| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz50491 | Title: | ASR1K Sudden HW and SW TCAM exhaustion |
|
Status: | Terminated |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
An ASR 1000 router could experience sudden TCAM exhaustion, often resulting in an fman_fp crash
Conditions:
Exceed ASR1K max scaling limit, the following log can be seen in the cpp_sp tracelog:
[errmsg]: (ERR): %CPP_FM-3-CPP_FM_TCAM_WARNING: TCAM limit exceeded: HW TCAM cannot hold Class group ipsec-rule:1.9.9.971505665. Use SW TCAM instead.
Workaround:
Not yet known.
Further Problem Description:
|
|
Last Modified: | 17-MAY-2016 |
|
Known Affected Releases: | 15.4(3) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy63118 | Title: | Polaris does not scale to XE level for MPLS VPN routing |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
MPLS VPN routing on 16.2(0) IOS-XE release scale 10-30% less on asr1k/isr4k/csr platforms then previous releases
Conditions:
MPLS VPN is used
Workaround:
there are no workarounds
Further Problem Description:
N/A
|
|
Last Modified: | 08-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 16.3(0.200), 16.4(0.20) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz86868 | Title: | POLARIS 16.2:Fman_fp Core@fman_aom_fhs_acl_op during configuration |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom:
While testing latest Polaris 16.2 image with "xe37_urpf_acl, xe39_ipv6fhs, xe310_gtp_teid" features,observing fman_fp core during configurations.
Conditions:
Fman_fp core is seen in RP2-ESP20/ESP40 platforms.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 30-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz79330 | Title: | IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom:
A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software, Cisco IOS XE Software and Cisco NX OS Software could allow an
unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.
The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker could exploit this vulnerability by
sending crafted IPv6 Neighbor Discovery packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to stop
processing IPv6 traffic, leading to a DoS condition on the device.
Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
Conditions:
Exploitation of this vulnerability against Cisco IOS XE devices may cause high CPU and loss of IPv6 neighborships and IPv6 traffic.
Customers should apply a fix in the form of SMU.
Additionaly, a mitigation ACL limiting IPv6 ND packets to local link and dropping them on the edge can help protect the infrastructure.
The following ACL is an *example* of a access list that can be used on the edge device to help mitigate potential attacks on the internal infrastructure from the internet:
permit icmp neighbor_global_ipv6 your_global_ipv6 nd-ns
permit icmp neighbor_global_ipv6 your_global_ipv6 nd-na
permit icmp neighbor_global_ipv6 FF02::/104 nd-ns
permit icmp neighbor_global_ipv6 host FF02::1 nd-na
permit icmp FE80::/64 any nd-na
permit icmp FE80::/64 any nd-ns
permit icmp any FE80::/64 nd-na
permit icmp any FE80::/64 nd-ns
deny icmp any any nd-na log
deny icmp any any nd-ns log
permit ipv6 any any
Customers should keep in mind that the above ACL is not foolproof as the permitted source address can be spoofed.
Workaround:
Please refer to the advisory.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 15.3(2)S, Denlai-16.3.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy64412 | Title: | ISSU:Polaris 16.2 ISO1->ISO2:Traceback@lisp_os_ios_if_handle after RV |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:Error message
%LISP-4-ASSERT: Internal LISP error (os ios if 673)
and a traceback may be seen in the syslog of router running Cisco IOS.
Conditions:LISP is enabled in the configuration.
Workaround:No actions is necessary, router automatically recovers from the error condition.
More Info:Up until now the problem was seen only on redundant systems at the time whem Standby RP becomes Active. But the problem is not specific to this situation and may be seen in other scenarios such as interface OIR or removing an interface from router's configuration.
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 15.4(1)IA1.31, 15.4(1)IA1.35, 15.6(1.17)S0.21, 15.6(1.29)SP, 15.6(2.17)T, 16.2(0.363), 16.3(0.178) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz64285 | Title: | Cube fails to send the SIP Error code response |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Cube fails to send the SIP Error code response for "SIP Service Shutdown" scenarios.
Conditions:
asr1001x-universalk9.V155_3_S2_SR637314193_2.SPA.bin image
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S, 15.6(0.22)S8, 15.6(2.12)T |
|
Known Fixed Releases: * | 15.6(1)S1.2, 15.6(2.14)T, 16.2(1.25), 16.3(0.213), 16.4(0.40) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz50434 | Title: | ISSU:XE314<->XE316 : IOSd Core@cfm_ha_issu_db_to_msg_pre_mpdb_transport |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
While testing ISSU from XE314<->XE316/XE317 with "cfm" feature in Kingpin platform, observing crash followed by linux_iosd core after RP switchover.
Conditions:
Core and crash is seen in both upgrade and downgrade in Kingpin, Nightster and RP2 platforms.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S, 15.6(1)S |
|
Known Fixed Releases: * | 15.6(1)S1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua27722 | Title: | Netflow timestamps drifts compared to NTP |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Netflow TimeStamp may show time drift compared to NTP time.
This effect has been judged to be equal to about 50 seconds of
lost time per day.
Conditions:
Flexible or Traditional Netflow running on either an ESP40 based
Forwarding Processor or the ASR1001 platform (other ASR1k products are unaffected).
Workaround:
There is no workaround but when the time skew exceeds 10 minutes
it should self correct.
Further Problem Description:
A complete fix for this issue is addressed in a ROMMON upgrade. ROMMONs 15.2(4r)S1 and newer contain the fix, independent of any IOS-XE release version which may be running.
|
|
Last Modified: | 16-MAY-2016 |
|
Known Affected Releases: | 15.1(3)S1, 15.4(3)S |
|
Known Fixed Releases: | 15.2(4r)S1, 15.3(1.3)S, 15.3(2)S, 15.3(2)S1, 15.3(2)S1b, 15.3(2)S1c, 15.3(2)S2, 15.3(3)S, 15.3(3)S1, 15.3(3)S1a |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz41395 | Title: | CoA Ack for service-logon does not have session ip addr |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
CoA Ack for service-logon does not have session ip addr
Conditions:
This is seen when Acconting-session-Id is used as an identifier for service-logon
Workaround:
Use IP address as an identifier
Further Problem Description:
|
|
Last Modified: | 16-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S3 |
|
Known Fixed Releases: | 15.5(3)S2.11, 15.6(0.22)S7, 16.4(0.14) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCup99504 | Title: | ASR1k: IOSd crash seen while bring up the tunnel with dmvpn-pfr profile |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: | Symptom:
IOSd crash seen with dmvpn-pfr profile
Conditions:
while bring up the tunnel after verifying policy map
Workaround:
-
Further Problem Description:
|
|
Last Modified: | 16-MAY-2016 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy61296 | Title: | polaris: 16.2 throttle: Memory leaks @ IsVoiceHuntGrpSIPLocalDN |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Memory leaks are seen at IsVoiceHuntGrpSIPLocalDN at the end of dynamo2 call parking script execution.
Conditions:
After hunt group is configured if CLI "no voice register global"
is executed, only dynamically joined voice hunt group members were deleted.
Statically tied voice hunt group DNs were not deleted.
Workaround:
In config_voice_register_global , before calling remove_voice_reg_dn_tag to remove all the existing DNs.
setting vhg_info->ties_voice_huntgrp to 0, so that DN will be deleted.
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 15.6(2.12.1a)T0, 15.6(2.7)T, 16.3(0.161) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz09783 | Title: | ZBFW asynchronous memory API change for USD platform |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
B2B HA with ALG traffic will crash on USD
Conditions:
B2B HA with ALG traffic will crash on USD
Workaround:
no
Further Problem Description:
|
|
Last Modified: | 12-MAY-2016 |
|
Known Affected Releases: | 15.5(3) |
|
Known Fixed Releases: * | 16.2(0.354), 16.4(0.26) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz34766 | Title: | ASR1000-2T+20X1GE GE ports cause CRC errors when connected to some LCs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
The GE ports on ASR1000-2T+20X1GE cause CRC errors on remote end when connected to GSR 4GE-SFP-LC engine 3 Line card.
Conditions:
ASR1000-2T+20X1GE directly connected to 4GE-SFP-LC. Traffic flowing in egress direction from ASR.
Workaround:
attach to line card and manually change registers.
Further Problem Description:
|
|
Last Modified: | 12-MAY-2016 |
|
Known Affected Releases: | 15.3(1)S |
|
Known Fixed Releases: * | 15.3(3)S7.6, 15.4(3)S5.10, 15.5(3)S2.12, 15.6(0.22)S7, 16.2(1.10), 16.3(0.198), 16.4(0.16) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy90947 | Title: | ASR1K : GTP PDP context stuck in deleting state |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
GTP PDP session stuck in "DELETING" state
Conditions:
After idle timeout expires, we observe that the subscriber session is cleared but the corresponding GTP context is moved from ready to deleting status
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 15.5(1)S3.1 |
|
Known Fixed Releases: * | 15.5(3)S2.9, 15.6(0.22)S5, 15.6(1.17)S0.21, 15.6(1.29)SP, 16.2(1.11), 16.4(0.1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCto82630 | Title: | CC/SPA package modification to reduce SIP 10 memory usage |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR1000 with SIP module may report a low memory warning. This is a cosmetic non impacting issue.
%PLATFORM-4-ELEMENT_WARNING: R0/0: smand: SIP/0: Committed Memory value 96% exceeds warning level 95%
Conditions:
SIP memory usage can be verified with the following command:
show platform soft status control-processor brief
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
SIP0 Healthy 449776 445428 (99%) 4348 ( 1%) 429456 (95%)
SIP1 Warning 449776 443572 (99%) 6204 ( 1%) 431344 (96%)
SIP2 Healthy 449776 397796 (88%) 51980 (12%) 318364 (71%)
Workaround:
None. Cosmetic issue.
|
|
Last Modified: | 23-MAY-2016 |
|
Known Affected Releases: | 12.2(33)XNF2, 15.1(3)S |
|
Known Fixed Releases: | 15.1(2)S1, 15.1(3)S, 15.2(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo61229 | Title: | ASR1002 Crashed after "show pfr master active running" |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
after performed some pfr commands ASR 1002 crashed
"show pfr master active running" was the last command
Conditions:
use pfr show commands
Workaround:
no use the pfr show commands
Further Problem Description:
N/A
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: * | 15.3(3)S7.3, 15.4(3)S5.10, 15.5(3)M2.1, 15.5(3)S2.10, 15.6(0.22)S7, 15.6(1)T0.1, 15.6(1)T1, 15.6(1.20)T, 15.6(1.22.1a)T0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz37645 | Title: * | UP09na NAT perf drop across some asr1k platforms between 3.17 - 16.2.1 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
NAT performance drop across some asr1k platforms
Conditions:
observing NAT performance drop across some asr1k platforms when we compared to the baseline XE317 CCO.The performance issue also seen when we running the combo tests
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 16.3(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy90440 | Title: | Performance monitor crashes with RTP traffic |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Router reloaded on its own. Showing Last reload reason: critical process fault, fman_fp_image, fp_0_0, rc=13.
Conditions:
Performance monitor config in place, specifically related to media:
performance monitor context profile application-experience
exporter destination source Loopback0 transport udp port 9991
traffic-monitor application-traffic-stats
traffic-monitor conversation-traffic-stats ipv4
traffic-monitor application-response-time ipv4
traffic-monitor media ipv4 ingress
traffic-monitor media ipv4 egress
traffic-monitor url ipv4 class-replace sampling-rate 50
Workaround:
Disabling performance monitor could be a potential workaround. Yet to be confirmed.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz67672 | Title: | Polaris 16.2 Packet drops@IpsecInput with svti configs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
While testing Polaris 16.2 throttle image with svti, observing packet drops during traffic flow.
Conditions:
With "tunnel mode ipsec ipv4/6" config, IPSec tunnel failed to establish.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 16.2(1.20) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu44128 | Title: | GETVPN on ASR with vasi interface fail to install the Rekey |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
In GETVPN scenario ASR as Group Member where crypto map is applied on Vasi interface rekey fails to install. For registration there is no problem.
Conditions:
When ASR as GM where crypto map is applied on Vasi interface
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy91207 | Title: | MPLS VPN routing performance degraded on Polaris |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Routing Performance decreased for MPLS VPN on 16.2(0) compared to previous releases and routing prefix establishment on all platforms takes 50-90% longer then before.
Conditions:
MPLS VPN routing is used
Workaround:
there is no workaround
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 16.3(0.201) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtw84581 | Title: | NATted packets can become out of sequence |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
In very rare cases packets flowing through NAT interfaces can become out of sequence.
Conditions:
This is most likely to occur for non-NAtted packets flowing through NAT interface, but can also happen if there are a series of quick packets on the same flow at NAT translation create time
This bug has been fixed in 15.2(02)S and later releases
Workaround:
The out of sequence issue with non-NAT packets can be worked around by turning of the gatekeeper via CLI, 'no ip nat serv gate'. This workaround will likely lower performance slightly for non-NAT traffic flowing through NAT interfaces. There is no known workaround for the NAT create case, but has actually never be observered and currently happens only in theory.
Further Problem Description:
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: | 15.2(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz16666 | Title: | cpp_sp encounters errors after SW TCAM gets in use on ASR1K |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR1K may see error messages upon deleting ACL entries, after software TCAM becomes in use:
%CPP_FM-3-CPP_FM_TCAM_WARNING: F0: cpp_sp: TCAM limit exceeded: HW TCAM cannot hold Class group cce-class:2912064.14464865. Use SW TCAM instead.
> %CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_sp: cpp_sp encountered an error -Traceback= 1#433c8b4fc27cfd36e9f70c6e994d8de8 errmsg:E8F1000+2230 cpp_common_os:F1E3000+C670 cpp_common_os:F1E3000+C470 cpp_common_os:F1E3000+19DAC cpp_fm_server:FE1A000+D6870 cpp_fm_server:FE1A000+DAB88 cpp_fm_server:FE1A000+D5058 cpp_fm_server:FE1A000+D31C8 binos:EB99000+E10C cpp_common_os:F1E3000+10190 cpp_fm_server:FE1A000+2CD5C cpp_fm_server:FE1A000+D3424 cpp_fm_server:FE1A000+6C808 cpp_fm_server:FE1A000+61528 cpp
> %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image: Batch type 1 ID 2882382797 download to CPP failed
Conditions:
Very big ACL is in use which causes hardware TCAM capacity exceeds and TCAM starts to use software memory.
Falling back to software TCAM is expected after hardware TCAM limit exceeds.
Workaround:
Summarize ACL ranges and make ACL as small as possible so that it fits into hardware TCAM
Further Problem Description:
on ASR1K, System converts the DENY entries into PERMIT ones using cross product.
Once hardware TCAM is full we start to use DRAM for software TCAM. Very large ACLs can exhaust DRAM
One should prevent using very large ACLs, ACLs should be summarized
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 3.9(0.0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux41920 | Title: | PAP issue in B2B A/R setup |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
false pool exhaustion
Conditions:
with pap in a/r scenario
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 27-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 16.4(0.41) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux55692 | Title: | TCAM Errors in NL11k TCAM of Fixed Ethernet Linecards |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Intermittent packets loss on Fixed Ethernet Linecards[ASR1000-6TGE/ASR1000-2T+20X1GE]
Intermittent packets loss on Fixed Ethernet Linecards[ASR1000-6TGE/ASR1000-2T+20X1GE]
Symptom:Intermittent packets loss on Fixed Ethernet Linecards[ASR1000-6TGE/ASR1000-2T+20X1GE]
Conditions:This intermittent packet loss is due to TCAM Mismatch error counters. TCAM mismatch counters can be seen using "test hw-module subslot 0 np4c stat 1" CLI under SPA console of the linecard.
Workaround:None
More Info:
|
|
Last Modified: | 27-MAY-2016 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.4(3)S4.10, 15.4(3)S5, 15.5(2)S2.11, 15.5(2)S3, 15.5(3)S1.4, 15.5(3)S2, 15.6(0.22)S0.13, 16.2(0.273), 16.3(0.73) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux89723 | Title: | Error when service-policy at sub-interface/pvc/service-group is applied |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Customer has ADSL connections arriving through Gi0/0/1 , once these connections are authenticated QOS policies are assigned via RADIUS dynamically.
The error message is noticed when neighbor 57.7.26.162 which is a peer authenticated via ADSL comes up and RADIUS tries to push QOS policy for the user :
%BGP-5-ADJCHANGE: neighbor 57.7.26.162 vpn vrf EC-LYO Up user-defined classes with queueing features are not allowed in a service-policy at sub-interface/pvc/service-group
%QOS-3-ATLEAST_ONE_FAILOVER_ERR: Fail-over of dynamic interface GigabitEthernet0/0/1 failed
Conditions:
Once the connection is authenticated a QOS policy is pushed based on their plan like in the following example :
ex -
"AMPAB003@lyo.amplivia.fr" Cleartext-Password := "xxxxxxxxxxxxx"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Class = 4,
Tunnel-Type:1 += 3,
Tunnel-Type:2 += 3,
Tunnel-Preference:2 += 20,
Tunnel-Client-Auth-ID:1 += gre,
Tunnel-Client-Auth-ID:2 += gre,
Cisco-Avpair += "ip:sub-qos-policy-out=COS-OUT-SHAPED-ADSL-14M", ---> QOS policy Assigned.
Cisco-Avpair += "ip:vrf-id=REC-LYO",
Cisco-Avpair += "ip:ip-unnumbered=Loopback1019",
Framed-IP-Address = 57.7.2.18,
Policy-Map :
policy-map COS-OUT-SHAPED-ADSL-14M
class class-default >>> Parent policy but it only has class default so no restrictions here.
shape average 14000000
service-policy PLATINIUM-ADSL >>> Child policy does not have any shaper configured.
policy-map PLATINIUM-ADSL
class OUT-BBE
bandwidth remaining percent 40
class OUT-BE
bandwidth remaining percent 40
class OUT-LBE
bandwidth remaining percent 5
class OUT-NC
bandwidth remaining percent 14
class OUT-PREMIUM
priority percent 10
Workaround:
(1) Reload the box
(2) Do not use the Virtual-Access (VA) for the session which has seen the error. Other VAs are fine.
Further Problem Description:
Customers will hit the issue when QoS policy comes from radius and there is already a QoS policy installed on the same VA. Also they may see issues with session flaps, queue-move, etc.
This is a functional issue. QoS policy won't get installed after the error happens. No new policy can be attached from then onwards at the same VA where the error happens (till a reload).
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.5(3)S2.8, 15.6(0.22)S5, 15.6(1.17)S0.20, 15.6(1.26)SP, 16.2(1.23), 16.3(0.191), 16.4(0.18) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz04378 | Title: | ICMP Time exceed dropped due to uRPF on the MPLS PE (per-ce label) |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Packets are dropped due to uRPF
Conditions:
MPLS label mode per-ce, no issue when we are using per-prefix mode
Workaround:
Use per-prfix label allocation mode or disable uRPF
Further Problem Description:
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.4(1)IA1.32, 15.4(1)IA1.35, 15.5(3)S2.10, 15.6(0.22)S5, 15.6(1)T1.1, 15.6(1.17)S0.24, 15.6(1.31)SP, 15.6(2.15)T, 16.2(1.16), 16.3(0.176) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz79574 | Title: | AN: Proxy sending NBR connect to ANR with linklocal source address |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
AN registrar drops incoming neighbor connect messages received over tunnel from proxy.
Conditions:
In some rare situations, AN proxy was sending NBR connect message with source address as the link local address of the tunnel interface.
Workaround:
Do "clear autonomic device" on proxy.
Further Problem Description:
N/A
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | Denali-16.3.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux74788 | Title: | ASR1002-X: Memory leak in IOSD: acl-handle |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1002-X with 8GB memory running Version 15.1 goes unresponsive within 5-6 days the router crashes with Watchdog. For testing they upgraded to 15.4(3)S4 and then to 15.5(3)s1a as well but same issue.
IOSD memory leak in acl-handle process is noticed.
Logs during issue before crash on Dec 2:
Dec 2 13:31:47.777 EST: %PLATFORM-3-ELEMENT_CRITICAL: SIP0: smand: RP/0: Committed Memory value 115% exceeds critical level 100%
CMD: 'show plat softw status contr br' 14:06:32 EST Wed Dec 2 2015
IOSXE-WATCHDOG: Process = Exec
.Dec 2 14:07:04.115 EST: %SCHED-0-WATCHDOG: Scheduler running for a long time, more than the maximum configured (120) secs.
-Traceback= 1#a3fe01abba2bac2871f0e4442db8a494 ld-linux-x86-64:7FED81E8A000+8A
Conditions:
With PFR on head end master controller and BR
Workaround:
They disabled the PfR on the head end Master Controller and Border Routers (DMVPN Hub routers). The memory looks stable since then.
--------------------------------------------------------------
NADC2-PfR-MC#sh pfr ma
OER state: disabled
NADC2R4-DMVPN-HUB2#sh pfr bo
OER BR 10.220.253.52 DISABLED, MC 172.27.0.186 UP/DOWN: DOWN
Conn Status: CLOSED
OER Netflow Status: ENABLED, PORT: 3949
Version: 3.3 MC Version: 0.0
Nbar Status: Inactive
Exits
NADC1R2-DMVPN-HUB1#sh pfr bo
OER BR 10.220.253.51 DISABLED, MC 172.27.0.186 UP/DOWN: DOWN
Conn Status: RETRY
OER Netflow Status: ENABLED, PORT: 3949
Version: 3.3 MC Version: 0.0
Nbar Status: Inactive
Exits
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S5.1, 15.5(3)S2.7, 15.6(0.22)S4, 15.6(1.17)S0.25, 16.3(0.158) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw54118 | Title: | Unable to apply flow record to flow monitor |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Unable to apply same flow record to monitors with long names. The problem appears when monitor name exceeds 23 characters and first 23 characters are identical.
Conditions:
- multiple flow monitors with long names configured
- running 15.3(3)S1
Workaround:
- define multiple flow records
- define shorter than 23 character names for flow monitors
- or define monitor names where first 23 characters are different
- issue not present in:
Version 15.2(4)S4a
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 15.3(3)S1.1 |
|
Known Fixed Releases: * | 15.5(3)M2.1, 15.5(3)S1.1, 15.5(3)S2, 15.6(0.22)S0.7, 15.6(1)T1.1, 15.6(1.17)S0.25, 15.6(1.17)SP, 15.6(1.18)T, 15.6(1.22.1a)T0, 16.2(0.164) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux47123 | Title: | Polaris: In FIPS mode, router should crash if it can not get HW entropy |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
router should crash if it can not get HW entropy source while FIPS mode is on.
Conditions:
FIPS mode is on
Workaround:
no
Further Problem Description:
router should crash if it can not get HW entropy source while FIPS mode is on.
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 15.2(1)SY1.123, 15.2(1)SY2, 15.2(5.1.16)E, 15.2(5.5.66)E, 15.3(0.1.12)SY, 15.3(1)IE101.355, 15.5(3)M2.1, 15.5(3)S2.8, 15.6(0.22)S3, 15.6(1)T1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy03519 | Title: | PFRv3 MC Policy name can cause policy advertisement problems to branch |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
PFRv3 class name configured with certain special characters can cause PFRv3 to not operate
correctly.
Conditions:
Workaround:
Ensure policy name only contains alphanumeric characters.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or
involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please
contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.6(2.1)T, 15.6(2.12.1a)T0, 16.3(0.84) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz79370 | Title: | All SPAs went into offline on ASR1001 after irq 18 related messages |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
All SPAs went into out of service on ASR1001 after the following message.
May 6 11:02:15.456 JST: %IOSXE-3-PLATFORM: R0/0: kernel: irq 18: nobody cared (try booting with the "irqpoll" option)
---show platform --
Chassis type: ASR1001-4X1GE
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1001-4X1GE ok 5w3d
0/0 ASR1001 out of service 00:36:28 <<<
0/2 ASR1001-IDC-4XGE out of service 00:35:50 <<<
Conditions:
Unknown
Workaround:
No known workaround to avoid this issue.
To recover from this issue, Reload the box.
Further Problem Description:
|
|
Last Modified: | 24-MAY-2016 |
|
Known Affected Releases: | 15.3(3)S6 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy67413 | Title: | ASR1002-HX power supply returning incorrect vendortype-OID |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1002-HX power supply is showing incorrect vendortype-OID for ASR1000X-AC-750W
populating wrong OID : cevPowerSupply 414
SNMPv2-SMI::mib-2.47.1.1.1.1.3.3 = OID: SNMPv2-SMI::enterprises.9.12.3.1.6.414 -- > cevPowerSupplyASR1001XAC (ASR1001-X-PWR-AC)
Expected OID : cevPowerSupply 452
cevPowerSupplyASR1000XAC750W OBJECT IDENTIFIER ::= { cevPowerSupply 452 } -- Cisco 750 Watt AC power supply for ASR1002-HX Chassis
Conditions:
Issue is seen while quering PID for the AC power supply on ASR1002-HX chassis.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | none |
|
Known Fixed Releases: * | 16.2(1.19), 16.3(0.148) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy77179 | Title: | Calling-station-id missing in web logon access-request |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Calling-station-id (radius attribute 31) is missing in access-request triggered for web logon (account-logon CoA)
Conditions:
This happens in an scenario where session goes back to lite session after using "default-apply" rule in service policy. We can see Calling-station-id is there in access-request for TAL but it is missing in the access-request for web logon.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S2.1 |
|
Known Fixed Releases: * | 15.5(3)S2.11, 15.6(0.22)S7, 16.2(1.19), 16.4(0.19) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy88976 | Title: | Polaris: Popinac gigE ports not coming up sometimes on FCV image |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Few 1gigE ports on "ASR1000-2T+20X1GE " are not coming UP after couple of "shut" and "no shut" operations.
It comes up after the slot is reloaded.
Conditions:
* Perform couple(around 500 -1000 times) of shut+no shut operation on 1gigE ports of "ASR1000-2T+20X1GE " ELC.
*Ports goes down sometimes but not always and then it only comes UP after the slot is reloaded.
Workaround:
NONE
Further Problem Description:
NONE
|
|
Last Modified: | 20-MAY-2016 |
|
Known Affected Releases: | Denali-16.2.1 |
|
Known Fixed Releases: * | 16.4(0.36) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuf47227 | Title: | Verify returns Embedded hash verification failed for non image files |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When the configuration option "file verify auto" is enabled and a local copy operation is done for a file that does not contain a signature, e.g. a log file or configuration back, the copy will fail.
Conditions:
"file verify auto" is enabled in running configuration.
Workaround:
Use copy /noverify or disable "file verify auto"
|
|
Last Modified: | 19-MAY-2016 |
|
Known Affected Releases: | 15.2(4)S1 |
|
Known Fixed Releases: | 15.3(3)S0.2, 15.3(3)S1, 15.3(3)S1a, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S3, 15.3(3)S4, 15.4(0.8)S, 15.4(1)S, 15.4(1)S0a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj14019 | Title: | 1RU: %CMRP-3-UDI_AUTH: F0: cmand: Quack Unique Device Identifier authen |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
%CMRP-3-UDI_AUTH: F0: cmand: Quack Unique Device Identifier authentication failed,
show up.on ASR1001
Conditions:
After reloading the box or inserting SFPs.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 18-MAY-2016 |
|
Known Affected Releases: | 15.2(4)S3, 15.4(0.19)S0.8, 15.4(1.6)S |
|
Known Fixed Releases: | 15.2(4)S4.13, 15.2(4)S5, 15.2(4)S6, 15.3(3)S1.8, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.3(3)S3, 15.3(3)S4, 15.4(1)S0e |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz03682 | Title: | Router with ambiguous second vlan stops forwarding after config changes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Sub-interface configured with ambiguous second vlan tag (encapsulation dot1Q 2555 second-dot1q any) stops forwarding any packets after another sub-interface is added/modified using the same first tag and any specific second tag previously belonging to the "any" range.
Conditions:
Workaround:
Bounce an affected interface (shutdown / no shutdown)
Further Problem Description:
|
|
Last Modified: | 17-MAY-2016 |
|
Known Affected Releases: | 15.4(3)S5.1 |
|
Known Fixed Releases: * | 16.3(0.207), 16.4(0.23) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum37911 | Title: | ASR1K: NTP clock change affects GETVPN TBAR pseudotime |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
With TBAR enabled, dataplane traffic may be dropped in a GetVPN environment with mixed GMs (ASR and ISR) when there is a change in the NTP clock.
Conditions:
GetVPN Config with TBAR, and NTP clock is changed.
Workaround:
1) Adjust the NTP server to the current clock or,
2) Re-register the ASR GM with the KS using 'clear crypto gdoi' or,
3) Disable TBAR
Further Problem Description:
|
|
Last Modified: | 17-MAY-2016 |
|
Known Affected Releases: | 15.1(3)S2, 15.2(4)S3, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu17470 | Title: | XE314:1NGPacket drop Built-In interface configured with EVC and xconnect |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
While running cfm and vpls feature at a time in Nightster platform, I am seeing vpls feature traffic failure with Built-In Spa port.
Conditions:
Issue is seen only with BUILT-IN-2T+6X1GE port, not seen in SPA-8X1GE-V2 port.
Workaround:
Doing a shut/no shut on the interface resolves the problem.
Further Problem Description:
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.4(3)S5.10, 15.5(3)S2.11, 15.6(0.22)S6, 16.2(0.370), 16.3(0.108) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy95480 | Title: | 10G Link remains up in case of remote fault for MIP-100/1001-HX/1002-HX |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | ASR1001-HX is yet to be released for cutomers
Symptom:
10G interfaces remain up in case of remote fault for ASR1000-MIP100/ASR1001-HX/ASR1002-HX. Issue is not observed in case of local-fault.
Conditions:
Issue is observed with all interfaces of EPA-10x10GE and BUILT-IN-EPA-8x10GE BUILT-IN-8x10GE/1G which are supported in ASR1000-MIP100/ASR1001-HX/ASR1002-HX.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S, 16.2.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv56569 | Title: | incorrect QoS policy on target blocks all subseuqent policies |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
In case an invalid QoS policy with explicit queue-limit (asking for more bandwidth via percent based LLQ or Explicit Bandwidth then is available) is applied on target, there might be issue with cleaning up after rejecting the configuration.
Error causes any further installation of QoS policy to fail on the given target. At this point, reload is necessary to clean-up issue.
Conditions:
User applies an invalid QoS policy, with explicit queue-limit and percent base LLQ (priority, priority + police) or percent based Bandwidth.
Workaround:
Do not apply policy with invalid bandwidth reservation.
Problem is not seen with kbps based policy.
Further Problem Description:
|
|
Last Modified: | 10-MAY-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.5(3)S1.7, 15.5(3)S2, 15.6(0.21)S, 15.6(1)SN, 16.1(0.413), 16.3(0.191), 16.4(0.18) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz47707 | Title: | EPA 1GE Ports may cause CRC errors |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
EPA-18X1GE could exhibit CRC or interface input errors
Conditions:
Issue may be seen if Peer is GSR or some 3rd party device.
Workaround:
This can be corrected using test cli.
Further Problem Description:
|
|
Last Modified: | 10-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S2.10 |
|
Known Fixed Releases: * | 15.6(0.22)S7, 16.2(1.10), 16.3(0.197), 16.4(0.18) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug64798 | Title: | Cisco proprietary lease query doesn't work on cBR with mcp_dev images |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Ping to a CPE address can not recover the CPE by Lease query with Cisco proprietary Lease Query configured.
Conditions:
1) Using Cisco proprietary lease query
2) configure cable source-verify dhcp in bundle.
3) Bring the CPE online and get an IPv4 address.
4) Delete CPE from CMTS subscriber DB.
5) Ping to the CPE IP address, the LQ is not sent out.
Workaround:
Using standard lease query configuration as following:
1)Using CNR version 7.0 or above, and
2) Enable the standard Lease Query:
sqi-ubr2(config)#ip dhcp compatibility lease-query client standard
Further Problem Description:
|
|
Last Modified: | 10-MAY-2016 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: | 12.2(33)SCH3, 12.2(33)SCH4, 12.2(33)SCH5, 12.2(33)SCI, 15.5(0.3)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz57513 | Title: | ASR1K x86 based cards not logging ECC SBE errors to OBFL |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
ECC SBE errors are displayed on the console but "show logging onboard dram" displays nothing.
Conditions:
All ASR1K X86 based cards.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 09-MAY-2016 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy38110 | Title: | EPA-10X10GE: Interface Input errors are seen |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
EPA-10X10GE could exhibit CRC or interface input errors
Conditions:
Issue is seen with 16.2.1 Release
Workaround:
No workaround.
Further Problem Description:
This is fixed in future 16.2 and 16.3 releases
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 16.3(0) |
|
Known Fixed Releases: * | 15.5(3)S2.11, 16.2(1.1), 16.3(0.103) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy59471 | Title: | erspan supports configure flexible mac for the wan interface |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
erspan supports configure flexible mac for the wan interface
Conditions:
erspan supports configure flexible mac for the wan interface
Workaround:
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 15.3(3)S3.16 |
|
Known Fixed Releases: * | 15.5(3)S2.5, 15.6(0.22)S1, 16.2(1.9), 16.3(0.145) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup74718 | Title: | IOSd crashed due to watchdog timeout after the reload command was issued |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1K IOSd crashed due to watchdog timeout after the reload command was issued thus causing switch-over
to the other RP instead of rebooting the whole system.
Conditions:
RP redundancy
Workaround:
No
Further Problem Description:
|
|
Last Modified: | 05-MAY-2016 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: * | 15.4(3)S3.4, 15.4(3)S4, 15.5(3)S2.11, 15.6(0.7)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy40721 | Title: | Not updated parameters when session is renewed in unauth state |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When session is renewed from the unauthen state, it sometimes contains the parameters from the previous session.
Conditions:
Issue is seen from time to time when a user logs in/logs out multiple time.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 03-MAY-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.4(3)S5.6, 15.5(3)S2.9, 15.6(0.22)S6, 16.2(0.361), 16.3(0.177) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz03703 | Title: | EPA-10x10GE: interface CRC errors are seen |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
EPA-10X10GE could exhibit intermittent CRC errors
Conditions:
Issue is seen with 16.2.1 Release at very high or very low temperatures.
Workaround:
No workaround.
This is fixed in next16.2.2 and 16.3.1 releases
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | 16.2(1.3), 16.3(0.153) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy52546 | Title: | ASR1k crashed while configuring Netflow |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR crashed while configuring netflow
Conditions:
netflow onfiguration
Workaround:
remove/disable netflow
Further Problem Description:
|
|
Last Modified: | 02-MAY-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz58940 | Title: | LISP authentication-key configuration removed on reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
LISP authentication-key configuration commands are removed on reload. The problem affects command "authentication-key" in the 'site' mode and command "eid-notify authentication-key" in the 'dynamic-eid' mode.
Conditions:
This happens when the key is encrypted as type-7 password (i.e. weak encryption enabled by router's configuration command "service password encryption").
Workaround:
Store passwords as either unencrypted or encrypted with strong encryption (AES; type-6 passwords).
1. Disable service password encryption OR configure AES commands ("key config-key password-encrypt" and "password encryption aes")
2. Configure authentication-key again to make sure that the key is stored in plain-text OR type-6 password respectively.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 15.4(99.16)S0.8 |
|
Known Fixed Releases: * | 15.6(1.17)S0.26, 15.6(2.17)T, 16.2(1.24), 16.3(0.206), 16.4(0.40) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw91797 | Title: | Traceback@lisp_client_eid_watch_mapping_msg_recv when unconfiguring LISP |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Traceback and error message similar to:
%LISP-4-ASSERT: Internal LISP error (client eid watch 1827 Failed to locate mapping to delete for 192.168.1.0/24)
may appear in the log when removing "router lisp" from the configuration.
Conditions:
Multicast is enabled on LISP interfaces.
Workaround:
System will automatically recover from the failure condition, no workaround is necessary.
Further Problem Description:
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.6(2.17)T, 16.3(0.206), 16.4(0.4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz18772 | Title: | ASR1004:RP1 : Clock reset to 1 January, 1970 after reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
1#sh clock
*00:07:24.545 UTC Thu Jan 1 1970
Clock reset to Jan 1 1970 after reload
Conditions:
Issue is seen only on RP1 hardware routers
Workaround:
DS1307 is RTC chip that was using for PPC arch to see clock, which connected via I2c bus, but this RTC driver was not registered properly from parsing DTS node.
Because register devices from the device tree changes was missed from xe316 throttles
Further Problem Description:
i2c: Add OF-style registration and binding
This patch adds OF hooks to the i2c core so that devices can automatically
be registered based on device tree data.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=959e85f7
I have checked the whole patch and registering devices from device tree were \
missing from this commit.
Applied the fix changes , sh clock was working right time.
|
|
Last Modified: | 31-MAY-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty54765 | Title: | 3PA Regression failed due to log kernel: TIPC: Bearer <eth:ieo> rejected |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
1. Upon vman restart, the following error was seen:
Mar 8 17:09:46.740 PST: %IOSXE-4-PLATFORM: R0/0: kernel: TIPC: Bearer rejected,
already enabled
2. vman restart caused system reload.
Conditions:
Using test command "test platform software process exit virt-manager RP active":
the following error was seen:
Mar 8 17:09:46.740 PST: %IOSXE-4-PLATFORM: R0/0: kernel: TIPC: Bearer rejected,
already enabled
Workaround:
No workaround
Further Problem Description:
Please see "Description-mcp_dev" in the DDTS for detailed description of the problem.
|
|
Last Modified: | 28-MAY-2016 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: * | 15.2(4)S, 6.0(2)A1(1), 6.0(2)A2(1), 6.0(2)A3(0.752), 6.0(2)A3(0.756), 6.0(2)A3(1), 6.0(2)A4(1), 6.0(2)U1(1), 6.0(2)U2(1), 6.0(2)U3(0.585) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCud82678 | Title: | K2:UI is not accessible until we restart the process after activation. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
With a virtual service installed on the router, when the operator performs an
activate followed by a no activate, then uninstall, followed by a reinstall and
then another activate the management interface mac may change. This can cause
connectivity issues to to state arp entries in connected devices.
Conditions:
uninstall and install the same vm with same ip configuration
Workaround:
Clear the arp entries in the switch/host connected to the management interface
or reload the box after uninstall
Further Problem Description:
|
|
Last Modified: | 28-MAY-2016 |
|
Known Affected Releases: | 15.2(3)S |
|
Known Fixed Releases: * | 15.3(3)S, 6.0(2)A1(1), 6.0(2)A2(1), 6.0(2)A3(0.756), 6.0(2)A3(1), 6.0(2)A4(1), 6.0(2)U1(1), 6.0(2)U2(1), 6.0(2)U3(0.585), 6.0(2)U3(0.756) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz52101 | Title: | inconsistent output of show policy-map interface with service-fragment |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
Inconsistent output of show policy-map int with service-fragment. The expected behavior should be that the class on main interface policy should not count any matching values since they are already classified once in the fragments, but this behavior is inconsistent in between 15.3(3)S and 16.2.1. Where 15.3(3)S shows in the main interface all zeros, but 16.2.1 accounts some drops and queuing.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 16-MAY-2016 |
|
Known Affected Releases: | 16.2.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo50322 | Title: | Nightster: replacing vitesse PHY direct access with vitesse provided api |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Not a bug, enhancement to improve with review comments from CSCun73043
Conditions:
none
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 27-MAY-2016 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: * | 16.4(0.41) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz60500 | Title: | ASR1k: QFP profiler that can be used in the field to tshoot high cpu |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
This is an enhancement request to implement QFP profiler in IOS-XE on ASR1k and other platforms, that can help troubleshoot high QFP utilization issues.
Conditions:
Workaround:
Use "show platform hardware qfp active datapath utilization" or poll corresponding OID by SNMP. Call TAC if utilization is high.
Further Problem Description:
|
|
Last Modified: | 11-MAY-2016 |
|
Known Affected Releases: | 15.4(3)S5.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuz82663 | Title: | IOS-XE: Provide Detailed Error Reporting Option for XML/NETCONF Response |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This is a feature enhancement to enable more detailed CLI error reporting in the XML/NETCONF responses.
Conditions:
This feature is only applicable when an administrator desires more detailed data when an XML/NETCONF request fails.
Workaround:
There are no workarounds related to the NETCONF response, as a successfull NETCONF response returns and the a non-successful response typically returns .
The CLI "debug netconf error" can be used on the device CLI to better understand the exact CLI error, but this defeats the purpose of remote configuration/management benefits of XML/NETCONF.
Further Problem Description:
|
|
Last Modified: | 26-MAY-2016 |
|
Known Affected Releases: | 15.5(1)S3.18 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz68216 | Title: | ASR1K IPsec traffic not switched between iVRF between CMAP and SVTI |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
On an ASR1K
One VPN tunnel terminated in iVRF A using SVTI
One VPN tunnel terminated in iVRF B using Crypto Map
(fVRF global)
When the ASR1K receives encrypted traffic from the SVTI VPN tunnel destined to the Crypto Map VPN tunnel, instead of sending the packets over the VPN tunnel, the packets are sent in clear text.
Conditions:
o IOS-XE platform
o One VPN tunnel with VTI using one iVRF
o Another VPN tunnel with CMAP using a different iVRF
Workaround:
Use VASI interfaces to recirculate the packets between VRFs
Further Problem Description:
|
|
Last Modified: | 25-MAY-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
没有评论:
发表评论