| |
Bug Id: | CSCtu22280 |
Title: | ISM-VPN may leak plaintext data from previous encrypted packets |
|
Description: | Symptom:
Packets sent in clear on encrypted link
Condition:
Cisco Software in Cisco VPN Internal Service Module (VPN ISM) contains a vulnerability that could allow an unauthenticated, remote attacker to gain
access to sensitive information on a targeted system.
The vulnerability resides in the encryption library used by the vulnerable software. This library allows a portion of an encrypted packet to be sent
unencrypted in the following packet. The vulnerability is specific only when Internet Protocol Security (IPSec) is used, as in the case with Virtual
Private Network (VPN) environments. If an unauthenticated, remote attacker could access an encrypted session, the attacker could obtain
unencrypted packets that would contain information. This attacker could possibly benefit from this information and possibly launch further attacks.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
4.3/3.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
CVE ID CVE-2011-4667 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.2(1)T1 |
|
Known Fixed Releases: | 15.2(1.13)T, 15.2(2.12)T |
|
|
| |
| |
Bug Id: | CSCur70959 |
Title: | Memory leak @ sipContentObjPvtSetBody |
|
Description: | Symptom:
Memory leak on processor pool occurs when SIP phones register via a register pool (e.g. voice register pool 60) using TCP.
The leak is reflected as the "CCSIP_SPI_CONTROL" and "Dialog Manager" processes:
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 129E0FDC 1844461672 926816936 917644736 695680236 641408232
I/O 3D000000 50331648 32294840 18036808 17988704 15203772
PID TTY Allocated Freed Holding Getbufs Retbufs Process
307 0 635342772 306024464 320536812 0 0 Dialog Manager
384 0 107120680 107902680 221925672 0 0 CCSIP_SPI_CONTRO
0 0 347781848 163431556 176266660 0 0 *Init*
0 0 0 0 142589620 0 0 *MallocLite*
PC Total Count Name
0x0897CE54 198191196 90251 CCSIP_SPI_CONTROL
0x088E2864 81210960 90268 CCSIP_SPI_CONTROL
0x088E2824 81207048 90256 Dialog Manager
0x0469D474 48614232 39588 *Packet Header*
Conditions:
Registration method must be via a voice registration pool with TCP.
Workaround:
Use UDP in the pools to register SIP phones.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M6.1 |
|
Known Fixed Releases: | 15.2(4)M8, 15.3(3)M5.2, 15.3(3)S5.8, 15.4(3)M2.2, 15.4(3)M3, 15.4(3)S2.11, 15.4(3)S3, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1 |
|
|
| |
| |
Bug Id: | CSCus95226 |
Title: | Compact Flash corruption due to call-home directory being created |
|
Description: | Symptom:
A cisco 2911 router fails to boot due to a corrupted compact flash. When the problem occurs, the following messages will be displayed on the console:
*Jan 31 09:42:22.419: %SYS-4-CHUNKSIBLINGSEXCEED: Number of siblings in a chunk has gone above the threshold. Threshold:10000 Sibling-Count:15189 Chunk:0x21A03EC4 Name:FDNODE -Process= "Init", ipl= 4, pid= 3
-Traceback= 3051B2C4z 3051B538z 30522B54z 30521E0Cz 3052C320z 305356ECz 3210D498z 3210EC18z 32108E60z 30BC73E8z 30BC94F0z 3069E94Cz 3069FD34z 3067E734z 302F49ACz 3067F430z
Removing the compact flash and reading it on a PC shows a directory called "call-home" that is corrupted (the directory size is 1.2gb even though the actual size of the flash is only 256mb). Manually deleting the "call-home" directory results in the router correctly booting from the flash
Conditions:
Workaround:
Manually delete the call-home directory on the flash then reinstall the flash card in the router.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.3(3)M4 |
|
Known Fixed Releases: | 15.3(3)M5.2, 15.4(3)M2.1, 15.4(3)M3, 15.4(3)S2.10, 15.4(3)S3, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(2)S0.3, 15.5(2)S1 |
|
|
| |
| |
Bug Id: | CSCub13317 |
Title: | Cisco 2900 with VWIC2-2MFT-T1/E1 ; increasing input errors and CRC error |
|
Description: | Symptom:
Cisco 2900 with VWIC2-2MFT-T1/E1 in TDM/HDLC mode doesn't forward any traffic across the serial interface after certain amount of time
Conditions:
Configure frame relay over VWIC2 channel-group in TDM/HDLC mode
Workaround:
Configure VWIC2 ports for "clock source line independent" if using VWIC2 for data channels only.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2012-3918 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.0(1)M5 |
|
Known Fixed Releases: | 15.0(1)M10, 15.0(1)M8.19, 15.0(1)M9, 15.1(4)M5.4, 15.1(4)M6, 15.1(4)M7, 15.1(4)M8, 15.1(4)M9, 15.2(1.2.3)PI22, 15.2(4)GC |
|
|
| |
| |
Bug Id: | CSCuc42558 |
Title: | Memory leak in CCSIP_SPI_CONTROL @ url_parseTelUrl |
|
Description: | Symptom:A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software releases are affected.
Cisco has released free software updates that address this vulnerability.
There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-sip
Conditions:See affected products section of the advisory.
Workaround:See the workarounds section of the advisory.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.1(4)M4, 15.1(4)M5 |
|
Known Fixed Releases: | 15.1(4)GC2, 15.1(4)M6 |
|
|
| |
| |
Bug Id: | CSCue53910 |
Title: | CPU spike in Per-Second jobs process with SFP installed and no fiber |
|
Description: | Symptom: Periodic CPU spikes in the per-second jobs process.
Conditions: This problem is observed when an SFP module is installed in the router and no fiber is connected or PEER is shutdown.
Workaround: Admin shutdown the interface or use media-type RJ45 where possible.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.0, 15.3(3)M |
|
Known Fixed Releases: | 15.3(2)T1.3, 15.3(2)T2, 15.3(2)T3, 15.3(2)T4, 15.3(3)M1.8, 15.3(3)M2, 15.3(3)M3, 15.4(1.5)T, 15.4(2)CG, 15.4(2)T |
|
|
| |
| |
Bug Id: | CSCtt96597 |
Title: | Unable to power-cycle modem using test CLI |
|
Description: | Symptoms: Unable to power-cycle modem using test cellular
unit modem-power-cycle.
Conditions: The symptom is observed when a router cannot communicate with the
modem due to a possible modem firmware crash or device disconnect.
Workaround: Reload router.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.1(3)T |
|
Known Fixed Releases: | 15.1(3)T2.3, 15.1(3)T3, 15.1(3)T4, 15.1(4)GC1, 15.1(4)GC2, 15.1(4)M2.4, 15.1(4)M3, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 |
|
|
| |
| |
Bug Id: | CSCtw78539 |
Title: | 2900 GE in 10Mbps: TX ring stuck %ALIGN-3-TRACE at cn_xfr_ge_safe_start |
|
Description: | Symptom:
A Cisco ISR router running Cisco IOS Release 15.2(2)T may lose the ability to forward traffic via its Gigabit Ethernet interface due to a stuck Tx ring.
Conditions:
This symptom is observed with Cisco IOS Release 15.2(1)T1, 15.2(2)T, and 15.2(4)M. This is a regression issue that does not affect 15.1(4)M2 based on anecdotal accounts.
During the event the following logs can be seen which indicate a spurious memory access has occurred:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0xXXXXXXXX reading 0x0
%ALIGN-3-TRACE: -Traceback= 0xXXXXXXXX ...
At this time, the Tx ring of the interface becomes hung, causing packet drops to accumulate at the output queue (as seen via "show interface"), effectively preventing traffic flow. Eg:
Total output drops: 25185
Output queue: 331/1000/25184 (size/max total/drops)
Workaround:
Reload the router or bounce the interface via "shut"/"no shut".
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 15.2(2)T |
|
Known Fixed Releases: | 15.2(1)T3.3, 15.2(1)T4, 15.2(1.2.3)PI22, 15.2(2)T3.5, 15.2(2)T4, 15.2(3)T4, 15.2(4)GC, 15.2(4)GC1, 15.2(4)GC2, 15.2(4)M2.8 |
|
|
| |
| |
Bug Id: | CSCud96075 |
Title: | IOS crash due to DSP crash when Transcoder is activated |
|
Description: | Symptom:
A router running Cisco IOS Release 15.2(4)M2 will reload with a bus
error soon after the DSP reloads when there is a live transcoding session.
Conditions:
This symptom is observed with Cisco IOS Release 15.2(4)M2.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M2 |
|
Known Fixed Releases: | 15.1(4)M7.4, 15.1(4)M8, 15.1(4)M9, 15.2(1.2.3)PI22, 15.2(4)GC, 15.2(4)GC1, 15.2(4)GC2, 15.2(4)M3.4, 15.2(4)M4, 15.2(4)M5 |
|
|
| |
| |
Bug Id: | CSCuj06856 |
Title: | Memory leak in Normal Buffers @if_hdlc32_rx_isr |
|
Description: | Symptom:
Memory leak of normal buffers.
Conditions:
Cisco 2900 series routers with a VWIC2-xMFT-T1/E1 installed, with TDM clocking (clock source line
or clock source internal)
Workaround:
To configure the command "clock source line independent' under channel-group.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M4.3 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCud06180 |
Title: | CWAN_SHIM/SDK crash EHWIC-4G-LTE-V |
|
Description: | Symptoms: Periodically, the Cisco EHWIC-4G-LTE-V would stop passing traffic. The user would execute "test cellular 0/1/0 mod-power-cycle" to restore service.
Conditions: This symptom is observed during temporary network outage.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.1(4)M4, 15.1(4)M5 |
|
Known Fixed Releases: | 15.1(4)M5.14, 15.1(4)M6, 15.2(1.2.6)PI22, 15.2(4)M2.4, 15.2(4)M3, 15.2(4)XB11, 15.3(1)T0.1, 15.3(1)T1, 15.3(1.11)T, 15.3(1.13.1)PIH21 |
|
|
| |
| |
Bug Id: | CSCtx98399 |
Title: | cisco 2921 crashing Detect PCIe 0 error, 0x00000054, |
|
Description: | Symptom:
2921 crashes with below error
001248: Jan 27 18:00:40.384: %PLATFORM-0-PCIE_ERR: PCIe advanced error report: Detect PCIe 0 error, 0x00000054, 0x00000000, 0x00000000, 0x00000000, 0x00000000
Conditions:
Workaround:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.0(1)M4 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCua76157 |
Title: | BGP routes getting advertised even after removing send-lable from the PE |
|
Description: | Symptoms: BGP routes are displayed.
Conditions: This symptom occurs after removing the "send-label" from PE.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 12.2SR, 15.2(3)T4, 15.2(4)S, 15.3(0.18)T0.1, 15.3(0.18)T0.6, 15.3(0.8)T, 15.3(1)S, 15.3(1)T0.1 |
|
Known Fixed Releases: | 15.1(1)IB273.8, 15.1(1)IC66.17, 15.1(1)ICA4.16, 15.1(1)ICB40.1, 15.1(1)SY1.32, 15.1(1)SY1.55, 15.1(1)SY1.57, 15.1(1)SY1.7, 15.1(1)SY2, 15.1(1)SY3 |
|
|
| |
| |
Bug Id: | CSCub55303 |
Title: | hwic-4esw locks up after few days of operation on 2911 |
|
Description: | Symptoms: HWIC-4ESW stops passing the traffic after 5-6 days of operation on
Cisco 2911/K9 running Cisco IOS Release 15.2(3)T1.
Conditions: This symptom is observed with Cisco 2911/K9 running Cisco IOS
Release 15.2(3)T1.
Workaround: Shut/no shut on the HWIC interface restores connectivity.
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.2(3)T1, 15.2(4)M4.5 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCui82259 |
Title: | c2911 Crashes on configuration change via EEM script |
|
Description: | Symptom: Cisco IOS router reloads, giving a traceback.
Conditions: This symptom occurs when the failover is initiated from the primary link (GX) to the secondary link (BGAN) or from BGAN to GX for multiple VRFs at the same time, using an EEM script.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.3(1)T |
|
Known Fixed Releases: | 15.1(1)ICA4.122, 15.2(1)IC273.6, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST, 15.4(0.12.6)PIH23, 15.4(0.19)S0.6, 15.4(0.19)T, 15.4(0.20)PI24, 15.4(0.20.1)CG |
|
|
| |
| |
Bug Id: | CSCuu49052 |
Title: | Per-Tunnel QOS Dropping CS6 Traffic |
|
Description: | Symptom:
Per-Tunnel QOS Dropping on DMVPN HUB dropping CS6 Traffic
Conditions:
Upon applying and QOS policy to a DMVPN hub this could result in CS6 control plane traffic being dropped on the egress. Which results in one-way communication with traffic being received from the spokes but not responded to by the HUB. In this condition no drops will be present within the [show policy-map multipoint tunnel #] output for the corresponding class which matches CS6 traffic.
HUB(config)#do sho logg | i PIM
PIM(0): Send periodic v2 Hello on Tunnel0 with GenID = 2909637817
PIM(0): Received v2 hello on Tunnel0 from 10.0.0.2
PIM(0): Neighbor (10.0.0.2) Hello GENID = 2911155061
PIM(0): Received v2 hello on Tunnel0 from 10.0.0.3
PIM(0): Neighbor (10.0.0.3) Hello GENID = 3278157996
HUB(config)#
###Hello Never Received by Spoke####
Spoke2#sho log | i PIM
PIM(0): Send periodic v2 Hello on Tunnel0 with GenID = 2911155061
PIM(0): Send periodic v2 Hello on Tunnel0 with GenID = 2911155061
Workaround:
NONE
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.4(3)M1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus77335 |
Title: | Tags are not set for OSPF/EIGRP packets with VRF. |
|
Description: | Symptom:
When vrf is configured, sgt is not picked-up correctly for OSPF/EIGRP packets.
Conditions:
Occurs only when vrf is configured
Workaround:
None
Further Problem Description:
To query the correct sgt value from the relevant vrf, the tableid is extracted from pak->table_id. But in this case, the tableid is still not set and the query goes to default tableid (0). As the binding will not be in the default tableid for this vrf, value of '0' is returned.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.4(3)M |
|
Known Fixed Releases: | 15.2(4.0)ST, 15.5(1.18)S0.11, 15.5(2)S, 15.5(2.11)T, 15.5(2.13)S, 15.5(2.14.1)PIH28, 15.5(2.16.5)PIH28 |
|
|
| |
| |
Bug Id: | CSCtg72652 |
Title: | Work around of Power related HW issue CSCtg33256 |
|
Description: | Symptoms: On Cisco 2900 series routers, the following warning message might
display on the console:
%ENVMON-1-POWER_WARNING: : Chassis power is not good in the PSU 1
Conditions: Under rare conditions, the power supply sometimes sends a false
alarm status to the system, even though the system power is working fine.
Workaround: There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.0(1)M |
|
Known Fixed Releases: | 15.0(1)M10, 15.0(1)M5.4, 15.0(1)M7, 15.0(1)M8, 15.0(1)M9, 15.1(1)T3.4, 15.1(1)T4, 15.1(1)T5, 15.1(2)T3.1, 15.1(2)T4 |
|
|
| |
| |
Bug Id: | CSCuq36627 |
Title: | WAAS Express:Failed to create SSL session. (no available resources) |
|
Description: | Symptom:
WAAS-X SSL error message seen when SSL-AO is enabled
Failed to create SSL session. (no available resources)
Conditions:
The problem is seen if there are too many Aborts of the SSL session when packets are in flight.
Workaround:
Disable SSL-AO and only use TDL
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.2(4.0.1) |
|
Known Fixed Releases: | 12.2(33)CX, 12.2(33)IRC, 12.2(33)MRA, 12.2(33)SB14, 12.2(33)SB15, 12.2(33)SB16, 12.2(33)SB17, 12.2(33)SB4, 12.2(33)SB6a, 12.2(33)SB6aa |
|
|
| |
| |
Bug Id: | CSCus14655 |
Title: | [PI27ST]: CUBE crashed when enabling Cayuga media forking |
|
Description: | Symptom:
CUBE crashed when enabling cayuga based media forking
Conditions:
CUBE crashed when enabling cayuga based media forking
Workaround:
none
Further Problem Description:
CUBE crashed when enabling cayuga based media forking
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.5(1.10)T |
|
Known Fixed Releases: | 15.5(1)S0.9, 15.5(1)S1, 15.5(1)SN1, 15.5(1)T0.2, 15.5(1.17)T, 15.5(1.18)S0.5, 15.5(1.21)PI28a, 15.5(2)S, 15.5(2.5)S |
|
|
| |
| |
Bug Id: | CSCut86321 |
Title: | Tx hang on 2951`s GigabitEthernet IF |
|
Description: | Symptom:
2951`s Gi interface is hung. the output rate drop to 0 and the output queue got stuck at 40/40.
Conditions:
- hardware is PQ3_TSEC
- with duplex half
- Output queue got 40/40
Workaround:
"shut/no shut" the IF
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo08731 |
Title: | 2921 Trace backs from CSDB Timer process with IPS, short lived flows |
|
Description: | Symptom:
Trace backs
Conditions:
Few real time traffics with MMA AVC enabled
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.4(2.8)T, 15.5(1)T |
|
Known Fixed Releases: | 15.3(3)M3.2, 15.3(3)M4, 15.4(1)T1.2, 15.4(1)T2, 15.4(2)T1.1, 15.4(2)T2, 15.4(2.15)PI26a, 15.4(2.15)PI26b, 15.4(2.15)T, 15.4(3)M |
|
|
| |
| |
Bug Id: | CSCuv07808 |
Title: | BSTUN async-generic combining input frames |
|
Description: | Symptom:
BSTUN asyn-generic is combining input frames that are properly seperated by 100ms gap.
Conditions:
Applies to BSTUN async-generic only
Workaround:
None.
Further Problem Description:
None.
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtz51773 |
Title: | ISM-VPN crashing due to an assert in IPSec classification code |
|
Description: | Symptoms: High CPU seen on routers equipped with an ISM-VPN module. The output
of show process cpu shows that the process "REVT
Background" is using around 70% of the CPU cycles.
The ISM-VPN module is not visible in show diag, and the
output of show crypto engine configuration indicates that
the module status is DEAD.
Conditions: The symptom is observed with an ISM VPN with a few IPSec tunnels.
This can take between a day and a week.
Workaround 1: Reload the router.
Workaround 2: For a longer-run workaround and if the traffic volume is not too
high, switch to the onboard crypto hardware using the configuration no
crypto engine slot 0.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 15.2(1)T1, 15.2(2)T1, 15.2(3)T1 |
|
Known Fixed Releases: | 15.2(1)T2.13, 15.2(1.2.3)PI22, 15.2(2)T1.12, 15.2(3.16)M0.4, 15.2(4)XB10, 15.3(0.5)T |
|
|
| |
| |
Bug Id: | CSCuu98467 |
Title: | FNF stops working after a few hours |
|
Description: | Symptom:
The FNF stops working after few hours
Conditions:
FNF configured on the router
Workaround:
Reload the router or re-apply the FNF config.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 15.3(0.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCth82293 |
Title: | 2900 bus error crash at PC 0x0 due to CNS feature - cns_apply_configlet |
|
Description: | Symptoms: ISR-G2 router crashes due to bus error at PC 0x0 with spurious
errors and the following message:
%ALIGN-1-FATAL: Corrupted program counter
Conditions: The symptom is observed with wrong usage of CNS initial and
partial configurations mixed with cns config retrieve
execution.
Workaround: Avoid wrong CNS usage. Consult Cisco for correct CNS usage.
Further Problem Description: Although the issue is seen with a Cisco 2911, it
is not specific to the 2900 series alone. It can occur with any router
platform.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 15.1(1)T |
|
Known Fixed Releases: | 12.2(900)TST, 15.0(1)SY, 15.0(1.19)SID, 15.1(0.0.13)PIL15, 15.1(0.18)S, 15.1(1)SG1.3, 15.1(1)SG3.90, 15.1(2)SG1.135, 15.1(2)SIV11.8, 15.1(2.14)T |
|
|
| |
| |
Bug Id: | CSCus56080 |
Title: | Memory leak in using ISM-VPN module at pse2_ge_rx_interrupt |
|
Description: | Symptom:
While passing multicas traffic with ISM-VPN module enabled, we can see a memory leak in the I/O pool
Specifically Normal buffers
Normal buffers, 1548 bytes (total 10257, permanent 3840):
0 in free list (128 min, 4096 max allowed)
13709 hits, 6843 misses, 0 trims, 6417 created
4510 failures (5750 no memory)
Conditions:
Multicast traffic
ISM-VPN module enabled
Workaround:
TBD
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.5(1)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu73697 |
Title: | ISM drops fragmented traffic if virtual-reassembly configured |
|
Description: | Symptom:
ISM-VPN drops fragmented IPsec packets when decrypting
Conditions:
o ISM-VPN module enabled
o ip virtual-reassembly enabled on the crypto interface
Workaround:
o disable virtual-reassembly
o disable ISM module
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M, 15.3(3)M4 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu95643 |
Title: | CISCO2921/K9 with Call Manager XML client crashes |
|
Description: | Symptom:
You can see cmapp_xml_get_attr_value as the latest trace in crashinfo. TLB (load or instruction fetch) exception is reported:
15:10:10 UTC Mon Jun 8 2015: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x351F58BC
Conditions:
Call manager configured
Other conditions are under investigation
Workaround:
None
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 15.4(3) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu96892 |
Title: | MOH is not received in Call hold scenario. |
|
Description: | Symptom:
Conditions:
Tone not being received in Call hold scenario.
Workaround:
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 15.5(2.25)T, 15.6(0.3)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur68356 |
Title: | %ALIGN-3-CORRECT alignment errors leading high CPU |
|
Description: | Symptom:
High CPU showing:
CPU utilization for five seconds: 56%/100%; one minute: 50%; five minutes: 37%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
297 28332 1485591 19 12.64% 1.52% 0.87% 0 MMON MENG
303 43584 564 77276 24.79% 27.05% 9.30% 391 SSH Process
Alignment errors:
000054: *Nov 11 18:42:05.587 EST: %ALIGN-3-CORRECT: Alignment correction made at 0x300B724Cz reading 0xECFE50D
000055: *Nov 11 18:42:05.587 EST: %ALIGN-3-TRACE: -Traceback= 0x300B724Cz 0x300D6C10z 0x300BFA90z 0x300C6F6Cz 0x30039110z 0x32A8EB48z 0x304721E0z 0x304727D0z
000056: *Nov 11 18:43:05.595 EST: %ALIGN-3-CORRECT: Alignment correction made at 0x300B8800z reading 0xED01E0D
000057: *Nov 11 18:43:05.595 EST: %ALIGN-3-TRACE: -Traceback= 0x300B8800z 0x300D6C10z 0x300BEEDCz 0x300C5F44z 0x30051118z 0x3003926Cz 0x32A8EB48z 0x304721E0z
000356: Nov 11 20:02:06.176 EST: %ALIGN-3-CORRECT: Alignment correction made at 0x300B8800z reading 0xEC7A5CD
000357: Nov 11 20:02:06.176 EST: %ALIGN-3-TRACE: -Traceback= 0x300B8800z 0x300D6C10z 0x300BEEDCz 0x300C5F44z 0x30054420z 0x3003926Cz 0x32A8EB48z 0x304721E0z
Total Corrections 8227507, Recorded 3, Reads 8227507, Writes 0
Conditions:
N/A
Workaround:
Not known
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 15.3(3)M4 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu33351 |
Title: | Input queue Wedge due pool_grow_cache |
|
Description: | Symptom:
Input queue Wedge due pool_grow_cache
Conditions:
NA
Workaround:
Router Reload
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuj86253 |
Title: | 2900 w/ Multiple EHWIC-4ESG-P's and L2TPv3 via SVI's drops 50% multicast |
|
Description: | Symptom: Cisco 2900 with Multiple EHWIC-4ESG-P's and L2TPv3 via SVI's (one per SVI) drops 50% multicast on pre-existing and working L2TPv3 sessions when attempting to establish a new L2TPv3 tunnel to a new destination that is not yet reachable/configured.
Conditions: Cisco 2900 with Multiple EHWIC-4ESG-P's
pseudowire-class L2TP
encapsulation l2tpv3
interworking ethernet
ip local interface Loopback100
!
interface GigabitEthernet0/0/0
switchport access vlan 101
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/0/1
switchport access vlan 102
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/0/2
switchport access vlan 103
no ip address
shutdown
spanning-tree portfast
!
interface Vlan101
no ip address
xconnect 192.168.1.181 101 pw-class L2TP
!
interface Vlan102
no ip address
xconnect 192.168.1.182 102 pw-class L2TP
!
interface Vlan103
no ip address
xconnect 192.168.1.183 103 pw-class L2TP
Workaround: Physically cable EHWIC-4ESG-P to the onboard c2900 GigE interface and tie L2TPv3 tunnels to dot1q sub interfaces:
pseudowire-class L2TP
encapsulation l2tpv3
interworking ethernet
ip local interface Loopback100
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/1.101
encapsulation dot1Q 101
xconnect 192.168.255.2 101 pw-class L2TP
!
interface GigabitEthernet0/1.102
encapsulation dot1Q 102
xconnect 192.168.255.3 102 pw-class L2TP
!
interface GigabitEthernet0/1.103
encapsulation dot1Q 103
xconnect 192.168.255.4 104 pw-class L2TP
!
interface GigabitEthernet0/0/0
switchport access vlan 101
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/0/1
switchport access vlan 102
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/0/2
switchport access vlan 103
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/0/3
switchport mode trunk
no ip address
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.2(4)M2, 15.4(2)T1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo23114 |
Title: | packet loss observed when unrelated interface is unshut |
|
Description: | Symptom:
When an unrelated onboard ISR-G2 GE port is unshut, some packets will be dropped by the ingress interface and marked as "input error" and "overrun" in "show interface"
Conditions:
Traffic flows through ISR-G2 onboard GE ports and an unused onboard GE port is unshut. The ingress GE port would drop some packets.
Workaround:
Enable Flow Control on peer device connecting to the ingress ISR-G2 port.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.1(4)M3, 15.2(2)T, 15.3(3)M3 |
|
Known Fixed Releases: | 15.3(3)M4, 15.5(0.9)T, 15.5(1.2.1a)GB |
|
|
| |
| |
Bug Id: | CSCtn82089 |
Title: | EHWIC-D-8ESG-P: data vlan loses connectivity with portfast & voice vlan |
|
Description: | Symptom:
Connectivity loss to PCs in data vlan when connected to ports on a EHWIC-D-8ESG-P.
PCs do not get IP address from DHCP server.
Conditions:
Issue noticed when the EHWIC-D-8ESG-P interface is configured in the following order (portfast prior to voice vlan):
Router(config-if)#switchport access vlan 100
Router(config-if)#spanning-tree portfast
Router(config-if)#switchport voice vlan 101
Workaround:
Remove the portfast and voice vlan configuration and re-apply voice vlan prior to portfast.
NOTE : if the router is reloaded it is possible that the portfast is applied first leading to the connectivity loss.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.1(3)T, 2.1(12) |
|
Known Fixed Releases: | 15.2(0.10)T, 15.2(0.3.3)PIH16, 15.2(0.7.7)PIA17, 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T4, 15.2(2)JA, 15.2(2)JA1, 15.2(2)JAX |
|
|
| |
| |
Bug Id: | CSCuv02280 |
Title: | Crash seen 2900 with ism with traffic through GRE and cryptomap traffic |
|
Description: | Symptom:
router crashed while sending traffic through tunnel
Conditions:
bi-directional high rate Ipv4 and Ipv6 traffic through tunnel
Workaround:
nil
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.3(3)M |
|
Known Fixed Releases: | 15.5(2.25)M0.6, 15.5(2.25)M0.7, 15.5(3)M, 15.6(0.7)T |
|
|
| |
| |
Bug Id: | CSCuv01607 |
Title: | Invalid spi, Attempt to use contiguous buffer as scattered, Full queue |
|
Description: | Symptom:
Traceback & buffer error:
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=X.X.X.X, prot=50, spi=0x410D57F3(1091393523), srcaddr=Y.Y.Y.Y, input interface=GigabitEthernet0/1
Jun 16 12:31:00.744: %SYS-2-BADBUFFER: Attempt to use contiguous buffer as scattered src, ptr= 3DE47CB4, pool= 3DE47634 -Process= "", ipl= 1
-Traceback= 300BE43Cz 37116CF8z 37108568z 30402C18z 304037E0z 30406CE4z 37108BDCz 300C04ECz 300BFE30z 3002A23Cz 30F4D278z
Interfaces associated with tunnels get wedged shortly - input queue full.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.5(1)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut45177 |
Title: | CWS HTTPs traffic fails to load on ISR configured with NVI |
|
Description: | Symptom:When Cloud Web Security and NAT Virtual Interface are configured on the same box, CWS will fail to load HTTPS traffic on any client that is subject to redirection to CWS. HTTP traffic will display correctly in the browser as expected.
NAT Virtual Interfaces are required to be used in VRF-lite configurations if the inside and outside interfaces are both in two different VRFs.
Conditions:CWS and NVI (NAT Virtual Interface) need to be configured together on the ISR.
Workaround:Use traditonal Nat to identify the NAT inside and outside interface in VRF-Lite setups where only one interface is in a VRF and another interface is in global.
If when using VRF-Lite and both interfaces are in different VRFs then there is no workarounds at this time.
More Info:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 15.4(3)M, 15.5(1)T |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuq82122 |
Title: | SSTE: Router crashed @mace_dp_remove_feature_object_for_cli |
|
Description: | Making external as the bug is observed in customer's network environment
Symptom:
The device may unexpectedly reload
Conditions:
while putting the following config:
no mace monitor waas all mace-flow
it will not happen all the times
Workaround:
None at this time
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 15.4(1)T1, 15.5(0.20)T, 15.5(0.25)T0.1 |
|
Known Fixed Releases: | 15.6(0.8)T |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论