi09764]

TN3270

• Under certain circumstances, use of TN3270 may cause the Communication Server to hang. [CSCdi09987]

Wide-Area Networking

• The protocol translator resets X.25 switches by sending pad control packets with the Q-bit set immediately after full data packets which have the M-bit set. [CSCdi09201]

• When a router with frame-relay encapsulation is configured for frame-relay lmi-type ansi and then reloaded, the status enquiry message sent out the interface is seen on DLCI 1023, not DLCI 0. No serious consequences arise from this. [CSCdi09661]

• OSI packets switched from an Ethernet, Token-ring, or FDDI interface to a PPP encapsulated serial line are transmitted with a non-zero padding byte between the OSI protocol data unit and the PPP encapsulation. The non-zero value is actually 03, and is put by the encapsulation on the Ethernet/Token-ring/FDDI interface. When this incoming encapsulation is removed and replaced by the PPP encapsulation, the padding byte is left untouched instead of being initialized to zero.

  Since padding bytes are supposed to contain the value zero, this can confuse equipment from other vendors and cause interoperability problems.
  

  There is no interoperability problem between cisco equipment on account of this caveat because cisco equipment always expects one byte padding and does not specifically check the value of this padding byte. [CSCdi09795]
  

• The warning message is not displayed any more. [CSCdi09846]

• Under certain circumstances, routing X.25 packets over an IP network may cause the system to reload. [CSCdi09872]

• The string of the rotary group is not affected by any configuration change any more. [CSCdi09889]

• Incoming PAD connections to the AUX port will fail, because the code that starts the tty_daemon processes do not recognize AUX ports. [CSCdi09918]

• In a configuration with two or more dialer maps, if one call was up, and a packet needed to be transmitted to a different phone number, the call that was active would be immediately disconnected even if it had not been idle for the fast idle period. [CSCdi09925]

• The behavior of X.25 packet size negotiation may now depend on the value of the LAPB N1 parameter and may cause confusion. It is not necessary to set N1 to an exact value to support a particular X.25 data packet size, although both ends of a connection should generally have the same N1 value. The value of N1 is to simply avoid processing any huge frames that result from a 'jabbering' interface, which is a fairly unlikely event.

  Cisco's default N1 corresponds to the hardware interface buffer size. If it is desired to set the value to something else, the new value must allow for an X.25 data packet (maximum packet size plus 3 or 4 bytes of overhead for modulo 8 or 128 operation, respectively) and LAPB frame overhead (2 bytes of header for modulo 8 operation plus 2 bytes of CRC). In addition to this, the standards bodies specify that N1 is given in bits rather than bytes. While some equipment may be configured using bytes or by automatically adjust for some of the overhead information present, Cisco equipment should be configured using the true N1 value.
  

  The following table specifies the *minimum* N1 values needed to support a given X.25 data packet.
  

  max. data in min. N1 for min. N1 for X.25 data packet X.25 modulo 8 X.25 modulo 128 ---------------- ------------- --------------- 128 1088 * 1088 256 2104 2112 512 4152 4160 1024 8248 8256 2048 16440 16448 4096 32824 32832
  

  * Note that N1 cannot be set to a value less than what is required to support an X.25 data packet size of 128 bytes under modulo 128 operation; this is because all X.25 implementations must be able to support 128 byte data packets.
  

  Configuring N1 to be less than 2104 will generate a warning message that X.25 may have problems because some nondata packets can use up to 259 bytes.
  

  N1 cannot be set to a value larger than the default without first increasing the hardware MTU parameter.
  

  X.25 will accept default packet sizes and CALLs that specify maximum packet sizes greater than what the LAPB layer will support, but will negotiate the CALLs placed on the interface to the largest value that can be supported. For switched CALLs the packet size negotiation takes place end-to-end through the Cisco equipment, so the CALL will not have a maximum packet size that exceeds the capability of either of the two interfaces involved. [CSCdi09930]
  

• When using PPP encapsulation for a BRI interface with a switch type of DMS-100 or AT&T, the ISDN software on the router will behave improperly. [CSCdi10017]

• The protocol translator will now respond with a pad error message to X.3 parameter sets that are outside the range of recommendations X.3. [CSCdi10042]

• With remote X.25 switching, and routing to a destination that cannot route the call, the originating router pauses indefinately. [CSCdi10051]

• When the ISDN switchtype is set for 5ESS on the BRI interface, there is a problem at startup. If the BRI line is unplugged and plugged back in a couple of times, the router may crash. [CSCdi10118]

• The interface subcommand no encapsulation ppp is not handled correctly by the ISDN BRI interface. The encapsulation will be set to whatever came after the no encapsulation, rather than resetting the interface back to HDLC. When the command no encapsulation ppp is entered the D channel uses HDLC, and the B channels stayed in PPP. [CSCdi10215]

• The output of debug frame-relay-packetis incorrect for the multicast DLCI. This is only a problem with the formatting of the debug output. [CSCdi10332]

• The fix for CSCdi10017 broke the hangup process. It is now done fixed. [CSCdi10351]

• A Cisco 3103 router with a basic rate interface connected to a DMS100 telephone switch does not properly use both B-channels for incoming calls. The use of SPIDs (Service Profile IDentifiers) can complicate the configuration. [CSCdi10379]

• When parsing an LMI frame with an invalid IE, all valid IE prior to the invalid one will be taken into account. Once the invalid IE is reached, the packet is dropped. The entire LMI frame IEs should be ignored. [CSCdi10383]

• Frame-relay LMI updates do not indicate when a status enquiry message is not sent out due to a lack of buffers. [CSCdi10511]

• For X.25 connections that are not using DDN X.25, local facilities are not accepted by the router. [CSCdi10558]

• A Cisco 3103 with an ISDN basic rate interface may not properly disconnect a call that it has received. When the 3103 idle timer expires the B-channel may not be disconnected and will be left unavailable for use. [CSCdi10562]

• X.25 does not properly set the default values for MTU and LAPB N1 for DDN and BFE encapsulation. Therefore, the flow control negotiation code will lower the values on outgoing CALLs and clear an incoming CALL with little indication as to what the problem is. Additionally, the BFE behavior of disallowing flow control facilities on a CALL CONFIRM packet does not apply to DDN implementations. X.25 does not properly set the default values for MTU and LAPB N1 for DDN and BFE encapsulation. Therefore, the flow control negotiation code will lower the values on outgoing CALLs and clear an incoming CALL with little indication as to what the problem is. Additionally, the BFE behavior of disallowing flow control facilities on a CALL CONFIRM packet does not apply to DDN implementations. [CSCdi10573]

• A Cisco 3103 with an ISDN basic rate interface may not be able to properly complete an outgoing ISDN call. This might happen if the switch-type is set for basic-5ess. When a CONNECT message is received from the network, an "Unexpected Connect" message may be displayed. [CSCdi10600]

• Configuring x25 encapsulation on an FSIP interface will cause the line protocol to remain down. [CSCdi11083]

• FSIP interfaces configured for SMDS encapsulation do not fast/auto switch consistently. Packets over 1500 bytes fail consistently and pings fail due to buffer allocation issues. Reflector interface and encapsulation types have no effect. [CSCdi11098]

9.17(2) Caveats/9.17(3) Modifications

This section describes possibly unexpected behavior by Release 9.17(2). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(2). For additional caveats applicable to Release 9.17(2), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(3).

AppleTalk

• The AppleTalk name lookup cache may not always be reflected in the output of various show apple commands. This affects the output of these show commands only; it does not affect any core router functionality. [CSCdi07775]

• A clear interface command does not clear the IPtalk port. Use the configuration command no apple iptalk instead. [CSCdi07778]

• AppleTalk zone multicasts such as NBP lookups are unexpectedly ignored on FDDI interfaces. [CSCdi09424]

• Serial interfaces configured with discovery mode never become operational. [CSCdi09532]

• Two routers connected back to back, may crash upon netbooting one after another. [CSCdi09567]

Basic System Services

• The show diagbus command has been extended to print out the onboard EEPROM information for the RP as well as the SP and IPs. The user interface remains the same. [CSCdi09073]

• In a limited number of 9.1 images, the user may be incorrectly placed in setup mode while attempting to netboot. Any information that might be assigned there is further ignored. This is mainly seen, but not limited to, routers such as the Cisco 3000 that have RXBOOT ROMs. Also, the AutoInstall feature will not be able to complete under these circumstances since the router will wait at the setup prompt for human intervention before running. [CSCdi09229]

• Translate commands should be written before LAT service commands, because LAT service commands can modify existing translation services. [CSCdi09255]

• A terminal line configured for flow control will not successfully time out (due to a "session-timeout" configuration) if XOFF is selected for the line at the time of the timeout. [CSCdi09310]

• Once the flash check/verify/erase sequence begins during a TFTP copy to flash, it is not possible to break from the process until it finishes or fails. This can be an inconvenience if the filename is mistyped. [CSCdi09417]

• The "uptime" portion of the show version command incorrectly identifies a Cisco 4000 as an IGS. [CSCdi09441]

• In some cases, error messages that precede a crashdump may be lost. Instead, we should always at least dump them to the console before doing the crashdump. [CSCdi09632]

DECnet

• If a DECnet Phase V end node sends both Phase IV hellos and ESHs, the Cisco router continually changes the adjacency type stored in the OSI adjacency database. Therefore, packets are sometimes converted and sometimes not. The correct behavior is to set the adjacency type to Phase V and use this adjacency. Phase IV packets should then always be converted. Phase V packets should not. [CSCdi09235]

• DECnet should look at the MAX AREA parameter and not advertise reachability to any areas greater than this parameter. Likewise, it should not advertise reachability to a node that is greater than the MAX NODE parameter. It should also not accept hellos from such nodes. [CSCdi09716]

EXEC and Configuration Parser

• If dialer interfaces are created using the interface dialer n command, they can never be deleted from the configuration. The reported behavior is corrected. When typing no interface dialer 1 the configuration does not show anymore. When removing a dialer with the command no dialer in-band the other configuration commands are deleted and do not show up when adding a dialer back. [CSCdi07979]

• If nonvolatile memory is erased, corrupted, or does not exist, the router will exhibit new behavior. In any of the above cases, the router now enters the service config mode before it goes into setup. If any of the interfaces gets configured automatically from BootP, RARP, or SLARP, you will see the router attempting to netboot its name and ultimately a configuration file from a server. This will be seen by the output "Booting network-confg ...". It is possible for a new router to exhibit this behavior if it is connected to an active router's serial line from SLARP resolution. This is desired behavior and is not considered a bug, though it might be a nuisance if it is not expected.

  The experienced bug is if we answer "no" to the setup command's prompt to continue, service config is still valid, and attempts to netboot the configuration file will continue. The router should assume to turn off service config if someone is there to type "no". If we type "yes" and provide a valid configuration, it will turn off service config. Manually turning off service config from configure terminal will be necessary if we type "no". [CSCdi09049]
  

• The frame-relay subcommands are incompatible between the system image and the bootstrap image. The bootstrap image, which is a trimmed down version of the system image and stored permanently in read-only memory, is used primarily to download system images over the network. The system image expects these subcommands with frame-relay as one hyphenated word. The bootstrap image expects these subcommands with frame relay as two separate words. A consequence of this incompatibility is that frame-relay configuration subcommands created using the system image are rejected by the bootstrap image and vice versa. Therefore, situations where system images are downloaded over a Frame Relay encapsulated line using the bootstrap image will fail if the system configuration has been created using a system image. The workaround for this unexpected behavior is to manually alter the frame-relay configuration subcommands to the form acceptable to the relevant image. [CSCdi09464]

IBM Connectivity

• There is currently a problem (in both Software Release 9.0 and 9.1) of setting access filters on source-route bridge networks based on SNAP type codes. [CSCdi09010]

• Misconfiguration of the router with peers that do not exist or are powered down can cause the box to loose all memory. [CSCdi09041]

• Certain IBM machines are seen to continue doing XID exchanges even after they have received the SABME. With local acknowledgment if the FEP side has already brought up the LLC2 session and the remote PC is still sending XIDs, it causes the FEP to disconnect the LLC2 session. To remedy this, the startup sequence needs to suppress the RNR at the FEP side and not bring up the session with the FEP until the router receives the positive linkup response reply from the remote router. This suppression of the RNR is possible by adding an rnr-disable configuration option to the source-bridge remote-peer command. This option must only be used if local acknowledgment is configured. This option should be configured on both the Cisco routers. [CSCdi09116]

• Ignore Format 3 type 4 XIDs for SDLLC connections. This is sent by NCP when VTAM is brought down. Once VTAM is brought down, there is no point for the router to initiate connection. [CSCdi09211]

• An SNA frame that was sent and replied to with RNR, is never resent and causes the FEP to enventually drop the session by sending the DM. [CSCdi09218]

• Router with STUN configuration would reload with the error message pointed to sdlc_set_clear_busy. There is no work around. [CSCdi09388]

• A low-end router could not forward an RSRB packet with RIFs longer than 8 bytes. There is no workaround. [CSCdi09429]

• Some local-ack RSRB stations will hang in initializing. Symptom: The hung station will have "local ack state = waiting link up response" stat [CSCdi09551]

• Cisco 4000 routers configured with Token Ring interfaces and LAN Network Manager support may experience a system reload as the Token Ring interface initializes. Removing LAN Network Manager support during startup can act as a temporary workaround. [CSCdi09594]

• RSRB peers that use TCP used to rely on the TCP transport to inform it that the remote side has gone away. The problem with this is TCP can take a very long time to time out. This is not acceptable in the IBM environment. We have implemented the concept of remote-peer keepalives that ensures that the other side is healthy. Messages are only sent if there is no other traffic. [CSCdi09596]

• LNM LLC2 parameters always set to default even if the configuration file does contain commands with different set of values. [CSCdi09646]

• Configuring SRT on the Cisco 4000 crashes the box. There is no workaround. [CSCdi09708]

• The RSRB state machine goes to a null state when one of the peers of the WAN peers is power cycled. The workaround is to reset both routers. [CSCdi09767]

• The rnr-disable argument is dropped from the Remote Source Route Bridging configuration after the system is reloaded. [CSCdi09880]

Interfaces and Bridging

• The system reloads when OSPF processes the link state advertisement retransmission list. This happens right after the system starts up. [CSCdi04617]

• A message appears when a LAN Network Manager trace frame is accepted by the router and forwarded onto other interfaces on that router, causing a minor memory leak because the wrong packet inside the router is trying to be freed. There is no workaround. [CSCdi07950]

• If an async interface is unnumbered, and an IP address is assigned from the EXEC, then the async interface should not be renumbered. If SLIP routing is started, but the address does not belong to the subnet that is already configured on the terminal servers primary interface, the address will be rejected. [CSCdi08621]

• BGP should allow a way to override routes sourced by the router with routes learned from another BGP peer. [Vince Fuller Memorial Hack] BGP should allow a way to override routes sourced by the router with routes learned from another BGP peer. [CSCdi08892]

• FDDI valid transmission time will display 4294965054 in some cases. [CSCdi08923]

• The input queue will fill up slowly while bridging transparently. When this happens, the interface with the filled input queue will no longer accept packets. [CSCdi09131]

• LAT compression is broken while bridging LAT on the low-end platforms (for example, IGS, Cisco 3000, Cisco 4000). There is no workaround. Cisco recommends that LAT compression should not be turned on in the low-end platforms until the next interim release. [CSCdi09180]

• There is a minor memory leak while bridging. There is no workaround. [CSCdi09183]

• RSRB packets when sent from CTR to MCI using direct serial encapsulation are found to be out of sequence, causing NetBIOS sessions to reset. The problem is in sending the packets to the MCI card. If no buffers are available on the serial card, the packets are being queued at the process level. This dual switching of packets (both process and fast switching) cause packets to get out of sequence. The solution is to drop the packet (instead of process switching it) if no buffers are available on the serial card. [CSCdi09196]

• Autonomous switching for IP over PPP and Frame Relay IETF works with ciscoBus2 version 11 microcode. Current microcode operations are not impacted by this change. The ciscoBus2 version 11 microcode must not be used with earlier software revision for autonomous switching use. [CSCdi09203]

• If your router is configured to redistribute OSPF into RIP, and there is a static subnet configured before another subnet is learned by OSPF, the IP network is not redistributed into RIP. This occurs for subnets associated with an IP network that is not directly connected. [CSCdi09215]

• The system normally disallows multiple interfaces to be configured with IP addresses on the same subnet. Such IP address overlap should be allowed when it occurs between a transmit only interface and its associated receive interface, as designated by the transmit-interface interface subcommand. [CSCdi09300]

• Some SLIP configurations may cause line protocol to fail on the async connection. In particular, the following configurations were found to be a problem:

  line x no exec modem dtr-active slip dedicated slip routing slip address 131.108.152.1 255.255.255.240 session timeout 1 [CSCdi09330]
  

• Static routes with destination gateways routed to via an interface that goes down (or is shutdown) are not always removed from the main routing table. [CSCdi09374]

• The command no ip route address only deletes the first static route to address as opposed to all static routes matching the specification. The no ip route address command only deletes the first static route to address as opposed to all static routes matching the specification. [CSCdi09375]

• This patch resolves a bug where IP packets, with a TTL of 1 would be rejected. The solution is to allow switching of IP packets with a TTL of 1. Now all packets with a TTL of 0 are dropped if the packet is not for us. [CSCdi09390]

• The system will not forward a frame if the frame arrives with the Monitor bit set to 1. The workaround is to make the cisco always be the Active Monitor. [CSCdi09400]

• Transparently bridging on a serial interface and turning on priority queuing, X.25, or Frame Relay encapsulation causes a packet to be tossed, which halts bridging. The workaround is to use different serial encapsulation and disable priority queuing. [CSCdi09489]

• There is a minor memory leak while bridging from serial to Ethernet or Ethernet to Ethernet. There is no workaround. [CSCdi09495]

• In the Cisco 4000 platform, a serial card in the slot closest to the power supply will disable transparent bridging on that slot. The workaround is to move the serial card to a different slot. [CSCdi09496]

• Transparently bridged packets were compared to the maximum MTU of the media minus the MAC encapsulation. The workaround is to increase the media encapsulation. [CSCdi09533]

• Due to interactions between the bridging code and driver code, the spanning- tree state is handled incorrectly. In pre-9.1, this shows up most readily on serial lines. If a serial line is shut and then no-shut, the port goes into blocking and then stays there. Similarly, if you have an Ethernet port and you pull the cable out, the port will go down. But if you wait for a minute or so (give the spanning-tree protocol time to recompute) and then plug the cable back in, you will see the port go into Forwarding immediately. This can cause temporary network meltdowns. [CSCdi09535]

• Configuring local acknowledgment on only one side of a peer set may result in a system reload. [CSCdi09536]

• OSPF doesn't listen to multicasts on an old Type 2 ethernet card. OSPF does not listen to multicasts on an old Type 2 Ethernet card. [CSCdi09553]

• While parsing through an RSRB packet, the location of the RIF was calculated wrong, resulting in looking at the wrong place in the RIF trace and broadcast bits. There is no workaround. [CSCdi09650]

• The active monitor of the ring is not seen at initial boot time of the router. The active monitor will be seen only if a soft error occurs on the ring. There is no workaround. [CSCdi09830]

IP Routing Protocols

• When using the domain-list feature, the software may fail to properly update domain cache entries that have been timed out. [CSCdi03896]

• BGP does not accept advertisements of network 0.0.0.0. [CSCdi08880]

• When using multiple addresses on a single interface from different major networks and with different sized subnet masks, sometimes an address overlap is reported where none exists. [CSCdi09104]

• If there is a subnet that is learned by OSPF and the associated IP network is not directly connected, the route will not be redistributed into IGRP, RIP, and Hello. The IP network is suppose to be redistributed but is not. This only occurs when you are redistributing OSPF routes into the other Distance Vector protocols. [CSCdi09146]

• OSPF removes the wrong instance of link state advertisement from link state retransmission list after receiving a link state acknowledgment. This happens in a rare circumstance when the acknowledgment is for an older instance of link state advertisement. [CSCdi09189]

• OSPF module miscalculates whether two link state advertisements are the same instance. [CSCdi09190]

• In a user environment that requires to use TAB character with tn3270, the system incorrectly handle TAB characters in a login-string. A new option argument-%t is added to handle TAB character correctly. [CSCdi09220]

• OSPF module miscalculates whether two link state requests are for the same link state advertisement instance. [CSCdi09338]

• Debugging messages showed by the OSPF module during the designated router election process shows a wrong router ID. [CSCdi09411]

• OSPF is not enabled on an unnumbered interface automatically when a numbered interface is changed to unnumbered while OSPF is enabled on the router. [CSCdi09433]

• Source-routed IP packets that are supposed to be discarded by the system are sometimes not. Such packets are being packet switched when the local system does not appear as the next hop in the source route. These packets should never be packet switched when the user has entered the no ip source-route configuration command. This unexpected behavior can pose a security problem for sites that use this command to restrict access. [CSCdi09517]

• When redistributing core egp into another protocol, the command redistribute egp 0 is written out as redistribute egp which is an invalid command. This only happens if the EGP AS is 0. [CSCdi09524]

• When TFTP booting a router over a slow serial line, the TFTP read requests may be timed out by the router before the TFTP server on the other end has had a chance to respond. This can result in netbooting failure. The router's TFTP implementation should reduce its retransmit time in order to adjust to TFTP servers that respond slowly. In the absence of such a change, the system should only be TFTP booted via a path that can be expected to acknowledge TFTP requests within 5 seconds. [CSCdi09550]

• show ip route does not display information about a network summary route. [CSCdi09561]

• Static routes that point to destinations reached via a route that has expired are not removed from the routing table. [CSCdi09564]

• When initiating a TFTP read request, the system can generate TFTP packets with invalid UDP checksums. This only happens when the request is transmitted out an unnumbered interface. If the TFTP server has UDP checksumming enabled, TFTP read requests via the unnumbered interface will fail. Turning off UDP checksumming at the TFTP server or restricting TFTP reads to numbered interfaces avoids this problem. [CSCdi09577]

• When an interface's encapsulation is changed via the configuration command encapsulation encapsulation-type, the change is not reflected by most network protocols until the next system reload. In many cases, the original encapsulation continues to be used by these protocols until the system is reloaded. The new encapsulation should take effect immediately. [CSCdi09619]

• The OSPF summary lock timer is created as a continuous timer where it should be a one-shot timer. If this timer is set once, it will try to come back even when it is not supposed to. [CSCdi09684]

• One of the OSPF forward address queue timers is set to a very low value, which might cause the timer to fire too soon. [CSCdi09693]

• If a new BGP neighbor is configured after the router has been operational for 24 days, BGP will not attempt to start the session. The workaround is to manually start the session with clear ip bgp. [CSCdi09732]

• This behavior is caused by some octets not being transfered from one MCI card to the other. This is now corrected by ensuring that all octets are properly transferred across the Multibus. [CSCdi09826]

ISO CLNS

• When an invalid ER PDU is received, we should just discard it without sending an ER PDU in response. [CSCdi09139]

• When redistributing ISO-IGRP routes into IS-IS, there are cases where some routes do not get redistributed. This occurs when the number of ISO-IGRP prefix routes causes more than one IS-IS Level 2 LSP to be generated. The routes that overflow the first LSP do not get generated. [CSCdi09144]

• CLNS fast switching over a serial interface with HDLC encapsulation falls back to slow switching. [CSCdi09172]

• Certain OSI packets are transmitted with a nonzero padding byte. The padding byte is inserted between the OSI protocol data unit and the relevant data link layer encapsulation. Since padding bytes are supposed to contain the value zero, this condition can confuse equipment from other vendors and cause interoperability problems. This caveat does not occur between Cisco equipment because Cisco equipment always expects 1-byte padding and does not specifically check the value of this padding byte. [CSCdi09238]

• There are situations where IS-IS will delete the wrong link in an LSP. This results in either duplicate entries or corrupt LSPs. [CSCdi09466]

• Duplicate adjacencies are formed (both system ID and SNPA are the same) when CLNS cluster aliasing is enabled on an interface. This happens for ISO-IGRP and DECnet Phase IV systems. This does not happen for IS-IS and OSI end-system adjacencies. [CSCdi09525]

• IS-IS sends point-to-point IIHs out HSSI interfaces that are 1 byte larger than the allowable MTU. This results in a %TOOBIG.... error message. The adjacency still forms. [CSCdi09538]

• Interface static routes with no SNPA specified will not be deleted from the configuration file. They are deleted from the routing table. [CSCdi09579]

• If there exists a Phase IV end node directly connected to a router, and IS-IS is enabled where the router is designated router, the Phase IV end system is not inserted into the Level 1 routing table and therefore is not reachable. This is a problem for end systems that are both Phase IV and Phase V. [CSCdi09678]

• IS-IS does not free the memory used for any LSP when the Lifetime expires and it is deleted from the link state database. This event does not occur very often. [CSCdi09759]

LAT

• A LAT protocol translation session can fail to be destroyed properly under some circumstance when output is still in progress as the connection is closed by the remote LAT host. [CSCdi07506]

Novell IPX, XNS, and Apollo Domain

• When receiving a Novell RIP request packet with an invalid length, it is possible that a system data structure could become corrupted. In extreme cases this could cause the system to crash at some later time. The novell rip-check command will turn on special processing of these invalid RIP request packets, avoiding the undesirable behavior. [CSCdi09056]

• A race condition in the show novell cache command can cause the router to reload. [CSCdi09163]

• Certain Novell packets may be received and processed by the local interface when they have been sent by a misconfigured client, server, or router. For example, a SAP Get Nearest File Server packet sent on network 0xA1 from a host whose network number has been misconfigured as 0xA2. These misconfigured packets should be ignored and counted as bad packets. In the Show Novell Traffic display the packets pitched counter should be incremented when we receive one of these packets. [CSCdi09178]

Protocol Translation

• On the protocol translator, if two host-initiated TCP connections to a single resource exist (one active, one queued), and the active connection is closed by a remote system, the protocol translator does not close the TCP connection, and does not process the next queued connection. A workaround is to specify a (small) session timeout (with "output"). [CSCdi09305]

TN3270

• Communication servers under certain circumstances may drop TN3270 connections and eventually reload. [CSCdi09197]

VINES

• A Cisco router may occasionally send an ICP error message with an error code of zero. Receipt of this message can cause a Banyan server to drop some or all communications links passing through the router. [CSCdi09175]

• If a station is removed from an interface that uses one type of encapsulation and is added to another interface that uses a different encapsulation before the neighbor entry expires, communication to the station will never be reestablished. [CSCdi09294]

• There is a condition where some serverless networks will have extreme difficulty logging in to any server. This is caused by a packet sent by the router not being understood by a VINES server. The workaround to this problem is to shorten the name of the Cisco router to be 15 characters or fewer. [CSCdi09372]

• This problem only occurs when a client is initially powered on, and the first login attempt results in a forced password change. The user will not be able to change his password and will not be able to log in. The workaround is to have another user log in and log out at that client, then the affected user will be able to log in and change his password. [CSCdi09467]

Wide-Area Networking

• This patch allows Cisco 4000 users to enable fast switching of packets on both serial lines. Prior 9.1 releases prevented users from enabling this feature. This patch allows fast switching of Frame Relay, HDLC, and SMDS across both serial interfaces. [CSCdi09107]

• OSI packets encapsulated in PPP are always expected to have a 1-byte padding between the OSI protocol data unit and the PPP encapsulation. This is not compliant with the Internet standards document RFC 1377, which specifies that a system must be able to accept such a padding of anywhere from 0 to 3 bytes. This noncompliance can therefore cause interoperability problems with another vendor's equipment if that equipment cannot or does not insert a 1-byte padding. Note that there is no problem if both sides of the PPP encapsulated serial line have Cisco equipment. [CSCdi09237]

• Systems with X.25 map entries for more than one remote AppleTalk host on a single interface are subject to reloads. [CSCdi09328]

• When running PPP between a Cisco router and a Wellfleet router, the Cisco router, over time, ignores packets on its interface to the Wellfleet router because rejected packets are not freed by the Cisco router. The Wellfleet router violates protocol by continuing to send packets of a particular type to the Cisco router even after the Cisco router rejects that particular type. [CSCdi09404]

• The 3103 router does not allow for Service Profile IDentifier (SPID) numbers to be sent from the router to the DMS-100 ISDN switch. A SPID for each B-channel (two maximum) must be sent to the network before any calls can be made to or from the router. The SPID is given to the user by the network when the basic rate service is started. The SPID values are entered into the configuration using the interface bri 0 command with the spid and spid2 commands. These values are sent to the network upon powerup or after a clear interface bri 0 command is entered. [CSCdi09422]

• When connected to a 1TR6 ISDN switch, the 3103 router does not properly respond to an incoming CONNECT message. A RELEASE message is incorrectly sent out to clear the call. Instead of clearing the call, a CONNECT ACKNOWLEDGMENT message should be sent out to accept the call. [CSCdi09488]

• For ISDN routers, incoming SETUP messages are not accepted when using the NTT switch type. [CSCdi09614]

• An serial interface with Cisco HDLC encapsulation is considered to be up when in a looped-back state. In some configurations, notably those involving dialed backup, it is more appropriate to consider a looped line to be down. The solution to this problem is to add a new interface configuration command, [no] down-when-looped. By default, when this command line is absent from the configuration, the line does not go down when in loopback. This new command is valid only for HDLC encapsulation. [CSCdi09657]

• CLNS will not work over X.25. X.25 calls that are received and have NSAP addresses in the facilities are classified as CONS (CMNS) calls even if CMNS isn't enabled on the interface. [CSCdi09679]

• There are certain problems in LMI processing: Invalid LMI frames may be processed (incorrectly) instead of discarded. Sequence numbers are not reset after interface failures. Checks for deleted DLCIs may improperly identify active DLCIs as deleted. [CSCdi09722]

9.17(1) Caveats/9.17(2) Modifications

This section describes possibly unexpected behavior by Release 9.17(1). Unless otherwise noted, these caveats apply to all 9.17 releases up to and including 9.17(1). For additional caveats applicable to Release 9.17(1), see the caveats sections for newer 9.17 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 9.17(2).

AppleTalk

• A spurious "couldn't register" traceback message may occasionally be seen on an interface that is being enabled for AppleTalk support if the interface resets at the same time the support is being started. This traceback message is harmless and can be ignored. [CSCdi06171]

• The AppleTalk nbptest facility does not correctly represent 8-bit characters in output resulting from the use of 8-bit characters in NBP entity names or zone names. As this is a diagnostic facility, there is no impact upon routing functionality. There is no workaround for this problem at this time. This error will be fixed in a future release. [CSCdi06266]

• The computed total in the summary line of the show appletalk zones command is not the same as the number of zone names shown in the output of the command. This is cosmetic and does not affect routing operation. [CSCdi06993]

• Loading interface-specific MacIP configuration commands across the network will cause MacIP to fail when the interface is already configured for AppleTalk and the configuration file read from the network also contains the same configuration commands that reenable AppleTalk on that interface. The workaround for this problem is either to not load in MacIP commands across the network, by saving the commands locally in NVRAM on the router, or to not specify the interface-specific AppleTalk commands in the host configuration file being read across the network. [CSCdi07353]

• When a router is configured with an AppleTalk zone name that begins or ends with a special 8-bit graphics character, NBP lookup queries made to this zone in the router will cause the router to reload. The workaround is to not configure zone names that begin or end in 8-bit characters. A crash can also occur when an NBP search is performed with graphics characters at the beginning or end of the type field. For example, a server with a trademark symbol at the end of the server-type name will cause the router to crash if it is installed on a zone connected to the router. The workaround is to move the server to a zone not assigned to the router, so that lookup requests for this type of service will not be directed at the router. [CSCdi07672]

• This is a cosmetic fix. When a router receives a nbp lookup to its net# and the zone, it finds all the matching entities in that entire zone and sends the nbp reply. Correct behaviour is to just respond with the entities registered on that interface only.Routers do not have to reply with all entities in that zone this is a NBP protocol function to generate the lookups to all the networks that correspond to this zone . This rdundancy is eliminated [CSCdi08746]

• When the appletalk permit-partial-zones command is enabled, the appletalk distribute-list access-list out and appletalk getzonelist-filter access-list commands unexpectedly permit all networks and zones in RTMP updates and GetZoneList replies when used with access lists that contain no zone information (that is, network number restrictions/permissions only). [CSCdi08819]

Basic System Services

• The router may experience a software error when the command show memory free is executed, and the command must pause for output at any time in displaying the results of the command. The workaround is to ensure that the output does not pause by using the command terminal length 0 before issuing the show memory free command. [CSCdi08368]

• The boot system rom commands are written out in configuration files with a superfluous IP address at the end of the command. There is no operational impact. [CSCdi08407]

• The show memory command on the Cisco 4000 system did not show any information on the high-speed static RAM (SRAM) memory. The show memory command on the Cisco IGS, Cisco 3000, and Cisco 4000 systems did not include a command to show a summary of free IO memory. The show memory command on the Cisco 4000 system did not include a command to show a summary of free SRAM memory. [CSCdi08447]

• entering multiple logging buffered commands without an intervening no logging buffered command can cause meaningless output to be included in the output of the show logging command. [CSCdi08459]

• An "event-dismiss" error message can be encountered when debug output is being output on the console while running a bootstrap system image; for example, igs-rxboot, xx-rxboot, csc3-boot, and so on.

  (boot)ROUTER#debug tokenring %SYS-2-INTSCHED: event dismiss at level 4 -Process = "Exec", level= 4, pid= 11 -Traceback= A87C A8D6 1418C 9422 9EB2 15FA 304D8 70DEC %SYS-2-INTSCHED: event dismiss at level 4 -Process = "Exec", level= 4, pid= 11 -Traceback= A87C A8D6 1418C 9422 9 [CSCdi08533]
  

• This fixes a bug where changing encapsulations on a serial interface would reallocate the buffers incorrectly. If the maximum MTU size of the interface was greater than the default, then changing the encapsulation would cause errors when the buffers were allocated based on the default maximum MTU for that interface. The maximum MTU would still show what was configured but the buffers allocated to that interface would be set back to the default of 1500 for serial lines and 4470 for HSSI. [CSCdi08928]

Communication Server

• Under certain circumstances, a reload may occur when switching between multiple TCP connections or using the state machine feature of the communications server. [CSCdi06884]

• If a line is configured with session-timeout n output, the "output" part of the command will remain in effect even if a new session-timeout n command is given (without "output" specified). A workaround is to turn off the "output" part explicitly with a no session-timeout 0 ouput command.

  If a line is configured with the session-timeout n output command, the output option will remain in effect even if a new session-timeout n command is given (without output specified). A workaround is to turn off the output option explicitly with a no session-timeout 0 ouput command. [CSCdi08625]
  

DECnet

• DECnet address translation fails on IGS platform routers in the cases where both interfaces are not fast switched and one of the interfaces is capable of being fast switched. The workaround is to configure both interfaces for DECnet fast switching. Since this is not possible for all interfaces and encapsulations, such as Token Ring, X.25, and Frame Relay interfaces, some configurations cannot support ATG on IGS platform routers. [CSCdi07652]

• DECnet fast-switching on the Cisco 7000 works fine on Ethernet when the encapsulation is ARPA. It does not seem to work for ISO1/SNAP encapsulations. A (crude) workaround to the ISO1/SNAP ethernet encap switching problem is to: 1) enable the default encap (ARPA) 2) set your switching mode 3) enable the desired encap (ISO1 or SNAP)

  Fast-switching is supported only for ARPA encapsulation (for Ethernet). The problem is that the code does not change the decnet 'fast-switch' flag to FALSE when the encaps flag is changed to anything other than ARPA. Likewise, the code does not set the flag to TRUE when the encaps is changed back to ARPA (and DECnet fast-switching is turned on). [CSCdi08415]
  

• Prior to 9.1(1.5) and 9.17(0.7), DECnet will fail. This is 9.1 and 9.17 only. [CSCdi08515]

• When a DECnet extended access list is configured with a destination address, the code ignores the destination/mask information in the ACL. If a match was found in the connect part of the ACE, it would return TRUE, that is, grant access, regardless of the destination/mask information. For example, access-list 300 permit 1.400 0.0 1.999 0.0 eq any should allow only packets from 1.400 to 1.999 to go through. The observed behavior was all packets would go through, regardless of destination. The fix is to just check that the source address/mask (and destination/mask, if applicable) specified in the access list matches the corresponding values in the incoming packet. [CSCdi08760]

• Turning on fast switching on an interface should be disallowed if that interface does not support fast switching, or in the case of serial interfaces, if the encapsulation does not support fast switching. [CSCdi08806]

• With DECnet access lists, the destination address/mask is ignored, regardless of what is in the connect part of the ACL. If the connect part of the ACL matches, access is granted, regardless of the destination address/mask. [CSCdi08818]

• The DECnet fast-switching code will not process an extended ACL if no standard ACL is present. To be consistent with the slow-switched case, the check for the presence of a standard ACL should be removed so that a list consisting of only extended ACEs will be processed. [CSCdi08875]

• The DECnet fast-switching code will not process an extended ACL if no standard ACL is present. To be consistent with the slow-switched case, the check for the presence of a standard ACL should be removed so that a list consisting of only extended ACEs will be processed.

  DECnet fast-switching on a Cisco 7000 works fine on Ethernet when the encapsulation is ARPA. It does not seem to work for ISO1/SNAP encapsulations. A (crude) workaround to the ISO1/SNAP Ethernet encapsulation switching problem is to enable the default encapsulation (ARPA), set your switching mode, and enable the desired encapsulation (ISO1 or SNAP). Fast switching is supported only for ARPA encapsulation (for Ethernet). The problem is that the code does not change the DECnet fast-switch flag to FALSE when the encapsulation flag is changed to anything other than ARPA. Likewise, the code does not set the flag to TRUE when the encapsulation is changed back to ARPA (and DECnet fast-switching is turned on). [CSCdi08879]
  

EXEC and Configuration Parser

• The debug ? command does not show serial options if only serial interface type is HSSI. [CSCdi07674]

• When an auxiliary port is set for dedicated slip mode, the clear line 1 command will take the auxiliary port out of SLIP mode. Typing slip at the EXEC prompt when connected to the auxiliary port, the auxiliary port will return SLIP mode. [CSCdi07908]

• The lapb hold-queue interface subcommand is not properly stored in the router's configuration memory. [CSCdi08957]

IBM Connectivity

• When routing IP in conjunction with bridging, HP Probe packets will be bridged rather than received by the router. Cisco Systems expects to resolve this problem in a future release. [CSCdi07039]

• Initializing Token Ring causes existing LNM links to be dropped. There is no further information available concerning this problem. [CSCdi07235]

• The order of deletion of STUN interface commands is significant when the SDLC connections are locally terminated. While order is significant when defining the configuration commands, there should not be any order imposed upon the operator when deleting commands. There is a very easy workaround for this problem. If you see the error message "An DLC address command must be given before local-ack can be used" when trying to deconfigure SDLC local acknowledgment for a given address (for example: C1), simply issue the following command sequence:

  sdlc address C1 no stun route address C1 tcp 150.136.134.86 local-ack no sdlc address C1
  

  If the stun route command is deleted first, followed by the sdlc address command, then everything is deleted accordingly. [CSCdi07340]
  

• When issueing a query to the system using Lan Network Manager Version 1.0 the router may produce error messages on the console. The message %SYS-2-LINKED may be produced on the console but does not appear to effect operation. [CSCdi07597]

• After configuring the routers for STUN with Local-ack, the lines stun sdlc-role primary and stun sdlc-role secondary could not be removed from the routers config files.

  The command no stun sdlc-role primary and the command no stun sdlc-role secondary will not remove the lines as they should. The command encap hdlc will remove these commands but when the encapsulation is returned to stun, the lines will reappear. [CSCdi07915]
  

• When the router is configured with the netbios enable-name-cache command it does not modify the Largest Frame (LF) field within the Routing Control field of all-routes and spanning tree explorer frames. Stations communicating across a source-routed network connected by routers experiencing this condition may not be able to establish a connection. Because stations do not see the LF reduced, they may transmit a frame larger than the maximum size, which is capable of successfully crossing a router. The router will drop the large frame and the connection will not be established. The proper behavior is for the LF field of all-routes and spanning tree explorer frames to be reduced to indicate the maximum frame size capable of being transferred across the bridge. The maximum frame size is the minimum of the frames sizes supported by the input interface, the transit media, and the output interface. A workaround is to disable the NetBIOS name caching feature with the no netbios enable-name-cache command. The router will properly process and reduce the LF field with name caching disabled. The behavior is present in all versions of the router supporting NetBIOS name caching. Cisco Systems will resolve this problem in an upcoming maintenance release of 9.1. [CSCdi08170]

• When reconfiguring the priority on an interface used for transparent bridging, we delay reconfiguring the port until we receive the following BPDU message. This can cause a significant delay in the convergence of the spanning tree. This caveat is present in all previous releases. The port is now reconfigured as soon as the configuration command is executed. [CSCdi08296]

• $ignore [CSCdi08565]

• When trying to link to more than one bridge at a time (on a router with more than one bridge) LNM would fail on the second link attempt with the nessage:

  Bridge failed to link RC = 00n
  

  This behavior has been corrected. [CSCdi08864]
  

• RR contains wrong address in SDLC multidrop environment.

  This problem is observed in a SDLLC setup with multiple SDLC secondary stations. A secondary station may get a series of I-Frames with the correct address and then a RR with some other station's address.
  

  Although not observered in STUN multidrop, the problem can occur in STUN as well. [CSCdi08976]
  

• With LU Prioritization, COS, or SDLC Address Prioritization enabled, frames that should be processed in the HIGH priority queue are being processed in the medium priority queue. [CSCdi09109]

Interfaces and Bridging

• Output drops double counted when output holdq is full. There is no further information available concerning this problem. [CSCdi07195]

• Under unknown circumstances, IP routing has a memory leak and will slowly use up all available memory on the router. Under unknown circumstances, IP routing has a memory leak and will slowly use up all available memory on the router. [CSCdi07288]

• The debug broadcast command does not work on FDDI broadcast packets unless the hidden debug fddi-event command is enabled. [CSCdi08137]

• The Ethernet driver on the Cisco 4000 platform currently fails to record some error occurrences reported by the controller hardware. The errors affected by this problem are Babble, Miss, Memory Error and Spurious Initialization Done. None of these errors will be counted and, as a consequence, will appear always as zero in driver status commands. There is no workaround for this problem. [CSCdi08371]

• Entering the diagnostic command test leds will cause the Cisco 4000 platform to reboot immediately. There is no exception error created and the router will reload and restart as if the command reload had been typed at the command prompt. There is no workaround for this problem. [CSCdi08380]

• Bringing up a Token Ring interface on the low-end platforms is an asynchronous process. We start the interface, and check on its state after a while. When configuring an interface as administratively down, the next time we check to see where we are in bringing up the interface, we forget all about the administrative down state. The symptom is a Token Ring interface that cannot be administratively shut down when connected to a ring it cannot insert into. A simple workaround would be to configure the interface as down, write the file to NVRAM, and reload the box. [CSCdi08421]

• Bridging for the IGS, Cisco 2000, Cisco 3000, and Cisco 4000 systems will fill up the input queue for Ethernet or Token Ring interfaces. This will happen over an extended period of time. The only current workaround is to reload the box. [CSCdi08505]

• When a communication server line is configured for modem control and with a session time-out, the session time-out will not be honored if the line is running in SLIP mode. [CSCdi08562]

• On the IGS, Cisco 3000, and Cisco 4000 serial network interfaces, we check the status of DCD before we assert DTR. This means that loopback interfaces that connect our output DTR signal to our input DCD signal will not work, because DCD will never be asserted. We should assert DTR before checking for DCD. [CSCdi08612]

• Transparent bridging between Token Ring to Token Ring is broken for xx. Basically, the checksum for the packet is incorrect. There is no workaround. [CSCdi08655]

• If a Cisco 4000 router has a dual serial NIM installed that only has one of its ports up (and neither of them being in the shutdown state), spurious interface resets may occur on the port that is up. Ports not in use should always be configured administratively down using the configuration interface command . [CSCdi08709]

• If an unnumbered interface is shut down, it is periodically removed from the IP routing table. This causes unnecessary routing table activity and can introduce other detrimental side effects. [CSCdi08715]

• BGP does not allow negative weights to be specified; this prevents one from defining a neighbor or set of networks less preferable than the default, rather than defining everything else as more preferable.

  EBGP peers are incorrectly allowed to be on other than attached networks. If you really want EBGP peers to be more than one hop away, then use the new command neighbor addr ebgp-multihop to override this limitation.
  

  If BGP metrics are the same, and path lengths are the same, the IGP metric should for the BGP neighbor is not (and should be) used to break ties.
  

  BGP reads data from TCP in an inefficient way. BGP does not allow negative weights to be specified. This behavior prevents one from defining a neighbor or set of networks less preferable than the default, rather than defining everything else as more preferable. EBGP peers are incorrectly allowed to be on other than attached networks. If you really want EBGP peers to be more than one hop away, then use the new command neighbor addr ebgp-multihop to override this limitation. If BGP metrics are the same, and path lengths are the same, the IGP metric should for the BGP neighbor is not (and should be) used to break ties. BGP reads data from TCP in an inefficient way. [CSCdi08758]
  

• If a neighbor command is used with IGRP, RIP, or Hello, and the neighbor is not in the major net as the primary address of the outbound interface, the routing update will be sent with an incorrect source address. This can result in incorrect routing at the neighbor. [CSCdi08770]

• The clear counter [type unit] command always clears the counters regardless of the user's response to confirmation. [CSCdi08774]

• Frame Relay and X.25 bridging is broken on the low-end systems. It will not pass packets if the input interface is an Ethernet or serial interface. There is no workaround. [CSCdi08779]

• The RIF structures are now initialized before use. It is possible that a previous use of a RIF structure had entries that could affect operations when the RIF entry is reused a second time for a different purpose. This has caused problems of pings being unsuccessful, unable to reach SRB hosts, and so on. Initializing an entry will clear out all previous usage and start afresh. [CSCdi08790]

• Novell SNAP 8137 and Novell ISO1 E0E0 on both TR and FDDI are currently classified as the same type. Incoming FDDI SNAP 8137 packets will not be fast switched. [CSCdi08820]

• MCI/SCI will become unusable when the MTU is 4K or above because there is only one buffer for the receive side. We recommend that MTU should be less than 4.5K. [CSCdi08842]

• Novell has introduced a new encapsulation for Ethernet media that is not currently supported. This is referred to by Novell as 802.2 encapsulation. [CSCdi08849]

• The Chaos, PUP, and Hello routing protocols do not properly expire old routing entries, leading to a memory leak, race conditions, crashes, and incorrect routing decisions. [CSCdi08881]

• Router should damp BGP fluctuations by not actively attempting connections during the first minute after reboot. The router should suppress BGP fluctuations by not actively attempting connections during the first minute after reboot. [CSCdi08891]

• Configuring source-bridge spanning on and off with the source-bridge spanning and no source-bridge spanning commands creates a deaf Token Ring interface on the low end platforms. This should not happen too often since this option does not change very often. The workaround is to restart the interface with a clear int t 0 or configuring it off then on. [CSCdi08946]

• Entry for the token mac addr in the bridging forwarding database table was put in the incorrect bit swapped order. There is no workaround. [CSCdi08980]

• When using a protocol translator or communication server without IP routing enabled, ARPs for IP aliases or addresses associated with translate commands may not be answered correctly. As a workaround, turn on IP routing to restore the expected behavior. [CSCdi08981]

• When an IP packet with options is received on a serial interface with fast-switching enabled, the system sometimes neglects to decrement the TTL of the packet before it is forwarded or received locally. This is most noticeable when a "traceroute" program is being used with source-routing options. The hop where the system with this problem should appear contains information on the successor hop. [CSCdi08989]

• The mac-address address command does not work on serial interfaces, even though a serial interface may want to use this, for example, when a communication server is originating LAT packets on the serial link. [CSCdi09015]

• MAC_index in SIF response should be 3 instead of 1. [CSCdi09017]

• There is a messaging scheme whereby the Token Ring interface board can send status information to the system. There was no protection against a runaway board dominating the system with interrupts. The fix is to watch for excessive amounts of interrupts over a short period and reset the board if necessary. [CSCdi09022]

• Certain routed packets could get leaked and bridged. The current workaround is to set up an output type filter to stop this leak. [CSCdi09067]

• When a system is attempting to TFTP boot, it may not know a route to the TFTP server. If the system has multiple interfaces by which it might contact the TFTP server, it can fail to continue to use the interface on which the TFTP transfer was just established. The result is that the TFTP boot attempt fails. The system should remember by means of its ARP table the interface to use to reach the TFTP server. Configuring the system's NVRAM so that it can only reach the server by one interface at boot time avoids this problem. [CSCdi09068]

• When TCP sessions go across a serial line that has TCP header compression enabled, those sessions may fail. This failure occurs if IP packets are fast switched from the serial interface that has the TCP header compression active to any other interface. Users may work around this problem by disabling IP fast switching in systems that have the TCP header compression active. This disabling need be done only for interfaces other than the serial interface doing TCP header compression. This is because TCP header compression automatically disables fast switching of IP packets on the serial interface. The configuration interface subcommand no ip route-cache can be used to disable IP fast switching on an interface. [CSCdi09069]

• A Cisco router sends VINES routing updates as spanning tree explorers whereas a VINES server sends routing updates as all-routes explorers. The Cisco implementation provides lower explorer impact upon the network, whereas the Banyan implementation finds the shortest path between any two nodes. The fix for this behavior allows choosing between spanning tree explorers and all-routes explorers on a per protocol basis. This is done via an extension to the multiring command. The new command syntax is [no] multiring {protocol | all} [all-routes | spanning]. The trailing all-routes and spanning keywords specify the explorer type to be used. The default is to use spanning tree explorers. [CSCdi09091]

• There was a condition whereby the Token Ring chipset would become the Ring Parameter Server but the LAN Network Manager could not discover this fact and so would not respond to requests by other stations to insert onto the ring. [CSCdi09108]

IP Routing Protocols

• Whenever inconsistent metrics are assigned to a router interface, it is possible to run into this bug. The result of this bug is that the route entries in the IP routing table will sometimes drop the interface or will have a wrong interface. The workaround is to have consistent metrics in the network. [CSCdi08297]

• The system disallows multiple interfaces to be configured with IP addresses on the same subnet. Such IP address overlap should be allowed when it occurs between an interface and its backup, as designated by the backup interface interface subcommand. [CSCdi08318]

• When a route boots from ROM, it ignores OSPF configuration in NVRAM. After booting, enter the command config mem. [CSCdi08409]

• If a summary LSA is regenerated within 5 seconds, the flooding of the LSA may not happen resulting in inconsistent database. The fix will be available in a future release. [CSCdi08463]

• When there are subnet routes in the IP routing table for a major network and if there is a route for that major network from EGP, the EGP route will not be aged. This will result in keeping invalid route entries from EGP. There is no workaround. [CSCdi08512]

• Whenever you have a major network route from EGP followed by subnets From OSPF, all the OSPF subnets and EGP routes will be deleted after 180 seconds. There is no workaround. [CSCdi08513]

• The system can refuse to allow the user to remove static ARP entries that were specified by the user, with the error message "Can't unset interface address." The system is wrongly confusing the user supplied ARP entry with the system generated ARP entries for its local network interfaces. The correct behavior is to allow the user to remove any ARP entries they added to the ARP table. This can happen when the user explicitly specifies an ARP entry for the local IP address of an interface on which ARP is not running. [CSCdi08523]

• The system reloads when handling fragmented IP packets larger than 32767 bytes in length. The software was treating the offset in a fragmented packet as a signed quantity that becomes negative when the offset exceeds the value 32767. This is not likely to be seen by systems unless the buffers huge size n is used to increase the allowable size of fragmented IP packets. Without this change, the system starts dropping the fragments well before the offset becomes negative. The system reloads can be avoided by changing the internal representation of IP fragment offsets. [CSCdi08592]

• When a link is flapping continuously, it is possible to run SPF calculations after each topology change, resulting in locking the router. There is no workaround. This will be fixed in a future release. [CSCdi08600]

• The system does not properly process RARP response packets received where these packets are responses for requests not initiated by the system. The system allows such packets to remain in the input queue, resulting in two user visible problems. First, the network interface input queue can fill up with RARP response packets, causing all subsequent packets destined for the system to be dropped. Second, the system fails to bridge these RARP response packets. The correct behavior is to bridge such packets in the case where the system is configured to bridge RARP packets; otherwise, it should ignore these packets. [CSCdi08651]

• The distribute-list command sometimes makes access list changes even when a parsing error is detected and an error message is printed. The software continues processing this command even though an error has been detected. Because of this aspect of the implementation, the system will treat a distribute-list command that specifies a nonexistent interface as if no interface has been specified, thus unexpectedly applying the access list to all interfaces. If the user receives parser errors in response to their distribute-list configuration commands, it is recommended that they verify that the system has not wrongly interpreted their commands by examining the distribute-list commands reported by write terminal. [CSCdi08668]

• When configuring the metric to use for route redistribution, the system can confuse metrics specified via the default-metric configuration command with those specified via the redistribute metric subcommand. The system should keep the configured values of these metrics separate and use the metric specified via the redistribute configuration command in preference to the metric specified via the default-metric configuration command. Additionally, the system refuses to accept the no form of the configuration command redistribute protocol metric, where the metric value argument is included. [CSCdi08695]

• If an interface is configured with the ip unnumbered and no ip split-horizon commands, no routing updates will be received on that interface. [CSCdi08717]

• During a designated router election process, a router that used to be a designated router but just lost the election fails to choose itself as backup designated router when it should. The correct behavior is to choose a router with the highest router priority among the rest, excluding the router that declared itself as designated router. [CSCdi08732]

• OSPF generates a Seq Number Mismatch event after receiving a duplicate database description packet after it moved into state Full and it was a slave during database synchronization. The correct behavior is to simply discard it, up until Dead Interval time since transition into state Full. After that period, it will generate a Seq Number Mismatch event. [CSCdi08829]

• When configuring a router with the redistribute static metric-type 1 router subcommand for OSPF router, the metric-type 1 argument is correctly set for redistributed routes but it is not recorded in configuration file as indicated by write terminal command. This can cause the router to use the default metric-type of 2 if the incorrect configuration file is written to either file or memory, then reloaded back to the router. [CSCdi08870]

• The system reloads after loading configuration file with the distribute-list access-list-number out router subcommand for an OSPF router. This only happen when loading configuration file from TFTP server. Configuring From the console will not cause a reload. [CSCdi08956]

• If a BGP router learns a route via IBGP and it has an EBGP neighbor as the next hop, and it then advertises the same route to the EBGP neighbor, the resulting next hop will be the EBGP neighbor itself. This will cause the BGP session to disconnect. [CSCdi08963]

• Packets being fast switched from an MCI serial line using SMDS encapsulation to an SBE Token Ring are placed onto the Token Ring with an incorrect length. The result is that these packets appear to be invalid and are ignored by the next hop. A system with the above configuration needs to have fast switching disabled in order for packets to be properly switched. [CSCdi08997]

• An OSPF packet is sent with IP-TTL 1 on a virtual link. This can cause the packet to be discarded when it is crossing the transit area. The IP-TTL for packet to virtual link is now set to 255. [CSCdi09000]

• There are some cases when OSPF processes an incoming summary link state advertisement, the system will reload. This problem occurs under heavy OSPF load conditions. [CSCdi09090]

• This fixes a problem when fastswitching IP packets on the SBE TokenRing to/from Serial lines. Now all forms of encapsulations on Serial lines can be fastswitched to/from the SBE TR, HDLC, Frame-Relay(non-IETF) & SMDS. This fixes a problem when fast switching IP packets on the SBE Token Ring to/from serial lines. Now all forms of encapsulations on serial lines can be fast switched to/from the SBE TR, HDLC, Frame Relay (non-IETF) and SMDS. [CSCdi09187]

ISO CLNS

• CLNS static routes will not be written to NVRAM when a routing protocol has learned the same route and has better administrative distance. The correct behavior is for static routes to be written to NVRAM. [CSCdi05767]

• The no clns enable command does not check to see whether or not a dynamic protocol is active on an interface before disabling CLNS on the interface. [CSCdi07413]

• The MTU of CLNS is always set to be three less than the IP MTU on the same interface. This works for Ethernet/802.3, but is incorrect for other media. This bug could cause CLNS to attempt to generate fragments larger than can be reasonably sent on an interface, resulting in packet loss, although this is unlikely to happen in practice. [CSCdi07875]

• If the isis metric value interface subcommand is entered and the IS-IS process is not created (no previous router isis command), the system may crash. [CSCdi08434]

• If a Cisco router is an IS-IS designated router on a multiaccess network, it will transmit LSP entries in CSNP packets with a negative lifetime. This is only a problem if a receiver uses the lifetime information, and Cisco routers do not. This was found while doing interoperability testing with IBM's IS-IS implementation. [CSCdi08435]

• The encapsulation type for CLNS is sometimes displayed incorrectly when a show clns interface command is entered. This is a cosmetic defect only. [CSCdi08467]

• CLNS fast switching does not properly fragment packets. Packets received on FDDI that are larger than 1497 octets will not be forwarded properly over serial and 802.3 interfaces. This is not typically a problem, since CLNS packets are seldom this large. The workaround is to disable CLNS fast switching on the FDDI interface with the no clns route-cache command. [CSCdi08494]

• If the CLNS trace facility is used to trace a path that goes through another Cisco router on the same LAN, the second of the three trace packets may not work. This has no operational impact, other than causing a 3-second delay in the execution of the trace. [CSCdi08653]

• CLNP packets received by a router with a lifetime field of zero will be forwarded (with a lifetime of 255) if slow-switched. This has no operational impact whatsoever unless a host is emitting packets with a lifetime of zero. [CSCdi08654]

• This problem only occurs when you run an ISO-IGRP routing process where you enable Level 2 only routing for all interfaces for the processes routing domain. For example:

  router iso-igrp 39 net 39.0001.0000.0c00.ffff.00 int e 0 clns router iso-igrp 39 level 2 int e 1 clns router iso-igrp 39 level 2
  

  ISO-IGRP routes are created, ISO-IGRP adjacencies are not. Routes may not go away. [CSCdi08745]
  

• If you enter the command no router iso-igrp 39 all prefix routes created by this process will not be removed from the CLNS prefix routing table. A workaround is to do a clear clns routes. Also, if you enter router iso-igrp 39 and distance 90. Prefix routes that are created by this process are not assigned a distance of 90. A workaround is to enter the clear clns routes command. The next updates received will build routes with a distance of 90. [CSCdi08755]

• If there are multiple options present in an IS-IS hello packet, there are cases that the area address is not extracted and stored in the adjacency database. This occurs when the router on the other end of a serial link advertises both an IP address and an area address. This does not occur between two Cisco routers, since integrated IS-IS is not supported until a later release. [CSCdi09048]

• When using IS-IS as the OSI routing protocol, any static routes that are configured are not entered into the Level 1 IS-IS routing table. As a result, route table lookups on the static address fail. The IS-IS code will add a route to the routing table if the route is IS-IS or ES-IS derived; it should also add the route if the route is a static one. [CSCdi09053]

LAT

• When a passthrough connection is made to another LAT system over an existing LAT connection, the break key does not return the terminal server to the correct mode. [CSCdi07815]

• Under certain conditions, the LAT disconnect sequence may cause the Communication server to reload. [CSCdi08636]

• Run from ROM software (igs-kr or igs-bprx) may not properly advertise LAT services defined in the communication server or protocol translator. [CSCdi08837]

• Using the protocol translator, LAT to TCP translation sessions may cause TCP checksum errors. [CSCdi09097]

Local Services

• If enable use-tacacs is configured on either a commication server or protocol translator without defining a tacacs-server host, then any username/password combination will allow any user to enable. [CSCdi08070]

• If a router or comm server is configured with a username having an encryped password of invalid format, it is possible that the unit will reload when someone tries to log in using that username. The only way to get an encrypted password is for the cisco unit to create it; users should not enter: username myname password 7 mypassword Since "mypassword" is not a valid format for a type 7 encrypted password. [CSCdi08805]

• The TR and the SRB mibs were in the experimental space when the code was being developed for Release 9.1. The Standards Committee has now moved both the TR and the SRB mibs to the standard space. This fix moves them from the experimental to the standard space. [CSCdi08815]

Novell IPX, XNS, and Apollo Domain

• The ping command will display incorrect round-trip times for 32-, 33-, or 34-byte Novell IPX or XNS packets. Use larger sizes when sending IPX or XNS echoes from the router to obtain more accurate round-trip times. [CSCdi07529]

• On media other than 802.x, the show xns int command will display the wrong encapsulation type if the default encapsulation has been changed. For example, on an SMDS interface show xns int will display "XNS encapsulation is HDLC." We should only display XNS encapsulation types for 802.x media. [CSCdi07929]

• When a Cisco unit has a large number of the same type of interfaces, the show novell cache or show xns cache commands will display the interface limited to nine characters, which allows only Ethernet1 to be displayed when it is in fact Ethernet11. The initial 9.1 release changed this to ten characters, which corrects Ethernet names, but Token Ring will have a similar problem unless the length is eleven characters. [CSCdi08236]

• Certain destination addresses will not be correctly placed into the FDDI fast switching cache for XNS or Novell. As such, certain addresses will always be slow switched. This problem will be fixed in a future release. [CSCdi08373]

• When a Cisco router generates an XNS error response packet, it is sent out with a source address equal to the original source of the packet that caused the error response. The source address should be that of the router itself. [CSCdi08377]

• When fast switching Novell Ethernet frames that have an 802.3 length less than the minimum Ethernet size, the 802.3 length field is incorrectly set to 60. Some Novell hosts will then count this as an error when they receive it. The frame that might often been seen with the error would be a NetWare "Create Service Connection Reply" packet coming from a server through a Cisco router to a client; if the client rejects this packet, then the connection attempt fails. Only some clients and some servers will see this problem, depending on the vendor and version of the Ethernet driver on the PC. When fast switching is off, we put the correct 802.3 length in the packet. This happens between any two MEC Ethernet ports in the same router or between any two Ethernet ports on the same MCI card. [CSCdi08547]

• Certain Ethernet drivers (cards) used by workstations running Novell/IPX when using the Novell encapsulation type on an Ethernet of novell encapsulation novell-ether cannot have their packets fast switched. There are two workarounds to this problem. The first is to make the workstations use the encapsulation compatible with the novell encapsulation arpa for Ethernet interfaces. The second is to enable slow switching on the Ethernet interfaces. This compatibility issue will be addressed in an upcoming release of software.

  The command novell gns-desponse-delay x has been made available. The delay x is the amount of time to delay when responding to Get Nearest Server SAP requests. The default value is 500, which is 0.5 second. [CSCdi08577]
  

• In certain topologies, fast switch looping of (Novell) multicast packets can occur when received on an interface that is active, but not configured for Novell. This is now corrected. [CSCdi08722]

• XNS was treating all serial lines as HDLC encapsulation and attempted to fast switch packets to/from these lines. This is a problem for SMDS encapsulated lines. XNS fast switching was modified to force process-switching of all SMDS encapsulated serial lines. [CSCdi09121]

TCP/IP Host-Mode Services

• In some netbooting configurations, a client may have multiple interfaces that it could use to traffic data back and forth to the server while it is netbooting. The first thing a client will do if the server is not on the same physical wire as one of its interfaces is broadcast a request for a proxy ARP to get to the server. This is asking a neighbor to help it traffic to the server. Once a neighbor responds, data will be forwarded to the server. In some cases, a second neighbor might step in and tell the client that it will act as the proxy ARP. When this happens, the client gets confused as his original path to the server has now changed. It is more common that two or more parallel IEEE media between the client and its only neighbor will also cause this to happen. This will most likely cause an error similar to the following:

  Booting gs3-k.91 from 223.255.254.254: !O.OO.O.......... [timed out] [CSCdi07727]
  

• The system normally disallows multiple interfaces to be configured with IP addresses on the same subnet. Such IP address overlap should be allowed during system startup. This is a problem when dynamic address configuration (such as via BootP or RARP) specifies IP addresses for the system interfaces that overlaps with the configuration specified later in the booting process by the configuration data. In this situation, the IP addresses specified by the configuration data are thrown out where they overlap with the IP addresses that were learned dynamically. This is not a problem for systems with valid configuration data contained in EPROM, as these systems will not attempt to learn the IP addresses for their interfaces dynamically from the net. [CSCdi08166]

• When the IP address for a system interface is learned at system boot time via BootP, the address is assigned a default network mask, without regard for any subnet mask that might be intended for use on the attached network segment. Subsequently, interfaces attached to other subnets of the same network cannot be configured with the proper IP address and subnet mask due to the address overlap caused by the default netmask already configured. When the IP address for a system interface is learned via BootP, it should be assigned a host netmask, thus avoiding the above overlap problem. This is not a problem for systems with valid configuration data contained in EPROM, as these systems will not attempt to learn the IP addresses for their interfaces via BootP. [CSCdi08167]

• The login-string configuration command is not correctly implemented for tn3270 connections. As currently implemented, it merely sends the ASCII text of the login-string to the host at the other end of the connection. This is fine for Telnet and Rlogin connections, but for tn3270 connections, the login-string must be passed through the tn3270 input path.

  The problem will be fixed by passing the login-string through the tn3270 input path on tn3270 connections. Additionally, two special escape characters have been added, %t for tab, and %m for carriage return. In order to place a tab in a login-string, one will enter %t. Likewise, one will use %m at the end of the login-string to achieve a carriage return, as normal telnet processesing would send an undesirable line feed after the carriage return. The login-string configuration command is not correctly implemented for TN3270 connections. As currently implemented, it merely sends the ASCII text of the login-string to the host at the other end of the connection. This is fine for Telnet and Rlogin connections, but for TN3270 connections, the login-string must be passed through the TN3270 input path. The problem will be fixed by passing the login-string through the TN3270 input path on TN3270 connections. Additionally, two special escape characters have been added: %t for tab, and %m for carriage return. In order to place a tab in a login-string, one will enter %t. Likewise, one will use %m at the end of the login-string to achieve a carriage return, as normal Telnet processing would send an undesirable line feed after the carriage return. [CSCdi08438]
  

TN3270

• Keymaps are not currently parsed correctly. Each keymap consists of the name of the keymap, the terminal types to which it applies, and the various mappings. When parsing the terminal types, only the first one is read correctly. The result is that the keymap will only be selected when the user's terminal type matches either the name of the keymap or the first terminal type in the keymap. This will be fixed by changing the software to correctly parse the terminal types in the keymap. [CSCdi05677]

• When tn3270 has a buffer of data to send which is exactly the same size as the packet that it is sending it in, the packet is sent without the TCP PUSH flag set. Some host implementations will not act on the data unless the TCP PUSH is set. Connections to these hosts can pause for the session timeout period. This will be fixed by having all tn3270 packets sent with the push flag set. When TN3270 has a buffer of data to send that is exactly the same size as the packet that it is sending it in, the packet is sent without the TCP PUSH flag set. Some host implementations will not act on the data unless the TCP PUSH is set. Connections to these hosts can pause for the session timeout period. This will be fixed by having all TN3270 packets sent with the push flag set. [CSCdi08034]

• Clear to end of line is currently done by writing spaces. This is very slow and can be painful on low-speed dialup lines.

  It will be fixed by using two attributes in the ttycap, ms: and cx:. If both attributes are in the terminal's ttycap cisco's tn3270 implentation will use the clear to end of line command rather than sending spaces to the terminal. This will be the default behavior. Note that this may not be appropriate when a terminal is in underline mode. Removing the cx: attribute from the termcap will cause cisco's tn3270 to clear to the end of line by sending spaces. Clear to end of line is currently done by writing spaces. This is very slow and can be painful on low-speed dial-up lines. It will be fixed by using two attributes in the ttycap: ms: and cx:. If both attributes are in the terminal's ttycap, Cisco's TN3270 implementation will use the clear to end of line command rather than sending spaces to the terminal. This will be the default behavior. Note that this may not be appropriate when a terminal is in underline mode. Removing the cx: attribute from the termcap will cause Cisco's TN3270 to clear to the end of line by sending spaces. [CSCdi08449]
  

VINES

• If a VINES SPP packet is addressed directly to a router, it will discard the packet twice producing a "Buffer in list" error message. This error is very unlikely, and is also harmless. [CSCdi08362]

• The Cisco router now accepts and process VINES redirects from other servers. Prior to this fix, redirect messages were ignored. This patch also fixes some minor problems generating redirect messages. [CSCdi09088]

Wide-Area Networking

• If the dialer string or dialer map entries in a configuration are changed, the show dialer command displays incorrect values for the number of successful and failed calls. This is due to the new dialer string simply replacing the old dialer string, rather than starting a whole new entry with new statistics. [CSCdi05886]

• There is a race condition where if a show dialer command is issued after the idle timer expires, but before the call is disconnected, the output may show a large negative number. Issuing the show dialer command again will show the correct value. [CSCdi06415]

• The x25 pvc bridge number interface command is not properly stored in the router's configuration memory. [CSCdi06683]

• The clear counters [interface] command does not clear LAPB or X.25 counters. [CSCdi06880]

• When bridging over a frame relay ntwork that supports a multicast facility, the router learns the multicast DLCI as the source rather than the DLCI of the sending router. This causes all bridged packets to be sent on the multicast channel rather than being sent directly to the destination DLCI. This does not impact operation when using the frame relay map bridge command.

  When bridging over a frame relay ntwork that supports a multicast facility, the router learns the multicast DLCI as the source rather than the DLCI of the sending router. This causes all bridged packets to be sent on the multicast channel rather than being sent directly to the destination DLCI. This does not impact operation when using the frame relay map bridge command. [CSCdi08280]
  

• The change made for CSCdi08408 had the side effect of clearing dynamically learned frame relay maps every 10 seconds. This behavior is seen when the frame relay network supports a multicast network and dynamic address resolution is being used. In addition, the status display from the show frame-relay map command indicates all DLCIs are "added" rather than "defined" as expected. [CSCdi08482]

• Still waiting to reproduce. Maybe related to similar behavior (CSCdi08508). [CSCdi08495]

• When PPP keepalives declare a link down, they will never declare a link back up unless a carrier transition occurs. This problem first appeared in release 9.1(1) when PPP echo requests were started to be used as keepalives. To work around this problem, either disable keepalives on the PPP interface using the no keepalive command, or if the link is declared down, shut down the interface and then take it out of shutdown. [CSCdi08499]

• When the BRI initially comes up, the link state change message does not contain the interface name. This is a cosmetic change and does not affect normal operation. [CSCdi08535]

• The ISDN software for the 3103 does not correctly deal with timer T304, which is used for XID time-outs. [CSCdi08536]

• The previous releases of 9.1 didn't allow fastswitching of SMDS packets to/from TokenRing. This was considered to be a serious limitation at the time but has turned out different.

  It was discovered that a configuration that supported both a TokenRing and SMDS was required to have all fastswitching to be disabled. This was necessary for proper operation of the SMDS interface. Packets would otherwise be lost/corrupted.
  

  This problem is resolved by providing support for fastswitching of SMDS packets to/from TokenRing. With this change, all normal fastswitching devices can again be enabled with an SMDS interface. In addition, higher performance is achieved by also fastswitching SMDS packets to/from TokenRing as with other highspeed LANs. The previous releases of 9.1 did not allow fast switching of SMDS packets to/from Token Ring. This was considered to be a serious limitation at the time but has turned out different. It was discovered that a configuration that supported both a Token Ring and SMDS was required to have all fast switching to be disabled. This was necessary for proper operation of the SMDS interface. Packets would otherwise be lost or corrupted. This problem is resolved by providing support for fast switching of SMDS packets to/from Token Ring. With this change, all normal fast switching devices can again be enabled with an SMDS interface. In addition, higher performance is achieved by also fast switching SMDS packets to/from Token Ring as with other high-speed LANs. [CSCdi08589]
  

• For the European SMDS(CBDS) a country code value, other than 1, is required. A value of 1 specifies a North American address. The French, Germans, etc... have different values. This country code is placed in all SMDS E.164 addresses in the second highest nibble. 1100 nnnn for a Unicast SMDS address and 1110 nnnn for a Multicast SMDS address.

  Where 'nnnn' can now be any value. C120.1580.4721 Specifies a North American SMDS address c020.1580.4721 May specify a European address of the same no. For the European SMDS (CBDS), a country code value other than 1 is required. A value of 1 specifies a North American address. The French, Germans, and so forth have different values. This country code is placed in all SMDS E.164 addresses in the second highest nibble. 1100 nnnn for a unicast SMDS address and 1110 nnnn for a multicast SMDS address, where nnnn can now be any value. C120.1580.4721 specifies a North American SMDS address. C020.1580.4721 may specify a European address of the same number. [CSCdi08590]
  

• Regarding the x25 map ip ipaddr broadcast command, all x25 map commands must accept an X.121 address for association with each protocol address mapped to. Rather than having the broadcast keyword taken as an X.121 address incorrectly, the configuration will now contain an X.121 address before the broadcast keyword is specified. [CSCdi08630]

• The 3103 router does not support the 1TR6 German ISDN Basic Rate Interface. It must pass the necessary homologation tests in Germany before it can be used with these switch types. [CSCdi08786]

• The show frame-relay mapdisplays all the mappings even though the serial line is shut or the encapsulation is changed. Write term does get rid of the configuration statments from the frame-relay map when encapsultion is changed. [CSCdi08792]

• When using CHAP on an ISDN link, the router fails to recognize that it is connected to the other router, even though CHAP succeeds. [CSCdi08912]

• On an ISDN router, DDR may not place calls when there is not a dialer string or map defined because the B channel is not released, causing the router to think that all the B channels are in use. [CSCdi08978]

• An ISDN router configured for a 5ESS switch may fail to place a call because it does not get a Terminal Endpoint Identifier (TEI) from the switch. [CSCdi08999]

• When a serial interface is configured for HDLC and it detects a loopback, it will set the loopback flag. If the encapsulation of this interface is then changed to PPP, the loopback flag stays set, and the show interface always displays that the interface is looped. [CSCdi09023]

• When a configure request is recieved for a supported PPP protocol, that is not configured, the system sends a TERMACK because we are in a closed state. The system should send a protocol reject when the protocol is not configured on the interface. [CSCdi09024]

• RFC1294 header format is not followed properly in frame relay encapsulation. [CSCdi09026]

• The system should not allow the user to configure lapb holdq n command for X.25 encapsulation. The default command is lapb holdq 0. Users changing this default value will see performance problems over X.25 links. [CSCdi09064]

• On PPP systems, PPP negotiation is broken over rotary groups and BRI. [CSCdi09098]