| |
Bug Id: | CSCut22976 |
Title: | ASR1k crash during monitor capture export FTP |
|
Description: | Symptom:
Crash while exporting capture to FTP server
Conditions:
-Monitor packet capture enabled.
-Two simultaneous CLI sessions exporting capture to FTP
Workaround:
Don't use two sessions to export capture
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(3)S2.9, 15.4(3)S3, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(2)S0.2, 15.5(2)S1, 15.5(2.18)S |
|
|
| |
| |
Bug Id: | CSCtl92036 |
Title: | FP crash observed @ ipv4_tunnel_compare_hash_bucket |
|
Description: | Symptom:
FP crash observed on ASR1K when enabling tunnel checksum cli under the dmvpn tunnel
interface.
Conditions:
DMVPN phase 3 network protected with gdoi with hub or spoke as ASR1K
Traffic (unicast and multicast flowing)
Tunnel checksum configuration under the dmvpn tunnel interface.
Workaround:
Removing the Tunnel checksum command avoids the fp crashes.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.6/2.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 12.2(33.1), 15.1(2)S |
|
Known Fixed Releases: | 15.0(1)S4, 15.1(2)S1, 15.1(3)S |
|
|
| |
| |
Bug Id: | CSCtx03171 |
Title: | ASR1k NAT/ALG Processing improvements |
|
Description: | <B>Symptom:</B>
Improvements to NAT VRF Processing on IOS-XE.
<B>Workaround:</B>
None
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S2 |
|
Known Fixed Releases: | 15.1(3)S3, 15.2(1)S1, 15.2(2)S |
|
|
| |
| |
Bug Id: | CSCuu12008 |
Title: | rework CSCut21885: chunk_destroy memory leak. |
|
Description: | Symptom:
fman_fp_image and cpp_cp_svr memory leak. from both outputs - QFP PfR MP Prefix H.. holding ton of memory
show platform software memory forwarding-manager FP active brief
show platform software memory qfp-control-process qfp active brief
QFP PfR MP Prefix H... 3747007512 3746855032 38108 28578
Summary 4262097059 4221917059 81523186 79011936
AL-INET-RTR02#show platform software status control-processor brief
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Healthy 16342752 6469604 (40%) 9873148 (60%) 10926860 (67%)
RAL-INET-RTR02#show platform software process list r0 sort memory
Name Pid PPid Group Id Status Priority Size
------------------------------------------------------------------------------
linux_iosd-imag 23712 22710 23712 S 20 4294967295
fman_fp_image 29760 29456 29760 S 20 3076255744
cpp_cp_svr 28858 28431 28858 S 20 1849511936
fman_rp 21120 20336 21120 S 20 1452556288
4+ weeks later:
RAL-INET-RTR02#show platform software status control-processor brief
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Healthy 16342752 10532628 (64%) 5810124 (36%) 14990352 (92%)
RAL-INET-RTR02#show platform software process list r0 sort memory
Name Pid PPid Group Id Status Priority Size
------------------------------------------------------------------------------
linux_iosd-imag 23712 22710 23712 S 20 4294967295
fman_fp_image 29760 29456 29760 S 20 4294967295
cpp_cp_svr 28858 28431 28858 S 20 2942447616
fman_rp 21120 20336 21120 S 20 1462714368
Conditions:
PfR is enabled and activated.
Workaround:
Avoid using PfR
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(2)S1 |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCus85852 |
Title: | CPP DRV: Disable IIC Interrupts (Revert CSCuq05197) |
|
Description: | Symptom:
ESP crash occurs after one of the following interrupts are reported (can be seen on the IOS console):
HEDP_HED_HALTED_IN_127_64_LEAF_INT_INT_HALTED64
HEDP_HED_HALTED_IN_127_64_LEAF_INT_INT_HALTED65
Conditions:
Router configuration or traffic pattern does not affect this problem. This issue occurs if a data parity error is reported in the QFP L2 instruction cache controller, and impacts all CPP10-based ESPs (asr1001, asr1002, ESP5, ESP10, ESP20, ESP40). This issue does not impact Yoda (asr1002-x, ESP100, ESP200) or Luke (asr1001-x) based ESPs.
Workaround:
None. Almost all data parity errors are random events that can not be fixed by replacing hardware.
Further Problem Description:
The exception handler for the L2 instruction cache handler is restored / fixed in the following releases:
XE310 / 15.3(3)S6
XE312 / 15.4(2)S3
XE313 / 15.4(3)S3
XE314 / 15.5(1)S2
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | 15.4(2)S3, 15.4(3)S3, 15.5(1)S2, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCtl87590 |
Title: | ASR1K-XE34:cpp-mcplo-ucode crash under jumbo fragment traffic |
|
Description: | Symptom:
ASR crashed when sending jumbo fragments(>9k)and VFR enabled
Conditions:
fragments(>9k) received and VFR enabled,or packets need to be processed by RP and VFR enabled in that interface
Workaround:
none
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.1(2)S1, 15.1(3)S |
|
|
| |
| |
Bug Id: | CSCuf17466 |
Title: | Ability to Read Uninitialized Memory |
|
Description: | Symptoms:
The potential exists for an unauthenticated user to read the contents of uninitialized memory of a WebEx node.
Conditions:
Default installation of an affected version of the WebEx node software.
Workaround:
None.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C
CVE ID CVE-2013-1232 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCts82752 |
Title: | ASR1K crashes with a ping done on packet size higher than 10000 |
|
Description: | <B>Symptom:</B>
ASR1K crashes with a ping done on packet size higher than 10000
<B>Conditions:</B>
When ping is done from ASR1k with a packet size of more than 10000 bytes
<B>Workaround:</B>
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.1(3)S2, 15.1(3)S3, 15.2(1)S, 15.2(2)S |
|
|
| |
| |
Bug Id: | CSCug61252 |
Title: | Ability to Read Uninitialized Memory |
|
Description: | Symptoms:
The potential exists for an unauthenticated user to read the contents of uninitialized memory of a WebEx node.
Conditions:
Default installation of an affected version of the WebEx node software.
Workaround:
None.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C
CVE ID CVE-2013-1232 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S |
|
Known Fixed Releases: | 15.3(1)S2, 15.3(2)S1, 15.3(3)S |
|
|
| |
| |
Bug Id: | CSCuu60301 |
Title: | ESP100 crash because of hardware interrupt |
|
Description: | Symptom:
ESP/QFP crash on ASR1k running as LNS
Conditions:
No known trigger
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.16 |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCul00709 |
Title: | ASR router crash with malformed packets during fragment/defragmentation |
|
Description: | Symptom:
Cisco IOS XE Cisco Packet Processor (CPP) crashes on a device configured with MPLS IP.
Conditions:
Device configured with mpls ip
Workaround:
None.
Further Problem Description:
A crafted MPLS IP packet may cause the Cisco IOS XE Cisco Packet Processor (CPP) to crash.
This can be triggered with a crafted MPLS IP packet when the packet requires MPLS fragmentation.
NOTE: It is difficult to inject this crafted packet into the network outside the label switch domain, since routers would/should drop the packet with
basic IP Sanity checks that are done with IP CEF code.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
5.4/4.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-6981 has been assigned to document this issue.
Additional information about this vulnerability can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6981
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S4.1 |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
Bug Id: | CSCuh19936 |
Title: | IOS XE Software PPTP Traffic Denial of Service Vulnerability |
|
Description: | Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities:
Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability
Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability
Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability
Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services
processors (ESP) card or the route processor (RP) card, causing an interruption of services.
Repeated exploitation could result in a sustained DoS condition.
Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.
Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.8/6.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-5545 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Symptom:
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(2)S, 15.3(2)S1 |
|
Known Fixed Releases: | 15.3(2)S2, 15.3(3)S |
|
|
| |
| |
Bug Id: | CSCut72639 |
Title: | ASR1k CPP crash with IP Options |
|
Description: | Symptom:
ASR may reload or have a CPP crash when configured with MPLS.
Conditions:
ASR receives following packet from mpls interface. the packet's format is as follows:
Workaround:
none
Further Problem Description:
The router crashes because of receiving a mpls packet with explicit null label as well as LSR ip option from mpls interface
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S3 |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCtz23293 |
Title: | Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability |
|
Description: |
Summary
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) may be affected by the following Denial of Service (DoS) vulnerabilities:
Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability
Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability
Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability
Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability
Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device.
Repeated exploitation could result in a sustained Denial of Service (DoS) condition.
Note: Cisco IOS or Cisco IOS-XR Software is not affected by these vulnerabilities.
Cisco has released free software updates that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.8/6.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-1165 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNF2 |
|
Known Fixed Releases: | 15.1(3)S4.7, 15.1(3)S5, 15.1(3)S5a, 15.1(3)S6, 15.1(3)S7, 15.2(4)S0.4, 15.2(4)S1, 15.2(4)S1c, 15.2(4)S2, 15.2(4)S3 |
|
|
| |
| |
Bug Id: | CSCuh58209 |
Title: | BQS show commands may cause ESP crash when displaying internal queues |
|
Description: | Symptoms:
ESP crashes in response to a show command.
Conditions:
This only causes an ESP crash when the 'qid' specified is an internal queue. It is
safe for interface or QoS created queue.
When issuing the following show command on a ASR1K 1002X, ESP80/100, and ESP160/200 system.
"show platform hardware qfp [active|standby] infrastructure bqs [schedule|queue] qid
<qid>"
Workaround:
Avoid use of the show command to display internal queues.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
3.8/3.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:H/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.2(4)S4, 15.2(4)S4a, 15.3(2)S2, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
Bug Id: | CSCtr44535 |
Title: | ASR1K RBUF OOH exception in FNF ager thread in presence of PFR |
|
Description: | Symptom:
On the ASR1K, the ESP has been observed to reload with configurations
combining Netflow, Pfr and Netflow export.
Error messages like
May 22 10:27:47.268 BST: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0
desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121
cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x0
are seen.
Conditions:
Configurations where this defect has been seen have had Netflow configured
on an interface
ip flow ingress
ip flow egress
as well as Pfr Border Controller
pfr border
as well as Netflow export
ip flow-export destination 192.168.10.10 9999
Workaround:
Unconfiguring netflow export should eliminate the ESP reload. If this is not possible,
decreasing the number of configured Netflow exporters from 2 to 1, may be of
some benefit.
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal
resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 15.1(2)S2, 15.1(3)S1, 15.2(1)S |
|
|
| |
| |
Bug Id: | CSCtz97563 |
Title: | Fragmented IPv6 Multicast Traffic Denial of Service Vulnerability |
|
Description: |
Summary
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) may be affected by the following Denial of Service (DoS) vulnerabilities:
Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability
Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability
Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability
Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability
Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device.
Repeated exploitation could result in a sustained Denial of Service (DoS) condition.
Note: Cisco IOS or Cisco IOS-XR Software is not affected by these vulnerabilities.
Cisco has released free software updates that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.8/6.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-1164 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.1(3)S4, 15.2(4)S |
|
|
| |
| |
Bug Id: | CSCtt11558 |
Title: | Cisco IOS XE Software BDI Denial of Service Vulnerability |
|
Description: |
Summary
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) may be affected by the following Denial of Service (DoS) vulnerabilities:
Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability
Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability
Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability
Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability
Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device.
Repeated exploitation could result in a sustained Denial of Service (DoS) condition.
Note: Cisco IOS or Cisco IOS-XR Software is not affected by these vulnerabilities.
Cisco has released free software updates that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.1/5.9:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-1167 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S1 |
|
Known Fixed Releases: | 15.1(3)S2, 15.1(3)S3, 15.2(1)S1, 15.2(2)S |
|
|
| |
| |
Bug Id: | CSCto16298 |
Title: | NAT44 FP reset seen on doing "clear ip nat translation *" |
|
Description: | Symptom:
Forwarding Processor reset seen on sending malformed packets and doing ''clear ip nat trans *''
Conditions:
Receiving multiple malformed packets
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.6/3.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
CVE ID CVE-2012-5989 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.1(3)S |
|
|
| |
| |
Bug Id: | CSCuu55787 |
Title: | ASR1001-X: Router fails to come online with No Service Password Recovery |
|
Description: | Symptom:
Router fails to come online after attempting to return to factory defaults with "No Service Password Recovery" enabled.
Conditions:
ASR1001-X with No Service Password Recover enabled. An attempt to send a to the ROMMON followed by answer "Y" to
Do you want to reset the router to the factory default
configuration and proceed [y/n] ?
Workaround:
Do not enable No Service Password Recovery
or
Do not attempt to return router to factory defaults after having done so
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCut48055 |
Title: | ESP100 periodically crashes with hardware interrupt |
|
Description: | Symptom:
Periodical ESP/QFP crashes on ASR1k running as LNS
Conditions:
When updating the schedule exponent that has more than 128 queue, the queue-move operation completes prematurely. This causes a hardware interrupt because the hierarchy resumes forwarding the traffic before all queues have been moved to the new tree.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCuj23992 |
Title: | Cisco IOS XE IP Header Sanity Check Denial of Service Vulnerability |
|
Description: | A vulnerability in CEF processing module, responsible for checking the sanity of IP headers on Cisco IOS XE could allow an unauthenticated, remote attacker to cause a reload of an affected
device and lead to a Denial of Service (DoS) condition.
The vulnerability is due to improper processing of MPLS packets when certain additional features are configured. An attacker could exploit this vulnerability by sending MPLS packets to
traverse and exit an affected device as IP packets, when certain additional features are configured. An exploit could allow the attacker to cause a reload of an affected device and lead to a
Denial of Service (DoS) condition.
Conditions:
When certain configuration that includes ''ip cef accounting'' and ''tcp adjust-mss'' is present, and the MPLS packet received on the ingress is egressing as an IP packet, a crash may happen.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-6706 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6706
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S, 15.3(2)S1, 3.9(0.0) |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
Bug Id: | CSCur43882 |
Title: | %SERVICES-3-NORESOLVE_ACTIVE: SIP0: linux_iosd-image: in mcp_dev |
|
Description: | Symptom:
*Oct 28 10:55:10.568: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: linux_iosd-image: Error resolving active FRU: BINOS_FRU_RP
Conditions:
This issue is seen after doing router reload with latest MCP_DEV image.
Workaround:
-
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S4.1, 15.4(3)S, 15.5(1)S, 15.5(2)S |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCut68825 |
Title: | PFRv3: unexpected byte loss reported due to TCP packet flow out of order |
|
Description: | Symptom:
Current TCP BYTES LOSS metric's implementation assumes there is no tcp packet reordering. Thus in case of reordering the loss is reported.
Conditions:
TCP packets' reordering.
Workaround:
Prevent TCP packets' reordering.
Further Problem Description:
Given customer's network contains the equipment from different vendors preventing reordering is not always feasible. The metric should handle the out of order cases.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.3, 15.5(2)S0.1 |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCut68598 |
Title: | ASR1k BFD randomly down at NAT configured interface |
|
Description: | Symptom:
ASR1k BFD randomly down at NAT configured interface
Conditions:
At ASR1k's BFD interface, NAT is also configured
Workaround:
None at this time
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S2.1, 15.5(2)S |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCus70057 |
Title: | Obsolete OTV route entries not deleted from TCAM |
|
Description: | Symptom:
Under multihoming scaling topology(1000 vlans, 50 overlay interfaces), sometimes the obsolete OTV entries of some vlans have not been deleted so that incoming packet will hit these entries and lead to packet drop with drop reason "Layer2NoRoute" and "EvcEfpEgressFilterDrop"
Conditions:
Multihoming OTV, high scaling
Workaround:
None
Further Problem Description:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S1.11 |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCut52677 |
Title: | %SERVICES-3-NORESOLVE_ACTIVE: SIP0: linux_iosd-image after RP switchover |
|
Description: | Symptom:
%SERVICES-3-NORESOLVE_ACTIVE: SIP0: linux_iosd-image: Error resolving active FRU: BINOS_FRU_RP. This error message is seen.
Conditions:
This issue is seen while doing sweep ping after doing RP switchover with latest MCP_DEV image.
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S, 15.5(3)S |
|
Known Fixed Releases: | 15.5(2)S0.4, 15.5(2)S1, 15.5(2.18)S |
|
|
| |
| |
Bug Id: | CSCut41684 |
Title: | ASR 1K crash due to CCM_ACK interupt |
|
Description: | Symptom:
FP reloads with the core file reporting:
GIM_CSR32_GIM_ERR_CCM_NOACK_LEAF_INT__INT_GIM_HPI_CCM_ACK_ERR
interrupt.
Conditions:
This issue only applies to ASR1001-X, ASR1002-X, ESP100 and ESP200. To hit this issue, three rare conditions internal to the QFP forwarding engine have to be present at the same time. These conditions are influenced by which features are configured, instantaneous traffic characteristics, as well as instantaneous processing load on the QFP. It is very, very rare for these conditions to occur.
Workaround:
None.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCud72509 |
Title: | IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability |
|
Description: | Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities:
Cisco IOS XE Software Malformed ICMP Packet Denial of Service Vulnerability
Cisco IOS XE Software PPTP Traffic Denial of Service Vulnerability
Cisco IOS XE Software TCP Segment Reassembly Denial of Service Vulnerability
Cisco IOS XE Software Malformed EoGRE Packet Denial of Service Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.
Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services
processors (ESP) card or the route processor (RP) card, causing an interruption of services.
Repeated exploitation could result in a sustained DoS condition.
Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.
Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.8/6.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-5546 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Symptom:
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S1 |
|
Known Fixed Releases: | 15.2(4)S3, 15.3(1)S1, 15.3(2)S |
|
|
| |
| |
Bug Id: | CSCuu73790 |
Title: | PFRv3: packet loss reported unexpectedly by MMA with smart-probes |
|
Description: | Symptom:
PFRV3 can report RTP packet loss.
Conditions:
PFRV3 SMP packets traffic
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.3, 15.5(2)S0.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut50228 |
Title: | ASR1001-X ping loss with peer ASR1k at fixed speed 10M |
|
Description: | Symptom:
ASR1001-X ping loss with peer ASR1k at fixed speed 10M and half-duplex
This issue is specific to ASR1001-X and will not be seen in ASR1001
Conditions:
Only half-duplex could trigger this issue when ping big packet like 1280
and could be seen at the setup below:
1)ASR1001-X (0/0) <---> other ASR1k
2)ASR1002-X (0/0) <---> ASR1002-X (0/0)
3)ASR1002-X (0/0) <---> other ASR1k
For 1) this bug will fix it.
For 2) ASR1002-X 0/0 MAC does not support half-duplex in 10/100M
3) same as 2
Workaround:
None
Further Problem Description:
This issue is specific to ASR1001-X box with half-duplex in any other 1G ports of 0/0 "only"
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(2)S, 15.4(3)S2.1 |
|
Known Fixed Releases: | 15.4(3)S2.16, 15.4(3)S3, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(2)S0.8, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCut64644 |
Title: | ASR1K goes to crash after TCAM messages appearing |
|
Description: | Symptom:
Customer observes syslog messages:
%CPP_FM-3-CPP_FM_TCAM_WARNING: F0: cpp_sp: TCAM limit exceeded: HW TCAM cannot hold Class group cce-cg:9895136. Use SW TCAM instead
After some time a router goes to crash due to a lack of memory
Total TCAM Cell Usage Information
----------------------------------
Name : TCAM #0 on CPP #0
Total number of regions : 3
Total tcam used cell entries : 23728
Total tcam free cell entries : 500560
Threshold status : below critical limit
Conditions:
ISG, configured on ASR1K
Workaround:
none
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S, 15.4(3)S1.1, 15.5(2)S, 15.5(3)S |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCub31873 |
Title: | ASR1K Crash on incomplete/glean adjacencies processing. |
|
Description: | <B>Symptom:</B>
ASR RP/ESP crash.
<B>Conditions:</B>
If a router has to process a lot of IP packets that are either incomplete adjacencies or glean adjacencies, they will be punted for ARP processing.
A condition occurs that may prevent the ESP from processing the RP keep alive for a certain period and the RP will force the ESP to crash.
Workaround:
None. Upgrade to 15.2(04)S05-XE3.7.5 or later.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
5.4/4.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2015-0685 has been assigned to document this issue.
More information about this vulnerability is made available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=38124
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(1)S |
|
|
| |
| |
Bug Id: | CSCue82848 |
Title: | ASR1K:FP80: cpp_cp_svr crashes @cpp_qm_event_proc_parent_walk_childlist |
|
Description: | Symptom:
FP boots continuously . cpp_cp_svr cores generated.
Conditions:
After attaching policy to interface on FP80
Workaround:
N/A
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCud33610 |
Title: | NAT CGN : crash when clearing translations using ALG |
|
Description: | Symptom:
QFP crash
Conditions:
NAT CGN configuration
'clear ip nat translations *' is executed.
Workaround:
Don't clear translations.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.2(4)S3, 15.3(1)S1, 15.3(2)S |
|
|
| |
| |
Bug Id: | CSCuu09050 |
Title: | asr1001x may crash when unconfiguring large QoS policy |
|
Description: | Symptom:
asr1001x may reload when unconfiguring large QoS policy
Conditions:
A very large QoS policy with hundreds of class-maps is used on the router and removed.
Workaround:
Do not unconfigure large QoS policy.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S, 15.5(3)M, 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus43594 |
Title: | rp crash when cleanup vpls scale configuration |
|
Description: | RP crashed when doing config replace with a cleanup config.
Symptom:
Conditions:
Scale vpls bgp signaling config.
Workaround:
No.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | 15.3(3)S5.1, 15.4(3)M2.1, 15.4(3)M3, 15.4(3)S2.1, 15.4(3)S3, 15.5(1)S0.10, 15.5(1)S1, 15.5(1)SN1, 15.5(1)T1.1, 15.5(1)T2 |
|
|
| |
| |
Bug Id: | CSCur48133 |
Title: | ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error |
|
Description: | Symptom:
IFGTIMEOUT and ProcClient hogs message are seen after 8-10 hours of router uptime.
Conditions:
The Router is loaded with large number of ATM SPA (8 or more ATM SPAs) and very high VCs configure ( ~30K per slot ) and continuous session churns are done. After 8 - 10 hours the IGTIMEOUT continous IFGTIMEOUT message are seen, which brings the card down.
Workaround:
A shut followed by no shut on the few Interface brings the ATM card backup.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 04-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.5(2.21)S0.12, 15.5(2.21)S0.2, 15.5(2.23)S |
|
|
| |
| |
Bug Id: | CSCut68925 |
Title: | Crash seen in QOS when policy-map without child or turbo svc is used |
|
Description: | Symptom:
Issue happens when there is no child policy attached to the parent policy and the get_bw api is called.
Conditions:
same as symptoms
Workaround:
no work around
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 04-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | 15.5(2.19)T, 15.5(2.21)S0.12, 15.5(2.21)S0.4, 15.5(2.22)S, 16.1(0.237) |
|
|
| |
| |
Bug Id: | CSCsx32049 |
Title: | CC: ESM logger cause tracebacks and RP reload at boot |
|
Description: | Symptoms: Traceback is observed and the system may reboot, depending on the
platform.
Conditions: The symptom is observed when the ESM filter is configured and
contains an ios_config statement.
Workaround: Remove ios_config statements from ESM filter.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 12.2XN, 3.4 |
|
Known Fixed Releases: | 12.2(32.8.10)REC186, 12.2(33)SRE, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XND, 12.2(33)XNE |
|
|
| |
| |
Bug Id: | CSCuu75086 |
Title: | ROMMON should use the revocation key offered by the secure boot FPGA |
|
Description: | Symptom:
A issue in secure boot process of the Cisco ASR 1000 Series Aggregation
Services Routers could allow a user to overwrite the revocation key on the
bootflash of the device.
The issue is due to improper storage of the revocation key on bootflash.
Conditions:
Device running with default configuration running an affected version of ROMMON software (prior to 15.5(3r)S) which supports secure boot. This includes the ASR1001-X and ASR1002-X routers as well as the ASR1000-ESP100 and ASR1000-ESP200 forwarding cards.
Workaround:
None.
Further Problem Description:
Please refer to http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s1.html#wp1425056588
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal
resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Planned to be addressed in the 15.5(3r)S ROMMON release
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 15.3(0.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCsz56498 |
Title: | IPv6 route config is not taken into ipv6 routing table |
|
Description: | Symptom:
An IPv6 recursive static route may not appear in the IPv6 routing table.
Conditions:
This issue is observed when IPv6 recursive static route is configured.
Workaround:
Redine the IPv6 recursive static route as an IPv6 fully-specified static route.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 12.2(33.7.27)SXH, 12.2(53)SE1, 12.2SBK |
|
Known Fixed Releases: | 12.2(32.8)SCF, 12.2(32.8.11)XJC246.22, 12.2(32.8.11)YST273.3.1, 12.2(32.8.21)REC186, 12.2(33)CX, 12.2(33)SCE3, 12.2(33)SCF5, 12.2(33)SCG2, 12.2(33)SCG3, 12.2(33)SCG4 |
|
|
| |
| |
Bug Id: | CSCtd05318 |
Title: | mVPN: RP2 crashes on watchdog exception "MRIB Trans" triggered by SSO |
|
Description: | Symptoms: A watchdog exception crash on "MRIB Transaction" may be observed on a
new active RP when an RP switchover is initiated.
Conditions: The symptom is observed during an RP switchover under a scaled
scenario with a router configuration with approximately 1K EBGP peers with 500K
unicast routes and 300 mVRFs with 1K mcast routes.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(32.0.11)SRE, 12.2(32.8.11)YST273.2, 12.2(32.8.2)YCA273.35, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XNE1 |
|
|
| |
| |
Bug Id: | CSCtc33679 |
Title: | PIRO: prefixes donot go into INPOLICY due to exit mismatch |
|
Description: | Symptoms: Routes are not being controlled properly when PIRO is used.
Conditions: If more than one exit per BR is configured and PIRO is used to
control the routes, the nexthop is not being calculated correctly. As a
result, traffic for these traffic classes is not taking the correct route.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 12.2XN, 12.4(24)T3, 15.0(1)M2, 15.1(1)T1 |
|
Known Fixed Releases: | 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE3, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XNF, 12.2(33.1.11)MCP6, 12.2(58)EZ |
|
|
| |
| |
Bug Id: | CSCty05282 |
Title: | Last reload reason is seen as LocalSoft on ASR1ks |
|
Description: | Symptoms: Last reload reason in "show version" output is seen as LocalSoft
after some reloads.
Conditions: The conditions under which these symptoms are observed is unknown.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNC0d, 15.1(1)S1, 15.3(2)S |
|
Known Fixed Releases: | 15.2(4)S1, 15.3(1)S |
|
|
| |
| |
Bug Id: | CSCuc03831 |
Title: | Last reload reason is LocalSoft on combined architecture platforms |
|
Description: | Symptom:
Combined architecture platforms (ASR1001, ASR1002-x, etc) can experience a system reset that causes the system to not save logs and the reset reason is noted as "LocalSoft"
Conditions:
When the bootflash is detected as removed on these platforms, or a critical processes fails.
Workaround:
None.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 15.1(1)S1 |
|
Known Fixed Releases: | 15.2(4)S2, 15.3(1)S |
|
|
| |
| |
Bug Id: | CSCsy44941 |
Title: | asr1000 creates malformed netflow packets under high load |
|
Description: | Symptom:
Under high load (for example > 10k flows), the exported Netflow packets can become corrupted and not include all created flows (issue is seen for a very small amount of flows)
Conditions:
Cisco IOS Software 12.2(33)XNB or later running on asr1k with netflow export enabled.
Workaround:
None.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
Bug Id: | CSCuu66754 |
Title: | ASR1001 Drops Interface Traffic as Overruns |
|
Description: | Symptom:
ASR1001 may drop all control plane traffic and interface stops responding to ICMP. In the problem state, the overruns counter and Output Pause frames will keep incrementing on the interface
DUTt#show interface gig 0/0/2 | in input error
1875404 input errors, 0 CRC, 0 frame, 1875404 overrun, 0 ignored
DUTt#show interface gig 0/0/2 | in pause
0 watchdog, 0 multicast, 0 pause input
0 lost carrier, 0 no carrier, 87054602 pause output
Conditions:
None
Workaround:
Reload the box to recover from the problem state.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCti22190 |
Title: | eigrp autonomous command does not nvgen |
|
Description: | Symptoms: The EIGRP autonomous system command does not NVGEN.
Conditions:
interface Tunnel2
ip vrf forwarding vpn2
no ip next-hop-self eigrp 10
Now configure the address-family ipv4 command under legacy mode. For example:
router eigrp 10
no auto-summary
address-family ipv4 vrf vpn2
no auto-summary
Now show the running configuration; the autonomous system command is not
NVGENed.
Workaround: Use the "address-family ipv4 vrf vpn2 autonomous 10" command.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 15.0(0.13)S0.21, 15.0(1)SY, 15.0(1.19)DPA4a, 15.0(1.19)DPA5, 15.0(1.99)SG1, 15.0(2)SG, 15.0(2)SG8.0.131, 15.0(2.11)SID, 15.1(0.0.8)PIL15, 15.1(0.18)S0.2 |
|
|
| |
| |
Bug Id: | CSCuu85007 |
Title: | split-horizon group communication failure |
|
Description: | Symptom:
split-horizon group communication failure
Conditions:
upgrade from 3.7.4S to 3.10.1S or 3.13.0S
Workaround:
none
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCun10918 |
Title: | ASR1k: unable to bring up ppp session due to object pending in hqf cce |
|
Description: | Symptom:
Issue
PPP subscribers cannot be terminated in ASR1K, due to object locked
Conditions:
EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts
EVSI wrong dpidb type errors 0
EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well
Workaround:
remove QOS of the ppp
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
Bug Id: | CSCtr56576 |
Title: | QFP crash w *GTRMP_GTR_OTHER_LEAF_INT_INT_SDMA_REGULAR_SW_ERR* du to QOS |
|
Description: | Symptoms:
Cisco ASR 1000 may experience a QFP crash pointing to fragmentation/reassembly of packets if a QOS input or output service policy is configured
Conditions:
QOS(service-policy), a service-policy configured with "class-default" only, or only 1 of the following match filters: "match ip precedence", "match ip dscp", "match vlan", or "match "mpls exp"
Workaround:
Remove service-policy applied to interface, or add an additional "dummy" class-map to the policy-map using a different match filter type. Example, if the policy-map has configured only "match ip prec", then add an extra "dummy" class-map that will match on an unused vlan id, or an unused qos-group.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2011-4007 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: | 15.1(2)S2, 15.1(3)S1, 15.2(1)S |
|
|
| |
| |
Bug Id: | CSCtn42811 |
Title: | "Template name contains one or more illegal characters[OK]" while bootup |
|
Description: | Symptom:
"Template name contains one or more illegal characters[OK]" while bootup and "wr mem"
Conditions:
Router bootup or "wr mem"
Workaround:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.1(1.3)S, 15.1(2.8)S, 15.1(3)S |
|
Known Fixed Releases: | 12.2(33)SCI, 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(1.23)SID, 15.1(2)SG, 15.1(2)SG1, 15.1(2)SG1.130 |
|
|
| |
| |
Bug Id: | CSCul35389 |
Title: | 1RU: %SERVICES-3-NORESOLVE_ACTIVE causing occasional mcpcc-lc-ms crash |
|
Description: | Symptom:
Following error messages re observed with SPA reload
==================================================================
Nov 26 2013 15:14:31.496 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP
Nov 27 2013 17:31:42.464 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP
The process mcpcc-lc-ms is held down and the SIP is reloaded.
Logs may also be flooded with these errors:
12/09 08:05:49.021 [bipc]: (note): Pending connection to server 10.0.1.0
12/09 08:05:49.488 [bipc]: (note): Pending connection to server 10.0.1.0
12/09 08:05:49.021 [bipc]: (note): Pending connection to server 10.0.1.0
12/09 08:05:49.488 [bipc]: (note): Pending connection to server 10.0.1.0
Conditions:
Error are observed when SPA is reloaded
Workaround:
NA
Further Problem Description:
The error messages are caused due to IOS trying to establish a connection with a non-existing process on ASR1001.As a result of these error messages, we are observing a SIP reload (mcpcc).The issue is observed in XE311 (ASR1001 and possibly ASR1002-X).
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.4(1)S, 15.4(2)S, 15.4(3)S, 16.0(0) |
|
Known Fixed Releases: | 15.3(1)S1, 15.3(1)S1e, 15.3(1)S2, 15.4(1)S0.3, 15.4(1)S1, 15.4(1)S2, 15.4(1)S3, 15.4(1.16)S, 15.4(2)S, 15.4(2)S1 |
|
|
| |
| |
Bug Id: | CSCtq67750 |
Title: | Customer hit CSCtn52350, is seeing before-after is on without turning on |
|
Description: | Symptoms: In relation to caveat CSCtn52350, before-after is on without it
having been turned on.
Conditions: The symptom is observed when the following CLI is configured:
archive
log config
logging persistency
Workaround: Remove "logging persistency" from the configuration:
archive
log config
no logging persistency
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCtl00995 |
Title: | ikev2: ASR1K with 1897 svti tunnels & ikev2 reloads @ IPSEC Key Engine |
|
Description: | Symptoms: Cisco ASR 1000 series routers with 1000 or more DVTIs may reboot
when a shut/no shut operation is performed on the tunnel interfaces or the
tunnel source interfaces.
Conditions: This symptom occurs when all the DVTIs have a single physical
interface as tunnel source.
Workaround: Use different tunnel source for each of the DVTIs. You can
configure multiple loopback interfaces and use them as tunnel source.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S, 15.1(3)S |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCto47524 |
Title: | Memory Leak in IP SLAs Responder |
|
Description: | Symptoms: A Cisco ASR 1002 router that is running Cisco IOS Release 15.1(1)S1
may have a processor pool memory leak in IP SLAs responder.
A show process memory sorted command may initially show
"MallocLite" growing. By disabling malloclite with the following:
config t
no memory lite
end
One may start to see process "IP SLAs Responder" growing. In at least one
specific case, the leak rate was 80mb per day.
Conditions: This symptom is observed on a Cisco ASR 1002 router.
Workaround: Disable IP SLA on affected router, if possible.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.1(1)S1 |
|
Known Fixed Releases: | 12.2(58)EY2, 12.2(58)EZ, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4, 12.2(60)EZ5, 12.2(60)EZ6 |
|
|
| |
| |
Bug Id: | CSCur51863 |
Title: | XE314: border router ucode crash@ipv4_input_cent_rc_process |
|
Description: | Symptom:
ASR1000 PFRv3 border router might get reloaded unexpectedly under stress and negative condition.
Conditions:
With stress and negative condition, and large number of flows, this issue could not hit consistently.
Workaround:
N/A
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.5(1)S1, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCtt23038 |
Title: | IOSD core @flow_lock_lock when issuing show command during HA tests |
|
Description: | Symptoms: IOSD crashes while executing the "show flow monitor name monitor2"
command after an RP downgrade on bay 0.
Conditions: This symptom is observed during a Cisco ASR 1004 ISSU downgrade
from MCPDEV to Cisco IOS XE Release 3.5.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S |
|
Known Fixed Releases: | 15.0(5.2)DPB20, 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3 |
|
|
| |
| |
Bug Id: | CSCus09942 |
Title: | ASR Crash on ipv4_nat_ha_upd_to |
|
Description: | Symptom:
ASR1k crash due to nat
logs prior to crash :
Dec 3 11:15:54 pwanrtr2.vlan1212.delot.de 107: pesrtr2: Dec 3 11:15:54.343 CET: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
Dec 3 11:15:54 pwanrtr2.vlan1212.delot.de 108: pesrtr2: Dec 3 11:15:54.346 CET: %CPPHA-3-FAULT: SIP0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Dec 3 11:15:54 pwanrtr2.vlan1212.delot.de 109: pesrtr2: Dec 3 11:15:54.347 CET: %CPPOSLIB-3-ERROR_NOTIFY: SIP0: cpp_ha: cpp_ha encountered an error -Traceback= 1#9188fb8134aeba8cd2f10ae207ddad9c errmsg:7F376F5E1000+121D cpp_common_os:7F3773041000+DC08 cpp_common_os:7F3773041000+1B77E cpp_drv_cmn:7F3772909000+29CC7 :400000+237E9 :400000+232AC :400000+22CD9 :400000+135AD :400000+1258C cpp_common_os:7F3773041000+11DF0 cpp_common_os:7F3773041000+124D6 evlib:7F376E798000+B937 evlib:7F376E798000+E200 cpp_common_os:7F3773041000+14012 :400000+D8ED c:7F37672B3000+1E514 :400
Dec 3 11:15:54 pwanrtr2.vlan1212.delot.de 110: pesrtr2: Dec 3 11:15:54.347 CET: %CPPHA-3-FAULTCRASH: SIP0: cpp_ha: CPP 0.0 unresolved fault detected, initiating crash dump.
Dec 3 11:20:06 pwanrtr2.vlan1212.delot.de 77: pesrtr2: *Dec 3 11:20:05.263 CET: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
Conditions:
unknown
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S, n/a |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCtt18689 |
Title: | SPA goes offline with AVC config on physical interface |
|
Description: | Symptom:
SPAs with AVC configs do not boot up
Conditions:
AVC config has to be saved to NVRAM and then the router brought up. SPAs with interfaces having AVC config do not boot up.
Workaround:
Apply AVC config after router is up. Do not save the AVC config onto NVRAM and bringup the router
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S |
|
Known Fixed Releases: | 15.0(1.1)AWD, 15.0(10.32)EMW, 15.2(0.18)S0.8, 15.2(1)S, 15.2(1)S1, 15.2(1.1)PSR, 15.2(1.14)T0.4, 15.2(1.18)S0.9, 15.2(2)GC, 15.2(2)S |
|
|
| |
| |
Bug Id: | CSCuu86738 |
Title: | ASR router crash while adding/deleting route-map/prefix entry |
|
Description: | Symptom:
ASR router crash during route-map addition/deletion
Conditions:
This has been seen on ASR1K running 15.2(4)S3 code
Workaround:
Not known
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S3 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtx41296 |
Title: | xe35:memory leak @ be_variable_chunk_malloc_internal |
|
Description: | Symptoms: When you do a clear crypto session in 4k
flexVPN cases, the memory of crypto IKEv2 shows that it is increasing.
Conditions: The symptom is observed with session flapping.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCut34273 |
Title: | ASR1K, "unknown" process leak under cpp_cp_svr |
|
Description: | Symptom:
on ASR1K, we may observe memory leak on the ESP under "cpp_cp_svr"
from "show platform software process list f0 sort memory"
Name Pid PPid Group Id Status Priority Size
cpp_cp_svr 7140 6694 7140 S 20 812957696 <<< the size here keep increasing.
and from "show platform software memory qfp-control-process qfp active brief" we see "unknown" is increasing.
module allocated requested allocs frees
unknown 219295960 131577576 10964798 0
Conditions:
This is first observed on ASR1K running 15.4(1)S with WCCP enabled.
The leak could be triggered by WCCP statistic update
Workaround:
do FP switch-over or router reload will clear the memory used, but the memory leak will still exists
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCuu58443 |
Title: | ASR1001: SMC-2-BAD_ID_HW or SCC-3-XCVR_BAD_ID_HW with GLC-SX-MMD |
|
Description: | Symptom:
The following error messages may be seen on an ASR1001 router and the interface stays down.
%SMC-2-BAD_ID_HW: SIP0/0: Failed Identification Test in 0/0/2
%SCC-3-XCVR_BAD_ID_HW: SIP0/0: Failed identification test in 0/0/0
Conditions:
The issue occurs when inserting a GLC-SX-MMD SFP or rebooting the router.
Workaround:
Contact TAC to check for a workaround.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtu43731 |
Title: | Watchdog fires taking down RP on ISSU event with 4000 DVTI sessions |
|
Description: | Symptoms: On an RP1, RP switchover causes an RP reset.
Conditions: This symptom is observed with RP switchover under the following
conditions:
- The router must be an RP1
- The configuration of Flexible NetFlow (FNF) or equivalent must be applied to
4000 or more interfaces. In this case of testing, 4000 DVTI interfaces were in use.
An equivalent of FNF is AVC or passive Video Monitoring. That is, those
configured on a comparable number of interfaces will have the same effect.
Workaround 1: Prior to doing a controlled switchover, such as ISSU, deconfigure
FNF from some interfaces to take it well under the threshold at which the issue
can occur.
Workaround 2: Do not enable FNF monitoring.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S |
|
Known Fixed Releases: | 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4, 12.2(60)EZ5, 15.0(1)EY2 |
|
|
| |
| |
Bug Id: | CSCtz77171 |
Title: | Subscriber drops not reported in mod4 accounting |
|
Description: | Symptoms: Subscriber drops are not reported in mod4 accounting.
Conditions: This symptom is observed on checking policy-map interface for
account QoS statistics on a port-channel subinterface.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.2(3)S |
|
Known Fixed Releases: | 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EX0.5, 15.2(1)EY, 15.2(2)E, 15.2(2)S1.5, 15.2(2)S2, 15.2(2.19)S0.7 |
|
|
| |
| |
Bug Id: | CSCtz90154 |
Title: | GETVPN rapid re-registartion after ipsec failure during registration |
|
Description: | Symptoms: Rapid getVPN re-registration by GM when IPsec failure occurs during
initial registration. Multiple ISAKMP SAs created and deleted per second.
Conditions: The symptom is observed on a Cisco ASR 1000 that is running Cisco
IOS Release 15.2(1)S or Release 15.2(1)S2 as a GM.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S, 15.2(1)S2 |
|
Known Fixed Releases: | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(2)SY, 15.2(2)S1.4, 15.2(2)S2, 15.2(2.19)S0.6, 15.2(2.19)S0.7, 15.2(2.2.70)ST, 15.2(3)GC1 |
|
|
| |
| |
Bug Id: | CSCub04345 |
Title: | Memory leak after applying ip sla path-echo and path-jitter config |
|
Description: | Symptoms: ASR-1002-X freezes after four hours with an scaled "path-jitter"
sla probe configuration.
Conditions: The symptom is observed with scaled "path-jitter" sla probe
configuration.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M, 15.3(1)S, 15.3(1)T |
|
Known Fixed Releases: | 12.2(58)EZ, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4, 12.2(60)EZ5, 12.2(60)EZ6, 15.0(5.0)SG1, 15.0(5.0.26)SG |
|
|
| |
| |
Bug Id: | CSCua99409 |
Title: | Fman crash with IPsec/Double ACL |
|
Description: | Symptom:
ESP reload with fman-fp error.
Conditions:
unconfig crypto map from interface, when there is double ACL in the crypto map
Workaround:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S |
|
Known Fixed Releases: | 15.2(4)S1, 15.3(1)S |
|
|
| |
| |
Bug Id: | CSCuv16100 |
Title: | ASR1002X needs to be reloaded to bring up SPA-1X10GE-L-V2 SPA modules |
|
Description: | Symptom:
A SPA-1X10GE-L-V2 fails to come up on an ASR1002X. The chassis needs to be reloaded to bring the module up even though the SPA is OIR compliant.
Conditions:
This appears to effecting SPA-1X10GE-L-V2 SPA SPA modules in an ASR1002X. We are investigating if other SPAs/platforms are seeing the issue.
Workaround:
Reload the chassis
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S1.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCug37196 |
Title: | BFD: Crash observed @__be_bfd_interface_command during basic test |
|
Description: | Symptom: Execution of "no bfd interval" under an interface results in a router crash.
Conditions: Basic usage of the BFD template on an interface followed by the execution of the "no bfd interval" results in a router crash.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 12.2(33)SCI, 15.1(1)IC66.49, 15.1(1)ICB29.21, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(1.1)EY, 15.2(2)E |
|
|
| |
| |
Bug Id: | CSCue69214 |
Title: | Memory leak @__be_fmd_get_if_fn_buffer on removing MLPPP |
|
Description: | Symptom: Memory leaks are seen in the metadata after removing a virtual interface.
Conditions: This symptom occurs after removing a virtual interface, if metadata is enabled.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.1(1)IB273.63, 15.1(1)SY1.21, 15.1(1)SY1.32, 15.1(1)SY1.55, 15.1(1)SY1.57, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1 |
|
|
| |
| |
Bug Id: | CSCui04262 |
Title: | Stby RP reload: %QOS-3-INDEX_DELETE: class-group unable to remove index |
|
Description: | An error syslog is seen on ASR1K BRAS running XE352.P3 Standby-RP, showing QOS service-policy installation failures:
1. Jun 13 14:43:55.323 CEST: %QOS-6-POLICY_INST_FAILED: Service policy installation failed
2. Jun 13 14:47:10.725 CEST: %QOS-3-INDEX_DELETE: class-group unable to remove index 00B6AA60
3. Jun 13 14:47:10.726 CEST: %QOS-3-UNASSIGNED: A CLASS_REMOVE event resulted in an (un)assigned index for class-group target-input-parent$class-default$IPBSA>ci=3#qu=3#qd=4#co=4#pu=police#ru=200K#pd=police#rd=300K<_IN$class-default
4. Jun 13 14:47:10.727 CEST: %QOS-6-RELOAD: Index removal failed, reloading self
Symptom: An error syslog is seen on ASR1K BRAS running XE352.P3 Standby-RP, showing QOS service-policy installation failures:
1. Jun 13 14:43:55.323 CEST: %QOS-6-POLICY_INST_FAILED: Service policy installation failed
2. Jun 13 14:47:10.725 CEST: %QOS-3-INDEX_DELETE: class-group unable to remove index 00B6AA60
3. Jun 13 14:47:10.726 CEST: %QOS-3-UNASSIGNED: A CLASS_REMOVE event resulted in an (un)assigned index for class-group target-input-parent$class-default$IPBSA>ci=3#qu=3#qd=4#co=4#pu=police#ru=200K#pd=police#rd=300K<_IN$class-default
4. Jun 13 14:47:10.727 CEST: %QOS-6-RELOAD: Index removal failed, reloading self
Conditions: This symptom is observed when on ASR1K BRAS, running Cisco IOS Release XE352.P3, Version 15.2(1)S2, CUST-SPECIAL:V152_1_S2_CSCUA32331_4
When churning PPPoE sessions with 2 unique ISG/Shell map services per session, and after a manual RP Failover is done, after a while the error will be seen.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S, 15.2(2)S |
|
Known Fixed Releases: | 15.1(1)ICA4.122, 15.1(1)ICB29.1, 15.2(1)IC273.5, 15.2(4.0)ST, 15.3(3)JA, 15.3(3)JA1m, 15.3(3)JAA, 15.3(3)JAB, 15.3(3)M1.3, 15.3(3)M2 |
|
|
| |
| |
Bug Id: | CSCug64957 |
Title: | ASR1K: Unable to alter class map after configuring 1k class maps |
|
Description: | Symptom: An error occurs on changing the grandchild class rate.
Conditions: This symptom occurs when 1x1000x8 policy maps are configured.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.1(1)XO0.1, 15.3(1)S, 15.3(2)S, 15.3(3)S |
|
Known Fixed Releases: | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(1.2.43)PI22, 15.2(2)E, 15.2(2)E1, 15.2(2)SA, 15.2(2)SA1, 15.2(2)SA2, 15.2(2)SNI, 15.2(2b)E |
|
|
| |
| |
Bug Id: | CSCug15952 |
Title: | Stby RP crash: %QOS-3-INDEX_EXISTS, HA bulk sync and self Reload |
|
Description: | Symptom:
%QOS-3-INDEX_EXISTS error message is shown and router crashes.
Conditions:
The symptom is observed when sessions are bought up and the collision IDs with dynamic policy names are synced to standby from active. When the sessions time out and restart, the same dynamic policy names are synced to HA tree on standby again without cleaning up the tree earlier and the crash will happen.
Workaround:
Avoid the same session reestablishment before rebooting the router.
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S, 15.3(2.19)S0.8, 15.3(3)S |
|
Known Fixed Releases: | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(4)GC1, 15.2(4)M5.4, 15.2(4)M6, 15.2(4)S3.8, 15.2(4)S4, 15.2(4)S4a, 15.2(4)S5, 15.2(4)S6 |
|
|
| |
| |
Bug Id: | CSCuj66067 |
Title: | ASR1001 - BGP Route-Server scale config causing low memory |
|
Description: | Symptom: Router running out of memory after an upgrade to Cisco IOS Releases 15.3(1)S, 15.3(3)S, and 15.4(1)S.
Conditions: This symptom is observed when huge number of route server (approximately more than 700) contexts configures in the router.
Workaround: Perform the following workaround:
1.)Reduce the number of Route server contexts
2.)Downgrade the IOS version to 15.2(4)S or lower release
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S1, 15.3(3)S |
|
Known Fixed Releases: | 15.2(1)IC273.12, 15.2(1)IC273.142, 15.2(1.1)PSR, 15.2(1.24)PSR, 15.2(2)E, 15.2(2)E1, 15.2(2)E2, 15.2(2.2.70)ST, 15.2(2a)E1, 15.2(2b)E |
|
|
| |
| |
Bug Id: | CSCul38081 |
Title: | Pseudowire goes down when preffered path is removed and RP switchover |
|
Description: | Symptom: In a scaled environment, when a preferred path configuration is removed and is followed by a RP switchover the pseudowire interfaces goes down. The psudowire interface comes up if we add the preferred path or just remove and add the neighbor statement.
Conditions: This symptom is not observed under any specific conditions.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.1(1)IC66.61, 15.1(1)ICB29.36, 15.2(1.24)PSR, 15.2(2)E, 15.2(2)E1, 15.2(2.2.70)ST, 15.2(2a)E1, 15.2(2b)E, 15.2(3)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCsv87997 |
Title: | DHCPv6 relay: IOSd crash on Active RP |
|
Description: | Symptom:
DHCPv6 relay process crash on Actice RP.
Conditions:
Unknown at this time.
Workaround:
Unknown at this time.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNB |
|
Known Fixed Releases: | 12.2(32.8.11)SR179, 12.2(32.8.6)REC177, 12.2(32.8.6)REE177, 12.2(33)CX, 12.2(33)IRF, 12.2(33)IRG, 12.2(33)MRA, 12.2(33)SB14, 12.2(33)SB15, 12.2(33)SB16 |
|
|
| |
| |
Bug Id: | CSCte89787 |
Title: | Segment Switch manager Error followed by crash at 'sw_mgr_sm_cm_send_msg |
|
Description: | Symptoms: A Cisco ASR 1000 crashes after the Segment Switch Manager (SSM)
reports that an invalid segment has been detected:
%SW_MGR-3-INVALID_SEGMENT: Segment Switch Manager Error - Invalid segment - no
segment class.
The crash follows this message.
Conditions: The symptom is observed on a Cisco ASR 1002 that is running Cisco
IOS Release 12.2(33)XND1. The crash is caused by a NULL pointer de-reference
following the "no segment class" error. The error itself is not fatal and the
crash should have been avoided.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(32.8.11)SX349, 12.2(33)SXI10, 12.2(33)SXI11, 12.2(33)SXI12, 12.2(33)SXI13, 12.2(33)SXI14, 12.2(33)SXI4, 12.2(33)SXI6, 12.2(33)SXI8a, 12.2(33)SXJ |
|
|
| |
| |
Bug Id: | CSCuo72961 |
Title: | ASR1K:%FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F1: fman_fp_image: Batch type |
|
Description: | Symptom: An error message is logged in during QoS configuration during an FPM test.
Conditions: This symptom occurs due to a policy with FPM class.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 15.3(2)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(1)IC273.77, 15.2(1)ICA4.30, 15.2(2)DB101.101, 15.2(2)DB101.112, 15.2(2)E |
|
|
| |
| |
Bug Id: | CSCtb01505 |
Title: | Router crashes with ospf_build_net_lsa |
|
Description: | Symptoms: A Cisco router may crash when building an OSPF Network LSA.
Conditions: This symptom is observed while unconfiguring ospf configurations.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 12.2(33)SXH, 12.2(33)XND, 15.0(1)M |
|
Known Fixed Releases: | 12.2(32.8.11)SX300, 12.2(32.8.11)XJC273.18, 12.2(32.8.29)REC186, 12.2(33.1.6)XNE, 12.2(33.1.8)MCP6, 12.4(24.6)M0.3, 15.0(1)SY, 15.0(2.26)DPB1.47, 15.0(4.4)DPB1, 15.1(0.3)T |
|
|
| |
| |
Bug Id: | CSCut14502 |
Title: | Address pool leak upon Anyconnect reconnect and subsequent disconnect |
|
Description: | Symptom:
ASR1K acting as an IKEv2 VPN server experiences an address pool leak when we have local address pools configured with the group parameter. The issue is seen upon AnyConnect auto-reconnect and subsequent disconnect (the disconnect being a graceful one).
Conditions:
Issue first found on ASR1K running 3.13 and 3.14 codes. The important thing is the group parameter in the address pool being used. The format of this is:
ip local pool pool1 x.x.x.x y.y.y.y group V1
Workaround:
Reload the router
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S1.1 |
|
Known Fixed Releases: | 15.2(4.0)ST, 15.2(4.0.21)E, 15.4(3)S3.5, 15.5(1.18)S0.16, 15.5(2)S, 15.5(2)T1, 15.5(2.15)S, 15.5(2.23)T |
|
|
| |
| |
Bug Id: | CSCuo36917 |
Title: | XE3.12 DPSS : CFT returns out of memory error under load |
|
Description: | Symptom:
When handling greater than 50000 concurrent flows, the following error is seen by dpss_mp:
src/main/onep_dpss_engine.c:1482: cft_handle_packet() returned error [2]:out of memory
Packets associated with flows greater than 50000 do not have the flow action applied and are returned to the router without being sent to the onePK application.
Conditions:
- ASR 1000 platform running IOS XE
- More than 50000 uni-directional flows established
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.2(1)IC273.212, 15.2(3)E1, 15.2(4.0)ST, 15.5(1)S0.7, 15.5(1)S1, 15.5(1)SN1, 15.5(1.18)S0.5, 15.5(1.8)T, 15.5(2)S, 15.5(2.2)S |
|
|
| |
| |
Bug Id: | CSCua84923 |
Title: | ASR fail to attach a Cos Policy following changes on Shaping Config |
|
Description: | Symptoms: Following a misconfiguration on a two-level hierarchical policy with
a user-defined queue-limit on a child policy, the UUT fails to attach the QoS
policy on the interface even when corrected queuing features are used.
Conditions: This symptom is observed with the following conditions:
1) The issue must have the user-defined queue-limit defined.
2) This error recovery defected is confirmed as a side effect with the c3pl cnh
component project due to ppcp/cce infrastructure enhancement.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.2(3)T, 15.2(4)S |
|
Known Fixed Releases: | 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(2)E, 15.2(2)E1, 15.2(2b)E, 15.2(3)GC, 15.2(3)GC1 |
|
|
| |
| |
Bug Id: | CSCtu14409 |
Title: | Not able to update a policy with priority to pri + police |
|
Description: | Symptoms: The "Insufficient bandwidth 2015 kbps for bandwidth guarantee" error
message is displayed when configuring a policy map with "priority level xxx"
and then updating it with "police cir xxx".
Conditions: This symptom occurs when the priority is configured without a
specific rate. This issue is only seen with a Cisco ASR 1000 series router.
Workaround: Configure police before priority.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: | 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EX0.5, 15.2(1)EY, 15.2(1.18)S0.10, 15.2(2)E, 15.2(2)E1, 15.2(2)S |
|
|
| |
| |
Bug Id: | CSCud30128 |
Title: | [AVC]: No FNF records on remove/add monitor to policy-map |
|
Description: | Symptom:
FNF records are not generated for that monitor
Conditions:
On removing and adding the monitor back to the policy-map
Workaround:
remove the service-policy
add changes needed to the flow monitor then reattach policy
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(2)E, 15.2(2)E1, 15.2(2b)E, 15.2(4.0)ST, 15.3(1)S1.1 |
|
|
| |
| |
Bug Id: | CSCue14596 |
Title: | mib cfmFlowMetadataAppName truncated |
|
Description: | Symptom: The mib cfmFlowMetadataAppName value in the SNMP query should not include vendor information.
Conditions: This symptom occurs when the SNMP query is run for mib cfmFlowMetadataAppName and the following value is obtained:
cfmFlowMetadataAppName.2.1 = cisco telepresence-control
The vendor information "cisco" should be removed.
The expected mib value should be as following:
cfmFlowMetadataAppName.2.1 = telepresence-control
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S0.7, 15.3(1)S1.6, 15.3(1.17)S0.13, 15.3(1.17)S0.4, 15.3(2)S0.13, 15.3(2)S0.5, 15.3(3)S, 15.4(0.5)S |
|
Known Fixed Releases: | 15.1(1)XO2, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST, 15.3(2.12)S, 15.3(2.15.1)XEB, 15.3(2.21)PI23a, 15.3(3)M0.2, 15.3(3)M1, 15.3(3)M2 |
|
|
| |
| |
Bug Id: | CSCus86120 |
Title: | RP1: CLI run slow in new XE313/XE314 image |
|
Description: | Symptom:
A Cisco router that is rebooted may display the following logs repeatedly:
%PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server https://devicehelper.cisco.com/pnp/HELLO
%SYS-3-HARIKARI: Process Wait on Autoinstall top-level routine exited
Conditions:
This happens at bootup under some conditions incorrectly.
Workaround:
There is no workaround for the problem.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.2(1)IC273.283, 15.4(3)S, 15.5(2)S |
|
Known Fixed Releases: | 15.2(1)IC273.310, 15.2(1)SY0.4, 15.2(1)SY1, 15.2(2)ID101.131, 15.2(2)IE101.142, 15.2(3)E1, 15.2(4.0)ST, 15.4(3)M2.2, 15.4(3)M3, 15.4(3)S2.7 |
|
|
| |
| |
Bug Id: | CSCty83335 |
Title: | PPPoGEC: FP crashes when SPA reload on LNS |
|
Description: | Symptom:
ESP reload on an ASR1000 Series Router
Conditions:
This has been seen with QoS configured on a Tunnel interface. Then the
interface flaps between two GigE interfaces.
Workaround:
None at this time.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S2, 15.2(4)S |
|
Known Fixed Releases: | 15.2(4)S |
|
|
| |
| |
Bug Id: | CSCut03205 |
Title: | SPA modules on ASR1002-X show "missing" under show platform output |
|
Description: | Symptom:
When a new/compatible SPA module is inserted in a ASR1002-X chassis in certain cases it may exhibit one of the following symptoms:
1) SPA module shows "missing" under "show platform" output
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1002-X ok 12w0d
0/0 6XGE-BUILT-IN ok 12w0d
0/1 SPA-8XCHT1/E1 missing 5w4d
2) Shows as "Out Of Service". Not to be confused for an existing module which might have failed and shows "out of service".
Chassis type: ASR1002-X
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1002-X ok 12w0d
0/0 6XGE-BUILT-IN ok 12w0d
0/1 SPA-8XCHT1/E1 out of service 5w4d
3) Does not show at all under "show platform" or "show inventory" and no logs are generated when its inserted/removed. The following command will confirm if the router sees it and its state:
# show platform hardware slot 0 spa stat
Bay SPA Type State PST POK SOK PENB RST DENB HSS
-------------------------------------------------------------------------------
0 6XGE-BUILT-IN Online 0 1 1 1 1 0 1
1 Unknown Detection 0 0 0 0 0 1 0 <<<
2 Empty Detection 1 0 0 0 0 1 0
3 Empty Detection 1 0 0 0 0 1 0
Conditions:
Has been seen only when a SPA is installed for the first time in a ASR1002-X chassis.
Workaround:
The SPA in this case should come online after a reboot.
Further Problem Description:
The same SPA modules work without any issues on other ASR1K chassis.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S, 15.4(3)S1.1 |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCup48518 |
Title: | FTP ALG create incomplete token in case of EPSV passive |
|
Description: | Symptom:
FTP ALG create incomplete token in case of EPSV passive
Conditions:
nat+FW+FTP EPSV
Workaround:
n/a
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S4, 15.4(1)S3, 15.4(2)S2, 15.4(3)S0z, 15.4(3)S1, 15.5(1)S |
|
|
| |
| |
Bug Id: | CSCuu24757 |
Title: | ASR1k QFP leak with cpp_sp_svr at module FM CACE |
|
Description: | Symptom:
An ASR1k router will have a leak on the QFP with cpp_sp_svr. Listing the modules under this service, FM CACE which deals with software TCAM will be holding the majority of the memory:
Router#show platform software memory qfp-service-process qfp active
.
.
Module: FM CACE
allocated: 1866346946, requested: 1857054514, overhead: 9292432
Allocations: 1161692189, failed: 0, frees: 1161111412
Conditions:
Currently, this is seen when tunnel interface is configured with IPSEC in a DMVPN environment but the exact conditions are unknown at this time.
Workaround:
None at this time
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.2 |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCuu14810 |
Title: | LNS Setup Rate takes over one hour for 58K sessions (copy of CSCut20591) |
|
Description: | Symptom:
In high scale L2TP/LNS cases where RADIUS sends a QoS-Policy to LNS as a part of Access Accept, session setup rate might be too slow.
For 58.000 sessions, it might take up to 1 hour or even longer to establish all sessions on the LNS side.
The goal of this fix is to improve session setup rate on LNS: without outgoing shaping in RADIUS user profile, it takes only 23 minutes.
Conditions:
In high scale L2TP/LNS cases where RADIUS sends a QoS-Policy to LNS as a part of Access Accept, session setup rate might be too slow.
For 58.000 Sessions, it might take up to 1 hour or even longer to establish all sessions on the LNS side.
The goal of this fix is to improve session setup rate on LNS: without outgoing shaping in RADIUS user profile, it takes only 23 minutes.
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S3.13 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu03930 |
Title: | RPcrash while booting with 3.13.2IOSXE after SPA-4XCT3/DS0-V2 insertion |
|
Description: | Symptom:
RPcrash and core dump.
Conditions:
Post SPA-4XCT3/DS0-V2 insertion with 3.13.2IOSXE image.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | 15.4(3)S3.2, 15.5(2)S0.9, 15.5(2)S1, 15.5(2.21)S0.12, 15.5(2.21)S0.5, 15.5(2.24)S |
|
|
| |
| |
Bug Id: | CSCuu92634 |
Title: | ASR1K:FP100: cpp_svr core file seen with uws_wan_xe311 profile |
|
Description: | Symptom:
cpp_svr core file seen with uws-wan_xe311 profile.
Conditions:
while removing and adding service-policy from parent tunnel policy
Workaround:
-
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum88382 |
Title: | BFD session not established upon RP Switchover and back |
|
Description: | Symptom: BFD session not established upon RP Switchover and back.
Conditions: This symptom is observed during RP switchover and switchback.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.2(1.30)PSR, 15.2(2)E, 15.2(2)E1, 15.2(2)EA1.1, 15.2(2.2.32)EA, 15.2(2.2.70)ST, 15.2(2a)E1, 15.2(2b)E, 15.2(3)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCuv25212 |
Title: | ucode crash with pfr config change |
|
Description: | Symptom:
ucode crash with pfr config change
Conditions:
QOS in configuration, taildrops on ESP might be seen
Workaround:
Avoid qos changes with high traffic traversing through ESP
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut77070 |
Title: | SPA-1xCHOC12/DS0 not supporting Framed E1 connections. |
|
Description: | Symptom:
Framed E1 on SPA-1xCHOC12/DS0 is not coming up. The device is sending AIS to the remote node.
Conditions:
The issue is with Framed E1's. When we configure unframed E1, the link is coming up.
Workaround:
No workaround
Further Problem Description:
NA
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.4(3)S3.3, 15.5(1)S2.2, 15.5(2)S0.8, 15.5(2)S1, 15.5(2.21)S |
|
|
| |
| |
Bug Id: | CSCun13772 |
Title: | NHRP: CPUHOGs seen when many child entries expire simultaneously |
|
Description: | Symptom:
CPUHOG messages and watchdog timeout crashes are observed on an ASR1000 series router running DMVPN.
Conditions:
This has been observed on a router with a very large NHRP table (10-20k individual entries) with a very high number (thousands) of child entries per parent entry.
Workaround:
Reduce the number of child entries per parent entry through the use of supernetting.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S1 |
|
Known Fixed Releases: | 15.2(1)SY1.13, 15.2(4.0)ST, 15.2(4.0.21)E, 15.3(3)M4.1, 15.3(3)M5, 15.3(3)S4.10, 15.3(3)S5, 15.4(2.17)S0.7, 15.4(3)M0.3, 15.4(3)M1 |
|
|
| |
| |
Bug Id: | CSCtb32892 |
Title: | %MFIB-3-DECAP_OCE_CREATION_FAILED: Decap OCE creation failed Tracebacks |
|
Description: | Symptoms: Tracebacks such as:
%MFIB-3-DECAP_OCE_CREATION_FAILED: Decap OCE creation failed
may be be seen on a router console when loading an image or during an RP SSO.
Conditions: The symptom is observed upon reloading a Provider Edge (PE) router
with an mVPN configuration or during a simple SSO. It is observed on the
standby RP.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 12.2(32.8.1)YCA273.10, 12.2(33)XNE, 12.2XN, 12.2XNE |
|
Known Fixed Releases: | 12.2(32.8.2)YCA273.10, 12.2(33)SRE3, 12.2(33)XNF, 12.2(33.1.11)MCP7, 12.2(33.1.23)XNE, 12.2(33.1.9)XNF, 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ |
|
|
| |
| |
Bug Id: | CSCut74937 |
Title: | ASR1K PBR VRF Selection not working when source is local router |
|
Description: | Symptom:
ae_test_cp1#show plat hard qfp acti stat drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
ForUs 15 858
Icmp 205 23210
IpFragErr 3369 5146500
Ipv4NoAdj 465301 38263494
Ipv4NoRoute 1188 100002
Ipv4RoutingErr 6 600
NatIn2out 3117 362895
NatOut2in 3018 229816
UnconfiguredIpv4Fia 260203 17732393
UnconfiguredIpv6Fia 596925 152893250
ae_test_cp1#ping vrf ae_vpn1 10.20.30.1 source 10.20.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.20.30.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.10.1
.....
Success rate is 0 percent (0/5)
ae_test_cp1#show plat hard qfp acti stat drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
ForUs 15 858
Icmp 210 23780
IpFragErr 3369 5146500
Ipv4NoAdj 465301 38263494
Ipv4NoRoute 1188 100002
Ipv4RoutingErr 6 600
NatIn2out 3117 362895
NatOut2in 3018 229816
UnconfiguredIpv4Fia 260203 17732393
UnconfiguredIpv6Fia 596925 152893250
Conditions:
No specific condition, just need to configure VRF Selection and it happens
Workaround:
No workaround
Further Problem Description:
none
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.2(4.0.1) |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCur57558 |
Title: | To fix limitation of 20sec TBAR for ASR1K GM |
|
Description: | Symptom:
On an ASR1000 series router running GETVPN, there is currently a limitation with the
Time Based Anti-Replay window of 20 seconds or longer. This restriction should be removed
to accommodate a more reasonable window threshold.
Conditions:
This is only a limitation on the ASR1000 series router platforms.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S, 15.5(1)S |
|
Known Fixed Releases: | 15.3(3)S5, 15.4(1)S3, 15.4(2)S3, 15.4(3)S2, 15.4(3)S2a, 15.5(1)S1, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCus00801 |
Title: | ASR1002-X cpp crash while processing ICMP Unreachable |
|
Description: | Symptom:
ASR1002-X nat/cpp crash
Conditions:
VASI , NAT configured on the box. Crash is triggered by ICMP unreachable generated by vasi.
Workaround:
Unknown at this stage.
Potential workaround may be to disable unreachables : 'no ip unreachables' and 'no ip redirects' under the vasi interfaces.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCut46706 |
Title: | ASR 1K - CPP uCode Crash Due to Abort on chunk_free_part2() |
|
Description: | Symptom:
ASR 1K may experience a CPP uCode crash due to a corrupt chunk used by SRTP.
Conditions:
None known.
Workaround:
None known.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur24793 |
Title: | l2protocol forward not work for STP, LLDP, PPTPv2 and E-LMI in EVC |
|
Description: | Symptom:
STP, LLDP, PPTPv2 and E-LMI keep being punted/forward regardless of the l2protocol forward CLI
Conditions:
Config l2protocol forward stp elmi lldp under EVC
Workaround:
N/A
Further Problem Description:
N/A
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | 15.3(3)S5.11, 15.4(3)S3.3, 15.5(1.18)S0.9, 15.5(2)S, 15.5(2.10)S |
|
|
| |
| |
Bug Id: | CSCuh62266 |
Title: | Unexpected reloads due to SNMP Engine CPU HOGs |
|
Description: | Symptom:
During normal operation, a Cisco IOS or IOS-XE running device may crash after repeated SNMP CPU HOG messages.
IOS
%SYS-3-CPUHOG: Task is running for (YYYYYY)msecs, more than (2000)msecs (YYY/ZZ),process = SNMP ENGINE.
-Traceback= 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SNMP ENGINE.
-Traceback= 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz 0xXXXXXXXz
Unexpected exception to CPU: vector 1500, PC = 0xXXXXXXX , LR = 0xXXXXXXX
IOS-XE
%SCHED-0-WATCHDOG: Scheduler running for a long time, more than the maximum configured (120) secs.
-Traceback= 1#YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX :10000000+XXXXXXX
Upon reloading unexpectedly, the "show version" command may show.
System returned to ROM by error - a Software forced crash, PC 0xXXXXXXX at
OR
Last reload reason: Critical software exception, check bootflash:crashinfo_RP_00_01_
OR
System returned to ROM by s/w reset at (SP by error - a Software forced crash, PC 0xXXXXXXX)
Conditions:
This symptom occurs while trying to obtain data from IP SLAs Path-Echo (ciscoRttMonMIB) by SNMP polling operation.
Workaround:
Polling ciscoRttMonMIB can be restricted by configuring an SNMP view.
Create a cutdown view.
snmp-server view cutdown iso included
snmp-server view cutdown 1.3.6.1.4.1.9.9.42 excluded
Remove the existing SNMP community strings
no snmp-server community [snmp_community_string]
Configure the community string with the cutdown view.
snmp-server community [snmp_community_string] view cutdown RO
snmp-server community [snmp_community_string] view cutdown RW
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S2 |
|
Known Fixed Releases: | 12.2(60)EZ4, 12.2(60)EZ5, 12.2(60)EZ6, 15.1(1)ICA4.122, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EX0.2, 15.2(1)EY |
|
|
| |
| |
Bug Id: | CSCtl21196 |
Title: | ASR1k -- ESP crash due to sw_wdog_expiry/bipc_ipc_read |
|
Description: | Conditions:
Under certain conditions, Cisco ASR1000 series routers might reload unexpectedly.
This applies to systems based on PowerPC based architectures only (ESP 2.5G, ESP 5G, ESP 10G, ESP 20G, RP-1, SIP-10 and SIP-40).
Most often the problem occurs on a ESP, but could also happen on a RP or SIP.
Symptom:
The router reload happens unexpectedly, due to process crash and may result in failover if redundancy is configured. The likelihood of this event is low, and happens when router has been up for a long time and process crashes due to watchdog timer expiration.
Workaround:
None.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNF1, 12.2(33)XNF2, 15.0(1)S1 |
|
Known Fixed Releases: | 15.0(1)S4, 15.1(2)S2, 15.1(3)S, 15.2(1)S |
|
|
| |
| |
Bug Id: | CSCuh36750 |
Title: | Crash in ASR1K CPP queue manager |
|
Description: | Symptom:
ESP crashes
Conditions:
Subscriber session w/QoS over tunnel or shaped vlan.
Workaround:
None.
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 15.2(3.7.3)PIH19, 15.2(4)S, 15.3(2)S, 15.3(3)S |
|
Known Fixed Releases: | 15.2(4)S4, 15.2(4)S4a, 15.3(2)S2, 15.3(3)S |
|
|
| |
| |
Bug Id: | CSCuu35388 |
Title: | IKEv2 - IPSec SA lifetime expires immediately after SA is established |
|
Description: | Symptom:
SA is created within in the same instance a (lifetime_expiry) message is printed stating "SA lifetime threshold reached, expiring in 3599 seconds" this is followed by a (delete_sa).
358463: Apr 2 12:59:19.348 EDT: IPSEC:(SESSION ID = 2127) (lifetime_expiry) SA lifetime threshold reached, expiring in 3599 seconds
358464: Apr 2 12:59:48.420 EDT: IPSEC:(SESSION ID = 2127) (delete_sa) deleting SA,
Conditions:
This condition is observed in asr1002x-universalk9.03.15.00.S.155-2.S-std.SPA code.
Workaround:
Disable volume based rekey
Reduce the crypto ipsec security-association replay window-size to a value below 1024
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S, 15.5(3)M, 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut79286 |
Title: | ASR1K QoS feature doesn't work fine with RP2/Rls3.x |
|
Description: | Symptom:
For functionality
The queuing/scheduling is fail to function.
When the issue is observed, see dropped the high priority packets.
The remark is function normally.
For Counter of show commands
The physical I/F of output counter is fail to function.
The sub I/F of output counter is fail to function to class-default only.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu44128 |
Title: | GETVPN on ASR with vasi interface fail to install the Rekey |
|
Description: | Symptom:
In GETVPN scenario ASR as Group Member where crypto map is applied on Vasi interface rekey fails to install. For registration there is no problem.
Conditions:
When ASR as GM where crypto map is applied on Vasi interface
Workaround:
none
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus86476 |
Title: | ASR1K NAT ALG ucode crash @ipv4_nat_destroy_addrport_bind |
|
Description: | Symptom:
Crash occurs in chunk malloc. Backtrace indicates call from ipv4_nat_destroy_addrport_bind
Conditions:
The PPTP ALG must be enabled for this condition to occur (enabled by default)
Workaround:
Disable PPTP ALG through use of configuration command "no ip nat service pptp"
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 18-JUL-2015 |
|
Known Affected Releases: | 15.4(2)S2.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu75584 |
Title: | cpp ucode crash related to Nat config changes |
|
Description: | Symptom:
cpp-ucode crash followed by fman-Fp crash
Conditions:
possible NAT configuration changes
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 18-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S5.9 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCsz42939 |
Title: | IOS crash pointing @mcprp_spa_ct3_pat_remove_interface |
|
Description: | Symptoms: Router crashes and reloads when multiple interfaces are configured
with SPA-4XCT3/DS0/SPA-2XCT3/DS0 SPA.
Conditions: The symptom is observed when multiple channel groups are configured
on SPA-4XCT3/DS0 SPA and then a soft/hard OIR is performed.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 19-JUL-2015 |
|
Known Affected Releases: | 12.2REC, 12.2SRD, 12.2XN |
|
Known Fixed Releases: | 12.2(32.8.2)YCA273.15, 12.2(32.8.31)REC186, 12.2(32.8.5)YCA273.15, 12.2(33)SRE, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a |
|
|
| |
| |
Bug Id: | CSCtc69991 |
Title: | DMVPN P3:NDB state error trcbk@ IPConnectedRoute & CDP Protocol Proc |
|
Description: | Symptoms: A Cisco ASR 1000 Series Aggregation Services router configured as a
DMVPN spoke may throw tracebacks.
Conditions: The symptom is observed when "odr" is configured as the overlay
routing protocol and a shut/no shut is done on the tunnel interface.
Workaround: Use EIGRP as the overlay routing protocol.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(32.0.13)SRE, 12.2(32.8.7)YCA273.35, 12.2(33)SB9, 12.2(33.1.18)XNE, 12.2(33.1.8)XNF, 12.2(33.1.9)MCP7, 12.2(33.2.13)SB11, 12.2(33.2.81)SB12, 12.2(33.3.0)SB13, 12.2(33.3.1)SB15 |
|
|
| |
| |
Bug Id: | CSCuv14905 |
Title: | vxlan source port calculated based on src and dest IP/port of payload |
|
Description: | Symptom:
vxlan source port calculating with src and dest IP/port of payload will trigger crash.
Conditions:
none
Workaround:
none
Further Problem Description:
vxlan source port not support to be hashed with src and dest IP/port of payload
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCte58825 |
Title: | IOSD crash on SNMPWalk at get_ipsec_policy_map |
|
Description: | Symptoms: There is a crash upon conducting an snmpwalk from "enterprise mib
oid
1.3.6.1.4.1".
Conditions: The symptom is observed on a Cisco ASR 1000 Series Aggregation
Services router that is running Cisco IOS Release 12.2(33)XNE.
Workaround: Configure SNMP view to exclude ipSecPolMap as follows:
snmp-server view iso included
snmp-server view ipSecPolMapTable excluded
snmp-server community view RO
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNE, 15.0(1)M |
|
Known Fixed Releases: | 12.2(33)XNE2, 12.2(33.1.1)XNF1, 12.2(33.2.4)XNE1, 15.0(0.3)S, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ |
|
|
| |
| |
Bug Id: | CSCut81614 |
Title: | OTV non-AED wrongly replies to ARP request received from internal intf |
|
Description: | Symptom:
non-AED will reply to ARP request which will make L2 traffic loss
How to verify if your problem hits this ddts:
For target Mac address(duplicated in otv database), check the mac table on all related switches and ASR1K(ED). If the the port of the mac address is wrong, you may meet the problem hits this ddts.
Conditions:
Multi-homing
Workaround:
disable otv arp-nd cache
Further Problem Description:
None
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | 15.4(3)S3, 15.5(1)S2, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCut12494 |
Title: | AppNav-XE: MPLS->IP flow only optimizes host directly connected |
|
Description: | Symptom:
WAAS flows not optimized. WAAS reporting that connection is passed through due to asymmetric connection.
Conditions:
AppNav-XE is configured on MPLS IP interface. The host needing traffic optimization is not connected to the router via a switch but through one or more router.
Workaround:
Configure AppNav on the IPv4 interface(s).
Further Problem Description:
AppNav intercepts packet on the MPLS input and output for packet going between MPLS and IPv4. However, for packet that is going from MPLS to IPv4 with a known adjacency, such as a static route, the packet takes a path which bypasses AppNav and AppNav missed diverting the packet resulting in uni-directional diversion.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu36926 |
Title: | XE317:IP Ping connectivity failure with atm_pmcr_pcr configs |
|
Description: | Symptom:
While testing XE316 image with "xe35_atm_pmcr_pcr"(SPA-3XOC3-ATM-V2 & SPA-2CHT3-CE-ATM are used) feature in RP2 platform, observing IP ping failure.
Conditions:
Issue is seen in RP2 platform.
Workaround:
Check "Workaround" enclosure.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S, 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtf66271 |
Title: | Cert display changed on ASR after upgrade to XNF |
|
Description: | Symptoms: A Cisco ASR 1000 Series Aggregation Services router that was running
the asr1000rp1-adventerprisek9.02.04.02.122-33.XND2.bin image and then upgrades
to the asr1000rp1-adventerprisek9.02.06.00.122-33.XNF.bin image displays the
complete certificate chain as follows:
crypto pki certificate chain JUTnetRoot-Pilot
certificate ca 3C5A00179190F2DF23325330195B9B67
308203AE 30820296 A0030201 0202103C 5A001791 90F2DF23 32533019 5B9B6730
0D06092A 864886F7 0D010105 05003071 310B3009 06035504 06130255 53311930
17060355 040A1410 41542654 20436F72 706F7261 74696F6E 311F301D 06035504
0B131646 6F722054 65737420 50757270 6F736573 204F6E6C
whereas before the upgrade it displayed:
crypto pki certificate chain JUTnetRoot-Pilot
certificate ca 3C5A00179190F2DF23325330195B9B67 nvram:ATTCorporati#9B67CA.cer
Conditions: The symptom is observed with a Cisco ASR 1006 router that is
running the asr1000rp1-adventerprisek9.02.06.00.122-33.XNF.bin image.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(32.8.13)YCA273.10, 12.2(33)XNF1, 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4 |
|
|
| |
| |
Bug Id: | CSCsz69148 |
Title: | Running filtered logging with ESM TCL script creates memory leaks. |
|
Description: | Symptoms: When running an Embedded Syslog Manager (ESM) TCL script to filter
logs on a Cisco ASR 1000 Series Aggregation Services router, memory leaks in
IOSD ipc task and ESM Logger occur.
Conditions: The symptom is observed with RP1 and RP2. Any feature which
uses
heavy logging (for example, audit logging for firewall features) will
encounter this issue readily (the trigger is the rate of logging rather
than
the volume of log messages).
Workaround: There is no workaround.
Further Problem Description: The IOSD ipc task and ESM logger consume more
and more memory until there is no more free memory available on the
router.
You can track the memory consumption with the show processor
memory
sort command and monitor the amount of memory the IOSD ipc task and ESM
logger consume over time.
An example configuration:
logging buffered filtered
logging filter harddisk:ESMscript.tcl
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNC, 15.0(1)S |
|
Known Fixed Releases: | 12.2(33)SXJ, 12.2(33)SXJ2, 12.2(33)SXJ3, 12.2(33)SXJ4, 12.2(33)SXJ5, 12.2(33)SXJ6, 12.2(33)SXJ7, 12.2(33)SXJ8, 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
Bug Id: | CSCth20862 |
Title: | asr1k:RLS7:ios crash on changing gre ipsec tunnel destination on PE |
|
Description: | Symptoms: A router crashes upon changing the "ipsec gre tunnel" configuration.
The crash is seen when the "invalid SPI" message is displayed. This message is
normal in IPSec settings, more often seen in session flap situation.
Conditions: The symptom is observed when two IPSec GRE tunnels are configured
on a PE router. The crash is seen after changing the tunnels' destination and
flapping the tunnel. At certain times the issue is seen on just flapping the
GRE tunnel.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 15.0(0.13)S0.9, 15.0(1)S, 15.0(2)EX, 15.0(5.2)DPB35, 15.0(5.21)SID, 15.1(0.0.15)PIL15, 15.1(0.14)S, 15.1(1)MP1.27, 15.1(1)MR6, 15.1(1)SD5.1 |
|
|
| |
| |
Bug Id: | CSCtg84649 |
Title: | asr1k eigrp not forming adjacencies in dvti environment |
|
Description: | Symptoms: EIGRP is not forming adjacencies over virtual interfaces in a DVTI
environment.
Conditions: This symptom is observed on a Cisco ASR 1000 platform with Cisco
IOS Release 12.2(33)XNE or Release 12.2(33)XNF1.
Workaround: Remove the passive-interface configurations for Virtual-Template
and then re-configure the passive-interface designation. For example,
Router#sh run | b router
router eigrp 100
network 10.1.0.0 0.0.31.255
passive-interface default
no passive-interface Virtual-Template1
Router(config)#router eigrp 100
Router(config-router)#no passive-interface default
Router(config-router)#passive-interface default
Router(config-router)#no passive Virtual-Template 1
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNE, 15.1(1.1) |
|
Known Fixed Releases: | 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4, 12.2(60)EZ5, 12.2(60)EZ6 |
|
|
| |
| |
Bug Id: | CSCtb24959 |
Title: | Crash seen while clearing large number of rp mappings |
|
Description: | Symptoms: The router may crash while clearing a large number of RP mappings.
Conditions: This symptom occurs when you configure the router as an RP agent
and candidate RP for a large number of RPs. This issue is seen when you run the
clear ip pim rp-map command several times.
Workaround: Do not run the clear ip pim rp-map command
several times in succession.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)SRE5, 12.2(33.4.3)SRE, 12.2(58)EY2, 15.0(1)S3.5, 15.0(1)S4, 15.0(1)SE1, 15.0(1)SY, 15.0(1.19)DPA4a, 15.0(1.19)DPA5, 15.0(2)EA |
|
|
| |
| |
Bug Id: | CSCth47686 |
Title: | ASR1K:Crash seen on EXEC process on GM with psuedotime configured on KS |
|
Description: | Symptom:
Crash seen on EXEC process on GM
Conditions:
Apply the same GDOI map to multiple interfaces and the GM router crashes when "sh crypto gdoi gm replay" is issued on it.
Workaround:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.1(0.14)S, 15.1(0.8)S |
|
Known Fixed Releases: | 15.0(2)EX, 15.0(5.2)DPB35, 15.0(5.21)SID, 15.1(0.0.15)PIL15, 15.1(0.15)S, 15.1(1)MP1.27, 15.1(1)MR6, 15.1(1)SD5.1, 15.1(1)SG5.103, 15.1(1)SG5.124 |
|
|
| |
| |
Bug Id: | CSCuv05361 |
Title: | cpp_cp_svr crash on AR1K |
|
Description: | Symptom:
A cpp_cp_svr and a fman_fp_image core file was generated after configuring adaptive QoS.
Conditions:
Not known
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCth87706 |
Title: | IOSd crash in hqf_tunnel.c on tunnel destination interface flap |
|
Description: |
Symptom:
The crash will happen when large amount of tunnels were configured on an interface
repeated interface flapping such as shut/no shut will result in a crash
Conditions:
Scaled tunnel testing with the number of tunnels reported to be around 3500.
Workaround:
No known workaround in a scale condition
Further Problem Description:
N/A
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: | 15.1(0.18)S0.2, 15.1(1)MR, 15.1(1)MR6, 15.1(1)S, 15.1(1.2)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S2 |
|
|
| |
| |
Bug Id: | CSCur60943 |
Title: | l2bd_bfib_timer_timeout_handler Crash due to problem in IOS internals |
|
Description: | Symptom:
An ASR/1k router or platforms running similar IOS may experience this problem. Crash is due to problem within IOS internals.
If you are a Cisco customer and suspect running into this issue, please inspect the contents of the CPP core file for a message similar to
abort: bucket 22, ticks 17736, timer_bucket 21, timer_ticks 17736, opaque_data 0, flags 1, timer 8bcaeb20
Notice the difference between the bucket and timer_bucket values. This mis-match causes the crash.
This is not a very common crash. It is a race condition involving timing issue and so, consistently seeing it in production networks may be rare.
Conditions:
Workaround:
Unknown
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.5(0.4)S |
|
Known Fixed Releases: | 15.4(2)S3, 15.4(3)S2, 15.4(3)S2a, 15.5(1)S1, 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCtg60201 |
Title: | BGP:Repair path not calculated after maximum-path cmd is deconfigured |
|
Description: | Symptoms: Unconfiguring the maximum-path command does not
trigger a backup path calculation.
Conditions: This symptom is observed if addition-path install is configured
along with the maximum-path command.
Workaround: Reconfigure "bgp additional-path install."
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.0(0.11)S0.1, 15.0(0.13)S0.12, 15.0(0.13)S0.5, 15.1(0.2)S, 15.1(3)S |
|
Known Fixed Releases: | 12.2(33)SRE3, 12.2(33.2.4)SRE, 15.0(0.13)S0.21, 15.0(1)SY, 15.0(1.19)DPA4a, 15.0(1.19)DPA5, 15.0(1.20)SID, 15.1(0.0.5)PIL15, 15.1(1)SG1.3, 15.1(1)SG3.90 |
|
|
| |
| |
Bug Id: | CSCti36423 |
Title: | ASR memory leaks when configured with NHRP, SNMP and DMVPN |
|
Description: | Symptom:
Cisco ASR router memory leaks when NHRP, SNMP, and DMVPN are configured.
Conditions:
This symptom is observed in Cisco ASR routers running the Cisco IOS asr1000rp1-adventerprisek9.03.01.00.S.150-1.S image.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 15.0(2)EX, 15.0(5.2)DPB35, 15.0(5.21)SID, 15.1(0.0.15)PIL15, 15.1(0.18)S0.2, 15.1(1)MP1.27, 15.1(1)MR, 15.1(1)S, 15.1(1)SD5.1, 15.1(1)SG5.103 |
|
|
| |
| |
Bug Id: | CSCuu71411 |
Title: | ASR1K DMVPN: Packets not getting decrypted with uws_vpn3 profile |
|
Description: | Symptom:ASR1K DMVPN Spoke-to-Spoke packets not getting decrypted.
Conditions:Regression found issue.
Workaround:N/A
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S, 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut65374 |
Title: | PTP Leap Second: ASR1002-X incorporate leap second addition 6/30/15 |
|
Description: | Symptom:
There are periodic leap second events which can add or delete a second to global time. The leap second event can be propagated via Precision Time Protocol (PTP) if configured.
When the leap second update occurs and the device is configured to use PTP as a Boundary Clock (BC) then an incorrect Coordinated Universal Time (UTC) offset and PTP Leap Indicator could propagate incorrect time downstream. This could cause the PTP network time to be off as much as thirty five seconds.
Conditions:
The leap second update is propagated from the configured PTP Grandmaster clock.
A Cisco device running the PTP protocol would have the "feature ptp" command in the running configuration.
Workaround:
For this problem of the incorrect PTP UTC offset and Leap Second update flag for Cisco devices configured as a PTP boundary clock the following workaround can be used:
1. Increase the Time To Live (TTL) on the IPV4 multicast PTP frames from the PTP Grand Master clock from the default of one (1) to something higher than the number of multicast hops the PTP packets would have to traverse in the network to reach the Cisco device.
2. Disable PTP on the affected cisco devices configured as PTP boundary clocks.
3. If the now disabled Cisco devices configured as a PTP boundary clock supports Internet Group Management Protocol (IGMP) snooping then nothing additional is required.
If the device does not support IGMP snooping then static multicast Content Addressable Memory (CAM) entries would need to be created for the devices downstream which need the PTP frames from the PTP Grand Master clock.
If this workaround cannot be implemented than an upgrade is recommended.
Further Problem Description:
N/A
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCun39803 |
Title: | OTV Drops ARP Broadcasts due to corrupt Flood List Pointer |
|
Description: | Symptom:
Intermittent connectivity loss between hosts at different OTV sites. Pinging from one host to the other more than 8 times restores connectivity for about 8-10 minutes. Packet captures show ARP request broadcasts from a host at one site not being received by the host at the other site for about 7-8s, and then suddenly starting to work.
This problem has a tendency to get worse over time, with more and more hosts being affected over the course of a week or two until connectivity between sites is essentially gone.
Additionally ARP requests both arriving from an Overlay interface or from the inside interface could be lost.
Conditions:
ASR1K running 15.4 or 15.3 code, possibly earlier code, with OTV configured.
Workaround:
Remove the EVC's involved from all interfaces and overlay interface.
Wait for a minute. Then it is OK to reconfigure them back.
Statically configuring ARP entries on the hosts will work also.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S4, 15.4(1)S3, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
Bug Id: | CSCuu97977 |
Title: | Pfrv2 load-balance not working with passive mode. |
|
Description: | Symptom:
Traffic is not load-balancing in Outbound /Inbound direction while running PFRv2 with Internet Edge Solution.
Conditions:
while running PFRv2 with Internet Edge Solution and load-balance with passive mode.
Workaround:
Further Problem Description:
Customer is running Pfrv2 Internet Edge solution to load-balance Outbound and Inbound Traffic.
Seems like the new link-group algorithms not work well for load-balance with passive mode.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.2 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo77017 |
Title: | tcam resource has not been released after 32k efp deleted |
|
Description: | Symptom:
the tcam resource has not released after 32k efp configured and deleted on the asr1001
Conditions:
with a clear configuration running 3.13 img
configure 32k efp
check the tcam resource on the asr1k
and delete the efp then check the tcam on the asr1k
will find the resource hs not beem released
Workaround:
reload the router or FP
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | 15.5(1)S |
|
|
| |
| |
Bug Id: | CSCti36310 |
Title: | ASR memory leak when IKE attribute are pulled by snmp |
|
Description: | Symptom: A Cisco ASR 1000 Series Aggregation Services router is leaking
memory when IKE attributes are pulled by SNMP.
Conditions: This symptom is observed on a Cisco ASR 1000 Series Aggregation
Services router with SNMP enabled. The leak has been observed with the
asr1000rp1-adventerprisek9.03.01.00.S.150-1.S and
asr1000rp1-adventerprisek9.02.06.01.122-33.XNF1 images.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNF1, 15.0(1)S |
|
Known Fixed Releases: | 15.0(1)S1.3, 15.0(1)S2, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK |
|
|
| |
| |
Bug Id: | CSCuu88964 |
Title: | ASR1K Kernel crash at pidns_get() |
|
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtj40564 |
Title: | crypto keyring binding with local address is broken in some scenarios; |
|
Description: | Symptoms: Cisco ASR 1000 router disallows incoming Internet Key Exchange
(IKE) connection that matches a keyring. This issue occurs after the router
is reloaded.
Conditions: This symptom ocurs when a crypto keyring, which has a local-
address defined as an interface, is used.
crypto keyring keyring_test
pre-shared-key address 0.0.0.0 0.0.0.0 key
local address Loopback2104
Workaround: Use an IP address.
crypto keyring keyring_test
pre-shared-key address 0.0.0.0 0.0.0.0 key
local address
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: | 12.2(33)SXJ3, 12.2(33)SXJ4, 12.2(33)SXJ5, 12.2(33)SXJ6, 12.2(33)SXJ7, 12.2(33)SXJ8, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED |
|
|
| |
| |
Bug Id: | CSCuf29121 |
Title: | CPP uCode crash due to FTP ALG and crypto |
|
Description: | Symptom:
An unexpected reload of an ASR1000 router may be observed.
Conditions:
This is an issue with the FTP ALG (application-layer gateway) feature in NAT and crypto features. This issue may be hit if FTP traffic is sent via an interface with both NAT and crypto enabled.
Workaround:
Disable FTP ALG as follows:
For NAT44: 'no ip nat service ftp'
For NAT64: 'no nat64 service ftp'
Alternately, avoid sending FTP traffic via an interface with NAT and crypto enabled.
Further Problem Description:
Issue is fixed in 3.7.3S, 3.8.2S, 3.9.1S, 3.10.0S and all later releases.
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.2(4)S3, 15.3(1)S2, 15.3(2)S1, 15.3(3)S |
|
|
| |
| |
Bug Id: | CSCur46656 |
Title: | 3.10.4S-UNIX-EXT-SIGNAL: Segmentation fault(11), Process = IOSD ipc task |
|
Description: | Symptom:
A router running IOS-XE (ISR 4000 series, ASR 1000 series), containing a SPA-4XT3/E3 module, may crash with the following error message:
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = IOSD ipc task
Conditions:
In order for this bug to be encountered, all of the following conditions must be met :
The router is running one of the following software versions:
3.10.4S and earlier
3.11.3S and earlier
3.12.2S and earlier
3.13.1S and earlier
3.14.1S and earlier
3.7.6S and earlier
The router has a SPA-4XT3/E3 module installed.
The router is sending DS3 SNMP traps, ie the line 'snmp-server enable traps ds3' is present in the router's configuration.
Workaround:
Booting the device without the following configs :
snmp-server enable traps ds3
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S4 |
|
Known Fixed Releases: | 15.3(3)S4.11, 15.3(3)S5, 15.4(2)S2.15, 15.4(2)S3, 15.4(3)S1.4, 15.4(3)S2, 15.5(1)S0.6, 15.5(1)S1, 15.5(1)SN1, 15.5(1.15)S |
|
|
| |
| |
Bug Id: | CSCut03813 |
Title: | ASR1K ucode crash seen at mpls_icmp_create |
|
Description: | <B>Symptom:</B>
ASR 1000 may experience an ESP ucode crash causing network outage in non-redundant setup
<B>Conditions:</B>
currently observed on ESP100 and ASR1002-X with deployments having MPLS, IPv6 and NAT configured.
<B>Workaround:</B>
None at this point.
<B>Further Problem Description:</B>
On ESP40, instead of crash, you may see following error message-
%NAT-6-ADDR_ALLOC_FAILURE:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S5.1, 15.4(3)S |
|
Known Fixed Releases: | 15.4(3)S3 |
|
|
| |
| |
Bug Id: | CSCus78987 |
Title: | UDP port 2152 (GPRS) is open by default and can't be manually closed |
|
Description: | <B>Symptom:</B>
UDP port 2152 is open by default, without additional configuration.
<B>Conditions:</B>
UDP port 2152 is associated with GPRS Tunneling Protocol. GPRS was introduced on XE3.4S.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-data-zbf-xe-book/conf-gprs-tunn-prot.html#GUID-6153DF03-6228-4117-8E71-
80989510E3A5
By default this port is open even without any GPRS configurations. There is currently no way to
manually close the port or disable the service if its not needed.
<B>Workaround:</B>
An extended ACL can be created and applied to the interface to block destination UDP port 2152.
You can also use control-plane policing to block UDP packets being sent with a destination port
of 2152 and being sent to the control plane. Here is the example config to do this:
ip access-list extended udp-port-2152
permit udp any any eq 2152
class-map match-all traffic-udp-port-2152
match access-group name udp-port-2152
policy-map CoPP
class traffic-udp-port-2152
police cir 32000 conform-action drop exceed-action drop
control-plane
service-policy input CoPP
Please note the previous configuration should only be applied to devices NOT configured to
process GPRS traffic.
<B>Further Problem Description:</B>
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.1(2)SY, 15.4(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut17865 |
Title: | ASR1K:13RU IOSd crash @PnP Agent Discovery after router reload |
|
Description: | Symptom:
IOSd crash occurs at PnP Agent Discovery
Conditions:
after doing write erase and reload
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | 15.2(1)IC273.310, 15.2(1)SY0.4, 15.2(1)SY1, 15.2(2)ID101.131, 15.2(2)IE101.142, 15.2(3)E1, 15.2(4.0)ST, 15.2(5.0)ST, 15.4(3)M2.2, 15.4(3)M3 |
|
|
| |
| |
Bug Id: | CSCtk03526 |
Title: | Segmentation fault at Crypto IKEv2 process while scaling static CMs |
|
Description: | Symptoms: An IOSd process crash may be observed on a Cisco ASR1K router
configured with static crypto maps with IKEv2.
Conditions: This symptom occurs after sending heavy and continuous
bidirectional traffic through a large number of static crypto maps configured
with IKEv2, and is not easily seen.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCtc00463 |
Title: | protect Tcl directory & ESM activation |
|
Description: |
Symptom:
Introduce new command: "file scripts-url "
Conditions:
N/A
Workaround:
N/A
Further Problem Description:
It is not a bug but introducing of new CLI.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33.2.1)XND2, 15.0(2)EX, 15.0(2)SE1, 15.0(2.12)DPB8, 15.0(5.21)SID, 15.1(1)SD5.1, 15.1(1)SG5.103, 15.1(1)SG5.124, 15.1(1)SG5.163 |
|
|
| |
| |
Bug Id: | CSCto64188 |
Title: | ASR reload if mask assignment changes during "show ip wccp...detail" cmd |
|
Description: | Symptoms: The Cisco ASR router may unexpectedly reload if WCCP mask assignment
changes while the show ip wccp service
detail command is in progress.
Conditions: This symptom occurs when WCCP mask assignment is in use.
The show ip wccp service
detail command displays a WCCP client mask assignment table
while, at the same time, the service group mask assignments are changed.
Workaround: Do not use the detail keyword while WCCP
redirection assignments may be changing. Instead, use the
clients and assignment keywords.
For example, if mask assignments may be changing, use the following two commands:
- show ip wccp web-cache clients
- show ip wccp web-cache assignment
Instead of the following command:
show ip wccp web-cache detail
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S, 15.1(1)S, 15.1(2)S |
|
Known Fixed Releases: | 15.0(1)S4.18, 15.0(1)S5, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK |
|
|
| |
| |
Bug Id: | CSCto98212 |
Title: | Router crashed when RIPng process is removed on interface twice |
|
Description: | Symptoms: When RIPng is removed from an interface from telnet and serial
console sessions at the same time, it causes the routers to crash.
Conditions: This symptom occurs when RIPng is configured on an interface and
two users are connected using two different console sessions.
Workaround: Do not configure the same RIPng through two different console
sessions.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-JUL-2015 |
|
Known Affected Releases: | 15.1(2.13)S |
|
Known Fixed Releases: | 15.0(2.26)DPB1.17, 15.0(2.26)DPB7, 15.0(2.28)DPB1.0, 15.0(5.21)SID, 15.1(1)SD5.1, 15.1(1)SG5.161, 15.1(1)SG5.162, 15.1(1)SG5.163, 15.1(1)SG5.169, 15.1(1)SG5.170 |
|
|
| |
| |
Bug Id: | CSCtd43841 |
Title: | Framed-IPv6-Prefix attribute sent twice in Accounting Stop |
|
Description: | Symptoms: Two framed-ipv6-prefix is present in accounting stop when the
following CLIs are enabled:
- aaa accounting include authprofile framed-ip-address
- aaa accounting include authprofile framed-ipv6-prefix
- aaa accounting include authprofile delegated-ipv6-prefix
Conditions: This symptom occurs when the above-mentioned CLIs are needed when
all the following three conditions are met:
1. A dual stack server is present.
2. "aaa accounting delay-start" is configured.
3. Either ipv4 or ipv6 negotiation fails.
These CLIs are needed to include the IPv4 and IPv6 attributes in the
accounting record sent.
Only in such scenario, framed-ipv6-prefix may be present twice in
accounting records.
Workaround: On a dual stack server with "aaa accounting delay-start"
configured, ensure that both IPv4 and IPv6 negotiation are successful for the
accounting records to be sent. In such cases, you need not include the above-
mentioned CLIs.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-JUL-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNE1, 12.2(33)XNF, 12.2(33.1.1)XNF1, 12.2(33.1.18)XNE, 12.2(33.1.9)XNF, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH |
|
|
| |
| |
Bug Id: | CSCtr29831 |
Title: | ASR1000-WATCHDOG: Process = SXP CORE when adding 1k sxp connection |
|
Description: | Symptom:
SXP cored
Conditions:
when bring up 1000 sxp connections
Workaround:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.0(1)SY1, 15.0(1)SY2, 15.0(1)SY3, 15.0(1)SY4, 15.0(1)SY5, 15.0(1)SY6, 15.0(1)SY7, 15.0(1)SY7a, 15.0(1.9)AWD, 15.0(10.32)EMW |
|
|
| |
| |
Bug Id: | CSCts42154 |
Title: | ASR Fails to Register after the Initial Attempt Failing |
|
Description: | Symptoms: After the Cisco IOS ASR 1006 router is reloaded, it fails to
reregister to the key server. From the debugs, it is observed that the
attempt to register is generated too early before the GDOI is ON. This
registration attempt is made before the interface, through which GDOI
registration traffic with the key server passes, goes to the UP state.
Conditions: This symptom is observed on a Cisco IOS ASR 1006 router that runs
Cisco IOS Release 15.0(1)S2 and Cisco IOS Release 15.0(1)S3.
Workaround: Use the clear crypto gdoi command to fix this
issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S2, 15.0(1)S3 |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCtt35936 |
Title: | RLS3.4 EIGRP route updates are not sent to DMVPN spokes |
|
Description: | Symptoms: EIGRP route updates are not sent to DMVPN spokes. The show
ip eigrp inter command output shows pending routes in interface Q,
which remains constant. The show ip eigrp int deta command
output shows that the next sequence number of the interface remains the same
(does not advance).
Conditions: This symptom occurs when EIGRP session flapped, resulting in routes
being withdrawn and restored.
Workaround: Add a static route on any spoke that kicks out EIGRP learned routes
from the RIB table; this will again kick the interface on the HUB.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S1 |
|
Known Fixed Releases: | 15.0(1)IA273.167, 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3 |
|
|
| |
| |
Bug Id: | CSCuu82195 |
Title: | ASR1k experiences CPP crash with DMVPN setup and QoS on spokes |
|
Description: | Symptom:
ASR1k with DMVPN configuration experiences a crash when bringing up tunnels. This is due to lack of resources (queues on BQS).
This can be checked with "show platform hardware qfp active infrastructure bqs sorter memory available" -> LEAF:STEM available.
Conditions:
DMVPN configuration, policy-map applied to the spoke
Workaround:
Do not oversubscribe the platform with many policy-maps
Further Problem Description:
This is NOT applicable to ISR4k series routers.
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.9 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCty26186 |
Title: | Enhancement request to capture watchdog reset on asr1k |
|
Description: | Symptom:
reset did not save any core or crashinfo file. no error log either.
under show version:
"Last reload reason: Watchdog"
under "Reset reason Power On"
watchdog reset
Conditions:
normal operation. reset did not save any core or crashinfo file. no error log either.
Workaround:
this is a code enhancement. not a bug. therefore, no workaround applicable.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S, 15.1(2)S2 |
|
Known Fixed Releases: | 15.5(2)S |
|
|
| |
| |
Bug Id: | CSCtu47871 |
Title: | ASR crashes without crashinfo , and last reload reason :watchdog |
|
Description: | Symptom:
ASR crashes without crashinfo and last reload reason as watchdog.
Conditions:
Happened once and not been reproducible.
Workaround:
None
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum22612 |
Title: | ASR1k IKE SA Stuck in MM_KEY_EXCH with RSA-SIG blocking new SAs with CAC |
|
Description: | Symptom:
Since the ASR fails to send MM6 [being a responder] in the absence of a valid certificate, IKE SAs start leaking and hence get stuck in MM_KEY_EXCH state. Multiple MM_KEY_EXCH exist for a single Peer on the ASR, however the Peer does not retain any SAs for ASR in this case.
Along with CAC for in-negotiation IKE SAs, these stuck SAs block any new SAs or IKE rekeys even after renewing the certificates on the ASR.
Conditions:
This symptom is observed under the following conditions:
- ASR acting as IKEv1 termination point [sVTI for example] and is a responder.
- IKE authentication mode is RSA-SIG [Certificates].
- On the ASR, the ID-Certificate is either Expired or Not-present for a given sVTI tunnel
- The ASR also has a IKE in-negotiation CAC of a certain value.
Example:
crypto call admission limit ike in-negotiation-sa 30
Workaround:
Perform the following workarounds:
a) Manually delete stuck SAs by using:
clear crypto isakmp 12345
.. where 12345 is conn_id of a stuck SA.
Repeat this for each stuck SA
b) Temporarily increase CAC to accommodate new SA requests:
crypto call admission limit ike in-negotiation-sa 60
Further Problem Description:
Found and Tested in Cisco Release XE 3.7.4/Cisco IOS Release 15.2(4)S4.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.2(1)IC273.175, 15.2(1)IC273.8, 15.2(2)EA1, 15.2(2.0)EA, 15.2(2.1)EB, 15.2(2.2.75)ST, 15.2(2.6.68)EA, 15.2(2.7.9)EA, 15.2(2.8.1)EA1, 15.2(4)GC1 |
|
|
| |
| |
Bug Id: | CSCtl09030 |
Title: | ARP In or IP InbandSessionInitiator process crash |
|
Description: | Symptom:
A device configured to function as DHCP relay/server crashes in the ARP input process or IP inband session initiator process.
Conditions:
This symptom is observed when the device is configured with
DHCP relay or server and DHCP initiated IP sessions are configured. This issue
is seen when the ISG inband IP session initiator is configured and an ARP
request is received from a client whose DHCP IP session has timed out or cleared.
Workaround:
Disable ISG DHCP session initiator.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S2 |
|
Known Fixed Releases: | 12.2(33)SB12, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE6, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33.2.39)SB11, 12.2(33.2.81)SB12, 12.2(33.3.0)SB13 |
|
|
| |
| |
Bug Id: | CSCuv09985 |
Title: | ESP100 crash if interface is going up/down CPPHA-3-FAULT: F0: cpp_ha |
|
Description: | Symptom:
ASR1k is function as a LNS device and is connected to a core router.
Conditions:
Reload of the core router and ESP crashed during ~20k L2TP sessions were up.
Workaround:
none
Further Problem Description:
Traceback:
*Jun 30 10:54:49.870: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CPP Client process failed: cpp_cp det:HA class:CLIENT_SW sev:FATAL id:1 cppstate:RUNNING res:UNKNOWN flags:0x0 cdmflags:0x0
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv15454 |
Title: | ASR1001-X Builtin VLAN Egress Statistics not available on port-channel |
|
Description: | Symptom:
Mismatch in counter values of physical interface and sub-interface.
Conditions:
Issue observer on ASR1001-x which has built-in bay.
Workaround:
Use the "show vlans as a workaround to collect the stats instead of SNMP.
6RU#sh vlans 10
VLAN ID: 10 (IEEE 802.1Q Encapsulation)
Protocols Configured: Received: Transmitted:
IP 133 104
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S2.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu54317 |
Title: | Backout CSCur48133/CSCuu21225/CSCuu33633 from XE316 & mcp_dev |
|
Description: | Symptom:
The DDTS is the backout of CSCur48133 and related commits to XE316
Conditions:
Due to timing issues introduced by CSCur48133 and related commits the DDTS is backed out from XE316
Workaround:
None
Further Problem Description:
The related issues will be fixed in mcp-dev and soaked and the commited to throttles
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | 15.5(2.21)S0.12, 15.5(2.21)S0.6 |
|
|
| |
| |
Bug Id: | CSCuq24971 |
Title: | ASR1k ucode crash with pa_get_state on using aggregate port-channel |
|
Description: | Symptom:
ASR1k ucode crashes seen with the ESP
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CGI_CSR32_CGI_SETB_HIER_INT__INT_PA det:DRVR(interrupt) class:OTHER sev:FATAL id:85 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions:
1. "platform qos port-channel-aggregate x" configured
2. NAT inside/outside and DNS features enabled
3. Receive a DNS response message from outside to inside with translation required.
Workaround:
Disable NAT ALG processing as follows
no ip nat service dns tcp
no ip nat service dns udp
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S2, 15.4(3)S1, 15.5(1)S |
|
|
| |
| |
Bug Id: | CSCui25696 |
Title: | ASR 1K router - Kernel Core Crash on find_busiest_group() |
|
Description: | Symptom:
Cisco ASR 1K router experiences a watchdog reset due to a kernel core dump triggered by a possible invalid calculation.
Conditions:
This symptom can occur under any condition.
Workaround:
There is no workaround.
Further Problem Description:
The bug mentions "watchdog". On platforms that have dedicated FP/ESPs (example would 1002, 1004, 1006 and 1013), there is no reload of the RP and so, the show version output will not reflect watchdog.
The may be as much as 10 minutes or more from the time you see
IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
tp when you see
IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
The interruption to network services are likely to happen close to when you see online in slot F0 message.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S1 |
|
Known Fixed Releases: | 15.2(4)S4, 15.2(4)S4a, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
Bug Id: | CSCuu68669 |
Title: | ASR1001x ping failure when config negotate-auto to FastEthernet |
|
Description: | Symptom:
when asr1001x gig interface connects to FastEthernet and both enabled as negotiation auto
Conditions:
when asr1001x connect to FastEthrent and asr1001x configured "negotiation auto"
Workaround:
configure the asr1001x side as "speed 100"
Further Problem Description:
none
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtt45654 |
Title: | Virtual-Access is not deleted when tear down ipsec session |
|
Description: | Symptoms: In a DVTI IPSec + NAT-t scaling case, when doing session flapping
continually, several Virtual-Access interfaces are "protocol down" and are not
deleted.
Conditions: This symptom can be observed in a DVTI IPSec + NAT-t scenario when
session flapping is done in the spoke side.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.2(1)S |
|
Known Fixed Releases: | 15.0(5.2)DPB35, 15.0(5.28)SID, 15.1(1)SG5.222, 15.1(1)SG5.223, 15.1(1)SG5.224, 15.1(1)SY, 15.1(2)SG1.90, 15.1(2)SIV11.1, 15.1(2)STV11.1, 15.1(2)SY |
|
|
| |
| |
Bug Id: | CSCuc27517 |
Title: | ASR1001 : Permanent license disappear after IOS upgrade |
|
Description: | Symptom:
Permanent license disappear after IOS upgrade or downgrade.
Conditions:
ASR1001
IOS XE upgrade/downgrade
Workaround:
This is not a workaround for devices that have already been upgraded, but when doing any future upgrades do a license save from 3.4 before upgrade and re-install in 3.6+
In 3.4, save all the licenses to a file to bootflash
1RU#license save
in 3.6+, install back all the licenses from the file
1RU#license install
=======================================================================
[use below workaround from 03.05.02 (15.2(1)S2) or older]
ASR1001#license save file bootflash:1RU_34_36_ENFORCE_LICENSE_MIGRATION
========================================================================
With this commit (just provide you another way to avoid this happening):
from 03.07.03 (15.2(4)S3) or later
from 03.09.00 (15.3(2)S) or later
from 03.08.02 (15.3(1)S2) or later
To avoid this happen, you have to create a file in bootflash called
"1RU_34_36_ENFORCE_LICENSE_MIGRATION" to
enforce migration of all the licenses before the upgrade process. The file will be removed automatically
after the license migration.
example:
1RU#license save file bootflash:1RU_34_36_ENFORCE_LICENSE_MIGRATION
For the routers which already hit the issue, customers can either try to reinstall the licenses or
downgrade to 34, create the file in bootflash and upgrade with 36 or later image with this fix again.
============================================================================
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S, 15.2(2)S1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtw50952 |
Title: | ASR crashes due to memory exhaustion after issuing "clear ip ospf" |
|
Description: | Symptoms: A Cisco ASR series router crashes due to memory exhaustion after
issuing the clear ip ospf. This symptom was not observed
before issuing this command.
ACC-CDC-NET-Pri#sh mem stat
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 30097008 1740862372 279628560 1461233812 1460477804
1453167736
lsmpi_io 97DD61D0 6295088 6294120 968 968
968
Conditions: This symptom is observed upon executing the clear ip
ospf causing tunnel interfaces to flap.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
Bug Id: | CSCtx57073 |
Title: | ISSU:XE3.6--->MCP_DEV iosd crash @ Process = Metadata HA |
|
Description: | Symptoms: A Cisco router may crash with the following error:
"Segmentation fault(11), Process = Metadata HA"
Conditions: This symptom is observed while upgrading the router from Cisco
IOS XE Release 3.6 to mcp dev.
Workaround: The required changes have been made with this DDTS to prevent the
crash.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
Bug Id: | CSCtt94440 |
Title: | RLS3.6 eToken: RP reloaded when issue "show cryp eli all" with IKEv2 |
|
Description: | Symptoms: The Cisco ASR 1000 series router RP may reload.
Conditions: This symptom is observed when an etoken is in use and the
show crypto eli all command is issued.
Workaround: Avoid using the show crypto eli all command.
However, you can use the show crypto eli command.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: | 12.4(11)MD10, 12.4(11)MD9, 12.4(15)T10, 12.4(15)T11, 12.4(15)T12, 12.4(15)T13, 12.4(15)T14, 12.4(15)T16, 12.4(15)T17, 12.4(15)XQ2a |
|
|
| |
| |
Bug Id: | CSCuv21984 |
Title: | Fair-queue queue-limit force adjust after change queue-limit. |
|
Description: | Symptom:
Fair-queue queue-limit force adjust after change queue-limit.
Conditions:
in case of change queue-limit, the fair-queue queue-limit adjust automatically in spite of manually configure the fair-queue queue-limit.
2nd, apply policy-map which have bandwidth ramaining ratio at last line.
policy-map test10
class class-default
fair-queue
fair-queue queue-limit 64
bandwidth remaining ratio 1
The fair-queue queue-limit become 16.
Workaround:
Reconfigure the fair-queue queue-limit after change queue-limit.
Further Problem Description:
none
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtz73836 |
Title: | NHRP crash due to DMVPN event-trace |
|
Description: | Symptoms: The router crashes.
Conditions: This symptom is observed when the router is running NHRP.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.1(2)S1 |
|
Known Fixed Releases: | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
Bug Id: | CSCuv52653 |
Title: | ISSU:XE315->XE316 Traceback@ptpd_ipc_mq_drain after final ISSU upgrade |
|
Description: | Symptom:
While testing ISSU from XE315->XE316 with "xe313_1588" feature in Kingpin platform, observing traceback after final iSSU upgrade.
Conditions:
Traceback is seen in ISSU upgrade in Kingpin platform.
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCua06476 |
Title: | clear crypto sa vrf re-registers GM irrespective of their data plane VRF |
|
Description: | Symptoms: When "clear crypto sa vrf" is executed to clear a non-GETVPN SA,
there is an attempt to reregister the GETVPN group members irrespective of
their data plane VRF.
Conditions: This symptom occurs when "clear crypto sa vrf" is executed to clear
a non-GETVPN SA, and there is an attempt to reregister the GETVPN group members
irrespective of their data plane VRF.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.2(3.13)T |
|
Known Fixed Releases: | 15.1(2)IC66.3, 15.2(1)IC273.70, 15.2(1)ICA4.30, 15.2(1.2.3)PI22, 15.2(2)DB101.101, 15.2(2)DB101.112, 15.2(2)E, 15.2(2.2.70)ST, 15.2(2b)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCue33171 |
Title: | STILE Server CTX chunk memory leak |
|
Description: | Symptom:
The command "show platform software memory chunk qfp-control-process qfp active" shows that there are memory leaks from "CPP STILE Server CTX Chunk".
There are three cases of this memory leak:
Case 1: when NBAR is active there is a leak of 40 bytes every 10 seconds.
Case 2: when NBAR is active there is a leak of 60 bytes every 10 seconds.
Case 3: when NBAR is not active there is a leak of 20 bytes every 10 seconds.
Conditions:
Case 1 is observed when the router is running an image with a version prior to 15.3(1)S.
Cases 2 and 3 are observed when the router is running version 15.3(1)S or later.
Workaround:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.2(4)S3, 15.3(1)S2, 15.3(2)S, 15.4(3)M, 15.4(3)M1, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1 |
|
|
| |
| |
Bug Id: | CSCtz61014 |
Title: | f Linux kernel NTP leap second handling could cause deadlock |
|
Description: | Symptom:
There are periodic leap second events which can add or delete a second to global time.
When the leap second update occurs the system will crash when adding or deleting NTP leap second in NTP
master mode.
Conditions:
The leap second update will be propagated via Network Time Protocol (NTP) or via manually setting the clock.
Workaround:
To prevent an issue when the leap second update is received do not configure the system as NTP master.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 15.1(3)S4, 15.2(2)S1 |
|
|
| |
| |
Bug Id: | CSCuo85191 |
Title: | Satnby asr1k running CUBE application crashes at cc_free_feature_vsa |
|
Description: | Symptom: Crash is observed on ASR1000.
Conditions: This symptom is observed when memory allocation fails.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.3(60.1)S |
|
Known Fixed Releases: | 15.3(3)M3.2, 15.3(3)M4, 15.3(3)S3.3, 15.3(3)S4, 15.4(2)S1.5, 15.4(2)S2, 15.4(2)T1.1, 15.4(2)T2, 15.4(3)M0.3, 15.4(3)M1 |
|
|
| |
| |
Bug Id: | CSCuo37957 |
Title: | ATTN-3-SYNC_TIMEOUT - IOS-XE CPU Resource Consumption Vulnerability |
|
Description: | Symptom:
A vulnerability in the packet reassembly subsystem of Cisco IOS-XE could allow an unauthenticated, remote attacker to consume CPU resources which may lead to a denial of service (DoS) condition.
The vulnerability is due to an error message that is triggered to both the console and syslog when a fragmented packet can not be properly reassembled. When an affected device fails to successfully perform reassembly, instead of silently dropping the fragments an error message of ATTN-3-SYNC_TIMEOUT may be triggered. On a device that is highly loaded, this may be leveraged to consume CPU resources that may be required by another process resulting in a temporary halt of the queued process. In some situations this may lead to a drop of transit traffic. An attacker could trigger this vulnerability by sending a series of IPv4 or IPv6 fragments directly to the affected device that are designed to trigger the error message.
Cisco IOS-XE devices rate limit error messages to once every 60 seconds by default.
Conditions:
Cisco ASR 1000, Cisco CSR 1000V, or Cisco ISR 4400 series devices running an affected version of Cisco IOS-XE are vulnerable.
Workaround:
None
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2015-4293 has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S4, 15.4(1)S3, 15.4(2)S2, 15.4(3)S0z, 15.4(3)S1, 15.5(1)S |
|
|
| |
| |
Bug Id: | CSCuo95313 |
Title: | Duplicate Lcookies in every Access-Request |
|
Description: | Symptom: Duplicate cookies are observed in every access request.
Conditions: This symptom occurs when multilogon or logoff is performed on the same session.
Workaround: Tear down the session during the logoff event. Do not configure any delay on the account logoff event.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.3(3)S2.9 |
|
Known Fixed Releases: | 15.0(1)EZ4, 15.0(1.77)ZSR, 15.0(13.95)EZD, 15.0(14.1)TSR, 15.0(14.18)TTT, 15.0(14.57)EZD, 15.0(2.29)ZSR, 15.2(1)IC273.113, 15.2(2)DB101.101, 15.2(2)DB101.112 |
|
|
| |
| |
Bug Id: | CSCua56184 |
Title: | RP crashes during flexvpn longevity after multiple RP switchovers |
|
Description: | Symptoms: Multiple RP switchovers occur within a very short span of time.
Conditions: The symptom is observed with multiple RP switchovers on a Cisco ASR
1000 router and it fails to allocate an IPsec SPI.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
Bug Id: | CSCuv30194 |
Title: | crash at wccp stats handler |
|
Description: | Symptom:
crash at cpp_wccp_query_n_intf_stats_handler
Conditions:
root cause is found by digging the core file, we are not able to reproduce the issue by now.
The condition should be as follow:
1. ESP has high memory usage
2. There're some inactive WCCP service configured on interface
3. Active WCCP service is configured on interface after the inactive service is configured.
The crash code is in the statistic update function which happen every 10s.
Workaround:
don't attach services which is not configured globally to interface, don't attach inactive services to interface, and always delete inactive services from interface.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.4(3)S1.9 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCua10556 |
Title: | crypto ikev2 sa stuck in delete state |
|
Description: | Symptoms: A few IKEv2 SAs get stuck in delete state.
Conditions: The symptom is observed when bringing up 2k flex sessions.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
Bug Id: | CSCui46535 |
Title: | ASR: IPSec packets are getting reordered through crypto engine |
|
Description: | Symptom:
ASR1000 / ASR1002-x may see packets belonging to IPSEC sessions out of order. Packet reordering may be observedin both the encrypt and decrypt direction. It is observed with both fixed frame size and IMIX traffic.
This may cause performance problems with TCP applications due to perceived packet loss.
Conditions:
ASR1000 / ASR1002-x performing IPSec encryption or decryption using onboard hardware crypto engine
Workaround:
The rate of reordered frames increases with increases in the test traffic rates. Smaller packets may get out ahead of larger packets (due to time needed to encrypt/decrypt using block cipher).
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.3(1)S, 15.3(3)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
Bug Id: | CSCub99778 |
Title: | ASR1K GETVPN GM does not attempt registration after reload interface up |
|
Description: | Symptoms: The Cisco ASR 1000 router being GM in a Get VPN deployment fails to
start GDOI registration after a reload.
Conditions: This symptom occurs when running Cisco IOS Release 15.2(4)S. The
following error is displayed in the show crypto gdoi
command output after reload.
Registration status : Not initialized
Workaround: Use an EEM script to issue "clear crypto gdoi" some time after boot
time or issue this manually.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.1(1)SY0.1, 15.1(1)SY1, 15.1(1)SY1.32, 15.1(1)SY1.55, 15.1(1)SY1.57, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1 |
|
|
| |
| |
Bug Id: | CSCtd72617 |
Title: | Cisco IOS XE Software Fragmented Packet Denial of Service Vulnerability |
|
Description: | Symptom:
A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet.
The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow the attacker to cause a reload of the affected platform.
Cisco has released software updates that address this vulnerability.
There are no workarounds to mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k
Conditions:
See published Cisco Security Advisory
Workaround:
See published Cisco Security Advisory
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2015-4291 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 12.2(33)XNA |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum10676 |
Title: | ASR1K crashes at l2_mc_replication_module |
|
Description: | Symptom:
Router crashes during multicast replication
Conditions:
Unknown at this time
Workaround:
12/16/2013
Unknown at this time
01/01/2014
Following is the config to change the age timers. Customers can adjust this age time based on their requirement.
ARP aging time config:
-------------------
ASR(config)#int BDI164
ASR(config-if)#arp timeout ?
<0-2147483> Seconds
ASR(config-if)#arp timeout 1800
ASR(config-if)
|
没有评论:
发表评论