Caveats in Release 12.2(33)SXH and Rebuilds


Note The caveat information is updated frequently.

  • If you have a Cisco.com account that supports access to the Bug Toolkit, you can search for the most current Release 12.2SX caveat information at this URL:

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs


 

Open Caveats in Release 12.2(33)SXH and Rebuilds

 

Identifier
Technology
Description

CSCtb69049

Cisco IOS

Modular IOS "exception kernel filepath..." options are ambigous.

Caveats Resolved in Release 12.2(33)SXH8b

Resolved Cisco IOS Caveats

Symptoms: Memory leak detected in SSH process during internal testing. Authentication is required in order for a user to cause the memory leak.

Conditions: This was experienced during internal protocol robustness testing.

Workaround: Allow SSH connections only from trusted hosts.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2011-2568 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Resolved Legacy Protocols Caveats

sh x25 hunt-group causes %DATACORRUPTION-1-DATAINCONSISTENCY: copy error

Caveats Resolved in Release 12.2(33)SXH8a

Resolved LegacyProtocols Caveats

Cisco IOS Software contains a memory leak vulnerability in the Data-Link Switching (DLSw) feature that could result in a device reload when processing crafted IP Protocol 91 packets.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-dlsw.

 

Identifier
Technology
Description

CSCsw77313

AAA

failed authentication with login command changes the logged user

CSCtj95352

Cisco IOS

SUP32 resets with System NMI:**** SP System NMI: reason 0x00000009

CSCtk81701

Cisco IOS

Memory leak at "pak_pool_cache_item_get"

Caveats Resolved in Release 12.2(33)SXH8

 

Identifier
Technology
Description

CSCsy61321

AAA

tac+ acct is not failing over to next server group

CSCtc19317

AAA

NAS-Port-Type set to incorrect value

CSCtc72862

AAA

C2W2C: Standby router crashes at pagp_switch_mp_create_idb after SSO

CSCtc86306

AAA

Authorization requests not using VRF interface

CSCtd16343

AAA

Radius server declared as dead for MAB if server-private in server group

CSCsg49757

Cisco IOS

Combining Gig-Sub-intf & crypto connect & vlan with crypto engine

CSCsg78501

Cisco IOS

IKE should not delete established tunnel upon RSA key regeneration

CSCsl49350

Cisco IOS

Console keep showing %SYS-3-CPUHOG, process =Per-minute Jobs

CSCsm30920

Cisco IOS

"shutdown vlan" fails with SSO

CSCso59974

Cisco IOS

BGP session goes idle after SSO switchover

CSCsq07729

Cisco IOS

VSS: flowcontrol incompatible msg when standby switch port add in bundle

CSCsq33458

Cisco IOS

IOS new IKE sa uses DOI of zero when ipsec sa already exists

CSCsr41377

Cisco IOS

W1.3: after changing native vlan, CDP still send old native VLAN TLV

CSCsu52504

Cisco IOS

%LINEPROTO-SP-5-UPDOWN msg is output when changing cdp configuration

CSCsu67919

Cisco IOS

SIP crashes - hqf_cwpa_pak_enqueue_local

CSCsv82285

Cisco IOS

Cat6k: UDP port 10000 is opened by default

CSCsw36363

Cisco IOS

SUP32 temperature sensor AUX-1 temperature: N/O

CSCsw69621

Cisco IOS

BR DOWN if inside bgp is only type of learning configured

CSCsw96176

Cisco IOS

BFD sessions with version 0 do not come up properly following a reload

CSCsx24934

Cisco IOS

CPU Monitor not heard and ipc TBs on Active VSS switch on issuing Reload

CSCsx56011

Cisco IOS

Switch may crash when issuing "show mac-address-table"

CSCsz23099

Cisco IOS

Memory leak due to CEF: loadinfos in Collection proc

CSCta56305

Cisco IOS

Detector data port operation status not OK after boot

CSCta61568

Cisco IOS

Forwarding loop after adding vlan to MST instance

CSCtb52180

Cisco IOS

set vrf nvgened while vrf deletion in progress causes standby to reload

CSCtb65406

Cisco IOS

QoS ACL May Not Program L4 ports Correctly In TCAM

CSCtb83776

Cisco IOS

X6148A-GE-TX-Outdiscard incrementing if queue-limit of priority Q is 0

CSCtc22760

Cisco IOS

VSS ENH: Immediate reset LC after crash occurrs on stdby chassis LC

CSCtc28953

Cisco IOS

Crash on cat6k running MPLS: see resolution note and CSCtc82349

CSCtc30868

Cisco IOS

Irregular CPU (peaks) on Cat6500 rtr responder

CSCtc39052

Cisco IOS

svclc module command adds firewall module command to configuration

CSCtd18807

Cisco IOS

"set ip next-hop <>" should lookup next hop in VRF when used on VRF int

CSCtd39596

Cisco IOS

OIR of the LC causes bootup diagnostic to fail on TestL3VlanMet

CSCtd49505

Cisco IOS

VSS gets to be multicast traffic blackhole after DAD or switchover

CSCtd64261

Cisco IOS

LBL config sync failure for extended vlan name changes

CSCtd82666

Cisco IOS

[VSS] Incorrect pMASK fpoe on standby causes traffic black-holed

CSCtd91871

Cisco IOS

EZVPN - memory leak after ungraceful disconnect of client behind PATl

CSCte01410

Cisco IOS

lost packests between FWSM and engine when switchover by SSO

CSCte15193

Cisco IOS

c2w2c:"no spanning-tree vlan 16" command is not removed from standby

CSCte21190

Cisco IOS

WS-X6148A-GE-TX ports 25-32 stop forwarding traffic

CSCte40472

Cisco IOS

FWSM: Private vlan association not syncing on VSS systems from switch

CSCte43407

Cisco IOS

No %LINK-3-UPDOWN log for SPAN destination port

CSCte48967

Cisco IOS

VSS : isolated pvlan not associated with VRF on DFCs

CSCte56437

Cisco IOS

TCP connection loss due to NAT incorrect translation on cat6500

CSCte72214

Cisco IOS

ME6500 - Traffic may be dropped on applying cos-map.

CSCte79217

Cisco IOS

ICCQ never decreases, flow stats affected, (S,G) expires

CSCte81230

Cisco IOS

IP Source Guard feature goes into an incorrect state

CSCte83052

Cisco IOS

Xauth is getting disabled when putting keyring into isakmp profile12.2

CSCte89428

Cisco IOS

SNMP tty traps not sent

CSCte90261

Cisco IOS

6500 PoE issues with 1120 and 1230 line of APs when using dot1x

CSCte99373

Cisco IOS

extranet: mrib S,G entry never removed after pim disabled on IIF

CSCtf02760

Cisco IOS

Kernel crash (cache error) without any crashinfo generated

CSCtf12634

Cisco IOS

SXH:idb->vlan_id on RP not getting updated on trunk native vlan change

CSCtf18863

Cisco IOS

REDZONEERROR and crash seen on SXH6 after install operation

CSCtf37626

Cisco IOS

Ospf flaps with oversubscription on enhanced flexwan Multilink T1

CSCtf39183

Cisco IOS

OBFL Master may not be initialized after IOS upgrade from SXF to SXH

CSCtf51541

Cisco IOS

Mistral reset due to TM_DATA_PARITY_ERROR error

CSCtf52407

Cisco IOS

Sup720 may reload when passing GRE traffic

CSCtf54617

Cisco IOS

Supervisor fails to come up due to bad compact flash.

CSCtf62507

Cisco IOS

Netflow s/w switched flow not entried if disable/enable ip flow ingress

CSCtf91692

Cisco IOS

Insertion of 6708/6716 linecard into the chassis resets another linecard

CSCtf97963

Cisco IOS

VSS DFC card miss MN setting, 4Sup: ICS MN ORPOE error

CSCtg37826

Cisco IOS

Inter range command doesn't work

CSCtg55075

Cisco IOS

IOS SLB may not purge netflow shortcut properly

CSCtg58235

Cisco IOS

Minor Error @ bootup on multiple 8xCHT1/E1 SPA cards.

CSCtg68012

Cisco IOS

%SCHED-3-THRASHING: Process thrashing on watched mssg event

CSCtg73213

Cisco IOS

c2w2c - Crash seen on Configuring ATMoMoGRE

CSCtg78883

Cisco IOS

Patch triggers EARL Recovery.

CSCth04998

Cisco IOS

[VSS] DFC installs drop index for MAC-address

CSCth13572

Cisco IOS

C2W2C: WS-X6716-10GE Failed TestMacNotification and reset after VSS SSO

CSCth23794

Cisco IOS

interfaces errdisable with "vlan intern alloc policy descending" config

CSCth42223

Cisco IOS

DOT1X security violation message not report the interface mode

CSCth46650

Cisco IOS

Traffic not get through between promiscuous and isolated in Mux mode

CSCth55383

Cisco IOS

%EARL-DFC2-2-SWITCH_BUS_IDLE message after "show tech"

CSCth60232

Cisco IOS

SXH: Port-channel interface flap when changing vlan mask

CSCth76204

Cisco IOS

TestSPRPInbandPing - No swover/crash after failure threshold reached

CSCti23872

Cisco IOS

traceroute double hop with set vrf due to double ttl decrement

CSCti36394

Cisco IOS

SXH Firmware - Heathland Board Layer Test Error Counter Monitor

CSCti84718

Cisco IOS

CPUHOG @ ipnat_ipalias_check_waitlist+E8 after sh/nosh PBR po int

CSCti85352

Cisco IOS

W1.8: Removing vlan-group from fw mod,vlan-gp already assign get removed

CSCsh47251

Infrastructure

3700 crashes as soon as loading image

CSCsl05310

Infrastructure

%SCHED-3-STUCKMTMR tb's seen with 1022 ION

CSCsy24505

Infrastructure

Process "sbin/dfs_disk0.proc" crashed while inserting CF @ dfs_id_delete

CSCtc87480

Infrastructure

dir slavenvram and wr mem triggers slavenvram:/(Device or resource busy)

CSCtd62220

Infrastructure

%DATACORRUPTION-1-DATAINCONSISTENCY: copy error,

CSCte52416

Infrastructure

VSS member switch crash when power down active switch

CSCtg19572

Infrastructure

Memory leak in two dfs processes

CSCtg64468

Infrastructure

indefinit loops in get_bufferpool_info() & get_buffercachepool_info()

CSCth01674

Infrastructure

*Dead* memory increasing in (coalesced)

CSCsa94774

IPServices

NAT default breaks Traceroute response

CSCsy74796

IPServices

Memory leak at ip_multicast_ctl (when creating/deleting interfaces?)

CSCsz05783

IPServices

NAT translation fails with certain ALG traffic

CSCta56667

IPServices

tcp.proc displays excessive cpu usage

CSCtd21890

IPServices

Router crash at dhcp autoinstall

CSCtf34691

IPServices

HSRP group name tied to static NAT for redundancy is not saved to config

CSCsk98507

LegacyProtocols

Device crash@novell_send_gen_rip_query.

CSCte78230

LegacyProtocols

DLSw Ethernet Redundancy and IPV6 will not work together

CSCta48816

Management

CDP Protocol: %SYS-2-GETBUF: Bad getbuffer, bytes= 32717

CSCtc90579

MPLS

Block allocated by 'rsvp_hc_db_nbr_alloc' gets corrupted

CSCth36724

MPLS

Router reload while unconfiguring vrf interfaces in HA scale tests

CSCth38699

Multicast

Auto-RP for multicast triggers RP-Discovery with 0 RPs

CSCso26773

QoS

qos: PI-code: police percent above 43% is not correct for 10G interface

CSCsu99767

Routing

EIGRP:peer does not send UPDATE to NSF/SSO restarting peer router

CSCtc72772

Routing

Bulk sync failure and Standby reloads continuously @ "clns route"

CSCtd49246

Routing

round-trip average of ping MIB may show less value

CSCtd81664

Routing

Not possible to "set ip next-hop" in vrf with import-map

CSCtf06436

Routing

high CPU due to HW backwalk continually walking the looped OCE chain

CSCtf28793

Routing

bgp aggregate-address suppress-map does not suppress specific prefixes

CSCtf64231

Routing

Inbound route-map change shouldn't be effective immediately

CSCtg27206

Routing

Static route not redistributed by RIP after link flap

CSCsb10291

Security

$$TS: Router forced crash on PKI Bind service failure (C_UnbindService)

CSCsf17411

Security

trustpoint authentication fails if key usage is non standard

CSCsk22496

Security

Router crashes @ssh_command when remoove crypto key

CSCsv86113

Security

SSH on VRF int is allowed irrespective of vrf-also key

CSCsv92274

Security

SSH process might not handle some IPC messages

CSCsz05583

Security

crypto pki config nvgened before ip config on which it depends - slow

CSCta77073

Security

Router Crash while unconfiguring crypto trustpoint

CSCtf47512

Security

SXH5: Memory leak in ACE HAPI and IPSec Key Engine

CSCtg11808

Security

VSS: Standby supervisor reloads when crypto pki trustpoint removed

CSCti26768

Security

Bus error while re-configuring a trustpoint

CSCtd22993

WAN

SNMP ifIndex for certain serial interfaces becomes inactive

CSCtf03928

WAN

NTP packets received but ignored by the NTP process

Caveats Resolved in Release 12.2(33)SXH7

Resolved AAA Caveats

Symptoms: The Cisco IOS software image may unexpectedly restart when a crafted “msg-auth-response-get-user” TACACS+ packet is received.

Conditions: This symptom is observed after the Cisco platform had send an initial “recv-auth-start” TACACS+ packet.

Workaround: There is no workaround.

Resolved Multicast Caveats

Symptoms: A router may reload after reporting SYS-3-OVERRUN or SYS-3-BADBLOCK error messages. SYS-2-GETBUF with ‘Bad getbuffer’ error may also be reported.

Condition: Occurs when PIM auto-RP is configured and IP multicast boundary is enabled with the filter-autorp option.

Workaround: Configure IP multicast boundary without the filter-autorp option.

Symptom: A Cisco IOS device may experience an unexpected reload as a result of mtrace packet processing.

Conditions:

Workaround: None other than avoiding the use of mtrace functionality.

Resolved Security Caveats

Symptoms: A Cisco router that is running Cisco IOS Release 12.4(25) may crash due to SSH.

Conditions: This symptom occurs when SSH is enabled on the router. An attempt to access the router via SSH is made.

Workaround: Do not use SSH. Disable SSH on the router by removing the RSA keys:

“crypto key zeroize rsa”

Further Problem Description: This issue has not been seen in Cisco IOS Release 12.4(23) and earlier releases. It also has not been seen in Cisco IOS Release 12.4T images.

Symptoms: Malformed SSH version 2 packets may cause a memory leak.

Conditions: This symptom is observed on a Cisco platform configured for SSH version 2 after it has received malformed SSHv2 packets. The impact of this flaw is that the affected platform may operate in a degraded condition. Under rare circumstances it may reload to recover itself.

Workarounds: Options consist of using SSH version 1 in the interim until the affected platform can be upgraded to a fixed release or permitting only known trusted hosts/networks that can connect to the router by using a VTY access list.

Following are examples of the workarounds:

Configure SSH version 1

Configure SSH version 1
+----------------------
!-- configure from global config mode
!
config t
!
ip ssh version 1
end
 
VTY access-list
+--------------
!-- 10.1.1.0/24 is a trusted network that
!-- is permitted access to the router, all
!-- other access is denied
!
access-list 99 permit 10.1.1.0 0.0.0.255
access-list 99 deny any
!
line vty 0 4
access-class 99 in
end
 

More information about configuring VTY access lists is available in Cisco IOS Security Configuration Guide: Securing the Data Plane, Release 12.4T Controlling Access to a Virtual Terminal Line:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/12-4t/sec-cntrl-acc-vtl.html

More information about SSH on IOS is available in the Configuring Secure Shell on Routers and Switches Running Cisco IOS guide:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Resolved Unknown Caveats

Symptom: 6500 may experience redzone crash at UDLD process. Message may appear %SYS-SP-3-OVERRUN: Block overrun at 44456570 (red zone 6D000700) -Traceback= 40291448 402938DC 40D74570 40D763A0

Traceback will vary from code to code.

Conditions: UDLD configured

Workaround: Disable UDLD.

Symptoms: Upgrade from 12.2(18)SXF6 to 12.2(33)SXH5 introduced additional vty lines to the running-configuration (vtp line 5 - 15). These new lines do not inherit the security ACL or transports configured by the customer on the old lines (0-4). Switch upgrade caused device to be non-compliant with network security policy defined by customer.

Condition: Software upgrade from 12.2(18)SXF6 to 12.2(33)SXH5.

Workaround: We have to manually configure the ACL for those newly introduced vty lines.

Symptom: Currently in EARL7 system, For an IPv6 packet the 96 bytes cover DBUS header (22), Ether header (14), IPv6 harder (40), IPv6 extension headers, and L4 header. That means only 20 bytes (96 - 22 - 14 - 40) are for extension header(s) and L4 header. So even packet with small extension header(s) can use up to 20 bytes that would cause l4_hdr_vld = 0. When that happens, all L4 features cannot be applied and packet would be hardware forwarded based on L3 forwarding result.

Conditions: This issue is present from day one but would cause threat only when ipv6 access-list is configured on any interface and that access-list is containing L4 options.

Workaround: No Workaround

Conditions: When an ipv6 RACL is confiured on an interface. All packets containing ipv6 optional headers are punted to RP. But if any packets that are sent with no L4 header are also hitting this punt entry present at the top of tcam.

Workaround: No Workaround:

Symptoms: A Cat4k switch may reload after receiving a malformed packet on one specific specific port.

Conditions: This symptom may be observed on a Cat4k switch that enables DNSIX audit trail and recieves crafted IP packets on a specific port.

Workaround: Do not enable the DNSIX audit trail.

Resolved WAN Caveats

Symptom: Cisco IOS Software is affected by NTP mode 7 denial-of-service vulnerability. Note: The fix for this vulnerability has a behavior change affect on Cisco IOS Operations for Mode 7 packets. See the section Further Description of this release note enclosure.

Conditions: Cisco IOS Software with support for Network Time Protocol (NTP) contains a vulnerability processing specific NTP Control Mode 7 packets. This results in increased CPU on the device and increased traffic on the network segments.

This is the same as the vulnerability which is described in http://www.kb.cert.org/vuls/id/568372

Cisco has release a public facing vulnerability alert at the following link:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19540

Cisco IOS Software that has support for NTPv4 is NOT affected. NTPv4 was introduced into Cisco IOS Software: 12.4(15)XZ, 12.4(20)MR, 12.4(20)T, 12.4(20)YA, 12.4(22)GC1, 12.4(22)MD, 12.4(22)YB, 12.4(22)YD, 12.4(22)YE and 15.0(1)M.

All other versions of Cisco IOS and Cisco IOS XE Software are affected.

To see if a device is configured with NTP, log into the device and issue the CLI command show running-config | include ntp. If the output returns either of the following commands listed then the device is vulnerable:

ntp master <any following commands>
ntp peer <any following commands>
ntp server <any following commands>
ntp broadcast client
ntp multicast client
 

The following example identifies a Cisco device that is configured with NTP:

router# show running-config | include ntp
ntp peer 192.168.0.12
router#
 

The following example identifies a Cisco device that is not configured with NTP:

router# show running-config | include ntp
router#
 

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to “Cisco Internetwork Operating System Software” or “Cisco IOS Software.” The image name displays in parentheses, followed by “Version” and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L:

Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
 
<output truncated>
 

The following example shows a product that is running Cisco IOS Software release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M:

Router# show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 10-Jul-08 20:25 by prod_rel_team
 
<output truncated>
 

Additional information about Cisco IOS Software release naming conventions is available in “White Paper: Cisco IOS Reference Guide” at the following link:

http://www.cisco.com/web/about/security/intelligence/ios-ref.html

Workaround: There are no workarounds other than disabling NTP on the device. The following mitigations have been identified for this vulnerability; only packets destined for any configured IP address on the device can exploit this vulnerability. Transit traffic will not exploit this vulnerability.

Note: NTP peer authentication is not a workaround and is still a vulnerable configuration.

NTP Access Group

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender’s IP address, which may defeat access control lists (ACLs) that permit communication to these ports from trusted IP addresses. Unicast Reverse Path Forwarding (Unicast RPF) should be considered to be used in conjunction to offer a better mitigation solution.

!--- Configure trusted peers for allowed access
access-list 1 permit 171.70.173.55
!--- Apply ACE to the NTP configuration
ntp access-group peer 1
 

For additional information on NTP access control groups, consult the document titled “Performing Basic System Management” at the following link:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#wp1034942

Infrastructure Access Control Lists

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender’s IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks.

Infrastructure ACLs (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example below should be included as part of the deployed infrastructure access-list, which will help protect all devices with IP addresses in the infrastructure IP address range:

!---
!--- Feature: Network Time Protocol (NTP)
!---
 
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD
INFRASTRUCTURE_ADDRESSES WILDCARD eq 123
 
!--- Note: If the router is acting as a NTP broadcast client
!--- via the interface command "ntp broadcast client"
!--- then broadcast and directed broadcasts must be
!--- filtered as well. The following example covers
!--- an infrastructure address space of 192.168.0.X
 
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD
host 192.168.0.255 eq ntp
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD
host 255.255.255.255 eq ntp
 
!--- Note: If the router is acting as a NTP multicast client
!--- via the interface command "ntp multicast client"
!--- then multicast IP packets to the mutlicast group must
!--- be filtered as well. The following example covers
!--- a NTP multicast group of 239.0.0.1 (Default is
!--- 224.0.1.1)
 
access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD
host 239.0.0.1 eq ntp
 
!--- Deny NTP traffic from all other sources destined
!--- to infrastructure addresses.
 
access-list 150 deny udp any
INFRASTRUCTURE_ADDRESSES WILDCARD eq 123
 
!--- Permit/deny all other Layer 3 and Layer 4 traffic in
!--- accordance with existing security policies and
!--- configurations. Permit all other traffic to transit the
!--- device.
 
access-list 150 permit ip any any
 
!--- Apply access-list to all interfaces (only one example
!--- shown)
 
interface fastEthernet 2/0
ip access-group 150 in
 

The white paper entitled “Protecting Your Core: Infrastructure Protection Access Control Lists” presents guidelines and recommended deployment techniques for infrastructure protection access lists and is available at the following link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

Control Plane Policing

Provided under Control Plane Policing there are two examples. The first aims at preventing the injection of malicious traffic from untrusted sources, whilst the second looks at rate limiting NTP traffic to the box.

—Filtering untrusted sources to the device.

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender’s IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Control Plane Policing (CoPP) can be used to block untrusted UDP traffic to the device. Cisco IOS software releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be configured on a device to help protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP, which will help protect all devices with IP addresses in the infrastructure IP address range.

!--- Feature: Network Time Protocol (NTP)
 
access-list 150 deny udp TRUSTED_SOURCE_ADDRESSES WILDCARD
any eq 123
 
!--- Deny NTP traffic from all other sources destined
!--- to the device control plane.
 
access-list 150 permit udp any any eq 123
 
!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and
!--- Layer4 traffic in accordance with existing security policies
!--- and configurations for traffic that is authorized to be sent
!--- to infrastructure devices
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature
 
class-map match-all drop-udp-class
match access-group 150
 
!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.
 
policy-map drop-udp-traffic
class drop-udp-class
drop
 
!--- Apply the Policy-Map to the
!--- Control-Plane of the device
 
control-plane
service-policy input drop-udp-traffic
 

In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the “permit” action result in these packets being discarded by the policy-map “drop” function, while packets that match the “deny” action (not shown) are not affected by the policy-map drop function.

—Rate Limiting the traffic to the device The CoPP example below could be included as part of the deployed CoPP, which will help protect targeted devices from processing large amounts of NTP traffic.

Warning: If the rate-limits are exceeded valid NTP traffic may also be dropped.

!--- Feature: Network Time Protocol (NTP)
 
access-list 150 permit udp any any eq 123
 
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature
 
class-map match-all rate-udp-class
match access-group 150
 
!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.
!--- NOTE: See section "4. Tuning the CoPP Policy" of
!--- http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html#5
!--- for more information on choosing the most
!--- appropriate traffic rates
 
policy-map rate-udp-traffic
class rate-udp-class
police 10000 1500 1500 conform-action transmit
exceed-action drop violate-action drop
 
!--- Apply the Policy-Map to the
!--- Control-Plane of the device
 
control-plane
service-policy input drop-udp-traffic
 

Additional information on the configuration and use of the CoPP feature can be found in the documents, “Control Plane Policing Implementation Best Practices” and “Cisco IOS Software Releases 12.2 S - Control Plane Policing” at the following links:

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

Further Description: Cisco IOS Software releases that have the fix for this Cisco bug ID, have a behavior change for mode 7 private mode packets.

Cisco IOS Software release with the fix for this Cisco bug ID, will not process NTP mode 7 packets, and will display a message “NTP: Receive: dropping message: Received NTP private mode packet. 7” if debugs for NTP are enabled.

To have Cisco IOS Software process mode 7 packets, the CLI command ntp allow mode private should be configured. This is disabled by default.

Other Resolved Caveats in Release 12.2(33)SXH7

 

Identifier
Technology
Description

CSCsi54201

AAA

IDMGR-3-INVALID_ID error message

CSCsq71492

AAA

IOS device crash or tracebacks at tplus_handle_req_timeout

CSCsx15897

AAA

Cisco 3800 shows symptoms of memory leak in AAA component

CSCsy55362

AAA

Unresponsive Console/VTYs

CSCtc27153

ATM

Shaping configuration does not work in SXH

CSCsb95192

Cisco IOS

RRI with HA doesnt populate the routes correctly - static keyword

CSCsk18794

Cisco IOS

speed and negotiation configuration issue on FE-TX-V2 SPA

CSCsk49041

Cisco IOS

crypto_ikmp_utils.c: possible Invalid Pointer Read

CSCsk66851

Cisco IOS

*,G/m entry does not have OIF programmed in HW sometimes

CSCsk86410

Cisco IOS

Abnormal ISAKMP traffic caused an alignment error and traceback.

CSCsl30308

Cisco IOS

PIM snooping corrupts PIM RPF Proxy packet

CSCsl70542

Cisco IOS

OBFL:high cpu during interrupt coalesce

CSCsl87677

Cisco IOS

changing the access vlan doesn't reflect the vlan of the secure configur

CSCsm40013

Cisco IOS

Multiple LC crash after shuting down TE tunnel interface

CSCsm63524

Cisco IOS

SUP32 crashes due to SP hang when it recovers from errdisable

CSCsm96309

Cisco IOS

OIR-SP-4-WARN message displayed when PS1 or FAN removed

CSCsq01879

Cisco IOS

7600 EoMPLS mls cef entry for imposition is programmed mtu 0

CSCsq63621

Cisco IOS

SPD classifies OSPF IP Precedence 0 as priority

CSCsr09586

Cisco IOS

Remarks not appearing correctly in Policy Based ACL

CSCsr50134

Cisco IOS

Router or Linecard may reload at cv6_6pe_frr_stats

CSCsr74002

Cisco IOS

7600 - VPLS - QinQ- UDLD packet received on qinq flooded to vpls

CSCsu31088

Cisco IOS

Not able to execute any commands under intf after running SPA FPGA bert

CSCsu72935

Cisco IOS

C2W2B: memory corruption on 122-32.8.11.XIW20 (w2_x_pi) image

CSCsu84213

Cisco IOS

RPF-MFD hardware entry is missed after doing SSO.

CSCsu99813

Cisco IOS

C2HD1-SI:Span Distributed Stops Traffic - Centralized Duplicates

CSCsv13243

Cisco IOS

BFD config causing BGP session to go down

CSCsv40523

Cisco IOS

WISM: Gig interfaces show as unknown(4)

CSCsv43187

Cisco IOS

120seconds after SSO, Some multicast traffic drops

CSCsw40790

Cisco IOS

SNMP Loop on PA-MC-T3+ interfaces (Installed)

CSCsx65705

Cisco IOS

router crash on no route-map with match ipv6 address access-list

CSCsx74064

Cisco IOS

On modular IOS, SSH on VRF int is allowed irrespective of vrf-also key

CSCsx79379

Cisco IOS

IOS Auth Proxy HTTP may lead to bus error adress 0x0

CSCsy04594

Cisco IOS

Vlan interfaces flap when a root guard port receive superior bpdu

CSCsy37236

Cisco IOS

High CPU at Filesys process on DFC LC and crash at btree_map_search

CSCsy54583

Cisco IOS

TTY data process on DFC leaks memory at prot_tty_malloc_named

CSCsy56433

Cisco IOS

Sh rom intermittently fails to display correct region info for standby

CSCsy58553

Cisco IOS

Linecard reset causes traffic onto frr protected tunnel to be dropped

CSCsy66446

Cisco IOS

%BIT-SP-4-OUTOFRANGE ltl_fpoe_defer_notify_with_pri on port-channel flap

CSCsy66678

Cisco IOS

stp_helper_manipulate_queue: standby SP CPUHOG

CSCsy81934

Cisco IOS

Non-standard static multicast MAC addresses lose ports after reload

CSCsy86252

Cisco IOS

SP Crash printing "supervisor jamming EOBC. It will be disabled."

CSCsz04297

Cisco IOS

Cat6k: False Dynamic MAC entry is installed with format 0000.<LTL>.0000

CSCsz19246

Cisco IOS

Crash after 'no dot1x port-control auto'

CSCsz36826

Cisco IOS

6509E fan-tray failed to restore back to HP mode after OIR

CSCsz38798

Cisco IOS

On SSO, Sup engine/DFC module get reset when MET set deleted

CSCsz53124

Cisco IOS

IPSEC VPN interoperability issue when IPCOMP compression enabled

CSCsz53809

Cisco IOS

Configuring vlan name containing space doesnt work across reload.

CSCsz69993

Cisco IOS

Pause frames on WS-X6708-10GE sent to cpu with flow-control disabled

CSCsz96469

Cisco IOS

Tracebacks seen @chunk_free_with_pc while unconfiguring

CSCta06428

Cisco IOS

VSS: Active Crash at iccp_test_get_first_mcast_resp_data

CSCta06451

Cisco IOS

PfR:BR Memory leak in export path on 7600

CSCta15851

Cisco IOS

Changing allowed vlan mask causes WiSM LAG member ports to reset

CSCta29818

Cisco IOS

Enhanced-Flexwan Module Power Down after Code Upgrade from SXF to SXH

CSCta42669

Cisco IOS

C2W1: segv exception after portchannel configuration

CSCta45976

Cisco IOS

BFD adj not formed if NBR IPaddr is on the same RTR but w diff VRFintf

CSCta56676

Cisco IOS

IPsec SA liftime can go to negative values

CSCta56890

Cisco IOS

WiSM LAG and Data Ports flaps on SSO Switchover

CSCta71873

Cisco IOS

Mcast traffic stops flowing across fabric to required fpoes

CSCta95295

Cisco IOS

IOMEM depleted when PKI servers unavailable for CRL checking

CSCta98108

Cisco IOS

With NAT, on Netflow database cleanup timer expiry, CPU spikes on 7600

CSCtb04231

Cisco IOS

Imprecise parity error crash due to mistral timeout

CSCtb31400

Cisco IOS

BGP sends Route-Refresh request on entering route-map configuration

CSCtb45475

Cisco IOS

sh plat hard capacity cpu report system memory usage incorrectly

CSCtb62031

Cisco IOS

cat6k: High cpu and high inband when reflexive ACL is used with WCCP

CSCtb70578

Cisco IOS

L2PT incorrectly decapsulates STP PDU for RSPAN causing PVID mismatch

CSCtb72638

Cisco IOS

Ezvpn server not sending split tunneling access-list to client

CSCtb78973

Cisco IOS

PM-SP-3-INTERNALERROR: Port Manager Internal Software Error with dot1x

CSCtb84298

Cisco IOS

Shadow state of wism PO line protocol down on stdby After OIR of WiSM

CSCtb87149

Cisco IOS

NF is disabled on L3 sub-intf with per interface NF enabled

CSCtc11691

Cisco IOS

VSS: Switch crashes after loading the sierra 090920 image

CSCtc15386

Cisco IOS

IOS tags VLAN name configuration command as level 1

CSCtc16740

Cisco IOS

Global BPDUGuard does not work on MVAP ports

CSCtc17058

Cisco IOS

VC stops sending traffic due to duplicate vpn id in port based EoMPLS

CSCtc22217

Cisco IOS

SPA-8X1FE-TX-V2 negotiation auto and duplex mode issue

CSCtc24864

Cisco IOS

Enable cdp - removed on shut/ no shut dot1q-tunnel interface

CSCtc27745

Cisco IOS

LLDP packets go out tagged if native vlan (not Vlan1) is configured

CSCtc30691

Cisco IOS

Crash/Spurious memory access on privilege ipaddr-object-group/port-objec

CSCtc38716

Cisco IOS

ME6524 may reset due to single power supply failure

CSCtc38771

Cisco IOS

12.2SXH: Intermittent BPDU drop over Dot1Q tunnel.

CSCtc40724

Cisco IOS

Multicast packets may get dropped on 6500 when member join mcast group

CSCtc40851

Cisco IOS

traceback on applying port acl to interface.

CSCtc49542

Cisco IOS

VSS: output drops on VS-720 port due to CoS mapping mismatch

CSCtc52807

Cisco IOS

C2HD1-SI: L3 Portchannel's FPOE mask incorrect after SSO

CSCtc53958

Cisco IOS

"sh run" on Cat6k results in tunnel flapping on non-modular IOS

CSCtc79335

Cisco IOS

Sup Crash on several locations with IP SEC config

CSCtc81772

Cisco IOS

High cpu utilization with IPv6 ACL

CSCtc90469

Cisco IOS

Sup32 crash just after boot up with ACL Deny Test Failure

CSCtd01483

Cisco IOS

With fm platform debug on when private-host is config'd the switch crash

CSCtd13853

Cisco IOS

Linecard interfaces going into UDLD errdisable state on reload

CSCtd16863

Cisco IOS

6500 PoE issues with 1120 line of APs when using dot1x

CSCtd18947

Cisco IOS

Port-based EoMPLS stops passing tagged traffic

CSCtd21153

Cisco IOS

Packets are not netflow switched for wccp-L2-redirect(inbound)with hash

CSCtd31143

Cisco IOS

SPA in CC mode with SSO breaks connectivity when other sup comes online

CSCtd35521

Cisco IOS

MVPN PIM neighborship is not formed within vrfs

CSCtd45736

Cisco IOS

EOAM:LB functionality is broken from 11/17 due to CSCtb70578

CSCtd58314

Cisco IOS

memory corruption crash with sh ip arp inspect log

CSCtd59572

Cisco IOS

Spurious memory access errors seen after fpd upgrade of T3/E3 on SIP200

CSCtd59664

Cisco IOS

%ERROR: Standby doesn't support this on configuring speed on SIP-400 int

CSCtd72437

Cisco IOS

Packets punted to software forwarding when route-map is used for NAT

CSCtd78587

Cisco IOS

Crash when recovering a port which was err-disabled twice

CSCtd92043

Cisco IOS

Ph2 rekey use wrong proxy-id's on cat6k ezvpn ipsec-spa-2g

CSCte08785

Cisco IOS

mac notification change history log not seen for deleted mac entries.

CSCte20914

Cisco IOS

SPAN Reflector not enabled for WS-SVC-ADM-1-K9 : 2nd Commit

CSCte56366

Cisco IOS

DSCP values are not mapped to RX priority queue

CSCte87347

Cisco IOS

FPGA upgrade of CHT1E1 to 2.8 is not successful

CSCtf03547

Cisco IOS

VSS: Switch went down coz %EARL-SW1_SP-4-EBUS_SEQ_ERROR: with SXH7 image

CSCtf06477

Cisco IOS

VSS: changing switching mode powers down service modules in SXH

CSCtf16330

Cisco IOS

DHCP Rogue Server Detection : Multiple DHCPDISCOVER's issue

CSCtf53433

Cisco IOS

Knob 'platform ipv6 acl punt extension-header' default should be false

CSCei86912

Infrastructure

Router reloads unexpectedly while issuing GD commands

CSCin66315

Infrastructure

Inconsistency with sysuptime and rttMonLatestRttOperTime

CSCsj27963

Infrastructure

Need graceful handling of full nvram

CSCsk85192

Infrastructure

copy command with : after attribute is not checked against ACS..

CSCsl52962

Infrastructure

interface range Port-channel command causes RP crash

CSCsm80522

Infrastructure

Zero size crash file generated with "test crash" on Sip 600 module

CSCso40612

Infrastructure

7600 HA router crashed @ parser_syntax_cleanup on

CSCso48834

Infrastructure

ip sla config with udp-jitter probe failed due to no connection

CSCso56916

Infrastructure

persistent variable "snmpboot" don't get incremented after reload

CSCse59109

IPServices

high CPU usage when IP SLA is enabled

CSCsi99841

IPServices

vrf-aware trustpoint authentication/enrollment doesn't work

CSCsm52759

IPServices

% Internal software error: 22 seen on telnetting to ipv6 hosts

CSCsz72591

IPServices

Router configured as a DHCP client crashes with crafted DHCP packet.

CSCsz97239

IPServices

PmtuAger Expiration and MSS value

CSCtc55616

IPServices

RSA key generation from SSH session disables SSH service in ION

CSCtd13820

IPServices

Show Standby causes unexpected exception to CPU: crash at standby_show

CSCtd32285

IPServices

No nat translation with PAT applied on VRF interfaces

CSCsc62963

LAN

Have configurable MTU Range 1500 -1530 on PA-1FE and PA-2FE

CSCsz05918

Management

CDP neighbors do not come up on vlan interface

CSCsz75221

Management

A local variable in cdp takes up 2k process stack space-prompting crash

CSCtc40711

Management

next-hop verify-availability still forwards traffic with no CDP neighbor

CSCtd43540

Management

Memory leak at cdp_handle_version_info

CSCtb76828

Multicast

%SYS-2-BADSHARE: Bad refcount in datagram_done for MSDP process

CSCsm42477

QoS

Sierra:Standby reloaded on QOS configuration.

CSCso29025

QoS

Sip-400: Traceback msgs at process_ok_to_reschedule

CSCsq11897

Routing

Spurious memory seen at idb_get_ip_addrs and idb_get_ip_unnum

CSCsq13111

Routing

7609s vlan traffic reporting

CSCsq99447

Routing

When BFD/ EIGRP configured in more than 32 vrf BFD does not come up

CSCsr05431

Routing

After SSO, cef removed vrf routes before bgp graceful timers time-out

CSCsr67177

Routing

Router with IPv6 OSPF crashes on reloading

CSCsr84530

Routing

Static route not properly redistributed into BGP -- backout CSCsl92283

CSCsr88705

Routing

BGP route getting lost after "shut/no shut" of BGP peering interface

CSCsw30941

Routing

ospfNbrStateChange trap sent by non-DR

CSCsw99768

Routing

BGP malformed update sent

CSCsy58115

Routing

Continuous BGP mem increase with non established neighbors

CSCsz61156

Routing

NH is not stored in BGP table when IPv6 VRF is redistributed

CSCta07104

Routing

Config-Sync & Traffic failure in VPN SSO scripts

CSCta08632

Routing

ISIS topology broken after Sup force-switchover with ispf

CSCtb82674

Routing

IS-IS adjacency stays down after switchover

CSCtc45716

Routing

SNMPWALK of ipRouteEntry.7 with a view configured triggers high CPU

CSCtd73256

Routing

a catalyst switch may reload unexpectedly during 'show ip ospf int'

CSCte10790

Routing

c6500: device crashing on "no 250" on access-list

CSCse31829

Security

Memory leak in Crypto IKMP process

CSCsz83570

Security

SSH Sessions disconnect when viewing logs w/ pagers

CSCtc12312

Security

PKI may get stuck after 32678 CRL fetches

CSCsi05069

WAN

DCE Sub-interface is not coming up after provisioning

CSCsw31019

WAN

Router crashes while configuring the command "frame-relay be 1"

Caveats Resolved in Release 12.2(33)SXH6

Resolved MPLS Caveats

A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP).

A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process.

A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP).

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml

Resolved Routing Caveats

Symptoms: Cisco IOS device may crash.

Conditions: A Cisco IOS device may crash upon receiving a malformed OSPF message.

Before the issue can be triggered, the Cisco IOS device must be able to establish adjacency with an OSPF peer. The issue will then occur when the processing an OSPF message sent by the peer.

Workaround: There is no workaround. Using OSPF authentication can reduce/minimize the chance of hitting this issue.

Resolved Security Caveats

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-tunnels

Resolved Unknown Caveats

Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-ipsec

Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.

There are no workarounds that mitigate this vulnerability.

This advisory is posted at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-auth-proxy

Other Resolved Caveats in Release 12.2(33)SXH6

 

Identifier
Technology
Description

CSCin67182

AAA

Crash in aaa_sg_v2_get_next_server on trying unconfigured radius ser

CSCsc97727

AAA

Access Point Crashes When Removing TACACS Server

CSCse12395

AAA

Check keys error for accounting does not cause failover

CSCsh34529

ATM

autobahn76: ATM interface config lost on standby RP

CSCsx43905

ATM

Router Crash at dlcncia.c on 12.2(33.4.14)SXH

CSCee25454

Cisco IOS

SADB peering process leaks memory after overnight test

CSCek53099

Cisco IOS

SIP200+4xT3/E3:Fail to load cRTP CFG from startup file

CSCsd39568

Cisco IOS

stats support for PBR set ip nexthop/set interface

CSCsg35285

Cisco IOS

Slower Cache refresh for int stats when more interfaces up

CSCsi46897

Cisco IOS

PRE crash after snmpwalk on mib cbQosSetStatsTable

CSCsj26698

Cisco IOS

Acct-Session-Id in Accounting-Request is different from in Access-Reques

CSCsk25046

Cisco IOS

Not all ifIndex'es are in cbQosServicePolicyTable

CSCsk29975

Cisco IOS

Tunnel not up, invalid local address after modify the local address.

CSCsk62407

Cisco IOS

CPU HOG@fm_format_addr_to_compare on applying large IPv6 ACL

CSCsl61273

Cisco IOS

Standby crash after autoqos config

CSCsl72962

Cisco IOS

Mask the debug message error in multicast throttle logic

CSCsm39160

Cisco IOS

TestCFRW shows incorrectly as failed in show diagnostic sanity

CSCsm45254

Cisco IOS

OBFL ENV app in infinite-loop causing high CPU

CSCsm84073

Cisco IOS

c2w2:vrf ping fails after toggle mls mpls recir, sso,remove/add ip vrf

CSCsm84163

Cisco IOS

Memory leak for IKE/IPSEC after hsrp failover, router crashed w/ no mem

CSCso35876

Cisco IOS

SRB3:New active SP crash at label_entry_get_inlabel

CSCso36150

Cisco IOS

duplicate vlan names causing config-sync failures

CSCso59242

Cisco IOS

sierra: show mem detailed all stat is truncated.

CSCso79925

Cisco IOS

EC with enhanced hash method (PFC3C) has no knob to use old method (3B)

CSCso89644

Cisco IOS

c2w2::Missing idb for fibidb NDE_vlan1019 messages and tracebacks after

CSCsq31935

Cisco IOS

6500 - L3 port channel - CDP packet sent tagged in internal vlan

CSCsq55506

Cisco IOS

Inter community PVLAN traffic is software switched

CSCsq69567

Cisco IOS

SSO Switchover + unicast-routing chg cause MC traffic loss for 2 minutes

CSCsq78343

Cisco IOS

Tidy up the netflow sub flow code

CSCsq96144

Cisco IOS

Netflow v9 Exported Data issue in case of ECMP

CSCsr04916

Cisco IOS

PBR dropped the packets after add set vrf vpn1 back to the route-map

CSCsr63098

Cisco IOS

VRF-Aware Smart-Call Home requirement

CSCsr99518

Cisco IOS

Granikos should not init rekey after recieving new outbound SA at QM3

CSCsu11487

Cisco IOS

pm_fec_is_mec() returns FALSE when 1 of 5 local MEC members is shutdown

CSCsu27660

Cisco IOS

CDP packet sent tagged in internal vlan

CSCsu29301

Cisco IOS

C2W21: Ingress SPAN on Sup - ACE module duplicates packets

CSCsu36715

Cisco IOS

W2.0 : C2 : ION : Memory Leak in MSDP process

CSCsu67413

Cisco IOS

RRI - Route disappears after ipsec rekey with multi int scenario

CSCsu92395

Cisco IOS

Crash caused by event manager configuration: "action mail"

CSCsv12378

Cisco IOS

c2w2:Memory leak in Crypto IKMP process on IOS EzVPN server

CSCsv24908

Cisco IOS

L2 Fwd Broken on other modules when SIP-400 int flaps

CSCsv27372

Cisco IOS

telnet to a real(directed mode) via GRE tunnel crates SUP crash on SRC2

CSCsv27548

Cisco IOS

Cat6k/sip200: PPP packets punted sip200 multilink interface

CSCsv27617

Cisco IOS

Flow creation disabled in netflow table after reload for WAN main ints

CSCsv52025

Cisco IOS

call-home: Port numbers cannot be added to URLs with IP addresses

CSCsv59334

Cisco IOS

Connected nets redistr from eigrpTObgp when no net 0 is set under eigrp

CSCsv63799

Cisco IOS

PfR MC/BR bus error crash in ip fast flow

CSCsw14147

Cisco IOS

VACL unable to capture traffic from RP

CSCsw32280

Cisco IOS

Diag error on WS-X6148A-45AF card asic with Traffic

CSCsw41706

Cisco IOS

router reload when registering EEM service diag script

CSCsw48181

Cisco IOS

Unknown Unicast is dropped on Shut/no Shut of a VLAN

CSCsw52819

Cisco IOS

Kernel dumper needs a few enhancements.

CSCsw68514

Cisco IOS

SLB probes iin TESTing state while using client cmd in Vserver config

CSCsw76117

Cisco IOS

TBs seen after redundancy mode change from sso to rpr

CSCsw78413

Cisco IOS

BFD over ATM subinterfaces is broken in recent SR images

CSCsw83488

Cisco IOS

Negative value seen for counters in vpn session

CSCsx09110

Cisco IOS

Failed to establish ipsec tunnel with CCM

CSCsx20862

Cisco IOS

Peer RP index unknown messages seen on VSS setup

CSCsx21886

Cisco IOS

ISSU switchover command sync issue

CSCsx29377

Cisco IOS

1 sec multicast loss on standby sup720-10g

CSCsx49889

Cisco IOS

SPA-IPSEC-2G-3-ACEI0TCAMFAILE:SpdSpInstall:cannot install Sp TmInsertSp

CSCsx55152

Cisco IOS

Switch does not send TC trap if it is not a root bridge

CSCsx58786

Cisco IOS

Router crash @ routemap_track_nexthop

CSCsx82825

Cisco IOS

Shutdown Loopback interfaces in VSS recovery mode

CSCsy01275

Cisco IOS

W15:: SYS-2-MALLOCFAIL: Memory allocation message seen after bootup

CSCsy01763

Cisco IOS

15 - 20 packets leek to DST with PACL after SSO

CSCsy03587

Cisco IOS

c2w2b: SYS-2-MALLOCFAIL: Memory allocation failed seen with tracebacks

CSCsy08838

Cisco IOS

Zamboni allows clear packet inbound on protected interface

CSCsy16220

Cisco IOS

a switch may crash due to deadlock between snmp and eem

CSCsy21797

Cisco IOS

Cat6k-Unexpected SNMP messages occurred

CSCsy24895

Cisco IOS

Memory leak in ACE HAPI process

CSCsy26526

Cisco IOS

Router is getting crashed at netconf_sessionQs_set_max_message

CSCsy26979

Cisco IOS

33SXH5: Traceback seen @satvs_assert_class3

CSCsy34566

Cisco IOS

Disable VLAN mapping on ME6524, 6148A-GE-TX

CSCsy37175

Cisco IOS

2FE-PA Subintf lost connection after chassis/Flexwan2 reload

CSCsy41526

Cisco IOS

PIM msgs duplicated when MPLS configured and IGMP Snooping Off on xface

CSCsy54365

Cisco IOS

frequent datapath recovery and traffic loss on WS-X6704 with DFC

CSCsy58886

Cisco IOS

NGN:Active crashes when standby booting up on SRC2->SRC3 ISSU

CSCsy61956

Cisco IOS

Crash in ios-base when running 'show ip route' or 'show bgp' commands

CSCsy62753

Cisco IOS

MST configured router crashed after receiving PVST BPDU.

CSCsy69228

Cisco IOS

Add CLI mls cef tunnel fragment support for non supertycho2

CSCsy69740

Cisco IOS

SXH: Traffic drop on L2 PO after cleared psecurity on rcving L2 ports

CSCsy78994

Cisco IOS

Memory leak in Service Task

CSCsy82121

Cisco IOS

IGMP Source only not working due to MC_CAP not set

CSCsy85171

Cisco IOS

CDL2 Read Error: Time out

CSCsy86050

Cisco IOS

MAC Move Notifications on VSS between active and down ports

CSCsy87619

Cisco IOS

VSS port channel going down when powering down active switch

CSCsy95520

Cisco IOS

~500msec Pkt loss after transition to HSRP Active on L3 int

CSCsz01976

Cisco IOS

Need a cli to dump the rommon environment and unset rommon variable

CSCsz06187

Cisco IOS

VACL capture for ingress software switched packets

CSCsz07068

Cisco IOS

VSS: Output Drops on a VSL port due to small Tx Queue limit

CSCsz12369

Cisco IOS

FPD support for SPA-8X1FE-TX-V2 is not enabled

CSCsz14072

Cisco IOS

Memory leak at "MAB Framework" process when dot1x is enabled

CSCsz20625

Cisco IOS

Error message seen if SIP Is OIR'd during Standby SUP bootup

CSCsz22954

Cisco IOS

Supported WS-X6324-100FX-MM is powered down improperly

CSCsz23448

Cisco IOS

SIP 200 not coming up and Router Crashes after applying card type E3 1 1

CSCsz40969

Cisco IOS

Need to add Me_Kr flow-control status registers back into sierra/whitney

CSCsz42143

Cisco IOS

WS-X6148A-GE-TX module fails keepalives when excessive errors on port.

CSCsz44678

Cisco IOS

Tunnel won't forward traffic across global to vrf

CSCsz47077

Cisco IOS

SWITCH_NUMBER rommon variable set on its own and by "wr erase" command

CSCsz55834

Cisco IOS

GLBP may provided BIA MAC instead of Virtual MAC for mobile users

CSCsz62046

Cisco IOS

Crash at memcpy after CPUHOG in SNMP ENGINE

CSCsz63359

Cisco IOS

c2w2b:"show mls qos ip" displays vslot interface instead switchid and sl

CSCsz67334

Cisco IOS

ciscoEnvMonTemperatureStatus trap sent sporadically as NotFunctioning

CSCsz71970

Cisco IOS

c2w2b: Freed Memory being Accessed by lldp_med_free_local_annex

CSCsz75820

Cisco IOS

JQL: VSS hang on SP after RP crashed by software-forced reload

CSCsz76015

Cisco IOS

C2W2: Need cli to set PF_BIAS to ensure lower slot# Sup boots as active

CSCsz84544

Cisco IOS

output drops increment on not-connected interface of 6548GE-TX module

CSCsz87648

Cisco IOS

SP/RP and redundant system handshake broken when the kernel crashes.

CSCsz92508

Cisco IOS

SPA module reloads when no response to keep-alive polling

CSCta01121

Cisco IOS

c2w1:MDEBUG traceback is seen while unconfiguring qos feature in FM.

CSCta05502

Cisco IOS

Spurious memory access made at psecure_port_del_addr_by_mac_imp

CSCta06175

Cisco IOS

Cat6500/SXH: Deleted configs re-appear on IDSM reset

CSCta10870

Cisco IOS

FPOE takes long time to be programmed on active vss switch

CSCta21771

Cisco IOS

%CONST_DIAG-SP-3-HM_FCI_0_STUCK: Flow control stuck at 0 error on modul

CSCta27279

Cisco IOS

WCCP s/w switching with Ingress redirection & interface ACL

CSCta48968

Cisco IOS

Modular IOS kernel crashinfo has missing information

CSCta52689

Cisco IOS

cat6k crash in RP due to address error with wccp configuration

CSCta53157

Cisco IOS

SPA-4XT3/E3 int in SIP-200 admin-down on standby after fpd upgrade

CSCta55498

Cisco IOS

[Modular IOS] MIPS CP0 registers save algorthim needs a few improvements

CSCta74315

Cisco IOS

WS-X6324-100FX-MM May Be Inoperable and Have Status "Other"

CSCta76808

Cisco IOS

add CLI command for medium buffer pool

CSCta94179

Cisco IOS

Recirculated MPLS packets becasue of egress service policy are dropped

CSCtb23289

Cisco IOS

Major temperature alarm has to force system shutdown

CSCtb28032

Cisco IOS

Changing module corrupts Flex Link

CSCtb28712

Cisco IOS

SPAN Reflector not enabled for WS-SVC-ADM-1-K9

CSCtb38547

Cisco IOS

Incorrect CP0 values and empty kernel variable section in kernel crashin

CSCtb60330

Cisco IOS

VTI: Missed DPD ACK on phase 1 expiry causing phase 2 deletion.

CSCtb63352

Cisco IOS

VSS: With 6KW DC PS, no power to bringup VSL supervisor or linecard

CSCtb66983

Cisco IOS

Nas-port-type is missing in Access-request

CSCtb68478

Cisco IOS

"Illegal nextSsIndex value" message should be removed

CSCtb87454

Cisco IOS

DHCP Rogue Server Detection

CSCee83031

Infrastructure

test crash, dumping log before command is displayed

CSCsc77704

Infrastructure

region_find_by_addr goes into infinite loop when spurious memory occurs.

CSCsc88003

Infrastructure

Issuing banner exec commnad under interface range crash switch

CSCsd99763

Infrastructure

Cisco 7200 series reload unexpectedly while configuring BGP acces list

CSCse40379

Infrastructure

IP SLA: Increasing the request-data-size via CLI crashes the device.

CSCsk41686

Infrastructure

PARSER-3-CFGLOG_NOMEM: constanlty in log

CSCsm66896

Infrastructure

IP SLA Monitor strDupOctet memory leak

CSCsq74185

Infrastructure

Image verification not possible on 12.2(33)SRC for the c7200

CSCsr08750

Infrastructure

router is crashing after giving the command memory reserve critical 1

CSCsr94474

Infrastructure

Running-config stuck: nv_csb_semaphore locked during copy run ftp

CSCsu65967

Infrastructure

Modular IOS crash at free_lite_internal

CSCsv90106

Infrastructure

nested crash leads to incomplete crashinfo

CSCsx10028

Infrastructure

Core dump may fail to write

CSCsy86078

Infrastructure

Memory corruption Failure

CSCsz19466

Infrastructure

C2W1: int range command with port-channel load-defer cause router crash

CSCsz52815

Infrastructure

Crash when 'history hours-of-statistics-kept' has value greater than 9

CSCta02715

Infrastructure

SXH5: RP crash on each booting time if <logging count> enabled

CSCed01880

IPServices

Not able to configure NAT tcp timeouts beyond 4194 sec

CSCsa41736

IPServices

Router crash after enable NAT rate-limit feature

CSCsa47672

IPServices

NAT refcount counter maximum value of 65536 (64K)

CSCse01431

IPServices

NAT-CCE : NAT SBC : outside sip call not go through

CSCse66643

IPServices

SYS-2-NOBLOCK error when redistributing NAT routes

CSCsj19805

IPServices

ip igmp static-group broken after reload on int vlan on a 7600

CSCsk23972

IPServices

Telnet failed with "No wild listener" error

CSCsw52416

IPServices

NAT: dynamic nat entries do not timeout in certain case

CSCsw65614

IPServices

NAT with route maps doesn't work for TCP application

CSCsx33622

IPServices

Fix MSS calcuation issue in TCP

CSCsx34372

IPServices

c2w21/C2W2b:OSPF is not working with udlr/ude

CSCsy39623

IPServices

cannot ping local vlan interface ip address with NAT configured

CSCsy39667

IPServices

dhcp-proxy-client incorrectly sends DHCPRELEASE in PPP-agg use-case

CSCsy97506

IPServices

All nat'ed multicast packets punted to software

CSCsz12488

IPServices

LDAP add with malformed BER attributes causes CPUHOG and MALLOCFAIL

CSCsz56393

IPServices

Modular IOS - SUP720 - Sends malformed syslog packet

CSCsz89107

IPServices

high cpu due to ip_input process during SNMP trap

CSCsz91851

IPServices

NAT : ESP packets not translated with static NAT outside translation

CSCta24043

IPServices

"%IPNAT-4-ADDR_ALLOC_FAIL" message seen when all ports are not allocated

CSCta83548

IPServices

NAT Platform: unable to clear an specific nat entry

CSCta89283

IPServices

Add support for NAT redundancy feature in SX releases

CSCtb58282

IPServices

show tcp brief can cause crash

CSCsz71787

LegacyProtocols

Router crash by crafted IP packet.

CSCej82248

MPLS

%LFD-3-NOOCE: Traceback in lfd_fib_update_mpls_oces

CSCsy60668

MPLS

W1.5:: Toggle "mpls tra router-id" cause router crash

CSCsz11877

MPLS

MPLS-TE Tunnel label re-allocation on mid-point router while RSVP-GR

CSCsz75180

MPLS

Crash due to mpls subintf being removed

CSCsz92368

MPLS

MDEBUG-2-ACCESSFREED: @tc_handle_dead_peers Enabling/disabling "mpls ip"

CSCsx34506

Multicast

RPF failure with no PIM neighbor triggers PIM Hello

CSCta26106

QoS

RSVP-3-CONSISTENCY error followed by an unexpected reboot.

CSCse15634

Routing

neighbor default-originate doesn't work in address-family ipv4 multicast

CSCse45978

Routing

BGP to RIP redistribution breaks as RIP nexthop moves to alternate path

CSCsg92473

Routing

Switch crashes - IPV6 reflexive acl scalability test

CSCsl90028

Routing

CEF low mem crash after pumping more than 1Lac OSPF routes

CSCsm05082

Routing

BGP Dampening penalty not decaying on frqnt 'sh ip bgp v all' [dampening

CSCsm79085

Routing

EIGRP routes flapping due to nexthop changed

CSCso07371

Routing

SCHED-7-WATCH: Attempt to set uninitialized watched boolean in pfxlist

CSCsq20928

Routing

CEFv6 dropping IPv6 unicast packets

CSCsq45082

Routing

ip route with associated track/sla gets removed when track is still up

CSCsq83006

Routing

Port-channel down makes EIGRP SIA

CSCsr27794

Routing

BGP updates stuck during peer flap

CSCsu96698

Routing

BGP: /32 route being advertised while 'summary-only' is configured

CSCsv17933

Routing

Static route in VRF is not redistributed by RIP after link flap

CSCsv73754

Routing

crash during vrf unconfig - bgp_vpn_impq_add_vrfs_cfg_changes

CSCsx08294

Routing

OSPF encounters a bus error crash when running SPF

CSCsx51299

Routing

Crash when remove and configure ipv6 ACL via telnet and console

CSCsx98673

Routing

PE not send extended-community to a peer newly added to peer-group

CSCsy29534

Routing

Bus error crash on removing address-familly in router rip config mode

CSCsy73123

Routing

Connected route on port-channel subintf not removed when Po is down

CSCsy76404

Routing

Modular IOS: memory leak in CEF background process

CSCsy77842

Routing

TB isis_process_no_router after isis router process deleted

CSCsy84134

Routing

ARP table is flushed when deleting secondary IP address

CSCsz16724

Routing

BGPv6: default-metric is not being NVGEN'ed and not functionting

CSCta60119

Routing

non recursive accounting can cause prefixes linked to drop

CSCsc49862

Security

IPaddress in Subject Alternative Name is not parsed correctly.

CSCso27236

Security

IOS CA client shows renew date 1 Jan 1970

CSCsv23797

Security

SSH:Crash seen on 7200 on mcp_dev

CSCsv54863

Security

IOS PKI: Not expired Certificate is deleted if autoenrollment fails

CSCsz84055

Security

System crashed unexpected while open ssh2 session

CSCtb36521

Security

PKI get stuck in pager when requesting to fetch SCEP capabilites

CSCtc41114

Security

New SSH sessions with RSA key fails after changing hostname

CSCsi56413

WAN

PA-POS-OC3SMI interface output stuck.

Caveats Resolved in Release 12.2(33)SXH5

Resolved AAA Caveats

Symptoms: When “no aaa new-model” is configured, authentication happens through the local even when tacacs is configured. This happens for the exec users under vty configuration.

Conditions: Configure “no aaa new-model”, configure login local under line vty 0 4 and configure login tacacs under line vty 0 4.

Workaround: There is no workaround.

Resolved Infrastructure Caveats

Symptom: Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers.

The Cisco Security Response is posted at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20090114-http

Conditions: See “Additional Information” section in the posted response for further details.

Workarounds: See “Workaround” section in the posted response for further details.

Symptom: Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers.

The Cisco Security Response is posted at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20090114-http

Conditions: See “Additional Information” section in the posted response for further details.

Workarounds: See “Workaround” section in the posted response for further details.

Resolved IPServices Caveats

Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory.

This advisory is posted at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090325-udp

A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:

The configured feature may stop accepting new connections or sessions.

The memory of the device may be consumed.

The device may experience prolonged high CPU utilization.

The device may reload.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the “workarounds” section of the advisory.

The advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090325-ip

Symptom: An IOS software crash may occur when receiving a specific malformed DHCP packet.

Conditions: An IOS device configured for DHCP Server and receives a DHCP-request from a DHCP relay device. A specific malformed option in the packet packet may induce a software traceback or crash. The specific packet will not occur without manual modification.

Workaround: None.

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090908-tcp24.

Symptom: High CPU utilization after receives a ARP packet with protocol type as 0x1000.

Conditions: This problem occurs on SUP32 running 12.2(33)SXI. This problem does not occur on SUP720. The problem is only seen when you have bridge-group CLI being used which lead to arp pkts with protocol types as 0x1000 being bridged. The problem does not apply for IP ARP packets.

Workaround: Filter the ARP packet. The device Config should have bridge-group creation first; followed by interface specific bridge-group options.

Additional Information: This problem is now isolated to command ordering in the startup-config file. The bridge <> command is saved before the bridge-group <> command (which is run in the interface-config mode) is saved. The linking of IDB to bridge structure is not happening correctly and some check fails in the bridge code that lets the packet to be processed again and again instead of being dropped.

If the bridge-group <> command is removed in the startup-config and only applied after the bridge <> command is run, the problem will go away. Please use this workaround until a fix is put in.

Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.

Cisco has released free software updates that address this vulnerability.

Several mitigation strategies are outlined in the workarounds section of this advisory.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090325-tcp

Resolved LAN Caveats

Summary: Cisco’s VTP protocol implementation in some versions of Cisco IOS and CatOS may be vulnerable to a DoS attack via a specially crafted VTP packet sent from the local network segment when operating in either server or client VTP mode. When the device receives the specially crafted VTP packet, the switch may crash (and reload/hang). The crafted packet must be received on a switch interface configured to operate as a trunk port.

Workarounds: There are no workarounds available for this vulnerability.

This response is posted at http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20081105-vtp

Resolved Multicast Caveats

Symptom: MSFC crashes with RedZone memory corruption.

Conditions: This problem is seen when processing an Auto-RP packet and NAT is enabled.

Workaround: None known at this time.

Symptoms: PIM packets may be processed on interfaces which PIM is not explicitly configured.

Conditions: Unknown at this time.

Workarounds: Create an ACL to drop PIM packets to such interfaces.

Resolved Routing Caveats

Symptom: A Cisco IOS device that receives a BGP update message and as a result of AS prepending needs to send an update downstream that would have over 255 AS hops will send an invalid formatted update. This update when received by a downstream BGP speaker triggers a NOTIFICATION back to the sender which results in the BGP session being reset.

Conditions: This problem is seen when a Cisco IOS device receives a BGP update and due to a combination of either inbound, outbound, or both AS prepending it needs to send an update downstream that has more than 255 AS hops.

Workaround: The workaround is to implement bgp maxas-limit X on the device that after prepending would need to send an update with over 255 AS hops. Since IOS limits the route-map prepending value to 10 the most that could be added is 21 AS hops (10 on ingress, 10 on egress, and 1 for normal eBGP AS hop addition). Therefore, a conservative value to configure would be 200 to prevent this condition.

Other Resolved Caveats in Release 12.2(33)SXH5

 

Identifier
Technology
Description

CSCec82106

AAA

Router crashes with a bus error when removing AAA comands

CSCei62358

AAA

Downloading callback-dialstring as part of Tacacs+ author leads to crash

CSCin40015

AAA

telnet to NAS fails when user profile has access-profile

CSCsc78999

AAA

Address Error exception at TPLUS

CSCse02550

AAA

ip radius source-interface not used in combination with vrf

CSCsl63494

AAA

Issue with session accounting in AAA

CSCsq37815

AAA

Case sensitive Username authentication is passed with wrong user name

CSCsq94524

AAA

"aaa accounting update newinfo" causes extra "jitter maximum 0" option

CSCsv06973

AAA

Router Crashes at tplus_shutdown_single_connection

CSCsw19816

AAA

cat6000: IOS login enhancments not creating logs for telnet with AAA

CSCsy00716

AAA

Accounting record has sensitive information in clear text structure

CSCso64050

ATM

HA functionality is not working when policy attached to atm pvc

CSCeg35237

Cisco IOS

Watchdog crash after sh crypto session

CSCeg80842

Cisco IOS

PA-MC-8TE1 controller stuck ( similar to CSCdz72292)

CSCek70131

Cisco IOS

SIP1 crash at vip_mlp_fastsend with HEARTBEAT error for mlppp qos

CSCek77996

Cisco IOS

High CPU caused by data traffic with crypto map in crypto connect mode

CSCsd04608

Cisco IOS

MQC-IPHC: Router crashed while testing mqc-iphc test

CSCsd45698

Cisco IOS

Cat6K: SLB punted to CPU if src_index is port-channel index

CSCse63833

Cisco IOS

SNMP bus error while polling cipsStaticCryptomapTable.

CSCsg14926

Cisco IOS

Standby can not boot because of insufficient memory with 32K interfaces

CSCsg83756

Cisco IOS

SPA-8XCHT1/E1 after Reload C/A LED green even if no cable plugged

CSCsg87290

Cisco IOS

SIP1-ChOC3: Extra path flap is observed on ChOC3 SPA interfaces

CSCsh22225

Cisco IOS

CWAN_HA-STDBY-4-IFCFG_PLAYBACK_ERROR:

CSCsi55428

Cisco IOS

FRU Trap sequence incorrect when " hw-module subslot shutdown unpowered"

CSCsi78584

Cisco IOS

T3/E3 SPA:Line protocol is not comin up with E3 and framing bypass

CSCsj19308

Cisco IOS

PE and CE ping fails over multilink ppp bundle..

CSCsk30196

Cisco IOS

BADBUFFER error at pak_copy_contiguous_to_contiguous

CSCsk33045

Cisco IOS

MST BPDU *must* be sent untagged, even when the switch is configured wit

CSCsk49151

Cisco IOS

Vlan policy-map rejected upon reloading.

CSCsk67417

Cisco IOS

Crash while two or more users displays: show ip arp inspection log

CSCsk84498

Cisco IOS

EVERGLADES:archive,write-mem feature broken

CSCsk89091

Cisco IOS

HWIF-QOS-ERR: Failure installing Port QoS TX/Rx setting

CSCsl44170

Cisco IOS

LI tapped PPPoE LCP/PPP control packets originated from router are bogus

CSCsl53279

Cisco IOS

Physical interfaces on Cat6k set to 10 usec regardless of line speed

CSCsl72332

Cisco IOS

cat6k crash with 'no mobility network-id 4'

CSCsm44147

Cisco IOS

SSO failure due to mismatched command on SRB1

CSCsm66678

Cisco IOS

Policing not working in MPLS cloud

CSCsm72121

Cisco IOS

W2: bad cookie magic was detected after SSO switchover with sh vtp count

CSCsm74948

Cisco IOS

mVPN RP does not send join to directed connected neigbor PE

CSCsm76792

Cisco IOS

PM HA bulk sync posting RF_DONE before bulk sync has finished

CSCsm79995

Cisco IOS

Tracebacks are seen while attaching service-policy in a atm pvc

CSCsm83256

Cisco IOS

IDSM2 Data port operation status not OK after boot OR SSO

CSCsm98671

Cisco IOS

TestTrafficStress fails with certain configuration

CSCso03419

Cisco IOS

VRF_Lite aware PBR: Set ip vrf clause changes on Reload/SSO with SIERRA.

CSCso05889

Cisco IOS

Pak Subblock creation fails from CEF in ION

CSCso11489

Cisco IOS

%SYS-SP-3-INVMEMINT while collecting ION crashinfo

CSCso11822

Cisco IOS

LACP PC switchport, on OIR, "channel group 112 active" config gets lost

CSCso35659

Cisco IOS

L3 traffic rate limited after adding and removing Xcon to a SVI

CSCso38671

Cisco IOS

VS specific message seen on Sup32 image when "erase startup-config"

CSCso40891

Cisco IOS

Stb rp reloaded during every bootup, process = FM, fm_free_platform_data

CSCso72250

Cisco IOS

Incorrect color for SYSTEM led of Active and Standby sup in VS mode

CSCso88183

Cisco IOS

DOME:dumper.proc crashes on dome when another process crashes

CSCso93350

Cisco IOS

Boot string fails to set in rommon but no error message

CSCsq22383

Cisco IOS

SP crash due to CPU hog by online diags

CSCsq56941

Cisco IOS

6500 - Static MAC cleared from port-channel member ints after reload

CSCsq73122

Cisco IOS

Proxy-ARP returns BIA instead of VMAC with LAM

CSCsq82865

Cisco IOS

Parsing error reading route-map match statements if longer than 254 chrs

CSCsq87496

Cisco IOS

"%OIR-6-INSCARD" syslog not being send from the device

CSCsr06037

Cisco IOS

the monitor session source is removed by deleting sub-interface

CSCsr08482

Cisco IOS

PM support to program ethertype to all ports when port-group in mux mode

CSCsr09062

Cisco IOS

MLP+QoS - Memory corruption due to Change BW and flap int

CSCsr24647

Cisco IOS

MSFC autostate don't up svclc Vlan int after two SSO switchover

CSCsr29559

Cisco IOS

WCCP flap corrupts mcast CEF adjacency

CSCsr39272

Cisco IOS

%DATACORRUPTION-1 due to spa sensor temp overruning buffer

CSCsr88845

Cisco IOS

unicast BootP replies dropped by DHCP snooping

CSCsu01372

Cisco IOS

33SB: Result of boot config command not sync to standby RP after reload

CSCsu10022

Cisco IOS

L2 traffic is policed when CoPP is enabled

CSCsu33707

Cisco IOS

Multicast traffic will not stop after PIM prune

CSCsu40077

Cisco IOS

MAB + Dot1x + aggressive timers leave port unauthorized but forwarding

CSCsu40166

Cisco IOS

PBR packets send out to wrong next hop MAC after ACL is changed

CSCsu48241

Cisco IOS

memory leak when removing igmp snooping with acl filtering

CSCsu49257

Cisco IOS

Cstn-id timer should be restarted when access-request is seen

CSCsu50413

Cisco IOS

RE: acl merge causes high rp cpu for ~50 min after reload

CSCsu67559

Cisco IOS

Copy Run Start does not provide the same functionality as 'wr mem'

CSCsu75546

Cisco IOS

C2W21: traffic not span to NAM using span conf mode local-tx source intf

CSCsu81158

Cisco IOS

Pkt drops on SIP-400 LC due to QoS lock fail for subintfs.

CSCsu83563

Cisco IOS

MMLS:If rate-lt on when STDBY reloads, doesnt work on swovr:x40/dual RSP

CSCsu86524

Cisco IOS

IKMP process leak: check_ipsec_proposal

CSCsu88557

Cisco IOS

[no] mdix auto" CLI command not present for WS-X6196-RJ21"

CSCsu91725

Cisco IOS

Bus crash problem due to cipSecGlobalStats MIB query

CSCsu95237

Cisco IOS

SSO switchover,clear packet seen on the wire exposing the inner IP pkt

CSCsu97020

Cisco IOS

policer on flexwan/multilink is dropping even CIR is not reached

CSCsu99270

Cisco IOS

CPUHOG observed when configuring more vlan interfaces

CSCsv05263

Cisco IOS

Sup32 crashes when dumping r2d2 registers

CSCsv07858

Cisco IOS

IfIndex for unconfigured VLAN on 7613

CSCsv09249

Cisco IOS

VSS after dual-active recovery MEC on standby chassis UDLD error disable

CSCsv14886

Cisco IOS

Failure to send RADIUS state attribute

CSCsv17989

Cisco IOS

interface in SIP200 show "admin down" when it is physical down

CSCsv20339

Cisco IOS

MN history table is flooded with multiple (~500) add/delete entries

CSCsv20768

Cisco IOS

After SSO s/wover, atm clock config changes to line and PTB to UNSTABLE

CSCsv20920

Cisco IOS

telnet from a GRE tunnel to real address for DNS vserver fails

CSCsv22779

Cisco IOS

VRF-PBR: Packets dropped with reflexive acl

CSCsv24742

Cisco IOS

PfR exit link is OOP when interface counter wraps

CSCsv30679

Cisco IOS

Sup detetes Vlans from Sup IDSM Config on startup / failover

CSCsv32101

Cisco IOS

QoS: memory corruption traceback when using access-list with time range

CSCsv37543

Cisco IOS

GRE/IPsec misconfig is only resovled through module or chassis reload

CSCsv38928

Cisco IOS

IGMP Snooping does not send out Global query on 2nd TCN < 35 seconds

CSCsv43991

Cisco IOS

FWSM's internal portchannel on the cat6k side goes down after upgrading

CSCsv44923

Cisco IOS

MAC move behind phone leads to lost connectivity with MAB

CSCsv52426

Cisco IOS

GRE Recirc index is 0x0 in adjacency hence encap operation fails on DFC

CSCsv57235

Cisco IOS

duplex is changing automatically on WS-X6148-RJ-45

CSCsv57305

Cisco IOS

VSS: software forced reload with 100Mbps SFPs in supervisor uplink ports

CSCsv58279

Cisco IOS

Reload due to Address Error with multicast configuration

CSCsv60643

Cisco IOS

sup4 when toggled 10g mode the config is not synced to standby sup

CSCsv64079

Cisco IOS

SXF7: Patching fails with WiSM Card on Cat6500

CSCsv66706

Cisco IOS

IDSM port-channel Allowed-Vlan statements lost on reload

CSCsv66827

Cisco IOS

Clearing the SSH session from a different vty session crashes the box.

CSCsv73299

Cisco IOS

L2 multicast forwarding broken with DHCP snooping & TTL rate-limiter

CSCsv74607

Cisco IOS

Pid 21: Process "IPC Seat Manager" stack 0x4732A474 savedsp 0x5002AE98

CSCsv75511

Cisco IOS

VSS:NAM on standby switch can't reach netwk after unconfig re-config...

CSCsv76509

Cisco IOS

Cat6k/MSTP in compat mode BPDUs sent in VLAN1 regardless of config

CSCsv85551

Cisco IOS

SP crash due to consume all scp triggered by OIR loop when PS go off

CSCsv86288

Cisco IOS

Sending a hello response with a session-id element causes a crash

CSCsv92872

Cisco IOS

10GE link on Sup720-10GE takes more than 30sec to go down during crash

CSCsw17478

Cisco IOS

PVT HOSTS- ports programmed with incorrect rdt index upon bootup

CSCsw18793

Cisco IOS

VRF-PBR: TCAM adjacency not programmed with multiset policy order after

CSCsw25255

Cisco IOS

Rapid PVST : Slow convergence unless debug spanning event is turned on

CSCsw31607

Cisco IOS

LTL index incorrect in PI MET table

CSCsw39798

Cisco IOS

Sup32 failover causes line protocol down to IP phone with dot1x config

CSCsw41168

Cisco IOS

%ALIGN-3-SPURIOUS at sm_get_portEntPhyIndex

CSCsw41439

Cisco IOS

W21,VSL,SNMP,cvsCoreSwitchPreempt,cvsCoreSwitchPriority not SSO aware.

CSCsw43953

Cisco IOS

Card not identified SIP Is OIR'd during Standby SUP bootup

CSCsw45396

Cisco IOS

when STP recovered in uplinkfast,no sent dummy multicast packets

CSCsw48824

Cisco IOS

Switchport Block Unicast - prevents RTP on same VLAN

CSCsw51395

Cisco IOS

Proper handling is required for Mac-Filter with Port-security

CSCsw53362

Cisco IOS

c2w2b: Device crashes with NAT stress test

CSCsw59517

Cisco IOS

IGMPv3 snooping drops 'Block Old Sources' report

CSCsw73302

Cisco IOS

memory leak in qm_increment_ag_policer_usage on standby-rp

CSCsw82732

Cisco IOS

VPN-SPA internal vlan interface wedged in SXH4

CSCsw87352

Cisco IOS

6748's port can not forwarding traffic - port src index wrong

CSCsw87563

Cisco IOS

packets with multicast mac and unicast ip are software routed by cat6500

CSCsw90798

Cisco IOS

Bus error crash after configuring vlan name change

CSCsw98231

Cisco IOS

SDBY stuck @ CEF RRP RF Client(5025) after ISSU RV

CSCsx16206

Cisco IOS

Traffic loss issue from SFM capable modules to other device through DEC

CSCsx37615

Cisco IOS

VSS: rem comm standby-rp sh plat hardware capacity may reset switch

CSCsx39263

Cisco IOS

TCAM entries are not installed for TCP intercept after SSO

CSCsx70229

Cisco IOS

Add the symbols back in SXH throttle which were removed by CSCsw82732

CSCsx76308

Cisco IOS

HA client crashing attempting to free unassigned memory

CSCsx83443

Cisco IOS

crypto debug condition leaks messages which lead to high cpu.

CSCsy22802

Cisco IOS

MPLS VPN broken, vrf connection (permit missing for internal vlan acl)

CSCsy24691

Cisco IOS

entPhysicalTable has power-input 3 Sensor for 6kW DC PS1 and not PS2

CSCsy79691

Cisco IOS

RP crash with dot1x critical authentication configured

CSCsy83830

Cisco IOS

IOS-RLB crashes while deleting the username sticky

CSCsy96102

Cisco IOS

FM-4-MPLS_RSVD_VLAN_ERROR-failed to remove feature when vrf delete

CSCsr27727

Content

Cat6K experiences a reload after %SYS-2-ASSERTION_FAILED: message

CSCsx40747

Content

Router hangs while doing ip casa configurations

CSCed33145

Infrastructure

line vty exec-timeout not working properly, def causes spur mem acc

CSCef82896

Infrastructure

When removing the user name from auth dialog, http crashes

CSCek62770

Infrastructure

bundles need to include CW_ strings

CSCin79116

Infrastructure

show memory summary could push the CPU util to 100%

CSCsb98906

Infrastructure

Memory Leak with bgp regexp deterministic configuration

CSCsc86307

Infrastructure

c3845 crashed @ show_systat

CSCsd55059

Infrastructure

polling CISCO-FLASH-MIB slows down GSR

CSCse41523

Infrastructure

bootldr config caused stbyPRE reset if file does not exist on stby-bootf

CSCse49151

Infrastructure

3800 clock slip over times verified in lab

CSCsh66245

Infrastructure

Lowest memory is too low after reload on Cisco 10000

CSCsj24186

Infrastructure

%SYS-2-NOBLOCK messages from Pool Manager process

CSCsj67434

Infrastructure

The CLI: 'parser config cache interface' does not work

CSCsm27493

Infrastructure

procmib_server port has to send rpc reply only for RPC requests.

CSCso29361

Infrastructure

cfg added under interface range vlan not being added in redundant sup

CSCsq19159

Infrastructure

RP crashes in chassismib_add_sub_card_entry after linecard reload

CSCsv80900

Infrastructure

W21:: EARL-SPSTBY-2-SWITCH_BUS_IDLE & PF_ASIC-SPSTBY-3-ASIC_DUMP @boot

CSCsv86766

Infrastructure

Signature fail while copy, causing system:/running-config to be deleted

CSCsw35917

Infrastructure

SP syslog messages not sent as SNMP traps by RP's SNMP agent

CSCsw61555

Infrastructure

Router Crashes after doing SSO

CSCsx32841

Infrastructure

ceImageDescription may exceed 255 characters

CSCsx95675

Infrastructure

interface config disappear after "wr mem"

CSCsy55455

Infrastructure

Crash at saaComponentGet

CSCec72958

IPServices

Software forced crash when translating LDAP packet

CSCef58137

IPServices

Router Crash after high CPU, when IPNAT configured with route-map

CSCek10384

IPServices

7200 NAT dropping Out to In ESP Packets

CSCsh49973

IPServices

NAT-ALG corrupts offset value of DNS PTR response

CSCsj41479

IPServices

DHCP Services should not be enabled by default in IOS

CSCsj76907

IPServices

IPv6 UDP sockets may incorrectly show "--any--" for local address

CSCsk16821

IPServices

DHCP does not NAK after DHCPREQUEST from unknown client.

CSCsm89795

IPServices

Orbitty repeatedly Crashes - Succeptible to Denial of service attacks

CSCso02053

IPServices

NAT does not add dynamic aliases after reload.

CSCso04657

IPServices

SSLVPN service stops accepting any new SSLVPN connections

CSCso39062

IPServices

C2W2: %SYS-3-INVMEMINT: Invalid memory action message & TB's with PAT.

CSCso54027

IPServices

Spurious memory access in ttcp_rcv_stats

CSCsq14311

IPServices

7200 crash - ipnat_unlock_parent_entry (PPTP)

CSCsq81365

IPServices

MFI: UDP forwarded-protocols from VRF are leaked into global table

CSCsq92440

IPServices

Router Crash with igmp static grp classmap for 10k grps on 10 subints

CSCsu10108

IPServices

TFTP Server function is not working in 7600 router

CSCsu64215

IPServices

ip tcp adjust-mss command results in packet loss for non-TCP traffic

CSCsu72176

IPServices

Crash:Process Deadlock in Standby while reloading UUT with DHCP configs

CSCsu95319

IPServices

IGMP report was not sent to helper address.

CSCsv16987

IPServices

nat pool size more than 16 bit long should not be configured

CSCsv86201

IPServices

Modular IOS : max sockets overflow

CSCsw16698

IPServices

DHCP database could not be locked DHCPD process could not lock semaphore

CSCsw51864

IPServices

CHUNKFREE error and crash when changing NAT config

CSCsw68135

IPServices

Removing static nat with route-map cause Address Error

CSCsw73391

IPServices

ip igmp limit gets stuck

CSCsx09343

IPServices

Name resolution triggers pager in non-interactive mode.

CSCsx23602

IPServices

crash after 'clear ip nat trans *'

CSCsx32283

IPServices

Malformed L field in LDAP crashes 6k with NAT

CSCsx74657

IPServices

Many issues with NAT/Multicast feature

CSCsy26750

IPServices

6k Crash with ipnat_ldap_fixup (Redundancy Checks needed)

CSCsy45371

IPServices

NAT: two static nat entry related issues

CSCsw81485

LegacyProtocols

Unconfiguring IPX crashes the switch

CSCsu10229

Management

The cdpCacheAddress mib not providing GLOBAL_UNICAST Address

CSCsw66153

Management

Native vlan not displayed in show cdp neighbor detail

CSCsr50099

MPLS

show ip explicit-paths command incorrectly displays source route type

CSCsv00773

MPLS

Loose Path Reopt not applied when link costs changed

CSCsv41456

MPLS

Tracebacks seen at IFMGR-3-DUP_IFINDEXifDescr"Virtual-Access2-mpls layer

CSCsw35638

MPLS

FRR Interoperability issue between Juniper PLR and IOS MP

CSCsb77148

Multicast

sh ip mpacket x.x.x.x quality output is wrong after counter wraps around

CSCsr82895

Multicast

watchdog timeout : RP Crash @ igmp_rejoin_groups during RP Switchover

CSCsu86494

Multicast

Assert flag is not cleared after PIM neighbor loss

CSCsu95080

Multicast

mld_processs block forever in the init_process when parsing config

CSCsv29659

Multicast

RP configured inside the nat not shown on uut outside the nat

CSCsx15396

Multicast

Mcast IIF stays up while physical interface is down

CSCsx28948

Multicast

I/O Memory leak on 7200

CSCsx58861

Multicast

Crash due to Stack for iGMP process running low

CSCsf07760

PPP

MLP: Crashes/buffer leaks when large number of sessions come up at once

CSCsr81271

PPP

Invalid VCD error messages upon PVC flap

CSCsu70011

PPP

ipv6 static route pointing to multilink (flexwan) dissapears after sso

CSCee63182

QoS

Router crashes while implementing rate-limit

CSCek75808

QoS

MF: Crash observed at qos_show_policymap_interface_all

CSCsl94263

QoS

Router crash at stile_update_fast_flag due to random-detect dscp-base

CSCsm97014

QoS

Connectivity breaks for QOS + header compression on virtual templates

CSCsr05501

QoS

% NBAR Error: hwidb could not found shows up when reload

CSCsv85791

QoS

Flexwan+/PA-MC-2T3+ introduce 5+ seconds delay on egress

CSCed71294

Routing

Multicast multipath does not work in the vrf context

CSCee30355

Routing

Memory leak at ip_multicast_ctl

CSCef65457

Routing

EIGRP and RIP advertise null0 static routes after they are removed

CSCej49366

Routing

Removing default-metric under EIGRP deletes routes erroneously

CSCsb15164

Routing

Security holes while configuring a standard ACE with host address

CSCsd25753

Routing

BGP Aggregated supernet routes not Advertised properly

CSCse68877

Routing

CEF/BGP table MPLS label mismatch YW3 Non Multi-path

CSCsg68717

Routing

A weird behavior in maxpath configuration in ebgp+ibgp case

CSCsh34417

Routing

BGP Distance not updated following failover to a path with a greater dis

CSCsh54161

Routing

dune, Nov image goes unstable - creates eigrp routing loops

CSCsi70484

Routing

OSPF SPF running constantly if LSID conflicts & prefix filter used.

CSCsj13911

Routing

Cat3750:EIGRP does not receive reply for query between some Vlan

CSCsj42399

Routing

Redistributed static covered by network statement sets metric to 0

CSCsk11930

Routing

Not able to reconfigure the numbered ip extcommunity-list

CSCsk35688

Routing

Aggregate routes not processed if child routes are deleted pre-maturely

CSCsk80250

Routing

BGP has to handle the return value REXP_DONTKNOW of regexec_hybrid

CSCsk87526

Routing

T/B ipv6_rib_process_changeQ after shut cmd applied Int. running RIPng

CSCsl32318

Routing

OSPF: new fix for CSCsk36324 SPF loop

CSCsl48075

Routing

Floating static route behaves incorrectly in 6vPE

CSCsl49628

Routing

VRF is not getting deleted in 'sh vrf' output

CSCsl51616

Routing

v6-vrf-lite config doesn't sync properly with standby

CSCsm57494

Routing

BGP update is not sent after reloading opposite router

CSCsm91959

Routing

Code review: aggregation child routes can miss aggregation logic

CSCsm95129

Routing

"no ip next-hop-self eigrp" not working when redistribute from BGP

CSCsm96901

Routing

Unable to ping between vrfs through transparent bridge

CSCso39597

Routing

StbyRP crashed @ bgp_vpnv4_bulk_sync_mpls_lbl_binding during bulk sync

CSCso51519

Routing

Paths with same Nexthop selected as multipaths in some sequence

CSCso55151

Routing

ADJ not freeing memory under IPv6 ND stress test

CSCso90107

Routing

SNMP: bgpPeertable and cbgpPeertable shows only results for ipv4 peers

CSCsq24935

Routing

Switch crash due to unsupported bgp/ipv6 command

CSCsq43831

Routing

Stack overflow due to recursion in FIB

CSCsq97517

Routing

C2W2: Mago: CEF on RP is not in sync with SP after reboot.

CSCsr01403

Routing

cefswitching2.1:More time taken(12 mts) to converge after Adjacency flap

CSCsr11662

Routing

EIGRP active routes never go to SIA, queries not sent

CSCsr50704

Routing

dmzlink-bw programs wrong traffic share count in routing table

CSCsr51801

Routing

upon router reload some of the route-maps not permitting the prefixes.

CSCsr67361

Routing

I/O memory leaks when BGP neighbor points to a local address

CSCsr86174

Routing

aggregate-address under address-family does not appear in conf

CSCsr90248

Routing

"aggregate-address advertise-map" not updated dynamically

CSCsu06447

Routing

EIGRP:static route redistribution not working with distribution-list

CSCsu11161

Routing

Neighbor x.x.x.x default-originate issues seen in 12.2 code

CSCsu12040

Routing

PE with CsC configuration sends wrong labels to SPE

CSCsu63996

Routing

OSPF flaps after SSO switchover causes traffic loss after SSO switchover

CSCsu76993

Routing

EIGRP:Routes not tagged with match source redistribution-source

CSCsv01474

Routing

'ip rip advertise' command lost after interface flap/clear ip route

CSCsv05009

Routing

%OSPF-4-FLOOD_WAR: error during heavy flaps for type-5 and type-7 LSAs

CSCsv27607

Routing

BGP: Outbound route-map updating withdraw only one member

CSCsv85052

Routing

Crash observed when "ispf" is issued in vty with ip routing disabled

CSCsv89643

Routing

OSPF: MAC address of next hop unresolved on ptp eth by adjacency bringup

CSCsv97472

Routing

CSCso62166_dcq_issue_rn_walktree_timed_locking is changed

CSCsw24286

Routing

TE tunnel bandwidth command breaks isis topology

CSCsw24826

Routing

OSPF crash during type-9 maxage

CSCsw28893

Routing

Cost no longer showing with each eigrp route after IOS upgrade

CSCsw65441

Routing

ARP packets drops due to excessive ARP requests sourced from SVI

CSCsw65933

Routing

Prefix not learned from PE to CE

CSCsw79397

Routing

Device crashing at bgp_command_af_specific

CSCsx06457

Routing

BGP may modify routes it does not own

CSCsx15841

Routing

aggregate-address does not NVGEN upon switchover on cat6k

CSCsx17446

Routing

Tunnel route and a non-tunnel (IGP) route with same metric (TE metric)

CSCsx51596

Routing

TCAM ACL entry not correct after removing IP accounting

CSCsx99015

Routing

crash if OSPF redistributes another OSPF and interface bw changes

CSCsy15150

Routing

33SXH5: Traceback @ isis_router when default interface configured

CSCsy45838

Routing

show ip ospf border-router crashing router

CSCea11368

Security

CRL fetch using ldap fails if vrf configured in trustpoint

CSCeh75136

Security

TACACS+ rem_addr field empty after first SSH authen attempt fails

CSCsc91824

Security

SSH from router disconnects vty session if there is no matching cipher

CSCsv20285

Security

Whitney:Authentication to the CA server failed using ION.

CSCsx15430

Security

Verbose name lookup calls in IP context causes PKI to block due to pager

CSCsx17447

Security

IOS not including HOST header in HTTP CRL request

CSCsy16177

Security

scp:copy to router over sshv2 fails with invalid checksum error

CSCsy22311

Security

SCP b/w IOS routers fails while the client is receiving file from server

CSCsc67488

WAN

ARP Req from Frame Relay causes %IP-4-ZERO_ADDR: Zero MAC address Error

CSCso62193

WAN

Standby resets due to parser return error "no frame-relay vc-bundle"

Caveats Resolved in Release 12.2(33)SXH4

Resolved Infrastructure Caveats

Symptom: The Cisco IOS HTTP server and the Cisco IOS HTTPS server provide web server functionality to be used by other Cisco IOS features that require it to function. For example, embedded device managers available for some Cisco IOS devices need the Cisco IOS HTTP server or the Cisco IOS HTTPS server to be enabled as a prerequisite.

One of the functionalities provided by the Cisco IOS HTTP server and the Cisco IOS HTTPS server is the WEB_EXEC module, which is the HTTP-based IOS EXEC Server. The WEB_EXEC module allows for both “show” and “configure” commands to be executed on the device through requests sent over the HTTP protocol.

Both the Cisco IOS HTTP server and the Cisco IOS HTTPS server use the locally configured enable password (configured by using the enable password or enable secret commands) as the default authentication mechanism for any request received. Other mechanisms can also be configured to authenticate requests to the HTTP or HTTPS interface. Some of those mechanisms are the local user database, an external RADIUS server or an external TACACS+ server.

If an enable password is not present in the device configuration, and no other mechanism has been configured to authenticate requests to the HTTP interface, the Cisco IOS HTTP server and the Cisco IOS HTTPS server may execute any command received without requiring authentication. Any commands up to and including commands that require privilege level 15 might then be executed on the device. Privilege level 15 is the highest privilege level on Cisco IOS devices.

Conditions: For a Cisco IOS device to be affected by this issue all of the following conditions must be met:

An enable password is not present in the device configuration

Either the Cisco IOS HTTP server or the Cisco IOS HTTPS server is enabled

No other authentication mechanism has been configured for access to the Cisco IOS HTTP server or Cisco IOS HTTPS server. Such mechanisms might include the local user database, RADIUS (Remote Authentication Dial In User Service), or TACACS+ (Terminal Access Controller Access-Control System)

The Cisco IOS HTTP server is enabled by default on some Cisco IOS releases.

Workaround: Any of the following workarounds can be implemented:

Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an enable password

Customers requiring the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server must configure an authentication mechanism for any requests received. One option is to use the enable password or enable secret commands to configure an enable password. The enable password is the default authentication mechanism used by both the Cisco IOS HTTP server and the Cisco IOS HTTPS server if no other method has been configured.

In order to configure an enable password by using the enable secret command, add the following line to the device configuration:

enable secret mypassword

Replace mypassword with a strong password of your choosing. For guidance on selecting strong passwords, please refer to your site security policy. The document entitled “Cisco IOS Password Encryption Facts” explains the differences between using the enable secret and the enable password commands to configure an enable password. This document is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00809d38a7.shtml

Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an authentication mechanism other than the default

Configure an authentication mechanism for access to the Cisco IOS HTTP server or the Cisco IOS HTTPS server other than the default. Such authentication mechanism can be the local user database, an external RADIUS server, an external TACACS+ server or a previously defined AAA (Authentication, Authorization and Accounting) method. As the procedure to enable an authentication mechanism for the Cisco IOS HTTP server and the Cisco IOS HTTPS server varies across Cisco IOS releases and considering other additional factors, no example will be provided. Customers looking for information about how to configure an authentication mechanism for the Cisco IOS HTTP server and for the Cisco IOS HTTPS server are encouraged to read the document entitled “AAA Control of the IOS HTTP Server”, which is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008069bdc5.shtml

Disabling the Cisco IOS HTTP Server and/or the Cisco IOS HTTPS server functionality

Customers who do not require the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server can disable it by adding the following commands to the device configuration:

no ip http server no ip http secure-server

The second command might return an error message if the Cisco IOS version installed and running on the device does not support the HTTPS server feature. This error message is harmless and can safely be ignored.

Please be aware that disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server may impact other features that rely on it. As an example, disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server will disable access to any embedded device manager installed on the device.

Further Problem Description: In addition to the explicit workarounds detailed above it is highly recommended that customers limit access to Cisco IOS HTTP server and the Cisco IOS HTTPS server to only trusted management hosts. Information on how to restrict access to the Cisco IOS HTTP server and the Cisco IOS HTTPS server based on IP addresses is available at the following link: http://www.cisco.com/en/US/docs/ios-xml/ios/https/configuration/12-4/nm-http-web.html#GUID-BB57C0D5-71DB-47C5-9C11-8146773D1127

Customers are also advised to review the “Management Plane” section of the document entitled “Cisco Guide to Harden Cisco IOS Devices” for additional recommendations to secure management connections to Cisco IOS devices. This document is available at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

Other Resolved Caveats in Release 12.2(33)SXH4

 

Identifier
Technology
Description

CSCef97900

AAA

AAAA-3-DROPACCTLOWMEM warning message somewhat misleading

CSCin45879

AAA

Router reloaded with radius reorder & dead server & server-private

CSCsl29214

AAA

AAA server change leads to bus error crash after "show run" is issued

CSCsl47365

AAA

TACACS+ authorization should ignore unknown attribute

CSCsu21040

AAA

Enable authentication prompts for username/password instead of just pass

CSCsu42152

AAA

authorization fails if fallback method is "if-authenticated"

CSCek37984

Cisco IOS

Inconsistent BERT behaviour observed on TE1 SPA

CSCek40773

Cisco IOS

CE-CE connectivity broken on MPLS VPN with GRE tunnel in VPN core

CSCek71010

Cisco IOS

TB seen at bgp_oer_notify_pep bgp_oer_remove_path bgp_bestpath_old

CSCse12518

Cisco IOS

MET optimized update can cause blackholing and duplicates

CSCsh57238

Cisco IOS

SXF6:sh int cmd on 6148 cards display zero o/p drops even with qos drops

CSCsj04201

Cisco IOS

%MRIB_PROXY-2-MRIB_RP_FAILED_GET_IPC: RP failed allocating IPC buffer

CSCsj06641

Cisco IOS

LI: Traceback found in creating entry in cTap2StreamTable

CSCsj32493

Cisco IOS

IPSEC: Incorrect IPSec connection info in InvalidSPI testing

CSCsj51113

Cisco IOS

crash in ether_cfm_tm_send

CSCsj90758

Cisco IOS

UUT with BGP/DMVPN crashes after restarting iprouting.iosproc

CSCsk19866

Cisco IOS

Unable to boot boomerang image on sup720

CSCsk32209

Cisco IOS

Crash seen on a stand-alone router while generating RSA keys

CSCsk34832

Cisco IOS

Memory leak in HTTP CORE PID 174

CSCsk73838

Cisco IOS

After fabric tiemout is seen, line card did not recover using earl patch

CSCsk78390

Cisco IOS

Naxos crashes while trying to fpd upgrade granikos

CSCsk89852

Cisco IOS

VS2: MEC (LACP) members flap when native subinterface is configured

CSCsk94870

Cisco IOS

VS2: TB @ ether_extract_addr

CSCsl02190

Cisco IOS

ICMPv6 to all node multicast address fail.

CSCsl18525

Cisco IOS

Standby-SP doesn't have mfib table

CSCsl27957

Cisco IOS

%EC-SP-5-CANNOT_BUNDLE2 is seen after inserting WS-SVC-FWM-1

CSCsl32940

Cisco IOS

Router crashes while reloading Naxos

CSCsl37513

Cisco IOS

SYS-2-MOD_TEMPSENSORFAIL:Module w/ X6148A-GE-45AF and CatOS

CSCsl39691

Cisco IOS

Config Sync:Bulk-sync failure due to Servicing Incompatibility after SSO

CSCsl71704

Cisco IOS

VS2:RACL not applied on MEC after disabling netflow & chng flowmask

CSCsm08087

Cisco IOS

Arp unresolved after sh/nosh of egress int ;route-map applied at ingress

CSCsm08971

Cisco IOS

SEA:Soft reload occurs everytime after issue show cmd's and T/B with mz

CSCsm11898

Cisco IOS

IOS:SLB: Incorrect NAT Translation when Nat client is enabled

CSCsm19550

Cisco IOS

sup720 rx intr should check tx descriptor exhaustion

CSCsm22385

Cisco IOS

V4 VPN traffic stops after toggling agg. label between vpn-cam and tcam

CSCsm26063

Cisco IOS

C2W2:Active RP Crash on sh/no sh of intf with ipv6 address configured

CSCsm28287

Cisco IOS

Active RP crash on shutdown of GRE tunnel followed by switchover

CSCsm40606

Cisco IOS

WS-X6724 SFP get's reboots again and again with TestSynchedFab Failed

CSCsm43962

Cisco IOS

Cat6k L2TP packet looped through blocked port

CSCsm48287

Cisco IOS

Drop counters for VPLS VC not incrementing

CSCsm64424

Cisco IOS

C2W1: Copy command generates spurious authorization requests

CSCsm65386

Cisco IOS

WS-X6516A-GBIC card resets on SSO.

CSCsm66602

Cisco IOS

SIP 400 loses VPLS VC entry on shutting down the MPLS TE tunnel

CSCsm75286

Cisco IOS

bgp route-map doesn't work correctly when deleted part of sequences

CSCsm79344

Cisco IOS

Bogus "TCAM MASK entry capacity exceeded" message

CSCsm82472

Cisco IOS

DAI: L2-Portchannel formed for member's DAI trust mismatch

CSCsm84267

Cisco IOS

Tracebacks & %CPU_MONITOR-SP-6-NOT_HEARD: messages with NAT.

CSCsm85936

Cisco IOS

UUT cpu at 40% with bi-dir traffic across a single tunnel

CSCso00864

Cisco IOS

Standby sup crashed on configuing local-address command for cry map

CSCso05920

Cisco IOS

cpmCPUMemoryFree incorrect for Posix memory

CSCso18683

Cisco IOS

IP DSCP Re-circulation not working as expected after issu runversion.

CSCso27956

Cisco IOS

TCAM ASSERT FAILURE on LI stress with add/removal of lots of streams

CSCso28275

Cisco IOS

Traffic polarization within a MEC on VSS.

CSCso28791

Cisco IOS

MAC_MOVE-SP-4-NOTIF seen for L2TP packets over dot1q tunnel

CSCso29141

Cisco IOS

DFC installs drop index for MAC-address

CSCso29226

Cisco IOS

IP source guard is not supported on ether channel member

CSCso30038

Cisco IOS

A OIL is not registerd properly in mroute table with static igmp group

CSCso32193

Cisco IOS

IPv6 software switched in Egress replication mode

CSCso35250

Cisco IOS

unexpected reload while communicating with CNS server

CSCso39818

Cisco IOS

Ingress Marking not working on SIP-600 on linecard reset/ toggle mlsqos

CSCso48665

Cisco IOS

vlan filter can't be removed totally

CSCso49344

Cisco IOS

Egress policing policy not programmed in SIP-600 after system reload.

CSCso57020

Cisco IOS

VSS: After sso, the RBH values on orphan PO flips w/o link/po flapping

CSCso57886

Cisco IOS

unrestricted while loop when looking for EOS flag in the packet

CSCso60528

Cisco IOS

C2W2: FWSM - Standby FWSM PO shows down and links go down eventually

CSCso66357

Cisco IOS

Classification on nbar fails on removing pmap from other pvc on ATM M2P

CSCso71955

Cisco IOS

Alignment errors with netflow on Interface, crash on 7600/6500

CSCso72178

Cisco IOS

W2:TestCapture,TestTrap & TestIPv6FibShortcut diag failed ondemand&boot

CSCso72541

Cisco IOS

%MFIB_STATS-DFC2-2-MFIB_STATS_LC_FAILED_GET_COUNTERS for Sip 600

CSCso74559

Cisco IOS

C2W2: Mago IOS "test Crash" create crashinfo file on bootflash only

CSCso85133

Cisco IOS

DOM tranceiver "voltage" values are always Zero in SUP4

CSCso86544

Cisco IOS

Afer SSO, new active SP crashes @ pm_vlan_get_portlist

CSCso88042

Cisco IOS

Wism module Allowed-Vlan statements lost on reload

CSCso88772

Cisco IOS

sp-inband tx capture causes primary SUP to hang

CSCso93708

Cisco IOS

IPsec-HA:RFclient timingout on7200 running 12.4(15)Tx, AdvSecurity fse

CSCso98143

Cisco IOS

Router crash at pm_platform_private_alloc_and_reserve_vlan

CSCsq04075

Cisco IOS

C2W2:DHCP Snooping entries not cleared after removing IP Source Guard

CSCsq04274

Cisco IOS

Memory leak observed on l2_vlan_stat_mem_allocate during vlans creation

CSCsq14259

Cisco IOS

TX Flowcontrol goes on when link negotiation is disabled

CSCsq15308

Cisco IOS

timer not stopped properly for eem policy scripts

CSCsq21051

Cisco IOS

W2: Heathland mode change doesn't work after the second SSO switchover

CSCsq26223

Cisco IOS

WS-X6348-RJ-45 Blackholing traffic/reset continously

CSCsq36972

Cisco IOS

Portchannel does not form. Log messages indicate misconfig.

CSCsq37376

Cisco IOS

Packet Buffer Capture May Crash a 6500 in IOS

CSCsq44850

Cisco IOS

c2w2 : TB seen at %PM-3-INTERNALERROR: Port Manager Internal Software Er

CSCsq46590

Cisco IOS

Packet loss during SSO failover on ECMP supervisor uplinks

CSCsq51231

Cisco IOS

ALIGN-3-SPURIOUS: Spurious memory access made @ idbman_get_port_swidb

CSCsq51249

Cisco IOS

Monitor session removal may affect traffic through WS-X6148A-RJ-45

CSCsq51378

Cisco IOS

ATM PA Interface shows up/up after force redundancy, no cables connected

CSCsq53085

Cisco IOS

VS: 15 seconds down time upon module reset

CSCsq56747

Cisco IOS

Active SP CPU 100% after SSO switchover with 080527 ION image

CSCsq59297

Cisco IOS

port-channel IDB gets mixed up

CSCsq61089

Cisco IOS

VS2: physical OIR of 6708 causes 16 seconds interruption

CSCsq63727

Cisco IOS

WS-X6748-GE-TX - input and output errors seen during auto negotiation

CSCsq67001

Cisco IOS

Standy switch reloaded by auto qos on MEC standby member port

CSCsq73317

Cisco IOS

MAB authorization failed with port-security

CSCsq77043

Cisco IOS

EEM long hostname prevents tcl cli_open from functioning

CSCsq77381

Cisco IOS

W2: Diag - TestL3Capture2 failed after LV-SSO

CSCsq78513

Cisco IOS

VSS: Etherchannel counters incorrect

CSCsq78956

Cisco IOS

strcpy of binary can cause mem corruption

CSCsq79253

Cisco IOS

Pinnacle interrupts not re-enabled after memory inconsistency detected

CSCsq80270

Cisco IOS

Cat 6k crashes randomly after IPSec SPA module is inserted.

CSCsq80891

Cisco IOS

VSS switches reload at the same time after VSL link failure

CSCsq81116

Cisco IOS

c2w2:Device crash @ oer_cc_free_message while unconfiguring

CSCsq81235

Cisco IOS

Cannot configure a vrf again when deleted using 'no ip vrf' command

CSCsq82663

Cisco IOS

SLB router CPU usage is high with GE interface

CSCsq82991

Cisco IOS

IPSG Pacl entry appears after the ISSU RV or SSO

CSCsq83219

Cisco IOS

Standby SP crashed at sp_reset_slcp after "redundancy reload peer"

CSCsq83789

Cisco IOS

LTL for unknow unicast is wrongly programmed for some L3 interfaces

CSCsq84116

Cisco IOS

Cisco 7604 with OC3, Flexwan crashes into ROMMON

CSCsq85139

Cisco IOS

VS2: Can not establish session to standby NAM

CSCsq85850

Cisco IOS

Opnext GLC-LH-SM :remote port stays up when local RX cable is removed

CSCsq89415

Cisco IOS

"no bert" indicates "abort request" instead of "stopped"

CSCsq91258

Cisco IOS

L2 entry purged from hardware when in use by L3 shortcut

CSCsq94136

Cisco IOS

Burst of traffic cause anti-replay check to fail

CSCsq94366

Cisco IOS

Mem leak in rrp_update_peer_info_on_rp

CSCsq97640

Cisco IOS

Resetting Standby Sup4 multiple times causes lincecard switchbus timeout

CSCsq98887

Cisco IOS

Packet drop on applying and removing ACL on tunnel interface with pim

CSCsr02723

Cisco IOS

MDEBUG:Spurious memory access detected at env_sensor_get_update

CSCsr02816

Cisco IOS

ISSU tracebacks seen on SP during runversion at MsgReceive.S:14

CSCsr06914

Cisco IOS

fm_slb_inbad_send():Invalid Flowmask errors upgrading to 12.2(33)SXH2a

CSCsr07565

Cisco IOS

TCAM didn't reprogram after removing dynamic ACE

CSCsr08985

Cisco IOS

CMM ports going to shutdown state on reload in Whitney 1

CSCsr09554

Cisco IOS

Move SIBYTE SB_RMON_OVRFL messages under debug

CSCsr13633

Cisco IOS

%PM-3-INTERNALERROR: Port Manager Internal Software E

CSCsr18656

Cisco IOS

BPDU bit is over written when 2nd PCL lookup is enabled.

CSCsr18924

Cisco IOS

kernel idle hook thread in IOS-Base taking 50% CPU

CSCsr20679

Cisco IOS

VSL PO as SPAN source and Orphan PO as SPAN destination not allowed

CSCsr26663

Cisco IOS

C2W2: GLBP 800 peers with default timers flap after SSO

CSCsr37131

Cisco IOS

buginf calls in l2trace when 'debug l2trace' is disabled

CSCsr45495

Cisco IOS

PBR with deny statements : TCAM running out of masks

CSCsr45851

Cisco IOS

ifOperStatus for Control Plane Interface is always down

CSCsr48938

Cisco IOS

UNBL:bootldr image can't boot on SupW

CSCsr49669

Cisco IOS

Match protcol arp doesnt work in whitney1 earlier it was working for Roc

CSCsr51799

Cisco IOS

pa-mc-8t1 interface down after stopping BERT prematurely

CSCsr55523

Cisco IOS

WCCP service group ID is zero in ACL TCAM Adjacency

CSCsr58773

Cisco IOS

VS2: After SSO, VSL member stuck in "w" state, and MEC errors

CSCsr63831

Cisco IOS

show platform hardware capacity fabric - incorrect % and time-SXH3

CSCsr66588

Cisco IOS

Netflow SLB aging parameter values are not synced to SP after reload

CSCsr72427

Cisco IOS

WS-X6148-45AF/WS-F6K-FE48-AF %ILPOWER-5-ILPOWER_MISCONFIG after reload

CSCsr75094

Cisco IOS

MDEBUG: Spurious Memory Access on SSO

CSCsr78910

Cisco IOS

time not updated in 'System returned to ROM by reload' in show version

CSCsr81962

Cisco IOS

C2W1: Monitor session servicemodule causes internal loop on SUP720-10GE

CSCsr82501

Cisco IOS

Change global function to static breaks install patch feature in SXH

CSCsr93467

Cisco IOS

c2w2:Traceback seen while doing "switch accept mode virtual "

CSCsr96283

Cisco IOS

High CPU due to add/del SPAN configs

CSCsr99933

Cisco IOS

FWLB: High purge rate causes CPU to increase by 15%

CSCsu03297

Cisco IOS

RE: Fabric force bus-mode does not work anymore

CSCsu03772

Cisco IOS

Dot1q native vlan tagging is not working with "switchpot nonegotiate"

CSCsu05800

Cisco IOS

C2W2: need to extend the wait time for bus sync after sso

CSCsu22349

Cisco IOS

Removing ACL or service policy from vrf interface drops traffic

CSCsu24825

Cisco IOS

SUP32 unstable to communicate with all neighbors after reload

CSCsu29117

Cisco IOS

PE send traffic back to EoMPLS tunnel after lsp path changed

CSCsu31651

Cisco IOS

VSS: Traffic dropped on non-bundled port if RBH=0

CSCsu33221

Cisco IOS

"Flood in diag inband driver" messages followed by silent reload.

CSCsu37481

Cisco IOS

Netflow Incorrect Octet value with packet-based sampling

CSCsu44534

Cisco IOS

Sup NSF/SSO causes 4 sec traffic loss over EC with uplink ports.

CSCsu45210

Cisco IOS

Upgrade 12.2SXF-> 12.2SXH with Port-Security causes standby boot loop

CSCsu46124

Cisco IOS

SVI ifInMulticastPkts ifOutMulticastPkts are always zero

CSCsu48150

Cisco IOS

Enhancement to Me_Kr register dumps from CSCsg21809

CSCsu49002

Cisco IOS

ciscoIpMRouteBps sometimes indicates wrongful value

CSCsu55635

Cisco IOS

Load values of PO members with Fixed algo get 0 during bootup on Standby

CSCsu57958

Cisco IOS

DHCP-Snooping not intercepting DHCP messages from the Server

CSCsu59556

Cisco IOS

Traceback seen @ fibidb_init

CSCsu63335

Cisco IOS

"Failed to find process pid" error message on 12.2(33)SXH3

CSCsu64581

Cisco IOS

Last port of T3/E3 SPA connected back to back does not ping

CSCsu68698

Cisco IOS

No syslogs and stack on console when SP crashes due RP boot timeout

CSCsu69177

Cisco IOS

C2W2: Traffic drop after SSO on SUP4 P router w/ IP and MPLS traffic

CSCsu72496

Cisco IOS

%PM-3-INTERNALERROR: Port Manager Internal Software Error

CSCsu72884

Cisco IOS

Modifying match criteria frm v6 to v4 doesnt change tcam label state

CSCsu73128

Cisco IOS

C2W2-ION-080922: Crash on Plain IPSec tunnel setup

CSCsu76070

Cisco IOS

duplicate packets when lawful intercept is enabled

CSCsu81785

Cisco IOS

6500 can no longer receive the ACL as filter ID from

CSCsu82768

Cisco IOS

Crash at pclc_g2_fw_offline_notification after SSO

CSCsu91714

Cisco IOS

IGMP-JOIN is lost from SUP to MSFC

CSCsu94880

Cisco IOS

Bus error crash at fm_format_inband_adj_data

CSCsu95605

Cisco IOS

Route-map with "match route-type local" not functioning properly

CSCsv30359

Cisco IOS

HSRP: CPU hog when no failover bound to crypto

CSCsv34415

Cisco IOS

Diag failure on power-cycle puts VSS switches in rommon

CSCsv43802

Cisco IOS

High CPU utilization triggers crash in diags.

CSCsq31981

Content

WCCP: redirection does not work with CEF and ip accounting

CSCsh45091

Infrastructure

Port fix for CSCed94684 for ws-c3750-24p

CSCsh63508

Infrastructure

disk0:/sys/cpmbit/base is busy, try again later msg on stby SP on SSO.

CSCsi88974

Infrastructure

LI: Malloc failure on setting MD src interface as Loopback interface

CSCsj06593

Infrastructure

CPU hog msgs for RFSS worker process and Async write process

CSCsj52992

Infrastructure

CPU hogs when configuring snmp-server host

CSCsj54606

Infrastructure

end of summer-time can be set earliar than start of summer time

CSCsk91176

Infrastructure

PXF crash causes IPC timeout to all linecards in the chassis

CSCsm01126

Infrastructure

PRE-B crashes while in progress to standby cold-config

CSCsm14366

Infrastructure

Empty crash file generated on wan module crash at boot-up

CSCsm32392

Infrastructure

memory corruption crash at nv_ifs_open and nv_ifs_close

CSCsm47417

Infrastructure

W2:seting ceExtSysBootImageList cause "wr mem" not working correctly

CSCsm78184

Infrastructure

Switchover failed with %C10KISSU-3-GET_MSG_MTU messages

CSCso21611

Infrastructure

Crash at internal idb counter increment function

CSCsq03621

Infrastructure

Timestamps in "show rmon events" wrap at 2^32-1 milliseconds (7+ weeks)

CSCsq16325

Infrastructure

Incomplete serial interface command creates interface

CSCsq34676

Infrastructure

Modular IOS: show process cpu sorted triggers unexpected reload

CSCsq35093

Infrastructure

XDR-6-XDRIPCNOTIFY: Message not sent to slot 1/0 (1) because of IPC

CSCsq60922

Infrastructure

Modular IOS:Router crashed with SNMP copy and with format in console

CSCsr50834

Infrastructure

CPU HOG after changing logging buffered up to 50MB

CSCsr60789

Infrastructure

W1.3: VSL crash after preemptive switchover in ifs_open_file_decrement

CSCsr64361

Infrastructure

Standby continously resetting due to SNMP RF client notification timeout

CSCsu37266

Infrastructure

Modular IOS: tcp.proc terminated due to signal SIGSEGV

CSCsi66366

IPServices

All transport protocols are displayed in running config for VTY

CSCsj83854

IPServices

Incorrect static nat entries programmed in nat table

CSCsm35794

IPServices

Ignoring Coup after changing HSRP active router's priority

CSCsm79082

IPServices

RP crash at dispatch_thread_pool when restarting tcp.proc

CSCsq60504

IPServices

Modular IOS Sup720: crashed with tcp timeout logs

CSCsq90529

IPServices

Issue with active ftp on the SXH1

CSCsq97870

IPServices

Router crash with 'show standby' if group deleted from 2nd terminal

CSCsr08771

IPServices

Crash seen @ dhcpd_pool_nvgen and dhcpd_copy_bootfile

CSCsr55990

IPServices

HSRP mac dynamic on routed pseudowire after reload on active router

CSCsu21716

IPServices

No unsolicited igmp report sent for mroute-proxy

CSCsg87930

LAN

i82543 driver should not increase input queue drop counter

CSCsr76818

LAN

input queue wedge on SP due to VTP packets

CSCsh33167

LegacyProtocols

Dlsw transparent cache holds MAC address for disconnected circuit

CSCsq79032

Management

Excessive remote registry invocation on 'waiting_on_switchover' registry

CSCsq84595

Management

high # of remote reg. invocation (35 rpc/sec) 'get_unidirectional_mode'

CSCsr93672

Management

Native vlan is not getting displayed in "show cdp neighbors" output

CSCuk57502

Management

CDP does not report IPv6 addresses for Modular IOS.

CSCsm70668

MPLS

OIR over E3:POS impacting complete Traffic with biscuit tunnel

CSCso21506

MPLS

Import Map under vrf blocks bgp aggregate prefix

CSCsq46044

MPLS

Error MFI_LABEL_BROKER-3-DELETE_MOI_FAIL and LSD_CLIENT-3-PCHUNK2

CSCsq78822

MPLS

Cannot clear specific LDP neighbor, when router-id not in bound address

CSCsq91960

MPLS

failed to delete vrf when it is 32 characters long

CSCsq93004

MPLS

Possible memory corruption with TE auto-tunnel primary and subinterface

CSCsr40433

MPLS

mpls te - explicit path with loose nhops - re-optimization failure

CSCsu62667

MPLS

LSP ID change after SSO due to failure in signalling recovered LSP

CSCsm77608

Multicast

IP Multicast packets are Process switched.

CSCsr09312

Multicast

crash when doing mrm stop

CSCsr36971

Multicast

Memory Leak @ PIM process

CSCsr49316

Multicast

Crash ipv6_static_route_find after configured & executed show ipv6 rpf x

CSCsu02051

Multicast

S,G expiry timer change is not allowed in Whitney1

CSCsu71983

Multicast

Memory Leak @ PIM process

CSCsq37078

PPP

Input errors incrementing on Multilink 5 in admin down state

CSCsg18894

QoS

Queue-limit command should be allowed in conjunction with priority

CSCsl62963

QoS

Router Crashes, Reconfigure a Policy -af_police_remove_coloraware

CSCsm00570

QoS

cwpa2 crashes at hqf_cwpa_pak_enqueue_local

CSCsm28515

QoS

Marking not happening on FlexWAN interface with SXH after oir/reload

CSCsu03813

QoS

Upgrading from rockies to w2 deletes the police action from pmap

CSCsg90755

Routing

Standby keeps reloading due to PRC mismatch in IPv4 MDT AF config sync

CSCsi68795

Routing

PE wrongly assigns local label to a vpnv4 confederation prefix

CSCsj39016

Routing

warn_assert failed:../fib/fib_table.c:2947 tal_tree_get_item_count_nonf

CSCsj78403

Routing

clear ip bgp causes crash to RR client with conditional route injection

CSCsk86150

Routing

w/ BGP auto-summary enabled, networks are lost from BGP after EIGRP flap

CSCsk86476

Routing

OSPF fails in MTU-mismatch setup when mtu-ignore is configured

CSCsm26130

Routing

BGP with auto-summary not injecting locally orig. route into BGP table

CSCsm30569

Routing

CEF path fragmentation broken for static IPSec VTI

CSCsm50741

Routing

Removal of DCbitless LSA causes problems

CSCsm72604

Routing

OSPF remaining summary route when dual OSPF process redistributing

CSCso08786

Routing

Standby reloads due to config sync failure on inherit peer-policy cmd.

CSCso54167

Routing

BGP peer stuck with table version 0

CSCso80951

Routing

BGP peers with same policy fall into different update-group with SOO

CSCso93535

Routing

Upon removing a VRF, BGP route timers in other VRF's get reset

CSCsq05602

Routing

TE tunnels are down but still show in the forwarding table

CSCsq13938

Routing

reload on 'show ip bgp vpnv4' when import src delinked by BGP deconfig

CSCsq36206

Routing

MDT tunnels not getting created on 7206 Device

CSCsq38431

Routing

OSPF "summary address" is executed, even if subnet is becoming small

CSCsq49201

Routing

Password in BGP peer-session template not inherited

CSCsr67562

Routing

Support for running ispf with nodes having overload bit configured

CSCsr83639

Routing

Bus error crash when removing BGP configuration

CSCsr96042

Routing

ASR: IOSD crashes at bgp_vpn_import_walker while unconfiguring vrf

CSCsu03167

Routing

SXF15: IPv4/v6 BGP routes not cleared when source routes is gone

CSCsu24087

Routing

Cisco7609 crashes after "clear ip bgp neighbor x.x.x.x soft in"

CSCsu36709

Routing

Unable to boot IOS image on PE (vrf-enabled) router - software fault

CSCsu40881

Routing

Secondary EIGRP address on VRF not added/deleted properly to EIGRP topo

CSCeg49153

Security

PKI: crl checking takes too long to timeout if the server is down

CSCsd81870

Security

Teraterm + TTSSH2 does not work in SSH Ver.2

CSCsf17406

Security

Large CRLs can cause memory leaks

CSCsg48392

Security

Resuming SSH Session Fails After Disconnecting Another One (Not Console)

CSCso48959

Security

user not reported by "login on-success log" feature for SSH logins

CSCsq58748

Security

IPSEC: IKMP process can get blocked by some PKI OCSP requests

CSCsq60016

Security

Router crashes when entering a long RSA key string

CSCsr85093

Security

SXF15: SSH session fails withRSA signature verification failed after SSO

CSCsr86489

Security

C6k: SCP file copy causes RP crash during authorization of user

CSCsg32308

WAN

copy/paste of ntp-authentication-key statement is not possible

CSCsq18856

WAN

FR SVCs cannot be setup

CSCsq47900

WAN

OIR operation on POS interfaces with APS result in ALIGN error

Caveats Resolved in Release 12.2(33)SXH3a

Resolved Infrastructure Caveats

Symptom: The Cisco IOS HTTP server and the Cisco IOS HTTPS server provide web server functionality to be used by other Cisco IOS features that require it to function. For example, embedded device managers available for some Cisco IOS devices need the Cisco IOS HTTP server or the Cisco IOS HTTPS server to be enabled as a prerequisite.

One of the functionalities provided by the Cisco IOS HTTP server and the Cisco IOS HTTPS server is the WEB_EXEC module, which is the HTTP-based IOS EXEC Server. The WEB_EXEC module allows for both “show” and “configure” commands to be executed on the device through requests sent over the HTTP protocol.

Both the Cisco IOS HTTP server and the Cisco IOS HTTPS server use the locally configured enable password (configured by using the enable password or enable secret commands) as the default authentication mechanism for any request received. Other mechanisms can also be configured to authenticate requests to the HTTP or HTTPS interface. Some of those mechanisms are the local user database, an external RADIUS server or an external TACACS+ server.

If an enable password is not present in the device configuration, and no other mechanism has been configured to authenticate requests to the HTTP interface, the Cisco IOS HTTP server and the Cisco IOS HTTPS server may execute any command received without requiring authentication. Any commands up to and including commands that require privilege level 15 might then be executed on the device. Privilege level 15 is the highest privilege level on Cisco IOS devices.

Conditions: For a Cisco IOS device to be affected by this issue all of the following conditions must be met:

An enable password is not present in the device configuration

Either the Cisco IOS HTTP server or the Cisco IOS HTTPS server is enabled

No other authentication mechanism has been configured for access to the Cisco IOS HTTP server or Cisco IOS HTTPS server. Such mechanisms might include the local user database, RADIUS (Remote Authentication Dial In User Service), or TACACS+ (Terminal Access Controller Access-Control System)

The Cisco IOS HTTP server is enabled by default on some Cisco IOS releases.

Workaround: Any of the following workarounds can be implemented:

Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an enable password

Customers requiring the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server must configure an authentication mechanism for any requests received. One option is to use the enable password or enable secret commands to configure an enable password. The enable password is the default authentication mechanism used by both the Cisco IOS HTTP server and the Cisco IOS HTTPS server if no other method has been configured.

In order to configure an enable password by using the enable secret command, add the following line to the device configuration:

enable secret mypassword

Replace mypassword with a strong password of your choosing. For guidance on selecting strong passwords, please refer to your site security policy. The document entitled “Cisco IOS Password Encryption Facts” explains the differences between using the enable secret and the enable password commands to configure an enable password. This document is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00809d38a7.shtml

Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an authentication mechanism other than the default

Configure an authentication mechanism for access to the Cisco IOS HTTP server or the Cisco IOS HTTPS server other than the default. Such authentication mechanism can be the local user database, an external RADIUS server, an external TACACS+ server or a previously defined AAA (Authentication, Authorization and Accounting) method. As the procedure to enable an authentication mechanism for the Cisco IOS HTTP server and the Cisco IOS HTTPS server varies across Cisco IOS releases and considering other additional factors, no example will be provided. Customers looking for information about how to configure an authentication mechanism for the Cisco IOS HTTP server and for the Cisco IOS HTTPS server are encouraged to read the document entitled “AAA Control of the IOS HTTP Server”, which is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008069bdc5.shtml

Disabling the Cisco IOS HTTP Server and/or the Cisco IOS HTTPS server functionality

Customers who do not require the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server can disable it by adding the following commands to the device configuration:

no ip http server no ip http secure-server

The second command might return an error message if the Cisco IOS version installed and running on the device does not support the HTTPS server feature. This error message is harmless and can safely be ignored.

Please be aware that disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server may impact other features that rely on it. As an example, disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server will disable access to any embedded device manager installed on the device.

Further Problem Description: In addition to the explicit workarounds detailed above it is highly recommended that customers limit access to Cisco IOS HTTP server and the Cisco IOS HTTPS server to only trusted management hosts. Information on how to restrict access to the Cisco IOS HTTP server and the Cisco IOS HTTPS server based on IP addresses is available at the following link:

http://www.cisco.com/en/US/docs/ios-xml/ios/https/configuration/12-4/nm-http-web.html#GUID-BB57C0D5-71DB-47C5-9C11-8146773D1127

Customers are also advised to review the “Management Plane” section of the document entitled “Cisco Guide to Harden Cisco IOS Devices” for additional recommendations to secure management connections to Cisco IOS devices. This document is available at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

Other Resolved Caveats in Release 12.2(33)SXH3a

 

Identifier
Technology
Description

CSCsu03167

Routing

SXF15: IPv4/v6 BGP routes not cleared when source routes is gone

Caveats Resolved in Release 12.2(33)SXH3

Resolved IPServices Caveats

A router that has DHCP server enabled could reload after receiving a malformed UDP packet.

Workaround: None

Resolved Security Caveats

Symptoms: Devices running Cisco IOS may reload with the error message “System returned to ROM by abort at PC 0x0” when processing SSHv2 sessions. A switch crashes. We have a script running that will continuously ssh-v2 into the 3560 then close the session normally. If the vty line that is being used by SSHv2 sessions to the device is cleared while the SSH session is being processed, the next time an ssh into the device is done, the device will crash.

Conditions: This problem is platform independent, but it has been seen on Cisco Catalyst 3560, Cisco Catalyst 3750 and Cisco Catalyst 4948 series switches. The issue is specific to SSH version 2, and its seen only when the box is under brute force attack. This crash is not seen under normal conditions.

Workaround: There are mitigations to this vulnerability: For Cisco IOS, the SSH server can be disabled by applying the command crypto key zeroize rsa while in configuration mode. The SSH server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only way to completely disable the SSH server.

Access to the SSH server on Cisco IOS may also be disabled via removing SSH as a valid transport protocol. This can be done by reapplying the transport input command with ‘ssh’ removed from the list of permitted transports on VTY lines while in configuration mode. For example: line vty 0 4 transport input telnet end

If SSH server functionality is desired, access to the server can be restricted to specific source IP addresses or blocked entirely using Access Control Lists (ACLs) on the VTY lines as shown in the following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html

More information on configuring ACLs can be found on the Cisco public website: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Resolved Unknown Caveats

Cisco IOS Software Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is vulnerable to a Denial of Service (DoS) attack from specially crafted packets. Only the MFI is affected by this vulnerability. Older Label Forwarding Information Base (LFIB) implementation, which is replaced by MFI, is not affected.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080924-mfi

Other Resolved Caveats in Release 12.2(33)SXH3

 

Identifier
Technology
Description

CSCdu79630

AAA

Username on vty not displayed if accounting is not configured

CSCsg18288

AAA

Enable authentication ignores Tacacs+ configuration in rare situation

CSCsl10068

AAA

AAA api migration in login.c, exec.c.

CSCsl45701

AAA

TACACS+ per VRF authen failing: Address already in use

CSCsl57645

AAA

tacacs-server directed-request fails for enable authentication on 6500

CSCso87641

AAA

Tacacs unable to connect to server

CSCso95426

AAA

Exposure of Radius-Keys in debugs.

CSCsq98160

AAA

No communication between SW and AAA with IPBase image

CSCsr26098

AAA

SSH/Telnet failed with IPBase image on Sup32 with AAA server

CSCei33231

ATM

ATM PVC bundle protected group test failed with bumping exhausted

CSCek74474

ATM

no/default proto ip inarp cmd ineffective until ATM VC bounced.

CSCsh98378

ATM

Router crashes at atm_create_vp_db

CSCsi72854

ATM

Inconsistent IMA CLI after router reload.

CSCsk72676

ATM

Pvc not coming up after removing vc-class from it

CSCin67287

Cisco IOS

NxDS0 BERT capability on PA-MC-8TE1+

CSCsc24015

Cisco IOS

Parser loops infinitely for match route-type [ext

CSCsc85962

Cisco IOS

Replaying Main Mode packet causing IKE SA deletion

CSCsd69625

Cisco IOS

EZVPN:IOS C876 Client can't connect to ASA using digi certs and noXauth

CSCse31572

Cisco IOS

Bus error at crypto_ikmp_config_authenticated

CSCse53517

Cisco IOS

WiSM: Tracebacks seen after SSO switchover

CSCsg22830

Cisco IOS

Standby not coming up after sso switchover

CSCsg87747

Cisco IOS

RECV_PVID_ERR message received with bringing up etherchannel trunk

CSCsh61002

Cisco IOS

SPA-5X1GE: GE-port not transmitting after 'shut/no shut' and vica versa

CSCsi49150

Cisco IOS

%PM-SP-4-PORT_BOUNCED: Port Gi9/3 was bounced by Consistency Check IDBS

CSCsi63649

Cisco IOS

%SYS-3-TIMERNEG:Cannot start timer with negative offset,TTY Background

CSCsi85453

Cisco IOS

cfg-sync failed if switchport config is pasted on active & stby restart

CSCsi94738

Cisco IOS

8xCHT1/E1 SPA modules not in entAliasMappingIdentifier

CSCsj37398

Cisco IOS

Properly initialize the Tycho register AC_QOS_DEFAULT_EGRESS (0x334)

CSCsj43677

Cisco IOS

Active Sup720 crash when removing Standy supervisor

CSCsj49293

Cisco IOS

POS Interface Output Rate (200 mbps) > Line rate (155 Mbps)

CSCsj78820

Cisco IOS

MEM leak in Crypto IKMP process(crypto_ikmp_author_get_attributes)

CSCsj85897

Cisco IOS

SPA-TE1-Linkrec's out of sync between SPA and LC

CSCsj86153

Cisco IOS

Modular IOS CPU load oscillates even under constant load

CSCsj91738

Cisco IOS

Non-ip packet with mcast-mac addr cause high CPU with VPN-SPA VRF mode.

CSCsj94539

Cisco IOS

Spurious Alarms in PA-MC-8TE1+ may cause router crash

CSCsj98198

Cisco IOS

When we have only 1 flow in TT, flows are not exported to MC

CSCsj98492

Cisco IOS

Pak subblock handlers need to be part of packet library

CSCsk19817

Cisco IOS

shut/no shut causes pm failed get pm mp semaphore

CSCsk67457

Cisco IOS

BCP-MLP:Traffic stops flowing making one link shut on multilink

CSCsk77462

Cisco IOS

IETF Class attribute is missing in radius accounting record

CSCsk88273

Cisco IOS

Traceback seen @edisms on clearing counter on Active SP

CSCsk93366

Cisco IOS

lte_rp_get_lte_update_xdr_size/fib_upd_consume_rec_meets_upd_rec crash

CSCsl04386

Cisco IOS

%BIT-STDBY-4-OUTOFRANGE : Traceback on Bootup.

CSCsl06059

Cisco IOS

Router crash at route_map_vrf_af_change_nh

CSCsl11335

Cisco IOS

MVPN-MIB:Entries obtained from "ciscoMvpnBgpMdtUpdateTable" is incorrect

CSCsl11868

Cisco IOS

With IP CEF enabled ACL is not denying packets as intended..

CSCsl17798

Cisco IOS

Etherchannel state inconsistent between active and standby

CSCsl28371

Cisco IOS

SPA-IPsec-2G VRF: L2 loop and broadcast storm may occur on default vlans

CSCsl34481

Cisco IOS

IPV6-MCAST:router crashes while unconfiguring ipv6 mcast routing

CSCsl35325

Cisco IOS

MRIB client remains after a linecard removal

CSCsl39710

Cisco IOS

cat6000 mac-address-table does not add entries for local fwsm mac..

CSCsl40528

Cisco IOS

VS2: Port-channel fails to forward unicast packets after switchover.

CSCsl53494

Cisco IOS

C7600-SSC-400: Error message display incorrect product name

CSCsl53727

Cisco IOS

Add UDLD interface counters for debugging purpose

CSCsl61164

Cisco IOS

Router may crash @ipflow_fill_data_in_flowset when changing flow version

CSCsl69123

Cisco IOS

SIP-400:QoS:Police drops MPLSCP, CDPCP negotiation packets - SRA,SRB

CSCsl70667

Cisco IOS

12.2(33)SRB2: LC crash at fib_fib_feature_space_xdr_decode

CSCsl72912

Cisco IOS

VS2: WS-X6708 DFC crash in local_cb1(Segment violation)

CSCsl80682

Cisco IOS

SPA crashes if crypto acl changed

CSCsl89890

Cisco IOS

VS2: crash in psecure-process_timer

CSCsl93559

Cisco IOS

Unsupported ISL encap CLI option should be disabled on 6716

CSCsl94393

Cisco IOS

OPNEXT / Sup32 uplink port stays up when far-end port down.

CSCsl98238

Cisco IOS

QoS statistics-export only exports to directly-connected destinations

CSCsm04256

Cisco IOS

CPUHOG and crash after 'show memory detailed all statistics' issued

CSCsm24906

Cisco IOS

IPV6 neighbour discovery not working on SVI intf under VRF

CSCsm32363

Cisco IOS

Netflow SLB sw-installed entries not aging out

CSCsm37673

Cisco IOS

Traffic from SSLM service module not going over multi-module etherchanne

CSCsm54873

Cisco IOS

EEM some time are not triggered properly

CSCsm56279

Cisco IOS

C2W2: Important enhancements to "test swi vir ltl index" CLI

CSCsm59039

Cisco IOS

Message "ME_AR#0 WARNING: Cannot FLUSH Dic#0" seen for WS-X6708A-10 LC

CSCsm59384

Cisco IOS

DPD not deleting IKE SA's

CSCsm59926

Cisco IOS

RP receives 2 copies of each PIM register with MVPN

CSCsm59949

Cisco IOS

vtp3:with 4k vlan HA reload/sso causes the standby to reload continuosly

CSCsm69112

Cisco IOS

Multicast output drop w/ IGMP snooping @ near line rate 1Gbps

CSCsm69827

Cisco IOS

%SYS-2-MALLOCFAIL:Process= "GraphIt" in SXH1_fc3

CSCsm70707

Cisco IOS

WS-X6748-SFP shutdown(Could not set appropriate Switching mode)

CSCsm70774

Cisco IOS

Router crashes at cfg_kron_plcy_sbmd_cmd.

CSCsm71537

Cisco IOS

divide by 0 crash in oer_br_update_iface_counters

CSCsm72807

Cisco IOS

DHCP packets can get corrupted in an SSO environment

CSCsm75020

Cisco IOS

EARL7 Additional ECC Error Handling enhancements

CSCsm76111

Cisco IOS

10G ports generate CRC errors when using CISCO-FINISAR transceivers

CSCsm77171

Cisco IOS

Router crash when "ip flow" enabled.

CSCsm77923

Cisco IOS

C6k: Invalid vlan iface order in config after new vlan iface addition

CSCsm82264

Cisco IOS

VS2: Entire VSS system goes down after restarting call-home process

CSCsm82958

Cisco IOS

radius sticky entry deleted even if the idle timer is not 0

CSCsm84257

Cisco IOS

crash in ipflow_periodic context due to watchdog timeout

CSCsm86027

Cisco IOS

B2B failover,ace_tunnel_compare:Invalid address_type, router crashed

CSCsm94421

Cisco IOS

Configuring STP cost in an etherchannel to the defaulthas no effect

CSCsm99170

Cisco IOS

Memory Leak seen in fw_lcp process

CSCsm99690

Cisco IOS

Netflow: Crash with aggregation caches and export to MPLS VPN

CSCso00793

Cisco IOS

ITP-76: Flexwan Memory version "VI4DP647228EBK-MD" causes reload

CSCso05127

Cisco IOS

WS-X6708-10GE crashes following upgrade to 12.2(33)SXH1 and 12.2(33)SXH2

CSCso08224

Cisco IOS

WS-X6148-45AF port link takes 8 or more seconds to come up

CSCso13950

Cisco IOS

implementation of cmasModuleActionNotif in CSICO-MODULE-AUTO-SHUTDOWN-M

CSCso16973

Cisco IOS

VC in PE2 stays UP even after disabling ip cef globally

CSCso17569

Cisco IOS

VPN-SPA: WAN interface mtu incorrectly programmed on the SPA

CSCso19924

Cisco IOS

VPN SPA Module: Performance degradation on none-fragmented packets

CSCso20519

Cisco IOS

Cheronia: Fix SMB drive strength programming.

CSCso20978

Cisco IOS

EEM cron timer events save internal timer names to the config

CSCso22754

Cisco IOS

MAB/802.1X interop busted

CSCso31506

Cisco IOS

IPv6 AH Extension Headers Punted to Software on PFC-3B & 3C

CSCso37640

Cisco IOS

DHCP snooping ACL's are not getting programmed after switchover.

CSCso38151

Cisco IOS

Error/Traceback after power fail. %SPA-3-SW_ERROR: spa_get_card_info:

CSCso39444

Cisco IOS

The new Active supervisor will crash after SSO @ fib_path_list_lock_memo

CSCso39518

Cisco IOS

fh_policy_dir.proc process crash when activate 0E patch

CSCso43539

Cisco IOS

power converter failure reported before power was on

CSCso44072

Cisco IOS

High CPU due to multicast traffic getting punted to software

CSCso46210

Cisco IOS

VS: NAM on Standby switch not able to configure SPAN session

CSCso50175

Cisco IOS

% ENT_API-4-NOPORT: Traceback seen after switchover

CSCso51417

Cisco IOS

Enabling Gigabit ports on RSP720 cause send/receive of BFD packets fail

CSCso52097

Cisco IOS

IPV6 :Missing second Netflow shortcut after route change

CSCso53741

Cisco IOS

VPNSPA does not handle duplicate IPSec SA correctly in nested tunnel

CSCso54131

Cisco IOS

After SSO BPDU are being dropped

CSCso55072

Cisco IOS

Crash occurs during execution of TCL code in ESM handler

CSCso56644

Cisco IOS

EEM2.3::%SYS-3-CPUHOG: EEM ED Interface

CSCso59288

Cisco IOS

On enabling oob, aging is changed to 3 times is not shown in cli output

CSCso62526

Cisco IOS

c7600 RSP720: stdby RSP relods upon no flow-sampler interface commad

CSCso65821

Cisco IOS

wrr-queue map configuration propagates to all ports on a 6408

CSCso68840

Cisco IOS

eou inactivity timer over rides reauth timer from ACS

CSCso71355

Cisco IOS

PVLAN - 6500 - Multicast flood broken from pvlan port to promiscuous

CSCso75657

Cisco IOS

Unable to configure cwan int in SSO - standby doesn't support cmd

CSCso82039

Cisco IOS

C2W2: Active console is getting locked for 2.5 mins during sso.

CSCso84567

Cisco IOS

6500 with WCCP and CoPP punts non-TCP packets into CoPP policy.

CSCso85859

Cisco IOS

RP crashs when using 'show memory detailed'

CSCso87348

Cisco IOS

Corruption in subflow code

CSCso87838

Cisco IOS

HSRP: with aggressive timers HSRP peer flaps when "wr mem"

CSCso89823

Cisco IOS

Pos interface "rxload" and "input bytes" counters incorrectly increment

CSCsq00884

Cisco IOS

"mls qos trust" cmd lost under port-channel interface when upgrading IOS

CSCsq03475

Cisco IOS

W2: Memory corruption caused by env object after being freed.

CSCsq04355

Cisco IOS

Fix in CSCso81632 is not complete

CSCsq04673

Cisco IOS

SIGSEGV in ios-base and syslog_pubinfo_enqueue

CSCsq09228

Cisco IOS

CHSTM1 SPA: Linkup/down traps not generated and snmp set not working

CSCsq19146

Cisco IOS

FPD creation for new pegasus rx (1.6) FPA image for Sip-1 CR

CSCsq20970

Cisco IOS

ATM option missing, while configuring T1 controller for mode atm

CSCsq33790

Cisco IOS

Switch crashes when authenticating a user with Filter-Id attribute

CSCsq34245

Cisco IOS

IPC Open Port Errors observed with SIP-400

CSCsq39079

Cisco IOS

SPA-IPSEC-2G Crash under load due to IKE session establishment

CSCsq46327

Cisco IOS

Ca6k SXH : 2 crypto maps in same redundant standby grp: RRI not deleted

CSCsq47140

Cisco IOS

67xx module may not come online

CSCsq47305

Cisco IOS

High CPU on SP when both VSL PO are source interface

CSCsq51286

Cisco IOS

Memory Leak Occuring in QM Process on RP when a port is shut/no shut

CSCsq53822

Cisco IOS

Monitor session removal may affect traffic through WS-X6148A-RJ-45

CSCsq60553

Cisco IOS

Create cwslc-rommon3.bin for cwpa2 to accomodate release Rommon (1.8)

CSCsq62351

Cisco IOS

C2W2:SUPW: GOLD EEM cannot crash switch immdediately as recovery action

CSCsq63019

Cisco IOS

Router Crash when "Clear Crypto Sessions" is issued on EzVPN server

CSCsq63681

Cisco IOS

c7600 Router crashing due to freed pointer in cfib invoked by Netflow

CSCsq74300

Cisco IOS

Set interface change for CSCsk63775 needs to be backed out

CSCsq75704

Cisco IOS

FW2 FE PA Interface stays up/down with no conn and goes up/up after sso

CSCsq76749

Cisco IOS

System Crash when inserting 10G Cards

CSCsq77464

Cisco IOS

mls rate-limit unicast cef receive value re-written upon TCAM exception

CSCsq87431

Cisco IOS

tracebacks seen on issuing sh mls qos ip command

CSCsq87833

Cisco IOS

platform ipv6 acl ahp command rejected during bootup

CSCsq90487

Cisco IOS

ME6524 running modular IOS images require 512 MB DRAM in SP in SXH3

CSCsq94150

Cisco IOS

VSS system crash on show command during the initial conversion

CSCsr12976

Cisco IOS

High CPU in ION ios-base process

CSCsr28305

Cisco IOS

Packet drops on L2 portchannel on WS-X6708-10G

CSCek58956

Infrastructure

Need process_ok_to_reschedule check in process_may_suspend

CSCsa97971

Infrastructure

IOS SLB TCP probe state toggles

CSCsb06920

Infrastructure

SYS-3-MGDTIMER: Running timer -Process= SAA Event Processor

CSCsd37499

Infrastructure

%IFS-3-FSMAX: Failed to add ?, maximum filesystems 64 msg with Traceback

CSCsh96179

Infrastructure

IPSLA pathEcho probe doesn't complete for all hops

CSCsj52693

Infrastructure

ospf neighbor flap with fast hellos and 16 neighbors

CSCsk70446

Infrastructure

NRT: tracebacks @ data_inconsistency_error - 7200 for HTTP config.

CSCsk99687

Infrastructure

crash seen during ISSU runversion in ipc_open_port

CSCsl60092

Infrastructure

Active SP crashed @ipc_fragment_cleanup with VSL shut/no shut test

CSCsm49218

Infrastructure

Missing traceback for jump to zero exceptions

CSCsm77199

Infrastructure

DATACORRUPTION-1-DATAINCONSISTENCY HTTP_FIND_FLASH_FILE

CSCsm89735

Infrastructure

Router crashes on giving show idb after sessions are down in PPPOE-ipv6

CSCso02960

Infrastructure

%RTT-4-DuplicateEvent causes trackbacks after upgrading to 12.2(33)SXH

CSCec51750

IPServices

Router reloads do to bus error. and illegal access to low address

CSCeh69721

IPServices

%SCHED-3-CORRUPT:Schedulerevent magic corrupted by TFTP Server

CSCsb85982

IPServices

Router reloads@ add_or_create_more_soc_buckets

CSCsi42225

IPServices

We need improvement for ip igmp limit command

CSCsk83505

IPServices

%L3_MGR-3-REQ_SEND:error packet allocation after Remote HL HW reset

CSCsk96976

IPServices

DHCP Option 66 adds more quotation marks around URL after reload.

CSCsl51945

IPServices

HSRPv6: Config Sync and stanby resets with standby 1 ipv6 <>

CSCsm59037

IPServices

no service dhcp command causes switch to reload

CSCsm70580

IPServices

c2w2:ciscoFtpClientMIB: ftp_fs.proc extra processes can deadlock & crash

CSCsm92206

IPServices

Router crashes when set the range of interfaces to default configs

CSCso68344

IPServices

Switch acting as DHCP server crashes on issuing no service dhcp command.

CSCso91230

IPServices

%LINK-2-INTVULN: errors with MLPPP and HWIC-4ESW

CSCsq14698

IPServices

crash when using nat with multicast traffic

CSCsq48201

IPServices

c7300:Bridge IRB-Router crash and traffic flow issue

CSCsq67478

IPServices

SSH session hangs

CSCsl54243

LAN

7600 SIP-400 crash after removing sub-ints; lc_deencap_dot1q_vlan

CSCeh97382

Management

Device reset when polling IKE/IPSEC MIB

CSCsk38681

Management

VS2: remote registry call messages ~ cdp2.iosproc:1

CSCsq79132

Management

Excessive remote registry invocation on 'proto_on_swidb' registry

CSCsj50412

MPLS

Improper handling of remote binding wrt route info

CSCsk42307

MPLS

MPLS-TE CBTS: Sending out OSPF hellos over master tunnel.

CSCso53377

MPLS

All TE Lsps does not recover after SSO switchover

CSCek75931

Multicast

LNS: %SYS-3-CPUHOG When sessions have multicast

CSCsk26429

Multicast

Router configured for IGMP Proxy may not send IGMP Join

CSCsl10316

Multicast

ipv6 pim join-prune-interval 10 sets the interval to 20 seconds.

CSCsl20158

Multicast

SNMP:msdpPeer counters should be able to compare with CLI counters.

CSCsl92316

Multicast

LNS: %SYS-3-CPUHOG when clear l2tp tunnel, sessions have multicast

CSCsm17426

Multicast

RP-bit not cleared on s,g; traffic outage for 4 minutes

CSCsm44620

Multicast

Shutdown interface present in PIM interface list

CSCsm48322

Multicast

IPv6 Multicast RP ignores embedded RP register messages

CSCsm53766

Multicast

Reload due to Address Error with multicast configuration

CSCsq09962

Multicast

7600 : crash at "pim_proxy_empty_rd"

CSCsq14151

Multicast

RPF of (S,G) is set to NULL, When (S, G, R) entry is convered to (S, G)

CSCse40966

PPP

MLP links down after SSO switchover if aaa new-model cfged

CSCek63203

QoS

CEOP:VH:Ctrl+C while display show policy int cause console freeze

CSCsm29181

QoS

Crash when NBAR applied to sub-interface

CSCsm49062

QoS

cwan2: show queueing interface reports double count for wfq drops

CSCek36995

Routing

0.0.0.0 default route increasing on rip DB with object tracking

CSCse65277

Routing

MU:default isis metric maximum returns parser error

CSCsf06946

Routing

Removing loopback interface causes continuous standby RP reloading

CSCsi87894

Routing

RIP advertise default route after 'no default-information originate'

CSCsi98730

Routing

CEF/BGP table MPLS label mismatch in IOS 12.4(6)T5

CSCsj21785

Routing

TE tunnel does not reoptimize after mtu change

CSCsj56281

Routing

BGP inherit peer-policy not working after router reload

CSCsk37659

Routing

Vrf route table does not get updated once pppox sessions are up.

CSCsl04835

Routing

BGP conditional route injection not removing routes from iBGP peers

CSCsl06336

Routing

removing 'maximum-paths import 6' causes duplicate paths in VRF table

CSCsl20856

Routing

standby HSRP flaps with ospf mib polling/aggressive timers/nostandby sso

CSCsl30331

Routing

Prefixes permitted despite the deny action on route-map continue

CSCsl72774

Routing

Memory leak in CEF consistency checker

CSCsl84712

Routing

Error- %OSPF-4-FLOOD_WAR: Process 123 re-originates LSA ID 10.55.122.148

CSCsl92283

Routing

Unable to add into routing table if static route use interface + gateway

CSCsm04442

Routing

Router crash at rip_find_sum_idb

CSCsm39159

Routing

ARP HA cpu hog on stby while bringing up stby with large arp tables

CSCsm43938

Routing

stby resets when large config/arp table to sync over to it

CSCsm45634

Routing

BGP VPNv4 route is not actived immediately after receving update

CSCsm47111

Routing

FIB: Accessing freed memory while dequeuing

CSCsm91801

Routing

ASBR not updating metric in LSA-5 redistributing from 2-nd OSPF process

CSCsm96785

Routing

"nsf cisco" under router ospf config does not work, but "nsf ietf" works

CSCso00383

Routing

MVPN: New style PE doesn't send RD Type 2 MDT update

CSCso27510

Routing

Removing SVI with IPv6 address with 'no int vlan' crashes the router

CSCso30199

Routing

ISIS topology broken after a force-switchover when ispf is enabled

CSCso62166

Routing

Crash @ bgp_netlist_validate when ibgp established with metric

CSCso63693

Routing

ISIS: Maximum circuit limit (255) has reached with passive-interface def

CSCso64274

Routing

0.0.0.0/0 redistributed entry not removed RIP DB after deleting command

CSCso73076

Routing

can not delete ACE enties in ACL

CSCso89675

Routing

Device crash @ ip2access_add_pbacl_item with largre PBACL configuration

CSCsq62703

Routing

Router crashed with TLB (load or instruction fetch) exception

CSCsq75944

Routing

crashes in ipflow_ager, ipflow_sub functions, ipflow_periodic

CSCeh48777

Security

tunnel interface fluctuates between UP/DOWN state during ipsec rekey

CSCir01449

Security

Sync damage of CSCin74155 fix

CSCsb58633

Security

SCP server gives files with invalid checksum on some router platforms

CSCsb80803

Security

SSH Process: SCHED-3-UNEXPECTEDEVENT error message

CSCse12154

Security

Bus error crash after executing secure copy (scp)

CSCsk75078

Security

rcv client_input_channel_req: channel 0: unknown channel

CSCsl61311

Security

New SSH sessions with RSA key sometimes fails after changing hostname

CSCsm57122

Security

Scp and ssh failing with certain ssh clients

CSCsl90285

WAN

POS-APS: CWPA-3-NODISPATCH messages seen when configuring APS

Caveats Resolved in Release 12.2(33)SXH2a

 

Identifier
Technology
Description

CSCsl45701

AAA

TACACS+ per VRF authen failing: Address already in use

CSCso87641

AAA

Tacacs unable to connect to server

CSCsh61002

Cisco IOS

SPA-5X1GE: GE-port not transmitting after 'shut/no shut' and vica versa

CSCsm69827

Cisco IOS

%SYS-2-MALLOCFAIL:Process= "GraphIt" in SXH1_fc3

CSCso05127

Cisco IOS

WS-X6708-10GE crashes following upgrade to 12.2(33)SXH1 and 12.2(33)SXH2

CSCso53516

Cisco IOS

VSS: Incorrect fpoe programming causing unicast traffic blackhole

Caveats Resolved in Release 12.2(33)SXH2

Resolved Security Caveats

A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Cisco has released free software updates that address this vulnerability. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.

This advisory is posted at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080924-ssl.

Resolved Unknown Caveats

Symptoms: A device that is running Cisco IOS software may crash during processing of an Internet Key Exchange (IKE) message.

Conditions: The device must have a valid and complete configuration for IPsec. IPsec VPN features in Cisco IOS software that use IKE include Site-to- Site VPN tunnels, EzVPN (server and remote), DMVPN, IPsec over GRE, and GET VPN.

Workaround: Customers that do not require IPsec functionality on their devices can use the no crypto isakmp enable command in global configuration mode to disable the processing of IKE messages and eliminate device exposure.

If IPsec is configured, this bug may be mitigated by applying access control lists that limit the hosts or IP networks that are allowed to establish IPsec sessions with affected devices. This assumes that IPsec peers are known. This workaround may not be feasible for remote access VPN gateways where the source IP addresses of VPN clients are not known in advance. ISAKMP uses port UDP/500 and can also use UDP/848 (the GDOI port) when GDOI is in use.

Further Problem Description: This bug is triggered deep into the IKE negotiation, and an exchange of messages between IKE peers is necessary.

If IPsec is not configured, it is not possible to reach the point in the IKE negotiation where the bug exists.

Other Resolved Caveats in Release 12.2(33)SXH2

 

Identifier
Technology
Description

CSCee66606

AAA

per-group deadtime is nvgend as 60x user input

CSCee89849

AAA

Router reloaded at vtemplate_build_command_strings

CSCsc98046

AAA

TACACS Accounting isn't sending stop time in the stop packet.

CSCsd48175

AAA

AAA/TACACS not failing over to second server

CSCsg14301

AAA

AAA/TACACS spurious memory accesses in tplus_handle_req_timeout

CSCsj88665

Access

Bus error with PA-MC-2T3+ when deleting channel-group

CSCsl41784

Access

ION: ARP Input memory leak with "mobile ip arp"

CSCsd84347

ATM

PVC stops sending OAM loopback if AIS/RDI received

CSCsj84931

ATM

CEOP: after OIR with atm local switching and ima, router crashes

CSCeb69473

Cisco IOS

connect '/terminal-type' command memory corruption

CSCeh08262

Cisco IOS

Show tech SP output should honor redirect applied

CSCek53174

Cisco IOS

dhcp snooping cannot scale beyond 225 bindings

CSCek66116

Cisco IOS

B2B: IKEA trans 0x17; opcode 0x53; param 0x41 msg displayed forever

CSCek71816

Cisco IOS

CE-CE ping fail after restore ASBR-PE vrf

CSCek78874

Cisco IOS

KMI:Out of order deletes cause sync issues

CSCsb87956

Cisco IOS

loop in the state IKE_CONFIG_MODE

CSCsh17328

Cisco IOS

WS-SVC-WISM-1-K9 reports 0.0 in entPhysicalVendorType

CSCsh84657

Cisco IOS

STP Loopguard: Ability to disable loopguard for Po270 and higher for FWM

CSCsh97395

Cisco IOS

IDSM: Monitor config was removed after RPR switchover

CSCsi52382

Cisco IOS

radius attribute 5 nas-port not sent in access-request for RA VPN users

CSCsi97434

Cisco IOS

A router may crash when ipsec is established

CSCsj48453

Cisco IOS

AW: CAT6k does not forward multicast traffic to WISM in L3 mode

CSCsj68951

Cisco IOS

Diag Minor Error: TestVslStatus by shut down one side Sup4 uplink

CSCsj87584

Cisco IOS

call-home inventory full needs show ipdrom switch all for VSS

CSCsj91961

Cisco IOS

Ifnums of channels for E3 dont match on active and stdby

CSCsk16240

Cisco IOS

C2W1: active not responding msgs seen om reload with 41patches

CSCsk21354

Cisco IOS

PAT : Missing second Netflow shortcut after route change.

CSCsk27081

Cisco IOS

ifHCInOctets and ifHCOutOctets on GE-WAN interfaces wrap up at 2^32

CSCsk32872

Cisco IOS

Wrong API usage, can lead to crash.

CSCsk33740

Cisco IOS

replay window size of 1024 causes IPSec Policy Check and Replay Failure

CSCsk41134

Cisco IOS

ISAKMP SA neg not successful for in tunnel mode w/ RSA-SIG

CSCsk44233

Cisco IOS

While raising the interrupt level, bgp_route_map_inform tries to suspend

CSCsk58040

Cisco IOS

WS-X6148A-GE-45AF retains previous modules MACs after OIR

CSCsk80552

Cisco IOS

Shut and no shut of interface causes the delay in forming rp mapping

CSCsk82370

Cisco IOS

RP crash and tracebacks in crypto related process

CSCsk83089

Cisco IOS

Increase maximum aggregate policer > 10Gbps

CSCsk84925

Cisco IOS

ipv4:SSM mroute not created due to ip mr-cache on IIF, traffic hits MSFC

CSCsk97144

Cisco IOS

wait for remote process DiagCard7/-1creation times out with 1018 ION

CSCsl06577

Cisco IOS

Linking bootflash to bootdisk failed after pcmcia_driver.proc restart

CSCsl12827

Cisco IOS

Handling Transit IpSec in VRF mode

CSCsl18765

Cisco IOS

6500-7600 : SPAN of EoMPLS port causes packet reflection or loop

CSCsl19708

Cisco IOS

Naxos : Disable Telesto Internal TERMINATION For Reference Clock, PB RAM

CSCsl27236

Cisco IOS

%SYS-3-CPUHOG: Task is running for (126000)msecs, causes RP crash.

CSCsl32344

Cisco IOS

Group of 4 ports on 6708 stops passing traffic

CSCsl34515

Cisco IOS

VS2:after SSO with preemption, port security is broken

CSCsl43540

Cisco IOS

VS2:snmp mac notification for port channel on DFC linecard doesn't work

CSCsl51380

Cisco IOS

Sup720 and Sup32 TCAM & SSRAM Consistency Checkers refinement

CSCsl51395

Cisco IOS

slot_earl_icc_shim_addr:device crash with hw-module reset

CSCsl52092

Cisco IOS

DHCP db agent considers port-channel interface (poX) as invalid

CSCsl53037

Cisco IOS

Mail action does not separate headers from body

CSCsl53845

Cisco IOS

sup720/SXH: dummy packet send over inband when sw netflow is used

CSCsl58673

Cisco IOS

EEM Prevents VTY telnet to MCP router

CSCsl58924

Cisco IOS

Standby SP crashed due to TestAclDeny failure on bootup/switchover

CSCsl59553

Cisco IOS

SIP-400: bursty traffic causes packet drop even in low rates

CSCsl63311

Cisco IOS

6500 May Experience High CPU due to NAT traffic

CSCsl70016

Cisco IOS

WS-X6516A-GBIC card in switch 2 goes down frequently in vsl

CSCsl70404

Cisco IOS

Memory leak on SUP - CMFI Process

CSCsl71339

Cisco IOS

Prevent ssa interrupts from corrupting sfp i2c accesses

CSCsl72752

Cisco IOS

VS2: after preempted switchover, interface states are out of sync

CSCsl74456

Cisco IOS

VPN-SPA : TCAM not programmed on POS sub-interface after a reload

CSCsl74976

Cisco IOS

Punted MPLS-tagged traffic causes control plane instabilities

CSCsl75136

Cisco IOS

Cat6k with Sup32 failed to boot up after power cycle.

CSCsl75719

Cisco IOS

sxf13 show int tunnel with blank display

CSCsl75836

Cisco IOS

VS2: MCAST LTL T/B's observed, when removing VLAN / SVI used for mcast

CSCsl76647

Cisco IOS

VPN SPA Cannot clear SA using conn-id with CLI

CSCsl79219

Cisco IOS

mvpn : bidir shadow entries not installed

CSCsl83211

Cisco IOS

Sup32 running ION image fails to bootup after a power-cycle.

CSCsl84317

Cisco IOS

Active crashes on applying acl to EoMPLS subif on SIP-600

CSCsl89069

Cisco IOS

Zamboni crashed at illegal event/state combinationin CfgMonInd, clear sa

CSCsl89176

Cisco IOS

Cat6k may crash when vlanTrunkPortEntry is polled via snmp

CSCsl89425

Cisco IOS

BFD sessions dont scale

CSCsl91085

Cisco IOS

system/iprouting.iosproc crash after activate 39 dummy/restart patches

CSCsl92286

Cisco IOS

60 second multicast traffic loss as VSS standby chassis initializes

CSCsl94301

Cisco IOS

VS2: Mac learning in linecard gets disabled by pre-emption switchover.

CSCsl97653

Cisco IOS

bcm2_5421_isr bcm2_num: 1 messages seen in the log

CSCsm01399

Cisco IOS

Bus idle recovery may cause 10GE interface to remain down

CSCsm04824

Cisco IOS

OER Top Talker Functionality broken on s3223

CSCsm05486

Cisco IOS

mtu mis probram in adj thru tunnel interface after b2b failover

CSCsm08419

Cisco IOS

debounce timer issue on sup32 10GE uplink and 6708

CSCsm11717

Cisco IOS

VS2:On reloading standby chassis T/Bs on SP console for 1 minute

CSCsm13389

Cisco IOS

RRI is not called be if QM rekey timer expiry forces SA deletion

CSCsm15350

Cisco IOS

vpnspa crashed at assert failure in l2-mcpu.c on line

CSCsm20994

Cisco IOS

kron job daily reoccurences fail after new year

CSCsm21126

Cisco IOS

C7600-SSC-400: Resync fabric interface on fabric error

CSCsm22935

Cisco IOS

Problem in c6k_power_get_ilpower_daughterboard_used_pwr

CSCsm24904

Cisco IOS

Bridge-mib timing out dot1dBasePortIfIndex

CSCsm26415

Cisco IOS

Traceback seen when show platform cfm issued for fwd_vlan 0

CSCsm27017

Cisco IOS

VS2: power configuration is not synced to standby

CSCsm30858

Cisco IOS

PIM register packets upmarked to TOS 6 by PTcam redirection

CSCsm32493

Cisco IOS

Backout of CSCsh94882

CSCsm33528

Cisco IOS

Rekey packet loss for pure ipsec

CSCsm34871

Cisco IOS

Need to support enhanced PoE feature

CSCsm35364

Cisco IOS

SPA-IPSEC-2G get reload automatically by RP

CSCsm44309

Cisco IOS

L2 Po - new member was not included in mapped ucast flood &mcast indices

CSCsm44413

Cisco IOS

RP not added into LTL index when bridge-group is configured

CSCsm46682

Cisco IOS

HL: VACL capture functionality not working with the latest sierra

CSCsm48564

Cisco IOS

Need to exclude RxErrors from being monitored by LinkErrorMonitoring HM

CSCsm49103

Cisco IOS

I/O Memory Leak when running show mls cef command

CSCsm49440

Cisco IOS

RRI: Need to support remote-peer option when source proxy == peer

CSCsm51299

Cisco IOS

Code divergence caused a need for a second fix for CSCsl27236.

CSCsm56293

Cisco IOS

Sup4:DFC only mode, create bus stall condition-the switch still crash

CSCsm59488

Cisco IOS

Fix backwards compatibility for multicast egress netflow cli

CSCsm70349

Cisco IOS

BPDU traffic over Eompls is not switched on 3C system

CSCsm81399

Cisco IOS

No Such Instance error from many SNMP objs for 1xOC48 POS/RPR SPA

CSCsm82169

Cisco IOS

VSS: heathland interfaces are err-disabled on standby chassis

CSCsm82382

Cisco IOS

7600 standby RP memory leaking cause CEF disable

CSCsm83893

Cisco IOS

W2: "sh mls cef adj mpls detai"l after SSO freeze RP causeT/B, reboot

CSCsm83948

Cisco IOS

CISCO7609 returns sysObjectId as ciscoProducts.402 (which is cisco7606)

CSCsm92183

Cisco IOS

c2w1: Heathland card is not coming up due to diag failure

CSCsm95456

Cisco IOS

Duplicate L3 packets with 6708 and DEC

CSCsm96243

Cisco IOS

Switch crashes on executing sh tcam interface acl with include option

CSCsm96610

Cisco IOS

OOB-MAC-SYNC is on, need to change internally the cam aging to 480 Sec

CSCsm97836

Cisco IOS

Memory leak VSL Manager

CSCsm98256

Cisco IOS

Berytos got power down due to TestMacNotification and TestFabricCh0Healt

CSCso02208

Cisco IOS

VS2: crash when provisioning LI stream

CSCso12903

Cisco IOS

RE MET address check missing while running MET patch on IO bus timeout

CSCso25489

Cisco IOS

CSCsg03804 - Time Based ACL Issue not fixed

CSCsl29993

Content

WCCP Should Mark Client 'NOT Usable' with Missing L2 Adjacency

CSCsl65335

Content

WCCP: reload following ACL update

CSCsm12247

Content

WCCP: hash assignment may be lost after service group change

CSCsm32473

Content

WCCP: system reload with path splitting and output redirection

CSCsm35350

Content

WCCP GRE return breaks IPsec traffic AND/OR creates phantom packet count

CSCsm53427

Content

WCCP: multicast + appliance shutdown leads to high CPU

CSCsa57468

Infrastructure

rttmon-mib does not return getnext value when queried via snmp

CSCse07265

Infrastructure

No syslog message generated for IP SLA timeout condition

CSCsj54596

Infrastructure

logging userinfo command no longer accepted

CSCsj83417

Infrastructure

BOOM: addto_mempool_pc_array() message seen with show memory command

CSCsk06492

Infrastructure

snmp-server drop vrf-traffic implementation in 12.2 SRB train

CSCsk13725

Infrastructure

GSR: rttmon-mib does not return getnext value when queried via snmp

CSCsk37278

Infrastructure

BFD clients flaps when boot string is removed from "show running".

CSCsk75310

Infrastructure

UDP Echo: control message not sent out of correct interface.

CSCsl33908

Infrastructure

show ver truncates system's running image name to 64 chars

CSCsl58963

Infrastructure

Manual OIR of pcmcia flash card crashes dosfs proc in Sup720

CSCsl70722

Infrastructure

Router crash polling rttmon mib with active IP SLA probes

CSCsg60447

IPServices

7200: BVI stops receiving CLNS/ISIS packets

CSCsi78892

IPServices

Configuring bridge-group makes CPUHOG message.

CSCsj29841

IPServices

Port forwarding breaks NAT-overload on a 6509

CSCsj93195

IPServices

RP crashes at ipv4fib_les_switch_wrapper on configuring crypto map

CSCsk06539

IPServices

bus error while unconfiguring static SSM mappings via TFTP.

CSCsk39022

IPServices

Modular IOS: ip directed-broadcast not working

CSCsk39926

IPServices

Unable to route local FTP traffic over VRF with IOS image

CSCsl10348

IPServices

Crash writing to or from ftp/tftp server in modular IOS

CSCsl23788

IPServices

Dlsw+ peer waits in AB_PENDING or WAIT_WR status with modular IOS

CSCsk94676

LegacyProtocols

dlsw with tbridge, COMMON_FIB-4-FIBIDBMISMATCH

CSCsk41552

Management

T/B %SCHED-3-THRASHING of cdp2.iosproc process_wait_for_event

CSCsj34456

MPLS

LDP change by CSCsi69278 causes inconsistent mplsLdpEntityIndex value.

CSCsk57114

MPLS

CPUHOG process = SNMP ENGINE, PWMIB, GetNext of cpwVcMplsNonTeMappin

CSCsl39233

MPLS

eBGP in VRF-lite not working in images without MPLS.

CSCsd14706

Multicast

PIMV2 router send PIMV1 RP-reachable messages loading recieve router CPU

CSCsg95192

Multicast

no ip rp-address <ACL name> causes an address error

CSCsj88725

Multicast

Wrong (S,G) RPF after route change, no upstream join

CSCsl27840

PPP

Router may Crash / Hang, Module Reset @ Shut ATM member + MLPOA

CSCsi73132

QoS

Multicast DSCP value not copied to PIM-SM RP-register packet

CSCsk63794

QoS

FlexWAN WS-X6582-2PA + T3+ Serial PA may crash/reload

CSCea90941

Routing

IOS Ignores EIGRP Stub Command In Startup-Config at Initial Power On

CSCeg25475

Routing

Distribute-list configured in ipv4 acts in vpnv4 address-family

CSCse53019

Routing

redistribution not triggered when BGP as-path/community changes

CSCsg80259

Routing

BGP Routes do not re-populate follwing reload of Secodary Route Reflect

CSCsh12493

Routing

BGP overlapping VRF route not installed in RIB after add/del of VRF

CSCsh92749

Routing

ISIS: ADJ del triggers both LSP and SPF

CSCsi51431

Routing

JQL:SIERRA:SP HighCPU/LCboot up fail with largeACL cfg after sw reload

CSCsk34344

Routing

Wrong share-count 1:10 via confed-external BGP peers using dmzlink-bw

CSCsl07297

Routing

SXF11: BGP "no neighbor" command caused Address Error exception.

CSCsl47915

Routing

Redistribution of ospf in rip with prefix-list not working properly

CSCsl57457

Routing

ISIS NSF switchover failure - similar to CSCsl28278

CSCsl83415

Routing

Rtr crash in show cmd: new updgrp add enlarges Nbr bitfield size for Tbl

CSCsl94410

Routing

Back out the CSCsj17879 for all non ERF branch

CSCsm23764

Routing

CEF RF progression error if RRP reloads mid CEF sync

CSCsm27979

Routing

router may crash for "address error exception" doing sh ip route vrf

CSCsm64516

Routing

OSPF MD5 Key Does Not Accept Whitespace Character

CSCso22098

Routing

OSPF down on RPR+ switchover on core router

CSCin91851

Security

Support keyboard-interactive authentication method

CSCsj45031

Security

Cat6k unable to SCP files from Tectia ssh server

CSCsl98498

Security

Tunnel int is going down with mode ipip decapsulate-any

CSCsj68446

WAN

NTP will not sync - NTP packets received but ignored by NTP process.

Caveats Resolved in Release 12.2(33)SXH1

Resolved AAA Caveats

Symptoms: Router reloads after authentication attempt fails on console.

Conditions: Occurs while performing AAA accounting. The accounting structure was freed twice, which results in crash. Occurs when the aaa accounting send stop-record authentication failure command is configured, which sends a stop record for authentication failure.

Workaround: Remove the aaa accounting send stop-record authentication failure command.

Resolved Infrastructure Caveats

This is the Cisco Product Security Incident Response Team (PSIRT) response to a vulnerability that was reported on the Cisco NSP mailing list on August 17, 2007 regarding the crash and reload of devices running Cisco IOS after executing a command that uses, either directly or indirectly, a regular expression. The original post is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html

The Cisco PSIRT posted a preliminary response on the same day and is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043010.html

Preliminary research pointed to a previously known issue that was documented as Cisco bug ID CSCsb08386 (registered customers only), and entitled “PRP crash by show ip bgp regexp”, which was already resolved. Further research indicates that the current issue is a different but related vulnerability.

There are no workarounds available for this vulnerability. Cisco will update this document in the event of any changes.

The full text of this response is available at

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070912-regexp

This is the Cisco Product Security Incident Response Team (PSIRT) response to a vulnerability that was reported on the Cisco NSP mailing list on August 17, 2007 regarding the crash and reload of devices running Cisco IOS after executing a command that uses, either directly or indirectly, a regular expression. The original post is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html

The Cisco PSIRT posted a preliminary response on the same day and is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043010.html

Preliminary research pointed to a previously known issue that was documented as Cisco bug ID CSCsb08386 (registered customers only), and entitled “PRP crash by show ip bgp regexp”, which was already resolved. Further research indicates that the current issue is a different but related vulnerability.

There are no workarounds available for this vulnerability. Cisco will update this document in the event of any changes.

The full text of this response is available at

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070912-regexp

Symptoms: Syslog displays password when copying the configuration via FTP.

Conditions: This symptom occurs when copying via FTP. The Syslog message displays the password given by the user as part of syntax of FTP copy.

Workaround: There is no workaround.

Resolved Routing Caveats

Symptoms: A few seconds after OSPF adjacencies come up, a router crashes because of a bus error.

Conditions: This symptom is observed on a Cisco router that functions as an ISR that is configured for OSPF.

Workaround: Add area 0 in the OSPF VRF processes.

Alternate Workaround: Enter the no capability transit command in the OSPF VRF processes.

Resolved Unknown Caveats

Symptom: Bus error crash (signal 10) seen after the following error message:

%MCAST-SP-6-GC_LIMIT_EXCEEDED: MLD snooping was trying to allocate more Layer 2 entries than what allowed (7744)
 

Conditions: This has been observed on a Catalyst6500 running IOS version 12.2(18)SXF1.

Workaround: A workaround exist to disable ipv6 mld snooping via the command no ipv6 mld snooping.

There is no negative impact of implementing the workaround as long as there is no IPV6 multicast traffic in the network.

Other Resolved Caveats in Release 12.2(33)SXH1

 

Identifier
Technology
Description

CSCek58496

AAA

Mem alloc at aaa_test_setup_auth_req/aaa_test_setup_acct_req leaked

CSCsh59019

AAA

Avoiding AAA client hangs, if a protocol subsystem is not present.

CSCsi99473

AAA

TACACS authorization fails with 'request for nonexistent server' msg.

CSCsj34688

AAA

AAA: adding static route cfg does not trigger acct msg to tacacs server

CSCsj89305

AAA

RADIUS/NAS-IP address is sent out as 0.0.0.0

CSCsj97165

AAA

%AAA-3-BADMETHODERROR: Router crash @ aaa_get_new_acct_reg_type.

CSCsl33966

AAA

C6509 : attribute 32 nas-Id not sent for Auth (missed by CSCsf30451).

CSCsm06740

AAA

Memory Leak in AAA accounting and Virtual Exec

CSCef67942

Access

AS leaking memory under IP input - regcomp

CSCsi00099

Access

Spurious Memory Access Error @ ct3sw_check_freedm_fifo

CSCsj37071

Access

PA-MC-E3 will not recover after workload stress

CSCek61180

ATM

crash @ write_to_url, doprintc_core, atm_remove_vc

CSCin90065

ATM

ATM pvc trap may not always be generated or generated continously

CSCsb67229

ATM

Ip add config on p2p interface tries to reflect it on all p2p int.

CSCse13374

ATM

IMA ports on 7600 always initialized to default clocking on bootup.

CSCse98383

ATM

Bandwidth not changed on IMA group when one member link is made down.

CSCsj57084

ATM

Voice packets in LLQ experience latency

CSCdu70318

Cisco IOS

Feature Request: VRF-lite PBR

CSCdz55178

Cisco IOS

QoS profile name of more then 32 chars will crash the router.

CSCek34097

Cisco IOS

with about 100 subints configd rtr crashes at ipv6 multicast-rout

CSCek36017

Cisco IOS

Need show mac abbreviated equivalent command in IOS

CSCek52381

Cisco IOS

Killing tcp.proc leads to no thread information in LC

CSCek75082

Cisco IOS

Router crashes while unconfiguring channel-group

CSCek76062

Cisco IOS

Router crashed @ validmem_complete_interrupt.

CSCek78066

Cisco IOS

Whitney:CLI & MIB mismatch for aux-1 temperature Sensor SUP32

CSCek78633

Cisco IOS

SSO:ESM20:TB at %MFI-3-REDISTMGR: Redistribution Manager

CSCek79138

Cisco IOS

VLAN policy not applied to bridged pkts if SVI shutdown.

CSCin99430

Cisco IOS

snmp-server sparse is not working correctly for IF-MIB

CSCsa79984

Cisco IOS

CTRLC_ENBL should be cleared when line is reset

CSCsb29131

Cisco IOS

show crypto ipsec sa identity detail causes system to reload

CSCsc24830

Cisco IOS

Far end router reload causing traceback at dmlp_update_hw_stats

CSCsc98471

Cisco IOS

show diagnostic sanity fails to check software modularity boot string.

CSCsd88768

Cisco IOS

%SYS-2-BADSHARE: Bad refcount in datagram_done fix for PA-MCX-8TE1

CSCse45684

Cisco IOS

multicast (hsrp/ospf) coming from service modules is blackholed by vacl.

CSCse67736

Cisco IOS

Add support for XFP-ZR optics

CSCsf01190

Cisco IOS

Netflow export destination command dissapears from running config.

CSCsf97859

Cisco IOS

invalid shows in show hw-module subslot with SPA-OC192POS-LR

CSCsg09423

Cisco IOS

IPSEC SAs dont recover after rekey with 3000 IKE SAs and PKI (RSA-Sig).

CSCsg15159

Cisco IOS

Traffic to Null0 accounted with Null as dest IF

CSCsg16417

Cisco IOS

show ip slb connections firewall cmd accepts not configured FW farm name

CSCsg19793

Cisco IOS

Psecure absolute aging on DFC causes MAC inconsistency w/ Central EARL

CSCsg21809

Cisco IOS

Add bridge asic status collection support.

CSCsg23226

Cisco IOS

service counters max age does not function correctly for value 6-9 sec

CSCsg29305

Cisco IOS

hw-module subslot reload crashes the router.

CSCsg36532

Cisco IOS

DMVPN Phase 2: Black hole traffic when spoke-spoke tunnel fails

CSCsg99914

Cisco IOS

sip-200 power-cycles after BGP flap (not responding to keepalive)

CSCsh17579

Cisco IOS

Transceiver TX Power displays erroneous TX level

CSCsh24450

Cisco IOS

Memory leak from IF-MGR DB elem chunk @ im_if_db_init

CSCsh24460

Cisco IOS

ipv6 ISIS ping through doesnt return 100% success rate

CSCsh31782

Cisco IOS

Bus error crash - show crypto isakmp sa

CSCsh34467

Cisco IOS

Standby constanly reset due to RF request with large configuration.

CSCsh49239

Cisco IOS

After redundancy failover Mcast packets drop for 60-90sec on SUP uplink

CSCsh64639

Cisco IOS

VS2: [dead threads] process takes a large chunk of CPU util

CSCsh69341

Cisco IOS

SLB: Incorrect feature execution in ssv

CSCsh80130

Cisco IOS

Add warning/comments to interfaces when Auto Lag is used for interface

CSCsh82046

Cisco IOS

SIERRA: sup4 standby crashes at sstrncpy during bootup.

CSCsh85531

Cisco IOS

E1 channels down after PE reload

CSCsh88532

Cisco IOS

Auto-LAG EtherChannel not configurable; doesn't trust QoS..

CSCsh91974

Cisco IOS

PIM CLI causes RP crash when issued under control-plane subconfig prompt

CSCsh97848

Cisco IOS

Sierra: LACP pdus should be untagged.

CSCsh99583

Cisco IOS

VTP's Local updater ID uses EOBC though up state SVIs exist

CSCsi00136

Cisco IOS

IKE does not process more than 2 NAT-D payload

CSCsi05265

Cisco IOS

SYS-2-GETBUF: Bad getbuffer -Process= LSDp Input Proc

CSCsi06759

Cisco IOS

SIP 200: SNMP-3-DVR_DUP_REGN_ERR

CSCsi09942

Cisco IOS

VTP3: Print warning message when the vlan name exceeds 20 characters

CSCsi11874

Cisco IOS

Sup720 DFC forwarding some packets to MSFC instead of hw switching

CSCsi12416

Cisco IOS

Native vlan traffic disruption in etherchannel standalone (I) mode

CSCsi23021

Cisco IOS

WiSM in Slot 13 cause Duplicate IP message and loss of access

CSCsi24069

Cisco IOS

Collect additional debug info for Modular IOS kernel crashes

CSCsi39631

Cisco IOS

Show mpls l2transport vc detail using incorrect packet counters

CSCsi42270

Cisco IOS

IOS-SLB Radius Server LB may not mark a real as failed

CSCsi48280

Cisco IOS

PRE3 Mcast: Switchover not shown from default to data MDT

CSCsi49436

Cisco IOS

Netflow API needs to be extended to provide peer AS information

CSCsi50028

Cisco IOS

dot1x port moves authorize->guest, radius attributes and zombie MAC held

CSCsi65363

Cisco IOS

Not able to run to t1 loopback when using a PA-MC-T3 with flexwan

CSCsi70426

Cisco IOS

Traceback seen when router received a craft EAP id-response frame

CSCsi71940

Cisco IOS

System crashed with auto-qos negative test with traffic.

CSCsi74194

Cisco IOS

18SXF: Egress SPAN may cause high CPU

CSCsi76842

Cisco IOS

Line protocol remains down on changing from frame-relay to hdlc/ppp.

CSCsi79991

Cisco IOS

VACL capture not supported for the GE-WAN or GigabitEthernet on SIP-400

CSCsi81885

Cisco IOS

Trunk negotiation fails when Po is configured with Min_links..

CSCsi82337

Cisco IOS

Policy routing punts incoming packets to process with VRF select enabled

CSCsi87837

Cisco IOS

IF-MIB does not support gig interfaces on SPA-IPSEC-2G

CSCsi90816

Cisco IOS

show policy-map interface caused sup32 crash..

CSCsi91324

Cisco IOS

MCAST packet drop when other interface goes down on DFC

CSCsi93273

Cisco IOS

Leak in Big buffer pool on SIP card with NetFlow-export version 9

CSCsi98587

Cisco IOS

Excessive MET refs and memleak after ipv4 stress, crash follows.

CSCsi99234

Cisco IOS

RP crash at validblock with %SYS-6-BLKINFO: Corrupted redzone blk

CSCsi99875

Cisco IOS

BOOM: spa_eeprom_read_bit on BOOTUP

CSCsi99991

Cisco IOS

When CMM is rebooted, FE goes into ErrDisabled state

CSCsj00385

Cisco IOS

logging event link-status default negates existing interface config

CSCsj01961

Cisco IOS

ifindex table size from nvram sould be validated before malloc

CSCsj02971

Cisco IOS

12.2SRB - signed/unsigned error in code for 'show ip cache aggregation a

CSCsj03212

Cisco IOS

blade get into bad b2b state if it is not b2b ready

CSCsj04905

Cisco IOS

IOS-SLB: FWLB sticky config not get removed

CSCsj05519

Cisco IOS

Standby NSE crashed IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP

CSCsj08713

Cisco IOS

Disable bfd on SVI interfaces

CSCsj10375

Cisco IOS

802.1X: VLAN Changing on port causes link to go down

CSCsj10744

Cisco IOS

Input queue wedged with Inband Edit Packets on SIP-400

CSCsj11561

Cisco IOS

Inconsistent MTU for Adj. entries used by MLS Netflow and MLS CEF

CSCsj11771

Cisco IOS

VS2: transceiver_rp_oir_online takes ~6s during reg_invoke_oir_online

CSCsj13444

Cisco IOS

rsp720-10ge: PBR next-hop information lost on RPR switchover.

CSCsj14557

Cisco IOS

Bogus Port channel 345 is created on simultaneous boot sometimes

CSCsj14847

Cisco IOS

crypto connect command dropped after reload on unchannelized 2CT3+.

CSCsj16292

Cisco IOS

DATACORRUPTION-1-DATAINCONSISTENCY: copy error

CSCsj17048

Cisco IOS

WS-X6708: show flow control shows send admin/oper state as desired

CSCsj17485

Cisco IOS

Router crashed on doing a show cry isa pro while deleting them

CSCsj18494

Cisco IOS

Leak +MN to pfc to avoid flooding due to tx span.

CSCsj27352

Cisco IOS

RX Priority q-limit is set to default after reload

CSCsj28026

Cisco IOS

WhitneyVS: Unable to mibwalk clcFdbVlanInfoTable..

CSCsj28753

Cisco IOS

IF-MIB::ifHCOutUcastPkts is incorrect on ESM20G

CSCsj29657

Cisco IOS

Degradation in TPS - Whitney IOS image.

CSCsj32493

Cisco IOS

IPSEC: Incorrect IPSec connection info in InvalidSPI testing

CSCsj34267

Cisco IOS

SP crashes due to segmentation violation with 400 igmp groups/vrf

CSCsj34552

Cisco IOS

ip address of vlan interface not programmed into spa-ipsec-2g

CSCsj35776

Cisco IOS

Some of the VCs are INACTIVE after SPA OIR

CSCsj36689

Cisco IOS

Corruption in block allocated by svclc_config

CSCsj38796

Cisco IOS

LC/SP crash @ label_entry_get_inlabel

CSCsj42303

Cisco IOS

6K installs ffff.ffff.ffff in CAM table under very specific conditions

CSCsj48589

Cisco IOS

BGP route (injected by OER) remains in Routing table after path is clear

CSCsj51666

Cisco IOS

ip ssh ver 2 command missing in 12.2(25)EWA

CSCsj56703

Cisco IOS

SSO failover causes RSTP forwarding and physical interfaces blocking.

CSCsj58538

Cisco IOS

Lots of prowler/patriot interface go down for few second during sso swov

CSCsj61811

Cisco IOS

process restart pcmcia_driver.proc on SP crashes the SP

CSCsj64453

Cisco IOS

HSRP support in protocol policing

CSCsj66829

Cisco IOS

Switch crash with clear ip igmp snoop stat and show ip igmp snoop st

CSCsj66987

Cisco IOS

ifAlias for Subintf Reports the Previous Value if Description Deleted

CSCsj67096

Cisco IOS

Issue w/NATed traffic on PortChannel (WS-X6408 and WS-X6516) on Sup720

CSCsj72251

Cisco IOS

BOOTP replies dropped if DHCP snooping is enabled

CSCsj72438

Cisco IOS

Control plane instability and %EARL-DFC3-2-SWITCH_BUS_IDLE: Switching bu

CSCsj75636

Cisco IOS

Crash in SP observed when per-port igmp statistics cleared

CSCsj77885

Cisco IOS

%HA_EM-7-FMS_POLICY_MAX_ENTRIES message because of teminal length limit

CSCsj78751

Cisco IOS

ES20: shut & no shut on ZR XFP causes the port to stay down

CSCsj80655

Cisco IOS

timer value overflows when the specified val is larger than a long val

CSCsj81067

Cisco IOS

IPSec VPN SPA: OLD-CISCO-CHASSIS-MIB does not return cardType

CSCsj81502

Cisco IOS

show pagp clis are not displaying the correct information.

CSCsj83102

Cisco IOS

crash upon card type configuration on WS-X6582-2PA / PA-MC-8TE1+

CSCsj84641

Cisco IOS

some patches failed to commit during install commit of 41 patches.

CSCsj85930

Cisco IOS

t/b slot_earl_icc_shim_addr tm_send_message on changing to rpr

CSCsj86854

Cisco IOS

SPAN does not reset FPOE (to SP) when converting to distributed

CSCsj87584

Cisco IOS

call-home inventory full needs show ipdrom switch all for VSS

CSCsj88208

Cisco IOS

DOM not working for LR+ and ER+ Xenpaks

CSCsj88221

Cisco IOS

class-default should not police BPDUs

CSCsj89470

Cisco IOS

Bus Error crash in Netflow on 7200 running netflow and L2TP

CSCsj89905

Cisco IOS

EEM applet hangs if system prompt is changed

CSCsj90252

Cisco IOS

SYS-3-CPUHOG IP RIB Update seen on Active RP

CSCsj91795

Cisco IOS

Appl TCs are not monitored when 12.2SRB BR is used with 12.4(15)T1 MC.

CSCsj95733

Cisco IOS

Packet loss between sup4 uplink to 65xx modules

CSCsk02456

Cisco IOS

TBs found @ pm_assert_fail..

CSCsk02962

Cisco IOS

Supervisor Reload after SSO switchover on Multicast MET reconstruction.

CSCsk03679

Cisco IOS

VS2: show mls nde intermittently causes ALIGN-3-SPURIOUS T/B's

CSCsk06769

Cisco IOS

shut on L2 int cause packets to loop back on T1 int causing traffic loss

CSCsk09155

Cisco IOS

spa-ipsec-2g remains in Initialization state

CSCsk18206

Cisco IOS

TCAM adjacency hardware programming problem with PBR and NAT.

CSCsk20346

Cisco IOS

P router crash due to no EOBC buffer and illegal access to low address

CSCsk23521

Cisco IOS

EARL-SPSTBY-2-SWITCH_BUS_IDLE is seen with SW switched traffic

CSCsk24272

Cisco IOS

SUP720-3B RP Crash due to I/O Buffer Leak by NDE w/ NAM 127.0.0.x Addr

CSCsk26973

Cisco IOS

Memory leak in nhrp_cache_delete for incomplete cache entries

CSCsk30146

Cisco IOS

Router crashed %DUMPER-3-PROCINFO: pid = 12315: (sbin/ios-base) SIGBUS

CSCsk33661

Cisco IOS

show platform hardware capacity should include LTL usage.

CSCsk33724

Cisco IOS

DOM does not work anymore for cwdm gbic/sfp

CSCsk33740

Cisco IOS

replay window size of 1024 causes IPSec Policy Check and Replay Failure

CSCsk34237

Cisco IOS

Egress multicast replication broken due to wccp.

CSCsk37675

Cisco IOS

IKE stuck after several hours of IKE SA rekey.

CSCsk38024

Cisco IOS

VS2: EtherChannel state on standby is incorrect due to out of order FEC

CSCsk41374

Cisco IOS

device crash seen when auth-proxy enabled on the LPIP vlan.

CSCsk43058

Cisco IOS

Port channel to WiSM controller suspended after upgrading to 12.2(33)SXH

CSCsk43673

Cisco IOS

C2W1: Network RF client takes too long to process switchover..

CSCsk45585

Cisco IOS

Heathland: On bootup MPLS not supported on platform message

CSCsk55012

Cisco IOS

setting portDuplex from 'full' to 'full' may cause standby reset.

CSCsk55423

Cisco IOS

7600's SPD implementation allow COS 5 or above in Extended headroom

CSCsk58810

Cisco IOS

should NOT allow enable port-security on negotiating trunk interface.

CSCsk60874

Cisco IOS

show tech needs 'show diagnostic results' and 'show diagnostic events'.

CSCsk60912

Cisco IOS

MPLS forwarding table empty on standby RP.

CSCsk62017

Cisco IOS

multicast (hsrp/ospf) coming from service modules is blackholed by vacl.

CSCsk64860

Cisco IOS

Config rollback to data file causes system to stuck at delete file mode.

CSCsk65482

Cisco IOS

clear ip slb CLI is defined with wrong privilege level

CSCsk65860

Cisco IOS

IOS-SLB:Security ACL breaks Client traffic

CSCsk67801

Cisco IOS

WiSM:WiSM interfaces in manual LAG get shutdown at reload

CSCsk68656

Cisco IOS

AB76: MFI push issu client msg type 5020 V1 MTU differ btwn SRB1/SRC

CSCsk70087

Cisco IOS

Sup720 TLB exception created by fill_earl_vlan_stats_hdr.

CSCsk73627

Cisco IOS

WS-X6548-GE-TX powered down due to keep alive polling feature

CSCsk78396

Cisco IOS

Router may crash if SNMP walk on cefcModuleTable.

CSCsk80934

Cisco IOS

Add errmsg to clearly indicate if lc reset due to power convertor failur

CSCsk82459

Cisco IOS

VS2: continuous msg - Flooding detected in diag inband driver caused SSO

CSCsk82877

Cisco IOS

METROPOLIS #0 cnt=1 reg:[1B0]kic_kic_int 02

CSCsk83524

Cisco IOS

L3 physical interface input drop counter is incorrect.

CSCsk83646

Cisco IOS

BX10 ports don't link-up after Centaurus resets..

CSCsk83683

Cisco IOS

VRF-Lite aware PBR feature does not work after reload/SSO swover

CSCsk84944

Cisco IOS

unidirectional Ethernet UDE is broken on WS-6704 after SW upgrade

CSCsk85987

Cisco IOS

VS2: After 2 x SSO, SVI was down and multicast join didn't work

CSCsk86381

Cisco IOS

KMI memory leak in 'IPSEC key engine' when delete p2 failed

CSCsk87262

Cisco IOS

Switch crashes when polling port security MIB for SIP or Flexwan

CSCsk88173

Cisco IOS

mac-address-table static with disable-snooping break on reboot

CSCsk88760

Cisco IOS

122SR:Routers crashes on unconfiguring vlan in the LACP mode

CSCsk89100

Cisco IOS

6196-RJ-21 Dropping all ingress frames with CRC counter incremented.

CSCsk89335

Cisco IOS

After SSO switchover, see 6K DC power supplies mismatched.

CSCsk91267

Cisco IOS

Module fails to come up with (FRU-power failed)

CSCsk93587

Cisco IOS

TestFabricCh0Health test failure with unidir traffic via Ch1on Berytos

CSCsl04500

Cisco IOS

OBFL process causing 6708 high CPU

CSCsl04687

Cisco IOS

DFC3C pps counter does not work

CSCsl06110

Cisco IOS

DHCP snooping agent: parse failures when importing the DB

CSCsl08912

Cisco IOS

Vlan access list not working when have "xconnect vfi #" under the SVI

CSCsl13477

Cisco IOS

SSO not working with crypto maps terminating at same peer address.

CSCsl23758

Cisco IOS

WS-X6548-RJ-45: Wrong value of the output counter on show interface

CSCsl26981

Cisco IOS

PBACL config causes hostname change when you downgrade to Rockies image

CSCsl26998

Cisco IOS

Switch crashes on applying PBR with next-hop verify-availability

CSCsl41230

Cisco IOS

IPSec SPA breaks IPSec if interesting traffic uses TCP ports

CSCsl70148

Cisco IOS

PIM enabled p2p Crypto GRE Tunnels not installed in Hardware

CSCsl70634

Cisco IOS

67xx EC tx/rx traffic dependency resulting in low throughput

CSCsl94488

Cisco IOS

Smartports CLI missing in sup32 ipbase image

CSCsm17983

Cisco IOS

Memory corruption by l3_mgr_e7_fmask_init_platform

CSCsi05906

Content

WCCP:appliance failover does not update TCAM adjacency

CSCsi10700

Content

WCCP:copy TOS value from inner to outer GRE packet

CSCsi91658

Content

Wccp stops layer 2 redirection when dscp is present in the redirect acl

CSCsj09149

Content

WCCP: no redirection following change in configuration

CSCsj48440

Content

WCCP: L2 return traffic is software switched

CSCsk14208

Content

WCCP does not work after OIR or Reboot

CSCsl04908

Content

WCCP: shutdown of appliance i/f leads to c6k reload

CSCsb95806

Infrastructure

Incorrect 64bit counter on 1Gb MPLS interface via SNMP.

CSCsc33389

Infrastructure

When snmp-server host is deleted, the trap is not sent to other hosts

CSCsc84077

Infrastructure

IOS CLI will stop accepting octal by default

CSCsd52019

Infrastructure

cieIfStateChangeReason and locIfReason support broken.

CSCsf30779

Infrastructure

Add CLI for section keyword in show run output modifiers

CSCsh25151

Infrastructure

memory leak seen with reflexive ACL and NAT/PAT

CSCsh48919

Infrastructure

Embedded spaces in DOSFS dirs/file names cause crash in some platforms

CSCsh81291

Infrastructure

Exodus Mayflower C10K ISSU fails at loadversion

CSCsj37635

Infrastructure

Incorrect source IP address is used for IP SLA icmp-echo with VRF

CSCsj58223

Infrastructure

Bus Error after 'show memory'.

CSCsj80951

Infrastructure

*Neutrino* proc reported memory Freed/Holding is incorrect

CSCsj83924

Infrastructure

Porting command show history all to mainlines

CSCsj83966

Infrastructure

Syslog traps cause CPUHOG when lot of interface come up at same time..

CSCsk10335

Infrastructure

Traceback @ ipc_send_message_blocked during bootup.

CSCsk27147

Infrastructure

SNMP stops responding while polling from CISCO-MEMORYPOOL-MIB

CSCsk38461

Infrastructure

Show platform hardware command getting rejected.

CSCsk67272

Infrastructure

CPU HOG while polling ciscoFrameRelayMIB.

CSCsl09867

Infrastructure

Exec-timeout not working at more prompt when using Modular IOS

CSCsl13216

Infrastructure

warm upgrade is not working.

CSCsl53110

Infrastructure

VSS: Stby rp crashes on boot

CSCeh56158

IPServices

NAT outside source translation fails for GRE packets.

CSCsg97662

IPServices

Cant disable skinny (tcp 2000).

CSCsh92986

IPServices

Very long latency for RSH traffic going through FWSM.

CSCsi16903

IPServices

IGMPv3 mode 4 group report with {} source list gets translated to mode 6

CSCsi28444

IPServices

DHCP server has parse problems with x in bootfile

CSCsi42717

IPServices

saa_vrf_test_udpe & saa_vrf_test_itter generate an unexpected error mess

CSCsi57927

IPServices

FTP session hangs TCP in closewait after CLI times out..

CSCsj07951

IPServices

Memory Corruption when Autoinstall over FR

CSCsj62846

IPServices

Need to differentiate IPv4 and IPv6..

CSCsj89544

IPServices

TCP retransmissions get dropped below IP layer..

CSCsk07170

IPServices

MD5 validation error shows IPv4 address but should IPv6 address

CSCsk10604

IPServices

Syn pkts destined to VRF fail to match the default TCB in table

CSCsk29013

IPServices

IGMP groups in the vrf not rejoined after executing a cle ip mr vrf

CSCsk80935

IPServices

SXF12, SNMP response being broadcast.

CSCsk81396

IPServices

NAM process crash in 12.2SXF.

CSCsk82821

IPServices

The UUT not able to receive the Large ICMP message.

CSCsl00350

IPServices

ARP entry not created for nat translated IP.

CSCsl06431

IPServices

Modular IOS: Memory leak in udp.proc

CSCsc77148

LegacyProtocols

Router crash while issuing show ipx cache command. Cleanup SA warnings.

CSCsh34949

LegacyProtocols

DLSW router crash with Bus Error

CSCsj98895

LegacyProtocols

v2-single-tcp peer connection is established on a non confg/prom peer

CSCsg05873

Management

Buffer leak with SNA Focalpoint PU consuming middle buffers with NMVTs

CSCsk36618

Management

Device crash with cdp traffic @ 200 pkts/sec and clear cdp table

CSCsi75566

MPLS

Packets dropped on FRR backup tunnel if protected intf is dot1q

CSCsi99825

MPLS

7613 crashed on SNMP ENgine

CSCsj55865

MPLS

Traceback seen @ lsd_rewrite_create and lsd_frr_co_req

CSCsk14113

MPLS

LDP change in advertise-tag for access list stop advertising some prefix

CSCsk57589

MPLS

TB:%LFD-3-INVINSTALLER & %BGP_MPLS-3-VPN_REWRITE(seen on bootup)

CSCec55244

Multicast

PIMv6: Spurious access at pim_ipv6_hello_addr_adv_size

CSCek26940

Multicast

Need to unhide interval for send-rp-discovery

CSCsh56720

Multicast

CPUHOG/Watchdog timeout when using igmp static group class-map cmd

CSCsi01481

Multicast

%PIM_PROT-3-SHUTDOWN_ERR seen at unconfig ipv6 pim rp-addr.

CSCsi97586

Multicast

MGX-RPM-XF-512 reset after customer deleted multicast vpn and vpn vrf

CSCsj16861

Multicast

Dynamically overwritten bidir RP doesn't get removed from HW

CSCsj64230

Multicast

bidir DF election should not be restarted on a downstream interface

CSCsk49073

Multicast

%DUMPER-3-PROCINFO... SIGSEGV when running Extranet MVPN

CSCef54653

PPP

Members inactive in a multilink bundle except the first member..

CSCse28421

PPP

%AAAA-3-BADSTR error when Multilink interface goes down.

CSCek49107

QoS

Router crashes @ traffic_shape_dequeue_shim.

CSCek78675

QoS

SIP200 crash at hqf_cwpa_pak_enqueue_local during qos test.

CSCse18146

QoS

SIP1-CT3: SIP1 crashed after switchover @giant_node_process.

CSCsg98040

QoS

QoS applied to int with dot1q trunk does not match MPLS EXP on 12.2S

CSCsk09651

QoS

Router may reload with shaping policy on MLPPPoFR..

CSCec43841

Routing

EIGRP: IP next-hop incorrect on spokes when using no next-hop-self

CSCek33384

Routing

Tunnels stay down after cutover at MPLS head test cases

CSCek75079

Routing

Problem in type7 to type5 translation if summary-addr configured

CSCek76776

Routing

ip interface settings persistent after deleting/adding sub-interface

CSCek78315

Routing

Access to NULL ptr with debug ip ospf hello.

CSCek79264

Routing

static route tracked by track-object not installed into routing tabl.

CSCsa73179

Routing

Memory corruption/crash when 'no default-information orig' under RIP

CSCsc73725

Routing

EIGRP packet pacing should have lower minimum value

CSCsd34114

Routing

IPv6 Localpools allows more than one prefix per user

CSCse42362

Routing

EIGRP next hop not updated on spoke, in a dual hub/dual path dmvpn topo

CSCsf27220

Routing

Router crashes on traffic with NHRP

CSCsg12385

Routing

No IPv6 uRPF subblock control decode function

CSCsg16778

Routing

router may crash at bgp_update_nbrsoo after deleting BGP neighbor.

CSCsg25995

Routing

N/w configured are not seen in mbgp table with nbr nlri unicast multi

CSCsg63932

Routing

IPv6 Static issue with same path from two clients

CSCsg72029

Routing

setting M bit in RA supresses autoconfig bit

CSCsg94088

Routing

OSPF route map not matching community-list / ipv6 redistributing bgp

CSCsh20656

Routing

TCP header compression elicits upstream retransmissions from Fritz

CSCsh38140

Routing

CEF drops when using CEF LB paths and active link recovers from failure

CSCsh54797

Routing

high CPU in collection process after bringing up pppoe sessions twice.

CSCsh57509

Routing

RIPv2 does not delete redundant paths with different next hops.

CSCsh80008

Routing

BGP: soft reconfiguration inbound and neighbor weight has no effect

CSCsh82953

Routing

EIGRP pece routes missing extcomm attrs after redistribution to BGP.

CSCsh87744

Routing

IPv6 mcast: RPF fails even while MBGP has default route

CSCsh88825

Routing

bgp: advertisement-interval not nvgened for peer-groups

CSCsi09698

Routing

BGP adv connected prefixes suppressed by IP Event Dampening after reload

CSCsi15183

Routing

change MTU value causes %DUAL-3-INTERNAL in ipigrp2_add_item_dest

CSCsi17002

Routing

IPv6 PBR policy routes to non-attached destination

CSCsi25729

Routing

ISIS doesn't enable BFD except after micro reload

CSCsi27696

Routing

oldest ebgp bestpath not retained in eibgp multpath cases

CSCsi33147

Routing

OSPFv3: prefix lsa does not re-originate after interface comes up.

CSCsi41109

Routing

Traffic loss and High RP CPU with SPA OIR with a large configuration

CSCsi47635

Routing

deleted sub-interface shows up on next config sub-interface

CSCsi48304

Routing

Multi-source redistributing makes ospfv3 external db corrupt

CSCsi53353

Routing

BGP TTL Hack breaks ipv6 neighbor

CSCsi58303

Routing

eigrp resync peer graceful-restart repeatedly after reload.

CSCsi58867

Routing

CPUHOG After show ip route static or show ip route connected

CSCsi62017

Routing

%XDR-DFC3-6-XDRLCDISABLEREQUEST: Client XDR Interrupt Priority Client

CSCsi80057

Routing

RIP default-information originate with route-map not working correctly.

CSCsj00161

Routing

IPv6 may load balance between summary discard and reachability paths.

CSCsj04761

Routing

No space between 'any' and 'eq' after configuring ipv6 acl

CSCsj06265

Routing

Switch crashes when doing clear ip ospf process

CSCsj09838

Routing

RR some prefix might not be sent after bgp neighbor flaps.

CSCsj10185

Routing

CPU hog in ospfv3_clean_partial_spfQ and ospf_clean_partial_spfQ

CSCsj17820

Routing

Hub crashes during unconfiguration due to program counter error

CSCsj17950

Routing

ISIS redistributed static routes might not be advertised

CSCsj25841

Routing

default not sent using neighbor default-originate conditionally w/route

CSCsj25940

Routing

%SYS-2-NOTQ: unqueue didn't find 6433F698 in queue.

CSCsj32013

Routing

GSR crashing with bgp_vpnv4_purge_one_import.

CSCsj36133

Routing

Invalid header length BGP notification when sending withdraw

CSCsj37111

Routing

IPv4 inconsistencies & %FIB-4-FIBXDRINV upon reset LC

CSCsj53361

Routing

ISIS flaps after NSF/SSO of peer with 16 neighbor,5k routes and traffic.

CSCsj54395

Routing

router crash when iphc configured with SLIP encap

CSCsj64154

Routing

c7600 - %SIP200_MP-4-PAUSE: Non-master CPU is suspended for too long

CSCsj71306

Routing

mfibv4: HA: BGP MDT update is injected into standby..

CSCsj72039

Routing

Prefix not in ISIS database if serial interface and passive

CSCsj80615

Routing

BGP not sending prefix with expected next hop to the peers..

CSCsj85485

Routing

EIGRP NSF - MSFC switchover causes hello's to be sent over passive intf

CSCsj89636

Routing

isis convergance time delay with equal paths

CSCsj97484

Routing

32kEVC: ESM LC OIR crash causes RP to crash when LC comes up.

CSCsj99269

Routing

BGP: VPNv4 general scanner runtime close to 1 hour at boot time.

CSCsk21328

Routing

6504 crashes in IPV6

CSCsk26719

Routing

show ip access crash with per-user acl

CSCsk27077

Routing

router crash observed while clearing virtual access interface

CSCsk29853

Routing

ospf takes almost 10 minutes to flash Stale, self-originated LSAs

CSCsk33115

Routing

OSPF virtual-link fails to come up during IETF GR & RIB entries deleted

CSCsk35970

Routing

BGP Router/Scanner causes high CPU utilization when using BGP multipath

CSCsk35985

Routing

OSPFv3: router crashes for "show ipv6 ospf lsdb" after redist of routes

CSCsk36324

Routing

OSPF: spf calculation goes into loop causing high CPU.

CSCsk38877

Routing

PE_PUNT_UNRECOGNIZED should be an OUTPUT_FEATURE.

CSCsk46195

Routing

Arp entry does not age out with private vlans and no ip sticky-arp

CSCsk48182

Routing

BGP: Router crashes @ bgp_netlist_validate

CSCsk66339

Routing

ISIS fails remove native path from local RIB / del path from global RIB

CSCsk89546

Routing

RIB and FIB not updated after shut TE LB path

CSCsl13950

Routing

VS2:XDR_LC traceback seen on Standby-RP on bootup.

CSCsl18176

Routing

OSPF SPF calculation with TE metric absolute picks wrong egress.

CSCsl28278

Routing

OSPF-Route/CEF entry lost after SSO on the neighbor

CSCsl71540

Routing

Router crash after using cmd 'sh ip bgp x.x.x.x [bestpath

CSCsh72664

Security

DMVPN: OSPF neighbor flap and traceback @ tunnel_oqueue..

CSCsj60938

Security

SCP with redirect option locks up console or VTY line.

CSCsj78065

Security

tunnel_trace CPUHOG in Net Background process

CSCsk00054

Security

mGRE fragmentation into tunnel broken

CSCei22295

WAN

Traceback is seen at fr_svc_teardown_calls

CSCsc38968

WAN

Frame-relay EEK failure does not keep subinterface down

CSCsi70599

WAN

Standby reloads due to Config Sync: Line-by-Line sync verifying failure