|
|
Table Of Contents
Resolved Caveats—Cisco IOS Release 12.0(26)S6
Resolved Caveats—Cisco IOS Release 12.0(26)S5
Resolved Caveats—Cisco IOS Release 12.0(26)S4
Resolved Caveats—Cisco IOS Release 12.0(26)S3
Resolved Caveats—Cisco IOS Release 12.0(26)S2
Resolved Caveats—Cisco IOS Release 12.0(26)S1
Resolved Caveats—Cisco IOS Release 12.0(26)S
Resolved Caveats—Cisco IOS Release 12.0(25)S4
Resolved Caveats—Cisco IOS Release 12.0(25)S3
Resolved Caveats—Cisco IOS Release 12.0(25)S2
Resolved Caveats—Cisco IOS Release 12.0(25)S1
Resolved Caveats—Cisco IOS Release 12.0(25)S
Resolved Caveats—Cisco IOS Release 12.0(24)S6
Resolved Caveats—Cisco IOS Release 12.0(24)S5
Resolved Caveats—Cisco IOS Release 12.0(24)S4
Resolved Caveats—Cisco IOS Release 12.0(24)S3
Resolved Caveats—Cisco IOS Release 12.0(24)S2
Resolved Caveats—Cisco IOS Release 12.0(24)S1
Resolved Caveats—Cisco IOS Release 12.0(24)S
Resolved Caveats—Cisco IOS Release 12.0(26)S6
Cisco IOS Release 12.0(26)S6 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
Symptoms: A description of what is observed when the caveat occurs.
•
•
Interfaces and Bridging
•
Symptoms: A Versatile Interface Processors (VIP) with a PA-MC-8TE1 port adapter may report its memory size as unknown even though the VIP appears to function normally, and Distributed Multicast Fast Switching (DMFS) may fail to function properly.
Conditions: This symptom is observed on a Cisco 7500 series when any of the following conditions are present:
–
–
Workaround: Enter the card type {t1 | e1} slot [bay] command on the PA-MC-8TE1+ port adapter and ensure that none of the controllers on this port adapter are shut down.
•
Symptoms: A few permanent virtual circuits (PVCs) go into a stuck state causing OutPktDrops on a Cisco 7200 router.
Conditions: This symptom occurs on a Cisco 7200 router running Cisco IOS Release 12.2(26) with a PA-A3-T3 ATM interface. The symptom may also occur in other releases.
Workaround: Remove and re-apply the PVC statement.
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This symptom is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: BGP fails to send an update or withdraw message to some peers when these peers have failed to converge properly after an earlier attempt.
Conditions: This symptom is observed on a Cisco router when you enter the clear ip bgp neighbor-address soft out command while BGP is in the middle of converging. The symptom does not occur when network traffic load is low and BGP has converged.
Workaround: To clear the error condition, enter the clear ip bgp neighbor-address soft out command again. Alternately, enter the clear ip bgp neighbor-address command (that is, without the soft out keyword).
•
Symptoms: The Multiprotocol BGP (MP-BGP) network entries counter increases above the real number of reachable networks.
Conditions: This symptom is observed when network activity occurs in a non-converged environment. The correct number of network entries is restored when there is a period of BGP stability that last for about 1 minute or more because BGP is able to converge and the scanner has time to run and collect the old network entries. However, if there is a sustained period of churn and BGP is only able to converge for a few seconds before new updates arrive, old BGP network entries are not cleaned up, causing the MP-BGP network entries counter to increase above the real number of reachable networks.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A POS Engine 2 line card originates a high traffic volume to a downstream router over a POS link because the same packet is sent over and over.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: When a large number of VRFs are configured, input OAM F5 loopback cells on the ATM interface are dropped continuously, even without traffic. You can see drops at "OAM cell drops" in the output of the show atm traffic EXEC command and at "Input queue drops" in the output of the show interface ATM EXEC command.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(19), Release 12.3(5), or Release 12.3(4)T2 when the oam-pvc manage and ip vrf global configuration commands are configured. The symptom may also occur in other releases.
Workaround: Remove the ip vrf command. There is no workaround for a router such as a provider edge (PE) router that cannot remove VRFs.
•
Symptoms: When you use snmpget to retrieve information directly from the ifIndex table, the following error message is generated:
No Such Instance currently exists at this OID.Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S.
Workaround: Do not snmpget. Rather, use snmpwalk or snmpgetnext.
•
Symptoms: If link bundling is configured on any line card in the router and the link bundle is loaded onto an Engine 2 line card that has VPN on FR subinterfaces and that is processing traffic, the Engine 2 line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(28)S.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: A VPN traceroute is broken. Packets drop at the CE1 where a port channel is configured as default route.
Conditions: This symptom occurs when a port channel is configured as a default route. The adjacency is always a drop/punt, which causes packets to drop.
Workaround: Do not configure a port channel as a default route.
•
Symptoms: On a Cisco router that functions as an egress PE router in an MPLS VPN network, after the customer-facing line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP request) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. You can recover from the symptom by manually pinging the interface of the CE router from the adjacent PE router.
Workaround: Configure static ARP entries for the next hop router in the static recursive routes.
•
Symptoms: Several VIPs may crash at about the same time because of a bus error.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S4 and that is configured with an RSP4 when the VIPs are configured for QoS but have insufficient memory.
Workaround: Increase the amount of memory on the VIPs.
•
Symptoms: Priority packets are dropped when a VIP is reset because of an OIR, microcode reload, or CBUS complex reset.
Conditions: The symptom is observed only on a multilink interface that has both input and output service policies enabled when the input policy is configured for policing or when the input policy is removed from the multilink interface.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface, or remove and re-attach the output policy.
•
Symptoms: An Engine 6 line card may reset because of an IPC timeout.
Conditions: This symptom is observed on a Cisco 12816 that runs Cisco IOS Release 12.0(27)S4 when you enter the shutdown command on the primary Clock Scheduler Card (CSC) or you enter the no shutdown command on the secondary CSC that is in the shut down state.
Workaround: There is no workaround.
•
Symptoms: One of the following two symptoms may occur on a POS ISE egress line card:
–
–
%EE48-4-GULF_TX_SRAM_ERROR: ASIC GULF: TX bad packet header detected. Details=0x4000Conditions: These symptoms are observed on a Cisco 12000 series when an invalid packet is forwarded to an egress interface on an ISE line card.
Workaround: If the transmission on the interface is stuck, reload the line card by entering the hw-module slot x reload command.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: An Engine 3 line card sends unlabeled traffic after it has been toggled from explicit routing to default routing. The symptom is related to the handling of a default-route on an Engine 3 ingress line card that functions in an IP-to-MPLS path.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(30)S1 or any other image that includes the fix for caveat CSCsa64782, which is a preliminary requisite for default-route handling on an Engine 3 line card. The symptom occurs in the following scenario:
1.
2.
3.
After the transition from non-default routing to default routing, entering the clear ip route network command, with the address of the next hop for the network argument, causes an inconsistency, and traffic is forwarded as unlabeled.
Workaround: To restore proper operation, enter the clear ip route 0.0.0.0 command.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: An Engine 4 plus (E4+) line card that functions in an IP-to-tag switching scenario may generate "TX192-3-PAM_MODULE" and "%TX192-3-PAM_PIM" error messages and tracebacks or may crash.
Conditions: This symptom is observed on a Cisco 12000 series when the ingress interface is an Engine 2 line card that has an input ACL and when an external LDP flap occurs that affects the Engine 4+ line card.
Workaround: There is no workaround.
•
Symptoms: A Engine 3 ISE line card may not properly handle incoming bad IP packets but may generate a traceback and a transient error message:
%GSR-3-INTPROC: Process Traceback= 400E10B4 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%EE48-3-BM_ERRS: FrFab BM SOP error 40000
%EE48-3-BM_ERR_DECODE: FrFab SOP macsopi_bhdr_pkt_len_zero_err
%GSR-3-INTPROC: Process Traceback= 400E1090 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%LC-4-ERRRECOVER: Corrected a transient error on line card.The line card may also crash.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S1 or Release 12.0(26)S5a.
Workaround: There is no workaround.
•
Symptoms: When an ingress ISE line card is used with a default route that iBGP learns over a MPLS core, the following two symptoms may occur:
–
–
Conditions: These symptoms are observed on a Cisco 12000 series when the traffic path follows a recursive default route and when recursive load sharing occurs.
Workaround: Prevent outbound load sharing to the default route by changing the IGP metrics.
•
Symptoms: When you boot a Cisco 12000 series, some Layer 1 and CoS command are rejected with the following error messages:
Command "pos threshold sd-ber 9" not allowed on link-bundle member interface POS1/0 Command "tx-cos TEST" not allowed on link-bundle member interface POS1/0Conditions: This symptom is observed on a Cisco 12000 series when a POS interface of an Engine 0 or Engine 2 line card has the tx-cos command enabled and is a member of a port channel or POS channel.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S5
Cisco IOS Release 12.0(26)S5 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S5 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A Cisco router may reload when it performs Simple Network Management Protocol (SNMP) Notification Log MIB queries.
Conditions: This symptom is observed on all versions of Cisco IOS software.
Workaround: There is no workaround; however, the symptoms are not observed on a Cisco ONS 15530 or a Cisco ONS 15540 switch module because the symptoms have been resolved on these platforms.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial-In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
•
Symptoms: A router may generate a very large remote processing time report that may take between 10 and 25 seconds to be generated.
Conditions: This symptom is observed when you enter the rtr responder command for the first time and you do not reload the router.
Workaround: Reload the router after you have entered the rtr responder command.
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml.
•
Symptoms: A memory leak may occur in the IPC buffers of a Cisco router, and the output of the show processes memory command shows that the Pool Manager process holds increasingly more memory.
Router#show proc mem
Total: 231201504, Used: 202492916, Free: 28708588
PID TTY Allocated Freed Holding Getbufs Retbufs Process
...
5 0 149227592 69514888 79894996 135335724 66834832 Pool ManagerConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S2 or 12.0(26)S3. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the ciscoEnhancedMemPoolMIB MIB from being polled by explicitly configuring an SNMP view. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, as in the following example:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8The specific MIB that is being blocked is ciscoEnhancedMemPoolMIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
Interfaces and Bridging
•
Symptoms: A Cisco router may report spurious accesses when configured for Multilink PPP (MLPPP). This appears to be caused by fragmentation.
%ALIGN-3-SPURIOUS: Spurious memory access made at [hex] reading [hex] %ALIGN-3-TRACE: -Traceback=[hex]Conditions: MLPPP must be configured for this symptom to occur.
Workaround: There is no workaround.
•
Symptoms: When you enter the show ip interface brief, the output indicates that a serial subinterface has a down status and that the protocol is down too:
router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.7.0.68 YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Ethernet0/4 unassigned YES NVRAM administratively down down
Ethernet0/5 unassigned YES NVRAM administratively down down
Serial4/0 unassigned YES NVRAM administratively down down
Serial4/1 unassigned YES NVRAM administratively down down
Serial4/2 unassigned YES NVRAM administratively down down
Serial4/3 unassigned YES NVRAM administratively down down
Serial4/4 unassigned YES NVRAM administratively down down
Serial4/5 unassigned YES NVRAM administratively down down
Serial4/6 unassigned YES NVRAM administratively down down
Serial4/7 unassigned YES NVRAM administratively down down
Serial5/0:23 10.0.0.1 YES NVRAM down downConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1 when you attempt to configure the interface and bring it up.
Workaround: There is no workaround.
•
Symptoms: When an snmpget is executed for an interface index below .1.3.6.1.2.1.31.1.1.1.6, the router responds with the following information:
ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.12 : VARBIND EXCEPTION: No Such InstanceHowever, an snmpwalk executes successfully for an interface index below .1.3.6.1.2.1.31.1.1.1.6.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 when an snmpget is executed for 4GE-SFP-LC subinterfaces or for an 4GE-SFP-LC interface when there is another interface index for the same interface. The symptom may be platform-independent.
Workaround: Reload the router.
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: An Open Shortest Path First version 3 (OSPFv3) adjacency may flap when a standby Route Processor (RP) comes up after a switchover has occurred or after a router has reloaded. The router database may contain duplicate entries of the network link-state advertisement (LSA), or link LSA, or both.
Conditions: This symptom is observed after a switchover has occurred when the interface number of the interface that is configured for OSPFv3 changes.
This symptom is also observed after the router has reloaded when the interface number of the interface that is configured for OSPFv3 changes and when the neighbor still has the LSA (that was generated by the router on which the symptom occurs) with the old Link State ID (LSID) in its database. This situation may occur when the router does not clean up its LSA (for example, when the router reloads unexpectedly) or when the interface that connects to the neighbor is shut down before the router reloads and then brought back up after the router has reloaded.
Workaround: There is no workaround.
•
Symptoms: When a Cisco router is a midpoint of a TE tunnel and the tunnel headend is a third- party vendor router, the Cisco router may crash.
Conditions: This symptom is observed during a period of network instability and may occur when a TE tunnel does not contain an EXPLICIT ROUTE object and when the tunnel is dynamically routed by using OSPF cost only.
Workaround: Use an EXPLICIT ROUTE object or ensure that there are no alternate paths in the network.
•
Symptoms: The IP background process is sluggish.
Conditions: This symptom occurs when many interfaces go down at the same time.
Workaround: There is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the bgp log-neighbor-changes command configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the show ip bgp neighbors command or running the debug ip bgp neighbor updates command for a configured BGP neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: When VPNv4 route advertisement are received after BGP has converged, the existing path is updated but imported paths from the original path are not updated accordingly.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the maximum-paths number-of-paths import number-of-paths command is enabled. The symptom occurs when the path attributes are changed dynamically instead of the path being completely withdrawn and readvertised.
Workaround: Withdraw the prefix from the remote PE router and then readvertise the prefix.
•
Symptoms: An MPLS TE tunnel stays stuck in the "Path Half Admitting" state, as is shown by the output of the show mpls traffic-eng tunnel command, thereby preventing the tunnel from coming up.
Conditions: This symptom may be observed when a particular third-party router that functions as the headend for the MPLS TE tunnel sends a Path message to a Cisco router that functions as the midpoint for the router MPLS TE tunnel and that does not have the mpls traffic-eng tunnels interface configuration command enabled on the outbound interface that would be used to forward the Path message.
Workaround: Enter the mpls traffic-eng tunnels interface configuration command on the outbound interface of the Cisco router. Then, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on this interface, and save the configuration.
Miscellaneous
•
Symptoms: An output wedge and drops may occur on the multilink interface of a Cisco 7200 series. The output of the show interfaces privileged EXEC command may display the following information:
.
.
.
Multilink3 is up, line protocol is up
.
.
.
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 5526
Queueing strategy: fifo
Output queue: 31/40 (size/max)
.
.
.Conditions: This symptom is observed on a multilink interface that has two E1 interfaces in a multilink bundle when there is a low traffic rate.
Workaround: Use the physical interface without a multilink bundle.
•
Symptoms: When changing the MTU on an Engine 2 3-port 1GE line card, the line card may reload.
Conditions: This symptom is observed on a Cisco 12416 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(26)S.
Workaround: Ensure there is no traffic going through the Engine 2 3-port 1GE line card when attempting to change the MTU.
•
Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.
Workaround: There is no workaround.
•
Symptoms: A VIP crashes with the following error message:
VIP-3-SYSTEM_EXCEPTION: VIP System Exception occurred sig=10, code=0x10Conditions: This symptom is observed on a Cisco 7500 series when you re-use a channel group (or subinterface) that was previously configured with a Frame Relay DLCI "set" service policy.
Workaround: Remove the "set" service-policy before you remove the channel group (or subinterface).
•
Symptoms: The SNMP counters and CLI for Frame Relay subinterfaces may be incorrect.
Conditions: This symptom is observed a Cisco 12000 series with ISE POS line cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series multichannel T3 port adapter (PA-MC-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: An E4+ POS line card reports %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM errors. On rare occasions the line card may crash when it receives a malformed packet.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3 or Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: A dual SRP ring fails to become active completely due to an is-type mismatch. The output of the show clns neighbors command indicates that a certain system interface remains in the "Init" state indefinitely, although the output of the show ip interface brief command shows that this interface is up.
Conditions: This symptom is observed when a dual SRP ring is configured on three routers that run Cisco IOS Release 12.2S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series T3 port adapter (PA-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization may cause interfaces to flap, and the following spurious memory access messages may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x603C2724 reading 0x194 %ALIGN-3-TRACE: -Traceback= 603C2724 601D2888 601D40B4 00000000 00000000 00000000 00000000 00000000Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S when you the clear cef linecard command.
Workaround: There is no workaround.
•
Symptom: A line card with an ATM QoS configuration may crash.
Condition: This symptom is observed on a Cisco 12406 that runs a Cisco IOS interim release of Release 12.0(29)S.
Workaround: There is no workaround.
•
Symptoms: IPv6 unicast and multicast traffic may not recover on an Engine 4 plus (E4+) 1x10 GE line card after you have performed two software OIRs of the primary CSC.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0S.
Workaround: Reload the E4+ 1x10 GE line card.
•
Symptoms: An Engine 2 3-port Gigabit Ethernet line card may stop transmitting packets.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S6.
Workaround: Enter the hw-module reload command to enable the line card to resume transmitting packets.
•
Symptoms: Line cards in a Cisco 12000 series may fail when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two PRPs and that runs a Cisco IOS interim release for Release 12.0(30)S when you enter the redundancy force-switchover command. Note, however, that this caveat is resolved in Release 12.0(30)S.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•
Symptoms: A 4GE-SFP-LC line card may reload unexpectedly when it processes QoS traffic in a configuration with a VLAN on a VCG that is configured with an ingress CoS.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or a later release when the resolved ARPs are deleted, for example, when routers flap, when BGP peers do not respond, or when you enter the clear arp command. Note that the symptom may also occur on releases earlier than Release 12.0(26)S.
The ingress CoS includes a set command for the matched class: either a police command with a set command or a simple set command and either a set-mpls command or a set-dscp command.
Possible Workaround: Configure static ARPs.
•
Symptoms: In a scaled configuration with hundreds of eBGP peers with very low BGP timers, issuing clear ip bgp * may increase HW forwarding memory utilization.
Conditions: This problem is seen with 500 eBGP sessions with BGP keepalive timer of 3 seconds and hold timer of 9 seconds. The router has 200K MPLS VPN routes. This problem is not seen if the BGP timers are set to the default value.
Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time, possibly generating CPUHOG errors and causing a watchdog crash. Other processes on the router may fail because these processes do not receive the CPU bandwidth that they require. Consequently, the following difficulties may occur:
–
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed on a Cisco 7300 series when the MPLS-LSR-MIB MIB is enabled, when you query the object mplsXCIndexNext, and when there are more than 1,000 Multiprotocol Label Switching (MPLS) labels active. However, the symptoms are platform-independent.
Workaround: Perform the following steps:
1.
2.
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server view nolsrmib iso include
3.
snmp-server community public view nolsrmib ro
4.
•
Symptoms: A router may crash when you enter the crypto key generate dss key-name command.
Conditions: This symptom is observed on a Cisco 12012 that is configured for SSH but may occur on any Cisco platform that is configured for SSH.
Workaround: There is no workaround.
•
Symptoms: A generic routing encapsulation (GRE) tunnel may not work on a provider edge (PE) router if VPN is configured.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(25)S or a later release.
Workaround: There is no workaround.
•
Symptoms: The per-WRED-class drop counters do not increment in the output of the show queueing command even though there are aggregate WRED drops.
Condition: This symptom is observed when the random-detect legacy command is enabled on the main interface.
Workaround: Attach a policy map that has the random-detect legacy command enabled to the interface.
•
Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.
Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software releases earlier than Cisco IOS Release 12.0(27)S3, Release 12.0(28)S1, and Release 12.0(30)S, the CPU utilization of a Cisco 10720 is high (x%/y%, where y is greater than 60 percent), and continuous BGP and LDP flapping is reported. The counters in the output of the show interface command show a large number of drops and the output of the show buffers command shows a large number of cache misses for the private IBC buffer pools.
Conditions: This symptom is observed when the Cisco 10720 functions in a broadcast ARP storm environment and when the length argument of the hold queue length in interface configuration command is not the default of 75 packets for any interface of the router (for example, the length argument is 2048).
Workaround: Revert the hold queue length in interface configuration command and the hold queue length out interface configuration command to the default setting on all interfaces with non-default hold queues.
•
Symptoms: An outbound ACL with a log/log-input keyword changes the IP destination address in the packets. As the result, packets that should be permitted are incorrectly denied.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(29)S when the incoming interface for the packets is a tag-switching interface. The symptom is observed irrespective of whether the interface with this outbound ACL is a tag-switching interface or not.
Workaround: Do not use the log/log-input keyword in the ACL.
•
Symptoms: Under a rare condition, when a main interface switches over to a backup interface on 4-port GE line card, a ping to another neighboring interface that is not at all related to the backup interface fails. A sniffer trace shows that the Src/Dst MAC address in the ICMP reply is that of the backup interface.
Conditions: This symptom is observed on a Cisco 12000 series when you repeatedly disable the main interface that is associated with a backup interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: A Cisco 7200 series may crash when you modify a policy map on the router.
Conditions: This symptom is observed when the Cisco 7200 series functions under a traffic load.
Workaround: There is no workaround.
•
Symptoms: A PXF buffer leak occurs on an L2TPv3 decapsulation router, which van be observed in the output of the show hardware pxf cpu buffer command:
router#show hardware pxf cpu buffer
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 127 0 77165
3 256 34072 34072 0 0
4 128 59934 59934 0 0Depending on the packet size, the buffer leak can occur in different pools.
Conditions: The symptom is observed on a Cisco 10720 in the following two scenarios:
–
–
Workaround: There is no workaround.
•
Symptoms: A VIP on a PE router may crash after a service policy is applied to the physical interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S3 and that is configured with a VIP4-80.
Workaround: First, shut the physical interface on the connected CE router. Then, shut the physical interface on the PE router before you apply the service policy on the PE router.
•
Symptoms: An Engine 1 or Engine 2 Gigabit Ethernet (GE) line card may stop switching traffic even though the line protocol is up. Pings and routing do not work, and traffic does not go through.
Conditions: This symptom is observed a Cisco 12000 series after error recovery and when the negotiation auto command is not configured for the interface of the GE line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface of the line card.
•
Symptoms: An MPLS traffic engineering (TE) tunnel may not come back up after a link flaps.
Conditions: This symptom is observed when the headend of the TE tunnel is a third-party router that has the no cspf command configured for the label switched path (LSP) and when the tunnel midpoint is a Cisco router that runs Cisco IOS Release 12.0(25)S1. The symptom occurs when the link downstream (that is, towards the tailend of the tunnel) on the Cisco router fails because the interface on either side of the link is shut down.
In addition, note that the third-party router does not increment the LSP ID when it receives a message, nor does it send a PathTear message in response to a PathErr message.
Possible Workaround: Use an explicit path on the third-party router but without the no cspf command enabled.
•
Symptoms: An Engine 4+ EPA-GE/FE-BBRD line card reports "%TX192-3-PAM_MODULE" and "%TX192-3-PAM_PIM" errors, and the interfaces continue to flap with the following error message:
%GRPGE-6-INVALID_WORD: Interface GigabitEthernet15/1/0: Detected RX Invalid WordWhen there is heavy traffic, the line card may crash without generating any crashinfo.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 or Release 12.0(27)S3.
Workaround: There is no workaround.
•
Symptoms: A CPUHOG situation may occur intermittently on a Cisco 12000 series, causing fabric pings to be lost and all OSPF and BGP adjacencies to be dropped.
Conditions: This symptom is observed in PRP on a Cisco 12000 series router.
Workaround: There is no workaround. However, the symptom resolves itself.
•
Symptoms: A VIP may crash while forwarding packets or a watchdog timeout crash may occur on the VIP during statistics collection.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RSP4 and that runs Cisco IOS Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: The offered rate counter in the output of the show policy-map interface command is inaccurate.
Conditions: This symptom is observed on a Cisco 12000 series when very high traffic rates are used.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) label distribution protocol (LDP) is configured and you enter the clear ip route EXEC command, the MPLS forwarding entries for some of the cleared routing prefixes may become unlabeled.
Conditions: This symptom is observed for prefixes that are connected (with an unspecified nexthop IP address) and that are not locally recognized. This situation may occur in a configuration in which two LDP peers are connected by a point-to-point link that uses PPP encapsulation, and in which both interfaces are configured to use IP addresses with /32 masks.
A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee12379. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Possible Workaround: Prevent the symptom from occurring by using a shorter network mask when you configure the interfaces or by using another encapsulation such as HDLC.
When the symptom occurs, restore proper operation by forcing the LDP session that is associated with the link to re-establish itself, or by forcing the LDP session to re-advertise labels for the affected prefixes. The LDP session can be reset by entering the clear mpls ldp neighbor command, by administratively disabling and then re-enabling one of the interfaces, or by deconfiguring and then reconfiguring LDP on one of the interfaces. The LDP session can be forced to re-advertise labels by modifying the outbound label filtering configuration. However, this method is complicated and should only be attempted if you are already very familiar with the required procedures, and if the routers do not already have a complicated label filtering configuration in place.
•
Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.
Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.
Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.
•
Symptoms: Sampled NetFlow may stop functioning in 12.0(23)S3 or later releases.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4+ 4-port OC-48 line card. It occurs when the LC hardware is reset as a result of error recovery process.
Workaround: Disable and re-enable Sampled NetFlow.
•
Symptoms: The following warning message is reported on the console and can be observed in the logging buffer. The Route Processor (RP) cannot send packets, and as a result, all routing protocols go down.
camr_ibc_output: Exhausted TX descriptorsConditions: This symptom is observed when the PXF runs close to its capacity or cannot process packets coming from the RP and when the RP forwards a large amount of packets.
Workaround: There is no workaround.
•
Symptoms: Sampled NetFlow stops functioning.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 line card.
Workaround: Disable and then re-enable Sampled NetFlow.
•
Symptoms: A Cisco 10720 crashes when you delete an IPv6 ACL.
Conditions: This symptom is observed when you delete the IPv6 ACL during the TurboACL compilation.
Workaround: Wait for the ACL to be fully compiled before you delete it.
•
Symptoms: When a policy map is applied to an output interface, corrupted fragmented packets may be sent.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(26)S and that functions as an MPLS-to-IP disposition PE router when all of the following conditions are present:
–
–
–
–
When all of the above conditions exist, the outgoing IPv4 packets is not successfully fragmented.
Workaround: Ensure that the maximum MTU size that is defined for the output interface covers the size of the maximum IPv4 packet that is sent from this interface.
•
Symptoms: Spurious memory accesses may occur on a Cisco 7500 series and may cause high CPU usage on the RSP.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed Multilink PPP (dMLP) and that functions in an MPLS network.
Note that packet switching for MPLS packets over MLP bundles is not supported at the RSP level in Cisco IOS Release 12.0S.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat causes packets that are sent to the RSP for switching to be dropped. Distributed forwarded packets are forwarded correctly.
•
Symptoms: Removing a policy that has shape and bandwidth in the same class (in that same order) may cause a router to crash.
Conditions: This symptom is observed when the router functions under a traffic load.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series does not fragment IP traffic while switching the traffic into the MPLS core even when the size of the incoming IP packets exceeds the IP MTU of the egress interface. This situation causes the traffic to be dropped on the next hop router.
Conditions: This symptom is observed in Cisco IOS Release 12.0(26)S or a later release when all of the following conditions are present:
–
–
–
Workaround: Ensure that the IP MTU of the egress interface exceeds the maximum size of the incoming IP packets.
•
Symptoms: When error recovery is performed on a 3-port Gigabit Ethernet (GE) line card that has port 0 in the shutdown state, the 3-port GE line card stop passing traffic on all ports.
Conditions: This symptom is observed on a Cisco 12410 that runs Cisco IOS Release 12.0(23)S or a later release and that is configured with an Engine 2 3-port line card.
Workaround: Reload the 3-port GE line card and leave port 0 in the up/down state.
•
Symptoms: Multicast traffic is not switched from a multilink interface on a Cisco 7500 series that is configured for distributed multilink PPP (MLP).
Conditions: This symptom is observed when the router is reloaded or when the multilink interface flaps.
Workaround: Enter the clear ip mds linecard * command on the Route/Switch Processor (RSP).
•
Symptoms: Incoming multicast traffic on a distributed MLP link is process-switched.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed MLP after the router has been reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
•
Symptoms: Following an OIR, the show ip cef inconsistency now command may report an inconsistency between an RP and a VIP. There are no inconsistencies reported on the VIP itself.
Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7500 series may crash when you configure a T1 channel group.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(27)S when the same channel group was previously configured for Frame Relay encapsulation, when one or more PVCs on the channel group were configured on the main interface with a map class that contained a service policy, when the channel group was deleted, and when the map class definition that it referenced was also deleted.
Workaround: Remove the Frame Relay encapsulation before you delete the channel group.
•
Symptoms: When a multilink bundle interface is created by entering the interface multilink group-name global configuration command, the Cisco Discovery Protocol (CDP) becomes incorrectly disabled. If the cdp enable interface configuration command is used to enable CDP on the multilink bundle interface, the command is not saved in the startup configuration and CDP remains disabled after the router is reloaded.
Conditions: This symptom is observed on a Cisco platform that is configured with a multilink bundle interface.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S4
Cisco IOS Release 12.0(26)S4 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S4 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A serial interface on a Cisco 7500 series may stop transmitting traffic and may report the following VIP crashes:
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 84
to LC in slot 2 with sequence 1007, error = timeout
%RSP-3-RESTART: interface Serial3/0/0:0, not transmitting
%VIP2-3-MSG: slotX VIP-3-SVIP_CYBUSERROR_INTERRUPT: A Cybus Error occurred.
%VIP2-1-MSG: slotX CYASIC Error Interrupt register 0x4000000
%VIP2-1-MSG: slotX DMA Transmit Error
%VIP2-1-MSG: slotX CYASIC Other Interrupt register 0x100
%VIP2-1-MSG: slotX QE HIGH Priority Interrupt
%VIP2-1-MSG: slotX QE RX HIGH Priority Interrupt
%VIP2-1-MSG: slotX CYBUS Error Cmd/Addr 0xD00FF3AConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5a) but may also occur in other releases. This symptom is not observed in Release 12.1(8c).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may reload in an indefinite loop when you unintentionally enter the show list number hidden command.
Conditions: This symptom is observed when you, for example, abbreviate the show line 2000 command as the show li 2000 command and actually execute the show list 2000 hidden command.
Workaround: Do not abbreviate the show line command as the show li command but enter the full command.
IP Routing Protocols
•
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:3The entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is nonoperational.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: An interface may retain its Virtual Private Network (VPN) routing/forwarding (VRF) configuration when it should not.
Conditions: This symptom is observed when you configure VRF forwarding on a loopback interface on a provider edge (PE) router, you delete the loopback, and then you add the loopback again.
Workaround: Remove VRF forwarding from the loopback before you delete the loopback.
•
Symptoms: IPv6 adjacencies may appear as incomplete, and connectivity may be broken. This situation occurs at random times and is not associated with any event in particular. IPv4 adjacencies may appear as incomplete but recover within a minute.
Conditions: This symptom is observed on a Cisco IOS-based router when you enter the clear adjacency command.
Workaround: To restore the correct state of the adjacency, enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: On a Cisco 10000 series, the PXF information may not be correctly updated from the RP after a route change, causing packets to be sent untagged even though the RP shows that the packets should be sent as tagged.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(26)S.
Workaround: Enter the clear isis * command or enter the shutdown command followed by the no shutdown command on the interface towards the MPLS cloud.
•
Symptoms: An Engine 4+ line card may reset and generate errors.
Conditions: This symptom is observed after a manual RP switchover in RPR mode.
Workaround: There is no workaround.
•
Symptoms: Multilink MLP in PE may fail / rejected eventually after 3 or more times reloading the CE sides with different IOS images.
Conditions: The symptom is observed after 3 or more times reloading the CE router.
Workaround: Create new multilink interface or reload the vip for the bundled physical interface.
•
Symptoms: Buffer leakage could occur when a high load of traffic is sent to an interface that has a service policy enabled. This could result in ping failures or very long packet delay.
Conditions: The problem is observed with an MC-T3+ interface that is configured in unchannelized mode, and the traffic consists only of small packets such a 64-byte packets.
Workaround: Manually configure the tx-ring-limit command to lower the number of packets that can be placed on the transmission ring.
•
Symptoms: After performing a manual switchover on a dual-RP router that functions in RPR+ or SSO mode, the following error message may be seen on an 8xOC3ATM line card, and the line card may stop forwarding traffic:
%QM-4-STUCK: Port 0 Queue mask 0x80
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(28)S.
Workaround: Perform a microcode reload on the line card.
•
Symptoms: Toward the Fabric (ToFab) Buffer Management ASIC (BMA) error is observed on an Edge 16xOC3c/STM1c Packet Over SONET (POS) line card.
Condition: This symptom is observed when changing Multiprotocol Label Switching (MPLS) label protocol from Tag Distribution Protocol (TDP) to Label Distribution Protocol (LDP) under global and interface configuration.
Workaround: There is no workaround.
•
Symptoms: An E1 port of a PA-MC-8T1 may stay down after a vip crash.
Conditions: This symptom was observed on a Cisco 7513 router with a channelized E1/T1 (slot0).
Workaround: Enter a shut command and then a not shut command to the interface to bring it back to an up/up state.
•
Symptoms: The device may print a "May 17 14:01:11.411 edt: %TUN-5-RECURDOWN: Tunnel2 temporarily disabled due to recursive routing" message under some conditions.
Conditions: This symptom was observed when MPLS TE tunnels are configured on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(26)S2, and when static routes are added.
Workaround: There is no workaround.
•
Symptoms: A line card or port adapter may crash on an MPLS VPN PE router when the customer-facing interfaces are flapped.
Conditions: This symptom is observed when any of the following conditions are present:
–
–
The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: Avoid the above-mentioned conditions. For example, avoid the redistribute connected command in the BGP configuration of the CE router.
•
Symptoms: Sending SNMP query to poll CBQOS MIB may cause high CPU utilizations. Depending on number of service policies attached, the CPU utilization may reach the limit causing many different negative effects including taking down Telnet, LDP, etc., which are processed by CPU. In some cases, a crash may occur.
Conditions: The CPU high utilization most likely occurs when polling the unsupported cbQosREDClassStats objects with close to 1000 instances of QoS policy attachment.
Workaround: The potential workaround include:
1. Reduce the number of QoS policy attached.
2. Avoid polling the unsupported stats table(s).
3. Reduce the polling frequency.
•
Symptoms: Under certain unknown circumstances, a traceroute may trigger a process watchdog.
Conditions: This has been observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(26)S2.
Workaround: There is no workaround.
•
Symptoms: A ping between two GRE interfaces may not work.
Conditions: This symptom is observed when a GRE tunnel between two routers is up and you ping from the GRE interface of one router to the GRE interface of the other router.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series Internet router, the traffic for certain prefixes behind port-channel link are being blocked on router for traffic going through the router. Traffic originated from the router itself (process-switched) works correctly.
Conditions: This symptom was observed on a Cisco 12410 with dual PRP2 when running Cisco IOS Release 12.0(27)S1.
Workaround: There is no workaround.
•
Symptoms: Packet latency in a priority class is high when shaping is enabled in the parent class. For example, when you send 400 kbps of traffic through the priority class, the measured latency is about 80 ms.
Condition: This symptom is observed when the service policy has a shape average of 768000 on the class default and a child policy with a priority feature.
Workaround: There is no workaround.
•
Symptoms: The PXF engine on a Cisco 10720 may crash, and the following error messages are generated in the logging buffer (the PXF crashinfo files can be found in the flash memory of the router):
MSD: %TOASTER-2-FAULT: T0 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T1 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T0 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T1 IHB Exception: watchdogIn addition, there are four ways to verify that the symptom is occurring:
–
MSD: %Camr_SRP_OC48-3-INTERR: SRP uplink internal error SRP_TX_VA_SC_GIANT_PKT (code 4)
MSD: %Camr_SRP_OC48-3-INTERR: SRP uplink internal error SRP_TX_VA_SC_FIFO_GIANT_PKT(code 100)
MSD: %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_SC_IPM_RD_ACC_TIMER_EXP(code 1)
MSD: %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_RP_IPM_RD_ACC_TIMER_EXP(code 4)
MSD: %Camr_VA-3-SISTATUS: Van Allen SRIC Data integrity error VA_SI_FL_CTRL_DRVN(code 80)
MSD: %Camr_VA-3-SOSTATUS: Van Allen SROC Data integrity error VA_SO_PKT_LEN_ERR (code 1)
MSD: %Camr_VA-3-STATISTICS: VA statistics register: 0x0098 reports VA_SO_PKT_LEN_ERR_COUNT = 3–
–
–
Conditions: This symptom is observed when all of the following conditions are present:
–
–
* The packet is denied by an output security ACL.
* There is no route in the router to forward the packet.
* The time to live (TTL) of the packet expires.
* The packet is an ICMP echo request packet, and the router tries to send an ICMP echo reply packet to the source.–
Workaround: Enter the no ip unreachable command on all interfaces of the router, which works in the following two cases:
–
–
For other cases, there is no workaround.
•
Symptoms: Connectivity for destinations that are reachable via an MPLS TE tunnel may fail when the tunnel is fast-rerouted. The loss of connectivity may result in loss of TCP sessions (BGP, LDP, etc.) for those destinations.
When the problem happens, the output of the show ip cef network command shows "invalid cached adjacency" for the tunnel but does not show "fast tag rewrite."
Conditions: This symptom is observed when all of the following conditions are present:
–
–
–
–
Workaround:
–
–
Further Problem Description: The symptom affects traffic that originates on the tunnel headend. Transit traffic going through the tunnel is not affected. The symptom does not occur if there are multiple paths to the destination (one of which is the tunnel).
•
Symptoms: An SRP interface is stuck and there is no response at all. In the output of the show srp topology command, the last topology packet that is received takes more than five seconds to arrive. In addition, the "zero encap length" counter in the output of the show hardware pxf cpu stat interface srp 1/1 detail command increases.
Conditions: This symptom is observed on a Cisco 10720 when the value of the overall packet size divided by 32 is 1 or 2.
Workaround: There is no workaround.
•
Symptoms: CPU hog, BGP sessions, and APS channels flaps are observed on routers.
Conditions: When SNMP polling a Cisco 12000 series router with about 500 interfaces/subinterfaces, 900+ attached service policies, the router may produce CPUHOG log messages when polling the Class-Based-QoS-Mib stats.
Workaround: There is no workaround.
•
Symptoms: A flap of the bgp session between the primary PE and the CE providing the default route may cause the remote CE to lose internet connectivity when the bgp session is restored.
Conditions: These symptoms were observed when running a topology of CE routers dual homed connected to 2 PE gsr routers running Cisco IOS Release 12.0.26.S2 (primary and secondary) and a default route is being generated by a CE in a different vrf.
Workaround: There are two steps to the workaround.
1. Add a default vrf static route to cover the bgp derived default route.
2. Clear the default route entry in the route table.
•
Symptoms: If a MPLS packet contains a L2TP or UTI packet and the mpls packet needs to be processed by the RP instead of the PXF (due to MPLS TTL equal to 0 or 1, IP header in the MPLS packet contain options), the SRP or Ethernet will stop receive packets on those ports.
Conditions: The problem is in all software releases.
Workaround: There is no work around.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.0(26)S3
Cisco IOS Release 12.0(26)S3 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S3 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: After a Versatile Interface Processor (VIP) has reloaded, there does not seem to be a crashinfo file because the crashinfo file is not closed; therefore, it is not visible or accessible. If the same VIP reloads again, both the first and second crashinfo files are accessible.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(6f). The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Route Switch Processor (RSP) may reload unexpectedly when a bus error with an invalid memory address occurs while packets are placed into a hold queue.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S, 12.1(14)E4, or 12.2 S when the following sequence of events occurs:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: A Flash memory card may become corrupted. The output of the show flash-filesystem EXEC command may display the following information:
Open device slot0 failed (Bad device info block)Conditions: This symptom is observed on a Cisco platform when you perform an online insertion and removal (OIR) of the Flash memory card.
Workaround: Do not perform an OIR of the Flash memory card. Rather, switch off the router and perform an offline insertion and removal.
If the Flash memory card does become corrupted after an OIR, reformat the Flash memory card.
•
Symptoms: When you reload a Cisco 7500 series router with a new Cisco IOS software image, the router may reload unexpectedly during the bootup process and generate an "Imprecise cache parity error" message.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route Switch Processor 8 (RSP8) and that runs Cisco IOS Release 12.0 S or Release 12.2(18)S when you reload the router with an image of Cisco IOS Release 12.3 T.
Workaround: Do not reload the router. Rather, power-cycle the router to properly load the image of Cisco IOS Release 12.3 T.
•
Symptoms: A VIP crash can lead to a memory exhaustion situation on the RSP in turn leading to an RSP crash.
Conditions: This will happen more frequently on routers with a high idb count.
Workaround: There is no workaround.
•
Symptoms: A router may reload due to a software-forced crash.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(13)T5 and that has SSH configured. However, the symptom may occur on other platforms that run other releases and that do not have SSH configured.
Workaround: There is no workaround.
•
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
•
Symptoms: A Cisco router may experience a memory leak in the IPC buffers:
Interface buffer pools:
IPC buffers, 4096 bytes (total 41664, permanent 624):
0 in free list (208 min, 2080 max allowed)
3339198 hits, 75195 fallbacks, 0 trims, 41040 created
4254 failures (65497 no memory)You can also see that the Pool Manager process is holding onto more and more memory:
PID TTY Allocated Freed Holding Getbufs Retbufs Process
5 0 246913476 44522964 202605044 176561380 2654280 Pool ManagerConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(26)S1. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the MIB from being polled by explicitly configuring an SNMP view in the Cisco IOS configuration. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, such as:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8The specific MIB that is being blocked is the ciscoEnhancedMemPoolMIB MIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
•
Symptoms: A slave RSP running in HSA mode may crash with a cache parity exception.
Conditions: This symptom is observed on a Cisco 7500 series and occurs only when the slave RSP is an RSP8 or RSP16 that runs in HSA mode.
Workaround: There is no workaround.
The fix for this caveat turns off the L3 cache by default on an RSP8 or RSP16 that functions as a slave and that runs in HSA mode; you do not need to do anything specific to turn off L3 cache by default on an RSP8 or RSP16 that functions as a slave and that runs in HSA mode.
For an RSP8 or RSP16 that functions as a slave and that runs in a non-HSA mode such as RPR, you can turn off the L3 cache by entering the l3 cache bypass command on the master RSP while the slave RSP8 or RSP16 still runs in a non-HSA mode.
Because the slave RSP performs non-CPU intensive operations, regardless of the mode of operation, turning off the L3 cache does not have any undesirable impact.
Interfaces and Bridging
•
Symptoms: Entering the shutdown command on a controller of a Packet over T1/E1 Network Transceiver puts the controller permanently down. Entering the no shutdown command on the controller does not bring the controller up.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S and is specific to the controller that is installed in a PA-MC-8T1/E1, PA-MC-4T1/E1, or PA-MC-2T1/E1 port adapter.
Workaround: There is no workaround.
•
Symptoms: The output of an snmpwalk for the entPhysicalDescr MIB on a PA-MC-8E1/120 may shows the PA-MC-8E1/120 as unknown.
Conditions: This symptom is observed on a Cisco 7500 series in which a PA-MC-8E1/120 in installed.
Workaround: There is no workaround.
•
Symptoms: Channelized interfaces on a channelized T3 line card or port adapter that is configured for Frame Relay encapsulation may be in the up/down state, and DLCIs are inactive.
Conditions: This symptom is observed when you reload a Cisco platform and when the interfaces were in the up/up state before you reloaded the platform.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller of either the T3 line card or port adapter on the Cisco platform or on the T3 line card or port adapter on the platform at the remote end.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the main interface on the Cisco platform.
IP Routing Protocols
•
Symptoms: There is inoperability between Cisco IOS Release 12.2 and earlier releases when you configure an invalid encrypted password for Message Digest 5 (MD5) authentication for Open Shortest Path First (OSPF). An error message similar to the following is displayed to warn the user of this invalid password.
router(config-if)# ip ospf message-digest-key 111 md5 7 xxxxxx
OSPF: Invalid encrypted password: xxxxxx
An already encrypted password should have been entered.Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: An inconsistency between the Cisco Express Forwarding (CEF) table and the Address Resolution Protocol (ARP) table may cause CEF entries to be removed and then recreated at random times. This situation, in turn, may cause unicast packet loss for the affected entry or entries.
Condition: This symptom is observed only when ARP requests are not answered. ARP and adjacency tables are periodically refreshed independently; this may cause tables to be out of synch until this situation ages out.
Possible Workaround: Configure the ARP timeout to be 60 seconds or a multiple of 60 seconds. For example, when you enter the arp timeout 270 interface configuration command, the symptom occurs, but when you enter the arp timeout 300 interface configuration command, the symptom does not occur.
•
Symptoms: Pings fail on an Ethernet-to-VLAN interworking over L2TPv3 due to an IRDP failure.
Conditions: This symptom is observed when you ping between two CE routers. Both of the CE routers do not learn each other's MAC address automatically.
Workaround: Ping from the first CE router to the second CE router, then ping from the second CE router to the first CE router.
•
Symptoms: The withdraw message of a multipath (not bestpath) from a BGP neighbor deletes the path from the BGP table but it does not uninstall the route from the IP routing table.
Conditions: This symptom is observed when the maximum-paths eibgp command or maximum-paths ibgp command is configured.
Workaround: Enter the clear ip bgp * or disable the maximum-paths eibgp command or maximum-paths ibgp command.
•
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1.
2.
3.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e.,
10.10.10.128 | 0.0.0.127 = 10.10.10.255
10.10.10.0 | 0.0.0.255 = 10.10.10.255Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•
Symptoms: An OSPF Designated Router (DR) may fail to regenerate the network LSA when you reload the router.
Conditions: This symptom is observed on a Cisco router that functions as a DR for an OSPF interface when another interface with the same interface address is present in the area but is in a shut down state.
Workaround: Remove the duplicate interface address and enter the clear ip ospf process command.
•
Symptoms: The BGP Open processes may hold more and more memory, may cause a memory leak, may finally run out of memory, and may cause a Malloc Failure error.
Conditions: This symptom is observed when there are BGP neighbors stuck in the active state (that is, a BGP neighbor is configured but the peer address is not reachable) and when some NSF/SSO RP switchovers occur and the standby becomes active.
Workaround: Shut down the neighbors that are not used.
Further Problem Description: When the memory leak occurs, it will be a consistent 1k leak for each neighbor that is not up every 2 minutes.
•
Symptoms: The maximum-paths import number-of-paths command enables a VRF to import additional paths in addition to the bestpath. If the original path of the import path is withdrawn, wrong import paths may be purged. This situation may cause traffic disruption up to 15 seconds.
Conditions: This symptom is observed when the original path of the best import path is withdrawn and the import path is at the end of the path list (that is, the one learned the very first). In this situation, all import paths that are derived from other paths may be purged as well. If the imported net has only import paths, the net may not be reachable until other paths are reimported.
Workaround: Ensure that the import path is at the top of the path list or use the same route descriptor (RD) for all import paths.
•
Symptoms: A Cisco 10000 series router that is running Cisco IOS Release 12.0(25)SX6 notices a large increase of at least 15% in the CPU usage in the "BGP Router" process when upgraded from Cisco IOS Release 12.0(23)SX5. This occurs under certain conditions where there are a very large number of BGP neighbors in a PE-CE scenario. During the steady state after BGP router convergence, there needs to be a constant churn in the updates with addition/withdrawal of the routes from the neighbor BGP peers.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(25)SX6. All versions starting from Cisco IOS Release 12.0(25)SX to Release 12.0(25)SX6 are affected by this problem.
Workaround: Configure the neighbors by grouping into sets or peer-groups, in which a few of the neighbors in each set share similar outbound policy. Each set will fall into a separate update group or peer group.
•
Symptoms: An MSDP enabled RP does not build an (S,G) state from its SA cache when it should do so. Depending on the topology and if an SPT threshold is configured as infinite, this situation may result in a multicast forwarding interruption of up to 2 minutes.
Conditions: This symptom is observed when the RP for a group fails and an incoming (*,G) join message is received.
MSDP should create an (S,G) state from its SA cache. However, this is done before the (*,G) olist is populated; because of the (*,G) NULL olist, MSDP does not install an (S,G) state.
Workaround: Enter the clear ip mroute * command on all first-hop routers to the source to enable the FHR to register immediately when the next packet creates an (S,G) state.
•
Symptoms: An OSPF router may reload unexpectedly.
Conditions: This symptom is observed after a neighbor has performed a switchover.
Workaround: Disable LLS under the OSPF process on the router by entering the no capability LLS command or disable OSPF NSF under the OSPF process on the neighbor by entering the no nsf command.
•
Symptoms: ISIS redistribute commands are not synced to the standby RP. The routes dependent on these commands will fail after switchover.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco router performing MPLS label imposition on IPv4 traffic may reload.
Conditions: This symptom is observed when the router attempts to forward traffic to a destination via a route that is newly learned, when the router forwards traffic via Cisco IOS software (that is, not via hardware acceleration), and when one of the following conditions is present:
–
–
–
The symptom affects the following Cisco IOS releases:
–
–
–
–
–
The symptom does NOT affect the following Cisco IOS releases:
–
Possible Workaround: Avoid conditions that prevent a "valid cached adjacency" from being installed.
•
Symptoms: IPC errors occur during a bulk configuration synchronization of information to a standby RSP. This situation causes messages to be dropped, and the standby RSP may reset.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a large number (more than 100) VRFs.
Workaround: There is no workaround.
•
Symptoms: A serial interface of a 1-port multichannel E3 port adapter (PA-MC-E3) may fail to enter the "up/up" state when you initially configure the interface or after a number of reconfigurations.
Conditions: This symptom is observed on a PA-MC-E3 that is installed in a Cisco 7500 series or Cisco 7600 series when the following sequence of events occurs:
1.
2.
3.
Although the symptom may occur when you initially configure the interface, it is more likely to occur when you configure, delete, and reconfigure the interface several times.
The problem impacts the following channelized cards:
PA-MC-T3, PA-MC-2T3, PA-MC-xT1 (x = 2,4,8), PA-MC-xE1 (x = 2,4,8), PA-MCX-xTE1 (x = 2,4,8)
Workaround: When the interface does not enter the "up/up" state, configure the interface again.
Further Problem Description: The problem may also occur after a link flap of an interface of one of the channelized cards.
•
Symptoms: Incorrect tags may be imposed after a route has flapped.
Conditions: This symptom is observed on a Cisco router that functions in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.
Workaround: There is no workaround.
•
Symptoms: A VIP may reload when an SSO occurs on an RP.
Conditions: This problem occurs intermittently when distributed MLP is configured on the router.
Workaround: There is no workaround.
•
Symptoms: The adjacency table is not retained after an RP switchover.
Conditions: This symptom occurs with a 4-port Ethernet PA inside a VIP4-80 on an RSP 16.
Workaround: Clear the adjacency table with the clear adjacency command after the Stateful Switchover (SSO).
•
Symptoms: After entering a no hw-module slot command on the primary CSC, an Engine 0 OC-12 (channelized to DS3) line card may be come inoperable.
Conditions: This symptom is observed on a Cisco 12416 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S.
Workaround: Use the microcode reload global configuration command to reload the line card.
•
Symptoms: No SNMP linkup or linkdown trap is generated for a 1CHOC12/4CHSTM1 SONET layer when a controller goes up and down.
Conditions: This symptom is observed when monitoring a SNMP linkup or linkdown trap for a 1CHOC12/4CHSTM1 SONET layer.
Workaround: Monitor the controller status using the show controller sonet command.
•
Symptoms: All line cards may crash due to an IPC timeout or fabric ping timeout.
Conditions: This symptom is observed on a Cisco 12000 series with a PRP under heavy traffic conditions. The output of the show controllers psar command shows excessive error events (e.g. free queue empty events).
Workaround: There is no workaround. The fix for this DDTS adds the new show monitor event-trace psar command to show any bursty error events that are traced but not visible in the output of the show logging command.
•
Symptoms: A Cisco 12000 series may forward packets to an incorrect interface. This behavior can been seen by looking at the hardware CEF entry on this input line card:
execute-on slot x show ip hardware-cef a.b.c.d(a.b.c.d is the destination IP address)
The output looks similar to the following, in which the CEF lookup is null:
LC-Slot0#show ip hardware-cef a.b.c.d
Leaf FCR 2 0x784C6FC0 found 2 deep
alpha ip loadbalance: 0x78198D00 - lbl not equal. cef lookup NULLAfter clearing the route, the output looks as follows:
LC-Slot0#show ip hardware-cef a.b.c.d
Leaf FCR 4 0x784C6FC0 found 2 deep
Fast Adjacency:
alpha adjacency: 0x701E8280
[0-7] oi 0x4019100 oq 4000 in 15 ab 0 hl 20 gp 11 tl 0 loq BC01 15/0 mtu 4470
packets 1750013440 bytes 776867999767
Output Queue / Local Output Queue Bundle:
[0-7] output queue 0x4000 local output queue 0xBC01This problem may cause packets to be dropped because a loop is created and the TTL expires for the packets.
Conditions: This symptom is observed under very specific conditions on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S or a later release when traffic that enters an Engine 3 line card toggles between a static-to-null route and a more specific route as the destination.
Workaround: Avoid the specific conditions mentioned above. Clearing the route resolves the problem only temporarily.
•
Symptoms: %IPCLC-3-INTRLVL error messages and tracebacks may be seen on an Engine 2 8xOC3 ATM line card. This situation may cause an 85-percent CPU utilization on the line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series router with 2 GRPs which support SSO mode (Cisco IOS Release 12.0(24)S and later), when any Engine3 (E3 aka ISE) card is inserted after bringing up both GRPs in SSO mode, the applied service policy which has WRED configured on this interface, does not sync with standby GRP.
Conditions: The problem only happens for any E3 card that was not in the chassis when the secondary RP booted. This will be the case when adding a new E3 LC to an already running system and configuring it for the first time. E3 cards that were in the chassis by the time the secondary RP finished booting will not exhibit this behavior.
Workaround: Reload the secondary RP.
•
This caveat consists, of six separate symptoms, conditions, and workaround, of which the first three apply to all Cisco IOS releases and the last three apply only to Cisco IOS Release 12.3 T:
1) Symptoms: There are three symptoms:
–
–
–
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC:" mode, as in the following example:
show version | append disk#:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vtp file new
Setting device to store VLAN database at filename new.
Router(config)#^ZWorkaround: There is no workaround.
2) Symptoms: The show diskslot-number and dir diskslot-number commands may show inconsistent information (such as inconsistent file sizes) when multiple images are copied.
Conditions: This symptom is observed when you make two copies of the image file to the disk by using two vtys and by entering the dir diskslot-number command at the same time.
Workaround: Do not enter the show diskslot-number and dir diskslot-number commands when multiple images are being copied.
3) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed when you rename a directory that consists of many subdirectories or files.
Workaround: Reload the router.
4) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T after the router boots up.
Workaround: There is no workaround.
5) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T when an application or a CLI command overwrites a file on the disk.
Workaround: Reload the router.
6) Symptoms: A router that runs Cisco IOS Release 12.3 T crashes.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC" mode and attempts to delete the file, as in the following example:
show version | append disk0:redirect.out" and issuing
delete disk0:disk0:redirect.outWorkaround: Reload the router and delete the file.
•
Symptoms: 10 percent of packets that are larger than 1496 bytes get dropped when passing through an Engine 3 4-Port GE line card (4GE-SFP-LC),
Conditions: This problem is seen on a Cisco 12000 series when the line card is used for both the ingress and egress traffic flow.
Workaround: Reduce the MTU on the ingress network so that packets that are larger than 1496 bytes are not received by the router.
Alternate Workaround: Replace the ingress interface with an interface of a 1-port GE line card.
•
Symptoms: A %LINK-4-TOOBIG error message may appear on the console log of a Cisco 10000 series.
Conditions: This symptom is observed when you send a ping or an L2TP packet across an MPLS interface that is configured for label imposition.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router may crash when access control lists (ACLs) are displayed.
Conditions: The symptom is observed when ACLS are displayed by entering the show access-list command just after an ACL has been added, deleted or modified. The probability of the crash increases with the size of the ACL and with the number of times it is used (for example, in route maps).
Workaround: Wait for a few minutes after modifying the ACL. For large size ACLs (with hundreds of entries) that is used many times you may have to wait between 5 and 10 minutes.
•
Symptoms: Multiple SYS-3-CPUHOG error messages may be generated in the LDP process, eventually followed by a watchdog timeout crash:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (422/8),process = LDP. -Traceback= 6101DFC0 6102546C 61016FE4 6101CE24 6101728C 61017A30
...
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = LDP. -Traceback= 6085658C 6101DE48 6102546C 61016FE4 6101CE24 6101728C 61017A30After the router has reloaded, the output of the show version command indicates "Last reset from watchdog reset."
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)S3 or Release 12.2(22)S and that is configured for MPLS LDP. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An ACL applied to an ATM subinterface (RFC1483) may not work after a PRE switchover.
Conditions: This problem is observed on a Cisco 10008 router with PRE2.
Workaround: Deconfigure and configure again the access list that is not working.
•
Symptoms: An ACL applied to a subinterface may becomes active on the main interface, without showing this in the configuration.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S2.
Workaround: Do not apply the ACL to the subinterface.
•
Symptoms: A Cisco 12000 series may exhibit high CPU utilization in the "Per-Second Job" process.
Conditions: This symptom is observed on a Cisco 12012 router that has a GRP and that is running Cisco IOS Release 12.0(26)S1 with 255 class maps applied to a 4-port ISE Gigabit Ethernet line card. However, the symptom is release- and platform-independent.
Workaround: Reduce the number of applied class maps.
•
Symptoms: On a Cisco 7500 series that is equipped with Versatile Interface Processors (VIPs) with ATM port adapters, the ATM PVCs may not come back up after the ATM interface flaps. This occurs because the interfaces in the VIP do not transmit any packets but still process incoming traffic.
Conditions: This symptom is observed in a dLFIoATM environment in which distributed Class Based Weighted Fair Queueing (dCBWFQ) is configured on PPPoATM virtual templates.
Workaround: Apply any kind of distributed queueing on any interface or subinterface of the affected VIP. Doing so triggers all interfaces to start transmitting again, enabling the ATM PVCs to come back up.
•
Symptoms: Using Cisco IOS Release 12.0(28)S images on Cisco 12000 series routers and Engine 6 2xOC192 line cards, the show interface accounting command shows incorrect values for tag packets.
Conditions: This symptom is observed in a tag-to-tag scenario.
Workaround: Ignore the IP counters for the tag packets.
•
Symptoms: A PXF engine on a Cisco 10000 series may unexpectedly crash and then the router may crash.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(23)S5.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may experience a block overrun and redzone corruption with a subsequent system reload or switchover as a result of incorrectly processing a corrupted packet. Error messages similar to the following may be observed:
%GRP-4-CORRUPT: Corrupted packet, start_offset 96, length 65534, slot 9
%SYS-3-OVERRUN: Block overrun at 53E4389C (red zone 00000000)Conditions: This symptom may be observed on a Cisco 12000 series that runs Cisco IOS Release 12.0 S and that has 1, 3, or 4 port Gigabit Ethernet line cards installed.
Workaround: There is no workaround.
•
Symptoms: After a Stateful Switchover (SSO) occurs on a Cisco 7500 series, the standby Route Switch Processor (RSP) my hang just before downloading the image. This situation may prevent the router from entering the STANDBY-HOT state and from being capable to perform a switchover until the standby RSP is reset.
Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.0 S or 12.2 S and that is configured for SSO/Nonstop Forwarding (NSF).
Workaround: There is no workaround. After the problem occurs, you can recover the router by either waiting for an IPC timer to expire (the default time is 30 minutes) or by entering the hw-module sec-cpu reset command.
•
Symptoms: Engine 1 GE and FE line cards on a Cisco 12000 series running Cisco IOS Release 12.0(26)S2 may reset or fail when an HA switchover occurs.
Conditions: This symptom is observed when switching the HA mode from SSO to RPR+ or from RPR+ to SSO and when a test crash or switchover is performed while auto negotiation is enabled on the Engine 1 GE or FE line cards.
Workaround: Do not change the HA mode.
•
Symptoms: A router may crash when you enter the fair-queue command on the interface of a PA-MC-STM-1 port adapter.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S when the interface has the rate-limit output command enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router reloads unexpectedly as ATM VCs are coming up.
Conditions: This symptom is believed to occur only when ACLs are applied on ATM interfaces, and, only rarely then, on images that contain the CSCed72686 fix.
Workaround: There is no workaround.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Symptoms: A Cisco platform reloads because of a watchdog timer expiration.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2(20)S2 or Release 12.3 under the following conditions:
–
–
–
Workaround: First detach the service policy from the PVC, then rename it and attach it again.
•
Symptoms: HSRP over the VRF is not working after following these steps:
1.
2.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3, that has a PRP and 4-port GE ISE line cards, and that functions as a PE router.
Workaround: Enter the standby use-bia command or use RPR+ instead of SSO.
•
Symptoms: A Cisco 12000 series running Cisco IOS Release 12.0(26)S1 may advertise erroneous IPv6 networks when configured for both 6PE and Route Reflector operation.
Conditions: This symptom is observed on a network in which 6PE is implemented on an existing dual-stack (IPv4 and IPv6) configuration.
Workaround: There is no workaround.
•
Symptoms: An MLP bundle configured between a Cisco 7500 series and any other router may not be able to switch traffic when dCEF is enabled on the Cisco 7500 series.
Conditions: This symptom is observed when LFI is enabled with one member link in the MLP bundle.
Workaround: Either remove dCEF or remove LFI. (A combination of CEF and MLP is not supported.) Note that if there are two member links in the interleaving-enabled MLP bundle, the problem does not occur.
•
Symptoms: A subinterface on a Cisco 10000 series may drop packets because of unicast RPF check failures, even though the interface is not configured with uRPF.
Conditions: This symptom is observed on an ATM interface with several subinterfaces when there is at least one subinterface that has uRPF configured. Disabling uRPF on the subinterface still leaves uRPF enabled, even though the CLI indicates it is not enabled. This may also occur with Frame Relay subinterfaces.
Workaround: Select a subinterface that has uRPF configured, then deconfigure and reconfigure it. This updates all subinterfaces on the interface in such a way that uRPF is correctly enabled or disabled.
•
Symptoms: A Cisco 7500 series cannot boot when there are more than 256 different policy maps attached as service policies on the router.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1.
Workaround: Do not use more than 256 service policies.
•
Symptoms: MPLS packets that are larger than 1496 bytes and that have the DF bit set are dropped, even when the tag-switching mtu 1508 command is enabled on all interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that is configured as an MPLS PE router, when all of the following conditions are met:
–
–
–
Workaround: There are two workarounds:
–
–
•
Symptoms: A 12000 series Engine 2 line card may not accept a "tx-cos" configuration.
Conditions: This symptom is observed if the router previously had an Engine 4+ line card in the same slot and this Engine 4+ line card was configured with an output service policy.
Workaround: Reload the router.
•
Symptoms: After working fine for sometime, a 4-port OC-12 ATM line card stops forwarding unicast packets to the RP, and none of the unicast traffic that is sourced from or destined to the RP via the 4-port OC-12 ATM line card goes through. Unicast traffic to the 4-port OC-12 ATM line card interfaces fails too.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(21)ST7 when MPLS is enabled on the line card. IP traffic and IS-IS traffic that pass through the router are not affected. To recover the line card, reset the line card.
Workaround: There is no workaround.
•
Symptoms: Traffic may be dropped if an Engine 3 4-port OC-3 POS ingress line card has more than two egress paths.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S2.
Workaround: There is no workaround.
•
Symptoms: GE interfaces on an EPA-GE/FE-BBRD line card may drop tag packets.
Conditions: The problem is reported on a Cisco 12000 series running Cisco IOS Release 12.0(23)S5 only when you perform an OIR of an EPA-GE/FE-BBRD to install or remove additional EPA-3GE-SX/LH line cards.
Workaround: Perform a second OIR of the line card.
•
Symptoms: If a Cisco 10000 ESR does not have a specific route for both end points of a conversation, the Cisco 10000 ESR will only duplicate one-way audio for only the specific route populating the Cisco 10000 routing table but not for the end point using the default route from the routing table.
Conditions: This symptom is observed on a Cisco 10000 ESR that is running Cisco IOS Release 12.0(25)S3 and PRE-1.
Workaround: There is no workaround.
•
Symptoms: If a multilink interface loses members of the bundle, or if you enter the shutdown command followed by the no shutdown command on a multilink interface, or if the router reloads, the bandwidth that is allocated for non-real time classes can be allocated incorrectly. The sum of the bandwidth that is allocated for non-real time classes and the bandwidth that is specified by the police bps command for real time traffic may exceed the actual bandwidth of a multilink interface.
Conditions: This symptom is observed on a Cisco 10000 series running Cisco IOS Release 12.0(27)S1 that has the service-policy out command enabled on a multilink interface. The service policy consists of a real-time class and several classes with reserved bandwidth The real-time class is configured with the priority command and the police bps command. Other classes are configured with the bandwidth bandwidth-kbps command.
The bandwidth that is allocated for non-priority traffic should take into account the bandwidth that is reserved by the police bps command for the real-time class.
Workaround: Remove and reapply the service-policy out command to the multilink interface.
•
Symptoms: After a circuit bounces, traffic stops being passed on a VC when using a VC bundle. Other VCs on the same subinterface still work. The switch on the other side of the VC does not show any received cells from the VC.
In addition, the show atm vc command does not work because even after the VC is recovered, the command output still does not show any traffic.
Conditions: These symptoms are observed on a Cisco 12000 series.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface.
•
Symptoms: A standby RP keeps crashing.
Conditions: This symptom is observed when both the snmp-server community string rw command and the snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command are configured.
Workaround: Remove the snmp-server community string rw command from the startup configuration before rebooting the router. When the router has booted, reenter the snmp-server community string rw command.
•
Symptoms: An RP may crash when you add or remove a channel group to or from a 4-port ISE Gigabit Ethernet line card or when you reload microcode onto the line card on which channel group members are configured.
Condition: This symptom observed on a Cisco 12000 series when there are link-bundle subinterfaces configured on the 4-port ISE Gigabit Ethernet line card. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed63480. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A VIP may crash.
Condition: This symptom is observed on a Cisco 7500 series when QoS is configured on the interface of the VIP and traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.0(25)SX1 may experience CEF disabling on standby PRE.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(25)SX1. The symptom may also occur in Release 12.0 S.
Workaround: Reset standby PRE.
•
Symptoms: The feature manager queue on the Route Processor may not drain for 20 minutes after a reload in a scaled environment with 1400 IP and L3VPN connections (subinterfaces). The feature manager pushes ACL and PBR configurations to the IP Services Engine (ISE) line cards for TCAM processing. You can monitor the state of the feature manager queue with the show fm queue command.
Conditions: This symptom is observed on a 12000 series that runs Cisco IOS Release 12.0(28)S and may occur on any ISE line card that uses an associate message in the QoS manager.
Workaround: There is no workaround.
•
Symptoms: The TE DB on a tunnel headend may become corrupted.
Conditions: This symptom is observed on a Cisco router that has MPLS configured.
Workaround: There is no workaround.
•
Symptoms: Starting with Cisco IOS Release 12.0(26)S, the Cisco 10720 router supports IPv6 ACL feature. The IPv6 packets are corrupted (including the IPv6 header) for the following scenario: For a packet in 6PE decapsulation case (MPLS to IPv6), if output ACLs are applied at the output interface and these ACLs are long enough to require a second PXF pass (known as output ACL split case), then the outgoing IPv6 packet is corrupted.
Conditions: This symptom is observed on Cisco 10720 routers that are running Cisco IOS Release 12.0(26)S or later releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may drop 2 to 3 percent of the ping packets that are destined to the router when the input interface is an Engine 4+ line card.
Conditions: This symptom is observed for ICMP packets on a Cisco 12000 series that is Cisco IOS Release 12.0(26)S1. The symptom may also affect other types of packets.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series crashes because of a bus error.
Condition: This symptom is observed on a Cisco 12016 that runs Cisco IOS Software 12.0(25)S2 when you enter the hw-module slot 17 shutdown command to shut down the master scheduler card.
Workaround: Do not shut down the master scheduler card.
•
Symptoms: When a channel group (for example, channel +1) is removed from a controller, the class-default queue gets stuck on the next time slot/channel.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with 24-port channelized E1/T1 line cards and that has a high traffic rate on the removed channel.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: The performance of an OC-48 to E3 concatenated or channelized line card may drop from 4 Mpps to 2.84 Mpps when oCAR is enabled in a configuration that includes both the conform-action and exceed-action keywords and when oCAR is transmitting packets and changing the precedence.
Conditions: This symptom is observed on a Cisco 12000 series that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(28)S or an earlier release. However, note that performance drops do not occur in Release 12.0(27)S1.
Workaround: There is no workaround.
•
Symptoms: On a Cisco series 12000, the output of the execute-on slot number show ip cef prefix command may display the same imposed label twice for a recursive public route.
Conditions: This symptom is observed on a Cisco platform that supports distributed forwarding such as a Cisco 7500 series or a Cisco 12000 series when the neighbor name send-label command is configured under an IPv4 BGP address family on a VIP or line card and when one of the following actions occurs:
–
–
–
The symptom disappears after the affected prefix flaps.
Workaround: There is no non-impacting workaround, but you can enter the clear ip route prefix command or reset the BGP peer to solve the problem.
•
Symptoms: A public recursive route is not labeled.
Conditions: This symptom is observed on a Cisco router that functions as a BGP peer and that has the neighbor name send-label command enabled as part of an IPv4 address family, which is required for Inter-AS configurations. The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: There is no workaround. Note that the symptom does not occur if the neighbor name send-label command is enabled as part of an IPv4 address family VRF.
•
Symptoms: When a host sends a path MTU discovery packet into a L2TPv3 tunnel, a Cisco 10720 returns an ICMP unreachable packet, indicating that the path MTU is "MTU-32byte (L2TPv3 header)-(layer2 header of customer packets)," which is incorrect. This situation causes TCP communications such as FTP or HTTP downloads over the L2TPv3 tunnel to fail. For example, 26 bytes (outer IP + L2TPv3 header sizes) may be missing.
Conditions: This symptom is observed on a Cisco 10720 that functions as a PE router.
Workaround: If this is an option, set an MTU with a small size at the server side. If this is not an option, there is no workaround.
•
Symptoms: WRED does not share WRED labels even when WRED parameters are identical. Because Engine 4 and Engine 4+ line cards have only seven WRED labels, when you configure WRED for all eight IP precedences, the line cards display the following error:
% Can not configured WRED, all WRED labels are in use.This situation prevents part of the precedence (WRED group) command for the 8th IP precedence from being applied to the interface policy map.
Conditions: This symptom is observed when you apply a policy map that uses more than seven WRED labels and when WRED labels are not shared.
Workaround: There is no workaround.
•
Symptoms: After you enter the microcode reload pxf command or after a PXF crash occurs, EoMPLS packets that should be encapsulated with EoMPLS encapsulation are treated as if they are normal IP packets, and are likely to be dropped by the router.
Conditions: This symptom is observed on a Cisco 10720 router when an SRP (sub)interface is used as the EoMPLS backbone interface to transport EoMPLS packets to other EoMPLS PE routers and when the (sub)interface has the xconnect destination-address vc-id encapsulation mpls command enabled.
Workaround: Remove the xconnect destination-address vc-id encapsulation mpls command from the (sub)interface that connects to a customer device, and reconfigure it on the (sub)interface.
•
Symptoms: A Cisco router crashes during a period of high routing protocol activity.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(21)SP or a later release or Release 12.0(22)S or a later release.
The crash is most likely to occur when the router holds a large number of IPv4 prefixes in its routing table and when there is a lot of turnover in the routing table, that is, prefixes are added and deleted on a rapid basis.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series equipped with Engine 4 or Engine 6 line cards may crash because of an unexpected exception to CPU vector 300 when the CISCO-CLASS-BASED-QOS-MIB is queried via SNMP.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or an earlier 12.0 S release.
Workaround: There is no workaround.
•
Symptoms: A packet becomes corrupted when you ping a POS line card.
Conditions: This symptom is observed on a Cisco 12000 series Engine 0 4-port OC-3 POS line card.
Workaround: There is no workaround.
•
Symptoms: The PXF forwarding engine on a Cisco 10720 may crash after the microcode is reloaded either through a manual reload by entering the microcode reload pxf command or after a previous PXF crash. This situation causes multiple PXF crashes.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(26)S or a later 12.0 S release, all of which contain IPv6 PXF packet forwarding functionality, and is most likely to occur while IPv6 packets are passing through the router.
Workaround: Disable IPv6 functionality or disable PXF by entering the no service pxf command.
•
Symptoms: A temporary counter condition in which you see very large MPLS TE tunnel counter spikes may occur on a Cisco 12000 series. This situation is observed via the SNMP variable IfHCOutOctets (the total number of octets transmitted), via the SNMP variable locIfOutBitsSec (the Cisco 5-minute decaying average), and in the output of the show interfaces tunnel number privileged EXEC command (observe the elevated output rate).
Conditions: This temporary counter condition is observed only for one or two sample periods and affects the MPLS-TE auto-bandwidth mechanism because the collection timer may be invoked at a time while the counter is at an extreme value. If the auto-bandwidth mechanism collection value is greater than the physical interface capability, the LSP tunnel build fails at the next LSP tunnel build.
Workaround: There is no workaround.
•
Symptoms: All interfaces in a multilink group go down when you enter the no shutdown command on the MLP interface.
Conditions: This symptom is observed when the MLP interface is in the up/up state.
Workaround: Do not enter the no shutdown command on an MLP interface that is already in the up/up state.
•
Symptoms: A router that is configured with MPLS TE tunnels may generate tracebacks and crash.
Conditions: This symptom is observed on a Cisco router that runs an internal Cisco pre-build of Cisco IOS Release 12.0(26)S3 when the RSVP bandwidth is reduced to a value below the minimum value that is required by the tunnel. This caveat is resolved in Release 12.0(26)S3.
Workaround: There is no workaround. However, the symptom does no occur in any publicly released Cisco IOS software image.
•
Symptoms: A 6-port OC-3 POS line card (ESR-6OC-3/P-SMI=) may go down unexpectedly, and the following error messages may be logged (assuming that the line card is installed in slot 6 of the router):
IPCOIR-4-REPEATMSG: IPC handle already exists for 6/0
IPCOIR-2-CARD_UP_DOWN: Card in slot 6/0 is down. Notifying 6oc3pos-1 driver.
C10K_ALARM-6-INFO: ASSERT CRITICAL slot 6 Card Stopped Responding OIR Alarm - subslot 0Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(27)S2 in a dual-PRE configuration when the CPU utilization on the active PRE is high. The symptom may also occur in other 12.0 S releases.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series is reloaded or a switchover occurs from the active RP to the standby RP, a subinterfaces on an ATM ISE line card may not return to up/up state.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS release that is earlier than Release 12.0(27)S when the subinterface is part of a VRF. If the oam-pvc manage command is not configured on the PVC, the subinterface enters the up/up state but does not pass any traffic.
Workaround: Return the subinterface to the up/up state by entering the shutdown command followed by the no shutdown command in subinterface configuration mode.
•
Symptoms: The RP that is supposed to become the primary RP may crash when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS interim release of Release 12.0(26)S3. This caveat is resolved in Release 12.0(26)S3.
Workaround: There is no workaround.
•
Symptoms: A permanent virtual connection (PVC) configuration is removed if a PVC fails when it is recreated.
Conditions: This symptom is observed on a Cisco 7500 series that has a Versatile Interface Processor (VIP). The PVC configuration may be removed if the VIP is carrying data traffic and the parameters of the virtual circuit (VC) class that is attached to the configured PVCs on the associated interface are modified.
Workaround: There is no workaround.
•
Symptoms: Outbound security ACLs are not applied properly on Cisco 10000 series routers.
Conditions: This symptom is observed on all Cisco IOS Release 12.0 S images that contain the fix for CSCed72686.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A router may not recognize some inbound Multiprotocol Label Switching (MPLS)-tagged packets that are sent via Frame Relay. Because the router cannot recognize the inbound MPLS-tagged packets, MPLS cannot switch those packets to the outgoing interface. The MPLS-tagged packets are dropped by the router, and the router does not increment the input-packet counter in the output of the show frame pvc output EXEC command.
Conditions: This symptom is observed on a Cisco router that has Cisco Express Forwarding (CEF) enabled and that is running Cisco IOS Release 12.2(7b). The symptom may also occur in other releases.
Workaround: Enable the debug mpls packets EXEC command.
•
Symptoms: When you configure Open Shortest Path First (OSPF) on a new Multilink Frame Relay (MFR) interface, the following traceback may be displayed:
%OSPF-6-ZERO_BANDWIDTH: interface MFR100 has zero bandwidthConditions: This symptom is observed on a Cisco router when you configure a new MFR interface or after the router has rebooted.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error after the following error message is displayed:
%ATMPA-3-BADVCD:ATM[int] bad vcd [number] packet -Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface.
Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface when a packet that contains a virtual circuit descriptor (VCD) that is out range is passed on to the ATM driver of the interface in order to be transmitted.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S2
Cisco IOS Release 12.0(26)S2 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is - Reloading a faulty Cisco IP conference station 7935 or 7936 may cause connected Cisco switch/router to reload. A CDP message may appear on the terminal, such as "%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex)."
Conditions: An empty "version" field exists in the output of show cdp entry * for at least one entry.
Workaround: Disable CDP using the no cdp run command in the global configuration mode. OR Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) have an empty "version" field in the output of show cdp entry *. OR Disconnect the 7935/7936 phone, in the case of specific symptom described.
•
Symptoms: A Cisco 7204VXR with an NPE400 may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 7204VXR that runs the c7200-p-mz image of Cisco IOS Release 12.0(26)S.
Workaround: There is no workaround.
•
Symptoms: Incorrect "output IFMIB" counters are observed on the main interface.
Conditions: This symptom has been observed on a Cisco 7500 series router running Cisco IOS Release 12.0(25)S1 when an 802.1q VLAN is configured with Committed Access Rate (CAR). The "output CLI" and "input SNMP/CLI" counters are correct.
Workaround: There is no workaround.
•
Symptoms: Executing the tftp-server slaveslot0: global configuration command, or any configuration commands related to tftp-server being set to access flash devices on the slave, will cause the slave to reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(23)S5 but is not platform dependent.
Workaround: Configure the tftp-server to access flash devices on the master route switch processor (RSP) only.
•
Symptoms: The Remote Processing Time reported by an SAA probe to a VRF/VPN loopback on a MPLS VPN PE router is too short, about 1~30ms, while the Round Trip Time that is calculated is too large, about >100ms. When you have probes sent to both an IPv4 Loopback and a VPNv4/VRF Loopback, you will see that the results they provide are exactly reverse to each other. For example:
router time type remote process time roundtrip delay
saa_probe2ipv4 218 1
saa_probe2vpnv4 5 219
Conditions: This symptom is observed when an SAA probe is sent to VPN/VRF addresses on an MPLS VPN PE router through a MPLS VPN network.
Workaround: There is no workaround.
•
Symptoms: A Cisco Catalyst 2950 experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
Interfaces and Bridging
•
Symptoms: Fragments produced on a Route Switch Processor (RSP) may be corrupted. The fragments may have extra bytes of garbage that may cause the remote end to drop the packets since the remote end cannot rebuild the packets.
Conditions: This symptom occurs on a Cisco 7500 router that is configured for Frame Relay fragmentation 12 (FRF.12) on a Packet-over-SONET (POS) subinterface.
Workaround: There is no workaround.
•
Symptoms: TX Simple Network Management Protocol (SNMP) counters do not update on Fast Ethernet subinterfaces for distributed Cisco Express Forwarding (dCEF) traffic.
Conditions: This symptom is observed on Cisco IOS Release 12.0(26)S and Release 12.3. The hardware is DEC21140A, and the interface receiving the traffic is not located on the same Versatile Interface Processor (VIP).
Workaround: There is no workaround.
•
Symptoms: An interface on a Cisco 7500 series that is configured for distributed Multilink PPP (dMLP) may stop transmitting data.
Conditions: This symptom is observed when the links in an MLP bundle flap. When the router detects that the interface does not transmit data, the router automatically resets all Versatile Interface Processors (VIPs) to restore proper functioning.
The following log information shows the sequence of events when the symptom occurs:
%LINK-3-UPDOWN: Interface Serial10/1/1/11:23, changed state to down
%LINK-3-UPDOWN: Interface Serial10/1/1/12:23, changed state to down
%LINK-3-UPDOWN: Interface Multilink9, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial10/1/1/11:23, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial10/1/1/12:23, changed state to down %LINK-3-UPDOWN: Line protocol on Interface Multilink9, changed
%LINK-3-UPDOWN: Interface Serial10/1/1/12:23, changed state to up
%LINK-3-UPDOWN: Interface Multilink9, changed state to up
%LINK-3-UPDOWN: Interface Serial10/1/1/11:23, changed state to up
%RSP-3-RESTART: interface Serial10/1/1/11:23, output frozen
%RSP-3-RESTART: cbux complexWorkaround: There is no workaround.
•
Symptoms: BGP Policy Accounting information is not available via SNMP for 802.1Q VLAN subinterfaces.
Conditions: This symptom is observed on Cisco 12000 and 7500 series routers.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may pause indefinitely on reload with a traceback and bus error exception.
Conditions: This symptom may be observed with a Cisco Open Shortest Path First (OSPF) router that is doing redistribution.
Workaround: There is no workaround.
•
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at н^н marker.
exit-address-family
^ % Invalid input detected at н^н marker.
exit-address-family
^ % Invalid input detected at н^н marker.The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom is not observed in Cisco IOS Release 12.3.
Workaround: Reenter the configuration that was present before the router reloaded.
•
Symptoms: A Cisco router may pause indefinitely because of a bus error, and the following error message may appear:
System returned to ROM by bus error at PC 0x60B5F1C0, address 0xEF4321E5Conditions: This symptom is observed on a Multiprotocol Label Switching (MPLS) provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: The best path is not chosen correctly on a Cisco router.
Conditions: This symptom is observed when the bgp deterministic med router configuration command is configured on a Cisco router. The symptom occurs when different values of Multi Exit Discriminator (MED) are set for peers. In this particular situation, the symptom occurs when different values of MED are set to different peers.
Workaround: There is no workaround.
•
Symptoms: When the following Open Shortest Path First (OSPF) MIB tables are queried via snmpwalk, some interfaces may not be displayed:
–
–
–
Conditions: This symptom is observed on any Cisco platform that runs OSPF.
Workaround: There is no workaround.
•
Symptoms: A network link-state advertisement (LSA) may not be originated for an interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S, Release 12.2 S, Release 12.3, or Release 12.3 T when an interface that is configured for Open Shortest Path First (OSPF) and that is up has the same address as another interface that is shut down.
Workaround: There is no workaround.
•
Symptoms: During BGP scalability testing, error messages and tracebacks similar to the following ones may be logged, indicating a difficulty with TCP and buffer usage:
%SYS-2-MALLOCFAIL: Memory allocation of 4692 bytes failed from 0x6076F714, align
Pool: I/O Free: 11143248 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Pool Manager", ipl= 0, pid= 6
-Traceback= 607FE10C 607FF1EC 6076F71C 6080C1D0 6080C400
%TCP-6-NOBUFF: TTY0, no buffer available
-Process= "BGP I/O", ipl= 0, pid= 139
-Traceback= 6098B4EC 609938C8 60993C1C 60D55CE4 60D0BEB0
%TCP-6-NOBUFF: TTY0, no buffer available
-Process= "BGP Router", ipl= 0, pid= 138
-Traceback= 6098B4EC 609938C8 60993C1C 60D55CE4 60D29858 60D2AF88 60D1B4BCConditions: This symptom is observed on a Cisco router that is in the processing of building BGP sessions for about 80,000 prefixes and about 1200 BGP peers.
Workaround: There is no workaround.
•
Symptoms: A multicast router may stop sending Protocol Independent Multicast (PIM) join messages.
Conditions: This symptom is observed on a Cisco router that is configured for multicast routing when buffer allocation failures occur and when the I/O memory is low.
Workaround: Disable and reenable multicast routing.
•
Symptoms: A router may no longer be able to reach IP destinations through Open Shortest Path First (OSPF).
Conditions: This symptom is observed when the mpls traffic-eng area number router configuration command is removed from the OSPF configuration.
Workaround: Clear the OSPF process by entering the clear ip ospf process privileged EXEC, and wait for the OSPF process to recover. This workaround is not recommended when there is a large routing table.
Alternate Workaround: Reconfigure the mpls traffic-eng area number router configuration.
•
Symptoms: A router may reload unexpectedly when you remove network commands. The crash will not always happen when network commands are removed. There is a small window where this can happen when a network command which covers an interface running OSPF is removed *and* there are outstanding packets from this interface in OSPF queue.
Conditions: This symptom is observed on a Cisco router that has the router ospf global configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: Routes on a provider edge (PE) router may take almost 10 minutes to propagate through a network because Border Gateway Protocol (BGP) remains in read-only mode for a long period of time.
Conditions: This symptom is observed on a Cisco router that functions as a PE router and that is a BGP peer to other PE routers. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCeb54512. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: SAA probes that are executing on the Cisco 12000 series routers incorrectly measure round trip time delay measurements.
Conditions: This symptom is only observed on a Cisco 12000 series router.
Workaround: Run the probe on a different Cisco platform.
•
Symptoms: On a router with the hidden command ip routing external overload signalling set, if a router-wide CEF FIB-DISABLE event takes place (rather than a FIB-DISABLE event on a line card), the loopback interface and its associated IP address are removed from the routing table.
On FIB recovery, the IP address associated with the loopback interface will not be present in the routing table and therefore cannot be advertised to any other routers in the network.
Conditions: This behavior is observed in IOS release 12.0(25)S and later releases on a router with the ip routing external overload signalling hidden command set. Earlier IOS releases are not affected.
Workaround: Enter the no ip routing external overload signalling hidden command.
•
Symptoms: A Cisco router with a label switched path (LSP) tunnel on which Fast ReRoute (FRR) is enabled and active may stop refreshing the Resource Reservation Protocol (RSVP) state when the refresh updates are received via RSVP summary refresh messages. This situation causes the RSVP to time out and the LSP tunnel to be torn down.
Conditions: This symptom is observed on a Cisco router that does not transmit RSVP messages for LSP tunnels on which FRR is enabled and active via message IDs. The symptom does not occur when FRR is enabled but not active.
A peer router that runs software other than Cisco IOS software may continue to send RSVP messages with messages IDs that request an acknowledgment. The Cisco router does acknowledge these message IDs, causing the peer router to start sending RSVP summary refresh messages to refresh the RSVP state. The Cisco router ignores the message IDs that are contained in these RSVP summary refresh messages and does not refresh the RSVP state.
Workaround: There is no workaround.
•
Symptoms: A router may crash after the IP address of the interface of a neighboring router is changed while an MPLS TE tunnel is using this interface.
Conditions: This symptom is observed on a Cisco router that functions as a midpoint of an MPLS traffic engineering (TE) tunnel and occurs shortly after the IP address of the ingress interface of the downstream neighboring router is changed while the MPLS TE tunnel is using this interface.
Workaround: There is no workaround.
•
Symptoms: This symptom occurs in an OSPF network topology in which a CE router (CE-1) connect to a PE router (PE-1) that connects to two other PE routers (PE- 2 and PE-3), each of which connect to another CE router (CE-2 and CE-3). In turn, both of these CE routers are connected to each other (that is, CE-2 and CE-3 connect to each other).
When the link between the PE-3 and the CE-3 flaps, the OSPF route in the VRF fails to switch back from BGP to OSPF on the PE-1.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S, 12.2 S, and 12.3 T.
Workaround: Clear the ip route, clear the OSPF process, or enter the clear ip bgp * command on the PE-1 to bring the route back from BGP to OSPF.
•
Symptoms: A router may reload unexpectedly with a bus error and/or display spurious memory access messages
Conditions: The router must be configured for OSPF and must be actively learning OSPF routes dynamically.
Workaround: There is no workaround.
•
Symptoms: FRR LSPs may fail to provide protection with a Next-next-hop (NNHOP) backup tunnel.
Conditions: This symptom is observed only when a primary LSP reaches beyond a merge point.
Workaround: There is no workaround.
•
Symptoms: IPv6 BGP may not reach the established state.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(26)S2 or Release 12.0(28)S. However, the symptom is not platform-specific.
Workaround: There is no workaround.
•
Symptoms: A BGP prefix may receive or advertise incorrect label information.
Conditions: This symptom is observed on an MPeBGP session between ASBRs when there is more than one MPeBGP session configured.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) routes that are learned from an IS-IS interface may not be added back to a Routing Information Base (RIB).
Conditions: This symptom is observed on a Cisco router with an interface that is running IS-IS after you enter the shutdown interface configuration command followed quickly by the no shutdown interface configuration command.
Workaround: Enable "ip routing protocol purge interface" on the router.
Miscellaneous
•
Symptoms: Connectivity difficulties may occur when Virtual Private Network (VPN) routing/forwarding (VRF) packets follow the global routing table instead of the VRF table.
Conditions: This symptom is observed on a low-end Cisco router that runs Cisco IOS Release 12.2(7a) or another release when the global address space in the router overlaps with the VRF address that is configured on a VRF interface of a connected PE router. The VRF interface of this PE router may be unreachable but end-to-end connectivity may not be affected.
Workaround: There is no workaround.
•
Symptoms: A Performance Route Processor (PRP) may reload after the following error message is displayed:
PRP-3-ASM_CORRUPT_PTRConditions: This symptom is observed on a Cisco 12000 series on which a defective 1-port OC-192 Packet-over-SONET (POS) Enhanced Services (ES) Engine line card is installed. The symptom occurs because error recovery does not function properly.
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: On a Cisco router, output queue packet drops may occur on the priority queue of an E1 serial interface on a 1-port multichannel E3 port adapter (PA-MC-E3), after which the E1 serial interface becomes congested.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.1(18)E. However, the symptom is not specific to the platform or the Cisco IOS software release but specific to the port adapter.
Workaround: Enter the tx-ring-limit interface configuration command to increase the value of the drivers that are transmitted on the queue. For additional information, see the document at the following location:
http://www.cisco.com/warp/customer/121/txringlimit_6142.html
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: Sporadic error recovery may occur on an Engine 4 plus (E4+) line cards after a corrupt packet that comes from the fabric is detected. The error recovery is indicated by %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM error messages on the E4+ line card. The packets are corrupted by Engine 3 line cards and are triggered by routing convergence.
Conditions: This symptom is observed on a Cisco 12416 router that runs Cisco IOS Release 12.0(25)S or Release 12.0(25)S1. Only packets in the IP-to-tag path are affected.
Workaround: There is no workaround.
•
Symptoms: You may not be able to load a Cisco IOS software image onto a Cisco 12000 series from an Advanced Technology Attachment (ATA) Flash disk, and one or more error messages similar to the following may appear:
open(): Open Error = -13 loadprog: error - on file open boot: cannot load "disk0:gsr-p-mz.120-24.S2"
open: read error...requested 0x4 bytes, got 0xffffffff trouble reading device magic number loadprog: error - on file open boot: cannot load "disk0:gsr-p- mz.120-22.S3c"Conditions: This symptom is observed when the ATA disk is formatted with one Cisco IOS software image and also contains another Cisco IOS software image that you attempt to load onto the Cisco 12000 series.
Workaround: Enter the boot system tftp filename ip-address global configuration command, dummy for the filename argument, and 10.1.1.1 for the ip-address argument. Note that this command parses without errors, and then fails; the router may not appear to boot initially, but eventually does so.
Further Problem Description: The symptom only affects a Cisco 12000 series RP. It does not affect a Cisco 12000 series PRP.
•
Symptoms: Some virtual circuits (VCs) are not added by FPGA/SAR when modified from cell-packing ATM Adaptation Layer 5 (AAL5).
Conditions: This symptom is observed on a Cisco 12000 series router but is not platform dependent.
Workaround: Delete PVCs and reprovision them.
•
Symptoms: On dual Performance Route Processors (PRPs) in RPR+ mode, the secondary PRP may not boot up. When you log into the PRP, it appears to be in the ROMmon state.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S1 when the ROM monitor of the primary RPR is upgraded.
Workaround: Attach to the secondary RPR and boot up this RPR manually by entering the boot command on the ROMmon prompt.
•
Symptoms: An interface may not transmit traffic because the output may be stuck. When this symptom occurs, the console of the Route Switch Processor 4 (RSP4) may display the following error messages:
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/2:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/1:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/3:15, TEI0 changed to down %RSP-3-RESTART: interface Serial1/0/0:15, not transmitting Output Stuck on Serial1/0/0:15 %RSP-3-RESTART: interface Serial1/0/1:15, output frozen
%RSP-3-RESTART: interface Serial1/0/2:15, not transmitting
%RSP-3-RESTART: cbus complexConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1(19)E1 when the compress stac caim interface configuration command is configured on the interface. The symptom may also occur in other releases.
Workaround: Remove the compress stac caim interface configuration command from the interface.
•
Symptoms: A Cbus Complex may occur and the packet memory may be recarved, causing a temporary disruption in service.
Conditions: This symptom is observed on a Cisco 7500 series when you install an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) or an enhanced 2-port T1/E1 high-capacity port adapter (PA-VXC-2TE1+) and when you configure the port adapter via the command-line interface (CLI) for E1 or T1.
Workaround: There is no workaround. Try to install the port adapter during a maintenance window.
•
Symptoms: A Versatile Interface Processor 4 (VIP4) in which an 8-port multichannel E1, G.703 120 ohm interface port adapter (PA-MC-8E1/120) is installed may reload unexpectedly and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address.Conditions: This symptom is observed on a Cisco 7500 series that has a distributed multilink interface on which IP Header Compression (IPHC) is configured when distributed Cisco Express Forwarding (dCEF) is disabled by entering the no ip cef distributed global configuration command and reconfigured by entering the ip cef distributed global configuration command while the interface is operational.
Workaround: Ensure that the multilink interface is shut down before you to disable dCEF.
•
Symptoms: The amount of free memory on a router decreases as the memory that is held by the Simple Network Management Protocol (SNMP) engine process increases. The decrease in the amount of free memory can be verified by examining the output of the show proc mem | i SNMP privileged EXEC command.
Conditions: This symptom is observed when SNMP is used to attempt to set values in the LDP-MIB, TE-MIB, or VPN-MIB.
Workaround: Avoid using SNMP to set values in the MIBs. Use the CLI on the router to set the values needed.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: Modular QoS CLI (MQC) may allow invalid hierarchical policy maps to be attached to IP Services Engine (ISE) Packet-over-SONET (POS) interfaces.
Conditions: This symptom is observed on Engine 3 (E3) ISE line cards on a Cisco 12000 series router.
Workaround: Do not attach invalid hierarchical policy maps.
•
Symptoms: Fast Reroute (FRR) fails to detect a protected interface that has gone down. Initial failure detection varies from 100 to 800 milliseconds.
Conditions: This symptom is observed only on a Cisco 7500 series router.
Workaround: There is no workaround.
Further Problem Description: When the protected interface goes down, FRR switches from the primary tunnel to the backup tunnel.
•
Symptoms: A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that is running distributed Cisco Express Forwarding (dCEF) may have high memory usage and memory allocation failures when dCEF is disabled and then reenabled.
Conditions: This symptom is observed on a PE router that has a large number of VPN routes (over 30,000) in a VPN routing/forwarding (VRF) table when CEF is disabled and then reenabled.
Further Problem Description: View the output of the show processes memory EXEC command to verify that the CEF process memory usage increases.
Workaround: Reload the router.
•
Symptoms: There may be no memory for the expanded TFIB PSA. The label allocation may fail with error messages that are shown below and may be followed by a memory traceback.
%TAGCON-3-LCLTAG_ALLOC: Cannot allocate local tag
%TFIB-2-MEMORY: No memory for expanded TFIB PSA
-Traceback=Conditions: This symptom is only observed on an MPLS-capable Cisco platform and only when the label space has been exhausted to the maximum level supported by the platform or is about to be exhausted (only a few hundred labels are available) and when the TFIB table is expanded further.
Workaround: Enter the mpls label range 16 101900 command at the conf-t level to avoid the error messages.
•
Symptoms: When you securely copy a Cisco IOS image to a flash disk by entering the copy scp slot0: or copy scp slot1: EXEC command, the copy process may stop after about 60 to 70 percent has been transferred.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(25)S1 or Release 12.3.
Workaround: Copy the Cisco IOS image via another transport protocols such as TFTP.
•
Symptoms: A Cisco 12000 series router with an Engine 2 3-port Gigabit Ethernet (GE) line card may display memory access error messages, and the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series with an Engine 2 3-port GE line card when Border Gateway Protocol Policy Accounting (BGPPA) is applied and then removed from its interface.
Workaround: There is no workaround.
•
Symptoms: When traffic matches a particular VLAN group and the "match vlan" argument is removed from that VLAN group, the traffic continues to match the class map (prior to removal) and is shaped accordingly. The expected behavior is for the traffic to take the default queue.
Conditions: This symptom is observed on an IP Services Engine (ISE) 4x Gigabit Ethernet (GE) line card that has a modular QoS CLI (MQC) quality of service (QoS) policy attached to the main interface only when the "match vlan 1-3" argument is removed from the VLAN group.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series that functions as a provider edge (PE) router may fail to receive an Internet Control Message Protocol (ICMP) echo message on a Multilink PPP (MLP) ingress interface.
Conditions: This symptom is observed on a Cisco 7500 series when Virtual Private Network (VPN) routing/forwarding (VRF) is configured on the MLP interface.
Workaround: There is no workaround.
•
Symptoms: Some channelized PA-MC-2T3+ interfaces on a Cisco 7500 series router may go into a down/down state. When this symptom occurs, one or more groups of four T1 interfaces may go down simultaneously because of an Rx Alarm Indication Signal (AIS) alarm, and all of the interfaces associated with the down/down T1 interfaces may also go into the down/down state.
Conditions: This symptom is observed only on a PA-MC-2T3+ port adapter. This symptom may be caused by a router or Versatile Interface Processor (VIP) reload or a circuit failure on the T3 port adapter. This symptom has not been observed on the PA-MC-T3 port adapter.
Workaround: Perform an online insertion and removal (OIR) of the VIP that seats the PA-MC-2T3+. Make sure that you follow the guidelines for performing an OIR procedure on a Cisco 7500 series router.
Alternate Workaround: Identify the router with four ports in the down/down state, and reload this router. You can identify the router with the interfaces in the down/down state by checking for the presence of AIS on all four ports. T1 interfaces will go down in the following combinations: 1-4, 5-8, 9-12, 13- 16, 17-20, and 21-24. If T1 interfaces go down in 3-6 or 10-13 combinations, this symptom is not the reason that the interfaces are in the down/down state.
•
Symptoms: An E3 4xOC12 channelized line card keeps resetting.
Conditions: This symptom is observed under load sharing between a POS channel interface and a regular POS interface.
Workaround: There is no workaround.
•
Symptoms: With a PRP running Cisco IOS Release 12.0(25)S1, the PRP hangs after the test crash command is entered. This is seen only on a PRP-1 and not a GRP-B.
Conditions: These symptoms are observed on a Cisco 12000 router with a PRP-1 and a full or nearly full chassis after the test crash command is entered. The router becomes inaccessible and inoperable. This only happens when the exception warmstart 60 5 global configuration command is configured.
Workaround: Disable the exception warmstart global configuration command. Note, however, that when you do so, caveat CSCeb70797 may occur.
•
Symptoms: An 8XOC3 ATM line card stops passing non-exp0 traffic (that is, tagged packets with the exp field in the MPLS shim not equal to zero) after an RP or line card reloads.
Conditions: This problem happens when ingress and egress subinterfaces are configured on the same ATM interface using an ATM switch. This symptom is observed on Cisco IOS Release 12.0(25)S3 or a later release.
Workaround: To recover the interface, enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: When you reload a Multiprotocol Label Switching (MPLS) provider edge (PE) router that has 20 PA-MC-2T3+ controllers and 780 channelized interfaces, the first PA-MC-2T3+ controller may have many channelized interfaces in the down/down state.
Conditions: This symptom is observed on an MPLS PE router that has the channelized interfaces that are in the down/down state directly connected to a customer edge (CE) router. If the connection is a T1 interface, then the interfaces on the CE router are in an up/down state. If the connection is sub- T1 (fractional T1), then the interfaces on the CE router are in an up/up state.
Workaround: Reload only the CE router and all the interfaces will go to the up/up state on both the CE router and the PE router.
•
Symptoms: The set feature in a policy map does not function when the service policy is attached to a channelized interface.
Conditions: This symptom is observed on a Cisco 7500 series router with a channelized port adapter when the policy is applied to the input direction of the interface.
Workaround: There is no workaround.
•
Symptoms: The output queue of an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) may be stuck, even though the controller is up.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S, 12.1 E, or 12.2 S after you have performed an online insertion and removal (OIR) of the PA-MC-8TE1+.
Workaround: Reload the router.
•
Symptoms: An E3 card crashes when more than 10k multicast groups are created, and traffic is sent to these groups. This is seen with sparse mode and Auto- RP.
Steps for crash:
1. Advertise 130k BGP routes. 1a. Send traffic to port advertising the BGP routes. 2. Advertise 10000 multicast groups. (When tried with 300 groups, card did not crash.) 3. Send traffic to multicast groups.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Do not create 10k multicast groups.
•
Symptoms: When a Cisco IOS software image runs on a standby Performance Routing Engine (PRE) together with an older version of Cisco IOS software that runs on the primary PRE, the following error message may appear on the standby router:
%IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP: Cannot find IDB index table entry: "", 79After a switchover from the primary PRE to the standby PRE occurs, the interfaces for which the above error messages appear may not be able to send or receive packets.
Conditions: This symptom is observed on a Cisco 10000 series during a Fast Software Upgrade (FSU) operation.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload when the clear cef line command is entered or when a new VRF is provisioned on an interface via the CLI.
Conditions: This symptom is observed on a VIP when Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow before making configuration changes or before entering the clear cef line command.
•
Symptoms: A line card may experience high CPU usage, and report alignment and spurious memory access error messages.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) line card may display high CPU utilization.
Conditions: This symptom is observed on an ISE line card in a Cisco 12000 series when Multiprotocol Label Switching (MPLS) packets are sent to the nonlabel-switched interface of the ISE line card.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a Cisco 12000 series router.
Conditions: This symptom is observed on a Cisco 12000 series router after a service policy is enabled.
Workaround: There is no workaround.
•
Symptoms: Tag entries may be missing on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed on a Cisco 7500 series that has distributed Cisco Express Forwarding (dCEF) enabled.
Workaround: Enter the clear cef linecard user EXEC or privileged EXEC command.
•
Symptoms: A Versatile Interface Processor (VIP) may reload and cause the Route Switch Processor (RSP) to reload after an input set policy is added to a Frame Relay (FR) map class.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: Use traffic policing to set the input policy.
•
Symptoms: An Engine 4 Plus (E4+) Gigabit Ethernet (GE) or Fast Ethernet (FE) line card that is configured with Any Transport over MPLS (AToM) may fail.
Conditions: This symptom is observed on an E4+ GE or FE line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S as soon as a soft online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC).
Workaround: There is no workaround.
•
Symptoms: When an ATM PVC bounces, it fails to come back up and remains in the DOWN/UNVERIFIED state.
Conditions: This symptom occurs when an ATM LC is connected to an ATM switch. Also, the ATM PVC is managed by OAM, and the frequency of the OAM F5 loopback cells is set to 0, via the oam-pvc manage 0 CLI command.
Workaround: Performing a shut command followed by a no shut command on the PVC will reactivate it.
Alternate Workaround: Disable OAM management.
•
Symptoms: A 1-port 10-Gigabit Ethernet line card may generate pause frames under an inbound heavy load if there is a bottle neck in the router, for example an egress line card. The pause frames may cause FCS errors at the remote end device.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(25)S2.
Workaround: There is no workaround.
•
Symptoms: During installation of a router on an OC-48 DPT/RPR ring, the ring became unstable, and 5 Cisco 12000 series routers reloaded, one reloading twice.
Conditions: This symptom is observed on a mix of Cisco 12016 routers and Cisco 12416 routers that are running Cisco IOS Release 12.0(23)S3 3DES software.
Workaround: There is no workaround.
•
Symptoms: Under certain conditions, a Cisco router could display IGP (Interior Gateway Protocol) prefix entries in the MPLS FRR (Fast Reroute) database as VPN (Virtual Private Network) prefixes. This is a cosmetic error condition and does not impact any feature functionality.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: The Gigabit Ethernet port on a 10-port Gigabit Ethernet base card may be in the up/up state even though there are no cables plugged in.
Conditions: This symptom is observed when the 10-port Gigabit Ethernet card has one EPA in the top slot and two ports on the EPA configured and enabled. Each time the router is booted, the Gigabit Ethernet port on the 10-port Gigabit Ethernet base card is in the up/up state.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router, IPv6 traffic is counted under IPv4 counter on the Engine 4 POS line cards on the egress side when using the show interface number [accounting] command.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: A line card may crash because of a timeout during the "get_stat" operation.
Conditions: This symptom is observed on a 4-port OC-12 ATM ISE line card that functions under extreme conditions such as cold temperatures and high voltages.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic stops flowing via an ATM interface.
Conditions: This symptom is observed when detaching and attaching the PVC to an ATM interface while sending multicast traffic over the PVC.
Workaround: After removing and attaching the PVC, enter the shutdown command followed by the no shutdown command on the interface.
•
This umbrella caveat affects the behavior of path triggers, and of Automatic Protection Switching (APS) with PPP and Frame Relay (FR) encapsulation.
- CSCec70879
Symptoms: Cisco 12000 series POS APS interfaces do not permit the configuration of path trigger specifications on APS interfaces.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
- CSCdu45201:
Symptoms: When the encapsulation ppp interface configuration command is configured on Cisco 12000 series Packet-over-SONET (POS) APS interfaces, some APS operations may result in an inappropriate protocol state. This situation may stop all traffic flow through the APS pair or duplicate all packets.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
- CSCec72228:
Symptoms: When the encapsulation frame-relay interface configuration command is configured on Cisco 12000 series POS APS interfaces, some APS operations may cause interfaces (that have been selected by APS) to be set to "protocol down" by FR. This behavior can result in the loss of all traffic over the APS pair.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: A failure of an active Route Processor (RP) may cause the standby RP to fail also.
Conditions: This symptom is observed in Cisco 12000 series Internet routers.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card does not forward traffic to networks that are not specifically present in the routing table.
Conditions: This symptom is observed if a default route is learned by way of the ip default network global configuration command. If routes are learned by way of a default route, this symptom is not present.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with LLQ, there is queueing on the real time queue.
Conditions: This symptom is observed on a Cisco 10000 ESR that is configured with LLQ.
Workaround: There is no workaround.
•
Symptoms: On Engine 2 (E2) n-port OC3 line cards for the Cisco 12000 series router, the pos delay triggers path router configuration command does not implement the specified delay. This results in the link being brought down for Path Alarm Indication Signal (PAIS) or Path Remote Defect Indication (PRDI) defects whose duration is smaller than the specified delay time.
Conditions: This symptom is observed in all releases of Cisco IOS Release 12.0 ST and in all releases of 12.0 S beginning with Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A 6-port CT3 line card crashed due to a Cache Parity Exception. The router will not reload.
Conditions: This symptom occurs on a Cisco 12000 series router that is running Cisco IOS Release 12.0(23)S3 image c12kprp-p-mz.
Workaround: There is no workaround.
•
Symptom: An ingress Engine 4 plus POS line card may drop fragmented packets.
Conditions: These symptoms occur in an IP-to-IP scenario under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: On a Cisco 10000 series with a 4-Port Channelized STM-1/OC-3 or 1-Port Channelized OC-12/STM-4 line card, when you enter the shutdown command followed by the no shutdown command on the SONET controller, the serial interfaces that are configured under this controller stay down until you enter the no shutdown command on each individual serial interface.
Conditions: This symptom is observed when the line card has au-4-tug3 controllers configured. The au-3 mapping appears to work correctly.
Workaround: There is no workaround. Bring up the serial interfaces by entering the no shutdown command on each individual serial interface.
Further Problem Description: The symptom also occurs when you enter the shutdown command on the au-4-tug3 controller.
•
Symptoms: The cbQosPoliceStatsTable MIB objects of the QOS-MIB may be missing.
Conditions: This problem affects QoS statistics that are defined in the CISCO-CLASS-BASED-QOS-MIB.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when packets are tag switched.
Conditions: This symptom is observed when a Bridge-Group Virtual Interface (BVI) is created after the router has booted up, when IP packets are received through the BVI, and when these IP packets are forwarded as Multiprotocol Label Switching (MPLS) packets through another interface.
Workaround: Disable tag switching on the BVI interface by entering the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command.
•
Symptoms: A Simple Network Management Protocol (SNMP) MIB displays the following message for a port adapter that is not present:
"unknown port Adapter"The show diag privileged EXEC command displays the correct message:
"no PA present"
Conditions: This symptom is observed on a Cisco router with a modular Gigabit Ethernet (GE) or Fast Ethernet (FE) card with no port adapters that is running Cisco IOS Release 12.0(24)S1.
Workaround: There is no workaround.
•
Symptoms: Flow control information is not sent to the line card correctly, which causes errors in flow control issues.
Conditions: When a VC is created, if the VC goes down or is inactive during the first 60 secs, the flowbit information may not be updated correctly on the line card.
Workaround: Create another VC. This will cause IOS to go through all of the active VCs and update all their flowbit information.
•
Symptoms: Traffic loss and tracebacks may occur on an Engine 2 (E2) 4xOC12 line card when diagnostics are run on the backup clock scheduler card (CSC).
Conditions: This symptom is observed on a Cisco 12012 router when the backup CSC is in slot 17 of the router.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 QOC12 LC configured with multicast VPNs may drop or punt traffic to the RP. This may happen when the mdt data group-address-range wildcard-bits threshold threshold-value command is configured in VRF configuration mode.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Remove the mdt data group-address-range wildcard-bits threshold threshold-value command from the VRF configuration.
•
Symptoms: The output packet counters on an interface may be incorrect. Depending on the Cisco IOS release, they may show either a very large or unexpected value.
Conditions: The output packet counters get corrupted by clearing the interface counters followed by reloading the PXF microcode. The commands are the clear counters command followed by the microcode reload pxf command.
Workaround: Issue another clear counters command.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: Enabling autonegotiation on an E1 Gigabit Ethernet interface causes the standby route processor (RP) to fail.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S.
Workaround: Stop the traffic, enter the shutdown command on the interface, configure autonegotiation on the interface, enter the no shutdown command on the interface, and resume the traffic.
•
Symptoms: The traffic-shape command may disappear from the running configuration after an HA switchover and it is not possible to reconfigure it on the newly active route processor.
Conditions: This symptom is observed when the traffic-shape command is configured on an interface of an Engine 4+ line card on a Cisco 12000 series that has multiple route processors installed and when an HA switchover occurs.
Workaround: Reload the router and reconfigure the traffic-shape command.
•
Symptoms: A reload or online insertion and removal (OIR) of any line card on a Cisco 12000 series Internet router chassis with a 1+1 Automatic Protection Switching (APS) configuration between two CHOC-48 line cards may cause a "deadman timer expired" error. This may result in an incorrect switch working once the line card comes up.
Conditions: This symptom is observed on a Cisco router with a channelized OC48 line card that is running the c12kprp-p-mz image of Cisco IOS Release 12.0(24)S4.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may show an BMA error, then run error recovery.
Conditions: This symptom is observed on a Cisco 12008/40 router that is running Cisco IOS 12.0(23)S5, that is configured as an MPLS inter-AS ASBR, and that is also configured as a PE router. When you enter the shutdown command followed by the no shutdown command on a POS interface of an 8-port POS line card, the 3-port GE line card shows an BMA error.
Workaround: There is no workaround.
•
Symptoms: An Engine 4+ line card may generate errors after a router reloads.
Conditions: This symptom occurs only when the line card is switching small packets (IP length ~28 bytes).
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly after renaming a policy-map the second time.
Conditions: This defect may be observed if there are at least two policies configured.
Workaround: Avoid renaming the policy-map.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The tag forwarding table for a line card on Cisco platforms that have distributed (i.e. line card based) forwarding, such as the Cisco 7500 Series and the Cisco 12000 Series, may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.
Conditions: This symptom is observed on Cisco platforms that have distributed (i.e. line card based) forwarding in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link.
The problem is more likely to happen if the PE to CE link experiences quick flaps of an interface (i.e. goes down and come back up in a very small amount of time (e.g. 2 sec)). Although this can happen on any line card, this situation is more likely to happen on the Engine 3(E3) channelized OC48 line cards due to its quick flapping behavior.
Note: There are additional prerequisites for this bug to happen. These are:
- The defect affects routers that are: (a) MPLS VPN PE routers or (b) routers that exchange labels for ipv4 BGP routes.
- For (a) there should be recursive routes on the PE that go over the PE-CE link (this could be either BGP learnt recursive routes or static recursive routes). Also, these recursive routes have the link's CE side ip address as their nexthop.
- There should be a less specific route to get to the nexthop (this can be a default route). This applies for (a) and (b).
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: When the cache is lost, a router correctly detects that the cache is no longer available, but HTTP requests are still forwarded to the cache.
Conditions: This symptom is observed on a Cisco 7500 series with dCEF enabled.
Workaround: Disable dCEF.
•
Symptoms: When sending 10 packets from AGT-SRC to AGT-Dest with TTL set to 3 on all packets, the first packet is dropped.
Conditions: This symptom occurs under the following conditions:
–
–
–
Workaround: Remove the "log" option from the ACL rule.
•
Symptoms: Under some unknown circumstances, Gigabit EtherChannel (GEC) subinterface counters do not function and stay at zero.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Reload the router.
•
Symptoms: Random Early Detection maintains an average length of the outbound queue of a class of traffic, and randomly discards newly arriving packets when the average falls within the configured range. A Cisco 10000 series router may contain an error in the average queue length computation which makes Random Early Detection too sensitive to the instantaneous queue length.
Conditions: This problem is seen on a Cisco 10000 series routers that runs Cisco IOS Release 12.0(27)S but may also occur in earlier releases.
Workaround: There is no workaround.
•
Symptoms: A file copied to an ATA disk may become corrupted.
Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster.
Workaround: Use an ATA disk that is formatted with 16 or less sectors/cluster.
•
This caveat consists of two separate systems, conditions, and workarounds.
Symptoms 1: A router may reload after a switchover to the standby processor.
Conditions 1: This symptom is observed on a Cisco Route Switch Processor (RSP).
Workaround1: There is no workaround.
Symptoms 2: After a switchover to a standby processor, the indices of the interfaces in the system may be changed by mistake. This may cause problems with forwarding packets and may cause other inconsistencies.
Conditions 2: This symptom is observed on a Cisco 12000 series.
Workaround 2: There is no workaround.
•
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these VRFs.
Conditions: This symptom can occur on a Cisco router that runs Cisco IOS Releases 12.2, 12.2T, 12.0S, 12.3 after the VRF interfaces have flapped. The symptom may occur in all code levels of these releases.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: Most multicast traffic is dropped if an ingress interface is an interface of an E4+ line card and NetFlow is configured.
Conditions: This symptom occurs when multicast traffic is forwarded down a shared tree, for example, forwarded by (*, g).
Workaround: Either unconfigure NetFlow or disable the SPT threshold to move to the shortest path tree.
•
Symptoms: If the service-policy {output} command is configured on a PA-MC-8E1/120 interface, the ping of a neighbor router fails. Other IP traffic also stops. When this command is removed, the ping and other IP traffic starts passing through this line.
Conditions: This symptom occurs when the service-policy {output} command is configured on a Cisco 7200 series router on a channelized interface, such as the PA-MC-8E1/120 interface.
Workaround: Remove the service-policy {output} command.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tagswitching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Symptoms: OAM cells generated on an ATOM VC that is configured for AAL0 cell relay will have CRC-10 errors. Note that the CRC-10 errors will be present only on the generated OAMs and not on the OAMs forwarded transparently as received from the remote PE. See below:
CE1 <--> PE1 <-- PW --> PE2 <--> CE2
OAM cells forwarded from PE2 to PE1 and vice versa will be fine. The problem will be seen when the PE1 starts sending OAM cells to CE1 when the PW goes down.
Conditions: When the ATOM VC goes down due to whatever reasons (e.g. remote PE-CE), the ATM interface going down will take the ATOM VC down. This condition will trigger the local PE to start sending OAMs to the CE. These OAM cells will have CRC-10 errors, as explained above. This problem will be seen on 8xOC3 ATM line cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series that runs 12.0(25)S2 may report the following log message:
SLOT 1: %SYS-3-CPUHOG: Task ran for 2052 msec (1/1), process = CEF LC IPC
Background, PC = 400DC728.
-Traceback= 400DC730 40DBFE60 40DBFFD4 40DC0B14 400C5A04 400C59F0Conditions: This symptom is observed when the default route gets updated to Engine 3 line cards and is reported by these line cards as seen above. This situation may happen after an interface flap or a routing update elsewhere in the network.
To determine if your line card is an Engine 3 line card, enter the show diag slot-number EXEC command, in which the slot-number argument is the slot number that reports the message). In the command output, you will see "L3 Engine: 3" for Engine 3 line cards.
Workaround: There is no workaround.
•
Symptoms: The Cisco 10720 microcode will be reloaded upon reception of certain malformed MPLS packets.
Conditions: An MPLS packet where the topmost label is an MPLS Aggregate Label (for either IPv4 or IPv6) and this label does not have the EOS bit set (that is, it is not the only label) will cause the reload.
Workaround: There is no workaround.
Further Problem Description: This should be an extremely rare situation as such packets are not allowed in MPLS, that is, IPv4/IPv6 aggregate MPLS labels must always be the only label on the received label stack and therefore they must always have the EOS bit set. Reception of such a packet implies that some other network element has generated an invalid MPLS packet.
•
Symptoms: All multicast packets are dropped with a VRF-lite configuration.
Conditions: This symptom occurs when MVPN is set up in a VRF-lite configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco router reloads with an unexpected exception and tracebacks.
Conditions: This symptom occurs when a serial interface is configured and you try to remove the AUG controller. See the following example:
router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#cont sonet 3/0/0
router(config-controller)#no aug cont
router(config-controller)#no aug controller
router(config-controller)#
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router with an HA configuration (dual RP redundancy) and with GE line cards which are using channel groups, might not be pingable after a redundancy switchover. From the interface, the directly connected device can be pinged, but from the same device, the interface cannot be successfully pinged.
Conditions: The problem is specific to a Cisco 12000 series router that is running Cisco IOS 12.0 S. The router must have an HA configuration (dual RPs). Also, channel groups must be configured (note: even if the channel groups are not assigned to a particular Gige interface, the problem can still occur). Finally, a link flap needs to occur on the channel group interface before the redundancy switchover is done to bring on the problem.
Workaround: Enter the shut command followed by the no shut command on the interface.
Further Problem Description: The group channel feature is new and was released for the first time in Cisco IOS Release 12.0(26)S1 so that is where the exposure is.
•
Symptoms: Intermittent packet drops occur when you ping the VRF loopback/interfaces on a PE router from an attached PE router. The VPN transit traffic intermittent drops occur also on packets that exceed the MTU size.
Conditions: This symptom is observed on a Cisco 12000 series 3-port GE and 4-port GE line card that are installed in a Cisco router that functions as a PE router and that is connected to another PE router via an L2 switch. The problem occurs when a VRF is configured on a subinterface that faces the L2 switch.
Workaround: Remove the VRF from the subinterface that faces the L2 switch.
•
Symptoms: A Cisco 12000 series Engine 4+ line card is unable to originate ICMP echo reply packets. ICMP packets transiting the router are correctly transmitted.
Conditions: This symptom occurs when the rate-limit, MQC set, or MQC police command is configured on the interface in the output direction.
Workaround: There is no workaround.
•
Symptoms: When the HSRP MIB is polled and there are HSRP groups configured on subinterfaces, an error such as "OID not increasing" may occur on the device that is polling the router. In some cases, a CPUHOG traceback may occur on a router when the HSRP MIB is polled, especially when a lot of interfaces are configured.
Conditions: This symptom is observed under either one of the following two conditions:
–
–
Workaround: Do not initiate an SNMP query for HSRP.
Alternate Workaround: Enter the snmp-server global configuration command to specify which MIBs are available, as in the following example:
snmp-server view HSRP internet included
snmp-server view HSRP ciscoHsrpMIB excluded
snmp-server view HSRP ciscoHsrpExtMIB excluded
snmp-server community public view HSRP RW 20
snmp-server community private view HSRP RW 20•
Symptoms: The MPLS packets are forwarded with a bogus label when they are sent out on a loadshared non-VRF MPLS enabled "Internet" interface from a VRF.
Condition: A static route for the VRF should be configured to reach the Internet, which would in turn be configured to recurse over 2 static routes to reach the next hop for the global Internet.
Workaround: Shut down one of the interfaces to remove the load-sharing condition.
•
Symptoms: A Cisco router reloads due to memory allocation problem when per packet load balancing is changed to default CEF load balancing.
Conditions: This symptom is observed on a Cisco 7200 series router with a PA-4T serial adapter when the service-policy output name command is applied to this interface. The problem is observed in Cisco IOS Release 12.0(26)S1 and Release 12.0(27)S.
Workaround: Use per-packet loadbalancing, remove the service-policy output name command, or replace the adapter with a PA-4T+.
•
Symptoms: A reload occurs that sends a Cisco 10000 series router into ROMMON state.
Conditions: This symptom occurs after configuring CHOC3 interfaces and then performing the shut command followed by the no shut command. The reload sends the Cisco 10000 series router into ROMMON state.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload unexpectedly.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Fast Reroute (FRR) is configured.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series with link-bundling (port-channel) configured and the snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command configured, if you configure the port-channel with minimum links that are greater that the actual links, the port-channel is forced down, and an SNMP linkdown trap is generated. However, if you correct the configuration so that the port-channel comes up, no linkup trap is generated.
Conditions: This symptom is observed on a Cisco 12000 series router that runs Cisco IOS Release 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: A router may log a CPUHOG message that is caused by the CEF reloader process.
Conditions: This symptom is observed on a Cisco router when a VRF with more than 9000 routes is added to the configuration.
Workaround: There is no workaround.
•
Symptoms: An access control list (ACL) that has logging enabled may not work on a Fast Etherchannel (FEC) interface.
Conditions: This symptom is observed on a Cisco 10720 router running Cisco IOS Release 12.0(26)S or a later release.
Workaround: There is no workaround.
•
Symptoms: When the error message "Info: Illegal normal burst size, increased to mtu size 4470" is generated on a channelized STM-1 MM PA, the VIP in which this PA is installed and the RSP may crash.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1 when MQC is configured on the channelized STM-1 MM PA.
Workaround: There is no workaround.
•
Symptoms: An Engine 1 single port Gigabit Ethernet line card for a Cisco 12000 series router may reload unexpectedly on receipt of large amounts of "pause input" frames sent via flow control from a downstream device.
Conditions: This symptom will occur only if the Gigabit Ethernet line card is forwarding large amounts of traffic to an overwhelmed downstream device that in turn sends "PAUSE" (XOFF) frames to the line card.
Workaround: Disable flow control on the downstream device.
•
Symptoms: On a Cisco 7500 series with distributed CEF, connectivity between CE routers that are locally connected to the same interface may be broken.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or a later release when an output service policy is configured on the subinterface of one CE router but not on the subinterface of the other CE router. Traffic that is process-switched flows correctly between the CEs routers.
Workaround: Configure a dummy output service policy on the subinterface that does not have an output service policy.
•
Symptoms: Traffic may be delayed across a Cisco 12000 Series Engine 3 line card. Traffic sent through the Cisco 12000 series Internet router may see latency. Other symptoms include:
1.
2.
3.
4.
Note: 3 and 4 are LC-specific commands.
Conditions: This problem occurs when tag-switching and MPLS are configured on the E3 line card.
Workaround: Upgrade Cisco IOS to get by CSCeb45907.
•
Symptoms: After executing a forced switchover, the secondary processor returns only to COLD standby and not HOT standby.
Conditions: This symptom is observed on a c10k-p10-mz image on a Cisco 10000 series router.
Workaround: There is no workaround.
•
Symptoms: The hw-module {slot X} command shutdown on a 4GE Eng3 that is using GEC may freeze a router during some time, bringing down line and protocols. Under certain circumstances, DCEF may also be disabled.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: Frame relay local switching fails when RED is applied on a Cisco 12000 series router with 2 Ports OC3 Channelized to DS1/E1 or 6 Port Channelized T3.
Also, it is observed that the controller is reset when the following is removed/reapplied:
rx-cos-slot all ToFabTable
!
slot-table-cos ToFabTable
destination-slot 0 OC3
destination-slot 1 GIGEConditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Perform the following steps:
1.
2.
3.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: Engine 2 line cards may fail upon clearing BGP peers.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: When a recursively resolved adjacency is "discard" (e.g., null0), a packet that is entering an Engine 3 4-port GE line card and that is destined to the "discard" adjacency is punted to the local line card CPU, causing high CPU utilization. Punting to the CPU is caused by a wrong adjacency that is populated for the corresponding route.
Conditions: This symptom is observed on Engine 3 line cards that are installed in a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S1 or a later release.
Workaround: There is no workaround.
•
Symptoms: Some MQC commands on 4xOC3 and 8xOC3 ISE line cards on Cisco 12000 series routers may result in a message similar to the following:
% Service policy on FR sub-interface POS1/1.2 must be hierarchical.Due to the error, no policy is applied to the interface. Even though the running configuration has the policy on the interface, the policy will not take effect.
Conditions: This symptom is observed on Cisco 12000 series routers.
Workaround: There is no workaround.
•
Symptoms: TE tunnel(s) fail to switch back to the explicit path option.
Conditions: This symptom is observed on a Cisco 12000 series router that runs the gsr-p-mz image of Cisco IOS Release 12.0 S.
Workaround: Continue to work either in the explicit path or in the dynamic path without shutting the link. Such a scenario is highly unlikely.
•
Symptoms: On an Engine 3 4GE line card, traffic from a Catalyst switch to a Cisco 12000 series is not rerouted over the GEC link when disabling the physical interface on which the traffic is passing.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: An EPA-GE/FE-BBRD line card may experience repetitive crashes during normal operation.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S2 or 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: HSRP configured on the subinterfaces of an Engine 4+ GE line card may not work.
Conditions: This symptom is observed when the subinterfaces are configured with VRFs.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) becomes disabled on a secondary Cisco 10000 series Performance Routing Engine (PRE) during a switchover.
Symptoms: This symptom is observed after configuring 380 traffic engineering (TE) tunnels and checking that CEF is enabled on both the primary and secondary PREs and that all TE tunnel interfaces are up. Then, a forced switchover from the primary PRE to the secondary PRE is performed. When the secondary PRE comes up and it now the new primary PRE, all tunnel interfaces are down. The line is up but the protocol is down. Because CEF is disabled and not running, the tunnels do not function and no routing can occur.
Workaround: Enable CEF on the primary PRE and enter the shutdown command followed by the no shutdown command on the affected interfaces. Doing so enabled the TE tunnels to come up.
•
Symptoms: MPLS TE tunnel counters are inaccurate; the MPLS TE tunnel output rate counters may exceed the physical interface capabilities that the tunnel uses.
Conditions: This symptom is seen on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S5 with an Engine 4 line card. This symptom may be observed by issuing the following commands in the following order:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: For MVPN traffic, multicast traffic streams are punted from the PXF to the RP. Normally, PXF does this when a new stream needs to be created. However in this case, PXF behaves as if the streams are not present even if the required (S,G)/(*,G) states exist.
Conditions: This symptom is observed on a Cisco 10000 series when the VRF index of the VPN is higher than 255. This occurs when 255 or more VRFs are configured or when some VRFs are created and deleted many times. You can determine the VRF index by entering the show ip vrf detail command.
Workaround: There is no workaround.
•
Symptoms: IPv4 multicast traffic may stop being forwarded when NetFlow is configured on an Engine 4+ interface.
Conditions: This symptom is observed on a Cisco 12000 series that runs the Cisco IOS Release 12.0 S when a (*,G) entry is used to forward IPv4 multicast traffic instead of a (S,G) entry.
Workaround: There is no workaround.
•
Symptoms: CEF may become disabled on a VIP, port adapter, module, or line card because of a fatal error, and the following error message may be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 2: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed after an RPR+ switchover.
Workaround: There is no workaround.
•
Symptoms: MPLS IAS traffic may be punted the CPU of an Engine 2 line card.
Condition: This symptom is observed when an egress interface is flapped and the ingress POS-channeling interface is shut down in a topology in which the ingress POS-channeling interface connects to an ASBR that connect to the egress POS interface.
Workaround: There is no workaround.
•
Symptoms: A VIP4-80 may crash when you enter the police command for a policy map that is applied to an ATM subinterface PVC in the input direction.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(27)S.
Workaround: Do not enter the police command for a policy map that is applied to an ATM subinterface PVC.
•
Symptoms: The packet queue size on an MLP bundle may be larger than necessary, which may manifest as two separate symptoms:
- The scalability during configuration of multiple MLPPP interfaces is reduced because the router may run out of resources to allocate the packet queues.
- The effect of congestion may be more severe as traffic that should have been dropped due to the queue overflow will not be dropped.
Conditions: This happens after the reload of a Cisco 10000 series with a policy map attached to an MLP interface or when more links are added to an MLP interface.
Workaround: After any MLP bundle change (either by configuration, bootup, or link failure) delete and reattach the service policy to the interface.
•
Symptoms: The priority traffic on an MLP interface may exceed the configured bandwidth limits.
Conditions: This symptom is observed on a Cisco 10000 series when new links are added to an MLP interface that already has a policy map with a priority class attached. The link addition may happen as result of a system bootup or a link flap, or a user may add more links to the bundle by configuration.
Workaround: Once the interfaces that are associated with the MLP bundle are up, remove and reattach the service policy to the MLP bundle. If links associated with the bundle flap, the policy may have to be removed and reattached again.
•
Symptoms: A transient error may occur on a Cisco 12000 series line card during a network routing change. here is a chance that other line cards in the system will stop transmitting or receiving routing protocol updates and traffic, causing traffic to be blackholed.
Conditions: This symptom is observed in an MPLS-VPN network. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCeb58214. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Enter the microcode reload command on any line card that stops receiving traffic or routing protocol adjacencies from its neighbors.
•
Symptoms: High CPU utilization may occur on a Cisco 12000 series line cards due to the CEF scanner process.
Conditions: This problem is seen when a large number of VPN routes are present on the router.
Workaround: There is no workaround. However, the symptom does not seem to affect the convergence time or performance of the router.
•
Symptoms: Traffic is sent using the "net ctrl" queue on the egress interface.
Conditions: This problem occurs on a Cisco 10720 router when IPv6 high-priority traffic (110 or 111 in the first 3 bits of the IPv6 traffic class) is forwarded.
Workaround: There is no workaround.
•
Symptoms: Traffic forwarding problems may occur when sending MVPN traffic from multiple sources to the same group.
Conditions: This symptom is observed on a Cisco 12000 series that functions as an MVPN decapsulation PE router with an Engine 3 line card that forwards multicast packets on an VRF interface.
Workaround: To ensure that no collisions occur on the VRF interface, configure hardware multicast on the Engine 3 line card by entering the hw-module slot number ip multicast hw-accelerate source-table size x offset y command.
•
Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).
Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.
Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.
•
Symptoms: A controller of an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) may fail to come up after the router has booted up.
Conditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8TE1+. The symptom is platform independent and port adapter dependent.
Workaround: Enter the shutdown controller configuration command followed the no shutdown controller configuration command on the affected controller.
Alternate Workaround: Enter the clear counters user EXEC or privileged EXEC command on the affected interface of the PA-MC-8TE1+.
•
Symptoms: When flaps occur on an Inverse Multiplexing over ATM (IMA) group interface on which the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS: VC Mode feature is configured, input packets may be switched via Cisco Express Forwarding (CEF).
Conditions: This symptom is observed on a Cisco 7500 series that has an IMA group interface that is configured on a Versatile Interface Processor (VIP).
Workaround: Perform an online insertion and removal (OIR) of the VIP.
•
Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).
For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.
•
Symptoms: A line card reloads continuously after an OIR.
Conditions: This symptom is observed when the line card has MFR and a service policy configured.
Workaround: Remove the service policy before performing an OIR.
•
Symptoms: A FlexWAN, enhanced FlexWAN, or Versatile Interface Processor that has a PA-MC-E3 or PA-MC-T3 installed may crash.
Conditions: This symptom is observed under rare conditions in a stress situation with dFLI and dCRTP configured.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 series router, after a RPR, RPR-plus or SSO switchover, the router may display the following message:
%RSP-3-RESTART: cbus complexThis will be followed by the reload of all VIPS in the router and the following message:
HA-2-NO_QUIESCE: Slot <slot#> did not quiesce, it will be disabled and then reloaded.Conditions: This problem happens on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S and occurs after an RPR, RPR-plus, or SSO switchover. Similar symptoms can be observed if the service single-slot-reload-enable command is not configured on the router, but in this case, the cbus complex message will follow the "HA-2-NO_QUIESCE" error message.
Workaround: There is no workaround.
•
Symptoms: The line protocol on a T1 of a T3 controller in a PA-MC-2T3+ port adapter may stay in the down state even when looped.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: If you enter the shutdown command followed by the no shutdown command on an interface, traffic that congests the interface may cause the router to crash.
Conditions: This symptom is observed when a policy is attached to the interface.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly while you disable label distribution protocol (LDP) on an interface.
Conditions: This symptom is observed on a router that has several interfaces that are configured for LDP when you disable LDP on all interfaces and when there is still one open TCP connection that is passively used by LDP while you disable LDP on the last interface.
Workaround: There is no workaround.
•
Symptoms: Packet redirection to a cache may not occur even though Web Cache Communication Protocol (WCCP) is enabled and the cache farm has formed successfully. The symptom may be invisible to end users because packets (usually packets that are part of HTTP sessions) still flow successfully to and from their original destinations.
Conditions: This symptom is observed on a Cisco platform when both WCCP and Cisco Express Forwarding (CEF) are enabled.
Workaround: Disable CEF on all interfaces on which a WCCP redirect statement is configured.
•
Symptoms: A Cisco 7500 series router that is running 12.0S may drop traffic to a static route after a microcode reload. The symptom may also occur in other releases.
Conditions: Traffic loss will occur for static routes to /32 prefixes that are attached to an interface, that is, the ip route prefix mask interface-type interface-number command is enabled.
Workaround: Disable Cisco Express Forwarding (CEF) by entering the no ip cef command. Then, reenable CEF by entering the ip cef distributed command.
•
Symptoms: Failover boot commands from a slot to a disk results in an endless loop. If the router does not find the image in slot0, it will not be able to properly switch to the next image in disk1.
Conditions: This symptom occurs when slot0 holds a linear flash card and disk1 holds an ATA disk.
Workaround: While being in a loop on the console connection, press control plus return, type, and send a break until the loop stops.
•
Symptoms: During an SSO switchover, the newly active Route Processor (RP) may output the following error message:
%SCHED-7-WATCH: Attempt to monitor uninitialized watched queue (address 0).
-Process= "CEF LC IPC Background"This error is harmless, and no functional problem will occur when this error is received.
Conditions: This symptom occurs during an SSO switchover.
Workaround: There is no workaround.
•
Symptoms: A modified ATM VP tunnel is broken on SAR 1.3.2.10
Conditions: An ATM PVP tunnel must exist.
Workaround: This problem has two workarounds:
1. Before modifying the ATM VP tunnel, the main interface must be shut down.
2. Delete the existing ATM VP tunnel and all VCs for the VP, and create a new connection with new parameters.
•
Symptoms: On a Cisco 12000 ATM ISE line card, shaping resources may be used up after different policy-maps are attached and then removed from a VC many times.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Microcode reload the line card.
TCP/IP Host-Mode Services
•
Symptoms: The following error message may be displayed when a router receives a connection request on command-shell (TCP, 514) and Kerberos-shell (kshell) (TCP, 544) ports:
%RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 192.168.2.2Conditions: This symptom is observed on a Cisco router that has the remote shell (rsh) disabled.
Workaround: Filter the traffic that is destined for command-shell (TCP, 514) and Kerberos-shell (kshell) (TCP, 544) ports.
First, enter the show ip interface brief EXEC command to display the usability status of interfaces that are configured for IP. The output may look like the following:
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 172.16.1.1 YES NVRAM up up
Ethernet1/0 unassigned YES NVRAM administratively down down
Serial2/0 192.168.2.1 YES NVRAM up up
Serial3/0 192.168.3.1 YES NVRAM up up
Loopback0 10.1.1.1 YES NVRAM up upThen, create the following access control list (ACL) for the router and apply this ACL to all interfaces that are enabled with the ip access-group 177 in router configuration command:
access-list 177 deny tcp any host 172.16.1.1 eq 514
access-list 177 deny tcp any host 172.16.1.1 eq 544
access-list 177 deny tcp any host 192.168.2.1 eq 514
access-list 177 deny tcp any host 192.168.2.1 eq 544
access-list 177 deny tcp any host 192.168.3.1 eq 514
access-list 177 deny tcp any host 192.168.3.1 eq 544
access-list 177 deny tcp any host 10.1.1.1 eq 514
access-list 177 deny tcp any host 10.1.1.1 eq 544
access-list 177 permit ip any any•
Symptoms: A router may reload unexpectedly when a TCP watchdog timer expires.
Conditions: This symptom is observed when the router has hundreds of Border Gateway Protocol (BGP) peers.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: IP VRF interfaces that are configured Frame Relay may not work. That is, locally generated and forwarded packets that are received on these interfaces may not be processed correctly.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown command followed by the no shutdown command on the Frame Relay subinterfaces that have a VRF configured.
Resolved Caveats—Cisco IOS Release 12.0(26)S1
Cisco IOS Release 12.0(26)S1 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A Route Switch Processor (RSP) that is acting as a slave may have complete packet switching activity interrupted for several minutes. This situation may cause the RSP to permanently pause.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(12d).
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do drain on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: If a switch has the nvram:ifIndex-table file in the wrong format, there is a problem at bootup. The following message is printed when this problem exists:
SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE!Conditions: This problem is observed in Cisco IOS Release 12.1(13)EW and Release 12.1(19)EW.
Workaround: Do not create a file called ifIndex-table in NVRAM.
Note
•
Symptoms: A Cisco router or switch may reload when it attempts to read the ifIndex information from an NVRAM file during the bootup process.
Conditions: This symptom is observed when the NVRAM file is corrupt.
Workaround: Disable the ifIndex persistence.
•
Symptoms: You may not be able to copy an image to an Advanced Technology Attachment (ATA) disk.
Conditions: This symptom is observed on a Performance Route PRocessor (PRP) of a Cisco 12000 series Internet router.
Workaround: Replace the ATA disk.
•
Symptoms: A Cisco 7500 series router may not generate Simple Network Management Protocol (SNMP) ENVMIB traps during the online insertion and removal (OIR) of a power supply or fan module.
Conditions: These symptoms have been observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(24)S or a later release.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A cbus complex may be observed on a Cisco router when the following message appears on the serial interface:
%RSP-3-RESTART: interface Serial8/1/0/23:23, not transmittingConditions: This symptom is observed on a Cisco 7500 series router when Multilink PPP (MLP) is configured on the serial interface and distributed Cisco Express Forwarding (dCEF) switching is enabled.
Workaround: There is no workaround.
•
Symptoms: The ifInOctets counter and the ifHCInOctets high capacity (HC) counter for VLAN subinterfaces may increase by very large random values.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.0(25)S1 and is specific to the DEC21140 interface of the Cisco 7200 series.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may reload when you add Border Gateway Protocol (BGP) neighbor statements to the configuration.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S when BGP neighbors are added by using a script that adds the BGP neighbors at a much faster rate than manual addition, and when a large BGP table is already present on the router before the script adds the BGP neighbors.
Workaround: There is no workaround.
•
Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.
Conditions: This symptom is observed on a Cisco router that receives excessive multicast control traffic.
Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.
•
Symptoms: A redistributed static route may not be advertised to any Border Gateway Protocol (BGP) peer, even though the route is selected as the best path in the BGP table.
Conditions: This symptom is observed when the MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution feature is enabled and when the IP version 4 (IPv4) address family is missing from the running configuration.
Workaround: There is no workaround.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptoms: In rare situations, a User Datagram Protocol (UPD) Gigabit Route Processor (GRP) leader may bounce and cause problems when trying to converge other Border Gateway Protocol (BGP) peers.
Conditions: This symptom occurs rarely on a Cisco GRP.
Workaround: Enter the clear ip bgp * EXEC command to clear the symptom.
•
Symptoms: An IP packet that is sent with an invalid IP checksum may not be dropped.
Conditions: This symptom is observed if the IP checksum is calculated with a decreased time-to-live (TTL) value. For example, in the situation where the IP checksum must be 0x1134 with a TTL of 3, if the packet is sent with an IP checksum of 0x1234 that is calculated by using a TTL value of 2, the packet is not dropped. In all other cases, packets with incorrect checksums are dropped.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when the Designated Forwarder (DF) interface is changed to an interface that is already in the Outgoing Interface list (O-list).
Conditions: This symptom is observed on a Cisco router that is configured for multicast Bidirectional PIM (Bidir-PIM).
Workaround: There is no workaround.
•
Symptoms: A Cisco router or switch may reload unexpectedly when you enter the show ip igmp tracking detail EXEC command.
Conditions: This symptom is observed when the ip igmp explicit-tracking interface configuration command is enabled and the entries in the cache have expired.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate continual tracebacks when you perform an online insertion and removal (OIR) of a line card.
Conditions: This symptom is observed when Internet Group Management Protocol (IGMP) and IP Protocol Independent Multicast (PIM) are enabled.
Workaround: Before you perform the OIR, disable IP PIM.
•
Symptoms: A Cisco router running Multicast Source Discovery Protocol (MSDP) may reload when the show ip mdsp peer peer-address advertised-SAs user EXEC/privileged EXEC command is entered.
Conditions: These symptoms are only observed on a router that is running MSDP.
Workaround: 1) Enter the no ip domain-lookup command in global configuration mode. 2)If the ip host {name} {address1} global configuration command is configured, the host name should not be more than 36 characters.
•
Symptoms: A Cisco router may reload when you enter the exec slot X show ip hardware-cef command on a line card that uses hardware-based Cisco Express Forwarding (CEF) tables.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(26) with Border Gateway Protocol (BGP) enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that processes external link-state advertisements (LSAs) may generate spurious memory access tracebacks or reload unexpectedly.
Conditions: This symptom is observed on a Cisco router that runs Open Shortest Path First version 3 (OSPFv3).
Workaround: There is no workaround.
•
Symptoms: A retransmission counter may not be reset when a neighbor is terminated.
Conditions: This symptom is observed on a Cisco platform that is running Open Shortest Path First (OSPF) when the retransmission limit default (12 or 24) is added to the retransmission mechanism.
Workaround: Clear the OSPF process by entering the clear ip ospf process pid privileged EXEC command. Then, enter the limit retransmissions non-dc disable router configuration command.
•
Symptoms: When a path is added to or deleted from the transit area between two virtual link routers that function as endpoints, the routes that are learned from the network backbone may not be updated in the routing table.
Conditions: This symptom is observed when there are multiple equal-cost paths for virtual links in the transit area.
Workaround: After the path in transit area has changed, enter the clear ipv6 ospf force-spf privileged EXEC command on the virtual link router that functions as an endpoint and that is not part of the network backbone.
•
Symptoms: The Multiprotocol BGP (MBGP) feature does not function when a router is configured as a Border Gateway Protocol (BGP) route reflector.
Conditions: This symptom is observed when a BGP peer group has been enabled and then the MBGP feature is added.
Workaround: Reset the BGP peer group by removing the peer group configuration and adding it back.
•
Symptoms: A Cisco router may reload unexpectedly when you manually reload the router.
Conditions: This symptom is observed when the router is configured for Open Shortest Path First (OSPF).
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: When a router initiates the FTP control and data connections, the source address for each connection is different.
Conditions: This symptom does not exist if per-destination load balancing is used. Per-destination load balancing, however, causes some destinations to receive more traffic than others, which in turn causes some T1s to drop packets while others are hardly used. The ip ftp source-interface interface global configuration command affects only the control connection but not the data connection.
Workaround: Enter the no ip ftp passive global configuration command or avoid having FTP servers initiate connections to the routers.
•
Symptoms: A file that is copied from a remote server to the running configuration file using secure file transfer (SCP) may fail with an error 26 (internal error).
Conditions: This symptom is observed if the remote server is running the Linux operating system.
Workaround: Use another file transfer method (for example, FTP).
•
Symptoms: A 4-port OC-3 Packet-over-SONET (POS) Engine 0 line card that is installed in slot 14 of a Cisco 12416 may reload because of a bus error. In the output of the show context all EXEC command, the value of the badVaddr field is 0x14.
Conditions: This symptom is observed on a Cisco 12416 that runs Cisco IOS Release 12.0(21)S1, Release 12.0(23)S2, or Release 12.0(23)S3. More 12.0 S releases may be affected.
Workaround: There is no workaround.
•
Symptoms: Pings that have designated forwarder (DF) bits set and packet sizes greater than 1496 bytes are dropped.
Conditions: This symptom is observed only on single-hop Multiprotocol Label Switching (MPLS) traffic-engineered (TE) tunnels.
Workaround: There is no workaround.
•
Symptoms: When creating IP version 6 (IPv6) access control lists (ACLs), the following message is displayed several times:
%Access list already exists with these parametersIn some cases, looking at the ACL indicates unwanted commands that are added, such as the following:
permit ipv6 any any sequence 20
deny 0 any any sequence 30These statements cannot be removed from the ACL. In other cases, lines of the ACL are modified. If a remark is added to the ACL once, then it will be repeated in ACL several times.
Conditions: These symptoms are observed in Cisco IOS releases from Cisco IOS Release 12.0(23)S to Cisco IOS Release 12.0(26)S. The symptoms are seen only when the router has dual gigabit route processors (GRPs) installed and with different redundancy modes configured.
Workaround: There is no workaround.
•
Symptoms: After a few weeks of normal operation, the interface on a Cisco PA- MC-8E1 begins flapping and finally pauses with the output queue stuck as follows:
Serial/1:1 is up, line protocol is up
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (120 sec)
Last input 00:00:03, output 04:14:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952
Queueing strategy: weighted fair
Output queue: 30/4000/64/21855 (size/max total/threshold/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
43903807 packets input, 3646461183 bytes, 0 no buffer
Received 0 broadcasts, 321 runts, 0 giants, 0 throttles
5160 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored, 2945 abort
42026998 packets output, 2185017012 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
31 carrier transitions
no alarm present
Timeslot(s) Used:1-31, subrate: 64Kb/s, transmit delay is 0 flagsThe following traceback is observed in the log:
%LINK-4-TOOBIG: Interface Serial60:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55EC %LINK-4-TOOBIG: Interface Serial20:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55ECConditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8E1 interface.
Workaround: There is no workaround.
•
Symptoms: A DPT-OC-12 port adapter (PA-SRP) may stop transmitting packets.
Conditions: This symptom is observed on a Cisco uBR7200 series when a packet that is smaller than 8 bytes is transmitted on the PA-SRP.
Workaround: Perform an online insertion and removal (OIR) of the PA-SRP.
•
Symptoms: A QOC-12 IP Services Engine (ISE) ATM line card may fail if it is used as a customer edge (CE) router in a Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S4.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may pause indefinitely in the "cold" state.
Conditions: This symptom is observed when the redundancy mode is changed from the Stateful Switchover (SSO) mode to the Route Processor Redundancy Plus (RPR+) mode on a Cisco 12000 series.
Workaround: Reload the Cisco 12000 series.
•
Symptoms: A FlexWAN module that is configured with a 1-port multichannel STM-1 port adapter (PA-MC-STM1) may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7600 series when you apply Class-Based Weighted Fair Queueing (CBWFQ) on the PA-MC-STM-1 to a Multilink PPP (MLP) bundle that has E1 channels.
Workaround: There is no workaround.
•
Symptoms: When a Tributary Unit Alarm Indication Signal (TU-AIS) is inserted for an Engine 1 (E1) tributary on a channelized Synchronous Transport Module level 1 port adapter (PA-ChSTM1) on an SPE3, packet corruption occurs on the adjacent E1.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A Flash Advanced Technology Attachment (ATA)-disk card may become corrupted because of simultaneous accesses to the card. The corruption may not be immediately obvious. Signs of corruption are:
–
–
Conditions: This symptom is observed when you enter the show file system EXEC command while a file is being written to the ATA-disk card or when you enter the dir filesystem: EXEC command while a file is being written to the same device as the target of the dir filesystem: EXEC command.
Workaround: Avoid using any commands that access the ATA-disk card while a file is being written to the ATA-disk card.
•
Symptoms: Traffic may be blocked when Distributed Multilink Frame Relay (DMFR) is configured.
Conditions: This symptom is observed when the traffic is switched from the input interface by using fast switching rather than Cisco Express Forwarding (CEF).
Workaround: Configure CEF or distributed CEF (dCEF) on the input interface.
•
Symptoms: A standby Gigabit Route Processor (GRP) that runs Cisco IOS Release 12.0(26)S may reload after a Stateful Switchover (SSO) to bring up the standby GRP has occurred.
Conditions: This symptom is observed on a Cisco 12000 series in which a 4-port Gigabit Ethernet IP Services Engine (ISE) line card is installed that is configured for IP version 6 (IPv6) multicast and that has 1000 subinterfaces, each configured to forward traffic to a different IPv6 multicast group.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Packet-over-SONET (POS) IP Services Engine (ISE) line card may reload repeatedly and generate the following error messages:
%GRP-4-RSTSLOT: Resetting the card in the slot: 5,Event: linecard error report %FM-2-BAD_TLV: Error in internal messaging - bad tlv 0 %LCINFO-3-CRASH: Line card in slot 5 crashedConditions: This symptom may be observed on a Cisco 12000 series when all of the following conditions are present:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: After a router reloads, a ping to the Hot Standby Router Protocol (HSRP) IP interface does not go through.
Conditions: This symptom is observed on a Cisco 10000 series that has HSRP configured on the subinterface of the line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the active interface.
•
Symptoms: An Any Transport over Multiprotocol Label Switching (AToM) virtual circuit (VC) may become stuck and not respond to changes in the state of its attachment circuit.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series or Cisco 7600 series that is configured for Ethernet over MPLS (EoMPLS) in VLAN mode.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Frame Relay (FR) virtual circuit (VC) may not come up when it is configured as a cross-connect over a Multiprotocol Label Switching (MPLS) core.
Conditions: This symptom is observed on a Cisco 7500 series that functions as a provider edge (PE) router and that provides an FR connection by way of an Any Transport over Multiprotocol Label Switching (AToM) tunnel over a core interface which is configured to use Route Switch Processor (RSP)-based Weighted Fair Queuing (WFQ).
Workaround: Configure Versatile Interface Processor (VIP)-based queuing on the core facing interface.
•
Symptoms: Several Synchronous Digital Hierarchy (SDH) alarms and statistics do not function correctly for SDH channelizations when using 1-channel OC-12 or 4-channel STM-1 line cards on a Cisco 10000 series router. These alarms and statistics are as follows:
–
–
–
–
Conditions: These conditions are observed on a Cisco 10000 series that is running Cisco IOS Release 12.0 S or Release 12.2BX.
Workaround: There is no workaround.
•
Symptoms: A virtual circuit (VC) that controls tag switching may pause indefinitely.
Conditions: This symptom is observed on a Cisco 7500 series when you repeatedly perform a manual redundancy switchover.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface on which the affected VC is configured.
•
Symptoms: An IP packet with multiple fragments sent through a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S, Release 12.0(24)S, Release 12.0(25)S, or Release 12.0(26)S may drop small fragments of the packet when Multiprotocol Label Switching (MPLS) label disposition takes place, which exposes the underlying IP packet.
Conditions: The egress line card must be an Engine 4+ variant for this symptom to occur, and the fragment must have the MF bit set with an IP payload of 8, 16 or 24 bytes.
Workaround: Configure an explicit null label for the prefix, which creates a TAG to TAG switching path instead of a TAG to IP switching path.
•
Symptoms: Ingress 6PE packets that arrive at the destinated provider edge (PE) router are handled in the slow path on the ingress line card. The only exception to this behavior is when the ingress line card is an Internet Services Engine (ISE) line card, and then 6PE packets are handled in the fast path.
Conditions: This symptom is observed on all Cisco 12000 series Engine 2, Engine 4 and Engine 4+ line cards and all gsr images of Cisco IOS software.
Workaround: Replace the ingress line card with an ISE-type line card when the interface speed is less than or equal to 2.5 Gbps on the interface.
•
Symptoms: After a Stateful Switchover (SSO) has occurred, line cards may pause indefinitely in the "waittry" state because the fabric does not recover from a reconfiguration attempt by the fabric error handler.
Conditions: This symptom is observed on a Cisco 12000 series when you configure a fault manager applet with a pattern that triggers a switchover after the primary Clock Scheduler Card (CSC) has been shut down.
Workaround: There is no workaround.
•
Symptoms: A Flash-disk timeout error such as the "ATA_Status time out waiting for 1" error may occur.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S and that is configured with an Advanced Technology Attachment (ATA) Flash disk.
Workaround: To restore proper disk function, remove and reinsert the disk.
•
Symptoms: An Engine 4 (E4) or Engine 4+ (E4+) line card may reset with an MCC192-3-CPUIF error message.
Conditions: This symptom is observed on E4 and E4+ line cards if there is a certain amount of traffic and the egress interface flaps.
Workaround: There is no workaround.
•
Symptoms: The line protocol on an Engine 4 line card may go down.
Conditions: This symptom is observed on a Cisco 12000 series that switches Multiprotocol Label Switching (MPLS) traffic when both of the following events occur multiple times:
–
–
Workaround: Reload the line card.
•
Symptoms: The neighbor ip-address send-label address family configuration command may not function properly for an IP version 6 (IPv6) Border Gateway Control (BGP) neighbor that is part of a BGP peer group in an IPv6 address family; the functionality of the send-label keyword may not be advertised to the peers.
Conditions: This symptom is observed when you use BGP peer groups with a provider edge (PE) router that is running IPv6 in a Multiprotocol Label Switching (MPLS) environment (referred to as a 6PE router).
Workaround: Enter the neighbor ip-address send-label address family configuration command for the IPv6 BGP neighbor before you make the IPv6 BGP neighbor part of the BGP peer group in the IPv6 address family.
•
Symptoms: Cisco Express Forwarding (CEF) interface tables may become corrupted on a Cisco 12000 series line card, causing traffic to be dropped and the following error message to be logged by the affected line card:
%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(1)This situation may cause some or all of the CEF interface information to be removed from the affected line card, which you can verify in the output of the show cef interface EXEC command for the affected line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S when a series of clear cef linecard EXEC commands are executed in quick succession.
Workaround: Enter the clear cef linecard EXEC command just once for the affected line card.
•
Symptoms: A label may not be assigned for a peer provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7500 series and a Cisco 12000 series in a Virtual Private Network (VPN) configuration with multiple route reflectors (RRs) and label controlled ATM (LC-ATM) links between PE routers. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: A 1-port OC-12 ATM line card may reset after the Forwarding Information Base (FIB) is disabled because of interprocess communications (IPC) failures, as is shown by the following error messages:
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%FIB-3-FIBDISABLE: Fatal error, slot 6: IPC Failure: timeout %GRP-4-RSTSLOT: Resetting the card in the slot: 6,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE
%GRP-3-BAD_STATE: Slot:6 State:In Reset -Traceback= 18BA90 3BC3E4 305DA4 3067C4 306850 306FA8 3070C0Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards:
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the "SNMP Engine" process, which can be verified in the output of the show processes memory | SNMP ENGINE privileged EXEC command.
Conditions: This symptom is observed in Cisco IOS Release 12.0(26)S and Release 12.2(18)S when you enter the snmpget command for the MPLS-LSR-MIB MIB.
Workaround: There is no workaround.
•
Symptoms: A Catalyst 6000 series Supervisor 2 may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when access control list (ACL) counters are sent from a line card to the Route Processor (RP) and when the ACL number is in the expanded range (that is, from 1300 to 1999 or from 2000 to 2699).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Route Processor (RP) that is configured with a large number of subinterfaces (150 IP connections and 1800 Layer 2 connections) may reset shortly after bootup.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S. The cause of the symptom is not know at this time, but may be related to entering a series of system commands.
Workaround: There is no workaround.
•
Symptoms: A line card does not forward IP version 6 (IPv6) multicast traffic.
Conditions: This symptom is observed on an Engine 2 Dynamic Packet Transport (DPT) line card.
Workaround: There is no workaround.
•
Symptoms: Traffic does not pass through Multiprotocol Label Switching (MPLS) static crossconnects on an ATM line card after either the line card is reloaded or the router is reloaded.
Conditions: This symptom occurs with MPLS static crossconnects when the output interface is in any ATM line card in a Cisco 12000 series. When an MPLS crossconnect is configured to go out of the ATM interface on the Cisco 12000 series and traffic is sent across, the symptom is not observed. If the line card is reloaded, traffic never resumes. If the router is reloaded (after saving the configuration), traffic may or may not flow depending on the order in which the line cards come up.
Workaround: To resume the traffic, enter the clear cef line EXEC command.
•
Symptoms: When you enter the sdcc enable global configuration command, a traceback may be displayed.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 Dynamic Packet Transport (DPT) line card or with both a 1-port OC-48 DPT line card and a 4-port OC-48 DPT line card.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), the Label Distribution Protocol (LDP) peer address table may become corrupted and cause the router to reload.
Conditions: This symptom may be observed in situations where three or more routers have advertised the same IP address in LDP address messages. This normally happens when routers have been misconfigured but in very rare circumstances may be done deliberately.
The circumstance can be recognized by the presence of the following error message:
%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0If only one such message is seen for a given IP address у10.0.0.1 in the above example, then only two routers have advertised the IP address, and only the second is being treated as a duplicate. At least one more such message should be seen if at least three routers have advertised the IP address in question.
Workaround: The symptom does not occur in typical configurations because duplicate addresses are not configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, there is no workaround.
•
Symptoms: Inbound IP version 6 (IPv6) traffic may be dropped.
Conditions: This symptom is observed when you configure an IPv6 prefix on the main interface of a dot1q trunk.
Workaround: Enter the ipv6 enable interface configuration command on the subinterfaces of the dot1q trunk.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A port mode Layer 2 Tunneling Protocol version 3 (L2TPv3) fails to decapsulate the inbound packets.
Conditions: This symptom is observed on a Cisco 12000 series that has a 3-port Gigabit Ethernet (GE) line card and has enabled the L2TPv3 feature.
Workaround: There is no workaround.
•
Symptoms: Under certain conditions, for example Stateful Switchover (SSO) or entering the clear cef linecard EXEC command, the Engine 3 line cards in a router reload with error messages related to ALPHA errors in the table look-up (TLU) stage. The following strings in the error message will be seen:
"%EE48-3-ALPHAPAIR: RX ALPHA: TLU PAIR registers"Conditions: This symptom occurs only when there are load balance paths for Multiprotocol Label Switching (MPLS) traffic, and some route changes occur.
Workaround: Ensure that there are no loadbalance paths.
•
Symptoms: A Cisco router that has Parallel Express Forwarding (PXF) enabled does not function after it reloads.
Conditions: This symptom is observed on a Cisco 10720 that has PXF enabled and that applies the weighted random early detection (WRED) configuration to multiple interfaces.
Workaround: Remove the WRED configuration on the interfaces.
•
Symptoms: A memory allocation failure may occur on compiled access control list (ACL) tables. There may be continued attempts to recompile the ACLs that fail.
Conditions: This symptom is observed when compiled ACLs are enabled by entering the access-list compiled global configuration command, and the total number of ACL entries is relatively large (over 1500 lines). Random or constantly changing traffic patterns may cause the compiled ACL tables to grow to the point at which memory fragmentation causes the memory allocation failure.
Workaround: Disable and then reenable the compiled ACLs by entering the no access-list compiled global configuration command followed by the access-list compiled global configuration command.
Alternate Workaround: Completely disable the compiled ACLs.
Second Alternate Workaround: ACLs may sometimes be rearranged to make the list shorter or less complex. This will reduce the memory requirements. Large ACLs used for Border Gateway Protocol (BGP) route prefixes may be converted to use a prefix list configuration instead.
•
Symptoms: A Route Switch Processor 4 Plus (RSP4+) may reload.
Conditions: This symptom is observed on a Cisco 7500 series when you configure the interface loopback interface-number interface configuration command on an interface of the router and the value of the interface-number argument is a 9-digit number that starts with 10.
Workaround: If possible, use another range of numbers for the numbers that are assigned to the loopback interfaces, that is, a range of numbers that do not start with 10.
•
Symptoms: The following error message may be displayed on the console of a Route Switch Processor (RSP):
%CBUS-3-CMDDROPPED: Cmd dropped,CCB 0xF800FFB0,slot 9, cmd code 24Conditions: This symptom is observed on a Cisco 7500 series when software compression is enabled on serial interfaces and dialer interfaces and when Cisco Express Forwarding (CEF) switching rather than distributed CEF (dCEF) switching is enabled. This situation causes software compression to occur on the RSP.
Because software compression is enabled on all the serial interfaces, the CPU utilization of the RSP becomes very high, causing commands to be dropped.
Workaround: Remove software compression from the serial interfaces.
•
Symptoms: Link bundling is not synchronized between primary and standby Route Processors (RPs).
Conditions: This symptom is observed on Cisco RPs with link bundling that is configured for High Availability (HA) and a switchover between the primary RP and standby RP occurs.
Workaround: Restore the link bundling configuration on the standby RP.
•
Symptoms: Pings that come from a standby Hot Standby Router Protocol (HSRP) or Virtual Router Redundancy Protocol (VRPP) router to an HSRP or VRRP virtual IP address fail when the port channel subinterface on a 10x1 Gigabit Ethernet (GE) line card is the active master interface in the HSRP or VRRP group.
Conditions: This symptom is observed on a Cisco 12000 series router with line card combinations of either a 10x1GE line card with a 4x1GE line card or a 10x1GE line card with a 10x1GE line card that is running Cisco IOS Release 12.0(26)S and that forms HSRP or VRRP groups that use port channel subinterfaces (VLANS).
Workaround: Configure the active or master HSRP or VRRP interface on a non-10x1 GE line card.
•
Symptoms: When a subinterface is configured with a subinterface number value larger than 65535, the protocol enabled on this subinterface may not be in the proper state for correct operation after the switchover.
Conditions: These symptoms have been observed on Cisco platforms with redundant Route Processors operating in stateful switchover (SSO) redundancy mode.
Workaround: Limit the subinterface number value to an integer less than 65535 while configuring subinterfaces.
•
Symptoms: Dynamic Host Configuration Protocol (DHCP) forwarding may not function on a 3-port Gigabit Ethernet (GE) line card of a Cisco 12000 series Internet router, but it does function on a Fast Ethernet (FE) line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router with a 3-port GE line card that is running Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: The internal committed access rate (iCAR) fails to take effect.
Conditions: This symptom is observed when a precedence-based access control list (ACL) rule for an index is configured more than once for different precedences because the old ACL rule is not removed after the new ACL rule is configured.
Workaround: Do not configure a precedence-based ACL rule for an index more than once.
Alternate Workaround: Remove the precedence-based ACL completely and reconfigure it.
•
Symptoms: When you configure unicast Reverse Path Forwarding (uRPF) on a 1-port OC-48 Packet-over-SONET (POS) Engine 2 line card while traffic is passing through the interface, traffic forwarding may stop.
Conditions: This symptom is observed on a Cisco 12416 that runs the gsr-p-mz image of Cisco IOS Release 12.0(23)S3, that is configured with three 1-port OC-48 POS Engine 2 line cards, and that is configured with three Border Gateway Protocol (BGP) peers.
Workaround: To restore traffic forwarding, reload the line card. To prevent the symptom from occurring, enter the shutdown interface configuration command on the interface before you configure uRPF. Then, enter the no shutdown interface configuration command on the interface.
Alternate Workaround: Ensure that uRPF is configured in the startup configuration file before you boot up the router.
•
Symptoms: A second Route Processor (RP) does not boot up when a switchover occurs from a primary router that has 1000 ATM permanent virtual circuits (PVCs) configured. The second router tries to boot up and then returns to rommon.
The following message appears on the second router (the new primary RP):
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8
%MBUS-6-MGMTSECRELOAD: Standby in slot 0 reloaded by operator command
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8Conditions: This symptom is observed on a Cisco router that is configured with 1000 ATM PVCs.
Workaround: There is no workaround. However, this symptom is not observed if you configure only 100 ATM PVCs.
•
Symptoms: A line card may reload when an uncompressed access control list (ACL) is applied to the line card. The following error message is displayed:
%FM-2-BAD_TLV: Error in internal messaging - bad tlv 0The line card recovers, attempts to apply the uncompressed ACL again, and then reloads again.
Conditions: This symptom is observed on a Cisco 12000 series router with the following configuration:
–
–
–
–
Workaround: Reenable the ACL merge function by entering the no hw-module slot slot-number tcam compile acl no-merge router configuration command.
•
Symptoms: If an access control list (ACL) is recompiled under heavy load conditions, CPUHOG messages may be generated.
Conditions: This symptom is observed when compiled ACLs are enabled by entering the access-list compiled global configuration command, and the total number of ACL entries is relatively large (over 1500 lines). Random or constantly changing traffic patterns may cause the CPUHOG messages. A side effect of this symptom is that not enough time is provided for other processes, and areas such as keepalives or Cisco Express Forwarding (CEF) management may be impacted.
Workaround: Disable and then reenable the compiled ACLs by entering the no access-list compiled global configuration command followed by the access-list compiled global configuration command.
Alternate Workaround: Disable the compiled ACLs completely.
•
Symptoms: On Packet-over-SONET (POS) Engine 2 line cards for a Cisco 12000 series router, IP2TAG traffic does not get rate limited by Per Interface Rate Control (PIRC).
Conditions: This symptom is observed when PIRC is enabled on ingress interface, Multiprotocol Label Switching (MPLS) is enabled on egress interface, and the IP destination is more than one hop away. This symptom is also observed on Engine 2 Gigabit Ethernet line cards.
Workaround: There is no workaround.
•
Symptoms: Multicast packets are not correctly classified by input Quality of Service (QOS)., which causes police, set, and other QoS actions to fail on the multicast packets.
Conditions: These symptoms are observed when QoS is configured on an interface.
Workaround: There is no workaround.
•
Symptoms: IP version 6 (IPv6) and IP version 4 (IPv4) connectivity may be lost on an Engine 3 (E3) line card when IPv6 multicast or IPv6 unicast is enabled globally on the router.
Conditions: This symptom is observed when IPv6 multicast or IPv6 unicast is globally configured on the same router with IPv4.
Workaround: Remove the IPv6 multicast or IPv6 unicast global configuration, and reload the E3 line cards.
Alternate Workaround: Remove the IPv4 access control lists (ACLs) and reload the E3 line cards.
•
Symptoms: A router reloads unexpectedly because of a bus error, which causes a failover to the redundant PRE.
Conditions: These symptoms have been observed on a Cisco router that is running Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround at the current time.
•
Symptoms: A Cisco router that is running IP over Multiprotocol Label Switching (MPLS) may reload when the Label Distribution Protocol (LDP) responds to the creation of a new session.
Conditions: This symptom is observed when the router is operating under extremely stressful conditions that cause the CPU utilization to be close to 100 percent. This situation rarely occurs.
Workaround: There is no workaround.
•
Symptoms: Two channel group interfaces on a 1-port multichannel STM-1 port adapter (PA-MC-STM-1) may receive the same ifIndex. This can be observed in the following command output:
show snmp mib ifmib ifindex serial X/X/X:0 Interface = SerialX/X/X:0, Ifindex = 496
show snmp mib ifmib ifindex serial Y/Y/Y:0 Interface = SerialY/Y/Y:0, Ifindex = 496Conditions: This symptom is observed when some of the E1 interfaces are deleted and recreated.
Workaround: Do not delete any of the E1 interfaces.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN), if a router receives an MPLS packet with an IP version 4 (IPv4) option underneath, and the MPLS packets have two or more labels, when the router tries to untag all labels, Parallel Express Forwarding (PXF) stops.
Conditions: This symptom is observed on a Cisco 10720 router that acts as an MPLS VPN provider edge (PE) router.
Workaround: There is no workaround. The symptom has not been observed in a basic MPLS network without VPN (this means there is only one label).
•
Symptoms: A ping to the Hot Standby Router Protocol (HSRP) normal IP address may not function even though the interface is in the UP/UP state and receives traffic. This results in HSRP being active on both the main and standby router as hellos are not received.
Conditions: This symptom is observed on one port of a 4-port Gigabit Ethernet (GE) port adapter.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload when you enter the show pas i82543 interface gigabitEthernet interface number mta privileged EXEC command.
Conditions: This symptom is observed on A Cisco 7200 series that is configured with a Network Processing Engine G-1 (NPE-G1).
Workaround: There is no workaround.
•
Symptoms: When the ROM of an active Performance Route Processor (PRP) is upgraded, the PRP may pause indefinitely. When the ROM of the standby PRP is upgraded, the upgrade may cause an exception and the standby PRP may reload.
Conditions: These symptoms have been observed when ROM upgrades are performed, and the up all all or up rom slot-number commands are configured on the active and standby PRPs.
Workaround: There is no workaround.
•
Symptoms: Ingress IP version 4 (IPv4) packets on a 1xOC48 Packet-over-SONET (POS) Engine 2 line card get punted to the CPU of the line card.
Conditions: This symptom is observed on a Cisco 12410 Internet router. The router contains two 1x Gigabit Ethernet (GE) line cards, five 1xOC48 line cards, and dual Gigabit Route Processors (GRPs) that are running in Stateful Switchover (SSO) mode. The router is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S2.
Workaround: There is no workaround
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 12000 series that is configured as a Multiprotocol Label Switching (MPLS) provider edge (PE) router that is running Cisco IOS Release 12.0(25)S1.
Workaround: Use the hw-module slot x reload privileged EXEC command.
•
Symptoms: Many tracebacks are observed on a Cisco router that is running the gsr-p-mz image of Cisco IOS Release 12.0(26) S.
Conditions: This symptom is observed on a Cisco router that has Any Transport over MPLS (AToM) configured on the imposition side QOC-12 Engine 3 (E3) line card of the router.
Workaround: There is no workaround.
•
Symptoms: A port on an OC-3 ATM line card may display an LCD alarm when the router reloads. This alarm may bring down the controller and interface. The far end functions properly but is unable to pass traffic because of the downed interface
Conditions: These symptoms are observed only when the router reloads but the symptoms do not occur with every reload.
Workaround: Perform the following steps:
1. Put the port into a diagnostic serial loopback.
2. Remove the diagnostic serial loopback.
For example:
conf tint atm7/0/0loopback diagnostic serialendconf tint atm7/0/0no loopback diagnostic serialend•
Symptoms: A Cisco 7500 series may reload when one of the physical multilink member interfaces is shut down while traffic passes through the interface of the multilink member.
Conditions: This symptom is observed on a Cisco 7500 series and is specific to configuring tag switching (and not VPN routing/forwarding [VRF] forwarding) on a multilink interface that is based on Versatile Interface Processor (VIP) channels or serial interfaces in the distributed mode (for example, the symptom may occur only if a P-provider edge [PE] link is implemented over the multilink interface).
Workaround: Shut down the Multilink PPP (MLP) interface first, and then shut down the MLP physical subinterface as needed.
•
Symptoms: There is a significant performance impact when an Engine 3 (E3) 1xOC48 card is the ingress line card and an Engine 4+ 4xOC48 POS card is the egress line card. Traffic throughput may be reduced.
Conditions: This symptom is observed on a Cisco router when the ingress line card is an E3 1xOC48 line card with an IP link enabled and when the egress line card is an E4+ 4xOC48 POS line card with Multiprotocol Label Switching (MPLS) configured.
Workaround: There is no workaround.
•
Symptoms: The standby Route Processor (RP) of a dual-RP Cisco 12000 series router may get stuck in start standby (STRTSTBY) mode.
Conditions: This symptom usually occurs after multiple switchovers and is not always reproducible. Traffic is not affected because the primary RP is always UP.
Workaround: Reload the standby RP.
•
Symptoms: A Cisco router that is in the process of setting up a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel may reload unexpectedly because of a bus error.
Conditions: This symptom is observed under unusual circumstances when the following series of events occur:
–
–
mpls traffic-eng attribute-flags attributes
mpls traffic-eng administrative-weight weight
mpls traffic-eng flooding thresholds
–
Workaround: Before you enter any of the above-mentioned MPLS TE interface configuration commands on the interface, ensure that MPLS TE tunnels are enabled on the interface by entering the mpls traffic-eng tunnels interface configuration command. Before you disable MPLS TE tunnels on the interface by entering the no mpls traffic-eng tunnels interface configuration command, ensure that any of the above-mentioned MPLS TE interface configuration commands are removed from the interface.
•
Symptoms: A router may reload when there is an active intercept and a Performance Routing Engine (PRE) cutover occurs.
Conditions: This symptom is observed on a Cisco 10000 series that is running the c10k-u2p10-mz image of Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with a Multilink PPP (MLP) interface, the available processor memory may decrease rapidly because of a memory leak.
Conditions: This symptom is observed when the MLP interface flaps repeatedly.
Workaround: There is no workaround. You must resolve the cause of the flapping MPL interface.
•
Symptoms: A Cisco 7200VXR router generates a traceback that points to memory depletion after the Cisco IOS software loads on the router.
Conditions: This symptom is observed on a Cisco 7200VXR that is configured with Multiprotocol internal Border Gateway Protocol (MP-iBGP) to create Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) sessions. After a few minutes, tracebacks are generated and I/O memory is depleted.
Workaround: There is no workaround.
•
Symptoms: If traffic passes on multiple ports of an 8-port Fast Ethernet (FE) card and the shutdown interface configuration command is entered on one of the traffic-flowing ports, all the other ports stop passing traffic.
Conditions: This symptom is observed on a Cisco 10000 series with an 8-port Fast Ethernet (FE) card that is running a Performance Routing Engine 1 (PRE1) image of Cisco IOS Release 12.0(23)S4. There is no special configuration required to experience this symptom. Ports that pass traffic with a basic default configuration will experience the symptom.
Workaround: Enter the no shutdown interface configuration command to free the other ports. Do not shut down any port on an 8-port Half Height (HH) FE line card until a fix is available.
•
Symptoms: The output from the show interfaces gige stats EXEC command may incorrectly display a large value.
Conditions: This symptom is observed on a Gigabit Ethernet (GE) interface in a PPP over Ethernet (PPPoE) environment.
Workaround: There is no workaround.
•
Symptoms: When you enter the send break command on the active CPU and keep the active CPU in the ROM monitor (ROMmon) mode for a long time, the standby CPU may reload because of a bus error exception.
Conditions: This symptom is observed on a Cisco ONS 15540.
Workaround: There is no workaround.
•
Symptoms: After the redundancy force-switchover privileged EXEC command is entered on a Cisco router, a Versatile Interface Processor (VIP) may reload when the router returns to the Stateful Switchover (SSO) mode.
Conditions: This symptom is observed on a Cisco 7500 series that is running the rsp-pv-mz image of Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: The following error may cause a Cisco 10000 series to reload:
%ERR-1-GT64120 (PCI-0): Fatal error, Memory parity error (external)Conditions: This symptom is observed on a Cisco 10000 series when a single bit Error-Correcting Code (ECC) error is detected in the Synchronous Dynamic RAM (SDRAM).
Workaround: There is no workaround.
•
Symptoms: The modular QoS CLI (MQC) counter output information from the show policy-map interface-name EXEC command displays incorrect information about the conformed rate and the offered rate.
Conditions: This symptom is observed on a Cisco 12000 series with a Frame Relay (FR) subinterface on an IP Services Engine (ISE)-based line card.
Workaround: There is no workaround.
•
Symptoms: Certain types of output traffic on a bridged ATM permanent virtual circuit (PVC) may stop if an output service policy is applied on the PVC.
Conditions: This symptom is observed on a Cisco 12000 series with a 4xOC-12 IP Services Engine (ISE) ATM card when an output service policy is applied on the bridged PVC with VPN routing/forwarding (VRF). Except for the traffic that originates from the Route Processor (RP), any other traffic that is processed by the line card does not go through.
Workaround: Traffic will gradually resume on the interface if you enter the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: An Engine 4+ (E4+) Gigabit Ethernet (GE) line card in a Cisco 12000 series that is running Cisco IOS Release 12.0(26)S may reload and display the following error message:
%MCC192-3-CPUIF_ERR: Underrun Error: Read Pointer crosses Write Pointer.Conditions: This symptom occurs when the line card receives a bad IP packet whose actual length is smaller than what the IP header indicates.
Workaround: There is no workaround.
•
Symptoms: A line card may reload when the priority configuration is removed from a service policy.
Conditions: This symptom is observed on the serial interface of a Cisco router that has Frame Relay encapsulation configured.
Workaround: There is no workaround.
•
Symptoms: The following symptoms occur with a traceroute from a remote Customer Edge (CE) router to a local CE router with TTL set to expire at the Provider Edge (PE) router attached to the local CE.
–
–
Condition: These symptoms have been observed in an MPLS VPN environment, with a Cisco 12000 series Internet router running Cisco IOS Release 12.0(23)S4 used as the PE and a 3-Port Gigabit line card used as the MPLS and VPN interface.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) line card on a Cisco 12000 series Internet router running Cisco IOS Release 12.0(25)S1 or Release 12.0(24)S2 shows the following log messages that can lead to the line card being reset:
SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERRSS: RX ALPHA: ALPHA_CPU_IF100_INT error 1400 control FFFF03FF
SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERR: RX ALPHA: error: cpu int 1 mask 277FFFFF ...
SLOT 4:Sep 21 07:16:20: %LC-3-ERRRECOVER: Corrected a transient error on line card. ...
SLOT 4:Sep 21 07:16:40:: %EE48-3-ALPHAFLOW: rx alpha netflow: Out of order add-delete reportsConditions: These symptoms are observed only under a load when full (non-sampled) aggregated Netflow (ip route-cache flow) is configured on an ISE line card interface.
This problem is not seen with Cisco IOS Release 12.0(25)S, 12.0(25)S2, 12.0(24)S1, and 12.0(26)S. It has been observed with Cisco IOS Release 12.0(25)S1 and 12.0(24)S2.
Workaround: There is no workaround, except to remove full aggregated Netflow.
•
Symptoms: The standby Route Switch Processor (RSP) for a Cisco 7500 series may reload unexpectedly.
Conditions: This symptom is observed on an RSP for a Cisco 7500 series that has a LAN Extender (LEX) interface configured, and that has the Stateful Switchover (SSO) feature enabled.
Workaround: There is no workaround.
•
Symptoms: The OC192E/POS-VSR line card is reloaded with watchdog timeout (sig=23) by process = IPC Seat Manager on a Cisco 12416 router that is running Cisco IOS Release 12.0(23)S3. The log message displays the following:
SLOT 10:Sep 22 20:08:21.291: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3
SLOT 10:Sep 22 20:09:22.287: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3
SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.
-Traceback= 400EBCB4 400EF7F0 400E7534 405B620C 405B6438 40597C64 40558AD0 40559248 4011C728 405676F8 400C2874 400C286Conditions: This symptom occurs because of the watchdog timeout (sig=23) by process
= IPC Seat Manager in OC192E/POS-VSR line card.
SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.Workaround: There is no workaround. When this symptom occurs, the line card is automatically reloaded.
•
Symptoms: Traffic may converge in about 15 seconds instead of 10 seconds or less when a High Availability (HA) switchover occurs and the traffic continuously passes through.
Conditions: This symptom is observed on a Cisco 10000 series router that is configured with HA cutover convergence to use the Stateful Switchover (SSO) feature to switch over the traffic within 10 seconds.
Workaround: There is no workaround. Traffic is lost for an additional 5 seconds when hardware is upgraded and an HA switchover is issued.
•
Symptoms: The following symptoms are observed on a dual Route Switch Processor 8 (RSP8) router with a CT3 interface:
1.
2.
3.
Conditions: These symptoms are observed on a dual RSP8 with a CT3 interface that is configured for Stateful Switchover (SSO) and Nonstop Forwarding (NSF).
Workaround: There is no workaround.
•
Symptoms: In Layer 2 Tunneling Protocol version 3 (L2TPv3) hairpinning (local switching) configurations, matching the 802.1P values in an inbound class map does not function correctly.
Conditions: This symptom is observed on a Cisco 10720 Internet router that is running Cisco IOS Release 12.0(25) S or later releases, and only occurs when the L2TPv3 configuration uses hairpinning.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may not be affected by the configuration of a policy map.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(26)S and that has the Multicast Virtual Private Network (MVPN) hardware forwarding feature configured on an Engine 3 (E3) line card.
Workaround: Disable the MVPN hardware forwarding feature on the E3 line card.
•
Symptoms: Cisco Express Forwarding (CEF) may be in a line card (LC) wait state on a line card even though the line card is in the IOSRUN state.
Conditions: This symptom is observed on a Cisco 12000 series during an upgrade from Cisco IOS Release 12.0(25)S to Release 12.0(25)S1c. The symptom is not specific to any engine and Cisco IOS releases from Release 12.0(24)S forward are affected.
Workaround: Enter the hw-module slot x reload privileged EXEC command to reload the line card.
•
Symptoms: Fabric handling may fail because of unknown events.
%FABRIC-0-OPERATIONAL: Fabric handling failed: Unknown eventreceived by the fab process
%SCHED-3-THRASHING: Process thrashing on watched boolean 'FIA queyr'.
-Process= "Fabric", ipl= 6, pid= 11
-Traceback= 50235770 50235864 50407968 5021E644 5021E630Conditions: This symptom is observed on a Cisco 12410 series Internet router that has an 8xOC3 ATM Engine 3 line card and a 4xOC12 POS Engine 3 line card that is configured with 150 VPN routing/forwarding (VRF) interfaces. The router is running Cisco IOS Release 12.0(23)S4.
Workaround: There is no workaround.
•
Symptoms: Three-label MPLS packets and one-label MPLS packets impose to a 3- port Gigabit Ethernet (GE) line card at the same time.
Conditions: This symptom is observed on a 3-port GE line card. All three-label MPLS packets may be dropped on the GE in a Carrier Supporting Carrier (CSC) Inter-Autonomous System (InterAS) environment.
Workaround: There is no workaround.
•
Symptoms: A port may go down when a channel is disabled and then reenabled while traffic passes through the port. The port failure can affect any channel and may cause some packets to be dropped for the affected channel. Packets that are smaller than an arbitrary size are dropped, and packets that are larger than this arbitrary size are unaffected.
Conditions: This symptom is observed on the CH-E1T1 line card of a Cisco 10000 series. The shutdown command in both the controller and interface modes as well as explicit channel deconfiguration while traffic is passed through the channels being disabled may cause this symptom.
Workaround: There is no workaround.
•
Symptoms: "OSPF-4-ERRRCV" and "OSPF-4-BADLENGTH" error messages are observed, and a ping of the directly connected interface may experience 20 percent failure.
Conditions: These symptoms are observed when connecting an IP Services Engine (ISE) OC-48 line card to the router of another vendor at the far end. It is observed that after reloading the other router that the ISE OC-48 line card could be stuck in a bad state, which may cause corrupted packets.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ISE OC-48 interface.
•
Symptoms: When running in non-redundant PRE mode, after a crash, the line cards do not get reset. In rare cases, after Cisco IOS software reloads, there may be a mismatch between the Cisco IOS software and the line card so that the line card does not pass traffic.
Conditions: These symptoms have been observed after Cisco IOS is restarted after a crash when running in non-redundant PRE mode. Anything that goes through the formal reload path (with a single PRE1 in the system) will properly reset the line cards on the way down. This fix resets the cards on the way up as well in case they weren't reset on the way down.
Workaround: There is no workaround. However, after a Cisco IOS software crash, if a line card is not passing traffic, resetting the line card might fix the issue. A reload of the chassis will definitely fix the issue.
•
Symptoms: An Engine 2 (E2) line card may pause indefinitely after a Cisco router reloads.
Conditions: This symptom is observed when 400 Traffic Engineering (TE) tunnels are configured on the router.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Internet router may produce an error message like the following:
%E4LC-3-ERR_EVENT_WITH_ONE_ARG: GEN6_EXMEM_ALLOC:Invalid region handleThe router may reload with a software-forced reload and may display the following output on the console or in the crashinfo file:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CEF process.Conditions: This symptom is observed on a Cisco 12000 series Internet router with an Engine 4 (E4) line card. The router has several large Border Gateway Protocol (BGP) routing tables.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) line card displays continuous tracebacks and may reload after an error recovery is initiated.
Conditions: This symptom is observed on an E3 line card that is running Any Traffic over MPLS (AToM) and that acts as an imposition card whether on the physical layer interface module (PLIM) side or otherwise.
Workaround: Micro-reload the E3 line card.
•
Symptoms: In Stateful Switchover (SSO) mode, a standby Route Processor (RP) reloads when it is fully up.
Conditions: This symptom has been observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: A Reverse Path Forwarding (RPF) check should be disabled for bootp packets with the source IP address 0.0.0.0 and the destination IP address 255.255.255.255. However, PXF currently disables RPF checks for all packets with the source IP address 0.0.0.0.
Conditions: These symptoms have been observed on Cisco IOS Release 12.0(22)S and later.
Workaround: There is no workaround.
•
Symptoms: Parallel Express Forwarding (PXF) may stop.
Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(26)S and that has traffic engineering (TE) Fast Reroute (FRR) link protection when traffic flows through Ethernet over Multiprotocol Label Switching (EoMPLS) virtual circuits (VCs).
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may reload after you enter the hw-module standby reload command or the red force command.
Conditions: This symptom is observed on a standby RP with Stateful Switchover (SSO) provisioned after all links are removed from a given Multilink Frame Relay (MFR) bundle and the MFR interface is deleted on the active RP.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of an NVRAM corruption.
Conditions: This symptom is observed when NVRAM is accessed simultaneously by two processes, when one the processes has a file open, and when the second process attempts to open a nonexistent file. The error handling for the second process clears the global NVRAM pointer that is used by the first process. This situation is more likely to occur in a configuration with redundant Route Processors (RPs) but may also occur in a configuration with a single RP when two terminal windows are open.
Workaround: There is no workaround.
•
Symptoms: An Engine 4+ line card that performs Virtual Private Network (VPN) disposition may drop some VPN traffic toward the customer edge (CE) router when the number of Multiprotocol Label Switching (MPLS) VPN clients and prefixes is large.
Conditions: The symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: Packets that go to destinations learned by Border Gateway Protocol (BGP) may be dropped for up to 60 seconds or so as soon as the routes are installed. The packet loss occurs only for the first minute or so after the BGP session comes up. After that time period, packet forwarding functions correctly.
Conditions: This symptom is observed when all of the following conditions occur:
–
–
–
Workaround: Since the symptom is specific to PPP encapsulation, one way to avoid the symptom is to use another form of encapsulation (for example, High-Level Data Link Control [HDLC]).
•
Symptoms: An IP Services Engine (ISE) line card may reload if an IP version 6 (IPv6) access list is applied or removed on the interface of the card.
Conditions: This symptom is observed on an ISE line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The standby Route Processor may reload shortly after if boots up if the snmp-server packetsize byte-count global configuration command is included in the configuration.
Conditions: This symptom is observed on a standby RP if the packet size of the Simple Network Management Protocol (SNMP) server is included in the configuration of the router.
Workaround: Do not specify the packet size of the SNMP server in the configuration of the router.
•
Symptoms: A Multilink PPP (MLP) interface may flap after an image of Cisco IOS software that runs Stateful Switchover (SSO) is upgraded.
Conditions: This symptom is observed after a Route Switch Processor (RSP) switches over from a primary RSP to a secondary RSP and an MLP interface is configured on the router.
Workaround: There is no workaround.
•
Symptoms: Packets that come in on a line card are not correctly forwarded to their destination.
Conditions: This symptom is observed on the Section Data Communications Channel (SDCC) interface of an IP Services Engine (ISE) OC-48 line card. SDCC traffic between the Route Processor (RP) and the line card still functions correctly.
Workaround: There is no workaround.
•
Symptoms: A Gigabit Ethernet (GE) line card may drop all traffic at the ingress line card if subinterfaces are also configured with an IP version 6 (IPv6) address.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured to forward IPv6 multicast traffic. The symptom occurs only with some GE line cards.
Workaround: Remove the IPv6 configuration from the subinterfaces.
•
Symptoms: Two interfaces may have the same Cisco Express Forwarding (CEF) interface description block (IDB) when the following configuration sequence occurs:
–
–
–
–
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S or Release 12.2 S.
Workaround: There is no workaround. Reload to clear the condition.
•
Symptoms: A 4-port OC-3 ATM line card may reload within a few minutes.
Conditions: This symptom is observed on a 4-port OC-3 ATM line card with several ports connected but without the Tx clocks being synchronized on the ports.
Workaround: Synchronize all Tx clocks, or disconnect the ports.
•
Symptoms: In a Fast Software Upgrade (FSU) and software downgrade test environment, a standby Performance Routing Engine (PRE) may reload.
Conditions: This symptom is observed on a Cisco router when an FSU downgrade from Cisco IOS Release 12.0(26)S to Release 12.0(23)S4 or Release 12.0(24)S3 occurs.
Workaround: Reboot the router.
•
Symptoms: When a tunnel interface goes down, a new Label Switched Path (LSP) is not signaled until the forwarding adjacency hold timer expires.
Conditions: This symptom is observed on a Cisco router that is configured with Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels.
Workaround: There is no workaround.
•
Symptoms: A service policy may not attach to an interface. When you enter the show policy-map interface EXEC command, the output displays all counters at 0.
Conditions: This symptom is observed on a Cisco router that is running a version of Cisco IOS software that is earlier than Release 12.0(26)S1, and a policy map is configured on an IP Services Engine (ISE) line card for the Cisco 12000 series router with policing set to less than 64 kilobytes.
Workaround: Make sure that the policing rate is larger than 64 kilobytes. The service policy may then be attached to the interface.
•
Symptoms: A buffer leak may occur in the Multilink PPP (MLP) header pool on a Versatile Interface Processor (VIP). The speed of the leak depends on the rate of traffic that is flowing between the interface of the VIP and the interface on the other end. The leak may eventually cause memory allocation failures (MALLOCFAIL) on the VIP and may result in memory fragmentation.
Conditions: This symptom is observed on a Cisco 7500 series when all of the following conditions are present:
–
–
–
–
Workaround: Stop the leak by removing the fancy queueing from the VIP interface.
Alternate Workaround: Move the MLP interfaces to a different VIP that does not have an interface that performs fancy queueing.
•
Symptoms: A Cisco router may experience a Parallel Express Forwarding (PXF) reload, and the following error messages may appear in the log:
%TOASTER-2-FAULT: T0 Local Bus Exception: CPU[t0r2c2] CM at 0x0A00 LR 0x0A6 %TOASTER-2-FAULT: T0 Exception summary: CPU[t0r2c2] Stat=0x00000022 HW=0x00000000 LB=0x00000040 SW=0x00000000Conditions: This symptom is observed on a Cisco 10720 router that is running the c-10700-p-m image of Cisco IOS Release 12.0(24)S3.
Workaround: There is no workaround.
•
Symptoms: The link LED light of a Gigabit Ethernet (GE) line card on a Cisco 12000 series does not light if the port is shut down.
Conditions: This symptom is observed on a Cisco 12000 series when the no negotiation auto interface configuration command is entered on the router.
Workaround: Remove the optical RX cable, and then reconnect the cable.
•
Symptoms: Packets may be dropped at the output interface on a Cisco router.
Conditions: This symptom is observed on a Cisco 10720 router when there is PPP encapsulation on the incoming interface and the packets have Multiprotocol Label Switching (MPLS) labels.
Workaround: Disable PPP encapsulation, and use High-Level Data Link Control (HDLC) for the incoming interface.
•
Symptoms: When an interface is shut down and the router reloads, the shutdown interface configuration command disappears from the running configuration and the interface becomes active again. However, the shutdown command is still in the startup configuration.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Shut down the interface each time after the router reloads.
•
Symptoms: The deletion of an ATM subinterface may occasionally cause a secondary Performance Routing Engine (PRE) to reload.
Conditions: This symptom is observed on a Cisco 10000 series that has two PREs that are configured for high availability.
Workaround: There is no workaround. However, the symptom does not affect performance. The primary PRE continues to forward traffic. The secondary PRE will reload if it is configured to do so.
•
Symptoms: IP version 6 (IPv6) unicast forwarding may not function on Engine 3 IP Services Engine (ISE) line cards.
Conditions: This symptom is observed on a Cisco 12008 router that is running a gsr-p-mz image of Cisco IOS Release 12.0(26)S.
Workaround: There is no workaround.
•
Symptoms: The copy function from TFTP into the running configuration file may fail even though it appears as though the copy function has succeeded. An error message similar to the following may be displayed:
Simultaneous configs not allowed:locked from vty0 (111.1.11.111Conditions: This symptom is observed when the service multiple-config-sessions global configuration command is configured on a Cisco 7500 series that has a single Route Switch Processor (RSP) with one vty session that is in configuration mode and if you enter the copy tftp running-config global configuration command from another vty session. Under these conditions, the copy function fails.
Workaround: There is no workaround.
•
Symptoms: It is not possible to use Hot Standby Router Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP) virtual MAC addresses when HSRP or VRRP is configured over a port channel interface.
Conditions: This symptom is observed on a Cisco 10720 router but may also be observed on other Cisco platforms.
Workaround: Use the burn-in address (BIA) MAC address when you configure HSRP or VRRP over port channel interfaces.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.0(25)S is unable to receive link up and link down traps on 2-port OC3 channelized DS1/E1 line cards on certain interfaces. Following is a list of the interfaces that are affected.
Trap Name Device object 12.0(25)S Support
---------------------------------------------------------------
1. Link Up SONET Interface Not Working
Serial Interface Not Working
2. Link Down SONET Interface Not Working
Serial Interface WorkingConditions: These symptoms are observed when you enter the shutdown interface configuration command or the no shutdown interface configuration command on the line cards.
Workaround: There is no workaround.
•
This caveat consists of four symptoms, four conditions, and a single workaround for all four symptoms and conditions:
Symptom 1: A "PCMCIA-DIBERR" error message may be displayed.
Condition 1: This symptom is observed when you enter the show flash-filesystem: EXEC command for a Personal Computer Memory Card International Association (PCMCIA) disk that is formatted for low-end file system (LEFS).
Symptom 2: An "Invalid DOS Media" error message may be displayed.
Condition 2: This symptom is observed when you remove a compact Flash card that is formatted for MS-DOS FS, you replace it with one that is formatted for LEFS, and you enter the show: flash-filesystem: EXEC command.
Symptom 3: A compact Flash card that is configured for LEFS may not be recognized.
Condition 3: This symptom is observed when you perform an online insertion and removal (OIR) and you replace an Advanced Technology Attachment (ATA) Flash card with a compact Flash card that is configured for LEFS.
Symptom 4: A traceback for a duplicate file system may be generated in the file system table.
Condition 4: This symptom is observed when you perform an OIR and you replace a compact Flash card that is configured for LEFS with an ATA Flash card.
Workaround for all four symptoms and conditions: Before you enter any command or perform an OIR, enter the show version EXEC command. Doing so forces the PCMCIA card or the compact Flash card to be reread and clears the difficulties.
•
Symptoms: When you reload the microcode onto an enhanced 8-port multichannel T1/E1 port adapter (PA-MC-8TE1+) while traffic is flowing through the port adapter, the following error message may appear:
%RSP-3-RESTART: interface Seriall0/0/4:0, not transmittingIn most cases, the interfaces of the port adapter recover on their own. In very rare cases, the execution of a Cbus Complex occurs.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: If the interfaces of the port adapter do not recover on their own, execute a Cbus Complex.
•
Symptoms: A Multilink Frame Relay (MLFR) bundle interface may flap along with its member links.
Conditions: This symptom is observed when distributed MLFR is configured on a nonchannelized port adaptor such as a 4-port serial enhanced port adapter (PA-4T+) or an 8-port serial port adapter (PA-8T).
Workaround: There is no workaround.
•
Symptoms: Whenever 512 MB RAM is used in Route Switch Processor (RSPs), the slave does not recognize the 512 MB RAM.
Conditions: These symptoms are observed when there is 512MB RAM or more in the slave RSPs and also if the Cisco IOS image size is more than 20 MB.
Workaround: 256 MB RAM can be used.
•
Symptoms: A provider edge (PE) router may reload when packets are forwarded while a remote Virtual Private Network (VPN) prefix is being reresolved.
Conditions: This symptom is observed when the MPLS VPN—Inter-AS—IPv4 BGP Label Distribution feature is configured for option 4, that is, for a non-VPN transit provider and a multi-hop external Border Gateway Protocol (eBGP) connection between route reflectors (RRs).
Workaround: For the exchange of PE loopback addresses between autonomous systems, do not use eBGP with IPv4 label distribution. Rather, configure redistribution into Interior Gateway Protocol (IGP) or static routes.
•
Symptoms: ciscoRFSwactNotification is not generated during a switchover.
Conditions: This symptom has been observed on the Route Processor (RP) on a High Availability machine that is running in stateful switchover (SSO) mode.
Workaround: There is no workaround. Enabling Syslog trap and checking for a RP status change message can be a workaround, but this is not advised due to the possibility of the large amount of syslog traps that may be generated during a switchover or similar situation.
•
Symptoms: Traffic that passes through a tunnel interface may be dropped because the application inspection (also referred to as "fixup") is disabled on the tunnel interface adjacency.
Conditions: This symptom is observed in Cisco IOS Release 12.0(24)S or a later release.
Workaround: Toggle Cisco Express Forwarding (CEF) by entering the no ip cef distributed global configuration command followed by the ip cef distributed global configuration command.
•
Symptoms: A router may reload because of a lack of Route Processor (RP) memory.
Conditions: This symptom is observed on a Cisco 12000 series router when a large policy map is attached to a large number of subinterfaces (for example, Frame Relay [FR] or ATM) on an IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: When you enter the exec slot 0 clear log EXEC command on a Cisco 12000 series router, the line card may stall.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0 S.
Workaround: Enter the clear log EXEC command directly on the line card.
•
Symptoms: Memory allocated by the ip cef linecard ipc memory kbps global configuration command is not freed when a standby Route Processor (RP) becomes an active RP.
Conditions: This symptom is observed only when the ip cef linecard ipc memory kbps global configuration command is used because the allocated memory on the standby RP memory is not freed when the standby RP switches over to become the active RP.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: Link Control Protocol (LCP) negotiations may fail, and a "failed to negotiate with peer" message may be displayed.
Conditions: This symptom is observed on a Cisco universal access server if the peer sends more than five Configure-Negative acknowledgments (CONFNAKs) or Configure-Rejects (CONFREJs) on the link for the current or previous LCP negotiation.
Workaround: Configure the ppp max-failure 10 command on the link to allow the remote peer to exhaust the Negative acknowledgment (NAK) or Reject acknowledgment (REJ) count and resume negotiations before the Cisco universal access server drops the link.
•
Symptoms: If a ping to the tunnel end of an L2TP network server (LNS) fails, a large number of packets are continuously generated, and the router may reload with a memory allocation failure error message.
Conditions: This symptom is observed on a Cisco router that is configured for voluntary Layer 2 Tunneling Protocol (L2TP) or client-initiated L2TP tunneling.
Workaround: There is no workaround.
•
Symptoms: A router may reload when you enter the show running-config privileged EXEC command after a channel group interface is created on the router.
Conditions: This symptom is observed if you create the channel group interface, configure Frame Relay (FR) encapsulation on the interface, and then delete the interface without first removing the FR encapsulation.
Workaround: Remove the FR encapsulation before deleting the channel group interface.
Resolved Caveats—Cisco IOS Release 12.0(26)S
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A master Route Switch Processor (RSP) may cause a router to pause indefinitely or reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured with a line card when the write memory EXEC command is entered and when the line card reloads while the write memory EXEC command is being processed.
Workaround: There is no workaround.
•
Symptoms: The ifIndex may not synchronize when you use third-party vendor software with Cisco IOS software and a standby router comes up after a Stateful Switchover (SSO) has occurred.
Conditions: This symptom is observed on a Cisco 12416 that is running Cisco IOS Release 12.0(24)S and that has line cards that are configured with about 2000 Gigabit Ethernet (GE) subinterfaces.
Workaround: Reduce the number of GE subinterfaces. (For example, with only 10 GE subinterfaces, the symptom does not occur.)
•
Symptoms: Information about a port adapter (PA) may be missing from the output of a show diag command.
Conditions: This symptom is observed on a controller with a memory size of 128 MB DRAM and 8192 KB SRAM. The controller displays the following information:
PA Bay 0 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 0
HW rev 0.00, Board revision UNKNOWN
Serial number: 00000000 Part number: 00-0000-00
PA Bay 1 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 1
HW rev 1.00, Board revision A0
Serial number: 08534388 Part number: 73-1688-04This condition is seen after upgrading from Cisco IOS Release 12.2(11)T to Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: When an entry in the ciscoPingTable MIB variable is set to be valid, high memory utilization may occur gradually because memory is not released by the "dead*" process of a Simple Network Management Protocol (SNMP) ping.
Conditions: This symptom is observed on a Cisco 12000 series after the router has been upgraded from an earlier Cisco IOS release to Cisco IOS Release 12.2 (23)S.
Workaround: Exclude the ciscoPingTable MIB variable from the configuration by entering the snmp-server view view name ciscoPingTable excluded global configuration command.
•
Symptoms: A Cisco 7200 series may generate a "%SYS-2-LINKED: Bad requeue" message. Following this message and after a time of operation, memory fragmentation occurs and the router reloads.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(11)T.
Workaround: There is no workaround.
•
Symptoms: When a Telnet session is made to a router after a VTY session pauses indefinitely, the user in the Telnet session may not be able to enter the configuration mode. When these symptoms occur, interfaces may enter the wedged state with Simple Network Management Protocol (SNMP) traffic.
Conditions: This behavior is observed on ATM and Packet over SONET (POS) interfaces. This behavior is not platform-specific.
Workaround: Disable Simple Network Management Protocol (SNMP) configuration traps by entering the no snmp-server enable traps config global configuration command.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Condition 1: This symptom is observed when the line card is configured for NetFlow.
Workaround 1: Remove NetFlow from the configuration.
2.
Condition 2: This symptom is observed when the line card is configured for NetFlow. The spurious memory access messages appear after you have reloaded the egress line card or during route convergence when the Forwarding Information Base (FIB) is rebuilt.
Workaround 2: Remove NetFlow from the configuration.
3.
Condition 3: This symptom is observed when the VIP is configured for NetFlow.
Workaround 3: Remove NetFlow from the configuration.
•
Symptoms: The running configuration may not be properly synchronized with the startup configuration after a switchover has occurred, causing the snmp-server community public rw global configuration command to be lost from the running configuration.
Conditions: This symptom is observed on a Cisco 12000 series after a switchover has occurred.
Workaround: After the switchover has occurred, manually reconfigure the snmp-server community public rw global configuration command.
•
Symptoms: A Cisco platform may generate the following error message:
<interface name> is a static pool and cannot be tunedNote that instead of "<interface name>," an actual interface name will be stated in the message.
Conditions: This symptom is observed when you display the running configuration.
Workaround: There is no workaround.
•
Symptoms: The snmp mib target list global configuration command is not displayed when the show running-config EXEC command is entered on the secondary Performance Routing Engine (PRE). However, the snmp mib target list global configuration command is displayed when the show startup-config EXEC command is entered on the PRE.
Conditions: This symptom is observed on the PRE of a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload, generate a crashinfo file, and then pause indefinitely.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S and that is configured with the exception dump global configuration command.
Workaround: There is no workaround.
•
Symptoms: The CPU utilization of a Cisco 7500 series Versatile Interface Processor (VIP) may reach 100 percent when the rate of the incoming traffic exceeds the bandwidth of the egress interface.
Conditions: This symptom is observed only with local switching, that is, it is observed only with traffic that enters through one interface of the VIP and that leaves through another interface of the same VIP.
Workaround: Reload the affected VIP.
•
Symptoms: When RSP redundancy is configured in the HSA mode and a switchover occurs, the master RSP in slot 2 may remain the master RSP and the slave RSP in slot 3 may remain the slave RSP. The slave RSP should come up as the master RSP after the switchover has occurred.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(24)S when the RSP redundancy is configured in the HSA mode.
Workaround: Configure the default slave RSP in slot 2 by entering the slave default-slot 2 command. The symptom does not occur when the slave RSP is located in slot 2 and the master RSP is located in slot 3.
•
Symptoms: A Cisco router may reload because of a watchdog timeout condition when you poll the ciscoEnvMonTemperatureStatusValue MIB variable.
Conditions: This symptom is observed when the MIB variable has an index that is larger than 6. Indexes 0 to 6 are valid indexes; indexes that are larger than 6 are not valid indexes.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: When any command that triggers the nonvolatile generation (NVGEN) process is executed through a new vty session, certain interface configuration commands that support the Best Effort Method, such as the ip vrf interface configuration command, the ntp disable interface configuration command, and the service-policy output interface configuration command, may not properly synchronize with a standby Route Processor (RP) or Performance Routing Engine (PRE) because of a failure in the post NVGEN process.
For example, when you enter the ip vrf interface configuration command while the show running-config privileged EXEC command is being executed in a Telnet session, the configuration of the ip vrf interface configuration command may not properly synchronize with the standby RP or PRE, and a "Post NVGEN failure" message may be generated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(23)S2 or a later release.
Workaround: Do not enter commands that trigger the NVGEN process while you configure commands that support the Best Effort Method.
•
Symptoms: A policy map configuration may not synchronize correctly to the standby Route Processor (RP).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may reload with a "CPU signal 23" message when Simple Network Management Protocol (SNMP) is configured and an snmpwalk command is being executed on the router. When the router reloads, the following error message is generated:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SNMP ENGINE.Conditions: This symptom is observed on a Cisco 7500 series that is configured with a 1-port Packet-over-SONET OC-3c/STM-1 port adapter (PA-POS-OC3).
Workaround: Modify all snmp-server commands with the view no sonet keywords, as is shown in the following example:
snmp-server view no sonet system included
snmp-server view no sonet interfaces included
snmp-server view no sonet at included
snmp-server view no sonet ip included
snmp-server view no sonet icmp included•
Symptoms: A Cisco 7500 series router may encounter a bus error when applying a crypto map on an FDDI interface.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(11)T2, Release 12.2(13)T1, or Release 12.2(13a). The symptom may also occur in other releases such as Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may generate the following message on its console:
%VIP-3-BADMALUCMD: Unsupported MALU command 81/82Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Route Processor (RP) may reload unexpectedly when you send a ping to another Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: Interfaces may not be created when a channel group is configured on a Cisco 7500 series or a Cisco 7600 series.
Conditions: This symptom is observed only if channel groups are created on an 8-port multichannel T1 port adapter (PA-MC-8T1) and the PA-MC-8T1 is replaced with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) by performing an online insertion and removal (OIR). After the port adapters are switched, the channel-group configuration on the PA-MC-8TE1+ does not work as expected.
Workaround: Remove the channel-group configuration on a port adapter before performing an OIR and replacing the port adapter with another port adapter.
•
Symptoms: An ATM interface may remain administratively down.
Conditions: This symptom is observed when commands do not have any effect because the command-line interface (CLI) does not function. The symptoms are platform independent.
Workaround: There is no workaround.
•
Symptoms: Simple Network Management Protocol (SNMP) counters (ifOutUcastPkts, ifOutOctets, and ifHCOutOctets) may not increment when traffic is generated.
Conditions: This symptom is observed on a Fast Ethernet (FE) subinterface of a Cisco 7500 series that runs Cisco IOS Release 12.0(24)S or Release 12.0(26)S when the FE subinterface is configured for dot1q encapsulation and traffic from a Multiprotocol Label Switching (MPLS) network enters the router on a serial interface.
Workaround: There is no workaround.
IP Routing Protocols
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, see the advisory at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: A universal access server may reload because of a bus error.
Conditions: This symptom is observed on a Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(15).
Workaround: There is no workaround.
•
Symptoms: Traffic to downstream routers may be cut off.
Conditions: This symptom is observed when a router has a bidirectional rendezvous point for a group range that covers a Source Specific Multicast (SSM) range when the router receives an SSM join message and it does not yet have the group state created. In this situation, the router rejects the SSM join message and causes traffic to downstream routers to be cut off.
Workaround: There is no workaround.
•
Symptoms: An Autonomous System Boundary Router (ASBR) in an inter-autonomous system (Inter-AS) Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) topology may advertise the wrong next hop (IP address of the external Border Gateway Protocol [eBGP] neighbor) to the eBGP neighbor ASBR for some VPN-IPv4 (VPNv4) prefixes.
Conditions: This symptom is observed on a Cisco router that functions as an ASBR.
Workaround: Manually change the IP next-hop configuration by entering the set ip next-hop router configuration command on either the Cisco router that functions as an ASBR or the neighbor ASBR that is using the route map.
•
Symptoms: A router may display traceback messages and reload.
Conditions: This symptom is observed under rare circumstances on a Cisco 3660.
Workaround: There is no workaround.
•
Symptoms: An interface that is defined in an Enhanced Interior Gateway Routing Protocol (EIGRP) network statement may fail to come up in the EIGRP topology table.
Conditions: This symptom is observed after a Cisco router has reloaded. The occurrence of the symptom depends on the type of interface to which the router is connected and on the timing of the interface activation.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: Memory fragmentation may occur on a router.
Conditions: This symptom is observed when a large number of Open Shortest Path First (OSPF) routes are flapped on a Cisco router.
Workaround: There is no workaround.
•
Symptoms: When Reverse Path Forwarding (RPF) changes occur on a Route Processor (RP), only a "(*, G)" join is sent. The "(S, G)R" prunes that would cause a proxy join timer to be started at the upstream router for those "(S,G)" prunes are not sent. If the "(S, G)" prune is sent while the proxy join timer is running, the router removes the interface from the list but does not send a prune upstream because the proxy join timer is running.
Conditions: This symptom is platform independent.
Workaround: There is no workaround.
•
Symptoms: A bad magic number in the chunk header may lead to a memory corruption and may cause a router to reload.
Conditions: This symptom is observed on a Cisco router that is configured for Resource Reservation Protocol (RSVP) after a specific invalid RSVP path message is received.
Workaround: There is no workaround.
•
Symptoms: It may take up to 5 minutes for a traffic engineering (TE) label switched path (LSP) tunnel to come up.
Conditions: This symptom is observed when you change the encapsulation from High-Level Data Link Control (HDLC) to PPP or when you shut down an interface on which PPP encapsulation is configured.
Workaround: To enable the TE LSP tunnel to come up immediately, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that functions as the TE LSP tunnel head.
•
Symptoms: Toggling between the bgp suppress-inactive command and the no bgp suppress-inactive command may prevent routes from being advertised.
Conditions: This symptom is observed on routes that have mismatched next hops.
Workaround: Enter the clear ip bgp * privileged EXEC command.
•
Symptoms: The Multi Exit Discriminator (MED) that is received from a confederation external peer may be ignored in best path selection. The output of the show ip bgp longer-prefixes EXEC command does not indicate that any MED values were received.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configurations are present.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a peer session template is unconfigured.
Conditions: This symptom is observed if the remote-as router configuration command is configured on a peer session template and if that template is subsequently unconfigured by entering the no remote- as router configuration command followed by the no template peer-session router configuration command.
Workaround: Avoid configuring the remote-as router configuration command on the peer session template. If the remote-as router configuration command is configured, either unconfigure the remote-as router configuration command or unconfigure the peer template directly.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when a Border Gateway Protocol (BGP) policy list is used on a Cisco 7200 series.
Workaround: There is no workaround.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please see the advisory at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: It may not be possible to configure the distribute-list router configuration command under an IP routing protocol.
Conditions: This symptom is observed when a user attempts to configure the distribute-list router configuration command under an IP routing protocol.
Workaround: There is no workaround.
•
Symptoms: The neighbor [ip-address | peer-group-name] timers keepalive router configuration command may disappear from the configuration after a router is reloaded or the show running-config EXEC command is entered.
Conditions: This symptom is observed only when the router is operating in the Network Layer Reachability Information (NLRI) mode.
Workaround: Configure the neighbor [ip- address | peer-group-name] timers keepalive router configuration command in the address family mode.
•
Symptoms: If the default-information originate router configuration command is entered on the Virtual Private Network (VPN) routing/forwarding (VRF) instance of a Cisco 12000 series that has the address-family ipv4 vrf command configured using the Border Gateway Protocol (BGP), the default route is learned correctly but the default route is entered incorrectly in the BGP routing table. This behavior may result in unexpected behavior on the other router if the other router does not have a correct default route.
The default static route of the VRF is not advertised by BGP after the default static route is configured under the VRF, and BGP may advertise the incorrect default route that is in the BGP routing table.
Conditions: This symptom is observed on a Cisco 12000 series that is running BGP.
Workaround: Perform either of the following steps:
–
–
•
Symptoms: A Cisco router may reload and generate the following error message:
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x1, pc=0x50D595D4, ra=0x507856DC, sp=0x53AF68D8Conditions: This symptom is observed when the following conditions are present:
–
–
Workaround: There is no workaround.
•
Symptoms: A router may inadvertently remove link-state advertisements (LSAs) from the retransmission list and prevent the Open Shortest Path First (OSPF) neighbor from receiving the latest version of the LSA. This behavior may cause some prefixes to be unreachable.
Conditions: This behavior may occur when the LSA is not received by the neighboring router and the LSA must be retransmitted. While the LSA is waiting in the neighbor retransmission queue, certain events may cause a regeneration of the same LSA. If there is no change in the LSA, the router may mistakenly remove the LSA from the retransmission queues of all neighbors.
Workaround: This symptom normally stops occurring after the LSA is refreshed. If this symptom continues to occur, unconfigure and reconfigure the network global configuration command.
•
Symptoms: The interface of a Cisco router that functions as a Protocol Independent Multicast (PIM) Rendezvous Point may stop receiving traffic. The output of the show interfaces privileged EXEC command may show input queue drops.
Conditions: This symptom is observed after the interface has received PIM register packets with the Router Alert option.
Workaround: Reload the port adapter or line card with the affected interface.
•
Symptoms: A Border Gateway Protocol (BGP) next-hop router may not redistribute Virtual Private Network (VPN) routes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series that is functioning as a provider edge (PE) router in a Multicast Virtual Private Network (MVPN) environment may stop sending Protocol Independent Multicast (PIM) register messages for the default multicast distribution tree (MDT) to its Rendezvous Point (RP). This situation prevents PE routers from establishing PIM adjacencies with other PE routers in the MVPN.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S and that has the ip pim register-rate-limit global configuration command enabled. The symptom is not observed in Release 12.0(23)S or in earlier releases.
Workaround: Enter the clear ip mroute group-address EXEC command for the default MDT group address.
Alternate Workaround: Do not use the ip pim register-rate-limit global configuration command.
•
Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.
Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.
Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.
•
Symptoms: A Cisco router may reload when the tunnel bandwidth is changed at the ingress point of a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel.
Conditions: This symptom is observed in a multivendor environment. Another Cisco router serves as the ingress point of the MPLS TE tunnel.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reload and report an unexpected exception (sig=10 in the crashinfo file).
Conditions: This symptom is observed on a Cisco 10720 that is configured for Open Shortest Path First (OSPF) Incremental Shortest Path First (SPF).
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured with IP multicast may reload because of a bus error.
Conditions: This symptom is observed when a router sends (S,G) R join overrides to a neighbor, and the neighbor times out because of link flaps or because of another reason. The symptom is caused by a timing difficulty and is most likely to occur when the ip pim spt-threshold infinity global configuration command is configured on all routers in the network.
A list of the affected releases can be found at the following location: http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds31596. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Possible Workaround: Remove the ip pim spt-threshold infinity global configuration command from all routers in the network to minimize the occurrence of the symptom.
•
Symptoms: A Cisco 12000 series that is configured for Protocol Independent Multicast (PIM) and that is switching multicast traffic may reload.
Conditions: This symptom is observed every 20 minutes on a Cisco 12000 series that is running Cisco IOS Release 12.0(26)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload when it withdraws 113,000 Border Gateway Protocol (BGP) routes.
Conditions: This symptom is platform independent.
Workaround: There is no workaround.
•
Symptoms: The EIGRP Stub Routing feature may be missing from the configuration.
Conditions: This symptom is observed when a Cisco router on which the EIGRP Stub Routing feature is enabled is reloaded, or when the Enhanced Interior Gateway Routing Protocol (EIGRP) process is restarted.
Workaround: There is no workaround; you must reenable the EIGRP Stub Routing feature.
•
Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.
Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.
Conditions: This symptom may occur under any of the following six conditions when BGP is converging:
1.
2.
3.
4.
5.
6.
Workaround: There is no workaround for conditions 1 through 5.
To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.
•
Symptoms: An Open Shortest Path First (OSPF) interface may be reported to be in the "down" state while the interface and the line protocol may be reported to be in the "up" state. This situation causes missing OSPF neighbor adjacencies on the OSPF interface that is in the "down" state.
Condition: This symptom is observed when there are a large number of active interfaces and one of the following events has occurred:
–
–
–
–
–
Workaround: Use one of the following methods to recover the OSPF interface:
–
–
–
•
Symptoms: Even though no Border Gateway Protocol (BGP) updates are sent between router peers, a router may sent BGP withdraw messages to its peers.
Conditions: This symptom is observed on a Cisco 12416 when the following conditions are present:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Border Gateway Protocol (BGP) peer may not come up after you have disabled message digest 5 (MD5) authentication for BGP neighbors.
Conditions: This symptom is observed when, on a router that is running BGP, you disable MD5 authentication for a BGP peer by using the no neighbor ip-address password router configuration command. The BGP session does not become established, even when you reset the BGP connection by entering the clear ip bgp neighbor-address privileged EXEC command or the clear ip bgp * privileged EXEC command.
Workaround: After you have entered the no neighbor ip-address password router configuration command, reconfigure the BGP session for the neighbor at both sides of the connection.
Alternate Workaround: Reload the router that is running BGP.
•
Symptoms: For each data packet that is handled on a Cisco router, spurious memory accesses may occur at addresses 0x1D and 0x22. When the traffic rate is high, the console may become unresponsive, and the router may pause until the call is cleared. The output of the show alignment EXEC command displays the following information:
Total Spurious Accesses 3984, Recorded 8
Address Count Traceback
1D 775 0x610CFA2C 0x60420754 0x60432D98
24 775 0x610CFA38 0x60420754 0x60432D98
3 775 0x610CFCF4 0x60420754 0x60432D98
3 775 0x610B5D5C 0x610CFD20 0x60420754 0x60432D98
22 221 0x610CFA2C 0x60429D48 0x60432D98
24 221 0x610CFA38 0x60429D48 0x60432D98
8 221 0x610CFCF4 0x60429D48 0x60432D98
8 221 0x610B5D5C 0x610CFD20 0x60429D48 0x60432D98Conditions: This symptom is observed on a Cisco router that has a single physical interface that is configured for Resource Reservation Protocol (RSVP) over ATM switched virtual circuits (SVCs) on one subinterface and RSVP over ATM permanent virtual connections (PVCs) on another subinterface. The symptom is related to a timing difficulty because the symptom occurs only when the PVC is set up after the SVC.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you simultaneously enter the same command to terminate a router protocol through two different sessions. For example, one session may run via the console and the other session may run via a Virtual Terminal Protocol (VTP). Examples of commands that terminate a router protocol are the no router bgp global configuration command, the no router isis global configuration command, the no router ospf global configuration command, and so on.
Conditions: This symptom is platform independent.
Workaround: Do not simultaneously enter the same command to terminate a router protocol through two different sessions.
•
Symptoms: An interface cannot send Resource Reservation Protocol (RSVP) messages.
Conditions: This symptom is observed after you have reloaded a Cisco router and RSVP is enabled on an interface just after you have entered the no shutdown interface configuration command on the interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface. This workaround is not effective for an unattended router.
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload when you enter the show bgp ipv6 unicast or show bgp ipv6 multicast user EXEC or privileged EXEC mode command.
Conditions: This symptom is observed when IP version 6 (IPv6) multicast is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload because of a race condition when you enter the no router ospf global configuration command or the no ip vrf global configuration or router configuration command.
Conditions: This symptom is observed when you run a configuration script in which the commands are entered in a very fast sequence.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that runs Border Gateway Protocol (BGP) may reload.
Conditions: This symptom is observed on a Cisco router that is configured with many BGP peers and that receives a large number of prefixes and attributes.
Workaround: There is no workaround.
•
Symptoms: When you enter the ip alias interface configuration command, an invalid IP address may be returned.
Conditions: This symptom is observed a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A router may reload when you enter the router ospf global configuration command, followed by the no network ip-address wildcard-mask area area-id router configuration command, and you enter 0.0.0.0 255.255.255.255 for the ip-address wildcard-mask arguments.
Conditions: This symptom is observed when you use sham links.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may select the best path inconsistently.
Conditions: This symptom is observed on a Cisco 7200 that runs Cisco IOS Release 12.0(26)S when the bgp deterministic med router configuration command, the bgp always-compare-med router configuration command, or both commands are configured to determine the best path.
Workaround: Use other commands or methods to determine the best path.
•
Symptoms: A Route Switch Processor (RSP) may reload because of memory corruption in the Border Gateway Protocol (BGP) process.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A Reverse Path Forwarding (RPF) lookup may cause a Route Processor (RP) to reload because of a stack overflow.
Conditions: This symptom is observed on a Cisco 12000 series when there is a unicast routing loop and when a static multicast route (mroute) has been configured. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) may not advertise all routes to a peer.
Conditions: This symptom is observed when the peer comes up after all other peers of an update group have converged.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series that is configured with two Performance Routing Engine 1 (PRE-1) processors may stop functioning as a redundant system.
Conditions: This symptom is observed when you enter the bgp upgrade-cli router configuration command.
Workaround: Reload the standby PRE-1.
•
Symptoms: If an object in a Resource Reservation Protocol (RSVP) reservation (RESV) refresh changes in relation to the previous refresh, a debug message may be generated that is not subjected to an access control list (ACL). When many flows or label switched paths (LSPs) are active on a router, this situation may cause so much debug output that the router may pause indefinitely or reload.
Conditions: This symptom is observed in Cisco IOS Release 12.0(25)S when the debug ip rsvp filter privileged EXEC command is configured to reduce the number of debugs on a subset of RSVP flows or Multiprotocol Label Switching (MPLS) traffic engineering LSPs and when you also configure the debug ip rsvp resv privileged EXEC command. The ACL that is enabled with the filter keyword of the debug ip rsvp filter privileged EXEC command may not function for one debug message.
Workaround: Do not configure the debug ip rsvp resv privileged EXEC command when there are many flows on the router.
•
Symptoms: When refresh reduction is enabled and a Cisco router has been operational for a long time, valid Resource Reservation Protocol (RSVP) messages that are received from a neighbor may be dropped when the message IDs have cycled through the entire number space once (that is, from 0 to 4,294,967,295) and then progressed up to 2,147,483,648 (0x80000000).
Conditions: This symptom is observed when a message ID number space begins at zero, increases up to 4,294,967,295 (32 bits), but then does not properly wrap back to zero, causing message IDs greater than 2,147,483,648 to be out of sequence, and to be dropped.
Note that a neighboring router is able to send Message IDs and properly wraps back from 4,294,967,295 to zero, but the receiving router that does not record the wrap event, causing the symptom to occur.
Workaround: There is no workaround.
•
Symptoms: Enabling IP version 6 (IPv6) multicast routing by entering the ipv6 multicast-routing global configuration command may cause memory corruption. This situation may eventually cause the router to reload.
Conditions: This symptom is observed on a Cisco 7200 series but may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: The Rendezvous Point mapping may not be updated in an existing multicast route state.
Conditions: This symptom is observed when you change the hash mask length on a bootstrap router (BSR).
Workaround: There is no workaround. Note that the symptom does not cause any traffic interruption.
•
Symptoms: You may not be able to configure the ip vrf receive interface configuration command.
Conditions: This symptom is observed when the interface on which you attempt to configure the ip vrf receive interface configuration command does not have an IP address configured.
Workaround: First configure an IP address on the interface; then, enter the ip vrf receive interface configuration command on the interface.
ISO CLNS
•
Symptoms: A router may use parameters that are configured by entering the isis hello-interval seconds level-1 interface configuration command and ignore "hello" parameters that are configured by entering the isis hello-interval seconds level-2 interface configuration command.
Conditions: This symptom is observed on a point-to-point interface that is running Cisco IOS Release 12.0 S.
Workaround: Avoid configuring adjacencies by entering the isis hello-interval seconds level-2 interface configuration command. Use the isis hello-interval seconds level-1 interface configuration command to configure "hello" parameters.
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) loadbalancing may not function correctly.
Conditions: This symptom is observed in a topology in which three routers—router A, router B, and router C—reside on a broadcast media. Router A is the root node that performs Shortest Path First (SPF) and has a direct path to both router B and router C. There is also an additional path between router A and router B. When you configure IS-IS to enable router A to reach router C along two equal-cost paths, router A may not use the direct path (that is, one of the two equal-cost paths) to router C but may only use the additional path via router B to reach router C.
Workaround: There is no workaround.
•
Symptoms: After you change the IP address of an interface to a different subnet, the routes that use this interface as the next-hop output interface may not be removed from the global Routing Information Base (RIB).
Conditions: This symptom is observed when you change the IP address on an interface that is enabled for Intermediate System-to-Intermediate System (IS- IS) to a different subnet. The route of the old IP address is not removed but shown as an IS-IS route in the global RIB, even though the route of the old IP address is removed from the local IS-IS RIB.
Workaround: Enter the clear ip route * EXEC command or the clear ip route {network [mask]} EXEC command on the affected interface.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Condition 1: This symptom is observed when you use metric narrow for IS-IS.
Workaround 1: There is no workaround.
2.
Condition 2: This symptom is observed when you use a multitopology IS-IS for IP version 6 (IPV6).
Workaround 2: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when you enter the no router isis global configuration command.
Conditions: This symptom is observed when you enter the no ip router isis interface configuration command followed by the isis network point-to-point command before you enter the no router isis global configuration command.
Workaround: Enter the ip router isis interface configuration command before you enter the isis network point-to-point interface configuration command.
•
Symptoms: A Cisco 10720 may reload unexpectedly.
Conditions: This symptom is observed when IP version 6 (IPv6) Intermediate System-to-Intermediate System (IS-IS) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running Intermediate System-to-Intermediate System (IS-IS) may not unset the IS-IS overload bit after a redundancy switchover, preventing the IS-IS connectivity from being restored.
Conditions: This symptom is observed on a Cisco router that has two Route Processors (RPs) in a redundant configuration.
Workaround: To restore the IS-IS connectivity, and to prevent the symptom from occurring again, enter the no set-overload-bit on-startup router configuration command on the primary RP.
•
Symptoms: A router may reload unexpectedly.
Conditions: This symptom is observed when the isis advertise prefix interface configuration command is configured and subsequently unconfigured before the router isis global configuration command is entered.
Workaround: Configure the router isis global configuration command before configuring or unconfiguring the isis advertise prefix interface configuration command.
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) may not converge correctly.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco router may reload because of a watchdog timeout in the pool process, and messages similar to the following ones may appear:
System was restarted by error - a Software forced crash, PC 0x60396E7C at 4500 Software (C4500-A3JS-M), Version 12.2(8.1), MAINTENANCE INTERIM SOFTWARE Compiled (current version) Image text-base: 0x60008948, data-base: 0x61116000
Stack trace from system failure:
FP: 0x618A8460, RA: 0x60396E7C
FP: 0x618A8460, RA: 0x603952F4
FP: 0x618A8488, RA: 0x6039D584
FP: 0x618A84A8, RA: 0x603A0CC8
FP: 0x618A84C8, RA: 0x60398BDC
FP: 0x618A8560, RA: 0x6037EFFC
FP: 0x618A85A0, RA: 0x611E57A0Conditions: This symptom is platform independent.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you remove a Label Distribution Protocol (LDP) configuration before an Ethernet over Multiprotocol Label Switching (EoMPLS) configuration.
Conditions: This symptom is observed in rare situations on a router that is configured for EoMPLS when you enter the no mpls l2transport route interface configuration command.
Workaround: There is no workaround.
•
Symptoms: A permanent virtual circuit (PVC) does not come up even after an alarm indication signal (AIS) is stopped. This symptom is observed after an AIS is received on the PVC from an ATM network and the PVC configuration is changed.
Conditions: This symptom is observed on a Cisco 7507 router that is configured with Operation, Administration, and Maintenance (OAM) management. To recreate this symptom, the PVC configuration must be changed while the PVC is in the AIS or remote defect indication OAM VC state.
Workaround: Reset the PVC by entering the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: Directly-connected neighbors may be displayed in the "Targeted Hellos" field in the output of the show mpls ldp discovery privileged EXEC, which is incorrect behavior. This situation does not impact routing functionality.
Conditions: This symptom is observed in an Any Transport over Multiprotocol Label Switching (AToM) environment and is platform independent.
Workaround: There is no workaround.
•
Symptoms: By default, the experimental bits of incoming Multiprotocol Label Switching (MPLS) packets with topmost explicit-null label headers may be copied into the underlying label header.
Conditions: This symptom is observed on a Cisco IOS platform that is configured for MPLS.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds, all of which are related to the configuration of Multicast Distributed Switching (MDS) on subinterfaces:
1.
Multicast distributed switching is not allowed on sub-interfacesCondition 1: This symptom is observed when MDS is already configured on the main interface.
Workaround 1: There is no workaround.
2.
Condition 2: This symptom is observed in the output of the show ip pim interface count EXEC command. The command output is incorrect.
Workaround 2: There is no workaround.
3.
Condition 3: This symptom is observed when the main interface is not configured for MDS and you attempt to configure MDS on a subinterface.
Workaround 3: There is no workaround.
•
Symptoms: A router may pause indefinitely instead of restarting.
Conditions: This symptom is observed when the router is handling invalid addresses in the cached address space.
Workaround: There is no workaround.
•
Symptoms: When a customer edge (CE) link fails, a remote provider edge (PE) router may not be notified, causing the CE link to remain up.
Conditions: This symptom is observed in a configuration that has the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS: Port Mode feature enabled.
Workaround: There is no workaround.
•
Symptoms: When you configure a Virtual Private Network (VPN) on a router that is configured with dual Route Processors (RPs), a VPN routing/forwarding (VRF) table ID that is associated with a particular VRF instance may have different values in the active RP and the standby RP. This situation causes failures in the processing of Cisco Express Forwarding (CEF) interprocess communication (IPC) messages on the standby RP for CEF IPC messages that contain an inconsistent VRF table ID, and CEF may be disabled.
Inconsistent VRF table IDs may also cause a memory loss on the standby RP, and when a switchover occurs from the active RP to the standby RP, more difficulties may occur.
Conditions: These symptoms are observed on router that is configured for Stateful Switchover (SSO) when VRF instances are deleted.
Workaround: There is no workaround; however, these actions minimize the occurrence of the symptoms:
–
–
–
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
%FIB-2-IFINDEXILLEGAL: An internal software error occurred. Argument ifindex is out of bounds at -1.Condition 1: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a tunnel interface, then remove the tunnel interface, and then add the tunnel interface again.
Workaround 1: There is no workaround.
2.
% CEF IDB corresponding to Serial12/0/0/8:0 is not foundCondition 2: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a serial interface, then remove the serial interface, and then add the serial interface again.
Workaround 2: There is no workaround.
•
Symptoms: Link utilization may be lower than expected.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1 when class-based weighted fair queueing (CBWFQ) is configured on multiple VLANs.
Workaround: Try one or more of the following options to improve the link utilization:
1.
2.
3.
•
Symptoms: An ATM interface does not come up after a Cisco 10000 series router has reloaded.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: Tag Distribution Protocol (TDP) may not convey the label change information for a prefix that is learned via an exterior Border Gateway Protocol plus (EBGP+) label to its TDP peers.
Conditions: This symptom is observed on a Cisco 7500 series when TDP is used. The symptom does not occur when Label Distribution Protocol (LDP) is used.
Workaround: There is no workaround.
•
Symptoms: At the console of a Cisco 10720 router that is functioning as a headend router for multiple Multiprotocol Label Switching-traffic engineering (MPLS-TE) tunnels, a "complex_restart" message may appear when the Parallel Express Forwarding (PXF) processor reloads. When this situation occurs, the following entries are displayed in the error log:
%TOASTER-2-FAULT: T0 IHB Exception: watchdog
%TOASTER-2-FAULT: T1 IHB Exception: watchdog
%TOASTER-2-FAULT: T0 IHB Exception: watchdog
%TOASTER-2-FAULT: T1 IHB Exception: watchdog
%CAMR_POS_OC48-3-INTERR: POS uplink internal error POS_TX_VA_SC_NO_EOP(code 2)
%Camr_VA-3-STATUS1: Van Allen Data integrity error VA_LK_IPM_RD_ACC_TIMER_EXP
(code 2)Conditions: This symptom is observed in an MPLS-TE configuration with 300 tunnels.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on the Versatile Interface Processor (VIP) of a Cisco 7500 series even though the RSP/VIP is not crashing.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) forwarding is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may reload with an "address error" message.
Conditions: This symptom is observed at bootup time when the PE and customer edge (CE) interfaces are coming up. The symptom occurs when a locally learned VPN routing/forwarding (VRF) route temporarily loses its local label. This condition leads to some data structures being cleaned up but still retaining references to the local label. It may also occur after bootup in the case of interface flaps. The reload is not a common occurrence, however, and may need additional triggers.
A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCdv49909. Cisco IOS releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: TCP retransmissions may occur on a router after the Web Cache Communication Protocol (WCCP) is enabled.
A sniffer trace indicates that some packets that should be redirected to a content engine via WCCP are not delivered as expected. This behavior causes the retransmissions to occur between the client and the caching device. When this symptom occurs, clients may not be able to view certain web pages for several minutes.
Conditions: This symptom is observed on a Cisco 7206VXR that has WCCP and Cisco Express Forwarding (CEF) enabled. Network Address Translation (NAT) from the inside to the outside is occurring on the Internet interface that has an outbound access control list (ACL) configured. If the outbound ACL contains statements that deny traffic with internal non-NAT addresses, those packets will not be redirected because WCCP in the CEF path checks to ensure that packets are permitted to pass through the original outbound interface before applying redirection to the packets.
Because the check is performed on packets before NAT is applied, the packets are not redirected. From the perspective of a client, web pages may become unreachable when this symptom occurs. However, if a packet is switched in the fast path rather than the CEF path, the check against any ACL that is configured on the original outbound interface is not made and redirection occurs normally.
Workaround: Configure the ACL on the original outbound interface so that it does not deny packets that must be redirected. When you are configuring the ACL, remember that NAT is not applied to redirect candidates when the ACL is checked.
•
Symptoms: The Unicast Reverse Path Forwarding feature does not work on the Engine 4 Plus (E4+) line card.
Conditions: This symptom is observed on the E4+ line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A T3 link on a 4-port channelized OC-3 line card may not come up under Synchronous Digital Hierarchy (SDH) framing.
Conditions: This symptom is observed on a Cisco 10000 series when the 4-port channelized OC-3 line card interoperates with third-party vendor test equipment.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the AU-3 controller that contains the T3 link.
•
Symptoms: When an automatic protection switching (APS) switchover occurs from an active SONET T1 port to a standby port, the standby port may report a Loss of Signal (LOS) on a wrong line card, the alarm LED may illuminate on the line card that contains the standby port, and all T1 links may go down.
Conditions: This symptom is observed on a Cisco 10000 series when both transmit (TX) and receive (RX) fiber cables are removed from an active SONET T1 port that is configured for APS. A switchover to the standby port occurs, but the standby port reports LOS on a wrong line card, causing all T1 links to go down. The T1 links remain down until the fiber cables are reinserted on the port that was the active port before the switchover occurred.
Workaround: There is no workaround.
•
Symptoms: A loss of link adjacency that occurs on a provider edge (PE) interface may cause the improper cleanup of related data structures. When this behavior occurs, an error message that is similar to the following may be generated and the router may reload:
%SYS-2-NOTQ: unqueue did not find 43D7B8E8 in queue 43B0C8CC - Process= "LDP", ipl= 0, pid= 174Conditions: This symptom is observed on a router that is running the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Carrier Supporting Carrier (CsC) feature.
Workaround: There is no workaround.
•
Symptoms: After an interface is shut down, an untagged route may appear on a router that is functioning as a carrier supporting carrier provider edge (CSC- PE) router.
Conditions: This symptom is observed during a test with static routes. When the interface is shut down, the Tag Forwarding Information Base (TFIB) should be reconfigured to obtain the alternate route. However, because of difficulties with Tag Distribution Protocol (TDP), Border Gateway Protocol (BGP), and the tag for the alternate route, the alternate route becomes an untagged route.
Workaround: There is no workaround.
•
Symptoms: An OC-48 Packet-over-SONET (POS) interface may flap immediately after a high availability (HA) Fast Software Upgrade (FSU).
Conditions: This symptom is observed on a Cisco 10000 series when an HA FSU is performed from an image of Cisco IOS Release 12.0(23)S1 to an image of Release 12.0(23)S2.
Workaround: There is no workaround.
•
Symptoms: At regular intervals, the IP version 6 (IPv6) multicast packet forwarding rate on S,G entries may drop for a short period, and after a while, recovers.
Conditions: This symptom is observed on a Cisco 12000 series router when the ingress interface is an interface of an IP Services Engine (ISE) line card that is configured for hardware forwarding.
Workaround: There is no workaround.
Further Information: ISE line cards can forward some classes of S,G IPv6 multicast packets by using hardware forwarding. For some of these packet flows, Protocol Independent Multicast (PIM) requires that the forwarding (S,G) entry must be removed if it is not used for a while. Therefore, PIM must verify that the entry is still being used.
Before the fix of this caveat, the forwarding entry was removed from the hardware forwarding engine, and the packets that matched the forwarding entry were forwarded by the software, enabling PIM to verify that the entry was still being used. However, the switch from hardware forwarding to software forwarding caused a drop in the forwarding rate.
After the fix of this caveat, PIM consults the traffic forwarding statistics that are maintained by the hardware forwarding engine to verify that the entry is still being used. This new method no longer requires a switch from hardware forwarding to software forwarding.
•
Symptoms: Use of the dir directory command at the router command prompt fails to list files stored on an Advanced Technology Attachment (ATA) Flash card. However, an equivalent command on a PC lists the stored files.
Conditions: This symptom is observed on an ATA Flash card that has been formatted as FAT16 in a PC that is running Windows 2000. The card can no longer be read or reformatted under Cisco IOS software.
Workaround: Reformat the ATA Flash card as FAT16 on a PC that is running Windows 95 or Windows 98.
•
Symptoms: The Multiprotocol Label Switching (MPLS) Egress NetFlow feature does not work on a Cisco 10000 series.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco router or Cisco switch may reload when the group mode changes from the Protocol Independent Multicast dense mode to the PIM bidirectional mode.
Conditions: This symptom is observed when the PIM Dense-Mode State Refresh feature is enabled.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) line card may reload again after an online insertion and removal (OIR) is performed or after the card has unexpectedly reloaded because of an error condition.
Conditions: This symptom is observed on an E4+ line card that is installed in a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) line card may reload unexpectedly.
Conditions: This symptom is observed when more than one adjacency is established across the interfaces of the E4+ line card while the ip cef accounting per-prefix non-recursive global configuration command is enabled. This symptom may occur when there is no traffic present on the line card.
Workaround: Disable the ip cef accounting per-prefix non-recursive global configuration command.
•
Symptoms: The following error message may be displayed when an online insertion and removal (OIR) is performed on an 8-port OC-3 ATM line card:
%LC-4-UNEXPECTED_INP_INFO: Unexpected info in buffer header, input info 0x0The following message may be displayed if a redundant Route Processor (RP) is present on the router:
%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(32)Conditions: This symptom is observed after an OIR is performed on the 8-port OC-3 ATM line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) Gigabit Ethernet line card may reload unexpectedly.
Conditions: This symptom is observed when the E4+ line card is running a Performance Route Processor (PRP) Cisco IOS image.
Workaround: There is no workaround.
•
Symptoms: Pings from a customer edge (CE) router may fail in an Any Transport over Multiprotocol Label Switching (AToM) network.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series modular Gigabit Ethernet line card (EPA- GE/FE-BBRD) that has a 3-port Gigabit Ethernet port adapter (EPA-3GE-SX/LH-LC) is configured with the xconnect global configuration command and the port adapter is moved to another slot on the EPA-GE/FE-BBRD line card, the xconnect global configuration command remains with the EPA-3GE-SX/LH-LC port adapter. The router that is installed with the EPA-GE/FE-BBRD line card may reload if the xconnect global configuration command is reentered over the existing configuration.
Conditions: This symptom is observed on an EPA-GE/FE-BBRD line card that has an EPA-3GE-SX/LH-LC port adapter.
Workaround: Remove the xconnect global configuration command before moving the port adapter, or remove the xconnect global configuration command before reentering the command over the existing configuration of the port adapter that has been moved to another slot.
•
Symptoms: A Performance Route Processor (PRP) may reload without generating a crashinfo file.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: Input interface counters may be incremented by twice the number of packets.
Conditions: This symptom is observed when Frame Relay is configured on Engine 2 (E2) interfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series may fail to trigger an assert response on the Multicast Virtual Private Network (MVPN) Multicast Distribution Tree (MDT) tunnel interface when data is received on the tunnel interface.
Conditions: This symptom is observed on a Cisco 10000 series and may result in packet duplication and service interruption.
Workaround: There is no workaround.
•
Symptoms: When a link between two interfaces is brought up by following a specific sequence of steps, one side of the link displays a persistent alarm indication signal (AIS) that cannot be cleared without reloading the line card.
Conditions: This symptom is observed on a Cisco 12000 series that has the pos ais-shut interface configuration command configured on an Engine 4 (E4) or Engine 4 plus (E4+) line card.
Workaround: Remove the pos ais-shut interface configuration command or make sure "no loop int" is performed on the line clocking side first.
•
Symptoms: The tag forwarding performance for incoming packets that have labels may be degraded by about 45 percent.
Conditions: This symptom is observed on an Engine 0 ingress line card that is installed in a Cisco 12000 series when you compare the tag forwarding performance of Cisco IOS Release 12.0(24)S with the tag forwarding performance of Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: When you configure a static route using the ip route global configuration command, the following error messages may be generated:
%SYS-3-CPUHOG: Task ran for 3144 msec (248/31), process = CEF IPC Background, PC = 400B9CA0.
-Traceback= 400B9CA8 40856A48 40856BB4 4085734C 400A488C 400A4878
%FIB-4-RADIXINSERT: Error trying to insert prefix entry for 0.0.0.0/0Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Starting with Cisco IOS Release 12.0(23)S, Cisco 12000 series ATM interfaces will generate F4 segment Operation, Administration, and Maintenance (OAM) loopback cells. If the connected ATM switch does not support the F4 segment loopback cells, permanent virtual paths (PVPs) on the Cisco 12000 series ATM interface may not be brought up.
Conditions: This symptom is observed when ATM PVPs are configured on Cisco 12000 series ATM interfaces and the connected ATM switch does not support F4 segment loopback.
Workaround: Use Cisco IOS Release 12.0(22)S or an earlier release. These Cisco IOS releases do not generate the F4 OutSegloop (Segment Loopback) cell.
•
Symptoms: Entries in the tag forwarding table may disappear from a provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7513 and a Cisco 7200 series that is functioning in a cell mode Multiprotocol Label Switching (MPLS) over ATM (MPLSoA) environment with the Multi-VC mode enabled. The label protocol is Label Distribution Protocol (LDP).
Workaround: Enter the clear ip route network EXEC command on the affected PE router and enter the loopback address of the PE router as the network argument.
•
Symptoms: A router may reload during a class of service (CoS) update in a Weighted Random Early Detection (WRED) drops routine even though CoS and WRED are not configured on the router.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A router may incorrectly move a default static route from one upstream router to another upstream router and then back again, and may continue to flap the route every 60 seconds.
Conditions: This symptom is observed in the following configuration:
A Cisco router (referred to as router A) is connected to two upstream routers (referred to as router B and router C) via a common interface. Router A is configured with two default recursive static routes, one via an address that is advertised by router B, the other one via an address that is advertised by router C.
The administrative distances of the static routes are set in such a way that if both router B and router C are reachable, router A installs the default static route via router B. If router B becomes unreachable, router A installs the default static route via router C.
Router B is advertising X::1. Router C is advertising X::2. Router A is configured in the following way:
ipv6 route ::/0 X::1
ipv6 route ::/0 X::2 2When router B stops advertising X::1, router A removes the default static route via router B and installs the default static via router C. This is correct behavior. However, 60 seconds after the transition, router A incorrectly reinstalls the default static route via router B and removes the default static route via router C. Another 60 seconds later, router A removes the static route via router B and reinstalls the static route via router C. This route flap occurs every 60 seconds.
Possible Workaround: Do not rely on recursive static routes for the default route. For example, configure Interior Gateway Protocol (IGP) on routers B and C to advertise the default route. Appropriate configuration of metrics may ensure that the default route via router B is preferred to the one via router C, providing the same preference as the one that is obtained via static routes.
•
Symptoms: About 100 KB to 1 MB of processor memory may be lost when the default interface global configuration command is entered on a router. The memory loss can be detected by comparing the output of the show memory EXEC command by entering the show memory EXEC command both before and after configuring the default interface global configuration command on the router.
Conditions: This symptom occurs only if the default interface global configuration command is configured on a router.
Workaround: The memory loss can be avoided by manually unconfiguring interfaces using the no form of the interface configuration commands.
•
Symptoms: A Cisco 12000 series may reload while the CPU utilization is high.
Conditions: This symptom is observed when you reload the microcode onto a line card and you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on some interfaces.
Workaround: There is no workaround.
•
Symptoms: Sampled NetFlow accounting may not display reliable results.
Conditions: This symptom is observed on the Engine 4 (E4) enhanced services line card of a Cisco 12000 series that has a Performance Route Processor 1 (PRP-1).
Workaround: There is no workaround.
•
Symptoms: A Gigabit Ethernet IP Services Engine (ISE) line card may reload with a "TX ALPHA" error.
Conditions: This symptom is observed when the line card or the router is reloaded while the line card is sending IP version 6 (IPv6) linear rate traffic via 1000 VLANs. The symptom is also observed during reoptimizations when the router switches from a backup label switched path (LSP) to a new LSP, and the egress card is an ISE line card.
Note that the symptom may also occur on another ISE line card when the ISE line card transmits Multiprotocol Label Switching (MPLS) traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reload because of a software condition.
Conditions: This symptom is observed when you deconfigure the ipv6 access-list global configuration command.
Workaround: There is no workaround.
•
Symptoms: Data Multicast Distribution Tree (MDT) mappings may be deleted too soon, causing a loss of data, or may not be deleted at all, causing unnecessary data to be transferred.
Conditions: These symptoms are observed on a receiving provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 (E4) line card may reload after it displays the following error messages:
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. -Traceback=
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x1A1 - PIM: header start offset >= 16kB.
-Traceback=Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S under the following conditions:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: An Engine 4 (E4) line card may reload when hardware load balance structure allocation failures occur.
Conditions: This symptom is observed when an online insertion and removal (OIR) is performed on the other line cards that are installed on the router.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload.
Conditions: This symptom is observed on a VIP if Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow.
•
Symptoms: The amount of free memory on a router decreases as the memory that is held by the Simple Network Management Protocol (SNMP) engine process increases. The decrease in the amount of free memory can be verified by examining the output of the show processes privileged EXEC command.
Conditions: This symptom is observed when SNMP is used to walk the LDP-MIB MIB on a router that is running Cisco IOS Release 12.0(24)S or a later release, which supports LDP-MIB MIB Version 8, and when the router is configured for Multiprotocol Label Switching (MPLS).
Workaround: Avoid querying the LDP-MIB MIB. Information regarding the LDP-MIB MIB can be obtained by entering the show mpls ldp neighbor privileged EXEC command.
•
Symptoms: The class-based counters that indicate the total number of bytes and total number of packets in the output of the show policy-map interface EXEC or privileged EXEC command may provide incorrect information. The other counters in the output of the show policy-map interface EXEC or privileged EXEC command function properly.
Conditions: This symptom is observed when you enter the show policy-map interface EXEC or privileged EXEC command for an interface of an Engine 4 (E4) or Engine 4 plus (E4+) line card after you have performed one of the following actions:
–
–
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Conditions: This symptom is observed when Virtual Private Network (VPN) routing/forwarding (VRF) forwarding is configured on the interfaces that flap.
Workaround: There is no workaround.
2.
Conditions: This symptom is observed when you perform an OIR of an interface that has a VRF configuration in which the connected route is learned via a network statement. The connected route is removed when you perform the OIR.
Workaround: Do not simultaneously enter the clear ip bgp * privileged EXEC command and perform an OIR.
•
Symptoms: When an online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC) and the primary Route Processor (RP) after the standby RP comes up completely, the CSC is no longer displayed in the output of the show gsr EXEC command after the switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that is operating in the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: When you enter the ip cef distributed global configuration command and you create a tunnel interface, packets that are going through the tunnel interface are not switched via distributed switching, and the output of the show running-config EXEC command displays that the no ip route-cache distributed interface configuration command is enabled for the tunnel interface.
Conditions: This symptom is observed on a Cisco 7500 series after you have reloaded the router, you have entered ip cef distributed global configuration command, you have created a tunnel interface using the interface tunnel tunnel-number command, and you have entered the tunnel destination ip-address interface configuration command.
Workaround: Enter the ip route-cache distributed interface configuration command on the tunnel interface.
Alternate Workaround: After you have reloaded the router and before you create a new tunnel, enter the ip cef global configuration command followed by the ip cef distributed global configuration command.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: It may take a long time for a Cisco 12000 series to remove 250,000 Virtual Private Network version 4 (VPNv4) entries from an Engine 3 line card. While the router removes the VPNv4 entries, new VPNv4 entries cannot be updated on the line card.
Conditions: This symptom is observed when the router handles a large number (more than 80,000) of VPNv4 entries on its line cards and when a Border Gateway Protocol (BGP) session flaps (that is, the session remains down for a few minutes), causing the router to remove all VPNv4 entries and to repopulate these entries a few minutes later.
Workaround: There is no workaround.
•
Symptoms: When an optimized mode policy map is created by entering the match qos-group qos-group-value class- map configuration command, the command may not have any effect if the traffic is sent using a Spatial Reuse Protocol (SRP) side A interface.
Conditions: This symptom is observed only with optimized mode output policy maps.
Workaround: Use a nonoptimized mode policy map, and use another command instead of the match qos-group qos-group- value class-map configuration command in the class map.
•
Symptoms: Parallel Express Forwarding (PXF) reloads with the "0x680" software exception type in column 5 (T1RxC1).
Conditions: This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(21)ST5 but may also occur in Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: The Multiprotocol Label Switching (MPLS) experimental (EXP) bit setting feature on the ingress side is not effective if the output service policy to the Any Transport over Multiprotocol Label Switching (AToM) virtual path (VP) cell relay (CR) circuit is modified.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command to reprovision the VP CR circuit.
•
Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you reload microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S, Release 12.0(23)S, Release 12.0(24)S, or Release 12.0(25)S and that is functioning as a provider edge (PE) router in a Carrier Supporting Carrier configuration when the 4-port OC- 48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.
•
Symptoms: A Cisco 12000 series may reload because of a bus error exception.
Conditions: This symptom is observed when Protocol Independent Multicast (PIM) is enabled on a Packet over Sonet (POS) bundled interface on the Cisco 12000 series.
Workaround: Disable PIM on the POS-channel interface.
•
Symptoms: When a 32-bit byte counter in a Multiprotocol Label Switching (MPLS) flow overflows (the overflow occurs when the byte counter reaches the maximum 32-bit value of 4294967295 + N), the 32-bit byte counter resets to "N" causing a loss of 4294967295 bytes in the reported byte statistics.
Conditions: This symptom is observed when the MPLS aware NetFlow feature is enabled on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) traffic or MPLS Virtual Private Network (VPN) traffic is being forwarded by a Cisco 10720 router, about 50 percent of multicast traffic will be punted to a Route Processor (RP) and forwarded by the RP. The expected behavior is that multicast traffic should be forwarded by Parallel Express Forwarding (PXF) as long as a multicast route (mroute) entry exists. If many packets are punted to the RP, and the RP queue is congested, some of the multicast traffic that is being punted to the RP will be dropped. For example, multicast traffic may be dropped from a multicast application such as video or TV broadcast.
Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(22)S, Release 12.0(23)S1, or Release 12.0(24)S when the following conditions are met:
–
–
Workaround: Stop the MPLS or MPLS VPN traffic.
•
Symptoms: A line card may reload during the buffer carving process when a new configuration is manually entered.
Conditions: This symptom may occur under one of the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A line card may reload unexpectedly.
Conditions: This symptom is observed when the execute-on slot slot-number privileged EXEC command is entered on the line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When a 6-port channelized T3 line card is administratively shut down and reenabled after a switchover occurs in the Route Processor Redundancy Plus (RPR+) mode, the configuration synchronization of the line card may fail and the following messages may be displayed:
%GRP-4-OIRSYNC: Failed to sync inserted slot idback-timeout to stand by RP
%GRP-3-ERROR: slot info sync failed, state S_WAIT_SLOT_INSERT_SYNC s lot 12Conditions: This symptom is observed on a Cisco 12416 that has three 6-port channelized T3 line cards that are each configured with an even distribution of 1500 Frame Relay permanent virtual circuit (PVC) subinterfaces. The Cisco 12416 is configured with 200 Border Gateway Protocol (BGP) peers that have redundant Gigabit Route Processors (GRPs) that are running in the RPR+ mode.
Workaround: There is no workaround.
•
Symptoms: It may take about 10 minutes before a Versatile Interface Processor (VIP) synchronizes with a Cisco Express Forwarding (CEF) table.
Conditions: This symptom is observed after you reload the VIP that has the Single Line Card Reload (SLCR) feature and distributed CEF (dCEF) enabled, when there are about 40,000 prefixes in the CEF table, and when Border Gateway Protocol (BGP) is in stable condition.
Workaround: Increase the interprocess communications (IPC) cache significantly; when there are about 40,000 prefixes, increase the IPC cache using the ipc cache 3000 command.
•
Symptoms: A Route Processor (RP) may reload when a member is removed and added from one multilink group to another using distributed link fragmentation and interleaving (dLFI).
Conditions: This symptom has been observed when a member link from a different bay or Flex WAN is added to the multilink interface.
It may be possible to prevent the reload of the RP by shutting down the multilink interface and making a multilink span across line cards or different bays of the Flex WAN. However, this action is not a Cisco supported configuration for distributed Multilink PPP (MLP) or dLFI.
Workaround: There is no workaround.
•
Symptoms: When you enter the show running-config EXEC command, "No Card" is displayed.
Conditions: This symptom is observed on a Cisco 10000 series when you attempt to provision a 24-port channelized E1/T1 line card.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12416 may reload because a process is aborted when a watchdog timeout occurs and the following message is displayed:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Fabric Ping.
-Traceback= 501D5418 501D8CF8 501CEE3C 501BE79C 5024AE18 501ACF5C 501ACF48Conditions: This symptom is observed on a Cisco 12416 that has one 3-port Gigabit Ethernet line card and two 10-port Gigabit Ethernet line cards (that are each configured with an even distribution of 2000 VLAN subinterfaces). The Cisco 12416 is configured with 200 Border Gateway Protocol (BGP) peers that advertise 200,000 routes.
Workaround: There is no workaround.
•
Symptoms: The dsx1LineIndex variable for a channelized E1 interface may have an incorrect value for a 1-port multichannel E3 port adaptor (PA-MC-E3).
Conditions: This symptom is observed when you run the DS1-MIB MIB.
Workaround: There is no workaround.
•
Symptoms: The E3 controller of a Multi-Channel E3 port adapter (PA-MC-E3) is missing from IF-MIB and DS3-MIB.
Conditions: This symptom is observed on a PA-MC-E3 in all releases of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A corrupted VLAN ID may be created when a VLAN ID rewrite operation is configured on the VLAN interface of a Cisco 10720. When this symptom occurs, the Canonical Format Identifier (CFI) bit of the incoming 802.1q header is not preserved.
Conditions: These symptoms are observed with input packets that have the CFI bit of the 802.1q header set to a value of "1" (CFI=1) and when the new VLAN ID value has a value of "0" for bit 4 (when the count is made from the least significant bit position). The new VLAN ID value (that is produced by the VLAN ID rewrite operation) for the output packet will have an incorrect value of "1" for bit 4.
The CFI bit of the incoming packet is not preserved when the value of the CFI bit is "1" and the outgoing packet has a incorrect CFI bit value of "0".
Workaround: There is no workaround.
•
Symptoms: The rate of shaped traffic may not reach the configured rate.
Conditions: This symptom is observed when the incoming packet rate is low and the average inter-arrival time is longer than 4 ms.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: A Tag Forwarding Information Base (TFIB) Virtual Private Network version 4 (VPNv4) entry on an Autonomous System Boundary Router (ASBR) for a prefix may not be reinstalled, causing traffic for this prefix to continue to flow to a provider edge (PE) router via the previous best path.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN interautonomous system environment in which ASBRs are performing VPNv4 exchanges and in which a Border Gateway Protocol (BGP) session is active.
The ASBR on which the TFIB VPNv4 entry is not installed should receive a prefix from a Route Reflector (RR) that selects the best of two available paths between the RR and two PE routers. Both PE routers should allocate the same label for the prefix. The PE router to which the best path leads should withdraw the prefix.
Workaround: Clear the BGP session on the ASBR that is connected to the RR.
Alternate Workaround: Withdraw the prefix from the ASBR and readvertise the prefix by clearing the prefix on the PE router that advertises the prefix.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: On a Cisco 12000 series that is used as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, if an ATM line card is used to connect to a customer site while an Engine 2 (E2) OC-48 Packet over SONET (PoS) line card on the same router is connected to a provider (P) router, the ping that originates from the ATM line card that connects to the customer site will fail even though pings from the other sites to the ATM line card may be passed successfully.
Conditions: This symptom is observed when the configuration is freshly configured on the Cisco 12000 series instead of being loaded from Flash memory when the router is reloaded.
Workaround: Remove and reconfigure the permanent virtual circuit (PVC) on the ATM line card.
•
Symptoms: Traffic may not be matched to the correct class.
Conditions: This symptom is observed on a Cisco 12000 series Internet router. When the match access-group class-map configuration command is used, one of the access control lists (ACLs) is not defined.
Workaround: Define each ACL.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: When an IP version 6 (IPv6) access control list (ACL) is deleted and readded after the order of the access-control entries (ACEs) is changed, the ACL will not function normally and all access will be denied.
Conditions: This symptom is observed on a Cisco 12000 series that is running the c12kprp-p-mz Cisco IOS image.
Workaround: Readd the ACEs in the order of the original ACL, or add the "permit ipv6 any any" ACE entry to the ACL.
•
Symptoms: A traffic and routing outage may occur for several minutes on a router.
Conditions: This symptom is observed on a Cisco 12000 series when an uncorrected soft memory error and a simultaneously bounding policy-based routing (PBR) policy that is configured on an IP Services Engine (ISE) interface trigger a line card to reload.
The uncorrected soft memory error trigger occurs before the trigger that is caused by the simultaneously bounding PBR policy.
Workaround: There is no workaround.
•
Symptoms: Output access control lists (ACLs) are not applied to an output Engine 3 (E3) card.
Conditions: This symptom is observed if the output card is an Engine 3 (E3) card and if the input card is an Engine 4 (E4) or Engine 4 plus (E4+) card.
Workaround: There is no workaround.
•
Symptoms: After a single transmit buffer management (TBM) error occurs on a line card, the line card may reload because of a packet switch ASIC (PSA) pipeline stuck condition.
Conditions: This symptom is observed on an Engine 2 Packet-over-SONET (POS) line card that is installed in a Cisco 12000 series that is configured to switch Frame Relay packets.
Workaround: There is no workaround.
•
Symptoms: After a single transmit buffer management (TBM) error occurs on an 8- port OC-3 ATM line card, the line card may stop forwarding inbound and outbound traffic.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Input and output committed access rate (CAR) may not function on Engine 4 (E4) and Engine 4 plus (E4+) line cards. Traffic is dropped when you configure CAR on the ingress or egress interfaces of E4 or E4+ line cards.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The packet switch ASIC (PSA) table look-up (TLU) memory may fragment on an Engine 2 16-port OC-3 line card. After the line card flaps, distributed Cisco Express Forwarding (dCEF) may become disabled on the line card because of a memory allocation (MALLOC) failure. When these symptoms occur, the following error messages are generated:
%FIB-3-FIBDISABLE: Fatal error, slot 2: no memory
SLOT 2: %SYS-4-EXMALLOCFAIL: External memory allocation of 655360 bytes failed from EXMEM 1
-Process= "CEF IPC Background", ipl= 0, pid= 2
-Traceback= 400BAC1C 400A1884 400A2280 401C08B4
SLOT 2: %FIB-3-NOMEM: Malloc Failure, disabling DCEF on linecardConditions: These symptoms are observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Copying a file from a TFTP server to a Cisco 10720 may time out. A Telnet connection via any interface except for the console/AUX port on a Cisco 10720 may pause for several minutes before the connection recovers automatically.
Conditions: These symptoms are observed when Weighted Random Early Detection (WRED) is configured on a policy map, and the policy map is applied to any interface on a Cisco 10720.
Workaround: Remove the WRED configuration from all interfaces.
•
Symptoms: The set qos-group QoS policy-map configuration command may not function on a Multiprotocol Label Switching (MPLS) provider (P) router, and the counter for marked packets may overflow.
Condition: These symptoms are observed on a Cisco 7500 series that is functioning as an MPLS P router when the set qos-group QoS policy-map configuration command is configured for use in an incoming policy map that is applied to an ATM point-to-point virtual circuit (VC).
Workaround: There is no workaround.
•
Symptoms: Multibit errors may occur the packet synchronous dynamic random-access memory (SDRAM) of a line card, causing the line card to reload.
Conditions: This symptom is observed on a Cisco 12000 series 4-port Gigabit Ethernet IP Service Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: The show monitor event-trace fabric privileged EXEC command may not function properly. Other show monitor event-trace privileged EXEC commands may function properly.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) line card may exhibit "ALPHA" errors and reload.
Conditions: This symptom is observed on a Cisco 12000 series that has per- prefix accounting configured when the clear ip route * privileged EXEC command is entered to delete IP routing table entries.
Workaround: Disable per-prefix accounting.
•
Symptoms: The communication between a Cisco 12000 series Route Processor (RP) and a line card may fail. This situation affects the functionality of the line card.
Conditions: This symptom is observed on a Packet-over-SONET line card that is installed in a Cisco 12000 series when a Stateful Switchover (SSO) has occurred.
Workaround: There is no workaround.
•
Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast-routing global configuration command is enabled while there are tunnel interfaces configured.
Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command and when a traffic engineering (TE) tunnel is configured.
Workaround: There is no workaround.
•
Symptoms: Layer 2 fragmentation may not function in a Virtual Private Network (VPN) layer 2 interworking configuration and the following error messages may be generated:
L2FRAG: header computation error, may span particles
AC Switching[Se4/0]: Rcvd: Fast switched 804 bytes
AC Switching[Se4/0]: Xmit: Fast switched 360 bytesAfter the error messages have been generated, the packets are switched by using IP fragmentation or tunnel fragmentation.
Conditions: This symptom is observed on a Cisco 7200 series in a PPP configuration and on a Cisco 7500 series in a VLAN configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is about to relinquish its designated forwarding position may send "winner" messages instead of "pass" messages, preventing the router that is supposed to become the designated forwarder to actually become the designated forwarder. This situation prevents traffic from being forwarded.
Conditions: This symptom may be observed when bidirectional Protocol Independent Multicast (PIM) is enabled and you perform an online insertion and removal (OIR).
Workaround: To clear the affected multicast group, enter the clear ip mroute group-name EXEC command.
•
Symptoms: A Cisco 12000 series that is configured with a Performance Route Processor 1 (PRP-1) may pause indefinitely.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a PRP-1 when the configuration is being saved after it has previously received a break signal on the console. This symptom does not affect the Gigabit Route Processor (GRP).
The break signal can be received by the router when it is sent intentionally by a terminal or when it is unintentionally received as noise on the console connection. Unintentional noise may occur if a terminal or terminal server that is connected to the router is powered off or when certain terminals or personal computer terminal emulators are first connected. When the router pauses indefinitely, it must be power-cycled to be restored to a normal working condition.
Workaround: There is no workaround. If possible, avoid using the break signal in Telnet connections, and avoid using terminal connections that send break signals.
•
Symptoms: The following messages may be displayed when an 8-port OC-3 ATM line card boots up:
%LC-6-PSA_UNLOAD_UCODE: Unloading (BUNDLE_atm_taz_vanilla) bundle from the PSA
%LC-6-PSA_LOAD_UCODE: Loading (BUNDLE_atm_taz_atm_over_mpls) bundle into the PSA
%LC-6-PSA_UNLOAD_UCODE: Unloading (BUNDLE_atm_taz_vanilla) bundle from the PSA
%LC-6-PSA_LOAD_UCODE: Loading (BUNDLE_atm_taz_atm_over_mpls) bundle into the PSAConditions: This symptom is observed when an 8-port OC-3 ATM line card boots up with an ATM adaptation layer 5 over Multiprotocol Label Switching (AAL5oMPLS) or a cell relay over Multiprotocol Label Switching (CRoMPLS) configuration.
Workaround: There is no workaround.
•
Symptoms: Connectivity may be lost and the packet switch application-specific integrated circuit (ASIC) (PSA) pipeline may become stuck on an 8-port OC-3 ATM line card.
Conditions: This symptom is observed on the remote side of a Cisco 12000 series when you reset the imposition line card on the Cisco 12000 series, and Any Transport over Multiprotocol Label Switching (AToM) is configured on the imposition line card.
Workaround: Do not reset the imposition line card on which AToM is configured.
•
Symptoms: Traffic may not pass through a Spatial Reuse Protocol (SRP) Dynamic Packet Transport (DPT) Engine 2 (E2) line card after a switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Route Processors (RPs) while the Cisco 12000 series is in either the Route Processor Redundancy plus (RPR+) mode or the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following error message may be displayed on a Cisco 12400 series:
FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on slot 22Note that the slot numbers (that is, 8 and 22) are just examples.
Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router.
Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.
•
Symptoms: A ping from one customer edge (CE) router to another CE router may fail, and tracebacks may occur.
Conditions: This symptom is observed in a PPP/High-Level Data Link Control (HDLC) over Multiprotocol Label Switching (MPLS) configuration on a Cisco 12000 series when you use an Engine 3 line card to face the edge of the network and an Engine 4 plus line card to face the core of the network.
Workaround: There is no workaround.
•
Symptoms: A Frame Relay (FR) interface may go up and down continuously.
Conditions: This symptom is observed on an FR interface when the keepalive timeout is set to one second and fragmentation and traffic shaping are enabled on multiple permanent virtual circuits (PVCs).
Workaround: Increase the keepalive timeout to 5 seconds or more.
•
Symptoms: The Single Cell Relay Port Mode transport mode of the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature may not function, and the virtual circuits (VCs) that are configured through the xconnect peer-router-id vcid encapsulation mpls interface configuration command remain in the down state.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 8-port OC-3 ATM line card.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series may reload because of a bus error exception.
Conditions: This symptom is observed if a label value of 500 or greater is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 500or
Router#show hardware pxf cpu mpls labels 2-500The Cisco 10000 series does not reload if a label value of less than 500 is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 499or
Router#show hardware pxf cpu mpls labels 2-499Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may drop packets and log the following errors:
%IPC-5-SLAVELOG: VIP-SLOT4:
%SYS-2-INLIST: Buffer in list, ptr= 60BCAFC0
-Process= "<interrupt level>", ipl= 2Conditions: This symptom is observed on a Cisco 7500 series that is configured for Multilink Frame Relay (MFR).
Workaround: There is no workaround.
•
Symptoms: The Parallel Express Forwarding (PXF) network processor may send traffic to the Route Processor (RP). When the traffic rate is very high, CPU utilization may increase to 99 percent.
Conditions: These symptoms are observed on a Cisco 10720 when the outgoing interface list for an S,G entry with Prune (P) and RP-bit set (R) flags is null in the multicast routing table and multicast traffic for this S,G entry comes in from a Spatial Reuse Protocol (SRP) ring, Gigabit Ethernet interface, or Fast Ethernet interface.
Workaround: There is no workaround. Note that the symptom does not occur when the Protocol Independent Multicast (PIM) share tree and the shortest path tree (SPT) do not diverge.
•
Symptoms: If a user attempts to run field diagnostics on a fabric card that is on a 10 Gigabit Ethernet fabric-based router, the user will receive a banner that indicates that the card is not supported.
If a user attempts to run field diagnostics on a fabric card that is on a 2.5 Gigabit Ethernet fabric-based router, the router may reload.
Conditions: This symptom is observed when a field diagnostic is performed against any of the following card types:
hex decimal
card type card type
BFR_CARD_TYPE_CSC_BFR12 0x11, 17
BFR_CARD_TYPE_SFC 0x12, 18
BFR_CARD_TYPE_CSC_BFR16_OC48 0x17, 23
BFR_CARD_TYPE_SFC_BFR16_OC48 0x18, 24
BFR_CARD_TYPE_CSC_BFR8 0x14, 20
BFR_CARD_TYPE_CSC_BFR4 0x15, 21
BFR_CARD_TYPE_SFC_BFR8 0x16, 22
BFR_CARD_TYPE_CSC_BFRP_OC192 0x19, 25
BFR_CARD_TYPE_SFC_BFRP_OC192 0x1a, 26
BFR_CARD_TYPE_CSC_BFR10 0x1b, 27
BFR_CARD_TYPE_SFC_BFR10 0x1c, 28Workaround: Use an alternate method to determine if the replacement of the fabric card is necessary.
•
Symptoms: A ping may fail via a PortChannel interface.
Conditions: This symptom is observed when the PortChannel interface is configured on a 2-port Fast Ethernet ISL 100BASE port adapter (PA-2FEISL) and when the mac-address ieee-address interface configuration command is configured on the PortChannel interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Fast Ethernet interfaces of the PA-2FEISL.
•
Symptoms: When you enter the rate-limit output interface configuration command to apply a rate limit to an Engine 3 interface that already has an outgoing service policy applied to it, traffic that is going out of the interface may stop.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: To apply a rate limit to the interface, use the policy map global configuration command.
•
Symptoms: When you perform an online insertion and removal (OIR) procedure by replacing one Gigabit Ethernet (GE) line card with another GE line card, traffic may not flow from the newly inserted GE line card.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S1.
Workaround: Enter the hw-module slot shelf-id/slot-number reload privileged EXEC on the newly inserted GE line card.
•
Symptoms: When Cisco Express Forwarding (CEF) is disabled because of a memory allocation failure on an Engine 2 Dynamic Packet Transport (DPT) line card, the Connectionless Network Service (CLNS) adjacencies on interfaces on this line card may not be torn down.
Conditions: This symptom is observed on a Cisco 12000 series that functions when the external overload signalling router configuration command is configured in an Intermediate System-to-Intermediate System (IS-IS) environment.
When CEF is disabled on an Engine 1 DPT line card or an Engine 4 Packet-over- SONET (POS) line card in the same configuration, the CLNS adjacencies on interfaces on these line cards are properly torn down.
Workaround: There is no workaround.
•
Symptoms: A 6-port channelized T3 line card may reload when a T1 in-band loopup or loopdown is invoked while a bit error rate (BER) test is occurring.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Do not invoke a T1 in-band loopup or loopdown while a BER test is occurring. A typical and proper usage sequence would be the following:
1.
2.
3.
4.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require:
–
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, you query the mplsXCTable or a MIB walk occurs, and there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.
Workaround: Perform the following steps:
1.
2.
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server community public view nolsrmib ro
snmp-server view nolsrmib iso include
3.
•
Symptoms: An Engine 4 10-port Gigabit Ethernet (GE) line card may reload or you may not be able to ping across the modular GE interfaces of the line card.
Conditions: This symptom is observed on a Cisco 12410 that has a redundant Clock Scheduler Card (CSC) after you have performed an online insertion and removal (OIR) of the master (CSC).
Workaround: There is no workaround.
•
Symptoms: When the IP address is removed from a multilink interface, traceback errors may be generated.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A Parallel Express Forwarding (PXF) processor on a Cisco 10000 series may reload and generate the "T1 SW Exception" error message.
Conditions: This symptom is observed when multicast traffic is sent over a priority queue, which may occur when you configure a quality of service (QoS) policy map to use a priority queue. When the multicast traffic matches the QoS policy map, the traffic uses the priority queue, and the PXF processor may reload.
Workaround: Do not configure a priority queue for multicast traffic.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card may log "EE48-2- GULF_TX_SRAM_ERROR" error messages if certain packet types are forwarded incorrectly.
Conditions: This symptom is observed on Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers when multicast traffic is destined for the customer edge (CE) router.
Workaround: There is no workaround.
•
Symptoms: Basic tag switching may not function.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: Although traffic passes correctly when Frame Relay data-link connection identifier (DLCI) is configured, the output of the show frame-relay pvc privileged EXEC command does not display the input and output packets correctly.
Conditions: This symptom is observed on a 1-port OC-12 Packet-over-SONET (POS) line card and a 6-port OC-3 POS line card that are installed in a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S when Frame Relay DLCI is configured on the line cards.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.0(23)S.
•
Symptoms: The Automatic Protection Switching (APS) function may not failover after a line card is reset.
Conditions: This symptom is observed when a line card is reset (either by entering the hw-module reset EXEC command or by manually resetting the line card).
Workaround: There is no workaround.
•
Symptoms: The following error message may be generated often for slot 24 or 25 on a Cisco 12000 series:
%MBUS_SYS-3-NOBUFFER: Message from slot 25 in stream 0 droppedConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5 or Release 12.0(21)S6.
Workaround: There is no workaround.
•
Symptoms: When you enter the redundancy force-failover main-cpu privileged EXEC command on a Cisco 10000 series that is configured with two Performance Routing Engines (PREs), an automatic protection switching (APS) switchover occurs on 6-port OC-3 Packet-over-SONET (POS) line cards, which is incorrect behavior.
Conditions: This symptom is observed when APS is configured on 6-port OC-3 POS line cards in two different Cisco 10000 series that are connected back-to-back and you enter the following sequence of commands:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: The ip cef global configuration command does not function.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Condition 1: This symptom is observed on the protect interface of a Cisco 10000 series 6-port OC-3c/STM-1 Packet-over-SONET (POS) module when you enable multirouter automatic protection switching (multirouter APS) on a redundant Cisco 10000 series.
Workaround 1: Disable keepalives on both the active and the protect interfaces.
2.
Condition 2: This symptom is observed on the interface of a Cisco 10000 series 6-port OC-3c/STM-1 Packet-over-SONET (POS) module when two Cisco 10000 series are connected back-to-back via 6-port OC-3c/STM-1 POS modules, and the routers are configured with different encapsulations.
Workaround 2: Disable keepalives on the interfaces of both 6-port OC-3c/STM-1 POS modules.
•
Symptoms: The shape policy map class configuration command that is entered via modular QoS CLI (MQC) may not function on an ingress interface of a 4-port Gigabit Ethernet IP Services Engine (ISE) line card.
Conditions: This symptom is observed on a Cisco 12000 series after a Stateful Switchover (SSO) of a Route Processor (RP) has occurred.
Workaround: Reload the affected line card.
•
Symptoms: A Cisco 12000 series Route Processor (RP) may reload.
Conditions: This symptom is observed when you attempt to modify a quality of service (QoS) policy that is applied to a VLAN interface on a 4-port Gigabit Ethernet IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: Frame Relay over Multiprotocol Label Switching (FRoMPLS) connectivity may not function.
Conditions: This symptom is observed when a Cisco 12000 series is configured with an Engine 2 line card that has link bundling enabled.
Workaround: There is no workaround.
•
Symptoms: The flow records of an ingress line card may indicate a double count for packets and bytes.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) packets are received on a Cisco 12000 series line card that supports MPLS-aware NetFlow.
Workaround: There is no workaround. Note that the symptom does not affect traffic switching and forwarding.
•
Symptoms: A Cisco 10000 series Parallel Express Forwarding (PXF) network processor may fail because of a local bus exception, and an error message similar to the following may be generated:
%TOASTER-2-FAULT: T0 Local Bus Exception: CPU[t0r0c1] TBBA at 0x0839 LR 0x08C9Conditions: This symptom is observed when an Internet Control Message Protocol (ICMP) echo request packet (that is, a ping) is received on an interface that has input access control list (ACL) logging enabled. The symptom is more likely to occur when the PXF has to handle more traffic, although the traffic does not need to be related to the ICMP echo request packets.
Workaround: Disable ACL logging.
•
Symptoms: Some interfaces of a Cisco 10000 series 6-port channelized T3 line card may not come up.
Conditions: This symptom is observed when you configure the T3 controller with any combination of time slots, but using more than 15 and fewer than 21 time slots.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reboot when you enter the no srp reject H.H.H interface configuration command on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed intermittently. If there is no valid entry to be removed for the srp reject H.H.H interface configuration command, the command negation has no impact.
Workaround: There is no workaround.
•
Symptoms: A router may not boot to the configured Cisco IOS software version when the full path of the Cisco IOS image is specified in the boot system flash global configuration command, such as in the following example:
boot system flash disk0:c12kprp-p-mz
Conditions: This symptom is observed on a Cisco 12000 series router that is configured with dual Performance Route Processors (PRPs).
Workaround: Configure the boot system flash global configuration command without specifying the device name, such as in the following example:
boot system flash c12kprp-p-mz
•
Symptoms: Policing may not function properly for a cell relay virtual circuit (VC) that is located on an interface of an ATM Engine 0 line card and that is configured by entering the pvc vpi/vci l2transport interface configuration command. The rate at which policing is performed may occur at 16 times the configured rate.
In addition, violated data traffic that is sent from a peer to the cell relay VC may not be dropped, even though the cell relay VC is configured to do so.
Conditions: This symptom is observed on a Cisco 12000 series when the interface of the ATM Engine 0 line card connects via the cell relay VC to any other ATM interface, and you apply a policing configuration that includes the violate-action drop keywords to the VC.
Workaround: Configure the policing rate to be 16 times lower than the desired rate.
•
Symptoms: The output of the show controller srp privileged EXEC command may indicate an unspecified SONET transceiver type for the Engine 4 plus (E4+) 4-port OC-48c/STM-16c DPT line card.
Incorrect command output:
SFP EEPROM INFO: SIDE A
SFP Module is: VALIDATED
ID: SFP transceiver
Extended ID: 4
Connector: LC
SONET compliance: unspecified <=== IncorrectCorrect command output:
SFP EEPROM INFO: SIDE A
SFP Module is: VALIDATED
ID: SFP transceiver
Extended ID: 4
Connector: LC
SONET compliance: OC48 Long Reach (LR2) <=== CorrectConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S or a later release when the small form-factor pluggable (SFP) card is long reach-1 (LR-1) or long reach-2 (LR-2).
Workaround: Instead of using the show controller srp privileged EXEC command, look at the following components to find out the type of SFP card (that is, whether the SFP card is LR-1 or LR-2):
–
–
•
Symptoms: When you modify a policy-based routing (PBR) configuration for next-hop changes, the changes may not be updated in the ternary content addressable memory (TCAM).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: Remove the PBR configuration from the interfaces, and then reapply the PBR configuration to the interfaces.
•
Symptoms: Packet sizes on the boundary may fail across a tunnel that is configured for IP version 6 (IPv6).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: The priority-queue traffic of a Frame-Relay subinterface may stop flowing.
Conditions: This symptom is observed when you remove a hierarchical outgoing Modular QoS CLI (MQC) policy from the main interface of an IP Services Engine (ISE) line card that is configured for Frame-Relay encapsulation.
Workaround: Reapply the hierarchical outgoing MQC policy to the subinterface.
•
Symptoms: A Cisco 10000 series Parallel Express Forwarding (PXF) processor may drop packets that are received on a Multicast Tunnel Interface (MTI). This situation prevents the Protocol Independent Multicast (PIM) protocol from forming neighbor relationships with other provider edge (PE) routers in the network, causing loss of Multicast Virtual Private Network (MVPN) traffic.
Conditions: This symptom is observed after you have reloaded a Cisco 10000 series that functions as a PE router, and the Cisco 10000 series has downloaded an MVPN configuration.
Workaround: Reload the microcode onto the PXF processor by entering the microcode reload pxf privileged EXEC command.
•
Symptoms: An incorrect Path Maximum Transmission Unit (PMTU) that does not account for the Layer-2 encapsulation length that may be advertised to a customer edge (CE) router.
Conditions: This symptom is observed when both the Layer 2 Tunnel Protocol Version 3 (L2TPv3) Path MTU discovery feature and the L2TPv3 Xconnect service are configured.
Workaround: There is no workaround.
•
Symptoms: The startup configuration file may become corrupt.
Conditions: This symptom is observed when multiple Telnet sessions simultaneously execute the copy running-config startup-config EXEC command. Only one Telnet session at a time should execute the copy running-config startup-config EXEC command.
Workaround: To save the configuration properly, reenter the copy running-config startup-config EXEC command.
•
Symptoms: A Cisco router that is running Multiprotocol Label Switching (MPLS) may reload after a message similar to the following is generated:
%SYS-3-OVERRUN: Block overrun at 5414B2C8 (red zone 00000000)Conditions: This symptom is observed when more than 672 Label Distribution Protocol (LDP) sessions are established simultaneously and when LDP cannot perform some background tasks for an advertised Label Information Base (LIB) entry before the local label is changed or withdrawn.
Workaround: There is no workaround.
•
Symptoms: Packets may not be decapsulated by a line card on which an egress tunnel is configured.
Conditions: This symptom is observed on a Cisco 12000 series when traffic passes through a generic routing encapsulation (GRE) tunnel that is configured on an Engine 4 line card that is facing the customer side.
Workaround: There is no workaround.
•
Symptoms: A committed access rate (CAR) output rule may not function on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed on a Cisco 7500 series, regardless if legacy quality of service (QoS) or modular QoS CLI (MQC) is configured.
Workaround: There is no workaround.
•
Symptoms: IP packets that include padding data may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 10-port Gigabit Ethernet line card and a 4-port OC-48c/STM- 16c DPT line card.
Workaround: There is no workaround. Note that the symptoms do not occur when you replace the 10-port GE line card with a 3-port GE line card.
•
Symptoms: A router may incorrectly encapsulate packets when Multicast Distributed Switching (MDS) is enabled. This causes traffic to be blackholed.
Conditions: This symptom is observed on a Cisco router that is configured with MDS and with a generic routing encapsulation (GRE) tunnel interface.
Workaround: There is no workaround.
•
Symptoms: A memory allocation (MALLOC) failure may occur during a Cisco Express Forwarding (CEF) process on a redundant Route Processor (RP), causing the redundant RP to stop processing enqueued CEF update messages that were sent by the active RP, which can be observed in the output of the show cef linecard EXEC command.
Because the redundant RP no longer processes CEF update messages that are sent by the active RP, the message queue on the active RP continues to grow, causing the free memory of the active RP to decrease. The rate of this decrease depends on the rate of prefix changes in the network. The continued growth of the message queue eventually results in a MALLOC failure on the active RP.
Conditions: This symptom is observed on a Cisco router that is configured with redundant RPs.
Workaround: Reload the redundant RP by entering hw-module secondary-cpu reset EXEC command.
•
Symptoms: A Cisco 7200 series or Cisco 7500 series may drop Virtual Private Network (VPN) traffic for a period of time when one of the label switch controllers (LSCs) along a path is reset. The period of time is dictated by the time that a Label-Controlled ATM (LC-ATM) interface requires to reestablish the ATM label virtual circuit (LVC) by using the downstream-on-demand mode.
Conditions: This symptom is observed on a Cisco 7200 series or Cisco 7500 series that functions in a Multiprotocol Label Switching VPN environment with a LC-ATM core that is configured with multiple paths to an egress provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: Aggregate NetFlow version 8 may report that the destination interface for all traffic flows is "Null."
Conditions: This symptom is observed on a Cisco 12000 series IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: Some disposition forwarding entries of virtual circuits (VCs) may be missing from the Tag Forwarding Information Base (TFIB), preventing traffic from passing through these VCs.
Conditions: This symptom is observed on a Cisco 12000 series when multiple VCs are configured.
Workaround: Reconfigure the affected VCs.
•
Symptoms: Packets may be dropped by a 3-port Gigabit Ethernet line card that is installed in a Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:
–
–
–
–
Workaround: If this is an option, remove the output ACL, or use Cisco IOS Release 12.0(23)S or a later release.
•
Symptoms: You cannot configure available bit rate (ABR).
Conditions: This symptom is observed when you attempt to configure ABR on an ATM Layer-2 transport permanent virtual circuit (PVC).
Workaround: There is no workaround.
•
Symptoms: After a Route Processor Redundancy Plus (RPR+) switchover occurs, the deletion of an existing permanent virtual circuit (PVC)/permanent virtual path (PVP) fails. This situation prevents you from recreating the same PVC/PVP. You can create a new PVC/PVP, but once you delete it, you cannot recreate it because the PVC remains in the active state.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0 S or Release 12.0 SX.
Workaround: There is no workaround. To enable the router to return to normal operation, reload the router.
•
Symptoms: Fast ReRoute (FRR) may not be activated after you have reloaded a router.
Conditions: This symptom is observed when you reload a Cisco 10000 series that has both multirouter automatic protection switching (multirouter APS) and FRR in its startup configuration.
Workaround: Deconfigure multirouter APS before you reload the router; reconfigure multirouter APS after the router has completed its bootup process.
•
Symptoms: All ports of an Engine 0 (E0) digital service 3 (DS3) card may remain in an "up/down" condition indefinitely.
Conditions: This symptom is observed on Engine 0 (E0) DS3 cards when one of the ports receives a "yellow" alarm.
Workaround: Reload microcode onto the DS3 card by entering the microcode reload global configuration command.
•
Symptoms: The microcode bundle for the Class-Based Marking feature may not be loaded onto a 16-port OC-3 POS line card.
Conditions: This symptom is observed when the Class-Based Marking is configured on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A line card may reload when you apply a policy-map global configuration command that has the set-prec-transmit keyword configured in QoS policy-map configuration mode.
Conditions: This symptom is observed on a Cisco 12000 series Gigabit Ethernet IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 Packet-over-SONET (POS) line card that is configured with a 128-line input access control list (ACL) may incorrectly block packets.
Conditions: This symptom is observed on a Cisco 12000 series and only occurs with some ACLs.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 Packet-over-SONET (POS) line card that is configured with an input access control list (ACL) may incorrectly report large values for the input-rate counter.
Conditions: This symptom is observed when an input ACL is applied. The symptom stabilizes after about one hour.
Workaround: There is no workaround.
•
Symptoms: Toward the Fabric (ToFab) quality of service (QoS) may not function on an IP Services Engine (ISE) line card.
Conditions: This symptom is observed on a Cisco 12000 series when slot of the router is empty.
Workaround: Insert a line card into slot 0.
•
Symptoms: An Engine 4 plus (E4+) Gigabit Ethernet (GE) line card may reload when another line card in the router is reloaded.
Conditions: This symptom is observed on a Cisco 12000 series when the E4+ GE line card switches traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you remove a subinterface by entering the no interface global configuration command, and the following error messages and tracebacks are generated:
Unexpected exception, CPU signal 10, PC = 0x50A984CC
-Traceback= 50A984CC 50A98574 50A98F08 50A99CE4 50AE1BBC 50AE28C8 50AE5A04 50AEC734 50AE5BD4 50AE5D00 50AE5FE8 50AE1E3C 50AE2508 50AE2828 5031AB2C 5031AB18
$0 : 00000000, AT : 514C0000, v0 : 02001021, v1 : 51527F50
a0 : 02001021, a1 : 00000019, a2 : 00004204, a3 : 50AE2580
t0 : 00000028, t1 : 3401FD01, t2 : 34018100, t3 : FFFF00FF
t4 : 503469A0, t5 : 00000003, t6 : 00000000, t7 : 1035E2AF
s0 : 02001021, s1 : 00000000, s2 : 00000000, s3 : 00000000
s4 : 00000000, s5 : 00000000, s6 : 00000000, s7 : 00000000
t8 : 51F0F654, t9 : 00000000, k0 : 30419001, k1 : 30410000
gp : 5129AEC0, sp : 51F20D08, s8 : 00000000, ra : 50A98574
EPC : 50A984CC, ErrorEPC : BFC28130, SREG : 3401FD03
Cause 00000010 (Code 0x4): Address Error (load or instruction fetch) exception
*** System received a Bus Error exception ***
signal= 0xa, code= 0x10, context= 0x514be1a4
PC = 0x50347080, Cause = 0x6420, Status Reg = 0x34018002Conditions: This symptom is observed when you first apply the xconnect global configuration command to a subinterface and then remove the subinterface.
Workaround: Deconfigure the xconnect global configuration command on the subinterface before you remove the subinterface.
•
Symptoms: A 1-port 10-Gigabit Ethernet (GE) line card may reload when you copy a large undefined access control list (ACL) from a TFTP server.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0 S when traffic is flowing through the 1-port 10-GE line card.
Workaround: Copy the ACL from the TFTP server; then, apply the ACL to the interface of the 1-port 10-GE line card.
•
Symptoms: Ingress Multiprotocol Label Switching (MPLS) explicit-null packets are processed in the slow path of an Engine 2 line card (that is, the packets are forwarded to the CPU of the line card), causing the performance of the line card during the processing of such packets to be significantly less than expected.
Conditions: This symptom is observed on all Cisco 12000 series Engine 2 line cards.
Workaround: There is no workaround.
•
Symptoms: A user session may pause indefinitely, causing a Cisco router to become unresponsive.
Conditions: This symptom is observed when multiple simultaneous users enter modular QoS CLI (MQC) commands on the same router via separate vty sessions.
Workaround: Allow only one user at a time to enter MQC commands.
•
Symptoms: After you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface, pings may fail on this interface.
Conditions: This symptom is observed on an interface that has both PPP and Intermediate System-to-Intermediate System (IS-IS) configured.
Workaround: There is no workaround.
•
Symptoms: When a packet reaches a destination provider edge (PE) router, the label stack is removed, the IP header is checked, and a header checksum error may be found, causing the packet to be dropped.
On a platform that is configured for Cisco Express Forwarding (CEF), these drops are visible in the "ChkSum_Err" column in the output of the show cef drop EXEC command or in the "checksum errors" field under the IP section in the output of the show ip traffic EXEC command.
Conditions: This symptom is observed when the following conditions are present:
–
–
Workaround: Do not configure both FRoMPLS and L3VPN on the same line card.
•
Symptoms: Label Distribution Protocol (LDP) does not send a label release message in response to a label withdraw message.
Conditions: This symptom is observed in an Any Transport over Multiprotocol Label Switching (AToM) configuration.
Workaround: There is no workaround.
•
Symptoms: When the atm address-registration interface configuration command is entered via a script, the following message may be displayed:
% Please 'shut/no shut' this interface for this command to take effectAlthough no functional error has occurred, the message causes the script to fail.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you enter the dir EXEC command.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(1) when you enter the dir EXEC command for a directory with a long name.
Workaround: There is no workaround.
•
Symptoms: When NetFlow data is processed at interrupt-level, the CPU utilization of a route processor (RP) may become high.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow is configured and many small data flows are processed on the router.
Workaround: There is no workaround.
•
Symptoms: A line card may reload after a Stateful Switchover (SSO) occurs.
Conditions: This symptom is observed on a Cisco 12000 router.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series line card may not forward IP version 6 (IPv6) multicast traffic.
Conditions: This symptom is observed on an Engine 1 2-port OC-12 Dynamic Packet Transport (DPT) line card and an Engine 3 4-port OC-12 DPT line card.
Workaround: There is no workaround.
•
Symptoms: Auto negotiation may not work as expected on a router.
Conditions: This symptom is observed when a Cisco 10720 router is used in a network that has a Cisco Catalyst 6500 switch and a vendor-specific optical repeater.
Workaround: There is no workaround.
•
Symptoms: Interface flapping may occur on a Cisco 12000 series line card that is configured for Multilink PPP (MLP).
Conditions: This symptom is observed on a 6-port channelized T3 line card and a 2-port channelized OC-3/STM-1 (DS1/E1) line card when the MLP bundle interface at the remote site is either shut down or not configured at all, and when one or more links at the remote site are configured as MLP members, but are not associated with the MLP bundle interface. This situation is a misconfiguration.
Workaround: Avoid the misconfiguration.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload. CPUHOG messages may be displayed on the console before the router reloads.
Conditions: This symptom is observed in configurations with many interfaces or IP addresses, or with a very large number of labelled prefixes.
Workaround: There is no workaround.
•
Symptoms: Traffic may be blocked when Distributed Multilink Frame Relay (DMFR) is configured.
Conditions: This symptom is observed when the traffic is switched from the input interface by using fast switching rather than Cisco Express Forwarding (CEF).
Workaround: Configure CEF or distributed CEF (dCEF) on the input interface.
•
Symptoms: Distributed Cisco Express Forwarding (dCEF) may become disabled on a Versatile Interface Processor (VIP) and the following error message may appear on the console:
%FIB-3-FIBDISABLE: Fatal error, slot 12: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed on a Cisco 7500 series VIP2-50 and VIP4- 80 in which ATM OC-3 port adapters such as the PA-A1-OC3 or PA-A3-OC3 are installed when the Cisco 7500 series is upgraded to Cisco IOS Release 12.0(24) S or Release 12.0(24)S1.
Possible Workaround: Reload CEF on the VIP by entering the clear cef linecard slot-number EXEC command.
Possible Alternate Workaround: Restart the VIP by performing an online insertion and removal (OIR).
•
Symptoms: Any Transport over MPLS (AToM) traffic may be dropped at the disposition line card.
Conditions: This symptom is observed on a Cisco 12000 series when the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature is enabled on an 8-port OC-3 ATM line card and the disposition line card is an Engine 3 line card, such as a 4-port OC-12 Packet-over-SONET (POS) line card or a 1-port OC-48 POS line card.
Workaround: There is no workaround.
•
Symptoms: A standby Performance Routing Engine (PRE) may reload continuously, and the router may enter the "standby cold-bulk" redundancy state.
Conditions: This symptom is observed with certain configurations. The standby PRE may reload continuously when a new image is loaded after the hw-module reset standby-cpu reset global configuration command is entered or after a switchover occurs.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload because of a bus error when you repeatedly enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface at the remote end of the Cisco 12000 series.
Conditions: This symptom is observed when the interface at the remote end is an ATM interface of an Engine 0 4-port OC-3 ATM or 1-port OC-12 ATM line card that has the atm pvp interface configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: The Label Distribution Protocol (LDP) session between two adjacent routers may fail to establish when you configure the seconds argument of the mpls ldp discovery hello interval seconds global configuration command for one router to be significantly shorter in duration than the seconds argument of the same command for the other router.
Conditions: This symptom is observed in an IP over Multiprotocol Label Switching (MPLS) configuration when the router that is configured with the seconds argument of longer duration is also configured to actively establish the TCP connection (in conformance with Section 2.5.2 of RFC 3036).
The output of the show mpls ldp discovery detail privileged EXEC command indicates that the associated discovery interface of the router that is configured to actively establish the TCP connection is stuck in the "xmit (not ready)" state.
The router that passively establishes the TCP connection may indicate via "NBRCHG" log messages that the LDP session comes up and immediately goes down repeatedly.
Workaround: For both routers, configure the seconds argument to be of similar duration by using the mpls ldp discovery hello interval seconds global configuration command or the mpls ldp discovery hello holdtime seconds global configuration command.
•
Symptoms: A Cisco 10000 series does not support the 16-byte Path Trace Buffer (PTB) for Synchronous Digital Hierarchy (SDH) framing, which may cause difficulties for other platforms.
Conditions: This symptom is observed on a Cisco 10000 series. The Cisco 10000 series does support a 64-byte PTB in which information is exchanged (IP address, chassis name, and so on).
Workaround: There is no workaround.
•
Symptoms: Packet loss may occur during Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel reoptimization on a Cisco 12000 series.
Conditions: This symptom is observed when the initial outgoing interface of the TE tunnel is configured on an IP Services Engine (ISE) line card and when at least 200 Interior Gateway Protocol (IGP) prefixes can be reached through the tunnel.
Workaround: There is no workaround.
•
Symptoms: A standby Gigabit Route Processor (GRP) may reload with a bus error.
Conditions: This symptom is observed after the ATM interface of a Cisco 12000 series is shut down.
Workaround: There is no workaround.
•
Symptoms: The Any Transport over MPLS (AToM) disposition path may not function on a Cisco 12000 series.
Conditions: This symptom is observed when both the imposition path and the disposition path are configured on the same line card.
Workaround: There is no workaround.
•
Symptoms: Unicast traffic to and from a Cisco 12000 series may be blocked, you may not be able to ping local or remote interface addresses, and the router may generate error messages similar to the following:
%LC-3-BMAERRS: ToFab BMA error status xxxxx
%LC-3-BMAERRS: ToFab BMA PLIM error xxxxx
%GSR-3-INTPROC: Process Traceback= xxxxxxxxConditions: This symptom is observed on a Cisco 12000 series when the ingress and egress path for unicast traffic runs via a 4-port OC-12 ATM line card that is configured for Multiprotocol Label Switching (MPLS) forwarding.
Workaround: There is no workaround.
•
Symptoms: A customer of a service provider (SP) may report poor performance across new long-distance (over 100 km) E3 lines with a file transfer rate of about 3 to 5 Mbps. Frame check sequence (FCS) errors may occur in G.751 frames, "Time to Live," "Transport Retransmission," and "TCP Connection Reset by Server" conditions, and other conditions may occur in the LAN. The symptoms are caused by difficulties with the clock signal.
Conditions: These symptoms are observed on a Cisco 7200 series, Cisco 7500 series, and Cisco 7600 series that are configured with a 1-port E3 serial port adapter (PA-E3), but these symptoms may also occur on a 2-port E3 serial port adapter (PA-2E3). The symptoms are not platform specific but port-adapter specific. The symptoms are not observed when short-distance E3 lines are used.
The clocking is not provided by the Plesichronous Digital Hierarchy (PDH)/Synchronous Digital Hierarchy (SDH) network of the SP but by the internal clock source of one of the routers of the SP customer (that is, the clock source internal controller configuration command is configured), while another router of the SP customer is configured as the clock slave (that is, the clock source line controller configuration command is configured). However, the symptom may also occur when the clocking is provided by the SP.
When a line interruption occurs, the PA-E3 on which the clock source line controller configuration command is configured may not switch back its transmitter clock (which should be synchronized from the incoming clock signal of the line) from internal clocking to line clocking. When the line is down, the router in which this PA-E3 is installed temporarily uses its internal clock signal. When the line comes back up again, the router should switch back to the line clock signal.
Long-distance lines are affected because the router that receives traffic over long-distance lines requires a relatively long time to synchronize its clock via line clock signal. The symptoms are observed during the initial link up and during line interruptions.
Workaround: Use enhanced 1-port ATM E3 port adapters (PA-A3-E3) on which the clocking difficulties do not occur.
Temporary Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the serial interface of the affected PA-E3. Doing so provides a workaround until the next line interruption.
•
Symptoms: A Cisco 12000 series may reload when you reload the microcode onto a line card.
Conditions: This symptom is observed when the line card is configured with 60 Virtual Router Redundancy Protocol (VRRP) groups.
Workaround: Do not configure more than 50 VRRP groups on a line card.
•
Symptoms: On a Cisco platform, free memory may decrease gradually during normal system operation. When network instability occurs, free memory may decrease in the order of tens of MBs over a short period of time.
The output of the show processes memory EXEC command indicates that the Border Gateway Protocol (BGP) router process holds an amount of memory that is increasing as the free memory is decreasing.
Conditions: This symptom is observed on a Cisco platform that is running Cisco IOS Release 12.0(23)S1 or a later release and that has the ip default-network network-number global configuration command enabled.
Workaround: Disable the ip default-network network-number global configuration command to stop the free memory from decreasing. However, to free up the held memory, reload the platform.
•
Symptoms: When a slave Route Switch Processor (RSP) is reloaded by the master RSP, or when you enter the hw-module sec-cpu reset privileged EXEC command, the slave (RSP) may generate the following error message and tracebacks:
%HA-2-CCB_PLAYBACK_ERROR: CCB playback failed.
-Traceback= 40439E14 404339D0 404CC4F0 402E1AA8 403139D8 40323BC0 40323DB0 40323E4C 401C7EE4 402E34C8 4037BD3C 4037BD28Conditions: This symptom is observed on a Cisco 7507 that is running Cisco IOS Release 12.0(24)S1, that is configured for Route Processor Redundancy Plus (RPR+) or High System Availability (HSA), and that is configured with a 1-port Packet-over-SONET OC-3c/STM-1 single-mode port adapter (PA-POS-OC3SMI).
Workaround: There is no workaround. Note that the symptoms do not occur when you remove the PA-POS-OC3SMI.
•
Symptoms: When configuration changes are made, a Cisco 7500 series Versatile Interface Processor (VIP) may pause indefinitely, produce large numbers of spurious memory accesses, or reload. This situation may cause the router to detect that interfaces on the VIP are not sending packets and to report that the output of the interfaces is stuck.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for fragmentation and shaping on a Frame Relay interface using modular QoS CLI (MQC).
Workaround: Before you make quality of service (QoS) policy or Frame Relay fragmentation changes on an interface of the VIP, enter the shutdown interface configuration command on the interface.
•
Symptoms: The following error message may be displayed on a router:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x50164CDC reading 0x0Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: At least 30 percent of the CPU of a Performance Routing Engine 1 (PRE-1) may be utilized to process flows, causing the number of packets that are processed per second to be much lower than you would expect.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow and NetFlow export are enabled and when there is a large number of flows (more than 10,000).
Workaround: Disable NetFlow.
Alternate Workaround: Reduce the number of entries in the NetFlow cache of the Route Processor (RP) by entering the ip flow-cache entries 1024 global configuration command. Doing so reduces the load of the CPU of the PRE-1. Note that the primary cache is located on the Parallel Express Forwarding (PXF) processor and supports a fixed number of 512 entries.
•
Symptoms: Interfaces on one Engine 4 (E4) 3-port Gigabit Ethernet (GE) port adapter (EPA-3GE-SX/LH-LC) may use the same interface description blocks (IDBs) as interfaces of an adjacent E4 3-port GE port adapter that is installed on the same GE modular baseboard (EPA-GE/FE-BBRD). This situation may cause forwarding difficulties and Cisco Express Forwarding (CEF) inconsistencies on other line cards that are installed in the same router. You can verify the symptoms in the output of the show cef interface EXEC command.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with more than one GE modular baseboard when several E4 3-port GE port adapters are installed on a single GE modular baseboard.
Workaround: Reload the router.
•
Symptoms: Layer 2 load balancing may not function.
Conditions: This symptom is observed on Packet-over-SONET (POS) channels that are configured on a Cisco 12000 series Engine 3 line card that functions as an ingress line card.
Workaround: There is no workaround.
•
Symptoms: Occasional ping failures may be observed over a VLAN interface.
Conditions: This symptom is observed on the VLAN interface of a Cisco 12000 series modular Gigabit Ethernet line card. The Cisco 12000 series modular Gigabit Ethernet line card is connected to Cisco Catalyst switches over VLAN interfaces.
Workaround: There is no workaround.
•
Symptoms: A hierarchical parent policy may not function. When you apply the hierarchical parent policy, the output of the show running-config privileged EXEC mode may not display the configuration for the hierarchical parent policy.
Conditions: This symptom is observed on a Packet-over-SONET (POS) interface and an Ethernet interface of a Cisco 12000 series Engine 3 line card.
Workaround: There is no workaround. A nonhierarchical parent policy works fine.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card may generate an error message that states that there are some features in the ternary content addressable memory (TCAM) for one of the interfaces of the E3 line card. This situation causes a memory leak.
Conditions: This symptom is observed when a Route Processing Redundancy Plus (RPR+) switchover occurs or when you enter the clear cef linecard EXEC command.
Workaround: Remove the features from the affected interface before a switchover occurs.
•
Symptoms: When you reload the microcode onto an interface of an Engine 3 Gigabit Ethernet (GE) or Packet-over-SONET (POS) line card, the line card may reload unexpectedly immediately after it comes up in the "Run IOS" state.
Conditions: This symptom is observed when Border Gateway Protocol Policy Accounting (BGP PA) is configured on the interface before you reload microcode onto the interface.
Workaround: Remove the BGP PA configuration from the interface.
•
Symptoms: The cardIfIndexTable entry is not populated correctly on a Spatial Reuse Protocol (SRP) line card.
Conditions: This symptom is observed on a PA-SRP-OC12SMI line card.
Workaround: There is no workaround.
•
Symptoms: When an ATM link flaps or a remote ATM platform reloads, a Fast Etherchannel may fail and Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are connected via the Fast Etherchannel may be lost.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-pv-mz image of Cisco IOS Release 12.0(21)S5.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 2 (E2) line card may not properly process Multiprotocol Label Switching (MPLS) packets, causing the processor of the E2 line card to forward corrupted packets.
Conditions: This symptom is observed when an E2 line card receives MPLS packets with a top label that is zero or explicit null.
Workaround: There is no workaround.
•
Symptoms: The core router Multiprotocol Label Switching (MPLS) forwarding entry has the correct outgoing interface but has an incorrect label to use for sending traffic to the edge router. The incorrect label is identical to the label that is sent by another core router for the same prefix through another interface.
Conditions: This symptom is observed in a service provider network when the route to the prefix that has the incorrect MPLS forwarding entry is configured using a static recursive route and the specific IP address that is specified in the ip route prefix mask ip-address global configuration command is changed by topology changes to go through a different adjacent router. The incorrect outgoing Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) label corresponds to the router that was adjacent prior to the routing change.
Workaround: To clear this condition, enter the clear ip route {network [mask] | *} EXEC command to cause MPLS to create a new forwarding entry that has the correct interface and label for the prefix.
To prevent this condition from occurring, advertise the route to the prefix in question using an Interior Gateway Protocol (IGP).
Alternate Workaround: Configure a static nonrecursive route to the prefix and IP address of the next-hop router by entering the ip route prefix mask ip-address interface-type interface-number global configuration command.
•
Symptoms: The convergence time after a forced Stateful Switchover (SSO) may be longer than 10 seconds.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for SSO.
Workaround: There is no workaround.
•
Symptoms: When you configure a Fast Reroute (FRR) tunnel on a Packet-over-SONET (POS) interface while a Loss of Signal (LOS) alarm is received on the POS interface, the LOS alarm may cause the tunnel to be delayed in entering the active state. The output of the show mpls traffic-eng fast-reroute database EXEC command displays the state of the tunnel.
Conditions: This symptom is observed on a Cisco 10000 series router that is configured with two 1-port OC-12/STM-4 POS line cards and Multiprotocol Label Switching (MPLS) traffic engineering (TE) FRR when a test-analyzer device sends alarms to the POS interface on which you configure the FRR tunnel.
The symptom does not occur when a Loss of Frame (LOF), Line Alarm Indicator Signal (LAIS), Path Remote Defect Indication (PRDI), or Line Remote Defect Indicator (LRDI) alarm is received while you configure an FRR tunnel; the tunnel state goes from the ready state to the active state without delay.
Workaround: Wait more than 2 seconds to enable the FRR tunnel to enter the active state.
•
Symptoms: A Cisco 12000 series Engine 3 line card may reload when you enter the show ipv6 cef interface-type interface-number user EXEC or privileged EXEC command for the line card.
Conditions: This symptom is observed when the line card is installed in a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) and that is configured for deposition and load sharing.
Workaround: There is no workaround.
•
Symptoms: PPP over ATM (PPPoA) may not process configuration changes.
Conditions: This symptom is observed when you change the quality of service (QoS) for ATM.
Workaround: There is no workaround.
•
Symptoms: An interface on which multirouter automatic protection switching (multirouter APS) is configured may switch from the "protect active" state to the "protect inactive" state, and traffic may stop flowing.
Conditions: This symptom is observed on a Cisco 10000 series after a high availability (HA) Performance Routing Engine (PRE) switchover has occurred.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface on which multirouter APS is configured.
•
Symptoms: The traceroute privileged EXEC command may not work for the IP address of a generic routing encapsulation (GRE) tunnel in a Multiprotocol Label Switching (MPLS) network, and the router at the receiving end may generate traceback error messages.
Conditions: This symptom is observed in an MPLS network when you configure a generic routing encapsulation (GRE) tunnel between a Cisco 10000 series that is configured as a provider edge (PE) router and another PE router.
Workaround: To determine a path in the MPLS network, shut down the GRE tunnel and enter the traceroute privileged EXEC command for the IP address of the physical link.
Alternate Workaround: Reload the microcode onto the Parallel Express Forwarding (PXF) by entering the microcode reload pxf privileged EXEC command.
•
Symptoms: A value of 4,294,967,295 (hexadecimal 0xffffffff) may appear in the ifIndex field of the ifTable for the first channelized T3 controller (CT3) of a 6-port CT3 line card that is installed in a slot of a Cisco 10000 series. This situation causes the ifTable to lose its entries for all other CT3 (or T3 and DSX3) controllers, making them unavailable for Simple Network Management Protocol (SNMP) access.
In a situation in which some SNMP access tools treat the ifIndex values as signed integers, these SNMP access tools may interpret the ifIndex value of 4,294,967,295 as its signed value of -1. When a router walks tables that are indexed by an abnormal ifIndex value such as -1, loops may occur.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Route Processor Redundancy Plus (RPR+) when a switchover occurs. The symptom may also occur when a Stateful Switchover (SSO) occurs and the Cisco 10000 series software image that is loaded onto the secondary Route Processor (RP) is a newer version than the software image that is running on the primary RP, causing the router to default to RPR+ because of the mismatch between the two software images on the RPs.
At least one channelized interface must be defined on any CT3 controller in order for the symptom to occur.
You can reproduce the symptom in a simple configuration with two 6-port CT3 line cards in slots 6/0 and 7/0, when the only interface that is defined is a single T1 channel group, 6/0/3/1:0. Before an RPR+ switchover, the output of the snmpwalk command indicates the following controller indices:
interfaces.ifTable.ifEntry.ifIndex.3 = 3 interfaces.ifTable.ifEntry.ifIndex.4 = 4 interfaces.ifTable.ifEntry.ifIndex.5 = 5 interfaces.ifTable.ifEntry.ifIndex.6 = 6 interfaces.ifTable.ifEntry.ifIndex.7 = 7 interfaces.ifTable.ifEntry.ifIndex.8 = 8 interfaces.ifTable.ifEntry.ifIndex.9 = 9 interfaces.ifTable.ifEntry.ifIndex.10 = 10 interfaces.ifTable.ifEntry.ifIndex.11 = 11 interfaces.ifTable.ifEntry.ifIndex.12 = 12 interfaces.ifTable.ifEntry.ifIndex.13 = 13 interfaces.ifTable.ifEntry.ifIndex.14 = 14The associated data objects are also shown:
interfaces.ifTable.ifEntry.ifDescr.3 = T3 6/0/0 interfaces.ifTable.ifEntry.ifDescr.4 = T3 6/0/1 interfaces.ifTable.ifEntry.ifDescr.5 = T3 6/0/2 interfaces.ifTable.ifEntry.ifDescr.6 = T3 6/0/3 interfaces.ifTable.ifEntry.ifDescr.7 = T3 6/0/4 interfaces.ifTable.ifEntry.ifDescr.8 = T3 6/0/5 interfaces.ifTable.ifEntry.ifDescr.9 = T3 7/0/0 interfaces.ifTable.ifEntry.ifDescr.10 = T3 7/0/1 interfaces.ifTable.ifEntry.ifDescr.11 = T3 7/0/2 interfaces.ifTable.ifEntry.ifDescr.12 = T3 7/0/3 interfaces.ifTable.ifEntry.ifDescr.13 = T3 7/0/4 interfaces.ifTable.ifEntry.ifDescr.14 = T3 7/0/5After the RPR+ switchover, the index list for the CT3 controllers contains only the following entry:
interfaces.ifTable.ifEntry.ifIndex.4294967295 = -1The associated data object is shown only for the controller that is assigned to this index (that is, the first controller on the line card on which an interface is assigned):
interfaces.ifTable.ifEntry.ifDescr.4294967295 = T3 6/0/0Workaround: There is no workaround.
•
Symptoms: Traffic may slow down or stop after a Stateful Switchover (SSO) has occurred.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: Multirouter automatic protection switching (multirouter APS) may not function properly via a 4-port channelized STM-1/OC-3 line card. When Synchronous Digital Hierarchy (SDH) is configured on the 4-port channelized STM-1/OC-3 line card, the output of the show aps EXEC command may indicate that SONET framing is configured.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: Traffic may not pass through an Ethernet interface.
Conditions: This symptom is observed after you have entered a quality of service (QoS) policy.
Workaround: There is no workaround.
•
Symptoms: The priority policy-map class configuration command and the shape policy-map class configuration command may not be configured together, even when these commands are configured in different classes.
Conditions: This symptom is observed on a Cisco 12000 series Engine 4 plus line card.
Workaround: There is no workaround.
•
Symptoms: A data packet that has a size that exceeds the maximum transmission unit (MTU) of a core-facing interface on a provider edge (PE) router may fail.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when Layer 2 Tunnel Protocol Version 3 (L2TPv3) is used with the Xconnect service and when the MTU of the customer-facing interface is larger than the MTU of the core-facing interface.
Workaround: Ensure that the MTU of the core-facing interface is equal to or larger than the MTU of the customer-facing interface.
•
Symptoms: An (S,G) entry may not be created, and traffic may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series when you deconfigure and reconfigure IP version 6 (IPv6) multicast routing.
Workaround: Reload the microcode onto the ingress line card.
•
Symptoms: A priority queue may not be allocated.
Conditions: This symptom is observed when a hierarchical policy map that has a VLAN as the matching criterion is applied to a 4-port Gigabit Ethernet IP Services Engine (ISE) egress line card and when the child policy has priority configured.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may reload after you have removed the primary Clock and Scheduler Card (CSC).
Conditions: This symptom is observed on a Cisco 12000 series that is configured with Route Processor Redundancy Plus (RPR+).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series line card that performs imposition may reload unexpectedly.
Conditions: This symptom is observed when imposition is disabled and then reenabled on the line card and when you simultaneously enter the show mpls l2transport vc privileged EXEC command on the same line card.
Workaround: There is no workaround.
•
Symptoms: A hierarchical parent policy may allow illegal class maps such as class maps that match the ip-dscp-value argument of the match ip dscp ip-dscp-value class-map configuration command. This behavior is incorrect.
Conditions: This symptom is observed when you apply the hierarchical parent policy to the main interface of a Cisco 12000 series 4-port Gigabit Ethernet line card.
Workaround: Avoid a configuration with illegal class maps.
•
Symptoms: Layer 2 load balancing may not function on an Engine 4 plus (E4+) Packet-over-SONET (POS) line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0 S and that performs tag imposition when one of the members of a POS channel on the E4+ POS line card is shut down.
Workaround: Reload the microcode onto the E4+ line card.
•
Symptoms: Layer 2 load balancing on a Packet-over-SONET (POS) egress channel may not function in the presence of an Engine 4 plus (E4+) POS ingress line card on the router.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0 S when the POS egress channel is formed by members that are interfaces of an Engine 2 POS line card and when the ingress line card is an E4+ POS line card.
Workaround: There is no workaround.
•
Symptoms: A message that states an invalid K1/K2 value of 0xFFFF and a message that states that the protection is locked out may be generated on the console of a Cisco 10000 series that functions as a protect router in a multirouter automatic protection switching (multirouter APS) environment.
Conditions: This symptom is observed when APS is deselected and when the debugging log indicates that APS is disabled. The symptom occurs in the following topology:
A Cisco 10000 series is connected back-to-back via a 4-port channelized STM-1/OC-3 line card to another Cisco 10000 series that is, in turn, connected via another 4-port channelized STM-1/OC-3 line card to a Cisco ONS15454 platform.
Workaround: There is no workaround.
•
Symptoms: The active Route Processor (RP) in a Stateful Switchover (SSO) configuration may reload after you have configured the fault manager.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses or alignment errors may occur on a Cisco router.
Conditions: This symptom is observed when both Cisco Express Forwarding (CEF) and NetFlow are enabled.
Workaround: There is no workaround.
•
Symptoms: A software reset may occur on an Engine 0 line card while traffic is being processed on the links of the line card.
Conditions: The symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S1 and later releases when you change the size of the maximum transmission unit (MTU) on a port of any line card in the Cisco 12000 series (not necessarily on the Engine 0 line card).
Workaround: There is no workaround.
•
Symptoms: The Packet Switching ASIC (PSA) of an 8-port OC-3 ATM line card may enter the "pipeline stuck" state, causing various forwarding difficulties on the line card.
Conditions: This symptom is observed on a Cisco 12000 series when you reload the microcode bundle onto an 8-port OC-3 ATM line card while traffic is flowing through the line card.
Workaround: There is no workaround.
•
Symptoms: A Path Link Mismatch (PLM) alarm on a 1-port channelized OC-12 line card or a 4-port channelized OC-3 line card may not be displayed in the output of the show controllers e1 or show controllers t1 privileged EXEC command that you have entered for a T1 or E1 controller respectively.
Conditions: This symptom is observed on a Cisco 10000 series when the E1 or T1 controller is configured for Synchronous Digital Hierarchy (SDH) framing. The symptom does not occur when the E1 or T1 controller is configured for SONET framing; the alarm is displayed correctly in the output of the show controllers e1 or show controllers t1 privileged EXEC command.
Workaround: There is no workaround
•
Symptoms: Label swapping between an Engine 3 (E3) ingress line card and a port-channel egress line card may not function.
Conditions: This symptom is observed on a Cisco 12000 series when you use a 4-port Gigabit Ethernet (GE) IP Services Engine (ISE) line card as the E3 ingress line card and a 3-port GE line card as the port-channel line card.
Workaround: There is no workaround.
•
Symptoms: The aggregated NetFlow cache may show multiple entries for dropped traffic.
Conditions: This symptom is observed when aggregated NetFlow is configured on a Cisco 12000 series Engine 3 line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 line card that is configured with virtual routing and forwarding may reload.
Conditions: This symptom is observed under either one of the following conditions:
–
–
The line card does not come back up after it reloads and must be manually reloaded.
Workaround: There is no workaround.
•
Symptoms: A virtual circuit (VC) may be in the "up" state, but traffic may not be able to pass through.
Conditions: This symptom is observed on a Cisco 12000 series that has a line card that is configured for the Any Transport over MPLS (AToM): Ethernet over MPLS feature in VLAN mode when the following sequence of events occurs:
1.
2.
3.
4.
Workaround: There is no workaround.
•
Symptoms: A Cisco Express Forwarding (CEF) table may lose some of its entries.
Conditions: This symptom is observed on a Cisco 12000 series ATM line card that is processing traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: CardIfIndexTable entries may be missing for a 1-port multichannel STM-1 multimode port adapter (PA-MC-STM-1MM) and a 1-port multichannel T3 port adapter (PA-MC-T3).
Conditions: This symptom is observed on a Cisco 7200 series when you enter the snmpwalk command.
Workaround: There is no workaround.
•
Symptoms: All Layer 3 Virtual Private Network (L3VPN) traffic may be dropped from a line card.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 Packet-over-SONET line card that has L3VPN configured on one interface and the Any Transport over MPLS: Frame Relay over MPLS feature enabled on another interface.
Workaround: Do not configure both L3VPN and the Any Transport over MPLS: Frame Relay over MPLS feature on the same line card.
•
Symptoms: A Cisco 10000 series Route Processor (RP) may reload.
Conditions: This symptom is observed when you configure a number of AU-4-TUG-3 channel groups onto a 1-port channelized OC-12/STM-4 line card that is configured for Synchronous Digital Hierarchy (SDH) framing and that has the mode c-12 controller configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: Although the input rate on a 3-port ingress Gigabit Ethernet (GE) line card may vary from 300 kpps to 1.5 Mpps, the line card forwards traffic at only about 290 kkps. Similarly, when the input rate is lower than 290 kpps, the line card forwards traffic at a rate that is much lower than 290 kpps.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S when Border Gateway Protocol Policy Accounting (BGP PA) is configured on a physical port of the 3-port ingress GE line card.
Workaround: There is no workaround.
•
Symptoms: A Multilink Frame Relay (MFR) interface on a Cisco 7500 series may go down after you apply a service policy.
Conditions: This symptom is observed when you apply an output queueing policy and the MFR interface contains serial links. The symptom does not occur when the MFR interface contains channelized links.
Workaround: There is no workaround.
•
Symptoms: When a new interface or subinterface is added, the following error message may appear on the console:
ACLs could not add IDB to listIf you have dual Route Processors (RPs), this message appears on the console of both RPs. This situation may lead to incorrect access control list (ACL) behavior when the ACL is modified or when a uCode reload occurs.
Conditions: This symptom is observed on a Cisco 10000 series when a new interface that is configured with an access control list (ACL) is added after an old interface that was also configured with an ACL has been deleted. The symptom does not occur when the old interface that is deleted was not configured with an ACL.
Workaround: Remove the ACL configuration from the interface that you delete before you add a new interface.
•
Symptoms: Packets may drop from an Engine 2 (E2) line card on which an outbound access control list (ACL) is configured.
Conditions: This symptom is observed on a Cisco 12000 series when the access-list access-list-number deny protocol any any global configuration command is configured on the E2 line card and you have entered 0 for the protocol argument.
The symptom does not occur on an E2 line card on which an inbound ACL and the access-list access-list-number deny protocol any any global configuration command are configured and you have entered 0 for the protocol argument.
Workaround: There is no workaround.
•
Symptoms: Output counters may not be updated on a Gigabit Ethernet (GE) line card.
Conditions: This symptom is observed on a Cisco 12000 series after you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on the GE interfaces of the line card.
Workaround: Reload the microcode onto the GE line card.
•
Symptoms: Multiprotocol Label Switching (MPLS) labels may be imposed erroneously on multicast packets.
Conditions: This symptom is observed on a Cisco 10720 when multicast packets are transmitted via Packet-over-SONET interfaces that are configured for MPLS.
Workaround: There is no workaround.
•
Symptoms: When multicast is enabled, a Fast Ethernet (FE) egress interface may fail to function. Although the mroute table appears to be correct, packets are not forwarded from the FE interface.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic may stop flowing via an ATM interface.
Conditions: This symptom is observed when you modify an ATM permanent virtual connection (PVC) parameter and cause the virtual circuit (VC) to be rebuilt. The symptom occurs because the multicast structures are not properly rebuilt.
Workaround: After you have changed the PVC parameters, enter the shutdown interface configuration command followed by the no shutdown interface configuration on the ATM interface.
•
Symptoms: A Cisco 12000 series may reload unexpectedly during the bootup process because of a software condition.
Conditions: This symptom is observed when you boot up the router with a Layer 2 Tunnel Protocol Version 3 (L2TPv3) configuration that contains 480 crossconnects.
Workaround: There is no workaround.
•
Symptoms: Weighted Random Early Detection (WRED) may not function.
Conditions: This symptom is observed on a Cisco 12000 series when you use the classic command-line interface (CLI) to configure WRED.
Workaround: Use the modular QoS CLI (MQC) to configure WRED.
•
Symptoms: Memory may be held on a Cisco 7500 series when you disable the xconnect global configuration command on an ATM port or ATM virtual path (VP).
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route Switch Processor 4 (RSP4).
Workaround: Do not disable the xconnect global configuration command on an ATM port or ATM VP.
•
Symptoms: Even though distributed Cisco Express Forwarding (dCEF) is enabled, a spatial reuse protocol (SRP) controller may not use dCEF but may use fast switching instead.
Conditions: This symptom is observed on a Cisco 7500 series when a Multiprotocol Label Switching (MPLS) packet is received.
Workaround: There is no workaround.
•
Symptoms: The same local label may be allocated to two different prefixes, which may be learned via two different routing protocols.
The Cisco Express Forwarding (CEF) entry for these two prefixes shows the same local label. Depending on how the route was learned, the local label in the Border Gateway Protocol (BGP) or Label Distribution Protocol (LDP) database may show the same label or two different labels for the two prefixes.
The Multiprotocol Label Switching (MPLS) forwarding table has only one entry that matches the last prefix that used the local label, and there is no entry for the other prefix. This situation may lead to a connectivity failure for the prefix that does not have an entry in the MPLS forwarding table.
Conditions: These symptoms are observed on a Cisco router that is configured with the MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution feature and that has both BGP IP version 4 (IPv4) label distribution entries and LDP entries in the Routing Information Base (RIB).
The symptoms occur when a route is learned via both BGP IPv4 label distribution and Interior Gateway Protocol (IGP) (for example via Open Shortest Path First [OSPF] or Intermediate System-to-Intermediate System [IS-IS]), and the route that is learned via BGP IPv4 label distribution replaces the route that is learned via IGP in the RIB.
A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdx74321. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Ensure that the local label is reallocated for the first prefix that does not have an entry in the MPLS forwarding table:
–
–
•
Symptoms: A directed Label Distribution Protocol (LDP) session between two provider edge (PE) routers may not come up in an Any Transport over Multiprotocol Label Switching (AToM) configuration.
Conditions: This symptom is observed when the value of the seconds argument in the mpls ldp discovery targeted-hello holdtime seconds global configuration command differs on both PE routers.
Workaround: Ensure that the value of the seconds argument is equal on both PE routers.
•
Symptoms: Automatic protection switching (APS) may not recognize a signal degrade condition and switch over to an interface on which the signal has degraded, causing traffic loss. The output of the show aps EXEC command may not display the signal degrade condition, but the output of a show controllers EXEC command does display the signal degrade condition.
Conditions: This symptom is observed on a Cisco 7500 series, Cisco 10000 series, and Cisco 12000 series that are configured for APS when a signal degrade condition occurs. Increased errors may transition the signal degrade condition into a signal failure. When the signal failure clears but the signal degrade condition remains on the interface, APS no longer recognizes the signal degrade condition and may switch over to this interface, causing traffic loss.
Workaround: There is no workaround.
•
Symptoms: A ping between a Cisco 12000 series that is connected back-to-back to another Cisco 12000 series may fail.
Conditions: This symptom is observed when the routers are connected via 4-port Gigabit Ethernet IP Services Engine (ISE) line cards.
Workaround: There is no workaround.
•
Symptoms: IP version 6 (IPv6) traffic may be forwarded to the CPU of a 4-port Gigabit Ethernet (GE) IP Services Engine (ISE) line card.
Conditions: This symptom is observed on a Cisco 12000 series that functions as a provider edge (PE) router that is running IPv6 traffic when you configure Virtual Private Network (VPN) routing/forwarding (VRF) instances on one of the subinterfaces of the main interface of the 4-port GE ISE line card and when another subinterface of the line card is configured to forward IPv6 traffic.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.
Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.
Workaround: There is no workaround.
•
Symptoms: A line card may reload when you use the command-line interface (CLI) to perform an online insertion and removal (OIR) rather than a physical OIR.
Conditions: This symptom is observed on a Cisco 12000 series when you enter the hw-module slot <x> shutdown privileged EXEC command followed by the no hw-module slot <x> shutdown privileged EXEC command. Note that the <x> argument represents the slot number.
Workaround: Perform a physical OIR.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload.
Conditions: This symptom is observed when Label Distribution Protocol (LDP) peers of the Cisco router advertise a large number of IP addresses because interfaces flap or are configured.
Workaround: There is no workaround.
•
Symptoms: A one-hop tunnel may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 12000 series Engine 4 and Engine 4 plus line card when traffic is sent through a one-hop tunnel by using a static route to a destination that is beyond the tail of the tunnel and when you enter the clear ip bgp * privileged EXEC command.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration on the interface on which the tunnel is configured.
•
Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.
Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.
To clear the symptom, reload the router.
Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.
•
Symptoms: In the output of the show ip traffic EXEC command, the received rate is less than the forwarded rate for the same period of time. It should be the opposite: the received rate should be greater than the forwarded rate. This situation impacts the Simple Network Management Protocol (SNMP) counters.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Frame Relay map class with a service policy cannot be attached to more than one subinterface or permanent virtual connection (PVC).
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: All IP precedences may be set to zero.
Conditions: This symptom is observed on a Cisco 12000 series when traffic enters via an ingress 1-port OC-48 Packet-over-SONET (POS) IP Services Engine (ISE) line card and leaves via an egress 1-port OC-48 POS ISE line card.
Workaround: There is no workaround.
•
Symptoms: A Protocol Independent Multicast (PIM) tunnel interface may be used indefinitely as the forwarding port, causing traffic to be forwarded to the Route Processor (RP) and to be dropped.
Conditions: This symptom is observed on a Cisco 12000 series when you use a "/128" IP version 6 (IPv6) address as the RP address.
Workaround: There is no workaround.
•
Symptoms: A rate-limit rule may be rejected.
Conditions: This symptom is observed on a Cisco 12000 series when you modify the class group of a hierarchical parent policy that is applied to the main interface of a 4-port Gigabit Ethernet (GE) IP Services Engine (ISE) line card by removing one VLAN subinterface from the class group. Then, when you attempt to apply a rate-limit rule to the VLAN subinterface that you have removed, the rate-limit rule may be rejected.
Possible Workaround: After you have modified the policy by removing the VLAN subinterface from the class map, remove the hierarchical parent policy from the main interface; then, apply the rate-limit rule to the same VLAN subinterface of the 4-port GE ISE line card.
•
Symptoms: A Cisco 12000 series Route Processor (RP) may reload when you configure a port-channel subinterface on a line card.
Conditions: This symptom is observed when you configure a port-channel subinterface on a Modular Gigabit Ethernet line card.
Workaround: There is no workaround.
•
Symptoms: When you configure Weighted Random Early Detection (WRED), and ambiguous error message may be generated, and the WRED configuration may be rejected.
Conditions: This symptom is observed when you remove a WRED profile from a class of a child policy and subsequently attempt to reconfigure the WRED profile in the class map.
Workaround: Remove the class of the child policy, reconfigure the class with the removed WRED profile, and add the class to the child policy.
•
Symptoms: A Parallel Express Forwarding (PXF) network processor may reload when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an egress interface.
Conditions: This symptom is observed on a Cisco 10720 when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: An "Invalid datagramstart" error message may be generated on the router console, Layer 2 Tunnel Protocol Version 3 (L2TPv3) session packets may be dropped intermittently, and an L2TPv3 session may stop forwarding traffic.
Conditions: These symptoms are observed on a Cisco 12000 series after an interruption occurs on the line card on which the L2TPv3 session is configured, because you have performed an online insertion and removal (OIR) of the line card, you have reloaded the microcode onto the line card, or you have entered the hw-module reload privileged EXEC command for the line card.
Workaround: There is no workaround.
•
Symptoms: A line card that is installed in a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (referred to as 6PE router 1) and that faces another 6PE router (referred to as 6PE router 2) may reload unexpectedly.
Conditions: This symptom is observed when you reload the microcode onto a 4-port Gigabit Ethernet (GE) IP Services Engine (ISE) line card that is installed in a customer edge (CE) router that faces 6PE router 1.
Workaround: There is no workaround.
•
Symptoms: A standby Performance Route Processor (PRP) may reload after you have formatted its boot Flash memory.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The Virtual Private Network (VPN) routing/forwarding (VRF) table may not synchronize properly.
Conditions: This symptom is observed on a Cisco 12000 series when you create and delete VRF instances after a Route Processor Redundancy (RPR) switchover, RPR Plus (RPR+) switchover, or Stateful Switchover (SSO) has occurred.
Workaround: There is no workaround.
•
Symptoms: Layer 2 load balancing may fail when new channel members are added to an egress channel.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with the following components:
–
–
The symptom occurs when tag switching is enabled on the egress link-bundle interface.
Workaround: There is no workaround.
•
Symptoms: Hardware multicast may not function when the multicast traffic enters via an interface on which a service policy is configured and the service policy has IP precedence marking enabled.
Conditions: This symptom is observed on Cisco 12000 series IP Services Engine (ISE) line cards.
Workaround: Remove the service policy from the ingress interface, and reload the microcode onto all the line cards.
•
Symptoms: After you have configured two applets, a Device Fault Manager (DFM) event may not be added, and you may not be able to suspend other applets.
Conditions: The symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The Device Fault Manager (DFM) may force a Stateful Switchover (SSO) before the standby Route Processor (RP) is up, causing the new active RP to reload.
Conditions: The symptom is observed on a Cisco 12000 series when you configure a DFM policy to force an SSO.
Workaround: There is no workaround.
•
Symptoms: A ping between a Cisco 12000 series that is connected back-to-back to another Cisco 12000 series may fail; the ping reply packets may be dropped from the ingress interface of the originating router.
Conditions: This symptom is observed when you configure a PortChannel subinterface on the originating router and the PortChannel subinterface has members that are interfaces of a 10-port Gigabit Ethernet line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ingress interface from which the ping reply packets are dropped.
Alternate Workaround: Turn autonegotiation off and then on again.
•
Symptoms: A Cisco router may reload when a subdirectory is created on an Advanced Technology Attachment (ATA) Flash disk.
Conditions: This symptom is observed when the ATA Flash disk space that is allocated to the subdirectory contains data from previously deleted files.
When a subdirectory is created or extended, it is given space on the ATA Flash disk. If this space contains zeros, the symptom does not occur. However, if the space was previously used, the space does contain data bytes from the previous file, and these data bytes may confuse the file system. This situation may cause the router to reload.
Workaround: Do not create subdirectories on the ATA Flash disk.
•
Symptoms: A memory leak may occur on a Versatile Interface Processor (VIP) because buffers are not returned, which can be verified through the output of the show memory summary EXEC command: the first lines in the output display the processor memory and indicate that free memory is decreasing and that the largest contiguous memory block is decreasing.
Conditions: This symptom is observed on a Cisco 7500 series when the VIP is configured with the ip mroute-cache distributed interface configuration command, when there are at least two outgoing interfaces, and when the bandwidth of the incoming traffic exceeds that of the outgoing interfaces.
Possible Workaround: Disable the ip mroute-cache distributed interface configuration on the VIP. To free up the held memory, reload the microcode onto the VIP.
•
Symptoms: When a small packet (a layer-2 packet that is equal to or smaller than 52 bytes, including the layer-2 packet size, the layer-2 header, and the cyclic redundancy check [CRC]) enters a Cisco 10720 and is fed back, one buffer element of the 128-byte Parallel Express Forwarding (PXF) buffer pool is used but not released. This situation eventually causes the 128-byte buffer pool to be depleted entirely. Because most of the control packets such as the IP routing protocol packets are small packets and use the 128-byte buffer pool, most control plane functions stop working and routing-protocol adjacencies go down when the 128-byte buffer pool is depleted, and finally, the router stops forwarding traffic on all the interfaces.
Conditions: These symptoms are observed when a PXF feedback occurs, for example, when multicast traffic is configured, or when a policy map is configured to feed back packets.
Workaround: Avoid PXF feedback. For example, properly configure the policy map. If PXF feedback is inevitable, proactively monitor the 128-byte buffer pool via the output of the show hardware pxf cpu buffers privileged EXEC command:
Router#show hardware pxf cpu buffers
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 26746 0 0
3 256 34072 34072 0 0
4 128 59934 49987 0 0
^^^^^Before the 128-byte buffer pool is depleted entirely, reset the 128-byte buffer pool. Reload the microcode onto the PXF by entering the microcode reload pxf privileged EXEC command. However, be careful, because by reloading microcode onto the PXF, you may cause routing- protocol adjacencies to be dropped and the PXF to stop forwarding traffic.
•
Symptoms: OC-12 Packet-over-SONET (POS) interfaces may remain in the "down/down" state after you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on the interfaces.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with a 1-port OC-12/STM-4 POS module.
Possible Workaround: Change the cyclic redundancy check (CRC) value. Doing so may bring the interfaces up.
•
Symptoms: The performance of IP version 6 (IPv6) multicast 6 may drop to 200 kpps.
Conditions: This symptom is observed on an interface of a 4-port OC-12 ATM IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: When a Cisco router is performing tag imposition, it may reload because of a bus error.
Conditions: This symptom is observed when you create a new generic routing encapsulation (GRE) tunnel after the router has booted up and when GRE packets are received through this GRE tunnel and forwarded as Multiprotocol Label Switching (MPLS) packets.
Workaround: Enter the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command on the newly-created GRE tunnel interface.
•
Symptoms: When the multirouter automatic protection switching (MR-APS) feature is enabled and you enter the no aps force circuit-number controller configuration command or the no aps manual circuit-number controller configuration command on the SONET controller of a 4-port channelized STM-1/OC-3 line card that is installed in the protect router, the active interface may switch from working node to protect node.
Conditions: This symptom is observed on a Cisco 10000 series that is connected to a Cisco ONS15454 platform via one T1 interface of a 4-port channelized STM-1/OC-3 line card.
The symptom occurs after you have entered either one of the following two sequences of commands for the SONET controller of the 4-port channelized STM-1/OC-3 line card, in which "0" for the circuit-number argument indicates switching from protect node to working node and "1" for the circuit-number argument indicates switching from working node to protect node:
aps force 1
no aps force 1
aps force 0
no aps force 0or
aps manual 1
no aps manual 1
aps manual 0
no aps manual 0Workaround: To enable the active interface to switch back to working node, enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the SONET controller.
•
Symptoms: When the MPLS VPN Carrier Supporting Carrier feature is configured on a Cisco router, Label Distribution Protocol (LDP) may advertise a local label binding without installing an associated entry in the Multiprotocol Label Switching (MPLS) forwarding table. When peers of the Cisco router receive the advertised label binding and use the Cisco router as an MPLS next hop for the prefix for which there is no entry in the MPLS forwarding table, packet loss occurs.
Conditions: This symptom is observed when the prefix is advertised by both Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP).
Workaround: Deconfigure and then reconfigure BGP on the Cisco router.
First Alternate Workaround: Reset the BGP connections.
Second Alternate Workaround: Disable and then reenable IP over MPLS globally by using the no mpls ip global configuration command followed by the mpls ip global configuration command.
•
Symptoms: The name of an interface in the output of the show ip vrf interfaces EXEC command may be truncated to 22 characters.
Conditions: This symptom is observed on a provider edge (PE) router that has Virtual Private Network (VPN) routing/forwarding (VRF) configured on an interface when the name of the interface is longer than 22 characters.
Workaround: To display the full name of the interface, enter the show ip vrf EXEC command, that is, without the interfaces keyword.
•
Symptoms: A Cisco 12000 series may reload when you enable Fast Reroute (FRR) on the headend of a tunnel.
Conditions: This symptom is observed when the tunnel carries Any Transport over Multiprotocol Label Switching (AToM) traffic.
Workaround: There is no workaround.
•
Symptoms: When you enter the frame-relay fragment fragment_size map-class configuration command, the following error message may be generated:
Warning: Fragment size too low; will use min supported value of 128 bytesConditions: This symptom is observed on a Cisco 10000 series that is configured with dual Performance Routing Engines (PREs).
Workaround: Before you configure the frame-relay fragment fragment_size map-class configuration command, remove the redundant PRE or temporarily place the redundant PRE into reset mode. When you have completed the configuration, reinsert or reactivate the PRE. Once you have configured the frame-relay fragment fragment_size map-class configuration command, the configuration remains in effect, even when a PRE switchover occurs or when the router reloads.
•
Symptoms: Packets may be dropped by a Cisco 12000 IP Services Engine (ISE) line card if they are locally generated or forwarded in the slow pass by the line card, and if they exit the router through an ATM Engine 0 line card (1-Port OC-12 ATM or 4-Port OC-3 ATM). For example, these packets may be locally generated by ISE line card NetFlow export packets, Internet Control Message Protocol (ICMP) echo replies, or ICMP unreachable messages that exit the router through an Engine 0 ATM line card.
Packets that match the conditions listed below may be dropped. If they are NetFlow export packets, they can be seen in the output of the show ip flow export command in the line "export packets were dropped due to output drops." If they are ICMP echo reply packets, ping will fail.
Conditions: The following three conditions exist simultaneously for the dropped packets:
–
–
–
This caveat affects Cisco IOS Release 12.0(21)S, 12.0(22)S, 12.0(23)S, and 12.0(24)S. It does not apply to 12.0(25)S and later releases.
Workaround: There is no workaround.
•
Symptoms: Line Remote Defect Indicators (LRDIs) may be transmitted on both the working line and the protect line after an automatic protection switching (APS) switchover has occurred.
Conditions: This symptom is observed when a 4-port OC-3 ATM line card is configured for APS and a Loss of Signal (LOS) occurs.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured with service policies may reload during the bootup process.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route Switch Processor 8 (RSP8) and a Versatile Interface Processor 4-80 (VIP4-80).
Workaround: There is no workaround.
•
Symptoms: Ports on an 8-port OC-3 ATM line card may fail to come up and may generate the following continuous SONET alarms:
%SONET-4-ALARM: ATM10/6: ~SLOF ~SLOS ~LAIS ~LRDI ~PAIS ~PRDI PLOPConditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S1.
Workaround: Reload the line card.
•
Symptoms: When a Cisco router is configured for both internal Border Gateway Protocol (iBGP) load balancing and Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN), incorrect MPLS labels may be installed. When one of the load-balancing links flaps, connectivity may be lost between the VPN sites.
Conditions: This symptom is observed in the Cisco IOS releases that are listed in the "First Fixed-in Version" field at the following location:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdy76273
Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Disable iBGP load balancing.
•
Symptoms: Fragmented packets that include padding data may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 10-port Gigabit Ethernet (GE) line card and an Engine 4 line card.
Workaround: There is no workaround. Note that the symptom does not occur when you replace the 10-port GE line card with a 3-port GE line card.
•
Symptoms: A Cisco 7500 series or Cisco 7600 series may generate the following error message on its console:
Invalid memory action (malloc) at interrupt levelConditions: This symptom is observed when you enter the clear counters EXEC command.
Workaround: There is no workaround.
•
Symptoms: All traffic on a Virtual Private Network (VPN) may be dropped from a 4-port Gigabit Ethernet IP Services Engine (ISE) ingress line card when multiple paths to a remote provider edge (PE) are configured via more than one link-bundle interface.
Conditions: This symptom is observed when the VPN routes are loadbalanced across multiple link-bundle interfaces.
Workaround: Do not configure multiple paths to the remote PE via more than one link-bundle interface.
•
Symptoms: Layer 2 may forward an incorrect MAC address when a policed packet is rerouted to a next-hop address.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4 plus line card when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly after you have modified an access control list (ACL) and have entered the clear pxf interface privileged EXEC command.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not enter the clear pxf interface privileged EXEC command.
•
Symptoms: The CPU utilization of an IP Services Engine (ISE) line card may become very high, causing Open Shortest Path First version 3 (OSPFv3) hello messages to be dropped and, in turn, OSPFv3 sessions to go down. When IP version 6 (IPv6) multicast is configured, the high CPU utilization causes Multicast Listener Discovery (MLD) messages to be dropped.
Conditions: This symptom is observed on a Cisco 12000 series when a large traffic load is sent to the ISE line card.
Workaround: Reduce the traffic load that is sent to the ISE line card, if this is an option. Otherwise, there is no workaround.
•
Symptoms: When a Multiprotocol Label Switching (MPLS) traffic engineering (TE) headend receives an Resource Reservation Protocol (RSVP) path error message (with error code 25, "Notify"), the headend may tear down the label switched path (LSP) for the tunnel on which the path error message arrived, causing loss of packets on the affected tunnel.
Conditions: This symptom is observed when the headend is a Cisco router that runs Cisco IOS Release 12.0(26)S or an earlier release and when some midpoint router generates a path error message (with error code 25, "Notify") by using an error value other than 3. (An error value of 3 indicates that the tunnel is locally repaired).
Workaround: There is no workaround.
•
Symptoms: Packets may be forwarded to and switched on the Route Switch Processor (RSP) rather than on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S when the Ethernet port on a VIP is configured for the Any Transport over MPLS (AToM): Ethernet over MPLS: Port Mode feature.
Workaround: There is no workaround. The symptom occurs intermittently and normally can correct itself.
•
Symptoms: An Engine 4 line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series under stress conditions such as link or route flaps, clearing of the Border Gateway Protocol (BGP) table, or using the command-line interface (CLI) to perform an online insertion and removal (OIR).
Workaround: There is no workaround.
•
Symptoms: A secondary Route Switch Processor (RSP) may reload when a service policy is detached from an ATM permanent virtual circuit (PVC).
Conditions: This symptom is observed on a Cisco 7500 series that is configured with two RSPs in a redundant configuration.
Workaround: First remove the PVC; then, recreate the PVC without the service policy attached to it.
•
Symptoms: The output queues of an 8-port Fast Ethernet (FE) half-height line card may become wedged, causing all egress traffic to be dropped from this line card.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(23)S or a later release.
In Release 12.0(23)S, the symptom may occur when the line card processes any egress traffic on multiple ports of the 8-port FE half-height line card. The symptom may also be caused by control traffic on unconfigured FE ports of the 8-port FE half-height line card after you have entered the hw-module slot number reset EXEC command.
In Release 12.0(24)S and later releases, the symptom is less likely to occur, but may occur when line-rate traffic is directed to priority queues that are configured on multiple FE ports of the 8-port FE half-height line card.
Workaround: There is no workaround. To remove the wedged condition from the queues, enter the hw-module slot number reset EXEC command on the affected line card, or reload the router.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, when primary traffic engineering (TE) tunnels are configured between provider edge (PE) routers, and these primary TE tunnels are configured for Fast Reroute (FRR) link protection, a 50-ms convergence time may not be achieved in the core of the network, even when very small VPN routing and forwarding (VRF) prefix tables are configured.
Conditions: This symptom is observed when the PE headend router is the point of local repair (PLR). The PE headend router is the router that performs VPN label imposition, that functions as the primary TE tunnel headend, and that functions as the uplink to a provider (P) router.
Workaround: There is no workaround. Note that FRR link protection functions correctly for IP version 4 (IPv4) traffic and for Any Transport over MPLS (AToM) traffic. Also, note that FRR link protection functions correctly for VPN traffic on PLRs other than the PE headend that is mentioned in the conditions, such as a P router that functions as a link to another P router, and a P router that functions as a downlink to a PE router.
•
Symptoms: An IP Services Engine (ISE) line card may reset while processing multicast traffic.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S when an ISE line card is located at the edge of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network and has output Sampled NetFlow configured.
Workaround: Do not use output Sampled NetFlow; instead, use input Sampled NetFlow.
•
Symptoms: A standby card may not be able to switch to the active state.
Conditions: This symptom is observed in a Redundancy Framework (RF) environment when ATM, High-Level Data Link Control (HDLC), or Frame Relay clients synchronize data during the "standby-bulk" state.
Workaround: There is no workaround.
•
Symptoms: T1 channels on a 6-port channelized T3 line card may flap when an interface is congested.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S only when Frame Relay and PPP encapsulation are configured. The T1 channels are configured for quality of service (QoS) with dial-on-demand routing (DDR) and low latency queueing (LLQ).
Workaround: There is no workaround. Note that the symptom does not occur when High-Level Data Link Control (HDLC) encapsulation is configured.
•
Symptoms: A Route Processor Redundancy Plus (RPR+) switchover may cause SONET Line Alarm Indicator Signals (LAIS) and interfaces to reset.
Conditions: This symptom is observed on a Cisco 12000 series Engine 0 and Engine 3 channelized line cards.
Workaround: There is no workaround. Note that the symptom does not occur on other line cards.
•
Symptoms: A primary Performance Routing Engine 1 (PRE-1) may reload because of memory corruption.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface of a 1-port Gigabit Ethernet line card.
Workaround: There is no workaround. Note that the symptom does not occur with a 1-port Gigabit Ethernet half-height line card.
•
Symptoms: Any packets that are locally generated by a Route Processor (RP) or Route Switch Processor (RSP) may not be properly forwarded over a Multiprotocol Label Switching (MPLS) traffic engineering (TE) Fast Reroute (FRR) backup tunnel.
Conditions: This symptom is observed on any Cisco platform that has a distributed architecture such as a Cisco 7500 series and a Cisco 12000 series when the Cisco Express Forwarding (CEF) adjacency for the primary TE tunnel appears to be incomplete, as can be displayed in the output of the show adjacency type number EXEC command when you enter the primary TE tunnel interface for the type number argument.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload when an invalid change to a policy-map configuration is rejected.
Conditions: This symptom is observed when a policy map is attached to an Engine 4 plus Gigabit Ethernet (GE) and an IP Services Engine (ISE) GE line card, and you change the policy-map configuration while traffic is flowing through the line cards.
Workaround: Do not attempt to enter an invalid configuration.
•
Symptoms: When you apply, modify, remove, or reapply a quality of service (QoS) service policy that has match VLAN subinterface groups, the policy may stop functioning correctly because a line card fails to properly program its resources.
Conditions: This symptom is observed on a Cisco 12000 series when a QoS service policy that has match VLAN subinterface groups is configured on a 4-port Gigabit Ethernet IP Services Engine (ISE) line card.
Workaround: Remove the QoS policy from all the interfaces of the line card, wait for one to two minutes, and then apply the QoS policy to each interface individually.
•
Symptoms: An incorrect virtual circuit (VC) disposition label may be generated, causing packets to drop.
Conditions: This symptom is observed when VC label attributes, such as a control word setting or a VC type, do not match on a pseudowire.
Workaround: Toggle the interface on which the pseudowire is configured by entering the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: Pings may not go through on Frame Relay subinterfaces.
Conditions: This symptom is observed on a Cisco 12000 series after five or more Frame Relay subinterfaces are deleted and then reconfigured. Pings may go though one or two interfaces, or they may not go through any interfaces.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration on the subinterfaces.
•
Symptoms: A Cisco 10720 may reload unexpectedly.
Conditions: This symptom is observed under rare circumstances when a SONET bit error rate (BER) is reported.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the Parallel Express Forwarding (PXF) interprocess communications (IPC) buffer on a Cisco 10720, as may be seen in the "toaster IPC buffer" counter in the output of the show buffers EXEC command.
When the buffer pool is empty, the following error messages may appear, you may no longer be able to Telnet to the router, and the router may reload unexpectedly:
%CAMR_QUEUE_CFG_GENERAL-3-EREVENT: Error @
../toaster/camr_rp/camr_tt_queue_cfg.c:463
-Traceback= 500DB204 500DB2BC 503954D8 503986EC 50330A58%SYS-2-MALLOCFAIL: Memory allocation of 18196 bytes failed from 0x502C5BD0, alignment 32
Pool: I/O Free: 552 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool-Process= "Pool Manager", ipl= 0, pid= 5
-Traceback= 50308EEC 5030A8E8 502C5BD8 5031DD3C 5031DE7CConditions: This symptom is observed on a Cisco 10720 when a policy map with a Weighted Random Early Detection (WRED) configuration that is enabled by using the random-detect policy-map class configuration command is applied to any interface of the router.
The higher the rate with which the Route Processor (RP) sends packets to PXF, the faster the PXF IPC buffer leaks. However, the buffer may leak very slowly, and it may takes weeks before the buffer pool is empty.
Workaround: Remove the policy-maps with the WRED configuration from all interfaces of the router.
•
Symptoms: Multiprotocol Label Switching (MPLS) packets may not be properly forwarded from an interface when policy-based routing (PBR) is configured on this interface.
Conditions: This symptom is observed on a Cisco 12000 series IP Services Engine (ISE) line card that is configured for PBR.
Workaround: Reload the microcode onto the line card.
•
Symptoms: A primary Route Processor (RP) may detect that the secondary RP malfunctions but may fail to report so in the syslog.
Conditions: This symptom is observed on a Cisco 12000 series when the secondary RP returns to the ROM monitor (ROMmon) because of a fatal exception such as a cache error.
Workaround: There is no workaround.
•
Symptoms: A 1-port 10-Gigabit Ethernet (GE) Engine 4 plus (E4+) line card may stop forwarding traffic, may generate many tracebacks, and may reload.
Conditions: This symptom is observed on a Cisco 12406 when all of the following conditions are present:
–
–
–
Workaround: Do not configure VRF instances on the 1-port 10-GE E4+ line card.
Alternate Workaround: Remove the ISE line card from the router.
•
Symptoms: When an output policy map is applied to the interface of a 2-port OC-48 Spatial Reuse Protocol (SRP) uplink module or a 2-port OC-48 Packet-over-SONET (POS) uplink module, small packets (that is, IP packets with a size of 37, 38, or 39 bytes) that are sent out of the interface may be corrupted.
Conditions: This symptom is observed on a Cisco 10720 that is configured with a policy-map configuration with a class map other than the class-default class map. The symptom does not occur when the policy-map configuration has the class-default class map.
Workaround: Remove the policy-map configuration with the class map (other than the class-default class map) from the SRP or POS interface.
•
Symptoms: An Engine 4 line card may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 12000 series when you enter the clear cef linecard EXEC command to clear Cisco Express Forwarding (CEF) from the line card.
Workaround: There is no workaround.
•
Symptoms: In a tag switching-to-IP switching scenario, the value of the precedence field of an IP header may change. This behavior is incorrect in Pipe mode.
Conditions: This symptom is observed on a Cisco 12000 series when the following conditions are present:
–
–
–
Workaround: Deconfigure and reconfigure the tag switching-to-IP switching configuration and the MPLS traffic engineering (TE) tunnels on the interface of the ES line card.
•
Symptoms: Some policy-based routing (PBR) rules may cause a Route Processor (RP) to reload unexpectedly with a bus error. When a route map that causes the RP to reload is saved to the startup configuration, the router may not boot up.
Conditions: This symptom is observed on a Cisco 12000 series when the PBR rules are applied to the interfaces of an IP Services Engine (ISE) line card and occurs usually when the route map is modified after it has already been applied to the interfaces.
Workaround: Remove PBR from the interfaces of the ISE line card.
If you are unable to boot the router, enter a break signal on the console during the bootup procedure and configure the configuration register to ignore the startup configuration. To do so, follow the steps that are described in the Password Recovery Procedure for the Cisco 12000 Series Routers at the following location:
http://www.cisco.com/warp/public/474/pswdrec_12000.shtml
•
Symptoms: IP version 4 (IPv4) fragments may be corrupted in the following way: The first 8 bytes of a fragment duplicate the last 8 bytes of the previous fragment.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(24)S or a later release when you send IPv4 traffic from a Fast Ethernet (FE) ingress interface to an FE egress interface.
Workaround: There is no workaround.
•
Symptoms: In a redundancy configuration, a secondary Performance Routing Engine (PRE) may continue to reload at startup and not complete its bootup process.
Conditions: This symptom is observed on a Cisco 10000 series when the switchover timeout timeout-period redundancy configuration (main-cpu mode) command is configured, when you have entered 0 for the timeout-period argument, and when the secondary PRE is reset.
To recover form the symptom, power cycle the router, or perform the following steps:
1.
2.
3.
4.
Workaround: Do not configure the switchover timeout 0 redundancy configuration (main-cpu mode) command. Note that the symptom occurs only when you have entered 0 for the timeout-period argument, not when you have entered other values.
•
Symptoms: When you configure a Cisco 10000 series, messages similar to the following ones may appear, and a VLAN may not be enabled:
%GENERAL-3-EREVENT: c10k_dot1q_vlan_enable: No tt_info
-Traceback= 60142770 60142A50 603AEC40 603AE06C 603ADCE0 6036EAD8 60193BA8 60380DD4 60B85BEC 60B861D4 603D6FAC 603D6F98
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 605014E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351C
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 60504E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351CConditions: This symptom is observed on a Cisco 10000 series when you change the encapsulation of a LAN subinterface to dot1q encapsulation while the subinterface is shut down.
When the symptom occurs, the output of the show hardware pxf cpu subblocks privileged EXEC command lists "noSB" for the affected subinterface, as is indicated in the following example:
Router# show hard pxf cpu sub | i GigabitEthernet4
GigabitEthernet4/0/0 up 12000 4 PXF 1 81C4A800 4
GigabitEthernet4/0/0.500 administ 12000 4 PXF 1 81C4A800 noSBWorkaround: Change the encapsulation of the subinterface to dot1q when the subinterface is not shut down. The state of the main interface is irrelevant. After you change the encapsulation, you can shut down the subinterface again.
When the subinterface is created while the main interface is shut down, the subinterface and the VLAN do not function properly. Perform the following steps to recover the VLAN:
1.
2.
3.
4.
5.
•
Symptoms: A Cisco router may reload when you enter the show ip cef non-recursive detail EXEC command.
Conditions: This symptom is observed when any show command attempts to display information about tag rewrite entries while the tag rewrite entries are being deleted by route updates.
Workaround: Do not enter any show command to display tag rewrite entries when many route updates occur.
•
Symptoms: When Layer 2 Tunneling Protocol version 3 (L2TPv3) is configured, a significant degradation in performance may occur.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series that run Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: The interface protocol may not come up for a 1-port OC-12 Packet-over-SONET (POS) line card when the encapsulation frame-relay interface configuration command is configured.
Conditions: This symptom is observed on a Cisco 10000 series when the 1-port OC-12 POS line card is connected back-to-back to another line card in another Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.
Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.
Workaround: There is no workaround.
•
Symptoms: Backward explicit congestion notification (BECN) packets may be dropped by an Any Transport over Multiprotocol Label Switching (AToM) tunnel.
Conditions: This symptom is observed when you configure AToM in the network core, the network core contains Frame Relay interfaces, and BECN is enabled.
Workaround: There is no workaround.
•
Symptoms: When you shut down the last port of an 8-port Fast Ethernet half-height line card (port 7), all other ports on the line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not shut down port 7. If port 7 is shut down, enter the no shutdown interface configuration command on the interface to enable traffic to resume on the other interfaces.
•
Symptoms: IP packets may be dropped from an input EtherChannel interface when Cisco Discovery Protocol (CDP) is enabled.
Conditions: This symptom is observed on a Cisco 10720 when EtherChannel and CDP are enabled on every interface in the router.
Workaround: Disable CDP on the interfaces that are part of the EtherChannel channel group.
•
Symptoms: An Internet Control Message Protocol version 6 (ICMPv6) checksum error may be generated, causing a ping to fail.
Conditions: This symptom is observed on a Cisco 10720 when an IP version 6 (IPv6) ping of 291 bytes or more is performed on a Gigabit Ethernet interface, or when an IPv6 ping of 305 bytes or more is performed on a Fast Ethernet interface.
Workaround: There is no workaround.
•
Symptoms: A primary Gigabit Route Processor (GRP) that is configured for High System Availability (HSA) may reload.
Conditions: This symptom is observed on a Cisco 12000 series when a 4-port Gigabit Ethernet IP Services Engine (ISE) line card that is configured for link bundling flaps, when you reload the microcode onto the line card, or when you perform an online insertion and removal (OIR) on the line card by entering the hw-reload reset EXEC command.
Workaround: There is no workaround.
•
Symptoms: Large packets may not be fragmented when both Frame Relay fragmentation (FRF.12) and a service policy are enabled on a channelized interface.
Conditions: This symptom is observed when the service policy is an output service policy that is configured for Class-Based Weighted Fair Queueing (CBWFQ)/Low Latency Queueing (LLQ) or fair queueing.
Workaround: There is no workaround. (Removing the service policy is not an acceptable workaround.)
•
Symptoms: A Versatile Interface Processor (VIP) may reload when you remove a service policy from a Frame Relay (FR) permanent virtual circuit (PVC).
Conditions: This symptom is observed on a Cisco 7500 series during a high traffic load.
Workaround: Shut down the interface or subinterface on which the FR PVC is configured before you remove the service policy.
•
Symptoms: Operation, Administration, and Maintenance (OAM) loopback cells are treated incorrectly as data packet counters by Segmentation and Reassembly (SAR).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Any-to-any distributed Cisco Express Forwarding (dCEF) traffic may fail.
Conditions: This symptom is observed when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an ATM interface.
Workaround: Reconfigure the ip cef global configuration command followed by the ip cef distributed global configuration command.
•
Symptoms: A router may reload when a bundle member with an overlapping precedence is added.
Conditions: This symptom is observed when the bundle member that has the overlapping precedence is added, removed, and subsequently readded with another precedence.
Workaround: There is no workaround.
•
Symptoms: The controller of a 1-port multichannel STM-1 multimode port adapter (PA-MC-STM-1) may remain in the shutdown state. Even after you enter the no shutdown controller configuration command, the interface does not come up.
Conditions: This symptom is observed on a PA-MC-STM-1 that is installed in a Cisco 7500 series when a large number of interfaces are configured on the PA- MC-STM-1.
Workaround: There is no workaround.
•
Symptoms: An 8-port multichannel T1/E1 ISDN PRI port adapter (PA-MC-8TE1+) may not be recognized.
Conditions: This symptom is observed on the PA-MC-8TE1+ port adapter that has the part number of 73-7549-02 or a board revision number that is later than revision A0.
Workaround: Replace the PA-MC-8TE1+ port adapter with another PA-MC-8TE1+ port adapter that has a part number of 73-7549-01 and a board revision number of A0.
•
Symptoms: A Route Switch Processor (RSP) may reload and display traceback decodes.
Conditions: This symptom is observed on a Cisco 7500 series that has multilink interfaces when the Intermediate System-to-Intermediate System (IS-IS) routing protocol is enabled by entering the router isis area-tag global configuration command and the nsf cisco router configuration command.
Workaround: Unconfigure the router isis area- tag global configuration command.
•
Symptoms: A remote line fault indication (RFI) or remote defect indication (RDI) may bring down an E1 link that is in the local loopback mode.
Conditions: This symptom is observed on a multichannel STM-1 port adapter (PA- MC-STM1).
Workaround: There is no workaround.
•
Symptoms: The line protocol of the some channels of a 1-port multichannel STM-1 port adapter (PA-MC-STM) may go down.
Conditions: This symptom is observed on a PA-MC-STM that is installed in a Cisco router that is running Cisco IOS Release 12.0 S, Release 12.1 E, Release 12.2 S, or Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you copy the running configuration to or from a network file system.
Conditions: This symptom is observed when the network file system is located on a TFTP server.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for Any Transport over Multiprotocol Label Switching (AToM) may send AToM packets that are missing control words, even though control-word imposition is enabled. When another Cisco router receives such malformed packets, the router does not handle these packets properly during disposition.
Conditions: This symptom may occur on all Cisco routers that employ software switching with AToM enabled. This symptom has specifically been observed on a Cisco 7200 series, Cisco 7400 series, and Cisco 7500 series that are configured for AToM.
On a 7200 series router that is processing a heavy traffic load, the reception of malformed packets may cause the router to pause indefinitely.
Workaround: There is no workaround.
•
Symptoms: You may not be able to send traffic through a Fast Ethernet (FE) port channel when dot1q encapsulation is enabled.
Conditions: This symptom is observed on a Cisco 7500 series and occurs only on subinterfaces of an FE port channel.
Workaround: There is no workaround.
•
Symptoms: Traffic loss may occur when you configure the no ip cef global configuration command.
Conditions: This symptom is observed on a Cisco router that has Cisco Express Forwarding (CEF) enabled by default, but that does not have the no ip cef global configuration command configured in the startup configuration.
Workaround: After CEF has been enabled by default, disable CEF.
•
Symptoms: A Cisco 7200 series may reload.
Conditions: This symptom is observed when you enter the verify EXEC command on a Flash card device.
Workaround: There is no workaround.
•
Symptoms: An output service policy with a police feature may be rejected, and the following error message may be generated:
Cannot attach flat policy to pvc/sub-interface. Hierarchical policy with shape in class-default is recommendedConditions: This symptom is observed when the output service policy is attached to multiple subinterfaces.
Workaround: There is no workaround.
•
Symptoms: The "VFC: filesystem" option is missing as a selectable option from the context-sensitive help feature of the command-line interface (CLI).
Conditions: This symptom is observed when you enter "?" after the copy src filesystem privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you enter the show running-config privileged EXEC command.
Conditions: This symptom is observed when you configure one virtual circuit (VC) more than the maximum number of allowed connections.
Workaround: Do not configure more connections than the maximum number of allowed connections.
•
Symptoms: When the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature is configured in virtual circuit (VC) mode or virtual path (VP) mode, not all AToM VCs or VPs may become established, and the output of the debug xconnect error privileged EXEC command may display the following message:
XC AUTH [<ipaddr>, <vcid>]: Mismatch MTUConditions: This symptom is observed on a Cisco 7500 series that is configured with a large number of ATM over Multiprotocol Label Switching (ATMoMPLS) cell mode circuits (more than 1000 ATM VCs or VPs) when interfaces flap, causing all VCs or VPs to attempt to reestablish themselves simultaneously.
Workaround: Deconfigure the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature from the affected VC or VP; then, reconfigure the feature on the VC or VP.
•
Symptoms: A Cisco 7200 series may reload after you change the maximum transmission unit (MTU) of an Inverse Multiplexing over ATM (IMA) interface while traffic is flowing.
Conditions: This symptom is observed when the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS: VC Mode feature is configured on the IMA interface.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed in a network in which a large number of access control lists (ACLs) are shared by many ATM subinterfaces on an ATM IP Services Engine (ISE) line card. The router reloads when the main ATM ISE line card is shut down and then brought back up again.
Workaround: There is no workaround.
•
Symptoms: Egress per-VC priority queueing may not work on a 4-port OC-12/STM-4 ATM IP Services Engine (ISE) multi/single mode line card. Priority queue traffic will be starved if oversubscribing traffic is sent through the regular per-VC class of service (CoS) queues at the same time that priority traffic is sent to the priority queue.
Conditions: This symptom occurs when a service policy is configured with a priority queue that is attached to an egress ATM virtual circuit (VC) that is operating in the subinterface mode. This symptom may also occur when traffic that is oversubscribing the VC shaping rate is sent simultaneously to both the priority queue and any of the regular CoS queues such as the default queue.
Workaround: There is no workaround.
•
Symptoms: When you enter the show cef idb EXEC command on a primary Route Processor (RP), the output of the command displays that for two subinterfaces of the same interface that should have the same interface number, one of the subinterfaces has a "-" sign in the "iIndex" column and both subinterfaces have the same number in the "fIndex" column.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S and may also occur on a Cisco 7500 series and a Cisco 10000 series. The symptom occurs when there are multiple subinterfaces on one hardware interface, when a Stateful Switchover (SSO) occurs, and when the original active RP (that becomes the new standby RP) reloads.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when Web Cache Communication Protocol (WCCP) and Cisco Express Forwarding (CEF) are both enabled on the router.
Workaround: Disabling CEF is a possible workaround, but this workaround may impact the performance of the router.
•
Symptoms: A line card may reload when a virtual circuit (VC) bundle is redefined.
Conditions: This symptom is observed on a line card when a permanent virtual circuit (PVC) bundle is removed and subsequently readded to the bundle configuration.
Workaround: There is no workaround.
•
Symptoms: Redirection may occur unexpectedly on a Cisco router when redirect is configured on more than one interface with more than one service configured.
Conditions: This symptom is observed on a Cisco router when Web Cache Communication Protocol (WCCP) input redirection is configured on several interfaces and not all services are configured on each interface. In this situation, packets are matched against all services when looking for redirect candidates. This behavior may lead to a spurious match and unexpected redirection of packets to a cache.
Workaround: Use output redirection.
•
Symptoms: When two 4-port OC-12c/STM-4c ATM IP Services Engine (ISE) line cards are connected back to back and you reload microcode onto one of the line cards, the other line card reloads.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S, that is configured with a 4-port OC-12c/STM-4c ATM ISE line card, that is configured with a large number (about 1000) of virtual circuits (VCs), and that is passing traffic.
Workaround: There is no workaround.
•
Symptoms: The output of the show route-map EXEC command may indicate that duplicate traffic indices have been configured.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for Border Gateway Protocol (BGP) policy accounting. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: When a virtual circuit (VC) tunnel contains an output service policy on a 4-port OC-12 ATM IP Services Engine (ISE) line card, and you enter the clear counters user EXEC command, the Route Processor (RP) may reload.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S, that is configured with a 4-port OC-12 ATM ISE line card, and that is configured with a class of service (CoS) queue.
Workaround: There is no workaround.
•
Symptoms: An output access control list (ACL) may not function properly on a subinterface on a 4-port OC-12 ATM IP Services Engine (ISE) line card; all traffic may be permitted.
Conditions: This symptom is observed on a Cisco 12000 series after you have reloaded the router.
Workaround: Remove the ACL from the subinterface, and then reassign the ACL to the subinterface.
•
Symptoms: A Cisco 12000 series Route Processor (RP) may reload when you change the provisioned ATM service class (for example, from unspecified bit rate [UBR] to variable bit rate [VBR]) on 1000 virtual circuits (VCs), and each VC is configured with 8 class of service (CoS) queues.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-12 ATM IP Services Engine (ISE) line card or an 8-port OC-3 ATM Engine 2 line card.
Workaround: There is no workaround.
•
Symptoms: A 4-port OC-12 ATM IP Services Engine (ISE) line card may reload when you change the provisioned ATM service class on 1000 virtual circuits (VCs) that are configured with class of service (CoS) queues.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S and that is configured with a 4-port OC-12 ATM ISE line card on which 1000 VCs, each with 8 CoS queues, are configured. The symptom occurs when you change the ATM service class, that is, when you make any change in the VC parameters.
Workaround: There is no workaround.
•
Symptoms: You may not be able to configure a priority class map with a queue limit for a priority queue.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: From the primary Performance Routing Engine (PRE) you may not be able to format or copy to the disk on the standby PRE.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for high availability (HA).
Workaround: There is no workaround.
•
Symptoms: When you enter the ip pim dense-mode interface configuration command on a Cisco 12000 series and on the router at the remote end of the Cisco 12000 series, the Route Processor (RP) of the Cisco 12000 series may reload and generate the following messages and tracebacks:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x503428A0, sp=0x555C79E0
Unexpected exception, CPU signal 10, PC = 0x0
-Traceback= 0 503428A0 50337248 50168D48 50168E04 50168F74 50167FF4 5016824C 508392B0 508391B4 5085372C 50851D10 508510D0 50851B60 5084E180 5086F868 50871DACConditions: This symptom is observed when both routers are connected back-to-back via Engine 2 (E2) 8-port OC-3 ATM line cards and when multicast is enabled on a virtual circuit (VC) bundle on the E2 8-port OC-3 ATM line card that is installed in the Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When you save a configuration first to the standby Performance Routing Engine (PRE) and then to the active PRE, the configuration may not be saved and the following error message may be generated:
startup-config file open failed (Device or resource busy)Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs and that runs Cisco IOS Release 12.0(26)S.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A Cisco router may leak memory at a rate of up to 100 KB per day, resulting in the gradual reduction of the available memory.
Conditions: This symptom is observed on a Cisco router that is running Label Distribution Protocol (LDP). The symptom may be caused by applications that use TCP as the transport protocol.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco router may reload when you remove a Frame Relay over Layer 2 Tunnel Protocol Version 3 (FR-over-L2TPv3) connection.
Conditions: This symptom is observed when you remove the FR-over-L2TPv3 connection immediately after you have removed and reconfigured a pseudowire class to which the FR-over-L2TPv3 connection is referencing.
Workaround: After you have removed and reconfigured the pseudowire class, wait a few seconds before you remove the FR-over-L2TPv3 connection.
•
Symptoms: You may not be able to attach an input-policing policy to a switched Frame Relay connection, and the following error message may be generated:
dFRS: policer violate action is not supported for switched FR segmentsConditions: This symptom is observed on a Cisco 7500 series that is configured with a switched Frame Relay connection and a policing policy that uses default actions.
Workaround: Explicitly configure conform, exceed, and violate actions in the policing policy.
•
Symptoms: A standby Performance Route Processor (PRP) my not boot up properly.
Conditions: This symptom is observed on a Cisco 12406 that is configured with two PRPs that run the c12kprp-p-mz image of Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A Layer 2 Tunneling Protocol (L2TP) session may flap intermittently because of wedged interfaces.
Conditions: This symptom is observed on a Cisco 7500 series after a few days of proper operation. With the exception of the Cisco 3600 series, Cisco 7200 series, and Cisco 7400 series, the symptom may also occur on other platforms.
Workaround: Reload the router.
•
Symptoms: A Versatile Interface Processor (VIP) may reload because of alignment errors.
Conditions: This symptom is observed on a Cisco 7500 series when you attempt to configure a distributed Frame Relay to Frame Relay switched circuit connection and when distributed Cisco Express Forwarding (dCEF) is enabled.
Possible Workaround: Disable dCEF.
•
Symptoms: A router may reload if the no shutdown interface configuration command is entered on a multilink interface or the no multilink-group interface configuration command is entered on a serial interface.
Conditions: This symptom may occur if the no multilink-group command is entered on a serial interface that is not configured for PPP encapsulation, or if PPP encapsulation is removed from a serial interface using the no encapsulation ppp interface configuration command if that interface is already configured as part of a multilink group.
Workaround: Make sure that a serial interface is configured for PPP encapsulation using the encapsulation ppp interface configuration command before configuring a multilink-group, and always make sure that the interface is not configured as part of a multilink group before removing PPP encapsulation.
•
Symptoms: Traffic that is switched via Frame Relay may not pass through a 2-port multichannel T3 port adapter (PA-MC-2T3+) in unchannelized mode.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed switching.
Workaround: Disable distributed switching.
Resolved Caveats—Cisco IOS Release 12.0(25)S4
Cisco IOS Release 12.0(25)S4 is a rebuild of Cisco IOS Release 12.0(25)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(25)S4 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A Route Switch Processor (RSP) that is acting as a slave may have complete packet switching activity interrupted for several minutes. This situation may cause the RSP to permanently pause.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(12d).
Workaround: There is no workaround.
•
Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is:
Reloading a faulty Cisco IP conference station 7935 or 7936 may cause a connected Cisco switch or router to reload. A CDP message may appear on the terminal, such as the following one:
%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex).
Conditions: This symptom is observed when an empty "version" field exists in the output of the show cdp entry * command for at least one entry.
Workaround: Disable CDP by entering the no cdp run global configuration command.
First Alternate Workaround: Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) has or have an empty "version" field in the output of the show cdp entry * command.
Second Alternate Workaround: Disconnect the 7935 or 7936 phone, in the case of the specific symptom that is described above.
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
IP Routing Protocols
•
Symptoms: A Cisco router that is configured with IP multicast may reload because of a bus error.
Conditions: This symptom is observed when a router sends (S,G) R join overrides to a neighbor, and the neighbor times out because of link flaps or because of another reason. The symptom is caused by a timing difficulty and is most likely to occur when you enter the ip pim spt-threshold infinity global configuration command on all routers in the network.
For a list of the affected releases, go to the following location: http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds31596. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Delete the ip pim spt-threshold infinity global configuration command from all routers in the network to minimize the occurrence of the symptom.
•
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at `^' marker.
exit-address-family
^ % Invalid input detected at `^' marker.
exit-address-family
^ % Invalid input detected at `^' marker.The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom is not observed in Cisco IOS Release 12.3.
Workaround: Reenter the configuration that was present before the router reloaded.
•
Symptoms: An inconsistency between the Cisco Express Forwarding (CEF) table and the Address Resolution Protocol (ARP) table may cause CEF entries to be removed and then recreated at random times. This situation, in turn, may cause unicast packet loss for the affected entry or entries.
Condition: This symptom is observed only when ARP requests are not answered. ARP and adjacency tables are periodically refreshed independently; this may cause tables to be out of synch until this situation ages out.
Possible Workaround: Configure the ARP timeout to be 60 seconds or a multiple of 60 seconds. For example, when you enter the arp timeout 270 interface configuration command, the symptom occurs, but when you enter the arp timeout 300 interface configuration command, the symptom does not occur.
•
Symptoms: A router may reload unexpectedly when you remove a network command. There is a small window during which this symptom can occur: when a network command that covers an interface that is running OSPF is removed and when there are outstanding packets from this interface in OSPF queue.
Conditions: This symptom is observed on a Cisco router that has the router ospf global configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: BGP update generation may enter a deadlock.
Conditions: This symptom is observed when the RR configuration is changed.
Workaround: Remove the BGP process and add it back.
•
Symptoms: A Cisco router with a label switched path (LSP) tunnel on which Fast ReRoute (FRR) is enabled and active may stop refreshing the Resource Reservation Protocol (RSVP) state when the refresh updates are received via RSVP summary refresh messages. This situation causes the RSVP to time out and the LSP tunnel to be torn down.
Conditions: This symptom is observed on a Cisco router that does not transmit RSVP messages for LSP tunnels on which FRR is enabled and active via message IDs. The symptom does not occur when FRR is enabled but not active.
A peer router that runs software other than Cisco IOS software may continue to send RSVP messages with messages IDs that request an acknowledgment. The Cisco router does acknowledge these message IDs, causing the peer router to start sending RSVP summary refresh messages to refresh the RSVP state. The Cisco router ignores the message IDs that are contained in these RSVP summary refresh messages and does not refresh the RSVP state.
Workaround: There is no workaround.
•
Symptoms: Pings fail on an Ethernet-to-VLAN interworking over L2TPv3 due to an IRDP failure.
Conditions: This symptom is observed when you ping between two CE routers. Both of the CE routers do not learn each other's MAC address automatically.
Workaround: Ping from the first CE router to the second CE router, then ping from the second CE router to the first CE router.
•
Symptom: This symptom occurs in an OSPF network topology in which a CE router (CE-1) connect to a PE router (PE-1) that connects to two other PE routers (PE- 2 and PE-3), each of which connect to another CE router (CE-2 and CE-3). In turn, both of these CE routers are connected to each other (that is, CE-2 and CE-3 connect to each other).
When the link between the PE-3 and the CE-3 flaps, the OSPF route in the VRF fails to switch back from BGP to OSPF on the PE-1.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S, 12.2 S, and 12.3 T.
Workaround: Clear the ip route, clear the OSPF process, or enter the clear ip bgp * command on the PE-1 to bring the route back from BGP to OSPF.
•
Symptoms: FRR LSPs may fail to provide protection with a Next-next-hop (NNHOP) backup tunnel.
Conditions: This symptom is observed only when a primary LSP reaches beyond a merge point.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router that is running Cisco IOS Release 12.0(25)SX6 notices a large increase of at least 15% in the CPU usage in the "BGP Router" process when upgraded from Cisco IOS Release 12.0(23)SX5. This occurs under certain conditions where there are a very large number of BGP neighbors in a PE-CE scenario. During the steady state after BGP router convergence, there needs to be a constant churn in the updates with addition/withdrawal of the routes from the neighbor BGP peers.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(25)SX6. All versions starting from Cisco IOS Release 12.0(25)SX to Release 12.0(25)SX6 are affected by this problem.
Workaround: Configure the neighbors by grouping into sets or peer-groups, in which a few of the neighbors in each set share similar outbound policy. Each set will fall into a separate update group or peergroup.
•
Symptoms: A Cisco router may reload unexpectedly when you manually reload the router.
Conditions: This symptom is observed when Open Shortest Path First (OSPF) LSAs are being "maxaged" while you manually reload the router. This situation may occur because of a fluctuating network and is an extreme corner case that cannot be reproduced on demand. The symptom is very unlikely to occur.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: On toggling the HSRP states on a link-bundle interface from active to standby and the other way around, a microcode bundle flap occurs on all the Engine 2 line cards in the same router, causing these line cards to load the Vanilla microcode bundle. This situation prevents loadbalancing on the egress link-bundle interface for traffic that enters through an interface of an Engine 2 line card.
Conditions: This symptom is observed on a Cisco 12000 series running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: A QOC-12 IP Services Engine (ISE) ATM line card may fail if it is used as a customer edge (CE) router in a Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S4.
Workaround: There is no workaround.
•
Symptoms: A Cisco router performing MPLS label imposition on IPv4 traffic may reload.
Conditions: This symptom is observed when the router attempts to forward traffic to a destination via a route that is newly learned, when the router forwards traffic via Cisco IOS software (that is, not via hardware acceleration), and when one of the following conditions is present:
–
–
–
The symptom affects the following Cisco IOS releases:
–
–
–
–
–
The symptom does NOT affect the following Cisco IOS releases:
–
–
Possible Workaround: Avoid conditions that prevent a "valid cached adjacency" from being installed.
•
Symptoms: The startup configuration file may become corrupt.
Conditions: This symptom is observed when multiple Telnet sessions simultaneously execute the copy running-config startup-config EXEC command. Only one Telnet session at a time should execute the copy running-config startup-config EXEC command.
Workaround: To save the configuration properly, reenter the copy running-config startup-config EXEC command.
•
Symptoms: For IP prefixes in the global routing table, that are reachable by both BGP and IGP, connectivity problems may appear when the reachability of such a prefix changes (link flap, etc.). The following error message might appear: "%TFIB-7-INVALIDTAG: Invalid tag Exp_null new incoming tag". Connectivity for MPLS/VPN prefixes might be affected if such a prefix is used as BGP nexthop for VPN routes.
Conditions: This symptom can occur on a Cisco router that is configured for Multiprotocol Label Switching (MPLS).
Workaround: Avoid learning the prefixes by BGP if they are supposed to be reachable by IGP.
•
Symptoms: Boot variables may not be cleared, may not be set, or may become corrupted.
Conditions: This symptom is observed when you copy a configuration to the startup configuration, for example by entering the copy system:running-config nvram:startup-config EXEC command. The old boot variables may not be replaced with the new boot variables; instead, they may be appended incorrectly. The old boot variables should be replaced with the new boot variables.
Workaround: First, enter the no boot system global configuration command and save the configuration. Then, configure the new boot statement.
•
Symptoms: An Engine 4 line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series under stress conditions such as link or route flaps, clearing of the Border Gateway Protocol (BGP) table, or using the command-line interface (CLI) to perform an online insertion and removal (OIR).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router may reload when an invalid change to a policy-map configuration is rejected.
Conditions: This symptom is observed when a policy map is attached to an Engine 4 plus Gigabit Ethernet (GE) and an IP Services Engine (ISE) GE line card, and you change the policy-map configuration while traffic is flowing through the line cards.
Workaround: Do not attempt to enter an invalid configuration.
•
Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.
Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.
Workaround: There is no workaround.
•
Symptoms: A Catalyst 6000 series Supervisor 2 may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when access control list (ACL) counters are sent from a line card to the Route Processor (RP) and when the ACL number is in the expanded range (that is, from 1300 to 1999 or from 2000 to 2699).
Workaround: There is no workaround.
Further Problem Description: This problem is not platform dependant Also, problem will not show up if named ACLs are used.
•
Symptoms: Traffic does not pass through Multiprotocol Label Switching (MPLS) static crossconnects on an ATM line card after either the line card is reloaded or the router is reloaded.
Conditions: This symptom occurs with MPLS static crossconnects when the output interface is in any ATM line card in a Cisco 12000 series. When an MPLS crossconnect is configured to go out of the ATM interface on the Cisco 12000 series and traffic is sent across, the symptom is not observed. If the line card is reloaded, traffic never resumes. If the router is reloaded (after saving the configuration), traffic may or may not flow depending on the order in which the line cards come up.
Workaround: To make the traffic resume, enter the clear cef line EXEC command.
•
Symptoms: An interface may not transmit traffic because the output may be stuck. When this symptom occurs, the console of the Route Switch Processor 4 (RSP4) may display the following error messages:
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/2:15, TEI0 changed to down
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/1:15, TEI0 changed to down
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/3:15, TEI0 changed to down
%RSP-3-RESTART: interface Serial1/0/0:15, not transmitting Output Stuck on Serial1/0/0:15
%RSP-3-RESTART: interface Serial1/0/1:15, output frozen
%RSP-3-RESTART: interface Serial1/0/2:15, not transmitting
%RSP-3-RESTART: cbus complexConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1(19)E1 when the compress stac caim interface configuration command is configured on the interface. The symptom may also occur in other releases.
Workaround: Remove the compress stac caim interface configuration command from the interface.
•
Symptoms: Incorrect tags may be imposed after a route has flapped.
Conditions: This symptom is observed on a Cisco router that functions in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.
Workaround: There is no workaround.
•
Symptoms: Fast Reroute (FRR) fails to detect a protected interface that has gone down. Initial failure detection varies from 100 to 800 milliseconds.
Conditions: This symptom is observed only on a Cisco 7500 series router.
Workaround: There is no workaround.
Further Problem Description: When the protected interface goes down, FRR switches from the primary tunnel to the backup tunnel.
•
Symptoms: The following message is observed after executing shutdown subinterface of ATM:
%GENERAL-3-EREVENT: c10k_atm_vc_state_change: No current_if_infoConditions: This symptom is observed on a Cisco 10008 Internet router that is running the Cisco IOS image c10k-p10-mz.120-23.S3b under the following conditions:
1. ATM interface: down/down with pvc configuration on subinterface.
2. ATM interface: initializing/down with no LC and pvc configuration on subinterface.
This error message can be observed when executing no shut/shut subinterface in the above conditions.
Workaround: There is no workaround.
Further Problem Description: When main ATM interface is down (could be either admindown or down), create a point-to-point ATM subinterface with vbr-nrt vc in shutdown state. Then deleting pvc underneath the ATM subinterface, or deleting the ATM subinterface itself, can cause the losing of bandwidth on ATM interface.
For more details, look at the Release-note for CSCed62971.
•
Symptoms: Some channelized PA-MC-2T3+ interfaces on a Cisco 7500 series router may go into a down/down state. When this symptom occurs, one or more groups of four T1 interfaces may go down simultaneously because of an Rx Alarm Indication Signal (AIS) alarm, and all of the interfaces associated with the down/down T1 interfaces may also go into the down/down state.
Conditions: This symptom is observed only on a PA-MC-2T3+ port adapter. This symptom may be caused by a router or Versatile Interface Processor (VIP) reload or a circuit failure on the T3 port adapter. This symptom has not been observed on the PA-MC-T3 port adapter.
Workaround: Perform an online insertion and removal (OIR) of the VIP that seats the PA-MC-2T3+. Make sure that you follow the guidelines for performing an OIR procedure on a Cisco 7500 series router.
Alternate Workaround: Identify the router with four ports in the down/down state, and reload this router. You can identify the router with the interfaces in the down/down state by checking for the presence of AIS on all four ports. T1 interfaces will go down in the following combinations: 1-4, 5-8, 9-12, 13- 16, 17-20, and 21-24. If T1 interfaces go down in 3-6 or 10-13 combinations, this symptom is not the reason that the interfaces are in the down/down state.
•
Symptoms: A Versatile Interface Processor (VIP) may reload when the clear cef line command is entered or when a new VRF is provisioned on an interface via the CLI.
Conditions: This symptom is observed on a VIP when Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow before making configuration changes or before entering the clear cef line command.
•
Symptoms: A service policy may not attach to an interface. When you enter the show policy-map interface EXEC command, the output displays all counters at 0.
Conditions: This symptom is observed on a Cisco router when a policy map is configured on an IP Services Engine (ISE) line card for the Cisco 12000 series router with policing set to less than 64 kbps, and the Cisco IOS software is being upgraded from a release prior to 12.0(26)S up to Cisco IOS Release 12.0(26)S.
Workaround: Make sure that the policing rate is larger than 64 kbps. The service policy may then be attached to the interface.
•
Symptoms: A Cisco 12000 series may forward packets to an incorrect interface. This behavior can been seen by looking at the hardware CEF entry on this input line card:
execute-on slot x show ip hardware-cef a.b.c.d(a.b.c.d is the destination IP address)
The output looks similar to the following, in which the CEF lookup is null:
LC-Slot0#show ip hardware-cef a.b.c.d
Leaf FCR 2 0x784C6FC0 found 2 deep
alpha ip loadbalance: 0x78198D00 - lbl not equal. cef lookup NULLAfter clearing the route, the output looks as follows:
LC-Slot0#show ip hardware-cef a.b.c.d
Leaf FCR 4 0x784C6FC0 found 2 deep
Fast Adjacency:
alpha adjacency: 0x701E8280
[0-7] oi 0x4019100 oq 4000 in 15 ab 0 hl 20 gp 11 tl 0 loq BC01 15/0 mtu 4470
packets 1750013440 bytes 776867999767
Output Queue / Local Output Queue Bundle:
[0-7] output queue 0x4000 local output queue 0xBC01This problem may cause packets to be dropped because a loop is created and the TTL expires for the packets.
Conditions: This symptom is observed under very specific conditions on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S or a later release when traffic that enters an Engine 3 line card toggles between a static-to-null route and a more specific route as the destination.
Workaround: Avoid the specific conditions mentioned above. Clearing the route resolves the problem only temporarily.
•
Symptoms: When sending 10 packets from AGT-SRC to AGT-Dest with TTL set to 3 on all packets, the first packet is dropped.
Conditions: This symptom occurs under the following conditions:
–
–
–
Workaround: Remove the "log" option from the ACL rule.
•
Symptoms: A file that is copied to an ATA disk may become corrupted.
Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster.
Workaround: Use an ATA disk that is formatted with 16 or less sectors/cluster. The show disk all command indicates how many sectors are configured per cluster.
•
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these VRFs.
Conditions: This symptom can occur on a Cisco router that runs Cisco IOS Releases 12.2, 12.2T, 12.0S, 12.3 after the VRF interfaces have flapped. The symptom may occur in all code levels of these releases.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: Intermittent packet drops occur when you ping the VRF loopback/interfaces on a PE router from an attached PE router. The VPN transit traffic intermittent drops occur also on packets that exceed the MTU size.
Conditions: This symptom is observed on a Cisco 12000 series 3-port GE and 4-port GE line card that are installed in a Cisco router that functions as a PE router and that is connected to another PE router via an L2 switch. The problem occurs when a VRF is configured on a subinterface that faces the L2 switch.
Workaround: Remove the VRF from the subinterface that faces the L2 switch.
•
Symptoms: Per VPN per destination load balancing is not operating correctly on an Engine 2 or 4+ that is running Cisco IOS Release 12.0(23)S4 and seems to be load sharing only on BGP nexthop.
Conditions: There are no specific conditions.
Workaround: The clear ip route vrf vrf- name command invokes a recalculation on the hashes. Also, the clear ip bgp neighbor soft command (can) reassign(s) new labels and respread(s) the load. These commands may impact service by stopping traffic forwarding.
•
Symptoms: A Cisco 12000 series may reload unexpectedly.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Fast Reroute (FRR) is configured.
Workaround: There is no workaround.
•
Symptoms: A router may log a CPUHOG message that is caused by the CEF reloader process.
Conditions: This symptom is observed on a Cisco router when a VRF with more than 9000 routes is added to the configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes while verifying if FRR is active at Backup Head.
Conditions: A show display of a large number of FRR Active LSPs (Label Switched Paths) issued by the show mpls traff fast database int xx command was paused before completing when one of the LSPs was deleted by an external event. When the display was resumed, the deallocated LSP was referenced by the show display causing the router to crash.
Workaround: There is no workaround.
•
Symptoms: When a recursively resolved adjacency is "discard" (e.g., null0), a packet that is entering an Engine 3 4-port GE line card and that is destined to the "discard" adjacency is punted to the local line card CPU, causing high CPU utilization. Punting to the CPU is caused by a wrong adjacency that is populated for the corresponding route.
Conditions: This symptom is observed on Engine 3 line cards that are installed in a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S1 or a later release.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router may crash when access control lists (ACLs) are displayed.
Conditions: The symptom is observed when ACLS are displayed by entering the show access-list command just after an ACL has been added, deleted or modified. The probability of the crash increases with the size of the ACL and with the number of times it is used (for example, in route maps).
Workaround: Wait for a few minutes after modifying the ACL. For large size ACLs (with hundreds of entries) that is used many times you may have to wait between 5 and 10 minutes.
•
Symptoms: Multiple SYS-3-CPUHOG error messages may be generated in the LDP process, eventually followed by a watchdog timeout crash:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (422/8),process = LDP.
-Traceback= 6101DFC0 6102546C 61016FE4 6101CE24 6101728C 61017A30
...
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = LDP.
-Traceback= 6085658C 6101DE48 6102546C 61016FE4 6101CE24 6101728C 61017A30After the router has reloaded, the output of the show version command indicates "Last reset from watchdog reset."
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)S3 or Release 12.2(22)S and that is configured for MPLS LDP. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Some MQC commands on 4xOC3 and 8xOC3 ISE line cards on Cisco 12000 series routers may result in a message similar to the following:
% Service policy on FR sub-interface POS1/1.2 must be hierarchical.Due to the error, no policy is applied to the interface. Even though the running configuration has the policy on the interface, the policy will not take effect.
Conditions: This symptom is observed on Cisco 12000 series routers.
Workaround: There is no workaround.
•
Symptoms: An EPA-GE/FE-BBRD line card may experience repetitive crashes during normal operation.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S2 or 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: An ACL applied to a subinterface may becomes active on the main interface, without showing this in the configuration.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S2.
Workaround: Do not apply the ACL to the subinterface.
•
Symptoms: Cisco Express Forwarding (CEF) becomes disabled on a secondary Cisco 10000 series Performance Routing Engine (PRE) during a switchover.
Symptoms: This symptom is observed after configuring 380 traffic engineering (TE) tunnels and checking that CEF is enabled on both the primary and secondary PREs and that all TE tunnel interfaces are up. Then, a forced switchover from the primary PRE to the secondary PRE is performed. When the secondary PRE comes up and it now the new primary PRE, all tunnel interfaces are down. The line is up but the protocol is down. Because CEF is disabled and not running, the tunnels do not function and no routing can occur.
Workaround: Enable CEF on the primary PRE and enter the shutdown command followed by the no shutdown command on the affected interfaces. Doing so enables the TE tunnels to come up.
•
Symptoms: MPLS TE tunnel counters are inaccurate; the MPLS TE tunnel output rate counters may exceed the physical interface capabilities that the tunnel uses.
Conditions: This symptom is seen on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S5 with an Engine 4 line card. This symptom may be observed by issuing the following commands in the following order:
1. Enter the show interfaces tunnel number command. This command tells you the interface statistics for the tunnel.
2. Enter the show mpls traffic-eng tunnels tunnel-interface command. This command tells you the physical interface the tunnel traverses.
3. Enter the show interfaces type slot/port command. This command tells you the physical interface statistics.
Workaround: There is no workaround.
•
Symptoms: For MVPN traffic, multicast traffic streams are punted from the PXF to the RP. Normally, PXF does this when a new stream needs to be created. However in this case, PXF behaves as if the streams are not present even if the required (S,G)/(*,G) states exist.
Conditions: This symptom is observed on a Cisco 10000 series when the VRF index of the VPN is higher than 255. This occurs when 255 or more VRFs are configured or when some VRFs are created and deleted many times. You can determine the VRF index by entering the show ip vrf detail command.
Workaround: There is no workaround.
•
Symptoms: IPv4 multicast traffic may stop being forwarded when NetFlow is configured on an Engine 4+ interface.
Conditions: This symptom is observed on a Cisco 12000 series that runs the Cisco IOS Release 12.0 S when a (*,G) entry is used to forward IPv4 multicast traffic instead of a (S,G) entry.
Workaround: There is no workaround.
•
Symptoms: The packet queue size on an MLP bundle may be larger than necessary, which may manifest as two separate symptoms:
–
–
Conditions: This happens after the reload of a Cisco 10000 series with a policy map attached to an MLP interface or when more links are added to an MLP interface.
Workaround: After any MLP bundle change (either by configuration, bootup, or link failure) delete and reattach the service policy to the interface.
•
Symptoms: The priority traffic on an MLP interface may exceed the configured bandwidth limits.
Conditions: This symptom is observed on a Cisco 10000 series when new links are added to an MLP interface that already has a policy map with a priority class attached. The link addition may happen as result of a system bootup or a link flap, or a user may add more links to the bundle by configuration.
Workaround: Once the interfaces that are associated with the MLP bundle are up, remove and reattach the service policy to the MLP bundle. If links associated with the bundle flap, the policy may have to be removed and reattached again.
•
Symptoms: A transient error may occur on a Cisco 12000 series line card during a network routing change. here is a chance that other line cards in the system will stop transmitting or receiving routing protocol updates and traffic, causing traffic to be blackholed.
Conditions: This symptom is observed in an MPLS-VPN network. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCeb58214. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Enter the microcode reload command on any line card that stops receiving traffic or routing protocol adjacencies from its neighbors.
•
Symptoms: When applied to a multilink PPP (bundle) interface, the service- policy command results in the following error message on the standby PRE: "CEF switching is required for the set command." In addition, the multilink PPP interface configuration on the standby PRE indicates that there is no service policy on the interface.
Conditions: This symptom occurs only on multilink PPP (bundle) interfaces and only if the policy-map referenced in the service-policy command contains a set command.
Workaround: The problem can be avoided by replacing the set command by a police command whose conform, exceed, and violate actions use the same action as in the set command. For example, if the set command is "set mpls experimental 5," the equivalent police command is "police 8000 1000 0 conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp- transmit 5 violate-action set-mpls-exp-transmit 5."
•
Symptoms: HSRP over the VRF is not working after following these steps:
1) PE router 1 is the active HSRP router and a redundancy forced switchover occurs on PE router 2 (standby HSRP VPN) with SSO configured.
2) You enter the shutdown command on the GE subinterface of PE router 1.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3, that has a PRP and 4-port GE ISE line cards, and that functions as a PE router.
Workaround: Enter the standby use-bia command or use RPR+ instead of SSO.
•
Symptoms: If a Cisco 10000 ESR does not have a specific route for both end points of a conversation, the Cisco 10000 ESR will only duplicate one-way audio for only the specific route populating the Cisco 10000 routing table but not for the end point using the default route from the routing table.
Conditions: This symptom is observed on a Cisco 10000 ESR that is running Cisco IOS Release 12.0(25)S3 and PRE-1.
Workaround: There is no workaround.
•
Symptoms: After a circuit bounces, traffic stops being passed on a VC when using a VC bundle. Other VCs on the same subinterface still work. The switch on the other side of the VC does not show any received cells from the VC.
In addition, the show atm vc command does not work because even after the VC is recovered, the command output still does not show any traffic.
Conditions: These symptoms are observed on a Cisco 12000 series.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.0(25)SX1 may experience CEF disabling on standby PRE.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(25)SX1. The symptom may also occur in Release 12.0 S.
Workaround: Reset standby PRE.
•
Symptoms: A Cisco 12000 series router crashes because of a bus error.
Conditions: This symptom is observed on a Cisco 12016 router that is running Cisco IOS Release 12.0(25)S2 when you enter the hw-module slot 17 shutdown command to shut down the master scheduler card.
Workaround: Do not shut down the master scheduler card.
•
Symptoms: When a channel group (for example, channel +1) is removed from a controller, the class-default queue gets stuck on the next time slot/channel.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with 24-port channelized E1/T1 line cards and that has a high traffic rate on the removed channel.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: Multiprotocol Label Switching (MPLS) that is configured on an Engine 1 GE line card crashes continuously when traffic is flowing via the interface.
Conditions: This symptom is observed on MPLS that is configured on a GE (Engine 1) line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(25)S3.0517.
Workaround: There is no workaround.
•
Symptoms: Traffic may stall on a few channels of certain port adapters.
Conditions: This symptom is observed on the following Cisco port adapters:
–
–
–
–
–
Workaround: Reprovision the affected channels on the port adapters.
•
Symptoms: Traffic loss may occur when you configure the no ip cef global configuration command.
Conditions: This symptom is observed on a Cisco router that has Cisco Express Forwarding (CEF) enabled by default, but that does not have the no ip cef global configuration command configured in the startup configuration.
Workaround: After CEF has been enabled by default, disable CEF.
•
Symptoms: An enhanced ATM port adapter (PA-A3) may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and some PVCs configured on the PA-A3 port adapter may stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3. Certain types of PA-A3s are impacted by this problem (PA-A3-OC3/T3/E3 are impacted, but PA-A3-OC12 and PA-A3-8T1/8E1 IMA are not). Also, any platform supporting these types of PA-A3s may be impacted.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3.
Further Problem Description: The condition that triggers this problem is ignores on the ATM interface. The high-traffic load must be high enough to cause ignores on ATM interface in order for the problem to occur. However, it is important to note that ignores on the ATM interface does not always leads to this problem.
•
Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).
For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.
•
Symptoms: A line card reloads continuously after an OIR.
Conditions: This symptom is observed when the line card has MFR and a service policy configured.
Workaround: Remove the service policy before performing an OIR.
•
Symptoms: On a Cisco 12000 ATM ISE line card, shaping resources may be used up after different policy-maps are attached and then removed from a VC many times.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Microcode reload the line card.
Wide-Area Networking
•
Symptoms: A router may reload if the no shutdown interface configuration command is entered on a multilink interface, or the no multilink-group interface configuration command is entered on a serial interface.
Conditions: This symptom may occur if the no multilink- group interface configuration command is entered on a serial interface that is not configured for PPP encapsulation, or if PPP encapsulation is removed from a serial interface using the no encapsulation ppp interface configuration command if that interface is already configured as part of a multilink group.
Workaround: Make sure that a serial interface is configured for PPP encapsulation using the encapsulation ppp interface configuration command before configuring a multilink group, and always make sure that the interface is not configured as part of a multilink group before removing PPP encapsulation.
Resolved Caveats—Cisco IOS Release 12.0(25)S3
Cisco IOS Release 12.0(25)S3 is a rebuild of Cisco IOS Release 12.0(25)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(25)S3 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: Incorrect "output IFMIB" counters are observed on the main interface.
Conditions: This symptom has been observed on a Cisco 7500 series router running Cisco IOS Release 12.0(25)S1 when an 802.1q VLAN is configured with Committed Access Rate (CAR). The "output CLI" and "input SNMP/CLI" counters are correct.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: On a router with the hidden command ip routing external overload signalling set, if a router-wide CEF FIB-DISABLE event takes place (rather than a FIB-DISABLE event on a linecard), the loopback interface and its associated IP address are removed from the routing table.
On FIB recovery, the IP address associated with the loopback interface will not be present in the routing table and therefore cannot be advertised to any other routers in the network.
Conditions: This behaviour is observed in IOS release 12.0(25)S and later releases on a router with the ip routing external overload signalling command set. Earlier IOS releases are not affected.
Workaround: Remove the function with the line "no ip routing external overload signalling." The feature can then be reenabled.
Miscellaneous
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: Engine 4 line cards (LCs) experience sporadic error recovery after detecting a corrupt packet arriving from the fabric. The error recovery is indicated by %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM error messages on E4+ line cards. The packets are corrupted by Engine 3 line cards triggered by routing convergence.
Conditions: These symptoms have been observed in a Cisco 12416 router with IOS 12.0(25)S or 12.0(25)S1. Only packets in the ip2tag path are affected.
Workaround: There is no workaround.
•
Symptoms: With a PRP running Cisco IOS Release 12.0(25)S1, the PRP hangs after the test crash command is entered. This is seen only on a PRP-1 and not a GRP-B.
Conditions: These symptoms were observed on a Cisco 12000 router with a PRP-1 and a full or nearly full chassis after the test crash command was entered. The router becomes inaccessible and inoperable. This only happens when the line "exception warmstart 60 5" is configured.
Workaround: Disable "exception warmstart". Please note that if "exception warmstart" is disabled, CSCeb70797 might be hit.
•
Symptoms: An 8XOC3 ATM line card stops passing non-exp0 traffic after a RP/LC reload.
Conditions: This problem happens when ingress and egress subinterfaces are configured on the same ATM interface using an ATM switch. This symptom was observed on IOS 12.0(25)S3 and higher releases.
Workaround: Performing shut and no shut on the affected interface recovers the interface from the problem state.
•
Symptoms: The Gigabit Ethernet port on a 10-port Gigabit Ethernet base card may be in the up/up state even though there are no cables plugged in.
Conditions: This symptom is observed when the 10-port Gigabit Ethernet card has one EPA in the top slot and two ports on the EPA configured and enabled. Each time the router is booted, the Gigabit Ethernet port on the 10-port Gigabit Ethernet base card is in the up/up state.
Workaround: There is no workaround.
•
Symptoms: A card crash is due to a timeout during the get_stat operation.
Conditions: This is a potential problem on a few 4-port OC-12 ATM ISE LCs at extreme conditions (cold temperature and high voltage).
Workaround: There is no workaround
•
Symptoms: Multicast traffic stops flowing via an ATM interface.
Conditions: This symptom is observed when detaching and attaching the PVC to an ATM interface while sending multicast traffic over the PVC.
Workaround: After removing and attaching the PVC, perform a shut and no shut on the interface.
•
Symptoms: On a Cisco router that is configured with LLQ, there is queueing on the real time queue.
Conditions: This symptom is observed on a Cisco 10000 ESR that is configured with LLQ.
Workaround: There is no workaround.
•
Symptom: An ingress Engine 4 plus POS line card may drop fragmented packets.
Conditions: These symptoms occur in an IP-to-IP scenario under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: Flow control information is not sent to the line card correctly, which causes errors in flow control issues.
Conditions: When a VC is created, if the VC goes down or is inactive during the first 60 secs, the flowbit information may not be updated correctly on the line card.
Workaround: Create another VC. This will cause IOS to go through all of the active VCs and update all their flowbit information.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: Random Early Detection maintains an average length of the outbound queue of a class of traffic, and randomly discards newly arriving packets when the average falls within the configured range. A Cisco 10000 series router, that is running any of the identified Cisco IOS software, contains an error in the average queue length computation which makes Random Early Detection too sensitive to the instantaneous queue length.
Conditions: This problem is seen on the Cisco 10000 series routers that are running all Cisco IOS releases identified in this report.
Workaround: There is no workaround.
•
Symptoms: OAM cells generated on an ATOM VC that is configured for AAL0 cell relay will have CRC-10 errors. Note that the CRC-10 errors will be present only on the generated OAMs and not on the OAMs forwarded transparently as received from the remote PE. See below:
CE1 <--> PE1 <-- PW --> PE2 <--> CE2OAM cells forwarded from PE2 to PE1 and vice versa will be fine. The problem will be seen when the PE1 starts sending OAM cells to CE1 when the PW goes down.
Conditions: When the ATOM VC goes down due to whatever reasons (e.g. remote PE-CE), the ATM interface going down will take the ATOM VC down. This condition will trigger the local PE to start sending OAMs to the CE. These OAM cells will have CRC-10 errors, as explained above. This problem will be seen on 8xOC3 ATM line cards.
Workaround: There is no workaround.
•
Symptoms: The Cisco 10720 microcode will be reloaded upon reception of certain malformed MPLS packets.
Conditions: An MPLS packet where the topmost label is an MPLS Aggregate Label (for either IPv4 or IPv6) and this label does not have the EOS bit set (that is, it is not the only label) will cause the reload.
Workaround: There is no workaround.
Further Problem Description: This should be an extremely rare situation as such packets are not allowed in MPLS, that is, IPv4/IPv6 aggregate MPLS labels must always be the only label on the received label stack and therefore they must always have the EOS bit set. Reception of such a packet implies that some other network element has generated an invalid MPLS packet.
•
Symptoms: The Cisco 12000 series router Engine 4+ is unable to originate ICMP echo reply packets. ICMP packets transiting the router are correctly transmitted.
Conditions: This symptom occurs when rate-limit, MQC set, or MQC police commands are configured on the interface in the output direction.
Workaround: There is no workaround.
•
Symptom: Traffic may be delayed across a Cisco 12000 Series Engine 3 line card. Traffic sent through the Cisco 12000 series Internet router may see latency. Other symptoms include:
1.
2.
3.
4.
Note: 3 and 4 are LC specific commands.
Conditions: This problem occurs when tag-switching and MPLS are configured on the E3 line card.
Workaround: Upgrade IOS to get by CSCeb45907.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: Engine 2 line cards may fail upon clearing BGP peers.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptom: On a Cisco 7500 series router, after a RPR, RPR-plus or SSO switchover, the router may display the following messages:
%RSP-3-RESTART: cbus complexThis will be followed by the reload of all line cards in the router.
It will be followed by the messages:
HA-2-NO_QUIESCE: Slot <slot#> did not quiesce, it will be disabled and then reloaded.Conditions: This problem happens on a Cisco 7500 series router that is running Cisco IOS Release 12.0S and occurs after an RPR, RPR-plus, or SSO switchover. Similar symptoms can be observed if service single-slot-reload-enable is not configured on the router. But in that case, the cbus complex message will follow the HA-2-NO_QUIESCE error message(s).
Workaround: There is no workaround.
•
Symptoms: A Cisco Catalyst 2950 experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
•
Symptoms: Failover boot commands from slot to disk results in endless loop. If the router does not find the image in slot0, it will not be able to properly switch to the next image in disk1.
Conditions: This symptom occurs when slot0 holds linear flash and disk1 holds ATA disk.
Workaround: While being in a loop in the console connection, press control plus return, type and send break till the loop stops.
•
Symptoms: A modified ATM VP tunnel is broken on SAR 1.3.2.10
Conditions: An ATM PVP tunnel must exist.
Workaround: This problem has two workarounds:
1. Before modifying the ATM VP tunnel, the main interface must be shut down.
2. Delete the existing ATM VP tunnel and all VCs for the VP, and create a new connection with new parameters.
Resolved Caveats—Cisco IOS Release 12.0(25)S2
Cisco IOS Release 12.0(25)S2 is a rebuild of Cisco IOS Release 12.0(25)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(25)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: Information about a port adapter (PA) may be missing from the output of a show diag command.
Conditions: This symptom is observed on a controller with a memory size of 128 MB DRAM and 8192 KB SRAM. The controller displays the following information:
PA Bay 0 Information: Fast-Ethernet PA, 1 ports, 100BaseTX-ISL EEPROM format version 0 HW rev 0.00, Board revision UNKNOWN Serial number: 00000000 Part number: 00-0000-00
PA Bay 1 Information: Fast-Ethernet PA, 1 ports, 100BaseTX-ISL EEPROM format version 1 HW rev 1.00, Board revision A0 Serial number: 08534388 Part number: 73-1688-04
Workaround: There is no workaround.
•
Symptoms: When High System Availability (HSA) is configured, the standby Route Switch Processor (RSP) may not become active when the primary RSP reloads unexpectedly.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(24)S when you configure the primary RSP in slot 2 and the standby RSP in slot 3.
Workaround: Configure the secondary RSP in slot 2 by entering the slave default-slot 2 global configuration command. The symptom does not occur when you configure the secondary RSP in slot 2 and the primary RSP in slot 3.
EXEC and Configuration Parser
•
Symptoms: A policy map configuration may not synchronize correctly to the standby Route Processor (RP).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco 12000 series may reload when you enter the show bgp ipv6 unicast or show bgp ipv6 multicast user EXEC or privileged EXEC mode command.
Conditions: This symptom is observed when IP version 6 (IPv6) multicast is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you add Border Gateway Protocol (BGP) neighbor statements to the configuration.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0) S or Release 12.2 S when BGP neighbors are added by using a script that adds the BGP neighbors at a much faster rate than manual addition, and when a large BGP table is already present on the router before the script adds the BGP neighbors.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload because of a race condition when you enter the no router ospf global configuration command or the no ip vrf global configuration or router configuration command.
Conditions: This symptom is observed when you run a configuration script in which the commands are entered in a very fast sequence.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series that is configured with two Performance Routing Engine 1 (PRE-1) processors may stop functioning as a redundant system.
Conditions: This symptom is observed when you enter the bgp upgrade-cli router configuration command.
Workaround: Reload the standby PRE-1.
•
Symptoms: When refresh reduction is enabled and a Cisco router has been operational for a long time, valid Resource Reservation Protocol (RSVP) messages that are received from a neighbor may be dropped when the message IDs have cycled through the entire number space once (that is, from 0 to 4,294,967,295) and then progressed up to 2,147,483,648 (0x80000000).
Conditions: This symptom is observed when a message ID number space begins at zero, increases up to 4,294,967,295 (32 bits), but then does not properly wrap back to zero, causing message IDs greater than 2,147,483,648 to be out of sequence, and to be dropped.
Note that a neighboring router is able to send Message IDs and properly wraps back from 4,294,967,295 to zero, but the receiving router that does not record the wrap event, causing the symptom to occur.
Workaround: There is no workaround.
•
Symptoms: An IP packet that is sent with an invalid IP checksum may not be dropped.
Conditions: This symptom is observed if the IP checksum is calculated with a decreased time-to-live (TTL) value. For example, in the situation where the IP checksum must be 0x1134 with a TTL of 3, if the packet is sent with an IP checksum of 0x1234 that is calculated by using a TTL value of 2, the packet is not dropped. In all other cases, packets with incorrect checksums are dropped.
Workaround: There is no workaround.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptoms: You may not be able to configure the ip vrf receive interface configuration command.
Conditions: This symptom is observed when the interface on which you attempt to configure the ip vrf receive interface configuration command does not have an IP address configured.
Workaround: First configure an IP address on the interface, then enter the ip vrf receive interface configuration command on the interface.
ISO CLNS
•
Symptoms: A Cisco 10720 may reload unexpectedly.
Conditions: This symptom is observed when IP version 6 (IPv6) Intermediate System-to-Intermediate System (IS-IS) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running Intermediate System-to-Intermediate System (IS-IS) may not unset the IS-IS overload bit after a redundancy switchover, preventing the IS-IS connectivity from being restored.
Conditions: This symptom is observed on a Cisco router that has two Route Processors (RPs) in a redundant configuration.
Workaround: To restore the IS-IS connectivity, and to prevent the symptom from occurring again, enter the no set-overload-bit on-startup router configuration command on the primary RP.
Miscellaneous
•
Symptoms: A Cisco 7500 series router that acts as the penultimate hop of the backup Label Switched Path (LSP) and that is configured with the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command may have the primary LSP go down when Fast ReRoute (FRR) is enabled on the router.
Conditions: This symptom is observed on a Cisco 7500 series that has Multiprotocol Label Switching (MPLS) traffic engineering (TE) configured.
Work around: Do not configure the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command.
•
Symptoms: When you configure a Virtual Private Network (VPN) on a router that is configured with dual Route Processors (RPs), a VPN routing/forwarding (VRF) table ID that is associated with a particular VRF instance may have different values in the active RP and the standby RP. This situation causes failures in the processing of Cisco Express Forwarding (CEF) interprocess communication (IPC) messages on the standby RP for CEF IPC messages that contain an inconsistent VRF table ID, and CEF may be disabled.
Inconsistent VRF table IDs may also cause a memory loss on the standby RP, and when a switchover occurs from the active RP to the standby RP, more difficulties may occur.
Conditions: These symptoms are observed on router that is configured for Stateful Switchover (SSO) when VRF instances are deleted.
Workaround: There is no workaround; however, these actions minimize the occurrence of the symptoms:
–
–
–
•
Symptoms: The ip access-,group interface configuration command does not function on a PortChannel interface.
Conditions: This symptom is observed in Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: The interface index of a tunnel interface may be corrupt, and the output of the show running-config privileged EXEC command may display the following information:
%FIB-2-IFINDEXILLEGAL: An internal software error occurred. Argument ifindex is out of bounds at -1.Condition 1: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a tunnel interface, then remove the tunnel interface, and then add the tunnel interface again.
Workaround 1: There is no workaround.
Symptom 2: Cisco Express Forwarding (CEF) may not form adjacencies across a 2-port multichannel T3 port adapter (PA-MC-2T3+) as is indicated in the output of the show cef interface type number EXEC command (in this example, serial interface 12/0/0/8:0 is used):
% CEF IDB corresponding to Serial12/0/0/8:0 is not foundCondition 2: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a serial interface, then remove the serial interface, and then add the serial interface again.
Workaround 2: There is no workaround.
•
Symptoms: A 6-port OC-3/STM-1 Packet-over-SONET (POS) line card may produce traceback messages while downloading the line card image.
Conditions: This symptom is observed on a Cisco 10000 series router that runs Cisco IOS Release 12.0(23)S, Release 12.0(24)S, or Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reload because of a software condition.
Conditions: This symptom is observed when you deconfigure the ipv6 access-list global configuration command.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Symptoms: A Route Processor (RP) may reload when you enter the clear ip bgp * privileged EXEC command while interfaces flap continuously.
Conditions: This symptom is observed when Virtual Private Network (VPN) routing/forwarding (VRF) forwarding is configured on the interfaces that flap.
Workaround: There is no workaround.
2.
Symptoms: An RP may reload when you simultaneously enter the clear ip bgp * privileged EXEC command and perform an online insertion and removal (OIR) by entering the hw-reload reset EXEC command.
Conditions: This symptom is observed when you perform an OIR of an interface that has a VRF configuration in which the connected route is learned via a network statement. The connected route is removed when you perform the OIR.
Workaround: Do not simultaneously enter the clear ip bgp * privileged EXEC command and perform an OIR.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99-percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require:
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99-percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, you query the mplsXCTable or a MIB walk occurs, and there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.
Workaround: Perform the following steps:
1. Shut down interfaces to bring the total count of active MPLS labels down to far below 10,000.
2. Disable the MPLS-LSR-MIB MIB by entering the following sequence of commands:
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server community public view nolsrmib ro
snmp-server view nolsrmib iso include
3. Enter the no shutdown interface configuration command on all the interfaces that you shut down in Step 1.
•
Symptoms: When a Tributary Unit Alarm Indication Signal (TU-AIS) is inserted for an Engine 1 (E1) tributary on a channelized Synchronous Transport Module level 1 port adapter (PA-ChSTM1) on an SPE3, packet corruption occurs on the adjacent E1.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A Flash Advanced Technology Attachment (ATA)-disk card may become corrupted because of simultaneous accesses to the card. The corruption may not be immediately obvious. Signs of corruption are:
–
–
Conditions: This symptom is observed when you enter the show file system EXEC command while a file is being written to the ATA-disk card or when you enter the dir filesystem: EXEC command while a file is being written to the same device as the target of the dir filesystem: EXEC command.
Workaround: Avoid using any commands that access the ATA-disk card while a file is being written to the ATA-disk card.
•
Symptoms: Traffic from certain IP addresses to certain destinations may be dropped.
The symptom occurs when there are multiple paths to the destination (as used for load balancing). The output of the show ip cef prefix EXEC command on the Route Processor is correct, and the output of the show ip cef prefix EXEC command on the line card is also correct. The output of the show ip hardware-cef prefix EXEC command displays the correct number of paths, but the egress line card and port may be incorrect.
When the traffic that arrives on the line card is examined and the load-balancing algorithm is run, the traffic for that flow may select the invalid egress path and may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that has Engine 4 or Engine 4+ line cards installed and that is running Cisco IOS Release 12.0(24.4)S, Release 12.0(25)S, or Release 12.0(25)S1.
Note that this symptom does not occur on every E4 or E4+ line card or under all circumstances. The symptom is not easily identified in an environment where the full Internet routing table is present.
Workaround: Enter the clear cef linecard slot EXEC command. The symptom may reappear if there is a change in the adjacency information for the true valid path.
•
Symptoms: A memory allocation (malloc) failure may occur during a Cisco Express Forwarding (CEF) process on a redundant Route Processor (RP) and may cause the redundant RP to stop processing queued CEF update messages that are sent by the active RP. This malloc failure may be observed in the output of the show cef linecard EXEC command.
Because the redundant RP no longer processes CEF update messages that are sent by the active RP, the message queue on the active RP continues to grow, causing the free memory of the active RP to decrease. The rate of this decrease depends on the rate of prefix changes in the network. The continued growth of the message queue eventually results in a malloc failure on the active RP, or results in CEF being disabled.
Conditions: This symptom is observed on a Cisco router that is configured with redundant RPs.
Workaround: Reload the redundant RP by entering the hw-module secondary-cpu reset EXEC command.
•
Symptoms: A Cisco 7200 series or Cisco 7500 series may drop Virtual Private Network (VPN) traffic for a period of time when one of the label switch controllers (LSCs) along a path is reset. The period of time is dictated by the time that a Label-Controlled ATM (LC-ATM) interface requires to reestablish the ATM label virtual circuit (LVC) by using the downstream-on-demand mode.
Conditions: This symptom is observed on a Cisco 7200 series or Cisco 7500 series that functions in a Multiprotocol Label Switching VPN environment with a LC-ATM core that is configured with multiple paths to an egress provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: When a packet reaches a destination provider edge (PE) router, the label stack is removed, the IP header is checked, and a header checksum error may be found, causing the packet to be dropped.
On a platform that is configured for Cisco Express Forwarding (CEF), these drops are visible in the "ChkSum_Err" column in the output of the show cef drop EXEC command or in the "checksum errors" field under the IP section in the output of the show ip traffic EXEC command.
Conditions: This symptom is observed when the following conditions are present:
–
–
Workaround: Do not configure both FRoMPLS and L3VPN on the same line card.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload. CPUHOG messages may be displayed on the console before the router reloads.
Conditions: This symptom is observed in configurations with many interfaces or IP addresses, or with a very large number of labelled prefixes.
Workaround: There is no workaround.
•
Symptoms: Any Transport over MPLS (AToM) traffic may be dropped at the disposition line card.
Conditions: This symptom is observed on a Cisco 12000 series when the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature is enabled on an 8-port OC-3 ATM line card and the disposition line card is an Engine 3 line card, such as a 4-port OC-12 Packet-over-SONET (POS) line card or a 1-port OC-48 POS line card.
Workaround: There is no workaround.
•
Symptoms: At least 30 percent of the CPU of a Performance Routing Engine 1 (PRE-1) may be utilized to process flows, causing the number of packets that are processed per second to be much lower than you would expect.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow and NetFlow export are enabled and when there is a large number of flows (more than 10,000).
Workaround: Disable NetFlow.
Alternate Workaround: Reduce the number of entries in the NetFlow cache of the Route Processor (RP) by entering the ip flow-cache entries 1024 global configuration command. Doing so reduces the load of the CPU of the PRE-1. Note that the primary cache is located on the Parallel Express Forwarding (PXF) processor and supports a fixed number of 512 entries.
•
Symptoms: When an ATM link flaps or a remote ATM platform reloads, a Fast Etherchannel may fail and Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are connected via the Fast Etherchannel may be lost.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-pv-mz image of Cisco IOS Release 12.0(21)S5.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: When multicast is enabled, a Fast Ethernet (FE) egress interface may fail to function. Although the mroute table appears to be correct, packets are not forwarded from the FE interface.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: The same local label may be allocated to two different prefixes, which may be learned via two different routing protocols.
The Cisco Express Forwarding (CEF) entry for these two prefixes shows the same local label. Depending on how the route was learned, the local label in the Border Gateway Protocol (BGP) or Label Distribution Protocol (LDP) database may show the same label or two different labels for the two prefixes.
The Multiprotocol Label Switching (MPLS) forwarding table has only one entry that matches the last prefix that used the local label, and there is no entry for the other prefix. This situation may lead to a connectivity failure for the prefix that does not have an entry in the MPLS forwarding table.
Conditions: These symptoms are observed on a Cisco router that is configured with the MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution feature and that has both BGP IP version 4 (IPv4) label distribution entries and LDP entries in the Routing Information Base (RIB).
The symptoms occur when a route is learned via both BGP IPv4 label distribution and Interior Gateway Protocol (IGP) (for example via Open Shortest Path First [OSPF] or Intermediate System-to-Intermediate System [IS-IS]), and the route that is learned via BGP IPv4 label distribution replaces the route that is learned via IGP in the RIB.
A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdx74321. Cisco IOS software releases that are not listed in the `First Fixed-in Version' field at this location are not affected.
Workaround: Ensure that the local label is reallocated for the first prefix that does not have an entry in the MPLS forwarding table:
–
–
•
Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.
Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload.
Conditions: This symptom is observed when Label Distribution Protocol (LDP) peers of the Cisco router advertise a large number of IP addresses because interfaces flap or are configured.
Workaround: There is no workaround.
•
Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.
Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.
To clear the symptom, reload the router.
Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.
•
Symptoms: In the output of the show ip traffic EXEC command, the received rate is less than the forwarded rate for the same period of time. It should be the opposite: the received rate should be greater than the forwarded rate. This situation impacts the Simple Network Management Protocol (SNMP) counters.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Parallel Express Forwarding (PXF) network processor may reload when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an egress interface.
Conditions: This symptom is observed on a Cisco 10000 series when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: A standby Performance Route Processor (PRP) may reload during standby initialization.
Conditions: This symptom is observed on a Cisco 12000 series router that operates with an active Gigabit Route Processor (GRP) and a standby PRP.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a subdirectory is created on an Advanced Technology Attachment (ATA) Flash disk.
Conditions: This symptom is observed when the ATA Flash disk space that is allocated to the subdirectory contains data from previously deleted files.
When a subdirectory is created or extended, it is given space on the ATA Flash disk. If this space contains zeros, the symptom does not occur. However, if the space was previously used, the space does contain data bytes from the previous file, and these data bytes may confuse the file system. This situation may cause the router to reload.
Workaround: Do not create subdirectories on the ATA Flash disk.
•
Symptoms: When a Cisco router is performing tag imposition, it may reload because of a bus error.
Conditions: This symptom is observed when you create a new generic routing encapsulation (GRE) tunnel after the router has booted up and when GRE packets are received through this GRE tunnel and forwarded as Multiprotocol Label Switching (MPLS) packets.
Workaround: Enter the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command on the newly-created GRE tunnel interface.
•
Symptoms: An IP Services Engine (ISE) line card may pause indefinitely while performing output Sampled NetFlow (SNF) on outgoing IP traffic that arrives at the router with tags over a Frame Relay.
Conditions: This symptom is observed on a Cisco router that has an ISE line card and that is configured with SNF.
Workaround: There is no workaround.
•
Symptoms: Packets may be dropped by a Cisco 12000 IP Services Engine (ISE) line card if they are locally generated or forwarded in the slow pass by the line card, and if they exit the router through an ATM Engine 0 line card (1-Port OC-12 ATM or 4-Port OC-3 ATM). For example, these packets may be locally generated by ISE line card NetFlow export packets, Internet Control Message Protocol (ICMP) echo replies, or ICMP unreachable messages that exit the router through an Engine 0 ATM line card.
Packets that match the conditions listed below may be dropped. If they are NetFlow export packets, they can be seen in the output of the show ip flow export command in the line "export packets were dropped due to output drops." If they are ICMP echo reply packets, ping will fail.
Conditions: The following three conditions exist simultaneously for the dropped packets:
–
–
–
This caveat affects Cisco IOS Release 12.0(21)S, Release 12.0(22)S, Release 12.0(23)S, and Release 12.0(24)S. It does not apply to Release 12.0(25)S and later releases.
Workaround: There is no workaround.
•
Symptoms: Line Remote Defect Indicators (LRDIs) may be transmitted on both the working line and the protect line after an automatic protection switching (APS) switchover has occurred.
Conditions: This symptom is observed when a 4-port OC-3 ATM line card is configured for APS and a Loss of Signal (LOS) occurs.
Workaround: There is no workaround.
•
Symptoms: Ports on an 8-port OC-3 ATM line card may fail to come up and may generate the following continuous SONET alarms:
%SONET-4-ALARM: ATM10/6: ~SLOF ~SLOS ~LAIS ~LRDI ~PAIS ~PRDI PLOPConditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S1.
Workaround: Reload the line card.
•
Symptoms: Fragmented packets that include padding data may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 10-port Gigabit Ethernet (GE) line card and an Engine 4 line card.
Workaround: There is no workaround. Note that the symptom does not occur when you replace the 10-port GE line card with a 3-port GE line card.
•
Symptoms: A Cisco 7500 series or Cisco 7600 series may generate the following error message on its console:
Invalid memory action (malloc) at interrupt levelConditions: This symptom is observed when you enter the clear counters EXEC command.
Workaround: There is no workaround.
•
Symptoms: Layer 2 may forward an incorrect MAC address when a policed packet is rerouted to a next-hop address.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4 plus line card when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly after you have modified an access control list (ACL) and have entered the clear pxf interface privileged EXEC command.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not enter the clear pxf interface privileged EXEC command.
•
Symptoms: A Performance Route Processor (PRP) may reload with a SIGTRAP exception if the PRP receives a frame on Ethernet 0 interface or Ethernet 1 interface that is 1612 bytes long or longer.
Conditions: This symptom is observed on a Cisco 12000 series Internet router with a PRP. The symptom is not observed with a Gigabit Route Processor (GRP).
Workaround: Isolate the PRP Ethernet ports to an isolated Ethernet segment.
•
Symptoms: A secondary Route Switch Processor (RSP) may reload when a service policy is detached from an ATM permanent virtual circuit (PVC).
Conditions: This symptom is observed on a Cisco 7500 series that is configured with two RSPs in a redundant configuration.
Workaround: First remove the PVC; then, recreate the PVC without the service policy attached to it.
•
Symptoms: A virtual circuit (VC) that controls tag switching may pause indefinitely.
Conditions: This symptom is observed on a Cisco 7500 series when you repeatedly perform a manual redundancy switchover.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface on which the affected VC is configured.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, when primary traffic engineering (TE) tunnels are configured between provider edge (PE) routers, and these primary TE tunnels are configured for Fast Reroute (FRR) link protection, a 50-ms convergence time may not be achieved in the core of the network, even when very small VPN routing and forwarding (VRF) prefix tables are configured.
Conditions: This symptom is observed when the PE headend router is the point of local repair (PLR). The PE headend router is the router that performs VPN label imposition, that functions as the primary TE tunnel headend, and that functions as the uplink to a provider (P) router.
Workaround: There is no workaround. Note that FRR link protection functions correctly for IP version 4 (IPv4) traffic and for Any Transport over MPLS (AToM) traffic. Also, note that FRR link protection functions correctly for VPN traffic on PLRs other than the PE headend that is mentioned in the conditions, such as a P router that functions as a link to another P router, and a P router that functions as a downlink to a PE router.
•
Symptoms: A standby card may not be able to switch to the active state.
Conditions: This symptom is observed in a Redundancy Framework (RF) environment when ATM, High-Level Data Link Control (HDLC), or Frame Relay clients synchronize data during the "standby-bulk" state.
Workaround: There is no workaround.
•
Symptoms: T1 channels on a 6-port channelized T3 line card may flap when an interface is congested.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S only when Frame Relay and PPP encapsulation are configured. The T1 channels are configured for quality of service (QoS) with dial-on-demand routing (DDR) and low latency queueing (LLQ).
Workaround: There is no workaround. Note that the symptom does not occur when High-Level Data Link Control (HDLC) encapsulation is configured.
•
Symptoms: A primary Performance Routing Engine 1 (PRE-1) may reload because of memory corruption.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface of a 1-port Gigabit Ethernet line card.
Workaround: There is no workaround. Note that the symptom does not occur with a 1-port Gigabit Ethernet half-height line card.
•
Symptoms: Any packets that are locally generated by a Route Processor (RP) or Route Switch Processor (RSP) may not be properly forwarded over a Multiprotocol Label Switching (MPLS) traffic engineering (TE) Fast Reroute (FRR) backup tunnel.
Conditions: This symptom is observed on any Cisco platform that has a distributed architecture such as a Cisco 7500 series and a Cisco 12000 series when the Cisco Express Forwarding (CEF) adjacency for the primary TE tunnel appears to be incomplete, as can be displayed in the output of the show adjacency type number EXEC command when you enter the primary TE tunnel interface for the type and number arguments.
Workaround: There is no workaround.
•
Symptoms: A Flash-disk timeout error such as the "ATA_Status time out waiting for 1" error may occur.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S and that is configured with an Advanced Technology Attachment (ATA) Flash disk.
Workaround: To restore proper disk function, remove and reinsert the disk.
•
Symptoms: An incorrect virtual circuit (VC) disposition label may be generated, causing packets to drop.
Conditions: This symptom is observed when VC label attributes, such as a control word setting or a VC type, do not match on a pseudowire.
Workaround: Toggle the interface on which the pseudowire is configured by entering the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: A Cisco 10720 may reload.
Conditions: This symptom is observed under rare circumstances when a SONET bit error rate (BER) is reported.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the Parallel Express Forwarding (PXF) interprocess communications (IPC) buffer on a Cisco 10720, as may be seen in the "toaster IPC buffer" counter in the output of the show buffers EXEC command.
When the buffer pool is empty, the following error messages may appear, you may no longer be able to Telnet to the router, and the router may reload unexpectedly:
%CAMR_QUEUE_CFG_GENERAL-3-EREVENT: Error @ ../toaster/camr_rp/camr_tt_queue_cfg.c:463 -Traceback= 500DB204 500DB2BC 503954D8 503986EC 50330A58
%SYS-2-MALLOCFAIL: Memory allocation of 18196 bytes failed from 0x502C5BD0, alignment 32 Pool: I/O Free: 552 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Pool Manager", ipl= 0, pid= 5 -Traceback= 50308EEC 5030A8E8 502C5BD8 5031DD3C 5031DE7CConditions: This symptom is observed on a Cisco 10720 when a policy map with a Weighted Random Early Detection (WRED) configuration that is enabled by using the random-detect policy-map class configuration command is applied to any interface of the router.
The higher the rate with which the Route Processor (RP) sends packets to PXF, the faster the PXF IPC buffer leaks. However, the buffer may leak very slowly, and it may takes weeks before the buffer pool is empty.
Workaround: Remove the policy-maps with the WRED configuration from all interfaces of the router.
•
Symptoms: Multiprotocol Label Switching (MPLS) packets may not be properly forwarded from an interface when policy-based routing (PBR) is configured on this interface.
Conditions: This symptom is observed on a Cisco 12000 series IP Services Engine (ISE) line card that is configured for PBR.
Workaround: Reload the microcode onto the line card.
•
Symptoms: A primary Route Processor (RP) may detect that the secondary RP malfunctions but may fail to report so in the syslog.
Conditions: This symptom is observed on a Cisco 12000 series when the secondary RP returns to the ROM monitor (ROMmon) because of a fatal exception such as a cache error.
Workaround: There is no workaround.
•
Symptoms: A 1-port 10-Gigabit Ethernet (GE) Engine 4 plus (E4+) line card may stop forwarding traffic, may generate many tracebacks, and may reload.
Conditions: This symptom is observed on a Cisco 12406 when all of the following conditions are present:
–
–
–
Workaround: Do not configure VRF instances on the 1-port 10-GE E4+ line card.
Alternate Workaround: Remove the ISE line card from the router.
•
Symptoms: An Engine 4 (E4) or Engine 4+ (E4+) line card may reset with an MCC192-3-CPUIF error message.
Conditions: This symptom is observed on E4 and E4+ line cards if there is a certain amount of traffic and the egress interface flaps.
Workaround: There is no workaround.
•
Symptoms: When an output policy map is applied to the interface of a 2-port OC-48 Spatial Reuse Protocol (SRP) uplink module or a 2-port OC-48 Packet-over-SONET (POS) uplink module, small packets (that is, IP packets with a size of 37, 38, or 39 bytes) that are sent out of the interface may be corrupted.
Conditions: This symptom is observed on a Cisco 10720 that is configured with a policy-map configuration with a class map other than the class-default class map. The symptom does not occur when the policy-map configuration has the class-default class map.
Workaround: Remove the policy-map configuration with the class map (other than the class-default class map) from the SRP or POS interface.
•
Symptoms: An Engine 4 line card may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 12000 series when you enter the clear cef linecard EXEC command to clear Cisco Express Forwarding (CEF) from the line card.
Workaround: There is no workaround.
•
Symptoms: In a tag switching-to-IP switching scenario, the value of the precedence field of an IP header may change. This behavior is incorrect in Pipe mode.
Conditions: This symptom is observed on a Cisco 12000 series when the following conditions are present:
–
–
–
Workaround: Deconfigure and reconfigure the tag switching-to-IP switching configuration and the MPLS traffic engineering (TE) tunnels on the interface of the ES line card.
•
Symptoms: Some policy-based routing (PBR) rules may cause a Route Processor (RP) to reload unexpectedly with a bus error. When a route map that causes the RP to reload is saved to the startup configuration, the router may not boot up.
Conditions: This symptom is observed on a Cisco 12000 series when the PBR rules are applied to the interfaces of an IP Services Engine (ISE) line card and occurs usually when the route map is modified after it has already been applied to the interfaces.
Workaround: Remove PBR from the interfaces of the ISE line card.
If you are unable to boot the router, enter a break signal on the console during the bootup procedure and configure the configuration register to ignore the startup configuration. To do so, follow the steps that are described in the Password Recovery Procedure for the Cisco 12000 Series Routers at the following location:
http://www.cisco.com/warp/public/474/pswdrec_12000.shtml procedure.
•
Symptoms: IP version 4 (IPv4) fragments may be corrupted in the following way: The first 8 bytes of a fragment duplicate the last 8 bytes of the previous fragment.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(24)S or a later release when you send IPv4 traffic from a Fast Ethernet (FE) ingress interface to an FE egress interface.
Workaround: There is no workaround.
•
Symptoms: In a redundancy configuration, a secondary Performance Routing Engine (PRE) may continue to reload at startup and not complete its bootup process.
Conditions: This symptom is observed on a Cisco 10000 series when the switchover timeout timeout-period redundancy configuration (main-cpu mode) command is configured, when you have entered 0 for the timeout-period argument, and when the secondary PRE is reset.
To recover form the symptom, power cycle the router, or perform the following steps:
1.
2.
3.
4.
Workaround: Do not configure the switchover timeout 0 redundancy configuration (main-cpu mode) command. Note that the symptom occurs only when you have entered 0 for the timeout-period argument, not when you have entered other values.
•
Symptoms: When you configure a Cisco 10000 series, messages similar to the following ones may appear, and a VLAN may not be enabled:
%GENERAL-3-EREVENT: c10k_dot1q_vlan_enable: No tt_info
-Traceback= 60142770 60142A50 603AEC40 603AE06C 603ADCE0 6036EAD8 60193BA8 60380DD4 60B85BEC 60B861D4 603D6FAC 603D6F98
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 605014E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351C
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 60504E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351CConditions: This symptom is observed on a Cisco 10000 series when you change the encapsulation of a LAN subinterface to dot1q encapsulation while the subinterface is shut down.
When the symptom occurs, the output of the show hardware pxf cpu subblocks privileged EXEC command lists "noSB" for the affected subinterface, as is indicated in the following example:
Router#show hard pxf cpu sub | i GigabitEthernet4
GigabitEthernet4/0/0 up 12000 4 PXF 1 81C4A800 4
GigabitEthernet4/0/0.500 administ 12000 4 PXF 1 81C4A800 noSBWorkaround: Change the encapsulation of the subinterface to dot1q when the subinterface is not shut down. The state of the main interface is irrelevant. After you change the encapsulation, you can shut down the subinterface again.
When the subinterface is created while the main interface is shut down, the subinterface and the VLAN do not function properly. Perform the following steps to recover the VLAN:
1. Ensure that the subinterface is not shut down.
2. (Optional) Enter the no encapsulation dot1q native subinterface configuration command.
3. Remove the subinterface.
4. Recreate the subinterface.
5. Change the encapsulation back to dot1q.
•
Symptoms: A Cisco router may reload when you enter the show ip cef non-recursive detail EXEC command.
Conditions: This symptom is observed when any show command attempts to display information about tag rewrite entries while the tag rewrite entries are being deleted by route updates.
Workaround: Do not enter any show command to display tag rewrite entries when many route updates occur.
•
Symptoms: A 1-port OC-12 ATM line card may reset after the Forwarding Information Base (FIB) is disabled because of interprocess communications (IPC) failures, as is shown by the following error messages:
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%FIB-3-FIBDISABLE: Fatal error, slot 6: IPC Failure: timeout %GRP-4-RSTSLOT: Resetting the card in the slot: 6,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE
%GRP-3-BAD_STATE: Slot:6 State:In Reset -Traceback= 18BA90 3BC3E4 305DA4 3067C4 306850 306FA8 3070C0Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards:
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: After a Route Processor Redundancy Plus (RPR+) switchover occurs, the deletion of an existing permanent virtual circuit (PVC)/permanent virtual path (PVP) fails. This situation prevents you from recreating the same PVC/PVP. You can create a new PVC/PVP, but once you delete it, you cannot recreate it because the PVC remains in the active state.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0 S or Release 12.0 SX.
Workaround: There is no workaround. To enable the router to return to normal operation, reload the router.
•
Symptoms: The interface protocol may not come up for a 1-port OC-12 Packet-over-SONET (POS) line card when the encapsulation frame-relay interface configuration command is configured.
Conditions: This symptom is observed on a Cisco 10000 series when the 1-port OC-12 POS line card is connected back-to-back to another line card in another Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: The IP version 4 (IPv4) performance of Engine 0 Packet over SONET (POS) line cards (4xOC3POS and 1xOC12POS) and Engine 1 Gigabit Ethernet line cards (1xGE) degrades by approximately 5 percent when no Cisco IOS software features are turned on, and the performance of the line cards degrades by a smaller percentage when some features are turned on.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S or Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: Backward explicit congestion notification (BECN) packets may be dropped by an Any Transport over Multiprotocol Label Switching (AToM) tunnel.
Conditions: This symptom is observed when you configure AToM in the network core, the network core contains Frame Relay interfaces, and BECN is enabled.
Workaround: There is no workaround.
•
Symptoms: When you shut down the last port of an 8-port Fast Ethernet half-height line card (port 7), all other ports on the line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not shut down port 7. If port 7 is shut down, enter the no shutdown interface configuration command on the interface to enable traffic to resume on the other interfaces.
•
Symptoms: When you enter the sdcc enable global configuration command, a traceback may be displayed.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 Dynamic Packet Transport (DPT) line card or with both a 1-port OC-48 DPT line card and a 4-port OC-48 DPT line card.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), the Label Distribution Protocol (LDP) peer address table may become corrupted and cause the router to reload.
Conditions: This symptom may be observed in situations where three or more routers have advertised the same IP address in LDP address messages. This normally happens when routers have been misconfigured but in very rare circumstances may be done deliberately.
The circumstance can be recognized by the presence of the following error message:
%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0If only one such message is seen for a given IP address (10.0.0.1 in the above example), then only two routers have advertised the IP address, and only the second is being treated as a duplicate. At least one more such message should be seen if at least three routers have advertised the IP address in question.
Workaround: The problem does not happen in typical configurations because duplicate addresses are not configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, there is no workaround.
•
Symptoms: IP packets may be dropped from an input EtherChannel interface when Cisco Discovery Protocol (CDP) is enabled.
Conditions: This symptom is observed on a Cisco 10720 when EtherChannel and CDP are enabled on every interface in the router.
Workaround: Disable CDP on the interfaces that are part of the EtherChannel channel group.
•
Symptoms: Cisco Express Forwarding (CEF) may become disabled on an Engine 2 (E2) line card when an external memory allocation failure occurs.
Conditions: This symptom is observed on a Cisco 12000 series when you inadvertently redistribute a Border Gateway Protocol (BGP) route into an Interior Gateway Protocol (IGP) configuration.
Workaround: Stop distributing the BGP route into the IGP configuration, and enter the clear cef linecard slot-number EXEC command on the Route Processor (RP). For the slot-number argument, enter the slot number in which the affected E2 line card is installed.
•
Symptoms: Inbound IP version 6 (IPv6) traffic may be dropped.
Conditions: This symptom is observed when you configure an IPv6 prefix on the main interface of a dot1q trunk.
Workaround: Enter the ipv6 enable interface configuration command on the subinterfaces of the dot1q trunk.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A Parallel Express Forwarding (PXF) processor may stop functioning after you reload the router.
Conditions: This symptom is observed on a Cisco 10720 when a Weighted Random Early Detection (WRED) configuration is applied to multiple interfaces.
Workaround: Remove the WRED configuration from the interfaces.
•
Symptoms: A Route Switch Processor 4 Plus (RSP4+) may reload.
Conditions: This symptom is observed on a Cisco 7500 series when you configure the interface loopback interface-number interface configuration command on an interface of the router and the value of the interface-number argument is a 9-digit number that starts with 10.
Workaround: If possible, use another range of numbers for the numbers that are assigned to the loopback interfaces, that is, a range of numbers that do not start with 10.
•
Symptoms: Dynamic Host Configuration Protocol (DHCP) forwarding may not function on a 3-port Gigabit Ethernet (GE) line card of a Cisco 12000 series Internet router, but it does function on a Fast Ethernet (FE) line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router with a 3-port GE line card that is running Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: When you configure unicast Reverse Path Forwarding (uRPF) on a 1-port OC-48 Packet-over-SONET (POS) Engine 2 line card while traffic is passing through the interface, traffic forwarding may stop.
Conditions: This symptom is observed on a Cisco 12416 that runs the gsr-p-mz image of Cisco IOS Release 12.0(23)S3, that is configured with three 1-port OC-48 POS Engine 2 line cards, and that is configured with three Border Gateway Protocol (BGP) peers.
Workaround: To restore traffic forwarding, reload the line card. To prevent the symptom from occurring, enter the shutdown interface configuration command on the interface before you configure uRPF. Then, enter the no shutdown interface configuration command on the interface.
Alternate Workaround: Ensure that uRPF is configured in the startup configuration file before you boot up the router.
•
Symptoms: When you configure 1000 ATM permanent virtual connections (PVCs) and a switchover occurs, the second Route Processor (RP) does not boot up. The second RP initially attempts to boot up and then enters the ROMMON state.
The following messages appears on the new primary RP:
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8
%MBUS-6-MGMTSECRELOAD: Standby in slot 0 reloaded by operator command
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S2.
Workaround: There is no workaround. The symptom does not occur when you configure only 100 ATM PVCs.
•
Symptoms: The Sampled NetFlow (SNF) cache is empty on a 3-port Gigabit Ethernet (GE) interface card.
Conditions: This symptom is observed on a GE interface card when Multiprotocol Label Switching (MPLS) is configured on one port and SNF is on another port of the GE card.
Workaround: If MPLS is not configured, SNF functions correctly.
•
Symptoms: Quality of service (QoS) multicast packets are not correctly marked on input.
Conditions: This symptom is observed on a Cisco router when ingress QoS multicast packets are classified. The precedence or Differentiated Services Code Point (DSCP) bit is ignored and misclassified.
Workaround: There is no workaround.
•
Symptoms: A bus error that causes a failover to a redundant Performance Routing Engine (PRE) may cause a Cisco router to reload unexpectedly.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: Two channel group interfaces on a 1-port multichannel STM1 port adapter (PA-MC-STM1) sometimes get the same IFIndex value. This symptom may be observed with the following example:
Router# show snmp mib ifmib ifindex serial X/X/X:0...Interface = SerialX/X/X:0, Ifindex = 496...Router# show snmp mib ifmib ifindex serial Y/Y/Y:0...Interface = SerialY/Y/Y:0, Ifindex = 496...Conditions: The conditions under which this symptom occurs are unknown at this time.
Workaround: There is no workaround.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, if a Cisco 10720 router receives an MPLS packet with an IP version 4 (IPv4) option underneath it, the MPLS packet has two or more labels, and the router attempts to untag all labels, the Parallel Express Forwarding (PXF) processor may reload.
When this symptom occurs in the MPLS VPN network, egress provider edge (PE) routers may reload. The packets that cause the routers to reload are Internet Control Message Protocol (ICMP) echo and echo reply packets with record route options. Other types of IPv4 options may also cause the routers to reload.
Conditions: The symptom is observed on a Cisco 10720 that functions as an MPLS VPN PE router. The symptom does not occur in a basic MPLS network without VPN, where there is only one label.
Workaround: There is no workaround.
•
Symptoms: A ping to the Hot Standby Router Protocol (HSRP) normal IP address may not function even though the interface is in the UP/UP state and receives traffic. This results in HSRP being active on both the main and standby router as hellos are not received.
Conditions: This symptom is observed on one port of a 4-port Gigabit Ethernet (GE) port adapter.
Workaround: There is no workaround.
•
Symptoms: Ingress IP version 4 (IPv4) packets on a 1xOC48 Packet-over-SONET (POS) Engine 2 line card get punted to the CPU of the line card.
Conditions: This symptom is observed on a Cisco 12410 Internet router. The router contains two 1x Gigabit Ethernet (GE) line cards, five 1xOC48 line cards, and dual Gigabit Route Processors (GRPs) that are running in Stateful Switchover (SSO) mode. The router is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S2.0822.
Workaround: There is no workaround
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 12000 series that is configured as a Multiprotocol Label Switching (MPLS) provider edge (PE) router that is running Cisco IOS Release 12.0(25)S1.
Workaround: Use the hw-module slot x reload privileged EXEC command.
•
Symptoms: An active intercept and a Performance Routing Engine (PRE) cutover may result in the reload of a Cisco router.
Conditions: This symptom is observed on a Cisco router when a PRE cutover occurs.
Workaround: There is no workaround.
•
Symptoms: A Parallel Express Forwarding (PXF) toaster stall error may occur on a Cisco 10000 Edge Services Router (ESR) when strict Reverse Path Forwarding (RPF) check is configured on a Multilink PPP (MLP) bundle.
Conditions: This symptom occurs on a Cisco 10000 series that is running Cisco IOS Release 12.0(22)S or a later release. The PXF stall occurs when a packet is received out of order from the bundle and the packet passes the RPF check.
Workaround: Disable RPF check on the MLP bundle.
•
Symptoms: When the ip cef accounting per-prefix non-recursive global configuration command is enabled on a Cisco router, an Engine 2 (E2) Packet over SONET (POS) line card that switches IP traffic may continuously reload.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(25)S1.0911.
Workaround: There is no workaround.
•
Symptoms: If traffic passes on multiple ports of an 8-port Fast Ethernet (FE) card and the shutdown interface configuration command is entered on one of the traffic-flowing ports, all the other ports stop passing traffic.
Conditions: This symptom is observed on a Cisco 10000 series with an 8-port Fast Ethernet (FE) card that is running a Performance Routing Engine 1 (PRE1) image of Cisco IOS Release 12.0(23)S4. There is no special configuration required to experience this symptom. Ports that pass traffic with a basic default configuration will experience the symptom.
Workaround: Enter the no shutdown interface configuration command to free the other ports. Do not shut down any port on an 8-port Half Height (HH) FE line card until a fix is available.
•
Symptoms: After the redundancy force-switchover privileged EXEC command is entered on a Cisco router, a Versatile Interface Processor (VIP) may reload when the router returns to the Stateful Switchover (SSO) mode.
Conditions: This symptom is observed on a Cisco 7500 series that is running the rsp-pv-mz image of Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: The following error may cause a Cisco 10000 series to reload:
%ERR-1-GT64120 (PCI-0): Fatal error, Memory parity error (external)Conditions: This symptom is observed on a Cisco 10000 series when a single bit Error-Correcting Code (ECC) error is detected in the Synchronous Dynamic RAM (SDRAM).
Workaround: There is no workaround.
•
Symptoms: The standby Route Switch Processor (RSP) for a Cisco 7500 series may reload unexpectedly.
Conditions: This symptom is observed on an RSP for a Cisco 7500 series that has a LAN Extender (LEX) interface configured, and that has the Stateful Switchover (SSO) feature enabled.
Workaround: There is no workaround.
•
Symptoms: In Layer 2 Tunneling Protocol version 3 (L2TPv3) hairpinning (local switching) configurations, matching the 802.1P values in an inbound class map does not function correctly.
Conditions: This symptom is observed on a Cisco 10720 Internet router that is running Cisco IOS Release 12.0(25) S or later releases, and only occurs when the L2TPv3 configuration uses hairpinning.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) may be in a line card (LC) wait state on a line card even though the line card is in the IOSRUN state.
Conditions: This symptom is observed on a Cisco 12000 series during an upgrade from Cisco IOS Release 12.0(25)S to Release 12.0(25)S1c. The symptom is not specific to any engine and Cisco IOS releases from Release 12.0(24)S forward are affected.
Workaround: Enter the hw-module slot x reload privileged EXEC command to reload the line card.
•
Symptoms: Three-label MPLS packets and one-label MPLS packets impose to a 3-port Gigabit Ethernet (GE) line card at the same time.
Conditions: This symptom is observed on a 3-port GE line card. All three-label MPLS packets may be dropped on the GE in a Carrier Supporting Carrier (CSC) Inter-Autonomous System (InterAS) environment.
Workaround: There is no workaround.
•
Symptoms: A port may go down when a channel is disabled and then reenabled while traffic passes through the port. The port failure can affect any channel and may cause some packets to be dropped for the affected channel. Packets that are smaller than an arbitrary size are dropped, and packets that are larger than this arbitrary size are unaffected.
Conditions: This symptom is observed on the CH-E1T1 line card of a Cisco 10000 series. The shutdown command in both the controller and interface modes as well as explicit channel deconfiguration while traffic is passed through the channels being disabled may cause this symptom.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(25)S1
Cisco IOS Release 12.0(25)S1 is a rebuild of Cisco IOS Release 12.0(25)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(25)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A master Route Switch Processor (RSP) may cause a router to pause indefinitely or reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured with a line card when the write memory EXEC command is entered and when the line card reloads while the write memory EXEC command is being processed.
Workaround: There is no workaround.
•
Symptoms: When a Telnet session is made to a router after a VTY session pauses indefinitely, the user in the Telnet session may not be able to enter the configuration mode. When these symptoms occur, interfaces may enter the wedged state with Simple Network Management Protocol (SNMP) traffic.
Conditions: This behavior is observed on ATM and Packet over SONET (POS) interfaces. This behavior is not platform-specific.
Workaround: Disable Simple Network Management Protocol (SNMP) configuration traps by entering the no snmp-server enable traps config global configuration command.
•
Symptoms: A Cisco platform may generate the following error message:
<interface name> is a static pool and cannot be tunedNote that instead of "<interface name>," an actual interface name will be stated in the message.
Conditions: This symptom is observed when you display the running configuration.
Workaround: There is no workaround.
•
Symptoms: The snmp mib target list global configuration command is not displayed when the show running-config EXEC command is entered on the secondary Performance Routing Engine (PRE). However, the snmp mib target list global configuration command is displayed when the show startup-config EXEC command is entered on the PRE.
Conditions: This symptom is observed on the PRE of a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a watchdog timeout condition when you poll the ciscoEnvMonTemperatureStatusValue MIB variable.
Conditions: This symptom is observed when the MIB variable has an index that is larger than 6. Indexes 0 to 6 are valid indexes; indexes that are larger than 6 are not valid indexes.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
When any command that triggers the nonvolatile generation (NVGEN) process is executed through a new vty session, certain interface configuration commands that support the Best Effort Method, such as the ip vrf interface configuration command, the ntp disable interface configuration command, and the service-policy output interface configuration command, may not properly synchronize with a standby Route Processor (RP) or Performance Routing Engine (PRE) because of a failure in the post NVGEN process.
For example, when you enter the ip vrf interface configuration command while the show running-config privileged EXEC command is being executed in a Telnet session, the configuration of the ip vrf interface configuration command may not properly synchronize with the standby RP or PRE, and a "Post NVGEN failure" message may be generated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(23)S2 or a later release.
Workaround: Do not enter commands that trigger the NVGEN process while you configure commands that support the Best Effort Method.
Interfaces and Bridging
•
Symptoms: A Cisco router may reload with a "CPU signal 23" message when Simple Network Management Protocol (SNMP) is configured and an snmpwalk command is being executed on the router. When the router reloads, the following error message is generated:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SNMP ENGINE.Conditions: This symptom is observed on a Cisco 7500 series that is configured with a 1-port Packet-over-SONET OC-3c/STM-1 port adapter (PA-POS-OC3).
Workaround: Modify all snmp-server commands with the view no sonet keywords, as is shown in the following example:
snmp-server view no sonet system included
snmp-server view no sonet interfaces included
snmp-server view no sonet at included
snmp-server view no sonet ip included
snmp-server view no sonet icmp includedIP Routing Protocols
•
Symptoms: The Multi Exit Discriminator (MED) that is received from a confederation external peer may be ignored in best path selection. The output of the show ip bgp longer-prefixes EXEC command does not indicate that any MED values were received.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configurations are present.
Workaround: There is no workaround.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, see the advisory at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: A Cisco 7500 series that is functioning as a provider edge (PE) router in a Multicast Virtual Private Network (MVPN) environment may stop sending Protocol Independent Multicast (PIM) register messages for the default multicast distribution tree (MDT) to its Rendezvous Point (RP). This situation prevents PE routers from establishing PIM adjacencies with other PE routers in the MVPN.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S and that has the ip pim register-rate-limit global configuration command enabled. The symptom is not observed in Release 12.0(23)S or in earlier releases.
Workaround: Enter the clear ip mroute group-address EXEC command for the default MDT group address.
Alternate Workaround: Do not use the ip pim register-rate-limit global configuration command.
•
Symptoms: A Border Gateway Protocol (BGP) next-hop router may not redistribute Virtual Private Network (VPN) routes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when the tunnel bandwidth is changed at the ingress point of a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel.
Conditions: This symptom is observed in a multivendor environment. Another Cisco router serves as the ingress point of the MPLS TE tunnel.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reload and report an unexpected exception (sig=10 in the crashinfo file).
Conditions: This symptom is observed on a Cisco 10720 that is configured for Open Shortest Path First (OSPF) Incremental Shortest Path First (SPF).
Workaround: There is no workaround.
•
Symptoms: The EIGRP Stub Routing feature may be missing from the configuration.
Conditions: This symptom is observed when a Cisco router on which the EIGRP Stub Routing feature is enabled is reloaded, or when the Enhanced Interior Gateway Routing Protocol (EIGRP) process is restarted.
Workaround: There is no workaround; you must reenable the EIGRP Stub Routing feature.
•
Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.
Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.
Conditions: This symptom may occur under any of the following six conditions when BGP is converging:
1.
2.
3.
4.
5.
6.
Workaround: There is no workaround for conditions 1 through 5.
To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.
•
Symptom: An Open Shortest Path First (OSPF) interface may be reported to be in the "down" state while the interface and the line protocol may be reported to be in the "up" state. This situation causes missing OSPF-neighbor adjacencies on the OSFP interface that is in the "down" state.
Condition: This symptom is observed when there are a large number of active interfaces and you have upgraded a Cisco IOS image on a route processor (RP), or you have reloaded the RP, or you have reloaded microcode onto a line card.
Workaround: Use one of the following methods to recover the OSPF interface:
–
–
–
•
Symptom: Even though no Border Gateway Protocol (BGP) updates are sent between router peers, a router may sent BGP withdraw messages to its peers.
Conditions: This symptom is observed on a Cisco 12416 when the following conditions are present:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Border Gateway Protocol (BGP) peer may not come up after you have disabled message digest 5 (MD5) authentication for BGP neighbors.
Conditions: This symptom is observed when, on a router that is running BGP, you disable MD5 authentication for a BGP peer by using the no neighbor ip-address password router configuration command. The BGP session does not become established, even when you reset the BGP connection by entering the clear ip bgp neighbor-address privileged EXEC command or the clear ip bgp * privileged EXEC command.
Workaround: After you have entered the no neighbor ip-address password router configuration command, reconfigure the BGP session for the neighbor at both sides of the connection.
Alternate Workaround: Reload the router that is running BGP.
ISO CLNS
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) loadbalancing may not function correctly.
Conditions: This symptom is observed in a topology in which three routers—router A, router B, and router C—reside on a broadcast media. Router A is the root node that performs Shortest Path First (SPF) and has a direct path to both router B and router C. There is also an additional path between router A and router B. When you configure IS-IS to enable router A to reach router C along two equal-cost paths, router A may not use the direct path (that is, one of the two equal-cost paths) to router C but may only use the additional path via router B to reach router C.
Workaround: There is no workaround.
Miscellaneous
•
Symptom: A Cisco router may reload when you remove a Label Distribution Protocol (LDP) configuration before an Ethernet over Multiprotocol Label Switching (EoMPLS) configuration.
Conditions: This symptom is observed in rare situations on a router that is configured for EoMPLS when you enter the no mpls l2transport route interface configuration command.
Workaround: There is no workaround.
•
Symptoms: Engine 4 plus (E4+) line cards may not fragment outgoing pings properly, causing pings of packets with a size that is larger than the maximum transmission unit (MTU) to fail.
Conditions: This symptom is observed on E4+ line cards (4-port OC-48 and 1-port OC-192 line cards) that are installed in a Cisco 12000 series.
Workaround: For pings, use packets with a size that is smaller than the MTU.
•
Symptoms: Directly-connected neighbors may be displayed in the "Targeted Hellos" field in the output of the show mpls ldp discovery privileged EXEC, which is incorrect behavior. This situation does not impact routing functionality.
Conditions: This symptom is observed in an Any Transport over Multiprotocol Label Switching (AToM) environment and is platform independent.
Workaround: There is no workaround.
•
Symptoms: When a customer edge (CE) link fails, a remote provider edge (PE) router may not be notified, causing the CE link to remain up.
Conditions: This symptom is observed in a configuration that has the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS: Port Mode feature enabled.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on the Versatile Interface Processor (VIP) of a Cisco 7500 series, even though the VIP does not reload.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) forwarding is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may reload with an "address error" message.
Conditions: This symptom is observed at bootup time when the PE and customer edge (CE) interfaces are coming up. The symptom occurs when a locally learned VPN routing/forwarding (VRF) route temporarily loses its local label. This condition leads to some data structures being cleaned up but still retaining references to the local label. It may also occur after bootup in the case of interface flaps. The reload is not a common occurrence, however, and may need additional triggers.
A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdv49909. Cisco IOS releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: When an automatic protection switching (APS) switchover occurs from an active SONET T1 port to a standby port, the standby port may report a Loss of Signal (LOS) on a wrong line card, the alarm LED may illuminate on the line card that contains the standby port, and all T1 links may go down.
Conditions: This symptom is observed on a Cisco 10000 series when both transmit (TX) and receive (RX) fiber cables are removed from an active SONET T1 port that is configured for APS. A switchover to the standby port occurs, but the standby port reports LOS on a wrong line card, causing all T1 links to go down. The T1 links remain down until the fiber cables are reinserted on the port that was the active port before the switchover occurred.
Workaround: There is no workaround.
•
Symptoms: An OC-48 Packet-over-SONET (POS) interface may flap immediately after a high availability (HA) Fast Software Upgrade (FSU).
Conditions: This symptom is observed on a Cisco 10000 series when an HA FSU is performed from an image of Cisco IOS Release 12.0(23)S1 to an image of Release 12.0(23)S2.
Workaround: There is no workaround.
•
Symptoms: A Performance Route Processor (PRP) may reload without generating a crashinfo file.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: The tag forwarding performance for incoming packets that have labels may be degraded by about 45 percent.
Conditions: This symptom is observed on an Engine 0 ingress line card that is installed in a Cisco 12000 series when you compare the tag forwarding performance of Cisco IOS Release 12.0(24)S with the tag forwarding performance of Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 (E4) line card may reload after it displays the following error messages:
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. -Traceback=
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x1A1 - PIM: header start offset >= 16kB. -Traceback=Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S under the following conditions:
–
–
–
–
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: It may take a long time for a Cisco 12000 series to remove 250,000 Virtual Private Network version 4 (VPNv4) entries from an Engine 3 line card. While the router removes the VPNv4 entries, new VPNv4 entries cannot be updated on the line card.
Conditions: This symptom is observed when the router handles a large number (more than 80,000) of VPNv4 entries on its line cards and when a Border Gateway Protocol (BGP) session flaps (that is, the session remains down for a few minutes), causing the router to remove all VPNv4 entries and to repopulate these entries a few minutes later.
Workaround: There is no workaround.
•
Symptoms: It may take about 10 minutes before a Versatile Interface Processor (VIP) synchronizes with a Cisco Express Forwarding (CEF) table.
Conditions: This symptom is observed after you reload the VIP that has the Single Line Card Reload (SLCR) feature and distributed CEF (dCEF) enabled, when there are about 40,000 prefixes in the CEF table, and when Border Gateway Protocol (BGP) is in stable condition.
Workaround: Increase the interprocess communications (IPC) cache significantly; when there are about 40,000 prefixes, increase the IPC cache using the ipc cache 3000 command.
•
Symptoms: The E3 controller of a Multi-Channel E3 port adapter (PA-MC-E3) card is missing from IF-MIB and DS3-MIB.
Conditions: This symptom is observed on a PA-MC-E3 in all releases of Cisco IOS software.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: After a single transmit buffer management (TBM) error occurs on a line card, the line card may reload because of a packet switch ASIC (PSA) pipeline stuck condition.
Conditions: This symptom is observed on an Engine 2 Packet-over-SONET (POS) line card that is installed in a Cisco 12000 series that is configured to switch Frame Relay packets.
Workaround: There is no workaround.
•
Symptoms: After a single transmit buffer management (TBM) error occurs on an 8- port OC-3 ATM line card, the line card may stop forwarding inbound and outbound traffic.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series that is configured with a Performance Route Processor 1 (PRP-1) may pause indefinitely.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a PRP-1 when the configuration is being saved after it has previously received a break signal on the console. This symptom does not affect the Gigabit Route Processor (GRP).
The break signal can be received by the router when it is sent intentionally by a terminal or when it is unintentionally received as noise on the console connection. Unintentional noise may occur if a terminal or terminal server that is connected to the router is powered off or when certain terminals or personal computer terminal emulators are first connected. When the router pauses indefinitely, it must be power-cycled to be restored to a normal working condition.
Workaround: There is no workaround. If possible, avoid using the break signal in Telnet connections, and avoid using terminal connections that send break signals.
•
Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following error message may be displayed on a Cisco 12400 series:
FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on slot 22Note that the slot numbers (that is, 8 and 22) are just examples.
Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router.
Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.
•
Symptoms: A Frame Relay (FR) interface may go up and down continuously.
Conditions: This symptom is observed on an FR interface when the keepalive timeout is set to one second and fragmentation and traffic shaping are enabled on multiple permanent virtual circuits (PVCs).
Workaround: Increase the keepalive timeout to 5 seconds or more.
•
Symptoms: A Cisco 7500 series may drop packets and log the following errors:
%IPC-5-SLAVELOG: VIP-SLOT4:
%SYS-2-INLIST: Buffer in list, ptr= 60BCAFC0
-Process= "<interrupt level>", ipl= 2Conditions: This symptom is observed on a Cisco 7500 series that is configured for Multilink Frame Relay (MFR).
Workaround: There is no workaround.
•
Symptoms: The Parallel Express Forwarding (PXF) network processor may send traffic to the Route Processor (RP). When the traffic rate is very high, CPU utilization may increase to 99 percent.
Conditions: These symptoms are observed on a Cisco 10720 when the outgoing interface list for an S,G entry with Prune (P) and RP-bit set (R) flags is null in the multicast routing table and multicast traffic for this S,G entry comes in from a Spatial Reuse Protocol (SRP) ring, Gigabit Ethernet interface, or Fast Ethernet interface.
Workaround: There is no workaround. Note that the symptom does not occur when the Protocol Independent Multicast (PIM) share tree and the shortest path tree (SPT) do not diverge.
•
Symptoms: A ping may fail via a PortChannel interface.
Conditions: This symptom is observed when the PortChannel interface is configured on a 2-port Fast Ethernet ISL 100BASE port adapter (PA-2FEISL) and when the mac-address ieee-address interface configuration command is configured on the PortChannel interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Fast Ethernet interfaces of the PA-2FEISL.
•
Symptoms: When you enter the rate-limit output interface configuration command to apply a rate limit to an Engine 3 interface that already has an outgoing service policy applied to it, traffic that is going out of the interface may stop.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: To apply a rate limit to the interface, use the policy map global configuration command.
•
Symptoms: When Cisco Express Forwarding (CEF) is disabled because of a memory allocation failure on an Engine 2 Dynamic Packet Transport (DPT) line card, the Connectionless Network Service (CLNS) adjacencies on interfaces on this line card may not be torn down.
Conditions: This symptom is observed on a Cisco 12000 series that functions when the external overload signalling router configuration command is configured in an Intermediate System-to-Intermediate System (IS-IS) environment.
When CEF is disabled on an Engine 1 DPT line card or an Engine 4 Packet-over- SONET (POS) line card in the same configuration, the CLNS adjacencies on interfaces on these line cards are properly torn down.
Workaround: There is no workaround.
•
Symptoms: A 6-port channelized T3 line card may reload when a T1 in-band loopup or loopdown is invoked while a bit error rate (BER) test is occurring.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Do not invoke a T1 in-band loopup or loopdown while a BER test is occurring. A typical and proper usage sequence would be the following:
1.
2.
3.
4.
•
Symptoms: An Engine 4 10-port Gigabit Ethernet (GE) line card may reload or you may not be able to ping across the modular GE interfaces of the line card.
Conditions: This symptom is observed on a Cisco 12410 that has a redundant Clock Scheduler Card (CSC) after you have performed an online insertion and removal (OIR) of the master (CSC).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card may log "EE48-2- GULF_TX_SRAM_ERROR" error messages if certain packet types are forwarded incorrectly.
Conditions: This symptom is observed on Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers when multicast traffic is destined for the customer edge (CE) router.
Workaround: There is no workaround.
•
Symptoms: The Automatic Protection Switching (APS) function may not failover after a line card is reset.
Conditions: This symptom is observed when a line card is reset (either by entering the hw-module reset EXEC command or by manually resetting the line card).
Workaround: There is no workaround.
•
Symptoms: The following error message may be generated often for slot 24 or 25 on a Cisco 12000 series:
%MBUS_SYS-3-NOBUFFER: Message from slot 25 in stream 0 droppedConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5 or Release 12.0(21)S6.
Workaround: There is no workaround.
•
Symptoms: When you enter the redundancy force-failover main-cpu privileged EXEC command on a Cisco 10000 series that is configured with two Performance Routing Engines (PREs), an automatic protection switching (APS) switchover occurs on 6-port OC-3 Packet-over-SONET (POS) line cards, which is incorrect behavior.
Conditions: This symptom is observed when APS is configured on 6-port OC-3 POS line cards in two different Cisco 10000 series that are connected back-to-back and you enter the following sequence of commands:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: The shape policy map class configuration command that is entered via modular QoS CLI (MQC) may not function on an ingress interface of a 4-port Gigabit Ethernet IP Services Engine (ISE) line card.
Conditions: This symptom is observed on a Cisco 12000 series after a Stateful Switchover (SSO) of a Route Processor (RP) has occurred.
Workaround: Reload the affected line card.
•
Symptoms: A Cisco 12000 series Route Processor (RP) may reload.
Conditions: This symptom is observed when you attempt to modify a quality of service (QoS) policy that is applied to a VLAN interface on a 4-port Gigabit Ethernet IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: Frame Relay over Multiprotocol Label Switching (FRoMPLS) connectivity may not function.
Conditions: This symptom is observed when a Cisco 12000 series is configured with an Engine 2 line card that has link bundling enabled.
Workaround: There is no workaround.
•
Symptoms: Some interfaces of a Cisco 10000 series 6-port channelized T3 line card may not come up.
Conditions: This symptom is observed when you configure the T3 controller with any combination of time slots, but using more than 15 and fewer than 21 time slots.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reboot when you enter the no srp reject H.H.H interface configuration command on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed intermittently. If there is no valid entry to be removed for the srp reject H.H.H interface configuration command, the command negation has no impact.
Workaround: There is no workaround.
•
Symptoms: A router may not boot to the configured Cisco IOS software version when the full path of the Cisco IOS image is specified in the boot system flash global configuration command, such as in the following example:
boot system flash disk0:c12kprp-p-mz
Conditions: This symptom is observed on a Cisco 12000 series router that is configured with dual Performance Route Processors (PRPs).
Workaround: Configure the boot system flash global configuration command without specifying the device name, such as in the following example:
boot system flash c12kprp-p-mz
•
Symptoms: The output of the show controller srp privileged EXEC command may indicate an unspecified SONET transceiver type for the Engine 4 plus (E4+) 4-port OC-48c/STM-16c DPT line card.
Incorrect command output:
SFP EEPROM INFO: SIDE A
SFP Module is: VALIDATED
ID: SFP transceiver
Extended ID: 4
Connector: LC
SONET compliance: unspecified <=== IncorrectCorrect command output:
SFP EEPROM INFO: SIDE A
SFP Module is: VALIDATED
ID: SFP transceiver
Extended ID: 4
Connector: LC
SONET compliance: OC48 Long Reach (LR2) <=== CorrectConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S or a later release when the small form-factor pluggable (SFP) card is long reach-1 (LR-1) or long reach-2 (LR-2).
Workaround: Instead of using the show controller srp privileged EXEC command, look at the following components to find out the type of SFP card (that is, whether the SFP card is LR-1 or LR-2):
–
–
•
Symptoms: When you modify a policy-based routing (PBR) configuration for next-hop changes, the changes may not be updated in the ternary content addressable memory (TCAM).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: Remove the PBR configuration from the interfaces, and then reapply the PBR configuration to the interfaces.
•
Symptoms: Packet sizes on the boundary may fail across a tunnel that is configured for IP version 6 (IPv6).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series Parallel Express Forwarding (PXF) processor may drop packets that are received on a Multicast Tunnel Interface (MTI). This situation prevents the Protocol Independent Multicast (PIM) protocol from forming neighbor relationships with other provider edge (PE) routers in the network, causing loss of Multicast Virtual Private Network (MVPN) traffic.
Conditions: This symptom is observed after you have reloaded a Cisco 10000 series that functions as a PE router, and the Cisco 10000 series has downloaded an MVPN configuration.
Workaround: Reload the microcode onto the PXF processor by entering the microcode reload pxf privileged EXEC command.
•
Symptoms: A Cisco router that is running Multiprotocol Label Switching (MPLS) may reload after a message similar to the following is generated:
%SYS-3-OVERRUN: Block overrun at 5414B2C8 (red zone 00000000)Conditions: This symptom is observed when more than 672 Label Distribution Protocol (LDP) sessions are established simultaneously and when LDP cannot perform some background tasks for an advertised Label Information Base (LIB) entry before the local label is changed or withdrawn.
Workaround: There is no workaround.
•
Symptoms: A committed access rate (CAR) output rule may not function on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed on a Cisco 7500 series, regardless if legacy quality of service (QoS) or modular QoS CLI (MQC) is configured.
Workaround: There is no workaround.
•
Symptom: IP packets that include padding data may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 10-port Gigabit Ethernet line card and a 4-port OC-48c/STM-16c DPT line card.
Workaround: There is no workaround. Note that the symptoms do not occur when you replace the 10-port GE line card with a 3-port GE line card.
•
Symptoms: A router may incorrectly encapsulate packets when Multicast Distributed Switching (MDS) is enabled. This situation causes traffic to be blackholed.
Conditions: This symptom is observed on a Cisco router that is configured with MDS and with a generic routing encapsulation (GRE) tunnel interface.
Workaround: There is no workaround.
•
Symptoms: Packets may be dropped by a 3-port Gigabit Ethernet line card that is installed in a Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:
–
–
–
–
Workaround: If this is an option, remove the output ACL, or use Cisco IOS Release 12.0(23)S or a later release.
•
Symptoms: All ports of an Engine 0 (E0) digital service 3 (DS3) card may remain in an "up/down" condition indefinitely.
Conditions: This symptom is observed on Engine 0 (E0) DS3 cards when one of the ports receives a "yellow" alarm.
Workaround: Reload microcode onto the DS3 card by entering the microcode reload global configuration command.
•
Symptoms: Ingress Multiprotocol Label Switching (MPLS) explicit-null packets are processed in the slow path of an Engine 2 line card (that is, the packets are forwarded to the CPU of the line card), causing the performance of the line card during the processing of such packets to be significantly less than expected.
Conditions: This symptom is observed on all Cisco 12000 series Engine 2 line cards.
Workaround: There is no workaround.
•
Symptoms: After you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface, pings may fail on this interface.
Conditions: This symptom is observed on an interface that has both PPP and Intermediate System-to-Intermediate System (IS-IS) configured.
Workaround: There is no workaround.
•
Symptoms: Label Distribution Protocol (LDP) does not send a label release message in response to a label withdraw message.
Conditions: This symptom is observed in an Any Transport over Multiprotocol Label Switching (AToM) configuration.
Workaround: There is no workaround.
•
Symptoms: When NetFlow data is processed at interrupt-level, the CPU utilization of a route processor (RP) may become high.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow is configured and many small data flows are processed on the router.
Workaround: There is no workaround.
•
Symptoms: Auto negotiation may not work as expected on a router.
Conditions: This symptom is observed when a Cisco 10720 router is used in a network that has a Cisco Catalyst 6500 switch and a vendor-specific optical repeater.
Workaround: There is no workaround.
•
Symptoms: Distributed Cisco Express Forwarding (DCEF) may become disabled on a Versatile Interface Processor (VIP) and the following error message may appear on the console:
%FIB-3-FIBDISABLE: Fatal error, slot 12: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed on a Cisco 7500 series VIP2-50 and VIP4-80 in which ATM OC-3 port adapters such as the PA-A1-OC3 or PA-A3-OC3 are installed when the Cisco 7500 series is upgraded to Cisco IOS Release 12.0(24)S or Release 12.0(24)S1.
Possible Workaround: Reload CEF on the VIP by entering the clear cef linecard slot-number EXEC command.
Possible Alternate Workaround: Restart the VIP by performing an online insertion and removal (OIR).
•
Symptoms: A standby Performance Routing Engine (PRE) may reload continuously, and the router may enter the "standby cold-bulk" redundancy state.
Conditions: This symptom is observed with certain configurations. The standby PRE may reload continuously when a new image is loaded after the hw-module reset standby-cpu reset global configuration command is entered or after a switchover occurs.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload because of a bus error when you repeatedly enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface at the remote end of the Cisco 12000 series.
Conditions: This symptom is observed when the interface at the remote end is an ATM interface of an Engine 0 4-port OC-3 ATM or 1-port OC-12 ATM line card that has the atm pvp interface configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: The Label Distribution Protocol (LDP) session between two adjacent routers may fail to establish when you configure the seconds argument of the mpls ldp discovery hello interval seconds global configuration command for one router to be significantly shorter in duration than the seconds argument of the same command for the other router.
Conditions: This symptom is observed in an IP over Multiprotocol Label Switching (MPLS) configuration when the router that is configured with the seconds argument of longer duration is also configured to actively establish the TCP connection (in conformance with Section 2.5.2 of RFC 3036).
The output of the show mpls ldp discovery detail privileged EXEC command indicates that the associated discovery interface of the router that is configured to actively establish the TCP connection is stuck in the "xmit (not ready)" state.
The router that passively establishes the TCP connection may indicate via "NBRCHG" log messages that the LDP session comes up and immediately goes down repeatedly.
Workaround: For both routers, configure the seconds argument to be of similar duration by using the mpls ldp discovery hello interval seconds global configuration command or the mpls ldp discovery hello holdtime seconds global configuration command.
•
Symptoms: Packet loss may occur during Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel reoptimization on a Cisco 12000 series.
Conditions: This symptom is observed when the initial outgoing interface of the TE tunnel is configured on an IP Services Engine (ISE) line card and when at least 200 Interior Gateway Protocol (IGP) prefixes can be reached through the tunnel.
Workaround: There is no workaround.
•
Symptoms: A standby Gigabit Route Processor (GRP) may reload with a bus error.
Conditions: This symptom is observed after the ATM interface of a Cisco 12000 series is shut down.
Workaround: There is no workaround.
•
Symptoms: A customer of a service provider (SP) may report poor performance across new long-distance (over 100 km) E3 lines with a file transfer rate of about 3 to 5 Mbps. Frame check sequence (FCS) errors may occur in G.751 frames, "Time to Live," "Transport Retransmission," and "TCP Connection Reset by Server" conditions, and other conditions may occur in the LAN. The symptoms are caused by difficulties with the clock signal.
Conditions: These symptoms are observed on a Cisco 7200 series, Cisco 7500 series, and Cisco 7600 series that are configured with a 1-port E3 serial port adapter (PA-E3), but these symptoms may also occur on a 2-port E3 serial port adapter (PA-2E3). The symptoms are not platform specific but port-adapter specific. The symptoms are not observed when short-distance E3 lines are used.
The clocking is not provided by the Plesichronous Digital Hierarchy (PDH)/Synchronous Digital Hierarchy (SDH) network of the SP but by the internal clock source of one of the routers of the SP customer (that is, the clock source internal controller configuration command is configured), while another router of the SP customer is configured as the clock slave (that is, the clock source line controller configuration command is configured). However, the symptom may also occur when the clocking is provided by the SP.
When a line interruption occurs, the PA-E3 on which the clock source line controller configuration command is configured may not switch back its transmitter clock (which should be synchronized from the incoming clock signal of the line) from internal clocking to line clocking. When the line is down, the router in which this PA-E3 is installed temporarily uses its internal clock signal. When the line comes back up again, the router should switch back to the line clock signal.
Long-distance lines are affected because the router that receives traffic over long-distance lines requires a relatively long time to synchronize its clock via line clock signal. The symptoms are observed during the initial link up and during line interruptions.
Workaround: Use enhanced 1-port ATM E3 port adapters (PA-A3-E3) on which the clocking difficulties do not occur.
Temporary Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the serial interface of the affected PA-E3. Doing so provides a workaround until the next line interruption.
•
Symptoms: On a Cisco platform, free memory may decrease gradually during normal system operation. When network instability occurs, free memory may decrease in the order of tens of MBs over a short period of time.
The output of the show processes memory EXEC command indicates that the Border Gateway Protocol (BGP) router process holds an amount of memory that is increasing as the free memory is decreasing.
Conditions: This symptom is observed on a Cisco platform that is running Cisco IOS Release 12.0(23)S1 or a later release and that has the ip default-network network-number global configuration command enabled.
Workaround: Disable the ip default-network network-number global configuration command to stop the free memory from decreasing. However, to free up the held memory, reload the platform.
•
Symptoms: When a slave Route Switch Processor (RSP) is reloaded by the master RSP, or when you enter the hw-module sec-cpu reset privileged EXEC command, the slave (RSP) may generate the following error message and tracebacks:
%HA-2-CCB_PLAYBACK_ERROR: CCB playback failed.
-Traceback= 40439E14 404339D0 404CC4F0 402E1AA8 403139D8 40323BC0 40323DB0 40323E4C 401C7EE4 402E34C8 4037BD3C 4037BD28Conditions: This symptom is observed on a Cisco 7507 that is running Cisco IOS Release 12.0(24)S1, that is configured for Route Processor Redundancy Plus (RPR+) or High System Availability (HSA), and that is configured with a 1-port Packet-over-SONET OC-3c/STM-1 single-mode port adapter (PA-POS-OC3SMI).
Workaround: There is no workaround. Note that the symptoms do not occur when you remove the PA-POS-OC3SMI.
•
Symptoms: The following error message may be displayed on a router:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x50164CDC reading 0x0Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Interfaces on one Engine 4 (E4) 3-port Gigabit Ethernet (GE) port adapter (EPA-3GE-SX/LH-LC) may use the same interface description blocks (IDBs) as interfaces of an adjacent E4 3-port GE port adapter that is installed on the same GE modular baseboard (EPA-GE/FE-BBRD). This situation may cause forwarding difficulties and Cisco Express Forwarding (CEF) inconsistencies on other line cards that are installed in the same router. You can verify the symptoms in the output of the show cef interface EXEC command.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with more than one GE modular baseboard when several E4 3-port GE port adapters are installed on a single GE modular baseboard.
Workaround: Reload the router.
•
Symptoms: Occasional ping failures may be observed over a VLAN interface.
Conditions: This symptom is observed on the VLAN interface of a Cisco 12000 series modular Gigabit Ethernet line card. The Cisco 12000 series modular Gigabit Ethernet line card is connected to Cisco Catalyst switches over VLAN interfaces.
Workaround: There is no workaround.
•
Symptoms: When you reload the microcode onto an interface of an Engine 3 Gigabit Ethernet (GE) or Packet-over-SONET (POS) line card, the line card may reload unexpectedly immediately after it comes up in the "Run IOS" state.
Conditions: This symptom is observed when Border Gateway Protocol Policy Accounting (BGP PA) is configured on the interface before you reload microcode onto the interface.
Workaround: Remove the BGP PA configuration from the interface.
•
Symptoms: A Cisco 12000 series Engine 2 (E2) line card may not properly process Multiprotocol Label Switching (MPLS) packets, causing the processor of the E2 line card to forward corrupted packets.
Conditions: This symptom is observed when an E2 line card receives MPLS packets with a top label that is zero or explicit null.
Workaround: There is no workaround.
•
Symptoms: The core router Multiprotocol Label Switching (MPLS) forwarding entry has the correct outgoing interface but has an incorrect label to use for sending traffic to the edge router. The incorrect label is identical to the label that is sent by another core router for the same prefix through another interface.
Conditions: This symptom is observed in a service provider network when the route to the prefix that has the incorrect MPLS forwarding entry is configured using a static recursive route and the specific IP address that is specified in the ip route prefix mask ip-address global configuration command is changed by topology changes to go through a different adjacent router. The incorrect outgoing Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) label corresponds to the router that was adjacent prior to the routing change.
Workaround: To clear this condition, enter the clear ip route {network [mask] | *} EXEC command to cause MPLS to create a new forwarding entry that has the correct interface and label for the prefix.
To prevent this condition from occurring, advertise the route to the prefix in question using an Interior Gateway Protocol (IGP).
Alternate Workaround: Configure a static nonrecursive route to the prefix and IP address of the next-hop router by entering the ip route prefix mask ip-address interface-type interface-number global configuration command.
•
Symptoms: The convergence time after a forced Stateful Switchover (SSO) may be longer than 10 seconds.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for SSO.
Workaround: There is no workaround.
•
Symptoms: The traceroute privileged EXEC command may not work for the IP address of a generic routing encapsulation (GRE) tunnel in a Multiprotocol Label Switching (MPLS) network, and the router at the receiving end may generate traceback error messages.
Conditions: This symptom is observed in an MPLS network when you configure a generic routing encapsulation (GRE) tunnel between a Cisco 10000 series that is configured as a provider edge (PE) router and another PE router.
Workaround: To determine a path in the MPLS network, shut down the GRE tunnel and enter the traceroute privileged EXEC command for the IP address of the physical link.
Alternate Workaround: Reload the microcode onto the Parallel Express Forwarding (PXF) by entering the microcode reload pxf privileged EXEC command.
•
Symptoms: A value of 4,294,967,295 (hexadecimal 0xffffffff) may appear in the ifIndex field of the ifTable for the first channelized T3 controller (CT3) of a 6-port CT3 line card that is installed in a slot of a Cisco 10000 series. This situation causes the ifTable to lose its entries for all other CT3 (or T3 and DSX3) controllers, making them unavailable for Simple Network Management Protocol (SNMP) access.
In a situation in which some SNMP access tools treat the ifIndex values as signed integers, these SNMP access tools may interpret the ifIndex value of 4,294,967,295 as its signed value of -1. When a router walks tables that are indexed by an abnormal ifIndex value such as -1, loops may occur.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Route Processor Redundancy Plus (RPR+) when a switchover occurs. The symptom may also occur when a Stateful Switchover (SSO) occurs and the Cisco 10000 series software image that is loaded onto the secondary Route Processor (RP) is a newer version than the software image that is running on the primary RP, causing the router to default to RPR+ because of the mismatch between the two software images on the RPs.
At least one channelized interface must be defined on any CT3 controller in order for the symptom to occur.
You can reproduce the symptom in a simple configuration with two 6-port CT3 line cards in slots 6/0 and 7/0, when the only interface that is defined is a single T1 channel group, 6/0/3/1:0. Before an RPR+ switchover, the output of the snmpwalk command indicates the following controller indices:
interfaces.ifTable.ifEntry.ifIndex.3 = 3 interfaces.ifTable.ifEntry.ifIndex.4 = 4 interfaces.ifTable.ifEntry.ifIndex.5 = 5 interfaces.ifTable.ifEntry.ifIndex.6 = 6 interfaces.ifTable.ifEntry.ifIndex.7 = 7 interfaces.ifTable.ifEntry.ifIndex.8 = 8 interfaces.ifTable.ifEntry.ifIndex.9 = 9 interfaces.ifTable.ifEntry.ifIndex.10 = 10 interfaces.ifTable.ifEntry.ifIndex.11 = 11 interfaces.ifTable.ifEntry.ifIndex.12 = 12 interfaces.ifTable.ifEntry.ifIndex.13 = 13 interfaces.ifTable.ifEntry.ifIndex.14 = 14The associated data objects are also shown:
interfaces.ifTable.ifEntry.ifDescr.3 = T3 6/0/0 interfaces.ifTable.ifEntry.ifDescr.4 = T3 6/0/1 interfaces.ifTable.ifEntry.ifDescr.5 = T3 6/0/2 interfaces.ifTable.ifEntry.ifDescr.6 = T3 6/0/3 interfaces.ifTable.ifEntry.ifDescr.7 = T3 6/0/4 interfaces.ifTable.ifEntry.ifDescr.8 = T3 6/0/5 interfaces.ifTable.ifEntry.ifDescr.9 = T3 7/0/0 interfaces.ifTable.ifEntry.ifDescr.10 = T3 7/0/1 interfaces.ifTable.ifEntry.ifDescr.11 = T3 7/0/2 interfaces.ifTable.ifEntry.ifDescr.12 = T3 7/0/3 interfaces.ifTable.ifEntry.ifDescr.13 = T3 7/0/4 interfaces.ifTable.ifEntry.ifDescr.14 = T3 7/0/5After the RPR+ switchover, the index list for the CT3 controllers contains only the following entry:
interfaces.ifTable.ifEntry.ifIndex.4294967295 = -1The associated data object is shown only for the controller that is assigned to this index (that is, the first controller on the line card on which an interface is assigned):
interfaces.ifTable.ifEntry.ifDescr.4294967295 = T3 6/0/0Workaround: There is no workaround.
•
Symptoms: Traffic may slow down or stop after a Stateful Switchover (SSO) has occurred.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses or alignment errors may occur on a Cisco router.
Conditions: This symptom is observed when both Cisco Express Forwarding (CEF) and NetFlow are enabled.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 line card that is configured with virtual routing and forwarding may reload.
Conditions: This symptom is observed under either one of the following conditions:
–
–
The line card does not come back up after it reloads and must be manually reloaded.
Workaround: There is no workaround.
•
Symptoms: A Cisco Express Forwarding (CEF) table may lose some of its entries.
Conditions: This symptom is observed on a Cisco 12000 series ATM line card that is processing traffic.
Workaround: There is no workaround.
•
Symptoms: All Layer 3 Virtual Private Network (L3VPN) traffic may be dropped from a line card.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 Packet-over-SONET line card that has one interface configured for L3VPN and that has the Any Transport over MPLS: Frame Relay over MPLS feature enabled on another interface.
Workaround: Do not configure both L3VPN and the Any Transport over MPLS: Frame Relay over MPLS feature on the same line card.
•
Symptoms: Although the input rate on a 3-port ingress Gigabit Ethernet (GE) line card may vary from 300 kpps to 1.5 Mpps, the line card forwards traffic at only about 290 kkps. Similarly, when the input rate is lower than 290 kpps, the line card forwards traffic at a rate that is much lower than 290 kpps.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S when Border Gateway Protocol Policy Accounting (BGP PA) is configured on a physical port of the 3-port ingress GE line card.
Workaround: There is no workaround.
•
Symptoms: A Multilink Frame Relay (MFR) interface on a Cisco 7500 series may go down after you apply a service policy.
Conditions: This symptom is observed when you apply an output queueing policy and the MFR interface contains serial links. The symptom does not occur when the MFR interface contains channelized links.
Workaround: There is no workaround.
•
Symptoms: Packets may drop from an Engine 2 (E2) line card on which an outbound access control list (ACL) is configured.
Conditions: This symptom is observed on a Cisco 12000 series when the access-list access-list-number deny protocol any any global configuration command is configured on the E2 line card and you have entered 0 for the protocol argument.
The symptom does not occur on an E2 line card on which an inbound ACL and the access-list access-list-number deny protocol any any global configuration command are configured and you have entered 0 for the protocol argument.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) labels may be imposed erroneously on multicast packets.
Conditions: This symptom is observed on a Cisco 10720 when multicast packets are transmitted via Packet-over-SONET interfaces that are configured for MPLS.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic may stop flowing via an ATM interface.
Conditions: This symptom is observed when you modify an ATM permanent virtual connection (PVC) parameter and cause the virtual circuit (VC) to be rebuilt. The symptom occurs because the multicast structures are not properly rebuilt.
Workaround: After you have changed the PVC parameters, enter the shutdown interface configuration command followed by the no shutdown interface configuration on the ATM interface.
•
Symptoms: Memory may be held on a Cisco 7500 series when you disable the xconnect global configuration command on an ATM port or ATM virtual path (VP).
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route Switch Processor 4 (RSP4).
Workaround: Do not disable the xconnect global configuration command on an ATM port or ATM VP.
•
Symptoms: A directed Label Distribution Protocol (LDP) session between two provider edge (PE) routers may not come up in an Any Transport over Multiprotocol Label Switching (AToM) configuration.
Conditions: This symptom is observed when the value of the seconds argument in the mpls ldp discovery targeted-hello holdtime seconds global configuration command differs on both PE routers.
Workaround: Ensure that the value of the seconds argument is equal on both PE routers.
•
Symptoms: IP version 6 (IPv6) traffic may be forwarded to the CPU of a 4-port Gigabit Ethernet (GE) IP Services Engine (ISE) line card.
Conditions: This symptom is observed on a Cisco 12000 series that functions as a provider edge (PE) router that is running IPv6 traffic when you configure Virtual Private Network (VPN) routing/forwarding (VRF) instances on one of the subinterfaces of the main interface of the 4-port GE ISE line card and when another subinterface of the line card is configured to forward IPv6 traffic.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Versatile Interface Processor (VIP) because buffers are not returned, which can be verified through the output of the show memory summary EXEC command: the first lines in the output display the processor memory and indicate that free memory is decreasing and that the largest contiguous memory block is decreasing.
Conditions: This symptom is observed on a Cisco 7500 series when the VIP is configured with the ip mroute-cache distributed interface configuration command, when there are at least two outgoing interfaces, and when the bandwidth of the incoming traffic exceeds that of the outgoing interfaces.
Possible Workaround: Disable the ip mroute-cache distributed interface configuration on the VIP. To free up the held memory, reload the microcode onto the VIP.
•
Symptoms: When a small packet (a layer-2 packet that is equal to or smaller than 52 bytes, including the layer-2 packet size, the layer-2 header, and the cyclic redundancy check [CRC]) enters a Cisco 10720 and is fed back, one buffer element of the 128-byte Parallel Express Forwarding (PXF) buffer pool is used but not released. This situation eventually causes the 128-byte buffer pool to be depleted entirely. Because most of the control packets such as the IP routing protocol packets are small packets and use the 128-byte buffer pool, most control plane functions stop working and routing-protocol adjacencies go down when the 128-byte buffer pool is depleted, and finally, the router stops forwarding traffic on all the interfaces.
Conditions: These symptoms are observed when a PXF feedback occurs, for example, when multicast traffic is configured, or when a policy map is configured to feed back packets.
Workaround: Avoid PXF feedback. For example, properly configure the policy map. If PXF feedback is inevitable, proactively monitor the 128-byte buffer pool via the output of the show hardware pxf cpu buffers privileged EXEC command:
Router#show hardware pxf cpu buffers
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 26746 0 0
3 256 34072 34072 0 0
4 128 59934 49987 0 0
^^^^^Before the 128-byte buffer pool is depleted entirely, reset the 128-byte buffer pool. Reload the microcode onto the PXF by entering the microcode reload pxf privileged EXEC command. However, be careful, because by reloading microcode onto the PXF, you may cause routing-protocol adjacencies to be dropped and the PXF to stop forwarding traffic.
•
Symptoms: OC-12 Packet-over-SONET (POS) interfaces may remain in the "down/down" state after you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on the interfaces.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with a 1-port OC-12/STM-4 POS module.
Possible Workaround: Change the cyclic redundancy check (CRC) value. Doing so may bring the interfaces up.
•
Symptoms: A Cisco 12000 series may reload when you enable Fast Reroute (FRR) on the headend of a tunnel.
Conditions: This symptom is observed when the tunnel carries Any Transport over Multiprotocol Label Switching (AToM) traffic.
Workaround: There is no workaround.
•
Symptoms: When you enter the frame-relay fragment fragment_size map-class configuration command, the following error message may be generated:
Warning: Fragment size too low; will use min supported value of 128 bytesConditions: This symptom is observed on a Cisco 10000 series that is configured with dual Performance Routing Engines (PREs).
Workaround: Before you configure the frame-relay fragment fragment_size map-class configuration command, remove the redundant PRE or temporarily place the redundant PRE into reset mode. When you have completed the configuration, reinsert or reactivate the PRE. Once you have configured the frame-relay fragment fragment_size map-class configuration command, the configuration remains in effect, even when a PRE switchover occurs or when the router reloads.
•
Symptoms: A Cisco router that is configured for Any Transport over Multiprotocol Label Switching (AToM) may send AToM packets that are missing control words, even though control-word imposition is enabled. When another Cisco router receives such malformed packets, the router does not handle these packets properly during disposition.
Conditions: This symptom may occur on all Cisco routers that employ software switching with AToM enabled. This symptom has specifically been observed on a Cisco 7200 series, Cisco 7400 series, and Cisco 7500 series that are configured for AToM.
On a 7200 series router that is processing a heavy traffic load, the reception of malformed packets may cause the router to pause indefinitely.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload.
Conditions: This symptom is observed when you enter the verify EXEC command on a Flash card device.
Workaround: There is no workaround.
•
Symptoms: When you enter the show cef idb EXEC command on a primary Route Processor (RP), the output of the command displays that for two subinterfaces of the same interface that should have the same interface number, one of the subinterfaces has a "-" sign in the "IIndex" column and both subinterfaces have the same number in the "FIndex" column.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S and may also occur on a Cisco 7500 series and a Cisco 10000 series. The symptom occurs when there are multiple subinterfaces on one hardware interface, when a Stateful Switchover (SSO) occurs, and when the original active RP (that becomes the new standby RP) reloads.
Workaround: There is no workaround.
•
Symptoms: Redirection may occur unexpectedly on a Cisco router when redirect is configured on more than one interface with more than one service configured.
Conditions: This symptom is observed on a Cisco router when Web Cache Communication Protocol (WCCP) input redirection is configured on several interfaces and not all services are configured on each interface. In this situation, packets are matched against all services when looking for redirect candidates. This behavior may lead to a spurious match and unexpected redirection of packets to a cache.
Workaround: Use output redirection.
•
Symptoms: When two 4-port OC-12c/STM-4c ATM IP Services Engine (ISE) line cards are connected back to back and you reload the microcode onto one of the line cards, the other line card reloads.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S, that is configured with a 4-port OC-12c/STM-4c ATM ISE line card, that is configured with a large number (about 1000) of virtual circuits (VCs), and that is passing traffic.
Workaround: There is no workaround.
•
Symptoms: A 4-port OC-12 ATM IP Services Engine (ISE) line card may reload when you change the provisioned ATM service class on 1000 virtual circuits (VCs) that are configured with class of service (CoS) queues.
Conditions: This symptom is observed on a Cisco 12000 that is running Cisco IOS Release 12.0(25)S and that is configured with a 4-port OC-12 ATM ISE line card on which 1000 VCs, each with 8 CoS queues, are configured. The symptom occurs when you change the ATM service class, that is, when you make any change in the VC parameters.
Workaround: There is no workaround.
•
Symptoms: When you enter the ip pim dense-mode interface configuration command on a Cisco 12000 series and on the router at the remote end of the Cisco 12000 series, the Route Processor (RP) of the Cisco 12000 series may reload and generate the following messages and tracebacks:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x503428A0, sp=0x555C79E0
Unexpected exception, CPU signal 10, PC = 0x0
-Traceback= 0 503428A0 50337248 50168D48 50168E04 50168F74 50167FF4 5016824C 508392B0 508391B4 5085372C 50851D10 508510D0 50851B60 5084E180 5086F868 50871DACConditions: This symptom is observed when both routers are connected back-to-back via Engine 2 (E2) 8-port OC-3 ATM line cards and when multicast is enabled on a virtual circuit (VC) bundle on the E2 8-port OC-3 ATM line card that is installed in the Cisco 12000 series.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(25)S
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(25)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A buffer leak that is caused by TACACS+ packets may occur in the middle buffer pool of a router and cause the router to run out of memory. The presence of this condition can be verified by entering the show buffers EXEC command or the show buffer pool middle header EXEC command. The show buffers EXEC command may display an output that is similar to the following:
Middle buffers, 600 bytes (total 3236, permanent 25):
11 in free list (10 min, 150 max allowed) 562868 hits, 1109 misses, 41 trims, 3252 created 0 failures (0 no memory)The show buffer pool middle header EXEC command may display an output that is similar to the following:
Buffer information for Middle buffer at 0x6096CF18
data_area 0x1AF0184, refcount 1, next 0x0, flags 0x80 linktype 7 (IP), enctype 1 (ARPA), encsize 14, rxtype 1 if_input 0x0 (None), if_output 0x0 (None) inputtime 0x0, outputtime 0x0, oqnumber 65535 datagramstart 0x1AF01CA, datagramsize 133, maximum size 756 mac_start 0x1AF01CA, addr_start 0x1AF01CA, info_start 0x0 network_start 0x1AF01D8, transport_start 0x1AF01ECConditions: This symptom is observed on a Cisco router that is configured for TACACS+ and that is running Cisco IOS Release 12.0(15). The symptom may also occur in other releases such as Release 12.0 S and Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: The show bootflash: chips EXEC command may cause subsequent commands such as the show bootflash all EXEC command to fail.
Conditions: This symptom is observed on a Cisco router that has a Route Switch Processor 8 (RSP8) and that is running Cisco IOS Release 12.2(6d) or Release 12.2(6f). This symptom is occurred because the bootflash module was defective.
Workaround: Enter the show version EXEC command to restore the router to normal operating condition. Alternatively, you may reseat or replace the Flash SIMM.
•
Symptoms: A router may reload because of a bus error.
Conditions: This symptom is observed on the serial interface of a Cisco 7500 series that has a Route Switch Processor (RSP). This symptom is observed when a line-protocol change occurs.
Workaround: There is no workaround.
•
Symptoms: Memory allocation failure messages such as the following message may be observed with the Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from 0x605111F0, pool Processor, alignment 0 -Process= "CDP Protocol", ipl= 0, pid= 42 -Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: This symptom is observed on a Cisco 7513.
Workaround: There is no workaround.
•
Symptoms: Counter overflow errors may be observed with the IP protocol on serial interface port adapters.
Conditions: This symptom is observed on the serial interface port adapters of a Cisco 7200 series.
Workaround: There is no workaround for non-compression related counter inaccuracies.
•
Symptoms: The ifIndex may not synchronize when you use software of a third-party vendor with Cisco IOS software and a standby router comes up after a Stateful Switchover (SSO) has occurred.
Conditions: The symptom is observed on a Cisco 12416 router that is running Cisco IOS Release 12.0(24)S. If there are around 2000 GigaBit Ethernet subinterfaces then this problem surfaces. With 10 GigaBit Ethernet subinterfaces, problem does not show
Workaround: Reduce the number of GigaBit Ethernet subinterfaces.
•
Symptoms: When an entry in the ciscoPingTable MIB variable is set to be valid, high memory utilization may occur gradually because memory is not released by the "dead*" process of a Simple Network Management Protocol (SNMP) ping.
Conditions: This symptom is observed on a Cisco 12000 series after the router has been upgraded from an earlier Cisco IOS release to Cisco IOS Release 12.2(23)S.
Workaround: Exclude the ciscoPingTable MIB variable from the configuration by entering the snmp-server view view name ciscoPingTable excluded global configuration command.
•
Symptoms: The cardIfTable table is not correctly populated for channelized interfaces. All of the entries return a value of "-1".
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: The copy file-id config privileged EXEC command may take longer than normal to execute.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when the show tech EXEC command is entered.
Conditions: This symptom is observed when the show tech EXEC command is entered on a Cisco 3660.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may pause indefinitely in rare traffic conditions.
Conditions: This symptom is observed on a Cisco 7200 series router that is using an MPA-CE1 port adapter. This condition occurs if weighted fair queueing (WFQ) or Multilink PPP (MLP) is mixed with pure FIFO queueing on the configured channels.
Workaround: There is no workaround.
•
Symptoms: X.25 encapsulation may not come up on interfaces that are installed on a port adapter.
Conditions: This symptom is observed on the 2-port channelized T1 ISDN port adapter (PA-2CT1) or 2-port channelized E1 port adapter (PA-2CE1) of a Cisco 7500 series. The cbus complex process may be executed if messages such as "output frozen" and "not transmitting" are displayed on interfaces that are installed on the port adapter.
Workaround: There is no workaround.
•
Symptoms: Operation, Administration, and Maintenance (OAM) transparent forwarding may fail in an ATM Adaptation Layer 5 over Multiprotocol Label Switching (AAL5oMPLS) environment.
Conditions: This symptom is observed when a an ATM OC-12/STM-4 single-mode (IR); multimode (PA-A3-OC12) port adapter card is used for the provider-edge-to-provider-edge (PE-PE) and provider-edge-to-customer-edge (CE-CE) connections.
Packets that arrive on the provider edge (PE) router after the remote customer edge (CE) router loops the cells back are not forwarded to the originating CE router by the PE router.
Workaround: There is no workaround.
•
Symptoms: Operation, Administration, and Maintenance (OAM) cells are dropped when a provider edge (PE) router when a provider edge router is expected to switch the OAM cells from the core toward the customer edge (CE) router.
Conditions: This symptom is observed in an ATM Adaptation Layer 5 over Multiprotocol Label Switching (AAL5oMPLS) environment when the PE router has an Inverse Multiplexing over ATM (IMA) link to the CE router.
Workaround: There is no workaround.
•
Symptoms: Defects such as SF, SD, TCA_B1, TAC_B2, or TCA_B3 may not be cleared on a Packet over SONET (POS) port adapter.
Conditions: This symptom is observed when SF, SD, TCA_B1, TAC_B2, or TCA_B3 defects are asserted and de-asserted in quick succession on the POS port adapter of a Cisco 7200 series. This behavior may cause the POS port adapter to remain in the "down/down" state indefinitely.
Workaround: There is no workaround.
•
Symptoms: A router may reload when an interface fails and display the following error message in the log:
%ATMPA-3-SARCRASH: ATM1/0: SAR0 Chip Crashdump:Conditions: This symptom is observed when an interface fails on a Cisco 7200 series that has a Network Processing Engine 400 (NPE-400).
Workaround: There is no workaround.
•
Symptoms: Subinterface counters may increment more slowly than expected when the show interface atm EXEC command is entered on a subinterface.
Conditions: This symptom is observed when a user enters the show interface atm EXEC command on the subinterface of a Cisco router while traffic is going through the interface.
Workaround: There is no workaround.
•
Symptoms: An enhanced ATM port adapter (PA-A3) may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and the PA-A3 port adapter may subsequently pause indefinitely and stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3. Only the PA-A3 with a specific third-party vendor Segmentation and Reassembly (SAR) chip is affected. Contact your Cisco representative for information about the third-party vendor chip. You can verify the SAR chip revision from the output of the show controllers atm privileged EXEC command.
To verify the SAR chip revision on a Cisco 7500 series, connect to the Versatile Interface Processor (VIP) in which the PA-A3 is installed.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3.
•
Symptoms: The 8-port T1/E1 inverse multiplexing over ATM (IMA) port adapter (PA-A3-IMA) may not be able to maintain the Stateful Switchover (SSO) state on the slave Route Switch Processor (RSP). Because of this behavior, the new master RSP will delete and recreate the permanent virtual circuits (PVCs) that are configured on the PA-A3-IMA after a switchover occurs.
Conditions: This symptom is observed on the PA-A3-IMA port adapter of a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: Interfaces may not be created when a channel group is configured on a Cisco 7500 series or a Cisco 7600 series.
Conditions: This symptom is observed only if channel groups are created on an 8-port multichannel T1 port adapter (PA-MC-8T1) and the PA-MC-8T1 is replaced with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) by performing an online insertion and removal (OIR). After the port adapters are switched, the channel-group configuration on the PA-MC-8TE1+ does not work as expected.
Workaround: Remove the channel-group configuration on a port adapter before performing an OIR and replacing the port adapter with another port adapter.
IP Routing Protocols
•
Symptoms: Border Gateway Protocol (BGP) may lose non-IP version 4 (non-IPv4) configurations after a Cisco router has reloaded.
Conditions: This symptom is observed under either one of the following two conditions:
–
–
Workaround for configurations that have the autonomous system configured in the peer group: Take the following three steps:
1.
2.
3.
Workaround for configurations that have the autonomous system configured in the neighbor: Take the following two steps:
1.
2.
•
Symptoms: If the interface bandwidth or delay is changed, a router may reload.
Conditions: This symptom is observed after Enhanced Interior Gateway Routing Protocol (EIGRP) is terminated via the no router eigrp as-number global configuration command or the no ip routing global configuration command, causing the EIGRP process list to be invalid.
Workaround: Reload the router after terminating EIGRP.
•
Symptoms: When you execute the show ip pim rp mapping EXEC command, the router may reload.
Conditions: This symptom is observed when Protocol Independent Multicast (PIM) Auto-Rendezvous Point (AutoRP) or bootstrap router (BSR) is configured on a router.
Workaround: There is no workaround.
•
Symptoms: A router that is directly connected to a source may not start registering when the source becomes active, and the (S,G) state may time out on the route processor.
Conditions: This symptom is observed on a router that is configured for Protocol Independent Multicast (PIM) and that has an (S,G) entry with the F flag reset.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is functioning as a dedicated Border Gateway Protocol (BGP) Route Reflector (RR) in a network that is configured for BGP may display a message very similar to the following one on its console:
%SYS-3-CPUHOG: Task ran for 30020 msec (6/6), process = BGP Router, PC = 6080D21C.When the message is displayed, the BGP router process causes the CPU utilization of the router to become high for one to several minutes, depending on the number of prefixes, neighbors, and updates.
Conditions: This symptom is observed when the router is running Cisco IOS Release 12.0(22)S or a later release, when it has a large number of neighbors that are configured in peer groups or update groups, when it has a large number of prefixes to send or receive, and when most of the neighbors start at the same time, or when the BGP sessions of the neighbors are reset at the same time using the clear ip bgp * EXEC command.
The symptom is also observed in the above-mentioned network topology when the client of a BGP RR is reset using the clear ip bgp * EXEC command.
In another network, the symptom is also observed on a Cisco router running 12.0(22)S1 when clear ip bgp * soft EXEC command.
Workaround: Do not reset all the BGP neighbor routers at the same time when RRs are used in a BGP configuration.
Alternate Workaround Use Cisco IOS Release 12.0 ST.
•
Symptoms: A router may reload and return to the ROM monitor (ROMmon) mode.
Conditions: This symptom is observed when actions that cause a significant number of multicast routes (mroutes) to be deleted and subsequently readded are performed. These actions may include Protocol Independent Multicast (PIM) mode changes, the adding and removal of multicast-enabled interfaces, or the clearing of mroutes.
Workaround: There is no workaround.
•
Symptoms: A router may display traceback messages and reload.
Conditions: This symptom is observed under rare circumstances on a Cisco 3660.
Workaround: There is no workaround.
•
Symptoms: Memory fragmentation may occur on a router.
Conditions: This symptom is observed when a large number of Open Shortest Path First (OSPF) routes are flapped on a Cisco router.
Workaround: There is no workaround.
•
Symptoms: The distance eigrp router configuration command may not be displayed in the configuration although the configured values are applied to the routes. After you reload the router, the distance for Enhanced Interior Gateway Routing Protocol (EIGRP) routes returns to its default value.
Conditions: This symptom is observed on a Cisco router when you use EIGRP between a provider edge (PE) and customer edge (CE) router in a Multiprotocol Label Switching (MPLS) environment.
Workaround: There is no workaround.
•
Symptoms: A useless partial Shortest Path First (SPF) calculation may occur.
Conditions: This symptom is observed when an Open Shortest Path First (OSPF) link-state advertisement (LSA) for a 0.0.0.0 destination is refreshed.
Workaround: Use a static default route.
•
Symptoms: A spurious memory access may occur, and a traceback maybe generated when you unconfigure Protocol Independent Multicast (PIM).
Conditions: This symptom is observed when you unconfigure PIM from a subinterface that is configured for Frame-Relay encapsulation.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a router.
Conditions: This symptom is observed on a Cisco router when the no ip pim bidir-enable is entered on the console window while another terminal window is displaying the output from the show ip pim interface df EXEC command.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Conditions 1: This symptom is observed when RSVP forwards a ResvError for a wildcard-filter (WF) style reservation.
Workaround 1: There is no workaround.
2.
Conditions 2: This symptom is observed when RSVP sends a ResvTear message for a traffic engineering (TE) tunnel.
Workaround 2: There is no workaround.
3.
Conditions 3: This symptom is observed when RSVP sends a ResvConfirm message from a router that is acting as an RSVP receiver endpoint that was configured with the ip rsvp reservation-host global configuration command.
Possible Workaround 3: Enter the ip rsvp reservation global configuration command or the ip rsvp listener global configuration command instead of the ip rsvp reservation-host global configuration command.
•
Symptoms: Configuring Open Shortest Path First (OSPF) sham links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment may cause a memory leak in the OSPF router process.
Conditions: This symptom is observed in a MPLS-VPN environment. The area [area- id] sham-link [source-address] [destination-address] cost [number] global configuration command is used and OSPF adjacency is formed over the sham-link. Each time an OSPF acknowledgment is sent over the sham-link, some memory is allocated that is never freed.
Workaround: There is no workaround.
•
Symptoms: When an area border router receives type-4 link-state advertisements (LSAs) via the nonbackbone, the router may incorrectly generate type-4 LSAs into the backbone. This situation may cause a routing loop to occur.
Conditions: This symptom is observed in Cisco IOS Release 12.0(22)S or a later release or in Release 12.2(10) or a later release when the following conditions occur:
–
–
–
In this situation, Router 1 generates type-4 LSAs into the backbone area for the ASBR. This situation should not occur and may lead to a routing loop.
Workaround: Reset the Open Shortest Path First (OSPF) process by entering the clear ip ospf process privileged EXEC command.
•
Symptoms: When Reverse Path Forwarding (RPF) changes occur on a Route Processor (RP), only a "(*, G)" join is sent. The "(S, G)R" prunes that would cause a proxy join timer to be started at the upstream router for those "(S,G)" prunes are not sent. If the "(S, G)" prune is sent while the proxy join timer is running, the router removes the interface from the list but does not send a prune upstream because the proxy join timer is running.
Conditions: This symptom is observed on a Cisco Catalyst 6000.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a Virtual Private Network (VPN) neighbor is deleted.
Conditions: This symptom is observed on a Cisco router that has a VPN neighbor.
Workaround: There is no workaround.
•
Symptoms: A bad magic number in the chunk header may cause memory corruption to occur and may cause a router to reload.
Conditions: This symptom is observed after a Resource Reservation Protocol (RSVP) path message is received on a Cisco router that is running Cisco IOS Release 12.2(13)T or Release 12.2 S and RSVP.
Workaround: There is no workaround.
•
Symptoms: CPUHOG messages that pertain to the Border Gateway Protocol (BGP) router process may be observed on a router.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(24)S. This symptom occurs when an existing route map is deleted or a new route map is configured. If the router has a large number of Intermediate System-to-Intermediate System (IS-IS) adjacencies, the IS-IS adjacencies may go down. If the router has Multicast Source Discovery Protocol (MSDP) configured, MSDP sessions may flap.
Workaround: Do not delete existing route maps or configure new route maps.
•
Symptoms: It may take up to 5 minutes for a traffic engineering (TE) label switched path (LSP) tunnel to come up.
Conditions: This symptom is observed when you change the encapsulation from High-Level Data Link Control (HDLC) to PPP or when you shut down an interface on which PPP encapsulation is configured.
Workaround: To enable the TE LSP tunnel to come up immediately, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that functions as the TE LSP tunnel head.
•
Symptoms: A router may reload when a peer session template is unconfigured.
Conditions: This symptom is observed if the remote-as router configuration command is configured on a peer session template and if that template is subsequently unconfigured by entering the no remote-as router configuration command followed by the no template peer-session command.
Workaround: Avoid configuring the remote-as router configuration command on the peer session template. If the remote-as router configuration command is configured, either unconfigure the remote-as router configuration command or unconfigure the peer template directly.
•
Symptoms: The changes implemented by CSCdy29423 changed and eliminated some commands to reflect their correct usage. This caveat (CSCea15407) describes the modifications that have been made to the command-line interface (CLI) of these commands to cause them to appear in the same manner before CSCdy29423 was implemented. The following are the affected commands:
–
–
Conditions: In Cisco IOS software releases that contain the fixes for CSCdy29423:
–
–
In Cisco IOS software releases that contain the fixes for CSCea15407:
–
–
The changes implemented by CSCea15407 will allow the output of the show running-config EXEC command to be backward compatible with earlier versions of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when a Border Gateway Protocol (BGP) policy list is used on a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: In a setup that has two redundant provider edge (PE) routers that are connected to a Virtual Private Network (VPN), both of the PE routers may originate Multicast Distribution Tree (MDT) updates for the VPN source.
In a worst case scenario, both PE routers may send a different mapping than the mapping that would cause the receivers to toggle between the different MDT data groups. In this situation, an immediate loss of data may be observed on the receivers.
Conditions: This symptom is observed in a setup that has two redundant PE routers that are connected to a VPN source.
Workaround: There is no workaround.
•
Symptoms: It may not be possible to configure the distribute-list router configuration command under an IP routing protocol.
Conditions: This symptom is observed when a user attempts to configure the distribute-list router configuration command under an IP routing protocol.
Workaround: There is no workaround.
•
Symptoms: The neighbor [ip-address | peer-group-name] timers keepalive router configuration command may disappear from the configuration after a router is reloaded or the show running-config EXEC command is entered.
Conditions: This symptom is observed only when the router is operating in the Network Layer Reachability Information (NLRI) mode.
Workaround: Configure the neighbor [ip-address | peer-group-name] timers keepalive router configuration command in the address family mode.
•
Symptoms: If the default-information originate router configuration command is entered on the Virtual Private Network (VPN) routing/forwarding (VRF) instance of a Cisco 12000 series that has the address-family ipv4 vrf command configured using the Border Gateway Protocol (BGP), the default route is learned correctly but the default route is entered incorrectly in the BGP routing table. This behavior may result in unexpected behavior on the other router if the other router does not have a correct default route.
The default static route of the VRF is not advertised by BGP after the default static route is configured under the VRF, and BGP may advertise the incorrect default route that is in the BGP routing table.
Conditions: This symptom is observed on a Cisco 12000 series that is running BGP.
Workaround: Perform either of the following steps:
–
–
•
Symptoms: A router may inadvertently remove link-state advertisements (LSAs) from the retransmission list and prevent the Open Shortest Path First (OSPF) neighbor from receiving the latest version of the LSA. This behavior may cause some prefixes to be unreachable.
Conditions: This behavior may occur when the LSA is not received by the neighboring router and the LSA must be retransmitted. While the LSA is waiting in the neighbor retransmission queue, certain events may cause a regeneration of the same LSA. If there is no change in the LSA, the router may mistakenly remove the LSA from the retransmission queues of all neighbors.
Workaround: This symptom normally stops occurring after the LSA is refreshed. If this symptom continues to occur, unconfigure and reconfigure the network global configuration command.
•
Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.
Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.
Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.
•
Symptoms: If a router is reloaded after the ip rsvp bandwidth interface configuration command is configured with the default parameters, this command is inadvertently removed from the configuration.
Conditions: This symptom is observed on interfaces that have 75 percent of bandwidth in bps that is not an exact multiple of 1000.
Workaround: Configure the ip rsvp bandwidth interface configuration command using explicit parameters.
•
Symptoms: A router may reload when a subinterface with a certain configuration is deleted.
Conditions: This symptom is observed on a Cisco router that has multicast and the Hot Standby Routing Protocol (HSRP) configured.
Workaround: Remove the multicast configuration before deleting the subinterface.
ISO CLNS
•
Symptoms: A router may reload when a route that is learned via Intermediate System-to-Intermediate System (IS-IS) IP version 6 (IPv6) has more than eight equal-cost paths.
Conditions: This symptom is observed when more than eight equal-cost links are configured between two IS-IS IPv6 routers. Depending on the network topology, the symptom may also occur when there are fewer than eight equal-cost links between an IS-IS IPv6 router and its neighbors.
Workaround: Ensure that there are fewer than eight equal-cost links configured between two IS-IS IPv6 routers.
•
Symptoms: A Route Processor (RP) may reload when the following commands are entered in succession:
1.
2.
3.
Conditions: This symptom is observed on a Cisco 12000 series that is running a Cisco IOS release that is earlier than Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: After a switchover, the Intermediate System-to-Intermediate System (IS-IS) takes about 10 minutes to fully recover and to install routes in the IP routing table.
Conditions: This symptom is observed on a Cisco 12000 series configured with IS-IS. The amount of time required for the Gigabit Ethernet (GE) interface to load after a switchover is very close to the amount of time of the IS-IS adjacency timeout. The device under test (DUT) is the designated router.
Workaround: There is no workaround.
•
Symptoms: A router may use parameters that are configured by entering the isis hello- level-1 interface configuration command and ignore "hello" parameters that are configured by entering the isis hello- level-2 interface configuration command.
Conditions: This symptom is observed on a point-to-point interface that is running Cisco IOS Release 12.0 S.
Workaround: Avoid configuring adjacencies by entering the isis hello- level-2 interface configuration command. Use the isis hello- level-1 interface configuration command to configure "hello" parameters.
•
Symptoms: A router may reload unexpectedly.
Conditions: This symptom is observed when the isis advertise prefix interface configuration command is configured and subsequently unconfigured before the router isis global configuration command is entered.
Workaround: Configure the router isis global configuration command before configuring or unconfiguring the isis advertise prefix interface configuration command.
Miscellaneous
•
Symptoms: Several "RX FIFO was stuck - forced to reset MAC" messages may be logged on the console of a router. This message is specific to port adapters and I/O cards that use a vendor-specific chipset.
Conditions: This symptom is observed on a Cisco 7200 router that is operating in the normal mode. The following is a list of the affected port adapters and I/O cards:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: Variable bit rate real time (VBR-rt) permanent virtual circuits (PVCs) are incorrectly allowed to be configured within a permanent virtual path (PVP).
Conditions: This symptom is observed when a user configures VBR-rt PVCs within a PVP.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol encapsulation over ATM adaptation layer 5 (AAL5) (RFC1483) routed point-to-point IP numbered subinterfaces may take an extended time to reload, to write a configuration to memory, or to display the command output when the show running-config EXEC command is entered.
Conditions: This symptom is observed when IP numbered and protocol IP are configured on a large number of multiprotocol encapsulation over AAL5 routed point-to-point ATM subinterfaces.
Workaround: There is no workaround.
•
Symptoms: A router may reload when the Border Gateway Protocol (BGP) update source is moved from the global default table to a Virtual Private Network (VPN) routing/forwarding (VRF) table.
Conditions: This symptom is observed when a Multicast VPN (MVPN) tunnel uses the update source as the tunnel source.
Workaround: There is no workaround.
•
Symptoms: When a provider edge (PE) router has multiple paths to an Autonomous System Boundary Router (ASBR) that is used as a next hop in a Virtual Private Network (VPN) routing/forwarding (VRF) static route with a global keyword, there is no Internet connectivity for the customers that are defined in the VRF.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN.
Workaround: Shut down one of the outgoing interfaces on the PE router.
•
Symptoms: A Cisco 12000 series router may report incorrect environmental values, as the following environmental logs display:
%ENV_MON-2-VOLTAGE: MBUS 5V supply (slot 1) volts has reached SHUTDOWN level at 5 m(V) %ENV_MON-2-TEMP: Hotpoint temp sensor (slot 17) temperature has reached SHUTDOWN level at 756(C) %ENV_MON-2-VOLTAGE: Card 3.3v supply (slot 17) volts has reached CRITICAL level at 2560 m(V)Although the environmental logs indicate that the shutdown level has been reached, the router does not shut down the line cards for which the incorrect environmental values are reported.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S3, Release 12.0(21)S5, Release 12.0(21)ST2, or Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: The traffic on a Cisco 12000 series 3-port Gigabit Ethernet line card (3GE-GBIC-SC) is stopped after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface while there is a traffic load on the interface.
Conditions: This symptom is observed on a 3GE-GBIC-SC line card.
Workaround: Configure autorenegotiation, or reload the 3GE-GBIC-SC line card.
•
Symptoms: The mstat EXEC command and the mtrace EXEC command do not work as expected.
Conditions: These symptoms are observed when the mstat EXEC command or the mtrace EXEC command is entered on an Multicast Distribution Tree (MDT) tunnel.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) adjacencies may not be formed for static-neighbor MAC/IP address mappings.
Conditions: This symptom is observed on a Cisco 7200 series router in a configuration with IP version 6 (IPv6) and 802.1Q.
Workaround: To establish the missing adjacencies, enter the shutdown controller configuration command followed by the no shutdown controller configuration command on an interface after the system has fully booted.
Alternate Workaround: To establish the missing adjacencies, enter the clear adjacency EXEC command.
•
Symptoms: A permanent virtual circuit (PVC) does not come up after an alarm indication signal (AIS) is stopped. This symptom is observed after an AIS is received on the PVC from an ATM network and the PVC configuration is changed.
Conditions: This symptom is observed on a Cisco 7507 router that is configured with Operation, Administration, and Maintenance (OAM) management. To recreate this symptom, the PVC configuration must be changed while the PVC is in the AIS or remote defect indication OAM VC state.
Workaround: Reset the PVC by entering the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: A router may pause indefinitely instead of restarting.
Conditions: This symptom is observed when the router is handling invalid addresses in the cached address space.
Workaround: There is no workaround.
•
Symptoms: The copy tftp run privileged EXEC command does not work on certain ports of a line card.
Conditions: This symptom is observed under rare circumstances in a test setup of six 24-port channelized E1/T1 line cards (ESR-24CT1/E1) that have 3456 (6x24x24) 1-timeslot channels. This symptom is observed while High-Level Data Link Control (HDLC) is used.
Workaround: There is no workaround.
•
Symptoms: For a short period of time, a forwarding engine can continue to send traffic to an interface that has just been shut down. Depending on traffic rates, this may consume all of the output buffer on the line card, causing the other interfaces on that line card to go down.
Conditions: This symptom is observed under rare circumstances.
Workaround: Reset the line card.
•
Symptoms: Operation, administration, and maintenance (OAM) virtual circuits (VCs) in a virtual path (VP) tunnel may disappear and a neighboring VP may go down because of a loss of OAM cell response.
Conditions: This symptom is observed after a Stateful Switchover (SSO) has occurred.
Workaround: There is no workaround.
•
Symptoms: When a virtual circuit (VC) goes down, continuity check (CC) cells or remote detection indication (RDI) cells are not sent as expected. This behavior may prevent a VC from coming up.
Conditions: This symptom is observed when end-to-end continuity check (EndCC) Operation, Administration, and Maintenance (OAM) failure traps are configured on a permanent virtual circuit (PVC). OAM CC cells are sent every two seconds instead of every one second on an 8-port OC-3 ATM line card. Additionally, the OAM CC cells are not sent after approximately two minutes when the PVC goes down after the line protocol has gone down.
Workaround: There is no workaround.
•
Symptoms: The configuration synchronization on a standby Route Processor (RP) may fail if the break signal is sent twice.
Conditions: This symptom is observed on a Cisco 12000 series that has dual RPs and that has the Route Processor Redundancy Plus (RPR+) feature enabled. This symptom occurs only if the user sends the break signal twice on the standby RP.
Workaround: There is no workaround.
•
Symptoms A Gigabit Ethernet Interface Processor plus (GEIP+) may report many alignment errors and the CPU utilization may stay at 100 percent.
Conditions This symptom is observed on a Cisco 7500 series router.
Workaround There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) class of service (CoS) may not function properly.
Conditions: This symptom is observed on a Cisco 12000 series router when you use an 8-port OC-3 STM-1 ATM line card for incoming traffic and Engine 3 line cards for outgoing traffic.
Workaround: There is no workaround.
•
Symptoms: A High-Speed Serial Interface (HSSI) may stop transmitting traffic for some time and then recover. When the HSSI stops transmitting traffic, the output of the show interfaces privileged EXEC command displays the following message: "Output queue 40/40."
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series Engine 2 (E2) Packet-over-SONET (POS) line card collects statistics for locally assigned Multiple Protocol Label Switching (MPLS) label entries, it may lose the outgoing label entries for the associated prefixes. All the prefixes show up as untagged, and it may be difficult or impossible to reach the prefixes.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 POS line card.
Workaround: To recover from the situation, reset the line card.
•
Symptoms: A Cisco 12000 series Engine 4 plus (E4+) line card may reload after a forced switchover.
Conditions: This symptom is observed when Stateful Switchover (SSO) is configured and the line card is switching multicast traffic.
Workaround: There is no workaround.
•
Symptoms: A provide edge (PE) Spatial Reuse Protocol (SRP) node router may reload when an SRP interface is removed from a customer edge (CE) ring either by being placed in the pass-through mode or being physically removed from the CE ring.
Conditions: This symptom is observed in a network that has a Virtual Private Network (VPN) routing/forwarding (VRF) instance configured on the SRP interface of a PE router that is connected to one or more SRP interfaces in an SRP ring that is functioning as a CE node.
Workaround: There is no workaround.
•
Symptoms: Manual Layer 2 Tunneling Protocol (L2TP) version 3 tunnels fail when two or more tunnels are configured to different destination provider edge (PE) routers. All of the traffic that enters the tunnel is forwarded to the same PE regardless of the configured PE address.
This symptom is also observed when the user starts off with one manual tunnel configuration that points to a particular PE router and later changes the configuration to point to a different PE router. Assuming that PE router 1 (PE1) is the initial router that the manual configuration points to and PE router 2 (PE2) is the subsequent PE router that the configuration is subsequently configured to point to, traffic will be sent to PE1 even after the configuration has been altered to point to PE2.
Conditions: This symptom is observed when the user has more than one manual L2TP version 3 tunnel configured and when at least one of those tunnels is going to a different destination IP address than the other tunnels.
Workaround: Use negotiated L2TP sessions or enable keepalive processing on the manual L2TP version 3 tunnels.
•
Symptoms: The OC-48 Packet-over-SONET (POS) bandwidth on a Performance Routing Engine 1 (PRE1) may not exceed 1.2 Gbps. The bandwidth should be able to scale to 1.4 Gbps.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
A line card that is facing the core of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) may generate packet switch application-specific integrated circuit (ASIC) (PSA) error messages and may stop sending traffic to the core of the network.
The following output may be observed when the show interface gigabit ethernet interface EXEC command is entered.
%LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C c md 5 data 0 pipe 0,fs 0,prep 0 (pc 1EC),pop 0 (pc 19F),plu 0,tlu 0,plu sdram 0 a dr 0 synd 0 check 4D00,tlu sdram 0 adr 0 synd 0 check 0,ssdram 0 adr 0,gather 0, pl 1822D92,plmuxcnts 61, pludefpsr 22000, plupsr 22000, pludsr 0Conditions: These symptoms are observed on a Cisco 12000 series 3-port Gigabit Ethernet line card when the line card flaps.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when the configuration is saved to NVRAM.
Conditions: This symptom is observed if the service compress-config global configuration command is configured on the Cisco router.
Workaround: Disable the service compress-config global configuration command or configure the boot config filename nvbypass global configuration command.
•
Symptoms: Cisco Express Forwarding (CEF) may use "longest match" criteria instead of "exact match" criteria for entry updates. This situation may cause CEF update race conditions, resulting in traffic forwarding interruptions.
Conditions: This symptom is observed in a configuration with a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router).
Workaround: There is no workaround.
•
Symptoms: Traffic does not resume after a Cisco 12000 series router has reloaded.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S in an IP version 6 (IPv6) environment and that is configured with Engine 3 (E3) line cards.
Workaround: There is no workaround.
•
Symptoms: The Performance Route Processor-1 (PRP-1) of a Cisco 12000 series may pause indefinitely after it reloads.
Conditions: This symptom is observed when the PRP-1 of a Cisco 12000 series reloads while a core dump is configured on the PRP-1.
Workaround: There is no workaround.
•
Symptoms: A router may stop sending traffic.
Conditions: This symptom is observed after a Stateful Switchover (SSO) cutover is performed on a Cisco 7500 series that has label-controlled ATM (LC-ATM) incoming and outgoing interfaces and that is configured with distributed Cisco Express Forwarding (dCEF).
Workaround: There is no workaround.
•
Symptoms: A Line Remote Defect Indication (LRDI) alarm is not reported when an automatic protection switching (APS) cutover occurs.
Conditions: This symptom is observed on a 4-port channelized STM-1 line card that is configured with APS.
Workaround: There is no workaround.
Further Problem Description: Whenever an APS cutover occurs because of line quality issues, the receiving side must send an LRDI status so that the far end is aware of the state of the transmission line.
•
Symptoms: Multiple interfaces may have the same MAC address. This behavior may cause traffic on a line card to be dropped after it is directed to an incorrect interface.
Conditions: This symptom is observed when a new port adapter is added to a line card.
Workaround: Reload the router.
•
Symptoms: A high CPU utilization condition may be observed on a router.
Conditions: This symptom is observed when the debug atm oam EXEC command is enabled and there is a large number of configured subinterfaces on a Cisco router.
Workaround: Do not enable the debug atm oam EXEC command.
•
Symptoms: A provider edge (PE) router may fail to bind a label for a route.
Conditions: This symptom is observed after the route has flapped and recovered.
Workaround: There is no workaround. To recover from the situation, enter the no mpls ip global configuration command followed by the mpls ip global configuration command.
•
Symptoms: If a 3-port Gigabit Ethernet line card is used as the imposition card and there are parallel links that are facing the core, the 3-port Gigabit Ethernet line card does not load-share the traffic between the two links. Traffic will flow on only one of the links.
Conditions: This symptom is observed on a 3-port Gigabit Ethernet line card in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) setup.
Workaround: There is no workaround.
•
Symptoms: An ingress line card may reload after the no shutdown interface configuration command is entered on the line card while traffic is present.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) tunnel head that has a 1-port edge service (ES) Packet-over-SONET (POS) OC-192c/STM-64 line card configured on both the ingress and egress line cards.
Workaround: Stop the traffic and enable the tunnel.
•
Symptoms: Multilink adjacencies may show up as invalid.
Conditions: This symptom is observed on the Engine 3 (E3) Quad OC-12 line card of a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0 (21)S3. It may not be possible to clear this symptom by entering the clear cef linecard EXEC command or by reloading the microcode on the line card.
Workaround: There is no workaround.
•
Symptoms: If a 128-line input access control list (ACL) is removed from an Engine 2 line card interface that is configured for Virtual Private Network (VPN) and has point-to-point (PPP) encapsulation, traffic will not go through the line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: Perform micro reload on the line card.
•
Symptoms: An Engine 3 (E3) 4-port OC-12 (4xOC-12) or E3 OC-48 Packet over SONET (POS) line card may reload and generate traceback messages.
Conditions: This symptom is observed when the gsr-p-mz image of Cisco IOS Release 12.0(24)S is loaded on a Cisco 12406 router in an Inter-Autonomous System Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) of an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment. The E3 4xOC-12 line card may be operating either in the channelized mode or the POS mode.
Workaround: No workaround is necessary because the line cards will recover without user intervention.
•
Symptoms: A Cisco 12000 series Internet router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Gigabit Route Processors (GRP) and that is operating in the Route Processor Redundancy (RPR) mode. This symptom is observed after the Cisco 12000 series is upgraded to Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: The configuration of commands may cause additional memory to be held by an execute process.
Conditions: This symptom is observed when commands are configured on a Cisco router.
Workaround: If the execute process belongs to a terminal session or a console session, terminate the execute session by entering the exit command.
•
Symptoms: A Cisco 10000 series may not be able to match incoming and outgoing packets that are defined by the access list in the configuration.
Conditions: This symptom is observed when the "deny" option of an access control list (ACL) is configured on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A line card may reload.
Conditions: This symptom is observed when an access control list (ACL) is applied to multiple interfaces and the insertion of an ACL into ternary content addressable memory (TCAM) fails. The line card may reload if a new ACL is added or if the existing ACL on the line card is replaced repeatedly.
Workaround: Remove the old ACL from the interface before applying the new ACL.
•
Symptoms: Multiprotocol Label Switching (MPLS) traffic engineering (TE) Fast Reroute (FRR) may lose all tag labels from a line card.
Conditions: This symptom is observed on a Cisco 12000 series when the primary tunnel router is reloaded.
Workaround: Power cycle the Cisco 12000 series.
Alternate Workaround: Reload the line card.
•
Symptoms: Entries in Cisco Express Forwarding (CEF) on a Cisco 12000 series Engine 3 (E3) line card are incorrectly displayed for the tunnel destination loopback address.
Conditions: This symptom is observed only with a one-hop tunnel if the egress line card is an E3 line card and if the tunnel destination uses load-balanced paths.
Workaround: There is no workaround.
•
Symptoms: A line card may reload.
Conditions: This symptom is observed on a 12000 series IP Services Engine (ISE) line card when the show ip alpha-cef EXEC or the show ip hardware-cef EXEC command is entered on the line card immediately after a single-hop tunnel is switched to a multihop tunnel.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload.
Conditions: This symptom is observed on the 4-port OC-12 (4xOC12) ATM line card of a Cisco 12000 series after the no shutdown interface configuration command is entered on the 4xOC12 ATM line card.
Workaround: Disable IP Protocol Independent Multicast (PIM) Sparse Mode (SM) on the ATM interface.
•
Symptoms: Multiprotocol Label Switching (MPLS) traffic engineering (TE) may not synchronize with a standby Route Processor (RP), and when a switchover occurs, MPLS TE functions may be lost.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured for redundancy.
Workaround: If the active RP has MPLS IP or MPLS TE tunnels enabled but the standby RP does not, configure the following sequence of commands either in global configuration mode or in interface configuration mode on the active RP:
no mpls ip mpls ip no mpls traffic-eng mpls traffic-eng
•
Symptoms: An Cisco 12000 series OC-12 ATM line card may reset continuously.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Forwarding Information Base (FIB) on a line card is disabled after an online insertion and removal (OIR) is performed on the primary Carrier Supporting Carrier (CSC) interface by entering the hw-module shutdown EXEC command followed by the no hw-module shutdown EXEC command.
Conditions: This symptom is observed on the 4-port OC-3 (4xOC-3) Packet over SONET (POS) line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A "device does not contain a valid magic number" message is displayed, and an Advanced Technology Attachment (ATA) disk cannot be used to load a router from the command-line interface (CLI) or the ROM monitor (ROMmon).
Conditions: This symptom is observed when the ROMmon is upgraded from Gigabit Route Processor (GRP) ROM version 181 to GRP ROM version 183.
Workaround: Revert to GRP ROM version 181.
Alternate Workaround: Enter the following commands on the router:
boot system tftp filename [ip-address]
boot system disk0: filename
Enter a dummy IP address for the ip-address argument of the boot system tftp filename [ip-address] global configuration command, and enter the name of the Cisco IOS image that you want to load for the filename argument of the boot system disk0: filename global configuration command.
•
Symptoms: A line card may pause indefinitely after an online insertion and removal (OIR) is performed or the router on which the line card is installed is reloaded.
Conditions: This symptom is observed on the line card of a Cisco 12000 series only when the Cisco 12000 series has a secondary Route Processor (RP).
Workaround: Reload the router or remove the secondary RP
•
Symptoms: Class commands that are entered by the first user may be applied to the incorrect class map.
Conditions: This symptom is observed when class commands are entered while there are concurrent configurations of the mpls cos-map cos-map global configuration command.
The following sequence of events illustrates the symptom:
1.
2.
The changes that were entered by user A for class map 1 now affect class map 2, which was not intended. User A cannot affect class map 1 until user A exits and reenters the submode for class map 1.
Workaround: Restrict the configuration of the mpls cos-map cos-map global configuration command to a single instance.
•
Symptoms: The VLAN ID may be rewritten to zero on an egress provider edge (PE) router.
Conditions: This symptom is observed in the Ethernet over Multiprotocol Label Switching (EoMPLS) Port Transport mode when the underlying packets are 802.1q packets with a nonzero class of service (CoS) value.
Workaround: There is no workaround.
•
Symptoms: The forwarding state change of a multicast route on a line card may affect the fast path forwarding state of another multicast route. This behavior may cause the latter route to be punted to the CPU of the line card and lead to a high CPU utilization condition.
Conditions: This symptom is observed on the 2-port OC-48 (2xOC-48) Spatial Reuse Protocol (SRP) line card of a Cisco 12400 series.
Workaround: Enter the clear ip mroute * EXEC command on the router to refresh the forwarding states of all multicast routes.
•
Symptoms: After an Engine 4 (E4) line card is reloaded, the line card may not forward updated hardware tag information to load balanced egress paths.
Conditions: This symptom is observed after an E4 line card is reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on any of the egress ports of the load balanced interface to correct the discrepancies in the hardware tables.
•
Symptoms: A Cisco 12000 image may time out and fail to load via TFTP.
Conditions: This symptom is observed when a Cisco 12000 boot loader image is used to load the main Cisco IOS software image via TFTP. This symptom occurs because the boot loader image uses "00:00:00:00:00:00" as the MAC address for Ethernet 0. This symptom is observed in Cisco IOS Releases 12.0(20)S, 12.0(20)ST, and later releases.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) to traffic engineering (TE) performance may degrade from 20 Mpps to 12.3 Mpps.
Conditions: This symptom is observed after a Cisco router is upgraded from Cisco IOS Release 12.0(22)S to Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may reload.
Conditions: This symptom is observed on the standby RP of a dual RP Cisco 12000 series router when a line card on the Cisco 12000 series or a neighboring router is reloaded. This symptom occurs when a line card has a large number of encapsulation entries (3000 entries).
Workaround: There is no workaround.
•
Symptoms: The input counters on a line card may display erroneously large values even when there is no traffic.
Conditions: This symptom is observed on Engine 2 (E2) ATM line cards such as the 8-port OC-3 ATM line card (8xOC3), or the 4-port OC-12 (4xOC12) ATM line card.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on a Cisco 12000 series Engine 2 (E2) line card that is configured for sampled NetFlow and that is switching unicast traffic, or the line card may reload.
Conditions: This symptom is observed when there is a change in the configuration, for example, when a switchover occurs or a link flaps, or when you remove the tag-switching ip interface configuration command from the egress interface.
Workaround: Remove sampled NetFlow from the configuration.
•
Symptoms: An Engine 4 plus line card that is installed in a Cisco 12400 series may be reset by the Route Processor (RP) because of interprocess communication (IPC) failures. The following errors may be displayed:
%CPUIF-3-NO_MEM: sendreq_freeq is NULL.
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 148 to LC in slot 3 with sequence 58638, error = timeout
%FIB-3-FIBDISABLE: Fatal error, slot 3: IPC Failure: timeout
%GRP-4-RSTSLOT: Resetting the card in the slot: 3,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE ]Conditions: These symptoms are observed when route flapping occurs; route flapping may generate a high volume of IPC traffic.
Workaround: There is no workaround.
•
Symptoms: The show interfaces accounting EXEC command displays double the number of incoming packets.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: Line cards on a Carrier Supporting Carrier-provider edge (CSC-PE) router setup may reset.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S. This symptom is observed when a microcode reload is performed on the QOC-12 E2 line card that interconnects the CSC-PE router and the Carrier Supporting Carrier-provider (CSC-P) router.
Workaround: There is no workaround.
•
Symptoms: Switch fabric cards (SFCs) may fail on a Cisco 12410 router.
Conditions: This symptom is observed when there is an upgrade to a Cisco IOS release.
Workaround: There is no workaround.
•
Symptoms: When a parity error occurs on an Engine 4/4P line card, the packet and byte counters may not be accurate.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: A router may reload while it is booting up if a different line card is installed in place of a 4-port channelized OC-3 (4xOC-3) line card in an even slot.
Conditions: This symptom can be reproduced by performing the following steps:
a.
b.
c.
d.
e.
Workaround: The following steps may prevent the router from reloading:
a.
b.
c.
d.
•
Symptoms: An 8-port ATM OC-3 line card may reload after a router has booted.
Conditions: This symptom is observed on the 8-port ATM OC-3 line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series 4-port OC-12 ATM line card that is configured for the Carrier Supporting Carrier (CSC) feature may reset or report an error.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(22)S3 and that is functioning as a customer carrier customer edge (CE) router. This symptom occurs after entering the no mpls ip global configuration command followed by the mpls ip global configuration command.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a Multiprotocol Label Switching (MPLS) input feature (such as quality of service [QoS] classification, QoS marking, rate limiting, policing, or expression bit accounting) or output feature (such as QoS classification, QoS marking, rate limiting, policing, expression bit accounting, IP precedence accounting, egress NetFlow, MPLS multi-virtual circuit [VC], Virtual Private Network [VPN] routing/forwarding Network Address Translation [VRF-NAT], or VRF-crypto) is configured on a router interface and when MPLS packets that are received by an MPLS router from the core are switched to the customer edge (CE) router through the VRF interface or to a local loopback under a deaggregation scenario.
With certain Cisco IOS releases, the router reload may occur when certain types of Any Transport over Multiprotocol Label Switching (AToM) disposition are performed. The reload can affect any platform that performs software MPLS switching.
The features listed above may not be exhaustive. On some platforms, this software defect may cause alignment errors for MPLS packets that are switched through the deaggregation code path.
Conditions: This symptom may be observed on a router that operates in an MPLS VPN environment.
Workaround: There is no workaround. This symptom does not occur if input and output MPLS features such as the ones listed above are not configured on the PE router.
•
Symptoms: When Stateful Switchover (SSO) is configured and you enter the hw-module reload privileged EXEC command on a 4-port OC3 ATM line card before the standby Route Processor (RP) has come up completely, the standby RP may reload.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: Traceback messages may be displayed when an Ethernet over Multiprotocol Label Switching (EoMPLS) virtual circuit (VC) is enabled on an Engine 4 Plus (E4+) line card.
Conditions: This symptom is observed when EoMPLS is enabled on an E4+ line card.
Workaround: There is no workaround.
•
Symptoms: Ingress Multiprotocol Label Switching (MPLS) packets that are sent to an interface are punted to the Route Processor (RP) for processing when a Frame Relay subinterface is configured for MPLS and Internet Engineering Task Force (IETF) Frame Relay encapsulation.
Conditions: This symptom is observed on an Engine 2 (E2) Packet over SONET (POS) line card.
Workaround: Use Cisco IOS Release 12.0(25)S. The packets in the same configuration will be processed by the line card CPU instead of the RP.
•
Symptoms: The input queue of an ATM interface may be wedged at "76/75" when it receives Operation, Administration, and Maintenance (OAM) continuity check (CC) cells. This behavior causes all permanent virtual circuits (PVCs) to go down a few minutes after the router restarts.
Conditions: This symptom is observed on the enhanced ATM port adapter (PA-A3) of a Cisco 7200 series.
Workaround: Stop the generation of CC cells at the remote end.
•
Symptoms: The append modifier does not append data to named files on Advanced Technology Attachment (ATA) devices, and the original contents of the named file remains unchanged.
Conditions: This symptom affects Cisco IOS releases that have the fix for CSCdz27200.
Workaround: There is no workaround.
•
Symptoms: After an application-specific integrated circuit (ASIC) is reset because of error recovery, the port and fetch descriptors do not function as expected. This behavior may prevent features such as IP version 6 (IPv6) from working properly.
Conditions: This symptom is observed on the line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Reset the line card.
•
Symptoms: When you configure additional access control entry (ACE) entries with Layer 4 fields on a 128-line input access control list (ACL) that is configured on an Engine 4 plus (E4+) line card, the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series 10-port 1-Gigabit Ethernet E4+ line card.
Workaround: Do not add more than 128 ACEs with Layer 4 fields. If more than 128 ACEs with Layer 4 fields are required, remove the ACL form the E4+ line card, add the ACEs with Layer 4 fields, and then reapply the ACL to the line card.
•
Symptoms: Cisco devices which run IOS software and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.
Conditions: This symptom is observed on all Cisco devices running IOS and containing support for the Secure Shell (SSH) server.
Workaround: Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet- suite-vuln.shtml.
•
Symptoms: If the tunnel path is switched from two hops to one hop on an egress Engine 2 (E2)-based line card, all the ports on the ingress 8-port OC-3 ATM line card may go down with unicast send timeout messages.
Conditions: This symptom is observed on an 8-port OC-3 ATM line card.
Workaround: Perform a microcode reload on the ingress line card.
•
Symptoms: Link utilization may be lower than expected.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1 when class-based weighted fair queueing (CBWFQ) is configured on multiple VLANs.
Workaround: Try one or more of the following options to improve the link utilization:
a.
b.
Do not configure maximum utilization parameters on any queues.
•
Symptoms: After a Performance Routing Engine 1 (PRE1) cutover in Route Processing Redundancy Plus (RPR+) mode in a Stateful Switchover (SSO) image, no virtual circuit (VC) is recovered.
Conditions: This symptom is observed when the high availability (HA) configuration mode is changed to the RPR+ mode from the default SSO mode on an SSO image when the HA cutover is completed.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet Engine 2 line card in a Cisco 12000 Series router may reload after an online insertion and removal (OIR) has occurred.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed on a Cisco router when it is booting up after multicast Virtual Private Networks (VPNs) are configured.
Workaround: There is no workaround.
•
Symptoms: Interfaces that are configured on the 8-port OC-3 Engine 2 (E2) line card or on the 16-port OC-3 Engine 2 line card may not recover from a "down/down" state.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: An 8-port OC-3 ATM line card may not perform label disposition when an access control list (ACL) is configured simultaneously.
Conditions: This symptom is observed on a Cisco 12000 series router that is functioning as a provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: The following error message may be displayed when a multilink interface is shut down:
CPUHOG. %SYS-3-CPUHOG: Task ran for 2480 msec (3/2), process = MultilinkConditions: This symptom is observed when the state of a multilink interface changes, such as when the multilink interface comes up or goes down.
Workaround: There is no workaround for the CPU hog condition. However, if any application or routing protocol is affected by this CPU hog condition in the form of timeouts, the timers for the application or routing protocol can be incremented to workaround the CPU hog condition.
•
Symptoms: The mplsVrflfUp MIB notification from the PPVPN-MPLS-VPN-MIB MIB is not sent on certain interfaces.
Conditions: This symptom is observed on certain versions of T1, E1, or Packet over SONET (POS) interfaces.
Workaround: The linkUp notification from the interfaces MIB can be used to notify a user when an interface transitions to the "operationally up" state.
•
Symptoms: An ATM interface does not come up after a Cisco 10000 series router has reloaded.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: An Engine 2 (E2)-based 4-port OC-12 ATM line card may not be able to forward IP packets.
Conditions: This symptom is observed on an E2-based 4-port OC-12 ATM line card.
Workaround: There is no workaround.
•
Symptoms: Tag Distribution Protocol (TDP) may not convey the label change information for a prefix that is learned via an exterior Border Gateway Protocol plus (EBGP+) label to its TDP peers.
Conditions: This symptom is observed on a Cisco 7500 series when TDP is used. The symptom does not occur when Label Distribution Protocol (LDP) is used.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 Plus (E4+) Packet-over-SONET (POS) line card may reload when the access control list (ACL) of a port is changed.
Conditions: This symptom is observed when the ACL of a port is changed when there already is an ACL configured on the port of an E4+ POS line card.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) card may reload if a large access control list (ACL) is applied using the no-merge option.
Conditions: This symptom is observed if a large ACL is applied using the no-merge option on a Cisco 12000 series ISE-based card while the hw-module slot number tcam compile acl no-merge global configuration command is configured.
Workaround: Disable the no-merge option by entering the no hw-module slot number tcam compile acl no-merge global configuration command to cause the ACL to be merged. The merging or optimization of the ACL may help reduce the size of the entries in the ternary content addressable memory (TCAM) or alter the size of the ACL to fit the TCAM.
•
Symptoms: The output of the "ROM Bootstrap" section of the show version EXEC command may display an unexpected format; lines may be missing for the ROM monitor (ROMmon) and the fabric downloader.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: Field programmable gate array (FPGA) issues may be observed in an Electronic Design Validation Test (EDVT).
Conditions: This symptom is observed under normal traffic conditions.
Workaround: There is no workaround.
•
Symptoms: At the console of a Cisco 10720 router that is functioning as a headend router for multiple Multiprotocol Label Switching-traffic engineering (MPLS-TE) tunnels, a "complex_restart" message may appear when the Parallel Express Forwarding (PXF) processor reloads. When this situation occurs, the following entries are displayed in the error log:
%TOASTER-2-FAULT: T0 IHB Exception: watchdog
%TOASTER-2-FAULT: T1 IHB Exception: watchdog
%TOASTER-2-FAULT: T0 IHB Exception: watchdog
%TOASTER-2-FAULT: T1 IHB Exception: watchdog
%CAMR_POS_OC48-3-INTERR: POS uplink internal error POS_TX_VA_SC_NO_EOP(code 2) %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_LK_IPM_RD_ACC_TIMER_EXP (code 2)Conditions: This symptom is observed in an MPLS-TE configuration with 300 tunnels.
Workaround: There is no workaround.
•
Symptoms: The tag forwarding counter may no longer function when parity errors occur on an Engine 4 plus (E4+)line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) line card may reload and display the following error messages in the log or crash info:
%TX192-3-CPUIF: Error=0x100
%TX192-3-CPUIF_ERR: Underrun Error: Read Pointer crosses Write Pointer.Conditions: This symptom is observed on the E4+ line card of a Cisco 12400 series that is performing multicast packet fragmentation.
Workaround: There is no workaround.
•
Symptom: Intermittent connectivity on a shared media interface flap may show a success rate of 50 percent or lower.
Conditions: This symptom was observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: Enter the clear ipv6 neighbors EXEC command on the routers that have the shared media interfaces.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: A 6-port channelized T3 (CT3) line card may display the following error alarm message when it declares a DS3 loss of frame failure:
%C10K_ALARM-6-INFO: ASSERT MAJOR T3 4/0/0 Far End Loss Of Frame FailureThe error alarm message reports a far-end loss of frame failure even though it is the near end that has declared a loss of frame failure.
Similarly, when the near end receives a remote indication alarm (RAI), the following message is displayed:
Far End Remote Alarm Indication AlarmConditions: This symptom is observed on the 6-port CT3 line card of a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may fail because of a bus error while an online insertion and removal (OIR) is in progress.
Conditions: This symptom is observed on a Cisco 12000 series when the show environment EXEC command is being executed while an OIR is in progress.
Workaround: Do not perform an OIR when the show environment EXEC command is being executed.
•
Symptoms: Open Shortest Path First (OSPF) adjacencies do not come up between routers.
Conditions: This symptom is observed when packets are not going over multicast addresses.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.
•
Symptoms: Pings cannot be sent from a customer edge (CE) router to another CE router.
Conditions: This symptom is observed on an Engine 2 (E2) 3-port Gigabit Ethernet line card that is performing Multiprotocol Label Switching (MPLS) imposition. When the provider edge (PE) imposition card (that is facing the CE router) is reloaded, the Ethernet over Multiprotocol Label Switching (EoMPLS) tunnel remains up but does not pass traffic.
Workaround: There is no workaround.
•
Symptoms: Line cards and the standby Route Processor (RP) may reload when the show cef interface events EXEC command is entered.
Conditions: This symptom is observed when the show cef interface events EXEC command is entered on the Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The card in subslot 0 is disabled after the no hw-module slot number shutdown global configuration command is entered for a slot that is configured for a full-size card but currently contains two half-size cards. The console log reports that the card is disabled.
Conditions: This symptom is observed after entering the following command sequence for the slot:
–
–
–
–
Workaround: Enter the card slot number /subslot number global configuration command followed by the hw-module slot number reset EXEC command on the slot.
•
Symptoms: A line card may stop forwarding packets and display the following error message:
%GSR-3-INTPROC: Process Traceback= 400D9C10 400F3568Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) packets that have Layer 2 lengths of less than 80 bytes are received on a Cisco 12000 series that has a 4-port OC-12 ATM line card.
Workaround: There is no workaround.
•
Symptoms: Traffic on a load-sharing path may be switched to the wrong destination or dropped altogether.
Conditions: This symptom is observed when a Cisco 12000 series Engine 4 (E4) line card is on the ingress side, there is a load-sharing path or multiple paths on the egress side, and a hidden class of service (CoS) global configuration command is configured on the router.
Workaround: Remove the extra load-sharing paths, and make it one single outgoing path.
•
Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you have reloaded microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S and that is functioning as a provider edge (PE) router in a carrier supporting carrier configuration when the 4-port OC-48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.
•
Symptoms: An inter autonomous system may fail when multiprotocol External Border Gateway Protocol (EBGP) multihop is configured between a Route Reflector (RR) for Virtual Private Network version 4 (VPNv4) and a router that is running the MPLS VPN—Inter-AS—IPv4 BGP Label Distribution feature.
Conditions: This symptom is observed on an autonomous system boundary router (ASBR) that is configured with a label controlled ATM (LC-ATM) interface, that is running the MPLS VPN—Inter-AS—IPv4 BGP Label Distribution feature, and that is connected to another ASBR in a cell-based Multiprotocol Label Switching (MPLS) network.
Workaround: There is no workaround.
•
Symptoms: The interface input rate and the output rate counters that are reported in the output of the show interface EXEC command do not decrease to zero after the interface is administratively shut down. The counters show the last input and output rates that were observed while the interface was up. The following output may be observed when the show interface serial 2/1/0 EXEC command is entered on the affected interface:
Router>show interface serial 2/1/0
Serial2/1/0 is administratively down, line protocol is down
30 second input rate 466000 bits/sec, 560 packets/sec
30 second output rate 466000 bits/sec, 560 packets/secConditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(13) and that has either an Ethernet, Fast Ethernet, Gigabit Ethernet, ATM, Inverse Multiplexing over ATM (IMA), or serial interface. This symptom does not affect channelized serial interfaces.
Workaround: There is no workaround.
•
Symptoms: IP version 6 (IPv6) traffic is switched in the software path instead of in the hardware path.
Conditions: This symptom is observed on a Cisco 12000 series IP Services Engine (ISE) line card.
Workaround: There is no workaround.
•
Symptoms: Line cards may pause indefinitely in the STARTFABM state after a Route Processor Redundancy (RPR) switchover from the Performance Route Processor (PRP) to the Gigabit Route Processor (GRP) occurs.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic is not restored completely, and a router may lose the Protocol Independent Multicast (PIM) neighbor relationship with other provider edge (PE) routers.
Conditions: This symptom is observed after a reload of the Parallel Express Forwarding (PXF) microcode in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) setup. This symptom is more likely to occur if the setup is using PIM in the Source Specific Multicast (SSM) mode.
Workaround: Enter the clear ip route EXEC command to remove all routes and restart the route creation process.
•
Symptoms: TCP retransmissions may occur on a router after the Web Cache Communication Protocol (WCCP) is enabled.
A sniffer trace indicates that some packets that should be redirected to a content engine via WCCP are not delivered as expected. This behavior causes the retransmissions to occur between the client and the caching device. When this symptom occurs, clients may not be able to view certain web pages for several minutes.
Conditions: This symptom is observed on a Cisco 7206VXR that has WCCP and Cisco Express Forwarding (CEF) enabled. Network Address Translation (NAT) from the inside to the outside is occurring on the Internet interface that has an outbound access control list (ACL) configured. If the outbound ACL contains statements that deny traffic with internal non-NAT addresses, those packets will not be redirected because WCCP in the CEF path checks to ensure that packets are permitted to pass through the original outbound interface before applying redirection to the packets.
Because the check is performed on packets before NAT is applied, the packets are not redirected. From the perspective of a client, web pages may become unreachable when this symptom occurs. However, if a packet is switched in the fast path rather than the CEF path, the check against any ACL that is configured on the original outbound interface is not made and redirection occurs normally.
Workaround: Configure the ACL on the original outbound interface so that it does not deny packets that must be redirected. When you are configuring the ACL, remember that NAT is not applied to redirect candidates when the ACL is checked.
•
Symptoms: Error messages may be observed on a router.
Conditions: This symptom is observed when an ATM adaptation layer 5 (AAL5) virtual circuit (VC) is switched to an ATM adaptation layer 0 (AAL0) VC while there are no VCs configured on the standby Route Processor (RP). This behavior may result in the failure of the Stateful Switchover (SSO) functionality for AAL0 VCs if the primary RP fails.
Workaround: There is no workaround.
•
Symptoms: When you write a crashinfo file to an Advanced Technology Attachment (ATA) Flash disk, the file on the ATA Flash disk may be corrupt and unusable.
Conditions: This symptom is observed on any Cisco device that enables the crashinfo file to be written to an ATA Flash disk.
Workaround: There is no workaround.
•
Symptoms: If the no shutdown interface configuration command is entered on interfaces that are already in the "up" state, the interfaces enter the "down" state.
Conditions: This symptom is observed on the interfaces of a 16-port OC-3 Packet over SONET (POS) line card that is installed on a Cisco 12000 series.
Workaround: Reload the router to bring up the interfaces.
•
Symptoms: The following objects are not supported in the ENTITY-MIB:
–
–
–
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: The values of the objects listed above can be displayed by entering the show c7200 privileged EXEC command or the show diag EXEC command.
•
Symptoms: The entPhysicalIsFRU object in the ENTITY-MIB MIB displays a "false" attribute for all objects even though some of the objects are field-replaceable unit (FRU) objects.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: A line card may reload when an output access control list (ACL) is replaced or removed.
Conditions: This symptom is observed on the Engine 4 (E4) Packet over SONET (POS) modular Gigabit Ethernet and Fast Ethernet interface of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A slave Route Switch Processor (RSP) may reload, and the following error message may be displayed on the master RSP console:
%HA-3-SYNC_ERROR: Parser no matchConditions: This symptom is observed when the copy slot0: running-config EXEC command or the copy slot0: startup-config EXEC command is entered on a Cisco 7500 series that is configured to operate in the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: A T3 link on a 4-port channelized OC-3 line card may not come up under Synchronous Digital Hierarchy (SDH) framing.
Conditions: This symptom is observed on a Cisco 10000 series when the 4-port channelized OC-3 line card interoperates with third-party vendor test equipment.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the AU-4-TUG-3 controller that contains the T3 link.
•
Symptoms: When Open Shortest Path First (OSPF) load balancing is configured between two Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers, all traffic is dropped at the input interface because of an unreachable destination.
Information about the dropped traffic can be viewed by entering the show hardware pxf cpu statistics interface detail EXEC command. There is a label value for the destination in Cisco Express Forwarding (CEF) for the ingress PE router, but there is no corresponding value in the Parallel Express Forwarding (PXF) output of the show hardware pxf cpu cef ip-prefix [mask] privileged EXEC command. There is a "flags:Drop[2]" entry in the PXF output.
Conditions: This symptom is observed when recursive load balancing is used in OSPF between the provider edge (PE) router and the destination.
Workaround: Do not configure load sharing.
•
Symptoms: A Cisco 7200 series router will cause IP Header Compression (IPHC) regression test failures.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.02(14.01). Because fast-switched packets are counted as process-switched packets, the symptom is observed only on M4T interfaces.
Workaround: There is no workaround.
•
Symptoms: A telco may exhibit alarms and frequency deviations of 2 to 3 ppm.
Conditions: This symptom is observed if clock source internal is selected when a Cisco router is reloaded or booting up.
Workaround: There is no deviation if the clock source is changed from the default source line to clock source internal and then back again to the clock source line.
•
Symptoms: A 4-port OC-12 ATM E3 Virtual Private Network (VPN) routing/forwarding (VRF) interface may not come up after it is reloaded.
Conditions: This symptom is observed on a 4-port OC-12 ATM E3 VRF interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the VRF interface.
•
Symptoms: The Unicast Reverse Path Forwarding feature does not work on the Engine 4 Plus (E4+) line card.
Conditions: This symptom is observed on the E4+ line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The quality of service (QoS) service policy does not work when it is applied to an output interface and no packets on the interface are classified.
Conditions: This symptom is observed when a QoS service policy is applied to an output interface on a Route Switch Processor (RSP).
Workaround: There is no workaround.
•
Symptoms: The redundancy state of the standby Route Switch Processor (RSP) will remain in the "standby cold" state.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for Stateful Switchover (SSO) and that has distributed Cisco Express Forwarding (dCEF) enabled. This symptom occurs if there are Versatile Interface Processor (VIP) cards on the Cisco 7500 series that do not have any port adapters installed.
Workaround: There is no workaround.
•
Symptoms: Packet drops are observed on an ATM virtual circuit (VC) even though the pseudowire tunnel is up for a short period of time of about 1 to 5 minutes.
Conditions: This symptom is observed on an Engine 2 (E2) 8-port OC-3 ATM card when a fresh police configuration is attached to a VC.
Workaround: There is no workaround.
•
Symptoms: The source MAC accounting functionality does not work as expected.
Conditions: This symptom is observed on an Engine 4 Plus (E4+) Gigabit Ethernet line card.
Workaround: There is no workaround.
•
Symptoms: A Gigabit Ethernet Engine 2 or an Engine 4 plus line card may reload when you perform an online insertion and removal (OIR) of the Clock and Scheduler Card (CSC).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A console may pause indefinitely and an image reload cannot be performed after the reload privileged EXEC command is entered.
Conditions: This symptom is observed when an 8-port Fast Ethernet half-height line card (8fastethernet-1) is physically present.
Workaround: Send a break to the console to cause the console to return to the ROM monitor (ROMmon) mode, and then proceed with the loading of the image.
•
Symptoms: A Gigabit port may continue to report a small form-factor pluggable (SFP) failure.
Conditions: This symptom is observed when a bad Gigabit Interface Converter (GBIC) is replaced with a good GBIC on a 4-port Gigabit Ethernet Engine 3 (E3) line card.
Workaround: There is no workaround.
•
Symptoms: The Virtual Private Network (VPN) routing/forwarding (VRF) selection functionality does not work as expected on an IP Services Engine (ISE) ATM line card, and the VRF selection table cannot be established correctly.
Conditions: This symptom is observed on the ISE ATM line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The exceed-action and the set-clp-transmit keywords of the police command do not set the cell loss priority (CLP) for the ATM cells at the exceed rate based on the committed information rate (CIR) and the committed burst size (Bc). Although the exceeded traffic is transmitted, the ATM CLP is not set for certain policing configurations.
Conditions: This symptom is observed on an Engine 2 (E2) 8-port OC-3 ATM line card if the CIR policing parameter is configured to be less than 35,760,000.
Workaround: There is no workaround.
•
Symptoms: Packet throttling is activated because of congestion even when it is not configured. This behavior is indicated by the following error message:
%LC_CX3-4-THROTTLE: Packet throttling activated due to congestionConditions: This symptom is observed on a Cisco 12416 router that is configured with 200 Border Gateway Protocol (BGP) peers and that has three 6-port channelized T3 (6xCT3) line cards. Each of the line cards is configured with an even distribution of about 1500 Frame Relay subinterfaces.
Workaround: There is no workaround.
•
Symptoms: A router may fail to handle the Label Withdraw if the Label Withdraw Message is received with a Forwarding Equivalence Class (FEC) type length value (TLV) and a no Label TLV. The router may generate an error message that is similar to the following if a withdraw failure occurs:
%LDP-3-UNKNOWN_MPLS_APP: ldp label withdraw message from 10.1.1.1:0; list type 7; afam 1;Conditions: This symptom is observed on a Cisco router that is running Multiprotocol Label Switching (MPLS) and the Label Distribution Protocol (LDP).
Workaround: There is no workaround.
•
Symptoms: A multicast packet that has a destination MAC address of "0100.5e00.0002" may be dropped.
Conditions: This symptom is observed on the 4-port Gigabit Ethernet Plus 8-port Fast Ethernet access card.
Workaround: There is no workaround.
•
Symptoms: The old online insertion and removal (OIR) removal synchronization is processed after the completion of standby initialization.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: IP multicast hardware counter memory is not freed on an Engine 4 (E4) or Engine 4 Plus (E4+) line card after multicast routes are cleared from the routing table.
Conditions: This symptom occurs only when the E4 or E4+ line card runs out of mtrie node memory. The line card will run out of mtrie memory when there are more routes on the router than the line card can handle.
Workaround: There is no workaround.
•
Symptoms: Engine 4 (E4) or Engine 4 Plus (E4+) line cards on a Cisco 12000 series may reload repeatedly.
Conditions: This symptom is observed on the E4 or E4+ line cards of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor 2-50 (VIP2-50) may reload after it boots up.
Conditions: This symptom is observed on a VIP2-50 that has a 1-port multichannel E3 port adapter (PA-MC-E3) that has distributed link fragmentation and interleaving (LFI) with Virtual Private Network routing and forwarding (VRF) configured on its interfaces.
Workaround: There is no workaround.
•
Symptoms: If a 3-port Gigabit Ethernet (GE) Engine 2 (E2) line card is configured for dot1q VLAN operation and an inbound access control list (ACL) is applied to the main interface, the line card will be paused by the Gigabit Route Processor (GRP), reporting Fabric Unicast timeout errors. Note that 3-port GE E2 line cards do not support per subinterface ACL processing.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S or a later release with both normal and extended ACLs. The line card will continue to pause until the ACL is either removed from the interface configuration or ACL is removed from the configuration using the no access- list access-list-number global configuration command.
Workaround: There is no workaround.
•
Symptoms: A Route Switch Processor (RSP) may reload.
Conditions: This symptom is observed while traffic is sent on an RSP when Cisco Express Forwarding (CEF) commands such as the ip cef global configuration command or the ip cef distributed global configuration command are configured after the mpls netflow egress interface configuration command is configured.
Workaround: Configure the CEF commands on the router before configuring the mpls netflow egress interface configuration command.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: Route Processor (RPs) and line cards on a router may leak memory when the clear ipv6 route privileged EXEC command is entered.
Conditions: This symptom is observed after the clear ipv6 route privileged EXEC command is entered on a IP version 6 (IPv6) provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: Incorrect output access control list (ACL) behavior and packet loss may be observed on a router.
Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S1 if all of the following conditions are present:
–
–
–
When all the conditions are present, traffic that is destined for the prefix will be dropped on the ingress line card.
Workaround: Remove the load sharing configuration so that there is only one path to the destination.
•
Symptoms: When you use the break key to reset the secondary Gigabit Route Processor (GRP) on a Cisco 12000 series that is configured with two GRPs, the primary GRP may first pause and then reload when the following watchdog timeout occurs:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout process = Fabric pingThis situation may impact the process of replacing a defective secondary GRP. Conditions: This symptom is observed regardless of the redundancy mode (Route Processor Redundancy [RPR], Route Processor Redundancy Plus [RPR+], or Stateful Switchover [SSO]).
Workaround: There is no workaround.
•
Symptoms: "IBC divert PAK" and "Camr-3-INTPROC" errors may occur.
Conditions: This symptom is observed on a Cisco 10720 router.
Workaround: There is no workaround.
•
Symptoms: Some export packets sent from an Engine 4 plus (E4+) line card are not received by the NetFlow collector.
Conditions: This condition is observed on the E4+ line card when the export packets are exported out of a traffic engineering (TE) or tag interface and the router is running Cisco IOS Release 12.0(22)S2.
Workaround: Export the packets out of the non-TE or non-tag interface. This means that export packets must be sent out as IP packets from the E4+ line card.
•
Symptoms: A standby Route Processor (RP) may reload unexpectedly when an online insertion and removal (OIR) is performed on a 4-port OC-3 ATM line card.
Conditions: This symptom is observed on the 4-port OC-3 ATM line card of a Cisco 12000 series.
Workaround: Reset the slot info sync bit on the insertion time of the line card.
•
Symptoms: Self pings and back-to-back pings may not work as expected.
Conditions: This symptom is observed only when ATM adaptation layer 5 (AAL5) Network Layer Protocol ID (NLPID) encapsulation is used on a Cisco router.
Workaround: There is no workaround.
•
Symptoms: The Multiprotocol Label Switching (MPLS) Egress NetFlow feature does not work on a Cisco 10000 series.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A router may display the following error message when a user attempts to run a field diagnosis:
Field Diag ERROR: unknown card type in selected slotConditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Line cards on a router may reload if the clear cef linecard slot-number EXEC command is entered when IP version 6 (IPv6) access control lists (ACLs) are configured.
Conditions: This symptom is observed on the 4-port Gigabit Ethernet IP Services Engine (ISE) line card (4GE-SFP-LC) of a Cisco router that has a Cisco 10000 series IPv6 subinterface installed when there is no traffic present.
Workaround: Avoid using the clear cef linecard slot-number EXEC command.
•
Symptoms: The standby Route Processor (RP) of a router may reload repeatedly before the 4-port Gigabit Ethernet ISE line card (4GE-SFP-LC) boots up completely.
Conditions: This symptom is observed on a Cisco 12000 series that has a Performance Route Processor (PRP) as a standby RP and a 4GE-SFP-LC line card. This symptom occurs if the standby RP and the 4GE-SFP-LC line card boot up simultaneously while the redundant mode is the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: IP version 6 (IPv6) traffic may corrupt non-IPv6 traffic.
Conditions: This symptom is observed primarily with small IPv6 packets.
Workaround: There is no workaround.
•
Symptoms: A virtual circuit (VC) setup may fail if ATM permanent virtual circuits (PVCs) are configured using the old atm pvc interface configuration command.
Conditions: This symptom is observed on the 8-port OC-3 ATM Engine 2 (E2) line card of a Cisco 12000 series.
Workaround: Use the new pvc interface configuration command.
•
Symptoms: An Engine 4 plus (E4+) line card may reload after an online insertion and removal (OIR) is performed.
Conditions: This symptom is observed on the E4+ line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A router does not switch to the clock scheduler card 0 (CSC 0) after an online insertion and removal (OIR) is performed on CSC 1.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) line card may reload unexpectedly.
Conditions: This symptom is observed when more than one adjacency is established across the interfaces of the E4+ line card while the ip cef accounting per-prefix non-recursive global configuration command is enabled. This symptom may occur when there is no traffic present on the line card.
Workaround: Disable the ip cef accounting per-prefix non-recursive global configuration command.
•
Symptoms: A channel that has a parallel path may stop Layer 2 load-balancing traffic if other paths are shut.
Conditions: This symptom is observed on a Cisco 12000 series that has Multiprotocol Label Switching (MPLS) enabled.
Workaround: Disable and then reenable MPLS globally.
•
Symptoms: The following error message may be displayed when an online insertion and removal (OIR) is performed on an 8-port OC-3 ATM line card:
%LC-4-UNEXPECTED_INP_INFO: Unexpected info in buffer header, input info 0x0The following message may be displayed if a redundant Route Processor (RP) is present on the router:
%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(32)Conditions: This symptom is observed after an OIR is performed on the 8-port OC-3 ATM line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The "Gen7" label is not refreshed after a 32-input Committed Access Rate (CAR) rule is added or removed. Subsequent attempts to add any input CAR (iCAR) rule may not be applied and the router may generate an error message.
Conditions: This symptom is observed on an Cisco 12000 series Engine (E4) Packet-over-SONET (POS) line card.
Workaround: Reload the router.
•
Symptoms: Engine 4 Plus (E4+) Packet-over-SONET (POS) line cards such as OC-192 and QOC-48 may reload when they are booted up on a router.
Conditions: This symptom is observed when certain E4+ POS line cards are booted up on a Cisco 12406.
Workaround: There is no workaround.
•
Symptoms: A 4-port Gigabit Ethernet line card and a Route Processor (RP) may reload.
Conditions: This symptom is observed when an egress service policy is applied to 1000 or more VLANs of a 4-port Gigabit Ethernet line card.
Workaround: There is no workaround.
•
Symptoms: The cell relay feature cannot be enabled on a line card if the previous ATM adaptation layer 5 (AAL5) mode is in a virtual circuit (VC) bundle. When the Segmentation and Reassembly (SAR) mode is switched from AAL5 to cell relay, all the previous permanent virtual circuits (PVCs), permanent virtual paths (PVPs), and VC bundles for AAL5 should be removed.
Conditions: This symptom is observed on an Engine 2 (E2) 8-port OC-2 ATM line card.
Workaround: Manually remove all the VC bundles before enabling cell relay.
•
Symptoms: The following error message may be observed on a line card:
%SLOT n: .... : %LC-3-ERRRECOVER: Corrected a transient error on line card.This error may be observed even though an actual hardware error has not occurred on the line card. If a hardware error does occur, it will generate additional error messages to identify the source of the hardware error in addition to the error message listed above.
Conditions: This symptom may be observed on a Cisco Engine 0 line card when a feature that requires a micro code change is configured.
Workaround: There is no workaround. Ignore the error message.
•
Symptoms: Certain parts of the configuration on a line card may cease to exist after an online insertion and removal (OIR) is performed.
Conditions: This symptom is observed after an OIR is performed on the QOC-12 Engine 3 (E3) channelized line card of a Cisco 12000 series Internet router that is functioning as a Carrier Supporting Carrier provider edge (CSC-PE) router.
Workaround: Reload the router without saving the running configuration.
•
Symptoms: A service policy does not take effect on a line card after an online insertion and removal (OIR) procedure is performed on the line card.
Conditions: This symptom is observed after an OIR procedure is performed on a line card that has been previously configured with a service policy.
Workaround: Remove and reapply the service policy configuration on the line card.
•
Symptoms: Traffic may stop flowing on a line card after Route Processor Redundancy (RPR) Stateful Switchover (SSO) occurs.
Conditions: This symptom is observed on the Cisco 12000 series 1-port SONET-based SRP Engine 2 (E2) line card (OC-48/STM-16) of a Cisco router.
Workaround: Reload the router.
•
Symptoms: Multiprotocol Label Switching (MPLS) class of service (COS) does not work on an 8-port OC-3 ATM line card. Traffic that has different IP precedence may enter the same queue that is meant for IP traffic that has an IP precedence of 0.
Conditions: This symptom is observed on an 8-port OC-3 ATM line card if the ingress line card is an Engine 3 (E3) line card (such as a 4-port OC-12 POS line card or a 4-port OC-12 ATM line card).
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) Gigabit Ethernet line card may reload unexpectedly.
Conditions: This symptom is observed when the E4+ line card is running a Performance Route Processor (PRP) Cisco IOS image.
Workaround: There is no workaround.
•
Symptoms: Pings from a customer edge (CE) router may fail in an Any Transport over Multiprotocol Label Switching (AToM) network.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 (E4) Packet over SONET (POS) line card may reload when sweep pings are performed with certain packet sizes.
Conditions: This symptom is observed when Engine 2 (E2) POS imposition and E4 POS disposition are used in a Frame Relay over Multiprotocol Label Switching (MPLS) setup.
Workaround: There is no workaround.
•
Symptoms: The integrity of the payload may not be retained on a Cisco 10700 series that is running Cisco IOS Release 12.0(24)S.
Conditions: This symptom is observed on Cisco 10700 series that is operating in the Ethernet over Multiprotocol Label Switching (EoMPLS) port mode with a Packet over SONET (POS) interface that is connected to a Multiprotocol Label Switching (MPLS) backbone.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload that is related to cell relay over Multiprotocol Label Switching (CRoMPLS) may occur on a Cisco 7500 series.
Conditions: This symptom is observed when a Cisco 7500 series that has cell packing enabled is reloaded.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series modular Gigabit Ethernet line card (EPA-GE/FE-BBRD) that has a 3-port Gigabit Ethernet port adapter (EPA-3GE-SX/LH-LC) is configured with the xconnect global configuration command and the port adapter is moved to another slot on the EPA-GE/FE-BBRD line card, the xconnect global configuration command remains with the EPA-3GE-SX/LH-LC port adapter. The router that is installed with the EPA-GE/FE-BBRD line card may reload if the xconnect global configuration command is reentered over the existing configuration.
Conditions: This symptom is observed on an EPA-GE/FE-BBRD line card that has an EPA-3GE-SX/LH-LC port adapter.
Workaround: Remove the xconnect global configuration command before moving the port adapter, or remove the xconnect global configuration command before reentering the command over the existing configuration of the port adapter that has been moved to another slot.
•
Symptoms: Traffic that is flowing in the imposition direction of a line card is dropped, but traffic can still be sent in the disposition direction of the line card.
Conditions: This symptom is observed when a Cisco 12000 series modular Gigabit Ethernet line card (EPA-GE/FE-BBRD) that has a Cisco 12000 series 3-port Gigabit Ethernet port adapter (EPA-3GE-SX/LH-LC) in bay 1 or 2 is configured for Ethernet over Multiprotocol Label Switching (EoMPLS).
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series Internet router line card, the fabric error reporting message is not being turned on after system startup.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S6, 12.0(21)ST6, or 12.0(23)S2.
Workaround: Physically remove and insert the backup Clock Scheduler Card (CSC) or any Switch Fabric Card (SFC). This will re enable the line card error reporting mechanism.
Alternate workaround: Enter the hw-module shutdown EXEC command on the backup CSC or on any SFC. This will also re enable the line card error reporting mechanism.
•
Symptoms: Input interface counters may be incremented by twice the number of packets.
Conditions: This symptom is observed when Frame Relay is configured on Engine 2 (E2) interfaces.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) Gigabit Ethernet line card may reload or cause the router that it is installed on to reload.
Conditions: This symptom is observed when an E3 Gigabit Ethernet line card that has 1000 VLANs and that is sending line rate IP version 6 (IPv6) traffic on the VLANs is reloaded.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) aware NetFlow does not update per-protocol flow statistics that are displayed in the header block in the output of the show ip cache flow EXEC command:
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-BGP 1497 0.0 1 49 0.0 0.0 15.4Conditions: This symptom is observed on a Cisco 12000 series line card.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series may fail to trigger an assert response on the Multicast Virtual Private Network (MVPN) Multicast Distribution Tree (MDT) tunnel interface when data is received on the tunnel interface.
Conditions: This symptom is observed on a Cisco 10000 series and may result in packet duplication and service interruption.
Workaround: There is no workaround.
•
Symptoms: Parallel Express Forwarding (PXF) may pause indefinitely with a stall error.
Conditions: This symptom is observed when Multilink PPP (MLP) is configured with more than two T1 members.
Workaround: There is no workaround.
•
Symptoms: When a link between two interfaces is brought up by following a specific sequence of steps, one side of the link displays a persistent alarm indication signal (AIS) that cannot be cleared without reloading the line card.
Conditions: This symptom is observed on a Cisco 12000 series that has the pos ais-shut interface configuration command configured on an Engine 4 (E4) or Engine 4 plus (E4+) line card.
Workaround: Remove the pos ais-shut interface configuration command.
•
Symptoms: Starting with Cisco IOS Release 12.0(23)S, Cisco 12000 series ATM interfaces will generate F4 segment Operation, Administration, and Maintenance (OAM) loopback cells. If the connected ATM switch does not support the F4 segment loopback cells, permanent virtual paths (PVPs) on the Cisco 12000 series ATM interface may not be brought up.
Conditions: This symptom is observed when ATM PVPs are configured on Cisco 12000 series ATM interfaces and the connected ATM switch does not support F4 segment loopback.
Workaround: Use Cisco IOS Release 12.0(22)S or an earlier release. These Cisco IOS releases do not generate the F4 OutSegloop (Segment Loopback) cell.
•
Symptoms: Traceback messages may be displayed and aps commands are not cleared when the aps clear privileged EXEC command is entered to clear an automatic protection switching (APS) configuration.
Conditions: This symptom is observed when a user enters the aps clear privileged EXEC command on a channelized synchronous transport module level 1 (CH-STM1) card to clear an APS configuration.
Workaround: There is no workaround.
•
Symptoms: A router may reload during a class of service (CoS) update in a Weighted Random Early Detection (WRED) drops routine even though CoS and WRED are not configured on the router.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A router may incorrectly move a default static route from an upstream router to another upstream router and then back again, and may continue to flap the route every 60 seconds.
Conditions: This symptom is observed in the following configuration:
A Cisco router (referred to as router A) is connected to two upstream routers (referred to as router B and router C) via a common interface. Router A is configured with two default recursive static routes, one via an address that is advertised by router B, the other one via an address that is advertised by router C.
The administrative distances of the static routes are set in such a way that if both router B and router C are reachable, router A installs the default static route via router B. If router B becomes unreachable, router A installs the default static route via router C.
Router B is advertising X::1. Router C is advertising X::2. Router A is configured in the following way:
ipv6 route ::/0 X::1
ipv6 route ::/0 X::2 2When router B stops advertising X::1, router A removes the default static route via router B and installs the default static via router C. This is correct behavior. However, 60 seconds after the transition, router A incorrectly reinstalls the default static route via router B and removes the default static route via router C. Another 60 seconds later, router A removes the static route via router B and reinstalls the static route via router C. This route flap occurs every 60 seconds.
Possible Workaround: Do not rely on recursive static routes for the default route. For example, configure Interior Gateway Protocol (IGP) on routers B and C to advertise the default route. Appropriate configuration of metrics may ensure that the default route via router B is preferred to the one via router C, providing the same preference as the one that is obtained via static routes.
•
Symptoms: About 100 KB to 1 MB of processor memory may be lost when the default interface global configuration command is entered on a router. The memory loss can be detected by comparing the output of the show memory EXEC command by entering the show memory EXEC command both before and after configuring the default interface global configuration command on the router.
Conditions: This symptom occurs only if the default interface global configuration command is configured on a router.
Workaround: The memory loss can be avoided by manually unconfiguring interfaces using the no form of the interface configuration commands.
•
Symptoms: Sampled NetFlow accounting may not display reliable results.
Conditions: This symptom is observed on the Engine 4 (E4) enhanced services line card of a Cisco 12000 series that has a Performance Route Processor 1 (PRP-1).
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) Gigabit Ethernet line card may reload with a "TX ALPHA" error.
Conditions: This symptom is observed when the line card or the router is reloaded while the line card is sending IP version 6 (IPv6) linear rate traffic on 1000 VLANs.
Workaround: There is no workaround.
•
Symptoms: Data Multicast Distribution Tree (MDT) mappings may be deleted too soon, causing a loss of data, or may not be deleted at all, causing unnecessary data to be transferred.
Conditions: These symptoms are observed on a receiving provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 (E4) line card may reload after displaying the following error messages:
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. -Traceback=
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x1A1 - PIM: header start offset >= 16kB. -Traceback=Conditions: These symptoms are observed on the E4 line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 (E4) line card may reload when hardware load balance structure allocation failures occur.
Conditions: This symptom is observed when an online insertion and removal (OIR) is performed on the other line cards that are installed on the router.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload.
Conditions: This symptom is observed on a VIP if Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow.
•
Symptoms: The amount of free memory on a router decreases as the memory that is held by the Simple Network Management Protocol (SNMP) engine process increases. The decrease in the amount of free memory can be verified by examining the output of the show processes privileged EXEC command.
Conditions: This symptom is observed when SNMP is used to walk the LDP-MIB MIB on a router that is running Multiprotocol Label Switching (MPLS).
Workaround: Avoid querying the LDP-MIB MIB. Information regarding the LDP-MIB MIB can be obtained by entering the show mpls ldp neighbor privileged EXEC command.
•
Symptoms: When an online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC) and the primary Route Processor (RP) after the standby RP comes up completely, the CSC is no longer displayed in the output of the show gsr EXEC command after the switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that is operating in the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: When you enter the ip cef distributed global configuration command and you create a tunnel interface, packets that are going through the tunnel interface are not switched via distributed switching, and the output of the show running-config EXEC command displays that the no ip route-cache distributed interface configuration command is enabled for the tunnel interface.
Conditions: This symptom is observed on a Cisco 7500 series after you have reloaded the router, you have entered ip cef distributed global configuration command, you have created a tunnel interface using the interface tunnel tunnel-number command, and you have entered the tunnel destination ip-address interface configuration command.
Workaround: Enter the ip route-cache distributed interface configuration command on the tunnel interface.
Alternate Workaround: After you have reloaded the router and before you create a new tunnel, enter the ip cef global configuration command followed by the ip cef distributed global configuration command.
•
Symptoms: When an optimized mode policy map is created by entering the match qos-group qos-group-value class-map configuration command, the command may not have any effect if the traffic is sent using a Spatial Reuse Protocol (SRP) side A interface.
Conditions: This symptom is observed only with optimized mode output policy maps.
Workaround: Use a nonoptimized mode policy map, and use another command instead of the match qos-group qos-group-value class-map configuration command in the class map.
•
Symptoms: Parallel Express Forwarding (PXF) reloads with the "0x680" software exception type in column 5 (T1RxC1).
Conditions: This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(21)ST5 but may also occur in Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: The Multiprotocol Label Switching (MPLS) experimental (EXP) bit setting feature on the ingress side is not effective if the output service policy to the Any Transport over Multiprotocol Label Switching (AToM) virtual path (VP) cell relay (CR) circuit is modified.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command to reprovision the VP CR circuit.
•
Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you have reloaded microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S, 12.0(23)S, 12.0(24)S and 12.0(25)S and that is functioning as a provider edge (PE) router in a carrier in a carrier supporting carrier configuration when the 4-port OC-48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.
•
Symptoms: A Cisco 12000 series may reload because of a bus error exception.
Conditions: This symptom is observed when Protocol Independent Multicast (PIM) is enabled on the Cisco 12000 series.
Workaround: Disable PIM.
•
Symptoms: When a 32-bit byte counter in a Multiprotocol Label Switching (MPLS) flow overflows (the overflow occurs when the byte counter reaches the maximum 32-bit value of 4294967295 + N), the 32-bit byte counter resets to "N" causing a loss of 4294967295 bytes in the reported byte statistics.
Conditions: This symptom is observed when the MPLS aware NetFlow feature is enabled on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) traffic or MPLS Virtual Private Network (VPN) traffic is being forwarded by a Cisco 10720 router, about 50 percent of multicast traffic will be punted to a Route Processor (RP) and forwarded by the RP. The expected behavior is that multicast traffic should be forwarded by Parallel Express Forwarding (PXF) as long as a multicast route (mroute) entry exists. If many packets are punted to the RP, and the RP queue is congested, some of the multicast traffic that is being punted to the RP will be dropped. For example, multicast traffic may be dropped from a multicast application such as video or TV broadcast.
Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(22)S, Release 12.0(23)S1, or Release 12.0(24)S when the following conditions are met:
–
–
Workaround: Stop the MPLS or MPLS VPN traffic.
•
Symptoms: A line card may reload during the buffer carving process when a new configuration is manually entered.
Conditions: This symptom may occur under one of the following conditions:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A line card may reload unexpectedly.
Conditions: This symptom is observed when the execute-on slot slot-number privileged EXEC command is entered on the line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When a 6-port channelized T3 line card is administratively shut down and reenabled after a switchover occurs in the Route Processor Redundancy Plus (RPR+) mode, the configuration synchronization of the line card may fail and the following messages may be displayed:
%GRP-4-OIRSYNC: Failed to sync inserted slot idback-timeout to stand by RP%GRP-3-ERROR: slot info sync failed, state S_WAIT_SLOT_INSERT_SYNC s lot 12Conditions: This symptom is observed on a Cisco 12416 that has three 6-port channelized T3 line cards that are each configured with an even distribution of 1500 Frame Relay permanent virtual circuit (PVC) subinterfaces. The Cisco 12416 is configured with 200 Border Gateway Protocol (BGP) peers that have redundant Gigabit Route Processors (GRPs) that are running in the RPR+ mode.
Workaround: There is no workaround.
•
Symptoms: The "No Card" message is displayed when the show running-config EXEC command is entered.
Conditions: This symptom is observed when a 24-port channelized E1/T1 line card is provisioned on a Cisco 10000 series edge services router (ESR).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12416 may reload because a process is aborted when a watchdog timeout occurs and the following message is displayed:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Fabric Ping. -Traceback= 501D5418 501D8CF8 501CEE3C 501BE79C 5024AE18 501ACF5C 501ACF48Conditions: This symptom is observed on a Cisco 12416 that has one 3-port Gigabit Ethernet line card and two 10-port Gigabit Ethernet line cards (that are each configured with an even distribution of 2000 VLAN subinterfaces). The Cisco 12416 is configured with 200 Border Gateway Protocol (BGP) peers that advertise 200,000 routes.
Workaround: There is no workaround.
•
Symptoms: A corrupted VLAN ID may be created when a VLAN ID rewrite operation is configured on the VLAN interface of a Cisco 10720. When this symptom occurs, the Canonical Format Identifier (CFI) bit of the incoming 802.1q header is not preserved.
Conditions: These symptoms are observed with input packets that have the CFI bit of the 802.1q header set to a value of "1" (CFI=1) and when the new VLAN ID value has a value of "0" for bit 4 (when the count is made from the least significant bit position). The new VLAN ID value (that is produced by the VLAN ID rewrite operation) for the output packet will have an incorrect value of "1" for bit 4.
The CFI bit of the incoming packet is not preserved when the value of the CFI bit is "1" and the outgoing packet has a incorrect CFI bit value of "0".
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that is used as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, if an ATM line card is used to connect to a customer site while an Engine 2 (E2) OC-48 Packet over SONET (PoS) line card on the same router is connected to a provider (P) router, the ping that originates from the ATM line card that connects to the customer site will fail even though pings from the other sites to the ATM line card may be passed successfully.
Conditions: This symptom is observed when the configuration is freshly configured on the Cisco 12000 series instead of being loaded from Flash memory when the router is reloaded.
Workaround: Remove and reconfigure the permanent virtual circuit (PVC) on the ATM line card.
•
Symptoms: Traffic may not be matched to the correct class.
Conditions: This symptom is observed on a Cisco 12000 series Internet router. When the match access-group class-map configuration command is used, one of the access control lists (ACLs) is not defined.
Workaround: Define each ACL.
•
Symptoms: When an IP version 6 (IPv6) access control list (ACL) is deleted and readded after the order of the access-control entries (ACEs) is changed, the ACL will not function normally and all access will be denied.
Conditions: This symptom is observed on a Cisco 12000 series that is running the c12kprp-p-mz Cisco IOS image.
Workaround: Readd the ACEs in the order of the original ACL, or add the "permit ipv6 any any" ACE entry to the ACL.
•
Symptoms: Traffic and routing outage may be observed on a router for several minutes.
Conditions: This symptom is observed on a Cisco 12000 series when a line card reload event is triggered by an uncorrected soft memory error and by a simultaneously bounding policy-based routing (PBR) policy that is on an IP Services Engine (ISE) interface.
The uncorrected soft memory error trigger is observed to occur before the trigger that is caused by the simultaneously bounding policy-based routing policy.
Workaround: There is no workaround.
•
Symptoms: DiffServ-Aware Traffic Engineering (DS-TE) may not work on an 8-port OC-3 ATM line card.
Conditions: This symptom is observed when one port of the 8-port OC-3 ATM line card is used as the input port and the other port is used as an output port with a service policy.
The outgoing traffic is subjected to the service policy with priority queueing and default queueing. When the tunnel is down, the traffic is matched correctly and is sent through the priority queue. After the tunnel is brought up, the traffic flows through the tunnel interface and the physical interface (that is subjected to the policy). At this point, the traffic does not pass through the priority queue but is instead passed through the default queue.
Workaround: There is no workaround.
•
Symptoms: Output access control lists (ACLs) are not applied to an output Engine 3 (E3) card.
Conditions: This symptom is observed if the output card is an Engine 3 (E3) card and if the input card is an Engine 4 (E4) or Engine 4 plus (E4+) card.
Workaround: There is no workaround.
•
Symptoms: Spurious memory access messages may be displayed on an Engine 2 (E2) line card and the line card may reload when the line card is configured with sampled NetFlow.
Conditions: This symptom is observed only if the egress line card is reloaded. Initially, Cisco Express Forwarding (CEF) may become disabled on the ingress E2 line card. The line card may subsequently reload if the clear cef linecard EXEC command is entered to clear CEF information that is on the line card.
Workaround: Remove sampled NetFlow from the configuration.
•
Symptoms: A standby Route Processor (RP) may pause indefinitely in the "cold" state.
Conditions: This symptom is observed when the redundancy mode is changed from the Stateful Switchover (SSO) mode to the Route Processor Redundancy Plus (RPR+) mode on a Cisco 12000 series.
Workaround: Reload the Cisco 12000 series.
•
Symptoms: An Engine 3 (E3) line card may exhibit "ALPHA" errors and reload.
Conditions: This symptom is observed on a Cisco 12000 series that has per-prefix accounting configured when the clear ip route * privileged EXEC command is entered to delete IP routing table entries.
Workaround: Disable per-prefix accounting.
•
Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast-routing global configuration command is enabled while there are tunnel interfaces configured.
Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command and when a traffic engineering (TE) tunnel is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series that is configured with a Performance Route Processor 1 (PRP-1) may pause indefinitely.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a PRP-1 when the configuration is being saved after it has previously received a break signal on the console. This symptom does not affect the Gigabit Route Processor (GRP).
The break signal can be received by the router when it is sent intentionally by a terminal or when it is unintentionally received as noise on the console connection. Unintentional noise may occur if a terminal or terminal server that is connected to the router is powered off or when certain terminals or personal computer terminal emulators are first connected. When the router pauses indefinitely, it must be power-cycled to be restored to a normal working condition.
Workaround: There is no workaround.
•
Symptoms: Traffic may not pass through a Spatial Reuse Protocol (SRP) Dynamic Packet Transport (DPT) Engine 2 (E2) line card after a switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Route Processors (RPs) while the Cisco 12000 series is in either the Route Processor Redundancy plus (RPR+) mode or the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series may reload because of a bus error exception.
Conditions: This symptom is observed if a label value of 500 or greater is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 500or
Router#show hardware pxf cpu mpls labels 2-500The Cisco 10000 series does not reload if a label value of less than 500 is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 499or
Router#show hardware pxf cpu mpls labels 2-499Workaround: There is no workaround.
•
Symptoms: If a user attempts to run field diagnostics on a fabric card that is on a 10 Gigabit Ethernet fabric-based router, the user will receive a banner that indicates that the card is not supported.
If a user attempts to run field diagnostics on a fabric card that is on a 2.5 Gigabit Ethernet fabric-based router, the router may reload.
Conditions: This symptom is observed when a field diagnostic is performed against any of the following card types:
card type hex decimal
BFR_CARD_TYPE_CSC_BFR12 0x11, 17
BFR_CARD_TYPE_SFC 0x12, 18
BFR_CARD_TYPE_CSC_BFR16_OC48 0x17, 23
BFR_CARD_TYPE_SFC_BFR16_OC48 0x18, 24
BFR_CARD_TYPE_CSC_BFR8 0x14, 20
BFR_CARD_TYPE_CSC_BFR4 0x15, 21
BFR_CARD_TYPE_SFC_BFR8 0x16, 22
BFR_CARD_TYPE_CSC_BFRP_OC192 0x19, 25
BFR_CARD_TYPE_SFC_BFRP_OC192 0x1a, 26
BFR_CARD_TYPE_CSC_BFR10 0x1b, 27
BFR_CARD_TYPE_SFC_BFR10 0x1c, 28Workaround: Use an alternate method to determine if the replacement of the fabric card is necessary.
•
Symptoms: When you perform an online insertion and removal (OIR) procedure by replacing one Gigabit Ethernet (GE) line card with another GE line card, traffic may not flow from the newly inserted GE line card.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S1.
Workaround: Enter the hw-module slot shelf-id/slot-number reload privileged EXEC on the newly inserted GE line card.
•
Symptoms: A Cisco router may leak memory at a rate of up to 100 KB per day, resulting in the gradual reduction of the available memory.
Conditions: This symptom is observed on a Cisco router that is running Label Distribution Protocol (LDP). The symptom may be caused by applications that use TCP as the transport protocol.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series Parallel Express Forwarding (PXF) network processor may reload with a "T1 SW Exception" error when multicast traffic is sent over a priority queue.
Conditions: This symptom is observed when you configure a quality of service (QoS) policy map to use a priority queue. When multicast traffic matches the QoS policy map, the traffic uses the priority queue, and the PXF network processor may reload.
Workaround: Do not use a priority queue for multicast traffic.
•
Symptoms: Some multilink interfaces may stop passing traffic.
Conditions: This symptom may be observed when a router boots up or when the flexible WAN module (FlexWAN) is reloaded.
Workaround: Manually reconfigure the multilink interface.
•
Symptoms: Operation, Administration, and Maintenance (OAM) loopback cells are treated incorrectly as data packet counters by Segmentation and Reassembly (SAR).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A single access control list (ACL) with multiple TCP flags may not function properly on an Engine 4 plus line card.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Divide the single ACL with multiple TCP flags into multiple ACLs with one TCP flag per ACL.
•
Symptoms: After a switchover occurs, an active Route Processor (RP) that is operating in the Route Processor Redundancy plus (RPR+) mode may not be able to switch Layer 2 Tunneling Protocol (L2TP) version 3 packets using distributed Cisco Express Forwarding (dCEF) (in the dCEF mode and may punt them to the RP CEF mode).
Conditions: This symptom is observed on the RP of a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Disable and reenable dCEF.
•
Symptoms: Object identifiers (OIDs) for the CISCO-ATM-PVCTRAP-EXTN-MIB MIB cannot be accessed.
Conditions: This symptom is observed with the CISCO-ATM-PVCTRAP-EXTN-MIB MIB. The MIB number of the CISCO-ATM-PVCTRAP-EXTN-MIB MIB has to be updated with the MIB number of the approved MIB.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a bundle member with an overlapping precedence is added.
Conditions: This symptom is observed when the bundle member that has the overlapping precedence is added, removed, and subsequently readded with another precedence.
Workaround: There is no workaround.
•
Symptoms: An 8-port multichannel T1/E1 ISDN PRI port adapter (PA-MC-8TE1+) may not be recognized.
Conditions: This symptom is observed on the PA-MC-8TE1+ port adapter that has the part number of 73-7549-02 or a board revision number that is later than revision A0.
Workaround: Replace the PA-MC-8TE1+ port adapter with another PA-MC-8TE1+ port adapter that has a part number of 73-7549-01 and a board revision number of A0.
•
Symptoms: A Route Switch Processor (RSP) may reload and display traceback decodes.
Conditions: This symptom is observed on a Cisco 7500 series that has multilink interfaces when the Intermediate System-to-Intermediate System (IS-IS) routing protocol is enabled by entering the router isis area-tag global configuration command and the nsf cisco router configuration command.
Workaround: Unconfigure the router isis area-tag global configuration command.
•
Symptoms: A remote line fault indication (RFI) or remote defect indication (RDI) may bring down an E1 link that is in the local loopback mode.
Conditions: This symptom is observed on a multichannel STM-1 port adapter (PA-MC-STM1).
Workaround: There is no workaround.
•
Symptoms: A Route Processor (RP) may reload when an attached service policy is modified at the same time the shaping rates of 1000 virtual circuits (VCs) are reprovisioned.
Conditions: This symptom is observed during a Telnet configuration session when the shaping rate of 1000 VCs is reprovisioned by using the VC class template and entering the following command:
Router(config)#vc-class atm pvcThe Telnet session will pause for about a minute when the shaping rate of VC is modified.
In the following Telnet configuration session, the class default for the service policy is attached to all 1000 VCs:
Router(config)#policy-map pout
Router(config-pmap)#class class-default
Router(config-pmap-c)#bandwidth remaining percent 1
Router(config-pmap-c)#random-detect
Router(config-pmap-c)#random-detect precedence 0 45 cells 450 cells 1Workaround: Avoid making changes to the attached policy until the reprovisioning of the shaping rates of 1000 VCs is complete.
•
Symptoms: Some ATM subinterfaces may stop forwarding traffic and display the following console message:
%PM622-3-SAR_OPEN_VC_ERR: SAR:(4/0) open tx vc (open vc tunnel) failed: vcid: 250 Event: 0x4014C488 0x0000029E 0x00000480 0x00FA0277Conditions: This symptom is observed when the class of service (CoS) queues from the service policy are deleted and the new CoS queues are provisioned while there is traffic present.
Workaround: Reload the microcode on the line card.
Alternate Workaround: Delete the existing service policy completely and then reapply the service policy instead of modifying the existing service policy.
•
Symptoms: A router may reload.
Conditions: This symptom is observed in a network in which a large number of access control lists (ACLs) are shared by many ATM subinterfaces on an ATM IP Services Engine (ISE) line card. The router reloads when the main ATM ISE line card is shut down and then brought back up again.
Workaround: There is no workaround.
•
Symptoms: Egress per-VC priority queueing may not work on a 4-port OC-12/STM-4 ATM IP Services Engine (ISE) multi/single mode line card. Priority queue traffic will be starved if oversubscribing traffic is sent through the regular per-VC class of service (CoS) queues at the same time that priority traffic is sent to the priority queue.
Conditions: This symptom occurs when a service policy is configured with a priority queue that is attached to an egress ATM virtual circuit (VC) that is operating in the subinterface mode. This symptom may also occur when traffic that is oversubscribing the VC shaping rate is sent simultaneously to both the priority queue and any of the regular CoS queues such as the default queue.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when Web Cache Communication Protocol (WCCP) and Cisco Express Forwarding (CEF) are both enabled on the router.
Workaround: Disabling CEF is a possible workaround, but this workaround may impact the performance of the router.
•
Symptoms: A line card may reload when a virtual circuit (VC) bundle is redefined.
Conditions: This symptom is observed on a line card when a permanent virtual circuit (PVC) bundle is removed and subsequently readded to the bundle configuration.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A router may reload while you change the maximum transmission unit (MTU) size to 64 bytes on an OC-12 or OC-24 Packet-over-SONET (POS) interface.
Conditions: This symptom is observed on a Cisco 10000 series router or a Cisco 12000 series router when Multiprotocol Label Switching (MPLS) is enabled on the interface.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: When one Cisco IOS release is upgraded to another Cisco IOS release, the Versatile Interface Processor 2-40 (VIP2-40) module may reload with an arithmetic exception or a signal-5 error upon rebooting.
Conditions: This symptom is observed on a Cisco 7513 router that has Route Switch Processors (RSP4s) and a VIP2-40 that has 8-port serial cards installed.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(24)S6
Cisco IOS Release 12.0(24)S6 is a rebuild of Cisco IOS Release 12.0(24)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A Route Switch Processor (RSP) that is acting as a slave may have complete packet switching activity interrupted for several minutes. This situation may cause the RSP to permanently pause.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(12d).
Workaround: There is no workaround.
•
Symptoms: Executing the tftp-server slaveslot0: global configuration command, or any configuration commands related to tftp-server being set to access flash devices on the slave, will cause the slave to reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(23)S5 but is not platform dependent.
Workaround: Configure the tftp-server to access flash devices on the master route switch processor (RSP) only.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
Interfaces and Bridging
•
Symptoms: An interface on a Cisco 7500 series that is configured for distributed Multilink PPP (dMLP) may stop transmitting data.
Conditions: This symptom is observed when the links in an MLP bundle flap. When the router detects that the interface does not transmit data, the router automatically resets all Versatile Interface Processors (VIPs) to restore proper functioning.
The following log information shows the sequence of events when the symptom occurs:
%LINK-3-UPDOWN: Interface Serial10/1/1/11:23, changed state to down
%LINK-3-UPDOWN: Interface Serial10/1/1/12:23, changed state to down
%LINK-3-UPDOWN: Interface Multilink9, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial10/1/1/11:23, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial10/1/1/12:23, changed state to down
%LINK-3-UPDOWN: Line protocol on Interface Multilink9, changed
%LINK-3-UPDOWN: Interface Serial10/1/1/12:23, changed state to up
%LINK-3-UPDOWN: Interface Multilink9, changed state to up
%LINK-3-UPDOWN: Interface Serial10/1/1/11:23, changed state to up
%RSP-3-RESTART: interface Serial10/1/1/11:23, output frozen
%RSP-3-RESTART: cbux complexWorkaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router that is configured with IP multicast may reload because of a bus error.
Conditions: This symptom is observed when a router sends (S,G) R join overrides to a neighbor, and the neighbor times out because of link flaps or because of another reason. The symptom is caused by a timing difficulty and is most likely to occur when you enter the ip pim spt-threshold infinity global configuration command on all routers in the network.
For a list of the affected releases, go to the following location: http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds31596. Cisco IOS software releases that are not listed in the"First Fixed-in Version" field at this location are not affected.
Workaround: Delete the ip pim spt-threshold infinity global configuration command from all routers in the network to minimize the occurrence of the symptom.
•
Symptoms: A retransmission counter may not be reset when a neighbor is terminated.
Conditions: This symptom is observed on a Cisco platform that is running Open Shortest Path First (OSPF) when the retransmission limit default (12 or 24) is added to the retransmission mechanism.
Workaround: Clear the OSPF process by entering the clear ip ospf process pid privileged EXEC command. Then, enter the limit retransmissions non-dc disable router configuration command.
•
Symptoms: Pings fail on an Ethernet-to-VLAN interworking over L2TPv3 due to an IRDP failure.
Conditions: This symptom is observed when you ping between two CE routers. Both of the CE routers do not learn each other's MAC address automatically.
Workaround: Ping from the first CE router to the second CE router, then ping from the second CE router to the first CE router.
•
Symptoms: FRR LSPs may fail to provide protection with a Next-next-hop (NNHOP) backup tunnel.
Conditions: This symptom is observed only when a primary LSP reaches beyond a merge point.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when you manually reload the router.
Conditions: This symptom is observed when Open Shortest Path First (OSPF) LSAs are being "maxaged" while you manually reload the router. This situation may occur because of a fluctuating network and is an extreme corner case that cannot be reproduced on demand. The symptom is very unlikely to occur.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco router may reload if the show ip access- list access-list-name command is performed on an existing reflexive access-list.
Conditions: This symptom is observed on a Cisco 3620 router that is running Cisco IOS Release 12.3(13).
Workaround: There is no workaround.
•
Symptoms: After applying the maximum of 32 Committed Access Rate (CAR) rules and removing them, subsequent attempts to add any new input CAR (iCAR) rules may not be applied, and the router may generate an error message.
Conditions: This symptom is observed on a Cisco 12000 series Engine (E4) Packet-over-SONET (POS) line card.
Workaround: Reload the router.
•
Symptoms: The startup configuration file may become corrupt.
Conditions: This symptom is observed when multiple Telnet sessions simultaneously execute the copy running-config startup-config EXEC command. Only one Telnet session at a time should execute the copy running-config startup-config EXEC command.
Workaround: To save the configuration properly, reenter the copy running-config startup-config EXEC command.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: Boot variables may not be cleared, may not be set, or may become corrupted.
Conditions: This symptom is observed when you copy a configuration to the startup configuration, for example by entering the copy system:running-config nvram:startup-config EXEC command. The old boot variables may not be replaced with the new boot variables; instead, they may be appended incorrectly. The old boot variables should be replaced with the new boot variables.
Workaround: First, enter the no boot system global configuration command and save the configuration. Then, configure the new boot statement.
•
Symptoms: An Engine 4 line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series under stress conditions such as link or route flaps, clearing of the Border Gateway Protocol (BGP) table, or using the command-line interface (CLI) to perform an online insertion and removal (OIR).
Workaround: There is no workaround.
•
Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.
Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.
Workaround: There is no workaround.
•
Symptoms: Backward explicit congestion notification (BECN) packets may be dropped by an Any Transport over Multiprotocol Label Switching (AToM) tunnel.
Conditions: This symptom is observed when you configure AToM in the network core, the network core contains Frame Relay interfaces, and BECN is enabled.
Workaround: There is no workaround.
•
Symptoms: An interface may not transmit traffic because the output may be stuck. When this symptom occurs, the console of the Route Switch Processor 4 (RSP4) may display the following error messages:
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/2:15, TEI0 changed to down
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/1:15, TEI0 changed to down
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/3:15, TEI0 changed to down
%RSP-3-RESTART: interface Serial1/0/0:15, not transmitting Output Stuck on Serial1/0/0:15
%RSP-3-RESTART: interface Serial1/0/1:15, output frozen
%RSP-3-RESTART: interface Serial1/0/2:15, not transmitting %RSP-3-RESTART: cbus complexConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1(19)E1 when the compress stac caim interface configuration command is configured on the interface. The symptom may also occur in other releases.
Workaround: Remove the compress stac caim interface configuration command from the interface.
•
Symptoms: On a Cisco router that is configured with a Multilink PPP (MLP) interface, the available processor memory may decrease rapidly because of a memory leak.
Conditions: This symptom is observed when the MLP interface flaps repeatedly.
Workaround: There is no workaround. You must resolve the cause of the flapping MPL interface.
Further Problem Description: A QoS configuration is the key to cause this memory leak. The problem will not happen without a QoS configuration. Note: If PPP multilink interleave is configured, then this configuration will trigger QoS memory allocation.
•
Symptoms: The following message is observed after executing shutdown subinterface of ATM:
%GENERAL-3-EREVENT: c10k_atm_vc_state_change: No current_if_infoConditions: This symptom is observed on a Cisco 10008 Internet router that is running the Cisco IOS image c10k-p10-mz.120-23.S3b under the following conditions:
1. ATM interface: down/down with pvc configuration on subinterface.
2. ATM interface: initializing/down with no LC and pvc configuration on subinterface.
This error message can be observed when executing no shut/shut subinterface in the above conditions.
Workaround: There is no workaround.
Further Problem Description: When main ATM interface is down (could be either admindown or down), create a point-to-point atm subinterface with vbr-nrt vc in shutdown state. Then deleting pvc underneath the atm subinterface, or deleting the atm subinterface itself, can cause the losing of bandwidth on ATM interface.
For more details, look at the Release-note for CSCed62971.
•
Symptoms: A router may reload because of an NVRAM corruption.
Conditions: This symptom is observed when NVRAM is accessed simultaneously by two processes, when one the processes has a file open, and when the second process attempts to open a nonexistent file. The error handling for the second process clears the global NVRAM pointer that is used by the first process. This situation is more likely to occur in a configuration with redundant Route Processors (RPs) but may also occur in a configuration with a single RP when two terminal windows are open.
Workaround: There is no workaround.
•
Symptoms: Some channelized PA-MC-2T3+ interfaces on a Cisco 7500 series router may go into a down/down state. When this symptom occurs, one or more groups of four T1 interfaces may go down simultaneously because of an Rx Alarm Indication Signal (AIS) alarm, and all of the interfaces associated with the down/down T1 interfaces may also go into the down/down state.
Conditions: This symptom is observed only on a PA-MC-2T3+ port adapter. This symptom may be caused by a router or Versatile Interface Processor (VIP) reload or a circuit failure on the T3 port adapter. This symptom has not been observed on the PA-MC-T3 port adapter.
Workaround: Perform an online insertion and removal (OIR) of the VIP that seats the PA-MC-2T3+. Make sure that you follow the guidelines for performing an OIR procedure on a Cisco 7500 series router.
Alternate Workaround: Identify the router with four ports in the down/down state, and reload this router. You can identify the router with the interfaces in the down/down state by checking for the presence of AIS on all four ports. T1 interfaces will go down in the following combinations: 1-4, 5-8, 9-12, 13- 16, 17-20, and 21-24. If T1 interfaces go down in 3-6 or 10-13 combinations, this symptom is not the reason that the interfaces are in the down/down state.
•
Symptoms: A Versatile Interface Processor (VIP) may reload when the clear cef line command is entered or when a new VRF is provisioned on an interface via the CLI.
Conditions: This symptom is observed on a VIP when Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow before making configuration changes or before entering the clear cef line command.
•
Symptoms: A service policy may not attach to an interface. When you enter the show policy-map interface EXEC command, the output displays all counters at 0.
Conditions: This symptom is observed on a Cisco router when a policy map is configured on an IP Services Engine (ISE) line card for the Cisco 12000 series router with policing set to less than 64 kbps, and the Cisco IOS software is being upgraded from a release prior to 12.0(26)S up to Cisco IOS Release 12.0(26)S.
Workaround: Make sure that the policing rate is larger than 64 kbps. The service policy may then be attached to the interface.
•
Symptoms: A buffer leak may occur in the Multilink PPP (MLP) header pool on a Versatile Interface Processor (VIP). The speed of the leak depends on the rate of traffic that is flowing between the interface of the VIP and the interface on the other end. The leak may eventually cause memory allocation failures (MALLOCFAIL) on the VIP and may result in memory fragmentation.
Conditions: This symptom is observed on a Cisco 7500 series when all of the following conditions are present:
- Distributed Cisco Express Forwarding (dCEF) is enabled.
- An MLP bundle that includes interfaces on the VIP is configured.
- A different interface on the same VIP performs some type of fancy queueing such as committed access rate (CAR), policing, or Class-Based Weighted Fair Queueing (CBWFQ).
- Packets are locally switched between the MLP interface and the interface that is configured for fancy queueing.
Workaround: Stop the leak by removing fancy queueing from the VIP interface.
Alternate Workaround: Move the MLP interfaces to a different VIP that does not have an interface that performs fancy queueing.
•
Symptoms: A 1-port 10-Gigabit Ethernet line card may generate pause frames under an inbound heavy load if there is a bottle neck in the router, for example an egress line card. The pause frames may cause FCS errors at the remote end device.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(25)S2.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with LLQ, there is queueing on the real time queue.
Conditions: This symptom is observed on a Cisco 10000 ESR that is configured with LLQ.
Workaround: There is no workaround.
•
Symptoms: A 6-port CT3 line card crashed due to a Cache Parity Exception. The router will not reload.
Conditions: This symptom occurs on a Cisco 12000 series router that is running Cisco IOS Release 12.0(23)S3 image c12kprp-p-mz.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may show an BMA error, then run error recovery.
Conditions: This symptom is observed on a Cisco 12008/40 router that is running Cisco IOS 12.0(23)S5, that is configured as an MPLS inter-AS ASBR, and that is also configured as a PE router. When you enter the shutdown command followed by the no shutdown command on a POS interface of an 8-port POS line card, the 3-port GE line card shows an BMA error.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: The show ip cef resource command may not function after a manual SSO RP switchover.
Conditions: This symptom is observed on a Cisco 12416 router with dual RPs that are running gsr-p-mz.120-24.S4.0105 images.
Workaround: There is no workaround.
•
Symptoms: A file that is copied to an ATA disk may become corrupted.
Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster.
Workaround: Use an ATA disk that is formatted with 16 or less sectors/cluster.
•
Symptoms: Most multicast traffic is dropped if an ingress interface is an interface of an E4+ line card and NetFlow is configured.
Conditions: This symptom occurs when multicast traffic is forwarded down a shared tree, for example, forwarded by (*, g).
Workaround: Either unconfigure NetFlow or disable the SPT threshold to move to the shortest path tree.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tagswitching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Symptoms: Traffic may be delayed across a Cisco 12000 Series Engine 3 line card. Traffic sent through the Cisco 12000 series Internet router may see latency. Other symptoms include:
1) input rate on the E3 line card increases upwards of 600MB
2) no high CPU is seen on the E3 line card or on the RP/PRP
3) the "sho cont tofab/frfab queues" from the E3 line card are not less than 50% depleted
4) packets are being punted from HW to LC CPU as seen via" "show controller event"
Note: 3 and 4 are LC specific commands.
Conditions: This problem occurs when tag-switching and MPLS are configured on the E3 line card.
Workaround: Upgrade Cisco IOS to get by CSCeb45907.
•
Symptoms: Engine 2 line cards may fail upon clearing BGP peers.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: Some MQC commands on 4xOC3 and 8xOC3 ISE line cards on Cisco 12000 series routers may result in a message similar to the following:
% Service policy on FR sub-interface POS1/1.2 must be hierarchical.
Due to the error, no policy is applied to the interface. Even though the running configuration has the policy on the interface, the policy will not take effect.
Conditions: This symptom is observed on Cisco 12000 series routers.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) becomes disabled on a secondary Cisco 10000 series Performance Routing Engine (PRE) during a switchover.
Symptoms: This symptom is observed after configuring 380 traffic engineering (TE) tunnels and checking that CEF is enabled on both the primary and secondary PREs and that all TE tunnel interfaces are up. Then, a forced switchover from the primary PRE to the secondary PRE is performed. When the secondary PRE comes up and it now the new primary PRE, all tunnel interfaces are down. The line is up but the protocol is down. Because CEF is disabled and not running, the tunnels do not function and no routing can occur.
Workaround: Enable CEF on the primary PRE and enter the shutdown command followed by the no shutdown command on the affected interfaces. Doing so enabled the TE tunnels to come up.
•
Symptoms: MPLS TE tunnel counters are inaccurate; the MPLS TE tunnel output rate counters may exceed the physical interface capabilities that the tunnel uses.
Conditions: This symptom is seen on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S5 with an Engine 4 line card. This symptom may be observed by issuing the following commands in the following order:
1. Enter the show interfaces tunnel number command. This command tells you the interface statistics for the tunnel.
2. Enter the show mpls traffic-eng tunnels tunnel-interface command. This command tells you the physical interface the tunnel traverses.
3. Enter the show interfaces type slot/port command. This command tells you the physical interface statistics.
Workaround: There is no workaround.
•
Symptoms: A transient error may occur on a Cisco 12000 series line card during a network routing change. There is a chance that other line cards in the system will stop transmitting or receiving routing protocol updates and traffic, causing traffic to be blackholed.
Conditions: This symptom is observed in an MPLS-VPN network. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb58214. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Enter the microcode reload command on any line card that stops receiving traffic or routing protocol adjacencies from its neighbors.
•
Symptoms: When applied to a multilink PPP (bundle) interface, the service- policy command results in the following error message on the standby PRE: "CEF switching is required for the set command." In addition, the multilink PPP interface configuration on the standby PRE indicates that there is no service policy on the interface.
Conditions: This symptom occurs only on multilink PPP (bundle) interfaces and only if the policy-map referenced in the service-policy command contains a set command.
Workaround: The problem can be avoided by replacing the set command by a police command whose conform, exceed, and violate actions use the same action as in the set command. For example, if the set command is "set mpls experimental 5," the equivalent police command is "police 8000 1000 0 conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp- transmit 5 violate-action set-mpls-exp-transmit 5."
•
Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).
Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.
Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.
•
Symptoms: Traffic may stall on a few channels of certain port adapters.
Conditions: This symptom is observed on the following Cisco port adapters:
- PA-MC-xT1
- PA-MC-xE1
- PA-MC-xT3
- PA-MCX-xTE1
- PA-MC-xE3
where x = number of ports
Workaround: Reprovision the affected channels on the port adapters.
•
Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).
For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.
•
Symptoms: A line card reloads continuously after an OIR.
Conditions: This symptom is observed when the line card has MFR and a service policy configured.
Workaround: Remove the service policy before performing an OIR.
Wide-Area Networking
•
Symptoms: A router may reload if the no shutdown interface configuration command is entered on a multilink interface, or the no multilink-group interface configuration command is entered on a serial interface.
Conditions: This symptom may occur if the no multilink-group interface configuration command is entered on a serial interface that is not configured for PPP encapsulation, or if PPP encapsulation is removed from a serial interface using the no encapsulation ppp interface configuration command if that interface is already configured as part of a multilink group.
Workaround: Make sure that a serial interface is configured for PPP encapsulation using the encapsulation ppp interface configuration command before configuring a multilink group, and always make sure that the interface is not configured as part of a multilink group before removing PPP encapsulation.
Resolved Caveats—Cisco IOS Release 12.0(24)S5
Cisco IOS Release 12.0(24)S5 is a rebuild of Cisco IOS Release 12.0(24)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S5 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: You may not be able to copy an image to an Advanced Technology Attachment (ATA) disk.
Conditions: This symptom is observed on a Performance Route Processor (PRP) of a Cisco 12000 series Internet router.
Workaround: Replace the ATA disk.
Interfaces and Bridging
•
Symptoms: A cbus complex may be observed on a Cisco router when the following message appears on the serial interface:
%RSP-3-RESTART: interface Serial8/1/0/23:23, not transmittingConditions: This symptom is observed on a Cisco 7500 series router when Multilink PPP (MLP) is configured on the serial interface and distributed Cisco Express Forwarding (dCEF) switching is enabled.
Workaround: There is no workaround.
•
Symptoms: Interfaces may not be created when a channel group is configured on a Cisco 7500 series or a Cisco 7600 series.
Conditions: This symptom is observed only if channel groups are created on an 8-port multichannel T1 port adapter (PA-MC-8T1) and the PA-MC-8T1 is replaced with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) by performing an online insertion and removal (OIR). After the port adapters are switched, the channel-group configuration on the PA-MC-8TE1+ does not work as expected.
Workaround: Remove the channel-group configuration on a port adapter before performing an OIR and replacing the port adapter with another port adapter.
IP Routing Protocols
•
Symptoms: A Cisco router may pause indefinitely on reload with a traceback and bus error exception.
Conditions: This symptom may be observed with a Cisco Open Shortest Path First (OSPF) router that is doing redistribution.
Workaround: There is no workaround.
•
Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.
Conditions: This symptom is observed on a Cisco router that receives excessive multicast control traffic.
Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.
Miscellaneous
•
Symptoms: When a router initiates the FTP control and data connections, the source address for each connection is different.
Conditions: This symptom does not exist if per-destination load balancing is used. Per-destination load balancing, however, causes some destinations to receive more traffic than others, which in turn causes some T1s to drop packets while others are hardly used. The ip ftp source- interface interface global configuration command affects only the control connection but not the data connection.
Workaround: Enter the no ip ftp passive global configuration command or avoid having FTP servers initiate connections to the routers.
•
Symptoms: When you enter the ip cef distributed global configuration command and you create a tunnel interface, packets that are going through the tunnel interface are not switched via distributed switching, and the output of the show running-config EXEC command displays that the no ip route-cache distributed interface configuration command is enabled for the tunnel interface.
Conditions: This symptom is observed on a Cisco 7500 series after you have reloaded the router, you have entered ip cef distributed global configuration command, you have created a tunnel interface using the interface tunnel tunnel-number command, and you have entered the tunnel destination ip-address interface configuration command.
Workaround: Enter the ip route-cache distributed interface configuration command on the tunnel interface.
Alternate Workaround: After you have reloaded the router and before you create a new tunnel, enter the ip cef global configuration command followed by the ip cef distributed global configuration command.
•
Symptoms: A Performance Route Processor (PRP) may reload after the following error message is displayed:
PRP-3-ASM_CORRUPT_PTRConditions: This symptom is observed on a Cisco 12000 series on which a defective 1-port OC-192 Packet-over-SONET (POS) Enhanced Services (ES) Engine line card is installed. The symptom occurs because error recovery does not function properly.
Workaround: There is no workaround.
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A Route Switch Processor 4 Plus (RSP4+) may reload.
Conditions: This symptom is observed on a Cisco 7500 series when you configure the interface loopback interface-number interface configuration command on an interface of the router and the value of the interface-number argument is a 9-digit number that starts with 10.
Workaround: If possible, use another range of numbers for the numbers that are assigned to the loopback interfaces, that is, a range of numbers that do not start with 10.
•
Symptoms: There is a significant performance impact when an Engine 3 (E3) 1xOC48 card is the ingress line card and an Engine 4+ 4xOC48 POS card is the egress line card. Traffic throughput may be reduced.
Conditions: This symptom is observed on a Cisco router when the ingress line card is an E3 1xOC48 line card with an IP link enabled and when the egress line card is an E4+ 4xOC48 POS line card with Multiprotocol Label Switching (MPLS) configured.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 port adapter (PA-E3) may fail to recover to the up/up state even when the original cause of the failure has been corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.
•
Symptoms: Fabric handling may fail because of unknown events and the following error messages may be displayed:
%FABRIC-0-OPERATIONAL: Fabric handling failed: Unknown eventreceived by the fab process %SCHED-3-THRASHING: Process thrashing on watched boolean нFIA queyrн. -Process= "Fabric", ipl= 6, pid= 11 -Traceback= 50235770 50235864 50407968 5021E644 5021E630Conditions: This symptom is observed on a Cisco 12410 series Internet router that has an 8xOC3 ATM Engine 3 line card and a 4xOC12 POS Engine 3 line card that is configured with 150 VPN routing/forwarding (VRF) interfaces. The router is running Cisco IOS Release 12.0(23)S4.
Workaround: There is no workaround.
•
Symptoms: An interface may have an ifIndex value of 4294967295 (-1) and some interfaces may not be in the ifTable.
Conditions: This symptom is observed when a system is in Stateful Switchover (SSO) mode and then is configured to change the redundancy mode to Route Processor Redundancy Plus (RPR+). The standby Performance Routing Engine (PRE) then restarts. If new interfaces are added to the system (the ifTable) at this point and the primary PRE is not reloaded, the symptom occurs.
Workaround: Perform a reload of both Route Processors (RPs).
Alternate Workaround: Perform a forced switchover from SSO mode to RPR+ mode.
•
Symptoms: An Engine 4+ line card that performs Virtual Private Network (VPN) disposition may drop some VPN traffic toward the customer edge (CE) router when the number of Multiprotocol Label Switching (MPLS) VPN clients and prefixes is large.
Conditions: The symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: When you reload a Multiprotocol Label Switching (MPLS) provider edge (PE) router that has 20 PA-MC-2T3+ controllers and 780 channelized interfaces, the first PA-MC-2T3+ controller may have many channelized interfaces in the down/down state.
Conditions: This symptom is observed on an MPLS PE router that has the channelized interfaces that are in the down/down state directly connected to a customer edge (CE) router. If the connection is a T1 interface, then the interfaces on the CE router are in an up/down state. If the connection is sub-T1 (fractional T1), then the interfaces on the CE router are in an up/up state.
Workaround: Reload only the CE router and all the interfaces will go to the up/up state on both the CE router and the PE router.
•
Symptoms: When a Cisco IOS software image runs on a standby Performance Routing Engine (PRE) together with an older version of Cisco IOS software that runs on the primary PRE, the following error message may appear on the standby router:
%IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP: Cannot find IDB index table entry: "", 79After a switchover from the primary PRE to the standby PRE occurs, the interfaces for which the above error messages appear may not be able to send or receive packets.
Conditions: This symptom is observed on a Cisco 10000 series during a Fast Software Upgrade (FSU) operation.
Workaround: There is no workaround.
•
Symptoms: In a Fast Software Upgrade (FSU) and software downgrade test environment, a standby Performance Routing Engine (PRE) may reload.
Conditions: This symptom is observed on a Cisco router when an FSU downgrade from Cisco IOS Release 12.0(26)S to Release 12.0(23)S4 or Release 12.0(24)S3 occurs.
Workaround: Reboot the router.
•
Symptoms: A line card may experience high CPU usage, and report alignment and spurious memory access error messages.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) line card may display high CPU utilization.
Conditions: This symptom is observed on an ISE line card in a Cisco 12000 series when Multiprotocol Label Switching (MPLS) packets are sent to the nonlabel-switched interface of the ISE line card.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a Cisco 12000 series router.
Conditions: This symptom is observed on a Cisco 12000 series router after a service policy is enabled.
Workaround: There is no workaround.
•
Symptoms: Tag entries may be missing on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed on a Cisco 7500 series that has distributed Cisco Express Forwarding (dCEF) enabled.
Workaround: Enter the clear cef linecard user EXEC or privileged EXEC command.
•
Symptoms: A Cisco router may experience a Parallel Express Forwarding (PXF) reload, and the following error messages may appear in the log:
%TOASTER-2-FAULT: T0 Local Bus Exception: CPU[t0r2c2] CM at 0x0A00 LR 0x0A6 % TOASTER-2-FAULT: T0 Exception summary: CPU[t0r2c2] Stat=0x00000022 HW=0x00000000 LB=0x00000040 SW=0x00000000Conditions: This symptom is observed on a Cisco 10720 router that is running the c-10700-p-m image of Cisco IOS Release 12.0(24)S3.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 Plus (E4+) Gigabit Ethernet (GE) or Fast Ethernet (FE) line card that is configured with Any Transport over MPLS (AToM) may fail.
Conditions: This symptom is observed on an E4+ GE or FE line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S as soon as a soft online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC).
Workaround: There is no workaround.
•
Symptoms: The link LED light of a Gigabit Ethernet (GE) line card on a Cisco 12000 series does not light if the port is shut down and brought back up (i.e., no shutdown).
Conditions: This symptom is observed on a Cisco 12000 series when the no negotiation auto interface configuration command is entered on the router.
Workaround: Remove the optical RX cable, and then reconnect the cable.
•
Symptoms: During installation of a router on an OC-48 DPT/RPR ring, the ring became unstable, and 5 Cisco 12000 series routers reloaded, one reloading twice.
Conditions: This symptom is observed on a mix of Cisco 12016 routers and Cisco 12416 routers that are running Cisco IOS Release 12.0(23)S3 3DES software.
Workaround: There is no workaround.
•
Symptoms: The deletion of an ATM subinterface may occasionally cause a secondary Performance Routing Engine (PRE) to reload.
Conditions: This symptom is observed on a Cisco 10000 series that has two PREs that are configured for high availability.
Workaround: There is no workaround. However, the symptom does not affect performance. The primary PRE continues to forward traffic. The secondary PRE will reload if it is configured to do so.
•
Symptoms: The copy function from TFTP into the running configuration file may fail even though it appears as though the copy function has succeeded. An error message similar to the following may be displayed:
Simultaneous configs not allowed:locked from vty0 (111.1.11.111Conditions: This symptom is observed when the service multiple-config- sessions global configuration command is configured on a Cisco 7500 series that has a single Route Switch Processor (RSP) with one vty session that is in configuration mode and if you enter the copy tftp running-config global configuration command from another vty session. Under these conditions, the copy function fails.
Workaround: There is no workaround.
•
This umbrella caveat affects the behavior of Automatic Protection Switching (APS) with PPP, Frame Relay (FR), and path triggers.
–
Symptoms: When the encapsulation ppp interface configuration command is configured with Cisco 12000 series Packet-over-SONET (POS) APS interfaces, some APS operations may result in a spurious selection of interfaces that have been deselected by APS. This behavior may stop all traffic flow through the APS pair or duplicate all packets.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
–
Symptoms: When the encapsulation frame-relay interface configuration command is configured with Cisco 12000 series POS APS interfaces, some APS operations may result in a selection of interfaces that have been selected by APS being set to "protocol down" by FR. This behavior results in the loss of all traffic over the APS pair.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
–
Symptoms: Cisco 12000 series POS APS interfaces do not permit the configuration of path trigger specifications on APS interfaces.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: A failure of an active Route Processor (RP) may cause the standby RP to fail also.
Conditions: This symptom is observed in Cisco 12000 series Internet routers.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card does not forward traffic to networks that are not specifically present in the routing table.
Conditions: This symptom is observed if a default route is learned by way of the ip default network global configuration command. If routes are learned by way of a default route, this symptom is not present.
Workaround: There is no workaround.
•
Symptoms: On Engine 2 (E2) n-port OC3 line cards for the Cisco 12000 series router, the pos delay triggers path router configuration command does not implement the specified delay. This results in the link being brought down for Path Alarm Indication Signal (PAIS) or Path Remote Defect Indication (PRDI) defects whose duration is smaller than the specified delay time.
Conditions: This symptom is observed in all releases of Cisco IOS Release 12.0 ST and in all releases of 12.0 S beginning with Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when packets are tag switched.
Conditions: This symptom is observed when a Bridge-Group Virtual Interface (BVI) is created after the router has booted up, when IP packets are received through the BVI, and when these IP packets are forwarded as Multiprotocol Label Switching (MPLS) packets through another interface.
Workaround: Disable tag switching on the BVI interface by entering the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration.
•
Symptoms: A Simple Network Management Protocol (SNMP) MIB displays the following message for a port adapter that is not present:
"unknown port Adapter"
The show diag privileged EXEC command displays the correct message:
"no PA present"
Conditions: This symptom is observed on a Cisco router with a modular Gigabit Ethernet (GE) or Fast Ethernet (FE) card with no port adapters that is running Cisco IOS Release 12.0(24)S1.
Workaround: There is no workaround.
•
Symptoms: Traffic loss and tracebacks may occur on an Engine 2 (E2) 4xOC12 line card when diagnostics are run on the backup clock scheduler card (CSC).
Conditions: This symptom is observed on a Cisco 12012 router when the backup CSC is in slot 17 of the router.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A reload or online insertion and removal (OIR) of any line card on a Cisco 12000 series Internet router chassis with a 1+1 Automatic Protection Switching (APS) configuration between two CHOC-48 line cards may cause a "deadman timer expired" error. This may result in an incorrect switch working once the line card comes up.
Conditions: This symptom is observed on a Cisco router with a channelized OC48 line card that is running the c12kprp-p-mz image of Cisco IOS Release 12.0(24)S4.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The tag forwarding table on a Cisco 12000 series line card may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.
Conditions: This symptom is observed on a Cisco 12000 series in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link of Engine 3 (E3) channelized OC48 line cards, and that has Automatic Protection Switching (APS) and the pos delay triggers path router configuration command configured.
Workaround: There is no workaround.
•
This caveat consists of two separate symptoms, conditions, and workarounds.
Symptoms 1: A router may reload after a switchover to the standby processor.
Conditions 1: This symptom is observed on a Cisco Route Switch Processor (RSP).
Workaround 1: There is no workaround.
Symptoms 2: After a switchover to a standby processor, the indices of the interfaces in the system may be changed by mistake. This may cause problems with forwarding packets and other inconsistencies.
Conditions 2: This symptom is observed on a Cisco 12000 series.
Workaround 2: There is no workaround.
•
Symptoms: Memory allocated by the ip cef linecard ipc memory kbytes global configuration command is not freed when a standby Route Processor (RP) becomes an active RP.
Conditions: This symptom is observed only when the ip cef linecard ipc memory kbytes global configuration command is used because the allocated memory on the standby RP memory is not freed when the standby RP switches over to become the active RP.
Workaround: There is no workaround.
•
Symptoms: A newly active Route Processor (RP) may display the following error message:
%SCHED-7-WATCH: Attempt to monitor uninitialized watched queue (address 0). -Process= "CEF LC IPC Background"Conditions: This symptom is observed on a Cisco RP during a Stateful Switchover (SSO). The error message is harmless and no functional problems occur as a result of receiving the error message.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(24)S4
Cisco IOS Release 12.0(24)S4 is a rebuild of Cisco IOS Release 12.0(24)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S4 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A router may send linkUp traps with the loclfReason attribute set as "Down" and linkDown traps with the loclfReason attribute set as "Up."
Conditions: This symptom is observed on a Cisco router.
Workaround: Query the link status using the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
•
Symptoms: A Cisco router or switch may reload when it attempts to read the ifIndex information from a NVRAM file during the bootup process.
Conditions: This symptom is observed when the NVRAM file is corrupt.
Workaround: Disable the ifIndex persistence.
•
Symptoms: A Cisco 7500 series router may not generate Simple Network Management Protocol (SNMP) ENVMIB traps during the online insertion and removal (OIR) of a power supply or fan module.
Conditions: These symptoms have been observed on a Cisco 7500 series router that is running Cisco IOS release 12.0(24)S or later.
Workaround: There is no workaround.
•
Symptoms: The cardIfTable table is not correctly populated for channelized interfaces. All of the entries return a value of "-1".
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: Open Shortest Path First (OSPF) may continually advertise in the router's link-state advertisement the IP subnet of the interface, which is in "up/down" state.
Conditions: These symptoms have been observed on Cisco router after the router was reloaded.
Workaround: Enter the clear ip ospf process command in privileged EXEC mode or reload the router while the interface is in the administratively down state.
•
Symptoms: A Cisco 7500 series may generate the following message on its console:
%VIP-3-BADMALUCMD: Unsupported MALU command 81/82Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may reload when you add Border Gateway Protocol (BGP) neighbor statements to the configuration.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S when BGP neighbors are added by using a script that adds the BGP neighbors at a much faster rate than manual addition, and when a large BGP table is already present on the router before the script adds the BGP neighbors.
Workaround: There is no workaround.
•
Symptoms: A Border Gateway Protocol (BGP) peer may not come up after you have disabled message digest 5 (MD5) authentication for BGP neighbors.
Conditions: This symptom is observed when, on a router that is running BGP, you disable MD5 authentication for a BGP peer by using the no neighbor ip-address password router configuration command. The BGP session does not become established, even when you reset the BGP connection by entering the clear ip bgp neighbor-address privileged EXEC command or the clear ip bgp * privileged EXEC command.
Workaround: After you have entered the no neighbor ip-address password router configuration command, reconfigure the BGP session for the neighbor at both sides of the connection.
Alternate Workaround: Reload the router that is running BGP.
•
Symptoms: A Cisco 12000 series may reload when you enter the show bgp ipv6 unicast or show bgp ipv6 multicast user EXEC or privileged EXEC mode command.
Conditions: This symptom is observed when IP version 6 (IPv6) multicast is configured.
Workaround: There is no workaround.
•
Symptoms: An IP packet that is sent with an invalid IP checksum may not be dropped.
Conditions: This symptom is observed if the IP checksum is calculated with a decreased time-to-live (TTL) value. For example, in the situation where the IP checksum must be 0x1134 with a TTL of 3, if the packet is sent with an IP checksum of 0x1234 that is calculated by using a TTL value of 2, the packet is not dropped. In all other cases, packets with incorrect checksums are dropped.
Workaround: There is no workaround.
•
Symptoms: Multicast forwarding entries on a line card may become incorrect, causing packets to be forwarded to the Route Processor (RP). Packets may be dropped from the line card when the outgoing list becomes empty.
Conditions: This symptom is observed after a high availability (HA) switchover has occurred.
Workaround: Reload the line card after the HA switchover has occurred.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptom: A Cisco router running Multicast Source Discovery Protocol (MSDP) may reload when the show ip mdsp peer peer-address advertised-SAs user EXEC/privileged EXEC command is entered.
Condition: These symptoms are only observed on a router that is running MDSP.
Workaround: 1)Enter the no ip domain-lookup command in global configuration mode. 2)If the ip host {name} {address1} global configuration command is configured, the host name should not be more than 36 characters.
Miscellaneous
•
Symptoms: The router may not resolve all dependent routes for a path again.
Conditions: This symptom is observed if the shutdown interface command followed by the no shutdown interface configuration command is issued on the next hop router on a Cisco router that is running Cisco IOS Release 12.1 and that has Multiprotocol Label Switching (MPLS) enabled.
Workaround: A clear ip route for the affected prefix would take down all the paths and ensure that they are rebuilt and hence reresolved. Also the problem does not arise if a shutdown is not performed.
•
Symptoms: A Cisco 7500 series router that acts as the penultimate hop of the backup Label Switched Path (LSP) and that is configured with the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command may have the primary LSP go down when Fast ReRoute (FRR) is enabled on the router.
Conditions: This symptom is observed on a Cisco 7500 series that has Multiprotocol Label Switching (MPLS) traffic engineering (TE) configured.
Workaround: Do not configure the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command.
•
Symptoms: A 4-port OC-3 Packet-over-SONET (POS) Engine 0 line card that is installed in slot 14 of a Cisco 12416 may reload because of a bus error. In the output of the show context all EXEC command, the value of the badVaddr field is 0x14.
Conditions: This symptom is observed on a Cisco 12416 that runs Cisco IOS Release 12.0(21)S1, Release 12.0(23)S2, or Release 12.0(23)S3. More 12.0 S releases may be affected.
Workaround: There is no workaround.
•
Symptoms: When creating IP version 6 (IPv6) Access Control Lists (ACLs), the following message is displayed several times:
%Access list already exists with these parametersIn some cases, looking at the ACL indicates unwanted commands that are added, such as the following:
permit ipv6 any any sequence 20 deny 0 any any sequence 30
These statements cannot be removed from the ACL. In other cases, lines of the ACL are modified. If a remark is added to the ACL once, then it will be repeated in ACL several times.
Conditions: These symptoms are observed in Cisco IOS releases from Cisco IOS Release 12.0(23)S to Cisco IOS Release 12.0(26)S. The symptoms are seen only when the router has dual gigabit route processors (GRPs) installed and with different redundancy modes configured.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on the Versatile Interface Processor (VIP) of a Cisco 7500 series, even though the VIP does not reload.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) forwarding is enabled.
Workaround: There is no workaround.
•
Symptoms: The redundancy state of the standby Route Switch Processor (RSP) will remain in the "standby cold" state.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for Stateful Switchover (SSO) and that has distributed Cisco Express Forwarding (dCEF) enabled. This symptom occurs if there are Versatile Interface Processor (VIP) cards on the Cisco 7500 series that do not have any port adapters installed.
Workaround: There is no workaround.
•
Symptoms: An outgoing adjacency for a Virtual Private Network (VPN) routing/forwarding (VRF) prefix always points to a virtual interface in distributed Cisco Express Forwarding (dCEF).
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) Gigabit Ethernet line card may reload or cause the router that it is installed on to reload.
Conditions: This symptom is observed when an E3 Gigabit Ethernet line card that has 1000 VLANs and that is sending line rate IP version 6 (IPv6) traffic on the VLANs is reloaded.
Workaround: There is no workaround.
•
Symptoms: When one unconfigures a 0/32 static route using the no ip route 0.0.0.0 0.0.0.0 interface global configuration command, the following error message may be generated:
%FIB-4-RADIXINSERT: Error trying to insert prefix entry for 0.0.0.0/0Conditions: This symptom is observed on a Cisco 12000 series Internet router, when using a routing configuration with BGP and EIGRP with the ip default-network address and ip route 0.0.0.0 0.0.0.0 interface commands.
Workaround: There is no workaround.
•
Symptoms: Data Multicast Distribution Tree (MDT) mappings may be deleted too soon, causing a loss of data, or may not be deleted at all, causing unnecessary data to be transferred.
Conditions: These symptoms are observed on a receiving provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may display the following error message and traceback:
1d13h: %IPC-2-PRECLOSE: IPC port pre-closure overflow : 0x10025 : 0x5F
-Traceback= 60366B1C 6035B908 6035BBBCConditions: This symptom is observed on all Cisco platforms that run any versions of Cisco IOS software. It is not known at this time what specific conditions cause this symptom.
Workaround: There is no workaround.
•
Symptoms: If a user attempts to run field diagnostics on a fabric card that is on a 10 Gigabit Ethernet fabric-based router, the user will receive a banner that indicates that the card is not supported.
If a user attempts to run field diagnostics on a fabric card that is on a 2.5 Gigabit Ethernet fabric-based router, the router may reload.
Conditions: This symptom is observed when a field diagnostic is performed against any of the following card types:
hex decimal card type card type BFR_CARD_TYPE_CSC_BFR12 0x11, 17 BFR_CARD_TYPE_SFC 0x12, 18 BFR_CARD_TYPE_CSC_BFR16_OC48 0x17, 23 BFR_CARD_TYPE_SFC_BFR16_OC48 0x18, 24 BFR_CARD_TYPE_CSC_BFR8 0x14, 20 BFR_CARD_TYPE_CSC_BFR4 0x15, 21 BFR_CARD_TYPE_SFC_BFR8 0x16, 22 BFR_CARD_TYPE_CSC_BFRP_OC192 0x19, 25 BFR_CARD_TYPE_SFC_BFRP_OC192 0x1a, 26 BFR_CARD_TYPE_CSC_BFR10 0x1b, 27 BFR_CARD_TYPE_SFC_BFR10 0x1c, 28
Workaround: Use an alternate method to determine if the replacement of the fabric card is necessary.
•
Symptoms: A user session may pause indefinitely, causing a Cisco router to become unresponsive.
Conditions: This symptom is observed when multiple simultaneous users enter modular QoS CLI (MQC) commands on the same router via separate vty sessions.
Workaround: Allow only one user at a time to enter MQC commands.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload. CPUHOG messages may be displayed on the console before the router reloads.
Conditions: This symptom is observed in configurations with many interfaces or IP addresses, or with a very large number of labelled prefixes.
Workaround: There is no workaround.
•
Symptoms: A customer of a service provider (SP) may report poor performance across new long-distance (over 100 km) E3 lines with a file transfer rate of about 3 to 5 Mbps. Frame check sequence (FCS) errors may occur in G.751 frames, "Time to Live," "Transport Retransmission," and "TCP Connection Reset by Server" conditions, and other conditions may occur in the LAN. The symptoms are caused by difficulties with the clock signal.
Conditions: These symptoms are observed on a Cisco 7200 series, Cisco 7500 series, and Cisco 7600 series that are configured with a 1-port E3 serial port adapter (PA-E3), but these symptoms may also occur on a 2-port E3 serial port adapter (PA-2E3). The symptoms are not platform specific but port-adapter specific. The symptoms are not observed when short-distance E3 lines are used.
The clocking is not provided by the Plesichronous Digital Hierarchy (PDH)/Synchronous Digital Hierarchy (SDH) network of the SP but by the internal clock source of one of the routers of the SP customer (that is, the clock source internal controller configuration command is configured), while another router of the SP customer is configured as the clock slave (that is, the clock source line controller configuration command is configured). However, the symptom may also occur when the clocking is provided by the SP.
When a line interruption occurs, the PA-E3 on which the clock source line controller configuration command is configured may not switch back its transmitter clock (which should be synchronized from the incoming clock signal of the line) from internal clocking to line clocking. When the line is down, the router in which this PA-E3 is installed temporarily uses its internal clock signal. When the line comes back up again, the router should switch back to the line clock signal.
Long-distance lines are affected because the router that receives traffic over long-distance lines requires a relatively long time to synchronize its clock via line clock signal. The symptoms are observed during the initial link up and during line interruptions.
Workaround: Use enhanced 1-port ATM E3 port adapters (PA-A3-E3) on which the clocking difficulties do not occur.
Temporary Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the serial interface of the affected PA-E3. Doing so provides a workaround until the next line interruption.
•
Symptoms: CardIfIndexTable entries may be missing for a 1-port multichannel STM-1 multimode port adapter (PA-MC-STM-1MM) and a 1-port multichannel T3 port adapter (PA-MC-T3).
Conditions: This symptom is observed on a Cisco 7200 series when you enter the snmpwalk command.
Workaround: There is no workaround.
•
Symptoms: When a new interface or subinterface is added, the following error message may appear on the console:
ACLs could not add IDB to listIf you have dual Route Processors (RPs), this message appears on the console of both RPs. This situation may lead to incorrect access control list (ACL) behavior when the ACL is modified or when a uCode reload occurs.
Conditions: This symptom is observed on a Cisco 10000 series when a new interface that is configured with an access control list (ACL) is added after an old interface that was also configured with an ACL has been deleted. The symptom does not occur when the old interface that is deleted was not configured with an ACL.
Workaround: Remove the ACL configuration from the interface that you delete before you add a new interface.
•
Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.
Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload.
Conditions: This symptom is observed when Label Distribution Protocol (LDP) peers of the Cisco router advertise a large number of IP addresses because interfaces flap or are configured.
Workaround: There is no workaround.
•
Symptoms: When the MPLS VPN Carrier Supporting Carrier feature is configured on a Cisco router, Label Distribution Protocol (LDP) may advertise a local label binding without installing an associated entry in the Multiprotocol Label Switching (MPLS) forwarding table. When peers of the Cisco router receive the advertised label binding and use the Cisco router as an MPLS next hop for the prefix for which there is no entry in the MPLS forwarding table, packet loss occurs.
Conditions: This symptom is observed when the prefix is advertised by both Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP).
Workaround: Deconfigure and then reconfigure BGP on the Cisco router.
First Alternate Workaround: Reset the BGP connections.
Second Alternate Workaround: Disable and then reenable IP over MPLS globally by using the no mpls ip global configuration command followed by the mpls ip global configuration command.
•
Symptoms: The name of an interface in the output of the show ip vrf interfaces EXEC command may be truncated to 22 characters.
Conditions: This symptom is observed on a provider edge (PE) router that has Virtual Private Network (VPN) routing/forwarding (VRF) configured on an interface when the name of the interface is longer than 22 characters.
Workaround: To display the full name of the interface, enter the show ip vrf EXEC command, that is, without the interfaces keyword.
•
Symptoms: When a Cisco router is configured for both internal Border Gateway Protocol (iBGP) load balancing and Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN), incorrect MPLS labels may be installed. When one of the load-balancing links flaps, connectivity may be lost between the VPN sites.
Conditions: This symptom is observed in the Cisco IOS releases that are listed in the "First Fixed-in Version" field at the following location:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdy76273
Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Disable iBGP load balancing.
•
Symptoms: An IP packet with multiple fragments sent through a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S, 12.0(24)S, 12.0(25)S, or 12.0(26)S may drop small fragments of the packet when MPLS Label disposition takes place, which exposes the underlying IP packet.
Conditions: The egress line card must be an Engine 4+ variant for this to occur, and the fragment must have the MF bit set with an IP payload of 8, 16 or 24 bytes.
Workaround: Configure an explicit null label for the prefix, which creates a TAG to TAG switching path instead of a TAG to IP path.
•
Symptoms: The line protocol on an Engine 4 line card may go down.
Conditions: This symptom is observed on a Cisco 12000 series that switches Multiprotocol Label Switching (MPLS) traffic when both of the following events occur multiple times:
–
–
Workaround: Reload the line card.
•
Symptoms: Cisco Express Forwarding (CEF) interface tables may become corrupted on a Cisco 12000 series line card, causing traffic to be dropped and the following error message to be logged by the affected line card:
%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(1)This situation may cause some or all of the CEF interface information to be removed from the affected line card, which you can verify in the output of the show cef interface EXEC command for the affected line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S when a series of clear cef linecard EXEC commands are executed in quick succession.
Workaround: Enter the clear cef linecard EXEC command just once for the affected line card.
•
Symptoms: A 1-port OC-12 ATM line card may reset after the Forwarding Information Base (FIB) is disabled because of interprocess communications (IPC) failures, as is shown by the following error messages:
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%FIB-3-FIBDISABLE: Fatal error, slot 6: IPC Failure: timeout %GRP-4-RSTSLOT: Resetting the card in the slot: 6,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE
%GRP-3-BAD_STATE: Slot:6 State:In Reset -Traceback= 18BA90 3BC3E4 305DA4 3067C4 306850 306FA8 3070C0Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards:
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), the Label Distribution Protocol (LDP) peer address table may become corrupted and cause the router to reload.
Conditions: This symptom may be observed in situations where three or more routers have advertised the same IP address in LDP address messages. This normally happens when routers have been misconfigured but in very rare circumstances may be done deliberately.
The circumstance can be recognized by the presence of the following error message:
%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0If only one such message is seen for a given IP addressу10.0.0.1 in the above exampleуthen only two routers have advertised the IP address, and only the second is being treated as a duplicate. At least one more such message should be seen if at least three routers have advertised the IP address in question.
Workaround: The symptom does not occur in typical configurations because duplicate addresses are not configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, there is no workaround.
•
Symptoms: Under certain conditions such as SSO switchover or "cl cef linecard" or even route flaps, the Eng3 cards in a router crash, with error messages realted ALPHA errors in the TLU stage. The following strings in error message are relevant to identify this bug: "%EE48-3-ALPHAPAIR: RX ALPHA: TLU PAIR registers"
Conditions: Happens only when there are loadbalance paths for MPLS traffic and some route change occurs.
Workaround: Ensure that there are no loadbalance paths.
•
Symptoms: A memory allocation failure may occur on compiled access control list (ACL) tables. There may be continued attempts to recompile the ACLs that fail.
Conditions: This symptom is observed when compiled ACLs are enabled by entering the access-list compiled global configuration command, and the total number of ACL entries is relatively large (over 1500 lines). Random or constantly changing traffic patterns may cause the compiled ACL tables to grow to the point at which memory fragmentation causes the memory allocation failure.
Workaround: Disable and then reenable the compiled ACLs by entering the no access-list compiled global configuration command followed by the access-list compiled global configuration command.
Alternate Workaround: Completely disable the compiled ACLs.
Second Alternate Workaround: ACLs may sometimes be rearranged to make the list shorter or less complex. This will reduce the memory requirements. Large ACLs used for Border Gateway Protocol (BGP) route prefixes may be converted to use a prefix list configuration instead.
•
Symptoms: When a subinterface is configured with a subinterface number value larger than 65535, the protocol enabled on this subinterface may not be in the proper state for correct operation after the switchover.
Conditions: These symptoms have been observed on Cisco platforms with redundant Route Processors operating in stateful switchover (SSO) redundancy mode.
Workaround: Limit the subinterface number value to an integer less than 65535 while configuring subinterfaces.
•
Symptoms: When you configure unicast Reverse Path Forwarding (uRPF) on a 1-port OC-48 Packet-over-SONET (POS) Engine 2 line card while traffic is passing through the interface, traffic forwarding may stop.
Conditions: This symptom is observed on a Cisco 12416 that runs the gsr-p-mz image of Cisco IOS Release 12.0(23)S3, that is configured with three 1-port OC-48 POS Engine 2 line cards, and that is configured with three Border Gateway Protocol (BGP) peers.
Workaround: To restore traffic forwarding, reload the line card. To prevent the symptom from occurring, enter the shutdown interface configuration command on the interface before you configure uRPF. Then, enter the no shutdown interface configuration command on the interface.
Alternate Workaround: Ensure that uRPF is configured in the startup configuration file before you boot up the router.
•
Symptoms: If an access control list (ACL) is recompiled under heavy load conditions, CPUHOG messages may be generated.
Conditions: This symptom is observed when compiled ACLs are enabled by entering the access-list compiled global configuration command, and the total number of ACL entries is relatively large (over 1500 lines). Random or constantly changing traffic patterns may cause the CPUHOG messages. A side effect of this symptom is that not enough time is provided for other processes, and areas such as keepalives or Cisco Express Forwarding (CEF) management may be impacted.
Workaround: Disable and then reenable the compiled ACLs by entering the no access-list compiled global configuration command followed by the access-list compiled global configuration command.
Alternate Workaround: Disable the compiled ACLs completely.
•
Symptoms: The Sampled NetFlow (SNF) cache is empty on a 3-port Gigabit Ethernet (GE) interface card.
Conditions: This symptom is observed on a GE interface card when Multiprotocol Label Switching (MPLS) is configured on one port and SNF is on another port of the GE card.
Workaround: If MPLS is not configured, SNF functions correctly.
•
Symptoms: On Packet-over-SONET (POS) Engine 2 line cards for a Cisco 12000 series router, IP2TAG traffic does not get rate limited by Per Interface Rate Control (PIRC).
Conditions: This symptom is observed when PIRC is enabled on ingress interface, Multiprotocol Label Switching (MPLS) is enabled on egress interface, and the IP destination is more than one hop away. This symptom is also observed on Engine 2 Gigabit Ethernet line cards.
Workaround: There is no workaround.
•
Symptoms: Multicast packets are not correctly classified by input Quality of Service (QOS)., which causes police, set, and other QoS actions to fail on the multicast packets.
Conditions: These symptoms are observed when QoS is configured on an interface.
Workaround: There is no workaround.
•
Symptoms: A router reloads unexpectedly because of a bus error, which causes a failover to the redundant PRE.
Conditions: These symptoms have been observed on a Cisco router that is running Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround at the current time.
•
Symptoms: Two channel group interfaces on a 1-port multichannel STM-1 port adapter (PA-MC-STM-1) may receive the same ifIndex. This can be observed in the following command output:
show snmp mib ifmib ifindex serial X/X/X:0 Interface = SerialX/X/X:0, Ifindex = 496
show snmp mib ifmib ifindex serial Y/Y/Y:0 Interface = SerialY/Y/Y:0, Ifindex = 496Conditions: This symptom is observed when some of the E1 interfaces are deleted and recreated.
Workaround: Do not delete any of the E1 interfaces.
•
Symptoms: When the ROM of an active Performance Route Processor (PRP) is upgraded, the PRP may pause indefinitely. When the ROM of the standby PRP is upgraded, the upgrade may cause an exception and the standby PRP may reload.
Conditions: These symptoms have been observed when ROM upgrades are performed, and the up all all or up rom slot-number commands are configured on the active and standby PRPs.
Workaround: There is no workaround.
•
Symptoms: Ingress IP version 4 (IPv4) packets on a 1xOC48 Packet-over-SONET (POS) Engine 2 line card get punted to the CPU of the line card.
Conditions: This symptom is observed on a Cisco 12410 Internet router. The router contains two 1x Gigabit Ethernet (GE) line cards, five 1xOC48 line cards, and dual Gigabit Route Processors (GRPs) that are running in Stateful Switchover (SSO) mode. The router is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S2.0822.
Workaround: There is no workaround
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 12000 series that is configured as a Multiprotocol Label Switching (MPLS) provider edge (PE) router that is running Cisco IOS Release 12.0(25)S1.
Workaround: Use the hw-module slot x reload privileged EXEC command.
•
Symptoms: When reloading a router, a port on the card may display an LCD alarm. This alarm will bring the controller and interface down. The far end is functioning properly but is unable to pass traffic because of the downed interface.
Conditions: These symptoms are observed only during reloading the router but do not occur with every reload.
Workaround: Perform the following steps: 1. Put the port into diagnostic serial loopback. 2. Remove the diagnostic serial loopback.
For example: conf t int atm7/0/0 loopback diagnostic serial end
conf t int atm7/0/0 no loopback diagnostic serial end
•
Symptoms: The standby RP of a dual-RP Cisco 12000 series router may get stuck in STRTSTBY mode.
Conditions: This usually occurs after multiple switchovers and is not always reproducible. Traffic is not affected since the Primary RP is always UP.
Workaround: Reload the standby RP.
•
Symptoms: A Cisco router that is in the process of setting up a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel may reload unexpectedly because of a bus error.
Conditions: This symptom is observed under unusual circumstances when the following series of events occur:
- You disable MPLS TE tunnels on the router by entering the no mpls traffic-eng tunnels global configuration command.
- You enter one of the following MPLS TE interface configuration commands on an interface:
mpls traffic-eng attribute-flags attributes
mpls traffic-eng administrative-weight weight
mpls traffic-eng flooding thresholds
- The router attempts to set up a TE tunnel over this interface while the interface state changes to "up." (This event causes the router to reload.)
Workaround: Before you enter any of the above-mentioned MPLS TE interface configuration commands on the interface, ensure that MPLS TE tunnels are enabled on the interface by entering the mpls traffic-eng tunnels interface configuration command. Before you disable MPLS TE tunnels on the interface by entering the no mpls traffic-eng tunnels interface configuration command, ensure that any of the above-mentioned MPLS TE interface configuration commands are removed from the interface.
•
Symptoms: If traffic passes on multiple ports of an 8-port Fast Ethernet (FE) card and the shutdown interface configuration command is entered on one of the traffic-flowing ports, all the other ports stop passing traffic.
Conditions: This symptom is observed on a Cisco 10000 series with an 8-port Fast Ethernet (FE) card that is running a Performance Routing Engine 1 (PRE1) image of Cisco IOS Release 12.0(23)S4. There is no special configuration required to experience this symptom. Ports that pass traffic with a basic default configuration will experience the symptom.
Workaround: Enter the no shutdown interface configuration command to free the other ports. Do not shut down any port on an 8-port Half Height (HH) FE line card until a fix is available.
•
Symptoms: After the redundancy force-switchover privileged EXEC command is entered on a Cisco router, a Versatile Interface Processor (VIP) may reload when the router returns to the Stateful Switchover (SSO) mode.
Conditions: This symptom is observed on a Cisco 7500 series that is running the rsp-pv-mz image of Cisco IOS Release 12.0(25)S1.
Workaround: There is no workaround.
•
Symptoms: The following error may cause a Cisco 10000 series to reload:
%ERR-1-GT64120 (PCI-0): Fatal error, Memory parity error (external)Conditions: This symptom is observed on a Cisco 10000 series when a single bit Error-Correcting Code (ECC) error is detected in the Synchronous Dynamic RAM (SDRAM).
Workaround: There is no workaround.
•
Symptoms: An E4+ Gigabit Ethernet LC in a Cisco 12000 series Internet router that is running 12.0(26)S may reload due to the following error:
%MCC192-3-CPUIF_ERR: Underrun Error: Read Pointer crosses Write Pointer.Conditions: This occurs when the LC receives bad IP packets whose actual length is smaller than what the IP header indicates.
Workaround: None.
•
Symptoms: The following symptoms occur with a traceroute from a remote Customer Edge (CE) router to a local CE router with TTL set to expire at the Provider Edge (PE) router attached to the local CE.
-If the IP packet length of the traceroute is equal to or less than 72 bytes, the Provider Edge (PE) router replies with an ICMP TTL expired message with the VPN interface address.
-If the IP packet length of the traceroute is equal to or more than 73 bytes,the PE replies with an ICMP TTL expired message with the MPLS core interface address.
Condition: These symptoms have been observed in an MPLS VPN environment, with a Cisco 12000 series Internet router running Cisco IOS Release 12.0(23)S4 used as the PE and a 3-Port Gigabit line card used as the MPLS and VPN interface.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) line card on a Cisco 12000 series Internet router running Cisco IOS Release 12.0(25)S1 or 12.0(24)S2 shows the following log messages that can lead to the line card being reset:
SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERRSS: RX ALPHA: ALPHA_CPU_IF100_INT error 1400 control FFFF03FF SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERR: RX ALPHA: error: cpu int 1 mask 277FFFFF ... SLOT 4:Sep 21 07:16:20: %LC-3-ERRRECOVER: Corrected a transient error on line card. ... SLOT 4:Sep 21 07:16:40:: %EE48-3-ALPHAFLOW: rx alpha netflow: Out of order add-delete reportsConditions: These symptoms are observed only under a load when full (non-sampled)aggregated Netflow (ip route-cache flow) is configured on an ISE line card interface.
This problem is not seen with Cisco IOS Release 12.0(25)S, 12.0(25)S2, 12.0(24)S1,and 12.0(26)S. It has been observed with Cisco IOS Release 12.0(25)S1 and 12.0(24)S2.
Workaround: There is no workaround, except to remove full aggregated Netflow.
•
Symptoms: The standby Route Switch Processor (RSP) for a Cisco 7500 series may reload unexpectedly.
Conditions: This symptom is observed on an RSP for a Cisco 7500 series that has a LAN Extender (LEX) interface configured, and that has the Stateful Switchover (SSO) feature enabled.
Workaround: There is no workaround.
•
Symptoms: The OC192E/POS-VSR line card is reloaded with watchdog timeout (sig=23) by process = IPC Seat Manager on a Cisco 12416 router that is running Cisco IOS Release 12.0(23)S3. The log message displays the following:
SLOT 10:Sep 22 20:08:21.291: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3
SLOT 10:Sep 22 20:09:22.287: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3
SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.
-Traceback= 400EBCB4 400EF7F0 400E7534 405B620C 405B6438 40597C64 40558AD0 40559248 4011C728 405676F8 400C2874 400C286Conditions: This symptom occurs because the watchdog timeout (sig=23) by process = IPC Seat Manager in OC192E/POS-VSR line card.
SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.Workaround: There is no workaround. When this symptom occurs, the line card is automatically reloaded.
•
Symptoms: In Layer 2 Tunneling Protocol version 3 (L2TPv3) hairpinning (local switching) configurations, matching the 802.1P values in an inbound class map does not function correctly.
Conditions: This symptom is observed on a Cisco 10720 Internet router that is running Cisco IOS Release 12.0(25) S or later releases, and only occurs when the L2TPv3 configuration uses hairpinning.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) may be in a line card (LC) wait state on a line card even though the line card is in the IOSRUN state.
Conditions: This symptom is observed on a Cisco 12000 series during an upgrade from Cisco IOS Release 12.0(25)S to Release 12.0(25)S1c. The symptom is not specific to any engine and Cisco IOS releases from Release 12.0(24)S forward are affected.
Workaround: Enter the hw-module slot x reload privileged EXEC command to reload the line card.
•
Symptoms: Three-label MPLS packets and one-label MPLS packets impose to a 3- port Gigabit Ethernet (GE) line card at the same time.
Conditions: This symptom is observed on a 3-port GE line card. All three-label MPLS packets may be dropped on the GE in a Carrier Supporting Carrier (CSC) Inter-Autonomous System (InterAS) environment.
Workaround: There is no workaround.
•
Symptoms: "OSPF-4-ERRRCV" and "OSPF-4-BADLENGTH" error messages are observed, and a ping of the directly connected interface may experience 20 percent failure.
Conditions: These symptoms are observed when connecting an IP Services Engine (ISE) OC-48 line card to the router of another vendor at the far end. It is observed that after reloading the other router that the ISE OC-48 line card could be stuck in a bad state, which may cause corrupted packets.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ISE OC-48 interface.
•
Symptoms: When running in non-redundant PRE mode, after a crash, the line cards do not get reset. In rare cases, after Cisco IOS software reloads, there may be a mismatch between the Cisco IOS software and the line card so that the line card does not pass traffic.
Conditions: These symptoms have been observed after Cisco IOS is restarted after a crash when running in non-redundant PRE mode. Anything that goes through the formal reload path (with a single PRE1 in the system) will properly reset the line cards on the way down. This fix resets the cards on the way up as well in case they weren't reset on the way down.
Workaround: There is no workaround. However, after a Cisco IOS software crash, if a line card is not passing traffic, resetting the line card might fix the issue. A reload of the chassis will definitely fix the issue.
•
Symptom: An Engine 2 line card crashes.
Condition: This symptom is observed when Traffic Engineering (TE) tunnels are configured.
Workaround: There is no workaround
•
Symptoms: An Engine 4 based linecard in a Cisco 12000 Router may produce error messages like:
%E4LC-3-ERR_EVENT_WITH_ONE_ARG: GEN6_EXMEM_ALLOC:Invalid region handleAnd the router may crash with a Software Forced Crash, which this output on the console or in the crashinfo file:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CEF process.Conditions: This occurs with large BGP routing tables on the router.
Workaround: None
•
Symptom: In Stateful Switchover (SSO) mode, a standby Route Processor (RP) reloads when it is fully up.
Condition: This symptom has been observed on a Cisco 12000 series Internet router that is running Cisco IOS 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: A Reverse Path Forwarding (RPF) check should be disabled for bootp packets with the source IP address 0.0.0.0 and the destination IP address 255.255.255.255. However, PXF currently disables RPF checks for all packets with the source IP address 0.0.0.0.
Conditions: These symptoms have been observed on Cisco IOS Release 12.0(22)S and later.
Workaround: There is no workaround.
•
Symptoms: A Route Switch Processor (RSP) may reload and display traceback decodes.
Conditions: This symptom is observed on a Cisco 7500 series that has multilink interfaces when the Intermediate System-to-Intermediate System (IS-IS) routing protocol is enabled by entering the router isis area-tag global configuration command and the nsf cisco router configuration command.
Workaround: Unconfigure the router isis area- tag global configuration command.
•
Symptoms: Whenever 512MB RAM is used in Route Switch Processor (RSPs), the slave does not recognize the 512MB RAM.
Conditions: These symptoms are observed when there is 512MB RAM or more in the slave RSPs and also if the Cisco IOS image size is more than 20MB.
Workaround: 256MB RAM can be used.
•
Symptoms: ciscoRFSwactNotification is not generated during a switchover.
Conditions: This symptom has been observed on the Route Processor (RP) on a High Availability machine that is running in stateful switchover (SSO) mode.
Workaround: There is no workaround. Enabling Syslog trap and checking for a RP status change message can be a workaround, but this is not advised due to the possibility of the large amount of syslog traps that may be generated during a switchover or similar situation.
Wide-Area Networking
•
Symptoms Link Control Protocol (LCP) negotiations may fail, and a мfailed to negotiate with peerо message may be displayed.
Conditions This symptom is observed on a Cisco universal access server if the peer sends more than five Configure-Negative acknowledgments (CONFNAKs) or Configure-Rejects (CONFREJs) on the link for the current or previous LCP negotiation.
Workaround Configure the ppp max-failure 10 command on the link to allow the remote peer to exhaust the Negative acknowledgment (NAK) or Reject acknowledgment (REJ) count and resume negotiations before the Cisco universal access server drops the link.
•
Symptoms: A router may reload when doing a show running after creating a channelized group interface.
Conditions: This symptom may be observed if channelized interfaces had previously been created, configured with Frame Relay encapsulation and subsequently deleted without removing the encapsulation first.
Workaround: Remove the Frame Relay encapsulation before deleting the channel group interface.
Resolved Caveats—Cisco IOS Release 12.0(24)S3
Cisco IOS Release 12.0(24)S3 is a rebuild of Cisco IOS Release 12.0(24)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S3 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: The ifIndex may not synchronize when you use third-party vendor software with Cisco IOS software and a standby router comes up after a Stateful Switchover (SSO) has occurred.
Conditions: This symptom is observed on a Cisco 12416 that is running Cisco IOS Release 12.0(24)S and that has line cards that are configured with about 2000 Gigabit Ethernet (GE) subinterfaces.
Workaround: Reduce the number of GE subinterfaces. (For example, with only 10 GE subinterfaces, the symptom does not occur.)
•
Symptoms: Information about a port adapter (PA) may be missing from the output of a show diag command.
Conditions: This symptom is observed on a controller with a memory size of 128 MB DRAM and 8192 KB SRAM. The controller displays the following information:
PA Bay 0 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 0
HW rev 0.00, Board revision UNKNOWN
Serial number: 00000000 Part number: 00-0000-00
PA Bay 1 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 1
HW rev 1.00, Board revision A0
Serial number: 08534388 Part number: 73-1688-04Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a watchdog timeout condition when you poll the ciscoEnvMonTemperatureStatusValue MIB variable.
Conditions: This symptom is observed when the MIB variable has an index that is larger than 6. Indexes 0 to 6 are valid indexes; indexes that are larger than 6 are not valid indexes.
Workaround: There is no workaround.
•
Symptoms: When High System Availability (HSA) is configured, the standby Route Switch Processor (RSP) may not become active when the primary RSP reloads unexpectedly.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(24)S when you configure the primary RSP in slot 2 and the standby RSP in slot 3.
Workaround: Configure the secondary RSP in slot 2 by entering the slave default-slot 2 global configuration command. The symptom does not occur when you configure the secondary RSP in slot 2 and the primary RSP in slot 3.
EXEC and Configuration Parser
•
Symptoms: When any command that triggers the nonvolatile generation (NVGEN) process is executed through a new vty session, certain interface configuration commands that support the Best Effort Method, such as the ip vrf interface configuration command, the ntp disable interface configuration command, and the service-policy output interface configuration command, may not properly synchronize with a standby Route Processor (RP) or Performance Routing Engine (PRE) because of a failure in the post NVGEN process.
For example, when you enter the ip vrf interface configuration command while the show running-config privileged EXEC command is being executed in a Telnet session, the configuration of the ip vrf interface configuration command may not properly synchronize with the standby RP or PRE, and a "Post NVGEN failure" message may be generated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(23)S2 or a later release.
Workaround: Do not enter commands that trigger the NVGEN process while you configure commands that support the Best Effort Method.
IP Routing Protocols
•
Symptoms: A router may reload when a Virtual Private Network (VPN) neighbor is deleted.
Conditions: This symptom is observed on a Cisco router that has a VPN neighbor.
Workaround: There is no workaround.
•
Symptoms: A customer edge (CE) router may reject next hop routes to a provider edge (PE) router.
Conditions: This symptom is observed when the PE router does not advertise itself as the next hop to the CE router that is configured for external Border Gateway Protocol (eBGP).
Workaround: Configure the PE router as the BGP next hop for the CE router by entering the neighbor ip-address next-hop-self router configuration command on the PE router.
•
Symptoms: A Border Gateway Protocol (BGP) next-hop router may not redistribute Virtual Private Network (VPN) routes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S.
Workaround: There is no workaround.
•
Symptoms: When a Border Gateway Protocol (BGP) neighbor deleted, the following error message may appear:
% BGP: Peer is being deleted.Conditions: This symptom is observed when the BGP neighbor is configured for Network Layer Reachability Information (NLRI) mode and functions as both a unicast and a multicast neighbor.
Workaround: There is no workaround. Attempt to delete the BGP neighbor at a later time.
•
Symptoms: A Cisco router may reload when the tunnel bandwidth is changed at the ingress point of a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel.
Conditions: This symptom is observed in a multivendor environment. Another Cisco router serves as the ingress point of the MPLS TE tunnel.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload because of a race condition when you enter the no router ospf global configuration command or the no ip vrf global configuration or router configuration command.
Conditions: This symptom is observed when you run a configuration script in which the commands are entered in a very fast sequence.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series that is configured with two Performance Routing Engine 1 (PRE-1) processors may stop functioning as a redundant system.
Conditions: This symptom is observed when you enter the bgp upgrade-cli router configuration command.
Workaround: Reload the standby PRE-1.
•
Symptoms: When refresh reduction is enabled and a Cisco router has been operational for a long time, valid Resource Reservation Protocol (RSVP) messages that are received from a neighbor may be dropped when the message IDs have cycled through the entire number space once (that is, from 0 to 4,294,967,295) and then progressed up to 2,147,483,648 (0x80000000).
Conditions: This symptom is observed when a message ID number space begins at zero, increases up to 4,294,967,295 (32 bits), but then does not properly wrap back to zero, causing message IDs greater than 2,147,483,648 to be out of sequence, and to be dropped.
Note that a neighboring router is able to send Message IDs and properly wraps back from 4,294,967,295 to zero, but the receiving router that does not record the wrap event, causing the symptom to occur.
Workaround: There is no workaround.
•
Symptoms: You may not be able to configure the ip vrf receive interface configuration command.
Conditions: This symptom is observed when the interface on which you attempt to configure the ip vrf receive interface configuration command does not have an IP address configured.
Workaround: First configure an IP address on the interface, then enter the ip vrf receive interface configuration command on the interface.
ISO CLNS
•
Symptoms: A Cisco router that is running Intermediate System-to-Intermediate System (IS-IS) may not unset the IS-IS overload bit after a redundancy switchover, preventing the IS-IS connectivity from being restored.
Conditions: This symptom is observed on a Cisco router that has two Route Processors (RPs) in a redundant configuration.
Workaround: To restore the IS-IS connectivity, and to prevent the symptom from occurring again, enter the no set-overload-bit on-startup router configuration command on the primary RP.
Miscellaneous
•
Symptom: A Cisco router may reload when you remove a Label Distribution Protocol (LDP) configuration before an Ethernet over Multiprotocol Label Switching (EoMPLS) configuration.
Conditions: This symptom is observed in rare situations on a router that is configured for EoMPLS when you enter the no mpls l2transport route interface configuration command.
Workaround: There is no workaround.
•
Symptoms: Directly-connected neighbors may be displayed in the "Targeted Hellos" field in the output of the show mpls ldp discovery privileged EXEC, which is incorrect behavior. This situation does not impact routing functionality.
Conditions: This symptom is observed in an Any Transport over Multiprotocol Label Switching (AToM) environment and is platform independent.
Workaround: There is no workaround.
•
Symptoms: When you configure a Virtual Private Network (VPN) on a router that is configured with dual Route Processors (RPs), a VPN routing/forwarding (VRF) table ID that is associated with a particular VRF instance may have different values in the active RP and the standby RP. This situation causes failures in the processing of Cisco Express Forwarding (CEF) interprocess communication (IPC) messages on the standby RP for CEF IPC messages that contain an inconsistent VRF table ID, and CEF may be disabled.
Inconsistent VRF table IDs may also cause a memory loss on the standby RP, and when a switchover occurs from the active RP to the standby RP, more difficulties may occur.
Conditions: These symptoms are observed on router that is configured for Stateful Switchover (SSO) when VRF instances are deleted.
Workaround: There is no workaround; however, these actions minimize the occurrence of the symptoms:
–
–
–
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
%FIB-2-IFINDEXILLEGAL: An internal software error occurred. Argument ifindex is out of bounds at -1.Condition 1: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a tunnel interface, then remove the tunnel interface, and then add the tunnel interface again.
Workaround 1: There is no workaround.
2.
% CEF IDB corresponding to Serial12/0/0/8:0 is not foundCondition 2: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a serial interface, then remove the serial interface, and then add the serial interface again.
Workaround 2: There is no workaround.
•
Symptoms: Tag Distribution Protocol (TDP) may not convey the label change information for a prefix that is learned via an exterior Border Gateway Protocol plus (EBGP+) label to its TDP peers.
Conditions: This symptom is observed on a Cisco 7500 series when TDP is used. The symptom does not occur when Label Distribution Protocol (LDP) is used.
Workaround: There is no workaround.
•
Symptoms: An OC-48 Packet-over-SONET (POS) interface may flap immediately after a high availability (HA) Fast Software Upgrade (FSU).
Conditions: This symptom is observed on a Cisco 10000 series when an HA FSU is performed from an image of Cisco IOS Release 12.0(23)S1 to an image of Release 12.0(23)S2.
Workaround: There is no workaround.
•
Symptoms: A 6-port OC-3/STM-1 Packet-over-SONET (POS) line card may produce traceback messages while downloading the line card image.
Conditions: This symptom is observed on a Cisco 10000 series router that runs Cisco IOS Release 12.0(23)S, Release 12.0(24)S, or Release 12.0(25)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reload because of a software condition.
Conditions: This symptom is observed when you deconfigure the ipv6 access-list global configuration command.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Conditions: This symptom is observed when Virtual Private Network (VPN) routing/forwarding (VRF) forwarding is configured on the interfaces that flap.
Workaround: There is no workaround.
2.
Conditions: This symptom is observed when you perform an OIR of an interface that has a VRF configuration in which the connected route is learned via a network statement. The connected route is removed when you perform the OIR.
Workaround: Do not simultaneously enter the clear ip bgp * privileged EXEC command and perform an OIR.
•
Symptoms: The E3 controller of a 1-port multichannel E3 port adapter (PA-MC-E3) is missing from the IF-MIB and DS3-MIB MIBs.
Conditions: This symptom is observed when you run the IF-MIB MIB or DS3-MIB MIB for a PA-MC-E3. The symptom occurs in all Cisco IOS releases.
Workaround: There is no workaround.
•
Symptoms: Copying a file from a TFTP server to a Cisco 10720 may time out. A Telnet connection via any interface except for the console/AUX port on a Cisco 10720 may pause for several minutes before the connection recovers automatically.
Conditions: These symptoms are observed when Weighted Random Early Detection (WRED) is configured on a policy map, and the policy map is applied to any interface on a Cisco 10720.
Workaround: Remove the WRED configuration from all interfaces.
•
Symptoms: A Cisco 10000 series may reload because of a bus error exception.
Conditions: This symptom is observed if a label value of 500 or greater is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 500or
Router#show hardware pxf cpu mpls labels 2-500The Cisco 10000 series does not reload if a label value of less than 500 is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 499or
Router#show hardware pxf cpu mpls labels 2-499Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require:
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, you query the mplsXCTable or a MIB walk occurs, and there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.
Workaround: Perform the following steps:
1.
2.
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server community public view nolsrmib ro
snmp-server view nolsrmib iso include
3.
•
Symptoms: A Flash Advanced Technology Attachment (ATA)-disk card may become corrupted because of simultaneous accesses to the card. The corruption may not be immediately obvious. Signs of corruption are:
–
–
Conditions: This symptom is observed when you enter the show file system EXEC command while a file is being written to the ATA-disk card or when you enter the dir filesystem: EXEC command while a file is being written to the same device as the target of the dir filesystem: EXEC command.
Workaround: Avoid using any commands that access the ATA-disk card while a file is being written to the ATA-disk card.
•
Symptoms: A Cisco router that is running Multiprotocol Label Switching (MPLS) may reload after a message similar to the following is generated:
%SYS-3-OVERRUN: Block overrun at 5414B2C8 (red zone 00000000)Conditions: This symptom is observed when more than 672 Label Distribution Protocol (LDP) sessions are established simultaneously and when LDP cannot perform some background tasks for an advertised Label Information Base (LIB) entry before the local label is changed or withdrawn.
Workaround: There is no workaround.
•
Symptoms: A memory allocation (MALLOC) failure may occur during a Cisco Express Forwarding (CEF) process on a redundant Route Processor (RP), causing the redundant RP to stop processing enqueued CEF update messages that were sent by the active RP, which can be observed in the output of the show cef linecard EXEC command.
Because the redundant RP no longer processes CEF update messages that are sent by the active RP, the message queue on the active RP continues to grow, causing the free memory of the active RP to decrease. The rate of this decrease depends on the rate of prefix changes in the network. The continued growth of the message queue eventually results in a MALLOC failure on the active RP, or results in being disable CEF.
Conditions: This symptom is observed on a Cisco router that is configured with redundant RPs.
Workaround: Reload the redundant RP by entering hw-module secondary-cpu reset EXEC command.
•
Symptoms: A Cisco 7200 series or Cisco 7500 series may drop Virtual Private Network (VPN) traffic for a period of time when one of the label switch controllers (LSCs) along a path is reset. The period of time is dictated by the time that a Label-Controlled ATM (LC-ATM) interface requires to reestablish the ATM label virtual circuit (LVC) by using the downstream-on-demand mode.
Conditions: This symptom is observed on a Cisco 7200 series or Cisco 7500 series that functions in a Multiprotocol Label Switching VPN environment with a LC-ATM core that is configured with multiple paths to an egress provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: External internal Border Gateway Protocol (eiBGP) multipath loadsharing may not use all the available BGP paths.
Conditions This symptom occurs in cases where all external Border Gateway Protocol (eBGP) routes for the prefix affected are locally imported from another VPN routing/forwarding (VRF). As a result, there is no local label associated with the prefix in the "imported" VRF and this leads to all paths not being used.
Workaround: Have at least one eBGP route for that prefix learned from an eBGP peer directly, instead of importing from another VRF. The creation of a local label occurs, and, as a result, all BGP paths would be used.
•
Symptoms: On a Cisco router that runs IP over Multiprotocol Label Switching (MPLS), the Route Processor (RP) on which Label Distribution Protocol (LDP) is configured may attempt to access freed memory, causing the router to reload.
Conditions: This symptom is observed in rare situations on a Cisco router when an interface with hundreds of associated IP addresses is administratively disabled.
Workaround: There is no workaround.
•
Symptoms: After you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface, pings may fail on this interface.
Conditions: This symptom is observed on an interface that has both PPP and Intermediate System-to-Intermediate System (IS-IS) configured.
Workaround: There is no workaround.
•
Symptoms: Any Transport over MPLS (AToM) traffic may be dropped at the disposition line card.
Conditions: This symptom is observed on a Cisco 12000 series when the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature is enabled on an 8-port OC-3 ATM line card and the disposition line card is an Engine 3 line card, such as a 4-port OC-12 Packet-over-SONET (POS) line card or a 1-port OC-48 POS line card.
Workaround: There is no workaround.
•
Symptoms: The Label Distribution Protocol (LDP) session between two adjacent routers may fail to establish when you configure the seconds argument of the mpls ldp discovery hello interval seconds global configuration command for one router to be significantly shorter in duration than the seconds argument of the same command for the other router.
Conditions: This symptom is observed in an IP over Multiprotocol Label Switching (MPLS) configuration when the router that is configured with the seconds argument of longer duration is also configured to actively establish the TCP connection (in conformance with Section 2.5.2 of RFC 3036).
The output of the show mpls ldp discovery detail privileged EXEC command indicates that the associated discovery interface of the router that is configured to actively establish the TCP connection is stuck in the "xmit (not ready)" state.
The router that passively establishes the TCP connection may indicate via "NBRCHG" log messages that the LDP session comes up and immediately goes down repeatedly.
Workaround: For both routers, configure the seconds argument to be of similar duration by using the mpls ldp discovery hello interval seconds global configuration command or the mpls ldp discovery hello holdtime seconds global configuration command.
•
Symptoms: Packet loss may occur during Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel reoptimization on a Cisco 12000 series.
Conditions: This symptom is observed when the initial outgoing interface of the TE tunnel is configured on an IP Services Engine (ISE) line card and when at least 200 Interior Gateway Protocol (IGP) prefixes can be reached through the tunnel.
Workaround: There is no workaround.
•
Symptoms: On a Cisco platform, free memory may decrease gradually during normal system operation. When network instability occurs, free memory may decrease in the order of tens of MBs over a short period of time.
The output of the show processes memory EXEC command indicates that the Border Gateway Protocol (BGP) router process holds an amount of memory that is increasing as the free memory is decreasing.
Conditions: This symptom is observed on a Cisco platform that is running Cisco IOS Release 12.0(23)S1 or a later release and that has the ip default-network network-number global configuration command enabled.
Workaround: Disable the ip default-network network-number global configuration command to stop the free memory from decreasing. However, to free up the held memory, reload the platform.
•
Symptoms: At least 30 percent of the CPU of a Performance Routing Engine 1 (PRE-1) may be utilized to process flows, causing the number of packets that are processed per second to be much lower than you would expect.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow and NetFlow export are enabled and there is a large number of flows (more than 10,000).
Workaround: Disable NetFlow.
Alternate Workaround: Reduce the number of entries in the NetFlow cache of the Route Processor (RP) by entering the ip flow-cache entries 1024 global configuration command. Doing so reduces the load of the CPU of the PRE-1. Note that the primary cache is located on the Parallel Express Forwarding (PXF) processor and supports a fixed number of 512 entries.
•
Symptoms: When an ATM link flaps or a remote ATM platform reloads, a Fast Etherchannel may fail and Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are connected via the Fast Etherchannel may be lost.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-pv-mz image of Cisco IOS Release 12.0(21)S5.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 2 (E2) line card may not properly process Multiprotocol Label Switching (MPLS) packets, causing the processor of the E2 line card to forward corrupted packets.
Conditions: This symptom is observed when an E2 line card receives MPLS packets with a top label that is zero or explicit null.
Workaround: There is no workaround.
•
Symptoms: The traceroute privileged EXEC command may not work for the IP address of a generic routing encapsulation (GRE) tunnel in a Multiprotocol Label Switching (MPLS) network, and the router at the receiving end may generate traceback error messages.
Conditions: This symptom is observed in an MPLS network when you configure a generic routing encapsulation (GRE) tunnel between a Cisco 10000 series that is configured as a provider edge (PE) router and another PE router.
Workaround: To determine a path in the MPLS network, shut down the GRE tunnel and enter the traceroute privileged EXEC command for the IP address of the physical link.
Alternate Workaround: Reload the microcode onto the Parallel Express Forwarding (PXF) by entering the microcode reload pxf privileged EXEC command.
•
Symptoms: A value of 4,294,967,295 (hexadecimal 0xffffffff) may appear in the ifIndex field of the ifTable for the first channelized T3 controller (CT3) of a 6-port CT3 line card that is installed in a slot of a Cisco 10000 series. This situation causes the ifTable to lose its entries for all other CT3 (or T3 and DSX3) controllers, making them unavailable for Simple Network Management Protocol (SNMP) access.
In a situation in which some SNMP access tools treat the ifIndex values as signed integers, these SNMP access tools may interpret the ifIndex value of 4,294,967,295 as its signed value of -1. When a router walks tables that are indexed by an abnormal ifIndex value such as -1, loops may occur.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Route Processor Redundancy Plus (RPR+) when a switchover occurs. The symptom may also occur when a Stateful Switchover (SSO) occurs and the Cisco 10000 series software image that is loaded onto the secondary Route Processor (RP) is a newer version than the software image that is running on the primary RP, causing the router to default to RPR+ because of the mismatch between the two software images on the RPs.
At least one channelized interface must be defined on any CT3 controller in order for the symptom to occur.
You can reproduce the symptom in a simple configuration with two 6-port CT3 line cards in slots 6/0 and 7/0, when the only interface that is defined is a single T1 channel group, 6/0/3/1:0. Before an RPR+ switchover, the output of the snmpwalk command indicates the following controller indices:
interfaces.ifTable.ifEntry.ifIndex.3 = 3 interfaces.ifTable.ifEntry.ifIndex.4 = 4 interfaces.ifTable.ifEntry.ifIndex.5 = 5 interfaces.ifTable.ifEntry.ifIndex.6 = 6 interfaces.ifTable.ifEntry.ifIndex.7 = 7 interfaces.ifTable.ifEntry.ifIndex.8 = 8 interfaces.ifTable.ifEntry.ifIndex.9 = 9 interfaces.ifTable.ifEntry.ifIndex.10 = 10 interfaces.ifTable.ifEntry.ifIndex.11 = 11 interfaces.ifTable.ifEntry.ifIndex.12 = 12 interfaces.ifTable.ifEntry.ifIndex.13 = 13 interfaces.ifTable.ifEntry.ifIndex.14 = 14The associated data objects are also shown:
interfaces.ifTable.ifEntry.ifDescr.3 = T3 6/0/0 interfaces.ifTable.ifEntry.ifDescr.4 = T3 6/0/1 interfaces.ifTable.ifEntry.ifDescr.5 = T3 6/0/2 interfaces.ifTable.ifEntry.ifDescr.6 = T3 6/0/3 interfaces.ifTable.ifEntry.ifDescr.7 = T3 6/0/4 interfaces.ifTable.ifEntry.ifDescr.8 = T3 6/0/5 interfaces.ifTable.ifEntry.ifDescr.9 = T3 7/0/0 interfaces.ifTable.ifEntry.ifDescr.10 = T3 7/0/1 interfaces.ifTable.ifEntry.ifDescr.11 = T3 7/0/2 interfaces.ifTable.ifEntry.ifDescr.12 = T3 7/0/3 interfaces.ifTable.ifEntry.ifDescr.13 = T3 7/0/4 interfaces.ifTable.ifEntry.ifDescr.14 = T3 7/0/5After the RPR+ switchover, the index list for the CT3 controllers contains only the following entry:
interfaces.ifTable.ifEntry.ifIndex.4294967295 = -1The associated data object is shown only for the controller that is assigned to this index (that is, the first controller on the line card on which an interface is assigned):
interfaces.ifTable.ifEntry.ifDescr.4294967295 = T3 6/0/0Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: Although the input rate on a 3-port ingress Gigabit Ethernet (GE) line card may vary from 300 kpps to 1.5 Mpps, the line card forwards traffic at only about 290 kkps. Similarly, when the input rate is lower than 290 kpps, the line card forwards traffic at a rate that is much lower than 290 kpps.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(25)S when Border Gateway Protocol Policy Accounting (BGP PA) is configured on a physical port of the 3-port ingress GE line card.
Workaround: There is no workaround.
•
Symptoms: Packets may drop from an Engine 2 (E2) line card on which an outbound access control list (ACL) is configured.
Conditions: This symptom is observed on a Cisco 12000 series when the access-list access-list-number deny protocol any any global configuration command is configured on the E2 line card and you have entered 0 for the protocol argument.
The symptom does not occur on an E2 line card on which an inbound ACL and the access-list access-list-number deny protocol any any global configuration command are configured and you have entered 0 for the protocol argument.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) labels may be imposed erroneously on multicast packets.
Conditions: This symptom is observed on a Cisco 10720 when multicast packets are transmitted via Packet-over-SONET interfaces that are configured for MPLS.
Workaround: There is no workaround.
•
Symptoms: A 1x10 Gigabit Ethernet (GE) Engine 4 plus (E4+) linecard that is configured with Carrier Supporting Carrier feature with IP version 4 (IPv4) Border Gateway Protocol (BGP) labels may stop forwarding traffic after performing microcode reload on the linecard.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S1.
Workaround: Enter the clear ip bgp * privileged EXEC command on both local and remote Carrier Supporting Carrier Provider Edge router.
•
Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.
Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.
To clear the symptom, reload the router.
Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.
•
Symptoms: In the output of the show ip traffic EXEC command, the received rate is less than the forwarded rate for the same period of time. It should be the opposite: the received rate should be greater than the forwarded rate. This situation impacts the Simple Network Management Protocol (SNMP) counters.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Parallel Express Forwarding (PXF) network processor may reload when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an egress interface.
Conditions: This symptom is observed on a Cisco 10720 when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a subdirectory is created on an Advanced Technology Attachment (ATA) Flash disk.
Conditions: This symptom is observed when the ATA Flash disk space that is allocated to the subdirectory contains data from previously deleted files.
When a subdirectory is created or extended, it is given space on the ATA Flash disk. If this space contains zeros, the symptom does not occur. However, if the space was previously used, the space does contain data bytes from the previous file, and these data bytes may confuse the file system. This situation may cause the router to reload.
Workaround: Do not create subdirectories on the ATA Flash disk.
•
Symptoms: When a Cisco router is performing tag imposition, it may reload because of a bus error.
Conditions: This symptom is observed when you create a new generic routing encapsulation (GRE) tunnel after the router has booted up and when GRE packets are received through this GRE tunnel and forwarded as Multiprotocol Label Switching (MPLS) packets.
Workaround: Enter the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command on the newly-created GRE tunnel interface.
•
Symptoms: Packets may be dropped by a Cisco 12000 IP Services Engine (ISE) line card if they are locally generated or forwarded in the slow pass by the line card, and if they exit the router through an ATM Engine 0 line card (1-port OC-12 ATM or 4-port OC-3 ATM). For example, these packets may be locally generated by ISE line card NetFlow export packets, Internet Control Message Protocol (ICMP) echo replies, or ICMP unreachable messages that exit the router through an Engine 0 ATM line card.
Packets that match the conditions listed below may be dropped. If they are NetFlow export packets, they can be seen in the output of the show ip flow export command in the line "export packets were dropped due to output drops." If they are ICMP echo reply packets, pings will fail.
Conditions: The following three conditions exist simultaneously for the dropped packets:
–
–
–
This caveat affects Cisco IOS Release12.0(21)S, Release 12.0(22)S, Release 12.0(23)S, and Release 12.0(24)S. It does not apply to Release 12.0(25)S and later releases.
Workaround: There is no workaround.
•
Symptoms: Line Remote Defect Indicators (LRDIs) may be transmitted on both the working line and the protect line after an automatic protection switching (APS) switchover has occurred.
Conditions: This symptom is observed when a 4-port OC-3 ATM line card is configured for APS and a Loss of Signal (LOS) occurs.
Workaround: There is no workaround.
•
Symptoms: Ports on an 8-port OC-3 ATM line card may fail to come up and may generate the following continuous SONET alarms:
%SONET-4-ALARM: ATM10/6: ~SLOF ~SLOS ~LAIS ~LRDI ~PAIS ~PRDI PLOPConditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S1.
Workaround: Reload the line card.
•
Symptoms: Fragmented packets that include padding data may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 10-port Gigabit Ethernet (GE) line card and an Engine 4 line card.
Workaround: There is no workaround. Note that the symptom does not occur when you replace the 10-port GE line card with a 3-port GE line card.
•
Symptoms: A Cisco 7500 series or Cisco 7600 series may generate the following error message on its console:
Invalid memory action (malloc) at interrupt levelConditions: This symptom is observed when you enter the clear counters EXEC command.
Workaround: There is no workaround.
•
Symptoms: Layer 2 may forward an incorrect MAC address when a policed packet is rerouted to a next-hop address.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4 plus line card when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly after you have modified an access control list (ACL) and have entered the clear pxf interface privileged EXEC command.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not enter the clear pxf interface privileged EXEC command.
•
Symptoms: A Performance Route Processor (PRP) on a Cisco 12000 series can reload with a SIGTRAP exception after receiving a 1612 bytes or longer frame on an Ethernet0 or Ethernet1 interface.
Conditions: This symptom is observed only on the PRP. The Gigabit Route Processor (GRP) is not affected.
Workaround: Isolate the PRP Ethernet ports to an isolated Ethernet segment.
•
Symptoms: A secondary Route Switch Processor (RSP) may reload when a service policy is detached from an ATM permanent virtual circuit (PVC).
Conditions: This symptom is observed on a Cisco 7500 series that is configured with two RSPs in a redundant configuration.
Workaround: First remove the PVC; then, recreate the PVC without the service policy attached to it.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, when primary traffic engineering (TE) tunnels are configured between provider edge (PE) routers, and these primary TE tunnels are configured for Fast Reroute (FRR) link protection, a 50-ms convergence time may not be achieved in the core of the network, even when very small VPN routing and forwarding (VRF) prefix tables are configured.
Conditions: This symptom is observed when the PE headend router is the point of local repair (PLR). The PE headend router is the router that performs VPN label imposition, that functions as the primary TE tunnel headend, and that functions as the uplink to a provider (P) router.
Workaround: There is no workaround. Note that FRR link protection functions correctly for IP version 4 (IPv4) traffic and for Any Transport over MPLS (AToM) traffic. Also, note that FRR link protection functions correctly for VPN traffic on PLRs other than the PE headend that is mentioned in the conditions, such as a P router that functions as a link to another P router, and a P router that functions as a downlink to a PE router.
•
Symptoms: A standby card may not be able to switch to the active state.
Conditions: This symptom is observed in a Redundancy Framework (RF) environment when ATM, High-Level Data Link Control (HDLC), or Frame Relay clients synchronize data during the "standby-bulk" state.
Workaround: There is no workaround.
•
Symptoms: A primary Performance Routing Engine 1 (PRE-1) may reload because of memory corruption.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface of a 1-port Gigabit Ethernet line card.
Workaround: There is no workaround. Note that the symptom does not occur with a 1-port Gigabit Ethernet half-height line card.
•
Symptoms: Any packets that are locally generated by a Route Processor (RP) or Route Switch Processor (RSP) may not be properly forwarded over a Multiprotocol Label Switching (MPLS) traffic engineering (TE) Fast Reroute (FRR) backup tunnel.
Conditions: This symptom is observed on any Cisco platform that has a distributed architecture such as a Cisco 7500 series and a Cisco 12000 series when the Cisco Express Forwarding (CEF) adjacency for the primary TE tunnel appears to be incomplete, as can be displayed in the output of the show adjacency type number EXEC command when you enter the primary TE tunnel interface for the type and number arguments.
Workaround: There is no workaround.
•
Symptoms: A Flash-disk timeout error such as the "ATA_Status time out waiting for 1" error may occur.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S and that is configured with an Advanced Technology Attachment (ATA) Flash disk.
Workaround: To restore proper disk function, remove and reinsert the disk.
•
Symptoms: An interface may retain its Virtual Private Network (VPN) routing/forwarding (VRF) configuration when it should not.
Conditions: This symptom is observed when you configure VRF forwarding on a loopback interface on a provider edge (PE) router, you delete the loopback, and then you add the loopback again.
Workaround: Remove VRF forwarding from the loopback before you delete the loopback.
•
Symptoms: A Cisco 10720 may reload.
Conditions: This symptom is observed under rare circumstances when a SONET bit error rate (BER) is reported.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the Parallel Express Forwarding (PXF) interprocess communications (IPC) buffer on a Cisco 10720, as may be seen in the "toaster IPC buffer" counter in the output of the show buffers EXEC command.
When the buffer pool is empty, the following error messages may appear, you may no longer be able to Telnet to the router, and the router may reload unexpectedly:
%CAMR_QUEUE_CFG_GENERAL-3-EREVENT: Error @
../toaster/camr_rp/camr_tt_queue_cfg.c:463
-Traceback= 500DB204 500DB2BC 503954D8 503986EC 50330A58%SYS-2-MALLOCFAIL: Memory allocation of 18196 bytes failed from 0x502C5BD0, alignment 32
Pool: I/O Free: 552 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool-Process= "Pool Manager", ipl= 0, pid= 5
-Traceback= 50308EEC 5030A8E8 502C5BD8 5031DD3C 5031DE7CConditions: This symptom is observed on a Cisco 10720 when a policy map with a Weighted Random Early Detection (WRED) configuration that is enabled by using the random-detect policy-map class configuration command is applied to any interface of the router.
The higher the rate with which the Route Processor (RP) sends packets to PXF, the faster the PXF IPC buffer leaks. However, the buffer may leak very slowly, and it may takes weeks before the buffer pool is empty.
Workaround: Remove the policy-maps with the WRED configuration from all interfaces of the router.
•
Symptoms: Multiprotocol Label Switching (MPLS) packets may not be properly forwarded from an interface when policy-based routing (PBR) is configured on this interface.
Conditions: This symptom is observed on a Cisco 12000 series IP Services Engine (ISE) line card that is configured for PBR.
Workaround: Reload the microcode onto the line card.
•
Symptoms: A primary Route Processor (RP) may detect that the secondary RP malfunctions but may fail to report so in the syslog.
Conditions: This symptom is observed on a Cisco 12000 series when the secondary RP returns to the ROM monitor (ROMmon) because of a fatal exception such as a cache error.
Workaround: There is no workaround.
•
Symptoms: A 1-port 10-Gigabit Ethernet (GE) Engine 4 plus (E4+) line card may stop forwarding traffic, may generate many tracebacks, and may reload.
Conditions: This symptom is observed on a Cisco 12406 when all of the following conditions are present:
–
–
–
Workaround: Do not configure VRF instances on the 1-port 10-GE E4+ line card.
Alternate Workaround: Remove the ISE line card from the router.
•
Symptoms: An Engine 4 line card may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 12000 series when you enter the clear cef linecard EXEC command to clear Cisco Express Forwarding (CEF) from the line card.
Workaround: There is no workaround.
•
Symptoms: IP packets may have an incorrect IP precedence value.
Conditions: This symptom is observed on a Cisco 12000 series Internet router if the following conditions are met:
–
–
–
–
In this situation, it is possible that the value written into the precedence field of the IP header will not match the value derived from the MPLS EXP field. If this incorrect marking occurs, any queuing that is based on the IP precedence value may not function correctly.
Workaround: Configure an explicit null so that the router performs a label swap instead of a label pop.
•
Symptoms: Certain policy-based routing (PBR) rules may cause a Route Processor (RP) to unexpectedly reload with a bus error when the PBR rules are applied to interfaces on Engine 3 (E3) IP Services Engine (ISE) line cards. This generally occurs if the route map is modified after it has already been applied to the interfaces.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured with E3 IP Services Engine (ISE) line cards. If saved to the startup configuration, a route map that causes this symptom can prevent the router from booting up.
Workaround: Remove PBR from E3 interfaces.
Alternate Workaround: Revert to a known working route map.
Second Alternate Workaround: If you are unable to boot the router, break into the console at bootup time by using the console break sequence and set the configuration register to ignore the startup configuration. The steps to do this are outlined in the Cisco password recovery procedure.
•
Symptoms: Some IP version 4 (IPv4) fragments are corrupted when the first 8 bytes of the current fragment are duplicated in the last 8 bytes of the previous fragment.
Conditions: This symptom occurs in Cisco IOS Release 12.0(24)S and later releases when IPv4 traffic is sent from a Fast Ethernet (FE) input interface to an FE output interface.
Workaround: There is no workaround.
•
Symptoms: When you configure a Cisco 10000 series, messages similar to the following ones may appear, and a VLAN may not be enabled:
%GENERAL-3-EREVENT: c10k_dot1q_vlan_enable: No tt_info
-Traceback= 60142770 60142A50 603AEC40 603AE06C 603ADCE0 6036EAD8 60193BA8 60380DD4 60B85BEC 60B861D4 603D6FAC 603D6F98
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 605014E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351C
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 60504E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351CConditions: This symptom is observed on a Cisco 10000 series when you change the encapsulation of a LAN subinterface to dot1q encapsulation while the subinterface is shut down.
When the symptom occurs, the output of the show hardware pxf cpu subblocks privileged EXEC command lists "noSB" for the affected subinterface, as is indicated in the following example:
Router# show hard pxf cpu sub | i GigabitEthernet4
GigabitEthernet4/0/0 up 12000 4 PXF 1 81C4A800 4
GigabitEthernet4/0/0.500 administ 12000 4 PXF 1 81C4A800 noSBWorkaround: Change the encapsulation of the subinterface to dot1q when the subinterface is not shut down. The state of the main interface is irrelevant. After you change the encapsulation, you can shut down the subinterface again.
When the subinterface is created while the main interface is shut down, the subinterface and the VLAN do not function properly. Perform the following steps to recover the VLAN:
1.
2.
3.
4.
5.
•
Symptoms: The show ip cef non-recursive detail EXEC command may cause a Cisco router to pause indefinitely.
Conditions: This symptom is not always reproducible. The symptom can occur when there are too many routing updates occurring.
Workaround: There is no workaround.
•
Symptoms: After a Route Processor Redundancy Plus (RPR+) switchover occurs, the deletion of an existing permanent virtual circuit (PVC)/permanent virtual path (PVP) fails. This situation prevents you from recreating the same PVC/PVP. You can create a new PVC/PVP, but once you delete it, you cannot recreate it because the PVC remains in the active state.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0 S or Release 12.0 SX.
Workaround: There is no workaround. To enable the router to return to normal operation, reload the router.
•
Symptoms: When you shut down the last port of an 8-port Fast Ethernet half-height line card (port 7), all other ports on the line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not shut down port 7. If port 7 is shut down, enter the no shutdown interface configuration command on the interface to enable traffic to resume on the other interfaces.
•
Symptoms: When you enter the sdcc enable global configuration command, a traceback may be displayed.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 Dynamic Packet Transport (DPT) line card or with both a 1-port OC-48 DPT line card and a 4-port OC-48 DPT line card.
Workaround: There is no workaround.
•
Symptoms: Traffic forwarding is not fully restored after the deny input access-list configuration is removed from the interface of a line card when unicast Reverse Path Forwarding (uRPF) is configured on the interface.
Conditions: This symptom is observed on a Cisco 12410 Internet router with an Engine 3 (E3) 16-port 16xOC3 Packet over SONET (POS) line card that is configured with uRPF.
Workaround: Reload the line card to restore traffic to full performance.
•
Symptoms: IP packets are dropped on the input side of an EtherChannel.
Conditions: This symptom is observed on an EtherChannel when Cisco Discovery Protocol (CDP) is enabled on every interface.
Workaround: Disable CDP on the interfaces that participate in the channel-group.
•
Symptoms: A standby Performance Routing Engine (PRE) may reload unexpectedly during initialization.
Conditions: This symptom is observed intermittently on a Cisco 10000 series when you reload the standby PRE with Cisco IOS Release 12.0(24)S2.
Workaround: There is no workaround.
•
Symptoms: When you configure 1000 ATM permanent virtual connections (PVCs) and a switchover occurs, the second Route Processor (RP) does not boot up. The second RP initially attempts to boot up and then enters the ROMMON state.
The following messages appear on the new primary RP:
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8
%MBUS-6-MGMTSECRELOAD: Standby in slot 0 reloaded by operator command
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8
-Traceback= 50C40F68 50C41A60 50473408 5047391C 50470CF4 5022C1BC 5022C1A8Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S2.
Workaround: There is no workaround. The symptom does not occur when you configure only 100 ATM PVCs.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, if a Cisco 10720 router receives an MPLS packet with an IP version 4 (IPv4) option underneath it, the MPLS packet has two or more labels, and the router attempts to untag all labels, the Parallel Express Forwarding (PXF) processor may reload.
When this symptom occurs in the MPLS VPN network, egress provider edge (PE) routers may reload. The packets that cause the routers to reload are Internet Control Message Protocol (ICMP) echo and echo reply packets with record route options. Other types of IPv4 options may also cause the routers to reload.
Conditions: The symptom is observed on a Cisco 10720 that functions as an MPLS VPN PE router. The symptom does not occur in a basic MPLS network without VPN, where there is only one label.
Workaround: There is no workaround.
•
Symptoms: After a switchover occurs, an active Route Processor (RP) that is operating in the Route Processor Redundancy plus (RPR+) mode may not be able to switch Layer 2 Tunneling Protocol (L2TP) version 3 packets using distributed Cisco Express Forwarding (dCEF) (in the dCEF mode and may punt them to the RP CEF mode).
Conditions: This symptom is observed on the RP of a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Disable and reenable dCEF.
•
Symptoms: A router may reload when a link is deleted and then added back to a multilink interface.
Conditions: This symptom is observed on a Cisco 7500 series router when distributed Multilink PPP (MLP) is enabled on the router.
Workaround: Shut down the multilink interface and then add or remove the member links.
Resolved Caveats—Cisco IOS Release 12.0(24)S2
Cisco IOS Release 12.0(24)S2 is a rebuild of Cisco IOS Release 12.0(24)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A master Route Switch Processor (RSP) may cause a router to pause indefinitely or reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured with a line card when the write memory EXEC command is entered and when the line card reloads while the write memory EXEC command is being processed.
Workaround: There is no workaround.
•
Symptoms: When an entry in the ciscoPingTable MIB variable is set to be valid, high memory utilization may occur gradually because memory is not released by the "dead*" process of a Simple Network Management Protocol (SNMP) ping.
Conditions: This symptom is observed on a Cisco 12000 series after the router has been upgraded from an earlier Cisco IOS release to Cisco IOS Release 12.2 (23)S.
Workaround: Exclude the ciscoPingTable MIB variable from the configuration by entering the snmp-server view view name ciscoPingTable excluded global configuration command.
•
Symptoms: When a Telnet session is made to a router after a VTY session pauses indefinitely, the user in the Telnet session may not be able to enter the configuration mode. When these symptoms occur, interfaces may enter the wedged state with Simple Network Management Protocol (SNMP) traffic.
Conditions: This behavior is observed on ATM and Packet over SONET (POS) interfaces. This behavior is not platform-specific.
Workaround: Disable Simple Network Management Protocol (SNMP) configuration traps by entering the no snmp-server enable traps config global configuration command.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Condition 1: This symptom is observed when the line card is configured for NetFlow.
Workaround 1: Remove NetFlow from the configuration.
2.
Condition 2: This symptom is observed when the line card is configured for NetFlow. The spurious memory access messages appear after you have reloaded the egress line card or during route convergence when the Forwarding Information Base (FIB) is rebuilt.
Workaround 2: Remove NetFlow from the configuration.
3.
Condition 3: This symptom is observed when the VIP is configured for NetFlow.
Workaround 3: Remove NetFlow from the configuration.
•
Symptoms: The snmp mib target list global configuration command is not displayed when the show running-config EXEC command is entered on the secondary Performance Routing Engine (PRE). However, the snmp mib target list global configuration command is displayed when the show startup-config EXEC command is entered on the PRE.
Conditions: This symptom is observed on the PRE of a Cisco 10000 series.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may reload with a "CPU signal 23" message when Simple Network Management Protocol (SNMP) is configured and an snmpwalk command is being executed on the router. When the router reloads, the following error message is generated:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SNMP ENGINE.Conditions: This symptom is observed on a Cisco 7500 series that is configured with a 1-port Packet-over-SONET OC-3c/STM-1 port adapter (PA-POS-OC3).
Workaround: Modify all snmp-server commands with the view no sonet keywords, as is shown in the following example:
snmp-server view no sonet system included
snmp-server view no sonet interfaces included
snmp-server view no sonet at included
snmp-server view no sonet ip included
snmp-server view no sonet icmp included•
Symptoms: An enhanced ATM port adapter (PA-A3) may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and the PA-A3 port adapter may subsequently pause indefinitely and stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3. Only the PA-A3 with a specific third-party vendor Segmentation and Reassembly (SAR) chip is affected. Contact your Cisco representative for information about the third-party vendor chip. You can verify the SAR chip revision from the output of the show controllers atm privileged EXEC command.
To verify the SAR chip revision on a Cisco 7500 series, connect to the Versatile Interface Processor (VIP) in which the PA-A3 is installed.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3.
IP Routing Protocols
•
Symptoms: Memory fragmentation may occur on a router.
Conditions: This symptom is observed when a large number of Open Shortest Path First (OSPF) routes are flapped on a Cisco router.
Workaround: There is no workaround.
•
Symptoms: The Multi Exit Discriminator (MED) that is received from a confederation external peer may be ignored in best path selection. The output of the show ip bgp longer-prefixes EXEC command does not indicate that any MED values were received.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configurations are present.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a peer session template is unconfigured.
Conditions: This symptom is observed if the remote-as router configuration command is configured on a peer session template and if that template is subsequently unconfigured by entering the no remote-as router configuration command followed by the no template peer-session router configuration command.
Workaround: Avoid configuring the remote-as router configuration command on the peer session template. If the remote-as router configuration command is configured, either unconfigure the remote-as router configuration command or unconfigure the peer template directly.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, see the advisory at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: If the default-information originate router configuration command is entered on the Virtual Private Network (VPN) routing/forwarding (VRF) instance of a Cisco 12000 series that has the address-family ipv4 vrf command configured using the Border Gateway Protocol (BGP), the default route is learned correctly but the default route is entered incorrectly in the BGP routing table. This behavior may result in unexpected behavior on the other router if the other router does not have a correct default route.
The default static route of the VRF is not advertised by BGP after the default static route is configured under the VRF, and BGP may advertise the incorrect default route that is in the BGP routing table.
Conditions: This symptom is observed on a Cisco 12000 series that is running BGP.
Workaround: Perform either of the following steps:
–
–
•
Symptoms: A router may inadvertently remove link-state advertisements (LSAs) from the retransmission list and prevent the Open Shortest Path First (OSPF) neighbor from receiving the latest version of the LSA. This behavior may cause some prefixes to be unreachable.
Conditions: This behavior may occur when the LSA is not received by the neighboring router and the LSA must be retransmitted. While the LSA is waiting in the neighbor retransmission queue, certain events may cause a regeneration of the same LSA. If there is no change in the LSA, the router may mistakenly remove the LSA from the retransmission queues of all neighbors.
Workaround: This symptom normally stops occurring after the LSA is refreshed. If this symptom continues to occur, unconfigure and reconfigure the network global configuration command.
•
Symptoms: A Cisco 7500 series that is functioning as a provider edge (PE) router in a Multicast Virtual Private Network (MVPN) environment may stop sending Protocol Independent Multicast (PIM) register messages for the default multicast distribution tree (MDT) to its Rendezvous Point (RP). This situation prevents PE routers from establishing PIM adjacencies with other PE routers in the MVPN.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S and that has the ip pim register-rate-limit global configuration command enabled. The symptom is not observed in Release 12.0(23)S or in earlier releases.
Workaround: Enter the clear ip mroute group-address EXEC command for the default MDT group address.
Alternate Workaround: Do not use the ip pim register-rate-limit global configuration command.
•
Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.
Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.
Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.
•
Symptoms: A Cisco 10720 may reload and report an unexpected exception (sig=10 in the crashinfo file).
Conditions: This symptom is observed on a Cisco 10720 that is configured for Open Shortest Path First (OSPF) Incremental Shortest Path First (SPF).
Workaround: There is no workaround.
•
Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.
Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.
Conditions: This symptom may occur under any of the following six conditions when BGP is converging:
4.
5.
6.
7.
8.
9.
Workaround: There is no workaround for conditions 1 through 5.
To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.
•
Symptom: An Open Shortest Path First (OSPF) interface may be reported to be in the "down" state while the interface and the line protocol may be reported to be in the "up" state. This situation causes missing OSPF-neighbor adjacencies on the OSFP interface that is in the "down" state.
Condition: This symptom is observed when there are a large number of active interfaces and you have upgraded a Cisco IOS image on a route processor (RP), or you have reloaded the RP, or you have reloaded microcode onto a line card.
Workaround: Use one of the following methods to recover the OSPF interface:
–
–
–
•
Symptom: Even though no Border Gateway Protocol (BGP) updates are sent between router peers, a router may sent BGP withdraw messages to its peers.
Conditions: This symptom is observed on a Cisco 12416 when the following conditions are present:
–
–
–
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: A router may use parameters that are configured by entering the isis hello-interval seconds level-1 interface configuration command and ignore "hello" parameters that are configured by entering the isis hello-interval seconds level-2 interface configuration command.
Conditions: This symptom is observed on a point-to-point interface that is running Cisco IOS Release 12.0 S.
Workaround: Avoid configuring adjacencies by entering the isis hello-interval seconds level-2 interface configuration command. Use the isis hello-interval seconds level-1 interface configuration command to configure "hello" parameters.
•
Symptoms: A Cisco 10720 may reload unexpectedly.
Conditions: This symptom is observed when IP version 6 (IPv6) Intermediate System-to-Intermediate System (IS-IS) is configured.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Engine 4 plus (E4+) line cards may not fragment outgoing pings properly, causing pings of packets with a size that is larger than the maximum transmission unit (MTU) to fail.
Conditions: This symptom is observed on E4+ line cards (4-port OC-48 and 1-port OC-192 line cards) that are installed in a Cisco 12000 series.
Workaround: For pings, use packets with a size that is smaller than the MTU.
•
Symptoms: A router may pause indefinitely instead of restarting.
Conditions: This symptom is observed when the router is handling invalid addresses in the cached address space.
Workaround: There is no workaround.
•
Symptoms: Link utilization may be lower than expected.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1 when class-based weighted fair queueing (CBWFQ) is configured on multiple VLANs.
Workaround: Try one or more of the following options to improve the link utilization:
1.
2.
3.
•
Symptoms: An Engine 4 plus (E4+) line card may reload, and the following error messages may appear in the log or crash info:
%TX192-3-CPUIF: Error=0x100 %TX192-3-CPUIF_ERR: Underrun Error: Read Pointer crosses Write Pointer.Conditions: This symptom is observed on an E4+ line card of a Cisco 12400 series that is performing multicast packet fragmentation when multicast packets are sent at a very high rate.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may reload with an "address error" message.
Conditions: This symptom is observed at bootup time when the PE and customer edge (CE) interfaces are coming up. The symptom occurs when a locally learned VPN routing/forwarding (VRF) route temporarily loses its local label. This condition leads to some data structures being cleaned up but still retaining references to the local label. It may also occur after bootup in the case of interface flaps. The reload is not a common occurrence, however, and may need additional triggers.
A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdv49909. Cisco IOS releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: An OC-48 Packet-over-SONET (POS) interface may flap immediately after a high availability (HA) Fast Software Upgrade (FSU).
Conditions: This symptom is observed on a Cisco 10000 series when an HA FSU is performed from an image of Cisco IOS Release 12.0(23)S1 to an image of Release 12.0(23)S2.
Workaround: There is no workaround.
•
Symptoms: Some export packets that are sent from an Engine 4+ (E4+) line card are not received by the NetFlow collector.
Conditions: This condition is observed on the E4+ line card when the export packets are exported out of a traffic engineering (TE) or tag interface and the router is running Cisco IOS Release 12.0(22)S2. Note that the symptoms do not occur on Engine 2 line cards.
Workaround: Export the packets out of the non-TE or non-tag interface. This means that export packets must be sent out as IP packets from the E4+ line card.
•
Symptoms: An Engine 4 plus (E4+) line card may reload again after an online insertion and removal (OIR) is performed or after the card has unexpectedly reloaded because of an error condition.
Conditions: This symptom is observed on an E4+ line card that is installed in a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) line card may reload unexpectedly.
Conditions: This symptom is observed when more than one adjacency is established across the interfaces of the E4+ line card while the ip cef accounting per-prefix non-recursive global configuration command is enabled. This symptom may occur when there is no traffic present on the line card.
Workaround: Disable the ip cef accounting per-prefix non- recursive global configuration command.
•
Symptoms: About 100 KB to 1 MB of processor memory may be lost when the default interface global configuration command is entered on a router. The memory loss can be detected by comparing the output of the show memory EXEC command by entering the show memory EXEC command both before and after configuring the default interface global configuration command on the router.
Conditions: This symptom occurs only if the default interface global configuration command is configured on a router.
Workaround: The memory loss can be avoided by manually unconfiguring interfaces using the no form of the interface configuration commands.
•
Symptoms: An Engine 4 (E4) line card may reload after it displays the following error messages:
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. -Traceback=
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x1A1 - PIM: header start offset >= 16kB. -Traceback=Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S under the following conditions:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: The amount of free memory on a router decreases as the memory that is held by the Simple Network Management Protocol (SNMP) engine process increases. The decrease in the amount of free memory can be verified by examining the output of the show processes privileged EXEC command.
Conditions: This symptom is observed when SNMP is used to walk the LDP-MIB MIB on a router that is running Cisco IOS Release 12.0(24)S or a later release, which supports LDP-MIB MIB Version 8, and when the router is configured for Multiprotocol Label Switching (MPLS).
Workaround: Avoid querying the LDP-MIB MIB. For information about the LDP-MIB MIB, enter the show mpls ldp neighbor privileged EXEC command.
•
Symptoms: On the chassis of a Cisco 12410 Internet router with the primary clock and scheduler card (CSC) located in slot 17, use of the hw-module slot 17 shutdown EXEC command may cause a FIA-HALT on the Engine 4 (E4) and Engine 4 Plus (E4+) line cards in the router.
Conditions: This symptom is observed on a Cisco 12410 router that is running Cisco IOS Release 12.0(21)S6.
Workaround: Do not use the hw-module slot 17 shutdown EXEC command.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: It may take a long time for a Cisco 12000 series to remove 250,000 Virtual Private Network version 4 (VPNv4) entries from an Engine 3 line card. While the router removes the VPNv4 entries, new VPNv4 entries cannot be updated on the line card.
Conditions: This symptom is observed when the router handles a large number (more than 80,000) of VPNv4 entries on its line cards and when a Border Gateway Protocol (BGP) session flaps (that is, the session remains down for a few minutes), causing the router to remove all VPNv4 entries and to repopulate these entries a few minutes later.
Workaround: There is no workaround.
•
Symptoms: When an optimized mode policy map is created by entering the match qos-group qos-group-value class-map configuration command, the command may not have any effect if the traffic is sent using a Spatial Reuse Protocol (SRP) side A interface.
Conditions: This symptom is observed only with optimized mode output policy maps.
Workaround: Use a nonoptimized mode policy map, and use another command instead of the match qos-group qos-group-value class-map configuration command in the class map.
•
Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you reload microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S, Release 12.0(23)S, Release 12.0(24)S, or Release 12.0(25)S and that is functioning as a provider edge (PE) router in a Carrier Supporting Carrier configuration when the 4-port OC-48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.
•
Symptoms: It may take about 10 minutes before a Versatile Interface Processor (VIP) synchronizes with a Cisco Express Forwarding (CEF) table.
Conditions: This symptom is observed after you reload the VIP that has the Single Line Card Reload (SLCR) feature and distributed CEF (dCEF) enabled, when there are about 40,000 prefixes in the CEF table, and when Border Gateway Protocol (BGP) is in stable condition.
Workaround: Increase the interprocess communications (IPC) cache significantly; when there are about 40,000 prefixes, increase the IPC cache using the ipc cache 3000 command.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: A Tag Forwarding Information Base (TFIB) Virtual Private Network version 4 (VPNv4) entry on an Autonomous System Boundary Router (ASBR) for a prefix may not be reinstalled, causing traffic for this prefix to continue to flow to a provider edge (PE) router via the previous best path.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN interautonomous system environment in which ASBRs are performing VPNv4 exchanges and in which a Border Gateway Protocol (BGP) session is active.
The ASBR on which the TFIB VPNv4 entry is not installed should receive a prefix from a Route Reflector (RR) that selects the best of two available paths between the RR and two PE routers. Both PE routers should allocate the same label for the prefix. The PE router to which the best path leads should withdraw the prefix.
Workaround: Clear the BGP session on the ASBR that is connected to the RR.
Alternate Workaround: Withdraw the prefix from the ASBR and readvertise the prefix by clearing the prefix on the PE router that advertises the prefix.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: After a single transmit buffer management (TBM) error occurs on an 8- port OC-3 ATM line card, the line card may stop forwarding inbound and outbound traffic.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast-routing global configuration command is enabled while there are tunnel interfaces configured.
Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command and when a traffic engineering (TE) tunnel is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series that is configured with a Performance Route Processor 1 (PRP-1) may pause indefinitely.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a PRP-1 when the configuration is being saved after it has previously received a break signal on the console. This symptom does not affect the Gigabit Route Processor (GRP).
The break signal can be received by the router when the break signal is sent intentionally by a terminal, or when the break signal is unintentionally received as noise on the console connection. Unintentional noise may occur if a terminal or terminal server that is connected to the router is powered off or when certain terminals or personal computer terminal emulators are first connected. When the router pauses indefinitely, it must be power-cycled to be restored to a normal working condition.
Workaround: There is no workaround. If possible, avoid using the break signal in Telnet connections, and avoid using terminal connections that send break signals.
•
Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following error message may be displayed on a Cisco 12400 series:
FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on slot 22Note that the slot numbers (that is, 8 and 22) are just examples.
Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router.
Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.
•
Symptoms: When you perform an online insertion and removal (OIR) procedure by replacing one Gigabit Ethernet (GE) line card with another GE line card, traffic may not flow from the newly inserted GE line card.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S1.
Workaround: Enter the hw-module slot shelf-id/slot-number reload privileged EXEC on the newly inserted GE line card.
•
Symptoms: When Cisco Express Forwarding (CEF) is disabled because of a memory allocation failure on an Engine 2 Dynamic Packet Transport (DPT) line card, the Connectionless Network Service (CLNS) adjacencies on interfaces on this line card may not be torn down.
Conditions: This symptom is observed on a Cisco 12000 series that functions when the external overload signalling router configuration command is configured in an Intermediate System-to-Intermediate System (IS-IS) environment.
When CEF is disabled on an Engine 1 DPT line card or an Engine 4 Packet-over-SONET (POS) line card in the same configuration, the CLNS adjacencies on interfaces on these line cards are properly torn down.
Workaround: There is no workaround
•
Symptoms: A 6-port channelized T3 line card may reload when a T1 in-band loopup or loopdown is invoked while a bit error rate (BER) test is occurring.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Do not invoke a T1 in-band loopup or loopdown while a BER test is occurring. A typical and proper usage sequence would be the following:
1.
2.
3.
4.
•
Symptoms: An Engine 4 10-port Gigabit Ethernet (GE) line card may reload or you may not be able to ping across the modular GE interfaces of the line card.
Conditions: This symptom is observed on a Cisco 12410 that has a redundant Clock Scheduler Card (CSC) after you have performed an online insertion and removal (OIR) of the master (CSC).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card may log "EE48-2-GULF_TX_SRAM_ERROR" error messages if certain packet types are forwarded incorrectly.
Conditions: This symptom is observed on Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers when multicast traffic is destined for the customer edge (CE) router.
Workaround: There is no workaround.
•
Symptoms: The Automatic Protection Switching (APS) function may not failover after a line card is reset.
Conditions: This symptom is observed when a line card is reset (either by entering the hw-module reset EXEC command or by manually resetting the line card).
Workaround: There is no workaround.
•
Symptoms: The following error message may be generated often for slot 24 or 25 on a Cisco 12000 series:
%MBUS_SYS-3-NOBUFFER: Message from slot 25 in stream 0 droppedConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5 or Release 12.0(21)S6.
Workaround: There is no workaround.
•
Symptoms: When you enter the redundancy force-failover main-cpu privileged EXEC command on a Cisco 10000 series that is configured with two Performance Routing Engines (PREs), an automatic protection switching (APS) switchover occurs on 6-port OC-3 Packet-over-SONET (POS) line cards, which is incorrect behavior.
Conditions: This symptom is observed when APS is configured on 6-port OC-3 POS line cards in two different Cisco 10000 series that are connected back-to-back and you enter the following sequence of commands:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: Interfaces of a Cisco 10000 series 4-port channelized STM-1/OC-3 line card may not come up.
Conditions: This symptom is observed when you create 252 virtual SONET interfaces that are configured for unframed Frame Relay; none of these interfaces comes up.
Workaround: There is no workaround.
•
Symptoms: Some interfaces of a Cisco 10000 series 6-port channelized T3 line card may not come up.
Conditions: This symptom is observed when you configure the T3 controller with any combination of time slots, but using more than 15 and fewer than 21 time slots.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reboot when you enter the no srp reject H.H.H interface configuration command on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed intermittently. If there is no valid entry to be removed for the srp reject H.H.H interface configuration command, the command negation has no impact.
Workaround: There is no workaround.
•
Symptoms: A router may not boot to the configured Cisco IOS software version when the full path of the Cisco IOS image is specified in the boot system flash global configuration command, such as in the following example:
boot system flash disk0:c12kprp-p-mz
Conditions: This symptom is observed on a Cisco 12000 series router that is configured with dual Performance Route Processors (PRPs).
Workaround: Configure the boot system flash global configuration command without specifying the device name, such as in the following example:
boot system flash c12kprp-p-mz
•
Symptoms: The output of the show controller srp privileged EXEC command may indicate an unspecified SONET transceiver type for the Engine 4 plus (E4+) 4-port OC-48c/STM-16c DPT line card.
Incorrect command output:
SFP EEPROM INFO: SIDE A
SFP Module is: VALIDATED
ID: SFP transceiver
Extended ID: 4
Connector: LC
SONET compliance: unspecified <=== IncorrectCorrect command output:
SFP EEPROM INFO: SIDE A
SFP Module is: VALIDATED
ID: SFP transceiver
Extended ID: 4
Connector: LC
SONET compliance: OC48 Long Reach (LR2) <=== CorrectConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S or a later release when the small form-factor pluggable (SFP) card is long reach-1 (LR-1) or long reach-2 (LR-2).
Workaround: Instead of using the show controller srp privileged EXEC command, look at the following components to find out the type of SFP card (that is, whether the SFP card is LR-1 or LR-2):
–
–
•
Symptoms: A committed access rate (CAR) output rule may not function on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed on a Cisco 7500 series, regardless if legacy quality of service (QoS) or modular QoS CLI (MQC) is configured.
Workaround: There is no workaround.
•
Symptom: IP packets that include padding data may be dropped.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 10-port Gigabit Ethernet line card and a 4-port OC-48c/STM-16c DPT line card.
Workaround: There is no workaround. Note that the symptoms do not occur when you replace the 10-port GE line card with a 3-port GE line card.
•
Symptoms: A router may incorrectly encapsulate packets when Multicast Distributed Switching (MDS) is enabled. This situation causes traffic to be blackholed.
Conditions: This symptom is observed on a Cisco router that is configured with MDS and with a generic routing encapsulation (GRE) tunnel interface.
Workaround: There is no workaround.
•
Symptoms: Packets may be dropped by a 3-port Gigabit Ethernet line card that is installed in a Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:
–
–
–
–
Workaround: If this is an option, remove the output ACL, or use Cisco IOS Release 12.0(23)S or a later release.
•
Symptoms: All ports of an Engine 0 (E0) digital service 3 (DS3) card may remain in an "up/down" condition indefinitely.
Conditions: This symptom is observed on Engine 0 (E0) DS3 cards when one of the ports receives a "yellow" alarm.
Workaround: Enter the microcode reload global configuration command to microcode reload the DS3 card.
•
Symptoms: Ingress Multiprotocol Label Switching (MPLS) explicit-null packets are processed in the slow path of an Engine 2 line card (that is, the packets are forwarded to the CPU of the line card), causing the performance of the line card during the processing of such packets to be significantly less than expected.
Conditions: This symptom is observed on all Cisco 12000 series Engine 2 line cards.
Workaround: There is no workaround.
•
Symptoms: When NetFlow data is processed at interrupt-level, the CPU utilization of a route processor (RP) may become high.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow is configured and many small data flows are processed on the router.
Workaround: There is no workaround.
•
Symptoms: Auto negotiation may not work as expected on a router.
Conditions: This symptom is observed when a Cisco 10720 router is used in a network that has a Cisco Catalyst 6500 switch and a vendor-specific optical repeater.
Workaround: There is no workaround.
•
Symptoms: Distributed Cisco Express Forwarding (DCEF) may become disabled on a Versatile Interface Processor (VIP) and the following error message may appear on the console:
%FIB-3-FIBDISABLE: Fatal error, slot 12: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed on a Cisco 7500 series VIP2-50 and VIP4-80 in which ATM OC-3 port adapters such as the PA-A1-OC3 or PA-A3-OC3 are installed when the Cisco 7500 series is upgraded to Cisco IOS Release 12.0(24)S or Release 12.0(24)S1.
Possible Workaround: Reload CEF on the VIP by entering the clear cef linecard slot-number EXEC command.
Possible Alternate Workaround: Restart the VIP by performing an online insertion and removal (OIR).
•
Symptoms: A standby Performance Routing Engine (PRE) may reload continuously, and the router may enter the "standby cold-bulk" redundancy state.
Conditions: This symptom is observed with certain configurations. The standby PRE may reload continuously when a new image is loaded after the hw-module reset standby-cpu reset global configuration command is entered or after a switchover occurs.
Workaround: There is no workaround.
•
Symptoms: A standby Gigabit Route Processor (GRP) may reload with a bus error.
Conditions: This symptom is observed after the ATM interface of a Cisco 12000 series is shut down.
Workaround: There is no workaround.
•
Symptoms: When a slave Route Switch Processor (RSP) is reloaded by the master RSP, or when you enter the hw-module sec-cpu reset privileged EXEC command, the slave (RSP) may generate the following error message and tracebacks:
%HA-2-CCB_PLAYBACK_ERROR: CCB playback failed.
-Traceback= 40439E14 404339D0 404CC4F0 402E1AA8 403139D8 40323BC0 40323DB0 40323E4C 401C7EE4 402E34C8 4037BD3C 4037BD28Conditions: This symptom is observed on a Cisco 7507 that is running Cisco IOS Release 12.0(24)S1, that is configured for Route Processor Redundancy Plus (RPR+) or High System Availability (HSA), and that is configured with a 1-port Packet-over-SONET OC-3c/STM-1 single-mode port adapter (PA-POS-OC3SMI).
Workaround: There is no workaround. Note that the symptoms do not occur when you remove the PA-POS-OC3SMI.
•
Symptoms: Tag imposition may not function.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 3-port Gigabit Ethernet line card.
Workaround: There is no workaround.
•
Symptoms: The following error message may be displayed on a router:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x50164CDC reading 0x0Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Interfaces on one Engine 4 (E4) 3-port Gigabit Ethernet (GE) port adapter (EPA-3GE-SX/LH-LC) may use the same interface description blocks (IDBs) as interfaces of an adjacent E4 3-port GE port adapter that is installed on the same GE modular baseboard (EPA-GE/FE-BBRD). This situation may cause forwarding difficulties and Cisco Express Forwarding (CEF) inconsistencies on other line cards that are installed in the same router. You can verify the symptoms in the output of the show cef interface EXEC command.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with more than one GE modular baseboard when several E4 3-port GE port adapters are installed on a single GE modular baseboard.
Workaround: Reload the router.
•
Symptoms: Occasional ping failures may be observed over a VLAN interface.
Conditions: This symptom is observed on the VLAN interface of a Cisco 12000 series modular Gigabit Ethernet line card. The Cisco 12000 series modular Gigabit Ethernet line card is connected to Cisco Catalyst switches over VLAN interfaces.
Workaround: There is no workaround.
•
Symptoms: The core router Multiprotocol Label Switching (MPLS) forwarding entry has the correct outgoing interface but has an incorrect label to use for sending traffic to the edge router. The incorrect label is identical to the label that is sent by another core router for the same prefix through another interface.
Conditions: This symptom is observed in a service provider network when the route to the prefix that has the incorrect MPLS forwarding entry is configured using a static recursive route and the specific IP address that is specified in the ip route prefix mask ip-address global configuration command is changed by topology changes to go through a different adjacent router. The incorrect outgoing Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) label corresponds to the router that was adjacent prior to the routing change.
Workaround: To clear this condition, enter the clear ip route {network [mask] | *} EXEC command to cause MPLS to create a new forwarding entry that has the correct interface and label for the prefix.
To prevent this condition from occurring, advertise the route to the prefix in question using an Interior Gateway Protocol (IGP).
Alternate Workaround: Configure a static nonrecursive route to the prefix and IP address of the next-hop router by entering the ip route prefix mask ip-address interface-type interface-number global configuration command.
•
Symptoms: An Engine 2 line card that is configured with virtual routing and forwarding may reload.
Conditions: This symptom is observed under either one of the following conditions:
–
–
The line card does not come back up after it reloads and must be manually reloaded.
Workaround: There is no workaround.
•
Symptoms: When a small packet (a layer-2 packet that is equal to or smaller than 52 bytes, including the layer-2 packet size, the layer-2 header, and the cyclic redundancy check [CRC]) enters a Cisco 10720 and is fed back, one buffer element of the 128-byte Parallel Express Forwarding (PXF) buffer pool is used but not released. This situation eventually causes the 128-byte buffer pool to be depleted entirely. Because most of the control packets such as the IP routing protocol packets are small packets and use the 128-byte buffer pool, most control plane functions stop working and routing-protocol adjacencies go down when the 128-byte buffer pool is depleted, and finally, the router stops forwarding traffic on all the interfaces.
Conditions: These symptoms are observed when a PXF feedback occurs, for example, when multicast traffic is configured, or when a policy map is configured to feed back packets.
Workaround: Avoid PXF feedback. For example, properly configure the policy map. If PXF feedback is inevitable, proactively monitor the 128-byte buffer pool via the output of the show hardware pxf cpu buffers privileged EXEC command:
Router#show hardware pxf cpu buffers
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 26746 0 0
3 256 34072 34072 0 0
4 128 59934 49987 0 0
^^^^^Before the 128-byte buffer pool is depleted entirely, reset the 128-byte buffer pool. Reload the microcode onto the PXF by entering the microcode reload pxf privileged EXEC command. However, be careful, because by reloading microcode onto the PXF, you may cause routing-protocol adjacencies to be dropped and the PXF to stop forwarding traffic.
•
Symptoms: A Cisco router that is configured for Any Transport over Multiprotocol Label Switching (AToM) may send AToM packets that are missing control words, even though control-word imposition is enabled. When another Cisco router receives such malformed packets, the router does not handle these packets properly during disposition.
Conditions: This symptom may occur on all Cisco routers that employ software switching with AToM enabled. This symptom has specifically been observed on a Cisco 7200 series, Cisco 7400 series, and Cisco 7500 series that are configured for AToM.
On a 7200 series router that is processing a heavy traffic load, the reception of malformed packets may cause the router to pause indefinitely.
Workaround: There is no workaround.
•
Symptoms: When you enter the show cef idb EXEC command on a primary Route Processor (RP), the output of the command displays that for two subinterfaces of the same interface that should have the same interface number, one of the subinterfaces has a "-" sign in the "IIndex" column and both subinterfaces have the same number in the "FIndex" column.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S and may also occur on a Cisco 7500 series and a Cisco 10000 series. The symptom occurs when there are multiple subinterfaces on one hardware interface, when a Stateful Switchover (SSO) occurs, and when the original active RP (that becomes the new standby RP) reloads.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A Cisco router may leak memory at a rate of up to 100 KB per day, resulting in the gradual reduction of the available memory.
Conditions: This symptom is observed on a Cisco router that is running Label Distribution Protocol (LDP). The symptom may be caused by applications that use TCP as the transport protocol.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(24)S1
Cisco IOS Release 12.0(24)S1 is a rebuild of Cisco IOS Release 12.0(24)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
•
•
•
Interfaces and Bridging
•
Symptoms: X.25 does not function as expected on channelized T1 port adapter (PA-2CT1) and channelized E1 port adapter (PA-2CE1) interfaces.
Conditions: This symptom is observed on Cisco 7500 series routers. In addition, messages such as "output frozen" and "not transmitting" may be seen on such interfaces. This may result in a CBUS complex.
Workaround: There is no workaround.
•
Symptoms: On Cisco 7200 series routers, Super Frame (SF), Single Domain (SD), and Threshold Crossing Alarms B1, B2, and B3 (TCA_B1, TCA_B2, and TCA_B3) defects may not clear on a Packet over SONET (POS) port adapter (PA). When SF, SD, TCA_B1, TCA_B2, and TCA_B3 defects are asserted and de asserted very quickly on a POS PA on the router, the defects may not clear. This may cause the interface to pause permanently.
Conditions: These symptoms are observed on Cisco 7200 series routers.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router that is directly connected to a source may not start registering when the source becomes active, and the (S,G) state may time out on the route processor.
Conditions: This symptom is observed on a router that is configured for Protocol Independent Multicast (PIM) and that has an (S,G) entry with the F flag reset.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur, and a traceback maybe generated when you unconfigure Protocol Independent Multicast (PIM).
Conditions: This symptom is observed when you unconfigure PIM from a subinterface that is configured for Frame-Relay encapsulation.
Workaround: There is no workaround.
•
Symptoms: When an area border router receives type-4 link-state advertisements (LSAs) via the nonbackbone, the router may incorrectly generate type-4 LSAs into the backbone. This situation may cause a routing loop to occur.
Conditions: This symptom is observed in Cisco IOS Release 12.0(22)S or a later release or in Release 12.2(10) or a later release when the following conditions occur:
–
–
–
In this situation, Router 1 generates type-4 LSAs into the backbone area for the ASBR. This situation should not occur and may lead to a routing loop.
Workaround: Reset the Open Shortest Path First (OSPF) process by entering the clear ip ospf process privileged EXEC command.
•
Symptoms: Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnels will take 5 minutes to come back up after an interface flap.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T, Release 12.2(12)T, or Release 12.2(13)T with MPLS TE tunnels configured.
Workaround: There is no workaround.
•
Symptoms: A bad magic number in the chunk header may lead to a memory corruption and may cause a router to reload.
Conditions: This symptom is observed after a Resource Reservation Protocol (RSVP) path message is received on a Cisco router that is running RSVP.
Workaround: There is no workaround.
•
Symptoms: CPUHOG messages that pertain to the Border Gateway Protocol (BGP) router process may be observed on a router.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(24)S. This symptom occurs when an existing route map is deleted or a new route map is configured. If the router has a large number of Intermediate System-to-Intermediate System (IS-IS) adjacencies, the IS-IS adjacencies may go down. If the router has Multicast Source Discovery Protocol (MSDP) configured, MSDP sessions may flap.
Workaround: Do not delete existing route maps or configure new route maps.
•
Symptoms: Traffic Engineering (TE) label-switched path (LSP) is delayed for 5 minutes.
Conditions: This symptom occurs when changing encapsulation from High-Level Data Link Control (HDLC) to PPP.
Workaround: Enter the shutdown command followed by the no shutdown command on the line card that functions as the outgoing interface for the TE tunnel headend.
•
Symptoms: In a setup that has two redundant provider edge (PE) routers that are connected to a Virtual Private Network (VPN), both of the PE routers may originate Multicast Distribution Tree (MDT) updates for the VPN source.
In a worst case scenario, both PE routers may send a different mapping than the mapping that would cause the receivers to toggle between the different MDT data groups. In this situation, an immediate loss of data may be observed on the receivers.
Conditions: This symptom is observed in a setup that has two redundant PE routers that are connected to a VPN source.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: A Route Processor (RP) may reload when the following commands are entered in succession:
1.
2.
3.
Conditions: This symptom is observed on a Cisco 12000 series that is running a Cisco IOS release that is earlier than Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: After a switchover, the Intermediate System-to-Intermediate System (IS-IS) takes about 10 minutes to fully recover and to install routes in the IP routing table.
Conditions: This symptom is observed on a Cisco 12000 series configured with IS-IS. The amount of time required for the Gigabit Ethernet (GE) interface to load after a switchover is very close to the amount of time of the IS-IS adjacency timeout. The device under test (DUT) is the designated router.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Several "RX FIFO was stuck - forced to reset MAC" messages may be logged on the console of a router. This message is specific to port adapters and I/O cards that use a vendor-specific chipset.
Conditions: This symptom is observed on a Cisco 7200 router that is operating in the normal mode. The following is a list of the affected port adapters and I/O cards:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A router may reload when the Border Gateway Protocol (BGP) update source is moved from the global default table to a Virtual Private Network (VPN) routing/forwarding (VRF) table.
Conditions: This symptom is observed when a Multicast VPN (MVPN) tunnel uses the update source as the tunnel source.
Workaround: There is no workaround.
•
Symptoms: When a provider edge (PE) router has multiple paths to an Autonomous System Boundary Router (ASBR) that is used as a next hop in a Virtual Private Network (VPN) routing/forwarding (VRF) static route with a global keyword, there is no Internet connectivity for the customers that are defined in the VRF.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN.
Workaround: Shut down one of the outgoing interfaces on the PE router.
•
Symptoms: A Cisco 12000 series router may report incorrect environmental values, as the following environmental logs display:
%ENV_MON-2-VOLTAGE: MBUS 5V supply (slot 1) volts has reached SHUTDOWN level at 5 m(V) %ENV_MON-2-TEMP: Hotpoint temp sensor (slot 17) temperature has reached SHUTDOWN level at 756(C) %ENV_MON-2-VOLTAGE: Card 3.3v supply (slot 17) volts has reached CRITICAL level at 2560 m(V)Although the environmental logs indicate that the shutdown level has been reached, the router does not shut down the line cards for which the incorrect environmental values are reported.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S3, Release 12.0(21)S5, Release 12.0(21)ST2, or Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: The traffic on a Cisco 12000 series 3-port Gigabit Ethernet line card (3GE-GBIC-SC(=)) is stopped after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface while there is a traffic load on the interface.
Conditions: This symptom is observed on a 3GE-GBIC-SC(=) line card.
Workaround: Configure autorenegotiation, or reload the 3GE-GBIC-SC(=) line card.
•
Symptoms: An Ethernet over Multiprotocol Label Switching Ether Frame with a destination MAC address that starts from 0x4 may high drop on the egress provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: IP multicast packet rate and loss information may not be obtained over a multicast distribution tree (MDT) using the mstat EXEC command and the mtrace EXEC command.
Conditions: These symptoms are observed when the mstat EXEC command or the mtrace EXEC command is entered on a Multicast Distribution Tree (MDT) tunnel.
Workaround: There is no workaround.
•
Symptoms: The copy tftp run privileged EXEC command does not work on certain ports of a line card.
Conditions: This symptom is observed under rare circumstances in a test setup of six 24-port channelized E1/T1 line cards (ESR-24CT1/E1) that have 3456 (6x24x24) 1-timeslot channels. This symptom is observed while High-Level Data Link Control (HDLC) is used.
Workaround: There is no workaround.
•
Symptoms: When a virtual circuit (VC) goes down, continuity check (CC) cells or remote detection indication (RDI) cells are not sent as expected. This behavior may prevent a VC from coming up.
Conditions: This symptom is observed when end-to-end continuity check (EndCC) Operation, Administration, and Maintenance (OAM) failure traps are configured on a permanent virtual circuit (PVC). OAM CC cells are sent every two seconds instead of every one second on an 8-port OC-3 ATM line card. Additionally, the OAM CC cells are not sent after approximately two minutes when the PVC goes down after the line protocol has gone down.
Workaround: There is no workaround.
•
Symptoms: A High-Speed Serial Interface (HSSI) may stop transmitting traffic for some time and then recover. When the HSSI stops transmitting traffic, the output of the show interfaces privileged EXEC command displays the following message: "Output queue 40/40."
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when saving the configuration to NVRAM.
Conditions: This symptom is observed on a Cisco router that is configured with the service compress-config global configuration command.
Workaround: Enter the no service compress-config global configuration command.
Alternate workaround: Use the boot config filename nvbypass global configuration command.
•
Symptoms: Multiprotocol Label Switching (MPLS) traffic engineering (TE) Fast Reroute (FRR) may lose all tag labels from a line card.
Conditions: This symptom is observed on a Cisco 12000 series router when the primary tunnel router is reloaded.
Workaround: Disable Packet over SONET (POS) alarm on the protected interface.
Alternate Workaround: Disable Resource Reservation Protocol (RSVP) Hello on the protected interface.
•
Symptoms: A Cisco 12000 series OC-12 ATM line card may reset continuously.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A "device does not contain a valid magic number" message is displayed and an Advanced Technology Attachment (ATA) disk cannot be used to load a router from the command-line interface (CLI) or the ROM monitor (ROMmon).
Conditions: This symptom is observed when the ROMmon is upgraded from Gigabit Route Processor (GRP) ROM version 181 to GRP ROM version 183.
Workaround: Revert to GRP ROM version 181.
Alternate Workaround: Enter the following commands on the router:
boot system tftp filename [ip-address]
boot system disk0: filename
Enter a dummy IP address for the ip-address argument of the boot system tftp filename [ip-address] global configuration command, and enter the name of the Cisco IOS image that you want to load for the filename argument of the boot system disk0: filename global configuration command.
•
Symptoms: The show interfaces accounting EXEC command displays double the number of incoming packets.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series 4-port OC-12 ATM line card that is configured for the Carrier Supporting Carrier (CSC) feature may reset or report an error.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(22)S3 and that is functioning as a customer carrier customer edge (CE) router. This symptom occurs after entering the no mpls ip global configuration command followed by the mpls ip global configuration command.
Workaround: There is no workaround.
•
Symptoms: When Stateful Switchover (SSO) is configured and you enter the hw-module reload privileged EXEC command on a 4-port OC3 ATM line card before the standby Route Processor (RP) has come up completely, the standby RP may reload.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: The ATM interface input queue on a Cisco 7200 series may be wedged at "76/75" when it receives Operation, Administration, and Maintenance (OAM) continuity check (CC) cells. This situation causes all permanent virtual circuits (PVCs) to go down.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(13)T and that is configured with an Enhanced ATM port adapter (ATM PA-A3).
Workaround: Terminate the CC cell generation at the remote end.
•
Symptoms: When you configure additional access control entry (ACE) entries with Layer 4 fields on a 128-line input access control list (ACL) that is configured on an Engine 4 plus (E4+) line card, the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series 10-port 1-Gigabit Ethernet E4+ line card.
Workaround: Do not add more than 128 ACEs with Layer 4 fields. If more than 128 ACEs with Layer 4 fields are required, remove the ACL form the E4+ line card, add the ACEs with Layer 4 fields, and then reapply the ACL to the line card.
•
Symptoms: The following error message may be displayed when a multilink interface is shut down:
CPUHOG. %SYS-3-CPUHOG: Task ran for 2480 msec (3/2), process = MultilinkConditions: This symptom is observed when the state of a multilink interface changes, such as when the multilink interface comes up or goes down.
Workaround: There is no workaround for the CPU hog condition. However, if any application or routing protocol is affected by this CPU hog condition in the form of timeouts, the timers for the application or routing protocol can be incremented to workaround the CPU hog condition.
•
Symptoms: The mplsVrflfUp MIB notification from the PPVPN-MPLS-VPN-MIB MIB is not sent on certain interfaces.
Conditions: This symptom is observed on certain versions of T1, E1, or Packet over SONET (POS) interfaces.
Workaround: The linkUp notification from the interfaces MIB may be used to notify a user when an interface transitions to the "operationally up" state.
•
Symptoms: An ATM interface does not come up after a Cisco 10000 series router has reloaded.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: An Engine 4 Plus (E4+) Packet over SONET (POS) line card may reload when the access control list (ACL) of a port is changed.
Conditions: This symptom is observed when the ACL of a port is CHANGED when there already is an ACL configured on the port of an E4+ POS line card.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) card may reload if a large access control list (ACL) is applied using the no-merge option.
Conditions: This symptom is observed if a large ACL is applied using the no-merge option on a Cisco 12000 series ISE-based card while the hw-module slot number tcam compile acl no-merge global configuration command is configured.
Workaround: Disable the no-merge option by entering the no hw-module slot number tcam compile acl no-merge global configuration command to cause the ACL to be merged. The merging or optimization of the ACL may help reduce the size of the entries in the ternary content addressable memory (TCAM) or alter the size of the ACL to fit the TCAM.
•
Symptoms: At the console of a Cisco 10720 router that is functioning as a headend router for multiple Multiprotocol Label Switching-traffic engineering (MPLS-TE) tunnels, a "complex_restart" message may appear when the Parallel Express Forwarding (PXF) processor reloads. When this situation occurs, the following entries are displayed in the error log:
%TOASTER-2-FAULT: T0 IHB Exception: watchdog
%TOASTER-2-FAULT: T1 IHB Exception: watchdog
%TOASTER-2-FAULT: T0 IHB Exception: watchdog
%TOASTER-2-FAULT: T1 IHB Exception: watchdog
%CAMR_POS_OC48-3-INTERR: POS uplink internal error
POS_TX_VA_SC_NO_EOP(code 2)
%Camr_VA-3-STATUS1: Van Allen Data integrity error
VA_LK_IPM_RD_ACC_TIMER_EXP(code 2)Conditions: This symptom is observed in an MPLS-TE configuration with 300 tunnels.
Workaround: There is no workaround.
•
Symptoms: A 6-port channelized T3 (CT3) line card may display the following error alarm message when it declares a DS3 loss of frame failure:
%C10K_ALARM-6-INFO: ASSERT MAJOR T3 4/0/0 Far End Loss Of Frame FailureThe error alarm message reports a far-end loss of frame failure even though it is the near end that has declared a loss of frame failure.
Similarly, when the near end receives a remote indication alarm (RAI), the following message is displayed:
Far End Remote Alarm Indication AlarmConditions: This symptom is observed on the 6-port CT3 line card of a Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may fail because of a bus error while an online insertion and removal (OIR) is in progress.
Conditions: This symptom is observed on a Cisco 12000 series when the show environment command is being executed while an OIR is in progress.
Workaround: Do not perform an OIR when the show environment command is being executed.
•
Symptoms: Line cards and the standby Route Processor (RP) may reload when the show cef interface events EXEC command is entered.
Conditions: This symptom is observed when the show cef interface events EXEC command is entered on the Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A 4-port OC-48 Packet over SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you have reloaded microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S and that is functioning as a provider edge (PE) router in a carrier supporting carrier configuration when the 4-port OC-48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.
•
Symptoms: Line cards may pause indefinitely in the STARTFABM state after a Route Processor Redundancy (RPR) switchover from the Performance Route Processor (PRP) to the Gigabit Route Processor (GRP) occurs.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When a crashinfo file writes to an Advanced Technology Attachment (ATA) Flash disk, the file on the ATA Flash disk may be corrupt and unusable.
Conditions: This symptom is observed on any Cisco device that enables the crashinfo file to be written to an ATA Flash disk.
Workaround: There is no workaround.
•
Symptoms: If the no shutdown interface configuration command is entered on interfaces that are already in the "up" state, the interfaces enter the "down" state.
Conditions: This symptom is observed on the interfaces of a 16-port OC-3 Packet over SONET (POS) line card that is installed on a Cisco 12000 series.
Workaround: Reload the router to bring up the interfaces.
•
Symptoms: The following objects are not supported in the ENTITY-MIB:
–
–
–
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: The values of the objects listed above can be displayed by entering the show c7200 privileged EXEC command or the show diag EXEC command.
•
Symptoms: The entPhysicalIsFRU object in the ENTITY-MIB MIB displays a "false" attribute for all objects even though some of the objects are field-replaceable unit (FRU) objects.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: A T1 or E1 link that is configured under AU-4-TUG-3 controllers 4 through 12 on a 1-port channelized OC-12 line card that is using Synchronous Digital Hierarchy (SDH) framing may not come up.
Conditions: This symptom is observed on a Cisco 10000 series when the 1-port channelized OC-12 line card is connected to a third-party vendor device. Note that the symptom does not occur when you use AU-4-TUG-3 controllers 1 through 3.
Workaround: There is no workaround.
•
Symptoms: A line card may reload when an output access control list (ACL) is replaced or removed.
Conditions: This symptom is observed on the Engine 4 (E4) Packet over SONET (POS) modular Gigabit Ethernet and Fast Ethernet interface of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A slave Route Switch Processor (RSP) may reload, and the following error message may be displayed on the master RSP console:
%HA-3-SYNC_ERROR: Parser no matchConditions: This symptom is observed when the copy slot0: running-config EXEC command or the copy slot0: startup-config EXEC command is entered on a Cisco 7500 series that is configured to operate in the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: A T3 link on a 4-port channelized OC-3 line card may not come up under Synchronous Digital Hierarchy (SDH) framing.
Conditions: This symptom is observed on a Cisco 10000 series when the 4-port channelized OC-3 line card interoperates with third-party vendor test equipment.
Workaround: Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the AU-4-TUG-3 controller that contains the T3 link.
•
Symptoms: When Open Shortest Path First (OSPF) load balancing is configured between two Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers, all traffic is dropped at the input interface because of an unreachable destination.
Information about the dropped traffic can be viewed by entering the show hardware pxf cpu statistics interface detail EXEC command. There is a label value for the destination in Cisco Express Forwarding (CEF) for the ingress PE router, but there is no corresponding value in the Parallel Express Forwarding (PXF) output of the show hardware pxf cpu cef ip-prefix [mask] privileged EXEC command. There is a "flags:Drop[2]" entry in the PXF output.
Conditions: This symptom is observed when recursive load balancing is used in OSPF between the provider edge (PE) router and the destination.
Workaround: Do not configure load sharing.
•
Symptoms: A Cisco 7200 series router will cause IP Header Compression (IPHC) regression test failures.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.0 S. Because fast-switched packets are counted as process-switched packets, the symptom is observed only on M4T interfaces.
Workaround: There is no workaround.
•
Symptoms: A Gigabit Ethernet Engine 2 or an Engine 4 plus line card may reload when you perform an online insertion and removal (OIR) of the Clock and Scheduler Card (CSC).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A console may pause indefinitely and an image reload cannot be performed after the reload privileged EXEC command is entered.
Conditions: This symptom is observed when an 8-port Fast Ethernet half-height line card (8fastethernet-1) is physically present.
Workaround: Send a break to the console to cause the console to return to the ROM monitor (ROMmon) mode, and then proceed with the loading of the image.
•
Symptoms: Packet throttling is activated because of congestion, even when not configured as shown by the following error message:
%LC_CX3-4-THROTTLE: Packet throttling activated due to congestionConditions: This symptom is observed on a Cisco 12416 router that is configured with 200 Border Gateway Protocol (BGP) peers containing three 6xCT3 line cards, each configured with an even distribution of ~1500 frame relay subinterfaces.
Workaround: There is no workaround.
•
Symptoms: A router may fail to handle the Label Withdraw if the Label Withdraw Message is received with a Forwarding Equivalence Class (FEC) type length value (TLV) and a no Label TLV. The router may generate an error message that is similar to the following if a withdraw failure occurs:
%LDP-3-UNKNOWN_MPLS_APP: ldp label withdraw message from 1.1.1.1:0; list type 7; afam 1;Conditions: This symptom is observed on a Cisco router that is running Multiprotocol Label Switching (MPLS) and the Label Distribution Protocol (LDP).
Workaround: There is no workaround.
•
Symptoms: A multicast packet that has a destination MAC address of "0100.5e00.0002" may be dropped.
Conditions: This symptom is observed on the 4-port Gigabit Ethernet Plus 8-port Fast Ethernet access card.
Workaround: There is no workaround.
•
Symptoms: The old online insertion and removal (OIR) removal synchronization is processed after the completion of standby initialization.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: IP multicast hardware counter memory is not freed on an Engine 4/4 Plus line card after multicast routes are cleared from the routing table.
Conditions: This symptom only occurs when the Engine 4/4Plus line card runs out of mtrie node memory, for example when the routes in the router are more than the line card can handle.
Workaround: There is no workaround.
•
Symptoms: If a 3-port Gigabit Ethernet (GE) Engine 2 (E2) line card is configured for dot1q VLAN operation and an inbound access control list (ACL) is applied to the main interface, the line card will be paused by the Gigabit Route Processor (GRP), reporting Fabric Unicast timeout errors. Note that 3-port GE E2 line cards do not support per subinterface ACL processing.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S or a later release with both normal and extended ACLs. The line card will continue to pause until the ACL is either removed from the interface configuration or ACL is removed from the configuration using the no access- list access-list-number global configuration command.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: Incorrect output access control list (ACL) behavior and packet loss may be observed on a router.
Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S1 if all of the following conditions are present:
–
–
–
When all the conditions are present, traffic that is destined for the prefix will be dropped on the ingress line card.
Workaround: Remove the loadsharing configuration so that there is only one path to the destination.
•
Symptoms: When you use the break key to reset the secondary Gigabit Route Processor (GRP) on a Cisco 12000 series that is configured with two GRPs, the primary GRP may first pause and then reload when the following watchdog timeout occurs:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout process = Fabric pingThis situation may impact the process of replacing a defective secondary GRP.
Conditions: This symptom is observed regardless of the redundancy mode (Route Processor Redundancy [RPR], Route Processor Redundancy Plus [RPR+], or Stateful Switchover [SSO]).
Workaround: There is no workaround.
•
Symptoms: "IBC divert PAK" and "Camr-3-INTPROC" errors may occur.
Conditions: This symptom is observed on a Cisco 10720 router.
Workaround: There is no workaround.
•
Symptoms: Self pings and back-to-back pings may not work as expected.
Conditions: This symptom is observed only when ATM adaptation layer 5 (AAL5) Network Layer Protocol ID (NLPID) encapsulation is used on a Cisco router.
Workaround: There is no workaround.
•
Symptoms: Line cards on a router may reload if the clear cef linecard EXEC command is entered without specifying the slot number of the line card.
Conditions: This symptom is observed on the 4-port Gigabit Ethernet IP Services Engine (ISE) line card (4GE-SFP-LC) of a Cisco router with 1k IP version 6 (IPv6) subinterface installed when there is no traffic present.
Workaround: Avoid using the clear cef linecard EXEC command.
•
Symptoms: IP version 6 (IPv6) traffic may corrupt of non-IPv6 traffic.
Conditions: This symptom is observed primarily with small IPv6 packets.
Workaround: There is no workaround.
•
Symptoms: The following error message may be observed on a line card:
%SLOT n: .... : %LC-3-ERRRECOVER: Corrected a transient error on line card.This error may be observed even though an actual hardware error has not occurred on the line card. If a hardware error does occur, it will generate additional error messages to identify the source of the hardware error in addition to the error message listed above.
Conditions: This symptom may be observed on a Cisco Engine 0 line card when a feature that requires a micro code change is configured.
Workaround: There is no workaround. Ignore the error message.
•
Symptoms: Pings from a customer edge (CE) router may fail in the Any Transport over Multiprotocol Label Switching (AToM) network.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.
Workaround: There is no workaround.
•
Symptoms: The integrity of the payload may not be retained on a Cisco 10720 that runs Cisco IOS Release 12.0(24)S.
Conditions: This symptom is observed on Cisco 10700 series that is operating in the Ethernet over Multiprotocol Label Switching (EoMPLS) port mode with a Packet over SONET (POS) interface that is connected to a Multiprotocol Label Switching (MPLS) backbone.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series Internet router line card, the fabric error reporting message is not being turned on after system startup.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S6, Release 12.0(21)ST6, or Release 12.0(23)S2.
Workaround: Physically remove and insert the backup Clock Scheduler Card (CSC) or any Switch Fabric Card (SFC). This will re enable the line card error reporting mechanism.
Alternate workaround: Enter the hw-module shutdown EXEC command on the backup CSC or on any SFC. This will also re enable the line card error reporting mechanism.
•
Symptoms: Multiprotocol Label Switching (MPLS) aware NetFlow does not update per-protocol flow statistics that are displayed in the header block in the output of the show ip cache flow EXEC command:
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-BGP 1497 0.0 1 49 0.0 0.0 15.4Conditions: This symptom is observed on a Cisco 12000 series line card.
Workaround: There is no workaround.
•
Symptoms: When a link between two interfaces is brought up by following a specific sequence of events, one side of the link displays a persistent alarm indication signal (AIS) that cannot be cleared without a reload of the line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router with the pos ais-shut command configured on an Engine 4 (E4) or E4+ line card interface.
Workaround: Remove the pos ais-shut interface configuration command.
•
Symptom: Starting with Cisco IOS Release 12.0(23)S, Cisco 12000 series Internet router ATM interfaces generate F4 segment Operation, Administration, and Maintenance (OAM) loopback cells. If the connected ATM switch does not support the F4 segment loopback cells, permanent virtual paths (PVPs) on the router ATM interface may not be brought up.
Condition: This symptom is observed when ATM PVPs are configured on Cisco 12000 series Internet router ATM interfaces. The connected ATM switch does not support F4 segment loopback.
Workaround: Downgrade to Cisco IOS Release 12.0(22)S or earlier releases in which the F4 OutSegloop (Segment Loopback) cell is not generated.
•
Symptoms: A router may reload during a class of service (CoS) update in a Weighted Random Early Detection (WRED) drops routine, although CoS and WRED are not configured on the router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: A router may incorrectly move a default static route from an upstream router to another upstream router and then back again, and may continue to flap the route every 60 seconds.
Conditions: This symptom is observed in the following configuration:
A Cisco router (referred to as router A) is connected to two upstream routers (referred to as router B and router C) via a common interface. Router A is configured with two default recursive static routes, one via an address that is advertised by router B, the other one via an address that is advertised by router C.
The administrative distances of the static routes are set in such a way that if both router B and router C are reachable, router A installs the default static route via router B. If router B becomes unreachable, router A installs the default static route via router C.
Router B is advertising X::1. Router C is advertising X::2. Router A is configured in the following way:
ipv6 route ::/0 X::1
ipv6 route ::/0 X::2 2When router B stops advertising X::1, router A removes the default static route via router B and installs the default static via router C. This is correct behavior. However, 60 seconds after the transition, router A incorrectly reinstalls the default static route via router B and removes the default static route via router C. Another 60 seconds later, router A removes the static route via router B and reinstalls the static route via router C. This route flap occurs every 60 seconds.
Possible Workaround: Do not rely on recursive static routes for the default route. For example, configure Interior Gateway Protocol (IGP) on routers B and C to advertise the default route. Appropriate configuration of metrics may ensure that the default route via router B is preferred to the one via router C, providing the same preference as the one that is obtained via static routes.
•
Symptoms: A Versatile Interface Processor (VIP) may reload.
Conditions: This symptom is observed on a VIP if Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or the Egress NetFlow.
•
Symptoms: Parallel Express Forwarding (PXF) reloads with software exception type 0x680 in column 5 (T1RxC1).
Conditions: This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(21)ST5.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) traffic or MPLS Virtual Private Network (VPN) traffic is being forwarded by a Cisco 10720 router, about 50 percent of multicast traffic will be punted to a Route Processor (RP) and forwarded by the RP. The expected behavior is that multicast traffic should be forwarded by Parallel Express Forwarding (PXF) as long as a multicast route (mroute) entry exists. If many packets are punted to the RP, and the RP queue is congested, some of the multicast traffic that is being punted to the RP will be dropped. For example, multicast traffic may be dropped from a multicast application such as video or TV broadcast.
Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(22)S, Release 12.0(23)S1, or Release 12.0(24)S when the following conditions are met:
–
–
Workaround: Stop the MPLS or MPLS VPN traffic.
•
Symptoms: "No Card" is displayed when entering the show running-config EXEC command.
Conditions: This symptom is observed on a Cisco 10000 series edge services router (ESR) when attempting to provision a 24-port channelized E1/T1 line card.
Workaround: There is no workaround.
•
Symptoms: Traffic may not always match to the correct class.
Conditions: This symptom is observed on a Cisco 12000 series Internet router. When the match access-group class-map configuration command is used, one of the access control lists (ACLs) is not defined.
Workaround: Define each ACL.
•
Symptoms: Traffic and routing outage may be observed on a router for several minutes.
Conditions: This symptom is observed on a Cisco 12000 series when a line card reload event is triggered by an uncorrected soft memory error and by a simultaneously bounding policy-based routing (PBR) policy that is on an IP Services Engine (ISE) interface.
The uncorrected soft memory error trigger is observed to occur before the trigger that is caused by the simultaneously bounding policy-based routing policy.
Workaround: There is no workaround.
•
Symptoms: Some multilink interfaces may stop passing traffic.
Conditions: This symptom may be observed when a router boots up or when the flexible WAN module (FlexWAN) is reloaded.
Workaround: Manually reconfigure the multilink interface.
•
Symptoms: Operation, Administration, and Maintenance (OAM) loopback cells are treated incorrectly as data packet counters by Segmentation and Reassembly (SAR).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A single access control list (ACL) with multiple TCP flags may not function properly on an Engine 4 plus line card.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Divide the single ACL with multiple TCP flags into multiple ACLs with one TCP flag per ACL.
•
Symptoms: Object identifiers (OIDs) for the CISCO-ATM-PVCTRAP-EXTN-MIB MIB cannot be accessed.
Conditions: This symptom is observed with the CISCO-ATM-PVCTRAP-EXTN-MIB MIB. The MIB number of the CISCO-ATM-PVCTRAP-EXTN-MIB MIB has to be updated with the MIB number of the approved MIB.
Workaround: There is no workaround.
•
Symptoms: Some ATM subinterfaces may stop forwarding traffic and display the following console message:
%PM622-3-SAR_OPEN_VC_ERR: SAR:(4/0) open tx vc (open vc tunnel) failed: vcid: 250 Event: 0x4014C488 0x0000029E 0x00000480 0x00FA0277Conditions: This symptom is observed when the class of service (CoS) queues from the service policy are deleted and the new CoS queues are provisioned while there is traffic present.
Workaround: Reload the microcode on the line card.
Alternate Workaround: Delete the existing service policy completely and then reapply the service policy instead of modifying the existing service policy.
TCP/IP Host-Mode Services
•
Symptoms: A router may reload while you change the maximum transmission unit (MTU) size to 64 bytes on an OC-12 or OC-24 Packet over SONET (POS) interface.
Conditions: This symptom is observed on a Cisco 10000 series router or a Cisco 12000 series router when Multiprotocol Label Switching (MPLS) is enabled on the interface.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(24)S
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(24)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: The Compression Control Protocol (CCP) may restart on a router.
Conditions: This symptom is observed on a Cisco 7500 series router that has fair queueing, distributed Cisco Express Forwarding (dCEF), and compression enabled on a serial interface.
Workaround: Enter the no fair-queue command on the serial interface.
•
Symptoms: A Simple Network Management Protocol version 3 (SNMPv3) user configuration is changed when a router is reloaded.
Conditions: This symptom is observed when an SNMPv3 user is created using message digest 5 (MD5) authentication by entering the following commands:
Router#snmp group groupy v3 auth
Router#snmp user abcdefghij groupy v3 auth md5 abcdefghijThe engine ID is then changed by entering the following command:
snmp-server engineID local 00000009020000024B0008FE
An SNMP walk is performed by entering the following command, the configuration is saved, and the router is reloaded.
Router#snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l AuthNoPriv device-nameThe SNMP walk is successful and the following debug header output is displayed when the debug snmp EXEC command is entered:
Incoming SNMP packet: v3 packet security model: v3 security level: auth username: abcdefghijThe router is reloaded and a second SNMP walk is performed by entering the following command:
Router#snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l AuthNoPriv device-nameAfter the second SNMP walk is performed, the command does not generate any output and the following debug header output is displayed when the debug snmp EXEC command is entered:
Incoming SNMP packet: v3 packet security model: v3 security level: noauth: username: abcdefghijWorkaround: Do not change the default engine identity (ID).
•
Symptoms: When an autoinstallation is performed on a router, the router successfully downloads the configuration but pauses to display the "Do you want to enter the initial configuration dialog?" prompt. The router boots up completely only after the "n" character is issued at the prompt.
Conditions: This symptom is observed on a Cisco 2621 router that is running Cisco IOS Release 12.2(6). This symptom occurs if the downloaded configuration contains an encapsulation type that is different from the encapsulation type that is configured on the peer router to which the Cisco 2621 is connected.
Workaround: Ensure that the encapsulation type that is on the downloaded configuration is the same as the encapsulation type that is on the peer router.
•
Symptoms: When a Cisco router is reloaded, the rtr schedule operation [start-time hh:mm [month day]] global configuration command is not loaded into the running configuration from NVRAM, and the "The date and time must be set first" message is displayed even though the calendar and Network Time Protocol (NTP) have been set.
Conditions: These symptoms have been observed on a Cisco router that is running Cisco Service Assurance Agent (SA Agent) when the collection time is being manually configured with the rtr schedule operation [start-time hh:mm [month day]] global configuration command.
Workaround: There is no workaround.
•
Symptoms: Memory allocation failures occur on a Cisco router that has authentication, authorization, and accounting (AAA) configured, and "%SYS-2- MALLOCFAIL" messages are displayed. When you enter the show memory summary command, the command output shows that many small blocks are used by the AAA processes.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(15)S3.
Workaround: There is no workaround.
•
Symptoms: The cache error recover function (CERF) is disabled after a Cisco 7200 series router is reloaded. This symptom is observed after CERF is enabled, written into the startup configuration, and the router is reloaded.
The output of the show memory cache error-recovery EXEC command may indicate that the commands are disabled after the router is reloaded:
no memory cache error-recovery L3 data no memory cache error-recovery options nvram-report no memory cache error-recovery options parity-check memory cache error-recovery options window 0 memory cache error-recovery options max-recoveries 0Conditions: This symptom is observed on a Cisco 7200 series router that is using a Network Processing Engine (NPE-300) that has 32 MB of memory in the dual in-line memory module (DIMM2).
Workaround: Install 64 MB of memory in the DIMM2.
•
Symptoms: A "%SNMP-3-CPUHOG: Processing GetNext of ciscoFlashDeviceEntry.5.8" error message is displayed during a Simple Network Management Protocol (SNMP) query on ciscoFlashDeviceEntry.
Conditions: These symptoms can occur on any Cisco router that is running Cisco IOS software.
Temporary Workaround: Exclude ciscoFlashMIB by entering the snmp-server global configuration command. If SNMP must be enabled on the Flash devices, then there is no workaround.
•
Symptoms The show bootflash: chips EXEC command may cause subsequent commands such as the show bootflash all EXEC command to fail.
Conditions This symptom is observed on a Cisco router that has a Route Switch Processor (RSP8) and that is running Cisco IOS Release 12.2(6d) or Release 12.2(6f). This symptom occurred only because the bootflash module was flawed.
Workaround Enter the show version EXEC command to restore the router to normal operating condition.
•
Symptoms: A linkDown trap is not generated for the highest layer if that layer goes down. For example, if a single serial interface on a T1 connection goes down with the trap throttle enabled, no linkDown trap is generated for that serial interface. linkUp traps are generated.
Conditions: These symptoms have been observed on a Cisco router that is using Simple Network Management Protocol (SNMP) linkDown traps and has the trap throttle feature enabled with "snmp ifmib trap throttle" in the configuration.
Workaround: Use the show interfaces privileged EXEC command or the MIB object ifOperStatus to poll the status of the interface.
•
Symptoms: A memory leak in the ISDN process may cause a Cisco router that is operating under stress conditions to reload.
Conditions: This symptom is observed when more than one host that uses the Simple Network Management Protocol version 1 (SNMPv1) security model is configured on the router by entering the snmp-server host host-addr global configuration command such as in the following configuration:
snmp-server host 10.30.50.41
snmp-server host 10.30.50.40Workaround: Remove the multiple instances of configured SNMPv1 hosts. Only one host should be specified in the running configuration by entering the snmp-server host host-addr global configuration command.
•
Symptoms: Executing an snmpwalk command on loopback interfaces does not yield any results.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Execute the snmpwalk command on the physical interfaces instead.
•
Symptom: A Versatile Interface Processor (VIP) may reload unexpectedly if the following sequence is performed:
1) Enable distributed Cisco Express Forwarding (dCEF) by entering the ip cef distributed global configuration command.
2) Disable the NetFlow Flow-cache or NetFlow switching for IP routing (using the no ip route-cache flow global configuration command).
3) Configure Cisco Express Forwarding (CEF) using the ip cef global configuration command.
4) Re-enable dCEF by entering the ip cef distributed global configuration command.
5) Re-enable ip flow-cache commands, or enter the ip route-cache flow command.
6) Configure CEF using the ip cef global configuration command.
Conditions: This symptom was observed by Cisco internal testing using VIP software, version 12.0(22.4)S.
Workaround: Re-enable ip flow-cache or ip route-cache flow commands before re-enabling dCEF, or upgrade to Release 12.0(23)S2 (recommended). This issue is resolved in 12.0(24)S.
•
Symptoms: A large number of memory allocation failed messages appear during the Cisco Discovery Protocol (CDP) process. The following message is displayed:
Nov 14 18:12:36: %SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from 0x605111F0, pool Processor, alignment 0 -Process= "CDP Protocol", ipl= 0, pid= 42 -Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: This symptom is observed on a Cisco 7513 router that is running Cisco IOS Release 12.0(17)ST.
Workaround: There is no workaround.
•
Symptoms: Any Cisco router that is running Cisco IOS Release 12.0(24)S may reload when of ISDN-related commands are configured. The router may reload upon boot if ISDN commands are present in the startup configuration. The following error message may be seen:
%SYS-2-STACK_OVERRUN: Stack of process 'ISDN' corruptedConditions: This symptom occurs only with ISDN commands.
Workaround: There is no workaround.
•
Symptoms: A counter overflow error occurs on IP protocol with serial interface port adapters.
Conditions: This symptom, when present, occurs primarily on Cisco 7500 series routers.
Workaround: There is no workaround for the noncompression-related counter inaccuracies.
•
Symptoms: A Cisco router may reload upon setting and creating new entries in snmpTargetAddrTable. This operation is completed using Simple Network Management Protocol Version 3 (SNMPv3).
Conditions: This symptom is observed on Cisco hardware.
Workaround: There is no workaround.
•
Symptoms: The ifIndex Persistence feature does not function after a switchover.
Conditions: This symptom is observed in a high availability (HA) Stateful Switchover (SSO) environment.
Workaround: To reenable the ifIndex Persistence feature, enter the write memory EXEC command after the switchover.
•
Symptoms: The ENTITY MIB fails to recognize redundant power supplies and recognizes only one power supply. In addition, the power supply, fans, and chassis interface are displayed as non field-replaceable units (non-FRUs).
Conditions: This symptom is observed on a Cisco 7507 and a Cisco 7513 router.
Workaround: There is no workaround.
•
Symptoms: Cisco IOS software fails to set up the Gigabit Ethernet Interface Processor (GEIP) MIBs correctly on a Cisco 7500 series router.
Conditions: This symptom is observed when the hierarchy on the GEIP is incorrect; the port adapter and interface are shown at the same level as the GEIP. The GEIP should be at the top of the hierarchy, followed by the port adapter, followed by the interface.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: The Open Shortest Path First (OSPF) network ip-address wildcard-mask area area-id router configuration command is accepted in an active Route Processor (RP) but not properly synchronized to the standby RP. The first command that you enter is synchronized correctly to the standby RP, but commands that are subsequently entered are not properly synchronized to the standby RP.
Conditions: This symptom is observed on a Cisco 12000 series router when Stateful Switchover (SSO) is enabled.
Workaround: There is no workaround.
•
Symptoms: The copy file running-config command execution time is prolonged significantly for certain configurations, and the configuration will not be in sync if the copy process is stopped forcefully.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: Execute the copy command before booting up standby route processor (RP), and all the configurations will be synced via the bulk sync process.
•
Symptoms: A policy map with multiple class maps does not synchronize correctly with a standby route processor (RP).
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Reload the standby RP.
•
Symptoms: A memory leak of about 0.5 MB occurs in the "Pre Command NV Buffer" process.
Conditions: This symptom is observed when you connect to a Cisco 12000 series Route Processor (RP) through a vty.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may pause indefinitely in rare traffic conditions.
Conditions: This symptom is observed on a Cisco 7200 series router that is using an MPA-CE1 port adapter. This condition occurs if weighted fair queueing (WFQ) or Multilink PPP (MLP) is mixed with pure FIFO queueing on the configured channels.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router that is functioning as a provider edge (PE) router may zero out all the contents of the packet beyond the ATM adaptation layer 5 (AAL5) header when Cisco Express Forwarding (CEF) is switching an IP packet from a customer edge (CE) router to a remote Virtual Private Network (VPN) destination.
Conditions: This symptom is observed when the input port adapter is the i82543- based 2-port Fast Ethernet port adapter (PA-2FE) I/O controller.
Workaround: There is no workaround.
•
Symptoms: The single-port Fast Ethernet 100BASETX port adapter (PA-FE-TX) of a Cisco 7206VXR router that has a Network Processing Engine (NPE-300) may stop receiving burst traffic packets.
Conditions: This symptom is observed on a PA-FE-TX.
Workaround: Clear by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-FE-TX interface.
•
Symptoms: A port adapter may stop receiving packets. When this symptom occurs, the output of the show interface EXEC command does not report any input or output drops. When the show controller EXEC command is issued on the Versatile Interface Processor (VIP) console of a router, the command output may display incrementing rx_no_buffer and virtual circuit connection (VCC) counts.
Conditions: This symptom is observed on an enhanced ATM Port Adapter (PA-A3) on a Cisco 7500 router.
Workaround: Bounce the port adapter interface by issuing the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: Traceback messages that are related to memory allocation are displayed when a channelized T1 (CT1) or a channelized E1(CE1) port adapter is shut down.
Conditions: This symptom is observed on a Cisco 7200 router that is connected to a Cisco 2600 router through an ISDN switch.
Workaround: There is no workaround.
•
Symptoms: Packet drops may be observed.
Conditions: This symptom is observed on a channelized T1 (CT1) interface between a provider edge router (PE) and a customer edge (CE) router.
Workaround: There is no workaround.
•
Symptoms: Ethernet over Multiprotocol Label Switching (EoMPLS) functionality may break on a Gigabit Ethernet port adapter (PA-GE) because of loss of the promiscuous mode on a Cisco 7200 series or Cisco 7500 series router. The output of the show controller interface command displays the status of the promiscuous mode on the interface.
Conditions: This symptom is observed on a Cisco 7200 series router that is running the c7200-p-mz image of Cisco IOS Release 12.0(22)SY and that is configured with a PA-GE.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: When you reload a Cisco 7500 series Versatile Interface Processor (VIP) or a Cisco 12000 series line card that is configured with VLAN subinterfaces that are in a shutdown state, the VLAN interfaces become active again.
Conditions: This symptom is observed on distributed Cisco IOS platforms, such as the Cisco 7500 series router and the Cisco 12000 series router.
Workaround: After the VIP or the line card has reloaded, enter the no shutdown interface configuration command followed by the shutdown interface configuration command for the affected subinterfaces.
•
Symptoms: When you configure more than 64 Inter-Switch Link (ISL) VLANs, a Versatile Interface Processor (VIP) may reload.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: Use only dot1q encapsulation.
•
Symptoms: Packets are process switched instead of switched via Cisco Express Forwarding (CEF) using the route cache.
Conditions: This symptom is observed when packets are received on a dot1q Virtual Private Network (VPN) routing/forwarding (VRF) interface on a Gigabit Ethernet (GE) I/O controller on a Cisco 7200 series router that is functioning as a provider edge (PE) router and the packets are destined to leave via the unencapsulated main GE interface on an uplink to a provider (P) router. Packets that are destined to leave on other uplinks to the P router are properly switched via CEF using the route cache.
Workaround: There is no workaround.
•
Symptoms: A channelized T1 connection does not come up.
Conditions: This symptom has been observed on a Cisco 7500 router that is running the rsp-jsv-mz software image.
Workaround: Enter the shutdown command followed by the no shutdown command in controller configuration mode.
•
Symptoms: Operation, Administration, and Maintenance (OAM) transparent forwarding fails when the PA-A3-OC12-MM card is used for the provider edge and provider (PE-P) and provider edge and customer edge ((PE-CE) links. Packets arrive on the PE after the remote CE loops back the cells. The PE fails to forward the packets to the originating CE.
Conditions: This symptom occurs during an ATM adaptation layer 5 (AAL5) packet over Multiprotocol Label Switching (MPLS) event.
Workaround: There is no workaround.
•
Symptoms: In an ATM adaptation layer 5 (AAL5) over Multiprotocol Label Switching (MPLS) situation, Operation, Administration, and Maintenance (OAM) cells are dropped when a provider edge (PE) router should switch them toward the customer edge (CE) router from the core.
Conditions: This symptom occurs when the Cisco 7200 VXR PE router has an Inverse Multiplexing over ATM (IMA) link to the CE.
Workaround: There is no workaround.
•
Symptoms: An ATM interface may not come up after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered.
Conditions: This symptom is observed on a Catalyst 5000 Route Switch Module (RSM) that is running Cisco IOS Release 12.2(10).
Workaround: There is no workaround.
•
Symptoms: Pings with packet sizes greater than 1496 bytes may fail.
Conditions: This symptom is observed on Ethernet 802.1Q subinterfaces.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A packet that is destined for a next hop may not be policy-routed.
Conditions: These symptoms are observed when you enable policy routing on a Fast Ethernet Inter-Switch Link (ISL) subinterface.
Workaround: There is no workaround.
•
Symptoms: An external Autonomous System Boundary Router (ASBR) may choose a suboptimal path for an external type 2 route.
Conditions: This symptom is observed on an ASBR router that is situated external to a network that has several Area Border Routers (ABRs).
Workaround: There is no workaround.
•
Symptoms: If a Cisco 12000 series Internet router sends a default-information originate command via Border Gateway Protocol (BGP), the default route is learned correctly but entered incorrectly as "0.0.0.0/7" in the BGP routing table. This behavior may cause a problem in another router because that other router does not have a correct default route.
The other issue is that if a default route is configured on this router and also other prefixes of the form 0.0.0.0/X with prefix length X in the range 1 to 32 and not including 0 (for example 0.0.0.0/20), then the default route does not work properly because the other 0.0.0.0/X routes might be chosen as the default route instead of 0.0.0.0/0. The default route 0.0.0.0/0 is not propagated in the BGP updates to the neighboring BGP peers.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: Enter a static default route.
Alternate Workaround: Configure an access control list (ACL) to prevent the propagation from the "0.0.0.0/7" route:
configure bgp route filtering
neighbor 192.168.200.17 distribute-list 155 in
access-list 155 deny ip host 0.0.0.0 host 254.0.0.0
access-list 155 permit ip any any•
Symptoms: When an Internet Group Management Protocol (IGMP) receive is issued on the incoming interface toward the Route Processor (RP), and a (S,G) R state already exists for a source, the R flag does not clear. The receiver does not receive traffic for that particular (S,G) entry.
Conditions: This symptom causes the receiver to not receive traffic for this (S,G) entry.
Workaround: Change the position of the RP to prevent this symptom from occurring.
•
Symptoms: When a router that is running Resource Reservation Protocol (RSVP) originates a reservation confirm (ResvConfirm) message, the next-hop downstream router may drop the ResvConfirm message and produce a debug output similar to the following:
RSVP 10.15.222.69_17152-10.15.94.239_19522: Received RESV CONFIRM message without Router-Alert option - ignoring.
As a result, Voice over IP (VoIP) telephone calls that are using RSVP may not complete.
Conditions: This symptom is observed when the router that is generating the ResvConfirm message is running a Cisco IOS release earlier than Release 12.2 (13)T1 and the router that is receiving the ResvConfirm message is running Release 12.2(11.3)T1 or a release between Release 12.2(13)T1 and Release 12.2 (13)T.
Workaround: Use the same Cisco IOS release on all routers that are capable of running RSVP in the network.
•
Symptoms: A Cisco 12416 router may reload because of a watchdog timeout in the Border Gateway Protocol (BGP) I/O process.
Conditions: This symptom is observed when a Cisco 12416 router that is configured with 575 BGP peers and three 1-port OC-12 ATM line cards, each of which is configured with 500 ATM permanent virtual connection (PVC) subinterfaces, is booted with Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel may take three minutes to recover after a neighboring interface flaps.
Conditions: This symptom is observed when you enter the shutdown interface configuration command immediately followed by the no shutdown interface configuration command on the neighboring Packet-over-SONET (POS) interface. The headend may not immediately tear down the link-state packet (LSP) and may be stuck for up to three minutes after the physical interface comes back up.
Workaround: Configure the neighboring POS interface with the pos ais- shut interface configuration command.
•
Symptoms: After a Border Gateway Protocol (BGP) neighbor resets, CPU utilization may run very high on a Cisco 12000 series router.
Conditions: This symptom is observed when the default- metric BGP command is enabled in the BGP router configuration.
Workaround: There is no workaround.
•
Symptoms: The Forwarding Information Base (FIB) table on a Cisco 12000 series Gigabit Route Processor (GRP) may be missing entries for directly connected subnets.
Conditions: This symptom is observed on a Cisco 12000 series router after you have removed a large number of routes.
Workaround: Enter the clear ip route network EXEC command for the affected prefixes. The following is an example:
Router#show ip cef 10.2.0.4 255.255.255.224 % Prefix not found
Router#clear ip route 10.2.0.4 255.255.255.224
Router#show ip cef 10.2.0.4 255.255.255.224 10.2.0.4/30, version 285154, epoch 0, attached, connected, cached adjacency to POS1/0 0 packets, 0 bytes via POS1/0, 0 dependencies valid cached adjacency•
Symptoms: The Multicast Broader Gateway Protocol (MBGP) default route is advertised as 0.0.0.0/0 to a Protocol Independent Multicast (PIM) neighbor, but the MBGP default route is not considered for a multicast Reverse Path Forwarding (RPF) check on the router.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(10).
Workaround: Use static routes, redistribution, or network statements by entering the address-family ipv4 multicast global configuration command.
•
Symptoms: A router that is running Multiprotocol Label Switching (MPLS)- Traffic Engineering (TE) reloads when it handles an incoming PATH TEAR message while a Resource Reservation Protocol (RSVP) Reservation State Block (RSB) data structure is being cleaned up.
Conditions: This symptom is observed when a large number of development test cases are run back to back.
Workaround: Run the test cases individually.
•
Symptoms: The IP version 6 (IPv6) Border Gateway Protocol (BGP) router-reflector function is broken.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router may reload when an interface flaps.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S during multicast traffic.
Workaround: There is no workaround.
•
Symptoms: Traffic to downstream routers may be cut off.
Conditions: This symptom is observed when a router has a bidirectional rendezvous point for a group range that covers a Source Specific Multicast (SSM) range when the router receives an SSM join message and it does not yet have the group state created. In this situation, the router rejects the SSM join message and causes traffic to downstream routers to be cut off.
Workaround: There is no workaround.
•
Symptoms: Enhanced Interior Gateway Routing Protocol (EIGRP) resets the routing table when you enter the write memory EXEC command, write terminal EXEC command, or show running-config privileged EXEC command.
Conditions: This symptom is observed on a Cisco 7505, Cisco 7507, and Cisco 7513 router.
Workaround: There is no workaround.
•
Symptoms: Transit traffic that uses Open Shortest Path First (OSPF) routes may be briefly interrupted after consecutive switchovers. This interruption affects only OSPF configurations with message-digest authentication.
Conditions: This symptom occurs in Cisco IOS Release 12.0(22)S when message-digest authentication is configured for OSPF and when more than one Route Processor (RP) switchover occurs within minutes of each other.
Workaround: There is no workaround. However, to prevent future traffic interruptions on subsequent switchovers, disable message-digest authentication for OSPF.
•
Symptoms: When a neighbor under VPN routing/forwarding (VRF) is configured using the bgp graceful-restart command in router configuration mode, the session does not begin. A notification regarding wrong OPEN message is generated.
Conditions: This symptom is observed only when the router is configured using the bgp graceful-restart command.
Workaround: There is no workaround
VPN routing/forwarding
•
Symptoms: Using the show ip ospf database [asbr-summary | external | nssa-external | router | summary] command may cause a reload because of a bus error.
Conditions: This symptom occurs when the command is used to display the contents of a malformed link-state advertisement (LSA) when the size of the LSA is not a multiple of 4.
Workaround: There is no workaround.
•
Symptoms: When two interconnected routers perform Route Processor (RP) switchover at the same time, some Open Shortest Path First (OSPF) routes are lost.
Conditions: This symptom occurs if both routers are configured with Nonstop Forwarding (NSF) using the router ospf global configuration command.
Workaround: Issue the clear ip ospf proc or clear ip route * commands on the affected routers.
•
Symptoms: When the customer edge (CE) peer of a provider edge (PE) router has the neighbor default-originate router configuration command enabled, which enables the PE router to send the default route to the CE, the default route may be sent with the wrong mask (255). When this situation occurs, the CE router sends a notification that states that an illegal network entry has occurred and flaps the session.
Conditions: This symptom is observed on a Cisco 7200 series router that functions as a PE router but may also occur on another platform that functions as a PE router.
Workaround: There is no workaround.
•
Symptoms: A Border Gateway Protocol (BGP) session reset occurs because of a notification that indicates a defective OPEN message.
Conditions: This symptom occurs when using the both option in the following command in router configuration mode:
neighbor ip-address [capability] orf prefix-filter [receive | send | both]
Workaround: Configure only the receive or send options of the neighbor orf prefix-filter command.
•
Symptoms: A software-forced reload may occur on a router.
Conditions: This symptom is observed on a Cisco router when a register message is received.
Workaround: There is no workaround.
•
Symptoms: An unusually formatted Multicast Source Discovery Protocol (MSDP) packet may cause a memory corruption to occur and a router to reload.
Conditions: These symptoms are observed on a Cisco router that has a peer relationship with a vendor router.
Workaround: If this symptom is observed on a Cisco router that has a peer relationship with vendor router, enter the ip msdp shutdown peer-address global configuration command to shut down the peer relationship with the vendor router.
•
Symptoms: A Cisco router that is functioning as a dedicated Border Gateway Protocol (BGP) Route Reflector (RR) in a network that is configured for BGP may display a message very similar to the following one on its console:
%SYS-3-CPUHOG: Task ran for 30020 msec (6/6), process = BGP Router, PC = 6080D21C.When the message is displayed, the BGP router process causes the CPU utilization of the router to become high for one to several minutes, depending on the number of prefixes, neighbors, and updates.
Conditions: This symptom is observed when the router is running Cisco IOS Release 12.0(22)S or a later release, when it has a large number of neighbors that are configured in peer groups or update groups, when it has a large number of prefixes to send or receive, and when most of the neighbors start at the same time, or when the BGP sessions of the neighbors are reset at the same time using the clear ip bgp * EXEC command.
The symptom is also observed in the above-mentioned network topology when the client of a BGP RR is reset using the clear ip bgp * EXEC command.
Workaround: Do not reset all the BGP neighbor routers at the same time when RRs are used in a BGP configuration.
Alternate Workaround: Use Cisco IOS Release 12.0 ST.
•
Symptoms: The distribute-list 10 in ethernet 10 route configuration command may not be saved under a Virtual Private Network (VPN) routing/forwarding (VRF) instance.
Conditions: The conditions under which this symptom is observed are unknown at this time.
Workaround: Use the distribute-list 10 router configuration command instead.
•
Symptoms: A useless partial Shortest Path First (SPF) calculation may occur.
Conditions: This symptom is observed when an Open Shortest Path First (OSPF) link-state advertisement (LSA) for a 0.0.0.0 destination is refreshed.
Workaround: Use a static default route.
•
Symptoms: The following messages are seen when any one of the following items are done while there is a large amount of multicast route (mroute) state:
–
–
–
–
%SYS-5-CONFIG_I: Configured from console by console
%IPC-5-SLAVELOG: VIP-SLOT0:
%IPC-2-NOMEM: No memory available for getbuffer failsConditions: This symptom is observed on a Cisco 7500 series router experiencing high CPU utilization (up to ~100%) due to IP configuration.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a router.
Conditions: This symptom is observed on a Cisco router when a no ip pim bidir-enable is executed on the console window when another terminal window is displaying the output from show ip pim interface df.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
1.
Conditions 1: This symptom is observed when RSVP forwards a ResvError for a wildcard-filter (WF) style reservation.
Workaround 1: There is no workaround.
2.
Conditions 2: This symptom is observed when RSVP sends a ResvTear message for a traffic engineering (TE) tunnel.
Workaround 2: There is no workaround.
3.
Conditions 3: This symptom is observed when RSVP sends a ResvConfirm message from a router that is acting as an RSVP receiver endpoint that was configured with the ip rsvp reservation-host global configuration command.
Possible Workaround 3: Enter the ip rsvp reservation global configuration command or the ip rsvp listener global configuration command instead of the ip rsvp reservation-host global configuration command.
•
Symptoms: Configuring OSPF (Open Shortest Path First) sham links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment may cause a memory leak in the OSPF router process.
Conditions: This symptom is observed in a MPLS-VPN environment. The area [area- id] sham-link [source-address] [destination-address] cost [number] global configuration command is used and OSPF adjacency is formed over the sham-link. Each time an OSPF acknowledgment is sent over the sham-link, some memory is allocated that is never freed.
Workaround: There is no workaround.
•
Symptoms: The neighbor ip-address capability router configuration command or the neighbor ip-address send- label router configuration command cannot be configured.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(12.10)T1.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: When the Intermediate System-to-Intermediate System (IS-IS) routing protocol with "nsf cisco" and "isis circuit-type level-2-only" is run on a point-to-point interface, the adjacency on the interface may flap following a Route Processor (RP) switchover. This flapping may cause a traffic forwarding interruption.
Conditions: This condition occurs on the Cisco 7500 series, Cisco 10000 series Edge Services (ESR), and Cisco 12000 series Internet router.
Workaround: Configure "isis circuit-type level-1-2" on point-to-point interfaces while using "nsf cisco," or configure "nsf ietf" and wait more than 10 minutes between RP switchovers.
•
Symptoms: On a Cisco router, Intermediate System-to-Intermediate System Version 6 (IS-ISv6) routes may not be inserted in the IPv6 routing table after a reload or after a neighbor's interface state changes. This symptom affects only configurations with level-2-only links.
Conditions: This symptom may be observed on Cisco routers that are running Cisco IOS Release 12.0(22)S.
Workaround: Use the clear isis * EXEC command after a reload or after a topology change. Use level 1-2 links.
•
Symptoms: A Route Processor (RP) may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with dual route processors (RPs) in Stateful Switchover (SSO) mode and that has about 200 Intermediate System-to-Intermediate System (IS-IS) neighbors when Nonstop Forwarding (NSF) is configured under the IS-IS process.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco router might reload with a bus error.
Conditions: This symptom is observed while you are switching encapsulation between High-Level Data Link Control (HDLC) and Frame Relay on an interface that has been configured with the ip rtp header-compression interface configuration command without the ip tcp header-compression interface configuration command.
Workaround: Enter the ip tcp header-compression command before switching encapsulation.
•
Symptoms: A router may transmit bit errors.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1 and that has a serial 1DS3 or 2DS3 port adapter (PA-T3 or PA- 2T3) when the signal is below 0.5 decibels (dB).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.
•
Symptoms: On a router that has static Address Resolution Protocol (ARP) entries configured, the router may fail to use the static ARP entries immediately.
Conditions: This symptom is observed on a Cisco router if CEF is enabled manually or if the router is reloaded with Cisco Express Forwarding (CEF) enabled.
Workaround: Disable CEF on the router by entering the no ip cef global configuration command.
•
Symptoms: Incoming tagged packets that are Inter-Switch Link (ISL) encapsulated on a Cisco 7200 series router and go out tagged on a subinterface that is running ISL are dropped at the next hop because of cyclic redundancy check (CRC) errors.
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: Pattern loss may occur on a T1 channel that is configured under a Virtual Tributary level 1.5 (VT1.5) stream on a router line card when you use the clock source internal controller configuration command.
Conditions: This symptom is observed on a Cisco 10000 series 1-port channelized OC-12 line card.
Workaround: Use the clock source line controller configuration command.
•
Symptoms: An Automatic Protection Switching (APS) mode is not restored to its default.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with a channelized OC-12 line card. The symptom occurs when the APS mode is fist configured to send a Line Alarm Indicator Signal (LAIS) and is then unconfigured to do so.
Workaround: Enter the aps mode linear 1+1 nonreverting unidirectional interface configuration command.
•
Symptoms: An interface may experience an output queue that becomes wedged after a few minutes. The following command output is displayed after the show interface fast 0/1 EXEC command is entered:
FastEthernet0/1 is up, line protocol is up Queueing strategy: fifo Output queue 40/40, 66826 drops; input queue 0/75, 0 drops
Conditions This symptom is observed on a Fast Ethernet or Gigabit Ethernet interface with an i82543 chip that is running Cisco IOS Release 12.2(1).
Workaround There is no workaround.
•
Symptoms: Label controlled ATM (LC-ATM) is not supported on a router.
Conditions: This symptom is observed on a router that has Stateful SwitchOver (SSO) enabled. Attempting to configure LC-ATM with SSO enabled will result in a warning message being displayed on the console.
Workaround: There is no workaround.
•
Symptoms: A tag does not come up after a flap occurs on an IP-to-Multiprotocol- Label-Switching (MPLS) multivirtual circuit.
Conditions: This symptom is observed in Cisco IOS Release 12.2(10.1)T and Release 12.2(10.3)T1.
Workaround: There is no workaround.
•
Symptoms: Intermittent IP packet loss may occur in the traffic that is passing via a generic routing encapsulation (GRE) tunnel and that is terminated on a Multilayer Switch Feature Card 2 (MSFC2).
Conditions: This symptom is observed when Cisco Express Forwarding (CEF) is not enabled on the outgoing VLAN interface and the packets are fast switched or process switched. When the outgoing interface of the GRE tunnel is a Packet- over-SONET interface, the symptom does not occur.
Workaround: Enable CEF on the outgoing interface of the GRE tunnel.
•
Symptoms: Source/destination pairs may not be switched in hardware and may receive degraded service.
Conditions: This symptom is observed when IP version 6 (IPv6) load balancing is performed with 3 paths on a Cisco 12000 series Engine 3 line card and occurs on source/destination pairs that hash to 15. The symptom does not occur when load balancing is performed with 1, 2, 5, or 8 paths.
Workaround: There is no workaround.
•
Symptoms: The watchdog timer may time out when IP traffic is sent over an interface using X.25 encapsulation.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(10.8).
Workaround: There is no workaround.
•
Symptoms: Routes from a remote customer edge (CE) router may not appear on another CE router. Or, routes from a remote CE router may appear on another CE router, but the addresses from the remote CE router cannot be pinged. Virtual Private Network (VPN) routes between the CEs may be lost.
Conditions: These symptoms are observed when the MPLS VPN Inter-ASуIPv4 BGP Label Distribution feature is enabled on two Multiprotocol Label Switching (MPLS) VPN autonomous systems that are separated by a non-MPLS VPN autonomous system, and when the interfaces on the autonomous system border routers (ASBRs) between the MPLS VPN autonomous systems and the non-MPLS VPN autonomous system are interfaces of 3-port Gigabit Ethernet line cards. The ASBR routers are Cisco 12406 routers that are running the gsr-p-mz image of Cisco IOS Release 12.0(22.1)S1.
In the above-mentioned topology, if you enter the clear ip route * EXEC command on any of the ASBRs or CE routers, VPN routes between the CEs may be lost.
Workaround: Do not enter the clear ip route * EXEC command on any of the ASBRs or CE routers.
If you need to enter the clear ip route * EXEC command, reload the ASBR router on each side of the Gigabit Ethernet link (that is, the ASBR at the side of the MPLS VPN autonomous system and the ASBR at the side of the non-MPLS VPN autonomous system).
Note: Reloading a router may have a severe impact upon a network and its users, depending upon the topology and the time of day.
•
Symptoms: A software-forced reload may occur on a Cisco 7206VXR because of I/O memory corruption and redzone overrun.
Conditions: This symptom is observed on a Cisco 7206VXR that is running Cisco IOS Release 12.1(4)XZ6.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) adjacencies may not be formed for static-neighbor MAC/IP address mappings.
Conditions: This symptom is observed on a Cisco 7200 series router in a configuration with IP version 6 (IPv6) and 802.1Q.
Workaround: To establish the missing adjacencies, enter the shutdown controller configuration command followed by the no shutdown controller configuration command on an interface after the system has fully booted.
Alternate Workaround: To establish the missing adjacencies, enter the clear adjacency EXEC command.
•
Symptoms: Under some circumstances on the Cisco Catalyst 6500, the HW forwarding information base (FIB) points to an incorrect adjacency entry when a recursive lookup is involved.
Conditions: This symptom is observed only where there is multilevel recursion and load balancing for a given route.
Workaround: This condition can be cleared by entering the clear ip route privileged EXEC command. This will rebuild the HW forwarding and adjacency tables again. The best workaround is to specify an interface in the static route (if used for the dependent route), for example:
ip route 10.10.10.10 255.255.255.0 FastEthernet3/1•
Symptoms: The convergence time after four Stateful Switchovers (SSOs) on a Cisco 10000 series edge services router is 11 seconds but should never be longer than 10 seconds.
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: There is no workaround.
•
Symptoms: An IronBus error occurs on a Cisco 10000 series 1-port channelized OC-12 line card. The console log shows the following information:
%C10KEVENTMGR-1-IRONBUS_FAULT: Ironbus Event 2/1, Restarting Ironbus
%IPCGRP-3-SYSCALL: System call for command 203 (slot2/0) : ipc_send_rpc_blocked failed (Cause: timeout)
-Traceback= 603C4208 603C4698 603C53E8 6013BFC0 60089C64 600248D4 60024C4C 6035270C 603526F8 %IPCOIR-3-TIMEOUT: Timeout waiting for a response from slot 2/0.
%IPCOIR-2-CARD_UP_DOWN: Card in slot 2/0 is down. Notifying 1choc12-1 driver.
%C10K_ALARM-6-INFO: ASSERT CRITICAL slot 2 Card Stopped Responding OIR Alarm
%IPCOIR-5-CARD_DETECTED: Card type 1choc12-1 (0x1BB) in slot 2/0
%IPCOIR-5-CARD_LOADING: Loading card in slot 2/0 %C10K-5-LC_NOTICE: Slot[2/0] 1choc12-1 Image Downloaded...Booting...
%PXF_DMA-3-IRONBUS_NOTRUNNING: Data path to slot 2/1 failed to synchronize (TIB Not Running)Conditions: This symptom is observed on a Cisco 10000 series edge services router when you copy a configuration for creating 768 DS0 interfaces under a Virtual Tributary (VT) on the 1-port channelized OC-12 line card onto the running configuration.
Workaround: Limit the number of DS0 interfaces to 575 or fewer.
•
Symptoms: A memory allocation failure (MALLOCFAIL) may occur in a Turbo access control list (ACL) because of lack of memory.
Conditions: This symptom is observed when the Turbo ACL table is being recompiled.
Workaround: There is no workaround.
•
Symptoms: When PPP encapsulation is enabled on Section Data Communications Channel (SDCC) interfaces on an OC-48 line card, connectivity is lost.
Conditions: This symptom is observed on a Cisco 10000 series router.
Workaround: Use only High-Level Data Link Control (HDLC) encapsulation.
•
Symptoms: When Multiprotocol Label Switching traffic engineering (MPLS TE) reoptimizes to a PPP link that just came up, traffic may be dropped for up to 1 minute.
Conditions: This symptom is observed when Label Distribution Protocol (LDP) is enabled.
Workaround: Use High-Level Data Link Control (HDLC).
Alternate Workaround: Disable LDP.
•
Symptoms: Configuring 6000 Access Control Entry (ACE) entries or more in an access control list (ACL) causes Cisco IOS software to reload.
Conditions: This symptom is observed on a Cisco 10000 series router that is configured with a Performance Routing Engine 1 or 2 (PRE1 or PRE2).
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series router that is functioning as a provider edge (PE) router and that is configured with Engine 2 line cards in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) environment, route aggregation in Border Gateway Protocol (BGP) breaks connectivity because the more specific routes are not in the BGP VPN routing/forwarding (VRF) table.
Conditions: This symptom is observed when there are multiple customer edge (CE) routers attached to a 3-port Gigabit Ethernet line card, when route aggregation is used in the BGP IP version 4 (IPv4) VRF address family, and when more specific routes are suppressed.
Workaround: Ensure that the more specific routes are imported into the BGP VRF table by either redistribution or network statements.
•
Symptoms: An interface of a Cisco 10000 series channelized T3 (CT3) line card may not dequeue packets. When the link on a CT3 card flaps, one or more interfaces may not recover. The output queue of the interface may become full with PPP/High-Level Data Link Control (HDLC) packets and may stay in the "Up/Down" state.
Conditions: These symptoms are observed when a chip of a third-party vendor on a Cisco 10000 series CT3 line card is defective.
Workaround: There is no workaround; return the CT3 line card for repair.
The fix for this caveat adds a software procedure that periodically checks if the pointers that link the partial packet buffer RAM blocks are becoming corrupted. When a corrupted pointer is detected, the associated interface is removed and then replaced, which may cause the interface to be incapable of transmitting traffic for up to 10 seconds. When this condition is detected and repaired, a message is logged to the Route Processor and the line card log to notify the user.
•
Symptoms: Border Gateway Protocol (BGP) policy accounting counters on a 3-port Gigabit Ethernet line card increment incorrectly.
The output of the show cef interface type number statistics EXEC command displays that the average rate of index 1 through 3 is about 200 to 300 Mbps while the actual traffic is about 400 kbps.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) may become disabled on the Versatile Interface Processor (VIP) of the Route Switch Processor (RSP).
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(13)T.
Workaround: Reload the line card or reload the Cisco 7500 series.
•
Symptoms: When you upgrade to Cisco IOS Release 12.0(23)S, all previously configured Universal Transport Interface (UTI) tunnels are automatically converted to Layer 2 Tunneling Protocol version 3 (L2TPv3) static tunnels. However, only one single previously configured UTI tunnel on a line card with a customer-facing interface is successfully converted to an L2TPv3 tunnel.
The output of the show 12 command displays the successfully converted L2TPv3 tunnels:
Router#show 12
LocID RemID TunID Username, Intf/ State
Vcid,Circuit
1 1 0 192, Gi1/0.1:1 est
106 106 0 218, PO7/2:106 est
16 16 0 207, PO7/1:16 estThe output of the show ip interface brief include tunnel command displays that the nonconverted tunnels are in an "Up/Up" state; however traffic will not pass through these tunnels:
Router#show ip interface brief include tunnel
Tunnel2 unassigned YES NVRAM up up
Tunnel3 unassigned YES NVRAM up up
Tunnel4 unassigned YES NVRAM up up
Tunnel5 unassigned YES NVRAM up up
Tunnel6 unassigned YES NVRAM up upConditions: This symptom is observed when you upgrade a Cisco 12000 series router to Cisco IOS Release 12.0(23)S.
Workaround: Manually remove the UTI configuration, and configure the L2TPv3 tunnels.
•
Symptoms: A Cisco 12000 series Engine 0 (E0) Packet-over-SONET (POS) line card reloads and causes the router to lose all its routes. A back-to-back ping on other line cards fails and causes Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) to go down.
Conditions: These symptoms are observed when you change the maximum transmission unit (MTU) of a port channel while traffic is flowing.
Workaround: Reload the E0 POS line card.
•
Symptoms: A Cisco 12000 series 4-port ATM line card repeatedly reloads after you have performed a microcode reload.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S when the carrier supporting carrier feature configured on the 4-port ATM line card.
Workaround: There is no workaround.
•
Symptoms: Label controlled ATM (LC-ATM) bindings may not come up after a Stateful Switchover (SSO) is performed.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured with an LC-ATM interface.
Workaround: There is no workaround.
•
Symptoms: Operation, Administration, and Maintenance (OAM)-managed permanent virtual circuits (PVCs) on an 8-port T1 ATM port adapter with Inverse Multiplexing over ATM (IMA). (PA-A3-8T1IMA) or an 8-port E1 ATM port adapter with IMA (PA-A3-8E1IMA) may not come up as expected.
Conditions: This symptom is observed on a PA-A3-8T1IMA or a PA-A3-8E1IMA of a Cisco 7200 series or Cisco 7500 series router that is running Cisco IOS Release 12.2(11.5)T or a later release.
Workaround: There is no workaround.
•
Symptoms: When a channel is shut down while there is a lot of traffic flowing through a 24-port channelized E1/T1 line card at line-rate traffic, the channel may stay down, even after you have entered the no shutdown interface configuration command. Entering the shutdown interface configuration command followed by the no shutdown interface configuration command does not bring the channel back up either.
Conditions: This symptom is observed under rare conditions on a Cisco 1000 series router.
Workaround: Reset the line card.
•
Symptoms: Traffic cannot pass out of a priority queue.
Conditions: This symptom is observed on a Cisco 10000 series router when a priority queue is configured on any interface.
Workaround: There is no workaround.
•
Symptoms: A router may not load balance traffic properly between two OC-48 Packet over SONET (POS) Engine 2 (E2) line cards.
Conditions: This symptom is observed on a Cisco 12416 series Internet router that is running Cisco IOS Release 12.0(21)ST2 and that has two OC-48 POS E2 line cards.
This symptom is observed while the Cisco 12416 has incoming traffic from an Engine 4 (E4) line card and outgoing traffic is sent through the E2 line card via parallel links. This symptom does not occur if the incoming card is replaced with an E2 line card.
Workaround: There is no workaround.
•
Symptoms: A router may fail to provide initial connectivity to customer edge (CE) devices.
Conditions: This symptom is observed on a Cisco 7500 series router that is using Cisco Express Forwarding (CEF) or distributed Cisco Express Forwarding (dCEF) with 802.1q Fast Ethernet and that has the Multiprotocol Label Switching (MPLS) egress NetFlow accounting feature enabled.
Workaround: Ping the CE device from the Cisco 7500, or unconfigure the mpls netflow egress interface configuration command.
•
Symptoms: Virtual Private Network routing/forwarding (VRF) does not function properly on a Frame Relay link between a provider edge (PE) router and a customer edge (CE) router, and the CE router cannot ping the PE router.
Conditions: These symptoms are observed on a Frame Relay link between a Cisco 10000 series router that is functioning as a PE router and another Cisco 10000 series router that is functioning as a CE router.
Workaround: Reload the PE router to make the link between the PE router and the CE router function.
•
Symptoms: Messages that are related to subinterface status changes are logged if a subinterface is brought down because of Operation, Administration, and Maintenance (OAM) management. The messages are logged even though the no logging event subif-link-status interface configuration command is configured.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T.
Workaround: There is no workaround.
•
Symptoms: "CBUS-4-FIXBADTXVC" tracebacks occur when traffic is being passed. These tracebacks have no operational side effects.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S when Xconnect uses Layer 2 Tunneling Protocol version 3 (L2TPv3) for channelized interfaces with PPP or High-Level Data Link Control (HDLC) encapsulation.
Workaround: There is no workaround.
•
Symptoms: A Route Processor (RP) may reload when you install a Flash card in slot 1 of the RP.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: The input queue on a Packet-over-SONET (POS) channel (that is, a physical interface in a channel group) may be wedged.
Conditions: This symptom is observed on a Cisco 12000 series router when you configure a POS channel.
Workaround: There is no workaround.
•
Symptoms: The standby route processor (RP) reloads, and the Clock Scheduler Card (CSC) in slot 16 is configured as the primary CSC instead of the CSC in slot 17.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S after you have reloaded the router.
Workaround: There is no workaround.
•
Symptoms: During Intermediate System-to-Intermediate System (IS-IS) fragmentation through a Layer 2 Tunneling Protocol version 3 (L2TPv3) session, a "%LINK-4-TOOBIG" error may occur.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: You cannot use the set command in the child of a nested policy map. If you attempt to do so, the policy will not be added to the interface command and no error message is generated.
Conditions: This symptom is observed on a Cisco 10000 series router.
Workaround: There is no workaround.
•
Symptoms: Traffic policing may not function.
Conditions: This symptom is observed on the Network Processing Engine (NPE) of a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: If you attach a modular quality of service command-line interface (MQC) service policy to an interface in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) provider edge (PE) route, the interface flaps momentarily.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: Channelized OC-12 interfaces stay down after several switchovers from primary to secondary interfaces.
Conditions: This symptom is observed on a Cisco 10000 series router that has Automatic Protection Switching (APS) configured.
Workaround: There is no workaround.
•
Symptoms: An extended security access control list (ACL) that has the "lt 0" or "gt 65535" keyword should not match any port. However, when you use a Turbo ACL that has the access-list compiled global configuration command enabled, the "lt 0" or "gt 65535" keyword will match any port.
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: Remove the "lt 0" or "gt 65535" keyword.
•
Symptoms: When a Cisco 12000 series Engine 3 line card receives a tag packet with an IP version 4 (IPv4) packet that has options underneath it or with a non-IPv4 packet such as an IP version 6 (IPv6) packet, the packet may be send to the line card CPU for processing.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)ST2.
Workaround: There is no workaround.
•
Symptoms: A router that is running cell-mode tag switching or Multiprotocol Label Switching (MPLS) on a label controlled ATM (LC-ATM) interface may reload when it receives a more specific prefix for a label mapping or binding than the one that is already allocated. For example, the router may reload when it receives the prefix 10.1.1.0/24 if a binding was already allocated for 10.1.1.1/32 on the basis of the routing entry 10.1.0.0/16.
Conditions: This symptom is observed on an Edge Label Switch Router (ELSR) or Label Switch Controller (LSC).
Workaround: There is no workaround for an ELSR. To prevent an LSC from reloading, disable the headend label virtual circuits (LVCs) by entering the tag-switching atm disable-headend-vcs global configuration command.
•
Symptoms: Fast Reroute (FRR) may fail to trigger if the cause of the failure is registered in the Route Processor (RP) when the link state is already down.
Conditions: This symptom may be observed when triggers are delayed, for example when the pos delay triggers interface configuration command is enabled.
Workaround: Disable the pos delay triggers interface configuration command.
•
Symptoms: A Versatile Interface Processor (VIP) may reload because of a direct memory access (DMA) receive error and may display a message that is similar to the following:
CYASIC Error Interrupt register 0x2000000 DMA Receive Error CYASIC Other Interrupt register 0x180 QE HIGH Priority Interrupt Unknown CYA oisr bit 0x00000080 QE RX HIGH Priority Interrupt QE TX HIGH Priority Interrupt CYBUS Error Cmd/Addr 0x8000068, CYBUS Error Data 0x0 MPUIntfc/PacketBus Error register 0x0Conditions: This symptom is observed while there is a large amount of Internet MIX (IMIX) traffic on a 2-port Fast Ethernet port adapter (PA-2FE) installed on the VIP of a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: Traffic engineering (TE) tunnels that are configured by Multiprotocol Label Switching (MPLS) may fail to come up after the MPLS TE configuration is unconfigured and reconfigured.
Conditions: This symptom is observed on a Cisco router that has the Resource Reservation Protocol (RSVP) and MPLS TE configured. The Cisco router is running Cisco IOS Release 12.2(12.04)T. The neighbor database is not reinitialized after the RSVP process is stopped and restarted.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 4 plus Gigabit Ethernet line card may reload.
Conditions: This symptom is observed when you change the maximum transmission unit (MTU) on the line card when traffic is flowing through the interface.
Workaround: There is no workaround.
•
Symptoms: A standby Performance Routing Engine (PRE) may not detect all line cards, which causes traffic not to resume after a Stateful Switchover (SSO) has occurred.
Conditions: This symptom is observed on a Cisco 10000 series router.
Workaround: There is no workaround.
•
Symptoms: There is no local tag in the Label Information Base (LIB) for a prefix or tag that is learned through IP version 4 (IPV4) and Border Gateway Protocol (BGP) and redistributed through the Interior Gateway Protocol (IGP) or Label Distribution Protocol (LDP).
Conditions: This symptom is observed in a setup in which a prefix or tag is learned through IPv4 and BGP and redistributed through the IGP or LDP.
Workaround: There is no workaround.
•
Symptoms: The bindings of a label controlled ATM (LC-ATM) interface may not come up.
Conditions: This symptom is observed after a Stateful Switchover (SSO) on a Cisco 7500 series router that is configured with an LC-ATM interface.
Workaround: There is no workaround.
•
Symptoms: An interface on a 2-port Fast Ethernet port adapter (PA-2FE) may stop transmitting if this interface or the other interface on the same port adapter goes down or flaps under a heavy traffic load. The interface that stops transmitting may display the following messages:
%RSP-3-RESTART: interface FastEthernet3/0/0, not transmitting %RSP-3-RESTART: interface FastEthernet3/0/0, output frozen %RSP-3-RESTART: cbus complexConditions: This symptom is observed on the 2-port Fast Ethernet port adapter (PA-2FE) on a Cisco 7500 series Versatile Interface Processor 4 (VIP4) that is configured with Fast Ether Channel (FEC). This symptom is observed when the port adapter is carrying a heavy traffic load and when part of the traffic is originating from a port adapter (PA-A3) that is located on the same VIP.
Workaround: There is no workaround.
•
Symptoms: If a 128-line input access control list (ACL) is configured on an Engine 2 Quad OC-12 line card that has interfaces configured for Virtual Private Network (VPN) and one subinterface for Frame Relay, the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) entries are not installed correctly for loopback IP version 6 (IPv6) addresses.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: To enable the entries to be installed, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: Spurious access errors may occur on a Cisco 7500series router with distributed Cisco Express Forwarding (dCEF) and Web Cache Communication Protocol (WCCP).
Conditions: This symptom is observed on Cisco 7500 series routers configured with dCEF and WCCP.
Workaround: Disable dCEF on the interfaces that are facing the web cache engines where the spurious access errors occur so that incoming WCCP generic routing encapsulation (GRE) packets are punted to the Route Processor (RP) and CEF switched.
For more information about spurious access errors, see the Cisco document at the following location:
http://www.cisco.com/warp/public/63/spuraccess.html
•
Symptoms: A router may reload when you change the router identity (ID).
Conditions: This symptom is observed when an Any Transport over Multiprotocol Label Switching (AToM) virtual circuit (VC) is operational.
Workaround: To ensure that the router ID is not changed, configure a loopback interface and enter the mpls ldp router-id loopback force command.
•
Symptoms: Pins across a link bundle fail when the attached line cards are either 1-port or 3-port Gigabit Ethernet line cards.
Conditions: This symptom is observed on a connection between two Cisco 12000 series routers with at least one of the routers configured with a Next Generation Release Process (NGRP). The symptom occurs on the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S and later releases.
Workaround: There is no workaround.
•
Symptoms: On an active Route Processor (RP), label virtual circuits (LVCs) are created, but on a standby RP, LVCs are not created and the control virtual circuit (VC) is blocked. When a switchover occurs, LVCs are still present on an ATM line card. Because the Multiprotocol Label Switching (MPLS) feature only deletes tag entries that time out, stray VCs may remain configured on the router without being noticed.
Conditions: These symptoms are observed when tag switching is configured over an ATM interface that is installed in a router that functions in an MPLS environment. When the control VC is set up, ATM LVCs are created automatically when routes are created, but they are only created on the active RP and not on the standby RP.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching Virtual Private Network (MPLS VPN) may not function on the subinterfaces of a 3-port Gigabit Ethernet (GE) line card. Border Gateway Protocol (BGP) becomes stuck in the "open sent" state on a provider edge (PR) router that is connected to one end of the GE link.
Conditions: These symptoms are observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S when Ethernet over MPLS (EoMPLS) microcode is loaded onto the 3-port GE line card.
Workaround: There is no workaround.
•
Symptoms: Packets that are switched from an incoming X.21 interface to an E1 channelized interface may not be sent. Packets that are switched the other way around-from an E1 channelized interface to an X.21 interface-are sent.
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: Traffic is not sent through a network when you use an ATM link between a Cisco customer edge (CE) router and a Cisco provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: When an input access control list (ACL) is configured and multiple broadcast Address Resolution Protocol (ARP) requests are received, packet loss and performance degradation may occur because of a "format error" that is reported in the output of the show ip traffic EXEC command.
Conditions: This symptom is observed when you have enabled NetFlow on an interface of a 1-port Gigabit Ethernet line card that is installed in a Cisco 12000 series that is running Cisco IOS Release 12.0(16)S or Release 12.0 (22)S.
Workaround: Although the condition is triggered by multiple broadcast ARP requests, it only occurs if NetFlow, input ACLs, and ACL hardware checking are configured. Disabling any of these features will prevent the condition from occurring. For example, to remove the ACL hardware checking on the 1-port Gigabit Ethernet line card, enter the no access-list hardware salsa command.
•
Symptoms: Many interprocess communications (IPC) messages are sent to a Cisco 12000 series Gigabit Ethernet (GE) line card, and the nonblocking IPC command queue becomes full.
Conditions: These symptoms are observed on a Cisco 12000 series that is configured with a GE line card when you use TFTP to copy a configuration with many VLANS (that is, 800 or more VLANs) to the running configuration.
Workaround: Copy the configuration with many VLANS to the startup configuration, and reload the router.
•
Symptoms: On a provider edge (PE) router, the IP address of a connected Virtual Private Network routing/forwarding (VRF) interface is not deleted from the Border Gateway Protocol (BGP) table, although the interface configuration was removed when the VRF instance was deleted. This situation prevents the PE router from withdrawing the VRF prefix from the Multiprotocol Interior Border Gateway Protocol (MP-iBGP), and other PE and customer edge (CE) routers continue to list the VRF prefix as a valid route.
Conditions: This symptom is observed on a Cisco 12000 series that is functioning as a PE router.
Possible Workaround: Enter the clear ip bgp * EXEC command.
•
Symptoms: A Cisco 12000 series Engine 2 (E2) line card may reload.
Conditions: This symptom is observed when traffic engineering (TE) metric is used.
Workaround: There is no workaround.
•
Symptoms: Links may not come up, and line cards generate messages that the "check sum" in the User Datagram Protocol (UDP) is incorrect.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) reloads during initialization.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two RPs when the Stateful Switchover (SSO) feature is enabled.
Workaround: There is no workaround.
•
Symptoms: The shadow state on a standby Route Processor (RP) remains down after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the router interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two RPs when the Stateful Switchover (SSO) feature is enabled.
Workaround: There is no workaround.
•
Symptoms: The following error message may be displayed on the console of a standby Performance Routing Engine (PRE):
%CHSTM1-3-STATESYNC: Redundancy state synchronization failure slot 1/0 - (invalid parameters)This message indicates that some of the redundancy features are not functioning correctly on a 1-port channelized OC-12 (1xOC-12) line card.
Conditions: This symptom is observed when at least one 1xOC-12 line card is installed in a Cisco 10000 series router that is configured with redundant PREs.
Workaround: There is no workaround.
•
Symptoms: A switchover from the working interface to the protect interface may take a long time.
Conditions: This symptom is observed on a Cisco 10000 series when the SONET Single Router APS (SR-APS) feature is enabled.
Workaround: A temporary solution is to configure the protect interface as the working interface.
•
Symptoms: A Versatile Interface Processor 2 (VIP2) card may reload after a redundancy-forced switchover. The reload may be observed immediately when the new primary VIP card activates the interfaces after a switchover occurs or when the old primary VIP card boots up.
Conditions: This symptom is observed on the VIP2 card of a Cisco 7500 series that has Route Processor Redundancy Plus (RPR+) and Multiprotocol Label Switching (MPLS) configured. When an MPLS packet arrives on the VIP interface while Cisco Extended Bus (CyBus) is restarting, the VIP may drop all incoming MPLS packets.
This symptom affects VIP modules and other modules such as the Gigabit Ethernet Interface Processor (GEIP).
Workaround: There is no workaround.
•
Symptoms: When you enter a loopback remote line interface configuration command on a 6-port channelized T3 line card, the command may fail and may cause a T1 connection to flap.
Conditions: This symptom is observed on both American National Standards Institute (ANSI) and Bell Communications Research (Bellcore) loopbacks on networks that are sensitive to T1 framing errors.
When you enter the loopback remote line interface configuration command, the line card causes a brief change of frame alignment (COFA) error. Normally, this error goes unnoticed. However, some devices react to these errors with an alarm indication signal (AIS). Each time the loopback request is initiated (that is, if the T1 connection is configured for remote loopbacks each time the T1 connection comes up), the AIS brings the T1 connection down.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) experimental (EXP) bit marking fails with ATM adaptation layer 5 (AAL5), cell relay, and packed cell relay. This situation prevents quality of service (QoS) features from functioning in an ATM Any Transport over MPLS (AToM) environment.
Conditions: This symptom is observed during label imposition in virtual circuit (VC) mode for any ATM transport using AToM.
Workaround: There is no workaround.
•
Symptoms: The following error messages may be generated on a Cisco 12000 series Engine 4 plus (E4+) OC-192 line card:
SLOT 6: %RX192-3-HINTR: status = 0x4000000, mask = 0x7EFFFF FF - Parity error on rx_pbc_mem. -Traceback= 4039CEF0 4044ECEC 400C85B0 SLOT 6:
%SYS-2-INTSCHED: 'sleep for' at level 7 -Process= "CEF IPC Background", ipl= 7, pid= 52 -Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108 SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7 -Process= "CEF IPC Background", ipl= 7, pid= 52 -Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108Cisco Express Forwarding (CEF) on the E4+ OC-192 line card may become disabled, and the associated port stays in an "Up/Up" state.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S3 or the gsr-p-mz image of Cisco IOS Release 12.0(21)ST2.
Workaround: Enter the microcode reload slot- number global configuration command on the E4+ OC-192 line card.
•
Symptoms: A leak may occur in small buffers, and the show buffer EXEC command shows a very large number of small buffers. If this situation occurs, shared memory routers such as the Cisco 7200 series router will run out of I/O memory and the Cisco 7500 series router will run out of main memory. The symptoms are caused by a buffer leak that occurs when a multicast packet cannot be sent.
Conditions: These symptom are observed on a router that has Virtual Private Network routing/forwarding (VRF) instances configured that are Multiprotocol Label Switching (MPLS) multicast enabled.
Workaround: Eliminate the reason why a multicast packet cannot be sent. Ensure that the MPLS multicast peering loopback interface is configured for Protocol Independent Multicast (PIM), that all the appropriate interfaces are configured for PIM, and that PIM adjacencies are formed.
•
Symptoms: Packet and character string counts of very large sizes may occur when there is no traffic.
Conditions: This symptom is observed in Cisco IOS Release 12.0(23)S1.
Workaround: Enter the clear counters EXEC command, and wait about 5 seconds before you enter the show counter command.
First Alternate Workaround: Enter the clear counters EXEC command multiple times until the counters are shown correctly.
Second Alternate Workaround: Disable Cisco Discovery Protocol (CDP).
•
Symptoms: An IP version 6 (IPv6) provider edge (PE) router Multiprotocol Label Switching (MPLS) resolution problem is observed when the path is provided by multiple neighbors.
Conditions: This symptom is observed when more than one Border Gateway Protocol (BGP) PE peer advertises the same prefix to an ingress IPv6 PE router. Typically, this symptom occurs when two route reflectors (RRs) are configured to back up each other.
One of the paths that is received by the ingress IPv6 PE router (from RR1) is selected as the best path while the second path remains in the BGP table. If the path of the BGP peer that was not selected as the best path removes the prefix, MPLS data that is associated with the prefix entry is removed and is not recreated as long as the best path (the path from RR1 in this example) remains unchanged.
Workaround: Manually clear the BGP entry that is on the ingress IPv6 PE router.
•
Symptoms: If a primary Clock Scheduler Card (CSC) is pulled out and reinserted while traffic through an OC-48 line card is running, the inbound traffic will stop being forwarded and the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: When a primary Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel reoptimizes over another link, a traffic drop may occur.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(22)S1 following a Fast Reroute (FRR) operation.
Workaround: Configure the primary label switched path tunnel (LSP tunnel) as an explicit tunnel.
•
Symptoms: Guarantees may not be achieved for some classes for a certain combination of bandwidth assignments within a service policy.
Conditions: This symptom is observed when you use the following bandwidth allocation: class 1, 8 kbps; class 2 64 kbps; class 3 16 kbps; class 4 14 kbps; parent class, 120 kbps.
Workaround: Sightly adjust the bandwidth of one of the classes. In the above example, changing class 3 to 14 kbps or class 4 to 16 kbps would solve the situation.
•
Symptoms: When you reload a Cisco 12000 series that is functioning as a provider edge (PE) router with the MPLS VPN Carrier Supporting Carrier feature enabled and that is connected to another PE router, loss of connectivity may occur.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S1.
Workaround: Disable and reenable the mpls ip global configuration command on the PE router that was not reloaded.
•
Symptoms: Packets are not exported from a Cisco 12000 series 1-port Gigabit Ethernet line card.
Conditions: This symptom is observed when an input access control list (ACL) and Sampled NetFlow (SNF) are configured using the access-list hardware salsa command.
Workaround: There is no workaround.
•
Symptoms: After the line card mode on a 24-port channelized E1/T1 line card is changed from E1 to T1, all controllers remain down.
Conditions: This symptom is observed in a configuration in which two Cisco 10000 series Internet routers are connected back-to-back via 18 of the 24 ports of the channelized E1/T1 line card.
Workaround: First save the desired configuration, and then reload the Cisco IOS software image.
•
Symptoms A Cisco 7206VXR router may reload because of a bus error.
Conditions This symptom is observed when the Cisco 7206VXR router is compiling a turbo access control list (ACL). Large ACLs may cause Parallel Express Forwarding (PXF) memory exhaustion, either when the ACL is defined or when new flows cause incremental ACL compiling. This memory exhaustion leads to a "TALLOCFAIL" error message and the router will subsequently reload.
Workaround To prevent PXF memory depletion, simplify or reduce the number of ACLs.
•
Symptoms: The forwarding of IP version 6 (IPv6) packets from a Cisco 12000 series Engine 3 line card to a Cisco 12000 series Engine 0 line card does not function for certain directly connected hops.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(22)S or Release 12.0(22)S1.
Workaround: There is no workaround.
•
Symptoms: Layer 2 Tunneling Protocol version 3 (L2TPv3) Ethernet Xconnect does not transport 802.3-encapsulated packets such as Systems Network Architecture (SNA) packets, Connectionless Network Protocol (CLNP) packets, and Intermediate System-to-Intermediate System (IS-IS) packets.
Conditions: This symptom is observed on Cisco 7200 series routers and low-end platforms. The symptom is also observed on Cisco 7500 series routers in nondistributed mode.
Workaround: There is no workaround.
•
Symptoms: A line card in a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) or in any connected router may reload because of a fabric ping failure, and the following error message may be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 1: IPC Failure: timeout
%GRP-3-COREDUMP: Core dump incident on slot 1, error: Fabric ping failure (seq:3279)
%GRP-4-RSTSLOT: Resetting the card in the slot: 1,Event: EV_LC_E4_CORE_DUMP_DECLINE_DUPConditions: This symptom is observed on a Cisco 12000 series router that functions as a 6PE router or on any connected router when an IPv6 default route is removed from another 6PE router and traffic is flowing through the IPv6 default route while the route update following the route removal is being processed. When the IPv6 default route is removed, one or more line cards may reload on any router that receives the route update.
Workaround: There is no workaround.
•
Symptoms: All Layer 2 (L2) management packets are dropped. This behavior causes all interfaces that depend upon keepalives to transition to the down state.
Conditions: This symptom is observed on a Cisco 10000 series in a configuration that has a large number of interfaces.
Workaround: There is no workaround.
•
Symptoms: Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) sessions may drop under heavy traffic.
Conditions: This symptom is observed when control virtual circuits (VCs) are created but label virtual circuits (LVCs) are not.
Workaround: Stop the traffic until all the LVCs come up and the label controlled ATM (LC-ATM) link stabilizes.
•
Symptoms: A 2-port Fast Ethernet port adapter (PA-2FE) may stop sending packets.
Conditions: This symptom is observed only when there is a heavy traffic load on the PA-2FE port adapter of a Cisco router.
Workaround: There is no workaround.
•
Symptoms: When you configure Per-Packet Load Balancing (PPLB) and Layer 2 Tunneling Protocol version 3 (L2TPv3) on a 3-port Gigabit Ethernet line card, L2TPv3 may drop packets.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S.
Workaround: Disable PPLB on the line card.
•
Symptoms: Distributed switching may not function for packets.
Conditions: This symptom is observed on a distributed multilink interface on a Cisco 7500 series router that is running Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 router that is configured for High Availability, when you enter the shutdown interface configuration command on a serial interface, the following error message is displayed on the standby Route Processor (RP) and the standby RP reloads:
%HA-2-CCB_PLAYBACK_ERROR: CCB playback failed.Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: An E1 controller that is configured as unframed via the channel-group number unframed configuration command may generate many path code violations, which are displayed in the output of the show controllers e1 EXEC command.
Conditions: This symptom is observed on an E1 controller of an 8-port multichannel E1 port adapter (PA-MC-8E1) that is installed in a Route Switch Processor (RSP).
Workaround: There is no workaround.
•
Symptoms: An Engine 2 Quad OC-12 line card that has interfaces configured for Virtual Private Network (VPN) and that has a Frame Relay subinterface may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S1 when a microcode bundle is configured and loaded onto the Engine 2 Quad OC-12 line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 (E2) line card may display "QM-4-STUCK" error messages, and the line card may stop forwarding traffic.
When Loss of signal (LOS) and loss of frame (LOF) messages are seen on the receive (RX) side and traffic is running through the transmit (TX) side, the TX first-in first-out (FIFO) framer may pause indefinitely. Thereafter, no packets are sent out when the physical layer comes up later.
Conditions: This symptom is observed on a Cisco 12000 series when an adjacent router is booted up.
Workaround: Packets can be sent after the framer TX FIFO bit is reset. The framer TX FIFO bit is reset by performing a microcode reload on the E2 line card.
•
Symptoms: A Cisco 12000 series Engine 2 line card may generate the following error messages:
SLOT 14: %LCPOS-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8001 (1000 0000 0000 00sl, s/l=TooShort/long) SLOT 14: %GSR-3-INTPROC: Process Traceback= 400CCE60 400C90F0 40010A24 -Traceback= 4033F424 4044ED54 400C88B0Conditions: This symptom is observed when you remove and reinsert switch fabric on a Cisco 12000 series while traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 egress line card that is installed in a Cisco 12000 series router that is functioning as a provider edge (PE) router reloads when a customer edge (CE) router starts sending traffic, and the following error messages are generated:
* %LCLOG-3-INVSTATE: LC logger in an invalid state (LC=3,state=WAITING FOR TEXT,msg=MSG START) -Traceback= 503583F8 502F6464 5021C54C 5021C538 SLOT 3: %LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4 SLOT 3:
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C cmd 5 data 0 pipe 0,fs 0,prep 0 (pc 1E5),pop 0 (pc 19C),plu 0,tlu 0,plu sdram 0 adr 0 synd 0 ch *
%GRP-3-FABRIC_UNI: Unicast send timed out (3). * %LCINFO-3-CRASH: Line card in slot 3 crashedConditions: This symptom is observed only when the ip cef accounting non-recursive per-prefix global configuration command is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router may reload when you add and remove a service policy twice on a permanent virtual circuit (PVC).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router may reload because of a redzone corruption.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S1.
Workaround: There is no workaround.
•
Symptoms: A traceback may occur on a Cisco 10000 series router during a postrouter check.
Conditions: This symptom is observed during a test of a 1-port channelized OC- 12 (1xOC-12) line card when data is sent across an Add-Drop Multiplexor (ADM).
Workaround: There is no workaround.
•
Symptoms: An ATM interface may have some initialization difficulties. Although a ping can pass the ATM interface, when the ATM interface sends traffic and the traffic rate is more than 10 packets per second, the packets will be dropped.
Conditions: This symptom is observed randomly. After the router has booted up, some ATM subinterfaces function correctly, whereas some do not.
Workaround: Remove the virtual circuit (VC) under the affected subinterface, and reconfigure the VC.
•
Symptoms: The routes in a Cisco Express Forwarding (CEF) table may be mismatched between the Gigabit Route Processor (GRP) and the line cards. You can clear the mismatch by entering the clear cef linecard EXEC command, but if the routes are relearned, the situation will reoccur.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)S4 or Release 12.0(22)S when an access control list (ACL) is configured to deny Simple Network Management Protocol (SNMP) packets.
Workaround: Disable the ACL that denies the SNMP packets.
Alternate Workaround: Run Cisco IOS Release 12.0(21)S3.
•
Symptoms: Some Virtual Private Network (VPN) packets may be dropped.
Conditions: This symptom is observed when some paths in the software switching path between a local provider edge (PE) router and a remote PE router are not enabled for Multiprotocol Label Switching (MPLS).
Workaround: Enable all paths between the PE routers for MPLS.
•
Symptoms: When you use Frame Relay over Layer 2 Tunneling Protocol version 3 (L2TPv3), the L2TP circuit status does not reflect the bidirectional nature of the Frame Relay permanent virtual circuit (PVC) status. When both Frame Relay segments go down and then one segments comes up again, the L2TP circuit comes up; the PVC status is incorrectly reported as active. The L2TP circuit should remain down until both segments are back up.
Conditions: This symptom is observed when you use Frame Relay over L2TPv3.
Workaround: There is no workaround.
•
Symptoms: When a feature other than the Xconnect for Layer 2 Tunneling Protocol (L2TP) version 3 feature is applied to an Engine 2 (E2) line card, the Internet Control Message Protocol (ICMP) may fail when the maximum transmission unit (MTU) is exceeded.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Remove the non-L2TP version 3 features from the interfaces that have Xconnect enabled.
•
Symptoms: Label Distribution Protocol (LDP) may not have a local label binding for some prefixes, and interautonomous traffic may be lost.
Conditions: This symptom is observed when external Border Gateway Protocol (BGP) label distribution (RFC 3107) is used between two autonomous system boundary routers (ASBRs), when one of the ASBRs is connected to a provider (P) router, and when the prefixes that are learned through external BGP are redistributed in Interior Gateway Protocol (IGP). In this situation, LDP may not have a local label binding for these prefixes.
Workaround: There is no clear workaround; the following workaround may or may not work:
a.
b.
c.
•
Symptoms: Packet drops are observed on a router.
Conditions: This symptom is observed on the Gigabit Ethernet interface of a Cisco 7500 series when Multiprotocol Label Switching (MPLS) traffic is forwarded using Layer 2 Tunnel Protocol (L2TP) version 3 packets.
Workaround: There is no workaround.
•
Symptoms: Any Transport over Multiprotocol Label Switching (AToM) virtual class (VC) label bindings may be discarded.
Conditions: This symptom may be observed if the AToM VC label bindings are received before a Label Distribution Protocol (LDP) initial address message is received.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that is configured with AToM VC label bindings.
•
Symptoms: Error messages that are similar to the following may be displayed on a router:
EE48-3-ALPHA_MCAST: (<SRC_address>:<DST_address>) NULL If InputConditions: This symptom is observed on a Cisco 12000 series that has Engine 3 (E3) cards and that is running Cisco IOS Release 12.0(24)S. This symptom is observed under a transient condition (such as when the cable that sends the multicast packets is removed) while hardware multicast forwarding is enabled on the E3 cards.
Workaround: Disable hardware multicast forwarding.
•
Symptoms: After an access control list (ACL) is applied to the interface of any IP Services Engine (ISE)-based card and the card is restarted with a microcode reload, the ACL will no longer continue to work on the interface of the ISE-based card.
Conditions: This symptom is observed on the interface of an ISE-based card on a Cisco 12000 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface. The ACL should work normally on the interface.
•
Symptoms: NetFlow stops functioning after an online insertion and removal (OIR) of a switch fabric card (SFC).
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Disable and reenable the ip route-cache flow sampled interface configuration command.
•
Symptoms: The Small Form-Factor Plugable (SFP) command-line interface (CLI) is enabled on production images. It should be enabled on nonproduction images and disabled on production images.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: On a dual Route Processor (RP) router with the Route Processor Redundancy Plus (RPR+) feature enabled. if the user sends break on standby RP before it is fully up, then try to enter global config mode, the Active RP hangs.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S. The symptom only occurs if the user sends break on standby RP before it is fully up, then try to enter global config mode.
Workaround: There is no workaround.
•
Symptoms: On a dual Route Processor (RP) router that has the Route Processor Redundancy Plus (RPR+) feature enabled, the configuration synchronization may fail when two break instances are sent on the standby RP.
Conditions: This symptom is observed on a Cisco 12000 series only if the user sends two break instances on the standby RP.
Workaround: There is no workaround.
•
Symptoms: An OC-12 Dynamic Packet Transport (DPT) line card may reload when IP version 6 (IPv6) is configured on the interface.
Conditions: This symptom is observed when IPv6 traffic enters the interface.
Workaround: Unconfigure IPv6 on the interface, and use tunnels instead.
•
Symptoms: A Gigabit Route Processor (GRP) or line card may reload during Fast Reroute (FRR) failover.
Conditions: This symptom is observed on a Cisco 12000 series that is configured for Multiprotocol Label Switching traffic engineering (MPLS TE) with Fast Reroute (FRR).
Workaround: There is no workaround.
•
Symptoms: Pings may cause the queue depth counter to enter the negative range after the number reaches "-76".
Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 Packet-over-SONET (POS) line card reloads.
Conditions: This symptom is observed on an Engine 4 POS line card in a Cisco 12000 series router during several online insertion and removal (OIR) procedures on a Clock Scheduler Card (CSC).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 2 line card may incorrectly drop all packets that are destined for the router. This condition may result in the loss of routing protocol packets, and the protocol connectivity with neighbors may reset.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(18)ST or a later release, or Release 12.0(22)S or a later release when heavy utilization of the CPU of the line card occurs.
Workaround: There is no workaround.
•
Symptoms: The Internet Control Message Protocol (ICMP) "fragmentation needed" message is not generated and sent to a customer edge (CE) router because the Path Maximum Transmission Unit Discovery (PMTUD) does not set the maximum transmission unit (MTU) value for all session types and line card types when the path MTU in the core has Multiprotocol Label Switching (MPLS) backbone links that require label imposition in the core.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 (E2) OC-48 Spatial Reuse Protocol (SRP) line card may not establish neighbors within the Dynamic Packet Transport (DPT) ring.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is functioning as a provider edge (PE) router may install an outgoing point of presence (POP) label instead of an outgoing aggregate label for a connected Virtual Private Network (VPN) routing/forwarding (VRF) route.
Conditions: This symptom is observed in a carrier supporting carriers topology with a Cisco router that is running Cisco IOS Release 12.2(12.10)T1 and that is functioning as a PE router.
Temporary Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration on the VRF interface until the symptom occurs again.
Alternate Temporary Workaround: Reload the router. However, after having done so, when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the VRF interface the symptom will occur again.
•
Symptoms: A line card reloads when you enter the shutdown PVC range configuration command followed by the no shutdown PVC range configuration command on a permanent virtual circuit (PVC) through which traffic flows.
Conditions: This symptom is observed only when there are multiple PVCs configured and does not occur when a single PVC is shut down and brought up again.
Workaround: There is no workaround.
•
Symptoms: A channelized T3 (CT3) line card may send two interprocess communications (IPC) responses for the same command after the show controller t3 dial-shelf/slot/t3-port detail options privileged EXEC command is entered. This behavior may cause the Route Processor (RP) to pause indefinitely for a minute.
Conditions: This symptom is observed on the CT3 line card of a Cisco 10000 series.
Workaround: Avoid entering the show controller t3 dial-shelf/slot/t3-port detail options privileged EXEC command.
•
Symptoms: The Binary Synchronous Communications (Bisync) IP (BIP) counter displays a value of 46623 instead of 5.
Conditions: This symptom is observed on a Cisco 10000 series 4-port channelized OC-3 (4xOC-3) line card.
Workaround: There is no workaround.
•
Symptoms: Second generation Packet over SONET (POS) errors may be observed on a server card. The sessions on the server card may fail, and the server card may reload.
Conditions: This symptom is observed on the 3-port Gigabit Ethernet line card of a Cisco 12000 series. This symptom is observed when the 3-port Gigabit Ethernet line card is used with Layer 2 Tunneling Protocol (L2TP) version 3 as a VLAN or for a port-based session.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed after a traffic engineering (TE) tunnel interface changes to the connected state.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that is configured with dual Route Processors (RPs), the standby RP remains at the initialization state after a switchover has occurred. The peer state is "standby cold", which prevents future Stateful Switchovers (SSOs).
Conditions: This symptom is observed when you use the redundancy force-switchover privileged EXEC command to force a switchover.
Workaround: Reload the standby RP.
•
Symptoms: A permanent virtual circuit (PVC) on a standby Route Processor (RP) may go down after the oam-pvc manage interface-ATM-VC configuration command is enabled. This behavior may cause the RP to take a longer time to be brought up after an RP switchover occurs. Traffic on a Cisco 12000 series router or Cisco 10000 series Edge Services Router (ESR) may be interrupted for about 10 seconds when this behavior occurs.
Conditions: This symptom is observed on the standby RP of a Cisco 10000 series that is running Cisco IOS Release 12.0(23)S.
Workaround: Enter the no oam-pvc manage interface-ATM-VC configuration command to disable generation of Operation, Administration, and Maintenance (OAM) loopback cells and OAM management on the ATM PVC.
•
Symptoms: When an input access control list (ACL) is configured and the ip unreachables interface configuration command is enabled (which is enabled by default) on an interface, a low rate of packet leakage occurs for those packets that are dropped by the ACL. The rate is the same or less than the expected rate of Internet Control Message Protocol (ICMP) unreachable packets that are sent back to the source. The leak occurs only for IP packets (without the IP Header [L3] option) that have a size that is smaller than 56 bytes.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S on a Cisco 12000 series 4-port OC-48c/STM-16c Packet-over-SONET Enhanced Services line card and on a Cisco 12000 series 1-port OC-192c/STM-64 Packet-over-SONET Enhanced Services line card.
This symptom does not occur in Cisco IOS Release 12.0 ST.
Workaround: Enter the no ip unreachables interface configuration command on the interface to prevent the packet leakage. However, in this situation, ICMP unreachable packets are not sent back to the source when packets are dropped by the ACL.
•
Symptoms: The IP Source Tracker feature unexpectedly stops functioning on a line card, and packets for the source-tracked destination are not forwarded because the IP Source Tracker feature is stuck in the throttling mode.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 (E2) line card. To determine if the line card is in the above-mentioned condition, enable the debug line card hw-throttle command; if the following message recurs every two seconds—even when there is low CPU utilization—the IP Source Tracker feature is stuck in the throttling mode:
SLOT 0: GLC_HW: Disabled HW DOS throttling (CPU at 0%, sched skew: -1%)Workaround: Reload the line card.
•
Symptoms: Multiprotocol Label Switching (MPLS) class of service (CoS) may not function properly.
Conditions: This symptom is observed on a Cisco 12000 series when you use an 8-port OC-3 (8xOC-3) STM-1 ATM line card for incoming traffic and Engine 3 line cards for outgoing traffic.
Workaround: There is no workaround.
•
Symptoms: When you add a new Performance Routing Engine (PRE) to a Cisco 10000 series, the startup configuration may not be copied to the new PRE. Verify that the configuration exists by entering the dir sec- nvram: EXEC command or the dir standby-nvram: EXEC command, depending on the Cisco IOS software image that you are running.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround: Cut over to the new PRE, and save the configuration.
•
Symptoms: When you apply a combination of IP version 6 (IPv6), an access control list (ACL), and Sampled NetFlow to an interface on an Engine 4 plus line card, the line card may reload.
Conditions: This symptom is observed while IPv6 traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: When the Xconnect feature is used with Layer 2 Tunneling Protocol (L2TP), VLAN traffic passes even when the local VLAN subinterface has been shut down.
Conditions: This symptom is observed when traffic is sent into the VLAN.
Workaround: Shut down the main Ethernet interface.
•
Symptoms: An Engine 2 line card may reload continuously.
Conditions: This symptom is observed on a Cisco 12000 series when a router that is adjacent to the Cisco 12000 series is rebooted while Border Gateway Protocol (BGP) policy accounting is configured on the Engine 2 line card and traffic is flowing through the line card.
Workaround: There is no workaround. When this situation occurs, stop the traffic that is flowing through the Engine 2 line card until Cisco Express Forwarding (CEF) is loaded onto the line card.
•
Symptoms: Resource Reservation Protocol (RSVP) Hello detection may not trigger a Fast Reroute (FRR) switchover.
Conditions: This symptom is observed when you use RSVP Hello detection to enable Multiprotocol Label Switching traffic engineering (MPLS TE) FRR protection on shared interfaces.
Workaround: There is no workaround.
•
Symptoms: The output of the show controller optics EXEC command, which follows, may be incorrect:
========= Line Card (Slot 0) =========
Tx optical power in mWs or dBms
Tx power = -919484051.51 mW (degrade -432305983.58 percent)Conditions: This symptom is observed on the OC-192 line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: Traffic between a 6-port channelized T3 (CT3) line card and a 4-port Packet over SONET (POS) optical services module (OC-12c/STM-4) may be blocked after the ip policy route-map setprec1 interface configuration command is configured.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Remove the ip policy route-map setprec1 interface configuration command from the OC-12c/STM-4 optical services module.
•
Symptoms: Queuing features such as bandwidth, priority, and random-detect may not function, and packets may be dropped indiscriminately at the driver.
Conditions: This symptom is observed when a service policy is attached to a multilink interface. The multilink bundle fails to provide congestion notification to the queuing features.
Workaround: There is no workaround.
•
Symptoms: After the first member is removed from the port channel, any routing protocol (such as Open Shortest Path First [OSPF] Protocol) that is dependent on the multicast address may stop working through the remaining member interfaces of the port channel.
Conditions: This symptom is observed on a Cisco 7200 series or Cisco 7500 series that is running Cisco IOS Release 12.0(23)S.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the remaining member interfaces.
•
Symptoms: An IP version 6 (IPv6) automatic tunnel cannot be created.
Conditions: This symptom is observed on a Cisco 12000 series when you reload the router after you have enabled the tunnel mode ipv6ip auto- tunnel command and have saved the command in the startup configuration. The tunnel interface is not enabled for IPv6, and the routing table does not show the correct route nor a static route to the tunnel.
Workaround: Enter the no tunnel source type number interface configuration command followed by the tunnel source type number interface configuration command on the tunnel interface.
•
Symptoms: A router may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: Packets that are greater in size than the default maximum transmission unit (MTU) are dropped if the configured MTU is incremented and the packets are greater in size than the MTU that was originally configured.
Conditions: This symptom is observed on a Cisco 10000 series that is running Cisco IOS Release 12.0(23)S.
Workaround: Reload the router after the MTU is changed.
•
Symptoms: The Tag Forwarding Information Base (TFIB) entry for a Virtual Private Network (VPN) routing and forwarding (VRF) static recursive route that has Border Gateway Protocol (BGP) multipath may be lost.
Conditions: This symptom is observed after an outgoing interface is flapped.
Workaround: There is no workaround.
•
Symptoms: The standby Route Processor (RP) of a router may reload if a line card on the router is removed and reinserted back into the router.
Conditions: This symptom is observed with the standby RP of a Cisco 12000 series that is configured to operate in the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: Traffic may be punted to the CPU of a line card.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) is used in a setup in which one provider edge (PE) imposition line card is an Engine 4 plus (E4+) line card and the other PE imposition line card is an Engine 2 (E2) line card. This symptom is observed with Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: An Engine 0 (E0) line card Packet over SONET (POS) line card on a router may reload when it receives Multiprotocol Label Switching (MPLS) packets that have two tags that are destined for a local address on the router.
Conditions: This symptom is observed on an E0 POS line card of a Cisco 12000 series that is using Internet Engineering Task Force (IETF) Frame Relay encapsulation.
This symptom can be reproduced by creating a loopback interface on the router and placing that interface in a Virtual Private Network (VPN) routing and forwarding (VRF) instance. The E0 line card that is configured with Frame Relay encapsulation will reload when VRF pings are sent to the address of the interface. VRF pings that are sent to the provider edge (PE) to the customer edge (CE) link may also cause the line card to reload. This symptom is observed in Cisco IOS Release 12.0(21)ST and later releases.
Workaround: Use Cisco Frame Relay encapsulation instead of IETF Frame Relay encapsulation.
•
Symptoms: Line cards that support Stateful Switchover (SSO) may reset after an SSO occurs.
Conditions: This symptom is observed on line cards that have interfaces that are performing label swapping.
Workaround: There is no workaround.
•
Symptoms: A large number of error messages may cause the logger queue to be filled up. The system may pause indefinitely as console messages cannot be rate limited.
Conditions: This symptom is observed when the logging rate-limit console global configuration command is configured.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series Engine 2 Packet-over-SONET (POS) line card collects statistics for locally assigned Multiple Protocol Label Switching (MPLS) label entries, it may lose the outgoing label entries for the associated prefixes. All the prefixes show up as untagged, and it may be difficult or impossible to reach the prefixes.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 POS line card.
Workaround: To recover from the situation, reset the line card.
•
Symptoms: When you change a class queue from low latency queueing (LLQ) to non-LLQ, or the other way around, or when you simply remove and recreate a class queue, the queue of the next class disappears, as is displayed in the output of the show hardware pxf cpu queue interface privileged EXEC command.
Conditions: This symptom is observed on a Cisco 10000 series when you change or create a class queue using the no priority policy-map class configuration command followed by the priority policy-map class configuration command or using the no bandwidth policy-map class configuration command followed by the bandwidth policy-map class configuration command.
Workaround: There is no workaround.
•
Symptoms: An Autonomous System Border Router (ASBR) may reassign the same outlabel.
Conditions: This symptom is observed on an ASBR that is performing Virtual Private Network version 4 (VPNv4) label exchange. The Border Gateway Protocol (BGP) may continuously install Tag Forwarding Information Base (TFIB)-VPNv4 entries for some prefixes even though there are no changes for the incoming or outgoing tags for the prefixes.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) Quad OC-48 line card may not come up as expected.
Conditions: This symptom is observed on the E4+ Quad OC-48 line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A router may loop indefinitely when a Simple Network Management Protocol (SNMP) walk is performed against certain objects. The SNMP walk will not cycle if a specific interface is specified.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S6.
Workaround: Reload the router.
•
Symptoms: A router may reload after an IP version 6 (IPv6) address is configured.
Conditions: This symptom is observed on a Cisco 10720 that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: The Virtual Private Network (VPN) routing and forwarding (VRF) selection rule of the VRF selection feature may take a longer time than expected to work.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A spurious memory error may occur when the microcode of an Engine 3 (E3) 16-port OC-3 (16xOC-3) Packet over SONET (POS) line card is reloaded.
Conditions: This symptom is observed on the E3 16xOC-3 POS line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 4 plus line card may reload after a forced switchover.
Conditions: This symptom is observed when Stateful Switchover (SSO) is configured and the line card is switching multicast traffic.
Workaround: There is no workaround.
•
Symptoms: An input access control list (ACL) may not take effect.
Conditions: This symptom is observed on a Cisco 12000 series Engine 4 plus interface that has the VRF Selection feature enabled.
Workaround: There is no workaround.
•
Symptoms: Configuring the hw-module slot shutdown global configuration command in the startup configuration may cause a router to reload.
Conditions: This symptom is observed on a Cisco 10000 series when you attempt to boot from an eboot image.
Workaround: Do not configure the hw-module slot shutdown global configuration command in the startup configuration.
Alternate Workaround: Change the configuration register to "0x40" to ignore the configuration during the bootup process.
•
Symptoms: A destination interface may not have a value in the NetFlow cache (that is, the destination interface may be null), but it should have a value.
Conditions: This symptom is observed when the egress interface is on a Cisco 12000 series Engine 0 line card and a rate limit access list is applied to the egress interface. The rate limit access list may not cause packets to be dropped, but the destination interface is null in the NetFlow cache.
Workaround: Disable the rate limit on the output interface.
•
Symptoms: A memory leak may occur on a line card.
Conditions: This symptom is observed on the line card of a Cisco 12000 series after NetFlow is disabled on the last interface of a line card that has NetFlow enabled. This symptom is observed while there are more than 1900 flow records in the NetFlow cache of the line card.
Workaround: Keep NetFlow enabled on at least one interface on the line card.
•
Symptoms: An Engine 4 (E4) or Engine 4 plus (E4+) line card may reload.
Conditions: This symptom is observed on the E4 or E4+ line card of a Cisco 12000 series while the E4 or E4+ line card is switching multicast traffic.
Workaround: There is no workaround.
•
Symptoms: Pings can be sent to serial interfaces that have a global unicast IP version 6 (IPv6) address, but pings cannot be sent to the link local address of any of the interfaces.
Conditions: This symptom is observed when IPv6 is enabled on more than one serial interface on a Cisco router.
Workaround: There is no workaround.
•
Symptoms: Resource Reservation Protocol (RSVP) hello may incorrectly declare lost communications with a neighbor, and fast reroute may be triggered.
Conditions: This symptom is observed when RSVP is configured on a Packet over SONET (POS) interface with a hello interval of 60 milliseconds or less on a Cisco router that is running Cisco IOS Release 12.0(24)S. This symptom does not exist when hello is configured on an Ethernet interface.
Workaround: There is no workaround.
•
Symptoms: A router may forward prefixes that are learned via internal Border Gateway Protocol (iBGP) multipath incorrectly.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S, Release 12.1(5)T5, or Release 12.2 T.
Workaround: Enter the clear ip route vrf vrf-name {* | network [mask]} EXEC command.
•
Symptoms: When a fiber is removed from an active line card, Automatic Protection Switching (APS) switches all traffic to the protection line card as expected.
About 1 minute after the fibre is reconnected after it has been disconnected from the secondary line card, the T1 controllers go down with a far-end loss-of-frame alarm when the fiber is disconnected from the active secondary line card. The T1 controllers come back after the alarm soaking interval expires.
Conditions: This symptom is observed in a setup that has two Cisco 10000 series 4-port OC-3c (4x-OC3)/STM-1c ATM line cards that are operating in the APS mode in slots 7/0 and 8/0. The port 0 of each line card is connected to APS modules on a vendor-specific device.
Workaround: There is no workaround.
•
Symptoms: If a failover occurs after an interface has been shut down by entering the hw-module slot number shutdown EXEC command, the interface will come back up with the previous configuration when the no hw-module slot number shutdown EXEC command is entered. The configurations will be lost when the next failover occurs.
Conditions: This symptom is observed when an interface is disabled by entering the hw-module slot number shutdown EXEC command
Workaround: There is no workaround.
•
Symptoms: An Engine 2 (E2) line card may reload after it reboots.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S. The E2 line card is configured with 128 line input access control lists (ACLs), with Virtual Private Network (VPN), and has Frame Relay configured on one of the interfaces.
Workaround: There is no workaround.
•
Symptoms: The same Hot Standby Router Protocol (HSRP) standby IP address cannot be configured on different Virtual Private Network (VPN) routing and forwarding (VRF) instances.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Manual Layer 2 Tunneling Protocol (L2TP) version 3 tunnels fail when two or more tunnels are configured to different destination provider edge (PE) routers. All of the traffic that enters the tunnel is forwarded to the same PE regardless of the configured PE address.
This symptom is also observed when the user starts off with one manual tunnel configuration that points to a particular PE router and later changes the configuration to point to a different PE router. Assuming that PE router 1 (PE1) is the initial router to which the manual configuration points and PE router 2 (PE2) is the subsequent PE router to which the configuration is subsequently configured to point, traffic will be sent to PE1 even after the configuration has been altered to point to PE2.
Conditions: This symptom is observed when the user has more than one manual L2TP version 3 tunnel configured and when at least one of those tunnels is going to a different destination IP address than the other tunnels.
Workaround: Use negotiated L2TP sessions or enable keepalive processing on the manual L2TP version 3 tunnels.
•
Symptoms: Engine 2 (E2) or Engine 3 (E3) line cards may exhibit inconsistencies between the software Cisco Express Forwarding (CEF) and the hardware forwarding engine routing information.
Conditions: This symptom is observed when a routing update occurs after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on an interface.
For E2 line cards, the presence of this symptom can be verified by comparing the output of the show ip cef EXEC command with the output of the show ip psa-cef EXEC command. For E3 line cards, the presence of this symptom can be verified by comparing the output of the show ip cef EXEC command with the output of the show ip hardware-cef EXEC command.
Workaround: Reload the affected line card by entering the microcode reload [slot-number] global configuration command.
•
Symptoms: A standby Route Processor (RP) may reload repeatedly.
Conditions: This symptom is observed on the standby RP of a dual RP Stateful Switchover (SSO) system if a static route in the form of "10.10.10.10 255.255.255.255 ethernet 4/0/1" is configured on the primary RP. This behavior affects systems that are configured to operate in the SSO mode.
Workaround: There is no workaround.
•
Symptoms: Traceback messages may be observed on a router.
Conditions: This symptom is observed when the frame-relay map ip interface configuration command is configured on the 6-port channelized T3 line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) line card may drop all traffic.
Conditions: This symptom is observed on an E3 line card that is on the imposition side of an IP version 6 (IPv6) provider edge (PE) over Multiprotocol Label Switching (MPLS) router setup.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may reload when an online insertion and removal (OIR) is performed on both the standby RP and an 8-port high density ATM OC-12 line card.
Conditions: This symptom is observed when an RP of a Cisco 12000 series that is operating in the Stateful Switchover (SSO) mode.
Workaround: There is no workaround.
•
Symptoms: A 2-port Fast Ethernet port adapter (PA-2FE) that is used on a Cisco 7200 series router or on the Versatile Interface Processor (VIP) of a Cisco 7500 series router may become stuck. This symptom may also be observed on a Fast Ethernet interface that is used on the Cisco 7200 series 2-port 10/100 auto-sensing Fast Ethernet input/output controller (C7200-I/O-2FE/E).
When the PA-2FE port adapter is used on the VIP of a Cisco 7500 series router, the VIP may reload unexpectedly and display the following output when the show controllers vip slot-number logging EXEC command is entered:
00:34:32: RX FIFO was stuck - forced to reset MAC
00:34:34: RX FIFO was stuck - forced to reset MAC
00:34:37: RX FIFO was stuck - forced to reset MAC
00:34:43: %VIP-3-MVIP_CYBUSERROR_INTERRUPT: A Cybus Error occurred.
00:34:44:
CYASIC Error Interrupt register 0x2000000 DMA Receive Error
CYASIC Other Interrupt register 0x0
CYBUS Error Cmd/Addr 0x763AD80, CYBUS Error Data 0x0
MPUIntfc/PacketBus Error register 0x0When these symptoms occur, "RX FIFO was stuck - forced to reset MAC" log messages may be observed on a Cisco 7200 series router and in the log messages on the VIP of a Cisco 7500 series router.
Conditions: These symptoms are observed when Inter-Switch Link (ISL) and Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) are used on a PA-2FE port adapter or when a Fast Ethernet interface is used on the C7200-I/O-2FE/E controller when there is a high traffic rate.
Workaround: There is no workaround.
•
Symptoms: Broadcast Bootstrap Protocol (BootP) packets are still sent out on other interfaces after the ip address negotiated interface configuration command is configured on the Fast Ethernet interface of a Performance Routing Engine (PRE) while the Fast Ethernet interface of the PRE is in the shut down state.
Conditions: This symptom is observed when the ip address negotiated interface configuration command is configured on the Fast Ethernet interface of a PRE.
Workaround: Enter the no ip address negotiated interface configuration command on the Fast Ethernet interface of the PRE.
•
Symptoms: Packet drops may occur in the Cisco Express Forwarding (CEF) and distributed Cisco Express Forwarding (dCEF) paths after a router has been reloaded and a ping is sent (through the router) to the IP address of a directly connected customer edge (CE) router.
Conditions: This symptom is observed on a Cisco 7500 series router. The CE router in this configuration is connected to a Fast Ethernet Virtual Private Network (VPN) routing and forwarding (VRF) dot1q subinterface on a provider edge (PE) router that has the mpls netflow egress interface configuration command enabled.
Workaround: On the PE router, manually ping the IP address of the directly connected CE router and enable the relevant Address Resolution Protocol (ARP) entries to be populated.
First Alternate Workaround: Disable the mpls netflow egress interface configuration command on the subinterface.
Second Alternate Workaround: Add a static ARP entry for the VRF subinterface by entering the arp vrf ip mask mac arpa global configuration command.
Third Alternate Workaround: Enter the clear arp privileged EXEC command on the destination CE router.
•
Symptoms: Slow path forwarding on an Engine 3 line card of a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) may not function.
Conditions: This symptom is observed on a Cisco 12000 series that is functioning as a 6PE router and occurs because the 6PE disposition does not function for aggregate 6PE labels on the Engine 3 line card.
Workaround: There is no workaround.
•
A line card that is facing the core of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) may generate packet switch application-specific integrated circuit (ASIC) (PSA) error messages and may stop sending traffic to the core of the network. The following output may be observed when the show interface gigabit ethernet interface EXEC command is entered.
%LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C c md 5 data 0 pipe 0,fs 0,prep 0 (pc 1EC),pop 0 (pc 19F),plu 0,tlu 0,plu sdram 0 a dr 0 synd 0 check 4D00,tlu sdram 0 adr 0 synd 0 check 0,ssdram 0 adr 0,gather 0, pl 1822D92,plmuxcnts 61, pludefpsr 22000, plupsr 22000, pludsr 0Conditions: These symptoms are observed on a Cisco 12000 series 3-port Gigabit Ethernet line card when the line card flaps.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) that is in the "standby hot" state may reload after a switchover occurs.
Conditions: This symptom is observed when a switchover occurs on the standby RP of a Cisco 7500 series provider edge (PE) router that is operating in the Stateful Switchover (SSO) mode.
This symptom does not affect the Cisco 12000 series Internet router or Cisco 10000 series Internet Edge Services Router (ESR). This symptom does not affect the Cisco 7500 series if the Internal Gateway Protocol (IGP) is Open Shortest Path First (OSPF).
Workaround: There is no workaround.
•
Symptoms: It may not be possible to perform a self-ping or a back-to-back ping with linked-bundled Packet over SONET (POS) channels that are formed with certain line cards.
Conditions: This symptom is observed with link-bundled POS channels that are formed using the following line cards:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A dual Route Processor (RP) may not load with the correct image.
Conditions: This symptom is observed when advanced technology attachment (ATA) disks are used with a Cisco 12000 series that has a dual RP.
Workaround: Include the upgrade rom-monitor privileged EXEC command after the router boots up to ensure that the ROM monitor (ROMmon) is upgraded. After the ROMmon is upgraded, the boot system tftp global configuration command should be removed from the configuration. The removal of the boot system tftp global configuration command will ensure that the boot helper is not used.
•
Symptoms: The port channel MAC rewrite string has a zero value.
Conditions: This symptom is observed after a 3-port Gigabit Ethernet line card is reloaded.
Workaround: There is no workaround.
•
Symptoms: The Vanilla microcode bundle may remain loaded on an Engine 2 (E2) OC-48 Packet over SONET (POS) line card even though access control lists (ACLs) are configured for the line card.
Conditions: This symptom is observed on a Cisco 12000 series in an Inter-Autonomous System for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) in an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment.
Workaround: Reload the microcode on the E2 OC-48 POS line card.
•
Symptoms: When a SONET link is not stable, the following error messages may be generated on a 1-port OC-48 Port Packet-over-SONET (POS)/Synchronous Digital Hierarchy (SDH) IP Services Engine (ISE) line card:
SLOT 1: %EE48-3-GULF_RX_MOFIFO: Overflow detected. Corrective action taken.
SLOT 1: %EE48-3-GULF_RX_BYTE_TO_WORD: Out of synchronization, bitmap= 0xE. Corrective action taken.Conditions: This symptom is observed under rare circumstances on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S2.
Workaround: Reload the line card.
•
Symptoms: IP multicast routes (mroutes) may not be downloaded to some line cards when a router is reloaded. The show ip mroute EXEC command can be entered on the Route Processor (RP) and the show ip mds forwarding EXEC command can be entered on the line cards to verify if mroutes are missing from the line cards.
Conditions: This symptom is observed when hardware-assisted multicast forwarding is used on a line card and occurs only if two line cards are reloaded simultaneously.
Workaround: Enter the clear ip mroute EXEC command on the line card to clear this symptom.
•
Symptoms: Traffic does not resume after a Cisco 12000 series router has reloaded.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S in an IP version 6 (IPv6) environment and that is configured with Engine 3 line cards.
Workaround: There is no workaround.
•
Symptoms: The Performance Route Processor-1 (PRP-1) of a Cisco 12000 series may pause indefinitely after it reloads.
Conditions: This symptom is observed when the PRP-1 of a Cisco 12000 series reloads while a core dump is configured on the PRP-1.
Workaround: There is no workaround.
•
Symptoms: The following message may be displayed if the hw-module reset EXEC command is entered on a line card before the standby mode is completely up:
00:08:34: %GRP-3-BAD_FSM_LOOKUP: Invalid event E_REMEVSYNC_COMPL for card 3 state S_WAIT_IDB_UP phase ios-startupConditions: This symptom is observed on a Cisco 12000 series that has 2000 ATM subinterfaces, 200 Border Gateway Protocol (BGP) peers that are advertising 200,000 BGP routes and a dual Route Processor (RP) that is operating in the Route Processor Redundancy Plus (RPR+) mode.
Workaround: There is no workaround.
•
Symptoms: "Alpha" error messages may be observed on the ingress or egress interface of a Cisco 12000 series 4-port OC-12c/STM-4c Packet over SONET (POS) synchronous digital hierarchy IP services engine line card. The following messages may be displayed on the egress interface of the Cisco 12000 series 4-port OC-12c/STM-4c POS synchronous digital hierarchy IP services engine line card:
%EE48-3-ALPHAERRS: TX ALPHA: ALPHA_CPU_PIPELINE_CTRL_INT error 1 SLOT 2: %EE48-3-ALPHAPAIR: TX ALPHA: POP PAIRConditions: This symptom is observed if the shape, bandwidth, random detect, or priority value is configured and if both the set ip-dscp-value quality of service (QoS) policy map configuration command and the set mpls experimental policy map configuration command are disabled. This symptom is observed on a Cisco 12016 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)S or Release 12.0(21)ST2a.
Workaround: Remove the transmit (TX) service policy and use Per Interface Rate Control (PIRC) instead.
Additional Notes: The same symptom may occur when an error recovery is performed for hardware failures such as data path parity errors. The symptom under those circumstances would be a failed recovery. There is no workaround for the occurrence of this symptom when an error recovery is performed.
•
Symptoms: After a Stateful Switchover (SSO) cutover is performed on a Cisco 7500 series router whose incoming and outgoing interfaces are label-controlled ATM (LC-ATM) subinterfaces, it is possible for traffic to stop being passed through the router.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: Traceback messages may be displayed in the log file of a router.
Conditions: This symptom is observed on the OC-3 Packet over SONET (POS) line card of a Cisco 10000 series that is running Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: There may not be any label bindings on a Label Switch Router (LSR), but a Label Distribution Protocol (LDP) session may not be impaired.
Conditions: This symptom is observed when an LDP session flaps quickly.
Workaround: After you have brought down the LDP session, remove all label bindings, and bring the session up again.
•
Symptoms: Engine 4 (E4), Engine 4 Plus (E4+), Gigabit Ethernet, and Packet over SONET (POS) line cards on the transmit (TX) side may drop multicast packets. The multicast packets are meant to be fragmented by the TX slow path.
Conditions: This symptom is observed on any incoming receive (RX) line cards if the maximum transmission unit (MTU) of any outgoing interfaces is less than the size of the incoming packet. This symptom will not occur in the TX fast path or with nonfragmented packets.
Workaround: There is no workaround.
•
Symptoms: A network processor (NP) may be restarted, and the following message may be displayed if the shutdown interface configuration command followed by the no shutdown interface configuration command is entered repeatedly on a link:
complex_restart 00:21:39: T1 IHB Exception: watchdogConditions: This symptom is observed on a Cisco 10720 that has multiple Multiprotocol Label Switching (MPLS) paths to the destination.
Workaround: Do not flap the link.
•
Symptoms: A Line Remote Defect Indication (LRDI) alarm is not reported when an automatic protection switching (APS) cutover occurs.
Conditions: This symptom is observed on a 4-port channelized STM-1 line card that is configured with APS.
Workaround: There is no workaround.
Further Problem Description: Whenever an APS cutover occurs because of line quality issues, the receiving side must send an LRDI status so that the far end is aware of the state of the transmission line.
•
Symptoms: Multiple interfaces may have the same MAC address. This behavior may cause traffic on a line card to be dropped after it is directed to an incorrect interface.
Conditions: This symptom is observed when a new port adapter is added to a line card.
Workaround: Reload the router.
•
Symptoms: Virtual Router Redundancy Protocol (VRRP), Hot Standby Routing Protocol (HSRP), and other applications may not work as expected.
Conditions: This symptom is observed on an Ethernet line card after either an online insertion and removal (OIR) or a microcode reload procedure is performed.
Workaround: There is no workaround.
•
Symptoms: Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) Protocol adjacencies may be incomplete.
Conditions: This symptom is observed on a Cisco router after it loaded with Cisco IOS Release 12.0(21)ST5. This symptom may affect connectivity across Engine 2 (E2) interfaces.
Workaround: There is no workaround.
•
Symptoms: A provider edge (PE) router may fail to bind a label for a flapped route.
Conditions: This symptom is observed on a PE router after a route is flapped and has recovered. Enter the no mpls ip global configuration command followed by the mpls ip global configuration to recover from this symptom.
Workaround: There is no workaround.
•
Symptoms: When a 3-port Gigabyte Ethernet (GigE) line card is the imposition card and parallel links face the core, the GigE line card does not load share the traffic between the 2 links.
Conditions: This symptom is observed a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) setup. The traffic will flow on one of the links.
Workaround: There is no workaround.
•
Symptoms: An ingress line card may reload after the no shutdown interface configuration command is entered on the line card while traffic is present.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) tunnel HEAD that has a 1-port edge service (ES) Packet Over SONET (POS) OC-192c/STM-64 line card configured on both the ingress and egress line cards.
Workaround: Stop traffic and enable the tunnel.
•
Symptoms: Multilink adjacencies may show up as invalid.
Conditions: This symptom is observed on the Engine 3 (E3) Quad OC-12 line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S3. It may not be possible to clear this symptom by entering the clear cef line EXEC command or by reloading the microcode on the line card.
Workaround: There is no workaround.
•
Symptoms: A line card may reload after a software upgrade.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router after the router is upgraded to Cisco IOS Release 12.0(24)S.
Workaround: Remove the service upgrade all global configuration command from the configuration.
•
Symptoms: If a 128-line input access control list (ACL) is removed from an Engine 2 line card interface that is configured for Virtual Private Network (VPN) and has point-to-point (PPP) encapsulation, traffic will not go through the line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: Perform micro reload on the line card.
•
Symptoms: An Engine 3 (E3) 4-port OC-12 (4xOC-12) or E3 OC-48 Packet over SONET (POS) line card may reload and generate traceback messages.
Conditions: This symptom is observed when the gsr-p-mz image of Cisco IOS Release 12.0(24)S is loaded on a Cisco 12406 router in an Inter-Autonomous System Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) of an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment. The E3 4xOC-12 line card may be operating either in the channelized mode or the POS mode.
Workaround: No workaround is necessary because the line cards will recover without user intervention.
•
Symptoms: A Cisco 12000 series may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Gigabit Route Processors (GRPs) and that is operating in the Route Processor Redundancy (RPR) mode. This symptom is observed after the Cisco 12000 series is upgraded to Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: The configuration of commands may cause additional memory to be held by an execute process.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(18)S3 or Release 12.0(21)S5. This symptom is not observed when Cisco IOS Release 12.0(23)S is used.
Workaround: If the execute process belongs to a terminal session or a console session, terminate the execute session by entering the exit command.
•
Symptoms: A Cisco 10000 series may not be able to match incoming and outgoing packets that are defined by the access list in the configuration.
Conditions: This symptom is observed when the "deny" option of an access control list (ACL) is configured on a Cisco 10000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: Ingress multicast packets on engine line cards may be sent to incorrect local output queues (LOQs).
Conditions: This symptom is observed after an input service policy that is defined for multicast packets by the rx-cos-slot global configuration command is removed from a slot.
Workaround: Configure and apply an empty service policy to the slot.
•
Symptoms: A line card may reload.
Conditions: This symptom is observed when an access control list (ACL) is applied to multiple interfaces and the insertion of an ACL into ternary content addressable memory (TCAM) fails. The line card may reload if a new ACL is added or if the existing ACL on the line card is replaced repeatedly.
Workaround: Remove the old ACL from the interface before applying the new ACL.
•
Symptoms: Entries in Alpha Cisco Express Forwarding (CEF) in Engine 3 are corrupted for tunnel destination loopback address when the egress line card is E3 and the tunnels are load-balanced.
Conditions: This symptom occurs with the one-hop tunnel. If the ingress and egress line cards or some other card and E3 are also there, the entries in packet switch ASIC (PSA) are also corrupted.
Workaround: There is no workaround.
•
Symptoms: A line card may reload.
Conditions: This symptom is observed on a 12000 series Internet Services Engine (ISE) line card when the show ip alpha-cef EXEC or the show ip hardware-cef EXEC command is entered on the line card immediately after a single-hop tunnel is switched to a multihop tunnel.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload.
Conditions: This symptom is observed on the 4-port OC-12 (4xOC12) ATM line card of a Cisco 12000 series after the no shutdown interface configuration command is entered on the 4xOC12 ATM line card.
Workaround: Disable IP Protocol Independent Multicast (PIM) Sparse Mode (SM) on the ATM interface.
•
Symptoms: Multiprotocol Label Switching (MPLS) traffic engineering (TE) may not synchronize with a standby Route Processor (RP), and when a switchover occurs, MPLS TE functions may be lost.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured for redundancy.
Workaround: If the active RP has MPLS IP or MPLS TE tunnels enabled but the standby RP does not, configure the following sequence of commands either in global configuration mode or in interface configuration mode on the active RP:
no mpls ip
mpls ip
no mpls traffic-eng
mpls traffic-eng•
Symptoms: Incorrect hardware entries may be observed on a router.
Conditions: This symptom is observed under rare circumstances when the number of links between provider edge and provider (PE-P) routers are changed while load balancing is in progress.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Virtual Private Network (VPN) routing and forwarding (VRF) Carrier Supporting Carrier (CSC) interface.
•
Symptoms: A Forwarding Information Base (FIB) on a line card is disabled after an online insertion and removal (OIR) is performed on the primary Carrier Supporting Carrier (CSC) interface by entering the hw-module shutdown EXEC command followed by the no hw-module shutdown EXEC command.
Conditions: This symptom is observed on the 4-port OC-3 (4xOC-3) Packet over SONET (POS) line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A line card may show a decrease in performance.
Conditions: This symptom is observed on an OC-192 or QOC-48 line card that has two tag impositions (a traffic engineering [TE] tunnel head and a basic tag). A performance degradation of 12.4 Mpps is observed for a 6-byte IP packet when the optimal performance rate should be 14.79 Mpps.
Workaround: There is no workaround.
•
Symptoms: A port adapter may accept packets that have incorrect VLAN identifications (IDs). The port adapters may attempt to switch the packets even when there are no VLANs configured on the port adapters.
Conditions: This symptom is observed on a 1-port Gigabit Ethernet port adapter or an 8-port Fast Ethernet port adapter of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Configure a dummy VLAN on the port.
•
Symptoms: A line card may pause indefinitely after an online insertion and removal (OIR) is performed or the router on which the line card is installed is reloaded.
Conditions: This symptom is observed on the line card of a Cisco 12000 series only when the Cisco 12000 series has a secondary Route Processor (RP).
Workaround: Reload the router or remove the secondary RP.
•
Symptoms: The forwarding state change of a multicast route on a line card may affect the fast path forwarding state of another multicast route. This behavior may cause the latter route to be punted to the CPU of the line card and lead to a high CPU utilization condition.
Conditions: This symptom is observed on the 2-port OC-48 (2xOC-48) Spatial Reuse Protocol (SRP) line card of a Cisco 12400 series.
Workaround: Enter the clear ip mroute * EXEC command on the router to refresh the forwarding states of all multicast routes.
•
Symptoms: After an Engine 4 (E4) line card is reloaded, the line card may not forward updated hardware tag information to load balanced egress paths.
Conditions: This symptom is observed after an E4 line card is reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on any of the egress ports of the load balanced interface to correct the discrepancies in the hardware tables.
•
Symptoms: The ip access-group command does not work on a port channel interface.
Conditions: This symptom is observed in Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 image may time out and fail to load via TFTP.
Conditions: This symptom is observed when a Cisco 12000 boot loader image is used to load the main Cisco IOS software image via TFTP. This symptom occurs because the boot loader image uses "00:00:00:00:00:00" as the MAC address for Ethernet 0. This symptom is observed in Cisco IOS Releases 12.0(20)S, 12.0(20)ST, and later releases.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) to traffic engineering (TE) performance may degrade from 20 Mpps to 12.3 Mpps.
Conditions: This symptom is observed after a Cisco router is upgraded from Cisco IOS Release 12.0(22)S to Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may reload.
Conditions: This symptom is observed on the standby RP of a dual RP Cisco 12000 series router when a line card on the Cisco 12000 series or a neighboring router is reloaded. This symptom occurs when a line card has a large number of encapsulation entries (3000 entries).
Workaround: There is no workaround.
•
Symptoms: The input counters on a line card may display erroneously large values even when there is no traffic.
Conditions: This symptom is observed on Engine 2 (E2) ATM line cards such as the 8-port OC-3 ATM line card (8xOC3) or the 4-port OC-12 (4xOC12) ATM line card.
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on a Cisco 12000 series Engine 2 line card that is configured for sampled NetFlow and that is switching unicast traffic, or the line card may reload.
Conditions: This symptom is observed when there is a change in the configuration, for example, when a switchover occurs or a link flaps, or when you remove the tag-switching ip interface configuration command from the egress interface.
Workaround: Remove sampled NetFlow from the configuration.
•
Symptoms: An Engine 4 plus line card that is installed in a Cisco 12400 series may be reset by the Route Processor (RP) because of interprocess communication (IPC) failures. The following errors may be displayed:
%CPUIF-3-NO_MEM: sendreq_freeq is NULL.
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 148 to LC in slot 3 with sequence 58638, error = timeout
%FIB-3-FIBDISABLE: Fatal error, slot 3: IPC Failure: timeout
%GRP-4-RSTSLOT: Resetting the card in the slot: 3,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE ]Conditions: These symptoms are observed when route flapping occurs; route flapping may generate a high volume of IPC traffic.
Workaround: There is no workaround.
•
Symptoms: Line cards on a Carrier Supporting Carrier-provider edge (CSC-PE) router setup may reset.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S. This symptom is observed when a microcode reload is performed on the QOC-12 E2 line card that interconnects the CSC-PE router and the Carrier Supporting Carrier-provider (CSC-P) router.
Workaround: There is no workaround.
•
Symptoms: Switch fabric cards (SFCs) may fail on a Cisco 12410 router.
Conditions: This symptom is observed when there is an upgrade to a Cisco IOS release.
Workaround: There is no workaround.
•
Symptoms: Packet or byte counters may not be accurate.
Conditions: This symptom is observed when a parity error occurs on a Cisco 12000 series Engine 4 or Engine 4 plus line card.
Workaround: There is no workaround.
•
Symptoms: A router may reload while it is booting up if a different line card is installed in place of a 4-port channelized OC-3 (4xOC-3) line card in an even slot.
Conditions: This symptom can be reproduced by performing the following steps:
a.
b.
c.
d.
e.
Workaround: The following steps may prevent the router from reloading:
a.
b.
c.
d.
•
Symptoms: When you enable NetFlow after you have configured distributed switching, and traffic passes, a Versatile Interface Processor (VIP) may reload.
Conditions: This symptom is observed on a Cisco 7500 series router that functions in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) environment.
Workaround: There is no workaround.
•
Symptoms: The append modifier does not append data to named files on Advanced Technology Attachment (ATA) devices, and the original contents of the named file remains unchanged.
Conditions: This symptom affects Cisco IOS releases that have the fix for CSCdz27200.
Workaround: There is no workaround.
•
Symptoms: After an application-specific integrated circuit (ASIC) is reset because of error recovery, the port and fetch descriptors do not function as expected. This behavior may prevent features such as IP version 6 (IPv6) from working properly.
Conditions: This symptom is observed on the line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Reset the line card.
•
Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.
Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml
•
Symptoms: After a Performance Routing Engine 1 (PRE1) cutover in Route Processing Redundancy Plus (RPR+) mode in a Stateful Switchover (SSO) image, no virtual circuit (VC) is recovered.
Conditions: This symptom is observed when the high availability (HA) configuration mode is changed to RPR+ mode from the default SSO mode in an SSO image and when the HA cutover is completed.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet Engine 2 line card may reload after an online insertion and removal (OIR) has occurred.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload during bootup.
Conditions: This symptom occurs while Multicast VPNS are configured on the router.
Workaround: There is no workaround.
•
Symptoms: Interfaces that are configured on the 8xOC-3 Engine 2 line card or on the 16xOC-3 Engine 2 line card may not recover from a down/down state.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: The output of the "ROM Bootstrap" section of the show version EXEC command may display an unexpected format; lines may be missing for the ROM monitor (ROMmon) and the fabric downloader.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a route that is learned via Intermediate System-to-Intermediate System (IS-IS) IP version 6 (IPv6) has more than eight equal-cost paths.
Conditions: This symptom is observed when more than eight equal-cost links are configured between two IS-IS IPv6 routers. Depending on the network topology, the symptom may also occur when there are less than eight equal-cost links between an IS-IS IPv6 router and its neighbors.
Workaround: Ensure that there are less than eight equal-cost links configured between two IS-IS IPv6 routers.
•
Symptoms: Tag forwarding counters may no longer function when parity errors occur on an Engine 4 plus line card.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptom: Intermittent connectivity on a shared media interface flap shows 50% or less success rate.
Conditions: This symptom was observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: Issue the clear ipv6 neighbors command on the routers with the shared media interfaces.
•
Symptoms: A Cisco 7200 series or Cisco 7500 series router may reload because a packet is not cleaned up properly.
Conditions: This symptom is observed under rare circumstances when the Cisco 7200 series or Cisco 7500 series router is configured for Multiprotocol Label Switching (MPLS) through a 1-port Gigabit Ethernet port adapter (PA-GE) or an Enhanced Gigabit Ethernet Interface Processor (GEIP+).
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses may occur during the bootup process of a Cisco 7200 series router, or the router may reload during the bootup process.
Conditions: This symptom is observed on a Cisco 7200 series router that is configured with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) configured in T1 mode and that is configured with a 2-port multichannel T1 port adapter (PA-MC-2T1), a 4-port multichannel T1 port adapter (PA-MC-4T1), or an 8-port multichannel T1 port adapter (PA-MC-8T1).
Workaround: There is no workaround.
•
Symptoms: A router may reload when a microcode reload is performed.
Conditions: This symptom is observed when the enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) of a Cisco 7500 series that is configured as either a T1 or an E1 port adapter is replaced by another port adapter.
Workaround: There is no workaround.
•
Symptoms: Traffic that is sent from an Engine 3 line card over the switch fabric to Multilink PPP (MLP) bundles that are configured on a 2-port channelized OC-3/STM-1 (DS1/E1) line card drops.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S2 or Release 12.0(22.3)S and that is configured with a 4-port IP Service Engine (ISE) OC-12c/STM-42 Packet-over- SONET line card and a 2-port channelized OC-3/STM-1 (DS1/E1) line card.
Workaround: There is no workaround.
•
Symptoms: When you configure an IP version 6 (IPv6) access list to match Encapsulated Security Payload (esp) or Authentication Header Protocol (AHP) protocol literal values, the access list appears to be configured to match IPv6 only.
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series IP Service Engine (ISE) line card reloads when you exceed the hardware limitation during the configuration of an access control list (ACL).
Conditions: This symptom is observed after you have first attached the ACL to several Frame Relay subinterfaces.
Workaround: First configure the ACL, and then attach it to the subinterfaces.
•
Symptom: A router may reload while applying an Access Control List (ACL) to forwarded traffic via the ipv6 traffic-filter interface configuration command.
Conditions: This symptom is observed when you enter illegal syntax in the submode of the ipv6 access-list global configuration command.
Workaround: Do not enter illegal syntax in the submode of the ipv6 access-list global configuration command.
•
Symptoms: Web Cache Communication Protocol (WCCP) does not function properly when Cisco Express Forwarding (CEF) is enabled. Bypass packets from the cache engine are dropped instead of being forwarded.
Conditions: This symptom is observed when both WCCP and CEF are enabled.
Workaround: Disable CEF on the router, and rely on IP fast switching.
•
Symptoms: Leaks may be observed for some Virtual Private Network (VPN) routing and forwarding (VRF) routes in the global Forwarding Information Base (FIB) table when a VRF is deleted and recreated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S or Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: Virtual Private Network routing and forwarding (VRF) does not function properly on a Frame Relay link between a provider edge (PE) router and a customer edge (CE) router, and the CE router cannot ping the PE router.
Conditions: These symptoms are observed on a Frame Relay link between a Cisco 10000 series router that is functioning as a PE router and another Cisco 10000 series router that is functioning as a CE router.
Workaround: Reload the PE router to make the link between the PE router and the CE router function.
•
Symptoms: A Cisco 12000 series Internet router may reload when loading a configuration with 1000 frame-relay sub-interfaces and 2000 IPv6 static routes.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that has a 16 Port IP Services Engine (ISE) Packet Over SONET OC-3c/STM-1 line card that is configured with 1000 frame-relay sub-interfaces and 2000 static routes. This symptom is observed in Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround
TCP/IP Host-Mode Services
•
Symptoms: A data-link switching (DLSw) peer may pause indefinitely in the AB_PEND state and a TCP session may pause indefinitely in the SYNSENT state.
Conditions: This symptom is observed after an IP outage occurs between two DLSw routers.
Workaround: Enter the show tcp brief EXEC command to determine the Transmission Control Block (TCB) of the TCP session that has paused indefinitely. Enter the clear tcp tcb address privileged EXEC command to clear the TCB of the TCP session that has paused indefinitely. The DLSw peers will reconnect as long as there is IP connectivity between the DLSw peers.
•
Symptoms: A Telnet session from a terminal over a vty connection to a Cisco 7206VXR router may pause indefinitely.
Conditions: This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.2(4)XZ5, that is configured with a Network Processing Engine 300 (NPE-300), and that is functioning as a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) provider edge (PE) router when large text displays are dumped on the screen of the terminal.
The symptom is caused by a corrupt TCP Telnet packet that is generated by the router.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7500 series router may, upon reboot, have the VIP2-40 unexpectedly reload with an arithmetic exception or sig-5 error.
Conditions: This symptom was observed on a Cisco 7500 series router that is upgrading from Cisco IOS Release 12.0(12) to Cisco IOS Release 12.1(8.1b). This problem occurred on two separate routers. Both routers were Cisco 7513 routers with RSP4s and VIP2-40 with 8-port serial cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router may reload at a packet enqueue utility.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S when all of the following conditions are met:
–
–
–
–
Workaround: Avoid the situation in which all of the above-mentioned conditions take place concurrently. For example, when an FR link is configured on a VIP interface and you require traffic shaping, use distributed FRTS, or unconfigure FRTS while user traffic is low so as not to activate the shaping function.
•
Symptoms: Alignment errors may occur on a Route Switch Processor (RSP) when IP packets that are destined for the RSP are processed, and the following error message is generated:
%ALIGN-3-CORRECT: Alignment correction made at 0x6054B844 reading 0x63354DD6The alignment errors do not affect the functionality of the RSP.
Conditions: This symptom is observed on an RSP that is installed in a Cisco 7500 series router that is running Cisco IOS Release 12.2(12.6)T or a later release when the RSP receives Layer 2 Tunneling Protocol (L2TP) or Layer 2 Forwarding (L2F) control packets on an Ethernet interface that has the encapsulation isl subinterface configuration command enabled.
Workaround: Do not enable the encapsulation isl subinterface configuration command.
•
Symptoms: Disabling the frame-relay interface-dlci interface configuration command on an interface while traffic is passing through a permanent virtual circuit (PVC) on the same interface may cause a router to reload.
Conditions: This symptom is observed only on a Cisco 7200 series router.
Workaround: Disable IP fast switching.
•
Symptoms: Virtual Private Network (VPN) routing and forwarding (VRF) may not function on a High-Speed Serial Interface (HSSI) port adapter.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: Remove and reconfigure the affected subinterface on the HSSI port adapter.
Posted: Fri Dec 14 17:23:11 PST 2007
All contents are Copyright © 1992--2007 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
