Cross-Platform Release Notes for Cisco IOS Release 12.4, Part 5: Caveats

This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.4, up to and including Cisco IOS Release 12.4(18). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.

How to Use This Document

This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:

•

The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.

•

The "Resolved Caveats" sections list caveats resolved in a particular release, but open in previous releases.

Within the sections, the caveats are sorted by technology in alphabetical order. For example, Interfaces and Bridging caveats are listed separately from, and before, IP Routing Protocols caveats. The caveats are also sorted alphanumerically by caveat number.

If You Need More Information

For more information on caveats and features in Cisco IOS Release 12.4, refer to the following sources:

•

Bug Toolkit—If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Products and Services: Cisco IOS Software: Cisco IOS Software Releases 12.2: Troubleshooting: Bug Toolkit. Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.

(If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)

•

Release Notes for Cisco IOS Release 12.4—These release notes describe new features and significant software components for Cisco IOS software Release 12.4.

Note

Release notes are modified only on an as-needed basis. The maintenance release number and the revision date represent the last time the release notes were modified to include new or updated information. For example, release notes are modified whenever any of the following items change: software or hardware features, feature sets, memory requirements, software deferrals for the platform, microcode or modem code, or related documents.

The most recent release notes when this caveats document was published were Release Notes for
Cisco IOS Release 12.4, for Cisco IOS Release 12.4(18) on December 21, 2007.

Open Caveats—Cisco IOS Release 12.4(18)

This section describes possibly unexpected behavior by Cisco IOS Release 12.4(18). All the caveats listed in this section are open in Cisco IOS Release 12.4(18). This section describes severity 1 and 2 caveats and select severity 3 caveats.

Basic System Services

Symptoms: Some object of the ciscoFlashCopyTable and ciscoFlashMiscOpTable cannot be read after row creation.

Conditions: This symptom is observed for any newly created rows in these tables.

Workaround: Objects will become readable immediately after being set. Additionally, rows can still be activated in these tables even if all objects cannot be read. Any objects that cannot be read contain their MIB-defined default value.

Conditions: This symptom is seen when running show commands on an EXEC session that has been established through one of the integrated modems on a WIC-AM or WIC-2AM.

%ALIGN-1-FATAL: Corrupted program counter 20:09:00 UTC Mon Oct 1 2007 pc=0x0 , ra=0x61BF35B4 , sp=0x706C3E30

20:09:01 UTC Mon Oct 1 2007: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x0

Conditions: This has been experienced on a Cisco 3845 router running Cisco IOS Release 12.4(16) after configuring the following command under "line aux 0':

Interfaces and Bridging

Symptoms: While testing OIR on an RSP router, packets drop before doing actual OIR. Packet count was around 8500, but it is expected to be 10,000. OIR works fine and because of the initial packet drop, traffic was dropped after OIR too.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(17.7).

IP Routing Protocols

Symptoms: On a router that runs Cisco IOS Release 12.4 and that is configured for BGP, spurious memory accesses may occur and the router may reload unexpectedly.

Conditions: This symptom is observed in a Carrier Supporting Carrier configuration.

Symptoms: A carrier supporting carrier (CsC) Multiprotocol Border Gateway Protocol (MPBGP) connection between two PE routers may remain in the active state but never become established.

Symptoms: Rate-limiting that is configured via MQC does not function on a multilink interface that is configured with MDS when the policy is applied as an output policy. Because of this situation, traffic is not rate-limited, and all traffic passes through.

Conditions: This symptom is observed on a Cisco 7500 series with an RSP that runs Cisco IOS interim Release 12.4(11.6a).

This symptom is very corner-case and might occur in a very rare situation. Normally EIGRP is platform independent, but the symptom has never been observed on the other platform combination.

Symptoms: When 2811 is reloaded, 2811 and Cat3750 sometimes cannot establish EIGRP neighbor completely. 2811 is repeating "resync: peer graceful-restart" forever, and Cat3750 is repeating "up: peer NSF restarted" forever.

Symptoms: A Cisco router can experience Alignment Errors related to NAT. These Alignment Errors are related to NBSS.

Conditions: The conditions under which this symptom occurs are not presently known.

Symptoms: ARP entry is not created in the router, and NAT translations are not happening with RADIUS configuration.

The configured max-threshold/minimum-threshold option on Selective Packet Discard (SPD) gets lost when the router is reloaded.

Router#sh run | inc spd <<- This only shows the Min-threshold that is set and not the max-threshold

Conditions: If the configured minimum threshold value is greater than default maximum threshold value OR maximum threshold value is less than default minimum threshold value, the parser will complain "min-threshold must be less than default max-threshold" or "max-threshold must be greater than min-threshold" while doing the system reload.

Workaround: After system finishing the initialization, if the spd max-threshold or min-threshold commands disappeared, user needs to reconfigure the ip spd max or min threshold command.

Further Problem Description: The current IOS design to allow user to only configure spd max-threshold and minimum-threshold on separate commands while both values are co-related to each other, the spd minimum threshold has to be less than spd maximum threshold. When the first spd threshold command entered, the parser will use the default max/mini value for reference if the value entered is fine. But, that is not always true since the user may change the other value in the next command to adjust the thresholds.

%ALIGN-1-FATAL: Illegal access to a low address addr=0x14, pc=0x614B6868 , ra=0x614B6810 , sp=0x642EC908

Conditions: This has been observed on a router running Cisco IOS Release 12.4(16).

Symptoms: A router that is configured for NAT might not correctly translate H225/H245 OpenReceivedChannelAck packets when going from outside to inside.

Conditions: This was observed on a Cisco 1841 router running Cisco IOS Release 12.4(16) but could be observed on other platforms.

Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.4(13b).

Symptoms: EIGRP routes from the master(7206-w2) to switch do not propagate, and EIGRP neighbor flaps on switch(4500-sw2) after starting traffic from IXIA.

Conditions: Before traffic starts, the routes are received correctly, and once traffic starts, neighbor starts flapping and EIGRP updates are not sent between switch 4500-sw2 and 7206-w2 device.

Symptoms: While testing multicast functionality with IMA, no reply is received from the subinterfaces when the multicast group address is pinged.

Conditions: This issue is seen in routers that are running Cisco IOS Release 12.4(17.7).

Symptoms: VIP log, with interfaces configured with NAT may show the following error messages and will end up crashing due to address error exception:

Symptoms: Once the eigrp goes down, bgp installs the major network in the routing table. Once eigrp comes up, it installs the subnet routes in the routing table and BGP major network remains in the routing table also bgp local source route is not installed in bgp table.

Analysis: Problem is not seen with class C network because it is configured with the mask 24. It happens if class A or B networks is subnetted.

R1- Running eigrp only and advertising routes to R2 and R3. R3 Running eigrp with R1 and IBGP with R4. R4- Running eigrp with R1 and IBGP with R3.

1. Eigrp goes down and R3 ,R4 removes the eigrp routes learned from R1, bgp also withdraws the routes.

2. Eigrp comes up between R1 and R3 routers. R1 advertises the routes to R3. now R3 bgp has valid IGP learnt route hence sends the update to IBGP peer R4.

3. In R4 eigrp is not up yet hence installs the IBGP learnt route to routing table.

4. In R4 EIGRP comes up and installs the subnets in the routing table. If net matches with mask, BGP route is removed from the routing table.

5. Routing table has entries for both major nets (learnt via bgp), subnet (learnt via eigrp).

Suppose 1.1.1.0/24 and 200.1.1.0/24 is eigrp learnt routes. Bgp has auto- summary enabled so it installs the 1.0.0.0/8 and 200.1.1.0/24 in the BGP table.

So after the point 3, R4 routing table has 1.0.0.0/8 and 200.1.1.0/24 in routing table. Once the eigrp comes up between R1 and R4 eigrp replaces the 200.1.1.0/24 in routing table whereas 1.0.0.0/8 remains in routing table as bgp route and 1.1.1.0/24 is installed as EIGRP learnt routes.

Conditions: The crash is seen when the EasyVPN connection is being re-established.

Further Problem Description: The crash sometimes happens when the EasyVPN connection is going up and down.

Symptoms: The show ipv6 rpf command does not display the right RPF recursion count if IPv6 non-looping static recursive routes are configured.

Conditions: This symptom is seen on a Cisco 7200 router that is running Cisco IOS Release 12.4(17.9)T.

Symptoms: IKE fragmented packets with offset greater than 0 cannot pass NAT router from outside to inside when process switching.

Symptoms: Tracebacks could be seen on a router when an interface connecting PE-CE (ProviderEdge-CustomerEdge) routers running EIGRP, MPLS is brought down.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(17.9)T.

Miscellaneous

Symptoms: The traffic back (reverse direction) to Node behind MR is not tunnelled by HA.

Conditions: This symptom has been observed with MR registered with Reverse Tunnel enabled. This symptom has been observed on Cisco IOS Release 12.4T but not on Cisco IOS Release 12.4.

Symptoms: The connect global configuration presents duplicate options; that is, there appear to be two switching subsystems.

Conditions: This symptom is observed on a Cisco router when you attempt to configure the connect global configuration command for ATM.

Symptoms: A router that functions as an SSG with a tunnel service may crash while clearing a large number of host objects.

Conditions: This symptom is observed when you first access the tunnel service and then enter the clear ssg host all command to clear a large number of host objects and then enter the clear pppoe all command to clear the PPPoE users.

Symptoms: Inbound calls on a MGCP controlled CAS trunk may experience symptoms where the call does not complete and the calling party hears dead air. When this occurs, it will be experienced at that particular timeslot on the digital trunk until some manual intervention take place to correct this.

Conditions: This has been found to occur at times on Cisco IOS VoIP gateways with CAS trunks configured from MGCP back to Cisco Unified CallManager (CUCM/CCM). An inbound call on a timeslot that is in this state will show the vtsp state in show voice call summary as S_DIGIT_COLLECT and will not progress past this point.

Once source of this issue has been when the status of the timeslot on the CallManager and the gateway are not the same. For example, the CallManager may indicate that the channel is out of service (OOS) while the gateway has the status of this timeslot as in-service (idle). Please refer to CSCef58219 which has seen to lead to this state. If this issue is being seen because of this difference in status between the CallManager and the IOS gateway, the recommended action is to upgrade the CallManager with a release that contains the fix for CSCef58219.

Workaround: The only known workaround to prevent this issue from occurring is to use H323 instead of MGCP with CAS trunks.

Symptoms: A Cisco router that is running Cisco IOS Release 12.4 may leak memory while making H323 voice calls. This may eventually lead to a low memory condition followed by a reload.

Conditions: The issue is observed on a Cisco 2800 series router that is running Cisco IOS Release 12.4(7c) and 12.4(16.6) interim software.

Symptoms: EAPoUDP sessions may enter into an infinite loop when you remove the protocol-specific (FTP, Telnet, or HTTP) rule by entering the ip admission name admission-name proxy global configuration command.

Conditions: This symptom is observed on a Cisco router only when the global protocol-specific rule is removed.

Workaround: Do not remove the protocol-specific rule. Rather, enter the no ip admission name admission-name command.

Symptoms: After an AP1240 is power-cycled, it may unexpectedly reload while booting, with messages similar to the following:

*Mar 1 00:00:05.314: %SOAP_FIPS-2-SELF_TEST_IOS_FAILURE: IOS crypto FIPS self test failed at random_gen test

Conditions: This symptom is observed on an AP1240 that is running Cisco IOS Release 12.4(3g)JA2.

Workaround: There is no workaround. The AP will eventually boot normally, possibly after crashing once or thrice.

Symptoms: Authentication proxy forces the clients to do HTTPS-based authentication. This action should not happen when authentication proxy is configured to do HTTP authentication.

Conditions: This symptom has been observed when the ip http secure- server command is enabled on the router.

Symptoms: A Versatile Interface Processor (VIP) may crash while a T1 or E1 is being configured.

Conditions: This symptom is observed with a VIP in which a PA-MC-8T1E1 port adapter is installed that is configured with either a T1 or an E1 controller.

Symptoms: A Cisco router that is running Cisco IOS software crashes with a `CPU signal 4' illegal opcode exception.

Conditions: This symptom is observed on a Cisco gateway router that is configured with H323.

Symptoms: A router log contains the following error message, and its performance becomes severely degraded:

%SYS-3-CPUHOG: Task is running for (2004)msecs, more than (2000)msecs (4/3),process = DNS Server.

Conditions: This symptom is observed on a Cisco router that performs many DNS lookups.

Workaround: Configure the router in such as way to prevent it from performing many DNS lookups, and do not configure the router as a DNS server for other devices.

Symptoms: A router that has a Cisco IOS firewall enabled may crash because of a breakpoint exception after the following error message has been generated:

%SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 66596A90. -Process= "IP VFR proc and %SYS-2-BADSHARE: Bad refcount in pak_enqueue

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(7) or Release 12.4.(12) when the ip virtual-reassembly command is enabled on an interface.

Workaround: Disable the virtual fragment reassembly (VFR) configuration on the interface by entering the no ip virtual- reassembly command.

Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoFR and that has a service policy attached.

Ping to local address fails after IP local pool address reassigned to same host after recycle delay timer expires.

Conditions: This symptom is observed on a Cisco router after you have reloaded the router.

Workaround: Detach the policy map from the interface and then re-attach it to the interface.

Conditions: This symptom is observed after the Cisco IOS client is configured, followed by a write and a reload.

Symptoms: Packets are dropped for a specific class map under policy-map interface.

Conditions: This symptom is observed on a Cisco router when the show policy-map interface command is issued.

Symptoms: When WRED is configured in a traffic policy on a out interface, the policy class matches the packets flowing through, but the WRED queue does not get updated and shows all zeros.

Conditions: After packets are sent from one end of the setup topology to another, the router with WRED enabled on a output traffic policy, the WRED queue does not update information on traffic while the policy map matches the packets appropriately.

Symptoms: An NM-CE module no longer comes online after upgrading to Cisco IOS Release 12.4.

Conditions: The conditions under which this symptom occurs are presently unknown.

Further Problem Description: Running the c3745-adventerprisek9-mz.124-13a.bin image on a Cisco 3745 router has resulted in the NM-CE module as failed:

------ 3745-border#service-module Content-Engin 1/0 status Service Module is Cisco Content-Engine1/0 Service Module supports session via TTY line 33 Service Module is failed Service Module status is not available ------

Even though the router shows the module as failed, you can still session into the module just fine and see that it is healthy. This has been reported to occur on the above software version, on the following platforms: 2651XM, 2691, and 3745.

The hardware inventory for a router that experiences this problem is as follows:

NAME: "c3745 Motherboard with Fast Ethernet", DESCR: "c3745 Motherboard with Fast Ethernet" PID: C3745-2FE , VID: 2.0, SN: XXX

NAME: "Two port T1 voice interface daughtercard", DESCR: "Two port T1 voice interface daughtercard" PID: VWIC-2MFT-T1= , VID: 1.0, SN: XXX

NAME: "Two port T1 voice interface daughtercard", DESCR: "Two port T1 voice interface daughtercard" PID: VWIC-2MFT-T1= , VID: 1.0, SN: XXX

NAME: "Virtual Private Network (VPN) Module", DESCR: "Encryption AIM Element" PID: AIM-VPN/HPII-PLUS , VID: NA, SN: XXX

NAME: "80GB IDE Disc Daughter Card", DESCR: "80GB IDE Disc Daughter Card" PID: EM-CE-80G , VID: NA, SN: XXX

NAME: "FastEthernet/WAN V2", DESCR: "FastEthernet/WAN V2" PID: NM-2FE2W-V2= , VID: 1.0, SN: XXX ------

Symptoms: QoS takes ATM interface default bandwidth for all calculations even when vbr-nrt is set.

Conditions: This symptom is observed when ATM+QoS is configured on a Cisco 7500 router.

Symptoms: An MGCP gateway sends DTMF using NTE payload when it is configured to do it via NSE.

Conditions: This symptom is observed when the MGCP gateway is configured with the mgcp dtmf-relay voip codec all mode nse command and DTMF digits are transmitted.

Symptoms: Multiple tracebacks are seen on a Cisco 5400XM that is operating as an IPIPGW while transcoding calls from G.729r8 to G.711.

Conditions: This symptom is observed in Cisco IOS Release 12.4(15)T under normal circumstances even with a single call.

Symptoms: In a mesh network with AP 1510 and AP 1520/1240/1130, 802.11h channel change management frame sent by 1520/1240/1130 will probably not be handled by AP 1510. As a result, channel change on the RAP will not be propagate to the AP 1510 children mesh node. However, channel change management frame is correctly handled between 1520/1240/1130 AP or within 1510 APs themselves.

Conditions: This symptom is observed in a mixed mesh network with both 1510 and 1520/1240/1130 as parent and children nodes.

Symptoms: A secondary processor may crash when one is copying a file onto a subdirectory in a slavedisk from the master and at the same time renaming the subdirectory and then deleting the file from the slave console.

Conditions: This symptom is observed on a Cisco router that has an ATA file system.

Workaround: Do not rename the subdirectory and delete the file when it is being copied to the subdirectory in disk.

Conditions: This symptom is observed when dMLP+QoS+RPR+ is configured on a Cisco 7500 router and a shut command is issued on controller of MCTE1 or MC-STM1.

%PPP-3-MLPFSREENTERED: Multilink fastsend reentered, bundle Vi9 (Springfield), packet discarded, -Traceback= 0x169E384 0x2067680x1A80C4 0x195A80 0x17EEA0 0x725E60 0x71D04C 0x71E13C 0x1B9B914 0x252C82C 0x252D3C8 0x206660 0 x206AC0 0x1E64BC 0x7DA19C 0x7DDD70

Conditions: This symptom is observed when a driver calls an incorrect function to free up TX ring entries.

Symptoms: When running 1x10-7 pattern on a T1 with encapsulation types HDLC or PPP, getting link up/down with traffic running at bandwidth speeds. Serial interface will drop after 30 seconds to 3 minutes of testing.

Conditions: This symptom is found with Cisco 3600 and Cisco 3700 platforms that use the NM-4T card. Problem was found in lab environment using the following:

Workaround: If the VFR configuration is removed, fragments are passed as expected.

Symptoms: A router crashes because of the stack for process Exec running low on configuring auto QOS on an ATM subinterface.

Conditions: This symptom is observed on a Cisco RSP router that is running Cisco IOS Release 12.4(16.14c).

From the show stack, it seems that it could be bug CSCsd29469; however neither platform nor Cisco IOS version is listed in the bug description.

–

The router keeps dropping SNMP packets. The log shows that the packets are dropped because of the input queue being full. Though the utilization is sometimes high, this could not be the root cause because the router keeps dropping packets regardless of the current utilization. Also, the SNMP process takes 5 to 20 percent of the CPU load.

Workaround: Exclude the ciscoMemoryPoolMIB from your query and the issue should hopefully be resolved. To do this, enter the following commands:

And apply this view to the RW community string. This view will exclude only ciscoMemoryPoolMib; all other MIBs will be available.

Symptoms: When ima group subinterface (atm1/ima1.14016) is configured before a no shut command is issued on the ima group interface, the maximum value vbr-nrt PCR option is displayed as 1536/1920(T1/E1) instead of as 1523/1904.

Conditions: This symptom is observed if the ima group subinterface is configured before a no shut command is issued on the ima group interface.

Workaround: Configure the ima group interface and then configure image group sub-interface.

Symptoms: When configuring zone based firewall, when making an incoming call through the POTS/PRI, the phone rang but no voice.

Symptoms: If there is a flap in the interface, the FIP entries fail to get regenerated. Hence, most of the ping operations are affected.

Conditions: This symptom occurs when the command is executed on a Cisco router that is running a Cisco IOS Release 12.4(17.4)T1 image.

Conditions: This symptom is observed when dLFIoFR+QoS is configured on a Cisco 7500 router and "micro reload" is issued.

Conditions: This symptom is observed when more than one access list is defined in a user-defined class on a Cisco 7500 router.

Symptoms: When the configured queue limit is greater than 64 packets for class-based traffic shaping, the actual queue limit is 64 packets. In other words, even though the queue-limit command is accepted, it seems to have no effect.

Conditions: This problem is seen where a class-based shaper is applied outbound on an Ethernet port and queue limit, bandwidth, and shaping are configured under the class.

Conditions: In a topology as follows, we saw more delayed packets with a c2811 than with 2600:

After that, he disconnects the cable on the c26xx and exchanges the c26xx with a c2811.

Put the SAME Config in connect the same cable and do the test again....He sees more delayed packets.

His test application shows differences in performances. 2600 performs better, whereas 2811 fails with QOS.

14:04:23 UTC Mon Oct 1 2007: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x612D33BC

Conditions: This symptom is observed on a Cisco 3845 router that is running Cisco IOS Release 12.4(17) and that has an Etherswitch module (NM-16ESW) installed.

Symptoms: A memory leak may occur in process "PPP IP Route" on a 7301 series router. The router has approximately 3119 session(s) locally terminated PPPOA 145 PPPOE 2974.

Conditions: This symptom is observed on a Cisco 7301 NPE that is running Cisco IOS Release 12.3(14)T and that is configured for PPP over Ethernet (PPPoE) and ATM (PPPoA). There was high CPU utilization seen at the time of this issue. The symptom may be platform and Cisco IOS version independent.

Further Problem Description: When the issue was seen, the Free Processor memory went down to 8 kbytes, which then started to recover gradually. At one point the Free memory had reached 0 kbytes; however no reload was done and memory had recovered.

Symptoms: Call transfer in CME using IVR application breaks from the second call transfer.

Conditions: While using IVR application app-h450-transfer.2.0.0.11.tcl in CME for call transfer.

Conditions: Issuing the modemui command with a large input parameter in the [modem-commands], such as:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_ guide09186a0080087bf9.html

AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is located either in the local user database or on the security server, to configure the user's session. Once this is done, the user will be granted access to a requested service only if the information in the user profile allows it. For a complete description of authorization commands, refer to the following links:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hs ec_c/part05/schathor.htm

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_ser ver_for_windows/4.1/user/SPC.html#wpxref9538

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_ser ver_for_windows/4.1/user/GrpMgt.html#wp480029

The Role-Based CLI Access feature allows the network administrator to define "views," which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices. The following link provides more information about the Role-Based CLI Access feature:

http://www.cisco.com/en/US/netsol/ns696/networking_solutions_white_paper 09186a00801ee18d.shtml

Due to the nature of this vulnerability, networking best practices such as access control lists (ACLs) and Control Plane Policing (CoPP) that restrict vulnerable device access to certain IP addresses or subnetworks may not be effective. Device access best practices provide some mitigation for these issues by allowing systemic control of authenticated and unauthenticated users. Device access best practices are documented in:

http://www.cisco.com/application/pdf/en/us/guest/products/ps1838/c1244/c dccont_0900aecd804ac831.pdf

Symptoms: RPM-PR crashes if traffic is running and the multilink header compression format is changed from IPHC to IETF.

Conditions: This symptom is observed when the format is changed while traffic is flowing.

Workaround: Do not change the format while traffic is running, or shut down the multilink before changing the format.

Symptoms: Cisco IOS software crashes. Memory allocation failed atm_vpivci_to_vc.

Symptoms: Routers that run Cisco IOS Release 12.4(13b) and 12.4(16) crash when the show crypto pki timers command is executed.

Symptoms: The SSH sessions hangs. If any commands is entered, the VTY session just hangs.

Conditions: This happens for any commands that are entered on the router. Once the SSH keys are generated, the problem goes away.

Workaround: Consoling into the router seems to have resolved the problem. Once the user consoles in, the SSH keys are generated and the problem goes away. Also, rebooting the router also has fixed the problem.

Further Problem Description: The VTY sessions from previous users, which also hanged, never get deleted from the routers memory. The VTY sessions still shows active, although the user has logged out. However, once the SSH keys get generated, everything is ok. The SSH keys generation gets delayed because of memory fragmentation caused by the IP Input process.

Symptoms: The multilink2 interface does not come up with the service policy applied.

Conditions: This symptom is observed on a Cisco router when the show interface Multilink2 command is entered.

Symptoms: MDT state is incorrect after configuring the MDT filter back on the RR.

Conditions: This symptom is observed on a Cisco 7200 router that is running Cisco IOS Release 12.4(17.9)T.

Oct 31 22:55:21.282: %SYS-3-MGDTIMER: NZ prev pointer but not running, timer = 64C37818. -Process= "IP Input", ipl= 4, pid= 66 -Traceback= 0x60746048 0x6084EA34 0x6084F14C 0x62333AD8 0x62337C70 0x62306494 0x623068B0 0x60A40654 0x60A416F8 0x60A41778 0x60A41964 Oct 31 22:55:48.894: %SYS-3-MGDTIMER: Setting zero expiration time, timer = 64132350. -Process= "IPSEC key engine", ipl= 4, pid= 150 -Traceback= 0x60746048 0x6084E9A8 0x6084FA18

22:55:48 zulu Wed Oct 31 2007: Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x60815B08

Conditions: This symptom has been experienced on a Cisco 7206VXR that is running Cisco IOS Release 12.4(16).

*Nov 5 16:43:57.823: MAC ERROR: ar5212StopTxDma: interface Dot11Radio0/2/0: Failed to stop Tx DMA of queue 4 in 300 msec

Symptoms: Autoinstall program does not automatically run over at T1 interface. Autoinstall works natively on Ethernet interfaces, meaning no manual configuration is needed. Autoinstall should work the same way over a T1 interface.

Conditions: ISR routers running 12.4(9)T do not support Autoinstall over a T1 interface. Zero Touch ISR deployment calls for Autoinstall to function over a T1 interface without manual configuration intervention.

Workaround: For Ethernet, Autoinstall does not require any manual configuration, it automatically detects the physical connection on the Ethernet port and starts broadcasting DHCP requests on that interface. For Zero-Touch this is the desired behavior. Over a T1 interface Autoinstall does not detect/broadcast on the connected T1 interface as it does for Ethernet interface. For T1 manual intervention is needed to configure the serial interface on the desired T1.

The workaround to get Autoinstall to work is to manually configure the T1 interface to create a serial interface. Then you need to assign an ip address and network mask to that serial interface. For Zero Touch this behavior is undesirable due to the manual intervention to configure both, the physical T1 and the serial interface off that T1.

Symptoms: A Cisco 7200 router with PA-VXC/B may not respond to the console and may hang.

Conditions: Cisco 7200 router with a PA-VXC/B can get into a hang state when a connection trunk is configured or with active calls over the PA.

Symptoms: Both end interfaces are down and need to reload routers with "loopback remote full" after clear service-module.

Conditions: This happen if loopback line or loopback dte is initiated and cancelled before initiating loopback remote full.

6. It does not cancel loopback remote successfully and both interface s0/3/0 of 3825 and 3845 are down.

Both ends show unexpected information in show service-module "remote loopback (remotely initiated) is in unknown" state.

Symptoms: Packets can get dropped because of CEF punts when configuring L2TP VPDN tunnels over Ethernet links.

Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS 12.4(17.10b) software image.

Symptoms: A gateway receives a single route from Route Server but sends call setup to another gateway from buffered ip. It is most likely an ip from its history to which it had previously sent a call.

Conditions: This symptom is observed on a Cisco 5400XM that is running Cisco IOS Release 12.4(9)T3 and on non-XMs that are running Cisco IOS Release 12.4(7e).

Symptoms: An IMA bundle bounces constantly in 10-second intervals with 4 T1s in the IMA bundle and upstream router providing clocking for the 4 T1s. HEC errors, cell delineation lost, and cell validation errors increment while the flapping occurs. Occasional clock slips are seen on the T1 controllers.

Nov 1 21:00:20.179: %ATM_AIM-5-CELL_ALARM_UP: Interface ATM0/0/0 lost cell delineation.

Nov 1 21:00:20.379: %ATM_AIM-5-CELL_ALARM_DOWN: Interface ATM0/0/0 regained cell delineation.

Nov 1 21:00:20.411: %ATM_AIM-5-NO_LINK_MEMBERS: ATM0/IMA1 is using channel 1 but has no configured links.

Nov 1 21:00:21.107: %ATM_AIM-5-ACTIVE_LINK_DOWN: Interface ATM0/0/0 of IMA Group ATM0/IMA1 is now inactive.

Conditions: These symptoms are observed on a Cisco 3825 with an aim-atm module and two vwic2-2mft-t1e1 WIC cards connecting to a Cisco 7500 with an 8T1-IMA port adapter. The Cisco 7500 provides the clocking for the 4 T1s, and the Cisco 3825 is using network-clock-select for the T1s and network-clock-participate WIC 0 and 1.

Symptoms: TCP sessions over IPIP / IPsec tunnel with CBAC work well for 30 seconds and then are dropped. After that the router sends ICMP unreachables ("Administratively prohibited") back to the source of denied TCP traffic. The problem occurs when TCP inspection is applied to IPIP tunnel interface in the inbound direction and there is a corresponding "deny" ACL.

The debug ip inspect tcp command shows that CBAC processes only initial SYN packet from the tunnel and does not see any other TCP packets in the session. CBAC creates half-open TCP session + ACL pinhole and deletes them both after 30 seconds by SYNWAIT timeout. After deleting ACL pinhole, the TCP session is dropped.

–

Disable CEF and Fast Switching on all interfaces to enable Process Switching (not recommended).

Symptoms: When using two WIC-1ADSL modules in a Cisco 2811, only one will work. The other interface is seen as "initializing." The two modules work fine when used separately in the router.

08:32:13 AEST Tue Nov 20 2007: TLB (store) exception, CPU signal 10, PC = 0x40099888

-Traceback= 0x40099888 0x402F6358 0x415102F4 0x41510C7C 0x402FF5C4 0x414F1140 0x402FF7B8 0x41C8B8E0 0x41C8EFC0 0x41C8F064 0x41C85260 0x421EA0C4 0x421EA224

Workaround: Use frame relay traffic shaping (FRTS) instead of MQC under the PVC.

Conditions: When speed 56 is configured, framing sf and linecode ami at both ends.

Workaround: Change speed 64 and again configure 56; then protocol UP and ping is okay.

4. Check the interface status. Protocol is DOWN at both ends and error count increases at both ends.

Symptoms: The standby RSP fails to sync with the active RSP, causing an unexpected reload on the standby RSP.

Conditions: This symptom is observed when SSH is enabled on the router and a DS1 controller is added or deleted from the configuration.

Workaround: The only workaround is to refrain from doing any configuration changes on the router.

Conditions: dLFIoLL+QoS is configured on the router and controller is reset. The shut and no shut commands trigger the crash. This requires a policy to be configured in the input direction.

Symptoms: A Cisco 2811 VG with PRI to the Telecom. If an incoming call is transferred, the DSP crashes with the following output.

DSP crashes if incoming calls are transferred. Customer faces the following errors:

*Oct 30 12:44:56.551: %C5510-1-C5510_CHPI_ERROR: cHPI error for pa_bay 0 pump 0 dsp 2.

*Oct 30 12:44:57.827: %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 2.

*Oct 30 12:44:58.475: %ISDN-6-DISCONNECT: Interface Serial0/0/0:0 disconnected from XXXXXXXXXX, call lasted 15 seconds

*Oct 30 12:45:02.839: %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 2.

*Oct 30 12:45:07.839: %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 2.

*Oct 30 12:45:12.839: %C5510-1-NO_RING_DESCRIPTORS: No more ring descriptors available on slot 0 dsp 2.

Conditions: This symptom is observed on a Cisco 2811 installed with an NM-16ESW with PPWR-DCARD-16ESW.

Symptoms: DHCPv6 bindings for multiple clients stored in a Virtual-Access interface when each different user has same DUID.

Conditions: This symptom is observed on a Cisco 3845 router when auto qos voip is applied to the ATM subinterface.

Conditions: This symptom is observed after an upgrade from Cisco IOS Release 12.3(8)YG5 to Cisco IOS Release 12.3(8)YG6.

Workaround: The only workaround is to downgrade the Cisco IOS software. All the CPU utilization is at the interrupt level (no process involved).

TCP/IP Host-Mode Services

Symptoms: During testing of IOS FW test suites, FTP and Telnet traffic was not being allowed by the UUT.

Conditions: This symptom was observed with a Cisco 3700 platform running Cisco IOS Release 12.4PI7 images.

Wide-Area Networking

Symptoms: When a router dials out to a client router in a particular configuration, two VPDN tunnels should be established, but only one is established.

Conditions: This symptom is observed in an L2TP Large-Scale Dial-Out configuration when two LACs that are connected via SGBP are located between the router that dials out and the client. VPDN tunnels should be established between the router that dials out and each LAC, but only one VPDN tunnel is established.

Symptoms: While running Cisco IOS Release 12.4(16), a Cisco router may experience a bus error in X.25 code with a traceback similar to the following:

%X25-3-XOTINT: XOT internal error unable to attach VC -Process= "TCP Driver", ipl= 3, pid= 150 -Traceback= 0x6073B030 0x611C3FCC 0x611C42D0 0x611C4E50

Conditions: This symptom is observed with X.25 configured on a serial interface.

Symptoms: L2TP is opened even without VPDN enabled. L2TP sessions being passed through the router are failing. The following error messages is displayed:

[l2tp_db_get_cc::951], -Traceback= 0x808894F8 0x81597CA0 0x81597EEC 0x81595AD0 0x815BB2E4 0x800C7AEC 0x800C4E7C 0x800C53C0 0x800C54B8 0x800C7F38 0x800BC04C 0x800BA77C 0x800BA8F0 0x800C6608 0x80C14BB8 0x80377C48

Conditions: This symptom is observed on a Cisco 876 router that is running Cisco IOS Release 12.4(11)T or 12.4(16.9)T. The customer is running NAT on the router. The customer is passing L2TP packets through the router. L2TP sessions passing through the router are failing. %L2TP-3-ILLEGAL:error and traceback are seen on the router.

Symptoms: Dialout fails through dialer interface because of "maximum allowed call(s) 1 on pool 20, exceeded max."

Conditions: This symptom is observed on a Cisco 837 that is running g12.4(8) and that is doing dial backup through async interface via dialer.

Resolved Caveats—Cisco IOS Release 12.4(18)

This section describes possibly unexpected behavior by Cisco IOS Release 12.4(18). All the caveats listed in this section are resolved in Cisco IOS Release 12.4(18). This section describes severity 1 and 2 caveats and select severity 3 caveats.

Basic System Services

Conditions: This symptom is observed on a PDSN using Cisco IOS Release 12.3 (14)YX8.

This is the Cisco Product Security Incident Response Team (PSIRT) response to a vulnerability that was reported on the Cisco NSP mailing list on August 17, 2007, regarding the crash and reload of devices running Cisco IOS after executing a command that uses, either directly or indirectly, a regular expression. The original post is available at the following link:

The Cisco PSIRT posted a preliminary response on the same day and is available at the following link:

Preliminary research pointed to a previously known issue that was documented as Cisco bug ID CSCsb08386 (registered customers only), and entitled "PRP crash by show ip bgp regexp," which was already resolved. Further research indicates that the current issue is a different but related vulnerability.

There are no workarounds available for this vulnerability. Cisco will update this document in the event of any changes.

Symptoms: A traceback is noticed when using long URLs to configure a device using the IOS HTTP web parser. The device does not crash.

Conditions: Trying to configure commands that have a single keyword or parameter greater than N characters in length using the web-based Cisco IOS command parser causes a traceback, where N is:

Workaround: There is no workaround. Avoid using the web-based command-line parser for commands with long keywords or arguments.

Conditions: This symptom is observed with a warm upgrade to a large image using a small image such as a kboot image.

Workaround: Use normal upgrade method; that is, use "reload" command (instead of "reload warm file <image-path>") to return to rommon and then boot the new image.

Symptoms: A local user created with the one-time keyword is removed with unsuccessful login attempts. A one-time user should be removed automatically after the first successful login, but under some conditions, it is removed even with failed logins.

EXEC and Configuration Parser

Conditions: This symptom is observed when you are running Cisco IOS Release 12.4(17) or Release 12.4T and when you copy the saved configuration to the running configuration.

IBM Connectivity

Symptoms: A router may eventually experience depletion in the small buffer pool, leading to MALLOCs and Cisco IOS software crashing.

Conditions: This symptom is observed on a router running STUN SDLC with local- ack and having multiple SDLC primary stations connected and regularly polling (SNRM) router while the remote STUN peers are disconnected (no IP connectivity to the remote STUN peers).

Interfaces and Bridging

Symptoms: An ATM interface loses its assigned IP address if the interface is gracefully stopped/started.

IP Routing Protocols

Symptoms: Memory corruption, possibly leading to a crash or other undesired behavior, can occur when the no default-information originate command is entered in router RIP configuration mode.

Conditions: This symptom occurs only if both the RIP routing protocol and the OSPF routing protocol are configured on a router.

Symptoms: LDAP packet is modified while passing through NAT router, causing LDAP to fail.

The packet after the NAT router seems to have been fragmented and expanded to two parts in LDAP:

Symptoms: OSPFv3 may install into the routing table IPv6 routes load balancing between paths to Null0 and reachability path over the physical interface.

Conditions: This symptom may be seen if the summary-address command is configured with exactly the same address as one of the external routes received from a different router.

Symptoms: Router tracebacks and then crashes during deconfiguration (removal) of VRF. The following message was seen prior to crash:

-Process= "IP RIB Update", ipl= 3, pid= 68 -Traceback= 609538D8 60D1B8B4 612B2838 612588C8 61258CD4 6125E61C 6125ED04 6125EF30 61261CDC 6125A14C 61265A08 6126BE10 6097CF00 609547D8 609548B8

Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x609538FC

Symptoms: A NAT router fails a H323 connection by ARP resolution failure, which ARP request is triggered by H225/H245 packet. When the problem occurs, the NAT router creates an incomplete entry and sends an unexpected ARP request for the destination IP address instead of the next-hop IP address, whereas the destination prefix is not a directly connected route. Therefore if the next-hop router of NAT router disables proxy ARP, the packet forwarding fails. Ping to same destination succeeds when the problem occurs.

Symptoms: The system crashes when the show ipv6 ospf lsdb-radix hidden command is entered.

Symptoms: On a Cisco router, OSPF might go into a loop during SPF calculation, causing high CPU utilization and rendering the router inaccessible.

Conditions: This symptom occurs when router LSAs with a link metric disallowed by RFC 2328 are present in the network (note that Cisco routers do not originate such LSAs) and when the network is unstable (link flapping during the SPF calculation).

Workaround: To fix the problem, reload the router. To prevent the problem, manually configure a link metric according to RFC 2328.

Important Note: CSCsk36324 caused MPLS TE defect CSCsl18176 and has been backed out under defect CSCsl18176. A new fix for this issue will be committed under defect CSCsl32318.

Symptoms: The multicast Connection Admission Control (CAC) state may be incorrect after multicast routes have been cleared.

Conditions: This symptom is observed on a Cisco router that has Source Specific Multicast (SSM)-mapped channels that are locally joined on the router.

Symptoms: The ip nat inside source static network command does not have the <cr> option.

Conditions: This symptom is observed on a Cisco 7200 router that is loaded with Cisco IOS Release 12.4 or 12.4T.

ISO CLNS

Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functions as a passive interface for IS-IS may not be installed in the local IS-IS database.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6 but is not release-specific.

Second Alternate Workaround: Enter any command that triggers the generation of the local IS-IS database.

Miscellaneous

Conditions: This is very rare symptom that occurs under the following conditions:

–

A high number of PDP are deleted followed by these PDP being created within 5 seconds.

Symptoms: IPv6 pings are not working when the atm route-bridged ipv6 command is configured on the UUT.

Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(13.5)T images.

Conditions: This symptom is observed on a Cisco 7200 series but is platform-independent.

Symptoms: A router that is configured with ATM PVCs may generate the following type of error messages:

%COMMON_FIB-3-FIBIDBINCONS2: An internal software error occurred. Virtual- Access2.1 linked to wrong idb Virtual-Access2.1

Conditions: This symptom is observed on a Cisco router that has virtual-template subinterfaces.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the no virtual-template subinterface command, save the configuration to the startup configuration, and reload the router.

Symptoms: An interface of a PA-T3+ port adapter remains up during an Unavailable Seconds (UAS) condition that occurs because of a high C-bit or P-bit error rate.

Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-T3+ port adapter.

Symptoms: Cisco IOS authentication proxy does not work when both HTTP and HTTPS servers are enabled.

Conditions: This symptom is observed when HTTPS is enabled in parallel with HTTP.

Symptoms: Cisco Catalyst 4500 Supervisors and Cisco Catalyst 4948 that are running Cisco IOS Release 12.2(31)SG crash when one of the following commands are issued:

Workaround: Do not use any of the above commands. For troubleshooting high CPU issues, use the steps indicated in the following tech tip instead:

Symptoms: A router crashes due to the stack for process Exec running low when configuring the auto qos command on an ATM subinterface.

Conditions: The symptom has been observed on a Cisco router loaded with Cisco IOS interim Release 12.4(10.5).

Conditions: This symptom occurs while the Cisco VG224 is booting up. If the power is switched off after the initial boot message and then switched back on, the router goes into ROMMON mode.

Conditions: This symptom is observed on a Cisco platform configured for SSH version 2 after it has received malformed SSHv2 packets. The impact of this flaw is that the affected platform may operate in a degraded condition. Under rare circumstances, it may reload to recover itself.

Workarounds: Options consist of using SSH version 1 in the interim until the affected platform can be upgraded to a fixed release or permitting only known trusted hosts/networks that can connect to the router by using a VTY access list.

!-- Configure from global config mode.
!
configure terminal
!
ip ssh version 1
end

!-- 10.1.1.0/24 is a trusted network that
!-- is permitted access to the router; all
!-- other access is denied.
!
access-list 99 permit 10.1.1.0 0.0.0.255
access-list 99 deny any
!
line vty 0 4
access-class 99 in
end

More information about configuring VTY access lists is available in the Cisco IOS Security Configuration Guide (Release 12.4T):

More information about SSH on IOS is available in the Configuring Secure Shell on Routers and Switches Running Cisco IOS guide:

Symptoms: The following error message is generated, the console port is not longer accessible and the device stops forwarding traffic.

%SYS-2-NOTQ: unqueue didnt find 0 in queue 6481FC50 -Process= "<interrupt level>", ipl= 1

Conditions: The symptom is observed on Cisco routers running Cisco IOS Release 12.4 when a fiber is plugged into a PA-A3-OC3. CEF is not enabled on the ATM interface and a service-policy is applied to the ATM-interface.

Conditions: Some of the Protocol Independent Multicast (PIM) CLI commands are causing the active RP to crash. The crash happens only when these commands are configured while in control-plane policing subconfiguration mode. Normally, any global relevant configuration should automatically exit the subconfiguration prompt and also accept the command. In this case, the PIM command is rejected and the RP crashes. The same PIM commands work fine when entered under global configuration mode (where they belong) or under other subconfiguration modes.

Workaround: Use the exit command to exit the main configuration prompt before configuring PIM-related commands.

Conditions: This symptom is observed very rarely when MoH is configured to be played from flash. Specifically, this symptom is observed under either of the following two conditions:

When playing MoH for more than 30 minutes and also once during a h/w conference.

Workaround: The system will recover by itself after some time. Formatting flash: will also solve the issue temporarily.

Symptoms: A Cisco router running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 will show TCP connections hung in CLOSEWAIT state. These connections will not time out, and if enough accumulate, the router will become unresponsive and need to be reloaded.

Conditions: This symptom occurs on a Cisco router running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 when executing a copy source-url ftp: command and the FTP server fails to initiate the FTP layer (no banner) but does setup a TCP connection. This may occur when the FTP server is misconfigured or overloaded.

The CLI command will timeout, but will not close the TCP connection or clean up associated resources. The FTP server will eventually answer and timeout itself, and close the TCP connection, but the router will not clean up the TCP resources at this time either.

Workaround: Manually clear TCP resources using the clear tcp CLI command, referencing the show tcp brief command output.

Conditions: This problem is due to an issue with the SIP state machine, which may result in an error along the lines of the following:

00:05:10: //-1/xxxxxxxxxxxx/SIP/Error/sipSPISipIncomingMsg: Invalid method for (STATE_IDLE): ACK

When the watching network is not present, the default route is not deleted from the local RIP database. This leads the router to still send the default route.

When the watching network is present, the default route is not added to the local RIP database. This leads the router to not send the default route.

Conditions: This symptom is observed if the default-information originate route-map map-name router RIP configuration command is used in order to generate a default route only when the watched network is present.

Conditions: This problem is observed on both the Cisco 2800 and the Cisco 3800 platforms that are running Cisco IOS interim Release 12.4(13.9).

Symptoms: A router may crash because of a bus error. Spurious accesses may be observed.

Conditions: This symptom is observed on a Cisco 7200 series router that has an NPE-G1 and that runs Cisco IOS Release 12.3(22). The router is configured as a PE router and uses MQC hierarchical policies for some subinterfaces and the legacy rate-limit command for other subinterfaces.

Symptoms: Entering the snmpget of an object identifier (OID) using the interface index (ifIndex) value of an interface for its index will result in an error:

Error in packet Reason: (noSuchName) 
There is no such variable name in this MIB. 
Failed object: IF-MIB::ifDescr.92

Conditions: This can occur after port adapters (PA) have been swapped, such as replacing a 4-port PA with an 8-port PA.

Conditions: This symptom is observed when the no vrrp 1 preempt interface configuration command is configured and when a switchover is done from primary to secondary.

Symptoms: H323-->SIP interworking fails for a fast start call when transcoding is enabled on an IPIPGW. Transcoding is done between G711ulaw and G729r8 codecs.

Conditions: This failure is seen for H323--SIP--SIP--SIP and H323--SIP--SIP-- H323 call flows when transcoding is enabled on IPIPGW1. It is also seen on a H323--H323--H323--SIP call flow for transcoding on IPIPGW2. This is seen only with a fast start call (both with H245 Tunnel enabled and disabled), and the call passes with a slow start call.

Symptoms: All E1 interfaces on a PA-MC-E3 port adapter may flap continuously even after the traffic has been stopped.

Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 series router that have a PA-MC-E3 port adapter when you configure 16 or 128 channel groups on each time slot (that is, time slots 1-31) and then generate traffic just above line rate traffic through all the channel groups. Note that the symptom is not platform-specific.

Workaround: Stop the traffic and reset the E3 controller of the PA-MC-E3 port adapter.

Symptoms: Memory held by mem_mgr_chunk_t and mem_mgr_mempool_t in dead process is causing and out-of-memory condition on the gateway.

Conditions: This scenario occurs when SIP phone calls are made using the default application or a TCL IVR application and the header-passing command is enabled in voice service VoIP SIP configuration mode.

The following processes are the cause of the large amount of holding memory in *Dead* process:

Symptoms: When running double authentication crypto (ah encap and esp encap auth together) configurations and passing large packet data which requires fragmentation, errored packets can be observed.

Conditions: This symptom has been observed only on routers with AIM-VPN-PLUS AIM cards installed. Routers which support this AIM are the Cisco 1800, Cisco 2600, Cisco 2800, Cisco 3700, and Cisco 3800 routers.

Workaround: Do not use ESP and AH double authentication. You can use the no crypto engine accel command in the configuration to run encryption in the SW engine.

Symptoms: Performing the snmpwalk on the ipRouteTable MIB may cause high CPU and reloads.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(13b) or later releases.

snmp-server view cutdown 1.3.6.1.2.1.4.21 exclude 
snmp-server view cutdown internet included 
snmp-server community <comm> view cutdown RO

This view restricts the objects that the NMS can poll. It excludes access to the ipRouteTable, but allows access to the other MIBs.

Symptoms: A Cisco 7200 that is running Cisco IOS Release 12.4 or 12.4(11)T2 crashes with a TLB (store) exception.

Conditions: This symptom is observed when Rate Based Satellite Control Protocol (RBSCP) tunneling is configured on the device.

Symptoms: On a Cisco 3800 router platform (Cisco 3825 or Cisco 3845), if multiple subinterfaces are configured on a Gigabit Ethernet motherboard interface and if these subinterfaces are configured with HSRP and the same VMAC, then whenever the router becomes HSRP standby for at least one of these subinterfaces, the router drops all traffic that is directed to the same VMAC on other subinterfaces.

interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native 
 ip address 12.1.0.100 255.255.0.0
 standby 1 ip 12.1.0.1
 standby 1 mac-address 0000.0000.0001
! 
interface GigabitEthernet0/0.2 
 encapsulation dot1Q 2 
 ip address 12.2.0.100 255.255.0.0
 standby 2 ip 12.2.0.1 
 standby 2 mac-address 0000.0000.0001

Conditions: This symptom is observed only on Cisco 3800 motherboard Gigabit Ethernet interfaces. It is not observed on Fast Ethernet/WAN modules or on other router platforms.

Workaround: The problem does not occur if different VMAC addresses are configured on different subinterfaces or if static VMACs are not used.

If the problem is encountered in a production environment, a quick workaround is to shut down the Gigabit Ethernet interface of the other router in order to make one router HSRP active in all VLANs.

Symptoms: No ringback is generated in calls from VoIP to a PBX end using Cisco Multicast Manager (CMM).

Conditions: This symptom has been observed when a call is made from the VoIP side to the PBX side through an MGCP-controlled CMM.

Symptoms: Executing the show port modem calltracker command on a Cisco AS5400XM can cause a bus error crash.

Conditions: This symptom occurs on a Cisco AS5400XM with multiple calls being made and terminated when running Cisco IOS Release 12.4(13a).

Symptoms: When a bidir PIM, with no directly connected receivers, router has to change its RPF interface to the RP, multicast traffic could be lost for up to 60 seconds.

Conditions: This symptom occurs if the connection to the first RP is lost and the middle router changes its RPF for its bidir upstream interface. The middle router then restarts the election process on all DF interfaces, and purges the interface point in the leaf router out its OI @L. That interface will only get repopulated upon a periodic state refresh from the leaf router because the leaf router does not have an RPF change and therefore has no reason to send a triggered Join.

Symptoms: On a Cisco IOS voice gateway, the show call active voice brief command output on the IP leg shows rx counters stay at 0 for 46 seconds.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.4(7e).

Symptoms: A static address may have an aggregate out label in the BGP and MPLS forwarding entry.

Conditions: This symptom is observed when there is a static route in a VRF, a directly connected network is added, and both the static and connected routes are redistributed to BGP. The BGP table will then have the connected prefix, and both the BGP and forwarding entries will match and have the aggregate out label. But when the connected network is shut down, BGP gets the static route, but the out label remains "aggregate."

Symptoms: RTP and RTCP ports are leaked when a ReleaseComplete (reason=newConnectionNeeded) is received as a response to a FastStart Setup that is sent.

Conditions: This problem is seen in Cisco IOS Release 12.4(11)T and Release 12.4(15)T images for a normal H323 to H323 Gatekeeper routed call with no supplementary services.

Symptoms: A device with a PA-MC-2T3+ may reset because of a bus error if a channel group is removed while the show interface command is being used from another telnet session at the same time, and then the telnet session is cleared.

Conditions: These symptoms have been observed in the latest Cisco IOS 12.4T and 12.2S releases.

Workaround: Do not remove a channel group while using the show interface command for that interface.

Symptoms: SNASwitch HPR/IP (Enterprise Extender - EE) receiving retransmissions due to HPR/IP UDP packets being dropped at the UDP socket layer in the SNASw router. This leads to poor throughput across the HPR/IP pipe.

Conditions: This can occur when receiving large bursts of HPR/IP traffic inbound to the SNASwitch router. The UDP socket inbound queue can hold a maximum of 50 packets. If more than 50 HPR/IP packets are received before the SNASwitch process can run and dequeue some, subsequent packets will be dropped.

Further Problem Description: The output of the show ip socket detail command will show the number of drops that have occurred, the maximum queue size(50), and the highwater value. HPR/IP uses ports 12000 through 12004. Here is an example of UDP port 12003 showing 190577 dropped inbound packets:

Resolution Summary: The resolution of this bug adds a new qsize parameter on the snasw port configuration command. This allows the specification of a UDP socket queue size value for HPR-IP ports only.

Note that the default of 50 was not changed by this. In order to increase the size of the UDP socket queue, the new parameter must be specified.

Under each IP interface where HPR/IP packets are flowing in and out of this router, add:

Symptoms: A router may crash because of a bus error when you perform an OIR of a PA-MC-8TE1+ port adapter or when you enter the hw-module slot slot-number stop command for the slot in which the PA-MC-8TE1+ port adapter is installed.

Symptoms: High CPU is observed on SNMP Engine while polling dsx1FracIfIndex for DS3s.

Conditions: This has been observed on a Cisco 7206 VXR platform having NPE-G1 that is running Cisco IOS Release 12.4(14).

Workaround: Applying a view on DS1 MIB prevents such high CPU usage. This prevents the user to monitor those entries.

Further Problem Description: The SNMP Engine comes into a loop and Get-NEXT always reports the same values. This happens while coming to the first interface channelized E3 card. Deleting this interface created the problem on the channelized E3 one.

*Aug 6 16:34:47.188: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x8005EC50, -Traceback= 0x809971F4 0x809B9C2C 0x809DD8A4 0x8005EC50 0x800651E4 0x800652A8 0x809E42D4 0x809C4A38 0x800652EC 0x809C4BA0 0x809E42D4 0x80A0854C 0x800DB8C0 0x800DEE48

Conditions: The conditions under which this symptom occurs are not known at this time.

Symptoms: A Cisco AS5400HPX crashes due to a bus error as indicated by the following show version output:

%SYS-2-NOTQ: unqueue didn't find 674D6D40 in queue 3C -Process= "MGCP Application", ipl= 0, pid= 170

Symptoms: While running a Cisco IOS Release 12.4 Mainline release, a Cisco router may crash with a bus error. The error displayed will be similar to the following:

Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x605AFF94

Conditions: This symptom has been observed only if the gateway is configured for Voice over IP (VoIP).

Symptoms: A Cisco access server may run out of free processor memory. This symptom can be seen in the show process memory command. Increased memory utilization will be seen in the Dead pool.

Conditions: This symptom has been observed only in access servers that participate in Cisco Customer Voice Portal (CVP).

When a VXML application is configured with fetchaudio, the fetchaudio playout fails after user disconnect. The fetchaudio should have been removed from the prompt list, but it was not. This causes the session not to be freed when the application is finished.

Symptoms: GRE traffic needs to be specifically allowed in the outside interface terminating DMVPN IPSec protected traffic.

Conditions: This symptom is observed on a DMVPN tunnel interface with tunnel protection IPSec, with CEF or fast switching.

Symptoms: There is a memory leak and fragmentation in *Dead* process due to MallocLite. After disabling malloclite, it will be seen as memory allocated to the "Virtual Exec" process in the show memory allocating-process [total] command output.

Conditions: The leak occurs whenever the show vpdn session [l2tp] [all] username username command is used, and there are many non-matching entries. Memory will be leaked proportional to the number of non-matching usernames (approximately 170 bytes per non-match).

Workaround: Avoid using the show vpdn session [l2tp] [all] username username command.

Symptoms: A spurious access error occurs in tfib_post_table_change_sanity_check () function.

Conditions: This symptom occurs if route is deleted. ROUTE_DOWN event is triggered in tfib_post_table_change() function which in turn calls tfib_post_table_sanity_check(). In that function, spurious access is reported, as the only path of route is down.

Symptoms: When a VXML application plays prompts and issues disconnect, the disconnect will be suspended until prompt playout completes. If the user hangs up before prompt playout completes, the disconnect event will not be thrown, and memory on VXML session will leak.

Conditions: This symptom is observed on a Cisco AS5400XM but is not platform dependent.

Symptoms: A router crashes while a service policy is being attached, detached, or modified across a virtual template under traffic.

Conditions: This symptom is observed on a Cisco 7200 or Cisco 7301 router that is configured with MLPPP over FR on channelized interfaces.

Symptoms: A router crashes when the mkdir .../.../ EXEC command is entered, followed by the reload EXEC command and the show file system EXEC command.

Conditions: This symptom is observed on a router that runs Cisco IOS software using a storage device that is formatted with the DOS file system.

Symptoms: During a mid-call codec switch from g.711 to g.729 on a gatekeeper-controlled gateway, the gateway may intermittently receive a Bandwidth Confirmation (BCF) message from the gatekeeper and wrongly detect it as a Bandwidth Reject (BRJ) message. This results in a release complete being sent from the gateway with a cause code of 65.

Conditions: This condition appears to be intermittent, due to the order of the OLC and the ECS (Empty Capability Set) messaging. This issue will be seen only on gatekeeper-controlled gateways that are doing bandwidth control. This issue is currently being seen only when codecs are switched mid-call to a codec with less bandwidth utilization.

Further Problem Description: This issue appears to be a recurrence of CSCee60960 and can be seen by enabling the following debugs:

581565: .Aug 15 13:45:06.376: //- 1/xxxxxxxxxxxx/H323/cch323_ras_handle_recv_msg: received msg of type BCF_CHOSEN 581566: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/cch323_percall_ras_sm: ccb 0xC2A5CA58: received event CCH323_RAS_EVENT_BCF while at CCH323_RAS_STATE_ACTIVE state 581567: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/cch323_percall_ras_sm: ccb 0xC2A5CA58: changing to new state CCH323_RAS_STATE_ACTIVE 581568: .Aug 15 13:45:06.376: //- 1/xxxxxxxxxxxx/H323/cch323_iev_queue_service: Dispatch 0x1E internal event to H245 IWF SM 581569: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/run_h245_iwf_sm: received IWF_EV_BRJ while at state IWF_OLC_OUT_AWAIT_BCF 581570: .Aug 15 13:45:06.376: //- 1/xxxxxxxxxxxx/H323/h323_set_release_source_for_peer: ownCallId[94506], src [6] 581571: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/h245_iwf_set_new_state: changing from IWF_OLC_OUT_AWAIT_BCF state to IWF_OLC_IDLE state 581572: .Aug 15 13:45:06.376: //- 1/xxxxxxxxxxxx/H323/cch323_iev_queue_service: Dispatch 0xE internal event to H245 IWF SM 581573: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/run_h245_iwf_sm: received IWF_EV_OLC_FAILED while at state IWF_ACTIVE 581574: .Aug 15 13:45:06.376: //- 1/xxxxxxxxxxxx/H323/h323_set_cc_cause_for_spi_err: Categorized cause:65, category:278

Conditions: This symptom is observed on a Cisco 2811 router with ATM interface that is using VWIC2-2MFT-T1/E1 connected to MGX AUSUM card.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the IMA interface.

Symptoms: A Cisco router acting as a DHCP server may experience the following problem when Secure ARP is also configured, and the Secure ARP keepalive time is less than the DHCP lease time. If a client device goes into sleep mode for a period of time less than the DHCP server's configured lease time but more than the Secure ARP time, the DHCP lease will be cancelled at the server. If the client awakes, it will have a valid DHCP lease, for the remainder of the last lease time it was granted. When the device awakes and attempts to renew its IP address, it sends a unicast DHCPREQUEST to the DHCP server. Because the lease has been removed from the DHCP server, and there is no ARP entry for the client, the DHCP Server does not send any reply to the device. The Secure ARP feature will, however, prevent the device from communicating until its lease has expired.

Conditions: This symptom has been observed with a Cisco router acting as a DHCP server when Secure ARP is also configured.

Workaround: Disable Secure ARP on the DHCP server or change the Secure ARP keepalive time to correspond to the lease time.

Symptoms: In a Cisco 7500 HA router in RPR+ mode when configuring and unconfiguring channel groups under an E1 controller, the router reports the following:

*Aug 22 17:58:34.970: %HA-2-IPC_ERROR: Failed to open peer port. timeout *Aug 22 17:58:34.974: %HA-3-SYNC_ERROR: CCB sync failed for slot: 1 *Aug 22 17:58:34.974: %HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1).

Conditions: This symptom is observed when configuring and unconfiguring channel groups under an E1 controller.

Conditions: This symptom occurs when dLFIoFR and QoS are configured on the router and you try to move from dLFIoFR to dLFIoATM.

Symptoms: A Cisco router may reload and display a message similar to the following:

Aug 19 12:28:51.960: %SYS-3-MGDTIMER: Previous timer has bad forward linkage, timer = 64176C30. -Process= "IPSEC key engine", ipl= 4, pid= 150 -Traceback= 0x607462F0 0x6084FD88

12:28:52 zulu Sun Aug 19 2007: Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x60815DD4

Conditions: This symptom has been experienced on a Cisco 7206VXR that is running Cisco IOS Release 12.4(16).

Symptoms: Compressed Real-Time Protocol (cRTP) shows errors and Low Latency Queuing (LLQ) shows drops from default queue although there is no traffic to match it.

Conditions: This problem can be seen under load of MPPP bundle of several serial interfaces with LLQ and cRTP enabled.

Conditions: This symptom occurs when a mix of application traffic is sent to the HTTP Secure server and when CPU utilization is at about 30 percent.

Symptoms: A Cisco router may experience a bus error crash preceded by the following error message:

%HMM_ASYNC-4-NO_MODEMS_PRESENT: HMM Digital Modem Card 1 contains no active modems

Conditions: This symptom is seen if the router contains a Digital Modem Network module that contains no SIMMs.

Symptoms: When one of the T1 or E1 controller NM-HDV2 goes down, the voice calls in the other controller are dropped.

This condition relates to interface x/0 x/0/0 (for example, 4/0 causes 4/0/0 to go down).

Conditions: This problem could happen in the MGCP PRI backhauled setup with NM- HDV2.

Symptoms: On a 1841/WIC-1/WIC-1B-U-V2/c1841-adventerprisek9-mz.124-13c combo [hereafter UUT], 180s after BRI interface successfully dials HUB PRI, 1/2 PING packets FAIL from HUB routers destined through UUT to a device on FastEthernet of the UUT, through the CEF switching path.

The direction of the failure is UUT--->HUB router with packets being dropped as "encapsulation failed" in "show ip traffic".

Conditions: Issue's been reproduced on 1841/WIC-1/WIC-1B-U-V2 using legacy DDR on BRI interface. Issue also reproducible in 124-16.14 IOS.

Workaround: Disable CEF switching by configuring "no ip route-cache cef" on BRI0/1/0 and Fa0/1 on "nhtest2".

Symptoms: On a router using high availability route processor redundancy (RPR)+, after an encapsulation change is done on serial interfaces of channelized port adapters, a reload of the slave Route Switch Processor (RSP) occurs.

Conditions: This symptom has been observed only in certain versions of 5x routers Cisco AS5400XM and AS5350XM product running with a Cisco IOS Release 12.4(17.7) image.

Symptoms: A router crashes at function ether_oam_pd_shim_registry_init when the ssg vc-service-map command is configured.

Conditions: This symptom is observed on a Cisco 7200 series router that is loaded with Cisco IOS Release 12.4(18.4)T.

TCP/IP Host-Mode Services

Symptoms: The latency for the RSH command could increase when they are flowing through an FWSM module.

Conditions: The following issue was observed on an FWSM that is running 2.2 (1) software. The long delay was triggered by using either Cisco IOS Release 12.3(13a)BC1 or Release 12.3(17a)BC1 on routers toward which those RSH commands were sent.

Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3, which is not affected by this extra delay issue.

Symptoms: One may intermittently see a traceback from the Transport Port Agent because of timing of subsystem initialization in the router. The traceback is nonimpacting to the actual functional performance of the router.

Wide-Area Networking

Symptoms: A bus error crash occurs on a Cisco router that is running Cisco IOS Release 12.2(31)SB3.

Symptoms: Display IE contained in connect message is not passing through ISDN- to-H323 interworking at Originating Gateway (OGW).

Conditions: This happens when call Initiator makes a voice call to Path Terminating Equipment (PTE) (PC simulating remote-device) passing through VGW and OGW having Cisco IOS interim Release 12.4(16.9) images.

Symptoms: An accounting record may indicate that the NAS-Port-Id has an adapter number of 1 when the correct adapter number is greater than 1.

Conditions: This symptom is observed when AAA accounting is configured and a PPP interface that is used as a NAS port has more than two adapters.

Symptoms: When there are burst L2TP session authentication failures on the LNS and the vpdn logging global configuration is enabled, the system takes too many CPU cycles to print the syslog messages to the system console.

Workaround: Disable system console logging by entering the no logging console global configuration command.

Conditions: This symptom occurs when pinging from the client to the NAS gives the following:

Workaround: Configure the dialer idle-timeout 0 command under the template. This will never bring down the calls nor bring down the physical link.

Symptoms: A ping from the FR-DTE to the FR-DCE fails when FR-VCB is configured in the FR-DTE.

Symptoms: MLP fails to negotiate MRRU when changing the default MTU (1500 bytes) configuration of multilink interfaces on the client, LAC, and LNS.

Conditions: This problem is seen only in a VPDN scenario with a Cisco IOS Release 12.4(17) image.

Conditions: This symptom is observed when dMLP and RPR+ are configured on a Cisco 7500 router and a switchover occurs.

Resolved Caveats—Cisco IOS Release 12.4(17a)

Cisco IOS Release 12.4(17a) is a rebuild release for Cisco IOS Release 12.4(17). The caveats in this section are resolved in Cisco IOS Release 12.4(17a) but may be open in previous Cisco IOS releases.

Miscellaneous

Symptoms: IPv6 pings are not working when the atm route-bridged ipv6 command is configured on the UUT.

Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(13.5)T images.

Symptoms: The latency for the RSH command could increase when they are flowing through an FWSM module.

Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3, which is not affected by this extra delay issue.

Conditions: This symptom occurs on a Cisco router running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 when executing a copy source-url ftp: command and the FTP server fails to initiate the FTP layer (no banner) but does setup a TCP connection. This may occur when the FTP server is misconfigured or overloaded.

Workaround: Manually clear TCP resources using the clear tcp CLI command, referencing the show tcp brief command output.

Conditions: This problem is due to an issue with the SIP state machine, which may result in an error along the lines of the following:

00:05:10: //-1/xxxxxxxxxxxx/SIP/Error/sipSPISipIncomingMsg: Invalid method for

Conditions: This problem is observed on both the Cisco 2800 and the Cisco 3800 platforms that are running Cisco IOS interim Release 12.4(13.9).

Symptoms: H323-->SIP interworking fails for a Fast start call when transcoding is enabled on an IPIPGW. Transcoding is done between G711ulaw and G729r8 codecs.

Conditions: This failure is seen for H323--SIP--SIP--SIP and H323--SIP--SIP-- H323 call flows when transcoding is enabled on IPIPGW1. It is also seen on H323--H323--H323--SIP call flow for transcoding on IPIPGW2. This is seen only with a Fast Start call (both with H245 Tunnel enabled and disabled), and the call passes with a slow start call.

Symptoms: Memory held by mem_mgr_chunk_t and mem_mgr_mempool_t in dead process causes out of memory condition on gateway.

Conditions: This particular gateway is experiencing processes that are hung which is causing the router to run out memory. The following process are the cause of the large amount of holding memory in "*Dead*" process.

Symptoms: When running double authentication crypto (ah encap and esp encap auth together) configurations and passing large packet data which requires fragmentation, error packets can be observed.

Workaround: Do not use ESP and AH double authentication. You can use the no crytpo engine accel command in the configuration to run encryption in the SW engine.

Symptoms: Router tracebacks and then crashes during deconfiguration (removal) of VRF. The following message was seen prior to crash:

Symptoms: Display IE contained in connect message is not passing through ISDN-to-H323 interworking at Originating Gateway (OGW).

Symptoms: No ringback is generated in calls from VoIP to a PBX end using Cisco Multicast Manager (CMM).

Conditions: This symptom has been observed when a call is made from the VoIP side to the PBX side through an MGCP-controlled CMM.

Symptoms: Executing the show port modem calltracker command on a Cisco AS5400XM can cause bus error crash.

Conditions: This symptom occurs on a Cisco AS5400XM with multiple calls being made and terminated when running Cisco IOS Release 12.4(13a).

Symptoms: When a bidir PIM, with no directly connected receivers, router has to change its RPF interface to the RP, multicast traffic could be lost for up to 60 seconds.

Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functions as a passive interface for IS-IS may not be installed in the local IS-IS database.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6 but is not release-specific.

Second Alternate Workaround: Enter any command that triggers the generation of the local IS-IS database.

Symptoms: On a Cisco IOS voice gateway, the show call active voice brief command output on the IP leg shows rx counters stay at 0 for 46 seconds.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.4(7e).

Further Problem Description: The output of the show ip socket detail command will show the number of drops that have occurred, the maximum queue size(50) and the highwater value. HPR/IP Uses ports 12000 through 12004. Here is an example of UDP port 12003 showing 190577 dropped inbound packets:

Resolution Summary: The resolution of this bug adds a new qsize parameter on the snasw port configuration command. This allows the specification of a UDP socket queue size value for HPR-IP ports only.

Under each IP interface where HPR/IP packets are flowing in and out of this router add:

Symptoms: High CPU is observed on SNMP Engine while polling dsx1FracIfIndex for DS3s.

Conditions: This has been observed on a Cisco 7206 VXR platform having NPE-G1 that is running Cisco IOS Release 12.4(14).

Workaround: Applying a view on DS1 MIB prevents such high CPU usage. This prevents the user to monitor those entries.

Symptoms: While running a Cisco IOS Release 12.4 Mainline release, a Cisco router may crash with a bus error. The error displayed will be similar to:

Conditions: This symptom has been observed only if gateway is configured for Voice over IP (VoIP).

Symptoms: GRE traffic needs to be specifically allowed in the outside interface terminating DMVPN IPSec protected traffic.

Conditions: This symptom is observed on a DMVPN tunnel interface with tunnel protection IPSec, with CEF or fastswitching.

Symptoms: There is a memory leak and fragmentation in *Dead* process due to MallocLite. After disabling malloclite, it will be seen as memory allocated to the "Virtual Exec" process in the show memory allocating-process [total] command output.

Conditions: The leak occurs whenever the show vpdn session [l2tp] [all] username username command is used, and there are many non-matching entries. Memory will be leaked proportional to the number of non-matching usernames (approximately 170 bytes per non-match).

Workaround: Avoid using the show vpdn session [l2tp] [all] username username command.

Symptoms: A spurious access error occurs in tfib_post_table_change_sanity_check () function.

Conditions: This symptom is observed on a Cisco AS5400XM but is not platform dependent.

Conditions: This symptom is observed on a Cisco 2811 router with ATM interface that is using VWIC2-2MFT-T1/E1 connected to MGX AUSUM card.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the IMA interface.

Conditions: This symptom occurs when pinging from client to NAS gives "Request drop link from bundle".

Conditions: This symptom has been observed with a Cisco router acting as a DHCP server when Secure ARP is also configured.

Workaround: Disable Secure ARP on the DHCP server or change the Secure ARP keepalive time to correspond to the lease time.

–

NAT router fails H323 connection by ARP resolution failure which ARP request is triggered by H225/H245 packet.

–

When the problem occurs, NAT router creates incomplete entry and sends unexpected ARP request for destination IP address instead of nexthop IP address whereas the destination prefix is not directly connected route. Therefore if next-hop router of NAT router disable proxy-arp, the packet forwarding fails.

Symptoms: In a Cisco 7500 HA router in RPR+ Mode when configuring and unconfiguring channel groups under an E1 controller, the router reports the following:

Conditions: This symptom is observed when configuring and unconfiguring channel groups under an E1 controller.

Symptoms: The system crashes when the show ipv6 ospf lsdb-radix hidden command is entered.

Symptoms: When one of the T1 or E1 controller NM-HDV2 goes down, the voice calls in the other controller are dropped.

This condition relates to interface x/0 x/0/0 (for example, 4/0 causes 4/0/0 to go down).

Conditions: This problem could happen in the MGCP PRI backhauled setup with NM-HDV2.

Symptoms: On a Cisco 1841-adventerprisek9-mz.124-13c combo [hereafter UUT], 180s after BRI interface successfully dials HUB PRI, 1/2 PING packets FAIL from HUB routers destined through UUT to a device on FastEthernet of the UUT, through the CEF switching path.

180 seconds after the ISDN Call from UUT successfully dials HUB PRI, "show adj vi1 internal" changed from point2point(21) to point2point(20) (incomplete) which coincides exactly with the PING failure. It also coincides with the CEF refresh timer triggering. The direction of the failure is UUT--->HUB router with packets being dropped as "encapsulation failed" in "show ip traffic".

Conditions: This issue has been reproduced on Cisco 1841 using legacy DDR on BRI interface. This issue is also reproducible in Cisco IOS interim Release 12.4(16.14). The symptom is platform independent. The issue is not reproducible on Cisco 1720/WIC-1B-U/c1700-sy-mz.122-40 combo.

Workaround: Disable CEF switching by configuring "no ip route-cache cef" on BRI0/1/0 and Fa0/1 on UUT.

Resolved Caveats—Cisco IOS Release 12.4(17)

This section describes possibly unexpected behavior by Cisco IOS Release 12.4(17). All the caveats listed in this section are resolved in Cisco IOS Release 12.4(17). This section describes severity 1 and 2 caveats and select severity 3 caveats.

Basic System Services

Symptoms: The Cisco 805/rsp720 router with Cisco IOS Release 12.3(15)/12.2(33)SRB1 with crash when a privilege level 15 user logon with attribute "call-back".The AAA server is ACS 2.4.

Customer config call-back/callback-dialstring attribute for the user.If remove this attribute,there is no crash.

Conditions: This symptom has been observed with a Cisco 805/rsp720 router configured with AAA authentication and authorization. ACS server is 2.4. On ACS configration, a user with callback attribute (customer also use this user as a dialin for Cisco AS5200). When this user try to logon, the Cisco 805/rsp720 router crashes.It happens repeatedly.

2. Avoid to configure NULL value for the callback-dialstring attribute in the Tacacs+ profile.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4 or Release 12.4T.

Symptoms: When you configure SNMPv3 group access to contexts, each context may need to be configured with a separate CLI command. For large configurations, thousands of CLI command may need to be entered, which is not acceptable.

Conditions: This symptom is observed, for example, when the snmp-server group groupame v3 auth context context-name command must be entered for each group and each context. If there are many VLANs, the command must be entered for each group that is given access to each VLAN, which may mean that thousands of CLI command must be entered.

Workaround: SNMP allows you to specify that a context name is a prefix, and match any context that starts with that name. Use SNMP to create rows in the vacmAccessTable and ensure that the vacmAccessContextMatch object is set to a prefix instead of match. Note that after you reboot the router, you must reconfigure this workaround.

Symptoms: Some of the RFC 2217 commands sent to the Cisco IOS may not be acknowledged .i.e, the server may not respond back for certain commands.

Conditions: Clients using a RFC 2217 to talk to Cisco IOS to control a serial device will see this problem

Workaround: The only workaround is not to send these commands, but it may not be acceptable in all cases

Symptoms: Error messages are getting displayed continuously and unable to get the router console.

Conditions: This symptom has been observed while loading image in Cisco 7500 series routers.

A Cisco port adaptor CT3IP-50 running Cisco IOS Release 12.0(32)S6 may reload unexpectedly. This has been experienced many times. The information gathered points to a software issue. This enclosure will be updated as more information is gathered.

%SYS-3-CPUHOG: Task ran for 123588 msec (2838/0), process = VIP Txacc loss 
compensation, PC = 60308350.

-Traceback= 60308358 : %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = 
VIP Txacc loss compensation.

-Traceback= 60030DC4 6011774C 6011C244 6010EDF4 603081D0 6030851C

20:32:43 UTC Mon Apr 16 2007: Breakpoint exception, CPU signal 23, PC = 0x6010CF38

Conditions: This symptom has been observed with: MLP+QoS is configured on Cisco 7500 router.

Conditions: For the problem to occur, there need to multiple https requests sent in quick succession to an HTTPS server that is up and running but the service or application processing the request should be unavailable.

Further Problem Description: The crash will not occur if the HTTPS Server and the service handling the request are operating normally.

EXEC and Configuration Parser

Conditions: This symptom has been observed with truncated multilink interface numbers.

Further Problem Description: Problem occurred because of a bad codefix to the nv_write_internal function which takes care of printing the proper characters into sh running.

IBM Connectivity

Symptoms: A router that is running Cisco IOS may crash due to a software forced crash.

Conditions: This symptom has been observed with a DLSW configuration with SDLC attached controllers. At the time of the crash, on one SDLC interface, the encapsulation SDLC was removed.

Interfaces and Bridging

Symptoms: With MLPoATM configured router crashes on issuing <show ppp multilink> after disabling the PA by issuing <hw-module slot # stop>

Conditions: This symptom has been observed with a Cisco 7200 NPE-G1 loaded with Cisco IOS Release 12.4(13.13)T2 image.

Symptoms: A PVC that is shut down by OAM may continue to receive and forward traffic. This situation causes problems in an APS 1+1 redundancy configuration in which the standby router has a PVC that is shut down by OAM but continues to receive all traffic.

Conditions: This symptom is observed on a Cisco router that has an ATM port adapter.

Workaround: In an IPv4 configuration, shut down the subinterface manually or enter the ip verify unicast reverse-path command. In an MPLS configuration, shut down the subinterface manually.

Symptoms: The output may be stuck on a POS interface that is configured for Frame Relay encapsulation. When this situation occurs, the output queue is not emptied, and LMI remains down.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(12) or later. This happens only with very specific hardware configurations including NPE-G1 and PA-POS-OC3SMI. The issue observed when aforementioned Port Adapter is located at slot 4 and not seen with other hardware configurations.

Workaround: Place POS PA in other slot(s). PA location reconfiguration in chassis should fix the problem.

Symptoms: Aligment errors drive the router to crash due to a bus error ( TLB exception ). These reloads can occur about 2-3 times day.

Conditions: This symptom has been observed with a Cisco 3745 with NM-8AM running Cisco IOS Release 12.3(7)T11 and 12.4(13a) while there is great volume of the traffic through module NM-8AM. Replacement of all the HW equipment didn't solve the issue.

Workaround: Reduce traffic through NM module or install Cisco IOS Release 12.3 (not T train or 12.4 image) provokes that reloads stop.

IP Routing Protocols

Symptoms: A router may not clear BGP routes when you enter the clear bgp ipv6 unicast * command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SXF but is not release-specific.

Symptoms: at big service provider whereas atm-sub interfaces are deleted and new one created on regular basis as they remove and add new end customers.

Because it is not a manual process as scripting is used to perform that task, old configuration from deleted sub-interface are showing up on new sub-interfaces and in some cases are creating outages.

Workaround: verify sub-interface configuration and if configuration cannot be deleted on that sub-interface, delete this sub-interface then create a dummy sub-interface which will pull that configuration. Then recreate prior sub-interface.

Symptoms: Router may give spurious memory access or crash when the debug ip ospf hello command is enabled on the router, which has sham-links configured.

Conditions: This symptom has been observed with sham-links configured. Only Cisco IOS images with the fix CSCse35155 integrated are affected. The debug ip ospf hello command is enabled during the adjacency start on the sham-link interface.

Workaround: Do not start the debug ip ospf hello command in a sham-link environment.

Symptoms: The attributes that are configured in a site map may not automatically be applied to the BGP table when the associated interface is running other routing protocols such as RIP or OSPF.

Conditions: This symptom is observed on a Cisco router when routes are redistributed into BGP.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the associated interface.

Symptoms: When there are link flaps in the network, various PE's received the error msg %BGP-3-INVALID_MPLS: Invalid MPLS label (1) received in update for prefix 155:14344:10.150.3.22/32 from 10.2.2.1

Local label is not programmed into forwarding table for a sourced BGP VPNv4 network

Conditions: This symptom has been observed when an iBGP path for a VPNv4 BGP network is present, then a sourced path for the same RD and prefix is brought up after.

–

Remove the iBGP path. If the sourced path comes up first, then the problem will not occur

–

Use different RDs with the different PEs. If the RD+prefix does not match exactly between the iBGP path and the sourced path, the problem will not occur.

Symptoms: Cisco router running modular image (-vz- version) configured for OSPF and BFD may experience corner case crash.

Conditions: This symptom has been observed with a high number of very unstable OSPF/BFD neighbors.

Conditions: This symptom is observed on a Cisco router that is configured for incremental SPF (ISPF) and that functions in a network with MPLS TE tunnels.

Conditions: This symptom is observed in a multicast configuration when an RPF link changes.

Symptoms: On a PE router in an EIGRP network, EIGRP prefixes are redistributed into BGP but are missing their EIGRP-derived extended community values.

Conditions: This symptom is observed only when a network command is manually entered in "router EIGRP" mode while the redistribute eigrp command already exists in the BGP configuration. The symptom does not occur if all final configuration statements are present at router bootup time.

Workaround: Re-enter the redistribute eigrp command in the BGP configuration. There is no need to first remove the command because entering the command triggers a new redistribution event.

Symptoms: static NAT has memory leaking when configure "vrf route-map reversible extendable"

Router memory decreases dramatically when there is certain volume of tcp traffic.

Conditions: This symptom has been observed with Cisco IOS Release 12.4(9)T2 and Release 12.4(11)T1. This problem only happens when configured "route-map reversible" Normal static vrf NAT does not have this issue.

Symptoms: A router that is configured for static NAT translations may lose its external/global ARP entry for a NAT address.

Conditions: This symptom is observed when traffic flows run across the router, for example, when the client is outside and server is inside, and when static NAT translation is used for periods of about two minutes.

Workaround: Configure a route map that matches the static NAT translation, and apply the static NAT entry by entering either one of the following commands:

- ip nat inside source static tcp local-ip local-port global-ip global-port route-map name reversible

Workaround: There is no workaround. Bounce the interface again will fix the issue.

Further Problem Description: This is rare timing issue, so far it seen in a lab only when virtual link is configured.

Workaround: Avoid having configured OSPF process which can not start because no router-id is available.

Symptoms: After a mapping ID has been removed from the Stateful NAT Translation (SNAT) global configuration, a SNAT router may crash unexpectedly.

Conditions: This symptom is observed on a Cisco router that functions as a SNAT router and that runs Cisco IOS Release 12.4 or Release 12.4T.

%OSPFv3-3-DBEXIST: DB already exist

may be printed if OSPFv3 router redistributes large number of the external routes, usually after reload. So far no impact of the error message to the operation of the router has been experienced.

Conditions: This symptom has been observed with Redistribution configured and the router reloaded.

Symptoms: When you enter the ip multicast limit rpf command, protection may fail after the RPF link becomes operational.

Conditions: This symptom is observed on a Cisco router that is configured for APS switchover.

Workaround: Clear the state of the corresponding multicast route by entering the clear ip mroute command.

Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority packets. This is an error because only IP Precedence 6 packets should be classified as priority packets by SPD.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18) or a later release but may also affect other releases.

Workaround: Use ACLs to block invalid IP control packets from reaching the control plane.

Conditions: The crash will only happen where there are more than thirty IP routing protocol processes created and the last one is EIGRP. Note that this does not include VRFs. When the 31st routing protocol process is attempted, an error message wi ll be issued stating "too many IP routing processes". If attempt is then made to remove an EIGRP routing process by doing the command "no router eigrp <as>", the router will crash.

Symptoms: A few seconds after OSPF adjacencies come up, a router crashes because of a bus error.

Conditions: This symptom is observed on a Cisco router that functions as an ISR that is configured for OSPF.

Alternate Workaround: Enter the no capability transit command in the OSPF VRF processes.

Symptoms: The clear ip bgp * soft in command does not function for an inbound route map.

Conditions: This symptom is observed on a Cisco router that has the neighbor send-label command enabled when the prefix that is being filtered is an IPv4 unicast prefix.

Further Problem Description: The clear ip bgp * soft in command does function fine for other address families such as VRF and VPNv4.

Symptoms: A Cisco MGX-RPM-XF-512 resets after deleting Multicast VPN routing from a VRF and then deleting that VRF.

Conditions: This symptom has been observed on a system running Cisco IOS Release 12.4(6)T5 configured for Multicast VPN routing while deleting an interface.

ISO CLNS

Symptoms: A CLNS neighbor may still be formed after the IS-IS protocol has been shut down.

Symptoms: After redistribution-related configuration changes have been made, a CPUHOG condition may occur in the Virtual Exec process, causing loss of IS-IS adjacencies.

Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch that runs Cisco IOS Release 12.2(18)SXF when the redistribute maximum-prefix command is configured under the router isis command and when BGP is configured to be redistributed into IS-IS. The symptom could also affect a Cisco 7600 series router that runs Release 12.2SR.

Symptoms: IS-IS may not advertise the prefix of a passive interface to the IS-IS database on a local router.

Conditions: This symptom is observed on a Cisco router when you shut down an interface (for example, G9/1/1) of a 5-port GE SPA (SPA-5X1GE) that is installed in a SIP-600, replace the SPA-5X1GE with another card, and then enter the no shutdown interface configuration command on the interface at the same location (G9/1/1) on the new card. In this situation, the prefix for the interface (G9/1/1) is not advertised.

Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

Miscellaneous

Symptoms: A router that is configured for QoS may reload unexpectedly or other serious symptoms such as memory corruption may occur.

Conditions: This symptom is observed on a Cisco router that has a cable QoS profile with a name that has a length that is greater than 32 characters as in the following example:

cable qos profile 12 name g711@10ms_for_any_softswitch_Traa^C 00000000011111111111222222222333^ 12345678901234567890123456789012| | PROBLEM (Variable Overflowed).

Workaround: Change the name of the cable QoS profile qos profile to a length that is less than 32 characters.

Symptoms: A Cisco 10000 series may lose the PVC configurations for several subinterfaces and high CPU usage may occur. When you attempt to reconfigure the PVCs, error messages similar to the following may be generated:

Router#pvc 35/134 Unable to create PVC 35/134 on ATM1/0/0.10350134. Possibly multiple users configuring IOS simultaneously Further info about other user: Process id: 42, Process: Slot 1/0 CMD Process, TTY: 0, Location: Console Router(config-subif)#

Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.2(7)XI1 or Release 12.2(27)SBB.

Symptoms: The ip auth-proxy command may not take effect when it is configured on VLAN interfaces, and the following error message may be generated:

(This error message is generated when an IP phone is connected to port Fa0/0/0.)

Conditions: This symptom is observed only on a router that is configured with switchport interfaces.

Workaround: Configure the ip auth-proxy command on the ingress interface. If this is not an option because the ip auth-proxy command must be configured on VLAN interfaces, there is no workaround.

Conditions: This symptom is observed on a Cisco router that has a QoS service policy with traffic shaping.

Symptoms: A Cisco Gigabit Ethernet Interface goes down when set to speed 100 / Full Duplex and when the remote end is third party LAN extension service equipment.

Conditions: This symptom has been observed on Cisco 3800 Gigabit Ethernet interface. A Cisco 2811 FastEthernet interface or Cisco 2821 Gigabit Ethernet do not show the problem. The symptom is also not seen if a Cisco Catalyst 4506 is used in place of the third party equipment.

Workaround: Use hardware other than Cisco 3800 Gigabit Ethernet when connecting to third party equipment.

Symptoms: When the command "glbp <group> weighting track <track_number>" is configured on the Active processor of an HA capable router, the equivalent command does not get synced to the Standby processor config. This means that after processor switchover, the GLBP weighting track command will have no affect on the operation of the group.

Conditions: This symptom has been observed with HA capable routers in RPR, RPR+ or SSO mode, and supporting GLBP.

Workaround: There is no workaround for this issue. The config will have to re-entered into the new Active processor config after swichover.

Symptoms: Interface flaps on an ATM IMA port adapter may cause the router to reload.

Conditions: This symptom has been observed when using an PA-A3-8T1IMA/PA-A3- 8E1IMA port adapter on Cisco 7xxx series router platforms. Flaps must be observed or the shutdown and no shutdown commands must be performed on an applicable interface. However, this symptom is a rare condition, and will not necessarily occur with every flap. This symptom can occur with or without traffic.

Symptoms: A Cisco switch or router may reload when you configure an ATM User-Network Interface (UNI) link on an ATM interface of an 8-port ATM Inverse MUX E1 or T1 port adapter (PA-A3-8E1IMA or PA-A3-8T1IMA).

Conditions: This symptom is observed on a Cisco Catalyst 6000 series, Cisco 7500 series, and Cisco 7600 series when an ATM link is configured after the platform has booted up.

Symptoms: In Cisco IOS, when configuring a standard Access List host-level permit entry after a host-level deny entry, the order of ACL entries is reordered. In the running-configuration, the permit entry is placed at the top of the list. There is a chance packets will be permitted when they should be denied.

Symptoms: An SCCP analog gateway crashes when using the auto-configuration feature under CCM 5.x control.

Conditions:This symptom has been observed when the SCCP auto configuration feature is enabled and the SCCP GW is under CCM 5.x control

1. Do not use the SCCP auto configuration feature. Instead configure analog end points on the GW via the CLI.

Symptoms: When reloading a router(lsnt-ap-pe1, Cisco 7500 platform) with Cisco IOS interim Release 12.0(31.4)S1 from any Cisco IOS Release 12.0(28)S4b image, several IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP and traceback occur in the standby log.

Conditions: This symptom has been observed on a Cisco 7500 router platform with MVPN.

Symptoms: When using vrf-aware DVTI, when a DF-set packet exceeds the IPSEC SA path MTU, the PMTUD ICMP unreachable packet sent from the Cisco 7206 router contains the correct originator IP address, but it is sourced incorrectly to the PVRF(FVRF) tunnel termination loopback instead of the CVRF(IVRF) loopback and it is forwarded incorrectly out the PVRF(FVRF) routing table instead of the CVRF (IVRF) routing table. This issue appears to also exist in Cisco IOS Release 12.4(4)T2. This issue will also appear if an IP MTU is set in the virtual-template configuration. If a IP MTU is set within the virtual-template and a DF-set packet is sent to the virtual-access interface that violates this MTU, a PMTUD ICMP unreachable message is forwarded correctly from the CVRF(IVRF) loopback to the originator as expected.

interface Virtual-Template1000 type tunnel description cust1-h-g1 ip vrf forwarding cust1-u-p ip unnumbered Loopback1001 tunnel mode ipsec ipv4 tunnel vrf pvrf tunnel protection ipsec profile cust1-h-g1-ips

*Mar 24 15:52:05.778: ICMP: dst (10.100.15.2) frag. needed and DF set unreachable sent 
to 10.100.14.2

*Mar 24 15:52:05.778: IP: tableid=8, s=10.77.37.220 (local), d=10.100.14.2 
(GigabitEthernet0/2), routed via FIB

*Mar 24 15:52:05.778: IP: s=10.77.37.220 (local), d=10.100.14.2 (GigabitEthernet0/2), 
len 56, sending

*Mar 24 15:52:05.942: IP: tableid=0, s=10.3.0.43 (GigabitEthernet0/2), d=10.4.0.1 
(Loopback0), routed via RIB

*Mar 24 15:52:05.942: IP: s=10.3.0.43 (GigabitEthernet0/2), d=10.4.0.1, len 40,rcvd 4

Mar 24 23:00:14 UTC: %SEC-6-IPACCESSLOGDP: list mtu1 permitted icmp 10.77.37.220 -> 
10.100.14.2 (3/4), 8 packets

Symptoms: When configuring a Serial interface or issuing show commands related to that Serial interface, a router may incorrectly configure a different Serial interface or may show output from a different Serial interface in the router.

Conditions: The conditions under which the problem manifest itself are unknown, and appear to be random. The problem exists only when using a channelized T3 card and configuring one of the T1's.

Symptoms: MGCP three-way call conferencing may fail because of an abrupt onhook event at the originating endpoint.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(9.13) and that is configured for voice calls over Media Gateway Control Protocol (XGCP).

Symptoms: "%VPA-3-TSBUSY:VPA" and other error messages may be generated intermittently, and calls may fail.

Conditions: This symptom is observed on a Cisco 7206VRX that is configured with multiple VXC voice port adaptors.

Symptoms: A router that is configured for SNA Switching Services (SNASw) may crash.

Conditions: This symptom is observed when links with an end node go down and when there are multiple links to the end nodes, at least one of which supports CP-CP sessions, and one of which does not. The symptom occurs on rare occasions because of a timing condition.

Workaround: Change the end node device configuration such that all links to the SNASw router support CP-CP sessions. As per the APPN architecture, only one link does actually support CP-CP sessions.

Further Problem Description: The symptom occurs because there is a mix of APPN links (that support CP-CP sessions) and LEN links (that do not support CP-CP sessions) from an end node to the SNASw router. The recommended configuration is to have all links between two partners be of the same type. Because LEN links generally do not support parallel TGs, most likely these should be APPN links, all supporting CP-CP sessions. This is a product-dependent configuration on the end node product.

Symptoms: A router may crash during the assignment of a MAC address for a virtual Token Ring interface.

Conditions: This symptom is observed when the virtual Token Ring interface is configured for IP Traffic Export.

Symptoms: Router crashes due to the stack for process Exec running low on configuring auto qos on an atm subinterface.

Conditions: This symptom has been observed with a router loaded with Cisco IOS Release 12.4(10.5).

Conditions: This symptom is observed on a Cisco Catalyst 6000 series switch and Cisco 7600 series router that are configured with an IPSec VPN SPA (SPA-IPSEC-2G).

Symptoms: An MGCP gateway reloads when receiving Secure Real-Time Transport Protocol (SRTP) and V.150 parameters in the local connection options of a Create Connection (CRCX) message.

Conditions: This symptom has been observed when the gateway is configured to use SRTP and V.150 protocols.

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

Conditions: This symptom is observed on a Cisco router that is configured as an H.323 gateway and that functions in the following topology:

The "app-h450-transfer.2.0.0.9.tcl" application is applied on the incoming VoIP dial peer. The symptom occurs when IVR transfers the call and when the transferred call is put on hold.

Workaround: Enter the clear call voice id call-id command to clear the VoIP leg between the Cisco CallManager and the Cisco H.323 gateway. Doing so decreases the CPU usage. Obtain the Call ID from the output of the show call active voice brief command.

Alternate Workaround: Reload the router. Note, however, that high CPU usage may occur immediately after you have reloaded the router if the scenario that is described in the Conditions re-occurs.

Symptoms: A Cisco 2800 memory leak when receiving abnormal MGCP message continuously.

Symptoms: Packet drops due to interface throttles are seen on the GGSN R7.0 during performance test.

Conditions: The throttles seen when bi-directional traffic of 70 Mbps in the ratio of 1:4 upstream:downstream is sent over 60k ipv4 pdp's across 500 VRF Apn's. One throttle per minute was observed.

Symptoms: On a router that functions in a GRE over IPSec or Virtual Tunnel Interface (VTI) configuration, an access control list (ACL) may be bypassed when there is an ACL on the tunnel interface.

Conditions: This symptom is observed when the ACL on the tunnel interface is configured on the outbound physical interface on which the IPSec tunnel is terminated.

Workaround: Apply the outbound ACL on the protected LAN interface instead of on the tunnel interface.

Symptoms: When the ATM Software Segmentation and Reassembly (SAR) feature is enabled, VBR-rt PVCs may be deactivated before VBR-nrt PVCs in an over-subscription scenario.

Conditions: This symptom is observed on a Cisco 2600 series and Cisco MC3810 that have oversubscribed ATM PVCs with a VBR-rt and VBR-nrt class of service.

Workaround: Configure all PVCs with an SCR of less than or equal to the line rate.

Symptoms: MWAM processor running as GGSN in a GTP-SR active/standby redundant system may encounter software exception during a failover.

Conditions: The execption is noticed under the following condition. - Create a few thousand IPv4 PDP contexts (e.g. 20000) on the MWAM GGSN processor. - Reset the active-GGSN MWAM module. The MWAM GGSN in the other chassis as standby will now become active. - When the reset MWAM boots up, and the GGSN processor tries to sync the PDP contexts as standby, exception happens a couple of times before the GGSN coming up finally. The problem doesn't always happen consistently, though.

Symptoms: A "dir disk0:" command will fail if any filename or directory name stored on disk0 contains embedded spaces. This applies to disk1 or disk2 as well.

Conditions: A removable ATA flash card can be removed from the router and inserted into a laptop that is running a version of the Windows operating system. Then a "New Folder" directory can be created on the ATA flash card. The flash card can be removed from the laptop and re-inserted into the router. Typing the "dir" command on the router may fail to show all the stored files or in some cases crash the router.

Workaround: Remove or rename all files and directories having names with embedded spaces so that no file or directory names contains embedded spaces.

Symptoms: A Cisco router that is configured for RIPv2 may not delete a path from the routing table when it should do so.

Conditions: This symptom is observed after the router has learned multiple paths for a prefix with different next hops from one neighboring router and after the neighboring router stops advertising one of the paths.

Conditions: This symptom has been observed when deleting many tunnels with tunnel protection enabled. Happens in extremely rare cases.

Symptoms: When a router boots and when bursty traffic occurs, the following error messages may be generated:

%ALIGN-SP-STDBY-3-SPURIOUS: Spurious memory access made at 0x72AB2370 reading 0xB8

%ALIGN-SP-STDBY-3-TRACE_SO:

-Traceback= (s72033-adventerprisek9_wan_dbg-0-dso-bn.so+0x1AE370) ([42:0]+0x1AE47C) 
([31:-3]3-dso-b+0x220994) ([41:0]+0x220FB8) ([41:0]+0x221A90) ([41:0]+0x22214C) 
([41:0] +0x222D6C) ([41:0]+0x2233CC)

Conditions: This symptom is observed when bursty IPC traffic occurs while the router boots or during a switchover, typically with heavy configuration data exchanges.

Symptoms: SIP may not pass the correct calling number in the header when an e164 address is used. SIP should block the population of the calling party number if the user portion of the "From" header is not an e164 address, preventing the calling party number IE from being populated when ISDN sends the SETUP message. However, this does not occur, and SIP may pass an incorrect number.

Conditions: This symptom is observed on a Cisco gateway that sends Microsoft Communicator SIP calls to the PSTN.

Symptoms: With a DMVPN setup running OSPF, OSPF neighbourship flaps and tracebacks are seen.

*Feb 9 12:20:34.147: %SYS-2-MALLOCFAIL: Memory allocation of 1708 bytes failed from 
0x605270B0, alignment 32

Pool: I/O Free: 396512 Cause: Memory fragmentation

Alternate Pool: None Free: 0 Cause: No Alternate pool

Conditions: With an mGRE tunnel with tunnel protection configured and OSPF running, the problem can occur if there is a route for a tunnel transport destination address for a spoke through the tunnel itself.

Workaround: The problem was seen with a DMVPN setup that was misconfigured so that a tunnel transport destination address was through the tunnel. The problem will be avoided if there are no routes for tunnel destination addresses through the tunnel.

Symptoms: When a router that has the ssg intercept dhcp command enabled receives a DHCP packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM), the router may unexpectedly reload because of a bus error.

Conditions: This symptom is observed on a Cisco router that functions as an SSG with PBHK enabled, when a host has received an IP address that is associated with a service (via the "J" Service-Info attribute), has logged out from the SESM, and then renews its IP address.

Symptoms: Multiple conflicting conform / exceed /violate actions are allowed under a single classmap.

Conditions: The user is allowed to configure multiple conflicting conform/exceed/violate actions under the same class-map.

Conditions: This symptom is observed on a Cisco 7200 series that function as a PE router and that connects to a CE router. Both routers are connected through 1-port multichannel STM-1 (PA-MC-STM-1) port adapters and the framing no-crc4 command is enabled on all interfaces of both routers.

Workaround: Enter the shutdown command followed by the no shutdown command on the SONET controller of the PA-MC-STM-1 at the PE side to enable all interfaces to come up.

Symptoms: When the fax protocol t38 ls-redundancy value hs-redundancy value command is enabled with values other than zero, redundant packets should be generated for MGCP T.38 fax calls, but this does not occur.

Conditions: This symptom is observed on a Cisco platform such as a Cisco AS5400 that runs Cisco IOS Release 12.4 or interim Release IOS 12.4(11.5)T.

Symptoms: A router that is configured for Dynamic DNS (DDNS) may reload unexpectedly.

Conditions: This symptom is observed when you manually change the IP address of an interface that has DDNS configured.

Conditions: Some of the PIM CLIs are causing active RP to crash. This is happening ONLY when these CLIs are configured while in the sub-config mode for "control-plane policing". Normally, any global relevant config should automatically exit the sub-config prompt, and accept the CLI as well. In this case, teh PIM command is rejected and RP crash follows. The same PIM commands work fine when executed under the global config mode (where they belong) or under other sub-config modes.

Workaround: Use the "exit" command to exit the the main config prompt before configuring PIM related CLIs.

Conditions: This symptom has been observed when running Cisco IOS images which have the fix for CSCuk25309 or CSCuk33415.

Workaround: Disable name lookup using the no ip domain- lookup global configuration mode command when doing traceroute.

Symptoms: After a user is prompted to enter their user name and password, a token response field is displayed without the actual token or SNK challenge. The output of the debug radius command shows that the SNK challenge is sent to the user, but it is not displayed on screen.

Conditions: This symptom is observed on a cisco router when the ip auth-proxy command is configured for HTTP with a one-time password (OTP).

Symptoms: The following error message is displayed on a Cisco AS5850 router every hour:

%HA_CLIENT-3-NO_CF_BUFFER: The MARVEL CRYPTO HA client failed to get a buffer 
(len=1120) from CF (rc=1); checkpointing failed

-Traceback= 0x201C9FBC 0x217C1B58 0x217C2068 0x21BBD32C 0x21BBDFD0 0x21BBE180 
0x21DCF368 0x21DCF5C4

Conditions: This symptom has been observed on a Cisco AS5850 gateway running crypto images (c5850tb-k9p9-mz) in RPR+ mode.

Conditions: This symptom is observed when you bring up PPPoX or L2TP sessions over multiple tunnels without traffic being processed over these sessions.

Symptoms: A router may reload unexpectedly when using a CA that does not support the GetCAPS exchange (part of SCEP), because of a bus error crash after entering the crypto ca authenticate command.

Any response other than a real GetCAPS reply will cause the crash. Before the router crashes, the following error messages and traceback are generated:

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Crypto CA.

-Traceback= 0x42AB7410 0x424A6E18 0x42469B7C 0x424651E0 %Software-forced reload

Preparing to dump core... %CRYPTO-4-IKMP_NO_SA: IKE message from xxx.xx.xx.x has no SA and is not an initialization offer

Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.4(10b) but may not be platform-specific.

Symptoms: A VSI session may become stuck in the "RESYNC_UNDERWAY" state, preventing LVC connections from being set up. This situation is not cleared automatically, and error messages are not flushed, as is shown in the output of the show controller vsi session command.

Conditions: This symptom is observed on a Cisco router that functions as a Label Switch Controller (LSC).

Symptoms: DSMP is not programming the DSP for supervisory tone while alerting tone is there, which leads to the fxo disconnect supervision issue.

Conditions: This symptom has been observed when using a Cisco IOS software version later than Cisco IOS Release 12.3(14)T.

Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.4 or Release 12.4T and occurs either with the microcode reload pxf command or the microcode reload sar command. However, the symptom is not platform-specific.

Symptoms: A Cisco IAD 2400 series may reject sequence numbers for Q.921, causing calls to be dropped or a PBX to lock up.

Conditions: This symptom is observed when a Cisco IAD 2400 series is connected to a third-party vendor phone system and third-party vendor PBX and occurs only when sequence number 16 or 68 is sent to the IAD.

Symptoms: The first time a Cisco IOS IPS 4.x signature performs an inline deny action against a flow and/or attacker, a dynamic ACL is created. However, subsequent times a deny action is performed, the signature does trigger but no dynamic ACL is created.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(9)T3 with advanced IP services when Cisco IOS IPS has a signature action that is configured for "denyinlineflow" and/or "denyattackerinline" and when Cisco IOS IPS is enabled on an interface in the outbound direction.

Symptoms: After a gateway receives a high number of calls, calls may not go through intermittently.

Conditions: This symptom is observed on a Cisco 3800 series that functions as a gateway and that is configured for E1R2 signaling. The symptom occurs when the gateway sends a "clear forward" forward to the PSTN before the PSTN sends a "B1" message.

Conditions: This symptom is observed on a Cisco router when the fax call on the PSTN side hangs up before the call completion.

Conditions: This symptom is observed on a Cisco gateway such as a Cisco AS5400 after a SIP transfer has occurred.

Workaround: Enter the no voice-fastpath disable command to resolve the one-way audio issue. There is no workaround for the DTMF issue.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

Symptoms: A Cisco router that is configured for IPSec HA may generate a "SYS-2-CHUNKMALLOCFAIL" error message and a traceback.

Conditions: This symptom is observed on a Cisco 3845 that functions as an EzVPN server. The symptom may not be platform-specific.

Symptoms: Many time out errors and many retries without any other IPC errors will be seen.

The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:

By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack sy stems normally protected by an IPS or firewall.

Symptoms: A Cisco router can experience a memory corruption crash related to encryption.

Conditions: This symptom has been observed when the memory lite global configuration command is disabled.

Workaround: Enable the memory allocation lite (malloc_lite) feature by using the memory lite command.

Symptoms: In a scenario where traffic is passed to and from two different interfaces, both with the ip admission command configured, EAP over UDP communication will only be triggered for hosts initiating traffic.

This situation results in return traffic that should be allowed after completing the NAC process (for example, via NAC exemption) to be blocked.

Conditions: This symptom has been observed when the ip admission command is configured on two communicating interfaces and NAC needs to be triggered in order to open traffic for return traffic.

Workaround: Instead of sending traffic from A->B and B->A, trigger traffic from A->B and if B sends traffic to any other dummy destination like C. This results in NAC to be triggered for A when it sends the traffic to B, and B will be posture validated when it sends traffic to C.

Symptoms: Calls via IPIPGW bow working. Calls from CCM over H323 to CME using GK controlled trunk via IPIP GW

Conditions: Only occurs when GLBP receives a packet from a group that is not configured locally.

Symptoms: The h245 caps suppress nte command may not function, causing an IPPIPGW to continue to advertise the NTE capability in an H.245 capability message.

Conditions: This symptom is observed on a Cisco router that functions as an IPIPGW and that runs Cisco IOS Release 12.4 or Release 12.4T.

Symptoms: Plugging a V.35 DTE cable into an HWIC-4T Serial port in "shutdown" state may result in the "shutdown" command being removed and the interface coming up/up.

Conditions: This symptom has been observed with 3845/HWIC-4T/c3845-advsecurityk9-mz.124-13b.

Symptoms: Ping between CE routers failed, after flapping PE routers interface or flapping ip cef on PE routers.

Conditions: This symptom has been observed with ATM PVC adjacency between PE and CE becomes incomplete when interface or ip cef is flapped on PE routers.

Conditions: This symptom is observed on a Cisco 2600 series when you attempt to run the c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other releases.

Symptoms: When an SSG does not receive a RADIUS accounting stop message for a particular user from an Access Zone Router (AZR), the same user (with the same MAC address) does receive a new IP address from the AZR (which is also a DHCP server). In this situation, SSG receives the accounting start message from the AZR and does acknowledge the receipt, but may not create any input in the RADIUS proxy user table.

Conditions: This symptom is observed when the hotspot is part of a network that is configured as an SSG RADIUS proxy client.

Symptoms: show IMA interface IMA X/Y display wrong timing refrence link after changing the clock source.

Conditions: After changing the network clock priority to be source clock, IMA still shows the previous clock source. Also tried to shut and not shut on the previous interface.

Conditions: After upgrading from Cisco IOS Release 12.3(11)T9 to Release 12.4(7e), it is observed that fax calls from an analog Cisco 2420 or Cisco 2430 router outbound to the Cisco AS5850 fail. It appears the Cisco AS5850 is having trouble falling back from T38 to passthrough. Standard configuration is T38 enabled on the Cisco AS5850 but not on the analog IAD. Disabling T38 on the Cisco AS5850 results in successful faxing.

Symptoms: When the Reverse Route Remote Peer option is enabled, packets may not be forwarded correctly.

Conditions: This symptom is observed when both CEF and the reverse-route remote-peer command are enabled. When you enable the debug ip cef drops command, typically, the following is shown:

CEF-Drop: Stalled adjacency for remote-physical-ip-addr on Ethernet1/0 for destination remote-protected-ip-addr CEF-Drop: Packet for remote-protected-ip-addr -- encapsulation

Alternate Workaround: Add a next hop to the reverse route, for example, by entering the reverse-route remote-peer ip-address command.

Symptoms: An MGCP endpoint may become stuck and generate the following error message:

Conditions: This symptom is observed when a call agent sends a CRCX message after a modem reset.

Symptoms: The router will crash when ipsec is established only in the case when both PKI and IKE AAA accounting is configured. When PKI is configured, the DN is used as the isakmp idenity. The crash only occurs when the DN is not available and the server tire s to use the DN as the isakmp identity.

Conditions: This symptom has been observed with a router running 12.4(13b) acting as a dmvpn hub may crash when when you clear the isakmp peer and the session is restablished. The certifacate for the crypto peer is from a PKI server

Symptoms: When 6000 L2TP sessions are disconnected, a Cisco IOS LNS router is stuck on High CPU Utilization (99% or 100%) with PPP IP Route process for 5 minutes.

Conditions: This symptom has been observed under stress test conditions (thousands sessions are disconnected at once) with no traffic and using Cisco IOS Release 12.4(13). This symptom has not been observed on earlier releases.

Symptoms: Upon reload of Cisco 3825, acting as IPIPGW, SIP processing fails. Outbound SIP messages (requests or responses) fail to be sent.

Conditions: This symptom has been observed with a reload of IOS IPIPGW running 12.4(11)XW in the following topology:

Workaround: To restore call functionality, remove the SIP bind statements in the configuration and add them back in.

Conditions: This symptom occurs when the RADIUS proxy feature is used. Leaking could be triggered on the following call flow scenario:

HostObject(HO) with MSID1, ip-address IP1 and username user1@cisco.com is logged on.

PDSN sends an acct-stop with MSID1 with session-continue attribute set to TRUE. When this is received, SSG will start a hand-off timer. Note that SSG will not delete the HO at this time.

SSG will treat this as an auto-domain user, even though auto-domain is not configured on SSG.

SSG will try to get the profile by extracting the domain name from the structured username and sending an access-req to AAA with username as the domain name.

Since AAA server does not have the cisco.com profile, it sends an access-reject to SSG.

Symptoms: RPR+ mode, when I do the following sequence the slave RSP configs add a "shutdown" command under interface serial.

Symptoms: A VWIC2-2MFT-T1/E1 may stay in alarm state after either shut/ no shutting the controller or removing and replacing the interface cable.

Conditions: This symptom has been observed when the controller is configured this way:

! controller E1 0/0/0 framing NO-CRC4 ds0-group 0 timeslots 16 type ext-sig ... ds0-group 30 timeslots 30 type ext-sig alarm-trigger blue 0 !

Workaround: Shut down and restart the controller or remove and replace the cable a second time.

Symptoms: The "set ip next-hop" command misses some part of the next-hop addresses.

Conditions: whenever the input string crosses more than 255 characters for the command "set ip next-hop", the extra characters are truncated which means losing of some IP addresses.

Workaround: Configure the ipaddresses individually using seperate "set ip next-hop" command if the number of characters inputted crosses morethan 255 (i.e, you can't configure more than 255 characters via a single CLI).

Symptoms: The fix of CSCsc63752 in hawaii caused the following boot images build failure, c4gwy-cboot-mz, c5850-boot-mz, and c7200-boot-mz.

Further Problem Description: This issue is pretty understandable as deals with build breakage of boot images. The other than pointed images are built successfully.

The fix of CSCsc63752 is having a function call which is not defined in same sub-system from where we are calling that.

Conditions: Removing the Dialer interface configuration whilst having IPHC configured on that interface will crash the platform this is observed on Cisco7200 running "IS" 124(16.5).

Workaround: Remove any IPHC CLI from the Dialer interface prior to deleteing the Dialer interface from the configuration.

Conditions: When the authentication is done before allocating the resources for the call.

Further Problem Description: MGCP receives a CRCX and while processing it, it tries to allocate the necessary resources by calling the RM. Normally the resource allocation would take 40 to 50 ms and the RM would get back with SUCCESS/FAILURE. But in the failed case, even after 2 seconds, we don't see any response from the RM.

Symptoms: test ip domain lookup aaa.global.com non-block command does not resolve the name

Conditions: This happens with non-block options with ip domain lookup for server name

Symptoms: The Client Router crashes, while shutting down the Interface, after it got an Ip Address from the DHCP server.

Symptoms:Router is getting crashed while enabling ipv6 and ospf on the interface .

Symptoms: A Cisco Route Switch Processor can unexpectedly reload and experience a switchover when a Versatile Interface Processor in the same router containing an ATM Port Adapter fails.

Symptoms: Performing an snmpwalk on the ipRouteTable MIB may cause high cpu and reloads.

snmp-server view cutdown 1.3.6.1.2.1.4.21 exclude

snmp-server view cutdown internet included

snmp-server community <comm> view cutdown RO

This view restricts the objects that the NMS can poll. It excludes access to the ipRouteTable, but allows access to the other MIBs.

Symptoms: The problem is that the PCMM policy server polls the ifStackTable (1.3.6.1.2.1.31.1.2) on CMTSs to identify bundle interfaces.

Symptoms: All DATA analog dialout call are setting Bearer Capability to 0x8090 instead of 0x0890A3 ( indicating the x-Law ) ..A3 being for A-law

Conditions:Cisco AS5xxx running image above Cisco IOS Release 12.4(7e) and having to make outgoing DATA calls.

TCP/IP Host-Mode Services

Conditions: This symptom is observed when testing the Echo cancelling feature in the Cisco 1700 platform but is not platform dependent.

For each new call the H.323 GW will generate a TCP Port to be used for call setup. Intermittently the GW will generate a TCP Port that is being used for an established connection. When the GW initiates the three way handshake for the new call it r eceives a responce with an unexpected ACK sequence number. The GW will then send a TCP RST causing the currently etablished TCP connection/call to be torn down.

Conditions: This symptom has been observed with both Cisco IOS Release 12.4(13a) and 12.4(13b).

Symptoms: A MIB walk of the udpTable will have extra bad entries when a UDP IPv6 connection to the box is made

Wide-Area Networking

A Cisco 2811 router running Cisco IOS Release 12.4(7a) may have a memory leak in the "ISDN" process as seen in show process memory. The leak rate appears to be about 1.20MB/Hour.

Conditions: This symptom has been observed with BRI-U interface that is UP/UP (spoofing).

Conditions: This symptom has been observed when ATM PVC is deactivated and the PVC is carrying PPPoA sessions.

Symptoms: A PPP session that is initiated from a client may not be forwarded. to an LNS.

Conditions: This symptom is observed on a Cisco router after the PPP session has been established.

Conditions: This symptom has been observed when "sh pppoe throttled mac" command is issued

Symptoms: After reload, one of two dialer interfaces binds all bri's channels, and finally the dialer uses only one channel. However, the rest one channel not used remains to be bound to the dialer. Therefore, the other dialers can't use an idle channel. When the problem is occured, idle bri channel's intf status will become "hardware:down line:up".

Conditions: This symptom has been observed when a router is rebooting, and its peer router over isdn begin to transmit packets.

Conditions: This symptom is observed on a Cisco router that has the isdn overlap-receiving command enabled.

Symptoms: Dialer interface with vrf checks the route in other vrf. This causes dialer interface no to go down by idle-timeout when the target route of dailer watch on other vrf doesn't exist in routing-table.

Symptoms: High CPU usage may occur when IPCP is being renegotiated. Eventually, the high CPU usage may cause buffers to be backed up, may cause error message to be generated, and may cause L2TP tunnels to be dropped.

Conditions: This symptom is observed on a Cisco router when clients renegotiate IPCP unnecessarily. You can verify this situation by enabling the debug ppp negotiation command or by configuring RADIUS authorization and then checking the virtual-access interface for the phrase "cloned from: AAA, AAA, ..." (that is, multiple instances of AAA) as identification.

Further Problem Description: You can alleviate the situation somewhat by configuring the NCP Timeout to 15 seconds to disconnect clients that take a long time to renegotiate IPCP. You can also do the following:

–

Do not configure the redistribution connected command under a routing protocol such as (but not limited to) EIGRP, RIP, or OSPF.

–

Ensure that the IP local pools are concise. For example, create one statement for multiple /24s instead of splitting all /24s on single lines, because with single lines, the look-up becomes long and contributes to the high CPU usage.

Symptoms: A router crashes while sending large control packets between client and L2TP Network Server (LNS) in L2TP callback scenario.

Conditions: This symptom happens with a Cisco 7200 router that is running Cisco IOS interim Release 12.4(13.13)T1.

Symptoms: show isdn service shows b_channels of interface configured for primary ss7-nfas as outofservice

Conditions: This symptom has been observed with a Cisco AS5850 or Cisco AS5400 platforms for controller configured for ss7-nfas

Symptoms: A call may be present on a backup D-channel but the Call Control Block (CCB) information may be missing.

Conditions: This symptom is observed on a Cisco platform after you have entered the isdn test l2 disconnect command on the interface for a backup D-channel.

Conditions: This symptom has been observed intermittently and does not seem to be related to any of the ISDN interface states

Symptoms: After reloading router with a serial WIC-1DSU-T1-V2 and Cisco IOS Release 12.4(9)T1 or 12.4(11)T1 and if the serial is configured for SLARP, then the interface will show in the Admin Down state after the router reloads. Occurs even when it is verified that the 's hutdown' command is not present in startup-config or the running-config files.

Conditions: This symptom has been observed with a Cisco 2800, WIC-1DSU-T1-V2 running SLARP. In codes: c2800nm-advipservicesk9-mz.124-11.T1 c2800nm-advipservicesk9-mz.124-9.T

Workaround: After router recovers from re-booting issue the 'no shut' command under the interface.

Further Problem Description: Issue not seen in VWIC-2MFT-T1. Was not able to recreate the issue in c2800nm-ipbase-mz.124-3e

Symptoms: A terminating gateway (TGW) that is configured for Cisco ISDN Interconnect for Voice Gateways Solution may crash.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(15.6) and that functions as a TGW with all PRI switch types from the user to the network side. The symptom occurs when the isdn test call interf ace interface-number dialing-string command is entered at the platform on which the call is initiated, when the originating gateway (OGW) is configured for the National ISDN (primary-ni) switch type, and when the TGW is c onfigured for the NT DMS-100 (primary-dms100) switch type. The symptom may also affect Release 12.4T.

Symptoms: Configure OGW and TGW with "isdn global-disconnect for switch type basic-net3 To verify AOC for DISCONNECT message pass across from one end to another end. The voice is made from the call-starter which causes the TGW to crash.

Conditions: This symptom has been observed with Cisco IOS Release 12.4(16.5)T.This happens for switch type basic-net3.

Conditions: This symptom has been observed on entering the no pri-group timeslots command.

Symptoms: Platform will crash if enter either no frame-relay ip rtp header-compression or no frame-relay map ip <ipadd> <dlci>

Conditions: This symptom has been observed with any platform running any 12.4 Mainline release. For the purpose of the note this is apparent in latest Cisco IOS Release 12.4(16.6) on 7200 IS build, but have also recreated this on a Cisco 3845, and was reported by TAC on a Cisco 2800.

The problem occurs when there is more than one IP map configured for the same DLCI and IP header compression is configured.

Workaround: Do not configure more than one IP map on the same DLCI at the same time as IP header compression.

Symptoms: Router crashes when configure a vc-group using a MFR bundle link interface.

Conditions: This symptom has been observed when attempting an invalid FRF.5 configuration.

Workaround: This is an invalid configuration. Use the MFR bundle interface instead of the bundle link.

Resolved Caveats—Cisco IOS Release 12.4(16b)

Cisco IOS Release 12.4(16b) is a rebuild release for Cisco IOS Release 12.4(16). The caveats in this section are resolved in Cisco IOS Release 12.4(16b) but may be open in previous Cisco IOS releases.

Basic System Services

Symptoms: A traceback is noticed when long URLs are used to configure a device using Cisco IOS HTTP web parser. The device does not crash.

Conditions: Trying to configure commands that have a single keyword or parameter greater than N characters in length using the web-based Cisco IOS command parser causes a traceback where N is:

Workaround: Avoid using the web-based command line parser for CLI commands with long keywords or arguments.

Conditions: Occurs while using third-party TACACS+ server. Authentication and authorization works as expected, but the TACACS+ server sends incorrect accounting response. The router errors on check keys failure for accounting response, but still does not failover to the second TACACS+ server in the list.

Interfaces and Bridging

Symptoms: ATM map is not created dynamically for multipoint sub-interface. Inverse Address Resolution Protocol (InARP) request and response are not processed by the router.

Conditions: This occurs when ATM point-to-point sub-interfaces are created, and then the sub- interfaces are unconfigured. New multi-point sub-interfaces are created with the same configuration as point-to-point sub-interfaces.

Symptoms: The Show bridge command on R0 reveals that the received MAC address of the DSL client is not in the bridge table (although the bridge table is populated fine on switch1). Subsequent traffic is broadcast to every PVC until any packet other than an ARP reply is received from the MAC address in question.

Conditions: Occurred on a Cisco 7200 router (R0) running Cisco IOS Release 12.2(31). The router is configured to bridge RFC1483 bridged traffic between ATM and fastethernet sub-interfaces. ATM sub- interfaces (each in a bridge group) have PVCs that connect to many DSL customers. The Fastethernet subinterface of R0 is connected to another router (R3) via a switch. R3 is performing routing for this bridge group using a BVI. When R3 sends ARP request for a DSL customer IP address, the ARP is bridged to an ATM subinterface and then broadcast to every ATM PVC. When the ARP reply is received on R0, it is bridged by R0 just fine and reaches routing interface on R3. The ARP table is populated on RE. Packets other than the ARP reply do populate bridge table on R0.

IP Routing Protocols

Conditions: This problem occurs when the NAT rule has route-map that points to an ACL, and the ACL has a "domain" keyword, as follows:

ip nat inside source static 192.168.2.1 192.168.1.10 route-map TEST ! ip access-list 
extended TEST deny udp any eq domain any permit ip any any

If the packet is not a fragment packet, this problem never occurs. The second fragment packet is affected but additional fragment packets are not affected.

Symptoms: The system crashes when the show ipv6 ospf lsdb- radix hidden command is entered.

Symptoms: OSPF routes are not populated in the Routing Information Base (RIB) with the next hop as traffic engineering (TE) tunnels.

Conditions: Occurs when multiple TE tunnels are configured and the tunnels come up or are shut/no shut simultaneously.

Conditions: Occurs following the failover to a path with higher distance. When the original path is restored, the distance value is not updated.

Workaround: Clear the BGP route, which causes the correct distance value to be learned.

Symptoms: Changes to a neighbor's weight do not take effect when followed by the clear ip bgp x.x.x.x soft in command.

Conditions: When a soft reconfiguration inbound is enabled along with the neighbor weight assigned directly to a BGP neighbor, issuing the clear ip bgp ip_address soft inbound command resets the neighbor weight to 0 or has no effect.

Workaround: Set the neighbor weight value as part of an inbound policy such as a route map.

Alternative workaround: If the neighbor command soft reconfig-inbound is removed, you can still refresh your routes from the peer. This will happen with route refresh (you will not see the difference). Relying on soft reconfig-inbound for refreshing the routes is discouraged.

Symptoms: Using the show ip route static or show ip route connected commands causes excessive CPU usage and CPUHOG messages. Tracebacks are also observed.

Conditions: Occurred after 250,000 BGP prefixes were received from a single neighbor. This is common in a lab scenario, but less likely in a production network.

Symptoms: LDAP packet is modified while passing through NAT router causing LDAP to fail.

The packet after the NAT router seems to have been fragmented and expanded to two

Symptoms: When the BGP session between a Route Reflector (RR) and PE router flaps, the RR may no longer send some routes to the PE router.

Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that integrates the fix for caveat CSCsi85222. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi85222. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the clear ip bgp * all in command on the PE router to retrieve all routes from the RR.

Symptoms: In Cisco IOS software that is running the Border Gateway Protocol (BGP), the router may reload if BGP show commands are executed while the BGP configuration is being removed.

Conditions: This problem may happen only if the BGP show command is started and suspended by auto- more before the BGP-related configuration is removed, and if the BGP show command is continued (for example by pressing the SPACE bar) after the configuration has been removed. Many BGP show commands may have this vulnerability, but in each case the problem only happens if the deconfiguration removes objects that are being utilized by the show command. Removing unrelated BGP configuration has no effect.

Workaround: Terminate any paused BGP show commands before beginning operations to remove BGP- related configuration. Pressing "q" to abort suspended show commands, rather SPACE to continue them, may avoid problems in some scenarios.

Miscellaneous

Conditions: This problem is observed on both the Cisco 2800 and the Cisco 3800 platforms that are running Cisco IOS interim Release 12.4(13.9).

Conditions: After upgrading from Cisco IOS Release 12.3(11)T9 to Cisco IOS Release 12.4(7e), it is observed that fax calls from an analog Cisco IAD2420 or Cisco IAD2430 outbound to the Cisco AS5850 fail. It appears the Cisco AS5850 is having trouble falling back from T38 to passthrough. Standard configuration is T38 enabled on the Cisco AS5850 but not on the analog IAD. Disabling T38 on the Cisco AS5850 results in successful faxing.

Symptoms: The following error message appears: "Copland ERROR->Slot(2):Cacheis full, processed 5 out of 8."

Condition: This message is seen on a Cisco 3825 router with MGCP configuration and a NM-HDV.

Symptoms: A VWIC2-2MFT-T1/E1 may stay in alarm state after either shut/ no shutting the controller or removing and replacing the interface cable.

controller E1 0/0/0 framing NO-CRC4 ds0-group 0 timeslots 16 type ext-sig ... ds0-group 30 timeslots 30 type ext-sig alarm-trigger blue 0

Workaround: Shut/no shut the controller or remove and replace the cable a second time.

Symptoms: E1 interface that is used for providing TDM network clock sometimes gets stuck in SHUTDOWN state after a controller failure, even after the controller is up and functioning.

Conditions: Occurs when E1s are used for T-CCS to connect together two PBX circuits across a WAN. The problem is intermittent. Sometimes the TDM clock is able to recover, but other times the network clock state from the show network-clocks command shows SHUTDOWN for an E1 controller that is up and working. The following shows the output when this happens:

router#show network Network Clock Configuration --------------------------- Priority 
Clock Source Clock State Clock Type

1 E1 2/0/0 SHUTDOWN E1 2 E1 2/0/1 GOOD E1 3 E1 2/0 SHUTDOWN E1 4 E1 1/0 GOOD E1 5 E1 
1/1 GOOD E1 11 Backplane GOOD PLL

Current Primary Clock Source --------------------------- Priority Clock Source Clock 
State Clock Type

E1 2/0/0 is up. Applique type is Channelized E1 - balanced Description: No alarms 
detected. alarm-trigger is set to Blue Alarm is not triggered Version info Firmware: 
20060711, FPGA: 13, spm_count = 0 Framing is NO-CRC4, Line Code is HDB3, Clock Source 
is Line. Current port master clock:recovered from backplane Data in current interval 
(792 seconds elapsed): 0 Line Code Violations, 0 Path Code Violations 0 Slip Secs, 0 
Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 
Severely Err Secs, 0 Unavail Secs

Workaround: Remove then reapply the network-clock-select command for the TDM clock in SHUTDOWN state. Use the following commands:

Symptoms: BRI and PRI become active, and communication is normal. After about three minutes pass, ping loss might intermittently be observed.

Conditions: CEF drop was observed in interface with legacy dialer configuration or dialer rotary-group configuration in an end-to-end communication when enabling "debug ip cef drops". At this time, ping loss was observed, and it was displayed as "incomplete" in show adjacency. This symptom was observed when using 12.4(13) or later. However, this symptom was not observed for interface with dialer profile configuration in an end-to-end communication.

Workaround: Disable cef(no ip route-cache cef). Use a Cisco IOS release that is not affected. Use dialer profile configuration instead of legacy dialer configuration or dialer rotary-group configuration

Symptoms: When terminating an inbound SIP VoIP call to an ISDN PRI or BRI trunk, if the INVITE has a Remote Party ID whose calling party number is preceded with a "+" character, this character is retained in the outgoing ISDN Q.931 SETUP message. This may cause problems for some PBXs that do not ignore this character and consider it a literal in the calling party number.

Conditions: Occurs on Cisco IOS Voice GateWays configured for SIP VoIP and with ISDN PRI or BRI trunks.

Workaround: Use Cisco IOS Release 12.3(12.3)T, 12.3(11)T07, which are unaffected by this issue. You can also configure a translation rule to strip the leading "+" character and apply it to the POTS dial-peers assigned with the PRI and BRI voice-ports.

Symptoms: During bootup, "send break" does not erase NVRAM when "no service password-recovery" is configured. The router does not respond to the break sequence. When enabling recovery, the customer can break the router into ROMMON without any issues.

Symptoms: H323-->SIP interworking fails for a Fast start call when transcoding is enabled on an IPIPGW. Transcoding is done between G711ulaw and G729r8 codecs.

Symptoms: Memory held by mem_mgr_chunk_t and mem_mgr_mempool_t in dead process is causing an out-of-memory condition on the gateway.

The following processes are the cause of the large amount of holding memory in *Dead* process:

0x61EC066C mem_mgr: mem_mgr_chunk_t

0x61EC091C mem_mgr: mem_mgr_mempool_t

Symptoms: An MGCP gateway may unregister from Cisco Unified CallManager (CCM) when its device pool is reset. The show ccm-manager command shows that the gateway is registered to CCM but the CCM administration page shows it in the "Unregistered" state.

Condition: This problem was observed when the gateway had a TFTP failure in downloading the XML configuration file.

Workaround: Enter the no mgcp and mgcp commands in router configuration mode to force the gateway to register.

Conditions: This symptom is seen when a rad-proxy host object is already present in the SSG box, and it receives the access-request. The accounting starts from the proxy client, which is sent to the AAA server and AAA replies with an access-accept.

Symptoms: A Cisco AS5850 responds with a 500 Endpoint Unknown to a CRCX for an endpoint on a channelized T3 card. The endpoint otherwise responds normally to AUEP command.

Conditions: This symptom is observed on a Cisco AS5850 that is controlled via MGCP, and the endpoint naming t3 command is configured on the router in either global MGCP configuration or MGCP profile.

Workaround: Do not configure the endpoint naming t3 command. Use t1 endpoint naming instead.

Symptoms: If there is an ACL and DSCP being used for packet matching on class- map, only the first packet descriptor will get a match, and everything else will not. If DSCP is removed, the packet matching works again.

Conditions: This symptom is observed on a Cisco 7200 with ACL and DSCP with match all option.

Symptoms: Performing the snmpwalk on the ipRouteTable MIB may cause high CPU and reloads.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(13b) or later releases.

snmp-server view cutdown 1.3.6.1.2.1.4.21 exclude

snmp-server view cutdown internet included

snmp-server community <comm> view cutdown RO

This view restricts the objects that the NMS can poll. It excludes access to the ipRouteTable, but allows access to the other MIBs.

Symptoms: When there are call disconnects happening with the last controller of an STM interface on a Cisco AS5850, the box crashes with tracebacks. This occurred in a scenario where the Cisco AS5850 is acting as terminating gateway with STM card on slot 0. The last controller of the STM, 0/0.3/7/3 is configured for E1/R2. Full controller worth calls are being made. No other calls are up other than last controllers' 30 calls. The call stays for the specified call duration. Once the call starts disconnecting, the Cisco AS5850 crashes with traceback decode function pointing to "csm call disconnect".

Conditions: This issue is seen only when the calls are on the last controller. (63rd => 0/0.3/7/3). In a similar scenario tested with other controllers with similar configurations, the issue is not seen.

Symptoms: Executing the show port modem calltracker command on a Cisco AS5400XM can cause bus error crash.

Conditions: This symptom occurs on a Cisco AS5400XM with multiple calls being made and terminated when running Cisco IOS Release 12.4(13a).

Symptoms: When a bidir PIM, with no directly connected receivers, router has to change its RPF interface to the RP, multicast traffic could be lost for up to 60 seconds.

Symptoms: DTMF digits are not forwarded when a call is answered during the off phase of a ring cycle. Digits are forwarded only during the on phase.

Conditions: Occurs with the following POTS dial peer definition, which terminates a call to an analog FXS LoopStart voice-port:

dial-peer voice 4634099 pots

destination-pattern 463....

When a called number matches this dial peer, the DTMF digits should be forwarded two seconds after the connection is made. It has been discovered that this works as expected provided that the call is answered during the on phase of the ring cycle only, but that no digits are forwarded if the call is answered during the off phase.

This behavior has been observed on Cisco VG224 and Cisco IAD2430 voice routers with analog FXS voice ports and the FXS Analog Voice Module V2.1 installed. It occurs when running Cisco IOS releases that include the fix for bug ID CSCse92359.

Workaround: (1) Set idle-voltage low under the voice-port if it is an analog FXS port and the command is available.

(2) For current IOS 12.4 mainline and 12.4T releases, use the "ring cadence" command under voice-port configuration mode to define a custom ring cadence where the duration of the on phase of the ring cycle is large and the duration of the off phase is small in comparison, giving the called party the best chance to answer the call during the ON phase.

(A) voice-port commands entered in workaround options (1) and (2) above should be followed with a shutdown/no shutdown to ensure that the new settings take effect.

(B) Workaround options (1) and (2) are mutually exclusive. Choose one option or the other.

Symptoms: On a Cisco IOS voice gateway, the show call active voice brief command output on the IP leg shows rx counters stay at 0 for 46 seconds.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.4(7e).

Symptoms: Cisco IOS throws "Undefined Error" when an empty file is being copied.

Symptoms: Billing information relying upon AAA stop records from a Cisco IOS VoIP gateway may show different called number information after upgrading to a Cisco IOS 12.4 release.

Conditions: A Cisco IOS VoIP gateway configured with AAA accounting for VoIP call legs may display the Called-Station-Id for the Telephony call leg differently in Cisco IOS versions of 12.4 when compared to IOS versions prior to 12.3(14)T. This can occur when also running a TCL IVR script on the Cisco IOS gateway. In Cisco IOS Release 12.3, the Called-Station-Id would indicate the destination called number from the final VoIP call leg dialed. With Cisco IOS Release 12.4 versions, the Called-Station-Id indicates the original dialed number from the PSTN call leg.

Workaround: Modify the server receiving the AAA stop record to pull the Called-Station-Id from the VoIP call leg record.

Symptoms: A Cisco AS5300 or Cisco AS5400 controlled by a Call Agent sends one packet with wrong RTP SSRC sequence number when changing from G.711 to GSM Codec

Workaround: Configure the no voice-fastpath enable command. This has a performance impact.

*Aug 6 16:34:47.188: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x8005EC50, 
-Traceback= 0x809971F4 0x809B9C2C 0x809DD8A4 0x8005EC50 0x800651E4 0x800652A8 
0x809E42D4 0x809C4A38 0x800652EC 0x809C4BA0 0x809E42D4 0x80A0854C 0x800DB8C0 
0x800DEE48

Conditions: The conditions under which this symptom occurs are not known at this time.

Symptoms: A Cisco AS5400HPX crashes due to a bus error as indicated by show version "System returned to ROM by bus error at PC 0x61728370, address 0xB0D0B45".

%SYS-2-NOTQ: unqueue didn't find 674D6D40 in queue 3C -Process= "MGCP Application", 
ipl= 0, pid= 170

Symptoms: Errors occur on a Cisco AS5850 Universal Gateway after online insertion and removal (OIR) of cards. Using the debug snmp packets command after OIR reports NO_SUCH_INSTANCE_EXCEPTION error for "cefcModuleOperStatus" and "cefcModuleStatusLastChangeTime".

Conditions: Occurs on a Cisco AS5850 running image c5850tb-p9-mz.124-7c.bin and includes line "snmp-server enable traps fru-ctrl"

Jul 23 12:26:07.263: %FDM-3-TCAM_ENTRY_MISSING: FDM appl=3 test key=0x5A5A5A5A 
internal key=0x5A5A5A5A5A5A5A5A missed a direct hit reading in TCAM after insertion. 
Jul 23 12:26:08.399: %DM-6-ROOT_CAUSE_DETECTED: Component rsc-tcam-rw detected as a 
root cause of a failure.

% Health Monitor reloading this RSC due to Zero system health

% Flushing last minute of Health Monitor events

Jul 23 12:26:08.503: %MARVEL_HM-3-HM_RULES_RELOAD: Health Monitor causing a reload due 
to Zero system health

Workaround: Disable the "rsc-tcam-rw diagnostic monitor" as follows: 
RSC(config)#diagnostic-monitor

RSC(config-dm)#no test rsc-tcam-rw ?

active Disable on active only

standby Disable on standby only

RSC(config-dm)#no test rsc-tcam-rw active

Reset test result(s) to pass?? [yes/no]: yes

Router#pvc 35/134 Unable to create PVC 35/134 on ATM1/0/0.10350134. Possibly multiple 
users configuring IOS simultaneously Further info about other user: Process id: 42, 
Process: Slot 1/0 CMD Process, TTY: 0, Location: Console Router(config-subif)#

Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.2(7)XI1 or Release 12.2(27)SBB.

Symptoms: IPv6 pings are not working when the atm route-bridged ipv6 command is configured on the UUT.

Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(13.5)T images.

Conditions: This symptom is observed on a Cisco 7200 series but is platform-independent.

Symptoms: MGCP Audit Endpoint (AUEP) response does not include "telephone-event" even though this capability is present.

Conditions: The "telephone-event" response was suppressed in order to prevent a conflict with Cisco Unified CallManager (CCM) versions 3.x/4.0. Later versions of CCM require the capability to be reported in order to enable it. The effect is that "telephone-event" functionality is not negotiated even though the gateway supports it.

Symptoms: Cisco router with "ip inspect sip" configured may crash after experiencing excessive CPU usage and eventual Watchdog Timeout in the "Inspect Timer" process.

Symptoms: A router that is configured for SNA Switching Services (SNASw) may crash.

Workaround: Change the end node device configuration such that all links to the SNASw router support CP-CP sessions. As per the APPN architecture, only one link does actually support CP-CP sessions.

Symptoms: A Cisco VoIP gateway with modem passthrough configured does not enable echo cancellation upon detection of 250 msec of silence.

Conditions: When using modem passthrough, the gateway disables the echo cancellation for that call upon detection of a ANSam modem tone. When a silence of 250msec in that call is detected, the echo cancellation should be enabled.

Workaround: This issue seems to occur in Cisco IOS Release 12.3(14)T and later. Switch to a Cisco IOS release that does not exhibit this symptom.

Symptoms: Access server may reload due to software forced crash due to memory corruption in the processor memory pool of the router.

Conditions: Occurs when require SIP and VoIP are configured and an erroneous x-route-tag is received.

Symptoms: TCP exchange with third-party clients frequently experience retransmissions from the client to the server.

Conditions: Occurs when TCP header compression is enabled. Clients using Microsoft dial-up networking (MS DUN) are not affected.

Workaround: Use a Cisco IOS Release 12.1, where the problem has not been detected. You can also disable TCP header compression and rely on Microsoft Point-to-Point Compression (MPPC).

Symptoms: Outbound calls fail on a MGCP-controlled CAS channel on a Cisco VoIP gateway.

- A timeslot on an E&M T1 trunk is taken out of service from the connected switch side, showing as a permanent inbound seizure. In this situation, the output of the show voice call summary command indicates that the status for this channel is "EM_PARK".

- A Cisco CallManager that interworks with the Cisco VoIP gateway checks the status of the trunk via an MGCP AUEP command. The gateway responds with an "ES: rlc" message, which indicates that the trunk is available for calls.

Because the reported availability and actual availability of the channel are mismatched, all outbound calls on the channel fail.

Workaround: Attempt to clear the out-of-service state from the connected switch side. If this is not possible, when interworking with the Cisco CallManager, first enter the shutdown command followed by the no shutdown command on the voice port and then enter the same commands on the T1 controller. Doing so causes the gateway to send an NTFY message that indicates that there is an inbound seizure on the channel.

Symptoms: Voice port is up, but the port monitored by busyout commands is still down. Occurs with the following configuration: voice-port xx/xx:xx cptone JP busyout action shutdown busyout monitor FastEthernetxx/xx

Conditions: Occurs on a Cisco 3745 router running Cisco IOS Release 12.3(14)T7 and Cisco IOS Release 12.4(12).

Symptoms: Trace back "CHUNKSIBLINGS: Attempted to destroy chunk with siblings" occurs.

Condition: Occurs on Cisco 2600 series routers running Cisco IOS Release 12.4(11)T2.

Conditions: This symptom is observed when you bring up PPPoX or L2TP sessions over multiple tunnels without traffic being processed over these sessions.

Symptoms: Traceback seen on Cisco AS5850 Universal Gateway while running stress calls.

Condition: Seen on Cisco AS5850 running Cisco IOS Release 12.4(13). "mgd_timer_stop" traceback is seen while running H.323/SS7 stress calls.

Symptoms: On a Cisco IOS voice gateway, the tx and rx counters in the output of the show call active voice brief command may not function properly. The counters may not increment at all or may increment in bursts every 10 seconds.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.4(7c), Release 12.4(7d), Release 12.4(8c), or Release 12.4(13a).

Symptoms: The following issues related to BITS clock occur on Cisco ISR platforms: 1) Network clock is not switching to the next available reference when the receiving AIS on non-BITS port. 2) When unplugging the cable on BITS port, the network clock keeps switching back and forth between the BITS and the next available reference

Symptoms: Cisco ISR Routers using VWIC-MFT E1 cards (not VWIC2-MFT E1 cards) may experience some errors under traffic load.

Conditions: This problem appears to occur when unframed mode is configured on the controller.

Workaround: Run the E1 controller with a framed mode configured such as "channel-group 0 timeslots 1-31" instead of "channel-group 0 unframed".

Symptoms: The dynamic ACL which is applied once a signature is triggered (with denyAttackerInline and/or denyFlowInline Event Actions configured) never expires, and the same dynamic ACL may be displayed (each with different counter values) multiple times using the "show ip access-list dynamic" command.

Conditions: Three VLANs are configured on a gigabit interface on a Cisco AS5850 Universal Gateway. On each VLAN access-lists are applied. The configuration is tested after initial configuration and works as expected. However, if the Cisco AS5850 is reloaded, the behavior changes and the access lists are not working as before. This is seen by the change in the traffic going through the access list. It seems that VLANs and access lists get mixed or not correctly applied after the reload. There is no visual loss of configuration.

Workaround: Enter configuration mode for the affected sub-interface. Doing so immediately corrects problem.

Symptoms: SSH version 2 sessions to a Cisco IOS device may not cleanly exit in a timely manner and may consume large amounts of CPU cycles until they are manually or automatically cleared.

Conditions: This occurs in Cisco IOS software versions 12.4(7.2) and 12.4(7.2)T and later. This behavior seemed to be eliminated in 12.4(9.9) and 12.4(9.9)T but then was reintroduced in 12.4(9.15) and 12.4(9.15)T with a slight change in behavior. In 12.4(9.15) and 12.4(9.15)T the behavior changed such that the sessions seem to clear themselves after about 3 minutes. This has only been seen with the SSH client that connects to the IOS device is the SSH client provided by CiscoWorks.

Conditions: This problem is due to an issue with the SIP state machine, which may result in an error along the lines of the following:

Workaround: Avoid using the show vpdn session [l2tp] [all] username username command.

Symptoms: A router crashes while a service policy is being attached, detached, or modified across a virtual template under traffic.

Conditions: This symptom is observed on a Cisco 7200 or Cisco 7301 router that is configured with MLPPP over FR on channelized interfaces.

Conditions: This symptom is observed on a Cisco 2811 router with ATM interface that is using VWIC2-2MFT-T1/E1 connected to MGX AUSUM card.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the IMA interface.

Symptoms: When attempting to configure RFC2833 DTMF inband with an MGCP gateway two commands are required:

mgcp dtmf-relay voip codec all mode [nte-ca|nte-ga] mgcp package-capability fm-package

The "mgcp package-capability fm-package" was has been released with Cisco IOS. However, it can only currently be found in the IP Voice Feature Set (ipvoicek9) in either Cisco IOS Release 12.4 or Cisco IOS Release12.4T.

Conditions: Customers requiring any of the features found in the higher level images (SP Svcs, Adv IP Svcs, Enterprise Svcs), that are not found in the IP Voice feature set, are unable to implement RFC2833 DTMF inband due to the lack of "mgcp package-capability fm-package".

Symptoms: In a Cisco 7500 HA router in RPR+ Mode when configuring and unconfiguring channel groups under an E1 controller, the router reports the following:

*Aug 22 17:58:34.970: %HA-2-IPC_ERROR: Failed to open peer port. timeout *Aug 22 
17:58:34.974: %HA-3-SYNC_ERROR: CCB sync failed for slot: 1 *Aug 22 17:58:34.974: 
%HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1).

Conditions: This symptom is observed when configuring and unconfiguring channel groups under an E1 controller.

Symptoms: On a router that is configured as an access or terminal server, high CPU usage may occur because of interrupts, and the following error message and traceback are generated:

%SYS-3-NOELEMENT: data_enqueue:Ran out of buffer elements for enqueue -Process= 
"<interrupt level>", ipl= 4, pid= 1 -Traceback= 0x41102C3C 0x402F6CDC 0x404AD5D0 
0x4025B554 0x4001051C 0x40011668

Conditions: This symptom is observed on a Cisco 1800 series, Cisco 2800 series, and Cisco 3800 series that run Cisco IOS Release 12.4(16) and that are configured with an 8-port or a 16-port asynchronous/synchronous high-speed WAN interface card that has an asynchronous connection to another router. The symptom occurs when the other router is reloaded or in boot mode.

Symptoms: With Cisco Unity Express (CUE) integrated to Cisco Unified Communication Manager (CUCM)/CallManager and utilizing SRST functionality, when the IP phones are registered to the SRST router, the message-waiting indication (MWI) states may be incorrect.

Conditions: When a phone registers to a Cisco SRST router, each directory number (DN) gets a particular ephone-dn number that will have a particular MWI state. If the phone unregisters from the SRST router and later re-registers to the router (possibly due to an intermittent connectivity to the CUCM), the ephone-dn number may be different since the ephone-dn numbers are assigned sequentially in a first-come, first-served fashion. The MWI state, however, is remembered from the previous registration that used that ephone-dn number so the MWI status could be incorrect.

Workaround: Configure both the SRST router and the CUE to use SUBSCRIBE/NOTIFY MWI method.

Symptoms: When a DSPFarm loses IP connectivity to the priority 1 Cisco Unified CallManager (CCM) and fails over to the priority 2 CCM, after a few keepalives the console is flooded with the following error messages when debug sccp error is enabled:

Aug 13 18:39:35 PDT: sccpold_process_socket_events: Invalid socket

Aug 13 18:39:35 PDT: sccpold_process_socket_events: Invalid socket

Aug 13 18:39:35 PDT: sccpold_process_socket_events: Invalid socket

When this occurs, the "Voice Conferenci" process uses excessive CPU, paralyzing the router.

Conditions: This problem was seen in all Cisco IOS versions that have the include the fix for CSCsa70709. This was seen in a customer's environment and reproducible in the lab with the following setup:

–

Any Cisco IOS release that as the fix for CSCsa70709 -Pub/sub CCM cluster running 3.3.5 es51 (also reproduced with CCM 4.1.3 sr2)

Workaround: Downgrade IOS to a version that does not have the fix for CSCsa70709, or set the "Station KeepAlive Interval" parameter to the default of 30 seconds.

Symptoms: Native VLAN information is not included in CDP packets going out ports of an EtherSwitch (ESW) module in Cisco 28xx and Cisco 38xx routers. All the platforms using switchports (of any kind built-in/NM/WIC/HWIC) have this issue: Cisco 8xx, Cisco 17xx, Cisco 18xx, Cisco 26xx, Cisco 36xx, Cisco 37xx, Cisco 28xx, and Cisco 38xx.

Conditions: This symptom causes Cisco IP phone models 7961, 7941 and 7970 that are running SCCP firmware to fail to forward traffic coming from a PC connected at the back of the phone.

Symptoms: Call is setup using one packetization period and changes mid-call to another packetization after call transfer, causing garbled audio.

Conditions: Occurs when a mid-call state change is required to induce subsequent MGCP modify connections to be sent to the trunking gateway.

"%SNMP-3-INPUT_QFULL_ERR: Packet dropped due to input queue full

Conditions: Occurs on a Cisco 2600 series router running Cisco IOS Release 12.4(11)T3. The router keeps dropping SNMP packets. The log shows that the packets are dropped because of the input queue being full. Although the utilization is sometimes high, this could not be the root cause, as the router keeps dropping packets regardless of the current utilization. Also, the snmp process takes 5-20% of the CPU load.

Workaround: Exclude ciscoMemoryPoolMIB from your query with the following commands: snmp-server view public-view iso included snmp-server view public-view ciscoMemoryPoolMIB excluded Apply this view to the RW community string. This view will exclude only ciscoMemoryPoolMib, all other MIBs will be available.

Symptoms: Cisco AS5850 sees "400 Active msg is aborted by dlcx". The Cisco PGW2200 log is full of the following messages:

Wed May 23 10:24:14:588 2007 MEST | mgcp-1 (PID 15051) <Error> GEN_ERR_UNKNOWN_MSG: 
ip-mgcp-1111PGW001-1[00100003]: Unrecognized or unknown message processMgcpAckFromGW 
(no corresponding request) 10 0e 00 04 00 4a 9a b8 00 00 00 99 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 35 00 02 02 02 03 00 2c 00 04 00 00 01 90 00 2e 00 04 03 dd 
d4 bb 00 35 00 1d 41 63 74 69 76

Conditions: Occurs when the gateway sends duplicate ACKs for the same transaction ID.

Symptoms: When one of the T1 or E1 controller NM-HDV2 goes down, the voice calls in the other controller are dropped. This condition relates to interface x/0 x/0/0 (for example, 4/0 causes 4/0/0 to go down).

Conditions: This problem could happen in the MGCP PRI backhauled setup with NM- HDV2.

Symptoms: Busyout of trunk card with NAS PKG calls removes the trunk card immediately without waiting for calls to drop gracefully.

Symptom: On a 1841/WIC-1/WIC-1B-U-V2/c1841-adventerprisek9-mz.124-13c combo [herafter UUT], 180s after BRI interface successfully dials HUB PRI, 1/2 PING packets FAIL from HUB routers destined through UUT to a device on FastEthernet of the UUT, through the CEF switching path.

The direction of the failure is UUT--->HUB router with packets being dropped as "encapsulation failed" in "show ip traffic".

Conditions: Issues been reproduced on 1841/WIC-1/WIC-1B-U-V2 using legacy DDR on BRI interface. Issue also reproducible in 124-16.14 IOS

Workaround: Disable CEF switching by configuring "no ip route-cache cef" on BRI0/1/0 and Fa0/1 on "nhtest2".

Symptoms: Use of the show voice call status displays b-channels from 0-22 instead of 1-23 for a T1 configured for PRI.

Conditions: Occurred on a Cisco AS850 Universal Gateway with a T1 configured for "pri-group timeslots 1-24" when H.323/SIP voice calls are made.

Workaround: Use the show voice call summary or the show isdn status commands to determine the correct b-channel in use.

Symptoms: The show voice call status command displays b-channels from 0- 23 instead of 1-24 for a T1 configured for channel associated signaling (CAS).

Conditions: This is seen on a Cisco AS5850 platform for a T1 configured for "ds0-group * e&m-fgb" when H.323/SIP voice calls are made.

Workaround: Use the show voice call summary or show isdn status to determine the correct b-channel in use.

Symptoms: Outbound call attempts to a group of analog FXO voice-ports which all are members of a trunk-group fail even if there are members which are free to accept inbound or outbound calls.

Conditions: This behavior is observed on Cisco IOS voice routers installed with Cisco IOS Release 12.3(14)T, Cisco IOS Release 12.4 mainline, and Cisco IOS Release 12.4T release trains, using the NM- 1V, NM-2V, or NM-HDA-4FXS with EM-HDA-4FXO and EM2-HDA-4FXO products. It is not observed in Cisco IOS Release 12.3(11)T or earlier releases. Analog FXO voice-ports are configured to operate as members of a trunk-group for dial-plan simplification:

! trunk group fxo-tgrp max-calls voice 5 max-retry 5 hunt-scheme round-robin capacity 
trunk-group update interval 10 capacity carrier update interval 10 ! voice-port 2/0 
trunk-group fxo-tgrp 1 connection plar opx 93922900 ! voice-port 2/1 trunk-group 
fxo-tgrp 2 connection plar opx 93922900 caller-id enable ! voice-port 2/2 trunk-group 
fxo-tgrp 3 connection plar opx 93922900 ! voice-port 2/3 trunk-group fxo-tgrp 4 
connection plar opx 93922900 caller-id enable ! dial-peer voice 9 pots 
destination-pattern 9T trunkgroup fxo-tgrp !

It has been observed that when inbound calls are received and connected on FXO voice-ports with caller-id enable configured, the trunk member is still considered to be available for outbound calls. On the other hand voice-ports without caller-id enable set are correctly identified as busy ports and are unavailable for outbound calls. From the show trunk group EXEC command it can be seen that the misbehaving ports with CLID enabled report "Free = 1" while the behaving ports without CLID enabled report "Free = 0". When outbound call attempts are made on ports which are actually busy but reporting "Free = 1" the call fails with a disconnect cause code of 63 (Service or option not available, unspecified).

This problem is observed on the Cisco 2600XM/2691/2800/3700/3800/IAD2430 voice router platforms when the aforementioned voice Network Modules are used. It IS NOT observed on voice Network Modules which use C5510 DSP architecture, such as the NM-HDV2, NM-HD-1V, NM-HD-2V, NM-HD-2VE, and the EVM-HD-8FXS/DID.

Workaround: (1) Disable caller-id enable under the voice-ports. (2) Use the traditional dial-plan method of defining one POTS dial-peer per voice-port. (3) Use Cisco IOS Release 12.3(11)T or earlier.

Symptoms: In response to the fsck ? command, the USB device is not listed even though it is available.

Symptoms: Cisco VG224 Analog Phone Gateway endpoint rings even after call is answered on another phone

Conditions: Occurs on a VoIP gateway with SCCP/STCAPP controlled analog FXS ports sharing the same DN with another IP phone device. When fxsls_w_offhook_stop_ringing is seen while the no battery-reversal is configured on the FXS voice port, it is possible to experience this issue with Cisco IOS Release 12.4(5), Cisco IOS Release 12.4(6)T and later releases.

To see the fxsls_w_offhook_stop_ringing debug output as shown below, turn on debug vpm signal. Turning on debugs on a production IOS router should always been done with care. As a minimum, ensure that console logging is set below the default level of debug with the configuration command logging console informational.

*Mar 3 01:14:33.067: htsp_process_event: [2/9, FXSLS_WAIT_OFFHOOK, 
E_HTSP_STOP_RINGING]fxsls_w_offhook_stop_ringing

*Mar 3 01:14:33.071: 2/9 : ==> Received event:STCAPP_DC_EV_DEVICE_CALL_INFO

*Mar 3 01:14:33.071: 2/9 : Call State:ONHOOK_ML_PENDING

*Mar 3 01:14:33.071: 2/9 : Uninteresting event

*Mar 3 01:14:33.963: [2/9] do_ring_cadence ON->OFF (4000)

*Mar 3 01:14:37.963: [2/9] do_ring_cadence OFF->ON (2000)

*Mar 3 01:14:39.963: [2/9] do_ring_cadence ON->OFF (4000)

*Mar 3 01:14:43.963: [2/9] do_ring_cadence OFF->ON (2000)

*Mar 3 01:14:45.963: [2/9] do_ring_cadence ON->OFF (4000)

*Mar 3 01:14:49.963: [2/9] do_ring_cadence OFF->ON (2000)

*Mar 3 01:14:50.535: 2/9 : stcapp_get_dcb_and_lcb

*Mar 3 01:14:50.535: 2/9 : stcapp_screen_api_event

The Cisco VG224 only stops playing the ring cadence once it receives a SCCP message to go ONHOOK.

Symptoms: OAM cells are not generated when a new ATM subinterface and PVC is configured. Check subinterface and PVC status and enable the debug atm oam interface atmx/x.xxx command. Subinterface will be up/up. PVC will be down, and no debug output will be seen.

Symptoms: When IPv6 prefix delegation (PD) assigns a prefix for virtual access, it create a static route for the prefix in the routing table. However, sometimes it creates incorrect static route for the prefix.

Symptoms: Abnormally large FreshTime value appears in IVR HTTP client cache entry.

Conditions: This symptom is observed when a VXML voice browser downloads a file from an HTTP server. If the file was modified very recently, the FreshTime for that file may show up with a very large value.

Symptoms: T38 negotiation is failing for an incoming UPDATE request that has a T38 offer.

Conditions: This symptom occurs when the voice gateway is running Cisco IOS Release 12.4(15)T and is processing incoming Session Initiation Protocol (SIP) calls. When the SIP call is active and an UPDATE request is received that contains a T38 offer, the UPDATE request is rejected. The switchover from voice to fax fails.

Workaround: Fax over T38 works fine when midcall INVITE is used for T38 negotiation.

*Nov 21 15:16:28 CDT: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x416DE178 
-Traceback= 0x412593C0 0x41276250 0x412947F4 0x416DE178 0x416DE650 0x423E303C 
0x423E3020 *Nov 21 15:16:28 CDT: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 
0x416DE188 -Traceback= 0x412593C0 0x41276250 0x412947F4 0x416DE188 0x416DE650 
0x423E303C 0x423E3020

Workaround: Disable the following configuration on the router: voice hpi capture buffersize voice hpi capture destination filename

Symptoms: Crash in SNASwitch when starting a dlctrace or ipstrace of pdlog that is too large for available memory.

Conditions: Occurs when one of the following conditions is met: 1) A smaller trace is configured and accepted, and then the trace is reconfigured with a buffer size that is too large. 2) A trace is configured with a large buffer size, then snasw is stopped and restarted

If the trace was configured with the nostart option, the crash may not occur until the command snasw tart dlctrace is issued. Occurs on routers running Cisco IOS Release 12.4(9.9) and later releases, and those running Cisco IOS Release 12.4(9.6)T and later releases.

Workaround: Ensure the buffer size to be configured will fit in the available memory. Use the show memory summary command to view the available processor memory. Look in the "Largest(b)" column to see the largest contiguous block of processor memory available. Ensure that block of memory is large enough to hold the buffer size being configured. Remember that the buffer size is specified in kilobytes (K), meaning 16000 is 16000K or 16,384,000 bytes.

%SYS-2-MALLOCFAIL: Memory allocation of 65536000 bytes failed from 0x61809390, 
alignment 0 Pool: Processor Free: 73041812 Cause: Memory fragmentation Alternate Pool: 
None Free: 0 Cause: No Alternate pool -Process= "SNA Switch", ipl= 0, pid= 78 
-Traceback= 0x6063C860 0x6078FAA0 0x607946AC 0x60794C48 0x61809398 0x61809A8C 
0x61702EB0 0x616EC75C

%SNASW-3-TRACE_2: Resizing of dlctrace buffer failed due to insufficient memory; using 
buffer-size of 500 KB.

%ALIGN-1-FATAL: Illegal access to a low address 12:59:14 addr=0x28, pc=0x61809628 , 
ra=0x6180961C , sp=0x6639A4C0

%ALIGN-1-FATAL: Illegal access to a low address 12:59:14 addr=0x28, pc=0x61809628 , 
ra=0x6180961C , sp=0x6639A4C0

TLB (store) exception, CPU signal 10, PC = 0x61809628

Wide-Area Networking

Symptoms: The isdn service nfas_int x b_channel y state z commands generated in the configuration do no match what is actually entered.

Conditions: For example the following command was entered: isdn service nfas_int 1 b_channel 3-7 state 2 After which the configuration showed the following: isdn service nfas_int 1 b_channel 0 state 0

Symptoms: The Facility Information Element (FAC IE) in the SETUP message is not received at the other end when the router is configured for E1_NET5 switch type.

Conditions: This symptom is observed in Cisco IOS Release 12.4(7)T1 with the following routers: Cisco 1760 Cisco 2851 Cisco 2651XM Cisco 3745 Cisco 2801 Cisco 3845

Symptoms: Some B-channels may not be available for Redundant Link Manager (RLM) or IDSN User Adaptation Layer (IUA) usage.

Conditions: Occurs when a partial T1 configuration is entered on the nfas_d primary RLM or IUA DSL.

Conditions: Occurred after customer moved from Cisco IOS Release 12.2 to Cisco IOS Release12.4(7c) and moved from Cisco AS5300 to a Cisco AS5350XM.

Resolved Caveats—Cisco IOS Release 12.4(16a)

Cisco IOS Release 12.4(16a) is a rebuild release for Cisco IOS Release 12.4(16). The caveats in this section are resolved in Cisco IOS Release 12.4(16a) but may be open in previous Cisco IOS releases.

Basic System Services

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4 or Release 12.4T.

Symptoms: A FIBDISABLE error message is seen on all VIPs on a Cisco 7500 router.

Conditions: This symptom has been observed when dMLP+QoS is configured on a Cisco 7500 router.

Interfaces and Bridging

Conditions: This symptom is observed on a Cisco router that has an ATM port adapter.

Workaround: In an IPv4 configuration, shut down the subinterface manually or enter the ip verify unicast reverse-path command. In an MPLS configuration, shut down the subinterface manually.

Symptoms: The output may be stuck on a POS interface that is configured for Frame Relay encapsulation. When this situation occurs, the output queue is not emptied, and LMI remains down.

Workaround: Place POS PA in other slot(s). PA location reconfiguration in chassis should fix the problem.

IP Routing Protocols

Symptoms: A router may not clear BGP routes when you enter the clear bgp ipv6 unicast * command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SXF but is not release-specific.

Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may cause a traffic outage.

Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled when a script adds and deletes ATM subinterfaces on a regular basis.

Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot be deleted, delete the subinterface, and then create a dummy subinterface that will pull the configuration that could not be deleted. Then recreate the first subinterface with a new configuration.

Symptoms: When there are link flaps in the network, various PEs received the following error message:

%BGP-3-INVALID_MPLS: Invalid MPLS label (1) received in update for prefix 
155:14344:10.150.3.22/32 from 10.2.2.1

Or, local label is not programmed into forwarding table for a sourced BGP VPNv4 network.

Conditions: This symptom occurs when an iBGP path for a VPNv4 BGP network is present. A sourced path for the same RD and prefix is brought up after.

–

Remove the iBGP path. If the sourced path comes up first, then the problem will not occur.