Release Notes for Access and Communication Servers for Cisco IOS Release 11.0

December 15, 1997

These release notes describe the features, modifications, and caveats for Cisco IOS Release 11.0, up to and including Release 11.0(18). They include all access server features and protocol translation features.

Cisco IOS Release 11.0(11) and all later 11.0 releases are considered to be "Generally Deployable." Cisco believes Release 11.0 is suitable for deployment anywhere in the network where the features and functionality are required.

Introduction

These release notes discuss the following topics:

Cisco IOS Documentation

For complete documentation of Cisco IOS Release 11.0 access server software features, refer to the following Cisco IOS Release 11.0 publications, which are available as printed manuals or electronic documents:

Access and Communication Servers Configuration Guide
Access and Communication Servers Command Reference

For electronic documentation of Release 11.0 access server software features, refer to the Cisco IOS Release 11.0 Access and Communication Servers Configuration Guide and Access and Communication Servers Command Reference publications, which are located in the Cisco IOS Release 11.0 database on the Documentation CD-ROM.

You can also access Cisco technical documentation on the World Wide Web at http://www.cisco.com, http://www-europe.cisco.com, or http://www-china.cisco.com.

Cisco IOS Platform Support

Cisco IOS Release 11.0 supports the following access server platforms:

ASM-CS
Cisco 2500 series
Cisco AS5100

Table 1 summarizes the LAN interfaces supported on each platform. Table 2 summarizes the WAN data rates and interfaces supported on the Cisco 2500 series and Cisco AS5100.

Table 1: Interfaces Supported

Interface	ASM-CS	Cisco 2500 Series	Cisco AS5100
Synchronous Serial	Yes	Yes	Yes
Ethernet (AUI)	Yes	Yes	Yes
4-Mbps Token Ring	Yes	Yes	No
16-Mbps Token Ring	Yes	Yes	No

Table 2: WAN Data Rates and Interfaces Supported

	Cisco 2500 Series	Cisco AS5100
Data Rate
48/56/64 kbps	Yes	Yes
1.544/2.048 Mbps	Yes	Yes
34/45/52 Mbps	No	No
Interface
EIA/TIA-232	Yes	Yes
X.21	Yes	Yes
V.35	Yes	Yes
EIA/TIA-449	Yes	Yes
EIA-530	Yes	Yes
EIA/TIA-613 (HSSI)	No	No
ISDN BRI	No	No
ISDN PRI	No	No
G.703/G.704	No	No

Cisco IOS Feature Sets

The Cisco IOS software is available in different feature sets depending on the platform. Table 3 lists the feature sets available on the Cisco 2500 series and the Cisco AS5100.

**Table 3: Cisco 2500 Series Access Servers and Cisco AS51001 Software Feature Sets**
Feature	IP	IP/IBM Base	IP/IPX	IP/IPX/ IBM Base	IP/IPX/ APPN/ IBM	Desktop	Desktop/ IBM Base	Enterprise	Enterprise/APPN	Remote Access Server
SNMP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Asynchronous support (SLIP)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
CSLIP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
ARA	--	--	--	--	--	Yes	Yes	Yes	Yes	Yes
Frame Relay (RFC 1490)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
SMDS	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	--
X.25	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
ISDN	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	--
PPP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
CPPP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
HDLC	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
IP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
IGRP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Enhanced IGRP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
OSPF	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
BGP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
EGP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
PIM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NHRP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
ES-to-IS	--	--	--	--	--	--	--	Yes	Yes	--
IS-to-IS	--	--	--	--	--	--	--	Yes	Yes	--
Snapshot routing	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NTP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Bridging (transparent and translational)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	--
Multiring	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
LAN extension host	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	--
IPX	--	--	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
NLSP	--	--	Yes	Yes	Yes	Yes	Yes	Yes	Yes	--
RTMP	--	--	--	--	--	Yes	Yes	Yes	Yes	Yes
IPXWAN 2.0	--	--	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
AppleTalk Versions 1 and 2	--	--	--	--	--	Yes	Yes	Yes	Yes	Yes
AURP	--	--	--	--	--	Yes	Yes	Yes	Yes	Yes
DECnet IV	--	--	--	--	--	Yes	Yes	Yes	Yes	Yes
DECnet V	--	--	--	--	--	--	--	Yes	Yes	--
Apollo Domain	--	--	--	--	--	--	--	Yes	Yes	--
Banyan VINES	--	--	--	--	--	--	--	Yes	Yes	--
ISO CLNS	--	--	--	--	--	--	--	Yes	Yes	--
XNS	--	--	--	--	--	--	--	Yes	Yes	--
SRB/RSRB	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
DLSw+	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
SDLC	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
SDLLC	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
STUN	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
TG/COS	--	--	--	--	--	--	--	Yes	Yes	--
DSPU	--	--	--	--	--	--	--	Yes	Yes	--
QLLC	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
APPN	--	--	--	--	Yes	--	--	--	Yes	--
Bisync	--	Yes	--	Yes	Yes	--	Yes	Yes	Yes	--
Protocol translation	--	--	--	--	--	--	--	Yes	Yes	Yes
TN3270	--	--	--	--	--	--	--	Yes	Yes	Yes
LAT	--	--	--	--	--	--	--	Yes	Yes	Yes
XRemote	--	--	--	--	--	--	--	Yes	Yes	Yes
Telnet	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
AutoInstall	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
DHCP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

1. APPN is not supported on the Cisco AS5100.

Memory Requirements

The Cisco IOS Release 11.0 software image size might exceed 4 MB. Also, the systems now require more than 1 MB of main system memory for data structure tables.

For the Cisco access servers to take advantage of the Release 11.0 features, you must upgrade the code or main system memory as listed in Table 4. Some platforms have specific chip or architecture requirements that affect what can be upgraded and in what increments.

Table 4: Cisco IOS Release 11.0 Minimum Memory Requirements

Platform	Minimum Required Code Memory	Minimum Required Main Memory	Release 11.0 Runs from
ASM-CS	--	16 MB RAM	RAM
Cisco 2500 Series
IP Set¹	4 MB Flash	4 MB RAM	Flash
IP/IPX Set	4 MB Flash	4 MB RAM	Flash
Desktop Set	8 MB Flash	4 MB RAM	Flash
Enterprise Set	8 MB Flash	6 MB RAM	Flash
Remote Access Server	4 MB Flash	4 MB RAM	Flash
Enterprise/APPN Set	8 MB Flash	8 MB RAM	Flash
IP/IPX/APPN/IBM Base Set	8 MB Flash	8 MB RAM	Flash
Desktop/IBM Base Set	8 MB Flash	4 MB RAM	Flash
IP/IPX/IBM Base Set	8 MB Flash	4 MB RAM	Flash
IP/IBM Base Set	8 MB Flash	4 MB Flash	Flash
AS5100²
IP Set	4 MB Flash	6 MB RAM per card	Flash
IP/IPX Set	4 MB Flash	6 MB RAM per card	Flash
Desktop Set	8 MB Flash	6 MB RAM per card	Flash
Enterprise Set	8 MB Flash	6 MB RAM per card	Flash
Remote Access Server	4 MB Flash	6 MB RAM per card	Flash
Desktop/IBM Base Set	8 MB Flash	6 MB RAM	Flash
IP/IPX/IBM Base Set	8 MB Flash	6 MB RAM	Flash
IP/IBM Base Set	8 MB Flash	6 MB RAM	Flash

¹ For Cisco access servers 2509 through 2512 and Cisco 2522 and 2523, 4 MB of DRAM is the recommended minimum amount of memory.
² Memory requirements listed are per card. Each Cisco AS5100 supports up to three cards, so the maximum memory needed for any Cisco AS5100 is three times the listed number.

New Features in Release 11.0(5) and Later Releases

The following software enhancements have been added to Release 11.0(5). There are no new features in software releases later than Release 11.0(5).

Note The first few maintenance releases of each new Cisco IOS software release might deliver additional new features. As you plan to deploy a new release, consider the importance of maximizing product capability versus operational stability. An early release of software should always be tried in a test network before it is deployed in a production network.

Cisco 2520, Cisco 2521, Cisco 2522, and Cisco 2523

The Cisco 2520 through Cisco 2523 models merge router and access server features to serve access and telecommuting requirements in a single platform. WAN aggregation, telecommuting, branch office, and IBM protocol applications are well-suited to these new Cisco devices.

The interfaces available in each model are shown below:

Cisco 2520	1 Ethernet, 2 high-speed synchronous serial, 2 low-speed synchronous/asynchronous serial, 1 ISDN BRI
Cisco 2521	1 Token Ring, 2 high-speed synchronous serial, 2 low-speed synchronous/asynchronous serial, 1 ISDN BRI
Cisco 2522	1 Ethernet, 2 high-speed synchronous serial, 8 low-speed synchronous/asynchronous serial, 1 ISDN BRI
Cisco 2523	1 Token Ring, 2 high-speed synchronous serial, 8 low-speed synchronous/asynchronous serial, 1 ISDN BRI

The low-speed serial interfaces (maximum speed 115.2 kbps) are capable of supporting both synchronous and asynchronous protocols.

New Features in Release 11.0(4)

The following software enhancement has been added to Release 11.0(4).

Payload Compression for Frame Relay

This feature was previously unavailable in Release 11.0. It allows payload compression of data within Frame Relay packets. Compression is performed on a packet-by-packet basis, yielding a compression ratio of approximately 1.5 to 1, depending on the packet and data characteristics. The command frame-relay payload-compress packet-by-packet is included.

New Features in Release 11.0(3)

The following software enhancements have been added to Release 11.0(3).

Dynamic Address Mapping for IPX over SMDS

The smds glean interface configuration command is included in the feature set of Release 11.0(3). The smds glean command dynamically creates SMDS to higher-level protocol address mappings from incoming packets, thereby making the need for static map configuration for the IPX protocol optional rather than required. However, any static map configuration will override the dynamic maps.

IP Address Pooling Changes

IP address pooling provides a pool of IP addresses from which an incoming interface can provide an IP address to a remote node through the IP Control Protocol (IPCP) address negotiation process. In Cisco IOS Release 11.0(3), the IP address pooling feature is enhanced to allow configuration of a global default address pooling mechanism, a per-interface configuration of the mechanism to use, and a per-interface configuration of a specific address or pool name to use. Cisco IOS Release 11.0(3) also enhances the flexibility of configuration by allowing multiple types of pooling to be active simultaneously.

Multivendor Flash SIMM Support

With Release 11.0(3), you can use Flash SIMMs from multiple vendors, as long as the total size of each SIMM is equal, and the SIMMs are installed in one of the combinations shown in Table 5 (for the Cisco 2500 series).

Multivendor Flash memory support is restricted to platforms that use Rxboot Version 10.2(7a) or later, and Cisco IOS Release 10.2(8), 10.3(6), or 11.0(3) or later.

Cisco 2500 series routers have two slots for Flash SIMMs. Table 5 provides the supported SIMM configurations.

**Table 5: Cisco 2500 Series Flash SIMM Support**
SIMM Size	Vendor	Flash Bank	Considerations
4 MB	Intel (1Mbx8)	single	None
4 MB/4 MB	Intel/Intel (1Mbx8)	dual	None
4 MB/4 MB	Intel/AMD (1Mbx8)	dual	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 11.0(3) or later 10.3(6) or later 10.2(8) or later
8 MB	Intel (2Mbx8)	single	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 11.0(1) or later 10.3(1) or later 10.2(2) or later 10.0(6) or later
8 MB/8 MB	Intel/Intel (2Mbx8)	dual	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 11.0(1) or later 10.3(1) or later 10.2(2) or later 10.0(6) or later
8 MB/8 MB	Intel/AMD (2Mbx8)	dual	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 11.0(3) or later 10.3(6) or later 10.2(8) or later
4 MB	AMD (1Mbx8)	single	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 10.0(11) or later 10.2(7) or later 10.3(4) or later
4 MB/4 MB	AMD/AMD (1Mbx8)	dual	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 10.0(11) or later 10.2(7) or later 10.3(4) or later
8 MB	AMD (2Mbx8)	single	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 10.0(11) or later 10.2(7) or later 10.3(4) or later
8 MB/8 MB	AMD/AMD (2Mbx8)	dual	This configuration requires rxboot Release 10.2(7a) or later. It also requires one of the following Cisco IOS Releases: 10.0(11) or later 10.2(7) or later 10.3(4) or later

PPP Callback

Cisco IOS Release 11.0(3) supports PPP callback, which provides a client server relationship between the end points of a point-to-point serial connection. PPP callback allows a router to request that a dial-up peer router call back. The callback feature can be used to control access and toll costs between the routers. This feature is a partial implementation of the PPP Callback specifications in RFC 1570.

New Features in Release 11.0(2)

The following new software features were added to Cisco IOS Release 11.0(2).

QLLC and Bisync

The QLLC and Bisync features are included in the following feature sets for the Cisco 2500 series access servers and Cisco AS5100 access server:

IP/IPX/IBM Base
Desktop/IBM Base
IP/IPX/APPN/IBM Base

New Features in Release 11.0(1)

This section describes new features and enhancements in Release 11.0(1) of the access server software.

General Features

This section describes general features that are new in the initial release of Cisco IOS Release 11.0.

Weighted Fair Queuing--A sophisticated traffic priority management algorithm that identifies conversations (traffic streams) and then breaks up the trains of packets belonging to each conversation to ensure that the capacity is shared fairly between individual conversations. Fair queuing provides an automated way to stabilize network behavior during congestion and results in increased performance and reduced retransmission. The algorithm automatically sorts conversations without requiring the user to define access lists. Instead, by examining sufficient fields in the packet header, the algorithm can identify unique conversations.

: Conversations are sorted into two categories--Those that are attempting to use a lot of bandwidth with respect to the interface capacity (for example, FTP) and those that need less (for example, interactive traffic). For streams that use less bandwidth, the queuing algorithm always attempts to provide access with little or no queuing and shares the remaining bandwidth among the other conversations.

Custom and priority queuing enhancements--The number of queues that can be used for custom queuing and priority queuing has been increased to 16.
Custom and priority queuing Management Information Base (MIB)--This MIB provides detailed access to custom and priority queuing information. This information was previously available only via the show queue EXEC command.

Backbone Protocol Routing Features

This section describes the backbone protocol routing features that are new in the initial release of Cisco IOS Release 11.0.

TCP/IP Features

The following features have been added to the Cisco IOS TCP/IP software:

Routing security enhancements with Message Digest 5 (MD5)--Now available for Open Shortest Path First (OSPF) and also for TCP connections between Border Gateway Protocol (BGP) peers. MD5 authentication provides a standards-based method to enhance Cisco IOS software's ability to detect and ignore hostile or erroneous routing messages.
IP multicast fast switching--Previously, IP multicast packets were only process switched.
Rate limiting of IP multicast traffic--Using access lists, you can control how fast a sender can transmit to a multicast group.
Protocol Independent Multicast (PIM) Nonbroadcast, Multiaccess (NBMA) mode--Allows the access server to replicate packets for each neighbor on the NBMA network.
Multicast static routes (mroutes)--Allow you to have multicast paths diverge from unicast paths. The most common reason for using separate unicast and multicast paths is tunneling. The multicast packets can use the tunnel without having unicast packets use the tunnel.
Session directory listener support--The multicast backbone (MBONE) is widely used for multimedia conferencing. The session directory tool helps announce multimedia conference sessions and provides setup information to potential participants. A session directory client multicasts announcement packets on a well-known multicast address and port. You can enable the access server to listen for such announcements.
Interactive input when tracing a branch of a multicast tree--When you use the mbranch or mrbranch commands to trace a branch of a multicast tree, you can now enter information interactively.
Policy routing--You can now implement IP routing policies based on source and/or destination IP addresses or packet lengths. Policy routing provides a more flexible method for routing packets than destination routing.
IP access list logging--The access server can now send a logging message to the console when a packet passes or fails an extended access list. The message includes the access list number, whether the packet was permitted or denied, the protocol, whether it was TCP, UDP, ICMP or a number, and if appropriate, the source and destination addresses and source and destination port numbers.
Open Shortest Path First (OSPF) point-to-multipoint--Point-to-multipoint media type enables Cisco IOS software to better support Frame Relay-type networks using the OSPF routing protocol BGP peer groups. You can group neighbors with the same update policies into BGP peer groups to simplify configuration and make updating more efficient.

System Management

AAA/TACACS+ Phase II has been added to the Cisco system management functionality. This upgrade to Authentication, Authorization, and Accounting/Terminal Access Controller Access Control System Plus (AAA/TACACS+) adds accounting to the existing facilities in TACACS+.

Interfaces

The following features have been added to the Cisco interface configuration functionality:

Asynchronous master interfaces--Reduces the time and complexity required to configure Cisco access servers by allowing you to create a single master interface and associate many subinterfaces to it. This many-to-one relationship allows you to configure the master interface and have the configuration apply to all associated interfaces.
Local IP pooling--Maintains a pool of IP addresses available to asynchronous interfaces that are dynamically assigned and reused when you disconnect. Reusing IP addresses reduces the number of IP addresses required to support IP dial in on multiple interfaces via Serial Line Internet Protocol (SLIP) or Point-to-Point Protocol (PPP).

Telecommuting Services

The following features have been added to the Cisco telecommuting service functionality:

AppleTalk Remote Access (ARA) protocol and IPX on virtual asynchronous interfaces--Now supported on virtual asynchronous devices to add multiprotocol functionality to the asynchronous mobility feature set. As a result, you can dial in to an access server and tunnel the dial-in traffic to your home network.
Asynchronous callback--Allows an access server to establish a connection on a supported interface, recognize that a callback is required, terminate the current connection, and initiate the callback to the caller. Callback can be initiated by an EXEC command, by a PPP Link Control Protocol (LCP) callback request, by an ARA callback request, or by TACACS+ after authentication has identified a user as requesting callback services. The Cisco implementation supports roaming callback via SLIP/PPP, ARA, and the EXECs whereby a user can specify the phone number for callback.

Desktop Protocol Features

This section describes the desktop protocol features that are new in the initial release of Cisco IOS Release 11.0.

AppleTalk Features

The following features have been added to the Cisco IOS AppleTalk software:

AppleTalk Name Binding Protocol (NBP) filters--Provides directory services in AppleTalk. AppleTalk NBP filtering allows network administrators to use Cisco routers to build firewalls, dial-on-demand triggers, and queuing options based on any designed NBP type or object.

Benefits of using NBP filters include:

Reducing switched circuit costs by using dial-on-demand triggers
Controlling access to specific AppleTalk resources on the network, such as printers and file servers, with NBP access firewalls to contain the propagation of NBP within administrative policy boundaries
Reducing WAN costs using NBP-based traffic firewalls to prevent unnecessary NBP packets from traversing cost-per-packet network services, such as X.25, Switched Multimegabit Data Service (SMDS), and Frame Relay
Minimizing NBP traffic overhead by using NBP queuing
Increased AppleTalk management granularity by combining AppleTalk NBP filters with network and zone filters in a single access list

AppleTalk Update-Based Routing Protocol (AURP) options--Optional features of AURP, network number mapping, loop detection, and hop count reduction have been added.
AppleTalk floating static routes--Previously available for TCP/IP and Novell/IPX environments, the floating static routes feature is now available for AppleTalk internetworking environments. Static routes are traditionally implemented so that they always take precedence over any dynamically learned routes to the same destination network. A floating static route is a statically configured route that can be overridden by dynamically learned routing information. Thus, a floating static route can help create a path of last resort that is used only when no dynamic information is available. Floating static routes can be used to provide backup routes in topologies where dial-on-demand routing (DDR) is used.
AppleTalk Simple Multicast Routing Protocol (SMRP)--Provides multicast routing functions for AppleTalk traffic. SMRP routes AppleTalk packets to all members of a multipoint group so that packets are not replicated on a link. Applications produced by Apple Corporation, Inc., such as QuickTime Conferencing (QTC), will require support by SMRP.

Novell Features

Sequence Packet Exchange (SPX) spoofing has been added to the Cisco IOS Novell software. Some SPX-based services in a Novell environment use SPX watchdog packets to verify the integrity of end-to-end communications when guaranteed and sequenced packet transmission is required. SPX spoofing enables the Cisco IOS software to receive, recognize, and successfully acknowledge watchdog packets at both the server end and the client end of the wide-area link. Requests for the transmission of legitimate information triggers the dial-up connection. SPX spoofing can drastically reduce communications costs associated with dial-on-demand circuits.

Wide-Area Networking Features

This section describes the wide-area networking features that are new in the initial release of Cisco IOS Release 11.0.

Frame Relay

The following features have been added to the Cisco IOS Frame Relay software:

Data Link Connection Identifier (DLCI) prioritization--Up to four DLCIs can be created between any two sites so that each DLCI has a different priority level. These DLCIs can be used to create different priority queues for different types of traffic such as File Transfer Protocol (FTP), Telnet, or Systems Network Architecture (SNA). Congestion problems that result from mixing batch and interactive traffic over a common DLCI can be alleviated for process-switched packets, and greater granularity for performance management can be attained.
Payload compression for Frame Relay--Within Frame Relay packets, data compression is performed on a packet-by-packet basis, yielding a compression ratio of approximately 1.5 to 1, depending on the packet and data characteristics.

New MIB Support

The following new Management Information Bases (MIBs) are available:

TCP/IP offload MIB--Manages configuration of the TCP offload feature. The MIB is made up of one table entry that shows configuration information such as path, device, host name, router name, application programming interface (API) host application, and API router application.
CIP/TCPIP MIB--Manages the TCP/IP protocol stack running on the Channel Interface Processor (CIP) card. In Release 11.0, only the TCP/IP offload feature makes use of this MIB. The read-only values enable you to view statistics and status for every instance of IP, TCP, UDP, and Internet Control Message Protocol (ICMP) protocol stacks.

Important Notes

This section describes warnings and cautions about using the Cisco IOS Release 11.0 software. It discusses the following topics:

X.25 Problem in 11.0(2)

Cisco IOS Release 11.0(2) contains a software defect, affecting all platforms, that involves an unexpected router reload when X.25 is configured. This defect, CSCdi40956, is not present in Release 11.0(1) and is fixed by Release 11.0(3).

Setup Information

As of Cisco IOS Release 11.0(1), the Access and Communication Servers Getting Started Guide has been discontinued. Configuration information using the setup facility previously published in this document is now contained in the user guide that ships with each product.

Upgrading to a New Software Release

If you are upgrading to Cisco IOS Release 11.0 from an earlier Cisco IOS software release, you should save your current configuration file before configuring your access server with the Cisco IOS Release 11.0 software in the event that an unrecoverable error occurs during download or configuration.

IP Multicast and mrouted

Version 3.3 of mrouted, which was announced on August 26, 1994, has a multicast trace route facility that does not work through Cisco access servers. Cisco access servers have multicast tracing utilities that can be used to manage multicast internetworks. An interoperable solution will be provided in a maintenance release of Cisco IOS Release 11.0.

Forwarding of Locally Sourced AppleTalk Packets

Our implementation of AppleTalk does not forward packets with local source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.

Caveats for Releases 11.0(1) through 11.0(18)

This section describes caveats (possibly unexpected behavior) of Cisco IOS Release 11.0(18). These caveats also apply to Releases 11.0(1) through 11.0(17) unless otherwise noted.

Only serious caveats are described in these release notes. For the complete list of caveats against this release, use the Documentation CD-ROM or access CCO as described in the sections "Cisco Connection Online" and "CD-ROM Documentation" at the end of this document.

AppleTalk

After upgrading to Cisco IOS Release 11.0(13) on a Cisco AS5100, the system might report:

%SYS-3-NULLIDB: Null idb in atalk_send1

-Process= "ARAP", ipl= 0, pid= 56

-Traceback= 33B50E6 33B556E 35DEAF8 35DE364

%TAC-4-UNEXREP: Reply for non-existent request, 0 on queue

Users connected to the router modems are unaffected, but new connections cannot be made; the modem port answers, but no session is started. A temporary solution is to reboot the router when the trap occurs. [CSCdi86516]

Basic System Services

A defect in the FSIP firmware causes CiscoBus buffers to be lost. When enough buffers are lost, the interface becomes unusable. This problem is fixed in FSIP Microcode Version 10.10 and later. [CSCdi39024]
When the fair-queue interface configuration command is executed on an interface with traffic flowing through it, the router might fail. The workaround is to first shut down the interface, change queuing, and start the interface by issuing a no shutdown command. Messages are not queued to an interface that is shut down. [CSCdi39556]
On a Cisco 7000 series router, if you replace one interface processor (for example, a TRIP or an FSIP) with a different type of interface processor online, the show ip interface brief and show interface commands display information for both the old and new controllers. On rare occasions, this also results in the continual reinitialization of the newly inserted controller.

: The only known workaround is to completely unconfigure the old card before replacing it with the new card. Sometimes, it might even be necessary to issue a write erase command, reboot the router, and redefine the existing interfaces to completely remove all configuration traces of the old card. When the information that is displayed by the show commands is self-consistent, the newly inserted card behaves normally. [CSCdi49800]

When the service password-encryption command is configured in Release 11.0, all passwords are truncated to a maximum length of 11 characters. [CSCdi62344]
CyBus errors might display for no known reason. The error messages disappear when the RSP and then the chassis are replaced. The arbiter might be the cause of the problem. [CSCdi66068]
The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash memory version of the Cisco IOS software does not match the running version of code. [CSCdi74380]
Boot Flash devices are not recognized when formatting boot Flash device type A7, A6, or AA.

: To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash memory with an image containing this bug fix. Then load an older image onto the newly formatted boot Flash SIMM. [CSCdj20651]

A Cisco 4000 router running Cisco IOS Release 11.0(16) and configured for DLSw and EIGRP might crash with a stack trace indication and memory corruption. [CSCdj62379]

IBM Connectivity

On a Cisco 4500 router, entering the appn link-station command followed by the no complete command might cause the router to reset unexpectedly with the message "ALIGN-1-FATAL: Corrupted program counter." [CSCdi40790]
When running APPN/DLUR, if a session is attempted with invalid session parameters (for example, an incorrect logmode), the USS10 message might fail to appear after the failed session, causing the terminal screen to be unusable. [CSCdi44103]
Hub terminals, which are manufactured by HOB, expect a Receive Ready (RR) to be sent after the SABME is sent. This is not required by the 802.2 standard. After the HOB sends the SABME to the CIP LLC stack, the CIP LLC stack should respond with an RR and assume that the terminal is in normal transfer mode. [CSCdi45083]
When using APPN/DLUR on a Cisco 4500, a Cisco 4700, or Cisco 7500 series router, DLUR might accept only one downstream physical unit for dependent session activation at a time. [CSCdi47584]
The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and to do logical link control (LLC) mapping. [CSCdi55085]
MGDTIMER and QLLC traceback messages might cause memory leaks when using QLLC. The memory leaks might occur over a period of two to three weeks. To clear this condition, reload the router. [CSCdj07862]
The ip route-cache command is not functioning properly. To work around this problem, issue the no ip route-cache command on the interface. [CSCdj30986]
On an SR/TLB environment, the router will send a DM to a device on the Token Ring without getting one from the device on the Ethernet side. [CSCdj58087]
When an actpu is followed by a dactpu from VTAM and there has been no response from the downstream device to either flow, after a disconnect is received from the downstream device, DLUR will send a -rsp(actpu) upstream instead of the proper flow, +rsp(dactpu). This can cause the PU from the DLUS perspective to hang in PDACP state. [CSCdj61872]
It is rare, but possible, for DLUS to send a -rsp(REQDACTPU). This indicates that VTAM has already cleaned up the PU in question. When receiving this response, DLUR must clean up the PU to avoid the PU from being stuck in "stopping" state. [CSCdj61879]
When using APPN/DLUR with a large number of LUs (over 1000), a memory spike can occur during the processing of a downstream PU outage. In extreme cases, this memory spike can be large enough to exhaust memory in the APPN/DLUR router and cause a reload. [CSCdj61908]

Interfaces and Bridging

If a serial interface is set to loopback via a hardware signal, the interface will remain in loopback until the hardware signal is dropped and a no loopback interface configuration command is issued. [CSCdi47768]
Issuing the ip-cache optimum command on an FDDI interface and rebooting might add the no ip-cache optimum command to the configuration instead. [CSCdi50778]
Version 1.6 Revision C0 EIP cards might cause cache parity errors on all Cisco 7500 series and Cisco RSP7000 systems. The cache parity errors can cause system reloads. The hardware revision and version can be determined from the show diagbus command output. This problem is resolved in RSP EIP Microcode Version 20.2 and higher. The microcode has been changed to alleviate the hardware problem with the "f" transceivers. The board has been revised to 1.6 D0 to replace the "f" transceivers with the "fr" part. [CSCdi52082]
When processing IPX (NCP) keepalive (watchdog) packets, the router adds an extra byte to the packet when SSE switching is enabled. [CSCdi66651]
On an RSP router, the "%CBUS-3-CTRUCHECK" error message is displayed and the Token Ring interface resets. To correct this problem, upgrade to RSP TRIP Microcode Version 20.1. [CSCdi74639]
A Cisco 7500 series router might resign its active HSRP status when configured on an FEIP, if no other router is on the segment. The workaround is to turn off HSRP. [CSCdi93012]
The Token Ring interface comes up with output stuck messages and resets, causing sessions to be lost. This problem occurs intermittently on a number of Token Ring interfaces on a Cisco 7500. [CSCdj10797]
When transparent bridging to a Token Ring interface, the interface might read in a frame that it forwarded to the Token Ring interface. This will make the bridge table incorrect.

: This problem only affects the mid-range and low-end platforms. [CSCdj41666]

A Cisco 2511 router might restart at lance_RX_interrupt and evel4_pan_e0_check_TXA. [CSCdj61817]

IP Routing Protocols

IP packets sent to the Hot Standby Router Protocol (HSRP) virtual MAC address are not received if the packet is Subnetwork Access Protocol (SNAP)-encapsulated, and if the receiving interface is part of the CiscoBus or Switch Processor (SP) complex. [CSCdi39274]
For Cisco routers that have Lance Ethernet controllers, such as Cisco 2000, Cisco 3000, and Cisco 4000 series routers, a ping or any connection between two routers fails if the two routers are active on different interfaces, and if both are using the same standby group. A workaround is to use different standby groups. [CSCdi75944]
IP EIGRP propagates an external route to its neighbor with a valid metric (FD); however, the route does not appear in the remote neighbor's EIGRP topology database. A workaround is to use a static route at the remote router. [CSCdi76869]
Fast switching from Ethernet to FDDI does not work on the AGS router. [CSCdj02233]
If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If Open Shortest Path First (OSPF) Protocol is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]
Manual summarization with EIGRP does not work correctly. A summary route does not get advertised; however, one or more of the specific routes do. [CSCdj46525]
A problem occurs when a third EIP6 is added to a Cisco 7000 already running EIGRP on two EIP6s, a TRIP4, and a FIP in a EIGRP topology. In the EIGRP topology, some of the connected networks that connect to the existing Ethernet interfaces might be lost. The IP routing table still shows the routes but all connected networks might not be advertised in EIGRP. A workaround is to issue the redistribute connected command. [CSCdj57362]
OSPF ABR does not generate a summary for some connected networks. This problem occurs when an unnumbered interface is used with OSPF. A summary for a connected network that is put in the same area as the unnumbered interface might not be generated to other areas.

: The workaround is to redistribute the connected network into OSPF to retain connectivity to those networks. [CSCdj60959]

ISO CLNS

If secondary addresses are configured on an unnumbered interface, the interface routes corresponding to these addresses are not advertised in IS-to-IS. A workaround is to number the interface. [CSCdi60673]

Protocol Translation

A router configured for protocol translation from X.25 to another protocol might reload when the inbound PAD connection is closed unexpectedly. [CSCdi54692]

TCP/IP Host-Mode Services

There exists a program, known as land.c, which can be used to launch denial of service attacks against various TCP implementations. The program sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination.

For in-depth information including workarounds and information on other Cisco product vulnerabilities, please see:

http://www.cisco.com/warp/customer/770/land-pub.shtml [CSCdj61324]

Wide-Area Networking

When using IPX with multilink PPP, the router might experience high CPU utilization and network drive connectivity loss. This problem occurs with Novell 3.12 with Pburst enabled. A Novell patch must be applied to the server to resolve it. A bug in multilink PPP causes additional packets to be dropped unnecessarily. This has been resolved under CSCdi48424. [CSCdi47777]
The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]
When traffic prioritization is configured on a Frame Relay interface with the command frame-relay priority-dlci-group, the command no fair-queuing should be also configured on the serial interface to achieve effective traffic prioritization. [CSCdi52067]
PPP callback over ISDN using a PRI line sometimes fails when the originating call is received by the PRI on channel 31. The PRI router then terminates the call, initiates PPP callback, and returns the error messages "callback timer expired" and "no interface available." [CSCdi65216]
When configuring PVCs on the ATM Interface Processor (AIP), you might observe a failure to create more PVCs when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. Messages that appear due to this type of failure include the following:

: %AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008)
: %ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0 (Cause of the failure: Failed to have the driver to accept the VC)
: The limit to the number of virtual path identifiers (VPI) values used depends on the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface that lowers the number of VCs per VP. This results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

When the MTU on an interface is set to the same value as the X.25 data packet size, X.25 incorrectly calculates buffer space while reassembling packets. The result is a memory corruption, causing the router to crash. [CSCdi89471]
When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface might bounce once or bounce continually during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.

: During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined only for that DLCI will fail. [CSCdj11056]

LES is not listening on the LECS address. A workaround is to configure the LECS with the Well Known Address. [CSCdj39323]

Caveats for Releases 11.0(1) through 11.0(17)

This section describes caveats (possibly unexpected behavior) of Cisco IOS Release 11.0(17). These caveats also apply to Releases 11.0(1) through 11.0(16) unless otherwise noted.

Basic System Services

On Single Flash Bank 2500 devices, when the device is running from the image on Flash (RFF), the SNMP operation of copy to Flash using CISCO-FLASH-MIB does not work.

: The workaround is to use the command line interface command copy tftp flash. This CLI command invokes the FLH interface and the file is copied successfully to the device. [CSCdj27438]

When custom or priority enqueuing is turned off on an interface that does not support fair queuing, the queuing data structures associated with the interface are left in an inconsistent state.

: Because the enqueue and the dequeue routines are not reset, the box crashes when the routines are invoked the next time. When the box is rebooted, the inconsistency is cleared. [CSCdj29439]

A crash might occur in the Frame Relay packet classifier function called by the WFQ routine. A workaround for this problem is to disable WFQ on the interface with Frame Relay encapsulation. [CSCdj45516]
The input queue might be wedged with IP packets if the exception dump command is configured. The following are known workarounds:
- Increase the input queue to 175. ([75]Original Queue amount+[100] per exception dump x.x.x.x command)
- Remove the exception dump x.x.x.x command.

: [CSCdj58035]

IBM Connectivity

When an LNM queries the router with a report station address, the router answers correctly with a report station address. However, 0.001 second later, the router sends a second report station address to the LNM with all zeros in the frame. This causes the LNM to work incorrectly. [CSCdj04559]
A 1500-byte frame sent to the SR/TLB code is dropped because the SR/TLB MTU is set to 1492 bytes. [CSCdj18838]
After a transmission group reinitialization, a small window exists in which it is possible for only one CP-to-CP session to be established between the router and a neighboring node. In this case, the contention winner session from the perspective of the router is not activated. When this occurs, the CP-to-CP contention winner session will only activate if the APPN subsystem is stopped and started.

: There is no known workaround. [CSCdj25859]

An APPN image might restart because of a CPU HOG problem in processing a link failure event by the Directory Service APPN process (xxxdns00). This problem occurs when many locate requests are pending with the node that had a link failure.

: There is no alternative workaround when this happens. The router is forced to restart by the system watchdog process (software-forced reload event).
: One solution is to give up the CPU by the xxxdns00 process after processing a certain number of requests at a time. [CSCdj26423]

An APPN router might display the following "Unanticipated CP_STATUS" message when the contention loser CP-to-CP session goes down and comes back up without the contention winner session being deactivated:

: %APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.SJMVS1
: %APPN-7-MSALERT: Alert LU62004 issued with sense code 0x8A00008 by XXXSMPUN
: %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.SJMVS4
: %APPN-7-APPNETERROR: CP_STATUS FSM: Unanticipated CP_STATUS message received
: Each subsequent broadcast locate received by the router causes the following messages to be displayed and about 1920 bytes of APPN memory to be leaked:
: %APPN-7-APPNETERROR: MAP_INPUT_SET_TO_ROW: invalid input value=0x80200080
: %APPN-7-APPNETERROR: State Error lcb: 60C05CC0 pcid: DA839C70FB1548CB row: 22 col: 0
: This problem occurs when two links are active to the same node, the CP-to-CP sessions are split between these two links, and the link with contention loser is stopped.
: The APPN subsystem should be stopped and restarted to clear this problem. If the CP-to-CP sessions are between the router and the host, terminating either CP-to-CP session on the host will also clear this problem. [CSCdj33718]

If the DLUR router received fixed session-level pacing values on the primary stage, it might modify these pacing values before forwarding the bind to the secondary stage. [CSCdj36195]
An APPN DLUR router might reload with SegV exception in ndr_sndtp_encap_mu in a timing window where the DLUR-supported device disconnects before a request_actpu is sent to the DLUS for that device. [CSCdj37172]
When a LU node-specific node attempts to start a session with a set of invalid bind parameters, a locate-find (with the bind in the CDINIT) is sent through the Cisco APPN network to the end VTAM CP which rejects the Locate-Find with a 0835003A sense and sends this back with a control vector CV35 of minimum length eight bytes to the originator via the Cisco APPN network node. The APPN network node then rejects the frame with a 08953500 sense and drops the CP-to-CP session between the CISCO and VTAM CPs. [CSCdj37479]
APPN enforces the maximum size of a CV10 (product set identifier) on XID to not exceed 60 bytes. Products such as a CV10, which is larger than the 60-byte value, will fail XID negotiation with APPN. [CSCdj40144]
In the event that APPN/DLUR has processed and sent a bind request to a downstream device that has not responded to the bind, issuing a vary,inact command on the host for the LU name for which the bind is destined will not sufficiently clean up the session. [CSCdj40147]
Memory leaks occur when APPN TPsend_search is sending locate search requests to adjacent nodes when a link failure occurs. [CSCdj40915]
When RSRB with TCP encapsulation is configured and remwait/dead peers exist, an explorer packet might continuously try to open the remwait/dead peer. After several tries, the router might crash with memory corruption.

: A workaround is to remove any remwait/dead peer statements. [CSCdj42427]

An APPN router might crash with a bus error if a rare condition is experienced during cleanup processing. The stacktrace shows the crash occurred in Qfind_front while executing a psp00 function. An example stacktrace for this problem is shown below:

: System was restarted by bus error at PC 0x3784864, address 0xF0110208 PC 0x3784864[_Qfind_front(0x3040a04+0x743e44)+0x1c] RA: 0x36C1F2E[_queue_find_front(0x3040a04+0x68151c)+0xe] RA: 0x36CC554[_psbmfrm(0x3040a04+0x68bb30)+0x20] RA: 0x36CDAF6[_psp00(0x3040a04+0x68cfd4)+0x11e] RA: 0x314BD78[_process_hari_kari(0x3040a04+0x10b374)+0x0] [CSCdj44198]

APPN will crash when it receives a CV35 without the Termination Procedure Origin Name (TPON) field. [CSCdj44661]
DLUR bind processing might cause stack corruption, resulting in a reload with PC 0x0. This problem is caused by attempting to parse the user data subfields beyond the location where the subfields exist. The reload will only occur if the byte that is two bytes beyond the end of the user data area is 0x3 or 0x4. This is a very rare occurrence. [CSCdj45676]
In recent 11.0 Releases, problems might occur when APPN CP-to-CP sessions are split across multiple transmission groups. A workaround is to force the CP-to-CP session to use a single transmission group. [CSCdj46413]
The message "%APPN-0-APPNEMERG: Mfreeing bad storage, addr = 60BB7188, header = 60BB6B20, 00000218 -Process= "ndrmain", ipl= 0, pid= 62" might be issued when a DLUR-served PU disconnects. [CSCdj46783]
Some 68K-based routers, such as the Cisco 7000, Cisco 4000, and Cisco 2500 routers, might crash while running APPN. This memory corruption might occur after a rare combination of APPN detail displays, followed by a show appn stat display. [CSCdj47941]
An APPN router might fail the ACT_ROUTE if using parallel transmission groups. This problem might occur when an APPN router has two parallel links defined with the adjacent node. If the adjacent node activated a link to the network node requesting a transmission group number that had previously been used for a different defined link activation, the network node might fail the ACTIVATE_ROUTE. The APPN router sometimes tries to incorrectly activate the route using the other inactive link which still has the same transmission group number. [CSCdj49814]
The APPN router might crash during an SNMP access to the APPN MIB. This problem only occurs after an unused APPN node is garbage collected. [CSCdj36824]

Interfaces and Bridging

The auto-enable feature for packet-by-packet Frame Relay compression is removed. This form of compression can be manually enabled. [CSCdi85183]
PPP compression and custom queuing are incompatible features and might cause the router to crash. To work around this problem, turn on only the basic queuing. [CSCdj25503]

IP Routing Protocols

A router crashes after receiving multicast packets with the illegal source address 0.0.0.0. The workaround is to configure the access list to filter out packets with a source IP address of 0.0.0.0. [CSCdj32995]
On a Cisco 4700, RIP cannot handle more than 1800 routes received back-to-back without inter-frame gap. [CSCdj40042]
If the OSPF summary host route is overwritten by a route from another routing process that has a lower administrative distance, the OSPF summary host route might not be reinstalled after the latter route is removed. This only occurs if the host route address is also the router ID of some ASBR. [CSCdj49161]

LAT

The following message might be erroneously displayed:

%LAT-3-BADDATA: Tty124, Data pointer does not correspond to current packet

When many LAT sessions are active, and a received data slot starts in the last 14 bytes of a full Ethernet frame, data for that slot is discarded. [CSCdi82343]

Novell IPX, XNS, and Apollo Domain

Using the xns flooding command might cause the router to reload in certain environments. [CSCdj23479]
If a router times out (after 180 seconds) and the default route is known, a cache entry might be installed for the network using the default route path. If the network comes back within the next 60 seconds, a new cache entry pointing to the now valid path might not be installed, and the cache will still point to the default route path for the network. A workaround is to issue the clear ipx route and clear ipx cache commands, or run without using the default route. [CSCdj47705]

TCP/IP Host-Mode Services

Memory allocated for a new TCP connection will not be freed after receiving an unreachable ICMP, if the new connection has its own listeners for processing incoming connections. [CSCdj07761]

VINES

A router might unexpectedly reload when VINES SRTP routing is configured. The workaround is to remove the vines srtp-enabled command. [CSCdj37888]

Wide-Area Networking

PPP IPCP negotiation will be changed after Cisco IOS Release 11.0(11).

: In Cisco IOS Release 11.0(11), the software always accepts the remote peer's "Her" proposed address, and the "Her" address is subsequently added to the IP routing table as a host route.
: With Cisco IOS Releases later than 11.0(11), the software will check the "Her" address against the corresponding dialer map. If the address is different from the IP address detailed within the dialer map, a NAK will be sent, and the dialer map IP address will be added as a host route in the IP routing table.
: It is possible to revert to the previous operation using the hidden interface command ppp ipcp accept-address. When enabled, the peer IP address will be accepted and will have precedence over any local address pool; however, it is still subject to AAA verification. [CSCdj04128]

On a Cisco 4500 running Cisco IOS Release 11.0(11) and RSRB, there might be a crash in the "llc2_timer" routine causing a system reload. [CSCdj13175]
A boot image without a subsystem containing IPCP will restart the router. There is no known workaround. [CSCdj48085]
The patch prevents the use of an invalid pak-info_start pointer when doing payload compression on RSP platforms, thus avoiding a crash. [CSCdj43332]

Caveats for Releases 11.0(1) through 11.0(16)

This section describes caveats (possibly unexpected behavior) of Cisco IOS Release 11.0(16). These caveats also apply to Releases 11.0(1) through 11.0(3) unless otherwise noted.

AppleTalk

After upgrading to Cisco IOS Release 11.0(13) on a Cisco AS5100, the system might report:

%SYS-3-NULLIDB: Null idb in atalk_send1-Process= "ARAP", ipl= 0, pid= 56-Traceback= 33B50E6 33B556E 35DEAF8 35DE364
%TAC-4-UNEXREP: Reply for non-existent request, 0 on queue

: Users connected to the router modems are unaffected, but new connections cannot be made; the modem port answers, but no session is started. A temporary solution is to reboot the router when the trap occurs. [CSCdi86516]

ATCP and ARAP code will not work with all-router node addresses. NBP lookup to ATCP/ARAP clients might fail. There is no known workaround. [CSCdj02390]

Basic System Services

A defect in the FSIP firmware causes CiscoBus buffers to be lost. When enough buffers are lost, the interface becomes unusable. This problem is fixed in FSIP Microcode Version 10.10 and later. [CSCdi39024]
When the fair-queue interface configuration command is executed on an interface with traffic flowing through it, the router might fail. The workaround is to shut down the interface, change queuing, and then start the interface by issuing a no shutdown command. Messages are not queued to an interface that is shut down. [CSCdi39556]
When the service password-encryption command is configured in Cisco IOS Release 11.0, all passwords are truncated to a maximum length of 11 characters. [CSCdi62344]
The show stacks command fails to report the correct version of code running at the time of the last reload. This specific problem occurs when the Flash version of the Cisco IOS software does not match the running version of code. [CSCdi74380]
When formatting boot Flash type A7, A6, or AA, boot Flash devices will not be recognized.

: To run type A7, A6, or AA devices and use images prior to this bug fix, format boot Flash memory with an image containing this bug fix. Then load an older image onto the newly formatted SIMM. [CSCdj20651]

During a format, systems with earlier release images will not recognize Intel boot Flash SIMMs 28F004S5 (device code A7), 28F008S5 (device code A6), and 28F016S5 (device code AA).

: To run type A7, A6, or AA boot Flash devices and use images prior to this bug fix, format boot Flash memory with an image containing this bug fix. Then load an older image onto the newly formatted SIMM. [CSCdj20681]

IBM Connectivity

When running APPN/DLUR, if a session is attempted with invalid session parameters (for example, an incorrect logmode), the USS10 message might fail to appear after the failed session, causing the terminal screen to be unusable. [CSCdi44103]
Hub terminals manufactured by HOB expect a Receive Ready (RR) message to be sent after the SABME message is sent. This is not required by the 802.2 standard. After the HOB sends a SABME to the CIP LLC stack, the CIP LLC stack should respond with an RR and then assume that the terminal is in normal transfer mode. [CSCdi45083]
On Cisco 2500 series routers, RSRB fails using FST encapsulation on PPP or HDLC. The workaround is to use TCP encapsulation when bridging over ISDN links. [CSCdi48888]
The dlsw remote-peer frame-relay interface serial command does not work on a point-to-point subinterface. The workaround is to use multipoint and do LLC mapping. [CSCdi55085]
Under heavy NetBIOS loads, using RSRB with direct encapsulation might cause the router to reload. TCP encapsulation does not exhibit this behavior. [CSCdi66327]
Adding an RSRB peer with direct encapsulation on a Cisco 7000 series router configured with CSNA causes a "%RSP-3-RESTART: cbus complex" error and takes down the CIP interface. [CSCdi82836]
In certain environments, when using RSRB, the router might discard explorer frames. These single-route explorer frames (for example, with a RIF RD of C270) seem to be mishandled by the router and sent to unused interfaces. Removing the configuration from the unused interfaces seems to solve the problem. [CSCdi86652]
QLLC/RSRB forwards IEEE XID frames (like other XID frames) to VTAM. Some devices use IEEE XID frames (format 8, type 1) instead of test frames. [CSCdi86682]
MGDTIMER and QLLC traceback messages can cause memory leaks when using QLLC. The memory leaks might occur over a period of two to three weeks. To clear this condition, reload the router. [CSCdj07862]
When doing source-route translational bridging from one FDDI to another FDDI, the TEST final is dropped. [CSCdj11695]
When APPN directory services receives a search flow containing a CV35 (extended sense data CV) that Cisco APPN does not recognize, the located flow will be rejected in error. [CSCdj21690]
Processing the show dlsw reachability command while peers are changing state can cause a SegV exception. A workaround is to ensure that the peers are not changing state prior to processing the command. When using the show dlsw reachability command, collect the data and exit as quickly as possible. [CSCdj21894]
The DLUR router might get into a tight loop, in which it continuously retries to start the DLUR/DLUS pipe to the same DLUS without waiting the specified retry time. This problem could cause the router to crash or continuously display pipe retry messages without waiting the specified retry time. It can also result in high CPU usage. [CSCdj22330]
Intermittently, local DLSw SDLC circuits do not become connected after a router has been rebooted. The circuits might briefly connect after rebooting, but they will quickly return to the established state. A debug CLS error produces the following message:

%CLSERROR: Unknown state for string 1625E8

: A workaround for this problem is to execute the shutdown and no shutdown commands on the serial interfaces. [CSCdj22453]

When establishing a DLSw session between an IBM 2210 router and a Cisco router, the Cisco router might set the circuit priority to 7. [CSCdj22482]

Interfaces and Bridging

If a serial interface is set to loopback via a hardware signal, the interface will remain in loopback mode until the hardware signal is dropped and a no loopback interface configuration command is issued. [CSCdi47768]
Issuing the ip-cache optimum command on a FDDI interface and then rebooting might instead add the no ip-cache optimum command to the configuration. [CSCdi50778]
When processing IPX (NCP) keepalive (watchdog) packets, the router might add an extra byte to the packet when SSE switching is enabled. [CSCdi66651]
RSP routers might receive a "%CBUS-3-CTRUCHECK" error message, and the Token Ring interface might then reset. To correct this problem, upgrade to TRIP RSP Microcode Version 20.1 or later. [CSCdi74639]
On Cisco 7500 RSP systems, FSIP serial interfaces might display the following panic messages on the RSP console:

%RSP-3-IP_PANIC: Panic: Serial12/2 800003E8 00000120 0000800D 0000534C 
%DBUS-3-CXBUSERR: Slot 12, CBus Error 
%RSP-3-RESTART: cbus complex

: If the string "0000800D" is included in the panic message, the problem is related to this bug. The workaround is to load a new image that contains the fix for this bug. [CSCdi78086]

If an Ethernet Interface Processor (EIP) on a Cisco 7000 series router is shut down, the FDDI interface might become hung. To correct this condition, enable the EIP. [CSCdj04513]
An FDDI interface periodically goes down and comes back up with the following message:

%IPC-2-CANT_SEND: Cannot send IPC message: timeout -Traceback= 28ACB6 289284 289D52 289FFE

: Turning off IP accounting stabilizes the interface. [CSCdj21249]

A Cisco 2524 might pause indefinitely while rebooting when a T1 is connected to a Fractional T1 module. A workaround is to unplug the T1 prior to the reload. [CSCdj22485]

IP Routing Protocols

IP packets sent to the Hot Standby Router Protocol (HSRP) virtual MAC address are not received if the packet is Subnetwork Access Protocol (SNAP)-encapsulated and the receiving interface is part of the CiscoBus or Switch Processor (SP) complex. [CSCdi39274]
For Cisco routers that have Lance Ethernet controllers, such as Cisco 2500, Cisco 3600, and Cisco 4000 series routers, a ping or any connection between two routers fails if one router is active on an interface, the other router is active on another interface, and both use the same standby group. A workaround is to use different standby groups. [CSCdi75944]
IP EIGRP propagates an external route to its neighbor with a valid metric (FD), but the route does not appear in the remote neighbor's Enhanced IGRP topology database. A workaround is to use a static route at the remote router. [CSCdi76869]
Fast switching from Ethernet to FDDI does not work on the AGS router. [CSCdj02233]
When a type 3 LSA is generated with host bits, OSPF ABR handles the LSA incorrectly and reports the "%OSPF-3-DBEXIST" error message. [CSCdj21392]
Line hits or other disruptions on the serial link cause OSPF external type 2 routes to disappear from the IP routing table but remain in the OSPF database. The workaround is to reset the OSPF database. [CSCdj21766]

ISO CLNS

Protocol Translation

A router configured for protocol translation from X.25 to another protocol might reload when the inbound PAD connection is closed unexpectedly. [CSCdi54692]

TN3270

A Cisco 2511 router might reload with a bus error at PC 0x30E9A8C. [CSCdi73175]

Wide-Area Networking

When changing the encapsulation of an ISDN or dialer interface from Frame Relay to X.25 or LAPB, the router might reload. To work around this problem, configure HDLC before configuring X.25 on the dialer interface. [CSCdi44646]
When using IPX with multilink PPP, the router might experience high CPU utilization and network drive connectivity loss. This problem occurs with Novell 3.12 with Pburst enabled. A Novell patch must be applied to the server to resolve it. A bug in multilink PPP would cause additional packets to be dropped unnecessarily. This problem has been resolved under CSCdi48424. [CSCdi47777]
The AIP cannot be configured to issue idle cells instead of unassigned cells. [CSCdi48069]
When traffic prioritization is configured on a Frame Relay interface with the frame-relay priority-dlci-group command, the no fair-queuing command should also be configured on the serial interface to achieve effective traffic prioritization. [CSCdi52067]
PPP callback over ISDN using a PRI line sometimes fails when the originating call is received by the PRI on channel 31. The PRI router then terminates the call, initiates PPP callback, and returns the error messages "callback timer expired" and "no interface available." [CSCdi65216]
When configuring PVCs on the AIP, more PVCs might not be created when the number of VCCs configured is well below the maximum allowed. This failure occurs when the number of VPI values used exceeds a limit. The messages that occur due to this type of failure include the following:

%AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Setup VC command (error code 0x0008) 
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1500, VPI=10, VCI=257) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC)

: The limit to the number of VPI values used depends on the configuration of the vc-per-vp configuration parameter. When vc-per-vp is 1024 (the default), 33 VPI values can be used. To work around this limitation, implement the atm vc-per-vp command on the particular ATM interface, which lowers the number of VCs per VP and results in a corresponding increase in the number of VPI values that can be used. [CSCdi67839]

When the MTU on an interface is set to the same value as the X.25 data packet size, X.25 incorrectly calculates buffer space while reassembling packets. The result is a memory corruption, causing the router to crash. [CSCdi89471]
ISDN call setup stops when the Cisco 2503 router receives the error message "%SYS-3-HARIKARI: Process ISDN top-level routine exited." The workaround is to reload the software. [CSCdi93143]
Disconnection of a point-to-point line causes a router to reload, rather than bringing up the backup ISDN interface. [CSCdj01598]
PPP IPCP negotiation was changed in Cisco IOS Release 11.0(11). [CSCdj04128]
When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface can bounce once or bounce continually during LMI full status reports. [CSCdj11056]
On a Cisco 4500 router running Cisco IOS 11.0(11) and RSRB, a crash might occur that results in a system reload. [CSCdj13175]
Under certain conditions, a router can reload during an ISDN call setup with the SPC bit set. This problem only occurs with 1TR6 ISDN switch types. [CSCdj20841]

Caveats for Releases 11.0(1) through 11.0(15)

This section describes caveats (possibly unexpected behavior) of Cisco IOS Release 11.0(15). These caveats also apply to Releases 11.0(1) through 11.0(14) unless otherwise noted.

All the caveats listed in this section are resolved in Release 11.0(16).

Basic System Services

If a Cisco Catalyst 3000 on an adjacent network does not have a protocol address configured and it sends CDP updates, the router might be reset when the show cdp neighbor detail command is used. [CSCdj15708]

IBM Connectivity

NetBIOS sessions might not come up in a busy system. [CSCdj11152]
A system might be restarted by an error caused by LAN Manager. The current workaround is to disable LNM. [CSCdj11711]
Some circuits might connect using smaller, non-optimal maximum frame sizes when Cisco DLSw is used with other vendors' DLSw implementations. In addition, some circuits might not connect at all. [CSCdj17372]
Cisco 2522 routers running Cisco IOS Release 11.0(11) might have problems with the SDLC state machine. When a large amount of data is input into the router from a physical unit (for example, during a file transfer), the router might poll the next physical unit without receiving a poll final in a frame and without T1 expiring. The router might also expect data from the physical unit, even though it did not poll the physical unit.

: A workaround is to ensure there are no unnecessary physical units configured on a line that is continually sending SNRMs. [CSCdj17630]

When a directory cache entry exists for a resource and a broadcast search arrives for that same resource name, the intermediate node broadcast processing will delete the valid cache entry that previously existed, resulting in excessive locate broadcast traffic. [CSCdj21343]

Interfaces and Bridging

A Cisco 7500 series router might report spurious errors such as the following:

%RSP-3-ERROR: CyBus0 error 78 
%RSP-3-ERROR: invalid page map register 
%RSP-3-ERROR: command/address mismatch 
%RSP-3-ERROR: invalid command %RSP-3-ERROR: address parity error 
%RSP-3-ERROR: address parity error 23:16 1, 15:8 1, 7:0 1 
%RSP-3-ERROR: bus command invalid (0xF) 
%RSP-3-ERROR: address offset (bits 3:1) 14 
%RSP-3-ERROR: virtual address (bits 23:17) FE0000 
%RSP-3-RESTART: cbus complex

: or

%RSP-3-ERROR: MD error 0080008030003000 
%RSP-3-ERROR: SRAM parity error (bytes 0:7) 0F 
%RSP-3-RESTART: cbus complex

: CyBus errors similar to the above errors have two known causes. If there are HIPs in the router and on the bus reporting the CyBus error, a rare condition might exist with the HIP microcode on an oversubscribed bus. The workaround on dual-CyBus platforms is to move all the HIPs onto a CyBus that is not oversubscribed.
: The errors can also be caused by the failure of a marginal CI arbiter board or an RSP board. As a result of this problem, all interfaces are reset, causing forwarding to be stopped for a few seconds. [CSCdj06566]

TCP/IP Host-Mode Services

DLWS incorrectly connects to a down interface on the peer. [CSCdj00448]

Wide-Area Networking

Cisco AS5200s might experience hung calls and ISDN data structure memory leaks. It might not be able to call out or accept incoming calls. This caveat is a duplicate of CSCdj02168, CSCdj07119, CSCdj08187, and CSCdi82010.
Other ISDN platforms are affected largely by that described in CSCdj07119 or CSCdi82010 depending on their particular ISDN usage characteristics. [CSCdj05355]

Caveats for Releases 11.0(1) through 11.0(14)

This section describes caveats (possibly unexpected behavior) of Cisco IOS Release 11.0(14). These caveats also apply to Releases 11.0(1) through 11.0(13) unless otherwise noted.

For more caveats of Release 11.0(14) and earlier 11.0 releases, see the preceding section, "Caveats for Releases 11.0(1) through 11.0(16)."

All the caveats listed in this section are resolved in Release 11.0(15).

Basic System Services

A Cisco 2511 might display these messages and then reload:

Sched-3-pagezero: low memory modified by Exec Traceback=30C36AA 3141C4C 30A18D0 30A110C 31448DC 30D557C 308AEB0 30DE9C8 trace trap at 0X31FC794

: Issuing the show version command after the reload displays the following:

System restarted by unknown reload cause - ptr to non-ascii bytes 0x4 at date/time

: [CSCdi73404]

A memory leak might be introduced whenever TACACS+ is enabled. The memory is released to the EXEC process as seen on the show memory command. This memory leak does not occur in Cisco IOS Release 11.0(9) or earlier releases. [CSCdi89479]
Sometimes the router might restart due to a bus error. [CSCdj02493]

EXEC and Configuration Parser

The output of the show tech-support command displays some potentially sensitive SNMP data, such as the SNMP community strings, SNMP MD5 keys, and SNMP user IDs and passwords. If these data refer to read-write communities or views, they can be used to reconfigure the Cisco IOS software, providing the same level of access to the Cisco IOS software as the enable password. Use caution when sending show tech-support command output across insecure channels. For example, remove the community strings, keys, user IDs, and passwords before sending. [CSCdj06881]

IBM Connectivity

A QLLC connection using a virtual MAC address from a pool of virtual MAC addresses might get connected to the wrong resource on the mainframe. [CSCdi86358]
When using SDLC via DLSw in Cisco IOS Release 11.0, the sdlc address command will disappear from the router configuration after a router reload. It might also disappear from the configuration without performing a reload. [CSCdi88796]
A DLUR router might start failing to establish new LU-to-LU sessions after hitting a rare condition during session activation and deactivation. Messages similar to the following might be displayed on the router console when attempting to start new sessions. APPN must be stopped and restarted to clear the problem.

IPS ID: 1400 QUEUE: 2 ORIGIN: xxxpcs00 MUTYPE: C5
%APPN-0-APPNEMERG: Assertion failed in ../scm/xxximndr.c at line 158
-Process= "xxxims00", ipl= 0, pid= 58
-Traceback= 606C3488 606879EC 606818C8 606810E4 6067AF90 6019AB08 6019AAF4

: [CSCdi90117]

Removing dead peers by the configuration command no source-bridge remote-peer can sometimes cause the router to crash if that peer is trying to open up. [CSCdi93052]
The SDLC output queue can get stuck if the sdlc line-speed command is not set or if it is set to an incorrect value. A symptom is that the router stops sending SDLC frames out of the serial interface, resulting in SNA session drops. The interface needs to be recycled or reset to clear the condition. A workaround is to set the sdlc line-speed command parameter to equal the actual line speed being used. [CSCdj01434]
Cisco 2520, 2521, 2522, and 2523 routers might report SDLC abort frames on the low-speed ports, but these abort frames do not get reported on the high-speed ports or on other platforms. This is because the low-speed ports count all aborts and the high-speed ports and other platforms only count aborts that are longer than two bytes. This is a cosmetic error and does not result in retransmitted frames. There is no performance impact at all. It is merely an indication that the transmitting device is sending erroneous bits after the trailing flag. These bits are simply ignored. No workaround is necessary. [CSCdj01488]
If end stations are continually activating and deactivating, a router configured for DSPU might crash with the error "Software forced crash, PC 0x31598BC." [CSCdj02005]
A rare condition might occur during session cleanup, which causes the DLUR router to crash or display a "Mfreeing bad storage" message for the "psp00" process. [CSCdj02249]
RSRB lack was wrongly freeing a packet if RSRB local-ack state entered a busy state. The traceback occurs when there are packet drops or congestion.[CSCdj05810]
A buffer leak causes a crash when NSP is used over DLUR. [CSCdj10387]
The DLUR router might send a corrupt APPC frame to a DLUS if a timing window is hit when accessing multiple DLUSes. This problem can occur if there are primary and backup DLUSes configured and at least one inactive physical unit that cannot get into the primary DLUS while other physical units are active with the primary DLUS.

: This problem can cause VTAM to refuse to activate subsequent DLUR/DLUS pipes for all DLUR network nodes. The message "/d net, dlurs" shows the DLUS conwinner state as reset and the conloser state as active.
: To prevent the DLUR router from sending this corrupt frame, reconfigure the DLUR routers without coding a backup DLUS. [CSCdj10485]

Interfaces and Bridging

When a router is configured as an RARP server and is also configured for transparent bridging on the same interface, the router does not respond to reverse ARP requests. The router should provide RARP service if configured as a RARP server, regardless of whether it is configured later as two bridges only. [CSCdi83480]
OIR removal of a FIP from one slot into another will cause the FDDI to permanently remain in DOWN/DOWN. A reload is needed to get it up. OIR removal and reinsertion into the same slot works fine. [CSCdi87221]
Sometimes FDDI interfaces might stop accepting multicast packets. [CSCdi92156]
Transparent bridging might cause high CPU utilization. The show align command can be used to confirm whether large "counts" of alignment errors are the source of the problem. The show align command will also yield TRACE information that can be decoded to determine the source of the problem. [CSCdj03267]

IP Routing Protocols

In very rare cases involving equal-cost backup routes to a failing route, it is possible for Enhanced IGRP to be caught in a "stuck in active" state (self-correcting after several minutes). There is no workaround to this problem. [CSCdi81791]
An extended access list that denies IP traffic and that does not require transport layer information might let fragments go through if the log option is configured. As a workaround, do not configure the log option. [CSCdj00711]
IGRP erroneously accepts a majornet route over an interface that is directly connected to a different majornet. [CSCdj03421]
A byte can be added to packets moving from serial to FDDI interfaces. [CSCdj06246]

Novell IPX, XNS, and Apollo Domain

If IPXWAN is configured and the remote router is configured to allow IPXWAN Client mode, the local router will reset the link upon receiving the IPXWAN Timer Request. IPXWAN debugging will show "IPXWAN: Rcv TIMER_REQ reject Router asking for Client mode." The workaround is to disable IXPWAN Client mode negotiation on the remote router. [CSCdi93285]

TCP/IP Host-Mode Services

A crash might occur that looks similar to CSCdi61278. (The router crashes with the error "System restarted by bus error at PC 0xD0D0D0D, address 0x0.) [CSCdj01350]
A TCP packet still in use might accidentally get freed in IP when the packet is going out a Frame Relay interface on which TCP header compression is configured. When this happens, the following messages are logged on the console:

Mar 19 08:41:23: %TCP-2-BADREFCNT: Tty0: Bad refcnt for packet 0x608F9C2C during retransmit, 135.135.100.1:1998 to 135.135.105.1:11000, state 4-Traceback= 601EEB7C 601EEEA4 601F1B68 601F1E4C 6013F140 6013F12C
Mar 19 08:41:50: %X25-4-VCLOSTSYNC: Interface Serial3, VC 82 TCP connection corrupted
Mar 19 08:41:52:TCP0: extra packet reference for pak 0x60A031D8 found:
Mar 19 08:41:52: %TCP-2-BADQUEUE: Multiple entry for packet 60A031D8-Process= "TCP Driver", ipl= 0, pid= 26-Traceback= 601F3384 601F5408 6023CCB4 6023D214 6013F140 6013F12C
Mar 19 08:41:52: pak: 135.135.100.1:1998, 135.135.1.4:11137, seq 1668710213length 47
Mar 19 08:41:52: TCB: 135.135.100.1:1998, 135.135.1.13:11137, sendnext 1668710220, state 4

: [CSCdj06781]

Wide-Area Networking

In certain environments, I/O and processor memory are being consumed by processes in the router, primarily the Critical Background process, and the router runs out of memory after 29 hours of operation. [CSCdi80450]
Under unknown circumstances, the router might be restarted by a bus error. This problem occurs only if PPP is configured.[CSCdi89566]
Sometimes, when a network management station frequently polls Frame Relay MIB data (of the frCircuitTable) from a router being reloaded and just trying to come up, a crash in Frame Relay MIB code area can occur. [CSCdj00447]
An async controller might hang and cause four connected modems to go into a hung state. [CSCdj01441]
The last X.25 fragment has the M-Bit set improperly when the packet is full, but no additional data is to be sent. [CSCdj03488]
For TS014 (Australia, PRI) switch types: When a clear collision occurs between the CE and the network simultaneously transferring a DISCONNECT message specifying the same call, the call is not properly cleared. Neither side sends the RELEASE message to release the call, so the call reference and the associated call control block (CCB). [CSCdj06157]

Caveats for Releases 11.0(1) through 11.0(13)

This section describes caveats (possibly unexpected behavior) of Cisco IOS Release 11.0(13). These caveats also apply to Releases 11.0(1) through 11.0(12) unless otherwise noted.

All the caveats listed in this section are resolved in Release 11.0(14).

Basic System Services

AGS+ routers with first generation FDDI cards (CSC-C2FCI) do not support translational bridging and are no longer supported. They only use encapsulated bridging. The second generation AGS+ FDDI cards (CSC-C2FCIT) support both translational and encapsulated bridging.

Also, encapsulated bridging does not work on the Cisco 7500 series router. To bridge between the AGS+ and the Cisco 7500 series routers, you must use CSC-C2FCIT cards in the AGS+ and use translational bridging.

A disadvantage of using encapsulated bridging is that it cannot use the hardware bridge filtering capabilities of the CSC-C2FCIT cards, which have a built-in CAM to do bridge filtering on the card. When encapsulated bridging is used, the main processor has to do all bridge filtering. This means that one busy encapsulated bridging FDDI network can consume the entire bandwidth of the router's main processor, just to accomplish bridge filtering. [CSCdi46862]

EXEC and Configuration Parser

Newer Telnet clients that support the NAWS option cause line and width line configuration commands to appear on the vty. [CSCdi90442]

IBM Connectivity

This problem has been more prevalent in STUN/Local-Acknowledgment scenarios involving AS/400s. The remote router expects to see an OPCODE called LINK_ESTABLISHED from the host router, in order for it to transition the state from USBUSY to CONNECT. While in USBUSY state, the remote router continually sends RNR to the downstream devices. The host router will only send the OPCODE when it sees the first RR/P after a SNRM/UA exchange sequence. With other devices such as an FEP, an I-Frame can be sent out prior to the RR/P that would actually take the remote router state out of USBUSY, but the local-ack states do not correspond to the actual situation at hand. This problem can be partly avoided by using a Cisco IOS release that includes the fix for CSCdi65599. [CSCdi61514]
Cisco 4700 router Token Ring interfaces intermittently stop working and fail to reinitialize. This problem is seen only during heavy activity and when more than one Token Ring port is active. This problem occurs only on Cisco 4700 platforms, not on Cisco 4000 or 4500 platforms. [CSCdi70398]
When two or more FEPs at a central site, each with the same TIC address, are connected to a different Token Ring and a different DLSw peer router, a remote SDLC attached PU2.0 device will not establish a session to the back-up FEP if the first is taken offline. This problem does not affect PU2.1 devices. [CSCdi76575]
DLSw sessions might fail to establish, and existing sessions might be torn down. This problem occurs because of a failure with Multiple DLSw peerings to remote routers that are using Frame Relay direct encapsulation and passthrough. The workaround is to configure TCP encapsulation. [CSCdi78017]
When using DLSw+ to communicate with non-Cisco devices, the Cisco platform might not deal with incoming transport keepalive packets in an appropriate manner. [CSCdi78202]
When the command stun remote-peer-keepalive is enabled in a locally acknowledged STUN over Frame-Relay configuration, STUN peers constantly reset because of incorrect handling of STUN keepalives. [CSCdi78480]
FST switching of DLSw through a Frame Relay subinterface is process switched when it should be fast switched. This can be seen by the command show dlsw peer. [CSCdi80779]
An APPN connection network will not properly identify a currently active connection between the MAC/SAP pairs if the connection network is defined over an RSRB or VDLC port. (It works fine over Token Ring and FDDI ports.) This causes the session to fail with sense 80020000. [CSCdi81897]
A router might reload when more than 125 sessions on the router are using QLLC/DLSw+ conversion. [CSCdi84896]
When a downstream PU2.0 stops by issuing a REQDISCONT to a DLUR router, the DLUR router might loop continuously, restarting the link to a downstream PU2. In this case, the DLUR router sends a corrupted packet to the host, instead of a REQDACTPU. [CSCdi86769]
An Invalid packet might be received from the VTAM network node, and the CP-to-CP session might be torn down. [CSCdi87217]
When source-route bridging is enabled on a Cisco 7500 series router in a Token Ring environment, if the router receives a packet that is to be routed but that contains a RIF, the router misclassifies the packet, treating it as a source-route bridge packet, which causes it to be discarded. This might cause intermittent failures of routed protocol sessions. There is no known workaround. [CSCdi87321]
For LU0-to-LU0 traffic, the extended BIND might contain unformatted user data fields. The network node rejects the BIND and the session will never start. [CSCdi87365]
The lsap-output-list parameter on a DLSw remote peer statement blocks SNA and/or NetBIOS if configured as such, but will only block other types of broadcast traffic from local DLSw interfaces. DLSw routers acting as border peers are not able to use lsap-output-list filters on remote peer definitions.

: A workaround is to configure the required filter at the originating router, either at the interface or DLSw level. (This is a large administrative task in large networks.) [CSCdi87600]

Configuring the output-lsap-list command on local Token Ring interfaces does not block broadcast traffic from a DLSW peer. The workaround is to use a filter at the DLSW level on either router or to block the traffic with an input-lsap-filter command at the remote peer. [CSCdi88593]
When running multiple large file transfers across DLSw using FST transport, sequence errors might occur causing the job to abort. This is viewed by the command show dlsw peer. A sequence error occurs when a numbered FST (IP) packet is received by the DLSw peer and the sequence number does not match what the peer expects. [CSCdi89838]
PEER INVALID trace messages are displayed on the console. (Also, in Releases 11.1 and 11.2, the session on the peer-on-demand does not come up for quite some time.) [CSCdi90953]
A router configured for DSPU might crash with the error message "Software forced crash, PC 0x31598BC" if end-stations are continually activating/de-activating. [CSCdi91368]
When running APPN/DLUR sessions, a reload in check_heaps might occur due to a memory overwrite. The memory overwrite occurs if the amount of control vector data in an extended bind response is larger than the buffer that the bind response arrived in. [CSCdi91432]
The DLUR router might crash with a "SegV exception" or a "Illegal access to a low address" message due to a DLUR memory corruption problem. This error is a rare condition which usually occurs when DLUR sessions are going up and down. The stack trace after the memory corruption usually indicates Mget_x. [CSCdi92947]
DLSw+ reachability entry may get stuck in the VERIFY state. This problem is timer related and the likelihood of this happening is low. It is more likely to occur after several months of operation. [CSCdi93217]

Interfaces and Bridging

When the command ip route-cache cbus is configured on an interface, the router might intermittently crash because of an incoherent cache entry data structure.

: If this incoherence occurs but does not cause a router crash, it might instead cause CiscoBus switching to be automatically disabled, and the interface would resort to fast switching or SSE switching (if SSE switching was configured). [CSCdi43526]

Packets are dropped when bridging on an FDDI interface if the packet has DSAP and SSAP = 0xaaaa and packet length is less than 21 bytes. This problem can cause this error message to display:

CBUS-3-INTERR: Interface 6, Error (8011)

: This problem occurs because the bridging code sees "aaaa" and assumes the packet is SNAP encapsulated. Because SNAP encapsulated packets have a minimum length of 21, the bridging code subtracts 21 from the original length of the packet (20) when queuing it on the outbound interface. This results in a packet length of -1 or 65535 bytes. This causes the switch processor to become confused and write over low core, causing the 8011 error. [CSCdi65953]

A Token Ring driver might misclassify IPX broadcast packets as SRB explorer packets and flush, rather than switch, the packets. This occurs only when bridging on low-end products (such as an IGS or Cisco 4500 platform). [CSCdi75134]
Policy routing on a Cisco 7000 series router with silicon switching enabled does not function correctly. As a workaround, manually disable silicon switching on each of the interfaces with the no ip route-cache sse command. [CSCdi77492]
On Cisco RP/SP 7000 series routers, if you reload the router after adding new interface processors or swapping interface processors, the configuration for serial interfaces might be lost. Also, the encapsulation might be lost, causing the serial interface configuration to change to the default (HDLC). You can identify this problem if your interface is a serial interface (for example, an FSIP or HIP), and the show configuration command correctly displays the original configuration for the serial interface. As a workaround, configure the new card, and issue the write memory command before reloading. [CSCdi79523]
When pinging over synchronous DDR with HDLC stack compression, the router will unexpectedly reset. [CSCdi79832]
The FDDI interface driver can interact poorly with OSPF during OIR, causing SPF recalculations. This occurs only when OSPF is running on an FDDI interface that is not being inserted or removed. There is a spurious indication from the driver that the SPF recalculation needs to take place. [CSCdi81407]
RSP routers running Release 11.0(13) ignore incoming traffic on FDDI interfaces if SRB is used anywhere in the system (either on TRIP or CIP interface cards). If this problem occurs, turn off SRB. [CSCdi92818]

IP Routing Protocols

A router might advertise a combination of unicast and DVMRP routes in excess of the configured route limit (but no more than two times the limit). The workaround is to configure a lower route limit. [CSCdi85263]

ISO CLNS

After removing a static CLNS route, ISO-IGRP prefix routes might count to infinity around a looped topology. The workaround is to use the no clns router iso-igrp domain command to break the loops in the CLNS topology until the routes age out. [CSCdi78048]

Novell IPX, XNS, and Apollo Domain

NLSP links might reflect an incorrect source network/node address in the routing tables. This does not hinder connectivity to other IPX networks when routing between Cisco devices. However, certain non-Cisco routers might not like the incorrect address and NLSP routing might fail. NLSP routers should use the address Internal-Network.0000.0000.0001 when sending NLSP packets; therefore, on WAN media that require maps for IPX, this should be the next hop address in the map statement. [CSCdi68981]
NLSP might reflood LSP fragments unnecessarily, including both changed and unchanged fragments. Typically, this is not a problem on LAN circuits. However, this can present bandwidth-related problems on low-speed WAN circuits, especially as the size of the network increases.

: The flooding behavior covers up a problem where services might be missing from the SAP table until the next full SPF. This is not a problem when all neighbors are Cisco routers, but can be a problem when third-party routers are present on the same link. [CSCdi74487]

In a redundant IPX Enhanced IGRP network running IPX incremental SAP, the router's SAP table information might contain out-of-date information, such as the socket number if the socket number is changed from its initial advertisement. [CSCdi85953]
SPX keepalive spoofing will cease to spoof after a router has been up for 24 or more days. The command debug ipx spx-spoof will show packets being skipped at the time they should be spoofed. The only workaround is to reload the router once every three weeks. [CSCdi86079]
When IPX incremental SAP is running, the router's SAP table might not contain all the SAPs in the network if one of the interfaces goes down and comes back up later. [CSCdi90899]
When running IPX incremental SAP, the router might not remove all the SAPs that are no longer reachable via this router. [CSCdi90907]

TCP/IP Host-Mode Services

Non-TCP reverse connections to lines might corrupt memory, resulting in a software-forced crash. This problem was introduced starting in Cisco IOS Releases 10.3(15.1), 11.0(11.1), and 11.1(6.1). [CSCdi79310]
A router will reload if TCP tries to repacketize a packet that has an invalid packet reference count. [CSCdi87175]

VINES

If you add a VINES static route of equal metric for an alternative path when vines single-route is configured, the system might reload. The workaround is to delete the static route or enter the no vines single-route command. [CSCdi92190]

Wide-Area Networking

Under certain circumstances, a group of four serial ports on an AS5100 or Cisco 2509, 2510, 2511, or 2512 router can become unresponsive. Only a reload will solve the problem. [CSCdi58103]
When two routers are connected to the same destination, outbound IP fast switching on dialer interfaces does not work on the more recently connected interface. The workaround is to turn off fast switching on the dial-on-demand routing (DDR) interfaces using the no ip route-cache command. [CSCdi75490]
DDR load balancing does not forward packets correctly when the system dials out via the dialer load-threshold command and more than one remote device is connected by either dialout or dial-in. This typically occurs on a PRI with dialer load threshold configured, but can also occur on BRI or multiple DDR interfaces in a dialer rotary group when more than one remote device is connected. As a workaround, remove the dialer load-threshold command. [CSCdi76324]
IPX fast switching with multiple route paths over multiple ATM/LANE interfaces/subinterfaces might cause random system reloads. A workaround is to use only one AMT/LANE IPX path, set ipx maximum-path 1, or use ipx per-host-load-balance to force only one interface to be used. [CSCdi77259]
If the dialer hold-queue command is configured, DDR dialing might force a reload with a high amount of connect/disconnect activity. The workaround is to remove the dialer hold-queue command. [CSCdi81000]
Routers will reload when the no frame-relay priority-dlci-group command is entered. The workaround is to first remove any frame-relay interface-dlci commands and then remove the frame-relay priority-dlci-group command. [CSCdi85395]
If DLCI prioritization is enabled on an interface, and a low/medium/normal-priority DLCI is the same as a high-priority one, the router might not be able to complete Inverse-ARP after a router reload or after a shut and no shut command cycle. This might cause loss of IP connectivity if a Frame Relay map does not exist. A workaround for this bug is to first remove the DLCI prioritization and then add it back after the router has completed Inverse-ARP for the remote IP address. [CSCdi85414]

Caveats for Releases 11.0(1) through 11.0(12)

This section describes possibly unexpected behavior by Release 11.0(12). Unless otherwise noted, these caveats apply to all 11.0 Releases up to and including 11.0(12). For additional caveats applicable to Release 11.0(12), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(13).

Basic System Services

AAA authorization and accounting transactions to the TACACS+ server can be delayed by 9 seconds if DNS is not configured on the router. The workaround is to enable the global configuration no ip domain-lookup command. Whenever the router needs to establish a connection to your TACACS+ server, it will attempt to look up your server's IP address.

If the IP address of your TACACS+ server does not exist in your local host table and you do not have DNS configured, you might experience a nine-second delay before connecting to the server.

To resolve this problem, do at least one of the following:

Add the no ip domain-lookup command to your configuration.
Add the IP address of your TACACS+ server to your local host table. [CSCdi70032]

In cases where an accountable task has a duration shorter than the time it takes to contact the TACACS+ accounting server, the stop record might be discarded by Cisco IOS software without being transmitted to the server. [CSCdi70312]

IBM Connectivity

When using APPN/DLUR and starting and stopping many sessions to downstream dependent link units, the router may stop with a bus error at ndr_queue_handler. [CSCdi52377]
QLLC DLSw cannot reconnect after a failure. The following assert message is displayed:

: %CLS-3-CLSFAIL: CLS: Assertion failed: file "../srt/qllc.c", line 4352 !"QSapAddCepFailed" [CSCdi64840]

If you are running Cisco IOS Release 11.1(x) and you have 4 port Token Ring port adapter in a VIP2 card you may see the following crash:

ALIGN-1-FATAL: Illegal access to a low address addr=0x1, pc=0x60544FE0, ra=0x60544FE8, sp=0x60AEE780 
*** System received a SegV exception *** signal= 0xb, code= 0x8000200c, context= 0x60a1a980 PC = 0x6010bfd4, Cause = 0x2020, Status Reg = 0x34008002 DCL Masked Interrupt Register = 0x00000000 DCL Interrupt Value Register = 0x00000000 MEMD Int 6 Status Register = 0x00000000 System was restarted by error - a SegV exception, PC 0x60544FE0

: The workaround is to not use the Token Ring interfaces on the VIP. You must upgrade the Cisco IOS software to get a fix for this. [CSCdi69234]

A bug introduced by CSCdi69231 might cause NSP to stop working. The images affected are Releases 11.0(11.2), 11.1(6.2), and 11.2(1.1). The following messages might display for no reason when NSP stops working: "SNA: Connection to Focal Point SSCP lost." and "SNA: MV_SendVector rc = 8001." [CSCdi72696]
A hang of APPN's APPC stack (used to send locates and TDUs) can occur in rare situations when an outbound locate or TDU is in the process of being transmitted on a CP-to-CP session at the exact time that session is terminated (due to link failure or other reason). The APPC component does not handle this situation properly, and after the condition occurs, APPC and all Locates and TDU processing become stuck. [CSCdi73085]
Frames coming from a High-Speed Serial Interface (HSSI) are sometimes dropped. This problem occurs when a Cisco router has remote source-route bridging (RSRB) configured directly over a HSSI interface. The HSSI interface shows that the packets are forwarded on the interface itself, but the packets are not passed to the source-route bridging (SRB) process. The show source command on FHDC-1 shows receive cnt:bytes 0, and the show interface h 5/0 command shows nonzero packets are input. [CSCdi73357]
An APPN/DLUR router cannot establish an LU-to-LU session with a downstream DSPU router. The bind sent by the host is rejected by the DLUR with a x0806002b sense code. [CSCdi73494]
When many sessions are created and then torn down over an ISR network, a memory leak might occur in the router. [CSCdi73676]
If SNA/DSPU receives a RECFMS frame that contains control vectors and the RECFMS cannot be forwarded to the focal point host for any reason (for instance, the focal point is inactive), the negative response sent by DSPU causes the router to display the BADSHARE error and deactivate the connection. [CSCdi76030]
If a BIND request is received before the Notify response has arrived, DSPU will reject the BIND request with sense code 0x80050000. [CSCdi76085]
When two or more FEPs at a central site, each with the same TIC address, are connected to a different Token Ring and a different DLSw peer router, a remote SDLC attached PU2.0 device will not establish a session to the back-up FEP if the first is taken offline. This problem does not affect PU2.1 devices. [CSCdi76575]

Interfaces and Bridging

The cxBus controller may end up in an output hung state when using a MIP under moderate load. As a workaround, you can set the MIP tql (tx-queue-limit) to greater than 32 and make sure that fancy queueing (WFQ/CQ/PQ) is not used on the MIP interface. To stop the outhung message cycling, clear the affected T1 controller (clear controller t1 x/y). [CSCdi73106]
The Token Ring driver misclassifies IPX broadcast packets as SRB explorer packets and has them flushed rather than switched while being bridged on low-end products only (IGS xx c4500 platforms). Fortunately, no other protocol packets are affected; this is an IPX broadcast issue only. [CSCdi75134]

IP Routing Protocols

The system suffers a gradual loss of free memory whenever ip sd listen or ip sdr listen is enabled. [CSCdi72863]

ISO CLNS

If an interface is down when it is configured as passive for IS-to-IS, it will not be advertised in IS-to-IS link state packets when the interface comes up. The workaround is to unconfigure the interface and then reconfigure it as passive after it is up. [CSCdi76431]

Wide-Area Networking

After a number of days, PRI calls might be dropped and high ISDN CPU utilization might occur. There may be some discrepancy between the show dialer that indicates free B channels available and the show ISDN service that shows all busy channels. Ultimately, a software-forced crash occurs. [CSCdi75167]
The negotiation of a PPP Callback option, passing a dial string or E.164 number, will fail due to a defect that was introduced in Releases 11.2(1.4), 11.1(7.1), 11.2(1.4)P, 11.2(1.4)F, and 11.0(12.1). The negotiation appears to complete successfully, but the callback does not succeed. The failure is seen when the debug ppp negotiation command is set. The callback option is marked "acked," but there is typically garbage on the debug line between the "allocated" and "acked" fields (for example, "PPP Callback string allocated ^]" acked). There is no workaround for this defect. The defect will be fixed in a future release of Cisco IOS software. [CSCdi77739]

Caveats for Releases 11.0(1) through 11.0(11)

This section describes possibly unexpected behavior by Release 11.0(11). Unless otherwise noted, these caveats apply to all 11.0 Releases up to and including 11.0(11). For additional caveats applicable to Release 11.0(11), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(12).

AppleTalk

Additional debugging messages need to be created for the arap logging command. A new command, arap logging debug-extensions, is proposed. This command would enable seven advanced debugging messages in addition to the traditional ARAP logging messages. [CSCdi68276]
AppleTalk domains do not operate correctly when configured on subinterfaces. The domain properties will be applied to the main interface rather than its subinterface(s). The workaround is to disable AppleTalk fast switching. [CSCdi69886]

Basic System Services

When service compress-config is configured, accessing the configuration stored in NVRAM from simultaneous EXEC sessions might leave the NVRAM locked and inaccessible. The only recourse is to reload the software. [CSCdi68092]
The command debug chat line x and parser do not display the chat script components correctly if the octal 7 or 8 bit xxx format is used to specify a byte greater than 0 x7f. [CSCdi69149]
If you have standard SunOS/Solaris Telnet servers, if the NAWS option is mistakenly sent, the Telnet server hangs instead of ignoring NAWS. [CSCdi71067]

DECnet

DECnet might fail to work properly when using an area number of 63 for layer-2 (L2) routers. If this failure happens, you might be unable to ping (DECnet) between two area routers if one router is using area 63.x. This router might report that the "attached" flag is false when you issue the show dec command, even though the show dec route command shows routes to the router.

To work around this problem, use the decnet attach override command to force the router into an attached state. [CSCdi69247]

IBM Connectivity

With a direct Escon-attached CIP, the host might "box" the CIP if the router is reloaded without the CIP being varied offline. This problem has not been seen with CIPs connected through a director or if the CIP is taken offline before the router is reloaded. The workaround is to vary the device offline before reloading the router. [CSCdi59440]
When the PS/2 link station role is configured as negotiable, the XID(3) negotiation might not complete. The workaround is to configure the PS/2 link station role as secondary. [CSCdi60999]
When running CIP SNA over DLSw, the LLC2 control blocks might not be freed even when the LLC2 session is lost and the DLSw circuit is gone. The workaround is to reload the router. [CSCdi62627]
LSAP filters and NetBIOS host filters that are applied to the DLSw remote-peer statements do not work on DLSw border routers. [CSCdi66251]
The router crashes if NSP is configured and is trying to connect back to the owning host. [CSCdi69231]
When reassembly is involved in a DLUR-managed LU-to-LU session (that is, the MTU for the downstream link to the PU is smaller than the MTU for the upstream link toward the host), and the RU size is larger than can be transmitted in a single frame (most common with IND$FILE transfers from a PU to the host), the router might reload with a memory corruption stack trace. Non-paced session stages do not handle reassembly in IBM oem code, which causes buffer overrun when reassembly is attempted.

: To work around this, disable non-paced sessions. [CSCdi69283]

When segmentation or reassembly is involved in a DLUR-managed LU-to-LU session (that is, the MTU for the downstream link to the PU is smaller than the MTU for the upstream link toward the host) and the RU size is larger than can be transmitted in a single frame (most common with IND$FILE transfers from a PU to the host), the router might reload with an "intermediate_reassembly" or a memory corruption stack trace. [CSCdi72260]
If the asynchronous balanced mode (ABM) indicator differs from the way the APPN/DLUR feature sets the indicator and the way the attached node sets the indicator, the exchange identification (XID) message will fail with sense 10160010. While there is a mismatch, this problem is usually caused by incorrect xid3 implementations or bridge implementations that do not convert the indicator appropriately. Cisco network node DLUR is removing the check because it can fail a connection unnecessarily when the xid3 would otherwise succeed. [CSCdi73143]

Interfaces and Bridging

When you perform buffer changes on a serial interface with SMDS encapsulation, the changes are not recognized after a reload. [CSCdi62516]
The source-bridge ring-number command allows you to configure a ring-number mismatch. The workaround is to make sure that all bridge devices on a ring use the same ring number. [CSCdi63700]
When a MIP card is reseated, the configuration of PPP encapsulation might be erased. This has occurred on Cisco IOS Releases 10.3(7), 10.3(8), 10.3(12), 11.0(9), and 11.1(4). [CSCdi66915]
When an Address Resolution Protocol (ARP) packet is received from the ATM interface, the router sends out a total of two ARP packets to the Ethernet interface. [CSCdi70533]

IP Routing Protocols

If the router is reloaded when the OSPF dead-interval setting is the same as the original default (40 for broadcast network and 120 for nonbroadcast network), and the hello-interval is not the default, the router does not retain the OSPF dead-interval setting even though the configuration in NVRAM shows the dead-interval set properly. The router sets a default value to the dead-interval instead of what is set in the NVRAM configuration.

: The workaround is to not set the dead-interval the same as the original default.
: When the fixed image is first loaded, the problem still happens. To resolve the problem, reconfigure the dead-interval again and perform a write memory operation. [CSCdi62640]

IPX Enhanced IGRP updates do not propagate if the MTU size is less than the IPX Enhanced IGRP packet size. [CSCdi65486]
Processing of input offset lists in Enhanced IGRP is disabled erroneously, so offset list processing is not available. There is no workaround. [CSCdi65889]
Clearing an IP host route (for example, 10.1.1.1/32) that was learned by OSPF out of the IP routing table can cause the network route (for example, 10.1.1.0/24) to take a long time to reappear in the table. This problem occurs while on a stable network and when only the net route (not the host route) exists in the table. To avoid this problem, clear the network route exactly as it appears in the IP route table, and do not clear the host route. [CSCdi70175]
Use of the Domain Naming System (DNS) Name Service for alias lookups causes the router to reload. Lookups of canonical names do not cause this problem. [CSCdi73022]

Novell IPX, XNS, and Apollo Domain

If SPX spoofing fails to send a keepalive, a traceback message will be displayed on the system console. [CSCdi69062]

TCP/IP Host-Mode Services

Remote shell protocol (RSH) commands that are executed to the router without a controlling shell will return only the first 1608 bytes of data. [CSCdi69424]
The system might reload when doing DNS name validation. [CSCdi70707]

Wide-Area Networking

In certain circumstances, when using a BRI port for backup load of a serial port and using IPX Enhanced IGRP and IPX fast switching, the router might reload with a Local Timeout or Bus Error immediately after the BRI port establishes the link. [CSCdi61504]
When parallel, nonmultilink connections exist in a dialer group, the loss of one connection will remove the route to the peer address even though one or more connections exist to forward packets to the destination. This defect occurred as a result of fixing CSCdi59425. [CSCdi67844]
When dialing in to a Cisco AS5200 from an I-Courier modem over sync ISDN and then starting a PPP session, the router might crash. This occurs only when login is done on a non-async interface and when extended TACACS is enabled. A workaround for non-async interfaces is to use AAA/TACACS+. [CSCdi68257]
If multiple, parallel connections to the same peer are made and one connection drops, the remaining connections may be unusable as packets will not be forwarded over them. [CSCdi68456]
A router configured for data-link switching (DLSw) with a Token Ring interface might send Frame Relay responses without the i-field to Systems Network Architecture (SNA) devices. This error can bring down the Logical Link Control, type 2 (LLC2) sessions. To temporarily work around this problem, reload the router. [CSCdi69576]
On certain platforms, entering an IP address configuration command while the interface is connected to a SLIP or PPP peer might cause a software-forced reload. [CSCdi69809]
A neighbor route is not installed for PPP connections over an asynchronous or a vty-asynchronous connection. [CSCdi69919]
Using TACACS+ with dialback over a rotary group causes the authorization to fail for the user when the callback script aborts or finishes incorrectly. This problem causes failover to another line of the rotary. The call is made successfully, but an internal error occurs when debugging TACACS+. [CSCdi70549]
ISDN BRI routers might have problems bringing up multiple B-channels to the same destination. The router and PBX might also get into a Layer 3 state mismatch and continuously exchange Layer 3 messages. [CSCdi71333]

Caveats for Releases 11.0(1) through 11.0(10)

This section describes possibly unexpected behavior by Release 11.0(10). Unless otherwise noted, these caveats apply to all 11.0 Releases up to and including 11.0(10). For additional caveats applicable to Release 11.0(10), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(11).

AppleTalk

A router configured with AppleTalk Enhanced IGRP takes too long to age-out routes even when the link is down, causing a long convergence time for features such as backup interface. [CSCdi62796]
When ARAP is configured, the message "%SYS-2-INPUTQ: INPUTQ set, but no idb, ptr=xxxxx %SYS-2-LINKED: Bad enqueue of xxxxx in queue yyyyy" might appear and the router might reload. [CSCdi63635]
IPTalk does not function correctly. IPTalk-speaking CAP servers cannot communicate and are not recognized on the network. [CSCdi64165]

Basic System Services

Control characters are not interpreted properly in chat scripts. [CSCdi62960]
In some cases the snmp-server party and snmp-server context configuration commands might cause a system reload. Neither of these commands verifies that the configured OID is not already in use, so it permits multiple records to be configured with the same OID, violating the rule that each record must have a unique OID. A common occurrence is to attempt to configure an initialPartyIdentity or initialContextIdentity that conflicts with the OIDs that are automatically preconfigured per RFC 1447. A workaround is to not configure OIDs that conflict with the initial party and context OIDs specified in RFC 1447. [CSCdi63694]
Cisco routers with Motorola 68000 microprocessors (such as the Cisco 7000 and Cisco 2500 series) cannot fast switch packets larger than 8192 bytes. These packets are switched at process level, a slower performance path. [CSCdi63695]
When Ethernet runt packets are received by Cisco 7500 series router processors (RSP1, RSP2, or RSP7000), a Reserved Exception crash or a QAERROR error will occur. When either of these problems happens, a switching complex restart is forced. The Reserved Exception crash has the following output:

Queued messages:
Aug 14 10:44:16: %RSP-3-ERROR: memd write exception, addr 08000000
Aug 14 10:44:16: %RSP-3-ERROR:   RSP alignment error on write to QA, addr 080000
00
*** System received a reserved exception ***
signal= 0x9, code= 0x0, context= 0x60c72fd0
PC = 0x60107514, Cause = 0x2020, Status Reg = 0x34008702
DCL Masked Interrupt Register = 0x000000ff
DCL Interrupt Value Register = 0x00000000
MEMD Int 6 Status Register = 0x00000000

: The QAERROR error has the following output:

Jun 17 10:50:23.329: %RSP-2-QAERROR: reused or zero link error, write at addr 03
08 (QA)
  log 260308C0, data A816FFFF 00000000

: [CSCdi66673]

IBM Connectivity

Some IBM LLC2 implementation devices send an RNR when they run out of buffers and drop the frame. This causes data traffic flow to halt for 30 seconds. Non-IBM LLC2 devices using IEEE LLC2 send REJ rather than RNR, thus no delay occurs. [CSCdi49447]
An SDLLC secondary router fails to respond to SNRM input frames. This problem was introduced by CSCdi51341. [CSCdi56398]
FRAS remote source-route bridging dial backup fails on SDLC-attached devices if more than one SDLC device is configured. [CSCdi61179]
If the vmac parameter is not specified in the qllc dlsw command, a Cisco 4500, Cisco 4700, or Cisco 7500 router might crash in the function QLLCTestStnReq(). [CSCdi61562]
QLLC might try to initiate a connection in the middle of activating a connection. [CSCdi62155]
DLSw NetBIOS cannot connect to Windows NT. [CSCdi62784]
A rare condition when one DLSw peer has come up while another is in the process of coming up results in the error message "IBM: Unknown L3 PID, fr_doencap failed." This is a warning message that does not prevent the DLSw peers from coming up. [CSCdi63658]
A memory leak in QLLC can result in buffer starvation on the serial interface, and can cause LAPB on the serial interface to become stuck in the RNRSENT state. [CSCdi64333]
Configuring the dlsw remote-peer cost command has no effect on peer selection. All peers displayed in the show dlsw capabilities command show equal costs. [CSCdi64537]
A router running remote source-route bridging where the input explorer queue overflows might crash with the message "%ALIGN-1-FATAL: Illegal access to low address from srb_enq." [CSCdi65489]
SNA sessions using QLLC over X.25 PVCs do not become active. The following tracebacks are a symptom of this problem:

%SYS-2-LINKED: Bad enqueue of 9600E8 in queue 88380. SNA: Alert xxxxx not sent, Focal point buffer overflowed.

: [CSCdi66340]

The router might reload when a second device tries to connect for reverse QLLC with DLSw+ local switching. [CSCdi67189]
APPN/DLUR network node with connection network defined on a port that has no other defined links and no active dynamic links can cause a reload when the connection network dynamic links are stopped and then restarted. [CSCdi67419]

Interfaces and Bridging

Incoming packets to the Hot Standby Router Protocol (HSRP) MAC address are process-switched, regardless of the route cache status on the interface. [CSCdi44437]
A router running Frame Relay crashes at bridge_enq even when bridging is not configured. This defect is fixed as CSCdi67157. [CSCdi63140]
On Cisco 2520 through Cisco 2523 router models that have dual-mode sync/async interfaces, LAPB frames are infrequently sent out of order on X.25 links. This occurs only when two of the async/sync ports are used in sync mode at the same time. [CSCdi64284]
In DCE mode, FSIP looks for DCD and DSR up before declaring that the line is up. FSIP should only look for DCD. [CSCdi64735]

IP Routing Protocols

Input queues can become full while running IP multicasts. The only way to clear them is to reload the router. [CSCdi61826]
A problem introduced in Releases 10.3(11.1), 11.0(7.3), 11.1(2.3), and 11.2(0.5) causes OSPF to crash when an OSPF external LSA with a nonzero forwarding address exists and the router has a non-OSPF route for the forwarding address. If the non-OSPF route is removed, OSPF crashes when it reprocesses the external LSA. There is no workaround for the problem. However, in general, no more than one routing protocol should be run over the same topology. If you follow this guideline, no non-OSPF route for forwarding address will exist and the router will not crash. [CSCdi61864]
Shutdown interfaces with IP addresses or static routes that point to down next-hops or other interfaces might cause the IP cache to be partially invalidated more frequently than necessary. This is particularly evident when there are multiple paths. The workaround is to remove IP addresses from down interfaces or remove static routes through down interfaces, or both. [CSCdi62877]
The router responds to a Telnet request when the destination of the Telnet is a broadcast address. [CSCdi63787]
A problem introduced in Releases 11.0(9.3), 11.1(4.2), and 11.2(0.14) might cause OSPF to fail to install an external route that has no forwarding address. This occurs if the next hop of the path to the ASBR changes and its cost increases. The workaround is to create an external LSA with forwarding address set. [CSCdi64208]
With IGRP and RIP, IP unnumbered interfaces using PPP encapsulation receive but do not process routing updates of major network summaries correctly. The major networks appear as host routes instead of network routes. This affects all IP unnumbered interfaces using PPP encapsulation that are pointing to different major networks. This affects dedicated links as well as DDR links using RIP or IGRP.

: It is also possible for a race condition to occur, where the majornet route is lost, even after it has been received and installed into the routing table.
: The workaround for this problem is a floating static route for the majornet matching the PPP-created host route using a majornet mask pointing to the PPP-created host route. For example, if the host route is 192.1.1.1, then using the following command:
: ip route 192.1.1.0 255.255.255. 0 192.1.1.1 250
: should solve the problem. [CSCdi65258]

A directly connected route might disappear from the IPX Enhanced IGRP topology table if the interface that is configured for IPX Enhanced IGRP goes down and comes back up in brief period of time, on the order of two seconds. The workaround is to issue the shut and no shut commands on the interface. [CSCdi65345]

Novell IPX, XNS, and Apollo Domain

In rare circumstances, NLSP might not report information learned from RIP and SAP. There is no workaround to this problem. [CSCdi45425]
CSCdi63412 introduced an alignment error, in particular for IPX frames routed from Token Ring networks with multiring enabled. Alignment errors occur in process-switched and certain fast-switched paths. [CSCdi63741]
CSCdi58363 introduced a problem where NLSP-learned services and SAP-learned services overwrite one another, causing unstable service table information. This is particularly a problem in networks with redundant paths. There is no workaround. [CSCdi63771]
Using IPX Enhanced IGRP can cause a memory leak when a link with an Enhanced IGRP neighbor is flapping. The SAP updates are queued and backed up, thus using increasingly more memory. [CSCdi66169]

VINES

VINES time server service might get out of sync when the system runs over 49 days. This is because only the low 32 bits of the internal clock counter are used when VINES computes network time. When network time is out of sync, it is recommended that you either disable VINES time server service for Cisco IOS Releases 10.2 and 10.3, or upgrade to Cisco IOS Release 11.0 or 11.1. [CSCdi58105]

Wide-Area Networking

On an asynchronous interface, configuring no keepalive sets keepalive 10 instead of disabling the keepalive. [CSCdi62199]
An error in the AIP microcode introduced in aip177-2/rsp_aip205-2 causes a rare condition in the microcode and causes commands from the RP/RSP to be rejected. When this happens, the following console messages are logged:

%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=1011, VPI=0, VCI=262) on Interface ATM5/0, (Cause of the failure: Failed to have the driver to accept the VC) %AIP-3-AIPREJCMD: Interface ATM5/0, AIP driver rejected Teardown VC command (error code 0x8000)

: [CSCdi62445]

Dialing in to an asynchronous line and starting a SLIP/PPP session might fail even though the same IP address was previously allocated successfully for the particular user. [CSCdi63143]
The printer printer-name line number global configuration command uses the newline-convert option as the default. There is no way to get the router to work without either the newline-convert or formfeed option. [CSCdi63342]
On the Cisco AS5200, the performance does not scale well when additional asynchronous interfaces are deployed. The symptoms include the Ethernet interface showing input drops and frequent throttles. [CSCdi65706]
PAP authentication fails when using TACACS+ as an authentication method for PPP. [CSCdi66077]
Setting a group range on a pre-11.2 group-async interface while calls are active causes all asynchronous modem calls to be disconnected. [CSCdi66297]
A Cisco 2511 might reload at _bridge_enq when no bridging is configured. When illegal bridging packets flow into Cisco routers running Release 11.0 and above, a crash might occur. [CSCdi67157]
LANE does not set up the data direct again after it has been established the first time. This problem was introduced as a result of the fix for CSCdi61979.

: Any release containing this bug should not be used in sites using LANE. The following releases are affected: 11.0(10.3), 11.1(5.3), 11.1(5.4), 11.2(0.23), and 11.2(0.24). [CSCdi68089]

Caveats for Releases 11.0(1) through 11.0(9)

This section describes possibly unexpected behavior by Release 11.0(9). Unless otherwise noted, these caveats apply to all 11.0 Releases up to and including 11.0(9). For additional caveats applicable to Release 11.0(9), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(10).

AppleTalk

MacIP server will not give an IP address to a MacIP client if the next address to give out is currently being used by a genuine IP device. The problem is the MacIP server does not skip over that IP address and assign the next available address. This causes the process to get stuck. [CSCdi61526]
According to Inside AppleTalk, 2nd Edition, page 8-18, the router should convert NBP BrRq to NBP FwdReq packets. Instead, the router sends NBP LkUp packets for nonextended networks.

: Note: For routers that are directly connected to a Phase 1 (non-Phase 2) router in compatibility mode, the appletalk proxy-nbp network zone command must be used. This will allow the router to convert the NBP FwdReq to NBP LkUp to the Phase 1 router. [CSCdi61668]

Basic System Services

Users should turn backing store ON for slow interface processors. Routers without slow interface processors suffer performance degradation during peak activity. [CSCdi57740]
More than one problem can generate a similar error message and stack trace, which can make this problem hard to trace. See also CSCdi58999, CSCdi60952, and CSCdi60921. [CSCdi58658]

IBM Connectivity

ACTPU RSP is never received by the host in a parallel SDLLC network. [CSCdi55142]
On rare occasions, CSNA Virtual Port X/2 might hang in down/down state following a Shut/No Shut or Microcode Reload of the Channel Interface. The workaround is to reload the router. [CSCdi58517]
When using APPN/DLUR in a multiple VTAM host environment and v inact,force is issued on the logical unit name from the DLUS host, proper cleanup of the existing LU-to-LU session that may have been up at the time of the inactivation does not occur. When the logical unit is reactivated, session establishment may be impaired because the application host and the DLUR believe the original session is still active. [CSCdi58699]
Directed source-route bridge frames with control field of 010 (instead of the more usual 000) are dropped. [CSCdi59100]
The QLLC features npsi-poll and proxy XID do not operate correctly for DLSw+. [CSCdi60002]
DLSw LLC Ethernet 80d5 bad frames occur after an LLC retransmission. [CSCdi60102]
APPN/DLUR might leak very-big buffers in some situations when it is retrying connections to a DLUS. The show buffer command will show a large number of very big buffers has been created and relatively few will be in use. [CSCdi60931]
The command stun schema cnt offset 0 length 1 format hexadecimal is incorrectly saved as stun schema cnt offset 0 length 1 format hexidecimal. (Note the spelling of hexadecimal versus hexidecimal.) When you try to reload, the following error is printed:

d7c#conf mem
stun schema cnt offset 0 length 1 format hexadecimal 
                                            ^ 
% Invalid input detected at '^' marker.

: If you instead try to initially enter the command with the "hexidecimal" spelling, it will not be accepted. [CSCdi60992]

When using APPN/DLUR, the Cisco network node will never set the response indicator in XID frames that it generates, even if it sends the XID frame in response to a command XID received from the partner node. There are some implementations of PU2.0 and PU2.1 devices that cannot recover from this, even though most do. [CSCdi61157]
This software fix enables DSPU/FDDI support for end-stations attached directly to FDDI media. [CSCdi61351]
Connections cannot be established when using IBM process-switched features (for example, RSRB/TCP or DLSw+/TCP) because of dropped packets.

: The symptom is that "dropped Routed protocol" messages are output when debug source-bridge error is enabled. [CSCdi62738]

IP Routing Protocols

Disabling Optimum Switching on an RSP platform has no effect. [CSCdi59203]
If an Enhanced IGRP candidate default route is overwritten by another protocol, the Enhanced IGRP topology table might be left in a state where the candidate default route will not return to the routing table. A workaround to this problem is to clear all Enhanced IGRP neighbors. [CSCdi59276]
Customer requires a RIP update to immediately be sent when a dialer interface changes from "UP & UP" (spoofing) to "UP & UP." [CSCdi59478]
A router running Enhanced IGRP (AppleTalk, IPX, or IP) that has input route filters configured, might improperly filter routes that it should install.

: Additionally, if a router running IPX-Enhanced IGRP receives an update containing an external route that was originated by the router itself, the rest of the update will be ignored.
: There is no known workaround to this problem. [CSCdi61491]

OSPF corrupts memory, which might cause the system to reload. [CSCdi61956]
A problem introduced in Releases 10.3(12.4), 11.0(9.3), and 11.1(4.2) causes an OSPF crash if there are parallel intra-area paths. [CSCdi62870]

ISO CLNS

A router reload might occur when CLNS traffic is fast-switched. This regression affects 10.3(12) and 11.0(9) maintenance releases. [CSCdi57629]
A router running IS-to-IS will not clean up its adjacency database properly when switched from being a level-1/level-2 router to being level-1 only. A workaround is to manually clear the adjacency database (using the clear clns neighbors command) on the reconfigured router and on all of its neighboring routers, or restarting the router. [CSCdi58953]

Novell IPX, XNS, and Apollo Domain

IPX SPX spoofing might fail when using RPRINTER across a spoofing interface. [CSCdi42806]
IPX SNMP requests sent to the router might accumulate in the input queue when SNMP is disabled. These packets are not processed, possibly causing full input queues. [CSCdi57589]
Issuing a no ipx router eigrp autonomous-system-number command might cause the router to reload if there are a lot of SAPs in the router and the SAP table is changing. [CSCdi60174]
Defining a static IPX route using the peer address of an IPXWAN neighbor might fail with a message about multicast addresses. The workaround is to avoid using 8-digit IPX internal network numbers that have an odd numbered first byte. An IPX internal address of seven digits or less will not give this error message. [CSCdi61993]
CSCdi58363 introduced a problem where NLSP learned service and SAP learned services overwrite one another causing unstable Service Table Information. This is particularly a problem in networks with redundant paths. There is no workaround. [CSCdi63771]

VINES

VINES clients running Oracle application programs cannot make connection to a server due to packet reordering when vines route cache is enabled. A suggested workaround is to use process switching for those applications that cannot handle out-of-sequence packets. [CSCdi59059]

Wide-Area Networking

When authentication is not configured and different phone numbers are dialed to add bandwidth for dialer load balancing or multilink PPP, additional links might not be added to the correct group or bundle. This can result in lower than expected performance for dialer load balancing. The result for multilink PPP is no data transfer at all. The workaround is to configure authentication and put the name of the remote system in the dialer map name field. [CSCdi46872]
IP route configuration commands accept Group-Async interfaces as an interface parameter. This causes crashes in the asynchronous dialer. [CSCdi58223]
Serial lines with SMDS encapsulation may take SegV catastrophic failures when enabled after reboot. There is no workaround. [CSCdi60761]
The amount of free system memory might decrease when using the command dialer hold-queue over an ISDN interface. [CSCdi63716]

Caveats for Releases 11.0(1) through 11.0(8)

This section describes possibly unexpected behavior by Release 11.0(8). Unless otherwise noted, these caveats apply to all 11.0 Releases up to and including 11.0(8). For additional caveats applicable to Release 11.0(8), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(9).

Basic System Services

Under some conditions, SNMP queries of the CISCO-ENVMON-MIB can cause the system to reload. This reload occurs when an SNMP get-request is received that tries to retrieve instance 0 of an object in the ciscoEnvMonSupplyStatusTable. Since the instances of this table start with 1, the correct processing is to return a noSuchName error (or noSuchInstance if SNMPv2 is used). A workaround is to not use SNMP get-requests that specify instance 0 for objects in the CISCO-ENVMON-MIB. Instead, applications should either use SNMP get-requests starting with instance 1, or else use SNMP get-next-requests or get-bulk-requests. [CSCdi55599]

Access Server

Asynchronous lines can become stuck in "Carrier Dropped" state when running TACACS+ against a slow TACACS+ server. Only a reload can make the lines usable again. [CSCdi54618]
SLIP/PPP asynchronous interfaces will sometimes be in a "Carrier Dropped" state. This might occur more often with slow TACACS servers. [CSCdi57344]
In a Cisco 2511, groups of four ports might have data set ready (DSR) behaving in unison to a single stimulus. Reloading the router is the only workaround. [CSCdi49127]

DECnet

When DECnet conversion is enabled, discard routes are inserted into the Connectionless Network Service (CLNS) routing table. [CSCdi40503]

EXEC and Configuration Parser

The AUX port in Cisco 2520 through Cisco 2523 routers cannot be configured for asynchronous services. [CSCdi56563]
The write memory and copy running-config startup-config commands now work at privilege level 15. Other write and copy running-config commands still operate at the user's current privilege level. [CSCdi55809]

IBM Connectivity

QLLC devices that are connected through a router using QLLC/LLC2 conversion might occasionally experience poor response time. [CSCdi44923]
Automatic Spanning Tree (AST) is affected in some mixed vendor bridge environments. A hidden option has been added to the source-bridge spanning command: message-age-increment. This option assists message age count manipulation. This hidden command may be needed in environments where the existing max_age is insufficient for network diameter and max_age is not configurable by vendor bridges. [CSCdi53651]
If two Token Ring interfaces are attached to the same physical Token Ring and either an all routes explorer is generated on that ring or a packet is received with a RIF that indicates that the packet should go back onto the Token Ring it originated on, a bridge loop will be created and cause router CPU to rise as well as increase ring utilization. The workaround is to issue a clear rif command. [CSCdi55032]
Issuing a no source-bridge remote-peer command causes the router to reload. [CSCdi55919]
Connection to DLU (DSPU or APPN) across RSRB might fail when remote SAP address is not enabled at the destination router. The workaround is to enable remote SAP address. [CSCdi56660]
DLSw FST encapsulation does not work over a WAN Token Ring or FDDI. [CSCdi57207]
Multiple qllc dlsw commands cannot be configured. [CSCdi55749]
The APPN DLUR router might unbind logical unit sessions with the DLUS and the downstream node if fixed pacing was enabled on the session bind request from the DLUS. If this is the case, when you attempt to log on from the downstream device, the USS message 7 with a sensec code of 0835 0009 might be displayed. [CSCdi57729]
The APPN router might unbind an LU6.2 session after receiving an unsolicited IPM with a non-zero next-window size. [CSCdi57730]

IP Routing Protocols

There is a small delay between the time OSPF marks an LSA as deleted and the time the LSA is actually removed. Within this small window, if OSPF receives an old copy of the LSA which has a higher sequence number, probably from some new neighbors through database exchange, OSPF will be confused and will not be able to remove the LSA. The self-originated LSA will be stuck in the database. The stuck LSA is removed automatically when the router regenerates a new instance of the LSA. [CSCdi48102]
OSPF puts incorrect information in the source field for a stub route. This information prevents BGP from advertising this stub route to a peer because the route is not synchronized. [CSCdi49377]
Attempting to copy an empty startup configuration to the network will cause the router to reload. [CSCdi58040]

ISO CLNS

There is no method for altering the transmission rate of IS-to-IS link state packets in cases where the rate would add undue load to the receiving system. There is no workaround for this problem. [CSCdi54576]
If IS-to-IS is running, a CLNS static route is configured that points to a point-to-point interface on which IS-to-IS is not configured, and the static route is removed, the system may crash.

: A workaround is to either disable IS-to-IS before removing the static route or enable IS-to-IS on the interface before removing the static route. [CSCdi56815]

Under situations of extreme load, IS-to-IS and NLSP might cause packets to be dropped unnecessarily. There is no known workaround to this problem. [CSCdi58433]
If a non-Cisco router running IS-to-IS on a level-1-only circuit is also sending ES-to-IS End System Hello (ESH) messages, it is possible for the Cisco router to not recognize the other router.

: A workaround is to filter out the ESH packets using the clns adjacency-filter es configuration command in conjunction with an appropriate filter set (which should specify a wildcard, "**", in the last byte of the address). [CSCdi58621]

Novell IPX, XNS, and Apollo Domain

If there are more than 42 neighbors on a single LAN interface, IS-to-IS and NLSP will be unable to establish neighbor adjacencies. The workaround is to limit the number of neighbors to 42 or less. [CSCdi56547]
The IPX SAP table might not accurately reflect SAP entries learned locally if IPX Enhanced IGRP and IPX RIP/SAP is configured at the same time. Some of the SAP entries might show up on the SAP table as Enhanced IGRP derived rather than RIP/SAP derived even when the local LAN where the problem SAP sourced is not running Enhanced IGRP. [CSCdi56588]
A Cisco 2500 series router running IPX with NLSP on Release 11.0(8) and 10.3(11) might reboot intermittently. Time between reloads can vary between a few hours and a few days. [CSCdi57683]
The router might reload when running IPX Enhanced IGRP due to illegal access to memory. [CSCdi57728]
Under obscure circumstances, some IS-to-IS and NLSP link-state packets (LSPs) might not be transmitted on some point-to-point interfaces. There is no workaround to this problem. [CSCdi58613]

Protocol Translation

When doing large file transfers on VTY-asynchronous interfaces, which must cross an X.25 network with large RTT, an aggressive TCP implementation can cause return traffic on the VTY-asynchronous interface to be delayed. [CSCdi54905]

Wide-Area Networking

When authenticating to a peer using Password Authentication Protocol (PAP), the username password might be sent to a peer that is not authenticated. Currently there is no mechanism to disable outbound PAP. This problem can represent a security risk. [CSCdi49278]
A heavily loaded X.25 link that is experiencing congestion can, under rare conditions, enter a state where it oscillates between sending a RNR and a REJ. [CSCdi55677]
With ILMI-resolution of the switch portion of ATM NSAP addresses, an attempt to place a multipoint call to a destination can occur (and with PIM, always will occur) before the switch part of the address is discovered. This leaves the router in a state where it will never place calls to that static map again. To work around this, do not use ILMI negotiation. [CSCdi55904]
If the router receives an incoming ATM SVC call with an SDU size incompatible with the configured MTU on the ATM interface, the router might crash. This problem is present in Releases 11.0(8.3), 11.0(8.4), 11.1(3.1), and 11.1(3.2). If the router is generating the following warning messages in earlier releases, it is likely that the defect will affect them if the images from the releases listed earlier are installed:

%ATM-4-MTUCALLMISMATCH: Incoming call has mismatched maximum transmission unit

: To work around this, reconfigure the remote device with the correct SDU size. [CSCdi57676]

Caveats for Releases 11.0(1) through 11.0(6) and 11.0(7)

This section describes possibly unexpected behavior by Releases 11.0(6) and 11.0(7). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(7). For additional caveats applicable to Releases 11.0(6) and 11.0(7), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(8).

AppleTalk

Multiple Cayman tunnels do not work because routes do not arrive correctly from the remote side of tunnels. To work around this, use only one Cayman tunnel. [CSCdi50981]

Basic System Services

A router containing a CIP card does not become fully operational when Cisco IOS software is loaded. [CSCdi51441]

Access Server

A busy access server sometimes pauses indefinitely, indicating an invalid address error. This is usually seen in environments where a number of short duration modem calls are answered. A workaround is to configure modem answertimeout 10. [CSCdi48100]

IBM Connectivity

A router running RFC 1490 support over Frame Relay does not properly swap the direction bit in the RIF frame. [CSCdi36042]
When two or more routers are connected to the same Token Rings, and each uses source-route bridging (SRB), a station on one of the rings might choose a non-optimal route with a path through both routers. In typical (large) networks, this behavior might result in explorer storms as well as suboptimal routes. [CSCdi45116]
An incorrect timer reference causes explorer frames to be flushed on interfaces, even though the maximum data rate for explorers on any interface does not exceed the maximum data rate for explorers. [CSCdi47456]
Low-end platforms will cache invalid RIF entries when using any form of the multiring command. This can also be seen in the DLSw reachability cache and possible loops with LNM. [CSCdi50344]
RSRB will not declare that a peer is dead until keepalive times out. Therefore, for RSRB to detect the dead peer so that the ring list can be cleaned up properly, the keepalive value should be set as small as possible. [CSCdi50513]
Peer on Demand peers (peers that learn of each other through Border Peers) do not connect. The options inactivity timeout and lf lfsize should be added to the dlsw peer-on-demand-defaults command. [CSCdi50574]
Removing DLSw configuration by configuring no dlsw local-peer and adding the DLSw configuration back can cause a memory leak in the middle buffer. [CSCdi51479]
Applying a source-bridge output-lsap-list to a Token Ring interface when source-bridge explorer-fastswitch is enabled might cause packets permitted by the output-lsap-list to be dropped. The workaround is no source-bridge explorer-fastswitch. [CSCdi51754]
When a very large number of I-frames are sent by an end station to a DLSw router at the same instant, the following message might appear on the console:

DLSW:CPUHOG in CLS background, PC=0x60549f3c

: Because the CPU is occupied by the CLS background process for a period of time, protocols that involve polling can lose their connections because of poll starvation. [CSCdi52382]

Interfaces and Bridging

A router might pause indefinitely when the configuration command encapsulation ppp is entered for Async-Group Interfaces. The configuration command async mode dedicated has the same effect. [CSCdi53185]
Asynchronous TTY lines on Cisco 2509 through Cisco 2512 devices sometimes stop answering new modem calls. The show line x command output shows the line with modem state in Idle and Hanging-up. A workaround is to configure sessiontimeout 0 for asynchronous lines. [CSCdi54196]

IP Routing Protocols

Running multiple Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) autonomous systems might consume all available memory in the router. [CSCdi36031]
If two IP-Enhanced IGRP autonomous systems are configured, and an interface address is changed so that the interface moves from one autonomous system to the other, Enhanced IGRP will fail to operate on that interface. The workaround is to delete the IP address (using the no ip address command) before configuring the new address. [CSCdi52078]
Under certain conditions, Enhanced IGRP may stop transmitting packets. This may manifest itself as large numbers of routes repeatedly Stuck-In-Active. The workaround is to unconfigure and restart enhanced EIGRP, or reload the system. [CSCdi53466]
Regular expressions longer than 59 characters in the ip as-path access-list configuration command will cause the router to reload. [CSCdi53503]
Enhanced IGRP will stop working on an interface if the interface goes down for some reason and then comes back up. There is no workaround to this problem. [CSCdi53903]
Because of an uninitialized variable, multipoint GRE tunnels in Releases 10.3 and 11.0 might allow non-IP network protocols to be forwarded to all endpoints of the tunnel. This can give the perception that non-IP protocols are capable of being routed over the multipoint tunnel in these versions. Only IP multipoint tunnels are supported in these versions. In Release 11.1, routing IPX over GRE multipoint tunnels does not function. [CSCdi54192]

Novell IPX, XNS, and Apollo Domain

The default for ipx eigrp-sap-split-horizon needs to be changed to off. [CSCdi55576]

VINES

VINES SRTP on serverless segments running Release 10.3(8) do not send the redirect to the correct network number (layer 3) address. The workaround is to turn off VINES redirects on the serverless segment interface. A sniffer trace of this packet will show "abnormal end of Vines SRTP." [CSCdi50536]

Wide-Area Networking

Under certain conditions, the router can reload with the message "System was restarted by error - Illegal Instruction, PC 0x300D646." This problem is related to ISDN. There is currently no workaround. [CSCdi45085]
With synchronous dial-on-demand routing (DDR), the dialer does not respect the enable-timeout before trying a second dialer map. The dial command is lost when the modem is initializing. [CSCdi46421]
In some failed CHAT script operations over asynchronous interfaces, data can be left in an inconsistent state, sometimes causing a reload to occur during later operations. [CSCdi47460]
If a backup interface is brought up, a floating static route will point through the backup interface to the remote node and network. When the original interface comes back up, the floating static route is removed. The backup interface will not see any traffic and an idle timeout will bring down the backup connection. If, however, the original interface comes back up before the backup connection is complete, the floating static route will have been removed and a neighbor route will be added to the peer address. This route will carry routing updates to the peer over the backup and thus reset the idle timeout with each packet. The backup interface will never disconnect. This behavior was not present before Release 11.0(3). [CSCdi50489]

Caveats for Releases 11.0(1) through 11.0(5)

This section describes possibly unexpected behavior by Release 11.0(5). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(5). For additional caveats applicable to Release 11.0(5), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Releases 11.0(6) and 11.0(7).

Basic System Services

Free memory will slowly decrease on a router that is bridging IP and that has more than one interface with the same IP address. [CSCdi44023]
Under heavy load conditions, it is possible for a Cisco 2509 through Cisco 2512 access server to pause indefinitely and report a bus error. [CSCdi47190]
When the router attempts to write a core file, it pauses indefinitely. [CSCdi47877]
The EEPROM in some chassis interfaces is misprogrammed. A show diag command indicates that the chassis interface has "07" in the first byte of the EEPROM, instead of "01." The system software does not recognize the chassis interfaces. At boot, the following message appears:

%CI-3-CTRLRTYPE: Wrong controller type 10 %CI-4-NOTFOUND: Chassis Interface not found

: The output of the show version command indicates:

WARNING: Chassis Interface not present

: When these messages appear, the show environment commands do not work, and no environmental monitoring takes place. [CSCdi48075]

Access Server

The service hide-telnet-address command does not hide the telnet address in the Connection closing message. The busy-message command does not suppress a Connection closing message. [CSCdi47740]

DECnet

DECnet Phase IV to Phase V conversion can introduce erroneous area routes into ISO-IGRP if there are DECnet L2 routes on the DECnet side. These area routes appear as "AA00," and are propagated to other routers. [CSCdi47315]

IBM Connectivity

When source-route transparent (SRT) bridging is configured on the router, calls to management functions related to source-route bridging, specifically CRS, might not work correctly. [CSCdi42298]
When the FEP initiates a QLLC connection, the virtual circuit is established, but the XID negotiation does not proceed to completion. The router sends XID responses as commands, rather than responses. There is no workaround. [CSCdi44435]
A router might crash if running QLLC and using remote source-route bridging (RSRB) over a serial line to provide the Logical Link Control, type 2 (LLC2) connection from QLLC to an end station or host. The crash only occurs if multiple changes are made to the encapsulation type on the RSRB serial line. [CSCdi45231]
When concurrent or multiple link activations are requested from or to the same interface or service access point (SAP) of a Cisco Link Services (CLS) user (typically APPN or DSPU) to multiple devices, some of the link activations might fail in random fashion. The problem is more likely to be evident in networks where test polls are outstanding for longer periods of time and many links are auto-activated at the same time. [CSCdi46491]
A Cisco router might report inaccurate traffic statistics. In particular, nonbroadcast frame counts might be incorrect if the router is acting as a source bridge on a Token Ring. [CSCdi46631]
A Cisco Link Services component (such as APPN or DSPU) might be unable to reconnect after it is disconnected when running over a CLS controlled by a locally acknowledged RSRB connection. This problem only affects reconnecting after an LLC2 outage when the RSRB peer remains up throughout the disconnection and reconnection process. [CSCdi47275]
If the router receives a source-bridge packet with bit 2 of the routing control field set (for example, 28), the router might send back an invalid bridge path trace report frame intended for the source of the original frame, but directed to a group address instead. This might cause congestion. [CSCdi47561]
A downstream physical unit (DSPU) sometimes retries connecting to the host too rapidly, with as many as 60 tries per second, flooding the host with XID packets. This problem causes the NetView log to get congested and run out of storage, which might bring down the host. [CSCdi47803]
If DLSw with FST is configured, an LLC2 session should not be set up. [CSCdi47888]
A DLSw SDLC ABM bit is not turned off in xid(pn) [CSCdi47942]
When proxy explorer and proxy NetBIOS are configured, looped RIFs might be created. The only workaround is to disable the feature. [CSCdi48577]
Under extreme traffic load, CLSi may deliver packets to DLSw out of sequence (LLC sequence). In some environments, including PU4/5-to-PU4/5, this will cause the receiving end station to disconnect. [CSCdi48915]
When attempting to run APPN over Frame Relay, the router generates error and traceback messages: "APPN-6-APPNSENDMSG," "APPN-7-APPNETERROR," and "SYS-2-BADSHARE." [CSCdi49162]
The number of downstream physical units supported should be increased from 256 to 1024. [CSCdi49448]
Connections to a host cannot be established from a DSPU using virtual telecommunications access method (VTAM) through a Cisco 3172 Channel Interface Processor (CIP). [CSCdi49872]
If peer A and peer B are DLSw priority peers (the keyword priority is on the remote peer definition), and peer A is reloaded, peer B might crash. [CSCdi50155]

Interfaces and Bridging

Transparent bridging and the HSRP protocol cannot be simultaneously enabled on Fast Ethernet interfaces. Random crashes resulting in image or memory corruption will occur. [CSCdi48646]

IP Routing Protocols

Routers may be misconfigured to assume that a particular autonomous system is in a confederation when it is not. This misconfiguration causes the confederation information that is inside the autonomous system path to be propagated. The workaround is to configure the router correctly. [CSCdi46449]

Novell IPX, XNS, and Apollo Domain

When an Enhanced IGRP route is advertised back into RIP, the delay within the Enhanced IGRP cloud is not taken into account properly in the TICS value of the route when it is redistributed into RIP. The RIP advertised route might then appear to be closer than it really is. [CSCdi49360]
When an interface goes down, services that are not learned over that interface are marked as down, possibly causing excessive SAP packet generation as packets are first flooded as down, then learned, and flooded again as new. [CSCdi49369]
If IPX Enhanced IGRP is running, the command sequence interface serial / no ipx network / no ipx routing might cause the router to reload. [CSCdi49577]

TCP/IP Host-Mode Services

Under unknown circumstances, random lines on an ASM will pause indefinitely in the Carrier Dropped state. The only way to clear the line is to reload the ASM. [CSCdi44663]
Opening hundreds of simultaneous Telnet connections from a TTY or VTY can cause the software to reload with a watchdog timeout error. [CSCdi47841]

VINES

VINES servers located downstream might unexpectedly lose routes that were learned via Sequenced Routing Update Protocol (SRTP). This behavior results from improper handling of network sequences numbers by the system. Issuing a clear vines neighbor or disabling SRTP are suggested workarounds. [CSCdi45774]
A Cisco router reloads when it receives incorrectly formatted Interprocess Communications Protocol (IPC) packets from the VINES application software "Streetprint." The VINES IPC length field should contain the number of bytes that follow the long IPC header in a data packet, but Streetprint incorrectly set the IPC length in each IPC message to the total number of bytes of all IPC messages. [CSCdi47766]

Wide-Area Networking

When a LAN Emulation (LANE) client becomes nonoperational, the subinterface state remains in the Up state. This causes routing tables to retain routes longer than normal. These routes remain until the configured routing protocol discovers (via neighbor discovery or holddown) that the subinterface has gone deaf. Static routes are discouraged on LANE interfaces, because the route will always be advertised. [CSCdi36121]
When routing an X.25 call request packet containing a Calling/Called Address Extension facility; the Calling/Called Address Extension facility might be modified. [CSCdi41580]
An X.25 interface might hang if the Link Access Procedure, Balanced (LAPB) layer gets stuck in the RNRsent state. This might occur if virtual circuits (VCs) receive encapsulated datagram fragments that are held for reassembly, and the number of these fragments approaches the interface input queue count. The LAPB protocol will not exit the RNRsent state until the number of held buffers decreases. This condition can be cleared if a shut /no shut is performed on the interface, or if the other end of the LAPB connection resets the protocol. [CSCdi41923]
Under some unknown conditions, an ISDN B-Channel might fail to disconnect. The PPP Keepalive feature detects the partially disconnected link and repeats the message "exceeded max retries taking LCP down," every few minutes. [CSCdi48111]
If parallel connections are made to a dialer group or ISDN interface that use the same IP address and a neighbor route is necessary, the neighbor route will be added for the first connection only. Subsequent connections will detect that a route already exists and not add another route. This will work until the first connection closes and its neighbor route is removed. The other connections will remain open but there will be no neighbor route installed for them. This problem applies to parallel connections, not to multilink bundles. [CSCdi49007]
If aaa new-model (for example, TACACS+) is enabled, you cannot specify callin on the PPP authentication configuration line. [CSCdi49280]
Cisco IOS Release 11.0(6) and Release 11.1(2) contain a fix for an emulated LAN defect. If you deploy Release 11.0(6), Release 11.1(2), or Catalyst 5000 ATM software release 2.1 or later releases in your network, and you use emulated LAN bridging features, you must upgrade the Cisco IOS software in all routers and Catalyst 5000 switches in your network to use a version of Cisco IOS software that contains the fix. Failure to upgrade all devices in a particular emulated LAN will result in interoperability problems between Cisco devices.

: If you choose to continue to use Cisco IOS Release 11.0(5), Release 11.1(1) or earlier releases, the Catalyst 5000 requires ATM software release 1.1. [CSCdi49790]

Caveats for Releases 11.0(1) through 11.0(4)

This section describes possibly unexpected behavior by Release 11.0(4). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(4). For additional caveats applicable to Release 11.0(4), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(5).

AppleTalk

When AppleTalk packets go through ARAP, the destination address might be set incorrectly to use a multicast address instead of a unicast address. [CSCdi44145]

Basic System Services

When authenticating using TACACS or extended TACACS with Password Authentication Protocol (PAP) on an interface that is not an asynchronous line, the system might reload if the principal's username and password also exist in the local database. [CSCdi45530]
TACACS+ does not send accounting stop requests. [CSCdi46519]
Using HSRP in heavy traffic situations can cause RSP-3-ERROR reports and cBus resets. [CSCdi46654]
Upon process completion, the scheduler leaks a small amount of memory. In routers that have many processes, such as IPX, the memory leak can be significant. When the router runs out of memory a crash is possible. There is no workaround. Note that this problem only affects Releases 11.0(4.2) and 11.0(4.3). [CSCdi47177]

Access Server

The TN3270 feature might crash if a terminal width greater than 100 characters is configured before connecting to a host application. [CSCdi44586]
The line printer daemon incorrectly aborts a job if the control file sent from the host identifies it as a postscript job. [CSCdi45881]
When PPP is started from the EXEC prompt, TACACS+ can be used to override the entered or locally configured peer IP address. At this point, the new peer IP address from TACACS+ is ignored. During IPCP negotiation, another attempt to override the peer IP address succeeds.

: When SLIP is started from the EXEC prompt, TACACS+ is not able to override the entered or locally configured peer IP address. [CSCdi46898]

DECnet

Switching DECnet Phase IV packets might be slow when the packets must traverse a Phase V cloud, that is, when a DECnet IV/V conversion is involved.

An illustration of this problem can be seen by issuing a SET HOST command from one Phase IV host to another over a Phase V cloud, and noticing that the connection can take about a minute to complete. Normally this operation should take a few seconds. [CSCdi38569]

IBM Connectivity

On low-end systems if the router interface is DTE, and a router reload occurs, SDLC packets are identified as HDLC packets by the serial driver until a shut / no shut command sequence is issued on the interface. This problem causes occasional packet drops without any trace if a byte pattern matches that of another protocol and can also cause serious performance problems. [CSCdi43686]
Frame Relay AutoInstall with dlsw bridge-group 1 in the router configuration can cause the router to reset and display the error message "Exception: Software forced crash at 0x." [CSCdi44169]
When running DLSw+ Frame Relay encapsulation in a nonpass-through mode, NetBIOS stations might time out. This happens when the NetBIOS stations have NetBIOS retries and timeout values lower than the default values. The default values are typically a retry value of 8 ms and a timeout value of 500 ms. Increasing the NetBIOS retries or the timeout value eliminates this behavior. [CSCdi45362]
DLSw peers configured with direct encapsulation will not be connected. To work around this, use TCP encapsulation. [CSCdi45411]
A router configured for QLLC support of a PU 2.0 to a host might ignore the null XID response from the host and not send the XID T2 on behalf of the controller. [CSCdi45514]
A router running APPN ping traffic for extended periods of time will crash intermittently at CepPongRequest. [CSCdi45974]
A router configured for DSPU crashes at _CLSCepCheck while making DSPU configuration changes. [CSCdi46820]

Interfaces and Bridging

Changing the encapsulation on a dialer interface after entering the command no dialer in-band causes the router to reload. To prevent this problem from happening, do not remove the dialer type from the configuration. [CSCdi44101]

IP Routing Protocols

IPX routing by RIP or Enhanced IGRP might fail on primary serial interfaces when there are subinterfaces of that primary serial interface configured for IPX routing before the configuration of the primary interface for IPX routing. [CSCdi44144]
Enhanced IGRP might announce IP summary routes with a wrong metric (a value too high). This can cause networks to be unreachable. [CSCdi46290]

Novell IPX, XNS, and Apollo Domain

Clearing the SPX spoofing table using the clear ipx spx-spoof command or by removing the ipx spx-spoof command from the last interface left spoofing can cause a system reload. [CSCdi43117]
Where there are several SAP entries in the network, if ipx sap-incremental is configured, a router might end up with fewer SAP entries than actually exist when the interface goes down and is brought up later. [CSCdi46224]

Protocol Translation

A TCP-to-LAT/X.25 translation that uses an access-class option, which specifies an extended access list can cause the router to reload. Extended access lists are not permitted with the translate command. [CSCdi44853]

TN3270

TN3270 does not assume the appropriate 132x27 dimensions when set up as a MOD5. [CSCdi44497]

Wide-Area Networking

TCP header compression over PPP is not functioning. This also affects asynchronous dialer interfaces. To work around this, turn off IP TCP header-compression. [CSCdi19199]
When using a Cisco 2500 series terminal server with PPP, packets are allowed to pass after IP Control Protocol (IPCP) has completed negotiation, but before the interface is declared to be up. This can cause problems with applications that send out immediate requests; the response might be dropped by the terminal server because the interface is down. The workaround is to place a slight pause after IPCP is negotiated but before sending requests. [CSCdi37400]
Clearing an asynchronous dialer interface will prevent subsequent calls from being made over that interface. A shutdown command is needed to allow calls to be made again. [CSCdi43794]
When LAPB or X.25 encapsulation is configured, it is possible for the lapb n1 xxx command to disappear from the working configuration and for N1 to fall back to the default. This might occur after an interface reset or a router reload. [CSCdi44422]
Under unknown conditions, a debug PPP packet might cause the router to stop processing packets. [CSCdi45322]
The dialer load threshold command does not choose between the outbound and inbound thresholds correctly. The workaround is use dialer load-threshold inbound. [CSCdi45593]
When using ATM without declaring any PVCs, but with an ARP server declared, the router might crash. The workaround is to always declare the signaling VC before attempting to configure an ARP server. If a PVC is present at any point after boot, deleted, and the ARP server declared, no crash occurs. If the configuration is written to NVRAM, there will be a crash on boot. [CSCdi45733]
Using the frame-relay payload compression command disables the parse-tree for all commands after the frame-relay map statement. [CSCdi45797]
A serial interface running with X.25 encapsulation under heavy load can stop sending Link Access Procedure Balanced Receive Ready packets. The X.25 switch sends I-frames until the window is full. After 3 seconds, when the switch sends a frame with the poll bit set, the frame is rejected and the traffic continues. [CSCdi46024]
If you configure dialer-list # protocol ip permit on an asynchronous/PPP backup interface, the routing protocol is not sent to the interface after it has gone from standby to up/up spoofing and does not initiate a dialout for DDR. This also occurs on synchronous serial DBU interfaces.

: One workaround is to configure SNMP or syslog to a host on the remote side. An SNMP trap is required for snmp-server host x.y.z.w, or a console message to logging host, but will initiate a dialout. [CSCdi46312]

In dial-in only ISDN or rotary group configurations, fastswitching might cause packets to be sent on the wrong interface. To work around this problem, disable fastswitching, or configure a phone number on the dialer maps. [CSCdi47701]

Caveats for Releases 11.0(1) through 11.0(3)

This section describes possibly unexpected behavior by Release 11.0(3). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(3). For additional caveats applicable to Release 11.0(3), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in Release 11.0(4).

AppleTalk

Issuing a show appletalk route network where network is an AppleTalk proxy network causes the system to halt. [CSCdi44235]

Basic System Services

The router might pause indefinitely if a single process fails to update its event timers. [CSCdi44073]

IBM Connectivity

DSPU sends TEST (P) in response to a NULL XID (P) on Connect-ins. This causes problems with some LLC2 implemenations. [CSCdi40809]
In rare cases, the router's serial interface driver software will drop SDLC frames with bit patterns identical to HDLC LEX frames. This problem has been observed on interfaces using STUN-basic encapsulation with non-IBM SNA data traffic (for example, COMM10 CNS protocol). There is no indication in the router when this problem occurs. The router does not increment the interface "drop" counter or the STUN "drop" counters. Detection is only possible with a media tracing tool. [CSCdi41558]
The Find Name NetBIOS broadcast is sent from all the Token Ring interfaces even though the proxy-explorer and NetBIOS name caches are configured on the interface. To workaround this, run a previous software version. [CSCdi41972]
The number of LLC2 sessions allowed in the router is artificially limited. Also, a count of the number of LLC2 sessions should be seen in the banner of the show llc2 command. [CSCdi42181]
Two new global commands that add keepalive support are now available:
- [no] bstun remote-peer-keepalive [n]
where n is the time period between keepalives in seconds.
- [no] bstun keepalive-count [count]
where count is the number of keepalive periods to expire before declaring the TCP session down.

: The keepalives can be viewed using the debug command debug bstun event, for example:

BSTUN: Received Version Reply opcode from (all[2])172.16.12.2/1976 at 1360 
BSTUN: Received Version Request opcode from (all[2])172.16.12.2/1976 at 1379 
BSTUN: Received Version Reply opcode from (all[2])172.16.12.2/1976 at 1390
[CSCdi42960]

Running QLLC/LLC2 conversion in the router sometimes results in a memory leak during connection establishment. [CSCdi43119]
When an SDLLC or QLLC virtual ring is configured, explorers might be incorrectly forwarded to the interface corresponding to the third ring in the RIF. [CSCdi43378]
When using FRAS or DLSw, large delays might be seen in SDLC session startup for PU 2.0. One workaround is to configure the router so that SDLLC starts the timer. The SDLLC configuration can then be removed, and the timer will continue on the five-second dispatch interval. [CSCdi43856]
SRB bridged packets might be dropped if the router is configured for RSRB direct and priority or custom queueing is enabled on the output serial interface. The workaround is to disable priority or custom queueing on the serial interface. [CSCdi44430]

Interfaces and Bridging

If two routers are on a ring, it is possible for the OSPF neighbors to disappear because the IP process does not receive the multicast packet for OSPF hellos. [CSCdi38185]
For a given bridge table entry, bridging might not forward packets sourced from that address destined for a particular device, but forward others. This can be seen by the show bridge nnnn.nnnn.nnnn TX count incrementing, but the RX count staying constant. To work around this, issue a clear bridge command. [CSCdi42445]
When configuring SLIP or PPP framing on the auxiliary port of a router, a "Low memory modified by Input Helper" message appears in system error log. [CSCdi43970]

IP Routing Protocols

In rare circumstances, the router might reload while fast switching over a DDR interface. [CSCdi42068]
MAC burned-in-addresses (BIA) can sometimes replace the HSRP group MAC address for the HSRP IP address in the ARP table. [CSCdi43875]

VINES

The system might halt unexpectedly after issuing a clear vines neighbor command. [CSCdi42431]
An SRTP update sent in response to a client request for specific networks will omit the last network specified in the request. [CSCdi44517]

Wide-Area Networking

TN3270 and Telnet user sessions can be dropped unexpectedly from the Cisco 2509 and Cisco 2511 access server asynchronous ports because of an inactivity timeout. [CSCdi41542]
"ATM failed to create VC" errors can occur because an ATM switch assigns VPI/VCI numbers outside the ranges that can be accepted by the router. The workaround is to manually set the VPI/VCI space on the switch. [CSCdi42518]
Hardware flow control might be inadvertently disabled on the Cisco 2509, 2510, 2511, and 2512 asynchronous ports after issuing a configure network or a copy tftp running-config command. To restore flow control, issue the line configuration command flowcontrol hardware on all lines. [CSCdi43306]
If the remote end of the connection (the peer) attempts to authenticate with PAP, and no authentication of the peer is attempted, the authentication will appear to succeed, but none of the NCPs (such as IPCP or IPXCP) will begin negotiation. The peer will think the link is up and the local end will think the link is down. [CSCdi43514]
Certain configurations of IP address pooling commands will cause IPCP to reject an IP address suggested by the peer. Typically, no peer address will be negotiated and IP connectivity might be broken. Debug statements corroborate that IP address pooling is involved even if no ip address-pool or peer default ip address statements have been entered.

: This problem can be avoided if each PPP interface is configured correctly for a peer address, for address pooling, or with pooling explicitly disabled. The commands to configure pooling (local or DHCP) are site-specific.
: If a fixed peer address is acceptable, it can be set with the command peer default ip address a.b.c.d where a.b.c.d is the IP network address of the peer. Note that this command replaces the command async default ip address a.b.c.d for asynchronous interfaces, but applies to all PPP and SLIP interfaces including ISDN interfaces.
: Pooling can be explicitly disabled on an interface by issuing the command no peer default ip address.
: This command has no other effect and can be replaced later with an appropriate address pooling configuration. [CSCdi43677]

The router reloads if the interface subcommand async mode dedicated is configured for a group asynchronous interface. [CSCdi44030]
When fast switching IP or IPX over a dial-on-demand media, calls may be disconnected by the idle timer even though interesting traffic goes through. [CSCdi44938]

Caveats for Releases 11.0(1) through 11.0(2)

This section describes possibly unexpected behavior by Release 11.0(2). Unless otherwise noted, these caveats apply to all 11.0 releases up to and including 11.0(2). For additional caveats applicable to Release 11.0(2), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(3).

AppleTalk

IPTalk clients running Columbia AppleTalk Package cannot start up because a nonstandard NBP packet generated by the client is not forwarded by the system. There is no workaround. [CSCdi39096]

Basic System Services

When performing SNMP queries of a router using the RSP2 board, the router might reset with error message "System restarted by abort." [CSCdi40186]
When using protocol translation for virtual asynchronous connections, the system might restart with the message "System was restarted by error - Illegal Instruction, PC 0x0." [CSCdi40681]
In some configurations with a loopback interface, memory will be consumed by packets erroneously queued to that interface. As packets are queued to the Loopback interface, free memory dwindles until the router crashes because it has no free memory. The only workaround is to delete the loopback interface. [CSCdi41281]
Removing enable secrets using the no enable secret configuration command fails and prints an error when specifying explicit privilege levels. [CSCdi41368]
When DSPU or DLSw+ is configured to accept connections across QLLC/X.25, the router will reload when the second QLLC/X.25 connection becomes active. [CSCdi41826]
Memory might become corrupted when servicing MacIP ATP packets, which results in a system reload. [CSCdi41076]

IBM Connectivity

With SRB configured (local only), the router occasionally appends random data to the end of LLC2 RR frames being bridged through the router. Some LLC2 devices will reject these padded frames, causing sessions to be lost. [CSCdi38486]
The local and remote ring numbers can now be between 1 and 4095. Before they were only allowed to be between 1 and 255. [CSCdi41283]
When DSPU over QLLC is configured, the router might experience loss of memory caused by the fragmentation of a large frame into several smaller frames. The workaround is to ensure that the MAXDATA for both the upstream and downstream links is set at a maximum of 256 bytes. If data lengths are 256 bytes or less, data frames will not require fragmentation by QLLC and memory leak should not occur. [CSCdi41663]
After configuring an LNM PC with a bridge definition that contains the target interface MAC addresses on the router, if a no source-bridge local-ring bridge-number target-ring command is subsequently entered for one of the interfaces previously configured on the LNM PC, and a link bridge command is then entered on the LNM PC, the router will halt with a bus error indication. The only workaround is to ensure that no source-bridge local-ring bridge-number target-ring commands are not executed on the router after defining the target LNM server bridge on the LNM PC. [CSCdi41997]
CMNS will use an incorrect MAC address when trying to open an LLC2 connection to a host running DECnet Phase IV. The workaround is to have the DECnet host open he LLC2 connection to the router. [CSCdi40639]
SRB packets are not bridged to or from the CSNA internal LANs when DLSw+ peers are configured with FST/direct encapsulation. To work around, configure DLSw+ peers for TCP encapsulation. [CSCdi42462]
LLC2 connections cannot be established to CSNA internal LANs configured on the RSP/75xx platforms. [CSCdi42839]

Interfaces and Bridging

VINES ping fails over transparent bridging with the following configurations:
- DEC and IEEE with serial encapsulations HDLC, PPP, FR-EITF, Frame Relay

: There are no failures with SMDS or X25. [CSCdi37994]

Transparent bridging can generate report giants coming off an ATM interface. This occurs when routers are configured with non-HDLC encapsulation on the serial links, or when priority queuing is configured. The workaround is to configure the serial interfaces for HDLC or to not force process-level transparent bridging. [CSCdi40560]
If ATM or Frame Relay is used in a transparent bridging environment, DECnet and CLNS packets are not flooded correctly. There is no workaround. [CSCdi40861]

IP Routing Protocols

If PIM sparse-mode is enabled on an Ethernet interface, all incoming IS-to-IS packets on that interface are lost (not received). The workaround is to disable PIM sparse-mode on the interface. [CSCdi40951]
OSPF it is not able to flood huge router LSA (bigger than 1456 bytes) correctly. The huge router LSA is generated when there are more than a hundred OSPF interfaces or there are more than a hundred secondary addresses defined on the OSPF interfaces. This can cause the router to crash. Note that the fix for this requires that all routers in the OSPF area that need to process huge LSA must be upgraded with the Cisco IOS version containing the fix; routers running older versions could crash upon receiving the huge LSA. [CSCdi41883]
Configuring IPX on the router when the router is low in memory can cause the command shell to be stopped. [CSCdi42363]
The ipx routing command does not enable IPX RIP protocol if no ipx routing has been configured. The workaround is to not configure no ipx routing. [CSCdi42953]
Enhanced EIGRP displays incorrect redistributed routes in the topology table. [CSCdi40200]

Novell IPX, XNS, and Apollo Domain

When a floating static route is defined, the same route learned via NLSP does not override the user-defined floating static route. [CSCdi41138]
When a learned route entry goes away on an interface that is also used as the IPX default route path, and a routed packet to the previously learned network is sent over this interface while the learned network is in hold down, a system restart might occur. [CSCdi41272]
Configuring IPX on the router when the router is low in memory can cause the command shell to be stopped. [CSCdi42363]
The ipx routing command does not enable IPX RIP protocol if no ipx routing has been configured. The workaround is to not configure no ipx routing. [CSCdi42953]

Protocol Translation

Terminating a PAD-virtual asynchronous connection immediately after initiating it can cause the router to reload. [CSCdi39675]
There is no longer a strict limitation on the number of Protocol Translation sessions; instead the number of Protocol Translation sessions is now determined by the values in Table 6. The maximum number of protocol translation sessions can be increased to the following values depending on the platform type and whether the Protocol Translation option is included in the software.

**Table 6: Protocol Translation Sessions**
Platform	Default (VTYs)	Max lines (with PT Option)	Max VTY lines (with PT Option)
c4500	5	1002	1000
c4700	5	1002	1000
c7000-RSP	5	1002	1000
c4000	5	200	198
c3000	5	200	198
c2500 (8 ports)	5	200	190
c2500 (16 ports)	5	200	182
c7000	5	120	118
ags (no ports)	5	120	118
ags (ASM 96 ports)	5	120	22
ags (ASM 112 ports)	5	120	6
cs500 (8 ports)	5	30	21
cs500 (16 ports)	5	30	13
c1000 running IOS	5	6	5
irix	5	7	N/A
UNIX SunOS & solaris	5	7	N/A

Increasing the number of VTY lines is invalid unless the Protocol Translation option is included in the software.

MAXLINES = MaxVTYs + (TTYs + AUX + CON lines)

To increase the number of protocol translation sessions, use the line vty number configuration command. The argument number is the VTY line number and can be a value from 0 to the maximum number of supported VTY lines. The default is 5 lines. To decrease the number of protocol translation sessions, use the no form of this command. [CSCdi40294]

TCP/IP Host-Mode Services

UDP checksum is set to zero instead of being recalculated when a BOOTP reply from a server (with a correct UDP checksum) is forwarded to the client. This causes certain BOOTP client implementations to incorrectly ignore the BOOTP reply. [CSCdi38285]
An access server can accept a new reverse TCP connection while in the HANGUP state for the previous connection. This causes the new connection to close shortly after being established. This happens with the modem cts-required command configured. [CSCdi39085]

VINES

Under heavy loads, the VINES Router system process might not run frequently enough for proper VINES operation. Symptoms include a high amount of route and neighbor flappage. Reducing the load on the router can help alleviate the problem. [CSCdi41922]

Wide-Area Networking

When using DTR dialing and PPP encapsulation, DTR does not stay "low" after the call is disconnected. [CSCdi39576]
Routers with an ISDN BRI interface might not properly answer incoming calls. This might occur if a clear interface bri x command is entered while calls are established or if the ISDN tei flag is configured for first-call. The incoming call will be accepted, but the Layer 3 CONNECT message will not be sent to the network. [CSCdi39627]
The first CMNS connection directed to an Ethernet CMNS host fails if the LLC2 session between the Cisco router and the CMNS host has not been opened by a previous connection attempt. [CSCdi39783]
In rare circumstances, an SDLLC connection failure causes the router to reload. [CSCdi39832]
X.25 and LAPB encapsulations do not operate correctly. [CSCdi40746]
A CMNS call directed to an X.25 destination interface that is down causes a bus error. [CSCdi40830]
A router configured with X.25 on a serial interface might reset unexpectedly with the message "Exception: Illegal Instruction." All router platforms that have X.25 functionality are susceptible to this problem. This defect is not present in Release 11.0(1). [CSCdi40956]
On an asynchronous (including VTY) interface configured as part of a Dialer group for PPP:
- BOOTP fails
- An IP address entered with a PPP command will be lost during IPCP negotiation

On a PPP interface (asynchronous, VTY, synchronous, ISDN):

IP Address Pooling loses addresses
IPCP does not negotiate the correct IP address

On a VTY interface:

Default is not a valid parameter to "ppp" or "slip" on the first command [CSCdi40958]

Cisco 2509 through Cisco2512 devices' asynchronous lines stop accepting input under certain conditions. One of these conditions occurs when a user connected to a LAT host types a Control-C character. A clear line x or a change to the line parameters causes the line to start accepting input again. [CSCdi40994]
After X.25 is configured on an interface, that interface does not work correctly with any other serial protocol. The router must be rebooted before another serial protocol can be used. [CSCdi41491]
Forcing a reload of the router, when forwarding an X.25 call, might not work. [CSCdi42195]

Caveats for Release 11.0(1)

This section describes possibly unexpected behavior by Release 11.0(1). For additional caveats applicable to Release 11.0(1), see the caveats sections for newer 11.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 11.0(2).

AppleTalk

The system might halt unexpectedly when the show appletalk route detail command is entered. [CSCdi36007]
When a Macintosh dials in to an asynchronous port on a Cisco 2511 access server using ATCP and tries to print to a device off the Ethernet of the Cisco 2511, the device crashes and gives the message "System restarted by error - Line 1111 Emulator, PC 0xD7A." [CSCdi37588]
IPTalk clients running Columbia AppleTalk Package (CAP) cannot start because a nonstandard Name Binding Protocol (NBP) packet generated by the client is not forwarded by the system. There is no workaround. [CSCdi39096]

Basic System Services

Using point-to-point LAPB compression generates a memory leak. The workaround is to remove the compress predictor command from the configuration. [CSCdi32109]
When using autoselect PPP in conjunction with TACACS+ authorization, the routing table will contain the host route for the default IP address assigned on the asynchronous interface even if TACACS+ and IPCP have assigned a different address to the client. [CSCdi37366]
The IPX SAP process might use more memory than required which in turn can cause a memory leak. This could cause the system to run out of memory. [CSCdi38381]
When using TN3270 emulation, the 3270 datastream WSF command code X'll' isn't handled correctly. After the router receives this command, the keyboard locks. To return to the IBM login screen, reset the keyboard and press an attention key (such as Enter). [CSCdi39265]

EXEC and Configuration Parser

You cannot assign a privilege EXEC level to the command terminal download. [CSCdi38824]

IBM Connectivity

NetBIOS connections occasionally fail to connect through remote SRB when local acknowledgment is enabled. The workaround is to disable local acknowledgment. [CSCdi37525]
LLC2 parameters from the Internet Engineering Task Force are not recognized when entered. [CSCdi37921]
DSPU does not recognize the 2-byte ACTLU Route Switch Processor (RSP) as a valid response and, therefore, does not activate the logical unit. [CSCdi38299]
A problem exists with APPN link activation between a virtual telecommunications access method (VTAM) host running APPN and the Cisco APPN network node function. The symptom is an XID negotiation failure with sense 08090040. This problem only occurs when the Cisco APPN network note has a control point name that is alphabetically higher than the system services control point name of the VTAM. [CSCdi39565]

Interfaces and Bridging

If an asynchronous interface has been configured using the command peer default ip address poolname and the command is re-entered with this or another poolname, an internal failure will occur and the device may unexpectedly restart.

If an asynchronous interface has a configured pool name that needs to be changed, the workaround is to first enter any other variation of the command. For example, peer default ip address pool or no peer default ip address. You can then enter the peer default ip address poolname command.

This sequence should only be used when the pool name of an asynchronous interface needs to be changed. You do not need to do this if a specific peer IP address needs to be configured, if pooling needs to be disabled completely, or if the default selection needs to be set. [CSCdi39470]

IP Routing Protocols

When the EIGRP process receives a hello packet from a neighbor, it tries to send an update packet, but the process of sending an update packet can be suspended by the EIGRP process. When the EIGRP process is scheduled to again send the update packet, the neighbor could be dead; all of the internal data structures for that neighbor could have been erased, which confuses the EIGRP process and results in the generation of a wrong bus address. [CSCdi35257]
In a misconfigured or malfunctioning Token Ring bridging environment, pinging the HSRP virtual IP address can cause the ICMP echo request packets to be massively replicated. [CSCdi38170]
Static routes are not redistributed into EIGRP after a clear ip route * command is entered. A workaround is to kick-start the redistribution process by either removing one static route and reinstalling it, or by removing and reinstalling the redistribute static command under the router eigrp xx command. [CSCdi38766]
Extended IP access lists that use UDP destination ports can have an incorrect configuration generated for them. [CSCdi39192]
Tunnel interfaces configured as generic routing encapsulation tunnels do not pass packets. Additionally, output buffers are consumed and not returned. [CSCdi39816]

Protocol Translation

When using one-step translation without requiring a login, per-user access lists cannot be assigned by extended TACACS for a virtual asynchronous interface. [CSCdi37678]

TCP/IP Host-Mode Services

The router can erroneously drop packets (generating ICMP TTL-expired messages) from serial interfaces when TCP header compression is configured on those interfaces. [CSCdi37637]

TN3270

Terminal emulations for Mod3, Mod4, and Mod5 terminals, part of TN3270 emulation support, do not work as expected. Rather than placing characters in particular fields, all characters wrap the screen lines. [CSCdi38665]
The cursor placement in TN3270 emulation does not behave as expected. When editing fields in a CICS application, the cursor moves to the side of the screen, instead of to the left-most position in the field. [CSCdi38677]

Wide-Area Networking

When encapsulating OSI packets for transmission on a Frame Relay PVC, two copies of the NLPID are put in the header. RFC1490 specifies that the redundant NLPID should be left out. [CSCdi36199]
Connection-Mode Network Service (CMNS) connections cannot be established. [CSCdi38709]
When one end of a Frame Relay link fails, the router or access server at the far end will not resynchronize with the PVC status provided by the Local Management Interface (LMI). [CSCdi39354]
Using STAC compression can result in links not coming up, links going down unexpectedly, router reloads, and decompression size errors. [CSCdi39487]
Frame Relay DLCIs that are deleted using the no frame-relay interface dlci command are not actually deleted from the system. [CSCdi39555]
When using Point-to-Point Protocol (PPP) subinterfaces on a Frame Relay interface, all packet traffic fails because of encapsulation failures--no map is found. This is caused by a mismatch in the map entry routine and the lookup routine. There is no workaround [CSCdi40023].

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

WWW: http://www.cisco.com
WWW: http://www-europe.cisco.com
WWW: http://www-china.cisco.com
Telnet: cco.cisco.com
Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.

Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.

CD-ROM Documentation

Cisco documentation and additional literature are available on a CD-ROM, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. (See previous section for phone numbers.) The CD-ROM is available as a single unit or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-cisco.china.com, or http://www-europe.cisco.com.

Table of Contents

Release Notes for Access and Communication Servers for Cisco IOS Release 11.0