Cross-Platform Release Notes for Cisco IOS Release 12.0 S, Part 6: Caveats for 12.0(6)S through 12.0(23)S6

Cisco IOS Release 12.0(23)S6 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S6 but may be open in previous Cisco IOS releases.

Basic System Services

Symptoms: A Cisco router or switch may reload when it attempts to read the ifIndex information from an NVRAM file during the bootup process.

Symptoms: Executing the tftp-server slaveslot0: global configuration command, or any configuration commands related to tftp-server being set to access flash devices on the slave, will cause the slave to reload.

Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(23)S5 but is not platform dependent.

Workaround: Configure the tftp-server to access flash devices on the master route switch processor (RSP) only.

Interfaces and Bridging

Symptoms: Interfaces may not be created when a channel group is configured on a Cisco 7500 series or a Cisco 7600 series.

Conditions: This symptom is observed only if channel groups are created on an 8-port multichannel T1 port adapter (PA-MC-8T1) and the PA-MC-8T1 is replaced with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) by performing an online insertion and removal (OIR). After the port adapters are switched, the channel-group configuration on the PA-MC-8TE1+ does not work as expected.

Workaround: Remove the channel-group configuration on a port adapter before performing an OIR and replacing the port adapter with another port adapter.

IP Routing Protocols

Symptoms: A Cisco router that is configured with IP multicast may reload because of a bus error.

Conditions: This symptom is observed when a router sends (S,G) R join overrides to a neighbor, and the neighbor times out because of link flaps or because of another reason. The symptom is caused by a timing difficulty and is most likely to occur when you enter the ip pim spt-threshold infinity global configuration command on all routers in the network.

For a list of the affected releases, go to the following location: http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds31596. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: Delete the ip pim spt-threshold infinity global configuration command from all routers in the network to minimize the occurrence of the symptom.

Symptoms: A retransmission counter may not be reset when a neighbor is terminated.

Conditions: This symptom is observed on a Cisco platform that is running Open Shortest Path First (OSPF) when the retransmission limit default (12 or 24) is added to the retransmission mechanism.

Workaround: Clear the OSPF process by entering the clear ip ospf process pid privileged EXEC command. Then, enter the limit retransmissions non-dc disable router configuration command.

Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.

Condition: This symptom is observed on a Cisco router that receives excessive multicast control traffic.

Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.

Symptoms: A Cisco router may reload unexpectedly when you manually reload the router.

Conditions: This symptom is observed when Open Shortest Path First (OSPF) LSAs are being "maxaged" while you manually reload the router. This situation may occur because of a fluctuating network and is an extreme corner case that cannot be reproduced on demand. The symptom is very unlikely to occur.

Miscellaneous

Conditions: This symptom is observed if the shutdown interface command followed by the no shutdown interface configuration command is issued on the next hop router on a Cisco router that has Multiprotocol Label Switching (MPLS) enabled.

Workaround: A clear ip route for the affected prefix would take down all the paths and ensure that they are rebuilt and hence reresolved. Also the problem does not arise if a shutdown is not performed.

Symptoms: A software-forced reload may occur due to an I/O memory corruption and redzone overrun.

Conditions: This symptom is observed on a Cisco 7200VXR or VIPs with the following Port Adaptors installed: PA-MC-2T1, PA-MC-4T1, PA-MC-8T1, PA-MC-8DSX1, PA-MC-2E1,PA-MC-8E1, PA-MCX-4TE1,PA-MCX-8TE1, PA-MCX-8TE1+, PA-MC-8TE1+.

Symptoms: A Cisco router may reload if the show ip access- list access-list-name command is performed on an existing reflexive access-list.

Conditions: This symptom is observed on a Cisco 3620 router that is running Cisco IOS Release 12.3(13).

Symptoms: After applying the maximum of 32 Committed Access Rate (CAR) rules and removing them, subsequent attempts to add any new input CAR (iCAR) rules may not be applied, and the router may generate an error message.

Conditions: This symptom is observed on a Cisco 12000 series Engine (E4) Packet-over-SONET (POS) line card.

Symptoms: A Performance Route Processor (PRP) may reload after the following error message is displayed:

Conditions: This symptom is observed on a Cisco 12000 series on which a defective 1-port OC-192 Packet-over-SONET (POS) Enhanced Services (ES) Engine line card is installed. The symptom occurs because error recovery does not function properly.

Symptoms: Distributed Cisco Express Forwarding (DCEF) may become disabled on a Versatile Interface Processor (VIP) or Cisco 12000 series line card (LC), and the following error message may appear on the console:

%FIB-3-FIBDISABLE: Fatal error, slot 12: Window did not open, LC to RP IPC is non-operationa

Conditions: This symptom is observed on a Cisco 7500 series VIP2-50 and VIP4- 80 in which ATM OC-3 port adapters such as the PA-A1-OC3 or PA-A3-OC3 are installed when the Cisco 7500 series is upgraded to Cisco IOS Release 12.0(24) S or Release 12.0(24)S1. This symptom is also observed on a Cisco 12000 series LC during significant, prolonged routing table churn.

Workaround: Reload CEF on the VIP or LC by entering the clear cef linecard slot-number EXEC command.

Alternate Workaround: Restart the VIP by performing an online insertion and removal (OIR). Restart the LC by executing the hw-module slot slot # reload command.

Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.

Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.

Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.

Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.

Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.

Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.

The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.

More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.

Symptoms: Cisco Express Forwarding (CEF) interface tables may become corrupted on a Cisco 12000 series line card, causing traffic to be dropped and the following error message to be logged by the affected line card:

This situation may cause some or all of the CEF interface information to be removed from the affected line card, which you can verify in the output of the show cef interface EXEC command for the affected line card.

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S when a series of clear cef linecard EXEC commands are executed in quick succession.

Workaround: Enter the clear cef linecard EXEC command just once for the affected line card.

Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.

Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.

Symptoms: An interface may not transmit traffic because the output may be stuck. When this symptom occurs, the console of the Route Switch Processor 4 (RSP4) may display the following error messages:

%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/2:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/1:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/3:15, TEI0 changed to down %RSP-3-RESTART: interface Serial1/0/0:15, not transmitting

Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1(19)E1 when the compress stac caim interface configuration command is configured on the interface. The symptom may also occur in other releases.

Workaround: Remove the compress stac caim interface configuration command from the interface.

Symptom: A Cbus Complex may occur and the packet memory may be recarved, causing a temporary disruption in service.

Conditions: This symptom is observed on a Cisco 7500 series when you install an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) or an enhanced 2-port T1/E1 high-capacity port adapter (PA-VXC-2TE1+) and when you configure the port adapter via the command-line interface (CLI) for E1 or T1.

Workaround: There is no workaround. Try to install the port adapter during a maintenance window.

Symptoms: A Frame Relay interface line protocol and/or routing protocol states continually go down.

Conditions: The problem occurs on Frame Relay interfaces of 512 Kbps or lower bandwidth with a service-policy output command referring to a policy map that contains the priority command, whenever the interface is congested for more than 30 seconds with packets larger than 512 bytes.

Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.

Symptoms: An Engine 4+ (E4+) Gigabit Ethernet (GE) line card in a Cisco 12000 series that is running Cisco IOS Release 12.0(26)S may reload and display one of the following sets of error messages:

2. %FIB-3-FIBDISABLE: Fatal error, slot #: IPC Failure: timeout %CPUIF-3-NO_MEM: sendreq_freeq is NULL.

Conditions: This symptom occurs when the line card receives a bad IP packet whose actual length does not match what the IP header indicates.

%FABRIC-0-OPERATIONAL: Fabric handling failed: Unknown eventreceived by the fab process %SCHED-3-THRASHING: Process thrashing on watched boolean �FIA queyr�.

Conditions: This symptom is observed on a Cisco 12410 series Internet router that has an 8xOC3 ATM Engine 3 line card and a 4xOC12 POS Engine 3 line card that is configured with 150 VPN routing/forwarding (VRF) interfaces. The router is running Cisco IOS Release 12.0(23)S4.

Symptoms: An interface may have an ifIndex value of 4294967295 (-1) and some interfaces may not be in the ifTable.

Conditions: This symptom is observed when a system is in Stateful Switchover (SSO) mode and then is configured to change the redundancy mode to Route Processor Redundancy Plus (RPR+). The standby Performance Routing Engine (PRE) then restarts. If new interfaces are added to the system (the ifTable) at this point and the primary PRE is not reloaded, the symptom occurs.

Symptoms: The following message is observed after executing shutdown subinterface of ATM:

Conditions: This symptom is observed on a Cisco 10008 Internet router that is running the Cisco IOS image c10k-p10-mz.120-23.S3b under the following conditions:

2. ATM interface: initializing/down with no LC and pvc configuration on subinterface.

This error message can be observed when executing no shut/shut subinterface in the above conditions.

Further Problem Description: When main ATM interface is down (could be either admindown or down), create a point-to-point atm subinterface with vbr-nrt vc in shutdown state. Then deleting pvc underneath the atm subinterface, or deleting the atm subinterface itself, can cause the losing of bandwidth on ATM interface.

Symptoms: Two interfaces may have the same Cisco Express Forwarding (CEF) interface description block (IDB) when the following configuration sequence occurs:

Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S or Release 12.2 S.

Symptoms: When a Cisco IOS software image runs on a standby Performance Routing Engine (PRE) together with an older version of Cisco IOS software that runs on the primary PRE, the following error message may appear on the standby router:

%IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP: Cannot find IDB index table entry: "", 79

After a switchover from the primary PRE to the standby PRE occurs, the interfaces for which the above error messages appear may not be able to send or receive packets.

Conditions: This symptom is observed on a Cisco 10000 series during a Fast Software Upgrade (FSU) operation.

Symptoms: A line card may experience high CPU usage, and report alignment and spurious memory access error messages.

Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router.

Symptoms: A service policy may not attach to an interface. When you enter the show policy-map interface EXEC command, the output displays all counters at 0.

Conditions: This symptom is observed on a Cisco router when a policy map is configured on an IP Services Engine (ISE) line card for the Cisco 12000 series router with policing set to less than 64 kbps, and the Cisco IOS software is being upgraded from a release prior to 12.0(26)S up to Cisco IOS Release 12.0(26)S.

Workaround: Make sure that the policing rate is larger than 64 kbps. The service policy may then be attached to the interface.

Conditions: This symptom is observed on a Cisco 12000 series router after a service policy is enabled.

Symptoms: An Engine 4 Plus (E4+) Gigabit Ethernet (GE) or Fast Ethernet (FE) line card that is configured with Any Transport over MPLS (AToM) may fail.

Conditions: This symptom is observed on an E4+ GE or FE line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S as soon as a soft online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC).

Symptoms: The link LED light of a Gigabit Ethernet (GE) line card on a Cisco 12000 series does not light if the port is shut down and brought back up (i.e., shutdown).

Conditions: This symptom is observed on a Cisco 12000 series when the no negotiation auto interface configuration command is entered on the router.

Symptoms: During installation of a router on an OC-48 DPT/RPR ring, the ring became unstable, and 5 Cisco 12000 series routers reloaded, one reloading twice.

Conditions: This symptom is observed on a mix of Cisco 12016 routers and Cisco 12416 routers that are running Cisco IOS Release 12.0(23)S3 3DES software.

Symptoms: The deletion of an ATM subinterface may occasionally cause a secondary Performance Routing Engine (PRE) to reload.

Conditions: This symptom is observed on a Cisco 10000 series that has two PREs that are configured for high availability.

Workaround: There is no workaround. However, the symptom does not affect performance. The primary PRE continues to forward traffic. The secondary PRE will reload if it is configured to do so.

Symptoms: A failure of an active Route Processor (RP) may cause the standby RP to fail also.

Symptoms: On a Cisco router that is configured with LLQ, there is queueing on the real time queue.

Conditions: This symptom is observed on a Cisco 10000 ESR that is configured with LLQ.

Symptoms: On Engine 2 (E2) n-port OC3 line cards for the Cisco 12000 series router, the pos delay triggers path router configuration command does not implement the specified delay. This results in the link being brought down for Path Alarm Indication Signal (PAIS) or Path Remote Defect Indication (PRDI) defects whose duration is smaller than the specified delay time.

Conditions: This symptom is observed in all releases of Cisco IOS Release 12.0 ST and in all releases of 12.0 S beginning with Release 12.0(22)S.

Symptoms: A 6-port CT3 line card crashed due to a Cache Parity Exception. The router will not reload.

Conditions: This symptom occurs on a Cisco 12000 series router that is running Cisco IOS Release 12.0(23)S3 image c12kprp-p-mz.

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

Symptoms: On a Cisco 12000 series router that is performing the Label Edge Router (LER) functionality, packets may leave the outbound interface unlabeled if the ingress line card is an ISE even though the destination network appears as tagged in the CEF and TFIB table.

Conditions: This problem has been observed to IP destination addresses using a recursive route. If the problem occurs, the corresponding outputs of show ip cef prefix display an outbound label for the appropriate next-hop. But the output of show ip hardware-cef for this IP address does not display any label.

Further Problem Description: IP packets entering an MPLS network should be labeled if an LDP neighbor is established and the appropriate entries are in the RT, FIB and TFIB. The label imposition takes place in hardware of ISE on the ingress line card. Thereby the hardware information has to follow the control plane information. If the problem is present the control plane information looks consistent but it is not coincident with the hardware information of the ingress line card.

Symptoms: A 3-port Gigabit Ethernet (GE) line card may show BMA error, then run error recovery.

Conditions: This symptom is observed on a Cisco 12008/40 router that is running Cisco IOS 12.0(23)S5. It is configured as an MPLS inter-AS ASBR. It is also configured as a PE router. When entering the shut command followed by the no shut command on a POS interface on a 8POS LC, the 3GE LC will show BMA error.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

Symptoms: The tag forwarding table for a line card on Cisco platforms that have distributed (i.e. linecard based) forwarding, such as the Cisco 7500 Series and the Cisco 12000 Series, may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.

Conditions: This symptom is observed on Cisco platforms that have distributed (i.e. linecard based) forwarding in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link.

The problem is more likely to happen if the PE to CE link experiences quick flaps of an interface (i.e. goes down and come back up in a very small amount of time (e.g. 2 sec)). Although this can happen on any linecard, this situation is more likely to happen on the Engine 3(E3) channelized OC48 line cards due to its quick flapping behavior.

- The defect affects routers that are: (a) MPLS VPN PE routers or (b) routers that exchange labels for ipv4 BGP routes.

- For (a) there should be recursive routes on the PE that go over the PE-CE link (this could be either BGP learnt recursive routes or static recursive routes). Also, these recursive routes have the link's CE side ip address as their nexthop.

- There should be a less specific route to get to the nexthop (this can be a default route). This applies for (a) and (b).

Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster

Symptoms 2: After a switchover to a standby processor, the indices of the interfaces in the system may be changed by mistake. This may cause problems with forwarding packets and may cause other inconsistencies.

Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:

Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tag Switching Distribution Protocol (TDP).

Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.

The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.

This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(27)S.

Symptoms: Some MQC commands on 4xOC3 and 8xOC3 ISE line cards on Cisco 12000 series routers may result in a message similar to the following:

Due to the error, no policy is applied to the interface. Even though the running configuration has the policy on the interface, the policy will not take effect.

Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).

Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.

Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.

Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).

For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.

Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.

Conditions: This symptom is observed when Web Cache Communication Protocol (WCCP) and Cisco Express Forwarding (CEF) are both enabled on the router.

Workaround: Disabling CEF is a possible workaround, but this workaround may impact the performance of the router.

Symptoms: During an SSO switchover, the newly active Route Processor (RP) may output the following error message:

This error is harmless, and no functional problem will occur when this error is received.

Wide-Area Networking

Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.

Resolved Caveats—Cisco IOS Release 12.0(23)S5

Cisco IOS Release 12.0(23)S5 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S5 but may be open in previous Cisco IOS releases.

Interfaces and Bridging

Symptoms: A Cisco 7500 series may generate the following message on its console:

Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(23)S1.

IP Routing Protocols

Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.

Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.

Symptoms: A Cisco 12000 series may reload when you enter the show bgp ipv6 unicast or show bgp ipv6 multicast user EXEC or privileged EXEC mode command.

Conditions: This symptom is observed when IP version 6 (IPv6) multicast is configured.

Symptoms: After a Performance Routing Engine 1 (PRE1) cutover in Route Processing Redundancy Plus (RPR+) mode in a Stateful Switchover (SSO) image, no virtual circuit (VC) is recovered.

Conditions: This symptom is observed when the high availability (HA) configuration mode is changed to the RPR+ mode from the default SSO mode on an SSO image when the HA cutover is completed.

Symptom: A Cisco router running Multicast Source Discovery Protocol (MSDP) may reload when the show ip mdsp peer peer-address advertised-SAs user EXEC/privileged EXEC command is entered.

Workaround: 1)Enter the no ip domain-lookup command in global configuration mode. 2)If the ip host {name} {address1} global configuration command is configured, the host name should not be more than 36 characters.

IP Routing Protocols

A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.

The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:

ISO CLNS

Symptoms: On a Cisco router, Intermediate System-to-Intermediate System Version 6 (IS-ISv6) routes may not be inserted in the IPv6 routing table after a reload or after a neighbor's interface state changes. This symptom affects only configurations with level-2-only links.

Conditions: This symptom may be observed on Cisco routers that are running Cisco IOS Release 12.0(22)S.

Workaround: Use the clear isis * privileged EXEC command after a reload or after a topology change. Use level 1-2 links.

Miscellaneous

Symptoms: A Cisco 7500 series router that acts as the penultimate hop of the backup Label Switched Path (LSP) and that is configured with the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command may have the primary LSP go down when Fast ReRoute (FRR) is enabled on the router.

Conditions: This symptom is observed on a Cisco 7500 series that has Multiprotocol Label Switching (MPLS) traffic engineering (TE) configured.

Work around: Do not configure the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command.

Symptoms: A router may not load balance traffic properly between two OC-48 Packet over SONET (POS) Engine 2 (E2) line cards.

Conditions: This symptom is observed on a Cisco 12416 series Internet router that is running Cisco IOS Release 12.0(21)ST2 and that has two OC-48 POS E2 line cards.

This symptom is observed while the Cisco 12416 has incoming traffic from an Engine 4 (E4) line card and outgoing traffic is sent through the E2 line card via parallel links. This symptom does not occur if the incoming card is replaced with an E2 line card.

Symptoms: When an hw-module slot <x> reload is issued on the server card, some error messages plus tracebacks appear. Sessions are also nonoperational.

Conditions: This symptom occurs on Cisco 12000 series routers that are running Cisco IOS Release 12.0(22)S.

Symptoms: Per Interface Rate Control (PIRC) does not act on IP traffic that would have otherwise been tagged (MPLS) if the current hop was not the pin- ultimate hop for a given destination. PIRC does not act on IP traffic with destination addresses that have an implicit-null label as their label binding.

Symptoms: A 4-port OC-3 Packet-over-SONET (POS) Engine 0 line card that is installed in slot 14 of a Cisco 12416 may reload because of a bus error. In the output of the show context all EXEC command, the value of the badVaddr field is 0x14.

Conditions: This symptom is observed on a Cisco 12416 that runs Cisco IOS Release 12.0(21)S1, Release 12.0(23)S2, or Release 12.0(23)S3. More 12.0 S releases may be affected.

Symptoms: When creating IP version 6 (IPv6) Access Control Lists (ACLs), the following message is displayed several times:

In some cases, looking at the ACL indicates unwanted commands that are added, such as the following:

These statements cannot be removed from the ACL. In other cases, lines of the ACL are modified. If a remark is added to the ACL once, then it will be repeated in ACL several times.

Conditions: These symptoms are observed in Cisco IOS releases from Cisco IOS Release 12.0(23)S to Cisco IOS Release 12.0(26)S. The symptoms are seen only when the router has dual gigabit route processors (GRPs) installed and with different redundancy modes configured.

Symptoms: A router permanently pauses when removing certain types of policies from the interface.

Conditions: This symptom is observed on a Cisco router if the policy has bandwidth configured on class-default. When this policy is removed, the router permanently pauses.

Symptoms: A primary Route Processor (RP) and a standby RP may not load the correct image when a Cisco 12000 series router is reloaded.

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S2 or an earlier release when all of the following conditions are present:

- An Advanced Technology Attachment (ATA) disk or a Flash card such as a Personal Computer Memory Card International Association (PCMCIA) card is installed in both the primary RP and the standby RP.

- The boot system tftp ip-address global configuration command is enabled in the configuration.

The symptom does not occur when the Route Processor Redundancy plus (RPR+) mode or the Stateful Switchover (SSO) feature is enabled.

Alternate Workaround for Cisco IOS Release 12.0(22)S2 only: After the RPs have booted up, remove the boot system tftp ip- address global configuration command from the configuration and execute the upgrade rom-monitor EXEC command to enable the ROM monitor to be upgraded.

Symptoms: The ip access-group interface configuration command does not function on a PortChannel interface.

Symptom 1: The interface index of a tunnel interface may be corrupt, and the output of the show running-config privileged EXEC command may display the following information:

%FIB-2-IFINDEXILLEGAL: An internal software error occurred. Argument ifindex is out of bounds at -1.

Condition 1: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a tunnel interface, then remove the tunnel interface, and then add the tunnel interface again.

Symptom 2: Cisco Express Forwarding (CEF) may not form adjacencies across a 2-port multichannel T3 port adapter (PA-MC-2T3+) as is indicated in the output of the show cef interface type number EXEC command (in this example, serial interface 12/0/0/8:0 is used):

Condition 2: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a serial interface, then remove the serial interface, and then add the serial interface again.

Symptoms: When Stateful Switchover (SSO) is configured and you enter the hw-module reload privileged EXEC command on a 4-port OC3 ATM line card before the standby Route Processor (RP) has come up completely, the standby RP may reload.

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.

Symptoms: After a Performance Routing Engine 1 (PRE1) cutover in Route Processing Redundancy Plus (RPR+) mode in a Stateful Switchover (SSO) image, no virtual circuit (VC) is recovered.

Conditions: This symptom is observed when the high availability (HA) configuration mode is changed to the RPR+ mode from the default SSO mode on an SSO image when the HA cutover is completed.

Symptoms: Tag Distribution Protocol (TDP) may not convey the label change information for a prefix that is learned via an exterior Border Gateway Protocol plus (EBGP+) label to its TDP peers.

Conditions: This symptom is observed on a Cisco 7500 series when TDP is used. The symptom does not occur when Label Distribution Protocol (LDP) is used.

Symptoms: An outgoing adjacency for a Virtual Private Network (VPN) routing/forwarding (VRF) prefix always points to a virtual interface in distributed Cisco Express Forwarding (dCEF).

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S5.

Symptoms: An Engine 3 (E3) Gigabit Ethernet line card may reload or cause the router that it is installed on to reload.

Conditions: This symptom is observed when an E3 Gigabit Ethernet line card that has 1000 VLANs and that is sending line rate IP version 6 (IPv6) traffic on the VLANs is reloaded.

Conditions: This symptom is observed on a Cisco 12000 series that has per- prefix accounting configured when the clear ip route * privileged EXEC command is entered to delete IP routing table entries.

Symptoms: A Cisco router that is running Multiprotocol Label Switching (MPLS) may reload after a message similar to the following is generated:

Conditions: This symptom is observed when more than 672 Label Distribution Protocol (LDP) sessions are established simultaneously and when LDP cannot perform some background tasks for an advertised Label Information Base (LIB) entry before the local label is changed or withdrawn.

Symptoms: A memory allocation (malloc) failure may occur during a Cisco Express Forwarding (CEF) process on a redundant Route Processor (RP) and may cause the redundant RP to stop processing queued CEF update messages that are sent by the active RP. This malloc failure may be observed in the output of the show cef linecard EXEC command.

Because the redundant RP no longer processes CEF update messages that are sent by the active RP, the message queue on the active RP continues to grow, causing the free memory of the active RP to decrease. The rate of this decrease depends on the rate of prefix changes in the network. The continued growth of the message queue eventually results in a malloc failure on the active RP, or results in CEF being disabled.

Conditions: This symptom is observed on a Cisco router that is configured with redundant RPs.

Workaround: Reload the redundant RP by entering the hw-module secondary-cpu reset EXEC command.

Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload. CPUHOG messages may be displayed on the console before the router reloads.

Conditions: This symptom is observed in configurations with many interfaces or IP addresses, or with a very large number of labelled prefixes.

Symptoms: At least 30 percent of the CPU of a Performance Routing Engine 1 (PRE-1) may be utilized to process flows, causing the number of packets that are processed per second to be much lower than you would expect.

Conditions: This symptom is observed on a Cisco 10000 series when NetFlow and NetFlow export are enabled and when there is a large number of flows (more than 10,000).

Alternate Workaround: Reduce the number of entries in the NetFlow cache of the Route Processor (RP) by entering the ip flow-cache entries 1024 global configuration command. Doing so reduces the load of the CPU of the PRE-1. Note that the primary cache is located on the Parallel Express Forwarding (PXF) processor and supports a fixed number of 512 entries.

Symptoms: The traceroute privileged EXEC command may not work for the IP address of a generic routing encapsulation (GRE) tunnel in a Multiprotocol Label Switching (MPLS) network, and the router at the receiving end may generate traceback error messages.

Conditions: This symptom is observed in an MPLS network when you configure a generic routing encapsulation (GRE) tunnel between a Cisco 10000 series that is configured as a provider edge (PE) router and another PE router.

Workaround: To determine a path in the MPLS network, shut down the GRE tunnel and enter the traceroute privileged EXEC command for the IP address of the physical link.

Alternate Workaround: Reload the microcode onto the Parallel Express Forwarding (PXF) by entering the microcode reload pxf privileged EXEC command.

Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload.

Conditions: This symptom is observed when Label Distribution Protocol (LDP) peers of the Cisco router advertise a large number of IP addresses because interfaces flap or are configured.

Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, when primary traffic engineering (TE) tunnels are configured between provider edge (PE) routers, and these primary TE tunnels are configured for Fast Reroute (FRR) link protection, a 50-ms convergence time may not be achieved in the core of the network, even when very small VPN routing and forwarding (VRF) prefix tables are configured.

Conditions: This symptom is observed when the PE headend router is the point of local repair (PLR). The PE headend router is the router that performs VPN label imposition, that functions as the primary TE tunnel headend, and that functions as the uplink to a provider (P) router.

Workaround: There is no workaround. Note that FRR link protection functions correctly for IP version 4 (IPv4) traffic and for Any Transport over MPLS (AToM) traffic. Also, note that FRR link protection functions correctly for VPN traffic on PLRs other than the PE headend that is mentioned in the conditions, such as a P router that functions as a link to another P router, and a P router that functions as a downlink to a PE router.

Symptoms: An IP packet with multiple fragments sent through a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S, 12.0(24)S, 12.0(25)S, or 12.0(26)S may drop small fragments of the packet when MPLS Label disposition takes place, which exposes the underlying IP packet.

Conditions: The egress line card must be an Engine 4+ variant for this to occur, and the fragment must have the MF bit set with an IP payload of 8, 16 or 24 bytes.

Workaround: Configure an explicit null label for the prefix, which creates a TAG to TAG switching path instead of a TAG to IP path.

Symptoms: A 1-port OC-12 ATM line card may reset after the Forwarding Information Base (FIB) is disabled because of interprocess communications (IPC) failures, as is shown by the following error messages:

%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC

%FIB-3-FIBDISABLE: Fatal error, slot 6: IPC Failure: timeout %GRP-4-RSTSLOT: Resetting the card in the slot: 6,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE

%GRP-3-BAD_STATE: Slot:6 State:In Reset -Traceback= 18BA90 3BC3E4 305DA4 3067C4 306850 306FA8 3070C0

Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards:

Symptoms: An Engine 4 line card may reload when an Engine 2 line card sends a corrupt Multiprotocol Label Switching (MPLS) packet.

Conditions: This symptom is observed on a Cisco 12000 series that is configured for MPLS.

Symptoms: Simple Network Management Protocol (SNMP) values that are retrieved by the snmpget command may be inconsistent compared to the SNMP values that are shown on an interface.

Conditions: This symptom is observed on a Cisco 12000 series that runs in a Multiprotocol Label Switching (MPLS) environment when you use SNMP to retrieve various counter values from a Packet-over-SONET (POS) interface.

Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), the Label Distribution Protocol (LDP) peer address table may become corrupted and cause the router to reload.

Conditions: This symptom may be observed in situations where three or more routers have advertised the same IP address in LDP address messages. This normally happens when routers have been misconfigured but in very rare circumstances may be done deliberately.

The circumstance can be recognized by the presence of the following error message:

%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0

If only one such message is seen for a given IP address—10.0.0.1 in the above example—then only two routers have advertised the IP address, and only the second is being treated as a duplicate. At least one more such message should be seen if at least three routers have advertised the IP address in question.

Workaround: The problem does not happen in typical configurations because duplicate addresses are not configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, there is no workaround.

Symptoms: Under certain conditions, for example Stateful Switchover (SSO) or entering the clear cef linecard EXEC command, the Engine 3 line cards in a router reload with error messages related to ALPHA errors in the table look-up (TLU) stage. The following strings in the error message will be seen:

Conditions: This symptom occurs only when there are loadbalance paths for Multiprotocol Label Switching (MPLS) traffic, and some route changes occur.

Symptoms: When a subinterface is configured with a subinterface number value larger than 65535, the protocol enabled on this subinterface may not be in the proper state for correct operation after the switchover.

Conditions: These symptoms have been observed on Cisco platforms with redundant Route Processors operating in stateful switchover (SSO) redundancy mode.

Workaround: Limit the subinterface number value to an integer less than 65535 while configuring subinterfaces.

Symptoms: The Sampled NetFlow (SNF) cache is empty on a 3-port Gigabit Ethernet (GE) interface card.

Conditions: This symptom is observed on a GE interface card when Multiprotocol Label Switching (MPLS) is configured on one port and SNF is on another port of the GE card.

Symptoms: On Packet-over-SONET (POS) Engine 2 line cards for a Cisco 12000 series router, IP2TAG traffic does not get rate limited by Per Interface Rate Control (PIRC).

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S5.

Symptoms: Quality of service (QoS) multicast packets are not correctly marked on input.

Conditions: This symptom is observed on a Cisco router when ingress QoS multicast packets are classified. The precedence or Differentiated Services Code Point (DSCP) bit is ignored and misclassified.

Symptoms: Ethernet over Multiprotocol Label Switching (EoMPLS) disposition fails for egress Packet-over-SONET (POS) Engine 4 plus (E4+) line card. Tag bytes increment as traffic comes in, but nothing is sent out the egress 3-port Gigabit Ethernet (GE) interface.

Conditions: This symptom is observed on a Cisco 12416 router that is running Cisco IOS Release 12.0(22)S5.

Workaround: Use a different card or router for the EoMPLS disposition but do not use the E4+ line card.

Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, if a Cisco 10720 router receives an MPLS packet with an IP version 4 (IPv4) option underneath it, the MPLS packet has two or more labels, and the router attempts to untag all labels, the Parallel Express Forwarding (PXF) processor may reload.

When this symptom occurs in the MPLS VPN network, egress provider edge (PE) routers may reload. The packets that cause the routers to reload are Internet Control Message Protocol (ICMP) echo and echo reply packets with record route options. Other types of IPv4 options may also cause the routers to reload.

Conditions: The symptom is observed on a Cisco 10720 that functions as an MPLS VPN PE router. The symptom does not occur in a basic MPLS network without VPN, where there is only one label.

Symptoms: When the ROM of an active Performance Route Processor (PRP) is upgraded, the PRP may pause indefinitely. When the ROM of the standby PRP is upgraded, the upgrade may cause an exception and the standby PRP may reload.

Conditions: These symptoms have been observed when ROM upgrades are performed, and the up all all or up rom slot-number commands are configured on the active and standby PRPs.

Symptoms: A 3-port Gigabit Ethernet (GE) line card may stop transmitting traffic.

Conditions: This symptom is observed on a Cisco 12000 series that is configured as a Multiprotocol Label Switching (MPLS) provider edge (PE) router that is running Cisco IOS Release 12.0(25)S1.

Symptoms: If traffic passes on multiple ports of an 8-port Fast Ethernet (FE) card and the shutdown interface configuration command is entered on one of the traffic-flowing ports, all the other ports stop passing traffic.

Conditions: This symptom is observed on a Cisco 10000 series with an 8-port Fast Ethernet (FE) card that is running a Performance Routing Engine 1 (PRE1) image of Cisco IOS Release 12.0(23)S4. There is no special configuration required to experience this symptom. Ports that pass traffic with a basic default configuration will experience the symptom.

Workaround: Enter the no shutdown interface configuration command to free the other ports. Do not shut down any port on an 8-port Half Height (HH) FE line card until a fix is available.

Conditions: This symptom is observed on a Cisco 10000 series when a single bit Error-Correcting Code (ECC) error is detected in the Synchronous Dynamic RAM (SDRAM).

Symptoms: The following symptoms occur with a traceroute from a remote Customer Edge (CE) router to a local CE router with TTL set to expire at the Provider Edge (PE) router attached to the local CE.

-If the IP packet length of the traceroute is equal to or less than 72 bytes, the Provider Edge (PE) router replies with an ICMP TTL expired message with the VPN interface address.

-If the IP packet length of the traceroute is equal to or more than 73 bytes, the PE replies with an ICMP TTL expired message with the MPLS core interface address.

Condition: These symptoms have been observed in an MPLS VPN environment, with a Cisco 12000 series Internet router running Cisco IOS Release 12.0(23)S4 used as the PE and a 3-Port Gigabit line card used as the MPLS and VPN interface.

Symptoms: An IP Services Engine (ISE) line card on a Cisco 12000 series Internet router running Cisco IOS Release 12.0(25)S1 or 12.0(24)S2 shows the following log messages that can lead to the line card being reset:

SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERRSS: RX ALPHA: ALPHA_CPU_IF100_INT error 1400 control FFFF03FF

SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERR: RX ALPHA: error: cpu int 1 mask 277FFFFF ...

SLOT 4:Sep 21 07:16:20: %LC-3-ERRRECOVER: Corrected a transient error on line card. ...

SLOT 4:Sep 21 07:16:40:: %EE48-3-ALPHAFLOW: rx alpha netflow: Out of order add-delete reports

Conditions: These symptoms are observed only under a load when full (non-sampled) aggregated Netflow (ip route-cache flow) is configured on an ISE line card interface.

This problem is not seen with Cisco IOS Release 12.0(25)S, 12.0(25)S2, 12.0(24)S1,and 12.0(26)S. It has been observed with Cisco IOS Release 12.0(25)S1 and 12.0(24)S2.

Symptoms: The OC192E/POS-VSR line card is reloaded with watchdog timeout (sig=23) by process = IPC Seat Manager on a Cisco 12416 router that is running Cisco IOS Release 12.0(23)S3. The log message displays the following:

SLOT 10:Sep 22 20:08:21.291: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3

SLOT 10:Sep 22 20:09:22.287: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3

SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.

-Traceback= 400EBCB4 400EF7F0 400E7534 405B620C 405B6438 40597C64 40558AD0 40559248 4011C728 405676F8 400C2874 400C286

Conditions: This symptom occurs because the watchdog timeout (sig=23) by process = IPC Seat Manager in OC192E/POS-VSR line card.

SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.

Workaround: There is no workaround. When this symptom occurs, the line card is automatically reloaded.

at boot up. Switch fabric card (SFC) incorrectly recognizes a "Primary Clock" as *CSC_0*.

Conditions: This symptom is observed on Cisco 12008 routers that are running Cisco IOS Release 12.0(21)ST5 or later releases.

Symptoms: While running Cisco IOS Release 12.0(22)S3, a Cisco 10720 router may reload with the following logs displayed:

%TOASTER-2-FAULT: T0 HW Exception: CPU[t0r3c3] NULLRD at 0x0C94 LR 0x0818 %TOASTER-2-FAULT: T0 Exception summary: CPU[t0r3c3] Stat=0x00000006 HW=0x00000800 LB=0x00000000 SW=0x00000000

Conditions: This symptom occurs only after adding a new subinterface to the router, and traffic starts passing on it.

Symptoms: When running in non-redundant PRE mode, after a crash, the line cards do not get reset. In rare cases, after Cisco IOS software reloads, there may be a mismatch between the Cisco IOS software and the line card so that the line card does not pass traffic.

Conditions: These symptoms have been observed after Cisco IOS is restarted after a crash when running in non-redundant PRE mode. Anything that goes through the formal reload path (with a single PRE1 in the system) will properly reset the line cards on the way down. This fix resets the cards on the way up as well in case they weren't reset on the way down.

Workaround: There is no workaround. However, after a Cisco IOS software crash, if a line card is not passing traffic, resetting the line card might fix the issue. A reload of the chassis will definitely fix the issue.

Condition: This symptom is observed when Traffic Engineering (TE) tunnels are configured.

Symptoms: A Reverse Path Forwarding (RPF) check should be disabled for bootp packets with the source IP address 0.0.0.0 and the destination IP address 255.255.255.255. However, PXF currently disables RPF checks for all packets with the source IP address 0.0.0.0.

Conditions: These symptoms have been observed on Cisco IOS Release 12.0(22)S and later.

Wide-Area Networking

Symptoms: Link Control Protocol (LCP) negotiations may fail, and a "failed to negotiate with peer" message may be displayed.

Conditions: This symptom is observed on a Cisco universal access server if the peer sends more than five Configure-Negative acknowledgments (CONFNAKs) or Configure-Rejects (CONFREJs) on the link for the current or previous LCP negotiation.

Workaround: Configure the ppp max-failure 10 command on the link to allow the remote peer to exhaust the Negative acknowledgment (NAK) or Reject acknowledgment (REJ) count and resume negotiations before the Cisco universal access server drops the link.

Symptoms: A router may reload when doing a show running-config command after creating a channelized group interface.

Conditions: This symptom may be observed if channelized interfaces had previously been created, configured with Frame Relay encapsulation and subsequently deleted without removing the encapsulation first.

Workaround: Remove the Frame Relay encapsulation before deleting the channel group interface.

Resolved Caveats—Cisco IOS Release 12.0(23)S4

Cisco IOS Release 12.0(23)S4 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S4 but may be open in previous Cisco IOS releases.

Basic System Services

Symptoms: A router may send linkUp traps with the loclfReason attribute set as "Down" and linkDown traps with the loclfReason attribute set as "Up."

Workaround: Query the link status using the command-line interface (CLI) or Simple Network Management Protocol (SNMP).

Symptoms: The ifIndex may not synchronize when you use third-party vendor software with Cisco IOS software and a standby router comes up after a Stateful Switchover (SSO) has occurred.

Conditions: This symptom is observed on a Cisco 12416 that is running Cisco IOS Release 12.0(24)S and that has line cards that are configured with about 2000 Gigabit Ethernet (GE) subinterfaces.

Workaround: Reduce the number of GE subinterfaces. (For example, with only 10 GE subinterfaces, the symptom does not occur.)

Symptoms: Information about a port adapter (PA) may be missing from the output of a show diag command.

Conditions: This symptom is observed on a controller with a memory size of 128 MB DRAM and 8192 KB SRAM. The controller displays the following information:

PA Bay 0 Information: Fast-Ethernet PA, 1 ports, 100BaseTX-ISL EEPROM format version 0 HW rev 0.00, Board revision UNKNOWN Serial number: 00000000 Part number: 00-0000-00

PA Bay 1 Information: Fast-Ethernet PA, 1 ports, 100BaseTX-ISL EEPROM format version 1 HW rev 1.00, Board revision A0 Serial number: 08534388 Part number: 73-1688-04

Symptoms: A Cisco router may reload because of a watchdog timeout condition when you poll the ciscoEnvMonTemperatureStatusValue MIB variable.

Conditions: This symptom is observed when the MIB variable has an index that is larger than 6. Indexes 0 to 6 are valid indexes; indexes that are larger than 6 are not valid indexes.

Symptoms: The cardIfTable table is not correctly populated for channelized interfaces. All of the entries return a value of "-1".

Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(22)S.

EXEC and Configuration Parser

Symptoms: When any command that triggers the nonvolatile generation (NVGEN) process is executed through a new vty session, certain interface configuration commands that support the Best Effort Method, such as the ip vrf interface configuration command, the ntp disable interface configuration command, and the service-policy output interface configuration command, may not properly synchronize with a standby Route Processor (RP) or Performance Routing Engine (PRE) because of a failure in the post NVGEN process.

For example, when you enter the ip vrf interface configuration command while the show running-config privileged EXEC command is being executed in a Telnet session, the configuration of the ip vrf interface configuration command may not properly synchronize with the standby RP or PRE, and a "Post NVGEN failure" message may be generated.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(23)S2 or a later release.

Workaround: Do not enter commands that trigger the NVGEN process while you configure commands that support the Best Effort Method.

IP Routing Protocols

Symptoms: A Cisco 12416 router may reload because of a watchdog timeout in the Border Gateway Protocol (BGP) I/O process.

Conditions: This symptom is observed when a Cisco 12416 router that is configured with 575 BGP peers and three 1-port OC-12 ATM line cards, each of which is configured with 500 ATM permanent virtual connection (PVC) subinterfaces, is booted with Cisco IOS Release 12.0(22)S.

Symptoms: When the customer edge (CE) peer of a provider edge (PE) router has the neighbor default-originate router configuration command enabled, which enables the PE router to send the default route to the CE, the default route may be sent with the wrong mask (255). When this situation occurs, the CE router sends a notification that states that an illegal network entry has occurred and flaps the session.

Conditions: This symptom is observed on a Cisco 7200 series router that functions as a PE router but may also occur on another platform that functions as a PE router.

Symptoms: A router may reload when a Virtual Private Network (VPN) neighbor is deleted.

Symptoms: A customer edge (CE) router may reject next-hop routes to a provider edge (PE) router.

Conditions: This symptom is observed when the PE router does not advertise itself as the next hop to the CE router that is configured for external Border Gateway Protocol (eBGP).

Workaround: Configure the PE router as the BGP next hop for the CE router by entering the neighbor ip-address next-hop-self router configuration command on the PE router.

Symptoms: A router may inadvertently remove link-state advertisements (LSAs) from the retransmission list and prevent the Open Shortest Path First (OSPF) neighbor from receiving the latest version of the LSA. This behavior may cause some prefixes to be unreachable.

Conditions: This behavior may occur when the LSA is not received by the neighboring router and the LSA must be retransmitted. While the LSA is waiting in the neighbor retransmission queue, certain events may cause a regeneration of the same LSA. If there is no change in the LSA, the router may mistakenly remove the LSA from the retransmission queues of all neighbors.

Workaround: This symptom normally stops occurring after the LSA is refreshed. If this symptom continues to occur, unconfigure and reconfigure the network global configuration command.

Symptoms: A Border Gateway Protocol (BGP) next-hop router may not redistribute Virtual Private Network (VPN) routes.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S.

Symptoms: A Cisco 10000 series that is configured with two Performance Routing Engine 1 (PRE-1) processors may stop functioning as a redundant system.

Conditions: This symptom is observed when you enter the bgp upgrade-cli router configuration command.

Symptoms: You may not be able to configure the ip vrf receive interface configuration command.

Conditions: This symptom is observed when the interface on which you attempt to configure the ip vrf receive interface configuration command does not have an IP address configured.

Workaround: First configure an IP address on the interface, then enter the ip vrf receive interface configuration command on the interface.

Miscellaneous

Symptoms: Engine 4 plus (E4+) line cards may not fragment outgoing pings properly, causing pings of packets with a size that is larger than the maximum transmission unit (MTU) to fail.

Conditions: This symptom is observed on E4+ line cards (4-port OC-48 and 1- port OC-192 line cards) that are installed in a Cisco 12000 series.

Symptoms: On a Cisco 10000 series edge services router (ESR) that has a Channelized OC-12 line card and is configured for Synchronous Digital Hierarchy (SDH) framing, the controllers and interfaces will not come up if you configure an "AU-4-TUG-3" other than number 1.

Conditions: These symptoms have been observed only when "AU-4-TUG-3" number 1 has not been configured. Once the number 1 controller has been configured, all other controllers function properly.

Workaround: Configure the number 1 "AU-4-TUG-3" controller before configuring any others. The controller needs to remain configured for the other controllers to work, even if it is not used.

Conditions: This symptom is observed on a Cisco router that is configured for Stateful Switchover (SSO) when a static route in the format "ip route 10.10.10.10 255.255.255.255 ethernet4/0/1" is configured on the primary RP.

Symptoms: When you configure a Virtual Private Network (VPN) on a router that is configured with dual Route Processors (RPs), a VPN routing/forwarding (VRF) table ID that is associated with a particular VRF instance may have different values in the active RP and the standby RP. This situation causes failures in the processing of Cisco Express Forwarding (CEF) interprocess communication (IPC) messages on the standby RP for CEF IPC messages that contain an inconsistent VRF table ID, and CEF may be disabled.

Inconsistent VRF table IDs may also cause a memory loss on the standby RP, and when a switchover occurs from the active RP to the standby RP, more difficulties may occur.

Conditions: These symptoms are observed on router that is configured for Stateful Switchover (SSO) when VRF instances are deleted.

Workaround: There is no workaround; however, these actions minimize the occurrence of the symptoms:

–

If VRF instances are deleted, wait for few minutes for the deletion to be completed on the active RP before you configure new VRF instances. The output of the show ip vrf EXEC command displays the deleted VRF instances (a "*" in front of a VRF instance indicates that the VRF instance is being deleted).

–

If you install a new RP and VRF instances have been deleted from the configuration of the active RP, reload the router.

Symptoms: The configuration of commands may cause additional memory to be held by an execute process.

Conditions: This symptom is observed when commands are configured on a Cisco router.

Workaround: If the execute process belongs to a terminal session or a console session, terminate the execute session by entering the exit command.

Symptoms: A spurious memory access may occur on the Versatile Interface Processor (VIP) of a Cisco 7500 series, even though the VIP does not reload.

Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) forwarding is enabled.

Symptoms: If the no shutdown interface configuration command is entered on interfaces that are already in the "up" state, the interfaces enter the "down" state.

Conditions: This symptom is observed on the interfaces of a 16-port OC-3 Packet over SONET (POS) line card that is installed on a Cisco 12000 series.

Symptoms: A Route Processor (RP) may reload when you enter the clear ip bgp * privileged EXEC command while interfaces flap continuously.

Conditions: This symptom is observed when Virtual Private Network (VPN) routing/forwarding (VRF) forwarding is configured on the interfaces that flap.

Symptoms: An RP may reload when you simultaneously enter the clear ip bgp * privileged EXEC command and perform an online insertion and removal (OIR) by entering the hw-reload reset EXEC command.

Conditions: This symptom is observed when you perform an OIR of an interface that has a VRF configuration in which the connected route is learned via a network statement. The connected route is removed when you perform the OIR.

Workaround: Do not simultaneously enter the clear ip bgp * privileged EXEC command and perform an OIR.

Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you reload microcode onto the line card.

Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S, Release 12.0(23)S, Release 12.0(24)S, or Release 12.0(25)S and that is functioning as a provider edge (PE) router in a Carrier Supporting Carrier configuration when the 4-port OC- 48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.

Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.

Symptoms: The E3 controller of a 1-port multichannel E3 port adapter (PA-MC-E3) card is missing from the IF-MIB and DS3-MIB MIBs.

Conditions: This symptom is observed when you run the IF-MIB MIB or DS3-MIB MIB for a PA-MC-E3. The symptom occurs in all Cisco IOS releases.

Symptoms: A Tag Forwarding Information Base (TFIB) Virtual Private Network version 4 (VPNv4) entry on an Autonomous System Boundary Router (ASBR) for a prefix may not be reinstalled, causing traffic for this prefix to continue to flow to a provider edge (PE) router via the previous best path.

Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN interautonomous system environment in which ASBRs are performing VPNv4 exchanges and in which a Border Gateway Protocol (BGP) session is active.

The ASBR on which the TFIB VPNv4 entry is not installed should receive a prefix from a Route Reflector (RR) that selects the best of two available paths between the RR and two PE routers. Both PE routers should allocate the same label for the prefix. The PE router to which the best path leads should withdraw the prefix.

Alternate Workaround: Withdraw the prefix from the ASBR and readvertise the prefix by clearing the prefix on the PE router that advertises the prefix.

Symptoms: After a single transmit buffer management (TBM) error occurs on an 8- port OC-3 ATM line card, the line card may stop forwarding inbound and outbound traffic.

Conditions: This symptom is observed if a label value of 500 or greater is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:

The Cisco 10000 series does not reload if a label value of less than 500 is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:

Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require:

–

Accessing the router via a Telnet connection to a network port may become impossible.

–

The command-line interface (CLI) via the console line may become quite slow to respond.

The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.

Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, you query the mplsXCTable or a MIB walk occurs, and there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.

Shut down interfaces to bring the total count of active MPLS labels down to far below 10,000.

Enter the no shutdown interface configuration command on all the interfaces that you shut down in Step 1.

Symptoms: On a Cisco router that runs IP over Multiprotocol Label Switching (MPLS), the Route Processor (RP) on which Label Distribution Protocol (LDP) is configured may attempt to access freed memory, causing the router to reload.

Conditions: This symptom is observed in rare situations on a Cisco router when an interface with hundreds of associated IP addresses is administratively disabled.

Symptoms: When NetFlow data is processed at interrupt-level, the CPU utilization of a route processor (RP) may become high.

Conditions: This symptom is observed on a Cisco 10000 series when NetFlow is configured and many small data flows are processed on the router.

Symptoms: Any Transport over MPLS (AToM) traffic may be dropped at the disposition line card.

Conditions: This symptom is observed on a Cisco 12000 series when the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature is enabled on an 8-port OC-3 ATM line card and the disposition line card is an Engine 3 line card, such as a 4-port OC-12 Packet-over-SONET (POS) line card or a 1-port OC-48 POS line card.

Symptoms: On a Cisco platform, free memory may decrease gradually during normal system operation. When network instability occurs, free memory may decrease in the order of tens of MBs over a short period of time.

The output of the show processes memory EXEC command indicates that the Border Gateway Protocol (BGP) router process holds an amount of memory that is increasing as the free memory is decreasing.

Conditions: This symptom is observed on a Cisco platform that is running Cisco IOS Release 12.0(23)S1 or a later release and that has the ip default-network network-number global configuration command enabled.

Workaround: Disable the ip default-network network-number global configuration command to stop the free memory from decreasing. However, to free up the held memory, reload the platform.

Symptoms: Interfaces on one Engine 4 (E4) 3-port Gigabit Ethernet (GE) port adapter (EPA-3GE-SX/LH-LC) may use the same interface description blocks (IDBs) as interfaces of an adjacent E4 3-port GE port adapter that is installed on the same GE modular baseboard (EPA-GE/FE-BBRD). This situation may cause forwarding difficulties and Cisco Express Forwarding (CEF) inconsistencies on other line cards that are installed in the same router. You can verify the symptoms in the output of the show cef interface EXEC command.

Conditions: This symptom is observed on a Cisco 12000 series that is configured with more than one GE modular baseboard when several E4 3-port GE port adapters are installed on a single GE modular baseboard.

Symptoms: A 3-port Gigabit Ethernet line card may stop processing traffic after the Gigabit Route Processor (GRP) has reloaded.

Conditions: This symptom is observed on a Cisco 12000 series when autonegotiation is enabled.

Symptoms: When an ATM link flaps or a remote ATM platform reloads, a Fast Etherchannel may fail and Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are connected via the Fast Etherchannel may be lost.

Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-pv-mz image of Cisco IOS Release 12.0(21)S5.

Symptoms: The convergence time after a forced Stateful Switchover (SSO) may be longer than 10 seconds.

Conditions: This symptom is observed on a Cisco 10000 series that is configured for SSO.

Symptoms: A value of 4,294,967,295 (hexadecimal 0xffffffff) may appear in the ifIndex field of the ifTable for the first channelized T3 controller (CT3) of a 6-port CT3 line card that is installed in a slot of a Cisco 10000 series. This situation causes the ifTable to lose its entries for all other CT3 (or T3 and DSX3) controllers, making them unavailable for Simple Network Management Protocol (SNMP) access.

In a situation in which some SNMP access tools treat the ifIndex values as signed integers, these SNMP access tools may interpret the ifIndex value of 4,294,967,295 as its signed value of -1. When a router walks tables that are indexed by an abnormal ifIndex value such as -1, loops may occur.

Conditions: This symptom is observed on a Cisco 10000 series that is configured for Route Processor Redundancy Plus (RPR+) when a switchover occurs. The symptom may also occur when a Stateful Switchover (SSO) occurs and the Cisco 10000 series software image that is loaded onto the secondary Route Processor (RP) is a newer version than the software image that is running on the primary RP, causing the router to default to RPR+ because of the mismatch between the two software images on the RPs.

At least one channelized interface must be defined on any CT3 controller in order for the symptom to occur.

You can reproduce the symptom in a simple configuration with two 6-port CT3 line cards in slots 6/0 and 7/0, when the only interface that is defined is a single T1 channel group, 6/0/3/1:0. Before an RPR+ switchover, the output of the snmpwalk command indicates the following controller indices:

After the RPR+ switchover, the index list for the CT3 controllers contains only the following entry:

The associated data object is shown only for the controller that is assigned to this index (that is, the first controller on the line card on which an interface is assigned):

Symptoms: "IPC-3-APP_IPC_FAIL" error message may be printed when Active and Standby Route Processors (RPs) are running different Cisco IOS software versions.

Conditions: This symptom occurs when at least one of the Cisco IOS releases is Cisco IOS Release 12.0(23)S2 or an earlier release.

Workaround: Ensure that both images on Active and Standby RPs are running Cisco IOS Release 12.0(23)S3 or later releases.

Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.

Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.

Symptoms: Packets may drop from an Engine 2 (E2) line card on which an outbound access control list (ACL) is configured.

Conditions: This symptom is observed on a Cisco 12000 series when the access-list access-list-number deny protocol any any global configuration command is configured on the E2 line card and you have entered 0 for the protocol argument.

The symptom does not occur on an E2 line card on which an inbound ACL and the access-list access-list-number deny protocol any any global configuration command are configured and you have entered 0 for the protocol argument.

Symptoms: Multiprotocol Label Switching (MPLS) labels may be imposed erroneously on multicast packets.

Conditions: This symptom is observed on a Cisco 10720 when multicast packets are transmitted via Packet-over-SONET interfaces that are configured for MPLS.

Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.

Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.

Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.

Symptoms: When a small packet (a layer-2 packet that is equal to or smaller than 52 bytes, including the layer-2 packet size, the layer-2 header, and the cyclic redundancy check [CRC]) enters a Cisco 10720 and is fed back, one buffer element of the 128-byte Parallel Express Forwarding (PXF) buffer pool is used but not released. This situation eventually causes the 128-byte buffer pool to be depleted entirely. Because most of the control packets such as the IP routing protocol packets are small packets and use the 128-byte buffer pool, most control plane functions stop working and routing-protocol adjacencies go down when the 128-byte buffer pool is depleted, and finally, the router stops forwarding traffic on all the interfaces.

Conditions: These symptoms are observed when a PXF feedback occurs, for example, when multicast traffic is configured, or when a policy map is configured to feed back packets.

Workaround: Avoid PXF feedback. For example, properly configure the policy map. If PXF feedback is inevitable, proactively monitor the 128-byte buffer pool via the output of the show hardware pxf cpu buffers privileged EXEC command:

0 9344 1293 1293 0 0 1 1664 12930 12930 0 0 2 640 26746 26746 0 0 3 256 34072 34072 0 0 4 128 59934 49987 0 0 ^^^^^ Before the 128-byte buffer pool is depleted entirely, reset the 128-byte buffer pool. Reload the microcode onto the PXF by entering the

microcode reload pxf privileged EXEC command. However, be careful, because by reloading microcode onto the PXF, you may cause routing- protocol adjacencies to be dropped and the PXF to stop forwarding traffic.

Symptoms: Packets may be dropped by a Cisco 12000 IP Services Engine (ISE) line card if they are locally generated or forwarded in the slow pass by the line card, and if they exit the router through an ATM Engine 0 line card (1-port OC-12 ATM or 4-port OC-3 ATM). For example, these packets may be locally generated by ISE line card NetFlow export packets, Internet Control Message Protocol (ICMP) echo replies, or ICMP unreachable messages that exit the router through an Engine 0 ATM line card.

Packets that match the conditions listed below may be dropped. If they are NetFlow export packets, they can be seen in the output of the show ip flow export command in the line "export packets were dropped due to output drops." If they are ICMP echo reply packets, pings will fail.

Conditions: The following three conditions exist simultaneously for the dropped packets:

–

The ingress line card is any ISE line card or the packets are locally generated by this line card.

–

The egress line card is any ATM Engine 0 line card (1-port OC-12 ATM or 4-port OC-3 ATM).

–

The packets are forwarded by the ingress line card CPU in the slow pass, not by the forwarding ASIC in the fast pass.

This caveat affects Cisco IOS Release12.0(21)S, Release 12.0(22)S, Release 12.0(23)S, and Release 12.0(24)S. It does not apply to Release 12.0(25)S and later releases.

Symptoms: Line Remote Defect Indicators (LRDIs) may be transmitted on both the working line and the protect line after an automatic protection switching (APS) switchover has occurred.

Conditions: This symptom is observed when a 4-port OC-3 ATM line card is configured for APS and a Loss of Signal (LOS) occurs.

Symptoms: Ports on an 8-port OC-3 ATM line card may fail to come up and may generate the following continuous SONET alarms:

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S1.

Symptoms: Layer 2 may forward an incorrect MAC address when a policed packet is rerouted to a next-hop address.

Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4 plus line card when policy-based routing (PBR) is configured.

Symptoms: A Cisco router may reload unexpectedly after you have modified an access control list (ACL) and have entered the clear pxf interface privileged EXEC command.

Symptoms: A Performance Route Processor (PRP) on a Cisco 12000 series can reload with a SIGTRAP exception after receiving a 1612 bytes or longer frame on an Ethernet0 or Ethernet1 interface.

Conditions: This symptom is observed only on the PRP. The Gigabit Route Processor (GRP) is not affected.

Symptom: The interface index (ifIndex) values of the interfaces of a 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may fail to be deregistered after an online insertion and removal (OIR) has been performed, and the following error messages may be generated:

%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 2

%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 3

%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 4

%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 5

Conditions: This symptom is observed on a Cisco 12410 that runs Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards, neighbors, and peers:

–

One 4-port OC-48 POS E4+ line card that is configured for Multiprotocol Label Switching (MPLS) and that is using Label Distribution Protocol (LDP) on all but one of its ports.

–

Four Open Shortest Path First (OSPF) neighbors that advertise a total of 9000 label switched paths (LSPs).

–

Six Border Gateway Protocol (BGP) peers that advertise a total of 140,000 routes.

Conditions: This symptom is observed in a Redundancy Framework (RF) environment when ATM, High-Level Data Link Control (HDLC), or Frame Relay clients synchronize data during the "standby-bulk" state.

Symptoms: A primary Performance Routing Engine 1 (PRE-1) may reload because of memory corruption.

Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface of a 1-port Gigabit Ethernet line card.

Workaround: There is no workaround. Note that the symptom does not occur with a 1-port Gigabit Ethernet half-height line card.

Conditions: This symptom is observed under rare circumstances when a SONET bit error rate (BER) is reported.

Symptoms: When a Weighted Random Early Detection (WRED) configuration is present and a policy map with WRED configuration is applied to any interface of a Cisco 10720 router, the Parallel Express Forwarding (PXF) Intelligent Protection Switching (IPS) buffer may leak. The "toaster IPC buffer" counter can be observed with the show buffer command.

When the buffer pool is empty, the following error message can be observed, attempts to Telnet into the router may fail, and the Cisco IOS software may reload:

%CAMR_QUEUE_CFG_GENERAL-3-EREVENT: Error @
../toaster/camr_rp/camr_tt_queue_cfg.c:463
-Traceback= 500DB204 500DB2BC 503954D8 503986EC 50330A58

%SYS-2-MALLOCFAIL: Memory allocation of 18196 bytes failed from
0x502C5BD0, alignment 32 
Pool: I/O  Free: 552  Cause: Not enough free memory 
Alternate Pool: None  Free: 0  Cause: No Alternate pool

-Process= "Pool Manager", ipl= 0, pid= 5
-Traceback= 50308EEC 5030A8E8 502C5BD8 5031DD3C 5031DE7C

Conditions: These symptoms occur only when a WRED configuration is present and a policy map with WRED configuration is applied to any interface of a Cisco 10720 router. The higher the rate at which the Route Processor (RP) sends packets to PXF, the faster the PXF IPC buffer leaks. The leaking is usually very slow, and it takes weeks to drain the buffer pool.

Workaround: Remove all policy maps that include the random-detect interface configuration command from all interfaces.

Symptoms: An Engine 2 line card that is configured with Virtual Private Network (VPN) routing/forwarding (VRF) instances and Sampled NetFlow (SNF) may reload.

Conditions: This symptom is observed on a Cisco 12000 series when you enter the no mpls ip global configuration command to remove Multiprotocol Label Switching (MPLS) from the configuration.

Workaround: Remove SNF from the configuration before you enter the no mpls ip global configuration command.

Conditions: This symptom is observed on a Cisco 12000 series when you enter the clear cef linecard EXEC command to clear Cisco Express Forwarding (CEF) from the line card.

Symptoms: In a tag switching-to-IP switching scenario, the value of the precedence field of an IP header may change. This behavior is incorrect in Pipe mode.

Conditions: This symptom is observed on a Cisco 12000 series when the following conditions are present:

–

The traffic through the LSP has its label removed from the packet (also referred to as "popping").

–

The traffic is received on an Enhanced Services (ES, also referred to as Engine 4 plus) line card.

Workaround: Deconfigure and reconfigure the tag switching-to-IP switching configuration and the MPLS traffic engineering (TE) tunnels on the interface of the ES line card.

Symptoms: Some policy-based routing (PBR) rules may cause a Route Processor (RP) to reload unexpectedly with a bus error. When a route map that causes the RP to reload is saved to the startup configuration, the router may not boot up.

Conditions: This symptom is observed on a Cisco 12000 series when the PBR rules are applied to the interfaces of an IP Services Engine (ISE) line card and occurs usually when the route map is modified after it has already been applied to the interfaces.

If you are unable to boot the router, enter a break signal on the console during the bootup procedure and configure the configuration register to ignore the startup configuration. To do so, follow the steps that are described in the Password Recovery Procedure for the Cisco 12000 Series Routers at the following location:

Symptoms: The command-line interface (CLI) may pause indefinitely after you perform a manual online insertion and removal (OIR) of the standby Performance Route Processor (PRP).

Conditions: This symptom is observed on a Cisco 12410 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3.

Symptoms: When you configure a Cisco 10000 series, messages similar to the following ones may appear, and a VLAN may not be enabled:

-Traceback= 60142770 60142A50 603AEC40 603AE06C 603ADCE0 6036EAD8 60193BA8 60380DD4 60B85BEC 60B861D4 603D6FAC 603D6F98

-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 605014E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351C

-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 60504E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351C

Conditions: This symptom is observed on a Cisco 10000 series when you change the encapsulation of a LAN subinterface to dot1q encapsulation while the subinterface is shut down.

When the symptom occurs, the output of the show hardware pxf cpu subblocks privileged EXEC command lists "noSB" for the affected subinterface, as is indicated in the following example:

Workaround: Change the encapsulation of the subinterface to dot1q when the subinterface is not shut down. The state of the main interface is irrelevant. After you change the encapsulation, you can shut down the subinterface again.

When the subinterface is created while the main interface is shut down, the subinterface and the VLAN do not function properly. Perform the following steps to recover the VLAN:

(Optional) Enter the no encapsulation dot1q native subinterface configuration command.

Symptoms: After a Route Processor Redundancy Plus (RPR+) switchover occurs, the deletion of an existing permanent virtual circuit (PVC)/permanent virtual path (PVP) fails. This situation prevents you from recreating the same PVC/PVP. You can create a new PVC/PVP, but once you delete it, you cannot recreate it because the PVC remains in the active state.

Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0 S or Release 12.0 SX.

Workaround: There is no workaround. To enable the router to return to normal operation, reload the router.

Symptoms: The interface protocol may not come up for a 1-port OC-12 Packet-over-SONET (POS) line card when the encapsulation frame-relay interface configuration command is configured.

Conditions: This symptom is observed on a Cisco 10000 series when the 1-port OC-12 POS line card is connected back-to-back to another line card in another Cisco 10000 series.

Symptoms: When you shut down the last port of an 8-port Fast Ethernet half-height line card (port 7), all the other ports on the line card may stop transmitting traffic.

Workaround: Do not shut down port 7. If port 7 is shut down, enter the no shutdown interface configuration command on the interface to enable traffic to resume on the other interfaces.

Symptoms: The following error message may appear for a 3-port Gigabit Ethernet Engine 2 line card, and the line card may reset:

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S3.

Symptoms: Traffic forwarding may not be fully restored when you remove a deny input access control list (ACL) from an interface of a 16-port OC-3 Packet-over-SONET (POS) IP Services Engine (ISE) line card.

Condition: This symptom is observed on a Cisco 12410 that is configured with a 16-port OC-3 POS ISE line card when unicast Reverse Path Forwarding (uRPF) is configured on the interface from which you remove the deny input ACL.

Workaround: There is no workaround. To restore traffic forwarding to its proper performance, reload the line card.

Symptoms: When you configure unicast Reverse Path Forwarding (uRPF) on a 1-port OC-48 Packet-over-SONET (POS) Engine 2 line card while traffic is passing through the interface, traffic forwarding may stop.

Conditions: This symptom is observed on a Cisco 12416 that runs the gsr-p-mz image of Cisco IOS Release 12.0(23)S3, that is configured with three 1-port OC-48 POS Engine 2 line cards, and that is configured with three Border Gateway Protocol (BGP) peers.

Workaround: To restore traffic forwarding, reload the line card. To prevent the symptom from occurring, enter the shutdown interface configuration command on the interface before you configure uRPF. Then, enter the no shutdown interface configuration command on the interface.

Alternate Workaround: Ensure that uRPF is configured in the startup configuration file before you boot up the router.

Symptoms: After a switchover occurs, an active Route Processor (RP) that is operating in the Route Processor Redundancy plus (RPR+) mode may not be able to switch Layer 2 Tunneling Protocol (L2TP) version 3 packets using distributed Cisco Express Forwarding (dCEF) (in the dCEF mode and may punt them to the RP CEF mode).

Conditions: This symptom is observed on the RP of a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S.

Symptoms: A Cisco router that is configured for Any Transport over Multiprotocol Label Switching (AToM) may send AToM packets that are missing control words, even though control-word imposition is enabled. When another Cisco router receives such malformed packets, the router does not handle these packets properly during disposition.

Conditions: This symptom may occur on all Cisco routers that employ software switching with AToM enabled. This symptom has specifically been observed on a Cisco 7200 series, Cisco 7400 series, and Cisco 7500 series that are configured for AToM.

On a Cisco 7200 series router that is processing a heavy traffic load, the reception of malformed packets may cause the router to pause indefinitely.

Resolved Caveats—Cisco IOS Release 12.0(23)S3

Cisco IOS Release 12.0(23)S3 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S3 but may be open in previous Cisco IOS releases.

Basic System Services

Symptoms: A memory corruption may occur on a Network Processing Engine 200 (NPE-200).

Conditions: This symptom is observed on the NPE-200 of a Cisco 7200 series router. This symptom is observed when a high amount of traffic is present on the router and when there are packet sizes that are greater than 1524 bytes in size. The occurrence of this symptom may be related to port adapter arrangements.

Workaround: Rearrange the port adapters or upgrade to Cisco IOS Release 12.0(24)S or a later release.

Symptoms: When an entry in the ciscoPingTable MIB variable is set to be valid, high memory utilization may occur gradually because memory is not released by the "dead*" process of a Simple Network Management Protocol (SNMP) ping.

Conditions: This symptom is observed on a Cisco 12000 series after the router has been upgraded from an earlier Cisco IOS release to Cisco IOS Release 12.2(23)S.

Workaround: Exclude the ciscoPingTable MIB variable from the configuration by entering the snmp-server view view name ciscoPingTable excluded global configuration command.

Symptoms: When a Telnet session is made to a router after a VTY session pauses indefinitely, the user in the Telnet session may not be able to enter the configuration mode. When these symptoms occur, interfaces may enter the wedged state with Simple Network Management Protocol (SNMP) traffic.

Conditions: This behavior is observed on ATM and Packet over SONET (POS) interfaces. This behavior is not platform-specific.

Workaround: Disable Simple Network Management Protocol (SNMP) configuration traps by entering the no snmp-server enable traps config global configuration command.

Symptoms: The snmp mib target list global configuration command is not displayed when the show running-config EXEC command is entered on the secondary Performance Routing Engine (PRE). However, the snmp mib target list global configuration command is displayed when the show startup-config EXEC command is entered on the PRE.

IP Routing Protocols

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Symptoms: When the default-information originate router configuration command is entered on a Cisco 12000 series via the Border Gateway Protocol (BGP), the default route is learned correctly but is entered incorrectly into the BGP routing table. This behavior may cause the Cisco 12000 series to have operating issues with other routers because the Cisco 12000 series does not have a correct default route.

–

Configure an access control list (ACL) to prevent packets from being propagated from the incorrect default route.

Symptoms: Transit traffic that uses Open Shortest Path First (OSPF) routes may be briefly interrupted after consecutive switch-over. This affects only OSPF configurations with message-digest authentication.

Conditions: This symptom is observed on Cisco routers that are running Cisco IOS Release 12.0(22)S when the following conditions are present:

More than one Route Processor (RP) switchover occurs within minutes of each other.

Workaround: There is no workaround. Traffic resumes without user intervention. To prevent future traffic interruptions on subsequent switchovers, disable the message-digest authentication for OSPF.

Symptoms: When a neighbor under virtual route forwarding (VRF) is configured using the bgp graceful-restart router configuration command, the session does not begin. A notification regarding wrong OPEN message is generated.

Conditions: This symptom is observed only when the router is configured using the bgp graceful-restart router configuration command.

Symptoms: A Border Gateway Protocol (BGP) session reset occurs because of a notification that indicates a defective OPEN message.

Conditions: This symptom is observed when using the both option in the following command in router configuration mode:

Workaround: Configure only the receive or send options of the neighbor-orf prefix-filter router configuration command.

Symptoms: The Multi Exit Discriminator (MED) that is received from a confederation external peer may be ignored in best path selection. The output of the show ip bgp longer-prefixes EXEC command does not indicate that any MED values were received.

Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configurations are present.

Symptoms: A router may reload when the show ip bgp neighbors EXEC command is entered.

Conditions: This symptom is observed if the show ip bgp neighbors EXEC command is entered while the neighbor soft-reconfiguration router configuration command is enabled, or when Border Gateway Protocol (BGP) paths are dampened.

Workaround: Disable the neighbor soft-reconfiguration router configuration command or avoid dampening the BGP paths.

Symptoms: If the default-information originate router configuration command is entered on the Virtual Private Network (VPN) routing/forwarding (VRF) instance of a Cisco 12000 series that has the address-family ipv4 vrf vrf-name router configuration command configured using the Border Gateway Protocol (BGP), the default route is learned correctly but the default route is entered incorrectly in the BGP routing table. This behavior may result in unexpected behavior on the other router if the other router does not have a correct default route.

The default static route of the VRF is not advertised by BGP after the default static route is configured under the VRF, and BGP may advertise the incorrect default route that is in the BGP routing table.

Conditions: This symptom is observed on a Cisco 12000 series that is running BGP.

Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.

Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.

Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.

Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.

Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.

Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.

Conditions: This symptom may occur under any of the following six conditions when BGP is converging:

When non-peer-group peer sessions flap or when the clear ip bgp address privileged EXEC command is entered several times for a non-peer-group peer.

When the clear ip bgp * soft out privileged EXEC command is entered repeatedly in rapid succession.

When routers that are configured with unicast assured forwarding (AF) and AF only are reloaded.

When all members of a peer group are cleared by performing either a hard reset or a soft reset. In this situation, only the peer group is affected.

When some routes are advertised to or withdrawn from the router while the router is converging, some peers in a peer group may not receive all the updates.

To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.

ISO CLNS

Symptoms: After a switchover, the Intermediate System-to-Intermediate System (IS-IS) takes about 10 minutes to fully recover and to install routes in the IP routing table.

Conditions: This symptom is observed on a Cisco 12000 series configured with IS-IS. The amount of time required for the Gigabit Ethernet (GE) interface to load after a switchover is very close to the amount of time of the IS-IS adjacency timeout. The device under test (DUT) is the designated router.

Miscellaneous

Symptoms: A Cisco 12000 series router may report incorrect environmental values, as the following environmental logs display:

%ENV_MON-2-VOLTAGE: MBUS 5V supply (slot 1) volts has reached SHUTDOWN level at 5 m(V) %ENV_MON-2-TEMP: Hotpoint temp sensor (slot 17) temperature has reached SHUTDOWN level at 756(C) 
%ENV_MON-2-VOLTAGE: Card 3.3v supply (slot 17) volts has reached CRITICAL level at 2560 m(V)

Although the environmental logs indicate that the shutdown level has been reached, the router does not shut down the line cards for which the incorrect environmental values are reported.

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S3, Release 12.0(21)S5, Release 12.0(21)ST2, or Release 12.0(22)S.

Symptoms: The traffic on a Cisco 12000 series 3-port Gigabit Ethernet line card (3GE-GBIC-SC) is stopped after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface while there is a traffic load on the interface.

Symptoms: A router that is running cell-mode tag switching or Multiprotocol Label Switching (MPLS) on a label controlled ATM (LC-ATM) interface may reload when it receives a more specific prefix for a label mapping or binding than the one that is already allocated. For example, the router may reload when it receives the prefix 10.1.1.0/24 if a binding was already allocated for 10.1.1.1/32 on the basis of the routing entry 10.1.0.0/16.

Conditions: This symptom is observed on an Edge Label Switch Router (ELSR) or Label Switch Controller (LSC).

Workaround: There is no workaround for an ELSR. To prevent an LSC from reloading, disable the headend label virtual circuits (LVCs) by entering the tag-switching atm disable-headend-vcs global configuration command.

Symptoms: Spurious access errors may occur on a Cisco 7500 series router configured with distributed Cisco Express Forwarding (dCEF) and Web Cache Communication Protocol (WCCP).

Conditions: This symptom is observed on Cisco 7500 series router configured with dCEF and WCCP.

Workaround: Disable dCEF on the interfaces that are facing the web cache engines where the spurious access errors occur so that incoming WCCP generic routing encapsulation (GRE) packets are punted to the Route Processor (RP) and CEF switched.

For more information about spurious access errors, see the Cisco document at the following location:

Symptoms: A switchover from the working interface to the protect interface may take a long time.

Conditions: This symptom is observed on a Cisco 10000 series router when the SONET Single Router APS (SR-APS) feature is enabled.

Workaround: A temporary solution is to configure the protect interface as the working interface.

Symptoms: A Gigabit Ethernet Interface Processor plus (GEIP+) may report many alignment errors and the CPU utilization may stay at 100 percent.

Conditions: This symptom is observed when the router is handling invalid addresses in the cached address space.

Symptoms: Resource Reservation Protocol (RSVP) hello may incorrectly declare lost communications with a neighbor, and fast reroute may be triggered.

Conditions: This symptom is observed when RSVP is configured on a Packet over SONET (POS) interface with a hello interval of 60 milliseconds or less on a Cisco router that is running Cisco IOS Release 12.0(24)S. This symptom does not exist when hello is configured on an Ethernet interface.

Symptoms: Traceback messages may be detected when a user checks the log file of a standby Performance Routing Engine (PRE).

Conditions: This symptom is observed on a router that has a 6-port OC-3 Packet over SONET (POS) line card.

Symptoms: An ingress line card may reload after the no shutdown interface configuration command is entered on the line card while traffic is present.

Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) tunnel head that has a 1-port edge service (ES) Packet-over-SONET (POS) OC- 192c/STM-64 line card configured on both the ingress and egress line cards. This symptom is observed when the ip cef accounting per-prefix non-recursive global configuration command is configured.

Symptoms: After the ALPHA application-specific integrated circuit (ASIC) is reset because of error recovery (that may be caused by parity errors in ALPHA memory), the port or fetch descriptors that select correct threads in ALPHA microcode are not programmed correctly. This behavior may prevent certain configured features, such as IP version 6 (IPv6) or IP Virtual Private Network (VPN) routing/forwarding (VRF), from working correctly.

Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1 when class-based weighted fair queueing (CBWFQ) is configured on multiple VLANs.

Workaround: Try one or more of the following options to improve the link utilization:

Send burstier traffic. (Doing so will most likely be more effective on higher bandwidth interfaces).

Symptoms: An ATM interface does not come up after a Cisco 10000 series router has reloaded.

Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

Symptoms: An Engine 4 Plus (E4+) Packet-over-SONET (POS) line card may reload when the access control list (ACL) of a port is changed.

Conditions: This symptom is observed when the ACL of a port is changed when there already is an ACL configured on the port of an E4+ POS line card.

Symptoms: An Engine 4 plus (E4+) line card may reload and display the following error messages in the log or crash info:

Conditions: This symptom is observed on the E4+ line card of a Cisco 12400 series that is performing multicast packet fragmentation.

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Symptoms: A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may reload with an "address error" message.

Conditions: This symptom is observed at bootup time when the PE and customer edge (CE) interfaces are coming up. The symptom occurs when a locally learned VPN routing/forwarding (VRF) route temporarily loses its local label. This condition leads to some data structures being cleaned up but still retaining references to the local label. It may also occur after bootup in the case of interface flaps. The reload is not a common occurrence, however, and may need additional triggers.

Symptoms: Packet throttling is activated because of congestion even when it is not configured. This behavior is indicated by the following error message:

Conditions: This symptom is observed on a Cisco 12416 router that is configured with 200 Border Gateway Protocol (BGP) peers and that has three 6- port channelized T3 (6xCT3) line cards. Each of the line cards is configured with an even distribution of about 1500 Frame Relay subinterfaces.

Symptoms: IP multicast hardware counter memory is not freed on an Engine 4 (E4) or Engine 4 Plus (E4+) line card after multicast routes are cleared from the routing table.

Conditions: This symptom occurs only when the E4 or E4+ line card runs out of mtrie node memory. The line card will run out of mtrie memory when there are more routes on the router than the line card can handle.

Symptoms: An OC-48 Packet-over-SONET (POS) interface may flap immediately after a high availability (HA) Fast Software Upgrade (FSU).

Conditions: This symptom is observed on a Cisco 10000 series when an HA FSU is performed from an image of Cisco IOS Release 12.0(23)S1 to an image of Release 12.0(23)S2.

Symptoms: Some export packets sent from an Engine 4+ (E4+) line card are not received by the NetFlow collector.

Conditions: This condition is observed on the E4+ line card when the export packets are exported out of a traffic engineering (TE) or tag interface and the router is running Cisco IOS Release 12.0(22)S2.

Workaround: Export the packets out of the non-TE or non-tag interface. This means that export packets must be sent out as IP packets from the E4+ line card.

Conditions: This symptom is observed when more than one adjacency is established across the interfaces of the E4+ line card while the ip cef accounting per-prefix non-recursive global configuration command is enabled. This symptom may occur when there is no traffic present on the line card.

Workaround: Disable the ip cef accounting per-prefix non-recursive global configuration command.

Symptoms: The output of the show ip interface EXEC command does not display the number of Reverse Path Forwarding (RPF) packet drops but indicates a value of "0" for the number of RPF packet drops. However, the global RPF count in the output of the show ip traffic | inc drop EXEC command is correct.

Conditions: This symptom is observed on a Cisco 10000 series that has Parallel Express Forwarding (PXF) switching enabled.

This error may be observed even though an actual hardware error has not occurred on the line card. If a hardware error does occur, it will generate additional error messages to identify the source of the hardware error in addition to the error message listed above.

Conditions: This symptom may be observed on a Cisco Engine 0 line card when a feature that requires a micro code change is configured.

Symptoms: Pings from a customer edge (CE) router may fail in an Any Transport over Multiprotocol Label Switching (AToM) network.

Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.

Symptoms: The integrity of the payload may not be retained on a Cisco 10700 series that is running Cisco IOS Release 12.0(24)S.

Conditions: This symptom is observed on Cisco 10700 series that is operating in the Ethernet over Multiprotocol Label Switching (EoMPLS) port mode with a Packet over SONET (POS) interface that is connected to a Multiprotocol Label Switching (MPLS) backbone.

Symptoms: A Cisco router may reload because of a software condition when running the LDP-MIB MIB. The router reloads because of a process watchdog timeout in the "SNMP ENGINE" process and logs an entry similar to the following one and logs a traceback:

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SNMP ENGINE. %Software-forced reload

Unexpected exception, CPU signal 23, PC = 0x606F1FC4 ... Cause 00000024 (Code 0x9): Breakpoint exception

Conditions: This symptom is observed after the router ID has been changed and when Label Distribution Protocol (LDP) sessions have been added or removed.

Workaround: Do not change the router ID. If the router ID has been changed, do not run the LDP-MIB MIB.

Symptoms: An Engine 4 (E4) line card may reload after it displays the following error messages:

%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. -Traceback= 
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x1A1 - PIM: header start offset >= 16kB. -Traceback=

Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S under the following conditions:

–

IP traffic is sent from the IP Services Engine (ISE) Engine 3 (E3) line card to Engine 4 (E4) or Engine 4 plus (E4+) line cards.

–

The tag-switching ip interface configuration command is enabled on the E4 and E4+ line cards.

–

An Intermediate System-to-Intermediate System (IS-IS) link flap causes a change in the behavior of forwarded IP traffic that arrives at the ISE line card from one incoming link to two outgoing links or from two incoming links to one outgoing link in which one of the active outgoing links is an E4 or E4+ line card.

Conditions: This symptom is observed on a VIP if Multiprotocol Label Switching (MPLS), Egress Netflow, and distributed Cisco Express Forwarding (dCEF) are configured.

Symptoms: A Fabric Interface ASIC (FIA) controller halt condition may be observed on the Engine 4 (E4) or Engine 4 plus (E4+) line card of a Cisco 12410.

Conditions: This symptom is observed when the hw-module slot 17 shut EXEC command is entered while a primary Clock Scheduler Card (CSC) is installed in slot 17 of the E4 or E4+ line card of a Cisco 12410. This symptom is observed when the Cisco 12410 is running Cisco IOS Release 12.0(21)S6.

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

Symptoms: It may take a long time for a Cisco 12000 series to remove 250,000 Virtual Private Network version 4 (VPNv4) entries from an Engine 3 (E3) line card. While the router removes the VPNv4 entries, new VPNv4 entries cannot be updated on the line card.

Conditions: This symptom is observed when the router handles a large number of VPNv4 entries on its line cards (more than 80,000) and when a Border Gateway Protocol (BGP) session flaps (the session remains down for a few minutes). This behavior causes the router to remove all VPNv4 entries and repopulate the VPNv4 entries a few minutes later.

Symptoms: Parallel Express Forwarding (PXF) reloads with the "0x680" software exception type in column 5 (T1RxC1).

Conditions: This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(21)ST5 but may also occur in Release 12.0 S.

Symptoms: When Multiprotocol Label Switching (MPLS) traffic or MPLS Virtual Private Network (VPN) traffic is being forwarded by a Cisco 10720 router, about 50 percent of multicast traffic will be punted to a Route Processor (RP) and forwarded by the RP. The expected behavior is that multicast traffic should be forwarded by Parallel Express Forwarding (PXF) as long as a multicast route (mroute) entry exists. If many packets are punted to the RP, and the RP queue is congested, some of the multicast traffic that is being punted to the RP will be dropped. For example, multicast traffic may be dropped from a multicast application such as video or TV broadcast.

Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(22)S, Release 12.0(23)S1, or Release 12.0(24)S when the following conditions are met:

Symptoms: Traffic may not be forwarded to an egress line card if an uncorrected parity error is detected.

Conditions: This symptom is observed on an Engine 3 (E3) IP Services Engine (ISE) line card of a Cisco 12000 series.

Workaround: Reload the microcode of the line card after the error recovery process occurs.

Symptoms: A corrupted VLAN ID may be created when a VLAN ID rewrite operation is configured on the VLAN interface of a Cisco 10720. When this symptom occurs, the Canonical Format Identifier (CFI) bit of the incoming 802.1q header is not preserved.

Conditions: These symptoms are observed with input packets that have the CFI bit of the 802.1q header set to a value of "1" (CFI=1) and when the new VLAN ID value has a value of "0" for bit 4 (when the count is made from the least significant bit position). The new VLAN ID value (that is produced by the VLAN ID rewrite operation) for the output packet will have an incorrect value of "1" for bit 4.

The CFI bit of the incoming packet is not preserved when the value of the CFI bit is "1" and the outgoing packet has a incorrect CFI bit value of "0".

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

Symptoms: Traffic and routing outage may be observed on a router for several minutes.

Conditions: This symptom is observed on a Cisco 12000 series when a line card reload event is triggered by an uncorrected soft memory error and by a simultaneously bounding policy-based routing (PBR) policy that is on an IP Services Engine (ISE) interface.

The uncorrected soft memory error trigger is observed to occur before the trigger that is caused by the simultaneously bounding policy-based routing policy.

Symptoms: An active Performance Route Processor (PRP) may pause indefinitely and not enter the ROM monitor (ROMmon) mode after its firmware is upgraded. When this behavior occurs, the secondary PRP takes over as the primary PRP.

Conditions: This symptom is observed when the upgrade all EXEC command is entered on the active PRP of a router that is running Cisco IOS Release 12.0(23)S and that has a dual PRP configuration while both PRPs are enabled.

Workaround: Power-cycle the router to exit the indefinite pause state. To prevent the active PRP from pausing indefinitely, avoid booting up both of the PRPs simultaneously. Boot up only the first PRP to the enabled state and upgrade the PRP. Perform the same procedure with the second PRP.

Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast-routing global configuration command is enabled while there are tunnel interfaces configured.

Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command and when a traffic engineering (TE) tunnel is configured.

Symptoms: A Cisco 12000 series that is configured with a Performance Route Processor 1 (PRP-1) may pause indefinitely.

Conditions: This symptom is observed on a Cisco 12000 series that is configured with a PRP-1 when the configuration is being saved after it has previously received a break signal on the console. This symptom does not affect the Gigabit Route Processor (GRP).

The break signal can be received by the router when it is sent intentionally by a terminal or when it is unintentionally received as noise on the console connection. Unintentional noise may occur if a terminal or terminal server that is connected to the router is powered off or when certain terminals or personal computer terminal emulators are first connected. When the router pauses indefinitely, it must be power-cycled to be restored to a normal working condition.

Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following error message may be displayed on a Cisco 12400 series:

FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on slot 22

Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router.

Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.

Symptoms: An Engine 4 10-port Gigabit Ethernet (GE) line card may reload or you may not be able to ping across the modular GE interfaces of the line card.

Conditions: This symptom is observed on a Cisco 12410 that has a redundant Clock Scheduler Card (CSC) after you have performed an online insertion and removal (OIR) of the master (CSC).

Symptoms: A Cisco 12000 series Engine 3 (E3) line card may log "EE48-2-GULF_TX_SRAM_ERROR" error messages if certain packet types are forwarded incorrectly.

Conditions: This symptom is observed on Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers when multicast traffic is destined for the customer edge (CE) router.

Symptoms: The Automatic Protection Switching (APS) function may not failover after a line card is reset.

Conditions: This symptom is observed when a line card is reset (either by entering the hw-module reset EXEC command or by manually resetting the line card).

Symptoms: Some interfaces of a Cisco 10000 series 6-port channelized T3 line card may not come up.

Conditions: This symptom is observed when you configure the T3 controller with any combination of time slots, but using more than 15 and fewer than 21 time slots.

Symptoms: A Cisco 10720 may reboot when you enter the no srp reject H.H.H interface configuration command on a Spatial Reuse Protocol (SRP) interface.

Conditions: This symptom is observed intermittently. If there is no valid entry to be removed for the srp reject H.H.H interface configuration command, the command negation has no impact.

Symptoms: A router may not boot to the configured Cisco IOS software version when the full path of the Cisco IOS image is specified in the boot system flash global configuration command, such as in the following example:

Conditions: This symptom is observed on a Cisco 12000 series router that is configured with dual Performance Route Processors (PRPs).

Workaround: Configure the boot system flash global configuration command without specifying the device name, such as in the following example:

Symptoms: Packets may be dropped by a 3-port line card for a Cisco 12000 series Internet router.

Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured with a 3-port line card and that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:

–

Some subinterfaces are configured for Ethernet over Multiprotocol Label Switching (EoMPLS).

–

Any interface on the router is configured with an output access control list (ACL).

–

A packet is received on an IP subinterface and its 802.1p VLAN priority bits are different than the IP precedence bits and it is supposed to switch to the interface where the output ACL is applied.

Workaround: Remove the output ACL if possible or use Cisco IOS Release 12.0(23)S or a later release.

Symptoms: All ports of an Engine 0 (E0) digital service 3 (DS3) card may remain in an "up/down" condition indefinitely.

Conditions: This symptom is observed on Engine 0 (E0) DS3 cards when one of the ports receives a "yellow" alarm.

Workaround: Enter the microcode reload global configuration command to microcode reload the DS3 card.

Conditions: This symptom is observed when a Cisco 10720 router is used in a network that has a Cisco Catalyst 6500 switch and a vendor-specific optical repeater.

Symptoms: A standby Performance Routing Engine (PRE) may reload continuously, and the router may enter the "standby cold-bulk" redundancy state.

Conditions: This symptom is observed with certain configurations. The standby PRE may reload continuously when a new image is loaded after the hw-module reset standby-cpu reset global configuration command is entered or after a switchover occurs.

Conditions: This symptom is observed after the ATM interface of a Cisco 12000 series is shut down.

Conditions: This symptom is observed when a Virtual Private Network (VPN) routing/forwarding (VRF) instance is added or deleted, and a loopback interface is configured with one of the VRF instances.

Symptoms: On a Cisco 12000 series router that is configured with an Engine-2-based line card that carries both Multiprotocol Label Switching (MPLS) and IP traffic and that is forwarding packets to an output port (that has a committed access rate [CAR] rule configured on an Engine-0, Engine-1 or Engine-2-based output line card), the IP traffic may be dropped because of an incorrect packet switching application-specific integrated circuit (PSA) Cisco Express Forwarding (CEF) entry.

Conditions: This symptom is observed on a Cisco 12000 series that has been upgraded from Cisco IOS Release 12.0(21)S5 to Release 12.0(22)S or Release 12.0(23)S. This configuration requires that the traffic enter the router on an Engine 2 line card and leave the router on an Engine-0, Engine-1, or Engine 2-based line card that has an output CAR applied to its port.

Workaround: Remove the output CAR rule from the egress line card to restore traffic.

Conditions: This symptom is observed on the VLAN interface of a Cisco 12000 series modular Gigabit Ethernet line card. The Cisco 12000 series modular Gigabit Ethernet line card is connected to Cisco Catalyst switches over VLAN interfaces.

Symptoms: The core router Multiprotocol Label Switching (MPLS) forwarding entry has the correct outgoing interface but has an incorrect label to use for sending traffic to the edge router. The incorrect label is identical to the label that is sent by another core router for the same prefix through another interface.

Conditions: This symptom is observed in a service provider network when the route to the prefix that has the incorrect MPLS forwarding entry is configured using a static recursive route and the specific IP address that is specified in the ip route prefix mask ip-address global configuration command is changed by topology changes to go through a different adjacent router. The incorrect outgoing Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) label corresponds to the router that was adjacent prior to the routing change.

Workaround: To clear this condition, enter the clear ip route {network [mask] | *} EXEC command to cause MPLS to create a new forwarding entry that has the correct interface and label for the prefix.

To prevent this condition from occurring, advertise the route to the prefix in question using an Interior Gateway Protocol (IGP).

Alternate Workaround: Configure a static nonrecursive route to the prefix and IP address of the next-hop router by entering the ip route prefix mask ip-address interface-type interface-number global configuration command.

Symptoms: Border Gateway Protocol (BGP) may send incomplete updates to the peer routers, and some routers may not send full routes to their peer routers. This behavior may cause some routes to be missing from the peer.

Conditions: This symptom is observed when a slow BGP peer in a peer group comes up while BGP is in the process of sending updates to the peer routers. This symptom is not platform specific.

Workaround: Enter the clear ip bgp peer-address soft out EXEC command to clear this condition. Avoid using a peer group if possible.

Symptoms: An Engine 2 line card that is configured with virtual routing and forwarding may reload.

Conditions: This symptom is observed under either one of the following conditions:

–

When the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on a loopback interface.

The line card does not come back up after it reloads and must be manually reloaded.

Symptoms: Leaks may be observed for some Virtual Private Network routing and forwarding (VRF) routes in the global Forwarding Information Base (FIB) table when a VRF is deleted and recreated.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S or Release 12.2 T.

Symptoms: When you enter the show cef idb EXEC command on a primary Route Processor (RP), the output of the command displays that for two subinterfaces of the same interface that should have the same interface number, one of the subinterfaces has a "-" sign in the "IIndex" column and both subinterfaces have the same number in the "FIndex" column.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S and may also occur on a Cisco 7500 series and a Cisco 10000 series. The symptom occurs when there are multiple subinterfaces on one hardware interface, when a Stateful Switchover (SSO) occurs, and when the original active RP (that becomes the new standby RP) reloads.

TCP/IP Host-Mode Services

Symptoms: A router may reload while you change the maximum transmission unit (MTU) size to 64 bytes on an OC-12 or OC-24 Packet-over-SONET (POS) interface.

Conditions: This symptom is observed on a Cisco 10000 series router or a Cisco 12000 series router when Multiprotocol Label Switching (MPLS) is enabled on the interface.

Symptoms: A Cisco router may leak memory at a rate of up to 100 KB per day, resulting in the gradual reduction of the available memory.

Conditions: This symptom is observed on a Cisco router that is running Label Distribution Protocol (LDP). The symptom may be caused by applications that use TCP as the transport protocol.

Resolved Caveats—Cisco IOS Release 12.0(23)S2

Cisco IOS Release 12.0(23)S2 is a rebuild of Cisco IOS Release 12.0(23)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(23)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.

Symptoms: A data-link switching (DLSw) peer may be stuck in the "AB_PEND" state and a TCP session may be stuck in the "SYNSENT" state after an IP outage occurs between two DLSw routers.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(3)T but may also occur in other releases such as Release 12.0 S or Release 12.2 S.

Workaround: Use the show tcp brief EXEC command to determine the Transmission Control Block (TCB) of the hung TCP session. Enter the clear tcp tcb address privileged EXEC command to clear the TCB of the hung TCP session. The DLSw peers will reconnect as long as there is IP connectivity between the DLSw peers.

Symptoms: A Simple Network Management Protocol version 3 (SNMPv3) user configuration is changed when a router is reloaded.

Conditions: This symptom is observed when an SNMPv3 user is created using message digest 5 (MD5) authentication by entering the following commands:

An SNMP walk is performed by entering the following command, the configuration is saved, and the router is reloaded:

Router# snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l AuthNoPriv device-name

The SNMP walk is successful and the following debug header output is displayed when the debug snmp EXEC command is entered:

Incoming SNMP packet: v3 packet security model: v3 security level: auth username: abcdefghij

The router is reloaded and a second SNMP walk is performed by entering the following command:

Router# snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l AuthNoPriv device-name

After the second SNMP walk is performed, the command does not generate any output and the following debug header output is displayed when the debug snmp EXEC command is entered:

Incoming SNMP packet: v3 packet security model: v3 security level: noauth: username: abcdefghij

Symptoms: A single-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX) may stop receiving burst traffic packets.

Conditions: This symptom is observed on a PA-FE-TX that is installed in a Cisco 7206VXR router.

Workaround: Clear the symptom by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface of the PA-FE-TX.

Symptoms: An incomplete adjacency is created between a provider edge (PE) router and a customer edge (CE) router. This situation causes a ping from one CE router to another CE router to fail.

Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.

Workaround: First send a ping from the PE router to the CE router. After that, you can send a ping from one CE router to the other CE router.

Symptoms: Group G (*,G) multicast route (mroute) state joins may no longer be sent. This situation may cause traffic to stop flowing after the group G mroute state times out.

Conditions: This symptom is observed after Protocol Independent Multicast (PIM) is disabled and then reenabled on an interface that serves as the only PIM interface on a router.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5, when an error occurs on an Engine 2 line card and when both sampled NetFlow and Multiprotocol Label Switching (MPLS) are enabled.

Workaround: Disable sampled NetFlow. Note that this workaround affects service because disabling sampled NetFlow causes Cisco Express Forwarding (CEF) to reload on the line card.

Symptoms: After a Border Gateway Protocol (BGP) neighbor resets, CPU utilization may run very high on a Cisco 12000 series.

Conditions: This symptom is observed when the default-metric BGP command is enabled in the BGP router configuration.

Symptoms: For a short period of time, a forwarding engine can continue to send traffic to an interface that has just been shut down. Depending on traffic rates, this may consume all of the output buffer on the line card, causing the other interfaces on that line card to go down.

Conditions: This symptom is observed on the Network Processing Engine (NPE) of a Cisco 7200 series router.

Symptoms: A Versatile Interface Processor (VIP) may reload because of a direct memory access (DMA) receive error and may display a message that is similar to the following:

Conditions: This symptom is observed while there is a large amount of Internet MIX (IMIX) traffic on a 2-port Fast Ethernet port adapter (PA-2FE) that is installed on the VIP of a Cisco 7500 series.

Symptoms: A "%SNMP-3-CPUHOG: Processing GetNext of ciscoFlashDeviceEntry.5.8" error message is displayed during a Simple Network Management Protocol (SNMP) query on ciscoFlashDeviceEntry.

Conditions: These symptoms can occur on any Cisco router that is running Cisco IOS software.

Temporary Workaround: Exclude ciscoFlashMIB by entering the snmp-server global configuration command. If SNMP must be enabled on the Flash devices, then there is no workaround.

Conditions: This symptom is observed after Enhanced Interior Gateway Routing Protocol (EIGRP) is terminated via the no router eigrp as-number global configuration command or the no ip routing global configuration command, causing the EIGRP process list to be invalid.

Symptoms: When an input access control list (ACL) is configured and multiple broadcast Address Resolution Protocol (ARP) requests are received, packet loss and performance degradation may occur because of a "format error" that is reported in the output of the show ip traffic EXEC command.

Conditions: This symptom is observed when you have enabled NetFlow on an interface of a 1-port Gigabit Ethernet line card that is installed in a Cisco 12000 series that is running Cisco IOS Release 12.0(16)S or Release 12.0 (22)S.

Workaround: Although the condition is triggered by multiple broadcast ARP requests, it only occurs if NetFlow, input ACLs, and ACL hardware checking are configured. Disabling any of these features will prevent the condition from occurring. For example, to remove the ACL hardware checking on the 1-port Gigabit Ethernet line card, enter the no access-list hardware salsa command.

Symptoms: Packets are not exported from a Cisco 12000 series 1-port Gigabit Ethernet line card.

Conditions: This symptom is observed when an input access control list (ACL) and Sampled NetFlow (SNF) are configured using the access-list hardware salsa command.

Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you have reloaded microcode onto the line card.

Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S in a carrier supporting carrier configuration when the 4-port OC-48 POS E4+ line card interconnects a provider edge (PE) and a provider (P) router.

Workaround: Enter the clear ip bgp privileged EXEC command on the PE router.

Symptoms: A line card in a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) or in any connected router may reload because of a fabric ping failure, and the following error message may be generated:

%FIB-3-FIBDISABLE: Fatal error, slot 1: IPC Failure: timeout
%GRP-3-COREDUMP: Core dump incident on slot 1, error: Fabric ping failure (seq:3279)
%GRP-4-RSTSLOT: Resetting the card in the slot: 1,Event: EV_LC_E4_CORE_DUMP_DECLINE_DUP

Conditions: This symptom is observed on a Cisco 12000 series that functions as a 6PE router or on any connected router when an IPv6 default route is removed from another 6PE router and traffic is flowing through the IPv6 default route while the route update following the route removal is being processed. When the IPv6 default route is removed, one or more line cards may reload on any router that receives the route update.

Symptoms: An Engine 2 egress line card that is installed in a Cisco 12000 series that is functioning as a provider edge (PE) router reloads when a customer edge (CE) router starts sending traffic, and the following error messages are generated:

* %LCLOG-3-INVSTATE: LC logger in an invalid state (LC=3,state=WAITING FOR TEXT,msg=MSG START) -Traceback= 503583F8 502F6464 5021C54C 5021C538 SLOT 3: %LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4 SLOT 3: 
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C cmd 5 data 0 pipe 0,fs 0,prep 0 (pc 1E5),pop 0 (pc 19C),plu 0,tlu 0,plu sdram 0 adr 0 synd 0 ch * 
%GRP-3-FABRIC_UNI: Unicast send timed out (3). * %LCINFO-3-CRASH: Line card in slot 3 crashed

Conditions: This symptom is observed only when the ip cef accounting non-recursive per-prefix global configuration command is enabled.

Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S1.

Symptoms: On a dual Route Processor (RP) router that has the Route Processor Redundancy Plus (RPR+) feature enabled, the configuration synchronization may fail when two break instances are sent on the standby RP.

Conditions: This symptom is observed on a Cisco 12000 series only if the user sends two break instances on the standby RP.

Symptoms: An OC-12 Dynamic Packet Transport (DPT) line card may reload when IP version 6 (IPv6) is configured on the interface.

Symptoms: A permanent virtual circuit (PVC) on a standby Route Processor (RP) may go down after the oam-pvc manage interface-ATM-VC configuration command is enabled. This behavior may cause the RP to take a longer time to be brought up after an RP switchover occurs. Traffic on a Cisco 12000 series or Cisco 10000 series Edge Services Router (ESR) may be interrupted for about 10 seconds when this behavior occurs.

Conditions: This symptom is observed on the standby RP of a Cisco 10000 series that is running Cisco IOS Release 12.0(23)S.

Workaround: Enter the no oam-pvc manage interface-ATM-VC configuration command to disable generation of Operation, Administration, and Maintenance (OAM) loopback cells and OAM management on the ATM PVC.

Symptoms: When you add a new Performance Routing Engine (PRE) to a Cisco 10000 series, the startup configuration may not be copied to the new PRE. Verify that the configuration exists by entering the dir sec- nvram: EXEC command or the dir standby-nvram: EXEC command, depending on the Cisco IOS software image that you are running.

Conditions: The conditions under which this symptom occurs are not known at this time.

Symptoms: A Tag Forwarding Information Base (TFIB) entry for a Virtual Private Network (VPN) routing/forwarding (VRF) static recursive route that is configured for multihop Border Gateway Protocol (BGP) may be lost.

Symptoms: When a Cisco 12000 series Engine 2 Packet-over-SONET (POS) line card collects statistics for locally assigned Multiple Protocol Label Switching (MPLS) label entries, it may lose the outgoing label entries for the associated prefixes. All the prefixes show up as untagged, and it may be difficult or impossible to reach the prefixes.

Conditions: This symptom is observed on a Cisco 12000 series Engine 2 POS line card.

Symptoms: The Path Remote Defect Indication (PRDI) may not be handled properly during an Automatic Protection Switching (APS) switchover. This situation does not affect service.

Conditions: This symptom is observed on a Cisco 10000 series OC-12 ATM line card when an APS switchover occurs because of poor line quality.

Conditions: This symptom is observed on a Cisco 12000 series line card that does not support 16 hash buckets for loadsharing when Cisco Express Forwarding still attempts to use 16 hash buckets instead of the maximum number of hash buckets that is supported by the hardware.

Symptoms: A router may loop indefinitely when a Simple Network Management Protocol (SNMP) walk is performed against certain objects. The SNMP walk will not cycle if a specific interface is specified.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S6.

Symptoms: A spurious memory error may occur when the microcode of an Engine 3 (E3) 16-port OC-3 (16xOC-3) Packet over SONET (POS) line card is reloaded.

Conditions: This symptom is observed on the E3 16xOC-3 POS line card of a Cisco 12000 series.

Symptoms: A Cisco 12000 series Engine 4 plus line card may reload after a forced switchover.

Conditions: This symptom is observed when Stateful Switchover (SSO) and Intermediate System-to-Intermediate System (IS-IS) are configured.

Conditions: This symptom is observed on the line card of a Cisco 12000 series after NetFlow is disabled on the last interface of a line card that has NetFlow enabled. This symptom is observed while there are more than 1900 flow records in the NetFlow cache of the line card.

Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S. The E2 line card is configured with 128 line input access control list (ACLs), Virtual Private Network (VPN), and has Frame Relay configured on one of the interfaces.

Symptoms: An unusually formatted Multicast Source Discovery Protocol (MSDP) packet may cause memory corruption and a router to reload.

Conditions: This symptom is observed on a Cisco router when it has a peer relationship with a specific third-party vendor router that is running a recent software release.

Workaround: Shut down the peer relationship by entering the ip msdp shutdown peer-address global configuration command.

Symptoms: Manual Layer 2 Tunneling Protocol (L2TP) version 3 tunnels fail when two or more tunnels are configured to different destination provider edge (PE) routers. All of the traffic that enters the tunnel is forwarded to the same PE regardless of the configured PE address. This symptom is also observed when the user starts off with one manual tunnel configuration that points to a particular PE router and later changes the configuration to point to a different PE router.

Assuming that PE router 1 (PE1) is the initial router that the manual configuration points to and PE router 2 (PE2) is the subsequent PE router that the configuration is subsequently configured to point to, traffic will be sent to PE1 even after the configuration has been altered to point to PE2.

Conditions: This symptom is observed when the user has more than one manual L2TP version 3 tunnel configured and when at least one of those tunnels is going to a different destination IP address than the other tunnels.

Workaround: Use negotiated L2TP sessions or enable keepalive processing on the manual L2TP version 3 tunnels.

Symptoms: An Engine 3 line card that connects a provider edge (PE) router and a customer edge router, both of which are running the Carrier Supporting Carrier feature, may reload.

Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S, that is functioning as a PE router, and that is running the Carrier Supporting Carrier feature when you reload microcode on one of multiple line cards that connects the PE router to a provider (P) router.

Note that the symptom occurs on an Engine 3 line card that connects the PE router and the CE router, but the microcode is reloaded onto another line card that connects the PE router and the P router.

Symptom: A Versatile Interface Processor (VIP) may reload unexpectedly if the following sequence is performed:

1) Enable distributed Cisco Express Forwarding (dCEF) by entering the ip cef distributed global configuration command.

2) Disable the NetFlow Flow-cache or NetFlow switching for IP routing (using the no ip route-cache flow global configuration command).

3) Configure Cisco Express Forwarding (CEF) using the ip cef global configuration command.

4) Re-enable dCEF by entering the ip cef distributed global configuration command.

5) Re-enable ip flow-cache commands, or enter the ip route-cache flow command.

Conditions: This symptom was observed durning Cisco internal testing using VIP software, version 12.0(22.4)S.

Workaround: Re-enable ip flow-cache or ip route-cache flow commands before re-enabling dCEF, or upgrade to Release 12.0(23)S2 (recommended). This issue is resolved in 12.0(24)S.

Symptoms: The OC-48 Packet-over-SONET (POS) bandwidth on a Performance Routing Engine 1 (PRE1) may not exceed 1.2 Gbps. The bandwidth should be able to scale to 1.4 Gbps.

A line card that is facing the core of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) may generate packet switch application-specific integrated circuit (ASIC) (PSA) error messages and may stop sending traffic to the core of the network. The following output may be observed when the show interface gigabit ethernet interface EXEC command is entered.

%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C c md 5 data 0 pipe 0,fs 0,prep 0 (pc 1EC),pop 0 (pc 19F),plu 0,tlu 0,plu sdram 0 a dr 0 synd 0 check 4D00,tlu sdram 0 adr 0 synd 0 check 0,ssdram 0 adr 0,gather 0, pl 1822D92,plmuxcnts 61, pludefpsr 22000, plupsr 22000, pludsr 0

Conditions: These symptoms are observed on a Cisco 12000 series 3-port Gigabit Ethernet line card when the line card flaps.

Symptoms: The CPU on a Cisco 7500 series Versatile Interface Processor (VIP) or on a Cisco 12000 series line card may persistently show very high utilization (99 percent) reported against the "TAG Stats Background" process, as is displayed in the output of the show processes cpu EXEC command:

This situation does not directly impact the router operation because the "TAG Stats Background" process is a low priority process. However, the show mpls forwarding-table EXEC command does not provide accurate counters when this situation occurs.

Conditions: This symptom, which is a rare race condition, may occur when parallel paths are configured.

Workaround: Enter the no tag ip aggregate hidden command on the route processor. Note that doing so will prevent the counters of the show mpls forwarding-table EXEC command from being updated.

To restore normal VIP or line card operation, reload microcode onto the affected VIP or line card.

Symptoms: A Cisco router that is functioning as a dedicated Border Gateway Protocol (BGP) Route Reflector (RR) in a network that is configured for BGP may display a message very similar to the following one on its console:

%SYS-3-CPUHOG: Task ran for 30020 msec (6/6), process = BGP Router, PC = 6080D21C.

When the message is displayed, the BGP router process causes the CPU utilization of the router to become high for one to several minutes, depending on the number of prefixes, neighbors, and updates.

Conditions: This symptom is observed when the router is running Cisco IOS Release 12.0(22)S or a later release, when it has a large number of neighbors that are configured in peer groups or update groups, when it has a large number of prefixes to send or receive, and when most of the neighbors start at the same time, or when the BGP sessions of the neighbors are reset at the same time using the clear ip bgp * EXEC command.

The symptom is also observed in the above-mentioned network topology when the client of a BGP RR is reset using the clear ip bgp * EXEC command.

Workaround: Do not reset all the BGP neighbor routers at the same time when RRs are used in a BGP configuration.

Conditions: This symptom is observed on a Cisco 12000 series that is configured with dual RPs in Stateful Switchover (SSO) mode and that has about 200 Intermediate System-to-Intermediate System (IS-IS) neighbors when Nonstop Forwarding (NSF) is configured under the IS-IS process.

Symptoms: A Cisco 10720 router that is functioning as a provider (P) router may stop correctly performing Multiprotocol Label Switching (MPLS) label disposition, which can be verified in the output of the show hardware pxf cpu mpls label privileged EXEC command.

Conditions: This symptom is observed in a fully meshed network of provider edge (PE) routers that are connected via 802.1q links and occurs when a link breaks.

Workaround: There is no workaround. To clear the situation, enable explicit null labels or enter the clear ip bgp privileged EXEC command.

Symptoms: When a SONET link is not stable, the following error messages may be generated on a 1-port OC-48 Port Packet-over-SONET (POS)/Synchronous Digital Hierarchy (SDH) IP Services Engine (ISE) line card:

SLOT 1: %EE48-3-GULF_RX_MOFIFO: Overflow detected. Corrective action taken.
SLOT 1: %EE48-3-GULF_RX_BYTE_TO_WORD: Out of synchronization, bitmap= 0xE. Corrective action taken.

Conditions: This symptom is observed under rare circumstances on a Cisco 12000 series that is running Cisco IOS Release 12.0(22)S2.

Symptoms: IP multicast routes (mroutes) may not be downloaded to some line cards when a router is reloaded. The show ip mroute EXEC command can be entered on the Route Processor (RP) and the show ip mds forwarding EXEC command on the line cards to verify if mroutes are missing from the line cards.

Conditions: This symptom is observed when hardware-assisted multicast forwarding is used on a line card and occurs only if two line cards are reloaded simultaneously.

Workaround: Enter the clear ip mroute EXEC command on the line card to clear this symptom.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S in an IP version 6 (IPv6) environment and that is configured with Engine 3 line cards.

Symptoms: Engine 4 (E4), Engine 4 Plus (E4+), Gigabit Ethernet, and Packet-over-SONET (POS) line cards on the transmit (TX) side may drop multicast packets. The multicast packets are meant to be fragmented by the Tx slow path.

Conditions: This symptom is observed on any incoming receive (RX) line card if the maximum transmission unit (MTU) of any outgoing interfaces is less than the size of the incoming packet. This symptom will not occur in the TX fast path or with non-fragmented packets.

Symptoms: Virtual Router Redundancy Protocol (VRRP), Hot Standby Routing Protocol (HSRP), and other applications may not work as expected.

Conditions: This symptom is observed on an Ethernet line card after either an online insertion and removal (OIR) or a microcode reload procedure is performed.

Symptoms: Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) protocol adjacencies may be incomplete.

Conditions: This symptom is observed on a Cisco router after it is loaded with Cisco IOS Release 12.0(21)ST5 but may also occur in Cisco IOS Release 12.0 S. This symptom may affect connectivity across Engine 2 (E2) interfaces.

Symptoms: The distance eigrp router configuration command may not be displayed in the configuration although the configured values are applied to the routes. After you reload the router, the distance for Enhanced Interior Gateway Routing Protocol (EIGRP) routes returns to its default value.

Conditions: This symptom is observed on a Cisco router when you use EIGRP between a provider edge (PE) and customer edge (CE) router in a Multiprotocol Label Switching (MPLS) environment.

Symptoms: OPM (Optical Power Monitoring) may provide incorrect or nonrealistic values and may report that modules are down while they are functioning fine.

Conditions: This symptom is observed when you use small form-factor pluggable (SFP) optical modules that are externally calibrated.

Conditions: This symptom is observed when an Open Shortest Path First (OSPF) link-state advertisement (LSA) for a 0.0.0.0 destination is refreshed.

Conditions: This symptom is observed on the Engine 3 (E3) Quad OC-12 line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S3. It may not be possible to clear this symptom by entering the clear cef line EXEC command or by reloading the microcode on the line card.

Symptoms: An Engine 3 (E3) 4-port OC-12 (4xOC-12) or E3 OC-48 Packet over SONET (POS) line card may reload and generate traceback messages.

Conditions: This symptom is observed when the gsr-p-mz image of Cisco IOS Release 12.0(24)S is loaded on a Cisco 12406 router in an Inter Autonomous System Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) of an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment. The E3 4xOC-12 line card may be operating either in the channelized mode or the POS mode.

Workaround: No workaround is necessary as the line cards will recover without user intervention.

Conditions: This symptom is observed on a Cisco 12000 series that has dual Gigabit Route Processors (GRPs) and that is operating in the Route Processor Redundancy (RPR) mode. This symptom is observed after the Cisco 12000 series is upgraded to Cisco IOS Release 12.0(23)S.

Symptoms: The VLAN ID may be rewritten to zero on an egress provider edge (PE) router.

Conditions: This symptom is observed in the Ethernet over Multiprotocol Label Switching (EoMPLS) Port Transport mode when the underlying packets are 802.1q packets with a nonzero class of service (CoS) value.

Symptoms: The forwarding state change of a multicast route on a line card may affect the fast path forwarding state of another multicast route. This behavior may cause the latter stream to be punted to the CPU of the line card and lead to a high CPU utilization condition.

Conditions: This symptom is observed on the 2-port OC-48 (2xOC-48) Spatial Reuse Protocol (SRP) line card of a Cisco 12400 series.

Workaround: Enter the clear ip mroute * EXEC command on the router to refresh the forwarding states of all multicast routes.

Conditions: This symptom is observed when a Cisco 12000 boot loader image is used to load the main Cisco IOS software image via TFTP. This symptom occurs because the boot loader image uses "00:00:00:00:00:00" as the MAC address for Ethernet 0. This symptom is observed in Cisco IOS Releases 12.0(20)S, 12.0(20)ST, and later releases.

Conditions: This symptom is observed on the standby RP of a dual RP Cisco 12000 series when a line card on the Cisco 12000 series or a neighboring router is reloaded. This symptom occurs when a line card has a large number of encapsulation entries (3000 entries).

Symptoms: An Engine 4 plus line card that is installed in a Cisco 12400 series may be reset by the Route Processor (RP) because of interprocess communication (IPC) failures. The following errors may be displayed:

%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 148 to LC in slot 3 with sequence 58638, error = timeout

%GRP-4-RSTSLOT: Resetting the card in the slot: 3,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE ]

Conditions: These symptoms are observed when route flapping occurs; route flapping may generate a high volume of IPC traffic.

Symptoms: Configuring OSPF (Open Shortest Path First) sham links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment may cause a memory leak in the OSPF router process.

Conditions: This symptom is observed in a MPLS-VPN environment. The area area-id sham-link source-address destination-address cost number global configuration command is used and OSPF adjacency is formed over the sham-link. Each time an OSPF acknowledgment is sent over the sham-link, some memory is allocated that is never freed.

Conditions: This symptom is observed when there is an upgrade to a Cisco IOS release.

Conditions: This symptom is observed when a parity error occurs on a Cisco 12000 series Engine 4 or Engine 4 plus line card.

Symptoms: A router may reload while it is booting up if a different line card is installed in place of a 4-port channelized OC-3 (4xOC-3) line card in the even slot.

Configure a Cisco 10000 series with two 4xOC-3 line cards in adjacent odd or even slots.

Save the running configuration to ensure that the card commands are saved in the running configuration.

Remove and replace the 4xOC-3 line card in the even slot with a different line card.

Symptoms: A Quad OC-12 ATM line card that is configured for the Carrier Supporting Carrier feature may reset or report an error.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(22)S3 and that is functioning as a customer carrier customer edge (CE) router, after you enter the no mpls ip global configuration command followed by the mpls ip global configuration command.

Symptoms: When an area border router receives type-4 link-state advertisements (LSAs) via the nonbackbone, the router may incorrectly generate type-4 LSAs into the backbone. This situation may cause a routing loop to occur.

Conditions: This symptom is observed in Cisco IOS Release 12.0(22)S or a later release or Release 12.2(10) or a later release.

Workaround: Reset the Open Shortest Path First (OSPF) process by entering the clear ip ospf process privileged EXEC command.

Symptoms: The append modifier does not append data to named files on Advanced Technology Attachment (ATA) devices and the original contents of the named file remains unchanged.

Conditions: This symptom affects Cisco IOS releases that have the fix for CSCdz27200.

Symptoms: When you configure additional access control entry (ACE) entries with Layer 4 fields on a 128-line input access control list (ACL) that is configured on an Engine 4 plus (E4+) line card, the line card may reload.

Conditions: This symptom is observed on a Cisco 12000 series 1-port 10-Gigabit Ethernet E4+ line card.

Workaround: Do not add more than 128 ACEs with Layer 4 fields. If more than 128 ACEs with Layer 4 fields are required, remove the ACL form the E4+ line card, add the ACEs with Layer 4 fields, and then reapply the ACL to the line card.

Cisco devices which run Cisco IOS software and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS software is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

Symptoms: On a Cisco router that is configured for distributed Cisco Express Forwarding (dCEF) and Border Gateway Protocol (BGP) and that has a large number of BGP routes, the following messages may be displayed:

%SYS-2-MALLOCFAIL: Memory allocation of 32768 bytes failed from 0x5021F524, alignment 0
Pool: Processor  Free: 23492  Cause: Not enough free memory
Alternate Pool: None  Free: 0  Cause: No Alternate pool

-Process= "BGP Router", ipl= 0, pid= 153
-Traceback= 502243C8 50227438 5021F52C 5010E0A4 50124FF0 504F0F50 504C01B0 504C0868 50701408 50702614 50C5AF48 507026B0 506D1920 5021C80C 5021C7F8
%FIB-3-NORPXDRQELEMS: Exhausted XDR queuing elements while prep

In addition, CEF may be disabled and a message very similar to the following message may be displayed:

If new BGP neighbors are peering at the same time, the following message may also be displayed:

%SYS-3-CPUHOG: Task ran for 29984 msec (4/0), process = BGP Router, PC = 506D0DF4.
-Traceback= 506D0DFC 5021C80C 5021C7F8

When this last message is displayed, the BGP router process may cause the CPU utilization of the router to become high for one to several minutes, depending on the number of prefixes and neighbors that are configured and the number of updates that are occurring.

Conditions: These symptoms are observed under rare conditions on a distributed platform router, such as the Cisco 12000 series, that is configured with line cards and that is running Cisco IOS Release 12.0 S when you run the router beyond its physical limitations, especially when you run the router for a long time under very low memory conditions and with, or along with, a large number of routes, peers, and line cards. All of these conditions may lead to abnormality in the steady state performance of the router.

If CEF is disabled because of low memory conditions, you can reenable it by entering the ip cef distributed global configuration command.

Workaround: Limit the number of BGP routes on the router in relation to the memory that is installed in the router. For example, on a Cisco 12000 series that is configured with 256 MB of memory and based on different parameter of the routes, limit the maximum number of routes that BGP installs to about 150,000 routes.

First Alternate Workaround: Increase the memory on the router and on the line cards to accommodate the large number of routes. For example, if a Cisco 12000 series is configured with 256 MB of memory, increase the memory to 512 MB to enable better performance with a large number of routes.

Second Alternate Workaround: Adjust the BGP parameters by applying aggregation features or enabling the auto-summary router configuration command for BGP, or by using the aggregate-address router configuration command to reduce the number of BGP routes. These actions can help to reduce the memory usage of BGP and CEF.

Closing Comments: This caveat is closed because it is related to the limitation that is posed by 256 MB of memory. Future releases may include changes to BGP to enable BGP to use less transient memory when it builds updates.

Symptoms: Interfaces that are configured on the 8xOC-3 Engine 2 line card or the 16xOC-3 Engine 2 line card may not be recovered from a down/down state.

Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.

Symptoms: A router may reload when a route that is learnt via Intermediate System-to-Intermediate System (IS-IS) IP version 6 (IPv6) has more than eight equal-cost paths.

Conditions: This symptom is observed when more than eight equal-cost links are configured between two IS-IS IPv6 routers. Depending on the network topology, the symptom may also occur when there are less then eight equal-cost links between an IS-IS IPv6 router and its neighbors.

Workaround: Ensure that there are less than eight equal-cost links configured between two IS-IS IPv6 routers.

Symptoms: Tag forwarding counter may no longer function when parity errors occur on an Engine 4 plus line card.

Symptoms: A Cisco router may fail because of a bus error while an online insertion and removal (OIR) is in progress.

Conditions: This symptom is observed on a Cisco 12000 series when the show environment command is being executed while an OIR is in progress.

Workaround: Do not perform an OIR when the show environment command is being executed.

Symptoms: Traffic on a load-sharing path may be switched to the wrong destination or dropped altogether.

Conditions: This symptom is observed when a Cisco 12000 series Engine 4 (E4) line card is on the ingress side, there is a load-sharing path or multiple paths on the egress side, and a hidden class of service (CoS) global configuration command is configured on the router.

Workaround: Remove the extra load-sharing paths, and make it one single outgoing path.

Symptoms: When you write a crashinfo file to an Advanced Technology Attachment (ATA) Flash disk, the file on the ATA Flash disk may be corrupt and unusable.

Conditions: This symptom is observed on any Cisco device that enables the crashinfo file to be written to an ATA Flash disk.

Symptoms: A T1 or E1 link that is configured under AU-4-TUG-3 controllers 4 through 12 on a 1-port channelized OC-12 line card that is using Synchronous Digital Hierarchy (SDH) framing may not come up.

Conditions: This symptom is observed on a Cisco 10000 series when the 1-port channelized OC-12 line card is connected to a third-party vendor device. Note that the symptom does not occur when you use AU-4-TUG-3 controllers 1 through 3.

Symptoms: T3 links on a 4-port channelized OC-3 line card may not come up under Synchronous Digital Hierarchy (SDH) framing.

Conditions: This symptom is observed on a Cisco 10000 series when the 4-port channelized OC-3 line card interoperates with a third-party vendor device.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S1 after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.

First Alternate Workaround: Unplug the cable of the line card, and then plug it in again.

Second Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the back-to-back interface.

Symptoms: A Gigabit Ethernet Engine 2 or an Engine 4 plus line card may reload when you perform an online insertion and removal (OIR) of the Clock and Scheduler Card (CSC).

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0 S.

Symptoms: A 24-port channelized E1/T1 line card may produce a traceback, and the serial interface may not come up.

Conditions: This symptom is observed on a Cisco 10000 series when you change the mode on the line card from E1 to T1.

Symptoms: If a 3-port Gigabit Ethernet (GE) Engine 2 (E2) line card is configured for dot1q VLAN operation and an inbound access control list (ACL) is applied to the main interface, the line card will be paused by the Gigabit Route Processor (GRP), reporting Fabric Unicast timeout errors. Note that 3-port GE E2 line cards do not support per subinterface ACL processing.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S or a later release with both normal and extended ACLs. The line card will continue to pause until the ACL is either removed from the interface configuration or ACL is removed from the configuration using the no access- list access-list-number global configuration command.

Symptoms: When you use the break key to reset the secondary Gigabit Route Processor (GRP) on a Cisco 12000 series that is configured with two GRPs, the primary GRP may first pause and then reload when the following watchdog timeout occurs:

Conditions: This symptom is observed regardless of the redundancy mode (Route Processor Redundancy [RPR], Route Processor Redundancy Plus [RPR+], or Stateful Switchover [SSO]).

Symptoms: When you apply a 448-line access control list (ACL) on an Engine 2 (E2) line card to control outbound traffic, Cisco Express Forwarding (CEF) may be disabled on the E2 line card and on other E2 line cards in the chassis.

Conditions: This symptom is observed on a Cisco 12000 series when there are about 200,000 Border Gateway Protocol routes and is about 3,000 Interior Gateway Protocol (IGP) (or Intermediate System-to- Intermediate System [IS-IS]) routes. All E2 line cards have 256 MB of memory.

Workaround: To prevent CEF from being disabled, and to minimize usage of packet switch application-specific integrated circuit (ASIC) (PSA) memory, enter the access-list hardware psa limit 128 global configuration command. Doing so enables all ACL lines to be processed at the CPU of the line card.

Conditions: This symptom is observed in a high availability (HA) Stateful Switchover (SSO) environment.

Workaround: To reenable the ifIndex Persistence feature, enter the write memory EXEC command after the switchover.

Symptoms: Permanent virtual circuits (PVCs) that are managed by Operation, Administration, and Maintenance (OAM) cells may not come up.

Conditions: This symptom is observed on an 8-port ATM Inverse MUX T1 port adapter (PA-A3-8T1IMA) or an 8-port ATM Inverse MUX E1 port adapter (PA-A3-8E1IMA) that is installed in a Cisco 7200 series or Cisco 7500 series router that is running Cisco IOS Release 12.2(13)T or a later release, or Release 12.0 S.

Resolved Caveats—Cisco IOS Release 12.0(23)S1

Cisco IOS Release 12.0(23)S1 is a rebuild of Cisco IOS Release 12.0(23)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(23)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.

Conditions These symptoms are observed when you enable policy routing on a Fast Ethernet Inter-Switch Link (ISL) subinterface.

Symptoms A Cisco 7200 series router that has data-link switching (DLSw) configured may reload because of a software condition.

Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.0(15) when DLSw with TCP encapsulation is sent over an X.25 network and when an X.25 transmission attempt fails because packets are dropped.

Symptoms Parallel links may not be used efficiently on a Cisco router when Multiprotocol Label Switching (MPLS) traffic is load balanced over parallel links to a customer premises equipment (CPE) device.

Conditions This symptom is observed when a Virtual Private Network (VPN) routing and forwarding (VRF) static route to a remote loopback interface is configured and both parallel links to the same CPE device are configured to the same loopback interface without an IP address using the ip unnumbered interface configuration command.

Possible Workaround Define the following configurations on the provider edge (PE) and customer edge (CE) routers to achieve load balancing with static VRF routes.

The links in the CE configuration must be configured with 10.0.0.2 and 10.1.0.2.
10.10.0.1/32 is the CE loopback and must be advertised to the PE via Routing Information Protocol (RIP) or with another router protocol. A static route may be used.

Symptoms The ATM traffic in a Cisco 12000 series ATM Quad OC-3 line card with Segmentation and Reassembly (SAR) 3.1.3 may not work properly. Cell drops may occur in the background traffic because of the usage parameter control (UPC) configuration in the ATM switch. The ping timeout may be 15 out of 1000 pings, with a packet size of 18,000 bytes.

Conditions These symptoms are observed on a Cisco 12000 series router with the UPC on the ATM switch set to "DROP." (The symptoms are not observed on a Cisco 7200 series routers or a Cisco 7500 series routers under the same scenario.)

The symptoms occur when the ATM variable bit rate-non-real time (VBR-NRT) permanent virtual circuit (PVC) has a peak cell rate (PCR) of 46, the sustainable cell rate (SCR) is set to 23, and the maximum burst size (MBS) is set to 100.

Symptoms Source/destination pairs may not be switched in hardware and may receive degraded service.

Conditions This symptom is observed when IP version 6 (IPv6) load balancing is performed with 3 paths on a Cisco 12000 series Engine 3 line card and occurs on source/destination pairs that hash to 15. The symptom does not occur when load balancing is performed with 1, 2, 5, or 8 paths.

Symptoms Memory allocation failures occur on a Cisco router that has authentication, authorization, and accounting (AAA) configured, and "%SYS-2- MALLOCFAIL" messages are displayed. When you enter the show memory summary command, the command output shows that many small blocks are used by the AAA processes.

Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(15)S3.

Symptoms The convergence time after four Stateful Switchovers (SSOs) on a Cisco 10000 series edge services router is 11 seconds but should never be longer than 10 seconds.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms Configuring 6000 Access Control Entry (ACE) entries or more in an access control list (ACL) causes Cisco IOS software to reload.

Conditions This symptom is observed on a Cisco 10000 series router that is configured with a Performance Routing Engine 1 or 2 (PRE1 or PRE2).

Symptoms An interface of a Cisco 10000 series channelized T3 (CT3) line card may not dequeue packets. When the link on a CT3 card flaps, one or more interfaces may not recover. The output queue of the interface may become full with PPP/High-Level Data Link Control (HDLC) packets and may stay in the "Up/Down" state.

Conditions These symptoms are observed when a chip of a third-party vendor on a Cisco 10000 series CT3 line card is defective.

The fix for this caveat adds a software procedure that periodically checks if the pointers that link the partial packet buffer RAM blocks are becoming corrupted. When a corrupted pointer is detected, the associated interface is removed and then replaced, which may cause the interface to be incapable of transmitting traffic for up to 10 seconds. When this condition is detected and repaired, a message is logged to the Route Processor and the line card log to notify the user.

Symptoms A Cisco 12000 series Engine 0 (E0) Packet-over-SONET (POS) line card reloads and causes the router to lose all its routes. A back-to-back ping on other line cards fails and causes Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) to go down.

Conditions These symptoms are observed when you change the maximum transmission unit (MTU) of a port channel while traffic is flowing.

Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S when all of the following conditions are met:

–

A Frame Relay (FR) link is configured on a Versatile Interface Processor (VIP) interface.

–

Frame Relay Traffic Shaping (FRTS) is enabled for FR circuits via the map-class frame-relay global configuration command, and distributed traffic shaping is not enabled on the Route Switch Processor (RSP).

–

You deencapsulate the interface by using the no encapsulation frame-relay interface configuration command, and you unconfigure the interface by entering the no map-class frame-relay global configuration command.

–

While you unconfigure FRTS, FR encapsulation occurs, and the traffic load is still high so that the shaping function is activated and outbound packets on per-virtual circuit (VC) queues are throttled.

Workaround Avoid the situation in which all of the above-mentioned conditions take place concurrently. For example, when an FR link is configured on a VIP interface and you require traffic shaping, use distributed FRTS, or unconfigure FRTS while user traffic is low so as not to activate the shaping function.

Symptoms Operation, Administration, and Maintenance (OAM)-managed permanent virtual circuits (PVCs) on an 8-port T1 ATM port adapter with Inverse Multiplexing over ATM (IMA). (PA-A3-8T1IMA) or an 8-port E1 ATM port adapter with IMA (PA-A3-8E1IMA) may not come up as expected.

Conditions This symptom is observed on a PA-A3-8T1IMA or a PA-A3-8E1IMA of a Cisco 7200 series or Cisco 7500 series router that is running Cisco IOS Release 12.2(11.5)T or a later release.

Symptoms Reassembly table entries may indicate incorrectly that they are still active following the removal of an associated Multilink PPP (MLP) configuration.

Conditions This symptom is observed when you remove a large MLP configuration in a single step, that is, when you use a single configuration file to shut down the bundle and remove the bundle from the running configuration.

Workaround Use one configuration file to shut down the bundle and another (separate and unique) configuration file to remove the bundle from the running configuration.

Symptoms Virtual Private Network routing/forwarding (VRF) does not function properly on a Frame Relay link between a provider edge (PE) router and a customer edge (CE) router, and the CE router cannot ping the PE router.

Conditions These symptoms are observed on a Frame Relay link between a Cisco 10000 series router that is functioning as a PE router and another Cisco 10000 series router that is functioning as a CE router.

Workaround Reload the PE router to make the link between the PE router and the CE router function.

Symptoms When a Cisco 12000 series Engine 3 line card receives a tag packet with an IP version 4 (IPv4) packet that has options underneath it or with a non-IPv4 packet such as an IP version 6 (IPv6) packet, the packet may be send to the line card CPU for processing.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)ST2.

Symptoms An interface on a 2-port Fast Ethernet port adapter (PA-2FE) may stop transmitting if this interface or the other interface on the same port adapter goes down or flaps under a heavy traffic load. The interface that stops transmitting may display the following messages:

%RSP-3-RESTART: interface FastEthernet3/0/0, not transmitting
%RSP-3-RESTART: interface FastEthernet3/0/0, output frozen
%RSP-3-RESTART: cbus complex

Conditions This symptom is observed on the PA-2FE on a Cisco 7500 series Versatile Interface Processor 4 (VIP4) that is configured with Fast Ether Channel (FEC). This symptom is observed when the port adapter is carrying a heavy traffic load and when part of the traffic is originating from a port adapter (PA-A3) that is located on the same VIP.

Symptoms A Telnet session from a terminal over a vty connection to a Cisco 7206VXR router may pause indefinitely.

Conditions This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.2(4)XZ5, that is configured with a Network Processing Engine 300 (NPE-300), and that is functioning as a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) provider edge (PE) router when large text displays are dumped on the screen of the terminal.

The symptom is caused by a corrupt TCP Telnet packet that is generated by the router.

Symptoms Pins across a link bundle fail when the attached line cards are either 1-port or 3-port Gigabit Ethernet line cards.

Conditions This symptom is observed on a connection between two Cisco 12000 series routers with at least one of the routers configured with a Next Generation Release Process (NGRP). The symptom occurs on the c12kprp-p-mz image of Cisco IOS Release 12.0(22.3)S and later releases.

Symptoms Many interprocess communications (IPC) messages are sent to a Cisco 12000 series Gigabit Ethernet (GE) line card, and the nonblocking IPC command queue becomes full.

Conditions These symptoms are observed on a Cisco 12000 series router that is configured with a GE line card when you use TFTP to copy a configuration with many VLANS (that is, 800 or more VLANs) to the running configuration.

Workaround Copy the configuration with many VLANS to the startup configuration, and reload the router.

Symptoms Virtual Private Network (VPN) routing/forwarding (VRF) may not function on a High-Speed Serial Interface (HSSI) port adapter.

Workaround Remove and reconfigure the affected subinterface on the HSSI port adapter.

Conditions This symptom is observed when traffic engineering (TE) metric is used.

Symptoms A policy map with multiple class maps does not synchronize correctly with a standby Route Processor (RP).

Symptoms When you enter a loopback remote line interface configuration command on a 6-port channelized T3 line card, the command may fail and may cause a T1 connection to flap.

Conditions This symptom is observed on both American National Standards Institute (ANSI) and Bell Communications Research (Bellcore) loopbacks on networks that are sensitive to T1 framing errors.

When you enter the loopback remote line interface configuration command, the line card causes a brief change of frame alignment (COFA) error. Normally, this error goes unnoticed. However, some devices react to these errors with an alarm indication signal (AIS). Each time the loopback request is initiated (that is, if the T1 connection is configured for remote loopbacks each time the T1 connection comes up), the AIS brings the T1 connection down.

Symptoms The following error messages may be generated on a Cisco 12000 series Engine 4 plus (E4+) OC-192 line card:

SLOT 6: %RX192-3-HINTR: status = 0x4000000, mask = 0x7EFFFF FF - Parity error on rx_pbc_mem.
-Traceback= 4039CEF0 4044ECEC 400C85B0
SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7
-Process= "CEF IPC Background", ipl= 7, pid= 52
-Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108
SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7
-Process= "CEF IPC Background", ipl= 7, pid= 52
-Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108

Cisco Express Forwarding (CEF) on the E4+ OC-192 line card may become disabled, and the associated port stays in an "Up/Up" state.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S3 or the gsr-p-mz image of Cisco IOS Release 12.0(21)ST2.

Workaround Enter the microcode reload slot-number global configuration command on the E4+ OC-192 line card.

Symptoms When a primary Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel reoptimizes over another link, a traffic drop may occur.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S1 following a Fast Reroute (FRR) operation.

Workaround Configure the primary label switched path tunnel (LSP tunnel) as an explicit tunnel.

Symptoms Guarantees may not be achieved for some classes for a certain combination of bandwidth assignments within a service policy.

Conditions This symptom is observed when you use the following bandwidth allocation: class 1, 8 kbps; class 2 64 kbps; class 3 16 kbps; class 4 14 kbps; parent class, 120 kbps.

Workaround Sightly adjust the bandwidth of one of the classes. In the above example, changing class 3 to 14 kbps or class 4 to 16 kbps would solve the situation.

Conditions This symptom is observed on a distributed multilink interface on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22.4)S1.

Symptoms On a Cisco 7500 router that is configured for High Availability, when you enter the shutdown interface configuration command on a serial interface, the following error message is displayed on the standby Route Processor (RP) and the standby RP reloads:

Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S.

Symptoms An Engine 2 Quad OC-12 line card that has interfaces configured for Virtual Private Network (VPN) and that has a Frame Relay subinterface may reload.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.4)S1 when a microcode bundle is configured and loaded onto the Engine 2 Quad OC-12 line card.

Symptoms A Cisco 12000 series Engine 2 line card may generate the following error messages:

SLOT 14: %LCPOS-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8001 (1000 0000 0000 00sl, s/l=TooShort/long)
SLOT 14: %GSR-3-INTPROC: Process Traceback= 400CCE60 400C90F0 40010A24
-Traceback= 4033F424 4044ED54 400C88B0

Conditions This symptom is observed when you remove and reinsert switch fabric on a Cisco 12000 series router while traffic is flowing.

Symptoms When you configure more than 64 Inter-Switch Link (ISL) VLANs, a Versatile Interface Processor (VIP) may reload.

Symptoms NetFLow stops functioning after an online insertion and removal (OIR) of a switch fabric card (SFC).

Workaround Disable and reenable the ip route-cache flow sampled interface configuration command.

Conditions This symptom is observed on an Engine 4 Packet-over-SONET (POS) line card in a Cisco 12000 series Internet router during several online insertion and removal (OIR) procedures on a Clock Scheduler Card (CSC).

Symptoms A memory leak of about 0.5 MB occurs in the "Pre Command NV Buffer" process.

Conditions This symptom is observed when you connect to a Cisco 12000 series Route Processor (RP) through a vty.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S during multicast traffic.

Symptoms A Cisco router that is functioning as a provider edge (PE) router may install an outgoing point of presence (POP) label instead of an outgoing aggregate label for a connected Virtual Private Network (VPN) routing/forwarding (VRF) route.

Conditions This symptom is observed in a carrier supporting carriers topology with a Cisco router that is running Cisco IOS Release 12.2(12.10)T1 and that is functioning as a PE router.

Temporary Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration on the VRF interface until the symptom occurs again.

Alternate Temporary Workaround Reload the router. However, after having done so, when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the VRF interface the symptom will occur again.

Symptoms The Binary Synchronous Communications (Bisync) IP (BIP) counter displays a value of 46623 instead of 5.

Conditions This symptom is observed on a Cisco 10000 series 4-port channelized OC-3 line card.

Symptoms Enhanced Interior Gateway Routing Protocol (EIGRP) resets the routing table when you enter the write memory EXEC command, write terminal EXEC command, or show running-config privileged EXEC command.

Conditions This symptom is observed on a Cisco 7505, Cisco 7507, and Cisco 7513 router.

Symptoms When you apply a combination of IP version 6 (IPv6), an access control list (ACL), and Sampled NetFlow to an interface on an Engine 4 plus line card, the line card may reload.

Symptoms Resource Reservation Protocol (RSVP) Hello detection may not trigger a Fast Reroute (FRR) switchover.

Conditions This symptom is observed when you use RSVP Hello detection to enable Multiprotocol Label Switching traffic engineering (MPLS TE) FRR protection on shared interfaces.

Conditions This symptom is observed on a Cisco 12000 series router when you reload the router after you have enabled the tunnel mode ipv6ip auto-tunnel command and have saved the command in the startup configuration. The tunnel interface is not enabled for IPv6, and the routing table does not show the correct route nor a static route to the tunnel.

Workaround Enter the no tunnel source type number interface configuration command followed by the tunnel source type number interface configuration command on the tunnel interface.

Symptoms Counters for policy-based routing (PBR) update at an incorrect route map.

Conditions This symptom is observed when matching conditions are not defined for a route map.

Workaround When matching conditions are not defined for a route map, the situation is treated as a "permit ip any any" condition; assign the access-list access-list-number permit ip any any global configuration command as the matching condition for the route map.

Symptoms The entPhysicalParentRelPos MIB object does not return the correct value for the physical slots in a Cisco 10000 series router chassis.

Conditions This symptom is observed on a Cisco 10000 series router that is running the c10k-p10-mz image of Cisco IOS Release 12.0(23)S.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S during Fast Reroute (FRR) testing.

Symptoms When you change a class queue from low latency queueing (LLQ) to non-LLQ, or the other way around, or when you simply remove and recreate a class queue, the queue of the next class disappears, as is displayed in the output of the show hardware pxf cpu queue interface privileged EXEC command.

Conditions This symptom is observed on a Cisco 10000 series router when you change or create a class queue using the no priority policy-map class configuration command followed by the priority policy-map class configuration command or using the no bandwidth policy-map class configuration command followed by the bandwidth policy-map class configuration command.

Conditions This symptom is observed when you configure a static crossconnect that is using an interface that is down. When the interface comes up, the static crossconnect is not set up in the Label Forwarding Information Base table.

Workaround Remove the static crossconnect using the no mpls static crossconnect global configuration command and reapply the static crossconnect using the mpls static crossconnect global configuration command.

Conditions This symptom is observed on a Cisco 12000 series Engine 4 plus interface on which the VRF Selection feature is enabled.

Symptoms Configuring the hw-module slot shutdown global configuration command in the startup configuration may cause a router to reload.

Conditions This symptom is observed on a Cisco 10000 series router when you attempt to boot from an eboot image.

Workaround Do not configure the hw-module slot shutdown global configuration command in the startup configuration.

Alternate Workaround Change the configuration register to "0x40" to ignore the configuration during the bootup process.

Symptoms A destination interface may not have a value in the NetFlow cache (that is, the destination interface may be null), but it should have a value.

Conditions This symptom is observed when the egress interface is on a Cisco 12000 series Engine 0 line card and a rate limit access list is applied to the egress interface. The rate limit access list may not cause packets to be dropped, but the destination interface is null in the NetFlow cache.

Conditions This symptom is observed when you attempt to boot up the Cisco 12000 series router with an image of Cisco IOS Release 12.0(23)S and occurs before the image is loaded onto the router.

Symptoms Executing an snmpwalk command on loopback interfaces does not yield any results.

Symptoms Slow path forwarding on an Engine 3 line card of a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) may not function.

Conditions This symptom is observed on a Cisco 12000 series router that is functioning as a 6PE router and occurs because the 6PE disposition does not function for aggregate 6PE labels on the Engine 3 line card.

Symptoms "Alpha" error messages may be observed on the ingress or egress interface of a Cisco 12000 series 4-port OC-12c/STM-4c Packet over SONET (POS) synchronous digital hierarchy IP services engine line card. The following messages may be displayed on the egress interface of the Cisco 12000 series 4-port OC-12c/STM-4c POS synchronous digital hierarchy IP services engine line card:

%EE48-3-ALPHAERRS: TX ALPHA: ALPHA_CPU_PIPELINE_CTRL_INT error 1 SLOT 2: %EE48-3-ALPHAPAIR: TX ALPHA: POP PAIR

Conditions This symptom is observed if the shape, bandwidth, random detect, or priority value is configured and if both the set ip-dscp-value quality of service (QoS) policy map configuration command and the set mpls experimental policy map configuration command are disabled. This symptom is observed on a Cisco 12016 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)S or Release 12.0(21)ST2a.

Workaround Remove the transmit (TX) service policy and use Per Interface Rate Control (PIRC) instead.

Additional Notes The same symptom may occur when an error recovery is performed for hardware failures such as data path parity errors. The symptom under those circumstances would be a failed recovery. There is no workaround for the occurrence of this symptom when an error recovery is performed.

Symptoms There may not be any label bindings on a Label Switch Router (LSR), but a Label Distribution Protocol (LDP) session may not be impaired.

Workaround After you have brought down the LDP session, remove all label bindings, and bring the session up again.

Symptoms Multiprotocol Label Switching (MPLS) Fast Reroute (FRR) may not function properly on an Engine 2 ingress line card.

Conditions This symptom is observed on a Cisco 12000 series router when a tunnel that is protected by FRR is a one-hop tunnel to a second router. A third router that is connected to the first and second router provides the backup path. When the primary path between the first and second router goes down, traffic is not redirected over the backup path.

Symptoms A Cisco 7200 series or Cisco 7500 series router may reload because a packet is not cleaned up properly.

Conditions This symptom is observed under rare circumstances when the Cisco 7200 series or Cisco 7500 series router is configured for Multiprotocol Label Switching (MPLS) through a 1-port Gigabit Ethernet port adapter (PA-GE) or an Enhanced Gigabit Ethernet Interface Processor (GEIP+).

Symptoms The ENTITY MIB fails to recognize redundant power supplies and recognizes only one power supply. In addition, the power supply, fans, and chassis interface are displayed as non field-replaceable units (non-FRUs).

Symptoms When you configure an IP version 6 (IPv6) access list to match Encapsulated Security Payload (esp) or Authentication Header Protocol (ahp) protocol literal values, the access list appears to be configured to match IPv6 only.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms A router may reload while applying an Access Control List (ACL) to forwarded traffic via the ipv6 traffic-filter interface configuration command.

Conditions This symptom is observed when you enter illegal syntax in the submode of the ipv6 access-list global configuration command.

Workaround Do not enter illegal syntax in the submode of the ipv6 access-list global configuration command.

Workaround Reload the PE router to make the link between the PE router and the CE router function.

Resolved Caveats—Cisco IOS Release 12.0(23)S

All the caveats listed in this section are resolved in Cisco IOS Release 12.0(23)S. This section describes only severity 1, severity 2, and select severity 3 caveats.

Basic System Services

Symptoms A Cisco 7200 series router reloads because of a bus error, a watchdog timeout, or an unspecified error (that is, no reload error message is provided).

Conditions This symptom is observed on a Cisco 7200 series router that is configured with a Network Processing Engine 200 (NPE-200), a PA-A1 port adapter, and a PA-FE port adapter when a medium to high traffic load occurs and the traffic load consists of large packet sizes.

Symptoms The ifOutOctets counter may decrease over a five-minute interval, but the counter is still accurate on a long term basis.

Conditions This symptom is observed on a Cisco 7500 series router when quality of service (QoS) is configured on the egress Versatile Interface Processor (VIP)

Symptoms Simple Network Management Protocol (SNMP) ifIndexes may change after a switchover. This situation may occur when the bulk-synchronization of SNMP ifIndexes does not function.

Conditions This symptom is observed on a Cisco 7500 series router, Cisco 10000 series router, and Cisco 12000 series router.

Symptoms A CPU hog condition may be observed on a router, and the router may reload.

Conditions These symptoms are observed when the snmp-server community global configuration command is executed on a Cisco router that is running Cisco IOS Release 12.1 and that has several thousand logical entities configured.

Symptoms A router that is configured with a Route Switch Processor (RSP) drops multicast packets, which situation leads to a loss of connectivity.

Conditions This symptom is observed in a bridging environment, when the router that is configured with the RSP is running the rsp-jsv-mz image of Cisco IOS Release 12.2(10.7)T1 or Release 12.2(11.2) and the subscriber trunk is configured with a multicast policy that is set to "permit."

Symptoms When you configure a Cisco 12000 series Internet router with ATM interfaces, the secondary Route Processor (RP) reloads.

Conditions The conditions under which these symptoms occur are not known at this time.

Symptoms A router may reload if the no ip routing interface configuration command is configured on a router that has NetFlow configured.

Conditions This symptom is observed on a router while traffic is flowing through the router on the interface that has NetFlow configured.

Workaround Remove NetFlow before entering the no ip routing interface configuration command, or stop traffic from going through the interface that has NetFlow configured before entering the no ip routing interface configuration command.

Symptoms A Multilayer Switch Feature Card 2 (MSFC2) may reload when the no ip routing global configuration command is entered.

Conditions This symptom is observed on a Catalyst 6000 MSFC2 that is running Cisco IOS Release 12.1(12)E.

Symptoms The snmp-server host host-addr version 2c community-string global configuration command cannot be configured if the community-string argument is already configured via the snmp-server community string global configuration command.

Conditions This symptom is observed in Cisco IOS Release 12.0 S and is related to the introduction of the SNMP Support for VPNs feature.

Symptoms The output counters that are associated with an interface may remain zero, even though traffic is passed through the interface.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms Cisco IOS software fails to set up the Gigabit Ethernet Interface Processor (GEIP) MIBs correctly on a Cisco 7500 series router.

Conditions This symptom is observed when the hierarchy on the GEIP is incorrect; the port adapter and interface are shown at the same level as the GEIP. The GEIP should be at the top of the hierarchy, followed by the port adapter, followed by the interface.

EXEC and Configuration Parser

Symptoms The router isis global configuration command is not properly synchronized to a standby Route Processor (RP). This situation prevents the standby RP from loading the correct configuration.

Conditions This symptom is observed when a router is running in redundancy mode.

Symptoms The Open Shortest Path First (OSPF) network ip-address wildcard-mask area area-id router configuration command is accepted in an active Route Processor (RP) but not properly synchronized to the standby RP. The first command that you enter is synchronized correctly to the standby RP, but commands that are subsequently entered are not properly synchronized to the standby RP.

Conditions This symptom is observed on a Cisco 12000 series router when Stateful Switchover (SSO) is enabled.

Interfaces and Bridging

Symptoms Multiprotocol Label Switching (MPLS) packets that are greater than 1498 bytes may not be received on a router.

Conditions This symptom is observed on a Cisco 7500 router that is running Cisco IOS Release 12.2(10a) and that is using dot1q encapsulation.

Symptoms A Versatile Interface Processor (VIP) may reload and restart after a Fast Ethernet port adapter (PA-FE) is installed.

Conditions This symptom is observed on a VIP that is installed in a Cisco 7500 series router.

Symptoms The following error message may be displayed on a router when a Cisco IOS software upgrade is performed:

Conditions This symptom is observed on a Cisco 7500 series router when you upgrade from Cisco IOS Release 12.0(7)T to Release 12.1(14).

Symptoms A router that is configured with a multichannel port adapter reloads because of a bus error exception.

Conditions This symptom is observed when link flaps occur or interfaces are reset on a router that is configured with PA-MC-T1, PA-MC-E1, PA-MC-E3, or PA- MCX port adapters.

Symptoms The mtu interface configuration command changes into the ip mtu interface configuration command when the VLAN ID changes on a subinterface of a Cisco 12000 series 3-port Gigabit Ethernet line card.

Symptoms An Ethernet driver on an Ethernet interface may receive and forward packets that are not destined for itself.

Conditions This symptom is observed on an Ethernet interface that has the promiscuous mode enabled in a network that has multiple Hot Standby Router Protocol (HSRP) groups. This symptom is also observed when no transparent bridging is occurring.

Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(10a) and that is using distributed Link Fragmentation and Interleaving (dLFI).

Symptoms A router that is configured with a 2-port Fast Ethernet 100BASE-FX port adapter (PA-2FE-TX) may reload when the packet cleanup is not performed properly in the interrupt path of the port adapter.

Conditions This symptom is observed on a Cisco 7200 series router and a Cisco 7500 series router.

Symptoms A router may be able to send but not be able to receive traffic via a Fast Ethernet subinterface that is configured for dot1q encapsulation.

Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(21)ST3.

Workaround Reload the router, or reload microcode onto the Versatile Interface Processor (VIP) by entering the microcode reload slot-number global configuration command. Both workarounds cause a traffic interruption.

Symptoms When you reload a Cisco 7500 series Versatile Interface Processor (VIP) or a Cisco 12000 series line card that is configured with VLAN subinterfaces that are in a shutdown state, the VLAN interfaces become active again.

Conditions This symptom is observed on distributed Cisco IOS platforms, such as the Cisco 7500 series router and the Cisco 12000 series router.

Workaround After the VIP or the line card has reloaded, enter the no shutdown interface configuration command followed by the shutdown interface configuration command for the affected subinterfaces.

Symptoms Label controlled ATM (LC-ATM) bindings may not come up after a Stateful Switchover (SSO) is performed.

Conditions This symptom is observed on a Cisco 7500 series router that is configured with an LC-ATM interface.

Symptoms A 1-port ATM Enhanced OC12/STM4 port adapter (PA-A3-OC12) that is configured with multiple Low Latency Queueing (LLQ) streams that are running near peak cell rate (PCR) may drop packets. The output of the show interfaces command displays that packets are sent out but that no packets are coming in. Input or output packet drops are not displayed.

Conditions This symptom is observed during a test on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S.

Temporary Workaround Enter the clear interface type number EXEC command each time the symptom occurs.

Symptoms A router may reload after a channelized T3 (CT3) port adapter that is configured as part of a Multilink PPP (MLP) bundle is removed, and the MLP bundle interface is shut down.

Conditions This symptom is observed in a network in which two Cisco 7200 series routers are connected back-to-back via channelized T3 (CT3) port adapters. Channel groups are created and configured for MLP, and a bundle interface multilink is created on both of the routers in this setup.

Symptoms Open Shortest Path First (OSPF) multicast packets are not received on a 1-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX).

Conditions This symptom is observed on a PA-FE-TX port adapter on a Cisco 7500 router that is configured with OSPF. The PA-FE-TX does not receive OSPF multicast traffic because MAC multicast entries are not added to the MAC table.

IP Routing Protocols

Symptoms A memory leak may occur on a Cisco 7200 series router. The memory leak is caused by the Border Gateway Protocol (BGP) I/O process and occurs at the rate of 100 KB to 130 KB per hour (about 2.5 MB to 3 MB per day) after the show memory summary | incl BGP privileged EXEC command is entered. This situation occurs regardless of whether a BGP neighbor is flapping.

The output of the show processes memory | incl bgp privileged EXEC command shows the following:

PID TTY Allocated Freed Holding Getbufs Retbufs Process ... 104 0 3522569548 2139398320 21965976 297916 5184 BGP I/O ...

The show memory summary | incl bgp privileged EXEC command indicates that the "BGP (1) update" function allocates memory without deallocating it again after the process is completed:

Alloc PC Size Blocks Bytes What ... 0x607C42E0 65496 333 21810168 BGP (1) update ....

Conditions This symptom is observed on a Cisco 7206VXR router that is functioning as a Provider Edge (PE) router and that is running Cisco IOS Release 12.1(5a) in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) network.

Symptoms After you detach an interface from a Virtual Private Network (VPN) routing/forwarding (VRF) instance using the no ip vrf forwarding vrf-name command, the adjacency information that is associated with the removed interface still shows up in the VRF table.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms In a failover configuration of a designated router (DR) and a non-DR, the DR fails, does not clear its connected flag, and continues to send Protocol Independent Multicast (PIM) join messages upstream. This situation causes unnecessary traffic. Upon failback, the non-DR does not clear its connected flag and continues to sends join-packet messages upstream long after the outgoing interface list of the mroute entry becomes empty.

Conditions This symptom is observed in a failover configuration of a DR and a non-DR that have directly connected receivers.

Symptoms If a peer advertises a replacement path (with the same multi-exit discriminator [MED] as the original path), the new path is inserted in the previous position of the original path.

Conditions This symptom may be observed on a Border Gateway Protocol (BGP) router that is using deterministic MED. When this symptom occurs, the replacement path may not be grouped with paths from the same autonomous system number (ASN). This ordering may result in incorrect routing and may cause routing loops.

Workaround Disable and reenable deterministic MED on the router after the router enters the incorrect state.

Symptoms A router may reload. Also, a Multilayer Switch Feature Card 2 (MSFC 2) may reload with a bus error in the not so stubby area (NSSA) part of the Open Shortest Path First (OSPF) code.

Conditions This symptom is observed on any Cisco router that is running a Cisco IOS software release when a link-state advertisement (LSA) with an incontiguous mask is sent to a router.

Workaround Do not send address LSAs with illegal masks, that is masks that are not contiguous, to a router.

Symptoms Memory allocation (MALLOC) failures may be observed when Border Gateway Protocol (BGP) updates are generated, and the following error message may be displayed:

%SYS-2-MALLOCFAIL: Memory allocation of 2093048 bytes failed from 0x602BDB08, alignment 0 Pool: Processor Free: 1546596 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool

Symptoms A Performance Route Processor (PRP) can cause exception when trying to reload the router.

Conditions This symptom is observed on a PRP that is running Cisco IOS Release 12.0(21)3S and that has BGP/Interior Gateway Protocol (IGP) with Multiprotocol Label Switching-traffic engineering (MPLS-TE).

Conditions This symptom is observed when you use the offset list router configuration command in Enhanced Interior Gateway Routing Protocol (EIGRP) and when you remove a summary address from an interface that has a Virtual Private Network (VPN) routing/forwarding (VRF) instance defined.

Symptoms A router may reload after the show ip mroute summary EXEC command is entered.

Conditions This symptom is observed on Cisco router that is running Cisco IOS Release 12.2.

Conditions The conditions under which this symptom occurs are not known at this time.

Conditions This symptom is observed when the input interface for a label switched path goes down and the label switched path has not been fast rerouted at the previous hop (PHOP) or at a hop before the PHOP.

Symptoms Enhanced Interior Gateway Routing Protocol (EIGRP) may log a spurious access.

Conditions This symptom is observed during a test on a Cisco 7500 series router that is running the rsp-pv-mz image of Cisco IOS Release 12.0(21.4)SY.

Symptoms In rare circumstances, a downstream multicast router may have a group in the mroute table, yet the upstream multicast router does not show the downstream multicast router in the outgoing interface list.

Conditions The conditions under which this symptom occurs are not known at this time.

Workaround Issue the clear ip mroute group interface configuration command.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.

Symptoms A router that is configured with the neighbor address or the neighbor ibgp peer-group name nlri unicast multicast Border Gateway Protocol (BGP) commands does not automatically translate the no auto-summary command into the multicast address family.

Conditions The symptom is observed on a Cisco router when more than one address family is used under BGP.

Workaround Manually add the no auto-summary command into the multicast address family.

Symptoms A route reflector does not change the nexthop to itself, even when it is set to do so via a route map.

Conditions The conditions under which this symptom occurs are not known at this time.

Conditions This symptom is observed on a Cisco 7500 router that is using the Border Gateway Protocol (BGP).

Symptoms The Forwarding Information Base (FIB) table on a Cisco 12000 series Gigabit Route Processor (GRP) may be missing entries for directly connected subnets.

Conditions This symptom is observed on a Cisco 12000 series router after you have removed a large number of routes.

Workaround Enter the clear ip route network EXEC command for the affected prefixes. The following is an example:

Router# show ip cef 10.2.0.4 255.255.255.224
10.2.0.4/30, version 285154, epoch 0, attached, connected, cached adjacency to POS1/0 0 packets, 0 bytes via POS1/0, 0 dependencies valid cached adjacency

Symptoms A router may reload unexpectedly if MD5 authentication is used with Open Shortest Path First (OSPF). The following message may be displayed when you enter the show version EXEC command:

Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(22)S. The symptom occurs only when corrupted OSPF packets are present.

ISO CLNS

Symptoms A Cisco router may install a suboptimal Intermediate System-to- Intermediate System (IS-IS) route into its routing table. Depending on the topology, this situation may create a routing loop.

Conditions This symptom is observed on an IS-IS Level 1 - Level 2 (L1L2) router that is running Cisco IOS Release 12.0 S or Release 12.0 ST and that has prefixes configured that are allowed to be leaked into Level 1, that is, prefixes that match the access list that is specified within the redistribute isis ip level-2 into level-1 distribute-list command. When route leaking is not configured, this condition is not observed.

Workaround There is no workaround. The condition resolves itself when the affected route is cleared by entering the clear ip route network EXEC command.

Miscellaneous

Conditions This symptom is observed when a syslog server and syslog source interface have been defined before the source interface has been parsed and the configuration of the router is directly written from TFTP to NVRAM memory or you upgrade from Cisco IOS Release 12.0 to Release 12.1 or Release 12.2.

Workaround Place the syslog server and syslog source interface configurations after the source interface itself. To do this, you must edit the configuration offline, copy it to NVRAM memory, and then reboot the router.

Symptoms Memory allocation failures (MALLOCFAIL) may be observed on a router after it is reloaded.

Symptoms When you apply a crypto map to a tunnel interface that has the ip cef distributed global configuration command enabled, a message very similar to the following one will appear:

Router(config)# interface Tunnel0
Router(config-if)# crypto map testtag
ERROR: The VIP interface must be configured with cef distributed switching before enabling encryption.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms A queue may become stuck and display messages that are similar to the following:

Conditions This symptom is observed when an OC-48 Packet-over-SONET (POS) interface is flapping and when updates are received.

Symptoms Pattern loss may occur on a T1 channel that is configured under a Virtual Tributary level 1.5 (VT1.5) stream on a router line card when you use the clock source internal controller configuration command.

Conditions This symptom is observed on a Cisco 10000 series 1-port channelized OC-12 line card.

Symptoms On a router that is configured as a provider edge (PE) router with multiple Virtual Private Network (VPN) routing/forwarding (VRF) instances, the VRF routing table may not be imported to the same PE router when routes are imported between the VRFs even when the PE router is displayed on the Border Gateway Protocol (BGP) VPN4 table.

Conditions This symptom is observed on a PE router in a Multiprotocol Label Switching (MPLS) and VPN environment.

Symptoms A The Egress NetFlow feature can be configured on a core Multiprotocol Label Switching (MPLS) interface by using the mpls netflow egress command-line interface (CLI) command. However, the Egress NetFlow feature is designed to work only on the outbound Virtual Private Network routing/forwarding (VRF) interfaces of an MPLS network. Enabling it in any other location should be considered a misconfiguration.

Workaround A Do not configure the Egress NetFlow feature on any MPLS core interface. If the feature is enabled on any MPLS core interface, enter the no mpls netflow egress command to disable the feature.

Symptoms B IP packets that are looped back are wrongly accounted for. A new flow in the opposite direction should be created for those IP packets.

Symptoms Serial interfaces on a Cisco 10000 series 1-port channelized OC-12 line cards remain in a Down/Down state after the router has reloaded and the interfaces are defined in the startup configuration.

Conditions This symptom is observed when the startup configuration contains a large number of serial interfaces that are defined on multiple 1-port channelized OC-12 line cards.

Symptoms Traceback messages may be displayed after the ip accounting mac-address input interface configuration command is configured on VLANs that have an input access control list (ACL) present. The counters that are based on the source and destination MAC address stop incrementing after the traceback messages are observed.

Conditions These symptoms are observed on a 3-port Gigabit Ethernet line card when VLAN traffic is coming in.

Symptoms A Buffer Management ASIC (BMA) error may occur, and the following messages are displayed:

SLOT 2:00:10:20: %LC-3-BMAERRS: FrFab BMA PLIM error 100000
SLOT 2:00:10:20: %LC-3-BMAERR: FrFab BMA error: msstat 440340B2 dma0 800 dma1 0 dma2 0 qm 1FFFF8 plim 100000 fia 0 l3 0 ms 0 sdram 0

Conditions This symptom is observed on a Cisco 12000 series 6-port channelized T3 line card and 2-port channelized OC-3 line card and occurs when a packet with zero length is received by the BMA.

Conditions This symptom is observed when a Cisco 7500 series router is placed back-to-back with any other peer router in a distributed Multilink PPP (dMLP) configuration that has links in a multilink bundle. When any of the links are removed from the bundle on the side of the peer router, the OSPF connectivity is lost for few seconds on the Cisco 7500 series router side and then recovers immediately.

Symptoms When SONET level alarms occur, such as Loss of Signal (LOS), the SONET line active alarms field and the alarm indication signal (AIS) monitoring counter may indicate that no alarms are present when you are viewing the output from the show controllers sonet slot port line-number privileged EXEC command.

Conditions This symptom is observed when the line summary in the output of the show controllers sonet slot port line-number privileged EXEC command for a SONET controller on a Cisco 10000 series line card neither properly displays nor counts the AIS when a line alarm condition is present.

Workaround Use the section and path information in the output of the show controllers sonet slot port line-number privileged EXEC command to interpret whether a line alarm condition is present or not.

Symptoms If you configure modular quality of service (QoS) using the command-line interface (CLI) on a 4-port OC-48 Dynamic Packet Transport (DPT) line card, a Cisco 12000 series Internet router fails.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST1.

Symptoms Label Distribution Protocol (LDP) and Border Gateway Protocol (BGP) with IPv4+labels could be applied to the same Virtual Private Network (VPN) routing/forwarding instance (VRF) on the same router, which is restricted in the current code. Hence, the feature cannot work properly.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)3S1.

Symptoms If there is a sequence mismatch between peer routers that have an interconnected multilink interface, the recovery sequence for the router that is out of synchronization may take an extended period of time and may affect the traffic that is on the router.

Conditions This symptom is observed on a Cisco 7500 series router that is running Multilink PPP (MLP).

Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.

Symptoms Traffic fails after a Performance Routing Engine (PRE) cutover on the provider edge (PE) router.

Conditions This symptom is observed on a Cisco 10000 series edge services router.

Symptoms Cisco Express Forwarding (CEF) may be disabled on an ATM OC-3 line card after a memory leak occurs.

Symptoms A Cisco router that is running Cisco Express Forwarding (CEF) for IP version 6 (IPv6) may reload when you enter the show ipv6 cef internal EXEC command.

Conditions This symptom is observed when the IPv6 CEF forwarding table is changed while you enter the show ipv6 cef internal EXEC command.

Symptoms An indefinite output pause may occur on a serial interface that is a member of a multilink group, and the following logs may be seen:

%RSP-3-RESTART: interface Serial3/0/0, not transmitting Serial3/0/0: microcode reload

Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(10) with a PA-4T-V35 port adapter inserted in the Versatile Interface Processor (VIP)2-50 or in the VIP2-40 and where one physical interface is a member of a multilink group and another interface is configured for High-Level Data Link Control (HDLC), and where Cisco Express Forwarding (CEF) is enabled globally and disabled on the multilink interface (bundle master), and, lastly, where distributed weighted fair queuing (WFQ) is enabled on the interface configured for HDLC.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.3)S2.

Symptoms You may not be able to attach a service policy to an unspecified bit rate (UBR) ATM permanent virtual circuit (PVC). You can attach policies to variable bit rate (VBR) and available bit rate (ABR) PVCs if the bandwidth specified in the policy is lower than peak cell rate (PCR).

Symptoms An Engine 4 plus line card may perform Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) label disposition incorrectly and punt all packets that have sizes that are close to the maximum transmission unit (MTU) of the egress VPN interface to the line card CPU.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.3)S2.

Symptoms Some channelized devices may be left down. Via Cisco Discovery Protocol (CDP) you can see that these devices are connected to different E1 controllers and time slots than those that were initially configured.

Conditions This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(21)ST when the redundancy force-failover main-cpu command is used.

Workaround A temporary workaround is to reconfigure the correct controller details.

Symptoms Traffic may be dropped on a Cisco 12000 series router that is configured with an Engine 2 (E2) line card.

–

The E2 line card performs hardware-accelerated multicast switching because the hw-module slot number ip multicast hw-accelerate global configuration command is enabled.

Workaround Remove the hardware-accelerated multicast configuration, and reload the line card.

Symptoms A router may fail to warn you that a policy map oversubscribes link bandwidth.

Conditions This symptom is observed when you use nested policies on Frame Relay or Gigabit Ethernet interfaces and the sum of the shape rate of all permanent virtual circuits (PVCs) or VLANs is greater than the interface bandwidth of the Frame Relay or Gigabit Ethernet interfaces.

Workaround Enter the show policy-map interface EXEC command to ensure that the policy map is successfully applied.

Symptoms The Multiprotocol Label Switching (MPLS) forwarding table does not display a label for an aggregate route.

Conditions This symptom is observed on a Cisco 10720 Internet router and affects only the aggregate routes that are explicitly configured under the Border Gateway Protocol (BGP) configuration using the aggregate- address address mask summary- only command.

Symptoms The Ring Access Controller (RAC) watchdog timer expires and forces the RAC to enter the pass-through mode.

Conditions This symptom typically occurs when CPU utilization remains at 100 percent for more than 90 seconds.

Symptoms A bus error may occur on a router and the router returns to the ROM monitor (ROMmon) prompt.

Conditions This symptom is observed on a Cisco 10000 series edge services router when running an ATM test, atm_mult_card_mult_port_vbr_aggr_segm_and_reas_change_pcr. This error seems to happen on the unconfiguration part of the test.

Symptoms Spurious accesses and alignment errors may occur on a Versatile Interface Processor (VIP), which may cause routes or interfaces to go down.

Conditions These symptoms are observed on a Cisco 7500 series router that has Multiprotocol Label Switching (MPLS) NetFlow enabled on the egress side through the mpls netflow egress interface configuration command.

Workaround Configure the ip cef global configuration command or the no ip route-cache distributed interface configuration command.

Symptoms A few out of 1000 interfaces are not up after a Trivial File Transfer Protocol (TFTP) loading configuration has occurred.

Conditions This symptom is observed on a Cisco 10000 series edge services router.

Conditions This symptom is observed when an online insertion and removal (OIR) is performed on a Cisco 12406 router with the primary clock on CSC 1 (slot 17).

Symptoms A Versatile Interface Processor (VIP4-80) may reload with a bus error when distributed Multilink PPP (dMLP) is configured.

Conditions This symptom occurs when traffic is passed through the dMLP bundle and occurs just after the interface comes up. This symptom is specific to the dMLP feature and will occur only if dMLP is configured on a platform. The dMLP feature is independent of other features and does not affect other features.

Symptoms Line cards may reload while trying to send traffic in a basic Virtual Private Network (VPN) setup.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.

Conditions This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST3. If there are many active flows and they stop all at once, the NetFlow statistics for many of the flows may not be recorded.

Symptoms Under rare situations Parallel Express Forwarding (PXF) may reload with the following message:

Conditions This symptom is observed on a Cisco 10000 series edge services router. The symptom persists while forwarding to a particular IP address. The address cannot readily be predetermined.

In Cisco IOS Release 12.0(20)ST, Release 12.0(21)ST, and Release 12.0(21)SX on Performance Routing Engine (PRE)-1, no reload occurs, but traffic for the affected IP address is not forwarded.

Symptoms A standby Route Processor (RP) may reload when a primary configuration is changed.

Symptoms If policing is enabled using the modular quality of service QoS command-line interface CLI (MQC), it may not work with Class-Based Weighted Fair Queueing (CBWFQ) on a Frame Relay subinterface, although it may work properly with Low Latency Queueing (LLQ).

Conditions This symptom is observed on a Cisco 7500 series router when packets are Cisco Express Forwarding (CEF) switched instead of distributed Cisco Express Forwarding (dCEF) switched. Also, if output policing is enabled on the router, output policing and output queueing may not work.

Workaround Disable output policing, or make sure that packets are dCEF switched instead of non-dCEF switched.

Symptoms An Ethernet over Multiprotocol Label Switching Ether Frame with a destination MAC address that starts from 0x4 may high drop on the egress provider edge (PE) router.

Conditions This symptom is observed on a Cisco 12000 series router if the tag-switching ip interface configuration command is not configured on any interface on a Carrier Supporting Carrier customer edge (CSC- CE) router or if the tag tdp discovery direct-hello accept global configuration command is not configured on a CSC-CE, and if there is only IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution between the Carrier Supporting Carrier provider edge (CSC-PE) router and the CSC-CE router.

Workaround Configure the tag-switching ip interface configuration command on an interface on the router.

Symptoms Virtual Private Network (VPN) routing/forwarding (VRF) VLAN packet switch ASIC (PSA) registry memory does not reinitialize when another PSA loads and then unloads because higher-priority PSA features are being configured and then unconfigured. This situation prevents VRF VLAN forwarding to function.

Symptoms Routes from a remote customer edge (CE) router may not appear on another CE router. Or, routes from a remote CE router may appear on another CE router, but the addresses from the remote CE router cannot be pinged. Virtual Private Network (VPN) routes between the CEs may be lost.

Conditions These symptoms are observed when the MPLS VPN Inter-AS—IPv4 BGP Label Distribution feature is enabled on two Multiprotocol Label Switching (MPLS) VPN autonomous systems that are separated by a non-MPLS VPN autonomous system, and when the interfaces on the autonomous system border routers (ASBRs) between the MPLS VPN autonomous systems and the non-MPLS VPN autonomous system are interfaces of 3-port Gigabit Ethernet line cards. The ASBR routers are Cisco 12406 routers that are running the gsr-p-mz image of Cisco IOS Release 12.0(22.1)S1.

In the above-mentioned topology, if you enter the clear ip route * EXEC command on any of the ASBRs or CE routers, VPN routes between the CEs may be lost.

Workaround Do not enter the clear ip route * EXEC command on any of the ASBRs or CE routers.

If you need to enter the clear ip route * EXEC command, reload the ASBR router on each side of the Gigabit Ethernet link (that is, the ASBR at the side of the MPLS VPN autonomous system and the ASBR at the side of the non-MPLS VPN autonomous system).

Note

Reloading a router may have a severe impact upon a network and its users, depending upon the topology and the time of day.

Symptoms The Virtual Private Network (VPN) routing/forwarding (VRF) selection driver may not initialize the VRF selection registers when the VRF selection bundle is loaded.

Symptoms Traceback may occur under certain instances when Border Gateway Protocol (BGP) invokes the Tag Forwarding Information Base (TFIB) module of a provider edge (PE) router that is running IPv6 in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) to add a router when nexthop is not set.

Symptoms Adding multicast group entries via the ip igmp join-group group-address interface configuration command to a Cisco 10000 series Gigabit Ethernet Half-Height line card causes the line card to reset and eventually the router to reload.

Conditions This symptom is observed when about 50 multicast group entries are added via the ip igmp join-group group-address interface configuration command.

Symptoms Label Distribution Protocol (LDP) may not come up. The show mpls ldp discovery command displays the following output message:

Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(21.4)S only if the router is capable of using Stateful Switchover (SSO) after a switchover.

Conditions This symptom is observed on a Cisco 10000 series edge services router when deleting an attached policy map.

Workaround Remove the policy from all interfaces before deleting the policy from the configuration.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S2. This symptom may be indicated in the output of the show cef linecard EXEC command.

Symptoms On a router that is configured with two Route Processors (RPs) and that has the Route Processor Redundancy Plus (RPR+) feature enabled, if the standby RP is reloaded before it is fully initialized, the global configuration on the active RP gets locked.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.4)S. The symptom occurs only if the standby RP is reloaded by an operator command while a bulk synchronization is performed on the running configuration.

Symptoms A ping fails over a Multiprotocol Label Switching Traffic Engineering (MPLS-TE) tunnel.

Conditions This symptom is observed on a Cisco 12000 series Internet router when the uplink interface is a Gigabit Ethernet line card.

Symptoms Spurious accesses occur on a per-packet basis on a Versatile Interface Processor (VIP). In addition, interfaces and routing protocols on the affected VIP and other interfaces on the router may flap.

Conditions This symptom is observed on a Cisco 7500 series router when Multiprotocol Label Switching (MPLS) is enabled on one of the VIP interfaces.

Symptoms A An access control list (ACL) does not operate correctly to match Layer 4 Operation (L4Op) entries. The ACL clears the logical operator unit (LOU) while it is still being used by other interfaces.

Conditions A This symptom is observed when an ACL is removed from one interface after the ACL is applied to multiple interfaces.

Workaround A Remove the ACL from all interfaces to which the ACL has been applied and reapply the ACL to the interfaces as needed.

Symptoms B A ternary content addressable memory (TCAM) LOU capacity error may occur even though the number of used LOUs in the existing ACLs is less than the set limit.

Conditions B This symptom is observed when two different ACLs are applied to two different interfaces (ACL A on interface A and ACL B on interface B). When ACL A is applied to interface B, the LOU from ACL B is not cleared. This behavior causes LOUs to be wasted in TCAM.

Workaround B First remove ACL B from the interface, and then reapply ACL A to that interface.

Symptoms A standby Route Processor (RP) may reload after a Route Processor Redundancy Plus (RPR+) switchover.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.

Symptoms When Field Diagnostics are executed on a line card, Framer Loopback tests may fail if fiber is connected to the line card.

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.

Workaround Do not run Field Diagnostics on line cards that have fiber connected to them.

Symptoms When you configure a Packet-over-SONET interface, a call control block (CCB) playback error occurs, and a standby Route Processor (RP) reloads. The following error messages are generated:

%HA-3-SYNC_ERROR: CCB Playback error.
%HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1).

Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S after a Stateful Switchover (SSO) has occurred.

Conditions This symptom is observed when the mpls traffic-eng signaling forwarding sync command is enabled.

Workaround Do not use FRR when the mpls traffic-eng signaling forwarding sync command is enabled.

Symptoms Label distribution protocol (LDP) cannot create a Tag Information Base (TIB) entry for 0.0.0.0, which prevents LDP from performing label switching on a packet that is routed using the default route.

Conditions This symptom is observed in Cisco IOS Release 12.0(21.4)S, Release 12.0(21.4)SY, Release 12.2(11.3), Release 12.2(11.3)S, and Release 12.2(11.3)T.

Symptoms Multicast packets are not reaching the IP/Open Shortest Path First (OSPF) layer in a router.

Symptoms The value of the ciscoEnvMonTemperatureThreshold variable is incorrectly reported as 7 degrees or 65,535 degrees. This condition causes the Device Fault Manager (DFM) to send high-temperature alarms for sensors that indicate that the value of the ciscoEnvMonTemperatureThreshold variable is equal to 7 degrees.

Symptoms The Multilink PPP (MLPPP) sequence number may not be updating correctly, and traffic is sent to the Route Processor (RP).

Conditions This symptom is observed after a Performance Routing Engine (PRE) switchover on a Cisco 10000 series router that is running Cisco IOS Release 12.0(21.4)S and that is connected to a Cisco 7500 series router via a channelized T3 interface.

Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the multilink interfaces after the cutover.

Symptoms A master Route Switch Processor 8 (RSP8) may reload after an online insertion and removal (OIR) of a line card.

Conditions This symptom is observed on a Cisco 7500 series router that is configured with dual RSP8s.

Avoiding an OIR following the bootup of the slave RSP8 reduces the chance that the master RSP8 will reload. The symptoms have not been observed on other RSPs (that is, other than the RSP8s).

Conditions This symptom is observed when you enter the ip cef global configuration command on a Cisco 7500 series router that is running Cisco IOS 12.1(12c)E.

Symptoms A Cisco IOS Versatile Interface Processor Software (SVIP) for a Cisco 7500 series router may fail to compile because of new function calls that are not included in its crypto-related subsystem.

Conditions The conditions under which these symptoms occur are not known at this time.

Symptoms When a permanent virtual connection (PVC) that is configured on a Cisco 12000 series Engine 2 8-port OC-3 ATM line card is changed from a virtual circuit (VC) bundle to regular VC mode, the PVC stops forwarding traffic. In addition, the MacString appears to be broken and an error message indicates that there are spurious memory accesses.

Conditions The conditions under which these symptoms occur are not known at this time.

Symptoms You may not be able to change the mode of a 24-port channelized E1/T1 line card from E1 to T1, from T1 to E1, or—as a test—from its present mode to its present mode.

Conditions This symptom is observed on a Cisco 10000 series router that is running the c10k-p10-mz image of Cisco IOS Release 12.0 S.

SLOT 8:00:27:52: %EE48-5-TM_PROC: TCAM Delete Table not free(40), Alpha:RX Lbl:4099 Appl:2 fail: 40 
-Traceback= 403503E0 403504FC 40356E34 4035779C 403579B0 400B3DFC400B3DE8 
SLOT 8:00:28:00: %EE48-5-TM_PROC: TCAM Delete Invalid Parameters(35), Alpha:RX Lbl:4099 Appl:2 fail: 35 
-Traceback= 403503E0 403504FC 40356E34 4035779C 403579B0 400B3DFC400B3DE8

The access control list (ACL) stops functioning properly after this symptom occurs.

Conditions This symptom is observed if the same ACL is applied to multiple interfaces on an IP Service Engine (ISE) that is installed on a Cisco 12000 series Internet router.

Symptoms A Versatile Interface Processor (VIP) reloads after a Stateful Switchover (SSO) has occurred.

Symptoms The following error message appears on a Cisco 12000 series Internet router when you enable a turbo access control list (Turbo ACL):

%SYS-2-MALLOCFAIL: Memory allocation of 10980020 bytes failed from 0x400BE22C, alignment 32 
Pool: Processor Free: 25912464 Cause: Memory fragmentation 
Alternate Pool: None Free: 0 Cause: No Alternate pool

-Process= "TurboACL", ipl= 0, pid= 41 
-Traceback= 400BB150 400BD4E4 400BE234 40BCDBE4 40BCDA70 40BCDAB8 40BCDAB8 40BCD97C 40BCFD00 40BD1650 400B3DFC 400B3DE8

Conditions This symptom is observed on a a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S2 and that is configured with an 8-port Fast Ethernet 100-Base-TX interface with 128 MB of route memory.

Workaround Turn off compiled access lists using the no access-list compiled global configuration command.

Symptoms Fast Reroute (FRR) tunnels that are created bidirectionally for each of two parallel links (that is, a total of four backup tunnels) fail to remain up when one or both of the links go down.

Symptoms A CyBus 10 error and a QAERROR occur after a Stateful Switchover (SSO) has occurred.

Conditions This symptom is observed on a Cisco 7500 series router when the standby Route Switch Processor (RSP) is being reloaded.

Conditions This symptom is observed when large IP version 6 (IPv6) packets (of 18,008 bytes) are sent to an IPv6 nonbroadcast multiaccess (NBMA) tunnel source address.

The symptoms are caused by the use of a packet flag after the packet has been returned to the system. This is incorrect, but only causes a router with a heavy packet load to reload.

Workaround Set the maximum transmission units (MTUs) correctly, both on the IPv6 tunnel interface and on the IP version 4 (IPv4) interfaces, to ensure that fragmentation of IPv6 packets occurs only at the IPv6 layer and not at the IPv4 layer.

Symptoms An IronBus error occurs on a Cisco 10000 series 1-port channelized OC-12 line card. The console log shows the following information:

%C10KEVENTMGR-1-IRONBUS_FAULT: Ironbus Event 2/1, Restarting Ironbus %IPCGRP-3-SYSCALL: System call for command 203 (slot2/0): ipc_send_rpc_blocked failed (Cause: timeout) 
-Traceback= 603C4208 603C4698 603C53E8 6013BFC0 60089C64 600248D4 60024C4C 6035270C 603526F8%IPCOIR-3-TIMEOUT: Timeout waiting for a response from slot 2/0. %IPCOIR-2-CARD_UP_DOWN: Card in slot 2/0 is down. Notifying 1choc12-1 driver. %C10K_ALARM-6-INFO: ASSERT CRITICAL slot 2 Card Stopped Responding OIR Alarm %IPCOIR-5-CARD_DETECTED: Card type 1choc12-1 (0x1BB) in slot 2/0 %IPCOIR-5-CARD_LOADING: Loading card in slot 2/0 
%C10K-5-LC_NOTICE: Slot[2/0] 1choc12-1 Image Downloaded...Booting... 
%PXF_DMA-3-IRONBUS_NOTRUNNING: Data path to slot 2/1 failed to synchronize (TIB Not Running)

Conditions This symptom is observed on a Cisco 10000 series edge services router when you copy a configuration for creating 768 DS0 interfaces under a Virtual Tributary (VT) on the 1-port channelized OC-12 line card onto the running configuration.

Symptoms Missing Tag Forwarding Information Base (TFIB) entries may be observed after the clear ip route * privileged EXEC command is entered.

Conditions This symptom is observed in a cell-based Multiprotocol Label Switching (MPLS) network while the multiple virtual circuit (VC) feature is enabled.

Workaround Use the clear ip route prefix privileged EXEC command instead of the clear ip route * privileged EXEC command.

Symptoms A line card reloads when you remove a static route from a Cisco 12000 series Internet router.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms Traffic that is travelling into the core from a autonomous system border router (ASBR) is dropped from an inter-autonomous system setup because some packets that are travelling out of the ASBR are corrupted in the hardware of a Cisco 12000 series Engine 2 line card.

Symptoms The following error messages may be displayed on the console port of a Cisco Catalyst 6000 switch:

%TFIB-7-SCANSABORTED: TFIB scan not completing. MAC string updated. %TFIB-DFC8-7-SCANSABORTED: TFIB scan not completing. MAC string updated. *

The messages may continue to be displayed until the Cisco Catalyst 6000 switch is reloaded. The error messages are informational and indicate that an excessive amount of network or line transitions may cause an excessive number of Forwarding Information Base (FIB) scans. Processes that are attempting to converge on the network may cause the Route Processor (RP) and the Switch Processor (SP) CPU utilization to occasionally reach 100 percent.

Conditions This symptom is observed on a Cisco Catalyst 6000 switch that is running Cisco IOS Release 12.2.

Symptoms Traffic is forwarded to the correct egress interface, but no labels are imposed on the traffic.

Conditions This symptom is observed in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) inter-autonomous system when an Engine 4 plus line card receives traffic on a VPN routing/forwarding (VRF) interface on an autonomous system border router (ASBR).

Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(22.1)S when a microcode reload occurs after Border Gateway Protocol (BGP) peers come up accompanied by high CPU utilization.

Symptoms Some Hot Standby Router Protocol (HSRP) hello packets may drop. The output of the debug standby command and the debug ip packet detail command shows if packets drop.

Conditions This symptom is observed on a Cisco 12000 series router that is configured with an 8-port Fast Ethernet line card when HSRP is enabled.

Workaround Enter the debug line card no-throttle EXEC command from the line card console, and verify that the HSRP packets no longer drop.

Symptoms A Cisco 10720 router cannot forward full line-rate OC-48 Spatial Reuse Protocol (SRP) transit traffic on an inner ring, an outer ring, or on both rings if the SRP frame size (including the cyclic redundancy check [CRC]) is between 52 and 102 bytes. The transit performance can be as low as 1.6 Gbps in one direction. Any frame size that is larger than 102 bytes can be forwarded at full line rate.

Conditions This symptom is observed on high-rate small-transit SRP frames on a Cisco 10720 router that is running Cisco IOS Release 12.0(19)SP, Release 12.0(20)SP, or Release 12.0(21)SP.

Symptoms A 3-port Gigabit Ethernet card may reload following the configuration of Border Gateway Protocol (BGP) Policy Accounting on either the main interface or a subinterface.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.4)S2.

Symptoms A tunnel that is configured for IP version 6 (IPv6) does not pass traffic.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.1)S.

Symptoms The rate-limit output bps interface configuration command is not supported if the bps argument has a value of 80,000 or higher.

Symptoms You cannot set a maximum transmission unit (MTU) size other than the default size.

Conditions This symptom is observed on a Packet-over-SONET interface that is configured on a Cisco 12000 series router.

Symptoms When Route Processor Redundancy Plus (RPR+) is enabled and you perform a microcode reload on an active Route Processor (RP) but the router is not configured with a standby RP, the configuration mode pauses indefinitely.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.01)S.

Symptoms On all components of a standby Route Processor (RP), dir, show, copy, and write commands may fail.

Conditions This symptom is observed on a Cisco 12000 series router when the active RP is running a release earlier than Cisco IOS Release 12.0(21.1)S1 and the standby RP is running Cisco IOS Release 12.0(21.1)S1 or a later release.

Symptoms Physical inverse multiplexing over ATM (IMA) ports are not indexed in the IF-MIB.

Conditions This symptom is observed on a Cisco router that has IMA interfaces. This symptom is resolved in Cisco IOS Release 12.2(3)T but may occur in Cisco IOS Release 12.2(8)T and Release 12.2(10.3)T2.

The following example of the IF-MIB shows ATM1/IMA0 (index 43), but the interface is not indexed:

ifDescr.40 = ATM1/7-aal5 layer 
ifDescr.41 = ATM1/7.0-aal5 layer 
ifDescr.42 = Null0 
ifDescr.43 = ATM1/ima0 <---- 
ifDescr.44 = ATM1/ima0-atm layer 
ifDescr.45 = ATM1/ima0.0-atm subif 
ifDescr.46 = ATM1/ima0-aal5 layer 
ifDescr.47 = ATM1/ima0.0-aal5 layer 
ifDescr.48 = ATM1/ima0.40-atm subif 
ifDescr.49 = ATM1/ima0.40-aal5 layer

Symptoms An access control list (ACL) may fail when there are more than 128 ACLs configured.

Conditions This symptom is observed on any Engine 2 line card that is installed in a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.1)S.

Symptoms A Route Processor (RP) may reload when traffic engineering (TE) tunnels are configured.

Conditions This symptom is observed on an RP that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.1)S. The reload typically occurs after one or more tunnels are removed by entering the no interface interface-type interface-number global configuration command.

Symptoms A Versatile Interface Processor (VIP) on a Cisco 7500 series router may run out of memory and generate the following memory allocation (MALLOC) failure messages:

%SYS-2-MALLOCFAIL: Memory allocation of 65556 bytes failed from 0x6010EB8C, alignment 32 Pool: Processor Free: 173756 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool 
-Process= "CEF IPC Background", ipl= 0, pid= 31

The show process memory section in the output of the show tech EXEC command indicates that the Multiprotocol Label Switching (MPLS) Cisco Express Forwarding (CEF) interprocess communication (IPC) background process is holding up a large portion of the memory.

Symptoms An active Route Processor (RP) is not able to access any of components of the standby RP, and the router cannot enable the Stateful Switchover (SSO) feature.

Conditions These symptoms are observed when the active RP is running Cisco IOS Release 12.0(22)S on a Cisco 7500 series, Cisco 10000 series, or Cisco 12000 series router.

Symptoms The line protocol of several channels that are configured on several 24-port channelized E1/T1 line cards does not come up.

Conditions This symptom is observed during scaling tests and occurs at a pseudorandom pattern when seven 24-port channelized E1/T1 line cards are installed in a Cisco 10000 series router and 168 ports are configured as 24 time-slot channels with PPP encapsulation. In this configuration, the line protocol of 8 out of 168 channels does not come up.

Workaround To recover from the situation, enter the hw-module slot reload EXEC command.

Symptoms Multiprotocol Label Switching (MPLS) packets that come in on a dense OC-48 Spatial Reuse Protocol (SRP) ring are not correctly handled and switched to the next hop. IP traffic works fine.

Conditions The conditions under which these symptoms occur are not known at this time.

Symptoms Basic Frame Relay connectivity does not function on a Cisco 7200 series router.

Conditions This symptom is observed on a Cisco 7200 series router that is running the c7200-p-mz image of Cisco IOS Release 12.0(22)S or Release 12.0(22.1)S1.

Symptoms When a Cisco 10720 router is forwarding Multiprotocol Label Switching (MPLS) packets at a very high rate, the Parallel Express Forwarding (PXF) data plane may reload.

Conditions This symptom is observed when the Cisco 10720 router is forwarding MPLS traffic near the system limitation of 2 million packets per second and a routing change occurs that causes traffic to be forwarded to the Packet-over-SONET (POS)/Spatial Reuse Protocol (SRP) uplink interface instead of to an interface on the Fast Ethernet (FE) or Gigabit Ethernet (GE) line card, or the other way around, that is, to the interface on the FE or GE line card instead of to the POS/SRP uplink interface.

Symptoms IP traffic that leaves a Virtual Private Network routing/forwarding (VRF) interface that has dot1q encapsulation enabled may not have Address Resolution Protocol (ARP) entries and may fail.

Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(22.01)S1.

Symptoms Policy-based routing commands on subinterfaces of an IP Service Engine (ISE) line card may not take effect properly.

Conditions This symptom is observed on a Cisco 12000 series router when multiple Frame Relay subinterfaces are configured on an ISE line card.

Symptoms A single headend rewrite that is used by all prefixes that are routed over a tunnel is not updated properly when the label switched path tunnel state changes and there are no prefixes being routed over the tunnel.

The output of the show mpls traffic-eng fast-reroute database command does not display any tunnel data, but, as long as the headend tunnel is up, there should always be one entry for the headend tunnel.

Conditions These symptoms are observed when FRR protection is enabled on a tunnel, when there are no prefixes being routed over this tunnel, and when Label Distribution Protocol (LDP) is not enabled.

Symptoms A Cisco 12000 series Engine 4 plus line card reloads during the bootup process.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms A router may reload unexpectedly when a Layer 2 Tunneling Protocol (L2TP) connection is established.

Conditions This symptom is observed on a Cisco 7401ASR router that is used as a Layer 2 Tunneling Protocol (L2TP) network server (LNS).

Symptoms A virtual circuit (VC) bundle fails on an Virtual Private Network routing/forwarding (VRF) interface of an Engine 2 8-port OC-3 STM-1 ATM line card.

Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

Symptoms When customer edge (CE) routers are connected over a Layer 2 Tunneling Protocol version 3 (L2TPv3) tunnel, pings may not go through.

Conditions This symptom is observed when the CE routers are connected to provider edge (PE) routers via Gigabit Ethernet links that have 802.1 encapsulation enabled. If the links are changed to Fast Ethernet, the symptom does not occur.

Symptoms After a standby Route Processor (RP) has fully initialized and you perform a microcode reload followed by a Route Processor Redundancy Plus (RPR+) switchover, both the active RP and the standby RP pause indefinitely when the line cards are coming back up.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.1)S1 in a configuration with 2000 ATM subinterfaces and 200 Border Gateway Protocol (BGP) peers that are advertising 180,000 BGP routes.

Symptoms When PPP encapsulation is enabled on Section Data Communications Channel (SDCC) interfaces on an OC-48 line card, connectivity is lost.

Symptoms When Multiprotocol Label Switching traffic engineering (MPLS TE) reoptimizes to a PPP link that just came up, traffic may be dropped for up to 1 minute.

Conditions This symptom is observed when Label Distribution Protocol (LDP) is enabled.

Symptoms An Engine 4 (E4) Packet-over-SONET (POS) line card that is functioning as an ingress IP version 6 (IPv6) interface for traffic that is routed over IPv6 tunnels may reload.

Conditions This symptom is observed on a Cisco 12000 series router when traffic is flowing through the E4 POS line card.

Symptoms The fix for CSCdx47695 that was integrated into Cisco IOS Release 12.0(21)S3 introduced a throttling mechanism that may be used when the physical layer interface module (PLIM) is congested. The throttling mechanism prevents interfaces or a bundle, or both, from flapping when bidirectional traffic with small packets is sent through either a 6-port channelized T3 line card or a 2-port channelized OC-3/STM-1 (DS1/E1) line card.

The throttling mechanism produces a severe performance impact, although no link flaps occur.

Workaround There is no workaround. The fix for this caveat consists of a knob for the throttling.

Symptoms A Cisco 7200 series router reloads when you enter the show access-list compiled EXEC command.

Conditions This symptom is observed on Cisco 7200 series router that is configured with a Network Processing Engine G1 (NPE-G1) when there is an empty IP version 4 (IP4) or IP version 6 (IPv6) access control list (ACL).

Workaround Ensure that the IPv4 or IPv6 ACL is not empty when you enter the show access-list compiled EXEC command.

Symptoms If you perform an online insertion and removal (OIR) of a 4-port Packet-over-SONET OC-3c/STM-1 line card before a standby Route Processor (RP) is fully initialized, the line card disappears from the Cisco IOS configuration after the standby RP is fully initialized.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.2)S and that has the Route Processor Redundancy Plus (RPR+) feature enabled, 2000 ATM subinterfaces configured, and 200 Border Gateway Protocol (BGP) peers configured that are advertising 180,000 BGP routes.

Symptoms When a Cisco 12000 series router is booted up or when a 10-port 1-Gigabit Ethernet line cards is reloaded, a CPUHOG message may occur in the Cisco Express Forwarding (CEF) line card interprocess communication (IPC) background process, as is displayed in the following error message:

%SYS-3-CPUHOG: Task ran for 3120 msec (0/0), process = CEF LC IPC Background, PC = 40CEC7E0. 
-Traceback= 40CEC7E8 40CDCDC0 40CF2498 40CEF65C 40CEF90C 40CEFBDC 40CF0604 40 0B9BCC 400B9BB8

Conditions This symptom is observed on a Cisco 12416 router that is running Cisco IOS Release 12.0(22.1)S1 and that is configured with a Performance Route Processor (PRP), two 10-port 1-Gigabit Ethernet line cards, two 8/16-port OC-3 Packet-over-SONET (POS) line cards, each of which is configured with an even distribution of about 2000 Frame Relay permanent virtual circuit (PVC) subinterfaces, and 700 Border Gateway Protocol (BGP) peers.

Symptoms The Any Transport over Multiprotocol Label Switching (AToM) feature does not generate syslog messages that indicate if or when labels are being imposed or withdrawn on remote provider edge (PE) routers.

Conditions This symptom is observed when AToM virtual circuit (VC) labels are imposed or withdrawn.

Workaround If available in the software image that you are running, enable the debug logging commands.

Symptoms An E1 interface may report that it is handling more than its maximum bandwidth of 1984 kbps.

Conditions This symptom is observed on an E1 channel group that is configured with 31 time slots.

Symptoms A Versatile Interface Processor (VIP) that has a High-Speed Serial Interface (HSSI) reloads continuously after the router is reloaded.

Conditions This symptom is observed when the HSSI interface is in the shutdown state and when it is configured for Frame Relay encapsulation while a quality of service (QoS) with priority feature is enabled.

Workaround Enter the no shutdown interface configuration command on the interface or remove the QoS policy before reloading the router.

Symptoms On a Cisco 12000 series router that is functioning as a provider edge (PE) router and that is configured with Engine 2 line cards in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) environment, route aggregation in Border Gateway Protocol (BGP) breaks connectivity because the more specific routes are not in the BGP VPN routing/forwarding (VRF) table.

Conditions This symptom is observed when there are multiple customer edge (CE) routers attached to a 3-port Gigabit Ethernet line card, when route aggregation is used in the BGP IP version 4 (IPv4) VRF address family, and when more specific routes are suppressed.

Workaround Ensure that the more specific routes are imported into the BGP VRF table by either redistribution or network statements.

Symptoms After a Cisco 12000 series router performs a switchover, a Cisco Express Forwarding (CEF) CPUHOG message occurs and the router reloads.

Conditions This symptom is observed when the Cisco 12000 series router is configured for IP routing and has IP CEF enabled and when the Address Resolution Protocol (ARP) table is filled with 50,000 entries.

Symptoms Attempting to perform a Fast Software Upgrade (FSU) causes a standby Route Switch Processor (RSP) to enter a continuous reboot cycle.

Conditions This symptom is observed on a Cisco 7500 series router when you attempt to perform an FSU from Cisco IOS Release 12.0(22)S to Release 12.0(22.2)S or later releases.

Symptoms Packets that are traversing an Engine 4 plus (E4+) OC-192 line card in a Cisco 12000 series router that has tag switching enabled may be dropped.

Conditions This symptom is observed in a traffic engineering (TE) configuration and occurs when traffic is load balancing across multiple TE tunnels at the headend or when label imposition is performed over multiple paths.

Workaround Enter the clear ip route network mask command on the ingress side of the OC-192 link. Use caution because entering the clear ip route * command may invoke the symptoms.

Symptoms Traffic that is destined for a line card is forwarded to a Route Processor (RP).

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.2)S when you apply an access control list (ACL) to a Virtual Private Network routing/forwarding (VRF) interface of an Engine 2 Packet-over-SONET line card.

Symptoms Border Gateway Protocol (BGP) policy accounting counters on a 3-port Gigabit Ethernet line card increment incorrectly.

The output of the show cef interface type number statistics EXEC command displays that the average rate of index 1 through 3 is about 200 to 300 Mbps while the actual traffic is about 400 kbps.

Symptoms An Engine 4 line card may reload and may become stuck in the REQ DUMP state.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.2)S when you enter the show controllers forwarding memory manager command.

Workaround There is no workaround. The show controllers forwarding memory manager command is a line-card specific command. Although it is not a hidden command, in general, you should not use it.

Symptoms An Engine 2 3-port Gigabit Ethernet line card that receives a tag packet with a Time to Live (TTL) value of 1 may reload.

Symptoms A Route Processor reloads and returns to the ROM monitor (ROMmon) prompt.

Conditions This symptom is observed on a Cisco 12000 series router when you attach a Cell Loss Priority (CLP) bit setting hierarchical policy to an interface of an Engine 2 8-port OC-3 ATM line card.

Symptoms Extended pings fail to send packets in a mixed IP and Multiprotocol Label Switching (MPLS) network.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.2)S.

Symptoms A line card does not recover from a system interruption such as a router reload or a microcode reload onto the line card.

Conditions This symptom is observed on a Cisco 12000 series router that is configured with an Engine 2 line card on which 100 Virtual Private Network (VPN) Frame Relay subinterfaces are configured.

Workaround There is no workaround. However, in rare cases the line card may recover from an additional router reload.

Symptoms Packets that enter a provider edge (PE) router over an Engine 4 plus (E4+) line card may not be filtered properly.

Conditions This symptom is observed on a Cisco 12000 series router that is configured with an E4+ 1-port OC-192 or an E4+ 4-port OC-48 line card, when the packets are forwarded out of a Virtual Private Network routing/forwarding (VRF) customer-facing interface that has an output access control list (ACL) configured.

Symptoms A Cisco 12000 series router may reload in the ipc_open_port_by_name function.

Conditions This symptom is observed on a Cisco 12416 router that is running Cisco IOS Release 12.0(22.1)S1 and that is configured with a Performance Route Processor (PRP), two 8/16-port OC-3 Packet-over-SONET (POS) line cards, each of which is configured with 1000 permanent virtual circuit (PVC) subinterfaces, and 700 Border Gateway Protocol (BGP) peers.

Symptoms The following symptoms may be observed on a Cisco 12000 series Engine 2 (E2) ingress line card that is installed in a provider edge (PE) router.

When traffic is destined for an IP address for which the Cisco Express Forwarding (CEF) adjacency is an Ethernet MAC address and the Address Resolution Protocol (ARP) cache is either empty or incomplete, traffic is punted to the CPU of the line card. The CPU attempts to resolve the adjacency and drops the traffic.

While the ARP cache for the Ethernet MAC address is incomplete but traffic is being received for the IP address, the CPU utilization of the line card may increase to 99 percent. This situation may lead to a loss of Interior Gateway Protocol (IGP) neighbors and fabric-unicast ping timeouts, which in turn may cause the line card to reload.

When the CEF adjacency moves from an incomplete state to a MAC address, buffer management application-specific integrated circuit (ASIC) (BMA) errors are triggered and packet switch ASIC (PSA) pipeline stall messages may be displayed:

%LC-3-BMAERRS: ToFab BMA BMA error status error 10 
%QM-3-ERROR: ToFab Register 0x40007. 
-Traceback= 403F0074 4036DBF4 40498814 400CCF98 
%LC-3-BMAERRS: ToFab BMA QM error 1

Conditions These symptoms are observed in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) in which a Cisco 12000 series router that is functioning as a PE router is connected to a provider (P) router through an E2 line card and the connection between the PE router and the customer edge (CE) router is a Gigabit Ethernet link.

Workaround The following sequence of commands will prevent the loss of IGP neighbors and fabric-unicast ping timeouts:

Enter the attach slot-number privileged EXEC command for the E2 line card.

This sequence of commands will not prevent BMA errors and PSA pipeline stall messages, but will prevent the IGP neighbors from being lost and the line card from reloading. Note that these commands will no longer be enabled if the line card or router reloads.

Symptoms After a forced switchover, the new standby Route Processor (RP) does not come up properly. The startup configuration fails to synchronize to the new standby RP.

Conditions These symptoms are observed on a Cisco 12000 series router after you have entered the redundancy force-switchover EXEC command.

Symptoms An IP Service Engine (ISE) line card reloads because of a software error.

Conditions This symptom is observed after you have reloaded a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S or a later release while traffic was active, and the ISE line card has Virtual Private Networks (VPNs) configured on Frame Relay subinterfaces. After the router has reloaded, the line card comes up, reports a software error, and reloads.

Workaround First terminate the traffic before you reload the router. After the router has reloaded, resume the traffic after the ISE line card has reached the Cisco IOS "Run" state.

Symptoms An access control list (ACL) with an Internet Control Message Protocol (ICMP) entry may be incorrectly processed by (the packet switch ASIC [PSA] of) an Engine 2 line card.

Conditions This symptom is observed on a Cisco 12000 series Engine line card when an ACL entry matches an ICMP packet that is specifying its type but not its code.

Symptoms A Cisco 12000 series 4-port ATM line card repeatedly reloads after you have performed a microcode reload.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S when the carrier supporting carrier feature configured on the 4-port ATM line card.

Symptoms Label controlled ATM (LC-ATM) bindings may not come up after a Stateful Switchover (SSO) is performed.

Conditions This symptom is observed on a Cisco 7500 series router that is configured with an LC-ATM interface.

Symptoms A customer edge (CE) router cannot send Virtual Private Network (VPN) traffic to other CE routers that are connected to the same network core.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.3)S and that is functioning as a CE router that is attached to a provider edge (PE) router. The PE router is configured with an Engine 4 plus dense OC-48 line card that is facing the network core.

Symptoms A 1-port ATM Enhanced OC12/STM4 port adapter (PA-A3-OC12) that is configured with multiple Low Latency Queueing (LLQ) streams that are running near peak cell rate (PCR) may drop packets. The output of the show interfaces command displays that packets are sent out but no packets are coming in. Input or output packet drops are not displayed.

Conditions This symptom is observed during a test on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S.

Temporary Workaround Enter the clear interface type number EXEC command each time the symptom occurs.

Symptoms If a channel is shut down while there is a large amount of line-rate traffic flowing through a line card, the channel may stay down even after you enter the no shutdown interface configuration command on the interface on which the channel is configured. If you enter the shutdown interface configuration command followed by the no shutdown interface configuration command multiple times on the affected interface, the channel still does not come back up.

Workaround There is no workaround. To recover from the situation, reload the line card.

Symptoms The CPUs of all line cards on a router may show very high utilization, and interprocess communication (IPC) between the Route Processor (RP) and the line cards may fail, which may disable the Forwarding Information Base (FIB) and Multicast Distributed Fast Switching (MDFS) and may cause line cards to reload.

Conditions These symptoms are observed on a Cisco 12400 series router that is running Cisco IOS Release 12.0(22.3)S when there is a large number of Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel interfaces configured and the ip multicast-routing distributed global configuration command is enabled.

Symptoms When you disable Link Bundling on the interfaces of a Cisco 12000 series Engine 2 line card, single-mode Link Bundling microcode is not unloaded.

Conditions This symptom is observed when Link Bundling is configured on a Cisco 12000 series router.

Conditions This symptom is observed when packets that are larger than 16,000 bytes come in and cause a significant memory leak in the packet memory.

Symptoms The global configuration mode becomes unlocked before a standby Route Processor (RP) is fully booted up.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.03)S and that is configured with two RPs.

Conditions This symptom is observed on a Cisco 10000 series router when a priority queue is configured on any interface.

Symptoms A standby Route Processor (RP) fails to come up to standby mode and reloads when a switchover occurs.

Conditions This symptom is observed on a Cisco 12000 series router that is configured with two RPs. The LED shows that the secondary RP is in standby mode, but if you make a console connection to the standby RP, the standby RP fails to respond.

Symptoms Continuous fragmented generic routing encapsulation (GRE) packets in the core may cause a line card to reload.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S, Release 12.0(22)S, or Release 12.0(22.3)S.

Conditions This symptom is observed under rare circumstances when a Cisco 12000 series router is booted up with Cisco IOS Release 12.0(21)ST3.

Symptoms "CBUS-4-FIXBADTXVC" tracebacks occur when traffic is being passed. These tracebacks have no operational side effects.

Conditions This symptom is observed in Cisco IOS Release 12.0 S when Xconnect uses Layer 2 Tunneling Protocol version 3 (L2TPv3) for channelized interfaces with PPP or High-Level Data Link Control (HDLC) encapsulation.

Symptoms Performance degradation may occur on an Engine 4 plus line card when traffic engineering (TE) tunnel load balancing is enabled.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.3)S.

Symptoms A Route Processor (RP) may reload when you install a Flash card in slot 1 of the RP.

Symptoms The input queue on a Packet-over-SONET (POS) channel (that is, a physical interface in a channel group) may be wedged.

Conditions This symptom is observed on a Cisco 12000 series router when you configure a POS channel.

Symptoms You cannot attach an output service policy with Class-Based Weighted Fair Queueing (CBWFQ) to an ATM subinterface that is configured for tag switching.

Symptoms If an active Performance Routing Engine (PRE) fails before a standby Performance Route Processor (PRP) is fully configured, the standby PRP may not perform a switchover correctly.

Conditions This symptom is observed on a Cisco 10000 series router in a redundant configuration.

Workaround Do not force a switchover until the standby PRP is fully initialized. If the active PRP fails and the standby PRP does not switch over correctly, reload the standby PRP.

Symptoms During Intermediate System-to-Intermediate System (IS-IS) fragmentation through a Layer 2 Tunneling Protocol version 3 (L2TPv3) session, a "%LINK-4-TOOBIG" error may occur.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.3)S.

Symptoms An extended security access control list (ACL) that has the "lt 0" or "gt 65535" keyword should not match any port. However, when you use a Turbo ACL that has the access-list compiled global configuration command enabled, the "lt 0" or "gt 65535" keyword will match any port.

Conditions The conditions under which this symptom occurs are not known at this time.

Symptoms Fast Reroute (FRR) may fail to trigger if the cause of the failure is registered in the Route Processor (RP) when the link state is already down.

Conditions This symptom may be observed when triggers are delayed, for example when the pos delay triggers interface configuration command is enabled.

Symptoms The running configuration is no longer synchronized after you perform an online insertion and removal (OIR) of the line card followed by a Stateful Switchover (SSO).

Conditions This symptom is observed on a Cisco 10000 series router that is functioning in a high availability (HA) environment and that is connected to a Cisco 12000 series router via an 8-port Fast Ethernet line card, a Gigabit Ethernet line card, or a Gigabit Ethernet Half-Height line card, when the following sequence of events occurs:

The IP address of the line card is configured and saved to the startup configuration.

You perform and OIR on the line card that connects the Cisco 10000 series router to the Cisco 12000 series router.

When the continuous ping of the Cisco 12000 series router is registered again, you enter the redundancy force-failover main-cpu EXEC command on the Cisco 10000 series router.

The output of the show running-config EXEC command and the show ip interface brief EXEC command displays that the line card that connects the Cisco 10000 series router to the Cisco 12000 series router no longer has an IP address configured.

Workaround To restore the proper configuration, enter the copy startup-config running-config EXEC command.

Symptoms A standby Performance Routing Engine (PRE) may not detect all line cards, which causes traffic not to resume after a Stateful Switchover (SSO) has occurred.

Symptoms Label controlled ATM (LC-ATM) bindings may not come up after a Stateful Switchover (SSO) is performed.

Conditions This symptom is observed on a Cisco 7500 series router that is configured with an LC-ATM interface.

Symptoms There is no local tag in the Label Forwarding Information Base (LFIB) for a prefix or tag that is learnt through IP version 4 (IPv4) Border Gateway Protocol (BGP).

Conditions This symptom is observed when the prefix or tag is redistributed through Interior Gateway Protocol (IGP)/Label Distribution Protocol (LDP).

Symptoms If a policy map configuration is based on Multiprotocol Label Switching (MPLS) experimental (EXP) bits, the Weighted Random Early Detection (WRED) profile matching on the EXP bits is not accepted by the policy map.

Symptoms The software access control list (ACL) counter may not increase, but the hardware counter does.

Conditions This symptom is observed when you apply an ACL to multiple interfaces and then update the ACL.

Workaround First remove the ACL from the interfaces, update the ACL, and then apply the ACL again to the interfaces.

Symptoms If a 128-line input access control list (ACL) is configured on an Engine 2 Quad OC-12 line card that has interfaces configured for Virtual Private Network (VPN) and one subinterface for Frame Relay, the line card may reload.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S.

Symptoms Cisco Express Forwarding (CEF) entries are not installed correctly for loopback IP version 6 (IPv6) addresses.

Workaround To enable the entries to be installed, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

Conditions This symptom is observed when an Any Transport over Multiprotocol Label Switching (AToM) virtual circuit (VC) is operational.

Workaround To ensure that the router ID is not changed, configure a loopback interface and enter the mpls ldp router-id loopback force command.

Symptoms On an active Route Processor (RP), label virtual circuits (LVCs) are created, but on a standby RP, LVCs are not created and the control virtual circuit (VC) is blocked. When a switchover occurs, LVCs are still present on an ATM line card. Because the Multiprotocol Label Switching (MPLS) feature only deletes tag entries that time out, stray VCs may remain configured on the router without being noticed.

Conditions These symptoms are observed when tag switching is configured over an ATM interface that is installed in a router that functions in an MPLS environment. When the control VC is set up, ATM LVCs are created automatically when routes are created, but they are only created on the active RP and not on the standby RP.

Symptoms Multiprotocol Label Switching Virtual Private Network (MPLS VPN) may not function on the subinterfaces of a 3-port Gigabit Ethernet (GE) line card. Border Gateway Protocol (BGP) becomes stuck in the "open sent" state on a provider edge (PR) router that is connected to one end of the GE link.

Conditions These symptoms are observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.4)S when Ethernet over MPLS (EoMPLS) microcode is loaded onto the 3-port GE line card.

Symptoms Traffic is not sent through a network when you use an ATM link between a Cisco customer edge (CE) router and a Cisco provider edge (PE) router.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.4.)S.

Conditions This symptom is observed on a Cisco 12000 series router that is configured with two RPs when the Stateful Switchover (SSO) feature is enabled.

Symptoms The shadow state on a standby Route Processor (RP) remains down after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the router interfaces.

Conditions This symptom is observed on a Cisco 12000 series router that is configured with two RPs when the Stateful Switchover (SSO) feature is enabled.

Symptoms The following error message may be displayed on the console of a standby Performance Routing Engine (PRE):

%CHSTM1-3-STATESYNC: Redundancy state synchronization failure slot 1/0 - (invalid parameters)

This message indicates that some of the redundancy features are not functioning correctly on a 1-port channelized OC-12 line card.

Conditions This symptom is observed when at least one 1-port channelized OC-12 line card is installed in a Cisco 10000 series router that is configured with redundant PREs.

Symptoms If a primary Clock Scheduler Card (CSC) is pulled out and reinserted while traffic through an OC-48 line card is running, the inbound traffic will stop being forwarded and the line card may reload.

Symptoms The forwarding of IP version 6 (IPv6) packets from a Cisco 12000 series Engine 3 line card to a Cisco 12000 series Engine 0 line card does not function for certain directly connected hops.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S or Release 12.0(22)S1.

Symptoms Layer 2 Tunneling Protocol version 3 (L2TPv3) Ethernet Xconnect does not transport 802.3-encapsulated packets such as Systems Network Architecture (SNA) packets, Connectionless Network Protocol (CLNP) packets, and Intermediate System-to-Intermediate System (IS-IS) packets.

Conditions This symptom is observed on Cisco 7200 series routers and low-end platforms. The symptom is also observed on Cisco 7500 series routers in nondistributed mode.

Symptoms All Layer 2 management packets are dropped, which causes all interfaces that depend upon keepalives to transition to the down state.

Conditions This symptom is observed on a Cisco 10000 series router in a configuration with a large numbers of interfaces.

Symptoms When you configure Per-Packet Load Balancing (PPLB) and Layer 2 Tunneling Protocol version 3 (L2TPv3) on a 3-port Gigabit Ethernet line card, L2TPv3 may drop packets.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.4)S.

Symptoms An Engine 2 line card may generate "QM-4-STUCK" messages and may stop forwarding traffic.

Conditions This symptom is observed on a Cisco 12000 series router when an adjacent router is booted up.

Symptoms An ATM interface may have some initialization difficulties. Although a ping can pass the ATM interface, when the ATM interface sends traffic and the traffic rate is more than 10 packets per second, the packets will be dropped.

Conditions This symptom is observed randomly. After the router has booted up, some ATM subinterfaces function correctly, whereas some do not.

Workaround Remove the virtual circuit (VC) under the affected subinterface, and reconfigure the VC.

Symptoms A Cisco router may reload when a Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel interface changes to the "Up" state.

Conditions This symptom is observed when load-balanced Interior Gateway Protocol (IGP) paths are configured.

Symptoms The routes in a Cisco Express Forwarding (CEF) table may be mismatched between the Gigabit Route Processor (GRP) and the line cards. You can clear the mismatch by entering the clear cef linecard EXEC command, but if the routes are relearned, the situation will reoccur.

Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)S4 or Release 12.0(22)S when an access control list (ACL) is configured to deny Simple Network Management Protocol (SNMP) packets.

Symptoms Applying some features that are found in the Vanilla uCode bundle on interfaces that have Xconnect enabled may cause Internet Control Message Protocol (ICMP) to fail when the maximum transmission unit (MTU) is exceeded.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22.4)S.

Workaround Remove the above-mentioned features from interfaces that have Xconnect enabled.

Symptoms The Small Form-Factor Plugable (SFP) command-line interface (CLI) is enabled on production images. It should be enabled on nonproduction images and disabled on production images.

Symptoms An OC-12 Dynamic Packet Transport (DPT) line card may reload when IP version 6 (IPv6) is configured on the interface.

Symptoms A Gigabit Route Processor (GRP) or line card may reload at tfib_frr_update_group_output_if.

Conditions This symptom is observed on a Cisco 12000 series router that is configured for Multiprotocol Label Switching traffic engineering (MPLS TE) with Fast Reroute (FRR).

Symptoms A Cisco 12000 series Engine 2 line card may incorrectly drop all packets that are destined for the router. This condition may result in the loss of routing protocol packets, and the protocol connectivity with neighbors may reset.

Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(18)ST or a later release, or Release 12.0(22)S or a later release when heavy utilization of the CPU of the line card occurs.

Symptoms A line card reloads when you enter the shutdown PVC range configuration command followed by the no shutdown PVC range configuration command on a permanent virtual circuit (PVC) through which traffic flows.

Conditions This symptom is observed only when there are multiple PVCs configured and does not occur when a single PVC is shut down and brought up again.

Symptoms When an input access control list (ACL) is configured and the ip unreachables interface configuration command is enabled (which is enabled by default) on an interface, a low rate of packet leakage occurs for those packets that are dropped by the ACL. The rate is the same or less than the expected rate of Internet Control Message Protocol (ICMP) unreachable packets that are sent back to the source. The leak occurs only for IP packets (without the IP Header [L3] option) that have a size that is smaller than 56 bytes.

Conditions This symptom is observed in Cisco IOS Release 12.0 S on a Cisco 12000 series 4-port OC-48c/STM-16c Packet-over-SONET Enhanced Services line card and on a Cisco 12000 series 1-port OC-192c/STM-64 Packet-over-SONET Enhanced Services line card.

Workaround Enter the no ip unreachables interface configuration command on the interface to prevent the packet leakage. However, in this situation, ICMP unreachable packets are not sent back to the source when packets are dropped by the ACL.

Symptoms The IP Source Tracker feature unexpectedly stops functioning on a line card, and packets for the source-tracked destination are not forwarded because the IP Source Tracker feature is stuck in the throttling mode.

Conditions This symptom is observed on a Cisco 12000 series Engine 2 line card. To determine if the line card is in the above-mentioned condition, enable the debug lc hw-throttle hidden command; if the following message recurs every two seconds—even when there is low CPU utilization—the IP Source Tracker feature is stuck in the throttling mode:

Conditions This symptom is observed on a Cisco 12000 series router when a router that is adjacent to the Cisco 12000 series router is rebooted while Border Gateway Protocol (BGP) policy accounting is configured on the Engine 2 line card and traffic is flowing through the line card.

Workaround There is no workaround. When this situation occurs, stop the traffic that is flowing through the Engine 2 line card until Cisco Express Forwarding (CEF) is loaded onto the line card.

Symptoms When member links are removed from a multilink bundle (M2) and configured as members of another multilink bundle (M5), the M5 multilink bundle does not come up.

Conditions This symptom is observed only with the distributed Multilink PPP (MLP) feature when a member link is reconfigured to be a member link of another multilink bundle. This symptom is observed only on Cisco 7500 series and Cisco 7600 series routers.

Conditions This symptom is observed when you toggle a Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) session by toggling the LDP router identification (ID). This situation occurs in Cisco IOS Release 12.0 (21.1)S2, Release 12.0(21.1)SY2, Release 12.2(8.4), Release 12.2(8.4)S, Release 12.2(8.5)T, or later versions of the above-mentioned releases.

Workaround Enter the clear ip route network command to recover from the situation.

Symptoms When a label switching router (LSR) reroutes some destinations and selects another interface, the upstream LSR for these destinations may lose the headend label bindings for them.

Conditions This symptom is observed in a Multiprotocol Label Switching (MPLS) ATM network when Intermediate System-to-Intermediate System (IS-IS) is used as the routing protocol.

Temporary Workaround Enter the clear ip route network EXEC command for the affected destinations until the symptom occurs again.

Symptoms The alarm indication signal (AIS) that is sent by a port adapter is not recognized. The AIS that is sent by the port adapter does not conform to existing standards.

Conditions This symptom is observed in a network in which two T3 multichannel port adapters (PA-MC-2T3) are configured in a back-to-back configuration for M23 framing.

Symptoms A Cisco 12000 series Internet router may reload when the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on a multilink bundle that is connected to a Cisco 7200 series router.

Conditions This symptom is observed on a Cisco 12000 series Internet router that has a 2-port CHOC3/STM1 T1/E1 line card that is connected through an Add-Drop Multiplexor (ADM) to a Cisco 7200 series router that has a channelized E1 PRI port adapter. This symptom is observed in Cisco IOS Release 12.0(17)ST6 and Release 12.0(21)ST2.

Symptoms A Cisco 12000 series 8-port Packet-over-SONET OC-3c/STM-1 line card may reload.

Conditions This symptom is observed when the encapsulation type of one of the interfaces of the line card is set to Frame Relay.

Symptoms Adjacencies that are required to forward packets to an IP Service Engine (ISE) line card are not created properly, and packets cannot be forwarded through a pseudowire or tunnel.

Conditions This symptom is observed on a Cisco 12000 series router when Layer 2 Tunneling Protocol version 3 (L2TPv3) and generic routing encapsulation (GRE) are configured.

Symptoms The "receive" adjacency of an IP Service Engine (ISE) line card may not be created correctly on ingress line cards. This situation prevents a generic routing encapsulation (GRE) tunnel from forwarding packets.

Conditions This symptom is observed when a Cisco 12000 series router is configured with an ISE line card and with more than one GRE tunnel.

Symptoms A Layer 2 Tunneling Protocol version 3 (L2TPv3) connection may not function because the tunnel endpoint cannot be learned.

Symptoms Traffic that is sent from an Engine 3 line card over the switch fabric to Multilink PPP (MLP) bundles that are configured on a 2-port channelized OC-3/STM-1 (DS1/E1) line card drops.

Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S2 or Release 12.0(22.3)S and that is configured with a 4-port IP Service Engine (ISE) OC-12c/STM-42 Packet-over-SONET line card and a 2-port channelized OC-3/STM-1 (DS1/E1) line card.

Symptoms A Cisco 12000 series IP Service Engine (ISE) line card reloads when you exceed the hardware limitation during the configuration of an access control list (ACL).

Conditions This symptom is observed after you have first attached the ACL to several Frame Relay subinterfaces.

Symptoms Web Cache Communication Protocol (WCCP) does not function properly when Cisco Express Forwarding (CEF) is enabled. Bypass packets from the cache engine are dropped instead of being forwarded.

Novell IPX, XNS, and Apollo Domain

Symptoms A router may display a bus error or, if a hard watchdog reset is performed, the router may display a hard watchdog reset_message.

Conditions This symptom is observed on a router that is running Cisco IOS Release 12.2 PI when Internetwork Packet Exchange (IPX) Enhanced Interior Gateway Routing Protocol (EIGRP) is being used.

Wide-Area Networking

Symptoms A router may reload when it is performing heavy IP Control Protocol (IPCP) address negotiations such as those that occur when several hundred links are brought up simultaneously on an ATM or Frame Relay interface.

Conditions This symptom is observed when several hundred IPCP sessions are renegotiated without a recycle of Link Control Protocol (LCP).

Symptoms If you copy the configuration to the running configuration using TFTP, not all of the multilink bundles may transition into the "Up" state.

Conditions This symptom is observed on a Cisco 10000 series router that has a configuration with many multilink bundles.

Symptoms Frame Relay switching does not work on a router when distributed Cisco Express Forwarding (CEF) is configured.

Conditions This symptom is observed if a switched data-link connection identifier (DLCI) is configured directly on a Local Management Interface (LMI) DTE interface on a Cisco 7500 router that has distributed Cisco Express Forwarding (DCEF) configured by entering the frame-relay interface-dlci dlci interface configuration command.

Workaround Use the frame-relay route interface configuration command on the DTE instead of the frame-relay interface-dlci dlci interface configuration command.

Symptoms The frame-relay map interface configuration command may not synchronize correctly to a standby Route Processor (RP).

Conditions This symptom is observed on a Cisco 12000 series router when Frame Relay switching occurs. The symptom is not observed when back-to-back Frame Relay encapsulation is configured.

Symptoms A locally switched Frame Relay connection that is enabled with the connect Frame Relay global configuration command may remain administratively down after a Stateful Switchover (SSO) has occurred, even though the permanent virtual circuit (PVC) state is "active."

Conditions This symptom is observed on a Cisco 7500 series router. The symptom does not occur when you enable the locally switched Frame Relay connection with the frame-relay route interface configuration command.

Workaround To reestablish the connection, enter the no shutdown interface configuration command in the connect submode.

Alternate Workaround To reestablish the connection, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on one of the Frame Relay interfaces.

Symptoms A router may reload because of an SSS memory allocation failure (MALLOCFAIL) during a session establishment.

Conditions This symptom is observed on a Cisco router that functions as a Virtual Private Dialup Network (VPDN) home gateway (HGW) that is using Layer 2 Forwarding (L2F), Layer 2 Tunneling Protocol (L2TP), or PPP Tunnel Protocol (PPTP) as the tunneling protocol.

Resolved Caveats—Cisco IOS Release 12.0(22)S6

Cisco IOS Release 12.0(22)S6 is a rebuild of Cisco IOS Release 12.0(22)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(22)S6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.

IP Routing Protocols

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:

Miscellaneous

Symptoms: Per Interface Rate Control (PIRC) does not act on IP traffic that would have otherwise been tagged (MPLS) if the current hop was not the penultimate hop for a given destination. PIRC does not act on IP traffic with destination addresses that have an implicit-null label as their label binding.