Table of Contents
Important Notes and Caveats for Release 11.3
This section describes important notes and caveats related to Cisco IOS Release 11.3.
This section describes warnings and cautions about using the Cisco IOS Release 11.3 software. It discusses the following topics:
Describes the process used to deliver Cisco IOS Software for the Cisco 6400 Universal Access Concentrator (UAC) for Node Route Processor (NRP).
Refer to http://www.cisco.com/warp/public/cc/cisco/mkt/ios/rel/113/prodlit/870_pp.htm for more information.
If you are upgrading to Cisco IOS Release 11.3 from an earlier Cisco IOS software release, you should save your current configuration file before installing Release 11.3 software on your router.
Refer to Product Bulletin 703, Cisco IOS Software Release Upgrade Paths and Packaging Simplification for more information regarding software upgrades.
CIP microcode is now available as a separate image, unbundled from the Cisco IOS image. CIP microcode (for the CIP or Second-Generation CIP [CIP2] card) resides only in router Flash memory as multiple files. The router loads a "kernel" to the CIP (based upon hardware revision), and the CIP selectively loads and relocates the software it requires from the router's Flash memory. The CIP image is available on preloaded Flash memory cards, on diskette, or via FTP from Cisco. Every version of Cisco IOS Release 11.3 has a corresponding version of CIP microcode. Refer to the Channel Interface Processor (CIP) Microcode Release Note and Microcode Upgrade Requirements publication (Document Number 78-4715-xx) for information about the recommended pairs of Cisco IOS Release 11.3 and CIP microcode.
Consider the following before using Cisco IOS Release 11.3 and CIP microcode:
- If you have a router with Release 11.3 and a Release 11.3 CIP image on a Flash memory card, no action is required. The CIP microcode will load automatically upon booting the router.
- If you have an existing router with Release 11.3 in Flash memory or ROM and a pre-11.1 Flash memory card, either:
- Replace the Flash memory card with a Release 11.3 preloaded Flash memory card, or
- Boot the router with Release 11.3 software (CIP load will fail), then copy the Release 11.3 CIP image to the Flash memory card, and reboot the router.
When the CIP image is copied to an existing Flash memory card, the existing flash copy commands are used, just as before. If a CIP image other than the default for the release is being used, then the microcode cip flash configuration command must be issued.
The show microcode command has been expanded to display the default CIP image name for the Cisco IOS release.
Note The router must already be running Cisco IOS Release 11.3 before performing a copy of the CIP image to Flash memory because the CIP image must be "exploded" from the single image file on the TFTP server to multiple files in Flash memory. This capability was first available in Release 11.1.
There are a number of ways to determine what is loaded on each CIP:
- The CIP MIB has been enhanced to show the segments loaded on each CIP and their version and compilation information.
- The show controller cbus command has been expanded to include segments loaded and their version and compilation information.
Multiple CIP cards of different hardware revisions can run in the same router.
To successfully use the HSA feature, you should take note of the following:
- The HSA feature available on the Cisco 7500 series routers requires a ROM monitor upgrade to ROM monitor version 11.1(2), or later.
- For spare RSP2 cards to function with HSA, they must also be upgraded. Spare Flash cards require Release 11.1(4) or higher boot or system images.
- HSA installation requires that both RSP2s have the same amount of DRAM (32 MB minimum each RSP2).
To netboot from Ethernet or Fast Ethernet ports on a VIP card, the system must contain version 11.1 boot ROMs. If the system contains version 11.0 boot ROMs, you can work around this requirement by using the boot bootldr device:filename global configuration command to load a bootstrap image from Flash memory.
This feature supports forwarding of source-route bridged traffic between Token Ring and FDDI interfaces on the Cisco 7000, Cisco 7010, and Cisco 7500 series routers. Previously, the only way to transport SNA and NetBIOS over FDDI was with remote source-route bridging (RSRB), which is either fast switched (direct or Fast-Sequence Transport [FST] encapsulation) or process switched (TCP encapsulation). With SRB over FDDI, traffic can be autonomously switched, greatly improving performance for SRB traffic that uses FDDI as a backbone. This feature eliminates the need for RSRB peer definitions to connect Token Ring networks over the FDDI backbone.
Note SRB over FDDI does not support RSRB traffic forwarded to RSRB peers. Routers that have connections to local Token Ring networks as well as RSRB connections to remote networks cannot use this feature. The workaround is to move the RSRB connections to routers that are not connected to the FDDI backbone.
The Token Ring interface is reset whenever IPX routing is enabled on that interface.
Cisco 7000 series ATM Interface Processor (AIP) cards that support E3, DS3, or Transport Asynchronous Transmitter/Receiver Interface (TAXI) connections and that were shipped after February 22, 1995, require Cisco IOS Release 10.0(9), 10.2(5), 10.3(1), or later.
You must use the Release 9.14 rxboot image for Cisco 4000 routers because the Release 11.0 rxboot image is too large to fit in the ROMs. (Note that rxboot image size is not a problem for Cisco 4500 routers.) However, because the Release 9.14 rxboot image does not recognize new network processor modules, such as the Multiport Basic Rate Interface (MBRI), its use causes two problems:
- You cannot boot from a network server over BRI lines. Instead, you can boot either from a network server over other media or use the copy tftp flash command to copy images over BRI or other media to Flash memory. If you use the copy tftp flash command over a BRI interface, you must be running the full system image.
- If you use the rxboot image on a Cisco 4000 router that is already configured, the following error messages are displayed, with one pair of messages for each BRI interface configured:
Bad interface specification
No interface specified - IP address
Bad interface specification
No interface specified - IP address
Note the following information regarding the LAN Emulation (LANE) feature in Cisco IOS Release 11.3:
- LANE is available for use with Cisco 4500, 4700, 7000, and 7500 series routers connected to either an LS100 or LS1010 switch. LANE requires at least version 3.1(2) of the LS100 software, which requires a CPU upgrade if you are currently running software prior to version 2.5.
- The LS2020 cannot be used for LANE because it does not support UNI 3.0 and point-to-multipoint SVCs.
- Routing of IP, IPX, AppleTalk, DECnet, VINES, and XNS is supported.
- HSRP is supported.
- LANE does not support CLNS or LANE over PVCs.
- AppleTalk Phase 1 cannot be routed to AppleTalk Phase 2 via LANE.
Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.
Certain products containing the Texas Instruments TMS380C26 Token Ring controller do not support SRT. SRT is the concurrent operation of SRB and transparent bridging on the same interface. The affected products, shipped between March 30, 1994, and January 16, 1995, are the Cisco 4000 NP-1R, Cisco 4000 NP-2R, Cisco 2502, Cisco 2504, Cisco 2510, Cisco 2512, Cisco 2513, and Cisco 2515.
Units shipped before March 30, 1994, or after January 16, 1995, are not affected. They use the Texas Instruments TMS380C16 Token Ring controller, which supports SRT.
SRT support is necessary in two situations. In one, Token Ring networks are configured to SRB protocols such as SNA and NetBIOS, and they transparently bridge other protocols, such as IPX. In the other situation, SNA or NetBIOS uses SRB, and Windows NT is configured to use NetBIOS over IP. Certain other configuration alternatives do not require SRT (contact the Technical Assistance Center for more information).
As of Release 10.3(1), SRB in the following Cisco IOS feature sets is no longer supported: IP, IP/IPX, and Desktop. To use SRB, you need one of the following feature sets: IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN. In most non-IBM Token Ring environments, the multiring feature in IP, IP/IPX, and Desktop eliminates the need for IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN.
The Cisco 7000 series previously included the Cisco 7000 and Cisco 7010. These products are not supported in Cisco IOS Release 11.3. The Cisco 7000 series now includes the Cisco 7000 equipped with RSP7000 processor and the Cisco 7010 equipped with RSP7000 processor, which are supported in Cisco IOS Release 11.3. In Release 11.3, all commands supported on the Cisco 7500 series are also supported on the Cisco 7000 series.
The Cisco RSPx series includes the Cisco 7000 equipped with RSP7000 processor, the Cisco 7010 equipped with RSP7000 processor, and the Cisco 7500 series routers.
Prior to Cisco IOS Release 11.1(13) and 11.2(8), the atm multipoint-signaling command was used on the main interface and affected all subinterfaces. For Release 11.1(13), 11.2(8), and later releases (including Release 11.3), explicit configuration on each subinterface is required to obtain the same functionality. Refer to bug CSCdj20944, which is described as follows:
- The atm multipoint-signaling interface command is currently only available on the main ATM interface. The effect is that signaling behavior (point-to-point or point-to-multipoint) for all clients on all subinterfaces is determined by the command on the main interface.
- Clients on different subinterfaces can have different behavior. Specifically 1577 requires point-to-point, and PIM allows point-to-multipoint. The command should be on a per subinterface basis.
- Users will have to enable the atm multipoint-signaling command on all subinterfaces that require it. Previously, they only needed to enable it on the main interface.
Due to a production problem, many source-route bridging commands were omitted from the printed version of the Cisco IOS Software Command Summary (78-4746-01). For complete documentation of all source-route bridging commands refer to the Bridging and IBM Networking Command Reference (78-4743-01). You may also obtain the most current documentation on the Documentation CD-ROM or Cisco Connection Online (CCO).
A new authorization feature was added in Release 11.3(1) that allows for separate configuration and authorization of Multilink PPP. This can cause MLP authorization to fail in TACACS+ servers that do not include the relevant authorization permissions in the configuration.
For TACACS+, the following attribute-value (AV) pair should be added for all users who are allowed to negotiate Multilink PPP:
service = ppp protocol = multilink {
Cisco is conducting an internal review of the build and distribution processes associated with its Cisco IOS 40-bit cryptographic products. So that we may provide you with seamless access to Cisco IOS 40-bit encryption capability, Cisco will provide access to the most current 40-bit encryption images, beginning with Releases 11.2(12), 11.2(12)P, and 11.3(2). The following 40-bit encryption images will be indefinitely unavailable: Releases 11.2(1) to 11.2(11.2), 11.2(2)P to 11.2(11.1)P, 11.2(1)F to 11.2(4)F, and 11.3(1).
This review is not related to any new or previously unreported bugs. The information gathered in the review will be used to implement new automated development and order processing applications.
The Cisco 7500 products in Cisco IOS Release 11.3(2) were deferred due to a severe defect. It was determined that this caveat was significant enough to merit a software rebuild. The rebuild includes the caveat fix and is renumbered to 11.3(2a).
The defect is bug CSCdj52309 and is described as follows:
- A catastrophic problem has been identified that affects all Cisco 7500 and Catalyst 5000 RSM users. The problem occurs when using packet tunneling in combination with certain timing conditions, packet sizes, and buffer-usages. Affected images are being deferred and special images are being built.
- Tunneling is being used as an abbreviation in this context to refer to a specific fast-switch to process-level code path traversed by translational bridging (TLB), source-route bridging (SRB), remote source-route bridging (RSRB), and data link switching (DLSw).
- When the packet tunneling logic on RSP or RSM-equipped systems causes datagrams to be copied from SRAM to DRAM, an arithmetic error results in more bytes being copied than is remembered for cleanup processing. Reuses of the tunneling logic, in certain rare combinations of timing, packet-sizes, and buffer-usages, may result in those unaccounted bytes causing several anomalous system behaviors including packet errors.
- This software defect is exposed to all RSP and RSM images in Cisco IOS Releases 11.2, 11.2 P, 11.2 BC, 11.3, and 11.3 T.
- Solution: To eliminate the problems mentioned in the preceding section, we strongly recommend that you download and install one of the following Cisco IOS software release updates: 11.2(12a), 11.2(12a)P, 11.3(2a), or 11.3(2a)T.
- Workarounds: There are two possible workarounds. CSCdj33812 provides a configuration command to avoid the software defect. This workaround is available in Cisco IOS Releases 11.2(11.5), 11.2(11.5)P, 11.2(11.5)BC, 11.3(2.1), and 11.3(2.1)T. If you are using an earlier release, use the second workaround.
Note The two workarounds will drop performance down to process switching levels.
- CSCdj33812 incorporated a configurable command that will be stored in NVRAM.
- Configure with the memory cache-policy io uncached command to workaround CSCdj52309. To determine what memory cache policies are currently configured on your router, use the show rsp command.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#memory cache-policy io uncached
Router(config)#end
Router#show rsp
Throttle count 0, DCL timer count 0
active 0, configured 1
netint usec 4000, netint mask usec 200
DCL spurious 0
Caching Strategies:
Processor private memory: write-back
Kernel memory view: uncached
IO (packet) memory: uncached
Buffer header memory: uncached
- To restore the MEMD caching policy to the original write-through policy, issue the memory cache-policy io write-through command.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#memory cache-policy io write-through
Router(config)#end
Router#show rsp
Throttle count 0, DCL timer count 0
active 0, configured 1
netint usec 4000, netint mask usec 200
DCL spurious 0
Caching Strategies:
Processor private memory: write-back
Kernel memory view: write-back
IO (packet) memory: write-through
Buffer header memory: uncached
- If operating with images that do not have the CSCdj33812 support, use the test rsp cache memd-fastswitch uncache command.
- The above command will need to be entered after every reload.
- Other considerations: Cisco IOS Releases 10.3, 11.0, and 11.1 Major and ED releases are not exposed to CSCdj52309. Though these releases share the same arithmetic problem, the tunneling software is different, and there is no known or predicted combination of timing, packet-sizes, and buffer-usages that results in the same or different anomalous behaviors associated with Cisco IOS Releases 11.2, 11.2 P, 11.2 BC, 11.3 and 11.3 T. Cisco is using CSCdj52309 to repair the arithmetic problem in Releases 10.3, 11.0, and 11.1; however, no special images are being created because the anomalous behaviors are not present in those releases. [CSCdj52309]
Release 11.3(2a) and all subsequent releases of Cisco IOS Release 11.3 software include the fix for this caveat.
AppleTalk support was added for Token Ring emulated LANs in Cisco IOS Releases 11.3(2.1) and 11.3(2.1)T. Later 11.3 and 11.3 T releases (including 11.3(3) and 11.3(3)T) support AppleTalk TR-LANE. This support includes AppleTalk fastswitched routing, AppleTalk fastswitched source-route bridging, and AppleTalk with multiring. Releases prior to Releases 11.3(2.1) and 11.3(2.1)T (including 11.3(2) and 11.3(2)T) do not support AppleTalk TR-LANE.
The Cisco 7500 RSP2 and RSP4 products in Cisco IOS Releases 11.3(1) through 11.3(3) were deferred due to a severe defect. It was determined that this caveat was significant enough to merit a software rebuild. The rebuild includes the caveat fix and is renumbered to 11.3(3a).
The defect is bug CSCdk01707 and is described as follows:
- When the system gets an Error interrupt, a 4-byte IOS data area will get accidentally overwritten. Because of this, the system might reload with a "Bus Error Exception" message. The error interrupt may be caused by events like an HSA Slave state transition on HSA systems, fatal system errors (like a parity error), or non-fatal errors (like a QAERROR with Null/reuse link error).
- Software Releases affected: This caveat affects all systems configured with dual RSPs (HSA feature). All "v" images for the following Cisco IOS Releases have been deferred: 11.1(18.1)CA through 11.1(18.2)CA, 11.1(16.3)CC through 11.1(17.4)CC, 11.1(17)CT, 11.2(12.3)P through 11.2(13.4)P, 11.3(1) through 11.3(3), and 11.3(1)T through 11.3(3)T.
- Solution: To eliminate the problems mentioned, we strongly recommend that you download and install one of the following Cisco IOS software release updates: 11.1(18)CA, 11.1(18)CC, 11.1(18)CT, 11.2(14)P, 11.3(3a), and 11.3(3a)T.
- [CSCdk01707]
CSCdk08772 is a duplicate of CSCdk01707 and is described as follows:
- Dual RSPs in a High System Availability (HSA) configuration in a Cisco 7500 router will crash and reload in cycles during bootup when using the RSP-DSV Desktop/Plus/VIP image for versions later than 11.2(12a)P. [CSCdk08772]
CSCdk01707 was caused by CSCdj36366, which is described as follows:
- On RSP-based platforms, the message that reports a write bus error may report an incorrect value for the address of the bad access. [CSCdj36366]
Release 11.3(3a) and all subsequent releases of Cisco IOS Release 11.3 software include the fix for this caveat.
End of Engineering (EOE) means there are no more regularly scheduled maintenance releases. The last maintenance release scheduled on the EOE date is only available through CCO and Field Service Operations—not through manufacturing.
- Cisco IOS Releases 11.3, 11.3 NA, and 11.3 T are scheduled to reach End of Sales (EOS) status with maintenance Releases 11.3(8), 11.3(8)NA, and 11.3(8)T.
- Releases 11.3, 11.3 NA, and 11.3 T are scheduled to reach EOE with Releases 11.3(11), 11.3(11)NA, and 11.3(11)T.
EOS and EOE releases are subject to change. For the most up-to-date information on the status of EOS or EOE, refer to the End of Sales and End of Engineering for Cisco IOS Software Releases product bulletins located on CCO.
Ongoing support for functionality in Releases 11.3, 11.3 NA, and 11.3 T is available in Cisco IOS Release 12.0(3)T and later maintenance releases of Cisco IOS Release 12.0.
On CCO, click on this path:
Service & Support: Product Bulletins: Software
Under Cisco IOS 11.3, click on End of Sales and End of Engineering for Cisco IOS Software Releases 11.3 and 11.3 T (#847: 12/98) or Cisco IOS Software 11.3 NA EOS and EOE (#849:12/98)
This section describes possibly unexpected behavior by Release 11.3(11). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(11).
- Cable length options are missing for T1 lines on Cisco AS5200 access servers. The options exist for Cisco AS5300 access servers in Cisco IOS Releases 11.2 and 11.3.
- Cisco should remove conditional compile and provide similar functionality.
- When hardware compression is enabled, packets are normally fast switched. If the user turns fast switching off and then back on, fast switching remains disabled.
- Workaround is to reconfigure compression by using the no compress and then the compress stac commands.
- When configured for SDLC, serial ports on a Cisco MC3810 may report input abort errors when the clock rate is greater than 38,400 bps. These errors do not affect performance; they are not typically input aborts. This problem does not result in retransmitted frames, and there is no performance impact.
- All router interfaces are reset, with their states changing from up to down and then back to up again. The cause for the restart is:
System restarted by error - an arithmetic exception, PC 0x6016B6E0
- When doing FRF.9 compression with the CSA, it may be impossible to compress packets with certain repetitive patterns. The CSA can decompress these same packets.
- A router running Cisco IOS Release 11.3(8) may experience a software forced crash caused by memory corruption.
- A Cisco 3600 series router running Cisco IOS Release 11.3 T may restart with either the following bus error or a software forced crash when running BSTUN. There is no workaround is available.
System restarted by error - a Software forced crash, PC 0x601C4398
System image file is "flash:c3640-is-mz.113-4", booted via flash
- Some Cisco 4500 and 4700 series routers with a 2-Port Token Ring Network Processor Module (NP-2R) hang once a week displaying a "%SYS-2-INPUTQ: INPUTQ set, but no IDB" message. All revision levels of the motherboard are affected.
- An APPN Network Node (NN) router has consumed 40 MB for the APPN process.
- A BSTUN router running Cisco IOS Release 11.3(10) hangs and crashes. No workaround is available.
- When configuring for FRAS BAN with DDR backup, the backup is only driven if the primary interface goes to the down/down state. If the DLCI is lost, the interface goes to the up/down state and the backup is not driven.
- This problem concerns a Cisco 4700 series router defined as APPN NN with an APPN link across Frame Relay RFC 1490 to an IBM NN950 configured as a NN. Occasionally, when the DLCI fails, the APPN link is not restarted, even though the router is configured to retry infinitely.
- No SNA traffic passes between a server and a Cisco Network Node router because the Network Node was using DLSw flow control to disallow the sending of further SNA traffic by the server.
- A Cisco 7500 series router running Cisco IOS Release 11.3(7) does not crash but the Fast Ethernet interface goes down with the following message.
%SYS-2-QCOUNT: Bad dequeue 611E3EBC count -1 -Process= "<interrupt
level>", ipl= 6
6d18h: %ALIGN-3-SPURIOUS:
Spurious memory access made at 0x601A35D8 reading 0x1C 6d18h
Interface FastEthernet12/1, changed state to down
Line protocol on Interface FastEthernet12/0,changed state to up
- The only way to bring the router up is to reload it.
- Possible workaround: Disable weighted fair-queue.
- A Cisco router running BSC/BSTUN on a PowerQUICC serial interface at half-duplex causes bad queue error messages.
- Workarounds:
- Configure the interface for full-duplex operation by using the full-duplex command.
- If half-duplex operation is required, disable the RTS timer for the interface by using the half-duplex timer rts-timeout 0 command.
- When a router is configured for FRF.9 compression, input packets are counted twice: once in compressed format and again in uncompressed format.
- For every received packet the "input pkts" and the "in bytes" fields (in output from the show frame pvc command) are invalid.
- Workaround: Disable FRF.9 compression by using the no frame-relay ip ip-address command.
- The new ip spd mode aggressive configuration command is available. When configured, all IP packets that fail sanity check (such as "bad checksum not version 4" and "bad TTL") are dropped aggressively to guard against bad IP packets spoofing. The show ip spd command displays whether aggressive mode is enabled or not. SPD random drop in RSP is supported.
- When enabled, Selective Packet Discard (SPD) now works as follows:
- When the ip spd mode aggressive command is issued, IP packets that fail sanity checks are classified as aggressive droppable packets.
- When the IP input queue reaches the SPD min-threshold (specified by the ip spd queue min-threshold min command), all aggressive droppable packets are dropped immediately while normal IP packets (not high-priority SPD packets) are dropped with increasing probability as the length of the IP input queue grows.
- When the IP input queue reaches the SPD max-threshold (specified by the ip spd queue max-threshold max command), all normal IP packets are dropped at 100 percent.
- The default SPD min-threshold is 10, and the default max-threshold is 75.
- To avoid an input interface that takes too many router resources, new packets (SPD or non-SPD) received from that interface are dropped when the interface has more than the input hold queue limit of input packets in the router.
- EIGRP does not trigger the selection of a new route when one of the less favorable or equal paths is removed from the routing table. The route disappears but no new route is selected from the topology table.
- IP access lists always permit IP fragments.
- There is no workaround for this problem.
- Using the show ip igmp group command may cause a bus error reload if an IGMP entry is deleted during the execution of the show ip igmp group command.
- There is no workaround.
- A BRI leased line interface on a Cisco 3600 series router that has been configured for XNS may not transfer data.
- Workaround: Clear the interface or reload the router following the configuration change.
- When you have two simultaneous accesses to NVRAM (for example, one access from the console and another access from a Telnet session), one session might attempt to issue the show configuration command and might pause at the More prompt while the other session issues the write memory command. This problem is unlikely during normal router usage. There is no workaround.
- While waiting for a crypto key exchange session with a Telnet session into the router, the user cannot abort the crypto key exchange session.
- Workaround: Use the show tcp bri and clear tcp tcb commands in the following manner:
router(config)#crypto key-ex passive
Enter escape character to abort if connection does not complete.
Wait for connection from peer[confirm]
Waiting ....
telnet> quit
Connection closed.
janedoe@janedoe-ultra:/users/janedoe> telnet router
Trying 171.21.114.109...
Connected to router.cisco.com.
Escape character is '^]'.
User Access Verification
Password:
router>enable
Password:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#crypto key-ex passive
TCP bind failed: Address already in use
router(config)#exit
router#show tcp bri
TCB Local Address Foreign Address (state)
60C3DF74 router.cisco.com.23 janedoe-ultra.ci.42272 ESTAB
60A23A24 router.cisco.com.23 janedoe-ultra.ci.42271 CLOSEWAIT
router#clear tcp tcb
60A23A24
[confirm]
[OK]
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#crypto key-ex passive
Enter escape character to abort if connection does not complete.
Wait for connection from peer[confirm]n
router(config)#
- When tunneling IPX over an IP tunnel, and when using an extended inbound access list for IP on the tunnel interface, the IPX traffic is blocked by the access list.
- Workaround is to add the permit gre command to the extended access list.
- The Ascend-Idle-Limit attribute is defined as a value in seconds. However, when it is applied to a client using PPP interactive mode, the attribute is interpreted as a value in minutes.
- This attribute works properly in PPP dedicated mode.
- When printing is performed over asynchronous lines using software flow control, large numbers of overruns occur.
- When you perform an encrypted Kerberized Telnet to a Cisco 7500 series router, the initial setup works properly, but nonsense output results when the decryption of packets from the router occurs on the client side. There is no workaround.
- Cisco encryption crashes the router when it is used over an ISDN backup line.
- Using the clear vpdn tunnel command for a tunnel using L2F protocol sends individual close packets for all L2F sessions (Mids), rather than a single close packet for the tunnel itself. This results in congestion on the WAN interfaces on the requesting peer. Simultaneously, the receiving peer is not able to keep up with the flood of multiple L2F close packets—resulting in dropped packets, interface throttle, and the remaining Mids taking a long time to idle out and eventually close.
- A Cisco 2600 series router with an E1 balanced network module may inadvertently reload. There is no workaround.
- Under heavy uses of L2F VPDN configurations on Cisco access servers, some virtual-access interfaces do not have a corresponding MID (L2F session) entry.
- Turning on the debug vpdn l2x-error command shows messages similar to the these:
*Dec 9 20:37:59.421: Vi291 L2X: Discarding packet because of no mid/session *Dec 9 20:37:59.421: Vi419 L2X: Discarding packet because of no mid/session *Dec 9 20:37:59.421: Vi169 L2X: Discarding packet because of no mid/session *Dec 9 20:37:59.421: Vi36 L2X: Discarding packet because of no mid/session
- Other problems also may cause these messages.
- When a hub-and-spoke frame relay configuration is run and the hub router is set as a multipoint interface, DHCP requests fail.
- Workaround: Configure both the hub and the spoke to use point-to-point subinterfaces.
- A Cisco 3640 router with BRI interfaces locks up every two weeks. Approximately six hours prior to lockup, ISDN dial-in users notice a significant slowdown in transfer rates. When the router locks up, it continuously displays the message below.
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=0, count=0 -Traceback= 601AA500 600B55C8 600B9F64
- At this point, the router does not respond to console or Telnet input. Even though the indicator LEDs show steady traffic, the router also does not route any packets. The router must be reloaded to recover.
- There is no workaround.
- Spurious accesses and router hangs can occur when using fair queuing.
- SNA packets are dropped and not forwarded over a 64 KB leased line with HDLC encapsulation. There is no workaround.
- A Cisco 3640 router is unable to use E&M ports and displays the following message "error C542-1 to big rxx port 1/1/1 pkt (size 41318) to big."
- A Bus error occurs during the scheduler process.
- TCP to X.25 PVC translation does not work.
- Two Cisco 4500 series routers connected using back-to-back E1 controllers are running PPP. When an FAS alarm is generated, PPP reliable does not reconnect. When an AIS alarm is generated, PPP reliable reconnects.
- This problem only affects the PPP reliable protocol. No other protocols, such as HDLC, are affected.
- No packets can be forwarded over synchronous DDR lines with X.25/X.25-IETF encapsulation. There is no workaround.
- A router with over 180 DLCIs can not boot properly because of excessive console log messages related to the startup of Frame Relay PVCs.
- Some protocol translation configurations produce "%ALIGN-3-SPURIOUS: ..." messages, usually when a PPP over LAT session is terminated ungracefully.
- The input queue of an ATM interface on a Cisco 7200 series router slowly fills with Novell packets. These packets are visible in the output of the show buffer old packet command. It can take days for the input queue to completely fill up and prevent input of any packets on that interface.
- Workaround: Monitor the router and reload it before the input queue gets wedged (as indicated by 76/75 in the output of the show interface command). Increasing the size of the input queue can delay the wedge.
- When using X.25 encapsulation, the serial interface input queue shows a negative value.
- When an X.25 host sends a "set parameters" packet assembler/disassembler (PAD) message followed by several octets for X.3 parameters (1 through 18) to a Cisco router acting as a PAD, the parameter setting "6=1" is improperly rejected by the router.
- Parameter 6 is control of PAD service signals. Value 1 is PAD service signals are transmitted in the standard format.
- Workaround: Locally preset parameter 6 to value 1 before making the call to the X.25 host. Then the Cisco router acting as a PAD will accept the X.3 parameters coming from the X.25 host.
- A Cisco 2500 series router's async line may hang when a PAD call is not cleared correctly. Clearing the line does not solve the problem. This has been observed in Cisco IOS Release 11.3(6). Restarting the router is the only workaround.
- A Cisco 3600 series router with a WIC-1T serial interface experiences instability when Adtran TSU 100 or TSU 600 devices are attached. Customers have seen slowness and retransmissions of packets or flapping of the leased line.
- When configuring PPP multilink on a router running Cisco IOS Release 11.3(7)T, the different B channels on an E1 will hang. When running Release 11.3(8)T, the problem seems to be limited to one B channel. When PPP multilink is not used the problem does not appear.
- A Cisco 7200 series router crashed due to memory corruption caused by large numbers of protocol translations.
- Adding the dialer isdn short-hold command to the map-class dialer to optimize ISDN costs based on AOC-D messages breaks the dialer idle-timeout. This means that:
- 1) The idle timer resets to 4294966 seconds when expiring and does not disconnect the ISDN call
2) The short-hold timer gets incremented on receipt of an AOC-D message and never disconnects an ISDN call either.
- Workaround: Remove the dialer isdn short-hold command from the map-class dialer configuration.
- On a BRI that is used for backup of a serial interface, when standby time arrives, a disconnect on q931 is never sent. The ISDN switch needs to declare remote TE out of order.
- A router intermittently displays the "%TCP-2-INVALIDTCPENCAPS" message.
- Although BRI is used as backup and the dialer interface is in stanby, the router will make an ISDN call.
- This call should never occur because the leased line is up and no backup is needed.
- Both rotary groups and dialer profiles result in the same problem.
- After reloading a router, the ATM interfaces will assume the default UNI value (3.0) instead of the actual configuration.
- Workaround: Reset the interface using the shutdown and no shutdown commands.
- When doing TCP to X.25 translation, the router does not negotiate X.3 parameters with the PAD, and the whole session drops after a couple of seconds.
- ATCP (appletalk) negotiation over asynchronous PPP fails. There is no workaround. Cisco IOS Releases 11.2(19)P and 11.1(24) exibit the same problem.
This section describes possibly unexpected behavior by Release 11.3(10). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(10). For additional caveats applicable to Release 11.3(10), see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.3(11).
- Certain Internetwork Status Monitor (ISM) NetView users can issue non-enable mode commands without router authentication. Users accessing the router through NetView must be authenticated through NetView's security methods, which may include RACF and SAF. Mainframe users can be restricted from issuing any router commands through the restriction of the RUNCMD within NetView. Users issuing enable mode commands must be authorized to issue this level of command through ISM, and must here possess the ENABLE mode password. If the router is controlled by TACACS+, the ISM user must have a TACACS+ user ID and password to issue enable level commands.
- The show user command has been modified so that the user field is filled up by the host name.
- The no-enable and high-security keywords have been added to the sna host and dspu host commands. These keywords must be configured with focalpoint and are defined as follows:
- no-enable: Does not allow enable commands from the host.
- high-security: Allows the following commands in user EXEC mode. (Privileged EXEC mode is not affected by this option.) All these commands have to be entered in full or they will not be allowed. (For example, sh ver is not allowed as an abbreviation for the show version command.)
- A Cisco 7200 series router with an encryption card (ESA) reloads periodically. No workaround is available.
- On a Cisco 7200 series routers running Cisco IOS Release 11.3(7)T, the EnvMonTemperature trap value sent for the temperature sensor at chassis outlet 3 is incorrect.
- A Cisco 7500 series router can erroneously detect output stuck conditions, which causes interfaces to reset or perform cBus restarts and all IPs on the router to reset.
- When DECnet accounting is implemented, the router may crash, depending on the number of connections.
- During configuration of DEC net on a router, it is possible to specify an address translation gateway (ATG) network number in the range 0 to 3. If the atg-network-number argument is specified incorrectly while configuring an interface, the router will reload.
- Workaround: Ensure that the atg-network-number argument specified when enabling an interface matches that specified when DECnet routing is enabled globally, for example:
- decnet 1 routing 2.3 interface ethernet 0/0 decnet 1 cost 5
- A router crashes when using the username command under the following conditions:
- If you enter a long username, type a shortened form of the password keyword, and then press the Tab key to complete the password keyword, the router will crash.
- A Cisco 7206 router running Cisco IOS Release 11.3(9)T configured for DLSw priority peers may crash with a bus error. There is no workaround.
- Console message flooding may occur when an XID3 loop occurs with APPN in the router. The following messages are repeated for each iteration of the loop:
%APPN-3-logcsCS_XXXXIP11_LOGMSG_01: CS - Sending Alert to MS, sense_code = 83E0001, proc_name = XXXXIP32, port_name = HMAC04, ls_name = @LS00289
%APPN-3-logcsCS_XXXXIP11_LOGMSG_03: CS - Associated outbound XID data in alert (length >= 29):
%APPN-3-Error: 327307700000000000F7C1000000008000010B510005000000000007000E11F4C4C5C2E5D4E4F0F04BD5D5C3C9D7F0F110380037110C0804F1F2F0F0F0F00908F0F0F0F0F0F0F01406C3C9E2C3D640C1D7D7D540D5D561C4D3E4D90F0FC3C9E2C3D640C1D7D7D540D5D52207000000083E0001 %APPN-3-logcsCS_XXXXIP11_LOGMSG_05: CS - Associated inbound XID data in alert (length >= 29):
%APPN-3-Error: 326705D56F010000B00810000000000000010B410005B800000000070010370023110C0804F0F3F0F0F0F00F06D4E240E2D5C140E2C5D9E5C5D90908F0F0F0F0F0F0F0131103100010F0F0F0F0F0F0F0F0F0F0F0F0F00E0FF4C4C5C2E5D4E4F0F04BC3E3F5F6C6
- Workaround: Disable console logging.
- The router crashes with a bus error when executing the show dlsw circuit command and there is a circuit with a local RIF of 18 bytes.
- This is a regression introduced by CSCdk83294.
- DLSw Lite (LLC2 encapsulation) peers leak CLS connect request buffers.
- Workaround: Use a different peer type. This will free an outstanding connect request if additional requests are received while the first is still pending.
- An APPN router may run out of memory because of unnecessary LFSID table expansion for some DLUR links to downstream PU2.0s. This problem can occur after DLUR takeover or if the DLUR-PU had previously received a "dactpu not final use" message from the DLUS.
- In a rare situation, a Cisco router may crash in the TCPD routines or managed timer. There is no workaround.
- When router traffic and thus memory usage is heavy, a router may crash in frf9_preComp().
- Workaround: Disable compression, use a different type of compression, or tune the memory tuning.
- In Cisco IOS Releases 11.3(8.5) to 11.3(10.4), and 11.3(8.5)T through 11.3(10.4)T, all RSM and RSP platforms that use a VIP2/PA-4R IBM2692 adapter will potentially ignore non-RIF Token Ring packets, because the VIP Token Ring driver incorrectly classifies these packets as runts and drops them.
- This is a regression introduced by CSCdk64195.
- An overwrite issue in the BSS area with FDDI modules equipped can cause a router to crash.
- IP access lists fail to block pings on interfaces configured for policy routing with IP route-cache policy enabled.
- ARP to a Cisco 2500 series router running Cisco IOS Release 11.2(17) or 12.0(3.7) fails on the serial interface when bridging is enabled, and the router is reloaded. This problem was seen on the following topology:
- ----Ethernet----Cisco 2500 series router---serial interface---Cisco 2500 series router---Ethernet---
- The workaround is to remove and reenter the IP address on the serial interface.
- Some IP fragments may be incorrectly filtered out by access lists.
- If you are redistributing OSPF routes into any other routing protocol, the redistributed routes do not include NSSA external routes. There is no workaround.
- DNS replies passing from inside to outside by way of NAT are not NAT-translated correctly in many cases. There is no workaround.
- Under certain circumstances, Cisco routers running Cisco IOS Release 11.3(9)T may stop receiving packets on interfaces. This happens when CLNS packets with an N-selector of 0x20 (the DECnet NSP protocol selecter) are received by the router and the decnet conversion command has not been enabled or configured correctly.
- If this happens, the show interface command displays a full input queue and a number of dropped packets (for example: input queue 76/75, 122 drops).
- When the input queue is full and the interface stops receiving packets, the only workaround is to reload the router.
- The NM-1FE-TX fails to autonegotiate properly when connected through an SMF connector.
- Workaround: Manually set the speed to 100 using the following new speed command. By default, the command is configured as speed auto.
- [no] speed {10 | 100 | auto}
- A race condition can occur between the processes that tried to get connection status and dropped packet information from the VIP.
- Workaround: Put in a semaphore to prevent multiple processes from accessing the globals used at the same time.
- Configuring PPP encapsulation on an interface and then making that interface a member of a bridge group causes tracebacks and "fair-queue not initialized properly" messages.
- Workaround: Remove bridging from the interface or turn off fair queueing.
00:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:39: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:39: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
00:06:40: Fair Queue:packet not initialized properly: 0, 0 , 38
00:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
- After a router is reloaded, ESA can not re-establish active crypto connections.
- Workaround: Remove the crypto map, reload the router again, and then re-apply the crypto map.
- A Cisco 3600 series router with a 4T card configured for DTR goes down because the DTR downtime is too short.
- A Cisco 7500 series router running virtual profiles continually resets the ciscoBus (cBus).
- The first message is "%RSP-3-RESTART: interface Serial4/0:1, output stuck." shortly before the cBus resets. To see more detailed information, use the debug cbus command.
- This BUS resetting also causes all attached controllers to loose connectivity. Then, the only way to access the device is through the console port.
- On a router running Cisco IOS Release 11.3(9.2), you cannot change the MTU size of a tunnel interface. CSCdk15279 permitted this ability to exceed the MTU size of the physical interface, which is 24.
- Workarounds:
- Use Cisco IOS Release between 11.3(5.1)T and 11.3(9.3) or 12.0(0.16) and 12.0(4.2) (after CSCdk15279 but before CSCdm06422).
- Configure the ip mtu command on the tunnel interface before configuring the tunnel destination command. If the tunnel destination command is already configured, then unconfigure it, configure the ip mtu command, wait five seconds, and then reconfigure the tunnel destination command.
- Once this workaround is issued, there should be no problems in the event of a router reboot because the ip mtu command is parsed before the tunnel destination.
- If a router running CET encryption has many connection setup attempts happening at once, some may time out prematurely. Also, some connection setup attempts may not set up properly.
- Routers running IPX and EIGRP on Cisco IOS Release 11.2 or greater can experience crashes when there is a high frequency of interface up/down transitions, especially with dial-up interfaces.
- Workaround: Disable IPX EIGRP.
- Cisco 2500 series and Cisco 4000 series routers (68000-based routers) might reload a few minutes after VINES Sequenced Routing Update Protocol (SRTP) is configured.
- Workaround: Do not use VINES SRTP. If it is enabled, disable it by issuing the no vines srtp-enabled command.
- DDR with the dialer dtr command does not reset DTR to a down state after an unsuccessful call attempt. (Unsuccessful in this case means that DDR is triggered, DTR is raised, but the modem/TA attached to the serial port never connects so that DCD does not come up.)
- This can be verified by using the show dialer command to ensure that the dialer state is idle, and using the show interface serial interface command to check the state of DTR.
- This problem does not occur in Cisco IOS Release 11.1.
- When a router is functioning as an X.28 PAD, it should send an X-on to the DTE as soon as it enters the data transfer mode if parameter 5 is set to 1. The pad does not.
- All platforms running MLP may potentially encounter a transient error condition where no links are assigned to a multilink bundle.
- ISDN looses packets and headers when:
- 1) Switch type is PRI_4ESS or PRI_5ESS
2) A connect request is sent by the router
3) The switch does not respond to a connect within T313.
- This causes the connect to be retransmitted, and that packet and header memory to not be released.
- STAC compression LZS DCP becomes stuck in an R-Req loop.
- This problem is seen with Cisco IOS Release 11.1 or 11.2 hardware compression/RSP on one end and Cisco IOS Release 11.3 or 12.0 software compression on the other.
- Workaround: If you are using a Cisco 7500 series router, disable compression. If you are using a non-RSP router, you could also use software compression (instead of hardware compression) on both sides.
- There still may be some problems with 11.1/11.2 hardware compression or RSP interfacing to 11.3/12.0 hardware compression or RSP (see CSCdm31447).
- When the router is operating as an X.25 switch and forwards an X.25 call containing certain facilities not interpreted by the router, the facility values may be corrupted. This problem is most likely to occur when the call cannot be forwarded immediately (for example, when using X.25-over-TCP) with heavy traffic; the affected facilities include any local facilities and the Charging Information facility.
- A router performing X.25 switching may reload when clearing many calls simultaneously during heavy traffic.
- A customer is deterministically getting a crash (segV) when dialer rotor best is configured and the deb dialer command is used once to traffic trigger a call.
- A Cisco 5200 series router's PRI never sends a UAF response to a telco's switch.
- Reliable PPP can cause an intermittent crash when used with WFQ.
- Workaround: Disable reliable PPP or WFQ.
- A Cisco 4000 series router running Cisco IOS Release 11.3(9)WA4(11.1) crashes when configuring LECS, LES/BUS, and LEC. There is no workaround.
- In a Multi-chassis MLP stack group, when two stack group members cross project MLP link interfaces, one of the stack group members may crash. There is no workaround.
This section describes possibly unexpected behavior by Release 11.3(9). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(9). For additional caveats applicable to Release 11.3(9), see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.3(10).
- Fast switching is broken between 100 Vg-AnyLAN and ATM-Lite.
- A Cisco 1600 series router is not able to receive Ethernet frames at wire speed. This causes the Cisco 1600 Ethernet driver to miss packets. The problem appears when a Windows 95 or Windows NT machine joins more than 60 groups. Its IGMP replies are sent at wire speed, so multicast groups are lost at the Cisco 1600 series router.
- Workaround: Configure static multicast groups.
- The proper buffer size should be determined before clearing out the buffer.
- In certain circumstances, IPX EIGRP topology tables and routing tables do not show entries for routes that appear on other IPX EIGRP neighbors. The affected router does show that the updates are being received when using the debug ipx eigrp command, but the entries are never added to the topology table.
- Initialization of a BRI connected to a Siemens HICOM PABX fails, leaving the Layer 1 Status in ACTIVE_ErrorInd.
- Workaround: Disable CDP on the interface.
- When authorizing with TACACS+ on an IPX dialup, the access IPX list is not accepted during the authorization process.
- Workaround: Downgrade to Cisco IOS Release 11.3(5).
- On a Cisco 1003 router running Cisco IOS Release 12.0(3), the 128K leased-line does not work. After the 128K leased-line is configured and the router is rebooted, the following message is displayed:
ASSERTION FAILED: file "../src-36/quicc_driver_lib.c", line 215
- The 64K leased line worked properly.
- The write network command does not work on a TFTP source interface.
- VIP CE1/TE1 customers may see RSP-3-INVRTN or RSP-3-NORESTART errors, followed by a lot of debug output and a switching complex restart.
- Customers see these problems more often when running images that contain the code changes from CSCdk67709.
- A router crashes when using the username command under the following conditions:
- You enter a long username, type a shortened form of the password keyword, and then press the Tab key to complete the password keyword.
- When QLLC is used as a transport mechanism for SNA traffic, X.25 might get stuck in "Receiver not Ready" (RNR) when the input queue is full.
- Workaround: Increase the capacity of the input queue to 1,000 packets.
- The dlsw icanreach sap command implicitly denies all SAPs that are not listed. When configured on a router, this command should apply this filter on the source SAP (SSAP) for the frames going out to remote peers and on the destination SAP (DSAP, in the remote peer) for the frames going to the peer on which the command is configured.
- Instead, this filter is applied to both SSAP and DSAP in both the DLSw peers.
- Enhance the following APPN locate timeout message to specify the resource being requested and/or the LU requesting the resource.
.Feb 7 061412 EST APPN6SendMsg Timing out 143 locate request(s) oldest request sent to "netid.cpname"
- A DLUR router may reload with the following stacktrace.
RA: 0x6070294C[mu_processor(0x60702630)+0x31c] RA: 0x60702F84[remote_path_control(0x60702e50)+0x134] RA: 0x607044D0[pc_mainline(0x60703d60)+0x770] RA: 0x606FF3B8[xxxpcasm(0x606ff000)+0x3b8]
- A router is sending an info frame with poll bit set and then an RR with the poll bit set. This causes the end station to send a window of info frames twice.
- All features that use SDLC are broken in Cisco IOS Release 12.0(3.5), 11.3(8.5) and 11.3(9). No workaround is available.
- If a router running Cisco IOS Release 11.3 is configured for DLSw with Ethertype 80d5, DLSw does not forward response LLC PDUs.
- Workaround: Hard-code all the SAPs with the following commands:
terrapin(config)#source-bridge enable-80d5
terrapin(config)#source-bridge sap-80d5 05 !response for 04!
- A router running APPN may reload with a SegV exception. The stacktrace is:
0x606C30CC:process_purged_ips(0x606c3060)+0x6c 0x606C3024:hsp04(0x606c2dd0)+0x254 0x606C2DAC:hsp00(0x606c2d80)+0x2c
- If a BIND arrives at a Cisco NN/DLUR, destined for a SLU beneath that DLUR, and the PLU name is not qualified, the BIND is rejected with sense code 0x0835001B. 1B is the offset into the BIND of the PLU name field.
- An APPN router using HPR may only make a single attempt at pathswitch. This results in undesirable session termination when the pathswitch would have been successful on subsequent attempts.
- When using DLSw/QLLC with a PVC configured on a router running Cisco IOS Release 11.3(8), the VMAC generated by QLLC is set to 0000.0000.0000. In the lab environment, the circuit connected properly, but this may not be the case when an access list is implemented.
scarlet#show dls circuits detail
Index local addr(lsap) remote addr(dsap) state uptime
1241514039 0000.0000.0000(04) 4000.3745.0001(04) CONNECTED 00:18:15
PCEP: 60F8330C UCEP: 610E4FE0
Port:Se0 peer 172.17.240.9(2065)
Flow-Control-Tx CW:20, Permitted:38; Rx CW:20, Granted:38; Op: Repeat Congestion: Low(02), Flow Op: Half: 0/0 Reset 0/0
RIF = --no rif--
Total number of circuits connected: 1
scarlet#
fire#show dls circuits detail
Index local addr(lsap) remote addr(dsap) state uptime
2868904142 4000.3745.0001(04) 0000.0000.0000(04) CONNECTED 00:18:11
PCEP: 619F81A8 UCEP: 61A13488
Port:To5/0 peer 172.17.240.45(2065)
Flow-Control-Tx CW:20, Permitted:38; Rx CW:20, Granted:38; Op: Repeat
Congestion: Low(02), Flow Op: Half: 0/0 Reset 0/0
RIF = 06B0.00A1.0640
Total number of circuits connected: 1
fire#
- Workaround: Use the latest Cisco IOS 11.2 Release.
- After the router is reloaded, an APPN TDU occurs on the network. The router incorrectly increments the RSN and resends the TDU when the TDU content has not changed.
- The show appn commands do not work and cause all VTY ports to hang. The APPN process hangs after receiving an invalid request from a client.
- When the router is in this state, no new sessions can be set up.
- Workaround: Existing sessions are not affected, so reloading the router during off hours is the best workaround.
- An APPN/DLUR experiences corruption when the total number of PUs and Us approaches 8,000. This problem is typically preceded by one of the spurious memory accesses listed in the DDTS description. Resulting failures are variable, such as a corrupt CVx'60' on DLUR-DLUS flows, SESSEND failures from DLUR with sense code 0x1014023D, and PUs and LUs becoming stuck in "Stopping" state.
- In a DLSw environment where a large number of unpaced SNA frames (using DPSU with many LUs defined), high CLS congestion can result in a ZWO, and then an RWO without waiting for FCA response. This inappropriate sending of the RWO causes the circuit to hang at Cw:0. The circuit must be cleared to restore communications. The following output from the show dlsw circuits details sap-value command shows this problem.
terrapin#show dlsw circuits detail sap-value
Index local addr(lsap) remote addr(dsap) state
855638203 4034.0935.d100(F4) 4034.1001.0000(04) CONNECTED
PCEP: 22DEAC UCEP: 2417E0
Port:VDLC3935 peer 10.144.128.1(2065)
Flow-Control-Tx CW:21, Permitted:35; Rx CW:0, Granted:13; Op: Incr
Congestion: Low(02), Flow Op: Half: 6/2 Reset 2/0
RIF = --no rif--
- A router crashed with a bus error at PC _lnm_add_entry because its Token Ring interface received a frame that pertains to LNM, and its RIF length is greater than seven hops.
- Workaround: Use the no lnm rem command.
- An APPN router running HPR crashes with the following stack trace:
Enter hex value: 0x7D910C 0x7D910C:__start(0x60008000)+0xa07d110c
Enter hex value: 0x608EFA20 0x608EFA20:Qfind_front(0x608efa10)+0x10
Enter hex value: 0x608342F8 0x608342F8:lrp10(0x608340f8)+0x200
Enter hex value: 0x60832E04 0x60832E04:lrp02d(0x60832d64)+0xa0
Enter hex value: 0x60832750 0x60832750:lrp00(0x60832548)+0x208
Enter hex value: 0x60250D6C 0x60250D6C:r4k_process_dispatch(0x60250d58)+0x 14
Enter hex value: 0x60250D58 0x60250D58:r4k_process_dispatch(0x60250d58)+0x0 Enter hex value:
- Frame Relay traffic-shaping does not work on Frame Relay subinterfaces of a PA-2CE1 channel-group installed on VIP2.
- Workaround: Configure generic traffic shaping on Frame Relay subinterfaces.
- This bug concerns IRB on a Cisco 4500 series router with the two Token Ring interfaces on bridge 1. There is no problem when a PC is on interface 0 (the MAC address is on the bridge table and the 4500 can ping the PC). But when the PC is changed to interface 1, it does not show up on the bridge table and cannot be pinged. There is no workaround.
- Some types of incorrectly formed DNS packets may cause the system to reload.
- A Cisco MC3810 reloads with the following error:
CPU exception: reason = FORCE_CRASH(959fd4)
- This problem is caused by policy route cache entries.
- When configuring an X.25 line as a passive-interface for OSPF, the line may stay in OSPF state down after a line flap, even though the line protocol is up. The OSPF state can be checked in output from the show ip ospf interface command. As a result, this line's network number is not advertised by OSPF. \
- Workaround: Do not make this interface passive for OSPF.
- Selective Packet Discard (SPD) can erroneously discard "hello" packets from some routing protocols, such as OSPF, EIGRP, and HSRP. When a router is processing a lot of other packets at the process level, the lost routing protocol packets can cause route and HSRP flapping. This flapping leads to intermittent data packet loss.
- A large number of NAT entries in the NAT table caused unacceptably high CPU utilization.
- ICMP redirections can overwhelm process switching. The workaround is to either use the clear ip redirect command or reload the router.
- VIP crypto engine does not successfully negotiate a crypto connection with a crypto peer if traffic that needs to be encrypted or decrypted by the VIP is received at initialization time (such as after a reload or an OIR).
- Once the VIP has reinitialized, output from the show crypto connection command shows an ID of 0. However, output from the show crypto map command shows a negative connection ID.
- Workaround: Manually clear this ID by using the clear crypto connection connection-ID vip-slot-number command.
- The router displays an error message similar to this:
% Connection -6 not found in connection table for slot 6.
- but successfully negotiates a crypto connection.
- The ATM receiver may stop receiving any frames after removing an ATM sub interface or removing a PVC from a shutdown ATM sub interface.
- Workaround: Clear the ATM interface.
- An RSP router running Cisco IOS Release 11.3(5) with 56-bit encryption may restart due to a bus error at PC 0x0, address 0x0.
- A Cisco 4500 series router's ATM reports high output drops on the ATM interface. Output queue drops that increment and are not affected by load, output queue size, and traffic shaping configurations may indicate this bug.
- The problem appears to be caused due to the small virtual circuit queue size for buffering the packets.
- Workaround: Increase the size of the virtual circuit queue.
- An RSP-based router running Cisco IOS Release IOS 11.2(15)P stops passing IP traffic, encrypted and decrypted on the VIP2-40, and destined through two FDDI PAs. A microcode reload only momentarily fixes the problem.
- When this problem occurs, the VIP locks up, and a user cannot go to the VIP console. The VIP does not receive or send out any packets.
- A Cisco 3600 series router with MBRI cannot forward Tbridge packets on a 64Kbps BRI leased line.
- Workaround: Downgrade to Cisco IOS Release 11.2.
- A Cisco 4700 series router's low-speed interface NP2T16S pin 24 TxCE has no signal output. This causes problems (line protocol is down) when the DCE enables DCE terminal timing.
- A Cisco 3620 router crashes when running Cisco IOS Release 11.3(6)T and using RADIUS for AAA authentication. This is not a problem when running Cisco IOS Release 11.2.
- A Cisco 7500 series router's VIP controller hangs when encryption is used. The problem seems to be very intermittent. Reloading and using the shutdown and no shutdown commands does not help.
- In certain topologies, HSRP with RSMs and Token Ring LANE in a Catalyst 5000 do not work properly if the LANE connections are interrupted.
- Connectivity does resume after a timeout, depending on the end systems used.
- CSCdm10475
- When reloading a Cisco 3640 router with a PRI and a PRI D channel in STANDBY or SHUT mode, Layer 1 gets stuck in ACTIVATING mode and the following message is displayed:
ISDN Se2/0:23: Could not bring up interface
- Workaround: Remove the D channel from SHUT or STANDBY mode—remove the backup interface commands from the D channel configurations and reload the router.
- Encryption may stop working after an undetermined period of time, which can vary depending on whether CET or IPSec is being used and how long the key timeouts are. Symptoms include lack of debugs from one of the crypto modules, as well as an interruption of the flow of encrypted data (data that should be encrypted is no longer sent as the IPSec negotiation never completes). This bug does not affect non-encrypted data—it continues to be switched by the router—only data that would normally be encrypted is not sent.
- Under stress conditions (for example, if the ESA is simultaneously bringing up a large number of crypto sessions), it may either enter a race condition or the crypto initiation messages may wedge in the input queue of the interface doing the encryption.
- Routers that send L2F or L2TP packets over an ISL interface may reload unexpectedly.
- Workaround: Disable fast switching.
- Catalyst 5000 RSM modules that experience spurious error interrupts cause the C5IP to experience a fatal error.
- Symptoms of this are a C5IP error message indicating no status in the cause register and then an exception dump. For more information, see caveat CSCdk49265.
- The RSM recovers the C5IP automatically within 30 seconds.
- IPX EIGRP does not see its neighbor when running over virtual templates.
- When the ipx-numbered interface command is configured, IPXCP does not come up. When the ipx ppp-client lo x command is configured, IPXCP comes up but not the adjacency.
- An alternative to this workaround is to use the new interface type, interface multilink, which is in Cisco IOS Release 12.0 T.
- In redundantly connected networks running IPX-EIGRP, some obsolete IPX services may not age out and cause a "SAP loop" when the ipx maximum-paths command is set to a value greater than one. This is seen primarily with network-connected IPX printers whose SAP service hopcount is one more than that of the route (network) to the service.
- The workaround is to temporarily "down" the network to the service. Set the ipx maximum-paths command to one, which is the default, to prevent future recurrences.
- Another potential workaround is to use the previously undocumented ipx server-split-horizon-on-server-paths command.
- By default, split horizon blocks information about periodic SAPs from being advertised by a router to the same interface on which the best route to that SAP is learned.
- But in the case where the SAP may be learned from interfaces other than (or in addition to) the interface on which the best route to that SAP is learned, enabling the ipx server-split-horizon-on-server-paths command reduces unnecessary periodic SAP updates as because SAP is not be advertised to the interface(s) where it was learned. This also prevents potential "SAP loop" in the network.
- The solution for this problem requires the use of the new ipx sap follow-route-path command. This command should be configured on all routers where IPX-EIGRP routing is used and where multiple IPX paths may exist.
- Under certain conditions, IPX-EIGRP is leaking memory via "IPX USV" and "IPX SAP PH." This leak happens on slow or congested WAN links with large numbers of IPX services (SAPs) being advertised where IPX-EIGRP neighbors are flapping. These conditions are evident by the constant short "Uptime" and constant non-zero "Q Cnt" in output from the show ipx eigrp neighbors command.
- Workarounds: Increase the interface bandwidth (using the bandwidth command) and/or increase the EIGRP bandwidth for that interface (using the ipx bandwidth-percent eigrp command). By default, EIGRP gets the maximum of fifty percent of the interface bandwidth.
- When you run Cisco IOS Release 11.3 and use TCP-to-X.25 PVC protocol translation, the PVC can close too quickly. This may cause the PVC to be taken down prematurely and result in lost data. When you print over TCP-to-X.25 PVC protocol, the translation may experience a loss of the last data blocks. There is no known workaround.
- X.25 tunneling over TCP (XOT) sessions over ISDN has problems when sessions close. An ISDN session may hang up and may come back up sporadically until the underlying TCP session is completely closed. Usually the TCP session should close, but due to a bug in TCP for "simultaneous close," the ISDN never hangs until a timeout of eight minutes is reached. Users notice an eight-minute delay in ISDN hangups.
- The workaround is to use the show tcp brief command to list all the TCP connections, and then kill the TCP connection (using the clear tcp tcb tcb-address command) that has been in the "FINWAIT1" state for a long time.
- XOT sessions will have a problem when both the end routers close the TCP sessions at the same time. This bug fixes this problem that can also occur rarely on some TCP connections when both the ends send FINs simultaneously.
- If RCP is configured on the routers and is used on hosts and routers separated by a firewall (with strict access control lists, such as those allowing only loopback addresses), the RCP sessions fail when multiple interfaces are used on the router and a second interface (other than the primary interface) is configured for RCP sessions using the ip rcmd source-interface command.
- Workaround: Do not use loopback or secondary IP addresses for the RCMD source interface. Instead, use only the primary (default) interface.
- VINES "proxy" memory leak can occur when a VINES client application causes a router to act as a proxy server and the client sends service requests that it does not support directly to the router. The router becomes a proxy server when it forwards these same service requests to the nearest Banyan VINES server.
- The leak can be detected by observing the persistent "Vines Proxy" lines in the output of the show memory summary command:
0x60433E38 24 2807 67368 Vines Proxy 0x60433E38 28 5246 146888 Vines Proxy
- Under some circumstances, XOT service may cause the router to reload if a record of one XOT host is freed (all active connections to that host are terminated) during an operation that works with all XOT remote host records (such as the show x25 xot command).
- To evoke this problem, use the show command to report on XOT virtual circuits from a terminal that suspends the reports with the More prompt.
- Workaround: Configure the terminal not to suspend output by using the terminal length 0 command.
- X.25-to-TCP protocol translation stops sending X.25 Layer 3 acknowledgments when using PVCs.
- The line protocol flaps when two routers running Cisco IOS Release 11.3(6)T are connected back to back using PPP or PPP reliable link with the link quality set to 75. This flapping happens when the data rate up is driven up and the clock is set to 64,000 bps.
- When an LLC session is established on a serial interface, TEST frame stops responding for other LLC sessions.
- On an RSP platform running various versions of Cisco IOS Release 11.2 P, with Frame Relay broadcast queuing under heavy multicast traffic, the router may reload for an erroneous pointer at fr_bq_proc() function.
- On an L2F home gateway, incorrect packets may be output through the L2F tunnel to the NAS.
- Workaround: Issue the no ip route-cache command on the Virtual-Template interface.
- ARAP Callback does not work from an iMAC to a Cisco router.
- A Frame Relay route statement is deleted from the configuration when DLCI is removed due to a leased-line disconnection.
- The implementation of CMNS on Cisco routers is not compliant with section 7.4.4 of the ISO standard 8802-2.
- According to the specification, the router should react to an LLC2 frame when the P-bit is set. The router, however, ignores any packet—except for a SABME.
- For a VAX, it is normal to start up with a DISC with the P-bit set. This ensures that both sides are in the same state and no hanging calls are left over.
- There is currently no workaround.
- All platforms running MLP may potentially encounter a transient error condition where no links are assigned to a multilink bundle.
- In a VPDN configuration where multiple home gateways are loadsharing from a single NAS, the NAS uses only the IP address to determine the tunnel ID, even if a different tunnel ID is returned by the RADIUS server. The workaround is to have your RADIUS and/or your home gateways' configurations return only one home gateway to the NAS.
- Whenever a Cisco 5300 series router dials out, it produces the following error:
Apr 8 15:37:23.245: ISDN Se0:23: TX -> SETUP pd = 8 callref = 0x0012
Apr 8 15:37:23.245: Bearer Capability i = 0x8090A2
Apr 8 15:37:23.245: Channel ID i = 0xE1808397
Apr 8 15:37:23.245: Called Party Number i = 0xA1, '14085703930'
Apr 8 15:37:23.265: ISDN Se0:23: RX <- CALL_PROC pd = 8 callref = 0x8012
Apr 8 15:37:23.265: Channel ID i = 0xE9808397
Apr 8 15:37:23.793: ISDN Se0:23: RX <- PROGRESS pd = 8 callref = 0x8012
Apr 8 15:37:23.793: Cause i = 0x82FF - Interworking, unspecified
Apr 8 15:37:23.793: Progress Ind i = 0x8A81 - Call not end-to-end ISDN, may have in-band info
Apr 8 15:37:23.793: ISDN Se0:23: TX -> STATUS pd = 8 callref = 0x0012
Apr 8 15:37:23.793: Cause i = 0x80E41E - Invalid IE contents Apr 8 15:37:23.793: Call State i = 0x03
Apr 8 15:37:23.809: ISDN Se0:23: RX <- RELEASE pd = 8 callref = 0x8012
Apr 8 15:37:23.809: Cause i = 0x8295 - Call rejected
Apr 8 15:37:23.809: ISDN Se0:23: TX -> RELEASE_COMP pd = 8 callref = 0x0012
shadygrove#
- Cisco needs to add support for the location code 0x8A81.
- The XOT behavior is invalid. A router does not send an RI packet, even though the opposite X.25 device goes down.
- Deconfiguring an ISDN interface can cause a bus or spurious access error.
- A router is unable to pass traffic when using HDLC encapsulation with STAC compression.
- This traffic problem is caused by not taking into account board encapsulation when setting the compression notification bit in the HDLC header.
- This is only a problem for high-end routers. RSP board encapsulation is not used by low-end routers. The problem was introduced by CSCdk91576.
- Workaround: Disable compression.
This section describes possibly unexpected behavior by Release 11.3(8). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(8). For additional caveats applicable to Release 11.3(8), see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.3(9).
- The CSM will route a call to a Microcom modem even if DTR is low on the line, attached to the Microcom (DTR may be low because the modem dtr-active command is configured on the line). The result, given the default Microcom configuration of &D, is a ring-no-answer.
- When using a MICA modem in the same low DTR situation, the CSM refrains from routing the call to the modem, with the result that, if no modems are available and they have high DTR, the caller receives a busy signal.
- This means that there is no general way to configure Microcom modems for dialout only. (If the NAS is connected to the network via ISDN rather than CAS, then you can configure DNIS modem pooling and put the dialout-only modems into a pool with an unused DNIS number. However, this technique won't work for CAS, since DNIS modem pooling isn't supported for Microcom.)
- The workaround is to use MICA modems instead of Microcom. [CSCdk11064]
- A Cisco AS5200 access server, configured for a PRI group, can hang during boot (and only during boot) if one or both of the T1/E1 interfaces receives excessive "short frame" errors (also known a "runts") from the lines. An unprovisioned PRI line, or incorrectly provisioned PRI line, could be one case where this problem might occur.
- A workaround is to either disconnect the faulty T1/E1 line, or to configure the loopback command on the affected T1/E1 controller. [CSCdk80119]
- A Cisco AS5300 access server using the shutdown command on the T1/E1 controllers sometimes causes the Fast Ethernet interface's holdqueue to become full. This causes the interface to stop receiving packets. The workaround is to increase the input holdqueue count on the Fast Ethernet interface. [CSCdm05046]
- Fast switching is broken between 100 Vg-AnyLAN and ATM-Lite. [CSCdk17135]
- Many Cisco 1601 routers configured for async MPPP dial-in are frequently crashing—indicating memory corruption. The routers are running Cisco IOS Release 11.2(15a)P. Hardware (router, DRAM and FLASH) replacements did not stop the crashes. [CSCdk48207]
- A Cisco 7200 series router connected to a Cisco Catalyst 5000 switch sends a CDP packet on Token Ring BRF VLAN with BPDU bit set when the subinterface is shutdown.
- That cause a loop if the catalyst is connected to other switches. See caveat CSCdk57646 for more information. [CSCdk58782]
- The writeNet object completes the TFTP transfer of the configuration file to a TFTP server before relinquishing the CPU. This becomes a problem when the TFTP server is unresponsive, and the TFTP operation experiences timeouts.
- The fix for this problem is to:
- 1. Use the CISCO-CONFIG-COPY-MIB to initiate the transfer.
- 2. This MIB starts the transfer and then relinquishes CPU.
- 3. The user can poll for the status of the transfer and see how long it took by looking at other objects in the CISCO-CONFIG-COPY-MIB. [CSCdk72569]
- Initialization of a BRI interface connected to a Siemens HICOM PABX fails leaving the Layer 1 Status in ACTIVE_ErrorInd. The workaround is to disable CDP on the interface. [CSCdk80074]
- The write core command does not dump the I/O memory on Cisco 3600 series routers. There is no workaround. [CSCdk84420]
- Accounting stop records for connection service should be generated before aaa user_struct is freed. Appropriate pointer checking is also needed to prevent memory access violations. [CSCdm02704]
- A Token Ring LANE client may not come up immediately when configured on a Cisco 4500 series router's ATM interface. [CSCdk61220]
- Lexmark printers are contacted by the central server sending single route explorer to mac-address FFFF.FFFF.FFFF. In Cisco IOS Release 11.1 using RSRB without local-acknowledgment, this explorer is passed to the remote Token Ring. This no longer happens with Cisco IOS Releases 11.2 & 11.3. [CSCdk72916]
- The APPN router may leak memory when receiving "wildcard" replies to a broadcast search. The show appn stat command will consistently indicate an increasing "outstanding locates" value with an increasing "broadcast locates sent" value.
Broadcast locates rcvd/sent 9499/1395 Directed/Broadcast locate negative replies 3/152 Outstanding locates 1213
- [CSCdk78105]
- When using the source-bridge ring-group group-number, although group-number is not being used under any interface, a LLC2 session dropped. [CSCdk78156]
- While doing RSRB local-ack with priority peers, the following error messages may be displayed:
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer :
- The workaround is either to turn off priority peers or to turn off local-ack. [CSCdk83457]
- Token Ring-LEC currently processes all registration requests received on its control distribute VC. It should only be doing this if the LEC ID in the registration message matches its own LEC ID. THE LEC FSM invokes a_resend_reg_req when a negative registered response is received. Instead we should invoke a_process_reg_rsp. [CSCdk84269]
- DSPU is not allowing any new downstream PU connections, and the following messages appear in the router log:
%DSPU-3-LSConnInFailedNoMem: Connect in from remote address 00104b0a60e0 failed; insufficient memory.
%DSPU-3-LSConnInFailedNoMem: Connect in from remote address 00105a00e326 failed; insufficient memory.
- [CSCdk86081]
An APPN HPR router may crash or issue a Spurious memory access with the following backtrace elements when activating an APPN RSRB link. 0x60b1e590:anr_build_srb_map(0x60b1e400)+0x190 0x60aff784:ncl_send_fastswitch_enable(0x60aff704)+0x80 0x60afe458:ncl_populate_anr(0x60afe0f4)+0x364 0x609ca31c:send_populate_anr(0x609c9f24)+0x3f8
- [CSCdk87750]
- The APPN router may have problems when establishing cp-cp sessions during an unusually heavy load. The NN may display the following message repeatedly if attempting to establish several hundred cp-cp sessions with adjacent ENs at the same time.
Jan 25 12:51:18: %APPN-7-APPNETERROR: TP(RCA) - Proto error: rcv_and_wait with NETA.ENCP1 rc=F, 0
- [CSCdk88194]
- A Cisco 2600 series router running DLSw with priority and backup peers over BRI could crash with SegV exception.
- The workaround is to not have priority peer configuration. [CSCdk89189]
- A second link fails to reactivate during recovery. Both links must be restarted in sequence so the links will activate the first link as TG21 and second link as TG22. Otherwise the failing link stays in TG0 state attempting to reconnect.
- The workaround is to assign specific tg numbers (from 1 to 20) to parallel tgs. [CSCdk90257]
- An APPN router may reload with the following backtrace.
0xRA:0x60757578:Qdeq(0x6075756c)+0xc 0xRA:0x606FBA6C:hs_deleter(0x606fb930)+0x13c 0xRA:0x606FC038:mu_processor(0x606fbe40)+0x1f8 0xRA:0x606FC77C:remote_path_control(0x606fc650)+0x12c 0xRA:0x606FDC04:pc_mainline(0x606fd500)+0x704 0xRA:0x606F8D70:xxxpcasm(0x606f89d0)+0x3a0
- [CSCdk93916]
- APPN BINDs from Low Entry Networking (LEN) nodes, such as an MS SNA-Server, may fail in a pending active state when the router is also an intermediate node. The BIND Transmission Header (TH) is corrupt in the forwarded direction, which is then typically dropped by the receiving device. [CSCdm00997]
- A Cisco7206 router crashed with a bus error with the following message:
System restarted by bus error at PC 0x6087AD40, address 0x244
- This only happened immediately after the router was reloaded. Once it was up and running, the system was stable. [CSCdm02196]
- The APPN router may reload with the following stacktrace. The router used excessive processor memory when multiple (over 100) ENs registered resources to this NN at the SAME time.
RA: 0x601C89D4[abort(0x601c89cc)+0x8] RA: 0x601C7354[crashdump(0x601c728c)+0xc8] RA: 0x607375F0[Eattach(0x60737588)+0x68] RA: 0x60739DCC[Pcreate(0x60739cd4)+0xf8] RA: 0x60648720[amp610(0x606486c0)+0x60] RA: 0x6064789C[amp500(0x60647510)+0x38c] RA: 0x60645AD0[amp00(0x60645790)+0x340]
- [CSCdm05337]
- A router may reload if DLSw priority peers and DSPU/SNA over VDLC are configured together. The workaround is to use regular DLSw peers. [CSCdm05685]
- Traffic shaping might cause a router to crash. [CSCdk33589]
- When a 4-Port Token Ring 4/16 Mbps Port Adapter (PA-4R) is used on a congested or unclean Token Ring, the VIP port adapter might exhibit the following errors and traceback:
Sep 17 14:04:26 EDT: %IPC-5-SLAVELOG: VIP-SLOT4: IBM2692-1-SRBQ_OVERFLOW: IBM2692 (0/0), SRB queue overflow.
Sep 17 14:11:03 EDT: %LINK-3-UPDOWN: Interface TokenRing4/0/0, changed state to up EDT: %IPC-5-SLAVELOG: VIP-SLOT4:
Sep 17 14:12:22 SYS-2-GETBUF : Bad getbuffer, bytes= 50765
Sep 17 14:12:21 EDT: %IPC-5-SLAVELOG: VIP-SLOT4 : Process= "<interrupt level>", ipl= 1
Sep 17 14:12:21 EDT: %IPC-5-SLAVELOG : VIP-SLOT4: Traceback= 6005DFAC 600D18B4 600D1CEC 600D215C 600D28EC
- There is no workaround. [CSCdk47517]
- A Cisco 7500 series router with the following characteristics
- running Cisco IOS Release 11.2 P or earlier
- CT1/CE1 port adapter
- PPP Distributed hardware or software compression
- connected to a remote router with the following characteristics
- running Cisco IOS Release 11.3 or later
- PPP software compression
- experiences a crash in LZS_Decompress or a stuck output. This DDTS fixes these particular problems, but we highly recommend that both routers be run either Cisco IOS Release 11.2P (or below) or 11.3 (or above). [CSCdk52565]
- BVI can not send IPX packets but receive [CSCdk77411]
- Frames 33 bytes or less are being corrupted when bridged between a FDDI interface and a PA-A1 in Cisco IOS Release 11.1(19)CC1 or above.
- Current Workarounds:
- 1. Replace the PA-A1 with a PA-A3
2. Replace the FDDI with another interface type, (Token Ring, Ethernet, etc.)
3. Downgrade the router to Cisco IOS Release 11.1(18)CC or below
4. Disable fast switching for transparent bridging [CSCdk80653]
- IP access lists always permit IP fragments.
- Currently there is no workaround for this problem. [CSCdi84140]
- IOS NAT socket translation is only working for connections initiated from outside to inside. The users have an application where they want to use one single source address which will create multiple TN3270 connections to an SNA gateway. Each connection must have a unique source address but it will be coming from the same UNIX machine. Without sockets, translation works on the IP address. With socket, translation does not work. The router is running Cisco IOS Release 11.2(14)P on a Cisco 1605 router. [CSCdk27181]
- PPP peer neighbor routes from an unnumbered link might remain in the topology table when the link is down or changed to numbered. This condition causes instability in the network.
- The workaround is to remove the EIGRP process and reconfigure it, or reload the router. [CSCdk49790]
- NAT will only translate the first address entry in an NBNS group name response message. Other group name address entries will not be translated and therefore the NetBios client will only be able to reach the first group address host (because it would be using an inside local address from the outside for the other members of the NBNS group name). [CSCdk64629]
- When the prune-timers in the oil list are not identical, the mroute will still go to a "forwarding" status even when there is no listener. There is no workaround. [CSCdk78845]
- Some routes may not be propagated by EIGRP through redundant paths. [CSCdk80809]
- OSPF might reload if a corrupt protocol packet is received and the corruption is not detected by the IP checksum. Since the IP checksum detects most packet corruptions, a reload is highly unlikely unless a large percentage of OSPF packets are corrupt. Workarounds include fixing the source of the packet corruption, or shutting down the link on which the incoming packets are received. [CSCdk81888]
- After a file with a large file-name is transferred, Cisco IOS Network Address Translation (NAT) does not translate the embedded IP address in the FTP PORT command. The workaround is to close the FTP session and open a new one. [CSCdk82872]
- When ISO-IGRP re-distributes into ISIS, it is possible for a routing entry to be duplicated that results in a memory leak. The router needs to be reloaded to recover the lost memory. [CSCdk17145]
- A Cisco 7200 series router configured to route IP packets over ISDN with encryption only works in process-switch mode. [CSCdj82823]
- Initialization of BRI connected to a Siemens HICOM PABX fails leaving the Layer 1 Status in ACTIVE_ErrorInd. The workaround is to disable CDP on the interface.
- The same problem on Cisco 1000 series routers is addressed by CSCdk80074. [CSCdk32594]
- This problem is caused by the bug that existed in crypto "spoke & hub" configuration. This means the packets are decrypted when received from input interface and then encrypted again before forwarded to the output interface. [CSCdk58181]
- The ESA Crypto engine of a Cisco 7507 router with a VIP2 installed might be limited to 25 connections. In this situation, new connections are established after key exchange, but no encryption and traffic flow take place. There is no workaround. [CSCdk69456]
- When multilink is configured over the serial interface, a long delay is observed—typically with large packets. The problem is seen only when fair-queueing is configured on the interface. A workaround is to disable fair-queuing. [CSCdk80140]
- The fix for CSCdk77654 inadvertently requires ACLs attached to crypto maps to include ICMP, even if ICMP packets are not intended to be encrypted. Note that ICMP is matched when the IP protocol is specified in the ACL. [CSCdk84552]
- A Cisco 7505 router running Cisco IOS Release 11.2(15)P with encryption enabled crashes when an SNMP poll of "cieEngineStatusTable" (from the CISCO-IP-ENCRYPTION-MIB) is performed.
- This crash does not occur when encryption is disabled.
- After rebooting, the show version command shows:
System restarted by bus error at PC 0x60188EF0, address 0x80 at 15:59:41 cst Mon Jan 18 1999
- The last logged message is:
Jan 18 15:57:52: %SCHED-2-WATCH: Attempt to set uninitialized watched boolean (address 0).
-Process= "IPC CBus process", ipl= 0, pid= 18
-Traceback= 60188ED8 6067448C 60672758 60692E30 6018FCA4 600F8A84 60233A64 6018F7F0 600E69A8 60176E58 60176E44
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x80, pc=0x60188EF0, ra=0x6067448C, sp=0x60E0BC40
- This problem was initially seen when CiscoView attempted to open the device. CiscoView polls CISCO-IP-ENCRYPTION-MIB objects, and the fault is observed (in output of the debug snmp packet command) when "snmp getnext" is performed against "cieEngineStatusEntry"
- When encryption is disabled, CiscoView can open the device without problem.
- A workaround is to disable SNMP polling by removing all the snmp-server community commands from the configuration. [CSCdk85273]
- An IPX route to a directly connected network appears incorrectly in the routing table if the ipx down command is configured. New routes to the directly connected network will not be learned, and the network may appear as "down" in the routing table. In some cases, lower level routing tables (for example, 85XX switch) may have an active routing entry for the bad route.
- This happens when an interface that is shutdown with the ipx down command configured is brought up using the no shutdown command.
- The workaround is to bring up the interface using the no ipx down command and then the ipx down command. [CSCdk81350]
- If an interface is administratively down with an IPX network configured, and you proceeds to add that network to the IPX Enhanced IGRP router, the route to that network is propagated through Enhanced IGRP even though that interface is "down." The route does not go away.
- The workaround is to remove the route to the network from Enhanced IGRP using the shutdown and no shutdown commands. Alternatively, remove the network from within the IPX Enhanced IGRP router using the ipx router eigrp autonomous-system-number and no network network-number commands. [CSCdk86872]
- If the ipx nlsp rip off command is configured and therefor NLSP RIP compatibility mode is off, the router will not send a reply to a Client who sends a RIP general query (a request for all networks).The workaround is to not configure the ipx nlsp rip off command, but leave compatibility mode enabled. [CSCdm00033]
- Occasionally the show dialer map command causes the router to crash while some connections are being dropped during the execution of the command. This problem affects Cisco IOS Releases 11.2(11)P and later. [CSCdj77057]
- When running Cisco IOS Release 11.3 or Release 11.3 T on a Cisco 3640 router, Frame Relay over ISDN initially works, but fails because the interface input queue was full and all incoming packets would be dropped. This problem cannot be resolved by locking or unlocking; the router needs to be reloaded. [CSCdj82342]
- A Cisco 3640 router rejects incoming calls even though there are free channels and good modems. Both ISDN and analog incoming calls are rejected with the "Incoming call rejected, exceeded max calls" message. This also occurs in the 11.2(15.1)P image where CSCdj77099 is already integrated. [CSCdk42780]
- In Cisco IOS Release 11.2, when configuring more than one dialer string and configuring a dialer load-threshold, additional B channels will only be opened when connected to the first dialer string. When connected to the second dialer string, only one B channel will be opened—even if the threshold is exceeded.
- In Cisco IOS Release 11.3, the dialer load-threshold does not work. [CSCdk55610]
- A switch type TS014 numbering plan misidentifies the called number as "national" when it should be "unknown." There is no workaround. [CSCdk65469]
- A router crashed using X.25 switching, in x25swt_last_resort. [CSCdk66454]
- Do not compress any packet with CCP when the PAK_PRIORITY bit is set. Compressing these packs will cause sequence errors creating compression dictionary resets.
- Routing protocols apparently use the PAK_PRIORITY bit.
- The workaround is to compress these packets.
- This bug manifests only when there is congestion on the PPP output queue (there are packets waiting there, which could be re-ordered.)
- Note also that this fix may be inadequate for cases where there is extreme congestion. Output queueing code will drop packets in the output queue if the queue is full at the time a PRIORITY packet is added to the queue. This will also cause packet reordering (due to the drop). This problem should manifest only the most severe conditions and may be partially worked around by adding depth to the output queue. If this workaround is inadequate, additional bandwidth may be required because the line is over-subscribed on average. [CSCdk72458]
- Under certain conditions, an acknowledgment for a received frame was not sent out. This causes the remote station timer to expire and resend the data. The symptoms can be seen as an increase in the number of REJ sent out of the router's interface. [CSCdk75078]
- Cisco IOS Release 11.3(7.1)T and above may have problems bringing up Layer 2 after configuring ISDN for the first time due to invalid Layer 2 timer values. These values can been seen in the configuration and by using the show isdn timers. A workaround is to save the configuration, and reload the box. (Notice the error messages due to the invalid timer values rejected during processing of the configuration.) [CSCdk75490]
- LAN Emulation (LANE) does not reply to LAN Emulation-Address Resolution Protocol (LE-ARP) requests if the Bridge-Group Virtual Interface (BVI) Media Access Control (MAC) address is different from the ATM's MAC address. As a result, the traffic to the BVI interface is sent from the LANE broadcast and unknown server (BUS). The workaround is to use the same MAC address for both ATM and BVI interfaces. [CSCdk77092]
- L2D_Srq_Task() reads status testing for an active connection. When this fails (as it frequently will the first time it tests) it calls edisms, rechecking status when it returns. Unfortunately, it simply retests the status byte, which is now stale. This fix guarantees the validity of the status byte. [CSCdk78063]
- Under heavy usage conditions on an X.25 serial link, a Cisco router running TCP to X.25 translation might reload. There is no known workaround. [CSCdk80551]
- When running PPP in conjunction with NFAS on PRIs, the NFAS interfaces that are configured to have 24 B-channels will only be able to negotiate and pass PPP data on the first 23 channels. Calls will be routed to the 24th B-channel, but the router is unable to send PPP data out of the B-channel; thus, that user is stuck until PPP times out and they dial in again and get another B channel.
- The only workaround is to take the 24th channel out of service using the isdn service dsl number b_channel 24 state 2 command. [CSCdk86557]
- On an RSP, the L2F Protocol fails to forward fast-switched packets from the tunnel to some physical interfaces (such as PRIs). L2F neither punts the packets to process nor frees the packets. L2F-related applications like SGBP and VPDN are affected. There is no workaround. [CSCdk87834]
- You need to set extend bit in the channel id while talking to a DMS-100 switch. [CSCdk94188]
- Systems can generate bad memory accesses and possibly crash when IPCP completes negotiations on PPP links.
- This problem was inadvertently introduced with the patches for defect CSCdk13366. Customers using PPP and who have system images into which CSCdk13366 has been incorporated will need to upgrade to use an image which includes CSCdm01059. [CSCdm01059]
This section describes possibly unexpected behavior by Release 11.3(7). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(7). For additional caveats applicable to Release 11.3(7), see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.3(8).
- The absolute-timeout line configuration command does not accept any value. Other line commands are showing up twice when the ? command is used. [CSCdk62405]
- "SNMP CPUHOG processing GetNext IfEntry" on ATM subinterfaces causes LANE clients to drop. This was observed in Cisco IOS Releases 11.2(12)P and 11.2(12)P. In both cases, the user defined numerous subinterfaces that were not numbered sequentially. A partial workaround was to configure the no snmp-server sparse-table command.
- The fix for caveat CSCdj92220 lessens the severity of this problem. [CSCdk08376]
- Under extremely rare circumstances, after loading a startup-configuration using the copy tftp startup-config command on a Cisco 3620 router, the NVRAM will become unreadable on the next reload. During the boot sequence, the following messages can be seen:
ERROR in NVRAM sizing. NVRAM could be bad! Hardware indicated 32768 bytes. Software detected 0 bytes.
- and:
%C3600-3-BADNV: Detected invalid NVRAM size: -2056 bytes
- [CSCdk55631]
- The aaa authorization exec tacacs command cannot be used. There is no workaround. [CSCdk62728]
- VIPs report SRAM parity errors when accessing locations beyond the allowed 2 MB MEMD range. An ACK with invalid data is received on the CyBus. Ideally the out of range request should be ignored by the MC ASIC, and the VIP should report a missing ACK.
- The workaround is to set RSP range registers correctly to enforce the 2 MB limit on MEMD access. [CSCdk64322]
- RSP1 and RSP7000 will not work without this fix. A previous bug fix, CSCdk64322 (fixing the range registers on the RSP systems MC ASIC), does not work for RSP1 and RSP7000 systems because they do not have range registers.
- RSP1 and RSP7000 systems will not boot with images with the fix for CSCdk64322. This prevents RSP1 and RSP7000 systems from executing those instructions. [CSCdk65978]
- When a Cisco 1600 router is connected in synchronous mode using the "Easy IP" feature, the WIC-1T sync/async might drop the PPP link. This condition is caused by having the ip address negotiated command configured on the serial interface. When a static IP address is configured, the problem does not occur. There is no workaround. [CSCdk67339]
- AAA authentication method lists disappear when upgrading from Cisco IOS Release 11.2 to 11.3 or later IOS releases. When the aaa authentication local-override command is configured for an 11.2 image and AAA authentication method lists have three or more methods defined, upgrading to a Release 11.3 or later IOS image generates a traceback. The workaround is to remove one or more of the methods before the upgrade. [CSCdk71921]
- When reply messages are included in the a RADIUS Access-Accept, attributes following the reply-message attributes may not be recognized. For instance, if multiple reply messages are included in the Access-Accept, only the first reply message will be displayed.
- The workaround is to not use reply messages in Access-Accept or Access-Reject. If reply messages are absolutely needed in an Access-Accept or Access-Reject, there should be only one attribute and it should be included as the very last attribute in the reply. Reply messages in Access-Challenge should work properly. [CSCdk72139]
- The async HDLC microcode from Motorola has a problem with certain data transparency (escape) sequences. One known example is the following PPP/LCP sequence sent from a Bay Nautica 4000 router:
7e 7d df 7d 23 c0 21 ....
- It appears that the microcode cannot handle the "7d df" (escaped "0xff"). The optimum solution is to get a new version of microcode from Motorola. Another solution is to turn off the async HDLC microcode and not enable "hardware-assisted PPP mode" within IOS. Instead, the Async-PPP framing is done by the IOS software. To enable this mode of operation, the hidden microcode-enable command is being added as an interface configuration command to Cisco 1600 series routers' asynchronous interfaces. [CSCdk75174]
- The Cisco 1005 and Cisco 1600 series routers do not properly support the ignore-dcd serial interface configuration command. The Cisco 1005 router will not accept the command at all, and the Cisco 1600 series routers will accept the command, but will not operate properly if it is issued. Certain external modems and CSU/DSU devices require the ability of the DTE to ignore the DCD signal, and use of such devices is not possible until this fix is available. [CSCdk77783]
- APPN HPR over an ISDN backup line is loosing sessions. There is no workaround. [CSCdk35420]
- The input queue on Token Ring interfaces may wedge and not accept additional packets. The workaround is to reload the router or increase the interface's input queue using the hold-queue number {in | out} command. [CSCdk36470]
- When running DSPU, certain downstream connections may fail to come active.
- The workaround is to clear the LU on the host that has the status of PBIND. Once this is cleared, sessions will be able to come up. [CSCdk53603]
- If ACTLU is sent to an end station for a local address not yet defined, the end station will send an -ve response, and the LU will stay connected. When LU is added to the end station, and VTAM sends ACTLU again, the DLUR router does not forward ACTLU to the end-station.
- VTAM displays LU as PACTL; the router display shows Starting.
- [CSCdk54680]
- This problem concerns an APPN router attached to VTAM. CM/2 workstations defined as network nodes can connect to the router, but they are treated as LEN connections so that the router can generate dynamic CP names.
- When ILU on the CM/2 attempts to connect to VTAM, the BIND arrives at the router with an RSCV that terminates on the router. The router rejects the BIND because the resource is not local to the router.
- The workaround is to either remove the LEN connection statement from the router APPN port statement or reconfigure the CM/2 as an end node. [CSCdk59339]
- This caveat concerns a SDLC DLSw performance problem using simultaneous full-datamode or simultaneous half-datamode.
- The problem is that the router has multiple polls outstanding. It either sends a poll on an i/frame and then sends another poll to a different station, or it will send a poll to one station and then the other station. [CSCdk67010]
- The ABM bit is not set on a transmitting DLSw peer during an XID exchange. [CSCdk68763]
- APPN builds fail because of an outdated compiler. All APPN images are affected.
- The workaround is to update the compiler to the 97r1 level. [CSCdk69202]
- A DLSw router using priority peers may crash when the TCP peer connections fail under heavy load conditions. [CSCdk69510]
- When using privilege level commands to allow configuration of a command, the user is unable to configure specific privilege levels for the keywords of the channel interface sub-command commands. There is no workaround. [CSCdk71062]
- A Cisco router running DLSw with FST/Direct/LLC2(Lite) encapsulations could crash. The workaround for this is to use DLSw with TCP encapsulation. [CSCdk77166]
- Route-setup gds was corrupted with bogus control vector '0000,' resulting in these messages:
.Aug 10 15:38:26 EDT: %APPN-3-Error: --SS --- ssrts unknown cvkl_key 0 -Traceback= 6085FD30 6082C18C 60823238 6022C988 6022C974
.Aug 10 15:38:27 EDT: %APPN-3-Error: --SS --- ssrts unknown cvkl_key 0 -Traceback= 6085FD30 6082C18C 60823238 6022C988 6022C974
.Aug 10 15:38:28 EDT: %APPN-3-Error: --SS --- ssrts unknown cvkl_key 0 -Traceback= 6085FD30 6082C18C 60823238 6022C988 6022C974
.Aug 10 15:38:29 EDT: %APPN-6-SendMsg: Deactivating CP-CP sessions with
- In every case where the PIU was dumped by a special image, the '0000' followed a valid cv2c. The original cv2c had 2 trailing blanks, which are removed by the code. When the cv2c was later filled into the outgoing gds, the original length was mistakenly used to point to the next cv position, thus leaving '0000' in-between. This has been changed to use the correct length when pointing to the next cv to be filled in. [CSCdk82752]
- A Cisco router is unable to pass traffic through a bridged interface when using Frame Relay encapsulation and packet-by-packet compression is enabled. If packet-by-packet compression is not enabled, we do not see this problem.
- This problem occurs because compression and decompression are not supported with bridging (refer to CSCdi63268).
- The workaround is to disable packet-by-packet compression.
- Another workaround is to disable compression whenever bridging is enabled. This can be accomplished with a check in fr_pbp_comp_decide(), if it is determined that bridging is enabled do not set the compression flags. [CSCdk23031]
- The line protocol of EIP interfaces on a Cisco 7500 series router running Cisco IOS Release 11.2(13) will start flapping and then go into up/down state. Using the shutdown and no shutdown commands will not bring the interfaces back up. You must reload the microcode or reload the router to stabilize the router,
- Routers running EIP microcode version 20.3 or lower encounter this problem when EIP interfaces receive resets while passing the traffic and suffer tx collision.
- The workarounds are to reload the microcode every day, or upgrade the EIP microcode to the latest version. [CSCdk36767]
- A Cisco 3640 router experiences excessive delay in Netbooting over a Fast Ethernet interface using 10-MB mode.
- During system initialization, when the IOS software finds a corrupt or empty NVRAM, it proceeds to interactive setup without trying to loading configurations from net. This behavior was seen only in Cisco IOS Release 11.2 P. A detailed explanation of why this was not observed in Release 11.3 can be found in the Evaluation enclosure.
- The IOS initially shows the Fast Ethernet interface as being UP. But after the driver initiates autonegotiation to determine peer speed, the link momentarily goes down. During this period, the net periodic process that checks the line protocol status updates the line status as down. So when the initiation process checks the line status, it finds it to be down and concludes that all interfaces are down and proceeds to interactive setup. [CSCdk53401]
- A Cisco 2610 router configured with SDLC DLSw+ might not send SNRM to a terminal even though the status is "SNRMSENT" in the output from the show serial interface command. The interface shows "Link is UP, Line protocol is UP" despite the DTR being down.
- The workaround is to use the shutdown and no shutdown commands in serial interface configuration mode. [CSCdk60026]
- In some applications such as L2F, when ATM-lite tries to transmit a packet with multiple particles, some particles after the 3rd in the packet may not be 32-bit aligned. This will cause the ATM-lite's TX to stall. Using the shutdown and no shutdown commands will end the stall. The workaround is to run L2F in process-switching mode.[CSCdk63173]
- PPP multilink disappears from the running configuration if SL/IP is invoked. [CSCdk63201]
- Priority queuing does not work for bridging when selecting on frame types (access-list). Bridging traffic is forwarded to the default queue. [CSCdk63464]
- Collisions and late collisions are seen when the Fast Ethernet interface is configured for full-duplex operation.
- The PHY was not being reset after the duplex setting was changed through the management interface. Thus the interface continues to be in half duplex while the peer is in full duplex.This results in collisions and late collisions. [CSCdk63859]
- If the no keepalive or keepalive 0 commands are configured on a Fast Ethernet interface, the line will stay up even though the MII is removed or the cable is disconnected. If the interface is then reconfigured for a non-zero keepalive while the physical media stays down, the link will still indicate the interface is up. The only workaround is to use the shutdown and no shutdown commands, or the clear interface command. [CSCdk66019]
- A large packet will sometimes be corrupted when it is sent over a MLP bundle of over two links with VPDN on an ATM PPP tunnel on a ATM-Lite interface. A workaround is to disable fast switching on the ATM-lite interface. [CSCdk74431]
- When NHRP is running in GRE multi-point tunnel mode, the router may reload if the IP address of the NBMA is learned from the same GRE tunnel cloud. The workaround is to learn the IP address of the NBMA from a static route or have the router learn it from a physical interface. [CSCdj87730]
- A router running Cisco IOS Release 11.1(17) may not install a route into the routing table even if the routing bit is set on the OSPF external LSA and the ASBR is reachable.
- If OSPF has both an external and a summary route to the same network and a partial SPF run deletes the summary route, the external route will not be installed.
- The external LSA may have the routing bit set, even if it is not installed in the routing table. This is caused by a failure to reset the external LSA's routing bit when the summary route replaces the external route in the IP routing table. The following sequence of events illustrates the problem, given external and summary routes to network 1.0.0.0:
- 1. OSPF installs external route to 1.0.0.0. The external LSA for 1.0.0.0 has its routing bit set.
2. OSPF installs summary route to 1.0.0.0, replacing the external route. The routing bit is not reset on the external LSA for 1.0.0.0.
3. OSPF performs a partial SPF to remove the summary route to 1.0.0.0. The external route to 1.0.0.0 is not installed. To add to the confusion, the routing bit is still set on the external LSA for 1.0.0.0.
- Issuing the clear ip route * command will force the installation of the external route. Alternatively, issuing the clear ip ospf redistribute command at the router that originates the external route will trigger installation of the external route. [CSCdj88650]
- Under EIGRP, the distribute-list out routing protocol command does not work. The command works when you do not use the routing protocol option. [CSCdk33769]
- DNS NS records that have glue records translated have the TTL of the glue records set to 0. The TTL of the NS record is not set to 0. Thus the DNS server will have a NS record for a DNS zone, but no glue records. The next time the DNS server needs to contact the remote DNS server, it will fail because it has a NS record cached but no IP address to reach it. [CSCdk61629]
- Static routes for 0.0.0.0 do not redistribute into other routing protocols.
- There is no known workaround. [CSCdk62935]
- Removal of a static route pointing to the NULL interface (or loopback), can cause EIGRP instability. [CSCdk62939]
- If the ip pim send-rp-announce command is configured when a router runs out of memory, the router may crash. The workaround is to de-configure this command if the router is close to running out of memory. [CSCdk63163]
- |--(R)--| | | vlan6 | |-source (vlan5) |--(R)--| | |
- The router in this topology is running Cisco IOS Release 11.2(15.3)P. The loser prunes the interface on VLAN6, the winner will then prune the interface as there is no host reports on the VLAN. The interface will go forwarding after the expiry timer, and never send or receive an assert again. [CSCdk63471]
- IP EIGRP generates updates and causes high CPU utilization if more "equal cost" paths are available than "max paths." [CSCdk73832]
- Some routes may not be propagated through redundant paths by Enhanced IGRP. [CSCdk80809]
- Printing with LAT/TCP translation may produce incorrect print out. [CSCdk57205]
- When using Cisco 2523 and 2524 router's serial ports in asynchronous mode, modem control is only supported when using DTE style 5-in-1 cables (in order to connect to DCE devices). The DCE 5-in-1 cable will not support modem control for the asynchronous mode. In order to support DTE devices with modem control, you must use the DTE style cables with a null modem adapter. [CSCdi72371]
- When the CT1port adapter and the CE1port adapter are configured for compress stac, with the CSA port adapter (hardware compression port adapter) on a Cisco 7206 router, memory leakage in the pool manager might occur. When available memory runs below 1 MB, the router might reload. There is no workaround.
- There is no real workaround. However, if you unplug the CSA port adapter from the system, it will use software compression and the CT1port adapter won't leak memory. [CSCdk19122]
- When using a kerberized Telnet to communicate between two Cisco routers, the credentials may not be forwarded. [CSCdk47375]
- This problem concerns the spoke and hub encryption configuration. Packets are decrypted when they are received from the input interface and then re-encrypted before they are forwarded to the output interface. [CSCdk58181]
- The use of an MBRI card in a Cisco 3600 or 2600 series router with PPP encapsulation may cause packets to be dropped when CEF and L2F are enabled. [CSCdk61362]
- When bridging is configured on an RSM VLAN interface, netflow or optimum switching (for Cisco IOS Releases 11.2 P and 11.3) and CEF switching (for Release 12.0) will not occur. IP packets will be processed by fast switching instead of flow/optimum/CEF switching, causing a significant decrease in IP packet forwarding rate.
- There is no workaround.
- This bug was introduced by CSCdk12655 in Cisco IOS Releases 11.2(14.3)P, 11.3(4.1), and 12.0(1). It will be fixed in a future release. [CSCdk64463]
- In the RSP platform with ESA installed, different crypto sessions stop encrypting data, even though the access lists applied continue to see matches.
- The show crypto engine connections active slot-number shows the Interface as "???" instead of the physical interface the packets should be going out on. Although the crypto session appears to be up according to the show crypto connections command, we are unable to send any data to the other side if it is to be encrypted according to our crypto map.
- The workaround is to remove the crypto map from the interface, then remove the corresponding sequence number from the crypto map, then recreate the sequence into the map (using the same configuration commands), and apply it back to the interface. We can then send and receive encrypted data properly. The RSP platform was running Cisco IOS Release 11.2(16)P. [CSCdk65092]
- Access lists with deny statements for some ports will break the encryption session setup, if they are applied with a crypto map. Routers on each side treat the ICMP messages that are sent by each peer to indicate that an encryption session needs to be opened like regular ICMP messages. [CSCdk77654]
- If an IPX access-list that is applied to an interface with the access-group command does not exist, and at some later time an access list by that name and number is created, IPX fast switching may forward packets which should be filtered.
- The workaround for changing an access list is to remove and then reapply the access list to the interface. Then invalidate the cache and rebuild it with the new access list rules. Alternatively, make sure the access list is defined before the access group is applied to the interface. [CSCdk70331]
- When running protocol translation from TCP to X.25, it is possible to see high CPU utilization while minimal processes are running in the router.
- This can be confirmed by using the show process cpu command.
- There is no known workaround. [CSCdk67626]
- TCP applications using TCP DRIVER API, such as DLSW and STUN, will use "TCP MSS of 1450" if MSS exchanged during connection establishment time is smaller than 1450.
- In order to override this behavior and to use the MSS exchanged during connection establishment time, use the ip tcp tcpdriver default-mss command. [CSCdk65973]
- When IP Fast-Switch is enabled on a Cisco 1600 series router with BRI interface(s), it is possible to cause a router-crash under the following conditions:
- The ISDN connection is being brought up and down repeatedly.
- The clear ip cache command is invoked during this period (repeatedly in conjunction with the connection being disconnected). [CSCdj81263]
- Primary rate ISDN calls fail when attempting to place calls within the same DMS switch. [CSCdk07715]
- An incoming call does not route the called and calling NSAP facilities on the outgoing side. [CSCdk42597]
- When running multicast fast-switching, small packets coming from a LANE sub-interface, which need to be routed to another LANE subinterface, will not be sent correctly. Runts appear on the Ethernet interfaces connected to C5k. [CSCdk42813]
- Configuring certain combinations of link fragment-delay and BW causes temporary depletion of I/O memory pool and Ping failure. The workaround is to use the following rule: multiply the values configured for link fragment-delay and BW and divide by 8. The result should be greater than or equal to 40. This is the link weight displayed in output of the show ppp multilink command. [CSCdk54723]
- On an environment running DLSw with Ethernet (local acknowledgment) attached end stations, the connection may be lost due to sequence number problems on frames sent by the router. This will cause an FRMR to be sent by the end station. [CSCdk55183]
- A Cisco route using X.25 switching may reload when a call is switched to an XOT destination, which is then cleared (when no Call Confirm was received). [CSCdk56005]
- When you perform an ISDN callback, you might receive the following message:
%SYS-3-HARIKARI: Process ISDN top-level routine exited.
- There is no workaround. [CSCdk61807]
- A Cisco router running translated X.25 to virtual asynchronous connections (PPP/IPX) may reload. This appears to be an infrequent occurrence. [CSCdk63455]
- Expiration of T200 (response timer) to the transmission of an RR can cause Layer 2 to disconnect and not reconnect until the router is reloaded. [CSCdk63462]
- Enabling IP Multicast prevents LANE from populating multicast MAC addresses. As a result, it prevents IP routing protocols to work properly on LANE interfaces. The workaround is to disable IP Multicast. [CSCdk64193]
- When configuring XOT keepalives on X.25 route statements, the router might restart with the following (decoded) traceback:
c3640-js-mz.113-6.1.symbols read in
Enter hex value: 0x605FF664 0x605FF664:xot_update_keepalive(0x605ff644)+0x20
Enter hex value: 0x606094F8 0x606094F8:x25swt_verify_call(0x606092e4)+0x214
Enter hex value: 0x6060D880 0x6060D880:x25swt_process_incoming_call(0x6060d840)+0x40
Enter hex value: 0x6060D7CC 0x6060D7CC:x25swt_flagged_wakeup(0x6060d704)+0xc8
- [CSCdk64929]
- Under unusual circumstances that include protocol processing delays caused by debug reporting, X.25 switching operations can cause the router to reload. [CSCdk66109]
- Under heavy usage conditions on an X.25 serial link, a Cisco router running translated X.25 to virtual asynchronous connections (PPP/IPX) might reload. This appears to be an infrequent occurrence. There is no known workaround. [CSCdk67475]
- StatusMsg with endpointRef is not processed in the multipoint state table. This could result in releasing multipoint VC. [CSCdk70026]
- An L2F home gateway or an L2TP LNS cannot establish tunneled users on a virtual access interface when a command of the form virtual-profile virtual-template is configured.
- This is a regression introduced by CSCdk74464.
- The workaround is to remove the virtual-profile configuration. [CSCdk80426]
This section describes possibly unexpected behavior by Release 11.3(6). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(6). For additional caveats applicable to Release 11.3(6), see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.3(7).
- The absolute-timeout line configuration command does not accept any value. Other line commands are showing up twice when the ? command is used. [CSCdk62405]
- Appletalk subinterfaces on SMDS return the wrong SMDS address when an AARP request is sent. The router returns the SMDS address associated with the first subinterface, regardless of which subinterface is associated with the AARP request. [CSCdj72157]
- Disabling a subinterface will turn off AppleTalk route-cache for all subinterfaces on that interface.
- The workaround is to enable the subinterface's AppleTalk route-cache after the subinterface is disabled using the interface subinterface appletalk route-cache command. [CSCdk38556]
- Cisco 1003 routers sharing an S bus frequently encounter problems. Even though the router debug shows that the router is responding to IDCKREQ from the ISDN switch, these replies are lost in the collision and never seen by the ISDN switch. It appears that caveat CSCdi42044 is still present in Cisco 1003 routers. [CSCdj78490]
- When configuring the traffic-shape group under interfaces, the second traffic-shape group will not show in running-config or startup-config if options are not added to the commands as the first statement. [CSCdk09806]
- A Cisco 1005 router running Cisco IOS Release 10.3(17) repeatedly reports the following error:
%ETHERNET-1-TXERR: Ethernet0: Fatal transmit error. Restarting...
%QUICC-5-COLL: Unit 0, excessive collisions. Retry limit 15 exceeded
- All hardware attached to the router was tested and replaced, but the router continued to report the error. [CSCdk11908]
- When a router is running low on memory and the write memory or configure network command is issued, there is a chance that the NVRAM may be corrupted and the router will reboot.
- This problem can be avoided by first checking to see if there is enough memory to write the configuration. [CSCdk32125]
- The router becomes unresponsive if you query RTR history when the history table is empty. [CSCdk36156]
- On Cisco IOS Releases 11.3(6) and 11.3(6)T, the write erase command will cause the router to reload.
- The workaround is to issue the config-register 0x142 command, reload, reconfigure the router, and issue the write memory command. Then issue the config-register 0x2102 command again and reload the router again.
- We recommend either upgrading to either Cisco IOS Release 11.3(7) or 11.3(7)T or downgrading to either Cisco IOS Release 11.3(5) or 11.3(5)T. [CSCdk38752]
- After a user dials into a Cisco AS5200 access server, is passed to the TACACS+ server, and is authenticated, the access-list that is passed back to the router by the TACACS+ server is not applied to the async interface by the router. There is no workaround. [CSCdk39738]
- An SNMP memory leak has been observed when SNMP ping is enabled. [CSCdk40599]
- A Cisco 4700-M ROM monitor running traffic shaping with custom-queuing for Cisco IOS Release 11.2(10)P encountered caveat CSCdj71626. It was upgraded to 11.2(14)P, but traffic shaping with custom queueing dropped too may packets. Use the show interface serial 0 command to see this problem. The show buffers command does not indicate an increase in buffer_miss. [CSCdk41472]
- If a network management application were to add an entry in the ping MIB table, not activate it, and then delete it before the 5-minute timer went off to delete the entry in the MIB, the router could crash. [CSCdk41494]
- Outbound access lists may not be correctly applied when traffic is switched, using distributed fast switching (DFS), to the logical subinterface of a physical output interface. For more information, see http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml. [CSCdk43862]
- From the login prompt, it is possible to recover fragments of lines typed by the previous user of the same physical or virtual terminal line. This may represent a security exposure. A complete description and details are at http://www.cisco.com/warp/public/770/ioshist-pub.shtml. [CSCdk43920]
- RTR will not be able to connect to Mainframe, if the modem name is less than 8 characters. This bug fix fixes this problem. [CSCdk44323]
- Using the no traffic-shape group command causes the router to crash. [CSCdk53176]
- The autocommand ppp neg command now works properly for V.120 under VTYs. [CSCdk55115]
- Beginning with Cisco IOS Release 11.3(5.1)T, a reverse-Telnet connection that receives a Telnet BREAK sequence will fail to send an rs232 BREAK to the associated async line. An outgoing Telnet connection that receives a Telnet BREAK sequence will also fail to output a BREAK condition. [CSCdk57493]
- A Cisco AS5200 access server restarts with the following bus error in EXEC mode:
System was restarted by bus error at PC 0x22453682, address 0xD0D0D0D
- It is possible to crash the router while editing the command line under low memory conditions. [CSCdk33946]
- The APPN router may display a single conloser CP-CP session. This CP-CP session cannot be deactivated using the appn stop cp-cp command. As a workaround, stop the APPN link. [CSCdk10830]
- Under stress conditions, especially when links and sessions are being deactivated, a router running APPN may force a reload with lrp114() in the backtrace. [CSCdk18977]
- Under the following conditions, a TCP packet coming from the peer could get stuck in the TCP buffers of the router if DLSw is configured to use TCP as the transport:
- If there are no keepalives between the peers (like in an ISDN connection).
- If there is light traffic between the peers using the DLSw pipe.
- If a packet coming from the peer is 1 to 3 bytes in excess of the MSS (Maximum Segment Size) of the receiver.
- When this happens, the receiving TCP does not give the assembled packet to DLSw until another packet comes down the pipe.
- The workaround is to set the MAXDATA (MAX PIU) of the end node to be 16 bytes less than the MSS (considering 16 bytes of DLSw header). [CSCdk36264]
- Router crashes by bus error when data is first passed from an FELP to a Cisco 4700 series router configured for BSTUN.
Enter hex value: 0x606C23F4
0x606C23F4:bsc_discard_tx_pak(0x606c23a8)+0x4c
Enter hex value: 0x606C2F80
0x606C2F80:pass_to_frame_sequencer(0x606c2e34)+0x14c
Enter hex value: 0x606C327C
0x606C327C:bsc_frame_tx(0x606c30a8)+0x1d4
Enter hex value: 0x606C3394
0x606C3394:bsc_pass_lcb_network_handler(0x606c3364)+0x30
Enter hex value: 0x606D6F88
0x606D6F88:lcb_event_exec_protocol(0x606d6f0c)+0x7c
Enter hex value: 0x606D706C
0x606D706C:lcb_event_background(0x606d6fc0)+0xac
Enter hex value: 0x60224F48
0x60224F48:r4k_process_dispatch(0x60224f34)+0x14
Enter hex value: 0x60224F34
0x60224F34:r4k_process_dispatch(0x60224f34)+0x0
Enter hex value:
- The router crashes when BSC receives a frame through BSTUN while it is in the process of transmitting a frame on the BSC line. [CSCdk41016]
- When running BSC on a branch router connected to an NCR5085 cash machine, the input queue on the serial interface connected to an ATM XA machine may become wedged. This happens under unusual conditions if a corrupted acknowledgment is received from the ATM XA machine
- The show interface command will show the value of "input queue" to be 75/75. A workaround is to use the shutdown and no shutdown commands. Another workaround is to increase the interface input hold queue size by using the hold-queue 150 in command under the BSC interface. [CSCdk41218]
- This problem occurs when users try to access a nonexistent STUN group definition in the configuration. Use valid configurations to avoid this problem. [CSCdk43747]
- When switched PUs are activated and inactivated on the CMC host, and this activity brings the DLUR-DLUS pipe down, it is possible for the DLUR-DLUS pipe to hang in a pending inactive or pending active state. This is caused by an internal race condition in the ordering of deactivation messages as they reach the APPN DLUR component. [CSCdk44386]
- This problem occurs on a Cisco 2600 series router running Cisco IOS Release 11.3(5)T that is configured for BSTUN/Frame Relay. A portion of the Frame Relay configuration disappears and the encapsulation changes from Frame Relay to BSTUN when the show interface command is used. This causes the Frame Relay link to go down when the router is reloaded. There is no workaround. [CSCdk46217]
- A Cisco 4500 series router configured with a Token Ring LEC adds 6 extra bytes when fast switching routed protocol packets from a Token Ring LEC ATM interface to the packets target/output interface. Although this problem is known to occur with IP packets, it potentially exists for other routed protocols that are fast switched by a Token Ring-LANE interface and fast switched out to the packet's target/output interface. [CSCdk48387]
- A Cisco 4500 series router, configured with a Token Ring LEC, adds 6 extra bytes when fast switching routed protocol packets from a Token Ring LEC ATM interface to the packets target/output interface. Although this problem is known to occur with IP packets, it potentially exists for other routed protocols that are fast switched in by way of a Token Ring LANE interface and fast switched out to the packets target/output interface. [CSCdk48387]
- An APPN router may reload with a SegV exception in psp00 after the following message is displayed in a rare race condition.
%APPN-6-APPNSENDMSG: APPN Allocate 613D1F8C to NETA.MVS1 timed out for TP "001.
System was restarted by error - a SegV exception, PC 0x606AE270
- [CSCdk54077]
- An APPN router enlarges its LFSID table from a small model to a large model if greater than 12 SIDLS are active for a specific SIDH. The large LFSID table requires substantially more memory.
- The fix for this bug increases the number of entries in the small LFSID table to the maximum number of SIDLs that fit into this table. This requires no additional memory per link, but increases the number of SIDL supported in the small LFSID table. Thus, in customer networks that typically support 17 LUs/PU, the APPN router may use significantly less memory. [CSCdk54687]
- DLUR routers will incorrectly update the max-btu-size for links to Type 2.1 nodes. Caveat CSCdk23271 introduced the capability of setting the max-btu-size from the host MAXDATA parameter. [CSCdk55765]
- This problem concerns an APPN router attached to VTAM. CM/2 workstations defined as network nodes can connect to the router, but they are treated as LEN connections so that the router can generate dynamic CP names.
- When ILU on the CM/2 attempts to connect to VTAM, the BIND arrives at the router with an RSCV that terminates on the router. The router rejects the BIND because the resource is not local to the router.
- The workaround is to either remove the LEN connection statement from the router APPN port statement or reconfigure the CM/2 as an end node. [CSCdk59339]
- When your device is coded as a primary SDLC interface, you may get an erroneous frame causing the secondary device to send a FRMR. [CSCdj85213]
- Certain type of terminal adaptors (NEC, for example) may toggle control lines during the DTR pulsing. These line status changes will interrupt the port adaptor 8T/4T+ controller and cause a reset of the line by the IOS driver. Thus, the DTR pulse is shortened.
- The workaround is not to take care of line status change interrupts when pulsing DTR. [CSCdk11808]
- A Cisco 3600 series router does not work when connected to 10 Mbps full duplex equipment. Testing connectivity with a ping fails.
- Even though autonegotiation returns the correct peer status, the driver forces the link to 100 Mbps. [CSCdk20550]
- The line states of FEC members keep toggling. FECs that uses Fast Ethernet PAs in full-duplex mode need this fix. Caveat CSCdk20683 caused this problem. [CSCdk39936]
- The PA-A1 ATM adapter cannot transmit OAM cells. There is no workaround. IOS software images that incorporated the CSCdk44597 fix will not encounter this problem. [CSCdk44597]
- In some applications such as L2F, when ATM-lite tries to transmit a packet with multiple particles, some particles after the 3rd in the packet may not be 32-bit aligned. This will cause the ATM-lite's TX to stall. Using the shutdown and no shutdown commands will end the stall. The workaround is to run L2F in process switching mode.[CSCdk63173]
- After you use the no distance eigrp 255 255 command, the inaccessible routes may not be restored to the routing table. The workaround is to use the clear ip eigrp neighbors command on the interfaces of the affected routes. [CSCdk05172]
- A router running Cisco IOS Release 11.3(3) configured with a policy route map on a BRI interface may not forward packets to the next hop as specified in the set ip next-hop command. This occurs when the ip policy route-map name command is configured on a BRI interface and the destination exists in the IP cache table of the policy router.
- The workaround it to use the clear ip cache command or remove fast-switching by using the no ip route-cache. [CSCdk12537]
- Netbios over TCP/IP port 139 is not translated.[CSCdk26313]
- A router encounters the following console error messages during periods of high serial line use:
%SYS-3-CPUHOG: Task ran for 2672 msec (87/71), Process = IP Input
- [CSCdk26388]
- You may experience ping failures over SMDS encapsulation when running Cisco IOS Release 11.3 and fragmentation is required.
- This problem does not occur when using any other encapsulation.
- Workarounds include:
- Reducing the MTU of stations so that fragmenting does not occur.
- Turning off the route-cache on the SMDS interface.
- Using the service disable-ip-fast-frag command to disable fast switching of packets that require fragmentation. [CSCdk35548]
- DNS A RR responses fail through a NAT router. The debug ip nat command gives the following error:
NAT: translation failed (B), dropping packet s=<DNS-server> d=<DNS-client>
- DNS A RR responses will be dropped by NAT if the packet is going from NAT outside to NAT inside and the inside source mapping has an access-list, which permits any and the embedded IP address is an OUTSIDE GLOBAL address.
- This only happens in Cisco IOS Release 11.3(5)T and possibly later; 11.3(4) and 11.3(4)T are not affected. [CSCdk47222]
- DNS NS records that have glue records translated have the TTL of the glue records set to 0. The TTL of the NS record is not set to 0. Thus the DNS server will have a NS record for a DNS zone, but no glue records. The next time the DNS server needs to contact the remote DNS server, it will fail because it has a NS record cached but no IP address to reach it. [CSCdk61629]
- Static routes for 0.0.0.0 do not redistribute into other routing protocols.
- There is no workaround. [CSCdk62935]
- A Cisco router running Cisco IOS Release 11.1(12) crashes at hi_delete, hi_open and lattcp. [CSCdj38034]
- If two Cisco 7500 series routers are connected to many Ethernet interfaces with EIP interface processors and are running HSRP on many of these interfaces, the HSRP configuration may take an excessively long time (several minutes) to determine the active and standby routers after a router reloads. During this period of instability the CPU load on the router approaches 100%.
- The workaround is to replace the EIP interface processors with VIP interface processors and Ethernet port adapters.
- A less effective workaround is to reduce the number of HSRP groups, and/or to increase the HSRP hello and hold time.
- Cisco recommends that you have no more than 24 HSRP EIP interfaces or 80 HSRP VIP interfaces. [CSCdj29595]
- A problem can occur in a situation where two consoles are Telnetting to a host, which then routes the data to two routers: If both Telnet sessions use encryption and kerberos file security, then the second Telnet console may receive garbled characters. The commands entered in this session will take effect on the second router, but their output is illegible. [CSCdk19805]
- This bug resulted in multiple connection setup fixes and ESA memory leak fixes. The customer was using the connection setup in an extreme case where there were no routers on the other end, but the user attempted to encrypt to the other (phantom) side. This caused a number of problems in the connection setup code. [CSCdk23751]
- Sometimes the modemcap defined for a modem is not applied before the modem is allocated for a new call. [CSCdk24418]
- If two different encryption access lists have the same IP address as the lowest numbered IP address in the ACL sources and destinations, the access lists will be erroneously treated as the same encryption session. This will happen in only one of the two encryption sessions being used at any one time. The encryption session that is active may not work reliably. [CSCdk33027]
- A router will crash right after the user configures an S/T BRI interface for the 128k leased-line mode.
- There is no known workaround. [CSCdk34893]
- If a TCP keepalive timer is configured, the router may crash in random places in the TCP stack due to TCP control block corruption. [CSCdk40114]
- When the link(s) between redundant ATM ARP servers break(s), the ARP servers continue trying to contact each other to repopulate the ARP cache.
- Due to excessive signalling, the CPU load on the routers and ATM switches can rapidly reach 99%.
- The workaround is to use only one ARP server or to put them on very stable links. [CSCdk40947]
- There is a limitation of 25 crypto maps on any VIP. You may reach this limit when encrypting many serial lines on the VIP using a fractional T1 or E1 port adaptor. [CSCdk41708]
- In Cisco IOS Releases 11.2P and 11.3 when Fast Ethernet subinterfaces are configured for encryption, if the crypto map is only applied to the main interface and the IP address is configured in the subinterface, the packets could be switched in the clear. In Cisco IOS Release 12.0, enabling CEF could cause the packets to be dropped. [CSCdk46853]
- Packets larger than 1010 bytes will not be transmitted on the BRI interface of a Cisco 7200 series router when WFQ is enabled (default queuing).
- The workaround is to enable FIFO queuing on the interface. [CSCdk50099]
- When trying to configure a multipoint ATM-DXI interface, the router will only allow one ATM-DXI map statement per VPI. For example, if 2 ATM-DXI PVCs are defined on a multipoint interface (VPI/VCI 0/50 and 0/51), the router will only allow one ATM-DXI map command for VPI 0.
- The error "Address already in map" appears when the second map command is entered. [CSCdk51931]
- Packets received on a tunnel interface from a Token Ring interface of a Cisco 2500 or 4000 series router will be duplicated.
- The workaround is to disable fast switching on the outgoing interface of the decapsulated packet.
- The fix for this caveat was integrated into CSCdk23751. [CSCdk53803]
- ESA does not work with pregeneration. The only workaround is to disable pregeneration using the no crypto pregen-dh-pairs command. [CSCdk53807]
- HSRP uses an incorrect MAC address to refresh the CAM on a switch or the MAC cache on a learning bridge.
- This can cause loss of connectivity or possibly duplicate packets. [CSCdk54004]
- Routers running Cisco IOS Release 11.2 P have encountered memory allocation failure, even though the router has enough memory to run this image. This was due to SAP general request storms.
- If IPX Enhanced IGRP is configured, please refer to CSCdk44590 also. [CSCdj88812]
- When using IPX Enhanced IGRP incremental SAP updates (RSUP), the server tables between two or more Enhanced IGRP neighbors may become inconsistent. The problem usually occurs when there are multiple Enhanced IGRP neighbors or paths to a neighbor. When as few as three dozen servers go down at the same time, the routes to those servers remain up in the routing table. The "down" Flash update for some of the recently downed servers isn't being sent out on all interfaces, so some devices show the servers as being down and others do not.
- The workaround is to clear the IPX Enhanced IGRP neighbors on the unit that shows the servers are still accessible in the table. [CSCdk13645]
- A Cisco 2500 series router crashes while opening a X.25 VC for ipx/xns/vines/decnet protocols. The problems occurs when X.25 VC is opened between the Cisco 2500 series router and RSP routers.This happens if the debug x25 events command is configured.
- The workaround is to issue the no debug x25 events command. [CSCdk23276]
- IPXWAN does not work when a Cisco 4500 or 7200 series router is booted or reloaded with IPXWAN configured as the "master" of the IPXWAN link. (i.e. Its Local IPXWAN Node ID or IPX Internal Network Number is larger than that of the router at the other end of the WAN link.)
- You will see messages like these after IPXWAN debugging is enabled using debug ipx ipxwan:
00:06:45: IPXWAN: Rcv TIMER_REQ on Serial5/0/72000:0, NodeID 0, Seq 1
00:06:45: IPXWAN: Rcv TIMER_REQ NodeID 7500 as SLAVE asking for unnumbered on Serial5/0
00:07:05: IPXWAN: Rcv TIMER_REQ on Serial5/0/72000:0, NodeID 0, Seq 2
00:07:05: IPXWAN: Rcv TIMER_REQ NodeID 7500 as SLAVE asking for unnumbered on Serial5/0h
00:07:25: IPXWAN: Rcv TIMER_REQ on Serial5/0/72000:0, NodeID 0, Seq 0
00:07:25: IPXWAN: Rcv TIMER_REQ NodeID 7500 as SLAVE asking for unnumbered on Serial5/0
- The workaround is to issue the no ipx ipxwan and ipx ipxwan commands after the router is rebooted.
- An alternative is to create another pseudo IPXWAN interface that would allow IPXWAN to function after reloads; for example:
!
interface Loopback0
no ip address
no ip directed-broadcast
!
interface Tunnel0
no ip address
no ip directed-broadcast
ipx ipxwan 0 unnumbered dtp-11
tunnel source Loopback0
tunnel destination 1.2.3.4 !
- [CSCdk42896]
- A Cisco router gradually loses memory when running IPX Enhanced IGRP with ipx sap-incremental commands configured on its interface(s). The memory leak occurs when SAP general requests are received on the IPX interfaces with the ipx sap-incremental command configured. By default, ipx sap-incremental is ENABLED on non-LAN interfaces, which are configured for IPX Enhanced IGRP.
- This memory leak can be seen by using the show processes memory command and noting the growth of the "Holding" memory by the "IPX SAP In" process:
PID TTY Allocated Freed Holding Getbufs Retbufs Process
44 0 14265416 201472 8360984 21924 0 IPX SAP In
- Also, memory is being allocated to a large number of "IPX SAP PH," "IPX NDB PH," and "IPX USV" as shown by the show memory summary command.
- The workaround is to remove IPX SAP-incremental from the IPX interfaces using the no ipx sap-incremental eigrp command. [CSCdk44590]
- A router running Cisco IOS Releases 11.3 may crash with a bus error if the X.25 interface is congested and the PAD Virtual Circuit (VC) is cleared. [CSCdk51046]
- When using VTY asynchronous interfaces, a new connection may be closed immediately after being accepted on the VTY. [CSCdk51892]
- Configuring the debug ip tcp packet command will cause the router to crash if the show running-config or write terminal commands are issued. [CSCdk45442]
- Signalling or ATM SVC applications (such as LANE or static map) refuse to create an SVC because they think one still exists. This happens when any event generates a media_hw_reset() such as changing an MTU size or clearing the ATM interface.
- The workaround is to issue the shutdown and no shutdown commands to clear all state information at the signalling layer. [CSCdk26814]
- When SERVICE messages are exchanged with Cisco routers for ISDN PRI interfaces, if the B-channels are transitioned from the Out-of-service state to the In-service state, the B-channel count does not get updated. This can prevent the router from dialing out and accepting incoming voice/modem calls. The remote callers receive a fast busy signal.
- There is no workaround available. [CSCdk33096]
- Modems on the Cisco 3600 series routers have problems connecting on a B-channel. The modems do not trainup; hence, the calls get disconnected. [CSCdk36358]
- When packets are bridged while a VC is torn down, an incorrect VC value (zero) may be recorded in the bridge table entry. As a result, packets will be dropped. This happens because the VC value is set to zero before the sub-interface is brought down. The workaround is to remove the invalid bridge entry using the clear bridge command. [CSCdk39920]
- A Cisco 3810 router serving as a frame-relay switch does not change the status of the DLCI upon shutting down the interface. This gives incorrect status information to the connecting device. [CSCdk41027]
- Fast port adapters (FDDI, ATM, POSIP, etc.) on a VIP2 might see some performance degradation if the fast PA is on one bay and the other bay is empty. There is no workaround. [CSCdk41028]
- A router running Cisco IOS Release 11.3(5.2) with APPN and ATM configured may experienced software forced crashes with the following trace:
crashdump process_suspend process_may_suspend cbus_atm_sendcmd cbus_atm_teardown_vc atm_remove_vc atmsig_remove_vc
- [CSCdk41803]
- The AAA software has a memory leak. This leak occurs when AAA and Radius/TACAS+ are configured. This problem was discovered in Cisco IOS Release 11.3(5.1).
- The workaround is to use the aaa accounting update periodic minutes command at startup time. Set minutes to a large number to limit the number of periodic update accounting records. [CSCdk43196]
- The multilink max-links command does not work for L2F projected interfaces. This also applies to AAA user profiles that use the "max-links" TACACS+ attribute or Port-Limit and Ascend-Maximum-Channels RADIUS attributes. [CSCdk45216]
- A Cisco router may crash when the show dialer command is issued while calls are connecting and disconnecting. [CSCdk46575]
- A Cisco router may crash when running VPDN L2F sessions over ISDN with the following stackdump:
Enter hex value: 221B763A 22093530 2206C92C FFFFFFFF
0x221B763A:_getbuffer(0x22052d90+0x16487a)+0x30
0x22093530:_L2D_Srq_Task(0x22052d90+0x4049e)+0x302
0x2206C92C:_TaskBegin(0x22052d90+0x19b86)+0x16
0xFFFFFFFF:_etext(0x22052d90+0xa1ae78)+0xdd5923f7
Enter hex value: 221B763A 22093530 2206C92C FFFFFFFF
0x221B763A:_getbuffer(0x22052d90+0x16487a)+0x30
0x22093530:_L2D_Srq_Task(0x22052d90+0x4049e)+0x302
0x2206C92C:_TaskBegin(0x22052d90+0x19b86)+0x16
0xFFFFFFFF:_etext(0x22052d90+0xa1ae78)+0xdd5923f7
- [CSCdk46784]
- An attempt to switch an incoming call when all outgoing channels are in use causes a memory leak. [CSCdk47523]
- The user can not send a break signal to a device connected to the async port of a Cisco 2511 router through a pad connection. [CSCdk48335]
- The router may reload when exiting a PAD connection. The problem is introduced in Cisco IOS interim Release 11.3(6.3). [CSCdk51529]
- Autoselect functions on VTY lines are not supposed to work and should be disallowed.
- Under the line vty 0 4 command, use the autocommand command instead.
R1(config-line)#autocommand ?
LINE Appropriate EXEC command
- [CSCdk52583]
- A Cisco 1600 series router will crash or reboot when Multilink PPP is negotiated on a link. [CSCdk55436]
- A Cisco router using X.25 switching may reload when a call is switched to an XOT destination that is then cleared (when no Call Confirm was received). [CSCdk56005]
- A router running translated X.25 to virtual asynchronous connections (PPP/IPX) may reload. This occurs infrequently. [CSCdk63455]
- Enabling IP Multicast prevents LANE from populating multicast MAC addresses. As a result, IP routing protocols do not work properly on LANE interfaces. The workaround is to disable IP Multicast. [CSCdk64193]
This section describes possibly unexpected behavior by Releases 11.3(5) and 11.3(5)T. Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(5) and 11.3(5)T. For additional caveats applicable to Release 11.3(5) and 11.3(5)T, see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
Only serious caveats are described in these release notes. For the complete list of caveats against this release, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.
All the caveats listed in this section are resolved in Release 11.3(6).
- This problem is due to CSCdk03003. There is no workaround. [CSCdk25454]
- When the startup-config and private-config are synchronized to the slave RSP, a check to ensure that the private-config exists was overlooked. The verification of existing private-config has been added. [CSCdj89186]
- The new isdn timeout-signaling command has been added to flush the D channel if transmission of a signaling packet cannot be completed in 1 second. [CSCdk02803]
- When WRED is enabled on an interface, the mean queue depth quickly increases to a very large value. This stops the forwarding of all traffic over that interface. [CSCdk05063]
- The Lock and Key idle timer has been taking too long to timeout. It can take up to two times the configured duration to timeout. This happens if the dynamic entry is created by the Lock and Key feature that requires the user to telnet into the router. [CSCdk08868]
- If the total size of a Frame Relay compressed packet increases in the output queue, a buffer in an internal data structure can be misqueued and cause the router to crash. [CSCdk22991]
- Customers may experience data anomalies over SMDS when running IOS Release 11.1 or 11.2 and fragmentation is required. This problem does not occur when using any other encapsulation (for example, HDLC).
- The workarounds include:
- Reduce the MTU of stations so that fragmenting does not occur.
- Turn off route-cache on the SMDS interface.
- Use the service disable-ip-fast-frag command to disable fast switching of packets that require fragmentation. [CSCdk24779]
- The ability to use the DNIS phone number as the username was added in Cisco IOS Release 11.2 F. This ability was disabled in Cisco IOS Release 11.3(3)T by the use of named authorization method lists. [CSCdk25469]
- VIP can experience a watchdog timeout causing it to crash. This problem is caused by an interrupt thread in Cisco IOS's IPC subsystem accessing managed timers. [CSCdk31518]
- When the router is running low on memory and you issue a write memory or config network command, there is a chance that the NVRAM will be corrupted and the router will reboot.
- This problem can be avoided by first checking to see if there is enough memory to write the configuration. [CSCdk32125]
- Under noisy line conditions a giant packet followed by a runt packet on a serial line will cause a Cisco 2600 series router to crash or spurious accesses. [CSCdk33632]
- If the group-async configuration is used repeatedly, the router may crash because of a memory leak. A workaround is to limit group-async only once, or to reload the router each time group-async is used. [CSCdj48482]
- An APPN port may get stuck in a "stopping" state. [CSCdj82659]
- The show bsc command can crash the router. The show bsc command accesses a linked list of control unit blocks to print information. While the linked list is blocked for printing, another process removes a control unit from the linked list, causing show bsc to access an invalid memory location. [CSCdk12302]
- The DLUR router will wait indefinitely for a bind response to the bind request for its half of the DLUR/DLUS pipe (until the link is disconnected). It will not retry this DLUR connection until this bind response is received. The DLUR implementation is being updated to time out an allocate function pending for its DLUR/DLUS pipe session for over 30 seconds. [CSCdk12990]
- A problem occurs because of incorrect group numbers defined on the two BSTUN peers. The group numbers defined on the two peers need to match. As an example, if one peer has the following definition:
bstun protocol-group 3 bsc (passthru)
- then the other peer also needs to be defined for group 3 (passthru). [CSCdk22815]
- While running DLSw with FST encapsulation, the router might give the following error message along with traceback:
- 00:39:38: %SYS-2-INPUTQ: INPUTQ set, but no IDB, ptr=ADDD9C -Traceback= 148D3A 572A 4DF4 110064 17DAA2 17B0DA 14CC 10005B4 10047DA [CSCdk25935]
- When establishing DLSw TCP peers, the router may suffer a system restart. [CSCdk26442]
- DLUR router may reload or issue a spurious memory access in ndr_utils_fqpcid_from_header(). The problem usually occurs during heavy DLUR/DLUS pipe traffic followed by a pipe termination. [CSCdk26563]
- Configuring source-route translational bridging and DLSw to the same bridge group at the same time will result in traceback messages and ultimately may cause the router to restart. The problem can be prevented by disabling source-route translational bridging or by disabling the DLSw connection to the bridge group. [CSCdk28549]
- A router may reload if the Token Ring interface has SRB configured. Entering the no lnm rem command fixes the problem. This can happen if a router with SRB configured receives a frame with a longer RIF length than is supported.
- If the router receives a frame on its token ring interface that pertains to LNM, and the frame's RIF length is set greater than 7 hops, the router will reload. [CSCdk30604]
- An APPN router performing intermediate session routing may reload or issue a spurious memory access in transform_unbind_if_necessary() or extend_bind_request(). The problem is triggered by receipt of a non-DLUR unextended UNBIND or BIND, both of which are uncommon events. [CSCdk31450]
- An APPN router running Cisco IOS Release 11.3 may experience a small memory leak of 72-byte cells. [CSCdk32148]
- When using DSPU host/PU to concentrate many LUs, DSPU will send many unpaced NOTIFY frames when all downstream LUs are active and the host PU is restarted. DSPU LU status is upLuPendAvail (indicating NOTIFY has been sent but a response has not been received). VTAM display shows SLU inhibited (that is, NOTIFY has not been received at VTAM).
- The show dlsw circuit detail command indicates that the current send window is 0 on one end and the transmit window is 0 on the other end. This means that a ZWO (zero window operator) was received. [CSCdk33611]
- Under heavy load from APPN file transfer, packets can be queued between APPN and DLSw (using VDLC). Flow control from DLSw is not correctly propagated back to APPN. The resulting queue within CLS makes prioritization of APPN COS through DLSw irrelevant. [CSCdk34540]
- A Token Ring LEC configured for HSRP and multiring IP may respond to IP RIF packets received by the BUS, even though it is not the intended recipient of such packets. This inappropriate response happens when IP packets with a RIF are sourced by other LECs on a Token Ring ELAN and targetted to remote devices, which are one or more SRB hops away from the ELAN. The LEC fails to filter these packets, thereby causing IP looping problems in Token Ring LANE environments. This problem occurs on the Cisco 4700, 7200 and 7500, RSP7000 platforms. [CSCdk37560]
- The DLUR router may not be able to reestablish the DLUR/DLUS pipe sessions after the following "APPN Allocate timed out" message is displayed.
*Sep 29 22:28:00: %APPN-6-APPNSENDMSG: APPN Allocate 60E8BA14 to timed out for TP "006.
*Sep 29 22:28:00: %APPN-6-APPNSENDMSG: Ended DLUR connection with DLUS NETA.CPAC
*Sep 29 22:28:00: %APPN-7-MSALERT: Alert LU62004 issued with sense code 0x10010000 by XXXSMPUN
*Sep 29 22:28:00: %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.MVS2
*Sep 29 22:28:06: %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.CPAC
*Sep 29 22:28:06: %APPN-6-APPNSENDMSG: Connection attempt failed to DLUS NETA.CPAC
*Sep 29 22:28:12: %APPN-6-APPNSENDMSG: Starting DLUR connection with DLUS NETA.CPAC
- [CSCdk39176]
- A router crashes by a bus error when data is first passed from a FEP to a Cisco 4700 series router configured for BSTUN.
Enter hex value: 0x606C23F4 0x606C23F4:bsc_discard_tx_pak(0x606c23a8)+0x4c
Enter hex value: 0x606C2F80 0x606C2F80:pass_to_frame_sequencer(0x606c2e34)+0x14c
Enter hex value: 0x606C327C 0x606C327C:bsc_frame_tx(0x606c30a8)+0x1d4
Enter hex value: 0x606C3394 0x606C3394:bsc_pass_lcb_network_handler(0x606c3364)+0x30
Enter hex value: 0x606D6F88 0x606D6F88:lcb_event_exec_protocol(0x606d6f0c)+0x7c
Enter hex value: 0x606D706C 0x606D706C:lcb_event_background(0x606d6fc0)+0xac
Enter hex value: 0x60224F48 0x60224F48:r4k_process_dispatch(0x60224f34)+0x14
Enter hex value: 0x60224F34 0x60224F34:r4k_process_dispatch(0x60224f34)+0x0
Enter hex value:
- The router crashes when BSC receives a frame through BSTUN while it is in the process of transmitting a frame on the BSC line. [CSCdk41016]
- When a 100 Mb interface on a Cisco 3600 series router that is configured for ISL is modified, it causes carrier loses and ISL trunk flapping. [CSCdk01309]
- Traffic shaping fails on Frame Relay PVCs configured on E1 circuits when fast switching is enabled. Traffic is transmitted at line rate rather than capped at the configured CIR. Both generic and Frame Relay traffic shaping are affected. The workaround is to disable fast switching. [CSCdk09057]
- After a reboot, or cbus complex restart, there is a very small chance that one or more T1 lines in a CT3IP won't come back up properly. The following list provides a very specific set of symptoms for this failure:
- The line comes up at both ends, so all is well physically.
- No T1 alarms or performance monitoring errors are detected.
- The line protocol is down (assuming keepalives are enabled).
- The far end router counts large numbers of CRC errors in its relevant show interface counters.
- The near end router (for example, the relevant CT3IP interface) does not show any errors in its counters.
- The T1 number is 1-20. (T1s 21 through 28 are not affected by this problem.)
- Once in this state, you must enter a microcode reload command (or a router reload) to fix this problem. [CSCdk10762]
- Priority and custom queuing do not work on the following interfaces:
- 3600: PRI/cT1, PRI/cE1, mBRI; 4500: PRI/cT1, PRI/cE1 5200: T1/PRI, E1/PRI; 5300: T1/PRI, E1/PRI; 7200: mBRI
- There is no workaround. Packets on these interfaces are transmitted using FIFO queuing. [CSCdk16630]
- After a Cisco 7513 router with RSP4 boots Cisco IOS Release 11.1(18.1)CA with bridging enabled on the ATM interface (AIP), the router continuously reboots with bus errors. It also causes the router at the other end of the PVC to reload with a software forced crash. When bridging is removed from the ATM interface, the router stays up. Bridging on ATM works for Cisco IOS Release 11.1(14)CA but not for 11.1(18)CA.
- The system was restarted with the following error - a Software forced crash, PC 0x601ABE14 GS Software (RSP-JV-M), Version 11.1(18.1)CA, EARLY DEPLOYMENT MAINTENANCE INTERIM SOFTWARE Compiled Tue 07-Apr-98 04:58 by richardd Image text-base: 0x60010900, data-base: 0x60A64000
- Stack trace from system failure: FP: 0x60F61620, RA: 0x601ABE14 FP: 0x60F61620, RA: 0x601A9CA0 FP: 0x60F61638, RA: 0x60130EAC FP: 0x60F61660, RA: 0x601320F0 FP: 0x60F61698, RA: 0x6011AC98 FP: 0x60F616B8, RA: 0x6011ECC0 FP: 0x60F616F8, RA: 0x6011B048 FP: 0x60F61710, RA: 0x6013A7F8 [CSCdk18176]
- A Cisco 7505 router does not reply to an IP ARP packet on the 802.10 InterVLAN Bridge network. [CSCdk22012]
- The Token Ring does not filter forwarded DECnet multicast frames if permanent bridging entry and DECnet are configured. The router becomes very busy and appears to hang up. [CSCdk27418]
- A Cisco 4500 series router running Cisco IOS 11.3(4) configured for SRB may not remove IP frames from the Token Ring, causing IP frames to circulate around the ring until TTL expires. The problem is seen when two or more Cisco 4500s are configured for SRB on the same ring. [CSCdk31994]
- A Cisco 1600 series router running Cisco IOS 11.3(5.1) with Frame Relay encapsulation crashes in FRF.9 (Frame Relay compression). [CSCdk39102]
- CPU utilization stays at 87 percent due to the IP-RT background process. This problem happened on the Cisco 7000 series running Cisco IOS 11.1(15) or 11.2(8) This problem occurred when a static route was configured for a down or non-existent interface. The workaround is to remove the static route. [CSCdj54602]
- When PIM Dense Mode router is forwarding to a directly attached member and the member leaves the group, the router does not trigger a prune towards an upstream neighbor on a LAN. [CSCdk10293]
- Under certain topology, a multicast packet originated from a router may start a PIM Register loop between the DR and the RP. The loop should stop when the time-to-live count in the IP header reaches zero. There is no workaround. [CSCdk12033]
- A Cisco 7500 series router running Cisco IOS 11.1(18)CA may advertise an OSPF route for an interface that is in the state "interface up, line protocol down" upon boot up of the router or immediately after OSPF is configured on the interface for the first time. This behavior has been observed on VIP2 Ethernet and FastEthernet interfaces.
- The following conditions must exist to encounter this problem:
- 1. The router has just booted or OSPF is newly configured.
2. The interface must be in a state `interface up, line protocol down.'
3. The interface must be a VIP2 Ethernet or FastEthernet interface.
4. The interface is included under the OSPF process with the network ip address mask area area id command.
- The workaround is to configure a different IP address on the interface, remove the IP address and then reassign the original IP address to the interface. Using the shutdown and no shutdown commands does not correct the problem.
- If the line protocol down condition occurs because the cable has been removed, the problem can be avoided by configuring the interface to be administratively down. [CSCdk12915]
- A router running Cisco IOS Release 11.2(14) configured for OSPF may not install an external route into the routing table, even when the forwarding address in the external LSA is reachable.
- The workaround is to use a floating static or issue a clear ip route command on the router that lost the OSPF external route(s). Alternatively, a clear ip ospf redistribution command can be issued on the ASBR. [CSCdk17979]
- A router configured with the ip igmp static-group command may remove the command when an IGMP V1 client answers IGMP queries and subsequently quits answering IGMP queries. [CSCdk18477]
- DNS NS records that have glue records translated will have the time-to-live (TTL) value of the glue records set to 0. The TTL value of the NS record is not set to 0. Thus, the DNS server will have an NS record for a DNS zone, but no glue records. The next time the DNS server needs to contact the remote DNS server, it will fail because it has an NS record cached but no IP address to reach it. [CSCdk24050]
- Network Address Translation (NAT) stops working when the translation table times out. This happened on a Cisco 2600 router with the Cisco 2600-is-mz_113-3a_T1 image running NAT protocol. Reloading the router every 24 hours is the only way to resolve the problem. [CSCdk26867]
- RSVP implementation does not have SBM support; therefore, when an SBM client and a non-SBM IOS router are on the same network, reservations can flap. SBM is an extension to RSVP for functioning in IEEE 802-style networks. The only workaround is to turn off SBM in the network. [CSCdk28283]
- DVMRP prunes received over a point-to-point link other than a tunnel are silently ignored when they are sent to a unicast address. The workaround is to build a tunnel with the DVMRP neighbor. [CSCdk29300]
- Guaranteed service flowspec in RSVP RESV messages must contain certain fields within a certain range (as indicated by RFC 2212). This fix puts these checks in the code. [CSCdk30085]
- The following platforms may reload with a bus error or segv after using a show ip eigrp event, show ipx eigrp event, show appletalk eigrp event command, or after enabling Enhanced IGRP event logging: 1000, 2500, 2600, 3800, 4000, 5200, and 7000 (RP/SP). Other platforms, including the 3600, 4500, 4700, 5300, 7000 (RSP), 7200, 7500, 8500, and RSM may display the record as a spurious memory access.
- The Enhanced IGRP event log is invalid on all platforms.
- The workaround for this problem is not to display the event log nor enable Enhanced IGRP event-logging. Additionally, the event log can be disabled by performing the following commands in configuration mode:
IP
router eigrp <as> eigrp event-log-size 0
IPX
ipx router eigrp <as> event-log-size 0
Appletalk
appletalk eigrp event-log-size 0 [CSCdk33475]
- Under certain topologies, an unprotected list was overrun in the early stages of overall convergence. The list is now protected. [CSCdk05805]
- Fast switching of CLNS traffic with non-zero N-Selector does not work on all platforms that do not use the old MCI controller. [CSCdk36270]
- If fancy queuing (for example, fair-queue) is enabled along with the Compression Service Adapter (CSA), packets might not be forwarded correctly and may cause problems. [CSCdj64898]
- Packets will be discarded at the target router when the packets are generated from an interface with Inter-Switch Link (ISL) encapsulation on and with an EPA (Encryption Port Adapter) as the encryption engine. [CSCdj78146]
- This caveat is an encryption problem over port adapters PA-2CE1 or PA-2CT1 when they are installed on a VIP2 card. In ISDN mode, these PAs don't support distributed switching; therefore, encryption will not be supported. A workaround is to use a dialer to force encryption on the RSP instead of the VIP. There is a problem with this workaround where crypto will use the wrong crypto engine after the configuration is saved and the router get rebooted. [CSCdj85798]
- Encrypted TCP sessions pause when passing over an MPP bundle as soon as two or more members in the bundle become active. This behavior can only be observed when building a TCP session between hosts on the LAN interface of two routers connected via encrypted MPP. The workaround is to disable fast switching on the LANs. [CSCdj91142]
- On the Cisco 3640 router, a standby group in ISL may accidentally end up in Init state with no way of leaving that state except by using the shutdown and no shutdown commands on the interface. [CSCdk05333]
- When an ESA card is talking to a software-based encryption algorithm, the commands in the router with the ESA card will not take effect immediately. This appears to affect changes in the command mode as well. Workarounds for this are to reload the VIP microcode, reload all the microcode, or reload the router. [CSCdk06004]
- VIP crypto engine may not reload into a VIP after an OIR. This problem may occur with an OIR of any Interface Processor on the router. The only workaround is to do a microcode reload. [CSCdk12532]
- When switching from the software engine to the hardware engine (only the Pending state), back to the software engine, and then applying the crypto map, all the packets do not get encrypted/decrypted. [CSCdk16022]
- A VIP Token Ring interface does not encrypt or decrypt IP packets containing a routing information field (RIF), even though the initial crypto connection setup with the remote router is successful. Encryption and decryption for Token Ring IP packets without a RIF continue to function normally. [CSCdk18888]
- For RSM, there is no way to use NLSP routing on multiple IPX networks on one VLAN interface. NLSP on multiple networks on one interface requires subinterfaces of the main interface, and subinterfaces are not allowed for RSM VLAN interfaces. [CSCdk29530]
- When the router generates sufficient network traffic to saturate a serial interface on an M4T or M8T adapter, it can deplete packet memory. The only way to recovery the memory is to reload the router. [CSCdk34128]
- After 32767 encryption connection setup attempts, encryption connection setups may not be completed. The workaround is to reload the router. [CSCdk34968]
- If an interface is configured for both "nat outside" and crypto, all incoming packets targeted at the router are forced to the crypto engine, regardless of whether or not they are (or should be) encrypted. All non-encrypted packets are then dropped by the crypto engine. [CSCdk39728]
- The connection is null when we get to pt_manage_vtyasync(). This could be because of the connection being closed immediately after setup for unknown reasons. As a solution, check for connection before using it. [CSCdj84852]
- X.25 to TCP translation causes the router to crash upon using the write memory or write terminal commands in the following situation: translation done with an autocommand telnet optioned to eliminate echo seen on the TCP side. The command in the test case is: translate x25 1234567891 pvc 4 autocommand "telnet 208.201.66.31 9000 /noecho. [CSCdk30862]
- IP-directed broadcast packets received on an unnumbered ISDN interface are not forwarded.
- Possible workarounds are to configure an IP address for that interface or configure a helper address on the interface. [CSCdk15270]
- OIR caused problems when a VIP continued transmitting packets to the interface undergoing the OIR by way of distributed fast switching. One of the symptoms of this problem is a VIP's CPU load staying around 99 percent. Only a system reload or micro reload will clear the problem.
- The cache invalidations routine has been changed to ensure that routes for an OIRed interface are removed before switching resumes. [CSCdj35436]
- A Cisco AS5200 access server with a PRI connected to a 4ESS switch will be unable to place outgoing calls with one of the modems in the router. This problem applies to modem (voice) calls only. Outgoing ISDN (data) calls are not impacted. There is no workaround for this problem. [CSCdj61651]
- There is no facility to query the router and obtain the ISDN Layer 2 status of PRI lines. When the Layer 2 ISDN signaling goes down (Q.931), the ISDN circuit is effectively DOWN. However, Cisco IOS software only indicates the problem when you issue show commands. The current monitoring method does not scale effectively. [CSCdj71705]
- In a configuration with generic traffic shaping enabled on an interface with only data PVCs defined, if you then reconfigure the interface to add voice PVCs, use Frame Relay traffic shaping, and then delete the generic traffic-shaping configuration; the system will generate a CPU-exception, FORCE_CRASH(8c00e4), followed by a software-forced reload when traffic begins to flow on the voice PVC.
- The workaround is to completely unconfigure the interface before adding the voice PVC configuration with traffic shaping.
- The traffic-shape rate bit-rate [burst-size [excess-burst-size]] command should not be used in the same configuration as the frame-relay traffic-shaping command. They are mutually exclusive and will cause problems if used together. The preferred command for Frame Relay operation is the frame-relay traffic-shaping command. [CSCdj76205]
- The race condition existing in the current SSCOP code can sometimes lead to a system failure. The workaround is to disable the SSCOP quick polling scheme. The fix for this problem will be made available in all the Cisco IOS Releases. [CSCdj93988]
- The input queue counter on an ATM interface may become negative. The workaround is to specify the process switching. [CSCdk01302]
- A Cisco AS5300 access server may, under certain circumstances, reject incoming ISDN calls with CALL_INCOMING: MODEM ERROR FE. The workaround is to use the shutdown and no shutdown commands on the controller T1. [CSCdk02064]
- LANE and IRB don't work together in RSP platforms. [CSCdk04789]
- A physical connection under a PPP Multilink bundle will stay connected forever, even after its dialer idle timer expired. If a dynamic dialer map is created for this call on the receiving end this dynamic map will also stay up until eternity, due to this everlasting connection.
- This problem happens if PPP Multilink is deconfigured from a dialer interface in the presence of some connected physical interfaces beneath it.
- This defect affects all Cisco IOS Releases prior to 11.3(5.1).
- The workaround is to avoid unconfiguring PPP Multilink while some connections are still up or clear all connections before unconfiguring.
- This problem affects devtest more than customers due to the conditions under which it happens. [CSCdk14624]
- The isdn not-end-to-end {56 | 64} interface command, which existed for BRI, has now been implemented for PRI. It overrides the speed that the network reports it will use for calls that are not ISDN from end-to-end. [CSCdk15420]
- A coding error in ISDN combined with DT's NET3 switch sends out an invalid AOC IE. [CSCdk16699]
- A router may hang while using the BRI for semipermanent connections. No workaround is known at this time. [CSCdk19800]
- The show cmns command is no longer available for Cisco IOS Release 11.3. [CSCdk22864]
- A possible restart can occur when running L2F and data is being fastswitched. This is due to the closing of an IP socket when either the NAS address changes from the HGW perspective or a tunnel closes. This problem has yet to occur. [CSCdk23730]
- When hot swapping is performed (EOIR) from one type of ATM card to another, the show lane may display incorrect LANE information. This does not affect the LANE connectivity. [CSCdk25825]
- In heavy traffic conditions characterized by frequent connections and disconnections, a router running Cisco IOS Release 11.3(2) and later with XOT implemented may reload with a bus error. [CSCdk27231]
- The backup delay command has changed such that the value 0 is no longer a valid entry. This change is non-standard command usage. [CSCdk27715]
- Voice over IP calls will cause the router to reload if PPP Multilink is enabled on the BRI interface. The workaround is to force UDP checksum on the dial peer, or remove PPP Multilink. [CSCdk27818]
- A router would crash if a configuration table being manipulated by the CLI was deleted by way of SNMP. The fix makes it impossible to delete a configuration table (with SNMP) currently in use by the CLI. [CSCdk30718]
- Clearing an L2F tunnel from the command live by using the clear vpdn tunnel command will not drop the interfaces within the tunnel. Any attempt to clear the interface will cause a restart. [CSCdk33038]
- When the service messages are exchanged with the routers for ISDN PRI interfaces, the B-channel count does not get updated if the B-channels are transitioned from the Out-of-service state to the In-service state . This problem can prevent the router from dialing out and accepting incoming voice/modem calls. The remote callers get fast busy.
- There is no workaround available. [CSCdk33096]
- Parameter 18 accepts a value of 13, but this results in the loss of the first character when in command mode. [CSCdk33221]
- Memory for crash context is freed when a VIP is pulled, but an IF condition prevents it from being reallocated if late a card is inserted. [CSCdk35821]
- Modems on the Cisco 3600 series routers have problems connecting on a B-channel. The modems do not trainup and hence the calls get disconnected. [CSCdk36358]
- Fast port adapters (FDDI, ATM, POSIP, FE) on VIP2 might see some performance degradation if the fast PA is on one bay and the other bay of VIP2 is empty. The following releases are affected: 11.1(20.1)CA, 11.1(20.1)CC, 11.3(5.1). [CSCdk41028]
- A router running Cisco IOS Release 11.3(5.2) with APPN and ATM configured may experienced software forced crashes with the following trace:
- crashdump process_suspend process_may_suspend cbus_atm_sendcmd cbus_atm_teardown_vc atm_remove_vc atmsig_remove_vc [CSCdk41803]
This section describes possibly unexpected behavior by Releases 11.3(4) and 11.3(4)T. Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(4) and 11.3(4)T. For additional caveats applicable to Release 11.3(4) and 11.3(4)T, see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
Only serious caveats are described in these release notes. For the complete list of caveats against this release, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.
All the caveats listed in this section are resolved in Release 11.3(5).
- A regression of CSCdj88079 (which is a regression of CSCdj63179) occurs as a result of turning the hardware PPP mode on.
- This regression leads to a situation in the RX interrupt of the asynchronous driver where it assumes that if PPPMODE is set, the appp_context must be allocated and the router crashes. [CSCdk04165]
- ipRouteIfIndex returns an illegal value of zero. [CSCdj52228]
- There is a problem concerning the MTU size of interfaces using ESA service: Currently the ESA will support maximal packet size up to 16K bytes. All the interfaces that use ESA service should configure its MTU to be no larger than 16K (16384) bytes. [CSCdj84652]
- After a reload or power-cycle, the BRI interface will be in down/down state, with all ISDN layers deactivated. The only way to bring it up is to issue the shut then no shut commands on the interface. This can be problematic at sites where access to the router is over ISDN. This problem is specific to the Cisco 1000 and Cisco 1600 routers. [CSCdj88234]
- Changing encapsulations on a PRI interface while there are users connected could cause the router to reload. The workaround is shut down the PRI interface first, then change the encapsulation. [CSCdk08985]
- NTP will not synchronize. This problem occurs only in Cisco IOS Releases 11.3. Currently there is no workaround. [CSCdk11847]
- In an RSP system, it is possible to get a software-forced crash due to redzone corruption if the following is configured on the router:
- HSA and large configurations
- Configuration compression and large configurations
- HSA and configuration compression and large configurations
- The configuration file is the default size of boot buffersize (~126K bytes). The workaround for this problem is to make boot buffersize in the configuration at least 100K bytes larger to allow room for configuration changes. [CSCdk14608]
- A router might use the IP Loose Source Routing (LSR) option when doing a traceroute to find a path. This eliminates the "phantom path" problem caused by multiple, equal cost paths in a network.
- As an example, suppose you are doing traceroute from routers A--B--C--D. In this scenario, TTL 1 will send a packet without an LSR option. You will receive a TTL expire message from B. TTL 2 will put B in LSR IP option to force the packet to go through B. You will receive a TTL expire message from C. TTL 3 will put C in LSR to force the packet to go through C.
- If the IP source routing option is disabled in an intermediate hop, you cannot use LSR from that point on. If a traceroute packet times out three times for a TTL, the router will stop sending traceroute packets for TTL greater than that TTL; that is, the path will stop at that point. [CSCdk16892]
- The srb spanning tree ibm function on Token Ring and TR-LANE are broken. All the TR-LANE are in forwarding, creating loops. [CSCdj91836]
- On a Cisco 7513 router configured with DSPU RSRB, new connections are being refused by the router. The only way to resolve it is to uninstall all DSPU commands and reconfigure them. [CSCdj93572]
- An APPN router may reload during an intermittent race condition of activating a CP-CP session and cleaning up this session. One of the following backtraces may be displayed:
60685F58[pspost+0x1f8] 60687718[ptp06a+0x218] 60684388[psp01b+0x48] 606838F0[psp00+0x150]
- or
#0 memcmp #1 0x606af860 in ptp06a #2 0x606ac668 in psp01b #3 0x606abc00 in psp00
- [CSCdk00603]
- If a dependent-PU/LU device sends an init-self and the resulting bind has Uservar-changed plu-name, DLUR should change the bind PLU-name to the name originally specified in the init-self before forwarding the bind to the device. Some devices check the PLU-name in the bind, and reject it if it is different than the one specified in the init-self. [CSCdk02330]
- The APPN router should attempt to activate the conwinner cp-cp session more than three times. If the CP-CP session cannot be activated (for reasons such as insufficient resources or a non-responsive adjacent node), then the router should attempt this CP-CP session activation after the situation has had a chance to recover. [CSCdk06411]
- Byte 1 of the FID2 header is reserved and consequently, the router does not set (or clear it). If this value is set to 0xC0, then it causes the attached Tandem host to issue unbind 0831.
- In addition, an intermediate APPN NN (not running DLUR) is not properly preserving the pacing values from the upstream in the adaptively paced bind. Later when this bind is converted to fixed pacing by a downstream node, the proper fixed pacing values are no longer there. [CSCdk09759]
- When configuring encapsulation bstun on an interface, followed by bstun group x, the router will reload. This problem has been found in Cisco IOS Release 11.3(3a).
- Since BSTUN is not supported on a Cisco 7500 router, there is no need to configure bstun on it. The workaround is do not configure BSTUN on a cisco 7500. [CSCdk10219]
- In 11.3 T images, CDP packets are not handled correctly by TR-LANE. This problem results in an ATM interface input queue wedge on the Cisco 4500 routers when CDP packets are processed by a Token Ring LEC. The problem is not restricted to the Cisco 4500 routers; it also exists on Cisco 7200 and 7500 routers where they put out a traceback message for every CDP packet received via TR-LANE. After an ATM interface is wedged, it can no longer forward traffic. The only way it can be recovered is by doing a router reload. CDP on the routers is enabled by default. [CSCdk11016]
- There is a minor bug that displays an annoying warning message. This bug doesn't affect STUN functionality. [CSCdk11028]
- A fix to a problem experienced by various customers attempts to reduce the number of copies of search_data during a broadcast search. [CSCdk11143]
- A Token Ring LEC on a Cisco 4500 router forwards all source-route bridged Specifically Routed frames onto the multicast send VC, instead of the data direct VC. [CSCdk11744]
- The show bsc command crashes a router. This crash happens when control units are being removed by the router based on host or end device activity. The show bsc command accesses a linked list of control unit blocks to print information. While it is blocked for printing, some other process removes a control unit from the linked list, causing the show bsc routine to access an invalid memory location. [CSCdk12302]
- DLSw running in a border peer environment may impact other fastswitched traffic through the router. A DLSw router being either a border or member peer creates a temporary peer structure to store reachability information. While creating or deleting this temporary peer information, the router did not fastswitch packets. [CSCdk12609]
- A router may crash due to a corrupted buffer. The following messages have been observed. The corruption is introduced as part of CSCdk10686.
%SYS-2-FREEBAD: Attempted to free memory at 4040403C, not part of buffer pool %SYS-3-BADMAGIC: Corrupt block at 6139E6A4 (magic 40404040) %SYS-6-MTRACE: mallocfree: addr, pc
%SYS-6-BLKINFO: Corrupted magic value in in-use block blk 6139E6A4, words 1077952576, alloc 40404040, Free, dealloc 40404040, rfcnt 40404040 May 27 11:54:28.390: %SYS-6-MEMDUMP: 0x6139E694: 0x40404040 0x40404040 0x40404040 0x40404040 May 27 11:54:28.390:
%SYS-6-MEMDUMP: 0x6139E6A4: 0x40404040 0x40404040 0x40404040 0x40404040 May 27 11:54:28.390:
%SYS-6-MEMDUMP: 0x6139E6B4: 0x40404040 0x40404040 0x40404040 0x40404040 May 27 11:54:28.390:
%SYS-6-MEMDUMP: 0x6139E6C4: 0x40404040 0x40404040 0x0 0x40404040
- [CSCdk12921]
- When using NetView 3.1 or greater, the DLUR router may display the following message repeatedly when a runcmd is issued to a DLUR router configured with NSP over DLUR. To workaround this problem, do not use NSP over DLUR.
%APPN-7-APPNETERROR: MSP04-bAuUEcKTSepupA TRIED TO SEND TO THIS NODE FOR bAuUEcKcbDe %APPN-7-APPNETERROR: MSP08-MDS_MU RCVD WITH ERROR
%APPN-7-APPNETERROR: 008B13100038131119810801E2C1F5D5C5E30902D4D3E5F0F5F0C1060323F0F1
%APPN-7-APPNETERROR: F516820801E2C1F5D5C5E30602E3E2C4E5060323F0F1F4059000800000331549 %APPN-7-APPNETERROR: 16010A01E2C1F5D5C5E340400A02C3D5D4F0F14040400A0423F0F1F540404040 %APPN-7-APPNETERROR: 0F020000001200620602083B3200E9001C1212001880610C060A50C3D6D5E2D6 %APPN-7-APPNETERROR: D3C5400831E2C840E5C5D9
%APPN-7-APPNETERROR: MSP08-SENSE_CODE=0x8A80009
%APPN-7-APPNETERROR: MSP08: SENSE_DATA= 0x8A80009
%APPN-7-MSALERT: Alert CPMS002 issued with sense code 0x8A80009 by XXXMSP04
- [CSCdk19424]
- A DLSw backup peer is not reconnected to its backup peer after a link failure if the primary peer is still unreachable. [CSCdk21561]
- With thousands of CLS sessions, an inordinate amount of CPU is consumed. This patch will remove the erroneous loop through all CEPs for each CLS message. [CSCdk24769]
- The APPN router may reload with the following backtrace when bind queuing occurs:
[_doprnt(0x6016e53c)+0xc0] [appn_sendmessage(0x60893e68)+0x3c] [asm_send_mu(0x60828140)+0x220] [asm_mainline(0x6082916c)+0x828] [pc_entry(0x6082a088)+0x46c] [xxxpcasm(0x6082a034)+0x3c
- [CSCdk25652]
- When using a KG-194 cryptographic device, the quad-port serial card puts out the DTR+ leg but not the DTR- leg. The workaround is to use the NP-2T. [CSCdj07752]
- XNS over LANE doesn't work in fastswitching mode on the Cisco 7200 series routers. The workaround is to use process switching. [CSCdj94063]
- The SMF was not updated on FDDI because all software IDBs were not referred to during the SMF update process in the driver. This failed update resulted in BPDUs not reaching the remote station, thereby making both stations the roots of the spanning tree. [CSCdj95431]
- This bug caused dome Frame Relay packets to be inappropriately compressed. Manifestation varied widely—in some cases you would see NLSP neighbors flapping; in other cases you might see LMI messages misdelivered.
- This caveat affects those platforms where a mixture of compressed and uncompressed Frame Relay interfaces, subinterfaces, or DLCIs are in use. If all Frame Relay links on a box are either compressed or uncompressed, this bug should not appear. [CSCdk05157]
- On a VIP/ATM lite port adapter interface, when using distributed switching between an aal5nlpid type VC and other type VC (for example, aal5snap), the ATM lite port adapter gets into the output stuck state. [CSCdk06744]
- A Cisco 7200 router running Cisco IOS Release 11.2(13)P1 cannot handle a small packet—less than 46 bytes for IP datagram size at fastswitch mode IRB. If you set the no ip route-cache command on the BVI interface, the router will work fine with any data length. [CSCdk08386]
- There is a problem that causes translational bridging between any media and SMDS to fail on Cisco 7200 and Cisco 3600 platforms. The affected releases are Releases 11.1 CA, 11.2 P, 11.3, and 11.3 T. [CSCdk08922]
- Some packets that are near a link's MTU size could be erroneously rejected. This caveat applies to HDLC, Frame Relay, and LAPB Stac-compressed links, and it has slightly different symptoms on each of these encapsulations. [CSCdk12078]
- On Cisco 3600 or Cisco 2600 routers, using the serial WIC interfaces in SDLC half-duplex mode with a T2.1 device may cause the log on screen not to appear. The following serial WIC modules exhibit this behavior: WIC-1T on Cisco 3600 or Cisco 2600 routers, WIC-2T on Cisco 2600 routers, and WIC-2A/S on Cisco 2600 routers.
- Configuring both the T2.1 and router SDLC interface in full duplex mode works successfully.
- One symptom of this screen problem is that the CTS line (with the serial WIC interface in DCE mode) or the RTS line (with the serial WIC interface in DTE mode) will incorrectly be initialized high and the output of the show interface command will show that the line is "up." [CSCdk12242]
- When a PA-FE-FX port on a Cisco 7500 router is administratively shut down, it does not drop link light. If the port is part of a fast Ether channel, the remote device has no way to detect that the port is shut down. This could lead to the loss of data. [CSCdk20683]
- A Cisco 7505 router does not reply to IP ARP packets on the 802.10 InterVLAN Bridge network. [CSCdk22012]
- A routing table entry of an interface configured with a supernet address doesn't get removed from the routing table when the interface goes down. A workaround is to manually clear the routing table by issuing the clear ip route * command. [CSCdk00551]
- A (*,G) entry with 0.0.0.0 as the RP needs to install the RP information when a new RP is learned. [CSCdk03894]
- Slow BGP convergence has been observed with EBGP peer-groups in Cisco IOS Release 11.1(19)CC1. As a workaround, you are advised to configure the following command for EBGP peer-groups using the 11.1(19)CC1 image:
router bgp xxxx neighbor <ebgp-peergroup-name> advertisement-interval 6 end
- [CSCdk14030]
- Enhanced IGRP does not trigger the selection of a new route when one of its less good or equal paths is removed from the route. The route disappears, but no new route is selected from the topology table. [CSCdk14241]
- On a particle platform, (for example, a Cisco 7200 router), when NAT is configured on a non-fastswitching interface, a packet translated by NAT in the fast path may generate alignment error messages if it is bumped for process switching. [CSCdk14834]
- There are rare cases of network NSAP numbering that, when ISO-IGRP removes redistribution dummy adjacencies, corrupts the adjacency table. [CSCdj91837]
- Configuring a routing protocol (such as router igrp 102) and a range of IP addresses followed rapidly by removing the routing protocol may cause a reload, depending on the exact timing. This is never seen at normal typing speed. It may be seen sometimes after a cut and paste operation using a Telnet window or a configuration file load over the network.
- A workaround is to avoid adding and deleting the same routing protocol in the same configuration sequence. [CSCdk02932]
- If an external route is known to ISIS by multiple, optimal paths and one or more backup paths, the backup path information may be lost temporarily under certain circumstances. When this happens, the route may appear to be unreachable for a period of time.
- Specifically, this problem can happen when the external route is known using the backup path, then becomes known using multiple optimal paths at about the same time, followed later by the loss of the optimal paths. The problem disappears when an SPF is run for any reason.
- A workaround is to force an immediate SPF on the router (for example, by doing a shut command followed by a no shut command on a loopback interface running ISIS). This workaround can be done on any router in the same area. [CSCdk05616]
- A protocol violation was created by the router for sending polls while there was an outstanding poll.
- If the router attempted to find out how many frames the remote station has received, it would send a poll but the poll response may be for previous polls. Thus, it caused the internal counter to be adjusted incorrectly and would reject future received valid frames. A more technical description follows:
- The routing has sent an I-frame with the p-bit on when the remote end goes into busy by sending RNR and recovers from busy by sending RR. If this RR has N(R) not equal to the internal V(S), the router would attempt to adjust the internal V(S) by sending an RR poll and go into AWAIT state.
- However, according to IBM specification, RR poll would not be sent because there is an outstanding poll. And according to IEEE 802.2, no RR poll would be sent if the remote recovered from busy with RR.
- As a result, the poll response may be for a previous poll, thus V(S) may be adjusted to an incorrect number. When the actual poll response is received, it will send a FRMR because N(R) is invalid and the session will drop.
- The adjustment of V(S) is unnecessary. It should continue as normal if the remote end recovers from busy by sending RR. The change made in the LLC2 code is to bring it into agreement with the 802.2 Logical Link Control specification for processing of RR when the congested flag is set; that is, do not enter AWAIT state. [CSCdk05957]
- Retransmitted frames are truncated by an APPN router using RSRB. This problem affects anyone using LLC over RSRB ports. [CSCdk07546]
- LLC doesn't work over PPP over ISDN. APPN over ISDN fails to start the link station. The workaround is to use APPN over RSRB. This change will fix the problem. [CSCdk10208]
- A problem is caused by an invalid I-frame with unsolicited f-bit. LLC2 drops the frame but picks up the new sequence number N(R). Retransmission according to the new sequence number results in packet content out of sequence and the APPN session fails. [CSCdk13959]
- The counter for the ESA commands is a signed variable that rather than wrapping around, becomes a negative number. Since that is not a valid counter value, the commands stopped working and the connection setup stopped authenticating properly. [CSCdj74027]
- An OIR event on a Cisco 7500 router with a VIP2 PA-4T card causes a failure in encryption requiring a reload of the router to correct the problem. An OIR event on an IP card on the RSP will remove all VIP crypto engines. An OIR on a VIP will behave correctly unless you have multiple VIP crypto engines. The workaround is to do a mic reload, which would bring the VIP crypto engine back. [CSCdj92814]
- The 4T serial ports on a Cisco 7200 router or RSP may cause a crash during normal operation. If the stack decode shows that the crash is caused in the s4t receive interrupt, then it is related to this bug. There is no workaround for this problem. The only solution is to upgrade to a system image that has the fix for this problem. [CSCdj94968]
- When running NAT and encryption, FTP fails, but Telnet and ping work. It seems that the TCP checksum is not calculated correctly. Removing NAT or encryption resolves the problem.
- For performance reason, decryption is not done until the packets are switched to the output interface. This caused the problem with the Cisco IOS NAT, since NAT may need to do the payload translation for certain protocols. Some examples of the protocols affected by this problem are FTP and NetBIOS. [CSCdk03906]
- If a BRI interface is part of a rotary group, and if a crypto map is applied to both the dialer and BRI, and if the crypto map is then removed from one of the interfaces, the system may reload. [CSCdk04970]
- When ten or more standby groups are configured before any IP addresses are configured, the router reloads. [CSCdk11206]
- A router running any Cisco IOS Release 11.3 or 11.3 T image using two-step protocol translation with virtual templates will leak virtual-access interfaces. The workaround is to use legacy VTY-ASYNC (two-step protocol translation without virtual templates). [CSCdk11383]
- Attempting to send an IP packet larger than 1488 bytes to a destination that is directly connected to an RSM and uses non-ARPA encapsulation will produce a "%LINK-3-TOOBIG: Interface Vlan200, Output packet size of 1534 bytes too big" error, and the packet will be dropped.
- There is no workaround if the destination does not support ARPA encapsulation. If the destination supports both non-ARPA and ARPA encapsulations, a workaround is to configure a static ARP entry with ARPA encapsulation for the destination. [CSCdk12045]
- This bug causes the IP cache entries pointing toward subinterfaces to not be deleted when the subinterface goes down. The workaround is to clear the IP cache.
- This bug was introduced by CSCdi73935 and is present in Cisco IOS Releases 11.3 (3) and 11.3(3) T and later releases. [CSCdk12731]
- Once a connection is set up with the hardware engine, switching to the software engine displays an error saying the HMA handle couldn't be found. [CSCdk22184]
- LAT to TCP protocol translation does not work on RSM. When a LAT to TCP session is initiated, the RSM issues this error:
LAT: Interface Vlan99, Bad packet received from host 0000.0000.0000
- There is no workaround. [CSCdk22386]
- If your RSM configuration contains DMA-channel VLAN configuration commands, the txlimits may be set incorrectly causing frames to be dropped or ignored at high traffic rates. The workaround to this is to remove the DMA-channel commands from your configuration, reboot your RSM, then reenter the DMA-channel commands, if you really need them.
- Each time the RSM is reloaded you must repeat this step. This problemwill be fixed in a future release of software. [CSCdk22555]
- IPX has a memory leak that can cause the interface input buffers to fill and not accept any new packets. [CSCdk11035]
- IPX distribute-list does not work. This problem was first found in Cisco IOS Release 11.3(3.5).
- The workaround is to use a previous software version. [CSCdk12591]
- When trying to use secondary Novell encapsulations on a BVI interface, only packets with the primary encapsulation are accepted. The debug ipx packet command shows us that packets from a station that uses one of the secondary encapsulations are received, but marked as bad packets and dropped. [CSCdk18456]
- If an IPX RIP request packet is not replied to by the router, it will stay in the input queue and not be released. Accumulated packets could cause the input queue to fill causing severe problems for all protocols.
- The RIP request will not be answered if the following are true:
- The requested network is not in the table and no default route exists;
- The requested network is denied using an output filter;
- The requested network is split horizoned (the network was learned on the same interface that the request came in on). [CSCdk19752]
- Fastswitching of IPX and IP packets from async PPP to tunnels does not work.
- The workaround is to disable IPX fastswitching on tunnel interfaces with the no ipx route-cache command. Disable IP fastswitching on tunnel interfaces with no ip route-cache command. [CSCdk21562]
- A suspected memory leak in the PoolManager may result in a router running out of memory and a reboot required to recover the retained and holding memory. This problem was first observed in Cisco IOS Release 11.2(13)P1. [CSCdk12876]
- In Release 11.1 and earlier versions of software, network authorization is not done for outbound calls. However, in Cisco IOS Release 11.2, if the router is placing an outbound multilink call, network authorization will occur and may cause calls to fail.
- The workaround is to disable ppp multilink or back down to Cisco IOS Release 11.1. [CSCdj10456]
- When there are open channels on a PRI for a Cisco 5200 router running Release 11.3(1), some incoming voice calls will be rejected with an "ISDN No free channels: CALL_INCOMING, Voice: ERROR" message. This problem apparently occurs with incoming ISDN voice calls only. [CSCdj77099]
- Dialer backup interface may attempt to dial out when bridging, even when in standby mode. [CSCdj84834]
- DNS and NBNS information is not passed to a WIN95 dial-up networking PPP connection. No workaround is currently available. [CSCdj87472]
- If a cable that connects the router and a Frame Relay switch is unplugged and then plugged in immediately, the router releases all Frame Relay SVCs, but it will not accept any more SVC requests. There is no workaround. [CSCdk00577]
- Trying to pass a PPP packet that is larger than 1524 bytes through a serial interface that has an MTU greater than 1524 results in "LINK-3-TOOBIG" error. The reason for the failure is the maximum encapsulation size has statically been set to 1524 for PPP packet and the error will occur when the packet is larger than the set size.
- The workaround is to configure the interface to have MTU be less than 1524 bytes; 1500 is the preferred size. This allows the interface MTU to dictate the fragmentation of the packets to be less than the 1524 bytes allowed size. [CSCdk01289]
- An ISDN switch expects that the router sends a CONNECT (or other message) within four seconds after receiving an incoming SETUP. This is timer T303. In some cases, when working with dialer profiles, the router is not able to send the message within T303. This results in a situation where the ISDN switch sends several SETUPs with the same call reference and the router never answers these incoming call SETUPs. [CSCdk02552]
- In previous releases, initializing a BRI call using a second dialer map while Layer 2 was down would leave the router in a state unable to make any future calls until the router was reloaded. This problem has been corrected. [CSCdk03996]
- The PPP negotiation debug command displays show attempts to output LCP Confreqs on the D channel. This can cause a valid PPP session that has already completed LCP and opened IPCP to be disconnected. [CSCdk06216]
- The software forced a crash in ISDN code. [CSCdk07621]
- When running NFAS, the router may not keep track of the available number of B channels correctly.
- This problem can be seen by entering a show isdn nfas group 0 command and comparing the available B channel count with the results of a show isdn service. This problem gets worse when you issue the shut and no shut commands on the T1 controllers. Because of this mismatch the router may incorrectly try to accept a call even though it doesn't have channels available (if the router indicates it has more channels available than it really does), or it may reject a call even though it has available B channels (if there are fewer channels available than what the router indicates).
- There is currently no workaround. [CSCdk12206]
- When making a PAD call from (as an example) serial1-2 to serial1-3, the PAD 222202 call gets connected to the line configured with rotary 2; the PAD 22222 call gets connected to the line configured with rotary 2; however, this is only true until rotary 7 PAD 222207 and PAD 22227 get connected to line configured with rotary 7. PAD calls with subaddress greater than 7 behave in the following manner:
- PAD 22228 and PAD 22229 will get connected to the line configured for rotary 8 and 9.
- PAD 222208 and PAD 222209 will not get connected to line configured for 8 and 9. [CSCdk13288]
- When the router makes a PAD call, either through a connected X.25 interface or across an IP network using XOT, and the call fails, the router will not free the memory resources causing the router to use all the memory with time. [CSCdk13994]
- When the ipx route-cache command is configured on a Cisco AS5300 router running Release 11.3(3a)T software for dialup access, clients are unable to log in. The workaround is to issue the no ipx route-cache command. [CSCdk14396]
This section describes possibly unexpected behavior by Releases 11.3(3) and 11.3(3)T. Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(3) and 11.3(3)T. For additional caveats applicable to Release 11.3(3) and 11.3(3)T, see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
Only serious caveats are described in these release notes. For the complete list of caveats against this release, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.
All the caveats listed in this section are resolved in Release 11.3(4).
- Cisco AS5300 T1 controllers show loss of signal in some cases and will not recover. This bug is more likely to happen when the T1 line has lots of errors. When the bug is seen, a "!!! Firmware is not running!!!" message is displayed on the console with the debug dsx1 command configured. To recover from this state, the AS5300 needs to be rebooted. [CSCdj86924]
- Flow and optimum switching do not demultiplex Frame Relay or ATM VCs to the appropriate subinterface, causing packets to be fast switched when input access lists are configured on subinterfaces. [CSCdj12543]
- The console/virtual-terminal exec on Cisco 7500 HSA systems may become unresponsive with the write memory command and configurations larger than 128K and service compress-config.
- If this bug occurs, the configuration NVRAM of both the master and slave RSP will be invalid after a reboot and must be recovered manually as follows:
- - Send an RS-232 break to the console of both the master and slave.
- - Issue the ROM monitor confreg command on the master and slave to ignore the system configuration.
- - Issue the ROM monitor reset command on the master and slave to boot a slave-capable image.
- - On the master console, copy a good configuration file from Flash memory or TFTP into running-config.
- - Turn off the 0x40 bit in the configuration register by issuing the show version EXEC command and the config-register configuration command.
- - Issue the reload command to reload the master.
- A workaround is to store the configuration in Flash memory. For example, issue the copy running slot0:config or write memory commands while configured with boot config slot0:config, service compress, and boot buffersize n, where n is at least three times the configuration size in bytes. In this case, the write memory command will work slowly - 10 minutes elapsed time for each 128k block of configuration text. [CSCdj63926]
- Using DFS (dist fast switching) and dcomp (dist compression) on the VIP may lead to a VIP crash in serial_process_receive_packet. The customer should temporarily turn off DFS and upgrade to an image with this fix. [CSCdj87001]
- Loading Release 11.3(2) on a Cisco 7206 router causes it to immediately crash with the following message:
system restart by error - an arithmetic exception, PC 0x601E15AC
- A work around is to disable WFQ on the interface. [CSCdj88537]
- In some network conditions it is possible for Frame Relay LMI Status Enquiry packets to be delayed before transmission in the router by other routing or control packets and then appear on the wire out of order. This can cause some instability of the Frame Relay circuit during the time the Status Enquiries are delayed by the other packets. The instability is seen as the Frame Relay PVC being declared Inactive at the remote end and then Active again about 1 minute later. The Frame Relay switch at the local end will report LMI Timeouts and Sequence Number Mismatches.
- It is also possible for this problem to occur on HDLC serial lines and cause instability due to HDLC keepalive packets being delayed.
- This is a rare occurrence and has only been seen with very large IPX SAP updates sent over a slow-speed circuit. The size of updates necessary to cause this problem on a 56 kbps circuit is around 3000 SAPs. The problem is more likely to occur when there is data traffic at near-line capacity on the circuit.
- It is theoretically possible for other routing or control packets such as OSPF Link State Advertisements (LSAs) or NLSP Link State Packets (LSPs) to cause the same effect in a period of severe routing instability in a large network with many Frame Relay subinterfaces. The issue is less likely to be seen when Weighted Fair Queuing is used on the serial interface rather than First In First Out (FIFO) queuing. Please note that there are many other possible causes of instability of Frame Relay or serial circuits and the manifestation of this particular caveat in operating networks is unlikely.
- If the issue is seen because of very large IPX SAP updates, the workaround is to configure an ipx output-sap-delay and ipx output-rip-delay that is larger than the propagation delay of a SAP packet across the circuit. A delay of 110 ms is sufficient for a 56K circuit. The possibility of seeing this caveat with very large IPX SAP updates was introduced by CSCdj18092. [CSCdj91667]
- If a router is configured with DECnet, and an SNMP GET is attempted on any part of the dnAreaTable or the dnHostTable of the OLD-CISCO-DECNET-MIB, the router will stop working.
- This caveat is limited to the SNMP MIB implementation and has no affect on managing or configuring DECnet by using the command line interface. [CSCdj91757]
- When the system gets an Error interrupt, a 4-byte IOS data area will get accidentally overwritten. Because of this, the system might reload with a "Bus Error Exception" message. The error interrupt may be caused by events like an HSA Slave state transition on HSA systems, fatal system errors (like a parity error), or non-fatal errors (like a QAERROR with Null/reuse link error). [CSCdk01707]
- Flow Export does not happen when the route-cache entry for export destination is absent. [CSCdk07337]
- The show decnet neighbor command may cause the router to reload when decnet conversion is configured. [CSCdj62828]
- The decnet split-horizon command did not function on ATM interfaces. It is now supported on all point-to-point type interfaces. [CSCdj91606]
- When a client (configured for seven data bits and even parity) dials in to an asynchronous interface (configured for eight data bits, no parity, and autoselect), the autoselect process does not recognize a carriage return and will not start an EXEC session. The carriage return comes into the router as a hex 0x8D. [CSCdj94422]
- A router crashed when running NCIA server with large number of clients connected. It could happen when either the client is not properly disconnected or the XID negotiation between client and host fails.
- There is no workaround for this problem. [CSCdj43427]
- The APPN router may hang its request_cp_capabilities CP if it does not receive a bind response from the adjacent node within a certain time. When this occurs, no new conwinner CP-to-CP sessions may be established by this router. This results in only single conloser CP-to-CP sessions established between this router and adjacent nodes. [CSCdj85208]
- A DLUR router may withhold ACTLU responses from downstream PUs, preventing VTAM from sending ACTPUs. Downstream PUs may not become active. [CSCdj88063]
- STUN peers may try to open a peer at the same time. This problem only occurs when tunneling Computerm channel extenders. Potentially, it could happen with other similar devices if they both simultaneously send at startup time. [CSCdj90520]
- In the event of a stale RIF in the DLSW+ reachability cache, the router will send a single route explorer to the destination every 30 seconds until SNA_EXPLORER_TIMEOUT expires (or until a new route to that destination is found). [CSCdj92855]
- DLSw reachability cache entry is not flushed after no response to the XID frame that used this cache entry.
- The workaround is to issue the clear dlsw reach command.[CSCdj92864]
- Under certain circumstances, it is possible for the DLSw current window (CW) to grow and exceed either the configured max-pacing value or the default value (50). This behavior is likely to be seen only in environments that have large data transfers with large pacing windows at the higher layers, such as SNA LU 6.2, APPC, APPN, and Cross-Domain (INN/SNI) environments. The growth of the DLSw current window (and therefore the granted/permitted packets) is not in itself a problem to DLSw. However, the queuing that may arise could cause performance problems in other areas of the network. In the worst situation, the router may run out of memory.
- A workaround is to recycle the link session (LLC2), which frees all memory and resets the pacing window. [CSCdj93178]
- Using bisynchronous passthrough regardless of the WAN transport will cause the router to crash the first time a frame is transmitted. Configure local acknowledgment or upgrade to a later Cisco IOS release. [CSCdj93203]
- It is not possible to link locally on a router attached to Token Ring segments with an LNM station when an additional DLSw peer is configured.
- Only the segment where the LNM is directly connected is linkable. [CSCdj93242]
- In extremely rare situations, an APPN/DLUR router may reload with a watchdog timeout in asm_log_nau_name. This will happen only for heavily loaded routers (thousands of LUs) running DLUR. [CSCdj93322]
- Session initiation requests may become queued network-wide with the current adaptive BIND pacing implementation. This can occur when network traffic loads are low, but a single end station has withheld a BIND pacing request. This enhancement ensures that the router only withholds a BIND pacing request when the router is truly congested.
- There are no router messages identifying that this problem has occurred. The primary LU sending the BIND will typically have a session status of "pending BIND response," while the secondary LU will not have received the BIND. [CSCdj93613]
- A customer encountered a problem when running QLLC/DLSw local after finishing maintenance on the FEP.
- After bringing up the Token Ring on the FEP and activating the software Major node, about 10 percent of the PUs did not reestablish sessions with the host.
- VTAM shows those PUs as active in session. Issuing the show dlsw local-circuit command also shows the corresponding VMACs as being connected, yet an X.25 trace shows that these PUs are stuck in XIDs. [CSCdk01275]
- Cisco 2523s running Release 11.1(18.1) will not pass non-activation XIDs when configured for XID pass-thru. The impact of this is not serious unless you require PU 2.1s to remain active while VTAM is down. [CSCdk01631]
- When buffers are under heavy use, the APPN subsystem can enter Bconstrained mode too early and reject new session requests when there is still adequate buffer memory to continue processing requests. [CSCdk01686]
- A memory leak is caused by unsuccessful route calculations, which happens only in error cases. However, since there were so many failures in route calculations, the customer saw an obvious memory leak that will eventually crash the router. [CSCdk02504]
- A router running APPN may incorrectly time out the locate search TP (xxxtpd02) or the output TDU TP (xxxtptp0). During session cleanup, the router may not properly clean up a session. This results in the TP timeout after 30 seconds and the deactivation of the CP-to-CP sessions. [CSCdk02790]
- APPN/DLUR may continuously fail binds for a specific LU with sense 0805000A if a previous bind was received that was rejected because of a protocol error, etc. This can occur even when the subsequent bind is free from protocol violations. [CSCdk03156]
- The following bus error was reported on a Cisco 4000 router running Cisco IOS Release 11.3(2.3) and configured for DLSw.
System was restarted by bus error at PC 0x72A0B6, address 0x4AFC5480
4000 Software (C4000-JS-M), Version 11.3(2.3), MAINTENANCE INTERIM SOFTWARE
Compiled Tue 17-Mar-98 23:43 by ccai (current version)
Image text-base: 0x00012000, data-base: 0x00827A10
- [CSCdk03263]
- The source-bridge ring-group command doesn't show up in a show run output and gets lost during a reload. [CSCdk03339]
- The xxxtps27 timeout may not always free the request_cp_capabilities TP. This TP may time out if the adjacent node does not respond to the control point capabilities within a specified time. A TP timeout was added to prevent this TP from waiting indefinitely on the adjacent node. In some cases this timeout may not work and the request_cp_capabilities TP will not process new control point capability requests. When this occurs, the following messages will be displayed:
- %APPN-7-APPNETERROR: APPN TP xxxtps27 timed out on send of verb 11 -- Deactivating CP-CP CGID: 147125
- %APPN-7-APPNETERROR: Deactivating CP-CP with sense 8120010, no adjacent node found, ConW: 147125, ConL: 0
[CSCdk03979]
- CP-to-CP sessions may be deactivated due to a chaining error on the APPN router. [CSCdk04100]
- The APPN/DLUR router may reject an LU-LU session bind if the session was previously terminated by the router because of a protocol error. [CSCdk05823]
- The maximum memory access for APPN is adjusted as the maximum memory capacity of Cisco routers increase to 256M. With this fix, APPN subsystem can use the full 256M of main memory of the router. [CSCdk08186]
- A router failed to terminate the adjacent node to router CP session after a timeout of the router to adjacent node CP session. [CSCdk08775]
- A regression caused by CSCdj87034 causes sessions to have a single DLUR DLUS pipe. [CSCdk10696]
- Gratuitous ARPS are not generated for SLIP users. [CSCdj28084]
- On the Cisco 3600 series, channelized interfaces that are configured for X.25, are not connected to anything on the other end of the channel, and are not shutdown will continually reset as expected. However, over a period of time they may eventually cause the router to hang or unexpectedly restart. This problem can be avoided by shutting down interfaces that are known to be not in use and can be made less likely to occur by increasing the LAPB T1 and N2 parameters, which reduce the frequency of the resets. [CSCdj85507]
- If any OIR event (such as a board being removed or installed) occurred during the time FEIP is busy transferring data, system service may be disrupted due to an internal FEIP hardware bug. You might see a Cybus error or MEMD error when the problem occurs. [CSCdj89682]
- A user cannot IP-ping between PCs when setting IRB. If another vendor's router is swapped to Cisco, it works. And if a Cisco router is swapped to another vendor box, it works. (Bridging over PPP) [CSCdj91120]
- When IRB is enabled in a Frame Relay network using point-to-point subinterfaces, where the subinterfaces are part of a bridged network to remote sites, MAC level broadcast packets are not forwarded between the subinterfaces. [CSCdj91372]
- The Token Ring interface fails to bridge the transparent bridge (TB) broadcast frames when the transparent bridge is enabled on the Token Ring interface. This problem was introduced by the fix for caveat CSCdj78572. [CSCdj91600]
- While receiving bridged input from a virtual device on a Cisco 7500 router with FDDI interface(s) in the bridge group, the software could attempt to send an interface processor command to the virtual device, thereby crashing the router. [CSCdk00164]
- Ethernet collisions on the Cisco 7513 PA-8E are not counted correctly. Collisions are zero for over 2 million packets. The router has exhibited the same problem with Releases 11.1(14) and 11.1(17), Cisco IOS Enterprise images.
- There is no workaround. [CSCdk01150]
- Clients cannot log on to NT servers via NetBEUI when the client is on an Ethernet segment that goes across an ATM cloud to a server on a FDDI ring.
- Some specific particle driver applications (for example ATM LANE and Ethernet ISL) do not pad small Ethernet packets properly based on current particle driver conventions. This could cause small packets (less than 60 bytes) destined for output on specific ISL or ATM/LANE particle memory drivers to be corrupted. Most particle switching paths with small packets are unaffected. This problem only affects a limited number of cases. This is not an issue with non-particle memory systems. [CSCdk01235]
- Some existing frame relay commands were missing when using POS interfaces. This code fix enables the following commands:
- frame-relay route
debug frame-relay packet
debug frame-relay lmi
show frame-relay tcpip comp
show frame-relay lmi
show frame-relay lapf
- [CSCdk04045]
- This bug was introduced in Release 11.2 P on particle buffer based platforms. All particle based routers have this caveat. [CSCdk04111]
- When one VC for a subinterface is being released, ATMSIG clears the entire IP cache associated with the global interface. This situation causes a large number of cache invalidations on active networks and affects performance. [CSCdi73935]
- A spurious memory access can occur when switching from flow switching to process switching using the no ip route-cache command and then back to flow switching using the ip route-cache flow command. [CSCdj08350]
- Under rare conditions, Enhanced IGRP may not converge after a route flap. This problem has been seen on two redundant border routers with an Ethernet link between them. Both routers see an update via each access server covered by the two Enhanced IGRP processes. The routers then begin to continuously notify each other via the Ethernet link of the change. [CSCdj64479]
- Enhanced IGRP topology entries from the redistribution of connected routes where Enhanced IGRP is already running natively may not clear when the interface goes down. [CSCdj68388]
- If the interface on the router flaps or a new interface has been brought up, this will cause the downstream router that is connected to this router to reread its routing entry, thus resetting the timer on the routing table and the default route. The default route will be gone until the next time the router recalculates it's default route, which is about one minute. [CSCdj70939]
- Under unusual circumstances, a router configured for Enhanced IGRP may lose routes from the routing table. Examination of the Enhanced IGRP topology entry for the lost route reveals the feasible distance as infinity (4294967295), even though the metric for that route is good.
- The loss of the route is due to sporadic line congestion (packet drops) and/or SIA events on the same link as the neighbor occurring while a route is active. On very rare occasions, this can result in a lost acknowledge packet and a retransmission of the reply packet. For the failure to occur, the retransmitted reply must have a valid metric.
- A known workaround is to issue the clear ip route * command. [CSCdj73617]
- If a Cisco router is attached to a network that includes a Proteon router, free processor memory in the Cisco router can very slowly decline. This is due to a memory leak in the OSPF process. [CSCdj78467]
- A Cisco 7206 router may fail if configured for Enhanced IGRP in a fully redundant configuration. The workaround is to make some of the interfaces passive. [CSCdj81611]
- Routers using reflexive access lists in Cisco IOS Release 11.3 may crash with the following stack decode:
mgd_timer_set_exptime
mgd_timer_start
ip_maketemp_acl
ip_accesscheck_wrapper
ip_accesscheck_snpa
ip_acc_ck_count_violations
ip_forward
ip_process_pak
- The problem seems to be more prevalent under high traffic load. Increasing the IP reflexive-list timeout may reduce the likelihood of a crash but will not prevent it entirely. [CSCdj85302]
- Removing the router bgp command may drive up CPU usage and may cause the following error:
%SYS-3-CPUHOG in Process = Exec. Tracebacks showed that bgp_reset_cache lead to process_may_suspend_inline.
- [CSCdj91037]
- Intermittently, an FDDI Forward/Dense entry is not added to the outgoing interface list (olist) of a Source-Group (SG) routing table. The end result is that the FDDI interface does not forward mpackets as it should until the clear ip mroute command is executed. This problem may occur when multiple Cisco 7513 routers run Release 11.1(16)CA with FDDI, FastEthernet, and Ethernet interfaces. [CSCdj92400]
- NAT generates TCP segments with bad checksums when the inside interface is process-switching. [CSCdk01733]
- Static routes may not be written to NVRAM if the route following the (n * 300)th, where n >= 1, entry is for the same network/mask/distance. [CSCdk02406]
- Sometimes, a NAT translated packet in the fast path will get dropped if it needs to be process switched because of an incorrect IP header checksum. [CSCdk07875]
- A dynamically discovered CLNS route does not overwrite a static CLNS route pointing to a down interface. The workaround consists of removing the static route definition from the configuration and issuing the clear clns route command. [CSCdj31228]
- CSCdj62661 introduced a bug in the show isis route command. Whenever a user issues the show isis route command on a router running ISIS, and the router does OSI L1 routing, the router will generate %SYS-2-BADSHARE error messages similar to the following and crash:
- %SYS-2-BADSHARE: Bad refcount in mem_lock, ptr=60EB56F4, count=1 [CSCdj95515]
- On platforms with multiple interfaces (ports) per slot, the Cisco RADIUS implementation will not provide a unique NAS-Port attribute that permits distinguishing between the interfaces. For example, if a dual PRI interface is in slot 1, calls on both Serial1/0:1 and Serial1/1:1 will appear as NAS-Port = 20101.
- This is because of size limitations in the 16-bit field of attribute 5. The solution is to replace the NAS-Port attribute (5) with a vendor-specific attribute (26). Cisco's vendor ID is 9, and the CISCO-NAS-Port attribute is subtype 2. (See the RFC 2138 for details on vendor-specific attributes.)
- Vendor-specific attributes (VSAs) can be enabled by issuing the radius-server vsa send [accounting | authentication] command.
- The port information in this attribute is provided and configured via AAA. To get extended port information in the VSA, the aaa nas port extended command needs to be configured.
- The standard NAS-Port attribute (5) will continue to be sent. If this is undesirable, it can be suppressed using the no radius-server attribute nas-port command. When this command is configured, the standard nas-port attribute (5) will no longer be sent.
- The radius-server extended-portnames command has been deprecated and replaced with radius-server attribute nas-port extended. [CSCdj06817]
- Under rare circumstances, the AS5200 may issue the message "%SYS-3-BADMAGIC: Corrupt block at 20000000 (magic xxxxxxxx)" and crash with a software forced crash. There is no workaround at this time. [CSCdj22429]
- Using the physical-layer async command on low-speed serial interfaces (either asynchronous or synchronous), the fast switching process increases by approximately 10 percent. [CSCdj80674]
- Incoming calls from an Adtran TA with Multilink enabled may cause output packets to be wedged on the Cisco MBRI interface during PPP negotiation. The debug command will indicate no incoming PPP CONFREQ's from the Adtran side. The show interface will indicate something similar to:
Output queue 22/40, 0 drops; input queue 0/75, 0 drops
- where 22 represents the number of wedged packets. The only workaround is to reload the router. This is only applicable to MBRI interfaces. [CSCdj85220]
- When an eight ISDN B-channel PPP multilink bundle is configured via a dialer rotary group and dialer interface on a Cisco 7206 with ATM port adapters, the multilink may fail. [CSCdj93611]
- If your configuration contains a Kerberos SRVTAB, generating a configuration (using the write or show running config commands) will cause a memory leak. Running the show kerberos creds command will also cause a memory leak. [CSCdj94861]
- On RSM, when HSRP changes from Active to Standby state on a VLAN interface, the interface is unnecessarily reset, causing packets to be lost for a few milliseconds.
- There is no workaround. [CSCdk00982]
- An on-line insertion or removal (OIR) of an interface processor in an RSP based Cisco 7000 or 7500 router may result in multiple interfaces dropping very large numbers of incoming packets after the OIR. This problem may be seen on interfaces of other boards, as well as the interfaces on the board that was inserted or removed. The problem can be observed by a large and increasing number of packets reported in the "ignore" counter in the output of the show interfaces command. Communication through these interfaces will be severely impacted. This problem is most likely to occur in routers that have many active interfaces, and some interfaces with moderate to high traffic load. The problem is rare in routers that have few active interfaces and lightly loaded interfaces. The workaround is to reload the controller microcode using the microcode reload configuration command after the OIR event or power down the router to remove and insert cards. [CSCdk07259]
- IP cache entries pointing towards subinterfaces will not be deleted when the subinterface goes down. The workaround is to clear the IP cache.
- This caveat was introduced by CSCdi73935 in Releases 11.3(3.1) and 11.3(3.1)T. [CSCdk12731]
- Under rare circumstances, V.120 ISDN calls into a router will pause for a few seconds (or until a keypress) when carrying a large traffic stream.
- This problem affects all V.120 connections, but it is unlikely to cause any noticeable problems when there is flow control at a higher layer.
- If the V.120 session is used for bulk transfer (such as zmodem over rlogin) the transfer will begin successfully but will hang shortly thereafter. The connection will eventually drop. There is no workaround. [CSCdj51657]
- A router crashes in rsh path if a user tries to open an rsh connection to a protocol translation address on the router.
- Incoming rsh to a PT address is not supported. If a connection is opened to the address, there is no known workaround to avoid the crash. [CSCdk01735]
- Sometimes, the STUN/DLSw input interface may get wedged because of flow control in TCP. [CSCdk07263]
- A router may reload while executing a VINES ping. This condition can occur when either the link to the destination router is congested or the destination router itself is "busy."
- The workaround is to avoid performing VINES ping when the above conditions are known. [CSCdj52379]
- This fix is to address a problem that is specific for customers running VPDN in an ISL ladened environment. Configuring both ISL and Multilink Multichassis PPP can cause a memory consistency check failure that may cause a software forced crash after a few calls have been received. [CSCdj22189]
- Outgoing calls (call id = 0x8000-0xffff) are not properly released in some cases. The call ID assigned to a new outgoing call is not being checked against outstanding calls and is incorrectly being assigned when a call already exists with that call ID. The result is that the incorrect call is released when a call with the duplicate call ID is disconnected. [CSCdj33387]
- The primary switch type primary-net5 failed acceptance tests when connected to an Ericsson AXE switch and when TUP is used as the inter-PABX protocol. The router seemed to have difficulty handling the code 0x8A in an incoming "PROGRESS" message.
- The problem occurred when a Cisco 4700 with PRI was connected to an Ericsson AXE PABX and a Cisco 2516 with BRI was connected to a Fujitsu PABX. When ISUP was used as the protocol between the PABXs, the Cisco 4700 connected to the Cisco 2516 without any problem. When TUP was used between the PABXs the Cisco 4700 could no longer connect to the Cisco 2516. The Cisco 2516 can, with both protocols, connect to the Cisco 4700 without any problem. [CSCdj60839]
- When configuring IRB to bridge over a serial interface with HDLC or Frame Relay encapsulation, AppleTalk does not work properly. Apple ping will fail and zone information will not be transferred. [CSCdj67875]
- A Cisco 7206 router crashes when a 76x dials in. This problem may be related to CSCdi83848. [CSCdj78804]
- Output from the show isdn status bri-number command shows CCBs with callid=0 & B-chan=0 on BRI interfaces with SPIDs configured.
- When SPIDs are configured on BRI interfaces, an internal data structure for call information leaks on the interface at power-up. This happens mostly on power-up conditions and will be limited to about two CCBs.
- Issuing the clear interface bri-number command is a workaround that will release the hanging CCBs on the interface. [CSCdj80872]
- When a new running configuration was loaded on a router with AIP and running LECS (such as after boot up or when loaded from Flash or the network), the router would crash.
- The configuration contained the following LANE LECS address configurations:
- lane fixed-config-atm-address
lane auto-config-atm-address
- This configuration generated a message similar to "%LANE-4-LECS_WARN: ATM1/0: can't register 47.00790000000000000 0000000.00A03E000001.00 with signaling (duplicate address ?)" and caused system memory corruption and a crash.
- As a workaround, use a single LECS address configuration or do not enable logging timestamps if multiple LECS addresses are required. [CSCdj83816]
- If a SESSION_END message received from a LAN interface is not forwarded properly to ISDN/dialer interfaces, it can cause future connection attempts to fail. This does not affect asynchronous interfaces. [CSCdj85626]
- There is no response from a router when the X.25 switching destination interface is down. [CSCdj87741]
- When a serial port of a Cisco router is connected via an X.24 cable (a modified X.21 cable with the control lines strapped so that Layer 1 stays up at all times), PPP fails to restart when the router or its peer is reloaded. The workaround is to use the shutdown command, followed by the no shutdown command on the serial interface. [CSCdj87834]
- Asynchronous connections to a router running Cisco IOS will fail or drop packets if the Async Control Character Map (ACCM) option is not requested by the peer. The workaround is to set the ACCM option on the peer to something other than the default of 0xFFFFFFFF. The recommended value for most cases is 0x000A0000. [CSCdj89391]
- Frame Relay SVC fails to remove a released SVC.
- When multiple Frame Relay SVCs are created and released by a Cisco router, some of the SVCs may not be released correctly. This does not happen when only one SVC at a time is created and released.
- There is no workaround. [CSCdj90223]
- Priority queuing appears to be broken in Release 11.3. Packets are not classified into the correct queue. [CSCdj90847]
- Frame Relay SVC does not process an incoming SETUP message correctly.
- When a Cisco router is connected to a Nortel Passport switch, it does not process the calling party number information element properly, causing all SETUP messages to be rejected by the router.
- There is no workaround. [CSCdj91484]
- Under rare circumstances, the router will crash at the process_handle_watchdog while running ATM. [CSCdj92220]
- If the maximum number of virtual access interfaces have been allocated and one of them goes down, it is not possible to allocate another virtual access interface.
- A "Max # of virtual access interfaces 300 are allocated" message appears when this condition occurs.
- There is no workaround. [CSCdj92816]
- A heavily loaded system will infrequently fail due to a bus error in process_rxstate. [CSCdj93410]
- Processor memory parity errors are not detected on the VIP2 (10/15/20/40/50) product family. Crash output for VIP2 products with a sig value of 20 indicates that a cache parity error condition was detected.
%VIP2 R5K-1-MSG: slot3 System Reload called from 0x..., context=0x...
%VIP2 R5K-1-MSG: slot3 System exception: sig=20, code=0x..., context=0x...
- When this sig value is present, the contents of the VIP crashinfo file are required for proper analysis. [CSCdj93505]
- It has been observed that querying the busTable with a maximum value of the busIndex (doing a GETNEXT) can cause the router to either lock up or crash. Since there is no practical reason to query the busTable with this value of busIndex, this problem shouldn't occur during operation.
- The workaround is to avoid using the index value. [CSCdj93919]
- In all software images that include CSCdj72948, when using Multilink PPP, the router will no longer be able to bring up extra links any faster than every 30 seconds.
- This functionality used to be provided by the dialer wait-for-carrier-timeout command but in CSCdj72948 this functionality was moved to a new more descriptive command called ppp timeout multilink link add. However, now neither of these commands work to provide this functionality.
- There is no workaround for this problem. [CSCdk00528]
- In a large network, if the number of Inverse ARPs sent are more than the broadcast queue size, some of these can be silently dropped. If the remote side is not responding to the Inverse ARPs sent, the router will try to send Inverse ARPs for all VCs again and again, resulting in the drops and the required maps will never be generated. This is a configuration issue and the fix is to increase the broadcast queue size. [CSCdk01563]
- The LLC2 header becomes corrupted for NetBIOS over PPP. When the netbios nbf command is used for PC clients dial in, connect to servers via NetBEUI protocols, connections may fail. This only affects OS/2 but not Windows NT servers connections. [CSCdk02250]
- The router attempts to display "unknown sub-interface type 0x2" when Frame Relay subinterfaces are configured on a Frame Relay Network-to-Network Interface (NNI). This display may either cause a system reload or a kernel error message like "SYS-2-NOBLOCK messages." [CSCdk05107]
- When using the translate x25 command, it is not possible to enter a virtual-template parameter referencing a template number greater than 10. Even though it is possible to define templates with a number between 1 and 25. [CSCdk07558]
- When the ipx route-cache command is configured on a Cisco AS5300 running Release 11.3(3a)T for dialup access, clients are unable to log in. The workaround is to issue the no ipx route-cache command. [CSCdk14396]
This section describes possibly unexpected behavior by Releases 11.3(2) and 11.3(2)T. Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(2) and 11.3(2)T. For additional caveats applicable to Release 11.3(2) and 11.3(2)T, see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
Only serious caveats are described in these release notes. For the complete list of caveats against this release, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.
All the caveats listed in this section are resolved in Release 11.3(3).
- Under unknown circumstances, a Cisco AS5200 PRI D channel may get stuck in the state "TEI_ASSIGNED" rather than "MULTIPLE FRAME ESTABLISHED," which is the normal operating condition. This state is shown by issuing the show isdn status command.
- The workaround at this time is to reload the router. Issuing the shut and no shut commands on the affected interface does not help. [CSCdj41613]
- A Cisco AS5200 with E1 PRI will not load Cisco IOS Release 11.2(9)P. Disconnecting the cable lets the router load successfully. [CSCdj50912]
- Access servers using CD2400 family UART controllers may display the following error message and traceback:
%CIRRUS-3-SETCHAN: Serial2: setchan called in CD2430 interupt context
-Process= "<interrupt level>", ipl= 5, pid= 50
-Traceback= 220EA764 220ECA68 220EB252 220E57E8 2229F6BC 2217F2F2 2217F4B4
[CSCdj91138]
- In certain cases, the number of packets shown in the IP flow cache packet size distribution does not match the number shown in the cache statistics. [CSCdi71766]
- The show stacks command fails to report the correct version of code running at the time of the last reload. This problem occurs when the Flash version of the Cisco IOS software does not match the running version of code.
- When upgrading the ROM monitor with this fix, the startup configuration in NVRAM will be lost. Therefore, save the startup configuration before the ROM monitor upgrade and then restore it later. [CSCdi74380]
- A new configuration command now exists for RSP routers to control caching policies for memory regions. A user can now configure MEMD to be accessed uncached by issuing the memory cache-policy io uncached configuration command.
- This method is better than having to enter the test rsp cache memd uncached EXEC command every time the router is booted.
- This configuration command can be used as a workaround for problems like CSCdj52309 and CSCdj70296.
- To restore the MEMD caching policy to the original write-through policy, issue the memory cache-policy io write-through command. To determine what memory cache policies are currently configured on your router, use the show rsp command. [CSCdj33812]
- A catastrophic problem has been identified that affects all Cisco 7500 and Catalyst 5000 RSM users. The problem occurs when using packet tunneling in combination with certain timing conditions, packet sizes, and buffer-usages. Affected images are being deferred and special images are being built.
- Tunneling is being used as an abbreviation in this context to refer to a specific fast-switch to process-level code path traversed by translational bridging (TLB), source-route bridging (SRB), remote source-route bridging (RSRB), and data link switching (DLSw).
- When the packet tunneling logic on RSP or RSM-equipped systems causes datagrams to be copied from SRAM to DRAM, an arithmetic error results in more bytes being copied than is remembered for cleanup processing. Reuses of the tunneling logic, in certain rare combinations of timing, packet-sizes, and buffer-usages, may result in those unaccounted bytes causing several anomalous system behaviors including packet errors.
- This software defect is exposed to all RSP and RSM images in Cisco IOS Releases 11.2, 11.2 P, 11.2 BC, 11.3, and 11.3 T.
- Solution: To eliminate the problems mentioned in the preceding section, we strongly recommend that you download and install one of the following Cisco IOS software release updates: 11.2(12a), 11.2(12a)P, 11.3(2a), or 11.3(2a)T.
- Workarounds: There are two possible workarounds. CSCdj33812 provides a configuration command to avoid the software defect. This workaround is available in Cisco IOS Releases 11.2(11.5), 11.2(11.5)P, 11.2(11.5)BC, 11.3(2.1), and 11.3(2.1)T. If you are using an earlier release, use the second workaround.
Note The two workarounds will drop performance down to process switching levels.
- CSCdj33812 incorporated a configurable command that will be stored in NVRAM.
- Configure with the memory cache-policy io uncached command to workaround CSCdj52309. To determine what memory cache policies are currently configured on your router, use the show rsp command.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#memory cache-policy io uncached
Router(config)#end
Router#show rsp
Throttle count 0, DCL timer count 0
active 0, configured 1
netint usec 4000, netint mask usec 200
DCL spurious 0
Caching Strategies:
Processor private memory: write-back
Kernel memory view: uncached
IO (packet) memory: uncached
Buffer header memory: uncached
- To restore the MEMD caching policy to the original write-through policy, issue the memory cache-policy io write-through command.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#memory cache-policy io write-through
Router(config)#end
Router#show rsp
Throttle count 0, DCL timer count 0
active 0, configured 1
netint usec 4000, netint mask usec 200
DCL spurious 0
Caching Strategies:
Processor private memory: write-back
Kernel memory view: write-back
IO (packet) memory: write-through
Buffer header memory: uncached
- If operating with images that do not have the CSCdj33812 support, use the test rsp cache memd-fastswitch uncache command.
- The above command will need to be entered after every reload.
- Other considerations: Cisco IOS Releases 10.3, 11.0, and 11.1 Major and ED releases are not exposed to CSCdj52309. Though these releases share the same arithmetic problem, the tunneling software is different, and there is no known or predicted combination of timing, packet-sizes, and buffer-usages that results in the same or different anomalous behaviors associated with Cisco IOS Releases 11.2, 11.2 P, 11.2 BC, 11.3 and 11.3 T. Cisco is using CSCdj52309 to repair the arithmetic problem in Releases 10.3, 11.0, and 11.1; however, no special images are being created because the anomalous behaviors are not present in those releases. [CSCdj52309]
- After a user sends a break command to the console, the continue command does not work; it does not restart the running Cisco IOS software. Instead the system will crash again and drop to the ROMMON prompt. The break command also does not work properly. It may hang, and the ROMMON command stack will report the wrong backtrace.
- This bug affects all platforms with MIPS R4700 and R4600 chips, including all RSP-based platforms. [CSCdj58608]
- The c3620-i-mz and c3640-i-mz Release 11.2(9)P images may have problems when they are copied to new (previously unused) Intel 4 Meg SIMMs the first time. [CSCdj59820]
- When polling the ciscoFlashPartitionTable on a router running 11.2(9)P and 11.2(10)P the router's CPU utilization will go to 99 percent. Both CiscoView and the Cisco Resource Manager's Software Image Manager poll the ciscoFlashPartionTable so they will cause this behavior. [CSCdj60284]
- The console/virtual-terminal exec on Cisco 7500 HSA systems may become unresponsive with the write memory command and configurations larger than 126K and service compress-config.
- If this bug occurs, the configuration NVRAM of both the master and slave RSP will be invalid after a reboot and must be recovered manually as follows:
- - Send an RS-232 break to the console of both the master and slave. If the configuration register bit 0x100 is set, the break needs to be sent within 30 seconds of a power cycle.
- - Issue the ROM monitor confreg command on the master and slave to ignore the system configuration.
- - Issue the ROM monitor reset command on the master and slave to boot a slave-capable image.
- - On the master console, copy a good configuration file from Flash memory or TFTP into running-config.
- - Turn off the 0x40 bit in the configuration register by issuing the show version EXEC command and the config-register configuration command.
- - Issue the reload command to reload the master.
- A workaround is to store the configuration in Flash memory. For example, issue the copy running slot0:config or write memory commands while configured with boot config slot0:config, service compress, and boot buffersize n, where n is at least three times the configuration size in bytes. In this case, the write memory command will work slowly - 10 minutes elapsed time for each 128k block of configuration text. [CSCdj63926]
- When an interface is experiencing congestion and the queuing mechanism drops packets, packets that are of interest to traffic shaping may be dropped.
- In this situation, traffic shaping can freeze up. A symptom of this is that the traffic shaping queues never clear out, even if the traffic flow through the router stops.
- This problem exists for both generic traffic shaping and Frame Relay traffic shaping. [CSCdj71626]
- The show snmp pending and show snmp sessions commands display SNMP community strings to non-privileged users. This is a potential security issue.
- Starting with Release 11.3 T, these commands are available in conjunction with the SNMP Informs functionality. Community strings configured for inform destinations (by issuing the snmp host configuration command) will be visible to all users. It is strongly suggested that inform destinations not be configured with read-write or private community strings. Since the proper functioning of informs does not require read-write community strings, this should not be an issue. [CSCdj78807]
- A virtual profile/interface does not send Radius Type 3 interim accounting records. [CSCdj79218]
- Given certain per-user access lists, the process that installs these access lists could block forever while waiting for a DNS query to return. [CSCdj79608]
- Cisco 7200 and 3600 series routers will add a few bytes to the tail of the packet when bridging between Ethernet or FDDI to serial using SMDS encapsulation. There is no workaround. [CSCdj80125]
- This bug can appear in two different ways to the user. The first way is when address information is missing from AAA network stop records. For TACACS+, this attribute is the "addr" attribute. For Radius, the attribute is Framed-IP-Address. The second way is when aaa accounting update newinfo is configured. In this case, the update record containing the newly assigned address is missing. [CSCdj80206]
- A corrupt buffer header is causing Cisco 7500 routers running Cisco IOS Release 11.1.(15.05)CA to restart with a bus error. [CSCdj80564]
- A system reload occurred because of a bus error. The stack indicates TACACS+. [CSCdj80726]
- While accounting packets, RADIUS fails to check the packet authenticator, thus potentially accepting a bogus reply from an infiltrator.
- Since we previously did not check the accounting-reply authenticator, and there are some daemons out there (for example, livingston-1.16) that do this calculation wrong, some customers may see accounting packets rejected, or resent until they are dropped. The RADIUS daemon will have stored the accounting data, but Cisco IOS software drops the acknowledgment. This can be ignored, but it is suggested that customers upgrade to a daemon that calculates the authenticator properly. (Livingston 1.16 customers should get the Livingston 2.0 daemon, which is still free from Livingston's website http://www.livingston.com. Livingston also has a fixed 1.16.1 daemon that is available for those that are unable or unwilling to upgrade to 2.0)
- Another side-effect of this caveat with a broken daemon is that multiple accounting records are sent to the daemon, which the daemon acknowledges, but are thought to have been either lost or hijacked because of the broken authenticator. The result may be multiple identical accounting records for the same connection or login. [CSCdj82294]
- Since the fix of CSCdj36356, a validity check was applied to the ACL field to determine if it was a valid access-list number range. This change impaired a user's ability to authenticate remote users because the GID was rejected as invalid. [CSCdj84978]
- Using distributed fast switching (dfs) and distributed compression (dcomp) on the VIP may lead to a VIP crash in serial_process_receive_packet. The user should temporarily turn off dfs and upgrade to an image with this fix. [CSCdj87001]
- When running APPN with HPR over a FDDI interface containing bridges, the router may reload because of a software failure. A workaround is to disable HPR (and just use APPN) or do not combine FDDI and bridging. [CSCdj57133]
- When running RSRB direct or FST encapsulation on a Cisco 4000 or 4500 router, the router is unable to bridge IP over a FDDI WAN. Under this same configuration, NetBIOS will be bridged. Only IP seems to be affected. [CSCdj64999]
- Memory leaks may be observed in routers running LNM, especially at a burst. The command no lnm rem may be an acceptable workaround. [CSCdj66894]
- When a router is configured for SDLC encapsulation and its role is set to primary, it may incorrectly send an FRMR; only the secondary may send an FRMR. As a workaround, you can use the frmr-disable interface configuration option to prevent the sending of FRMR as a primary or secondary. [CSCdj66967]
- To address the problem of a DLUR pipe going down and reestablishing on the non-network owning CMC, the perfer-active-dlus command is being enhanced to include a retry parameter. The number of retries will be adjusted to a sufficiently high number to allow for those times when the network owning CMC is busy. An alert will be provided for each retry attempt. [CSCdj71104]
- Memory may be corrupted if the conserve-ring feature is used in source-route bridging over Frame Relay. [CSCdj74759]
- On the Cisco 3600 platform, explorers do not pass through the router when running certain Cisco IOS releases. This has been fixed in Releases 11.1 AA, 11.2 P, and 11.3. [CSCdj77329]
- If the router runs out of memory and an X.25 call for QLLC is received, the router may reload. [CSCdj78863]
- BSC contention with older Cisco 2780 devices may experience some problems at startup. Some frames will cross the tunnel and start a session but the device never comes up fully. If the commands debug bsc event and debug bsc packet are issued, the output will show that the router is discarding all received frames on that interface. Look back through the history to the last success frame received on that interface. If a line similar to the following appears after the data is sent, there will be a problem:
BSC: Serial0: FS-FSM event: LINK UP old_state: SEC . new_state: IDLE.
- The LINK-UP event will reset the bisync FSM and further frames will be halted. There is no workaround. The Cisco IOS image must be upgraded. [CSCdj80073]
- The ip helper-address command does not work on the FDDI interface on a Cisco 7200 router when the UDP frame contains a source route (RIF) field and SRB is enabled on the interface. There is no workaround. [CSCdj80779]
- When a router is configured for DLSw/QLLC and the first SNA XID is from the LAN through the router to X.25, then the router sets the ABM bit in the SNA XID to 1 (byte 19, bit 1). This is not supported by all QLLC devices. [CSCdj81191]
- An upstream APPN node queued all binds destined for an intermediate APPN router because of a BIND pacing. The downstream router did not responded with an IPM (pacing response) to the upstream node. The pacing window was not released by the downstream router because the BIND buffer had been lost after waiting on a send_q to a downstream node that had not responded to a pacing request, and then the link to that node was terminated. Cleanup of the downstream node's link freed the BIND in an inappropriate way. [CSCdj81746]
- A router running RSRB might crash when a badly formed LNM packet is received. A workaround is to disable LNM on the router with the lnm disable command. [CSCdj82340]
- When connecting NCP to NCP over Token Ring, both NCPs send explorers to locate the other. NCP has recently changed its behavior to send text polls to DSAP nn rather than 00. For DLSw, if it has a circuit established (as a result of XID received from the remote FEP) and it gets a test poll (CLS message Test.Ind) destined for the same circuit (including SAP value) then it will ignore the test poll as an illegal input and ignore the frame.
- This behavior is changed to respond to the test poll with the RIF that already exists in the circuit. [CSCdj83021]
- LLC-2 frames may be corrupted when FRAS host DLSw+ local acknowledgment is used. The workaround is to use FRAS Host Passthru. [CSCdj83194]
- FRAS-Host Passthru does not work when the dlsw local-peer command is configured. The workarounds are to deconfigure dlsw local-peer or to configure fras-host dlsw-local-ack. [CSCdj83835]
- Versions with this fix will not crash when clear counters is issued, even when CMPC and CSNA are configured on the CIP. [CSCdj84180]
- During a session setup from an end node to an LU on a LEN served by VTAM, the session setup can fail.
- On release 11.3 the following messages will be seen on the failing node:
%APPN-3-logdsDS_NEWDSlfa_LOGMSG_04: DS - FSM(NNSolu): invalid input value = 8x %APPN-3-logdsDS_NEWDSlfa_LOGMSG_05: DS - FSM(NNSolu): state error, lcb: 8x pcid: 8x8x row: 1632511552 col: -715957806 inp: 8x
- This bug only affects Release 11.3. [CSCdj84579]
- A router reload can occur when DLUR processes a flow on the DLUS/DLUR connect which must be responded to negatively because the PU has disconnected. This is a regression defect introduced by CSCdj59639. [CSCdj84659]
- The APPN router may hang its request_cp_capabilities CP if it does not receive a bind response from the adjacent node within a certain time. When this occurs, no new conwinner CP-to-CP sessions may be established by this router. This results in only single conloser CP-to-CP sessions established between this router and adjacent nodes. [CSCdj85208]
- It is now possible to modify the CPSVRMGR mode in Cisco IOS Release 11.2(13). In previous versions it was impossible to do so.
- A new default mode was also added to APPN, the QPCSUPP mode, which is used for AS/400 5250 emulation. Now you will no longer have to explicitly code the QPCSUPP mode when connecting to LEN level devices that use the QPCSUPP mode. [CSCdj85300]
- The APPN network node (NN) was enhanced to timeout locate searches that were pending for more than 9 minutes. If another node was not responding to locates, a significant amount of memory could be allocated to the NN while it waited for responses to the outstanding locates. This could result in memory shortages in some cases. [CSCdj87903]
- During race conditions, when there is a DLUR pipe failure in combination with downstream PUs disconnecting, APPN/DLUR may leak buffers. [CSCdj92327]
- The APPN router may reload due to a spurious memory access in recreate_small_fid2_mu. The following messages are displayed on the router console before the reload:
%APPN-7-APPNETERROR: Insufficient available buffer supply
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x606F5A4C reading 0x50
- The show stack command displays the following backtrace:
#0 0x606F5A4C in recreate_small_fid2_mu
#1 0x606fdbd4 in transfer_to_dynamic_and_send
#2 0x606fce90 in sc_process_mu
#3 0x606f6900 in e
#4 0x606f6ed8 in fsm_receive_router
#5 0x606d6b20 in upchuck
#6 0x606d6664 in rcv_cls_msg
#7 0x606d6208 in dlcdx_process_messages
#8 0x606f5e18 in xxxpcasm
- [CSCdj92488]
- Using bisynchronous passthrough regardless of the WAN transport will cause the router to crash the first time a frame is transmitted. Configure local acknowledgment or upgrade to a later Cisco IOS release. [CSCdj93203]
- A TRIP interface configured for transparent bridging but not configured for source-route bridging may silently drop some incoming frames. Specifically, if the interface receives a frame with a length less than 120 bytes and the RII bit is set (indicating a source-route bridging frame), it may drop the next frame received. This can cause the interface's keepalive processing to fail and can lead to sporadic resets on the interface. [CSCdi88756]
- Overruns or drops may be seen on serial interfaces on an FSIP on a Cisco 7500 series router. The commands shutdown, no shutdown, and clear interface will not clear this condition.
- The workaround is to enter a command that will cause a "cbus complex" restart; for example, configure the MTU size to a different value and then change it back to your proper configuration. In the following example assume that the MTU was set by default to 1500:
router(config)# interface s 1/0
router(config-if)# mtu 8000
router(config-if)#! the previous command causes a cbus complex restart
router(config-if)# mtu 1500
router(config-if)#! change back to proper value
- [CSCdj03047]
- Under certain circumstances, rebooting a Cisco 2524 may cause the router to pause indefinitely with a T1 connected to a Fractional T1 module. The workaround is to unplug the T1 prior to the reload or change the T1 framing setting from sf to esf at both ends (including the Central Office and the Cisco 2524 router). [CSCdj22485]
- When using E1 or T1 PAs in channelized mode, the non-used timeslots should be assigned to an interface with the latter put in shutdown. If not, the router may affect other used timeslots and degrade their performance. [CSCdj48322]
- Cisco 3600s with the 16-port or 32-port asynchronous modules are not able to send the BREAK sequence. [CSCdj48598]
- The serial links on PA-4T+ and PA-8T flap when exposed to moderate traffic load on the VIP or the Cisco 7200. This causes spurious interface resets.
- As a workaround, turn off fancy queuing (use FIFO for queuing strategy). WFQ is enabled by default and should be disabled by issuing the no fair command. However, under severe traffic conditions some isolated interface resets might be observed with the workaround applied. [CSCdj60813]
- A packet loop may occur between RP/SP7000s using FIP cards while running Cisco IOS Release 11.1(12). There is no known workaround. [CSCdj64489]
- If CRC32 is configured between two POSIPs with hardware revision 1.4 or below, upgrading one POSIP to hardware revision 1.5 or above may lead to packets that are 2 bytes too short or too long as reported by debug ip packet. In this situation, only a router reload will solve the problem.
- One way to prevent this is to set CRC16 on both ends before upgrading the POSIP. [CSCdj69939]
- On rare occasions, a Cisco 7000 family router with a VIP PA-4R Token Ring interface may reload if the user enters the show controller token command. [CSCdj77844]
- An IPX client cannot communicate with the IPX server through a Cisco 3600 Token Ring interface if both source-route bridging (with multiring configured on the peer Cisco router) and transparent bridging are enabled on the Token Ring interface.
- The problem occurs because the Cisco 3600 drops broadcast packets at its Token Ring interface.
- This problem applies also to the Token Ring PA for the VIP or the 7200.
- The fix to this problem has been committed into Releases 11.2 and 11.3. Since Release 11.1 has been in restricted maintenance phase since September 1997, the fix will not be committed to Release 11.1. [CSCdj78572]
- A Cisco 7200 Ethernet interface configured for PIM does not receive multicast packets where the interface has not joined that group. As a result, IGMP v2 group membership reports (sent by members to the group address) are not received by the router if the router is not a member of the group.
- A workaround is to issue the shut and no shut commands on the interface after rebooting the router. [CSCdj78877]
- A problem occurs when connecting FSIPs back-to-back in a DCE/DTE method (where the router acting as DCE provides the clock). The parser allows clock configuration of up to 8M. Older FSIP hardware has a maximum throughput of 6.132M and therefore underruns and overruns can be seen if traffic exceeds that threshold.
- The workaround is to only clock at 4M or get the PA-4T+ or PA-8T+. [CSCdj79497]
- Cisco 7200 series routers configured with ISL on the C7200-I/O-FE Fast Ethernet port fail to transmit ISL encapsulated packets. There is no problem with native (non-ISL) packets going out on the same interface. This problem does not occur on the PA-FE-TX and PA-FE-FX, or while running Cisco IOS Release 11.3(1) or 11.3(1)T.
- As a workaround, use the PA-FE-TX or PA-FE-FX interfaces for ISL traffic or use Releases 11.3(1) or 11.3(1)T. [CSCdj79992]
- The no clockrate command is broken on serial WIC interfaces on the Cisco 3600 router.
- For 3600 images, the clock rate on the serial WIC cannot be removed. However, it is possible to change the clock rate on this interface by issuing the command clock rate xxxx, where xxxx is the desired clock rate for the interface.
- This defect affects only the serial WIC interfaces of the Cisco 3600 router. All other serial interfaces on the Cisco 3600 are unaffected. [CSCdj83780]
- The POSIP interface may receive and switch packets even when in the admin down state. This has been also called the "duplicate packet problem" when the POSIP is in admin down state and connected to a protected circuit.
- There is no workaround. [CSCdj84628]
- The use of a subrate HSSI interface, together with a full-rate HSSI on the same VIP, VIP2, or VIP2-50, will cause the full-rate HSSI to drop outbound packets. This occurs with an externally clocked subrate HSSI. There is no workaround except to move the subrate HSSI or clock the subrate HSSI at 44.726 Mbps. [CSCdj86266]
- With the M4T(4T+) and M8T PAs, the transmitter-delay command may not be enabled. There is no workaround. [CSCdj86581]
- Changing the MTU size on a PA-2CE1 has no effect until the box is reloaded. [CSCdj86822]
- Cisco 7206 routers with a FDDI and ATM-LITE (using LANE) interface may get into a hung state (no connectivity at all) when configured with transparent-bridging between these interfaces (ATM and FDDI). [CSCdj87212]
- In Release 11.3(2), running source-route bridging on an FDDI interface may interupt IP Routing protocols. [CSCdj87282]
- The output of the debug ip routing command indicates that the route to 0.0.0.0 is removed and reinstalled into the routing table with the same metric. [CSCdj06220]
- If two routing protocols with mutual redistribution cause a routing loop, it is possible that the loop will remain even after updates have been filtered. The problem usually occurs after a clear ip route * command is issued after applying the filters. If the routes are allowed to age out the normal way, the problem does not occur. If OSPF is running, the workaround is to issue the clear ip ospf redistribution command. [CSCdj38397]
- Enhanced IGRP may crash when receiving updates in a network that has a major topology change in conjunction with an Enhanced IGRP topology database with neighbor counts exceeding 100 and route counts exceeding 4000. A topology that is borderline may experience CPUHOG messages in addition to or instead of a crash. Routers that greatly exceed these numbers are more likely to crash. [CSCdj54728]
- Issuing the clear ip route command will cause dynamic routes to be lost from the routing table. The only known workaround is to clear the interface and reinitiate the connection. [CSCdj59706]
- The distribute-list in command does not filter static/summary (null0) routes. (The distribute-list out command works fine.) [CSCdj62406]
- A router supporting Fast Ethernet that is configured with ISL encapsulation will place an entry in its ARP table if a client in one VLAN is incorrectly configured with an IP address in the subnet assigned to another VLAN that is supported within that trunked interface. [CSCdj67271]
- NAT fails to translate a payload of NetBIOS packets when fast switching. A workaround is to disable fast switching on NAT interfaces. [CSCdj74725]
- If a multicast boundary is configured on the interface that Auto-RP randomly selects to join the Auto-RP discover group, then the router will not create an IP Multicast Routing Table entry with the local flag (L) set, and the router will not be able to build an Auto-RP map.
- The workaround is to issue the shut command, followed by the no shut command on that interface. [CSCdj81176]
- With inbound route-map/distribute-list/sof-reconfig, some prefixes may be incorrectly denied. [CSCdj83777]
- Enhanced IGRP redistribution between different access servers is broken when the interface flaps. This is a regression from the fix for CSCdj62406. [CSCdj85316]
- DECnet discard routes cause cached cluster alias and real entries to point to the wrong interface. [CSCdj73031]
- This problem was caused by CSCdj7165 (ISIS: should not advertise parallel adjacencies in LSPs).
- When two routers have parallel p2p adjacencies between them, a flap of such a parallel adjacency might not trigger a full SPF run. This will result in the routing table being out of sync with reality.
- There is no workaround for this problem. [CSCdj83578]
- Timers are not cleaned up properly in LLC2. This may result in crashes when RSRB local acknowledgment is used under a high load. [CSCdj42474]
- When, for example, due to a network error, a group of LLC2 sessions becomes disconnected, the router may under certain circumstances not clean up the LLC2 control blocks properly.
- When this happens, end systems associated the DMAC SMAC DSAP SSAP control block cannot reconnect the LLC2 session.
- To work around this caveat, either change one of the addresses of the SAPs or reload the router. [CSCdj69274]
- In an ISL environment with DLSw where the DLSw bridge-group is on one of the ISL VLAN subinterfaces, retransmitted frames from DLSw contain 4 bytes of extra data, causing session loss.
- This problem has been witnessed more severely when the switch port on the trunk between the router and switch is set to auto (negotiation). This causes the switch to default to 100/half while the router is at 100/full, causing collisions, late collisions and overruns. These cause retransmissions that trigger the problem.
- Besides trying to avoid the retransmissions, there is no workaround in an ISL/DLSw setup. [CSCdj76634]
- Both HSRP routers on a FDDI ring go active and stay active. This problem occurs on Cisco 7000 series FDDI port adapters.
- Network instability can cause a FDDI ring to partition or be disrupted in a manner that causes HSRP peers to not receive hellos from their neighbors and, therefore, become active.
- HSRP routers send hello packets from a virtual MAC address that is a function of the standby group number. When the ring heals, both routers are active and sourcing hellos from the same (virtual) MAC address.
- FDDI devices must strip their frames off the ring. One method of doing this is to recognize frames by source MAC address. When the problem occurs, the FDDI PAs will mistakenly strip the other router's packets from the FDDI ring without processing them. This causes both routers to remain active since they do not hear hellos from their neighbors.
- This problem can also occur when FDDI PAs are used in conjunction with other FDDI interfaces such at the FIP or Cisco 4000 series FDDI module.
- The following are possible workarounds:
- If only one standby group is in use, the standby use-bia command can be used on both routers to cause hellos to be sourced from the burned in address instead of the virtual MAC address. This will prevent the problem.
- However, configuring routers to use the burned in address has two side effects:
- 1. In order to let hosts know that the MAC address associated with the virtual IP address has changed, the active router sends a number of unsolicited or gratuitous ARP responses. This lets host implementations update their ARP tables. If hosts do not process the gratuitous ARP responses, they will continue to use the now invalid MAC address to reach the gateway, and connectivity will be lost.
- 2. If the host is using the router to provide proxy ARP services for stations that aren't on the local LAN, its ARP able will continue to have the MAC address of the router from which it built entries for those stations, and it will not be able to reach them until the entries are timed out and it retransmits an ARP request.
- If the problem is occurring, perform an interface reset by issuing the shut and no shut commands to return the routers to a normal state.
- Increasing the HSRP hello intervals will cause the problem to occur less often since the routers will be able to tolerate a longer period of instability before missing enough hellos to go active.
- Solution:
- All HSRP routers in a FDDI environment use their own unique burned-in MAC address to exchange messages to run the HSRP protocol. The active router claims the virtual IP address and the virtual MAC address. It responds to ARP requests to the virtual IP address and acts as the gateway for suitably configured hosts, providing the virtual MAC address for the hosts ARP tables. In order to make sure that learning bridges and switches have the correct port entry for the virtual MAC address, the active router also sends periodic messages to other router. For these messages it uses the Virtual MAC address as the source address. The rate at which these messages are sent can be controlled by the operator command standby mac-refresh interval. You can specify an interval of 0. Then the MAC refresh is disabled.
- The no standby mac-refresh command restores the default interval.
- Note that this command is only used on FDDI interfaces.
- The following change applies to all media, not just FDDI: In the course of resolving this caveat, the use of standby use-bia has been changed. When standby use-bia is configured, only one standby group may be configured. However, it is possible to configure standby use-bia on any subinterface, and the command affects only the subinterface for which it has been configured. This means that if you configure a standby group on one subinterface and configure standby use-bia on a different subinterface, it has no effect on the standby group that has been configured. With the changes being made for CSCdj30049, standby use-bia applies to all subinterfaces.
- Currently, in a configuration such as
interface fddi 0/0 standby use-bia interface fddi 0/0.1 standby ip
- or
interface fddi 0/0.1 standby ip interface fddi 0/0.2 standby use-bia
- the standby group would not use the burned-in address as a source MAC address. With the changes, the standby group would use the burned-in address. The workaround for this is to remove the standby use-bia command, which doesn't actually have any effect.
- Conversely, if standby use-bia has been configured on a subinterface, the system will generate a configuration in which the use-bia will be associated with the main interface. So if the configuration was
interface fddi 0/0.1 standby use-bia standby ip
- the output that is generated will be
interface fddi 0/0 standby use-bia interface fddi 0/0.1 standby ip
- Finally, from Release 11.3 onwards, a configuration in which standby use-bia has been configured on a subinterface will be rejected by the command line parser. [CSCdj30049]
- The CAM entry for the HSRP MAC address does not get updated on a Catalyst 5000 when the Catalyst 5000 is connected to another Catalyst 5000 via ATM/LANE, and the active HSRP router moves from the local Catalyst 5000 to the remote Catalyst 5000. The problem occurs only when the routers are connected to the Catalyst 5000s by non-ATM media. When the active HSRP router moves, the stale CAM entry causes packets being sent to the HSRP address to be lost.
- The only workaround is to issue the clear cam dynamic command on the Catalyst 5000 after the HSRP address moves. [CSCdj58719]
- This problem seems to go away if the image is reloaded with the crypto maps intact. For the moment, this is a workaround until the bug is fixed. The order of events for a working system is to setup all the crypto maps, access lists and assign the crypto map to the interface, and then reload the router with the VIP. The problem is on the VIP. [CSCdj75371]
- A router drops fragments of non-encrypted traffic passing through it if the encrypting extended access lists have specific source/destination port numbers. Encrypted traffic is not affected. [CSCdj77678]
- The Cisco IOS recovery actions for a Catalyst 5000 RSM experiencing controller errors can cause network outages in a few seconds.
- The output from show controller c5ip reveals whether the controller has experienced these errors. In the example below, the controller detected 1387265 CRC errors and 1213882 DMA synchronization errors on channel 0:
DMA Channel 0 (status ok)
Received 11525644K packets, 8940433M bytes
One minute rate, 183331545 bits/s, 28869 packets/s
Ten minute rate, 183690578 bits/s, 28899 packets/s
Dropped 285660 packets
285472 ignore, 0 line-down, 0 runt, 0 giant, 188 unicast-flood
Last drop (0xA1F446D), vlan 109, length 1295, rsm-discrim 0, result-bus 0xD
Error counts, 1387265 crc, 0 index, 0 dmac-length, 1213882 dmac-synch
Transmitted 224504 packets, 15939644 bytes
One minute rate, 313 bits/s, 1 packets/s
Ten minute rate, 313 bits/s, 1 packets/s
DMA Channel 1 (status ok)
Received 5473296K packets, 4209913M bytes
One minute rate, 86473427 bits/s, 13724 packets/s
Ten minute rate, 86453598 bits/s, 13719 packets/s
Dropped 55916 packets
0 ignore, 0 line-down, 0 runt, 0 giant, 55916 unicast-flood
Last drop (0x814001), vlan 1, length 64, rsm-discrim 0, result-bus 0x5
Error counts, 0 crc, 0 index, 0 dmac-length, 0 dmac-synch
Transmitted 198226401 packets, 153955044K bytes
One minute rate, 402 bits/s, 1 packets/s
Ten minute rate, 404 bits/s, 1 packets/s
- There is no workaround. [CSCdj80853]
- When RSMs are configured to use the DEC spanning tree protocol on a bridge group, the RSMs may not block an interface that should be blocked, therefore creating a bridging loop.
- There is no workaround. [CSCdj81104]
- A Cisco 7200 router using an ESA for encryption cannot decrypt a packet under one session key and then reencrypt it under a different session key. [CSCdj82613]
- A Catalyst 5000 RSM in a 5500 (or 5505) chassis will incorrectly determine a received packet's length. This only occurs if a Supervisor III is in the chassis.
- Symptoms include poor RSM performance and frequent dmac-synch errors (as shown by the output from the show controller c5ip command).
- The workaround (disabling bursting mode of the Phoenix ASIC) degrades the Catalyst 5000 performance. [CSCdj84704]
- Fast switching to some servers may stop working if the server crashes and reloads while the default route is known.
- As a workaround, disable fast switching or clear the IPX route cache when this problem is noticed. [CSCdj59732]
- Deleting a non-existing IPX accounting list item can cause a router to reload. As a workaround, do not delete an IPX accounting list item unless it is specifically in the list. [CSCdj79085]
- If ipx sap-passive is enabled on an interface, the router does not answer general SAP queries for all servers on that interface. [CSCdj83449]
- A router reloads with an arithmetic exception. This problem seldom occurs and is observed when a high usage of TCP encapsulation is configured (like DLSW or BGP). [CSCdj60905]
- Constant VINES SRTP change updates may occur when the VINES routers are in a loop.
- As a workaround, disable VINES SRTP using the no vines srtp-enabled command. [CSCdj90763]
- Configuring both ISL and Multilink Multichassis PPP can cause a memory consistency check failure that may lead to a software forced crash after a few calls have been received. [CSCdj22189]
- Bridging of SMDS using MIP interfaces in a Cisco 7500 series router does not work. The problem does not occur with other serial interface types or on other platforms. [CSCdj34587]
- A remote user dialing into a Cisco router via NetBEUI can cause the Cisco router to reload. Specifically, if the router receives a NBFCP NetBIOS NAME PROJECTION packet that's greater than 104 bytes, the router will reload. A workaround is to disable NetBEUI on the client, or remove the netbios nbf commands from the router. [CSCdj51442]
- There is a memory leak in the ISDN process present in Release 11.1(14)AA code on the Cisco 3640. Symptoms are that the router hangs periodically. Only a reboot will free the unused but allocated memory. The show proc mem EXEC command will report the amount of allocated/freed/holding memory that each process is using. Issue the command every few hours and compare to see which process is holding memory. An example output is below:
- show proc mem
Total: 8118000, Used: 6219252, Free: 1898748 PID TTY Allocated Freed Holding Getbufs Retbufs Process 1 0 1464060 1294600 15700 0 0 PPP auth 2 0 67097692 65024344 3988404 0 0 ISDN
- show proc mem
Total: 8118000, Used: 7908580, Free: 209420 PID TTY Allocated Freed Holding Getbufs Retbufs Process 1 0 2302812 2044864 15248 0 0 PPP auth 2 0 103842164 101087932 5684824 0 0 ISDN
- (The output will vary from router to router.)
- The amount of time before the router hangs depends on many factors such as the number of ISDN sessions and the amount of memory. If you look at process ID (PID) 2, you see that the ISDN process is holding memory and not freeing it after use. If one process's holding figure continually increments until the router runs out of memory, then a memory leak is present regarding that process. [CSCdj62833]
- A Cisco AS5200 access server crashed in process_handle_watchdog in the ISDN code while running Releases 11.3(0.3) and 11.3(0.4).
- The workaround for this problem is to configure the dialer wait-for-carrier-time 5 command. [CSCdj66719]
- Intermittently, an ATM interface transmitter will hang, causing the interface to automatically reset after a timeout of 3 seconds. [CSCdj69024]
- Under some circumstances, clearing an interface associated with a VPDN or PPP multichassis multilink connection may cause the router to crash.
- This problem was introduced in versions 11.2(10.4) and 11.3(1.1). [CSCdj73210]
- A Cisco 1003 router running Release 11.2(11) encountered bus errors and reloads after it was configured for switch-type AT&T 5ESS with SPIDs. The router did not crash while inputting the configuration, but crashed when it was plugged into the ISDN line after it was configured. The router did not like to see SPIDs added to the configuration. This bug was found while trying to get a multipoint 5ESS switch to run with the router and SPIDs needed to be added. [CSCdj73634]
- In a Cisco 2500 series or 1600 series router with an internal CSU/DSU, if the serial interface bounced while running Frame Relay, the router would stop sending link management. To recover, the port must be shutdown and brought back up by issuing the no shutdown command. [CSCdj74822]
- NETBIOS_NAME_RECOGNIZED is not forwarded out through the ISDN line. [CSCdj75170]
- Data packets still go through BUS after data VC is established. [CSCdj76100]
- When using ARA version 3.0, the Cisco router allocates an AppleTalk node address of 0, and PPP negotiation fails. [CSCdj77846]
- If there is a backup interface and its kick-in and kick-out delay is configured, when the Cisco 3620 router is powered-up or reloaded, both the primary interface and the backup interface will be up simultaneously. Normally, the backup interface should be down and in the standby mode as long as the primary interface is up.
- After the kick-out delay time is over, everything will go back to normal. The backup interface will go down and stay in the standby mode until sometime after the primary interface is down. [CSCdj78148]
- When using NBF, a user should be able to filter broadcasts (LLC1 frames) on the dial-up line (ISDN or asynchronous) in order to avoid flooding the latter with unuseful information (data destined for stations on the LAN media and not the dialup station itself). [CSCdj78979]
- VIP2 crashes on a Cisco 7513 with RSP2. The PAs on the VIP (for example, PA-HSSI, PA-FDDI, or VIP2 POSIP) do not recover. The interface on the PAs go into administrative down state. Issue the no shut command to recover. [CSCdj79565]
- A Cisco 3600 running Cisco IOS Release 11.2(11) (and connected to an ISDN BRI interface with PPP and NetBIOS configured) does not remove the NBF dialer map entry when WIN95 disconnects the ISDN line. Because of this, a PC connected to the ISDN line cannot use different CHAP usernames for users sharing the PC. [CSCdj79634]
- This bug affects other features, causing commands to fail that may not be covered by regression testing. This will render the images using theses features useless to the user. [CSCdj80432]
- Under some circumstances, a remote user dialing into a Cisco AS5200 via NetBEUI can cause the Cisco AS5200 to reload. A workaround is to disable NetBEUI on the client, or remove the netbios nbf commands from the router. [CSCdj80506]
- Some incoming PPP connections fail. A reliable workaround is to turn on debug ppp negotiation. [CSCdj81106]
- A Cisco 3600 running Cisco IOS Release 11.2(11) and connected to an ISDN BRI interface with PPP and NetBIOS does not remove the NBF dialer maps entry when the application terminates. Because of this, a PC connected to the ISDN line cannot use different CHAP usernames for users sharing the PC. [CSCdj81194]
- A problem occurs on RSP serial interfaces with MLP configured. The RSP could get locked up if traffic is received from those serial interfaces that MLP fails to fastswitch.
- The workaround is to leave the MLP fragmentation on at the remote router so that Cisco IOS MLP on RSP would not try to fastswitch, but simply returns, letting the RSP call the proper routine. This workaround may not work if dialer interface is used. [CSCdj81755]
- Some PPP implementations erroneously send PPP packets that exceed the negotiated Maximum Receive Unit. If these packets are also larger than 1500 bytes (which all RFC 1661 compliant implementations are capable of receiving), Cisco IOS software with the CSCdi92482 patch applied will silently discard them. This is the correct behavior per the RFC.
- It may be possible to work around the problem by using the mtu command to select a smaller MTU/MRU value for the interface, but this will only work if the remote peer agrees to negotiate the smaller value. Another workaround is to downgrade to a version of software that does not contain the CSCdi92482 patch.
- To verify the problem, issue the debug ppp error command and search for a debug message of the following form:
Se6/0/0:23 PPP: Packet too large, size = 1509, maxsize = 4, protocol = 0x003D [CSCdj82427]
- When using CHAP authentication, the router may reload unexpectedly. [CSCdj83495]
- When a new running configuration was loaded on a router with AIP and running LECS (such as after boot up or when loaded from Flash or the network), the router would crash.
- The configuration contained the following LANE LECS address configurations:
- lane fixed-config-atm-address
lane auto-config-atm-address
- This configuration generated a message similar to "%LANE-4-LECS_WARN: ATM1/0: can't register 47.00790000000000000 0000000.00A03E000001.00 with signaling (duplicate address ?)" and caused system memory corruption and a crash.
- As a workaround, use a single LECS address configuration or do not enable logging timestamps if multiple LECS addresses are required. [CSCdj83816]
- If an X.29 reselect is received for a PAD connection on a line that is also using session-timeout, the router may unexpectedly restart if the new (reselected) connection lasts longer than the configured timeout value. [CSCdj84138]
- Cisco IOS Release 11.3 includes support for AOC-D and AOC-E. From the debug isdn q931 logs it appears that the AOC messages are being received from the ISDN switch but the display output from the show isdn active and show isdn history commands always show zero units. [CSCdj84277]
- Following a CyBus error on an RSP, the following messages may be present:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 6014B948 6014BEDC 6020BEB0 6020BFB0 60207048 60217C0C 6021A53C 6020BC20 601C0454 601C054C 601C0CBC 601BF650
%SYS-2-MALLOCFAIL: Memory allocation of 352 bytes failed from 0x6014BED4, pool Processor, alignment 0
-Process= "<interrupt level>", ipl= 6
-Traceback= 6014A2D8 6014BB64 6014BEDC 6020BEB0 6020BFB0 60207048 60217C0C 6021A53C 6020BC20 601C0454 601C054C 601C0CBC 601BF650
- These messages may repeat, and the RSP may also hang as a result. An image with CSCdj85257 integrated will resolve these secondary problems and the RSP will recover normally. CSCdj85257 will not resolve the original CyBus error, however. [CSCdj85257]
- If Layer 2 Forwarding (L2F) does not use tunnel authentication, packets will be sourced with an incorrect L2F header length as the length does not take into account the absence of the key field. [CSCdj85534]
- The system will not properly handle the combination of packet-by-packet compression on a Frame Relay PVC where traffic shaping is active. [CSCdj85988]
- Cisco 4000-M and Cisco 4700 routers configured with a Frame Relay subinterface that is in shutdown, will continue to forward packets from the shut down subinterface to the Ethernet interface. This was tested with Releases 11.2(4)F and 11.3(1).
- If frames are received on a VC on a shut down subinterface, frames are dropped but the drop count doesn't increase. [CSCdj87189]
- It is possible that L2F on the home gateway may enqueue a packet to PPP from an incorrect input interface such as an Ethernet as opposed to the virtual interface. This can only occur when the virtual interface input queue is congested. [CSCdj87752]
- Older Windows PPP implementations such as Windows 3.1 with the Shiva stack (including Internet Explorer and Netscape Navigator Personal Edition) may fail to negotiate LCP successfully on Cisco IOS systems running a version of Cisco IOS software with CSCdj63179 applied. The symptom is that the Windows client gives up trying to establish the PPP session after six LCP Config Requests have been sent by it. Windows then disconnects the call.
- Another component of the problem is that the overall setup time for an asynchronous PPP connection can take 15 seconds or more, regardless of the PPP client.
- In Cisco IOS releases that have CSCdj63179 applied, the first Config Ack sent to the Windows client will be framed incorrectly, and it will arrive at the Windows client with a bad frame check sequence (FCS). This forces the Windows client to send another Config Request. If the Windows client has already sent six Config Requests, it will give up and disconnect the call.
- This is not normally a problem for Windows 95 since its Config Requests are spaced 3 seconds apart. In Windows 3.1 Shiva based stacks, the Config Requests are spaced about 1.5 seconds apart, so it will give up on LCP negotiations much faster.
- Note that though this has only been observed with older Windows PPP implementations, the problem may occur with any PPP client that chooses to be aggressive in its LCP negotiation and has a short LCP negotiation timeout period.
- A workaround to this problem is to disable the carrier delay imposed on the interface with the (hidden) interface level command carrier-delay 0. Another possible workaround is to use the async mode dedicated command instead of using the autoselect function.
- Note that these problems only apply to asynchronous PPP, not synchronous PPP. [CSCdj88079]
- If the maximum number of virtual access interfaces have been allocated and one of them goes down, it is not possible to allocate another virtual access interface.
- A "Max # of virtual access interfaces 300 are allocated" message appears when this condition occurs.
- There is no workaround. [CSCdj92816]
This section describes possibly unexpected behavior by Releases 11.3(1) and 11.3(1)T. Unless otherwise noted, these caveats apply to all 11.3 and 11.3 T releases up to and including 11.3(1) and 11.3(1)T. For additional caveats applicable to Release 11.3(1) and 11.3(1)T, see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
Only serious caveats are described in these release notes. For the complete list of caveats against this release, use the Documentation CD-ROM or access CCO as described in the section "Cisco Connection Online" at the end of this document.
All the caveats listed in this section are resolved in Release 11.3(2).
- When using ARAP 2.1 on routers running Cisco IOS Release 11.2, the client connects, the authentication negotiates, and then the connection drops with a message indicating that the server called is not a valid remote access server. As a workaround, use Cisco IOS Release 11.1, which works with both ARAP 2.0.1 and 2.1. [CSCdi91670]
- IPTalk is completely broken in Release 11.2 because the LLAP header is missing in all IPTalk packets. There is no workaround. [CSCdj50179]
- An IPTalk interface will not come up after a reboot if the order of tunnel interface precedes its physical interface (such as Ethernet or serial). The symptom is that the iptalk command from the tunnel interface disappears after a reboot. There is no workaround. [CSCdj58363]
- A Catalyst 5000 RSM with only 16 MB of RAM may experience a system reload at initialization if running the -jsv image. The workaround is to add more memory. [CSCdj63501]
- Sometimes a memory leak that consumes I/O memory can be triggered in the pool manager. [CSCdi90521]
- If a map list is configured, the show running command may cause the router to crash if the "Last configuration change at..." informational string exceeds a total length of 80 characters. [CSCdj13986]
- Under heavy interrupt load, driver instrumentation gets hit repeatedly while processes are accessing the instrumentation variables (for example, last output time). These hits cause a number of problems, including stuck output and incorrect user displays. There is no workaround. [CSCdj15583]
- With certain traffic netflow switching can cause a loss of MEMD buffers resulting in interface hangs. [CSCdj19970]
- A recovery mechanism for misaligned 64-bit accesses has been added. This new functionality is similar to the current misaligned handler for shorter misaligned accesses. [CSCdj20738]
- Performing a Telnet from the router with TACACS configured might cause a router to reload with a bus error.
- Decoded stack trace from CCO tool:
_slow_check
_etext
_check_access
_open_connection
_telnet_multiproto_open
_connect_multiproto
_connect_command
_parse_cmd
- This problem has been seen only with Cisco IOS Release 11.2 and later releases. [CSCdj36356]
- The tacacs-server directed-request restricted command now applies to authentication, authorization, and accounting. When this command is configured and the user tries to log in with a username, like <username>@<servername> (for example, johndoe@cisco), the only server tried is the server listed after the @ symbol. [CSCdj37496]
- A prior bug fix in Release 11.3 broke bridging over ATM. [CSCdj41839]
- When an RSP slave reset occurs, the slave IPC queue is not reset properly. Symptoms of this problem include IPC error messages that occur when a user tries to auto sync master and slave configurations, issue flash commands, issue the show stack command, or any other command that uses the IPC system to communicate between the master and slave RSP in a dual RSP systems.
- RSP slave resets can occur whenever a cbus complex occurs. [CSCdj46324]
- If a Telnet session is originated from a Cisco router and the ip telnet source-interface command is enabled, the IP address of the outgoing interface is used as the source instead of the one from the specified interface. [CSCdj51149]
- Traffic shaping on Frame Relay will not be enforced unless a session is active at the time traffic shaping is configured.
- The only known workaround is to enable shaping during an existing data transfer. [CSCdj52135]
- A new authorization feature was added in Release 11.3(1) that allows for separate configuration and authorization of Multilink PPP. This can cause MLP authorization to fail in TACACS+ servers that do not include the relevant authorization permissions in the configuration.
- For TACACS+, the following attribute-value (AV) pair should be added for all users who are allowed to negotiate Multilink PPP:
service = ppp protocol = multilink {
- [CSCdj53110]
- The Cisco 7500 may not correctly allocate the right number of a packet memory (memd) buffers to some network interfaces. The problem requires a large number of interfaces whose collective bandwidth is high, but their MTU is smaller than another buffer pool.
- For example, a problem was found with a Cisco 7500 using a large number of Fast Ethernet and/or Ethernet interfaces and one or more FDDI interfaces. The pool of packet memory should have allocated 80 percent of the memory to the Ethernet and Fast Ethernet interfaces, which use an MTU of 1536. Instead it was allocated 20 percent of the memory, and the lone FDDI interface with an MTU of 4512 was allocated 80 percent of the packet memory.
- The problem occurred with 55 Ethernet, 6 FastEthernet, and 1 FDDI network interface. The problem did not occur with fewer interfaces, specifically 36 Ethernet, 5 FastEthernet, and 1 FDDI interface.
- The problem may show up as a high number of input drops on some router interfaces. [CSCdj55428]
- A Cisco 1000 may send SNTP queries to the next hop along the route, instead of to the address configured in the sntp server statement in the configuration. [CSCdj56216]
- The input queue may be wedged with IP packets if the exception dump command is configured.
- The known workarounds are:
- 1) Increase the input queue to 175 ([75]Original Queue amount+[100] per exception dump x.x.x.x command).
- 2) Remove exception dump x.x.x.x command [CSCdj58035]
- When Frame Relay traffic shaping is enabled on a serial interface, disabling and reenabling weighted fair queuing will cause a system restart. [CSCdj58431]
- After a user sends a break command to the console, the cont command does not restart the running Cisco IOS software. Instead, the system will crash again and drop to the ROM Monitor prompt. The break command may hang, and the stack ROM Monitor command will report the wrong backtrace.
- This bug affects all platforms with MIPS R4700 and R4600 chips, including all RSP-based platforms. [CSCdj58608]
- When a router is highly loaded and traffic-shaping is active on the outgoing interface, it might be possible that LMI control messages get queued in traffic-shaping queues, causing the LMI protocol to go down. [CSCdj64221]
- An unconfigured system may send an inappropriate number of BOOTP requests after powerup in an attempt to find a usable IP address for autoconfigure. On routers with a large number of interfaces (for example, ISDN PRI or channelized interfaces) a CPUHOG error may occur. [CSCdj64910]
- When using the virtual-profile feature, no accounting records are sent out for incoming connections, regardless of the type of interface the connection is coming in on. [CSCdj66524]
- The patch added in CSCdi37706 and incorporated into Cisco IOS Releases 11.2(8.1), 11.2(8.1)P, 11.3(0.2) and 11.2(8.1)BC was intended to correct a cosmetic problem with command authorization.
- Instead it exposed a bug in older implementations of the developer's kit TACACS+ daemon (freeware) and will cause certain command authorizations to fail.
- All freeware daemon versions prior to version 3.0.13 are subject to this problem including the ACE Safeword Security Server daemon. CiscoSecure daemons are not affected. [CSCdj66657]
- When a user dials in to a Cisco AS5200 or AS5300 using ISDN, the cpmActiveUserID object in the CISCO-POP-MGMT.mib is not updated and is left blank. [CSCdj66942]
- Cisco IOS modules calling AAA will not be able to access returned AV-pairs. All but the simplest authentication and authorization will not function properly.
- The worst case scenario is that authorization succeeds and some AV-pairs that are normally used to restrict authorization will not be used.
- This bug was introduced with the fix for CSCdi51915 and was integrated into 11.3(1.2) and 11.2(1.2)T. [CSCdj74723]
- Main memory will decrease when running Cisco IOS with AAA/Kerberos authentication. The access server will run slowly, but it will not crash. Reload the access server in order to reset the memory. There is no known workaround; using an alternate Cisco IOS image on this access server is not an option. [CSCdj76071]
- A router may restart unexpectedly with SegV exception, PC 0x0, when the router is configured for DLSw. [CSCdj16559]
- A router configured for DLSw has a buffer leak in the middle and big buffers. Eventually, the router runs out of I/O memory.
- The problem is related to the way DLSw backup peers are configured. This problem will only occur if the local router is configured with backup peer commands and the remote router also has a configured peer and is not promiscuous.
- The workaround is to remove the DLSw backup peer configuration. [CSCdj21664]
- When establishing a DLSw session, the circuit priority field in the SSP header of the CUR_cs, ICR_cs, and/or REACH_ACK SSP frames may be set to a reserved value (5, 6, or 7). While this value will not cause problems when sent to a Cisco router peer, it may cause interoperability problems when peering to another vendor's equipment. This problem may manifest itself as an inability to start the circuit. [CSCdj22482]
- When the target DLCI on an interface with one or more DLCIs goes down, FRAS fails to go into backup mode. The backup will not be invoked until the interface changes to the down state. [CSCdj22613]
- While running STUN local acknowledgment on Cisco IOS Release 11.1(12), secondary PU 2.1 SDLC devices may enter FRMR state. The connection is terminated and restarts, sending XID to the device. Because no SDLC DISCONNECT was sent, the endstation remains in stuck FRMR state and rejects the XID. This fix changes STUN local acknowledgment so that if a FRMR comes in while the STUN state is "disconnected," an SDLC DISC is sent to reset the station. Subsequent XIDs will then succeed. [CSCdj35118]
- A downstream LU is unable to get the logo screen from the host even though other LUs on the downstream PU can. The router shows the DSPU state of that LU to be Reset or dsLUStart, while the host shows the state as active. The LU is recovered by deactivation, then reactivation of LU at the host.
- This state may occur if the downstream LU has previously failed to reply to ACTLU, or if the host has failed to respond to a NOTIFY (available or not available) from DSPU within a timeout period of 20 seconds.
- Recovery requires the host operator to recycle the LU at the host. [CSCdj45783]
- A crash could occur for STUN DIRECT over Frame Relay if data continues to be received after a STUN peer was deconfigured, or the encapsulation is changed from STUN. [CSCdj48350]
- When using ARRPM-ISR over an RSRB port over FDDI, a Cisco 7200 may start sending frames with the non-bitswapped address of the target device.
- A workaround is to configure a MAC address on the target device that is always the same, canonical or non-canonical (for example, 4242.6666.ffff). [CSCdj48606]
- RIF may be modified incorrectly when multiring and SRB proxy explorer are configured on an interface but the SRB triplet is not configured, as shown in the following example:
interface TokenRing0/0
ip address <ip-address>
multiring ip
source-bridge proxy-explorer
- Note the absence of the source-bridge command.
- The source-bridge proxy-explorer statement will not show up in the configuration unless the SRB triplet is configured.
- A workaround for this problem is to configure the no source-bridge proxy-explorer command. [CSCdj51631]
- When running proxy explorer and NetBIOS name caching on a Cisco 7200 Token Ring interface, alignment errors will occur. [CSCdj52522]
- When running APPN with HPR over a FDDI interface containing bridges, the router may reload because of a software failure. A workaround is to disable HPR (and just use APPN) or do not combine FDDI and bridging. [CSCdj57133]
- A router may reload when removing configuration of X.25 PVCs for QLLC. [CSCdj57872]
- A router crash occurred while running CMPC over DLSw+ Fast Sequenced Transport (FST). [CSCdj58258]
- In a rare timing situation, an APPN/DLUR router may reload due to a bus error/segV exception at ndr_sndtp_encap_mu. [CSCdj59639]
- The workaround for this problem is to include the "xid-snd" field in the "sna host ..." and "dspu host ..." configuration commands, and the "xid-rcv" field in the "dspu pu ..." configuration command. [CSCdj60826]
- If an RSRB session is disconnected by the local LAN side at exactly the same time as a data message is received from a remote host, a situation can occur that will lead to a crash in llc_get_oqueue_status(). There is no workaround. [CSCdj62026]
- The APPN router may have an excessive amount of processor memory allocated to APPN after experiencing several spikes in APPN processing. The APPN memory manager was optimized to release groups of unused pools back to the operating system. [CSCdj62502]
- FRAS Ban SDLC is non-operational in this release. [CSCdj63803]
- A router may reload if hundreds of QLLC sessions fail simultaneously. [CSCdj67015]
- Any DLUR installation with more than 800 to 1000 downstream PUs may experience a reload with the following backtrace:
[abort(0x601f2c3c)+0x8]
[crashdump(0x601f0b20)+0x94]
[process_handle_watchdog(0x601c2f08)+0xb4]
[signal_receive(0x601b7d58)+0xa8]
[process_forced_here(0x60169424)+0x68]
[locate_node_index(0x607dbcc0)+0x64]
[etext(0x60849e00)+0xcbee04] [CSCdj67966]
- DSPU over RSRB with FST encapsulation reloads with a bus error similar to the following when an upstream or downstream connection is initializing:
System was restarted by bus error at PC 0xCC6B8, address 0xFC4AFC82 4000 Software (C4000-JS-M), Version 11.2(10.3), MAINTENANCE INTERIM SOFTWARE Compiled Mon 01-Dec-97 19:45 by ckralik (current version) Image text-base: 0x00012000, data-base: 0x0076AE64
- The workaround is to use TCP encapsulation for RSRB, or switch to DLSw. [CSCdj68261]
- Some hosts exist that use the unusual behavior of setting the Origin Address Field (OAF) equal to the Destination Address Field (DAF) in traffic on the LU-LU session, instead of setting it to the more usual value of 1. This actually makes it impossible to distinguish whether the LU is dependent or independent, and DSPU has followed the standard SNA convention of assuming that all sessions with OAF greater than 1 were for independent LUs.
- As DSPU only supports dependent LUs, it now assumes that the OAF equal to DAF condition does signify a dependent LU and maps the session accordingly.
- The only workaround is the very restrictive configuration of only using the host LU locaddr 1. [CSCdj69265]
- APPN leaks memory when directory services process unknown locate replies. [CSCdj70886]
- In unusual circumstances, buffer memory leaks can occur in DSPU link station handling. This may lead to messages that indicate a failure because of lack of memory, such as "DSPU-3-LSConnInFailedNoMem."
- This buffer leak can occur only in a short window of time during DSPU link station activation processing and only when the link station fails to activate.
- This buffer leak will never occur for successful link station connections. It will only occur for some unusual types of connection failure that may occur before an XID response has been sent by DSPU back to the connecting link station. Lost memory can only be recovered by reloading the router. [CSCdj75816]
- The LLC2 connection between the router and the DEC server does not connect. [CSCdj75841]
- In an ISL environment with DLSw where the DLSw bridge-group is on one of the ISL VLAN subinterfaces, retransmitted frames from DLSw contain 4 bytes of extra data, causing session loss.
- This problem has been witnessed more severely when the switch port on the trunk between the router and switch is set to auto (negotiation). This causes the switch to default to 100/half while the router is at 100/full, causing collisions, late collisions and overruns. These cause retransmissions that trigger the problem.
- Besides trying to avoid the retransmissions there is no workaround in an ISL/DLSw setup. [CSCdj76634]
- On the Cisco 3600 platform, explorers do not pass through the router when running certain Cisco IOS releases. This has been fixed in CSCdj77329 in Releases 11.1 AA, 11.2 P, and 11.3. [CSCdj77329]
- Under certain conditions, customers may experience a memory leak that leads to a router reset if the Bridge-group Virtual Interfaces for the new Integrated Routing and Bridging feature is not configured correctly.
- When configuring IRB in a router, customers should ensure that they do not configure bridge-group virtual interfaces to logical/physical router interfaces that do not exist. [CSCdj02283]
- When adding to or removing a subinterface from a Frame Relay interface, all DLCIs are brought down until the Frame Relay switch sends the PVC information again. The whole interface resets when a user tries to add the ip address command. A workaround for part of the problem is to turn off CDP globally or on individual interfaces. In this case, turn off CDP on the serial interface before adding or removing subinterfaces. CSCdj02488 (integrated into Cisco IOS Release 11.1(11) and 11.2(5.1)) fixed the rest of the problem. [CSCdj07291]
- A checkheaps crash on the VIP can occur with a POSIP when the line is flapping continuously. This is due to the POSIP getting reset during line up/down events. Line flapping can be minimized by disabling keepalives or reloading one router at a time. [CSCdj26511]
- After unplugging or plugging in the cable, the ATM Lite interface experiences ignores at a low packet rate. The workaround is to issue the shut and no shut commands for the interface. [CSCdj29724]
- A Cisco 2520 low-speed port may sometimes ignore group polls. This problem occurs on average once per minute and appears to occur only when the router is configured for half duplex and is using a DTE cable.
- This problem has minimal impact on the performance of a multidrop line because a FEP usually resorts to individual polling. [CSCdj33392]
- When a serial interface on a Cisco 3600 router is operating in half-duplex DCE mode and the attached DTE device drops RTS too quickly after the end of frame, it is possible that the router will silently ignore the frame.
- The workaround is to enable the interface to run in full-duplex or DTE mode. [CSCdj36625]
- A Catalyst 5000 RSM populated with an ATM port adapter with LANE client(s) configured can get its ATM interface stuck in a down state if a user creates new VLAN interfaces.
- A message similar to "%CBUS-3-CATMREJCMD: ATM0/0 Teardown VC command failed (error code 0x0008)" may be displayed.
- Saving the RSM configuration and reloading its image will clear the error condition. [CSCdj41802]
- If IRB is configured for traffic between an Ethernet and ATM port adapter, the 5-second CPU utilization may be driven to 95 percent because IP traffic is being process switched at the ATM interface. This only happens if IRB is configured on a Cisco 7200. [CSCdj48228]
- A Cisco router does not handle packets appropriately when bridging between LANE and FDDI. [CSCdj51644]
- With IRB configured on the router, IPX clients cannot log in to services on a bridged interface. Removing ipx routing from the BVI fixes the bridged interface but loses routing. At this time this feature isn't supported. [CSCdj54050]
- In rare cases, a Cisco 7200 router with a Token Ring port adapter may crash if one of its Token Ring ports attempts to insert into the ring and fails because of a ring error. [CSCdj59796]
- A Cisco 7200 router continuously reboots when injecting a 1500-byte IP packet to Fast Ethernet. The router is bridging between Fast Ethernet and ATM interfaces and ip routing is disabled. The load is about 50 Mbps, but the router reboots before reaching that input rate. When shutting down the Fast Ethernet interface, the problem does not occur. Even if fast switching is enabled and the configuration is saved, no ip route-cache appears in the configuration after reload. [CSCdj60525]
- AppleTalk might fail when packets are bridged through PPP transit. [CSCdj61857]
- There are several problems that have been fixed in Release 11.2 P and not in 11.3. They are bus error, transmitter hanging, receiver hanging, and performance degradation. There is no workaround. [CSCdj62436]
- A router crashes with a bus error when configuring SRTLB. [CSCdj64480]
- When IRB is enabled, the BVI interface may not overwrite the real incoming interface in the ARP response, so an incomplete ARP entry is installed and "wrong cable" is listed in the debug ARP output. [CSCdj68785]
- A Cisco 3640 running 11.1(15)AA does not allow encaps frame-relay on the serial interface of the router. The router is configured for channelized T1. The router does accept the encapsulation without an error. However, it never shows up in the write terminal output or the show interface serial output. X.25 and PPP encapsulation work fine on the same interfaces. [CSCdj69440]
- In rare circumstances, a Cisco 7200 containing FDDI PAs and configured for source-route bridging, will incorrectly forward an IP packet that contains a RIF field back out onto the same interface that it came. This behavior will result in IP packets "looping" around the FDDI ring until the Time To Live counter reaches 0. There is no known workaround. [CSCdj71082]
- For Fast Ethernet interfaces on Cisco 7500 series, 7200 series, 4000 series, or 3600 series routers, the regular Fast Ethernet PA media-type configuration command is missing the RJ45 option; only the MII option is available.
- For example, on a Cisco 7200 with Fast Ethernet PA 6/0, the problem looks like the following:
- configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
int f 6/0
media ?
MII Use MII connector <--- Only MII, no RJ45
- This problem appears on the following platforms in the specified Cisco IOS releases:
- - Cisco 7200 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3, and 11.3 T.
- - Cisco 7500 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3, and 11.3 T.
- - Cisco 4000 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3, and 11.3 T.
- - Cisco 3600 series: Cisco IOS Releases 11.2, 11.2 P, 11.3, and 11.3 T. (The Cisco 3600 series does not support Releases 11.1 and 11.1 CA.)
- A workaround is available on most of the platforms and Cisco IOS images; to configure for RJ45, use the no media-type MII command. The following is an example of the workaround on a Cisco 7500 with Fast Ethernet PA 0/0/0:
- configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
int f 0/0/0
no media MII <--- switch to RJ45
- This workaround is available on the following platforms running the specified Cisco IOS releases:
- - Cisco 7200 series: Cisco IOS Releases 11.2, 11.2 P, 11.3 and 11.3 T.
- - Cisco 7500 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3 and 11.3 T.
- - Cisco 4000 series: None.
- - Cisco 3600 series: Cisco IOS Releases 11.2, 11.2 P, and 11.3
- Platform defaults are correctly preserved for all platforms and images that default to RJ45. The following platforms running the specified releases default to RJ45:
- - Cisco 7200 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3 and 11.3 T.
- - Cisco 7500 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3 and 11.3 T.
- - Cisco 4000 series: Cisco IOS Releases 11.1, 11.1 CA, 11.2, 11.2 P, 11.3 and 11.3 T.
- - Cisco 3600 series: Cisco IOS Releases 11.2, 11.2 P, 11.3 and 11.3 T. (The Cisco 3600 series does not default to RJ45 media for Fast Ethernet interfaces on Release 11.3 T. The RJ45 port on the Cisco 3600 FE ports will not be usable in images with this problem.)
- This problem first appeared in the following releases: 11.1(16.2), 11.1(15.3)CA, 11.2(10.4), 11.2(10.4)P, 11.3(1.2), and 11.3(1.2)T.
- This problem was fixed in the following releases: 11.1(17.1), 11.1(17)CA, 11.2(11.4), 11.2(11.4)P, 11.3(1.5), and 11.3(1.5)T. [CSCdj75983]
- On rare occasions, a Cisco 7000 family router with a VIP PA-4R Token Ring interface may reload if the user enters the show controller token command. [CSCdj77844]
- If OSPF external routes are summarized using the summary-address command, and the number of external routes being covered by this summary address drops to zero, the external summary will be flushed, but the router originating the summary will not install any matching external or NSSA routes that may be present in its database.
- The router can be forced to install the matching route by using the clear ip route * command. [CSCdj32471]
- BOOTP requests being sent to 0.0.0.0 get forwarded to the gateway of last resort when there is one. [CSCdj33809]
- In some instances, a configured BGP router ID is not used after the router reloads. Instead, the router uses the highest IP interface address as its router ID, until the clear ip bgp command is executed.
- A workaround is to configure a loopback on the interface whose address is greater than any other address on the router. [CSCdj37962]
- If the summary-address statement is removed on a remote router that advertises summary-address routes on only one path, then the core router sees both equal cost paths. This problem occurs on OSPF with NSSA. [CSCdj38067]
- Entering the no ipx routing command and then enabling Enhanced IGRP can crash the router. This is a regression of CSCdj54141. [CSCdj53541]
- If the cost becomes worse or the LSA is purged, an LS type 5 is not generated by the ABR in response to a received LS type 7. [CSCdj55301]
- With certain route-map configurations or soft-reconfigurations, the LOCAL_PREF for a path may be set to zero, resulting in the wrong path being selected. [CSCdj55839]
- The Proteon router's internal address is advertised as a host route not a network in the router's LSA. A host route is represented as a Type 3 link (Stub Network) whose link ID is the host's IP address and whose Link Data is the mask of all ones (0xffffffff). This host route is advertised into all OSPF Areas.
- The interoperability issue with Cisco routers is that the latest learned route to the Proteon's internal address is installed, which may not be the shortest path. [CSCdj56079]
- If you are doing IRB with RFC1483 PVCs, you may see certain IP anomalies such as ARP resolution not working or if the ARP resolutions may take place and yet you cannot ping the neighboring device. [CSCdj58194]
- When the IP multicast tunnels (DVMRP, GRE) are moved from a serial interface to an ATM interface on a Cisco 4700, the packets are process switched instead of fast switched, which causes a lot of CPU (IP INPUT).
- When the serial interface is used for incoming packets and the ATM interface is used for outgoing packets, the problem does not occur. The problem occurs with incoming packets on the ATM interface, and outgoing packets on the serial interface.
- This problem occurs on several Cisco IOS releases. In the configuration the following ATM subinterface were tried: ATM map-list, aal5mux, and aal5snap.
- It seems that incoming packets are not fast switched.
- [CSCdj59076]
- The ARP lookup routine may suspend, causing unexpected behaviors for IP protocols. For example, if the OSPF routing process is traversing a list of neighbors to send LSA packets and the ARP routine is called, the ARP routine suspension could cause a system reset. [CSCdj60533]
- When an unnumbered interface is used with OSPF, OSPF ABR does not generate a summary for some connected networks. A summary for connected networks that is in the same area as the unnumbered interface might not be generated to other areas.
- A workaround is to redistribute the connected network into OSPF to retain connectivity to those networks. [CSCdj60959]
- Under rare circumstances, a BGP router sends BGP updates with a duplicate community attribute, which triggers the neighbor reset. [CSCdj64103]
- Dynamic redistribution into Enhanced IGRP from another routing protocol fails if the routes being redistributed fall within the same major network as Enhanced IGRP. A temporary workaround is to remove the redistribution statement from the Enhanced IGRP configuration, then reinsert the redistribution statement. [CSCdj65737]
- When an interface is configured to send RIP v1 packets while running RIP v2, a router sends out corrupt packets. RIP v2 packets are not affected. There is no known workaround. [CSCdj69026]
- A router may crash when the clear ip route * command is issued if RIP is enabled with output-delay configured. [CSCdj70535]
- When inbound soft-reconfiguration is configured, this bug may cause BGP attributes to be incorrectly set for received prefixes. [CSCdj73336]
- If there are duplicate externals in an OSPF domain, there could be a continuous route flap for a network. [CSCdj75857]
- Before a floating static route is installed, a waiting period is observed when the network is down and unreachable. If IPX watchdogs or SPX keepalives arrive during this time, they will be dropped. This may lead to session timeouts. [CSCdj50629]
- A problem occurs when using a floating static route across an ISDN link and IPX EIGRP is the primary dynamic routing protocol. When the link goes down, the EIGRP route is installed; however, after the floating static route is configured and the line goes down and then back up, there is no route to that network. The EIGRP route is received but never fully installed because of what seems to be incomplete removal of the floating static route. [CSCdj52947]
- This defect is only seen if you disable and reenable IPX/XNS routing. If some interfaces change state during the disable to reenable window, there is a possibility of losing the IPX/XNS background process.
- Symptoms of this problem could be loss of network connectivity, or a slow memory leakage that occurs until the router cannot allocate any more memory and the router needs to be reloaded. [CSCdj57257]
- An access server may encounter high CPU utilization when IPX has been enabled on the asynchronous and ISDN interfaces if the IPX network is very large, has a large number of servers and is unstable. The process that uses the most CPU will be the "IPX SAP OUT" process as shown in the output of the show process cpu command. This CPU is caused by SAP changes or flashes being sent to a number of lines where SAP updates are unwanted.
- A new option to an existing command has been added in response to more than one customer seeing high CPU use due to the sending of SAP updates when they thought they disabled SAP updates. Normal updates were disabled or sent very infrequently but flashes/changes updates are still sent normally. There was no way to disable these flashes without impacting the end clients.
- In Release 11.2, the ipx sap-interval value command is now ipx sap-interval {value | passive}.
- In Release 11.3, a passive option was added to the existing ipx update command making it ipx update interval {rip | sap}{value | changes-only | passive}.
- Release 11.3 will also accept ipx sap-interval {value | passive} but will write out to Non-Volatile Memory in the new form ipx update interval sap {value | changes-only | passive}.
- When the passive option is set, both the normal updates are stopped and the flashes/changes updates are stopped. Queries will still be replied to on this interface. The update interval is set to the same interval used in change-only. For SAP, the interval is 0 and for RIP the interval is a large value. Any SAP or RIP heard on these interfaces will use that value for aging, effectively taking a very long time to age out. [CSCdj59918]
- TCP sessions terminated on a router may experience increased delays in unstable environments with large RTT, lost packets, and interoperating with TCP stacks with no fast retransmit and no congestion avoidance.
- The normal issues when running TCP in the above environment can be exacerbated by an issue where the router may not buffer out of order datagrams up to the advertised window size.
- This is no known workaround, but this appears to only be a problem in rare situations with sessions to TCP stacks of suboptimal design. [CSCdj68834]
- The router may reload when running DLSw over TCP on a router under heavy load with the DLSw TCP sessions resetting frequently because of flapping links or configuration changes. [CSCdj72482]
- When a router is enabled for VINES routing and if any VINES command has been issued on any active interface, that interface is considered an active VINES interface and would cause periodic VINES updates to be sent out on that interface. This problem exists even after the VINES commands have been removed (using the no prefix). These invalid updates could cause neighboring VINES routers' routing tables to be invalid.
- As a workaround, if VINES is enabled in the router, issue the no vines metric command on all active interfaces that are connected to a VINES network or interfaces on which an interface VINES command (for example, vines update interval 60) was issued. [CSCdj73582]
- With a router running NetBIOS Frames Protocol (NBF) over Token Ring, a device connected via Async or ISDN with PPP encapsulation will appear to connect successfully but will be unable to see other NetBIOS devices in a domain. [CSCdi72429]
- ARP replies are not sent over a PPP multilink interface. As a workaround, you can configure a static ARP on the remote device or disable PPP multilink. [CSCdi88185]
- When using DLCI prioritization on a point-to-point Frame Relay subinterface and one of the DLCIs fail, the subinterface may bounce once or continually bounce during LMI full status reports, depending on whether LMI reports the DLCI as being DELETED or INACTIVE. This behavior is the same for every DLCI defined in the priority-dlci-group.
- During normal behavior, the point-to-point subinterface should go down when the primary DLCI fails. If a secondary DLCI fails, the subinterface stays up, but traffic destined for that DLCI only will fail. [CSCdj11056]
- A Cisco router running Release 11.1(6.1) can experience an input queue wedge on the serial interface. The symptoms are dropped packets on the interface. The only way to clear this problem is to reload or power cycle the router. [CSCdj17547]
- A router may stop making Frame Relay SVC calls after a long time. [CSCdj29722]
- In the ISDN Layer 2, Layer 3, and management entity tasks, memory pointers are becoming invalid. The problem appears to be a result of a race condition between tasks when memory is freed in one task, and then another task attempts to access this now invalid pointer. This scenario has only been seen on ISDN BRI platforms in which a number of the BRI interfaces experience persistent deactivation such that the management entity is shutdown, and so on. Add validmem_complete() checks before accessing pkt, pkg, or primitive pointers, and before freeing these same. [CSCdj40403]
- You may experience issues with the PRI hanging or being busy when all channels are not in use. This is usually accompanied by the following console messages:
ISDN Se9/0/1:23: Error: CCB run away: 0x61D97560:
ISDN Se9/0/1:23: Error: CCB run away: 0x61C494F8:
ISDN Se9/0/1:23: Error: CCB run away: 0x61C494F8:
- A Call Control Block (CCB) is an internal structure. There should only be one per call and B-channel. Looks like there are duplicated call IDs and B-channels, possibly caused by calls that are failing and not getting cleaned up.
- The only workaround is to reset the controller manually. This can be done by issuing the shut and no shut commands on the interface or reload the router. [CSCdj48055]
- A direct broadcast with a physical-broadcast destination MAC address is not forwarded to the helper address over an ATM/LANE interface. [CSCdj51378]
- When the commands ip tcp header-compression and ppp multilink are configured together on the same interface, it can cause the router to crash.
- The workaround is to remove the ip tcp header-compression or ppp multilink command. [CSCdj53093]
- When a configuration of two systems has Frame Relay LMI timeouts set differently on DTE and DCE systems, the PVCs could remain active but no data would be transferred because one system would have declared the connection inactive while the other system still thought it was active.
- The workaround is to set the timeout values the same using the lmi-t392dce parameter. [CSCdj53354]
- A Cisco 4000 router reloads when frame-relay traffic-shaping is unconfigured.
- The only workaround seems to be to delete the configuration on the router, reload it, and restore the configuration. [CSCdj61097]
- When configuring map-class frame-relay BC committed-burst-size, the system may encounter a CPU exception with reason = EXEC_ADERR(1200) and restart.
- There is no workaround, and is an intermittent problem. [CSCdj62139]
- This bug pertains to utilizing Frame Relay SVCs between Cisco 7000 series routers and a Bay BNX switch.
- Cisco IOS software appears to not include the magnitude parameters for Be and Bc on the SVC CONNECT message (it only includes them in the SETUP message). The SVC circuits are on S4/0 for both routers. Without the magnitude parameters, the biggest value Bc and Be can be is about 130 KB.
- There are no known workarounds at this time. [CSCdj63173]
- Some Windows 95 Dial sessions that use script files fail to connect to an asynchronous interface on Cisco access servers. [CSCdj63311]
- When X.3 parameter 13 is set to 1, an incoming X.25 data stream is masked with the TTY data-character bits mask to extract the original data sent by the remote X.25 host. [CSCdj63533]
- A Frame Relay interface configured for ANSI LMI will acknowledge a Cisco LMI update when the router should ignore it. [CSCdj64207]
- Switching X.25 calls without CUD will result in a bus error and, subsequently, reload of the router. [CSCdj64505]
- The map-class commands frame-relay bc out and frame-relay be out are accepted by the Enterprise image. These parameters are relevant for SVC setup. However, the traffic shaping code does not use them. As a result, the values appear to be unset. This behavior can be avoided by using the commands frame-relay bc number and frame-relay be number. [CSCdj65624]
- TCP sessions originated over a router running Multilink PPP can see sessions reset. This occurs only if there is more than one link in the multilink bundle and is due to the TCP sequencing number being corrupted.
- With the enable mode debug ip tcp transactions command you will see a false sequence number of 4278386749.
- The current workaround is to either disable Multilink PPP or set the interface command multilink max-fragments 1. [CSCdj66824]
- Frame Relay is broken. Most of the protocols on Frame Relay may not work and packets may get dropped or misbehave as parsing of packets is not properly done in some cases. [CSCdj67384]
- Configuring a PVC with the frame-relay interface-dlci command on multipoint subinterfaces caused a system reload if the PVC had previously been learned through Inverse ARP. [CSCdj67510]
- A "%LINK-3-TOOBIG: Interface Lex1, Output packet size of= 1520 bytes too big" error was seen on a Cisco 4500 router after upgrading to Release 11.2(9). [CSCdj69018]
- Any IPX dialup connection using ISDN or any form of PPP Multilink will not see a server list if they are using the 32-bit Netware Client or any device requiring an IPX RIP response.
- This is a regression introduced by CSCdi72429. As a workaround, use a client that does not require IPX RIP, such as the Microsoft Netware Client. [CSCdj70744]
- Sometimes an asynchronous interface running PPP framing will not come up automatically after a reload.
- A workaround is to change the line speed or to clear the line or to issue the configuration commands shutdown and the configuration command no shutdown in succession. [CSCdj72909]
- When LANE subinterfaces are part of a bridge group, the bridged traffic does not use the data direct VC. [CSCdj72939]
- When some Cisco routers are reloaded, it has been observed that the ISDN Layer 2 will not come up. This has been observed on the Cisco 2500 and 1600 routers mostly. Under these circumstances, it will not be possible to make any ISDN calls. No workaround is possible. [CSCdj76151]
Posted: Fri Sep 8 13:52:10 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
