| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv00287 | Title: | Fixes for mpg-dev collapse 23/06/15 |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: | The bug occurred in a development lineup and so was never released to any customers.
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv23745 | Title: | nv_optical_satmgr crash seen on configuring satellite on Panini |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: | Symptom:
RP/0/RP0/CPU0:ios#RP/0/RP0/CPU0:Jan 21 00:16:14.138 : nv_optical_satmgr[1117]: %PKT_INFRA-ICPE_OWNER_CORE-3-DLL_OPEN_FAILURE : Failed to successfully open dependent DLL and load necessary symbols. DLL name: libcontroller_otn_odu_MA.dll. DLL initialization function: icpe_ma_dll_init. Error: libeth_intf_ea_plat_api.so: cannot open shared object file: No such file or directory. Process is unable to run and will exit
Above message continuously seen
Conditions:
Configure satellite on Panini
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.11i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv79703 | Title: | Deregistration failed after proc restart smartlicserver |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: * | Symptom:
Occasionally right after proc restart smartlicserver, the license de-registration will fail, then re-registration force can work, but it still cannot bring the router back to production mode, it stays in DEMO mode (traffic limit applies).
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#proc restart smartlicserver
RP/0/RP0/CPU0:Aug 13 22:04:44.372 UTC: sysmgr_control[69388]: %OS-SYSMGR-4-PROC_RESTART_NAME : User root (con0_RP0_CPU0) requested a restart of process smartlicserver at 0/RP0/CPU0
%SMART_LIC-2-PLATFORM_ERROR:Platform is Not Registered to send Event SmartAgentPlatformAgentGracefulTerminate
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#license smart deregister
Error: License command "license smart deregister " failed.
Smart Agent not registered
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#RP/0/RP0/CPU0:Aug 13 22:05:15.050 UTC: smartlicserver[125]: %HA-CHKPT_BASIC-7-WARNING : Warning: chkpt_mapkey called with invalid table id 40001e28: : 0 : smartlicserver : (PID=16191) : -Traceback= 7f186bfe143f 7f1873421d58 7f1873448317 7f187342c438 7f187342d478 7f1873424c22 7f1873424f64 7f187342560a 7f1873425821 7f1873425c0b 7f187342d047 7f187342d613 7f186bfe20a0 7f18726840e5 7f1873ae2c38 7f1873af4b3e
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#license smart register id MzQyZDk1OTQtMzJmNy00MTRjLTljZjMtYWQ0ZDRjMWM1ZDY2LTE0NDE4NTMz%0ANzM3MDB8eTE4RWNPZnM2QzhGamVIZ1NQcjZTNDY3OFFySFVJTC9QUDd5WWpD%0AZmdDaz0%3D%0A force
License command "license smart register idtoken " completed successfully.
Registration process is in progress. Use the 'show license status' command to check the progress and result
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show license platform summary
Current state: DEMO
Collection: LAST: (disabled)
NEXT: (disabled)
Reporting: LAST: (disabled)
NEXT: (disabled)
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
System Product: Right to Use 1 0
System Foundation: IP/MPLS Premium (per 1 Gbps) 106 0
System Feature: QoS (per 1Gbps) 107 0
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
Conditions:
occasionally process restart smartlicserver
Workaround:
The fix SMU is available.
Further Problem Description:
N/A
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv89314 | Title: | pre-req needed while supersede is included |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
a pre-requisite is asked for during installation but its supersede is included.
Conditions:
for instance with:
CSCuv27556 needs CSCuv27376, but CSCuv27376 is superceded by CSCuv09734.
Workaround:
install the smu's you want via a tarball to pacify the prereq condition in this example scenario
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv47592 | Title: | PLATFORM-CIH-7-ASIC_ERROR_REPROG_RESOURCE error seen on Arwen Fia_driver |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
PLATFORM-CIH-7-ASIC_ERROR_REPROG_RESOURCE error seen on Arwen Fia_driver
Conditions:
Workaround:
None
Further Problem Description:
With following xspeed image , After sometime of successful traffic flow through L2vpn xconnect on Arwen LC , following interrupt errors are seen for Arwen fia_driver .
With this , now traffic drops are seen even though all interfaces & xconnects are up.
LC/0/LC0:Mar 19 05:56:57.672 : fia_driver[237]: %PLATFORM-CIH-7-ASIC_ERROR_REPROG_RESOURCE : fia[2]: A config-err error has occurred causing packet drop transient. CMIC.CMIC_CMC0_IRQ_STAT4.IRE.Interrupt_Register.ErrorBadReassemblyContext
LC/0/LC0:Mar 19 06:02:03.813 : fia_driver[237]: %PLATFORM-CIH-7-ASIC_ERROR_REPROG_RESOURCE : fia[2]: A config-err error has occurred causing packet drop transient. CMIC.CMIC_CMC0_IRQ_STAT4.IRE.Interrupt_Register.ErrorBadReassemblyContext
LC/0/LC0:Mar 19 06:07:09.955 : fia_driver[237]: %PLATFORM-CIH-7-ASIC_ERROR_REPROG_RESOURCE : fia[2]: A config-err error has occurred causing packet drop transient. CMIC.CMIC_CMC0_IRQ_STAT4.IRE.Interrupt_Register.ErrorBadReassemblyContext
LC/0/LC0:Mar 19 06:12:16.100 : fia_driver[237]: %PLATFORM-CIH-7-ASIC_ERROR_REPROG_RESOURCE : fia[2]: A config-err error has occurred causing packet drop transient. CMIC.CMIC_CMC0_IRQ_STAT4.IRE.Interrupt_Register.ErrorBadReassemblyContext
LC/0/LC0:Mar 19 06:14:04.368 : fia_driver[237]: %PLATFORM-CIH-2-ASIC_ERROR_PON_RESET : fia[2]: A config-err error has occurred causing packet drop transient. CMIC.CMIC_CMC0_IRQ_STAT4.IRE.Interrupt_Register.ErrorBadReassemblyContext Threshold has been exceeded
0/RP0/ADMIN0:Mar 19 06:14:04.978 : sfe_driver[2827]: %PLATFORM-CIH-5-ASIC_ERROR_SPECIAL_HANDLE : sfe[1]: A link-err error has occurred causing packet drop transient. MAC_13.Interrupt_Register.MAC_13.Interrupt_Register2.RxLostOfSyncCh1 on link 0/FC0/1/53
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv95696 | Title: | Packet cross connect are in Unresolved state after router reload. |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Conditions:
Workaround:
Further Problem Description:
Observed PCIE fatal error & FIA driver crash after router reload . OTN traffic resumed after restoring the configuration but all packet cross connects are down even though interfaces are up.
RP/0/RP0:ios#show l2vpn xconnect
Wed Aug 26 23:05:42.411 IST
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
1 1 UR Te0/5/0/5 UR Te0/8/0/5 UR
----------------------------------------------------------------------------------------
2 2 UR Te0/5/0/8 UR Te0/8/0/8 UR
----------------------------------------------------------------------------------------
3 3 UR Te0/5/0/6 UR Te0/8/0/6 UR
----------------------------------------------------------------------------------------
4 4 UR Te0/5/0/7 UR Te0/8/0/7 UR
----------------------------------------------------------------------------------------
5 5 UR Te0/5/0/9 UR Te0/8/0/9 UR
----------------------------------------------------------------------------------------
6 6 UR Hu0/5/0/0 UR Hu0/8/0/0 UR
----------------------------------------------------------------------------------------
RP/0/RP0:ios#show interfaces brief
Wed Aug 26 23:05:37.370 IST
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Hu0/5/0/0 up up ARPA 1514 100000
Te0/5/0/5 up up ARPA 1514 10000000
Te0/5/0/6 up up ARPA 1514 10000000
Te0/5/0/7 up up ARPA 1514 10000000
Te0/5/0/8 up up ARPA 1514 10000
Te0/5/0/9 up up ARPA 1514 10000
Hu0/8/0/0 up up ARPA 1514 100000
Te0/8/0/5 up up ARPA 1514 10000
Te0/8/0/6 up up ARPA 1514 10000000
Te0/8/0/7 up up ARPA 1514 10000000
Te0/8/0/8 up up ARPA 1514 10000000
Te0/8/0/9 up up ARPA 1514 10000
Mg0/RP0/CPU0/0 admin-down admin-down ARPA 1514 1000000
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv43544 | Title: | Forwarding Performance Degardation seen on 531 - FCS Image |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Performance drop on Topaz to 110 MPPS
Conditions:
531 FCS image, slice 1 on Topaz connected to 20 ports of Traffic Generator
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.3.7i.BASE, 5.3.3.7i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv79759 | Title: | After xr reload licensce entitlement accounting not working |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: | Symptom:
Before xr reload:
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show license plat sum
Current state: PRODUCTION
Collection: LAST: Fri Aug 14 09:48:47 2015
NEXT: Fri Aug 14 09:49:47 2015
Reporting: LAST: Fri Aug 14 09:48:47 2015
NEXT: Fri Aug 14 09:49:47 2015
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
System Product: Right to Use 1 0
System Foundation: IP/MPLS Premium (per 1 Gbps) 105 0
System Feature: QoS (per 1Gbps) 108 0
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show license sum
Smart Licensing is ENABLED
Registration:
Status: REGISTERED
Smart Account: BU Production Test
Virtual Account: IOS-XRv 9000
Last Renewal Attempt: None
License Authorization:
Status: AUTHORIZED on Fri Aug 14 2015 09:49:22 UTC
Last Communication Attempt: SUCCEEDED
Next Communication Attempt: Sun Sep 13 2015 09:49:22 UTC
License Usage:
License Entitlement tag Count Status
---------------------------------------------------------------
IOS XRv 9000 License for 1 vRouter Instantiation(IOS-XRv-9000-vRouter-VM) 1 AUTHORIZED
IOS XRv 9000 1G throughput License for IP MPLS Premium package(IOS-XRv-9000-vRouter-IPMPLS-Premium-1G) 105 AUTHORIZED
IOS XRv 9000 1G Advance SW License for HQoS(IOS-XRv-9000-vRouter-QoS-1G) 108 AUTHORIZED
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
Do the xr reload:
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#reload
Standby card not present or not Ready for failover. Proceed? [confirm]
Preparing system for backup. This may take a few minutes especially for large configurations.
Status report: node0_RP0_CPU0: START TO BACKUP
Status report: node0_RP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
Proceed with reload? [confirm]
After reload:
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show license plat sum
Current state: PRODUCTION
Collection: LAST: Fri Aug 14 09:53:50 2015
NEXT: Fri Aug 14 09:58:50 2015
Reporting: LAST: Fri Aug 14 09:53:50 2015
NEXT: Fri Aug 14 09:55:50 2015
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
System Product: Right to Use 1 0
System Foundation: IP/MPLS Premium (per 1 Gbps) 1 0
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show license plat sum
Current state: PRODUCTION
Collection: LAST: Fri Aug 14 09:58:50 2015
NEXT: Fri Aug 14 10:58:50 2015
Reporting: LAST: Fri Aug 14 09:59:47 2015
NEXT: Fri Aug 14 10:01:47 2015
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show license plat sum
Current state: PRODUCTION
Collection: LAST: Fri Aug 14 09:58:50 2015
NEXT: Fri Aug 14 10:58:50 2015
Reporting: LAST: Fri Aug 14 09:59:47 2015
NEXT: Fri Aug 14 10:01:47 2015
Count
Feature/Area Entitlement
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv54832 | Title: | Invalid bucket not displayed in yellow for PRBS pm current counters |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Invalid bucket not displayed in yellow for PRBS pm current counters
Conditions:
Invalid bucket not displayed in yellow for PRBS pm current counters
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv53616 | Title: | OSPF crash on show ospf routes backup-path with > 255 ecmp paths |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
OSPF process crashes when giving "show ospf route ... backup-path" CLI show command (or its equivalent XML request).
Conditions:
When the above command is given the there is any route which has more than 255 ECMP paths (actual ECMP paths would be either 64 or 128 based on the platform), but the topology has more than 255 candidate ECMP paths.
Workaround:
avoid using this show command when having such a topology.
Further Problem Description:
Code issue was there since when the LFA feature was introduced. Very very low probability of being hit since we support only maximum 128 ECMP paths so there is unlikely a topology which has more than these many links or ECMP paths in deployment.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 4.2.0.ROUT |
|
Known Fixed Releases: * | 6.0.0.10i.ROUT |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun09273 | Title: | NG:MLD Restart -Transient traffic loss. Premature route deletion in mrib |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Transient IPv6 traffic loss
Conditions:
MLD Restart
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.2.BASE |
|
Known Fixed Releases: * | 5.2.2.11i.MCAST, 5.2.2.2i.MCAST, 5.3.0.1i.MCAST |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun20056 | Title: | NG - mrib crash on standby @ mrib_encap_db_id_tree_insert |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
MRIB Crash
Conditions:
SMU activation
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.2.BASE |
|
Known Fixed Releases: * | 5.2.2.11i.MCAST, 5.2.2.2i.MCAST, 5.3.0.1i.MCAST |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw02017 | Title: | New stats FPGA to be integrated into XR image for EDVT. |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
There is no XR support for the stats fpga hence need stats FPGA to be integrated into XR image for EDVT.
Conditions:
Workaround:
Further Problem Description:
There is no XR support for the stats fpga hence need stats FPGA to be integrated into XR image for EDVT.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv92635 | Title: * | complete traffic drop through l2vpn xconnect , ovf drops are seen on FIA |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
complete traffic drop through l2vpn xconnect with EDVT2 image.
Conditions:
Workaround:
Further Problem Description:
I power cycled the chassis after cleaning all configuration. Now there was no issue is LANPHY interface creation & they came up even if it took some time to come up.
But now there is complete traffic drop through l2vpn xconnect.
With further debugging , I could see there are OVF traffic drop in FIA
RP/0/RP1:ios#show controllers fia statistics instance 3 location 0/lc1 | i drop
Mon Aug 24 16:33:38.387 IST
Rx pkt discard drops(IQM) : 2195202407 4771736697(ovf)
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw02231 | Title: | FIA is in Down state for Arwen LC post router relaod/PC. |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Conditions:
Workaround:
Further Problem Description:
| 0/0/0 | 0| 0| NA | NA | DN | NA |NONE |NORST | 0| 0|Fabric|
| 0/4/0 | 4| 1| NA | fia| UP | UP |NRML |PON | 1| 0|Fabric|
| 0/5/0 | 5| 0| NA | NA | UP | DN |NONE |Node Dn| 1| 0|Fabric|
sysadmin-vm:0_RP0# show controller fabric fsdb-pla rack all
Sun Aug 30 14:48:56.774 UTC
Description:
planes : p0-p(3|5)
plane mask : Asic # 0-5
Asic value 1: destination reachable via asic
.: destination unreachable via asic
x: asic not connected to LC (for S3)
-: plane not configured (for S2) or asic missing
Rack: 0, Stage: s123
=============================
Destination p0 p1 p2 p3 Reach-mask Oper Up
Address mask mask mask mask links/asic links/asic
Fabid(R/S/A) 012345 012345 012345 012345 Mn/Mx Total Mn/Mx Total
-------------------------------------------------------------------
8(0/8/0) 111 111 111 111 3/3 36 15/15 180
5(0/5/0) down
Sun Aug 30 20:19:30 IST 2015 Compressing show tech output
Show tech output available at 0/RP0 : /harddisk:/showtech/showtech-fabric-2015-Aug-30.201551.IST.tgz
++ Show tech end time: 2015-Aug-30.201931.IST ++
RP/0/RP0:ios#
Compressing show tech output
Show tech output available at /misc/disk1//showtech/showtech-fabric-admin-2015-Aug-30.144917.UTC.tgz
Please collect show tech-support ctrace in addition to any sysadmin show-tech-support collection
++ Show tech end time: 2015-Aug-30.145142.UTC ++
aiting for gathering to complete
.tar: /opt/cisco/calvados/etc/calvados/hostos_pkg/hostos_pkg: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors
Compressing show tech output
Show tech output available at /misc/disk1//showtech/showtech-ctrace-admin-2015-Aug-30.145150.UTC.tgz
++ Show tech end time: 2015-Aug-30.145316.UTC ++
sysadmin-vm:0_RP0#
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw02136 | Title: | Cannot ping IPv6 Global Address but can ping Link-Local ; |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Link-Local ping Passes to the peer. Global pings fail. Once link-local pings pass then we are able to ping the global.
Conditions:
Interop between XR and IOS or IOS---L2 device--XR ; not seen on XR-XR so far
Workaround:
Ping Link-local adress of the peer to get the global pings working.
Further Problem Description:
CRS 5.1.3 cannot ping IPv6 peer's Global address. This can only ping the link-local address of the peer. However once we ping the link-local address of the peer; then we can initiate the pings to the global address.
Also other possible scenario is when we execute extended pings with src and destination as peer's global address. THis ping fails however the global v6 ping will work right after this ping.
Current topology:
---------------------
GSR------TDM circuit-------ALU---------Ethernet----------CRS
Might be seen on other Interop's as well.
On the CRS debug it looks like there is no issue as we send the NS and NA messages with link-local info.
Bottom line Issue":
----------------------
Node does not send Link-Local info in a Neighbor Advertisement packet.
There is a problem in the 513 code base because of which ND is not sending NA with Link-local information when ipv6 on the link comes up. This was changed in 510 during bundle scale change in ND.
ALU Debug:
=========
When CRS is on 5.1.3 failed case:
1 2015/08/27 08:29:42.84 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT (DAD)
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101010355 Sap 10/1/2:355
:: -> ff02::1:ff9f:e1a6
Type: Neighbor Solicitation (135)
Code: No Code (0)
Tgt Addr: fe80::ca4c:75ff:fe9f:e1a6
"
2 2015/08/27 08:29:43.84 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT (DAD)
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101010355 Sap 10/1/2:355
:: -> ff02::1:ff00:2
Type: Neighbor Solicitation (135)
Code: No Code (0)
Tgt Addr: 28:2:2::2
"
3 2015/08/27 08:29:43.84 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT *******RA sequence before NA"****
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101010355 Sap 10/1/2:355
fe80::ca4c:75ff:fe9f:e1a6 -> ff02::1
Type: Router Advertisement (134)
Code: No Code (0)
"
4 2015/08/27 08:29:44.85 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101010355 Sap 10/1/2:355
28:2:2::2 -> ff02::1
Type: Neighbor Advertisement (136)
Code: No Code (0)
Tgt Addr: 28:2:2::2
Flags : Router Override
Option : Tgt Link Layer Addr c8:4c:75:9f:e1:a6
"
5 2015/08/27 08:29:59.85 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101010355 Sap 10/1/2:355
fe80::ca4c:75ff:fe9f:e1a6 -> ff02::1
Type: Router Advertisement (134)
Code: No Code (0)
When CRS is On 4.1.0:
77 2015/08/27 11:56:18.19 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101020355 Sap 10/1/2:553
fe80::ca4c:75ff:fe9f:e1a6 -> ff02::1 <<< expected
Type: Neighbor Advertisement (136) <<<< NA from CRS to ALU.
Code: No Code (0)
Tgt Addr: fe80::ca4c:75ff:fe9f:e1a6 <<< to be sent to CRS's own
Flags : Router Override
Option : Tgt Link Layer Addr c8:4c:75:9f:e1:a6
"
78 2015/08/27 11:56:18.19 EDT MINOR: DEBUG #2001 Base IPIPE: ICMP6_PKT
"IPIPE: ICMP6_PKT:
ICMP6 ingressing on Svc 1101020355 Sap 10/1/2:553
:: -> ff02::1:ff00:2
Type: Neighbor Solicitation (135)
Code: No Code (0)
Tgt A
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv79851 | Title: | Resource state is not updated for ODG members. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Resource state of ODU member of odu-group controller is always displayed as open-connected after successful cross connection.
Conditions:
Create an odu-group controller and cross connect it with any client odu. Check its state using show cli "show controllers odu r/s/i/p xc. Also delete the cross connection and then check resource state using above CLI.
Workaround:
None
Further Problem Description:
After successful creation of cross connection, Resource state is still open-connected. Also after deleting the cross connection, resource state is displayed as odu resource free which is wrong.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv62976 | Title: | GR helper reconnect fails because CRS sends TCP FIN to GR helper |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
CRS is connected to XRS(ALU) through L2VPN.
CRS sends TCP FIN to the other after process restart and CRS sends LDP initi message.
There was no packet drop between CRS and CRS in our test bed because CRS doesn't reset LDP session after receiving TCP FIN.
But in the customer site, XRS(ALU is always GR helper) sends RST and reset the ssesion after receiving FIN.
So the packete drops happens.
Conditions:
NSR/Graceful restart of OSPF/NSR is on.
Workaround:
none
Further Problem Description:
1. GR was disconnected after process mpls_ldp restart.
2. rcv_buffer_full was seen.
RP/0/RP0/CPU0:NER5#process restart mpls_ldp
Tue Aug 4 16:02:07.586 JST
RP/0/RP0/CPU0:Aug 4 16:02:09.916 JST: mpls_ldp[1035]: DBG-GR[1], Nbr(2.2.2.2:0): INIT msg towards peer (Reconnect:180000 msec, Recovery:358194 msec)
RP/0/RP0/CPU0:Aug 4 16:02:11.885 JST: mpls_ldp[1035]: %ROUTING-LDP-5-NBR_CHANGE : Neighbor 2.2.2.2:0, DOWN (AToM requested targeted session to existing non-AToM peer)
RP/0/RP0/CPU0:Aug 4 16:02:11.885 JST: mpls_ldp[1035]: DBG-GR[1], Nbr(2.2.2.2:0): ldp_gr_process_nbr_disconnected
RP/0/RP0/CPU0:Aug 4 16:02:11.886 JST: syslog_dev[91]: tcp[403]: S 1706 ms -FA--- SEQ 2032638904 ACK 2200226975 LEN 0 WIN 15962 URG 0
RP/0/RP0/CPU0:Aug 4 16:02:11.887 JST: tcp[403]: [t18] Failed at queuing packet to socket's rcv buffer for pcb 0x102276cc (so: 0x10203e20), socket type 1, rcv_buffer_full ts is updated to 67080
RP/0/RP0/CPU0:Aug 4 16:02:11.888 JST: tcp[403]: [t18] tcp_update_rcv_queue_full_ts: pcb 0x102276cc, (so: 0x10203e20), rcv_buffer_full ts 67080 is kept unchanged
RP/0/RP0/CPU0:NER5#sho mpls ldp graceful-restart
Tue Aug 4 15:16:40.038 JST
Forwarding State Hold timer : Running (329 sec remaining)
GR Neighbors : 2
Neighbor ID Up Connect Count Liveness Timer Recovery Timer
--------------- -- ------------- ------------------ ------------------
2.2.2.2 Y 2 Not running 336 sec remaining
4.4.4.4 Y 1 -
|
|
Last Modified: | 05-AUG-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh15325 | Title: | LDP GR helper interop: Non-zero Recovery time be sent on local triggers |
|
Status: | Fixed |
|
Severity: * | 2 Severe |
Description: | Symptom:
Traffic loss is seen when LDP GR session is reset under different triggers. The loss occuring on either direction (inbound and outbound of the router of trigger)
Conditions:
The GR peer is operating in helper-mode. There are two reasons/conditions for the traffic hit:
a) Outbound loss: IOSXR LDP is cleaning up the GR state of the "helper" peer immediately even for locally triggered resets.
b) Inbound loss: Due to (a), IOSXR treats the reconnecting session as NEW GR session and sends recovery time of ZERO, which forces the helper peer to delete ALL our state immediately post reconnection.
This behavior exists since early days of LDP GR implementation in IOS-XR.
Workaround:
None.
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.2.1.MPLS |
|
Known Fixed Releases: | 4.3.2.26i.MPLS, 4.3.2.99i.BASE, 5.0.1.99i.BASE, 5.1.0.16i.FWDG, 5.1.0.16i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx03546 | Title: | Cisco IOS XR Software Crafted IPv6 Packet DoS Vulnerability |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet.
The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition.
Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
Conditions:
See published Cisco Security Advisory
Workaround:
See published Cisco Security Advisory
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-0769 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.0.1.LC |
|
Known Fixed Releases: | 4.2.1.15i.FWDG, 4.3.0.2i.FWDG, 5.1.1, 5.1.11, 5.1.12, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCth44147 | Title: | NetIO Process crashes when generating specific IP packet |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Cisco IOS XR Software Releases 3.8.3, 3.8.4, and 3.9.1 are affected by a
vulnerability that an unauthenticated, remote user can trigger by
sending specific IP version 4 (IPv4) packets to or through an affected device.
Successful exploitation could cause the NetIO process to restart. Under a
sustained attack, the Cisco CRS Modular Services Card (MSC) on a Cisco
Carrier Routing System (CRS) or a Line Card on a Cisco 12000 Series Router or
Cisco ASR 9000 Series Aggregation Services Router will reload.
Cisco has released free Software Maintenance Units (SMU) that address this
vulnerability.
There are no workarounds for this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20110525-iosxr.shtml
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The
Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-0943 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at
the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.8.3.BASE, 3.8.4.BASE, 3.9.1.BASE, 3.9.2.BASE, 4.0.0.BASE |
|
Known Fixed Releases: | 3.9.2.19i.BASE, 3.9.3, 4.0.0.23i.BASE, 4.0.1, 4.0.1.3i.BASE, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.0.4i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn40586 | Title: | Utility Find Command Issue |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
It is possible for an unprivileged authenticated user to invoke a root-privileged system shell via the
utility find command.
Conditions:
Attacker needs to be authenticated in order to successfully invoke root-privileged system shell.
Workaround:
Use command authorization to only allow authorized users to invoke certain commands. The AAA authorization feature is used to determine what a
user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is
located either in the local user database or on the security server, to configure the user's session. Once this is done, the user is granted
access to a requested service only if the information in the user profile allows it.
The aaa authorization command with the keyword commands attempts authorization for all EXEC mode commands, including global configuration
commands, associated with a specific privilege level. Because there are configuration commands that are identical to some EXEC-level commands,
there can be some confusion in the authorization process. Using no aaa authorization config-commands stops the network access server from
attempting configuration command authorization.
For more information about command authorization visit:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authorizatn_ps6441_TSD_Products_Configuration_Guide_Chapter.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/6.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2011-2069 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.0.1.BASE |
|
Known Fixed Releases: | 4.1.1.18i.BASE, 4.1.1.19i.BASE, 4.2.0.3i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtr62456 | Title: | Path Traversal possible to filesystem of other SDR nodes |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
Cisco IOS XR contains a directory traversal vulnerability that allows for arbitrary file access.
An authenticated attacker may be able to exploit this issue to access sensitive information which could be leveraged to launch subsequent attacks.
Conditions:
Default configuration.
Workaround:
There are no workarounds to mitigate this vulnerability.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/6.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-1343 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.0.1.BASE, 5.0.0.BASE |
|
Known Fixed Releases: | 4.2.1, 4.2.1.8i.BASE, 4.2.2, 4.3.0.1i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCts14887 | Title: | ingress fragmented GRE packet cause metro/pogo crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Metro crash, generating CRC errors reported via ingressQ and cpuctrl:
%FABRIC-INGRESSQ_DLL-4-ERR_ASIC_CRC
%PLATFORM-CPUCTRL-3-HW_DETECTED_ERROR_PORT
Asic-scan will generate dumps for the metro crash.
Conditions:
Fragmented GRE packets are received on a netflow enabled interface. The GRE packets must match
an existing and configured tunnel.
Workaround:
avoid GRE frag with ip mtu on tunnel interface on remote hand.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/5.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2011-3283 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.9.1.FWDG |
|
Known Fixed Releases: | 4.0.4.15i.FWDG, 4.1.2.11i.FWDG, 4.2.0.15i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty50126 | Title: | Privilege escalation through exec pipeline commands |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
Cisco IOS XR contains a vulnerability that may allow a local, authenticated
unprivileged attacker to access
administrative resources and elevate privileges.
Conditions:
Default configuration. This can only be triggered by a local authenticated
user. The attacker must have an account on the system.
Workaround:
There are no workarounds that mitigate this vulnerability.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The
Base and Temporal CVSS scores as of the time of evaluation are 6.6/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C&version=2.0
CVE ID CVE-2012-1347 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at
the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | 4.2.3.29i.BASE, 4.2.4.1i.BASE, 4.3.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj77748 | Title: | RSVP stop process packets after receive specific malformed RSVP packets |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
MPLS Traffic Engineering fails with RSVP and TE_Control processes consuming high CPU.
Conditions:
Device configured with MPLS Traffic Engineering receive a specially crafted RSVP-TE packet.
Existing TE Tunnels will remain active with TE LSP state remaining.
However if there is a failure, teardown or re-route, to an existing TE LSP, the TE LSP will remain in an
UP state, potentially causing traffic black holing.
New TE tunnels will fail to establish.
CPU for RSVP and TE_Control could jump to high % usage, however this will not affect other processes on
the device.
Workaround:
If this is a one off occurance restart the RSVP process.
If this is due to crafted packets being sent at the device, configure RSVP prefix filtering, and then
restart the RSVP process.
Further Problem Description:
In IOS XR Versions 3.9.x and prior once the device has been affected, cli show commands for TE will not
work as expected.
In IOS XR Versions 4.0.0 and later, whilst the same problems exists as highlighted in the conditions
section, the cli show commands for traffic engineering will work correctly.
AV:N/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS
scores as of the time of evaluation are 6.4/5.3:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=&version=2.0
dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2011-0927 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.0.MPLS |
|
Known Fixed Releases: * | 3.9.3.9i.MPLS, 4.0.2, 4.0.2.7i.MPLS, 4.0.3, 4.0.4, 4.1.0, 4.1.0.20i.MPLS, 4.1.1, 4.1.2, 4.2.0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd64417 | Title: | SSHv1 may leave /tmp/sshd_lock files |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Summary
Cisco IOS XR Software contains a vulnerability in the SSH application that may result in a denial of service condition when the SSH version 1 (SSHv1)
protocol is used. The vulnerability is a result of unremoved sshd_lock files consuming all available space in the /tmp filesystem.
Cisco has released free software updates that address this vulnerability.
A security advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110525-iosxr-ssh.shtml
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-0949 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.6.2.BASE, 3.6.2.K9SEC |
|
Known Fixed Releases: | 3.8.3, 3.8.3.17i.K9SEC, 3.8.4, 3.9.1.16i.K9SEC, 4.0.0.3i.BASE, 5.1.1, 5.1.11, 5.1.12, 5.1.2, 5.1.3 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv09371 | Title: | OIL is missing when Bundle-ether interface is shutdown |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
OIL is missing in Outgoing List in mrib and pim topology table, which result in mcast traffic loss.
Conditions:
When PIM fragment packet is coming in other Bundle-Ether interfaces and Bundle-ether interface with no PIM Join is shutdown.
Workaround:
No shut Bundle-ether interface or process restart pifibm_server_rp
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: * | 5.3.2.16i.BASE, 5.3.3.3i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur25840 | Title: | Traffic drop on link recovery with PSE drops in the egress direction |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Traffic drop on bundle link restoration from a backup link
Conditions:
unshut of the primary link
Workaround:
None
Further Problem Description:
For ipv4 traffic outage, drops are reported as "MPLS remote next hop" and for ipv6 outage, drops are reported as "IPv6 L3LI drop".
Node 0/4/CPU0 Egress PSE Stats
--------------------------------
Punt Stats Punted Policed & Dropped
---------- ------ -----------------
Diagnostic 180 0
IPv6 L2LI punt 16 0
Drop Stats Dropped
---------- -------
IPv6 L3LI drop 1
MPLS remote next hop 317568
Debug Stats Count
----------- -----
IPv6 link-local packets 29
Pre route IPV6 pkt 19
RP/0/RP1/CPU0:DCMAR2#
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 4.3.3.BASE |
|
Known Fixed Releases: * | 5.3.2.13i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut99726 | Title: | continuous barrier error seen of Topaz S13 after upgrade to 29I |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Some fabric planes stayed in MCAST_DOWN state after image upgrade
Conditions:
As part of image upgrade, the router got reloaded. Once the router is boot-up, one of the LCC racks went for reload more than one time due to a continuous CCSQ ASIC reset in RP. After the 2nd reload, due to barrier errors the fabric bundle links started flapping but came up. However some of the S2 -> S3 stage links stayed down towards one of the CRS-X LCC racks. Hence the fabric planes stayed in MCAST_DOWN state.
It is observed that all the down links belong to a particular S2 ASICs which has all the S2 -> S3 links down to the affected rack S3. This led to the number of UP fabric bundle links being below the threshold, so the fabric bundle could not be declared as UP and hence the plane is MCAST_DOWN. The S13 fabric cards, where the fabric bundle links (S2 -> S3) are down, were continuously reporting the barrier errors.
Workaround:
Shutdown the fabric plane(s) which stayed in MCAST_DOWN state and reload the S2 cards belonging to that plane. Once the S2 cards are boot-up after reload, un-shut the corresponding fabric plane(s).
If more than one plane stayed in MCAST_DOWN state then follow the above step and recover the planes one by one.
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.2.12i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv10275 | Title: | SSTE: Traffic loss in l2vpn stream after switchover to transit router |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
During an NSR switchover, ISIS may originate an LSP that is missing the segment-routing adj-sid and prefix-sid sub-TLVs. This can cause a fallback to IP forwarding rather than segment routing.
Conditions:
The problem has only been seen when the ISIS lsp-gen-interval initial-wait is configured to a low value. It has not been observed with the default (50ms) initial delay value.
Workaround:
Remove the ISIS lsp-gen-interval line from the configuration to allow the default values to be used.
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 5.3.2.18i.ROUT, 5.3.3.3i.ROUT, 6.0.0.10i.ROUT |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv39537 | Title: | (533-SSR3) sysbd_svr_local and ipv4_ma traceback seen on applying config |
|
Status: * | Terminated |
|
Severity: | 2 Severe |
Description: | Symptom:
sysdb and ipv4_ma traceback seen on config commit
Conditions:
not sure, last ran suite reload and did config after commit replace
Workaround:
may be reloading rtr, not sure
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu55051 | Title: | lib replicator makes unnecessary message buffer copies |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
crash in sysdb_shared_sc during configuration
Conditions:
large config changes (example, extremely large RPL)
Workaround:
chunk config changes and commit individually
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: * | 5.3.2.14i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu79258 | Title: | dhcpd process crash when checkpointing data |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
dhcpd process crash.
Conditions:
The crash was seen on an IOS XR router running 5.2.2 and configured for dhcp proxy but it may apply to other IOS XR releases and other dhcp features than proxy.
The conditions will be revised once the root cause has been identified.
--
Issue is applicable from 511 onwards, but the severity will be seen only when 'lease-proxy' is enabled in dhcp proxy profile.
From 522 onwards, severity is high and seen in normal dhcp-proxy functionality itself.
Workaround:
None at this point.
Further Problem Description:
Root-cause : Memory leak in 'dhcpd' process.
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.2.2.BASE |
|
Known Fixed Releases: * | 5.3.2.14i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus49973 | Title: | All SFE link for Hy-phy LC are in operational down state. |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Line card fabric links might stay operationally down after router reload or LC reload.
Conditions:
You may see on one or more fabric links. Triggers include
1. Physical removal/insertion of line card.
2. Reload the router
3 Soft reload of line card.
Workaround:
Expected Resolution: This issue is under investigation.
Reproducibility (%): 5%
Further Problem Description:
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur69192 | Title: | CSDL: Standby RSP rsvp process crashed after receiving malformed pkts |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in RSVP processing of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on an affected
device.
The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a malformed RSVP packet to be
processed by an affected device. A successful exploit could allow the attacker to cause a reload of the RSVP process on the affected device.
Conditions:
Device configured for RSVP.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-0657 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.3.0.BASE |
|
Known Fixed Releases: | 5.2.2.SP1, 5.2.3.13i.MPLS, 5.2.4.1i.MPLS, 5.2.4.2i.MPLS, 5.3.0.16i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur25763 | Title: | FP-400G/4-100GbE LC Crash Dump when OIR |
|
Status: * | Terminated |
|
Severity: | 2 Severe |
Description: | Symptom:
OIR of FP-X (FP-400G) system crash dumps and does not restart LC.
Conditions:
OIR of FP-X
Workaround:
OIR of LC seemed to help restore the LC to operational condition, but not a viable workaround
Further Problem Description:
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq42336 | Title: | NCS6000 User passwords exposed from Shell via ssh |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A vulnerability in the command line interface (CLI) of the Cisco Network Convergence System (NCS) could allow an authenticated, remote attacker
to access sensitive information.
The vulnerability is due to insufficient data protection of sensitive information . An attacker could exploit this vulnerability by issuing
specific system commands on the affected device.
Conditions:
A user authenticated to an affected system running IOS-XR operating system.
Workaround:
None.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.9/4.7:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2014-3342 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.0.1.BASE, 5.0.1.CE, 5.1.0.BASE, 5.2.0.BASE, 5.2.1.CE, 5.3.0.BASE, 5.4.0.ADMIN, 5.4.0.BASE, 6.0.0.BASE |
|
Known Fixed Releases: | 5.2.1.BASE, 5.2.2.24i.BASE, 5.2.3.8i.BASE, 5.3.0.8i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu98480 | Title: | DWDM-XFP-C V02 wavelength not programmed on 14x10G linecard |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When configuring the wavelength on a tunable DWDM-XFP-C V02 on a 14x10GBE-WL-XFP, the configured wavelength is not always applied on the XFP, which is using the default lambda:
RP/0/RP0/CPU0:75TH2-CRSXX-01-CR#sh controllers dwdm 0/8/0/5 optics
WaveChannelNumber GMPLS = 0Configured = 71 Default = 84
Optics Status
Optics Type: 10G-TUNABLE-by-CHANNEL,
Wavelength Info: C-Band, MSA ITU Channel=84, Frequency=191.95THz, Wavelength=1561.826nm <<<< incorrect wavelength
Wavelength Owner: Hardware Default, ITU Channel: GMPLS Signaled=None, Configured=71, Hardware Default=84
TX Power = 1.49 dBm
RX Power = -21.19 dBm
RP/0/RP0/CPU0:75TH2-CRSXX-01-CR#
Conditions:
DWDM-XFP-C V02
14x10GBE-WL-XFP
IOS-XR 5.1.3
Workaround:
Restart the plim_xge process on the linecard carrying the optic:
process restart plim_xge location 0/x/CPU0
Linecard reload is another workaround. The wavelength is correctly applied.
However, new DWDM-XFP-C V02 insertion may not work.
Further Problem Description:
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 5.1.3.LC |
|
Known Fixed Releases: * | 5.3.2.19i.FWDG, 5.3.3.5i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul63127 | Title: | Cisco IOS XR SSH Disconnect Error Vulnerability |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A vulnerability in Cisco IOS XR Software could allow an "authenticated", remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to an error that could occur in the affected software when an SSH connection is disconnected from an affected device. An authenticated, remote attacker could exploit the vulnerability to cause the vty to become unreachable and cause further SSH or Telnet connections to the device to fail, resulting in a DoS condition.
Conditions:
Device running with default configuration running an affected version of software with
frequent access via SSH to the Cisco IOS XR router.
Workaround:
To restore SSH and TELNET access restart the ''devc-vty'' process from
Cisco IOS XR device console
.
Further Problem Description:
>
The Cisco IOS XR device console access is not affected.
PSIRT Evaluation:>
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
4/3.3
:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:&version=2.0
C
CVE ID CVE-2015-4195 has been assigned to document this issue
.
Additional information on Cisco's security vulnerability policy can be found at the following URL
:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.ht
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 5.1.1.K9SEC |
|
Known Fixed Releases: * | 5.1.12, 5.1.12.1i.BASE, 5.1.2, 5.1.2.24i.BASE, 5.1.3.5i.BASE, 5.2.0, 5.2.0.22i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv38925 | Title: | show operational MPLS_TE segmentRouting ... xml error if no igp area |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Will see an error in "show operational MPLS_TE segmentRouting ... xml" commands if
config for "router isis ring" is removed.
To use SRTE the router config is required so this error will not be hit very often
Conditions:
Need to remove all config for "router isis ring"
Workaround:
Do not remove the router config - it is required for SRTE
Further Problem Description:
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: * | 5.3.2.BASE, 5.3.3.MPLS |
|
Known Fixed Releases: | 6.0.0.10i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut76127 | Title: | [NCS4K] Memory leak in shelf_mgr on an idle testbed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Shelf mgr process leaks memory continously in idle state
Conditions:
524 image on NCS6K
Workaround:
No workaround. Fixed in 525. 524 production smu available.
Further Problem Description:
|
|
Last Modified: | 16-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.4.0.BASE |
|
Known Fixed Releases: * | 5.2.5.13i.BASE, 5.4.0.17i.BASE, 6.0.0.7i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv67312 | Title: | (533-SSR3) few ospf neighbor went down after router reload |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Router reload, ospf few neibhors went down
Conditions:
router reload,rack oir
Workaround:
process restart ospf
Further Problem Description:
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE, 5.3.3.BASE |
|
Known Fixed Releases: | 5.3.2.20i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv71510 | Title: | OTN terminated interface stays in DOWN state in back to back connection. |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
OTN terminated interface stays in DOWN state in back to back connection.
Conditions:
When OTN termination is configured across ports of two different LC
Workaround:
none
Further Problem Description:
When OTN termination is configured across ports of two different LC , on one side created interface stays in "DOWN" state.
RP/0/RP0:ios#show interfaces brief
Mon Aug 10 04:40:25.588 UTC
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Te0/3/0/2 down down ARPA 1514 10000 >>>>> in Down state
Te0/6/0/11 up up ARPA 1514 10000
Mg0/RP0/CPU0/0 up up ARPA 1514 1000000
P/0/RP0:ios#show running-config
Mon Aug 10 04:40:47.980 UTC
Building configuration...
!! IOS XR Configuration version = 6.0.0.06I
!! Last configuration change at Mon Aug 10 01:20:13 2015 by root
!
username root
group root-lr
group cisco-support
secret 5 $1$PHSU$oGi.V1n73x6Uj4WBnH0GH0
arp vrf default 10.77.136.1 0000.0c9f.f0e5 ARPA
interface MgmtEth0/RP0/CPU0/0
ipv4 address 10.77.136.61 255.255.255.0
interface TenGigE0/3/0/2
interface TenGigE0/6/0/11
controller Optics0/3/0/2
port-mode Otn framing opu2
controller Optics0/6/0/11
port-mode Otn framing opu2
controller ODU20/3/0/2
terminate ether mapping GfpF
controller ODU20/6/0/11
terminate ether mapping GfpF
router static
address-family ipv4 unicast
0.0.0.0/0 10.77.136.1
RP/0/RP0:ios# show version
Mon Aug 10 04:41:20.910 UTC
Cisco IOS XR Software, Version 6.0.0.06I
Copyright (c) 2013-2015 by Cisco Systems, Inc.
Build Information:
Built By : abhharih
Built On : Thu Jul 30 15:46:45 IST 2015
Build Host : bgl-ads-2296
Workspace : /nobackup/abhharih/xspeed-EFR-00000309666
Version : 6.0.0.06I
Location : /opt/cisco/XR/packages/
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv81992 | Title: | EDVT- 10G OTN traffic is not working |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
10G OTN traffic is not working
Conditions:
10G OTN traffic is not working
Workaround:
Power Cycle
Further Problem Description:
|
|
Last Modified: | 18-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv62805 | Title: | No stats support for L2-Subinterface of Arwen LC. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
No stats support for L2-Subinterface of Arwen LC.
Conditions:
When traffic flowing through the sub interface.
Workaround:
Further Problem Description:
We don't get input/output stats on L2subinterface & there are "0 " stats for all field , even though there is traffic flowing through.
RP/0/RP0:ios#show interfaces tenGigE 0/6/0/6.100 | i pac
Sun Aug 2 06:10:51.507 UTC
0 packets input, 0 bytes, 0 total input drops
Received 0 broadcast packets, 0 multicast packets
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
RP/0/RP0:ios#show interfaces tenGigE 0/6/0/6 | i pac
Sun Aug 2 06:11:10.728 UTC
30 second input rate 9275561000 bits/sec, 4529083 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
30852238044 packets input, 7898172939416 bytes, 0 total input drops
Received 0 broadcast packets, 0 multicast packets
1121919058 packets output, 160641210756 bytes, 0 total output drops
Output 0 broadcast packets, 560953326 multicast packets
P/0/RP0:ios#show version
Sun Aug 2 06:18:58.413 UTC
Cisco IOS XR Software, Version 6.0.0.06I
Copyright (c) 2013-2015 by Cisco Systems, Inc.
Build Information:
Built By : abhharih
Built On : Thu Jul 30 15:46:45 IST 2015
Build Host : bgl-ads-2296
Workspace : /nobackup/abhharih/xspeed-EFR-00000309666
Version : 6.0.0.06I
Location : /opt/cisco/XR/packages/
cisco NCS-4000 () processor
cisco NCS-4000 () processor
System uptime is 2 hours, 16 minutes
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv40032 | Title: | IPv6 umbrella for BNG deployments on XR release 5.2.4 |
|
Status: * | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
This is an umbrella SMU for the following bug fixes:
CSCut40941 Sev2 [ipv6-ma ] SSTE:IPv6_ma crash with scale IPoE V6 session
CSCut42484 Sev2 [ipv6-nd ] After Rpfo seeing high CPU 25% for ipv6_nd while bringing up v4 sess
CSCus33478 Sev3 [ipv6-nd ] Router send bogus ipv6 address in IPV6 NA message to peer side
CSCuu74580 Sev2 [ipv6-nd ] Geo 532-9I:seeing dual partial-up on SLAVE with RPFOs
These fixes are highly recommended for BNG deployments on IOS XR release 5.2.4.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCek72920 | Title: | When binding an existing leaf to existing PL, we always bind to tail |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Cannot ping an address, which is reachable via recursion.
Getting HW/SW TLU1 mismatch under cef hardware detail
Conditions:
ECMP, recursion cef entry which is modified through specific steps.
Workaround:
clear cef linecard.
clear route doesn't work.
Further Problem Description:
This is introduced 3.3 for CRS and 3.5 for XR12000.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 3.5.0.BASE |
|
Known Fixed Releases: | 3.3.4.3i.FWDG, 3.4.2.1i.FWDG, 3.5.0.11i.FWDG, 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 4.0.0 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv71459 | Title: | OTN terminated interface in DOWN state when connection is between LC. |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: | Symptom:
OTN terminated interface in DOWN state when connection is between LC.
Conditions:
When OTN termination interfaces are connected between two diffrent LC ports.
Workaround:
none
Further Problem Description:
With following configuration , created OTN terminated interface stays in "DOWN" state .
RP/0/RP0:ios#show running-config
Mon Aug 10 02:57:09.468 UTC
Building configuration...
!! IOS XR Configuration version = 6.0.0.06I
!! Last configuration change at Mon Aug 10 01:20:13 2015 by root
username root
group root-lr
group cisco-support
secret 5 $1$PHSU$oGi.V1n73x6Uj4WBnH0GH0
arp vrf default 10.77.136.1 0000.0c9f.f0e5 ARPA
interface MgmtEth0/RP0/CPU0/0
ipv4 address 10.77.136.61 255.255.255.0
interface TenGigE0/3/0/2
interface TenGigE0/6/0/11
controller Optics0/3/0/2
port-mode Otn framing opu2
controller Optics0/6/0/11
port-mode Otn framing opu2
controller ODU20/3/0/2
terminate ether mapping GfpF
controller ODU20/6/0/11
terminate ether mapping GfpF
router static
address-family ipv4 unicast
0.0.0.0/0 10.77.136.1
end
RP/0/RP0:ios#show interfaces brief
Mon Aug 10 02:58:50.192 UTC
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Te0/3/0/2 down down ARPA 1514 10000 >>>>Interface in Down state.
Te0/6/0/11 up up ARPA 1514 10000
Mg0/RP0/CPU0/0 up up ARPA 1514 1000000
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv57687 | Title: | Idle ssh passwd prompt caused kernel tracebk after 2min -sshd_child_hand |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
kernel traces printed on console when ssh client timeout (w/o entering password).
Conditions:
when ssh client opens connection and remains idle
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv46238 | Title: | PM counters not reset after changing PRBS pattern |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
PM counters not reset after changing PRBS pattern
Conditions:
PM counters not reset after changing PRBS pattern on source-sink configured odu controller.
Works fine on source and sink odu controllers.
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv81989 | Title: | EDVT- 100G Ethernet traffic is not working |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
100G Ethernet traffic not working
Conditions:
100G Ethernet traffic not working
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv71322 | Title: | RDM barrier design fix |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
After a hard reset of pat asic on CRS-X LC, we see that all v6 packets are dropped on ingress PSE if ACL if applied on interfacen
Conditions:
IPv6 ACL should be applied on the interface/subinterface
Workaround:
Reload the LC.
Further Problem Description:
This bug is not applicable to 53x lineup as the feature RDM Barrier Replay is not in this lineup.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCur10816 | Title: | admin install verify package sync - errors reported ( USB Hang issue ) |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
while running install operations like install verify packages, install operations failed on taiko LCs due to USB hang issue on taiko card
Conditions:
USB driver unable to receive interrupts from EHCI controller. It seems the driver misses the interrupt and hence failed to
ack the controller by clearing the status register.
Workaround:
self recovery
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | 5.3.2.8i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuh71374 | Title: | Encap PE creates replicord for egress PE which is not sending join |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Leaf A-D is not removed by Egress-PE, when S-PMSI is removed from Ingress-PE
Conditions:
This issue happens when there are multiple S-PMSIs are announced by an Ingress-PE, with the same PMSI Tunnel Attribute (core-tree info). If all of them are withdrawn by the Ingress-PE, then the Egress-PE needs to remove the Leaf A-D routes for all of them. Whereas only one of them is withdrawn.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 4.3.0.MCAST, 5.1.1.BASE |
|
Known Fixed Releases: | 5.1.1, 5.1.1.1i.MCAST, 5.1.11, 5.1.12, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.0.1i.MCAST, 5.2.1 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv46174 | Title: | Call-home unable to download certificates |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
1. Call-home will not attempt to download certificates unless the URL begins with tools or some form of that. That is well understood. But even with a change made in a private image (added alpha server to the list). It was still not working because of 2.
2. The function PKI_trustpool_import_bundle is not getting overloaded in K9 image. Therefore, we also call the stub function instead and the cert is never downloaded, even with a fix to #1 above.
Conditions:
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv76318 | Title: | ema_server_sdr leaks memory due to capi connection handling |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
ema_server_sdr leaks 2.5MB/hour w/o any trigger
Conditions:
router is idle
Workaround:
NA
Further Problem Description:
RP/0/RP0/CPU0:Aug 12 14:01:09.106 : ema-svr-sdr[213]: UPS: Connection open callback
RP/0/RP0/CPU0:Aug 12 14:01:09.106 : ema-svr-sdr[213]: AAL: EMA register request
RP/0/RP0/CPU0:Aug 12 14:01:09.108 : ema-svr-sdr[213]: AAL: Connect callback received
RP/0/RP0/CPU0:Aug 12 14:01:09.108 : ema-svr-sdr[213]: AAL: EMA thread unblocked successfully by semaphore after 1 ms
RP/0/RP0/CPU0:Aug 12 14:01:09.109 : ema-svr-sdr[213]: AAL: Resync callback received
RP/0/RP0/CPU0:Aug 12 14:01:09.110 : ema-svr-sdr[213]: AAL: Error from CAPI in resync MAC response callback:1
RP/0/RP0/CPU0:Aug 12 14:01:09.110 : ema-svr-sdr[213]: AAL: EMA thread unblocked successfully by semaphore after 1 ms
RP/0/RP0/CPU0:Aug 12 14:01:09.110 : ema-svr-sdr[213]: AAL: Cleaning up CAPI thread
RP/0/RP0/CPU0:Aug 12 14:01:09.110 : ema-svr-sdr[213]: AAL: Disconnect callback received
RP/0/RP0/CPU0:Aug 12 14:01:09.110 : ema-svr-sdr[213]: UPS: AAL registration failed: 'EMA AAL' detected the 'warning' condition 'An error occurred sending, receiving, or interpretting a message'
There is no mac-config, or interfaces. No config activity is done on the router as well.
Looking at the call flow, looks like below API is returning non-zero return code in file in spirit_xr/src/ema_aal_lib_capi.c
if (return_code == CAPI_SUCCESS) {
return_code = cidl_sm_resync_mac_addr_msg_get_status(msg);
}
Need input from shelfmgr team regarding this API and reason for this failure.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCua04401 | Title: | unable to login after parser_server crash at parser_history_file_refresh |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: | Symptom:
parser_server is not getting ready, blocked on hd_drv after crash
this prevents login via console or vty
Conditions:
undetermined yet
Workaround:
RP reload or RP switchover
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 4.0.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv68637 | Title: | TOPAZ HQ:SFE ASIC reset on fabric card leading to card reload |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
One time SFE ASIC reset on Topaz HQ system is reloading the fabric card.
Expected: card should not go for reload in one time.
Conditions:
One time SFE ASIC reset on topaz HQ system.
Workaround:
NA
Further Problem Description:
One time SFE ASIC reset on Topaz HQ system is reloading the fabric card.
Expected: card should not go for reload in one time.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv77762 | Title: | L2 Subinterface stat is not working on slot 6 due to available range 0-5 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
L2 Sub interface stat is not working on slot 6 due to available range 0-5
Conditions:
When LC is in slot 6.
Workaround:
Further Problem Description:
L2 Sub interface stats is not working on slot 6 due to available range 0-5.
RP/0/RP0:ios#show interfaces tenGigE 0/6/0/2.1 | i pac
0 packets input, 0 bytes, 0 total input drops
Received 0 broadcast packets, 0 multicast packets
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
RP/0/RP0:ios#show interfaces tenGigE 0/6/0/2.2 | i pac
0 packets input, 0 bytes, 0 total input drops
Received 0 broadcast packets, 0 multicast packets
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
RP/0/RP0:ios#show version
Thu Aug 13 05:12:26.150 UTC
Cisco IOS XR Software, Version 6.0.0.06I
Copyright (c) 2013-2015 by Cisco Systems, Inc.
Build Information:
Built By : abhharih
Built On : Tue Aug 11 14:28:58 IST 2015
Build Host : bgl-ads-2296
Workspace : /nobackup/abhharih/xspeed-EFR-00000309666
Version : 6.0.0.06I
Location : /opt/cisco/XR/packages/
cisco NCS-4000 () processor
cisco NCS-4000 () processor
System uptime is 31 minutes
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv61639 | Title: | 5.1.3+SP2: HSRP VIP ping fails after few minutes |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
ping to HSRP virtual IP fails after few min
Conditions:
This is observed in 5.1.3
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 5.1.3.ROUT |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue18938 | Title: | G-Ether should always propagate link down events |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:
Protected tunnel traffic may get transitioned onto a backup path even through no link flap of the interface associated with the primary path has been reported in the system.
Conditions:
This issue can very rarely be seen if the link flaps down then up for a very short time interval.
Workaround:
Configuring "carrier delay up 250" on the linecard Ethernet interfaces ensures that any link up events are delayed long enough to ensure that the link down flap will always be seen by the system but without affecting the time taken for FRR protection.
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 3.7.0.BASE, 4.1.2.FWDG |
|
Known Fixed Releases: * | 5.1.3, 5.1.3.11i.BASE, 5.1.3.11i.FWDG, 5.1.4, 5.2.1.20i.BASE, 5.2.1.20i.FWDG, 5.2.2.8i.BASE, 5.2.2.8i.FWDG, 5.3.0.1i.BASE, 5.3.0.1i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv37017 | Title: | PCE created SRTE up when midpoint router is down |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Mid point node failure is not resulting in path failure . The tunnel remains remains up even with mid point router failure.
Conditions:
Mid point node or link failure of a multi-hop Segment routing TE tunnel
Workaround:
Further Problem Description:
Path validation fails for a PCE initiated tunnel
|
|
Last Modified: | 22-AUG-2015 |
|
Known Affected Releases: | 5.3.2.MPLS |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut47784 | Title: | [NCS4K-2H-W] RTRV-OTL show OPR values in wrong way |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When RTRV-OTL command is executed, OPR values were being displayed improperly, with next lane data merging with the one before. Also rtrv-otl for specific fac was displaying invalid aid response.
Conditions:
On scapa node with DWDM LC and traffic up and running, execute RTRV-OTL command to retrieve optics lane data.
Workaround:
None
Expected Resolution: Will be given in later release after 5.2.4.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv34536 | Title: | Issue in creating tengig port with GFPF termination on odu2 controller |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Issue in creating tengig port with GFPF termination on odu2 controller
Conditions:
Issue in creating tengig port with GFPF termination on odu2 controller
Workaround:
Further Problem Description:
For GFPF termination scenario ,we are facing following issue while bringing up the interface with ODU2 controller.
Ten gig gfpf terminated interfaces are not coming up whereas same is working for odu4 . We tried all possible workaround like commit replace followed by router reload & fresh config. Changed the port / pluggable on router but no result.
RP/0/RP0:ios#show interfaces brief
Wed Jul 15 04:54:24.047 UTC
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Hu0/6/0/0 up up ARPA 1514 100000
Hu0/6/0/0.100 up up 802.1Q 1518 100000
Hu0/6/0/0.200 up up 802.1Q 1518 100000
Te0/6/0/2 up up ARPA 1514 10000
Te0/6/0/2.10 up up 802.1Q 1518 10000
Te0/6/0/3 up up ARPA 1514 10000
Te0/6/0/3.20 up up 802.1Q 1518 10000
Te0/6/0/6 down down ARPA 1514 10000
Mg0/RP0/CPU0/0 admin-down admin-down ARPA 1514 1000000
controller ODU20/6/0/6
terminate ether mapping GfpF
!
controller Optics0/6/0/6
port-mode Otn framing opu2
!
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv69047 | Title: | Version number is not Correct For xspeed lineup |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Version number is not Correct Forxspeed lineup
Conditions:
Version number is not Correct
Workaround:
Correct Version
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.1.3.CE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu08526 | Title: | NCS4K:TIM not getting cleared on NCS4K-24LR-O-S after removing SAPI. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | NCS4K:TIM not getting cleared on NCS4K-24LR-O-S after removing SAPI.
Symptom:
TIM not getting cleared on NCS4K-24LR-O-S after removing SAPI TTI
Conditions:
OTU2 controller on NCS4K-24LR-O-S LC with 2-stage channelization with SAPI TTI as well as OS TTI on OTU2 controller.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv92836 | Title: | LANPHY interface got deleted post power cycle with packet & otn config |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
LANPHY interface got deleted post power cycle with packet & otn config
Conditions:
Workaround:
Further Problem Description:
LANPHY interface got deleted post power cycle with packet & otn config on EDVT2 image.
ontroller Optics0/3/0/0
port-mode Ethernet-packet
!
controller Optics0/3/0/2
port-mode Ethernet-packet
!
controller Optics0/3/0/3
port-mode Ethernet-packet
!
controller Optics0/3/0/4
port-mode Ethernet-packet
RP/0/RP1:ios#show interfaces brief
Tue Aug 25 13:19:21.394 IST
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Hu0/5/0/0 up up ARPA 1514 100000
Te0/5/0/2 up up ARPA 1514 10000
Te0/5/0/3 up up ARPA 1514 10000
Te0/5/0/4 up up ARPA 1514 10000000
Te0/5/0/10 up up ARPA 1514 10000
Te0/5/0/11 up up ARPA 1514 10000
Mg0/RP1/CPU0/0 admin-down admin-down ARPA 1514 1000000
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv65365 | Title: * | Console stuck for almost 10 mins after XR reload |
|
Status: * | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:Console may get stuck and take approximately 10 minutes to recover after IOS XR reload.
Conditions:Executing reload command at IOS XR console.
Workaround:N/A
More Info:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv13818 | Title: | [NCS4K-2H-W] scapa_otn_dwdm_sanity dwdm_odu4_tti_send and expected |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
scapa_otn_dwdm_sanity dwdm_odu4_tti_send and expected
Conditions:
Configure TTI on ODU controller.
Execute show command
Workaround:
NO
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE, 6.0.0.12i.FWDG, 6.0.0.12i.MPLS |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv67370 | Title: | fabio_svr crashed on FP-140G |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
FP-140G gets reloaded.
Conditions:
Have a CRS chassis with FP-140G line card for any of the Line card slots.
Workaround:
None.
Further Problem Description:
fabio_svr process crash is also observed.
Below error logs also observed.
LC/3/3/CPU0:Jul 31 11:48:54.686 EST: pciesvr[69]:%PLATFORM-PCIE-2-ROOT_DEVICE_BUS_CRITICAL : PCI/PCIe Device:
bus/device/function 0/2/0 - Uncorrectable Fatal Error: Surprise Link Down
LC/3/3/CPU0:Jul 3111:48:54.686 EST: pciesvr[69]: %PLATFORM-PCIE-3-ERROR: Bringing down the board via Platform Fault Manager.
LC/3/3/CPU0:Jul 31 11:48:54.686 EST: pciesvr[69]:%PLATFORM-PCIE-6-ROOT_DEVICE_BUS_INFO :PCI/PCIe Device: bus/device/function 0/2/0 - Uncorrectable Non-Fatal Error: Unsupported Request
LC/3/3/CPU0:Jul 31 11:48:54.686 EST: pciesvr[69]: %PLATFORM-PCIE-3-PCI_BUS_ERROR : PCI/PCIe Device: bus/device/function 0/30/0 - PCI Baseline Error:Signaled Target Abort
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus24551 | Title: | parser_server crash on 521 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Seeing parser_server crash on 5.2.1 while executing show running-config prefix-set prefix-setname | be?.
Issue is PI and easily reproducible on all XR platforms.
Symptom:
With the crash, other show commands with respect to bgp, cef were not available to be performed.
For Eg.
show cef, show bgp
Conditions:
show running-config prefix-set OPTION_C_PREFIX_SET | file tftp://223.255.254.254/vidgurur/exec_out_607197941/show_running-config_prefix-set_OPTION_C_PREFIX_SET
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.2.1.BASE, 5.2.3.BASE |
|
Known Fixed Releases: | 5.2.5.22i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu15375 | Title: | SNMP polling failures in Release 4.2.4 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Slow response from MPLS TE MIBS
Conditions:
MPLS TE MIB Polling
Workaround:
Exclude MIBS from SNMP view, although this might not be applicable for most scenarios. Using a wildcard will block other MIBS as well.
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: * | 5.3.2.21i.MPLS, 5.3.3.6i.MPLS, 6.0.0.12i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun76735 | Title: * | interface counters and ifmib stats on CHOCX spas delayed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Serial and Multilink interfaces counters on channelized OC12 and OC48 SPAs are not updated with the expected frequency. In the failed state, the interface counters are updated once every 248 seconds.
In the working case interface statistics are are updated every 30 seconds.
The frequency of the SNMP IFMIB updates are also affected with the IFMIB statistics only being updated once every 248 seconds.
Conditions:
This issue affects interfaces hosted on the channelized SPAs (SPA-1XCHOC12/DS0, SPA-2XCHOC12/DS0 and SPA-1XCHOC48/DS3) on the XR12K and ASR 9000.
The trigger for the issue is not known.
Workaround:
None
Recovery Action: After the statistics collector is in the failed state a reload of the SPA will temporarily recover from the problem.
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 4.1.2.LC |
|
Known Fixed Releases: | 5.1.3.9i.BASE, 5.2.2.19i.BASE, 5.2.3.6i.BASE, 5.3.0.5i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv58313 | Title: | Interfaces get invalid MAC addr if BP EEPROM has MAC addr blk size val 0 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Physical interfaces of PLIM gets assigned with invalid MAC address.
Conditions:
Have CRS with Backplane EEPROM which has MAC Address block size value as zero.
Workaround:
Interfaces can be assigned with manual unique MAC address to bring up.
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.1.4.BASE |
|
Known Fixed Releases: | 5.3.2.20i.BASE, 5.3.3.6i.BASE, 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuo44710 | Title: | Esd Process killed by SIGTERM when TGEN injects UNIcast pax w/ bad SA/DA |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
XR VM reload due to SDR HBLOSS.
The following error message is seen before the reload:
0/RP0/ADMIN0:Aug 11 11:53:42.174 GMT: esd[1880]: %INFRA-ESD-3-SWITCH_FDB_FAILURE : A forwarding database (FDB) operation failure was detected on the RP-SW control ethernet switch. In order to recover, the switch will be reset and the Ethernet Switch Driver process will restart
Conditions:
IOS-XR 5.2.1 is running on NCS6K
Workaround:
Not available.
Check the external devices connected to the MgmtEthernet if they are sending improper traffic.
More Info:
In IOS-XR 5.2.1 if 5 consecutive mac learning errors are received in a 10 second interval on the internal Ethernet switch it will be reset. This is causing the RP reboot.
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.2.1.BASE |
|
Known Fixed Releases: | 5.2.4.6i.BASE, 5.3.1.15i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv75608 | Title: | VZ LE1A - unexpected GCC after deleting them and performing RP OIR |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
unexpected GCC after deleting them and performing RP OIR
Conditions:
GCC interfaces still visible in IM which is deleted and does not exist
Workaround:
NA
Further Problem Description:
EVEN after deleting GCC interfaces , it is visble in IM database
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCus30041 | Title: | Standby node is not ready, RPFO failed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
->After bring up, show redundancy will show no Active partner
RP/0/RP0/CPU0:campbeltown-2r-1#sh red
Redundancy information for node 0/RP0/CPU0:
==========================================
Node 0/RP0/CPU0 is in ACTIVE role
Node 0/RP0/CPU0 has no valid partner
Reload and boot info
----------------------
RP reloaded Fri Dec 19 16:47:52 2014: 6 hours, 24 minutes ago
Active node booted Fri Dec 19 16:47:52 2014: 6 hours, 24 minutes ago
Standby node lost Fri Dec 19 17:46:03 2014: 5 hours, 26 minutes ago
Active node reload ""
Standby node reload "
Conditions:
issue (show redundancy shows no valid partner) could happen
-> multiple restarts of processmgr
Workaround:
Restarting the system lead CM (often on 0/RP0) should recover.
Next step to try is to restart processmgr on all RP's.
Further Problem Description:
->Information regarding case where redundancy will show no partner
CM sends an out-of-order EOOU msg, which should have been removed from txlist upon client disconnect. Because of this, RP Active assumes node down for its partner and takes it from its inventory causing redundancy to show no valid partner
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.2.3.BASE |
|
Known Fixed Releases: | 5.2.5.8i.BASE, 6.0.0.6i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv95821 | Title: | XR vm crash after router reload , after wiping out configuration. |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Conditions:
Workaround:
Further Problem Description:
Enter root-system username: [ 288.961465] SysRq : Emergency Sync
[ 288.961799] SysRq : Trigger a crash
[ 288.962006] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 288.962006] IP:
[ 288.962006] [] sysrq_handle_crash+0x16/0x20
[ 288.962006] PGD 333ace067 PUD 333a97067 PMD 0
[ 288.962006] Oops: 0002 [#1] SMP
[ 288.962006] Modules linked in: fuse ccc_reset iptable_filter ip_tables lowmemorykiller(C) ext3 jbd 8021q mrp garp stp llc sg sd_mod crc_t10dif ixgbevf mdio cisco_nb lcndklm lpc_ich crc32_pclmul mfd_core i2c_i801 ext4 usb_storage jbd2 uhci_hcd virtio_console i2c_core ahci libahci virtio_blkstats fails
virtio_pci
Enter root-system username: virtio_ring virtio dm_mod
[ 288.962006] CPU: 2 PID: 2513 Comm: sh Tainted: G C 3.10.19 #1
[ 288.962006] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 288.962006] task: ffff880342a92480 ti: ffff880335bd8000 task.ti: ffff880335bd8000
[ 288.962006] RIP: 0010:[]
[ 288.962006] [] sysrq_handle_crash+0x16/0x20
[ 288.962006] RSP: 0018:ffff880335bd9e48 EFLAGS: 00010096
[ 288.962006] RAX: 000000000000000f RBX: 0000000000000063 RCX: 0000000000000006
[ 288.962006] RDX: 0000000000000007 RSI: 0000000000000007 RDI: 0000000000000063
[ 288.962006] RBP: ffff880335bd9e48 R08: 0000000000000003 R09: 0000000000028ce0
[ 288.962006] R10: 0000000000000688 R11: 0000000000000ca8 R12: ffffffff81a9b740
[ 288.962006] R13: 0000000000000282 R14: 0000000000000004 R15: 0000000000000000
[ 288.962006] FS: 00007f19a8dcf700(0000) GS:ffff88034fd00000(0000) knlGS:0000000000000000
[ 288.962006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 288.962006] CR2: 0000000000000000 CR3: 0000000333a6f000 CR4: 00000000001407e0
[ 288.962006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 288.962006] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 288.962006] Stack:
9 288.962006] ffff880335bd9e88 ffffffff8131b05stats fails
ffff880335bd9e7
8 Enter root-system username: 0000000000000002
[ 288.962006] fffffffffffffffb 00007f19a8dcd000 ffff880335bd9f40 ffff880335bd9f40
[ 288.962006] ffff880335bd9eb8 ffffffff8131b10a ffff8802b2c7fb80 00007f19a8dcd000
[ 288.962006] Call Trace:
[ 288.962006] [] __handle_sysrq+0x129/0x190
[ 288.962006] [] write_sysrq_trigger+0x4a/0x50
[ 288.962006] [] proc_reg_write+0x43/0x70
[ 288.962006] [] vfs_write+0xdf/0x1e0
[ 288.962006] [] SyS_write+0x5f/0xa0
[ 288.962006] [] tracesys+0xdd/0xe2
90 288.962006] Code: d1 c2 22 00 31 c0 eb ac 90 90 90 90 90 90 90 90 stats fails
Enter root-system username: 90 90 90 55 48 89 e5 0f 1f 44 00 00 c7 05 8d da a1 00 01 00 00 00 0f ae f8 stats fails
Enter root-system username: 04 stats fails
25
Enter root-system username: 00 00 00 00 01 c9 c3 55 48 89 e5 0f 1f 44 00 00 8d 47
[ 289.001908] RIP
[ 289.001908] [] sysrq_handle_crash+0x16/0x20
[ 289.001908] RSP
[ 289.001908] CR2: 0000000000000000
[ 289.001908] ---[ end trace 925f79c4837ef34c ]---
ernel panic
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo00153 | Title: | Umbrella DDTS for CGSE Oversubscription reload issue |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
See release notes for constituent DDTSs
CSCun46334 Oversubscription on CGSE reloads the card when in tandem with CGSE plus
CSCun93688 Remove reset of IngressQ ASIC for OOR condition
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.3.3.BASE |
|
Known Fixed Releases: * | 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 4.0.0, 4.0.1, 4.0.2, 4.0.3 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv96661 | Title: | 6.0 ODFC : Degradations in many areas when compared with 531 FCS image |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Forwarding degradations in 6.0
Conditions:
Starting 7I DT image with Topaz
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh04021 | Title: | XR 12000 which installed SMU CSCtz82638 also send SonetMib Timeout |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:C12K platform takes more than 5 seconds to respond to an SNMP query for sonet medium type OID which leads to the SNMP query to timeout.
Conditions:1.3.6.1.2.1.10.39 related MIB query from the SNMP manager to the SNMP agent (C12k Router)
Workaround:Exclude the specific MIB in the query list.
More Info:
|
|
Last Modified: | 03-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: * | 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.3.0, 4.3.2, 4.3.2.29i.BASE, 4.3.3, 4.3.31 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui97479 | Title: | ipv4_mfwd_partner error messages after reload SMU activation |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Got the ipv4_mfwd_partner/ipv6_mfwd_partner error messages/tracebeck after install act any reload SMU
RP/0/RP0/CPU0:r2#RP/0/RP0/CPU0:Aug 30 20:59:17.069 : ipv4_mfwd_partner[181]: %INSTALL-LIBNOTIFY-7-INTERNAL : Internal error : ipv4_mfwd_partner : (PID=3277) : -Traceback= 7fdfdbfe3469 7fdfdbfe7883 7fdfdbfe516c 452cb9 7fdfdbfe2bbf 7fdfde2075c6 7fdfde20a3f3 7fdfdfb24d11 7fdfdfb221fe 7fdfdfb305bc 4138dd 7fdfd8eaecce
Conditions:
this behavior was observed by install act a reload SMU. It is reproducible
Workaround:
No function impact. The router will be immediately reloaded
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 05-AUG-2015 |
|
Known Affected Releases: | 5.0.0.BASE |
|
Known Fixed Releases: | 5.0.1.14i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty22429 | Title: | Shared secrets logged to debug |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Secret keys and other sensitive data is logged to debug output.
Conditions:
An administrative user needs to be logged in to the device to enable the debugs that will display this information.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.1/2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.3.BASE |
|
Known Fixed Releases: | 4.2.1.21i.BASE, 4.2.1.21i.FWDG, 4.2.3.3i.BASE, 4.2.3.3i.FWDG, 4.3.0.5i.BASE, 4.3.0.5i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd58417 | Title: | Ping with zero retry timeout compromises network security |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
When executing a time with a retry timeout of zero, the line cards in the router may become unresponsive
Conditions:
None
Workaround:
Use command authorization to prevent unprivileged users from using the ping command
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:W/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.8.0.BASE, 3.9.0 |
|
Known Fixed Releases: | 4.2.3.99i.BASE, 4.3.0.25i.BASE, 4.3.0.25i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCts71096 | Title: | Sending crafted TCP packet may block SSH access |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Sending crafted TCP packets may result in the blocking SSH access to the
router.
Conditions:
All other management access mode will continue to work. This issue is
affecting only SSH
Workaround:
restart sshd or tcp processes can workaround this situation
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-3306 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.2.BASE, 4.2.0.BASE |
|
Known Fixed Releases: * | 4.0.11.3i.BASE, 4.0.4, 4.0.4.17i.BASE, 4.1.2, 4.1.2.16i.BASE, 4.2.0, 4.2.0.20i.BASE, 4.2.1, 4.2.2, 4.2.3 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz84369 | Title: | l2fib_mgr memory leak at l2fib_bdxc_add_peers during security attack |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptoms:
Memory leak may occur under certain tcpv6 vulnerability scans.
Conditions:
Workaround:
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/3.7:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C
CVE ID CVE-2012-3892 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.3.0.BASE |
|
Known Fixed Releases: * | 4.3.0, 4.3.0.12i.BASE, 4.3.0.12i.FWDG, 4.3.1, 4.3.2, 4.3.3, 4.3.31, 4.3.4, 4.3.91, 5.1.0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtu17021 | Title: | Externally-controlled format strings in parser/src/shell_parser.c |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.
Conditions:
Device configured with default configuration.
Workaround:
Not applicable or available.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
6.6/5.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:C&version=2.0
CVE ID CVE-2012-0350 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.1.BASE |
|
Known Fixed Releases: | 4.3.0, 4.3.0.9i.BASE, 4.3.1, 4.3.2, 4.3.3, 4.3.31, 4.3.4, 4.3.91, 5.1.0, 5.1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb65503 | Title: | IPv6 ACL: L4 info may be ignored in ACEs in hw match |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
If an IPv6 ACL with ACEs containing L4 operands is configured and applied on an interface, L4 information in the ACL may be ignored resulting in
incorrect operation of the ACL
Conditions:
If an IPv6 ACL with L4 operands is configured on an interface, traffic passing across the interface which is supposed to be filtered by a
corresponding ACE might incorrectly be pass or traffic intended to pass the ACL might be dropped incorrectly.
Example (1):
The IPv6 ACL contains a L4 ACE which filters tcp src port 21.
90 deny tcp host 2000:1000:50:0:0:0:0:9 eq 21 host 2000:1000:51:0:0:0:0:9
If traffic is send with src port 110 to the IPv6 src/dst address pair
2000:1000:50:0:0:0:0:9/2000:1000:51:0:0:0:0:9 it MAY be blocked by ACE 90 because the TCP src port is masked out and erroneously ignored.
Example (2):
40 permit icmp host 2000:1000:60:0:0:0:0:6 host 2000:1000:51:0:0:0:0:3
Because the L4 information is ignored, all traffic matching the src/dst address pair will pass this ACL.
The problem can be observed on IPv6 ACLs with ACEs containing L4 keywords like tcp,udp, icmp etc.
Examples:
30 deny tcp host 2000:1000:50:0:0:0:0:3 eq 3 host 2000:1000:51:0:0:0:0:3
40 permit icmp host 2000:1000:60:0:0:0:0:6 host 2000:1000:51:0:0:0:0:3
50 permit udp host 2000:1000:50:0:0:0:0:3 eq 43 host 2000:1000:51:0:0:0:0:3
The problem is independent of the number of ACEs because the issue is due to the ACL compression algorithm that applied. If L4 information is
configured in the ACE, it MAY get masked during the packet lookup operation as a result of certain bit positions being filled in the source address.
Workaround:
None.
Further Problem Description:
This vulnerability is not seen on IPv4 ACLs.
An attacker has no control over what would be or not be permitted through the ACL (when it should be denied), as the vulnerability is caused by
the ACL compression algorithm, that is applied, so not all ACL entries are affected.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.8/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=&version=2.0
dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
CVE ID CVE-2011-2065 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.8.1.BASE |
|
Known Fixed Releases: | 3.8.2.11i.LC, 3.9.0.22i.LC, 4.1.0.2i.FWDG, 4.1.0.4i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtr62428 | Title: | infralibxml2 libraries must be upgraded or patched |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Cisco IOS-XR may include a version of infralibxml2 that may be vulnerable to published vulnerabilities that are documented in the following CVE
IDs:
CVE-2010-4008, CVE-2009-2416, CVE-2009-2414, CVE-2008-4226, CVE-2008-4225, CVE-2008-3529, CVE-2008-3281
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional information about the specific vulnerabilities listed above including condition and possible workarounds can be found by looking at
the description of each CVE at :
http://cve.mitre.org/cve
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 9/8.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2010-4008, CVE-2009-2416, CVE-2009-2414, CVE-2008-4226, CVE-2008-4225, CVE-2008-3529, CVE-2008-3281 has been assigned to document this
issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.0.1.BASE |
|
Known Fixed Releases: | 4.3.0.17i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx34345 | Title: | Traversal of path possible outside of node's filesystem |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
User can access files outside of local nodes file-system and hence can perform path traversal attacks.
Conditions:
Default configuration.
Workaround:
No workarounds are available.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-1356 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.1.BASE, 4.1.2.BASE, 4.2.1.BASE |
|
Known Fixed Releases: * | 4.2.3, 4.2.3.28i.BASE, 4.2.4, 4.3.0, 4.3.0.19i.BASE, 4.3.1, 4.3.2, 4.3.3, 4.3.31, 4.3.4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty50102 | Title: | Unprivileged users can set system time |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
User with basic-services (EXECUTE), e.g. operator, in excess of their authority can set the system time.
Conditions:
Default configuration.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | 4.2.3.28i.BASE, 4.3.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty50104 | Title: | Arbitrary file read through certain CLI commands |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
User with basic-services can read arbitrary files by invoking certain commands on the system.
Conditions:
Default configuration.
Workaround:
There are no workarounds available to mitigate this issue.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.4/3.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:C/I:N/A:N/E:POC/RL:OF/RC:C&version=2.0
CVE ID CVE-2012-3046 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | 4.2.3.99i.BASE, 4.3.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCts77740 | Title: | Netio crash while deactivating packages |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
NETIO crashes when deactivating security package even when there is no ACL configured on RP.
Conditions:
Deactivating security package.
Workaround:
The crash was called by wdsysmon due to NETIO main thread and acl thread deadlock. It shall
recover by itself after NETIO restarts.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.4/1.2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:M/C:N/I:N/A:P/E:U/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.0.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty50123 | Title: | CLI sftp command can be leveraged to clobber local files |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
CLI sftp command can be leveraged to clobber local files
Conditions:
User invoking the sftp command.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.3:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: * | 4.2.1, 4.2.1.24i.BASE, 4.2.2, 4.2.3, 4.2.3.7i.BASE, 4.2.4, 4.3.0, 4.3.0.6i.BASE, 4.3.1, 4.3.2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz35275 | Title: | ISIS - IOS-XR Accepts and Forwards 255.255.255.255/32 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
A device running Cisco IOS XR configured for ISIS accepts a broadcast address (255.255.255.255/32) as a route and places the route in its route
table. When this route is accepted from a routing update, a partial denial of service condition for broadcast traffic may be experienced. Unicast
and/or multicast traffic is not affected. These are the same symptoms as described in CSCty20493.
Conditions:
This issue has been confirmed in Cisco ASR 9000 Series and Cisco CRS devices configured for ISIS.
Note: Cisco IOS Software and Cisco IOS-XE Software are not affected.
Workaround:
A valid workaround is to filter all incoming route advertisements that include 255.255.255.255/32.
This route is also part of the Bogon list and should be blocked by most service providers. A bogon prefix is a route that should never appear in
the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source
address in a bogon range. These are commonly found as the source addresses of DDoS attacks.
Bogons are defined as Martians (private and reserved addresses defined by RFC 1918 and RFC 5735) and netblocks that have not been allocated to a
regional internet registry (RIR) by the Internet Assigned Numbers Authority. Fullbogons are a larger set which also includes IP space that has
been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user. IANA maintains a convenient IPv4 summary page listing
allocated and reserved netblocks, and each RIR maintains a list of all prefixes that they have assigned to end-users.
More information about Bogons is posted at Team Cymru's website at:
http://www.team-cymru.org/Services/Bogons/http.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:W/RC:C&version=2.0
CVE ID CVE-2012-0379 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.1.BASE |
|
Known Fixed Releases: * | 4.3.0, 4.3.0.17i.ROUT, 4.3.1, 4.3.2, 4.3.3, 4.3.31, 4.3.4, 4.3.91, 5.1.0, 5.1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCti59888 | Title: | CRS-1, 3.8.4, 100% CPU due to NETIO and IPV4_IO |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
100% CPU consumption by Netio and ipv4_io processes. No evidence of high amount of any
exception traffic entering the router or leaving the router.
Conditions:
IPv4 subnet broadcast packet with options (RA, timestamp, etc), generated from the router or
received on an interface, can cause this problem.
Possible triggers are extended ping with options or a mtrace command (which uses RA option), if
they specify a subnet broadcast address as destination.
Workaround:
Restart the netio and ipv4_io processes.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 5.0/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-3295 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.8.4.BASE, 3.9.1.BASE |
|
Known Fixed Releases: * | 3.9.3, 3.9.3.5i.BASE, 4.0.1, 4.0.1.20i.BASE, 4.0.2, 4.0.2.2i.BASE, 4.0.3, 4.0.4, 4.1.0, 4.1.0.17i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue04000 | Title: | te_control process crash |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Dump request for process pkg/bin/te_control.
Conditions:
Affects Cisco IOS XR versions Release 3.9.0 to releases prior to 4.3.0.
The affected code path becomes obsolete in 4.3.0 due to a code
re-organization (which is why this bug is in C state).
A device receiving specific types of RSVP messages, will cause the TE
Control process to restart, if the TE process exists.
These RSVP messages are to signal GMPLS tunnel. TE process will restart
only if the tail-end of the GMPLS tunnel is not the receiving node.
The TE process is created when either of the following commands exist on
the device:
- interface tunnel-te, tunnel-mte, tunnel-gte, tunnel-tp
- mpls-traffic-eng and/or any submode config under mpls traffic-eng
Workaround:
If the device is not requiring TE packets to traverse, admin can
configure an ACL to drop these packets:
Configure an ACL to deny any TE tunnel create request coming from
specific source address. Then attach this ACL to RSVP.
e.g.
ipv4 access-list block_host
100 deny ipv4 host A.B.C.D any
rsvp signalling prefix-filtering access-list block_host
This will block any TE tunnel request coming from host A.B.C.D on any
interface. This is done by blocking RSVP Path message that carries tunnel
create request. Messages will be dropped in the RSVP process.
Please note that packets denied by the ACL will not get to the RSVP process.
More Info:
The affected code path becomes obsolete in 4.3.0 due to a code re-organization.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2013-1162 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1162
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: | 4.3.0.36i.MPLS, 4.3.1.32i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz35272 | Title: | OSPF - IOS-XR Accepts and Forwards 255.255.255.255/32 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
A device running Cisco IOS XR configured for OSPF accepts a broadcast address (255.255.255.255/32) as a route and places the route in its route
table. When this route is accepted from a routing update, a partial denial of service condition for broadcast traffic may be experienced. Unicast
and/or multicast traffic is not affected. These are the same symptoms as described in CSCty20493.
Conditions:
This issue has been confirmed in Cisco ASR 9000 Series and Cisco CRS devices configured for OSPF.
Note: Cisco IOS Software and Cisco IOS-XE Software are not affected.
Workaround:
A valid workaround is to filter all incoming route advertisements that include 255.255.255.255/32.
This route is also part of the Bogon list and should be blocked by most service providers. A bogon prefix is a route that should never appear in
the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source
address in a bogon range. These are commonly found as the source addresses of DDoS attacks.
Bogons are defined as Martians (private and reserved addresses defined by RFC 1918 and RFC 5735) and netblocks that have not been allocated to a
regional internet registry (RIR) by the Internet Assigned Numbers Authority. Fullbogons are a larger set which also includes IP space that has
been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user. IANA maintains a convenient IPv4 summary page listing
allocated and reserved netblocks, and each RIR maintains a list of all prefixes that they have assigned to end-users.
More information about Bogons is posted at Team Cymru's website at:
http://www.team-cymru.org/Services/Bogons/http.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:W/RC:C&version=2.0
CVE ID CVE-2012-0379 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.1.1.BASE |
|
Known Fixed Releases: * | 4.3.0, 4.3.0.25i.ROUT, 4.3.1, 4.3.2, 4.3.3, 4.3.31, 4.3.4, 4.3.91, 5.1.0, 5.1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu28453 | Title: | No XML Schema for Config RAW-Dir,NumThread,RecvQ |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
No XML Schema for Config RAW Dir,NumThread,RecvQ
Conditions:
When RAW_IP xml schema is applied
Workaround:
None
Further Problem Description:
NA
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut91822 | Title: | sh mpls label table should only show SRGB start label entry |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
"show mpls label table" shows a line for each label in the SRGB. This is only cosmetic and has no impact on the functionality
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.1.MPLS |
|
Known Fixed Releases: * | 5.3.2.17i.FWDG, 5.3.3.3i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut68234 | Title: | No XML Schema for Config TCP-AcceptRate,Dir,NumThread,RecvQ,Throttle |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
No XML Schema for Config TCP-AcceptRate,Dir,NumThread,RecvQ,Throttle etc
Conditions:
When tcp xml schema is applied
Workaround:
No work around
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut68312 | Title: | No XML Schema for Config UDP - Directory,Num-Thread,ReceiveQ |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
No XML Schema for Config UDP Dir,NumThread,RecvQ
Conditions:
When udp xml schema is applied
Workaround:
None
Further Problem Description:
NA
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: * | 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu87899 | Title: | clear tcp pcb 0x unexpectedly clears all tcp connexions |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
clear tcp pcb 0x unexpectedly clears all established tcp connections
Conditions:
All time when clear tcp pcb 0x0 is applied
Workaround:
Not applicable
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 3.4.2.BASE, 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.2.15i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun28108 | Title: | %MGBL-NVGEN-3-ERR_SYSDB_BIND message seen after upgrade |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
A log message similar to that shown below is displayed after ISSU and chassis reload:
RP/0/RP0/CPU0:Feb 21 08:55:28.259 : nvgen[342]: %MGBL-NVGEN-3-ERR_SYSDB_BIND : sysdb_bind: /cfg/gl/a/nvgen/maskformat/cidr 'Subsystem(259)' detected the 'try again' condition 'Code(33)'
Conditions:
Workaround:
None known
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.2.0.BASE, 5.2.2.BASE, 5.3.0.BASE |
|
Known Fixed Releases: * | 5.3.2.15i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh61065 | Title: | "show LLDP neighbors" trunck the device name if the device name has "." |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
"show LLDP neighbors" truncates the device name if the device name has "."
Conditions:
if the neighbor device has "." in the name, the "show LLDP neighbors" only shows the characters before the "." and the characters after "." will be ignored.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE, 4.3.3.BASE, 6.0.0.BASE |
|
Known Fixed Releases: * | 5.1.0, 5.1.0.13i.FWDG, 5.1.1, 5.1.11, 5.1.12, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut42822 | Title: | Issue with ipv6-nd operational data representation in sysdb |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
sysdbcon:[m]/> ls oper/ipv6-nd/node/1/cache/interfaces
[bag] 'BVI22'
[bag] 'Bundle-Ether61'
[bag] 'Bundle-Ether62'
[bag] 'Bundle-Ether71'
[bag] 'Bundle-Ether72'
Conditions:
Having interfaces ipv6 enabled.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.2.12i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu68362 | Title: | 532 tunnel remain up after change invalidation drop to default tear |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
srte tunnel remain up even invalidation timer expired
Conditions:
only happen if transit invalidation drop configure to default tear configure
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.2.MPLS |
|
Known Fixed Releases: * | 5.3.2.17i.MPLS, 5.3.3.3i.MPLS, 6.0.0.10i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue48578 | Title: | Unable to telnet in VRF with a 32 characters name |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | The supported character length of a vrf name is 32, however this is not accepted by telnet.
RP/0/RSP0/CPU0:router#telnet vrf here__my_length_is_32_characters 1.2.3.4
telnet: Invalid vrf table name
Working fine with 31 characters:
RP/0/RSP0/CPU0:router#telnet vrf here_my_length_is_31_characters 1.2.3.4
Trying 1.2.3.4...
Symptom:
VRF name of 32 characters is not accepted and given error as "Invalid VRF table name"
Conditions:
VRF name of 32 char length
Workaround:
No workarounds
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: * | 5.2.5.3i.FWDG, 5.3.2.17i.FWDG, 5.3.3.3i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu30641 | Title: | SSTE: %PKT_INFRA-HFR_PFI-3-INFRA_ERROR seen after OIR |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
PKT_INFRA-HFR_PFI-3-INFRA_ERROR messge seen.
Conditions:
Issue seen after LC OIR
Workaround:
This is a transient condition during LC bootup. During bootup, while interface is getting created, process like fib_mgr/mrib process query information about the interface. Since the interface is in the process of getting created, the error messages are logged. There is no impact on functionality and the messages stop once the interfaces are created.
Further Problem Description:
NA
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE, 5.3.2.BASE |
|
Known Fixed Releases: * | 5.3.2.12i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu41542 | Title: | The ARP process running on a line card did not signal EOI after a reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The ARP process running on a line card may not signal EOI after router reload.
Conditions:
This issue is seen on a NCS6K router booted with Cisco IOS XR version 5.3.2-09i.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: * | 5.3.2.17i.FWDG, 5.3.3.3i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv02627 | Title: | clear tcp nsr pcb 0x unexpectedly clears NSR for TCP all sessions |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
clear tcp nsr pcb 0x0 unexpectedly clears NSR for already established tcp connections.
Conditions:
All time when clear tcp nsr pcb 0x0 is applied
Workaround:
Not applicable
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: * | 5.3.2.15i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu17145 | Title: | Constant disconnects between lsd and ldp |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
User will see that system takes a long time to get NSR ready. Also, there will be high number of disconnects/reconnects between active+standby LDP and LSD. This can be reviewed using "show mpls lsd applications private" command.
Conditions:
The issue occurs in multi-chasis setup where LSD and LDP reside on different chasis e.g. LSD running on 0/RP0/CPU0 and LDP running 7/RP0/CPU0. Also the issue occurs when LDP is running on a very high scale of 20K to 30K local labels or more, which is much higher than the scale supported by LDP.
Workaround:
Reduce the LDP scale to bring it within supported numbers.
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.2.0.MPLS, 5.3.1.MPLS, 5.3.2.BASE |
|
Known Fixed Releases: * | 5.3.2.14i.FWDG, 5.3.2.14i.MPLS, 6.0.0.10i.FWDG, 6.0.0.10i.MPLS |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu99173 | Title: | LDP Interface Re-Ordering seen in show run after upgrade to 5.3.1 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
LDP Interface Re-Ordering seen in show run after upgrade to 5.3.1
Conditions:
After upgrade to R5.3.1
Workaround:
None. There is no impact
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.2.15i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu58510 | Title: | G8032: Handle PFI Protect and missing state notifications better |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
G8032 Ports can be stuck in Blocked/inconsistent state
Conditions:
This issue can affect G.8032 ethernet ring protection in IOS-XR releases from 5.2.0 until 5.3.1. It is fixed in 5.3.2 & beyond.
The issue may occur following rapid interface flapping which causes the erp_ctrl process to get out of sync with the interface state & believe an interface is still down when it should be up.
This has been observed in the following scenario:
- Ethernet OAM is configured along with G8032
- Ethernet CCM packets being dropped causing interface flaps
Workaround:
The user can work around the issue by configuring a non-zero hold-off time:
RP/0/0/CPU0:ios(config-g8032-ring-profile)#timer hold-off ?
<0-10> seconds
If the user does not wish to use a hold-off time, the user can resolve the issue (but not work around it) by restarting the erp_ctrl process if they encounter the issue.
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 5.2.0.CE |
|
Known Fixed Releases: * | 5.3.2.12i.BASE, 5.3.2.12i.FWDG, 6.0.0.10i.BASE, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus98825 | Title: | Around 300msec of transient traffic drop is seen in ASIC reset. |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When the ASIC power on reset happens on fabric card, it is taking traffic drop for 300 ms which is not expected
Conditions:The ASIC power on reset on fabric card, trigger the traffic drop for 300 ms.
Workaround:The issue is under investigation.
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut59867 | Title: | fpd upgrade fails when active admin reloaded and released after 20 mins. |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Power Module FPD upgrade times out and these FPDs go into 'UPGD FAIL' state, when 'upgrade hw-module location 0/PT0 fpd all force' is issued.
Conditions:
The RP node, where the upgrade command goes for a reload during the upgrade process.
Workaround:
Upgrade power modules one by one would help alleviate this issue.
Further Problem Description:
An upgrade of individual Power Module FPDs should be attempted to perform the FPD upgrade.
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu21661 | Title: | Show hw-module FPD shows only entries for First Line card |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:'show hw-module fpd' command displays FPD information of only a few line cards when executed for the first time after system boot up.
But displays the information for all the line cards for subsequent runs.
Conditions:When the 'show hw-module fpd' command is executed for the very first time upon system bootup.
Workaround:None.
More Info:Sometimes, there is a slight delay in the updation of internal cache of FPD information at the FPD server, for all line cards/ancillary after the system boots up.
Subsequeny runs of this command would display the complete information.
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu24228 | Title: | CTC stuck and memory full |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Memory bar in CTC will fluctuate and sometimes goes to red resulting slow response of CTC.
Conditions:
This is intermittent and occurs when more than 4 nodes are connected and CTC has been launched for sometime.
Workaround:
To manually configure garbage collector as java option:
-XX:+UseParallelGC
-XX:+UseParallelOldGC
and restart CTC
Further Problem Description:
Expected Resolution : This will be fixed in 6.0.0 release
Reproducibility (%) : 25%
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur61928 | Title: | FIA show CLIs accept and give o/p for location in LC card slot format |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:FIA CLIs accept physical slot number instead of LC VM and also accepts non existing LC VM locations.
Conditions:while executing "show controller fia xxx" commands
Workaround:Expected Resolution: Please check with the support engineer for information on which release(s) this bug is expected to be fixed.
This issue can only be fixed after getting the fix for one other issue.
Reproducibility (%):100%
More Info:
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.3.BASE, 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut69687 | Title: | [NCS4K-20T-O-S] sub controller in preconfig after XR VM kill - single RP |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
After killing XR-VM at host-OS Level, Traffic is not restored even after XR_VM comes UP again.
Conditions:
1. In a single RP system, Set up EW configuration
using NCS4K-2H-W, NCS4K-20T-O-S line cards.
2. Pass 10GE+OTU+1GE traffic through EW configuration as channelized traffic.
3. From Calvados console ,execute the following commands:
ps -x | grep sdr--1
kill
4. Wait for XR-VM to come up again
Workaround:
Workaround:Power Cycle
Expected Resolution: This issue will be fixed in next release.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.ADMIN, 5.2.4.BASE, 5.2.4.FWDG, 5.2.4.K9SEC, 5.2.4.LC, 5.2.4.MCAST, 5.2.4.MGBL, 5.2.4.MPLS, 5.2.4.ROUT, 5.2.4.TOOLS |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut50868 | Title: | Storing Bulk profile from CTC to Node getting failed |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The issue occurs when user tries to store path protection profile on a node having no MPLS traffic
Conditions:
Create a path protection profile on a node having no MPLS traffic. Store the profile on same node.
Workaround:
First enable the MPLS traffic and then create and store path protection profile on the node
Expected Resolution :- Fix shall be available in 6.0 release
Reproducibility(%) - 100%
Further Problem Description:
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus43778 | Title: | sonet/sdh bandwidth checks are incorrect for hyphy |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
when ever there is no bandwidth available for controllers creation.
Conditions:
Configurations should be present on port 0,3, 9 on card.
Create otu2 on port 10 will throw an xml exception
Workaround:
Workaround: Error message can be seen thorugh CLI, do configuration through CLI.Bandwidth exceeded msg will be shown.
Further Problem Description:
Expected Resolution:Fix will be available in next release 6.0.0
Reproducibility (100%):
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut48001 | Title: | [NCS4K-2H-W] stuck LOS alarm |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Stuck LOS alarm
Conditions:
1) Configure 2x TXP at DWDM with 100GE payload.
2) Traffic is error free
3) Delete 2x TXP
4) Configure 2x TXP at DWDM with OTU4 payload.
5) Traffic is error free
6) unexpected stuck LOS alarm reported at Client1
Workaround:
Process restart
Reproducibility (%): Seen once
Further Problem Description:
|
|
Last Modified: | 10-AUG-2015 |
|
Known Affected Releases: * | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun67791 | Title: | IOS XR Software Malformed SNMPv2 Packet Denial of Service Vulnerability |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A vulnerability in SNMP version 2 processing of Cisco IOS XR could allow an authenticated, remote attacker to cause a reload of the SNMPd process on the affected device.
The vulnerability is due to improper parsing of a malformed SNMP version 2 packet. An attacker could exploit this vulnerability by sending a malformed RSVP packet to be processed by an
affected device. An exploit could allow the attacker to cause a reload of the SNMPd process on the affected device.
Conditions:
SNMPd configured.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.3:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2014-3377 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.2.0.BASE, 5.2.1.BASE |
|
Known Fixed Releases: | 5.1.3.8i.BASE, 5.2.2.7i.BASE, 5.3.0.1i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq95565 | Title: | ipv6_io crash with malformed IPv6 packet |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A vulnerability in ipv6 processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the ipv6_io service.
The vulnerability is due to improper processing of malformed IPv6 packet by a device configured to process such packets. An attacker could exploit this vulnerability
by sending a malformed IPv6 packet to be processed by a device that is configured for IPv6. An exploit could allow the attacker to cause a reload of the ipv6_io
service.
Conditions:
Cisco IOS XR device is configured to process IPv6 protocol packets.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-4191 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description:
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.2.1.BASE |
|
Known Fixed Releases: | 5.2.21.1i.FWDG, 5.2.3.13i.FWDG, 5.2.4.1i.FWDG, 5.3.0.20i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus96976 | Title: | CRS sends wrong NetFlow template corrupting Peakflow statistics |
|
Status: * | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
Netflow collector experience traffic peaks
Conditions:
Netflow for MPLS traffic deployment
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 4.1.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun75294 | Title: | Cisco IOS XR SSH Login Vulnerability |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A vulnerability in OpenSSH module of the Cisco IOS XR Software could allow an "authenticated",
remote attacker to cause the SSH login process to reset unexpectedly.
The vulnerability is due to improperly input validation of the channel identifier with the SSH
handshake negotiation . An attacker could exploit this vulnerability by initiating a SSH session with
the device and sending a crafted SSH packet in the negotiation with an invalid channel identified.
An exploit could allow the attacker to reset the SSH login process causing a partial denial of service
(DoS) condition.
Conditions:
Device running with SSH in the configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
4/3.3:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-4193 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.2.0.BASE |
|
Known Fixed Releases: | 5.1.3.15i.BASE, 5.2.0.20i.BASE, 5.2.2.8i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCth96816 | Title: | TCP process crashed after receiving a malformed packet |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Cisco IOS XR TCP process may crash when receiving a specially crafted TCP packet.
Conditions:
This vulnerability has been observed once only and has not been able to be consistently reproduced.
The vulnerability was found by further code inspection.
Workaround:
None.
Further Problem Description:
Vulnerability has not been able to be recreated after first observed. Should more information become
available about exact conditions for exploitation, Cisco PSIRT will review the vulnerability and
associated CVSS Scoring. Currently it is believed that this depends on several conditions, that are not
controllable to be exploited.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS
scores as of the time of evaluation are 2.6/2.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:H/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 12-AUG-2015 |
|
Known Affected Releases: | 3.9.2.BASE |
|
Known Fixed Releases: | 3.9.2, 3.9.2.19i.BASE, 3.9.3, 4.0.1, 4.0.1.11i.BASE, 4.0.1.11i.FWDG, 4.0.2, 4.0.3, 4.0.4, 4.1.0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus75859 | Title: | Tomahawk: Add IPv6 MPLS LER TE-FRR Ready fix |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
IPv6 Tomahawk MPLS FRR ready performance fix
Conditions:
IPv6 Tomahawk MPLS FRR ready performance impact
Workaround:
no workarounds
Further Problem Description:
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.1.20i.BASE, 5.3.1.20i.FWDG, 5.3.3.5i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut05055 | Title: | mibd_entity crash on upgrade from 424 to 531-18I |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
mibd_entity process crash
Conditions:
doing Tap2Mib set operations & polling mempoolmib.
Workaround:
process will recover by itself within mins
Further Problem Description:
This is purely timing issue, where mempool OID gets timeout & same handle used for tap2mib set operation. This is very corner case to hit.
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.2.19i.BASE, 5.3.3.5i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut80237 | Title: | After DPA OIR (stop/start uvf) the acl ipv6 match counters not hit |
|
Status: * | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
I have one tc to do the DPA OIR. I used stop and start uvf:
[uvf:~]$ ./stopmucode.sh
uvf stop/waiting
[uvf:~]$ ./startmucode.sh
After restarting uvf, the traffic can recover, and I can see acl ipv4 hardware counter matches. But ipv6 acl seems not there (Vnc: ott2lab-as3:5/spirit)
P/0/RP0/CPU0:ott-ss-dt-08A-uut#sh run int TenGigE0/RP0/CPU0/2
interface TenGigE0/RP0/CPU0/2
description interface7 -> ott-ss-dt-08A-r1:Te0/0/0/0
mtu 1514
service-policy input BFI1_1_in
service-policy output BFI1_1_out
ipv4 address 91.1.0.1 255.255.255.0
ipv4 verify unicast source reachable-via any allow-self-ping
ipv6 verify unicast source reachable-via any allow-self-ping
ipv6 address 901:a01:1::1/112
load-interval 30
ipv4 access-group passv4inBFI1_2 ingress hardware-count
ipv4 access-group passv4outBFI1_2 egress hardware-count
ipv6 access-group passv6inBFI1_2 ingress
ipv6 access-group passv6outBFI1_2 egress
!
RP/0/RP0/CPU0:ott-ss-dt-08A-uut#show access-lists ipv6 passv6outBFI1_2 hardware egress location 0/RP0/CPU0
ipv6 access-list passv6outBFI1_2
10 permit ipv6 host 1009:a01:1::2 host ff06::e100:2 fragments
20 permit tcp host 1009:a01:1::2 gt 2000 host ff06::e100:2 eq 800
30 permit tcp host 1009:a01:1::2 gt 2001 host ff06::e100:2 eq 801
40 permit tcp 2000::5:0/112 lt 1000 any eq 802
50 permit tcp host 1009:a01:1::2 lt 2002 host ff06::e100:2 eq 803 ack
60 permit tcp host 1009:a01:1::2 lt 2003 host ff06::e100:2 eq 804 psh
70 permit tcp host 1009:a01:1::2 lt 2004 host ff06::e100:2 eq 805 rst
80 permit tcp host 1009:a01:1::2 lt 2005 host ff06::e100:2 eq 806 syn
90 permit tcp host 1009:a01:1::2 lt 2006 host ff06::e100:2 neq 807 established
100 permit tcp host 1009:a01:1::2 lt 2007 host ff06::e100:2 range 8000 9000 fin
110 deny tcp host 1009:a01:1::2 lt 2008 host ff06::e100:2 eq 809 syn
120 permit tcp host 1009:a01:1::2 lt 3002 host ff06::e100:2 eq 903 ack authen
130 permit tcp host 1009:a01:1::2 lt 3003 host 2000::58:7 eq 904 ack routing
140 deny tcp host 1009:a01:1::2 lt 3004 host 2000::58:7 eq 905 ack dscp cs4 log
150 permit tcp host 1009:a01:1::2 lt 3005 host ff06::e100:2 eq 906 ack dscp cs3
160 permit tcp host 1009:a01:1::2 lt 3006 host ff06::e100:2 eq 907 ack
170 permit ipv6 host 1009:a01:1::1:3 host ff06::e100:2 routing
180 permit ipv6 host 1009:a01:1::2:3 host ff06::e100:2 authen
190 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 routing authen fragments
200 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 routing authen
210 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 authen fragments
220 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 routing fragments
230 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 authen
240 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 routing
250 permit ipv6 host 1009:a01:1::3:3 host ff06::e100:2 fragments
260 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 routing authen fragments
270 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 routing authen
280 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 authen fragments
290 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 routing fragments
300 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 authen
310 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 routing
320 deny ipv6 host 1009:a01:1::3:3 host ff06::e103:3 fragments
330 permit ipv6 host 1009:a01:1::4:3 host ff06::e104:3 authen fragments
340 permit ipv6 host 1009:a01:1::4:3 host ff06::e104:3 routing fragments
350 permit ipv6 host 1009:a01:1::4:3 host ff06::e104:3 routing authen
360 permit ipv6 host 1009:a01:1::4:3 host ff06::e104:3 dscp cs1
370 permit ipv6 host 1009:a01:1::5:3 host ff06::e104:3 routing authen fragments
380 permit ipv6 host 1009:a01:1::5:3 host ff06::e104:3 dscp cs2
390 permit ipv6 host 1009:a01:1::4:3 host ff06::e104:3 dscp default
40
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv11184 | Title: | PIM S,G join not sent when PIM neighbor IP changes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
PIM S,G joins may not be sent to the PIM neighbor
Conditions:
The problem may be observed when the PIM neighbor IP address changes
Workaround:
Reducing the PIM hello timers may help reduce the impact of this particular problem
Further Problem Description:
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 4.3.4.CE |
|
Known Fixed Releases: * | 5.3.2.18i.MCAST, 5.3.3.3i.MCAST, 6.0.0.11i.MCAST |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur57918 | Title: | CSDL: ospfv3 process crashed by running CLI show ospfv3 database |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ospfv3 process crash during the execution of the command 'show ospfv3 database
Conditions:
This is a day 0 vulnerability affecting all platforms running IOS XR.
Workaround:
Display only the required or known LSAs by giving the command
show ospfv3 database
show ospfv3 database adv-router
show ospfv3 database
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
1.5/1.2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description:
|
|
Last Modified: | 13-AUG-2015 |
|
Known Affected Releases: | 5.3.0.BASE |
|
Known Fixed Releases: | 5.2.4.10i.ROUT, 5.2.5.4i.ROUT, 5.3.1.10i.ROUT, 6.0.0.5i.ROUT |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus76562 | Title: | High LC CPU in netio and ipv6_io |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | <B>Symptom:</B>
High CPU on LC CPU caused by netio and ipv6_io
RP/0/RSP0/CPU0:Tugela#top dumbtty lo 0/0/cpu0
Tue Feb 3 10:09:01.024 CET
Computing times...176 processes; 808 threads;
CPU states: 67.5% idle, 32.0% user, 0.4% kernel
Memory: 8192M total, 5688M avail, page size 4K
Time: Tue Feb 03 10:09:03.904 CET
JID TID LAST_CPU PRI STATE HH:MM:SS CPU COMMAND
272 3 3 10 Run 12:40:22 14.23% netio
243 1 2 10 Rcv 0:45:01 12.91% ipv6_io
<B>Conditions:</B>
ipv6 enabled on interface and specific packet received
This is generic to all IOS-XR systems. Especially ASR9k and CRS
<B>Workaround:</B>
Restart process ipv6_io
or can be prevented by ipv6 unreachable disable
proc restart ipv6 will not impact current ipv6 peerings. by proc restart, we could get rid of the current packet being looped in the system, however, if we are keep
getting the same/similar packet, the cpu usage will keep high.
In that case we need to dig into the system to figure out the source of the packet, and shut the source.
Or find out the packet being looped, write up a ACL to block this certain type of packet.
<B>Further Problem Description:</B>
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.3/2.7:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE, 5.2.1.BASE |
|
Known Fixed Releases: | 5.3.2.11i.FWDG, 6.0.0.5i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu80195 | Title: | Spurious interrupts getting raised from ELM for SEU and prog_err |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Spurious interrupt error log messages for elm_seu_intr and elm_prog_err_interrupt on the console.
Conditions:
Have CRS router with PRP cards for RP slots. This issue is observed for random PRP boards.
Workaround:
None.
Expected Resolution: 6.0 release version.
Further Problem Description:
|
|
Last Modified: | 16-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: * | 6.0.0.11i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu11949 | Title: | BGP GR stale entry not purged on getting BFD down |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
BGP receives a GR reset, as part of that event, it retains the stale routes. Immediately following the GR reset BGP also receives a non-GR reset (BFD Down) in this case & the stale routes are not purged.
Conditions:
Peer needs to be GR capable and BGP on the UUT needs to get back 2 back reset, first one being GR reset and second one being non-GR reset.
This has been only seen when ACL is applied to simulate the condition of link going down & has not otherwise been reported.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: | 4.3.2.ROUT, 5.1.3.ROUT |
|
Known Fixed Releases: * | 5.2.5.22i.ROUT, 5.3.2.13i.ROUT, 6.0.0.6i.ROUT |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu34060 | Title: | sfe register-dump doesn't work as expected for 'location all' |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
You won't get the output for one instance of each location for "show controller sfe register-dump" command for location "all".
Conditions:
In all conditions
Workaround:
NA
Reproducibility (%): 100
Further Problem Description:
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: * | 5.2.5.22i.BASE, 6.0.0.11i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus64351 | Title: | Wrong info for "Oper up link/asic max & total" after router reload. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Wrong info for "Oper up link/asic max & total" after router reload in show controller fabric fsdb-pla cmd.
Conditions:
Router Reload
Workaround:
Expected Resolution: NA
Reproducibility (%):Not always
It is a cosmetic issue and there is no functionality impact.
Further Problem Description:
sometimes after router reload, actual link states are not delivered correctly to fabric manager. i.e even though SFE links are oper_up, fabric manager shows them as oper_down. This is a cosmetic issue.
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: * | 5.2.5.22i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCud80345 | Title: | debug_client crashed in ctrace when trying to free invalid pointer |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
debug_client crashed in ctrace when trying to free invalid pointer
Conditions:
On NCS-6k , we have seen this issue on images where issu and/or admin VM reload is supported and it is seen intermittently on admin VM reload of that VM where active confd is placed
Workaround:
Further Problem Description:
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: * | 5.0.0.BASE, 5.2.4.ADMIN, 5.2.4.BASE |
|
Known Fixed Releases: | 5.2.5.9i.BASE, 6.0.0.7i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv81888 | Title: | (60-SSR1) fabricq_mgr process crash on satori |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Fabricq_mgr crash seen without any trigger
Conditions:
not sure
Workaround:
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv56767 | Title: | Loading saved configuration leads to incosistency in L2 functionality. |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
L2subinterfaces are not getting created properly
Conditions:
When Configuration is loaded from the Disk.
Workaround:
Further Problem Description:
When we load following L2 configuration from harddisk , L2 subinterfaces are not getting created .
RP/0/RP0:ios(config)#do show interfaces brief
Thu Jul 30 06:01:14.484 UTC
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Te0/6/0/2 up up ARPA 1514 10000000
Te0/6/0/3 up up ARPA 1514 10000000
Te0/6/0/6 up up ARPA 1514 10000000
Mg0/RP0/CPU0/0 admin-down admin-down ARPA 1514 1000000
RP/0/RP0:ios(config)#do show l2vpn xconnect
Thu Jul 30 06:01:43.961 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
c1 c1 UR Te0/6/0/2.10 UR Te0/6/0/6.100 UR
----------------------------------------------------------------------------------------
c2 c2 UR Te0/6/0/3.20 UR Te0/6/0/6.200 UR
----------------------------------------------------------------------------------------
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv54510 | Title: | PRBS status toggle issue is observed for ODU-Flex controllers in CTC. |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
PRBS status toggle issue is observed for ODU-Flex controllers in CTC.
Conditions:
PRBS is enabled. PRBS status toggle issue is observed for ODU-Flex controllers.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv30078 | Title: | tams_proc crashed after sysadmin lxc destroy |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
tams_proc crash
Conditions:
after sysadmin lxc destroy
Workaround:
Reload
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv09593 | Title: | 30 ports high power optics support for emerald |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:High powers not supported in port 0 to 29 of Emerald card
Conditions:In CRS router with Emerald card, high power optics won't come up in ports 0 to 29.
Workaround:Insert high power optics in port 30 to 39
More Info:Fix is done through this DDTS such a way 15 ports per slice can accept high power optics.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.CE |
|
Known Fixed Releases: * | 5.3.2.20i.FWDG, 5.3.3.6i.FWDG, 6.0.0.7i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv86808 | Title: | Getting "error while loading shared libraries with l2vpn trace command. |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Getting "error while loading shared libraries with l2vpn trace command.
Conditions:
l2vpn trace command.
Workaround:
None
Further Problem Description:
While executing l2vpn trace command , following error is seen .
RP/0/RP0:ios#show l2vpn platform trace all all reverse
Wed Aug 19 06:10:12.531 UTC
show_dnx_l2fib_ltrace: error while loading shared libraries: libdnx_l2fib_exports_lc.so: cannot open shared object file: No such file or directory
RP/0/RP0:ios(config)#do show version
Wed Aug 19 22:21:24.162 UTC
Cisco IOS XR Software, Version 6.0.0.06I
Copyright (c) 2013-2015 by Cisco Systems, Inc.
Build Information:
Built By : abhharih
Built On : Fri Aug 14 17:22:03 IST 2015
Build Host : bgl-ads-2296
Workspace : /nobackup/abhharih/xspeed-EFR-00000309666
Version : 6.0.0.06I
Location : /opt/cisco/XR/packages/
cisco NCS-4000 () processor
cisco NCS-4000 () processor
System uptime is 24 minutes
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv33131 | Title: | BGP to support SYSDB_ACCESS_OPTION_LIST_NEXT for Neighbor EDM |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
XML requests to a BGP EDM for more than 25 neighbors return a 'not supported' error.
Conditions:
This issue will be seen when there is BGP configuration with more than 25 neighbors & data is requested via XML. It is not version or platform specific.
Workaround:
There is no easy workaround - the user can either remove configuration to reduce the number of neighbors, or obtain the data via the equivalent show command, which works correctly for more than 25 neighbors.
Further Problem Description:
If you have already seen this issue during an ISSU upgrade, then on-demand SLA operations and related historical statistics are likely to be no longer available.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE, 5.3.2.MGBL, 6.0.0.BASE |
|
Known Fixed Releases: | 5.3.2.20i.ROUT, 5.3.3.6i.ROUT |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu41637 | Title: | show tech fabric does not collect asic errors |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
show tech fabric does not collect some of the asic error details.
Conditions:
No specific trigger, issue with show-tech scripts
Workaround:
None
Further Problem Description:
show tech fabric does not collect some of the asic error details.
1. show asic errors for ingressq 1,2,3 for TOPAZ LC does not gets collected.
2. show asic-err fabricq 0 summary does not gets collected from RP.
3. show asic-err ccsq 0 all location 0/RP0/CPU0.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | 5.3.2.12i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv31661 | Title: | CRS-X LC QoS Ref_rate for priority class is slice bw instead of intf. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The QoS Config commit will fail with an error described earlier whereby a high queue-limit value if applied to member's of a bundle within the same slice of the CRS-X LC will overflow the 32 bit value since the reference_rate calculated is the slice bw instead of Per Member BW.
Conditions:
100G bundle member's residing on the same slice & high queue-limit configured in a priority class.
Workaround:
Reduce the value of the queue-limit given that the max buffering that can be done @200G is ~30ms
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: * | 5.3.2.20i.BASE, 5.3.3.6i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv80225 | Title: | ISIS: memory leak in SR-TE code |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When configured for SR-TE isis is leaking 8-byte memory blocks containing an isis sysid.
Conditions:
Only occurs when segment routing is used in conjunction with MPLS traffic engineering.
Workaround:
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.ROUT |
|
Known Fixed Releases: | 5.3.3.6i.ROUT |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv51541 | Title: | calv_alarm_mgr abnormally terminated in xr after sysadmin destroy |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
calv_alarm_mgr abnormally terminated in xr after sysadmin destroy
Conditions:
after sysadmin destroy
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut48567 | Title: | egrep -A not working on post 5.2.2,5.2.3, and 5.3.0 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
egrep -A doesn't work after the feature was added in 5.2.2,5.2.3, and 5.3.0
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.0.BASE, 5.3.2.BASE |
|
Known Fixed Releases: * | 5.2.5.22i.BASE, 5.3.2.20i.BASE, 5.3.3.6i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv54865 | Title: | ISIS SRTE: PCE callbacks trigger unneeded SR updates |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When configured for SR-TE, updates received from a PCE can trigger unnecessary updates to TE.
Conditions:
MPLS-TE with segment-routing.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.ROUT |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv39663 | Title: | Commit replace feature fails with policy-global config |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When we delete policy global, the policy which used policy global and replace with a new policy in a single commit, commit fails. RPL stops working after that. The only way to recover is restart policy_repository
Conditions:
Workaround:
Restart policy_repository
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.ROUT |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuo57380 | Title: | BFC single member shut results in >50msec loss |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
This issue seen only when the bundle interface flaps.more than 50ms time delay during switchover when the traffic switches between bundle interfaces.
Conditions:
bundle has interfaces with different bandwidth
Workaround:
no work-around.
Further Problem Description:
This issue seen only when the bundle interface flaps.more than 50ms time delay during switchover when the traffic switches between bundle interfaces.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 4.2.4.MPLS |
|
Known Fixed Releases: | 5.3.2.15i.FWDG, 5.3.3.3i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv62382 | Title: | ospfv3 max paths 32 configuration failure |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
OSPFv3 maximum-paths config cannot be changed back to a higher number.
Conditions:
Once the maximum-paths config under router ospfv3 is changed to a value lower than the default value (say 8), then it cannot be subsequently changed back to a higher value (say 9).
Workaround:
workaround is to remove the maximum-path config so it changes back to the default value (i.e. 32) and then set the desired value
Further Problem Description:
This is a day 1 issue with verification of the configuration in OSPFv3
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 4.1.0.ROUT |
|
Known Fixed Releases: | 6.0.0.11i.ROUT |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv43818 | Title: | kernel and process core by l2vpn_mgr with 60 8I |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The symptom of the issue is node dumping kernel core while loading the image.
Conditions:
The issue is seen with normal traffic.
Workaround:
none
Further Problem Description:
non
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu54544 | Title: | Syslog Cleanup for TOPAZ PLIM |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | syslog cleanup for topaz plim
Symptom:syslogs are getting printed on the console when the breakout is configured.
Conditions:When the breakout is configured on CRS-X plim, syslog is getting displayed on the console.
Workaround:none
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | 5.3.2.13i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv84124 | Title: | NETCONF-YANG: prevent logical interface flapped with replace operation |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When a customer sends a netconf edit-config request with replace option to replace logical interface config, the interface is flapped (it goes down and up).
Conditions:
Sending netconf edit-config with replace option for logical interface (such as Loopback, Tunnel, etc.)
Workaround:
Instead of sending edit-config with replace option, conform a mixture of edit-config with delete option and edit-config with merge option to do the same config change as edit-config with replace option would do.
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 6.0.0.MGBL |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv05725 | Title: | SR TE : traceroute not displaying MPLS labels |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Trace-route is not working for SR-TE tunnel destination.
Conditions:
Executing trace-route command
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 22-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtu17011 | Title: | Privilege escalation through utility script command |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
An authenticated user with basic-services (EXECUTE) privileges, e.g. operator, can escalate privileges using the ''utility script'' command.
Conditions:
Default system configuration.
Workaround:
None at this time.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
6.6/5.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?
dispatch=1&version=2&vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:C
CVE ID CVE-2012-0348 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL
:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.ht
|
|
Last Modified: | 23-AUG-2015 |
|
Known Affected Releases: | 4.1.1.BASE |
|
Known Fixed Releases: | 4.2.3.28i.BASE, 4.3.0.17i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu05562 | Title: | IPSLA config apply failures upon router reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
After router reload when the router configuration includes a permanent port defined for ipsla responder feature, the following output may be seen as the result of "show configuration failed startup" command:
'Event Manager' detected the 'informational' condition 'Operation scheduled for later retry'
Conditions:
While router is coming up during reload or upgrade, the IPSLA responder CLI command to create a permanent port fails if socket cannot be open/bound successfully, but the record for the permanent port is always created in IPSLA database, and regular retries are scheduled to open the socket for the permanent port. So the CLI command is applied, the IPSLA responder database is updated, and the port will become usable by ipsla once the system is fully up and operational after reload.
Therefore for such a case, the ?show configuration failed startup? command will indicate the status at startup with a message of alert level 'informational' as shown above. This message is persistent until the next reload.
The "show configuration failed startup" command shows messages of all alert levels ('failed', 'warning', 'informational'), and in this particular case the message is 'informational', which means it can be safely ignored because it is due to a transient state at startup, and eventual retries will succeed
Workaround:
Ignore the informational message related to IP SLA responder under ?show configuration failed startup".
"show ipsla responder statistics all ports" command can be used to detect when the ports become fully operational after startup
Further Problem Description:
|
|
Last Modified: | 24-AUG-2015 |
|
Known Affected Releases: * | 5.3.1.MGBL, 6.0.0.BASE |
|
Known Fixed Releases: | 5.3.2.11i.MGBL, 6.0.0.5i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv58057 | Title: | "No L2vpn" on xconnect of LANPHY interface leads to fia_driver crash. |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
"No Interface" on created LANPHY interface leads to fia_driver crash.
Conditions:
Workaround:
Further Problem Description:
fia_driver crash is again seen with following step.
1. Configure LAN PHY interface.
2. Configure the XConnect on it
3. Unconfigure the L2vpn Xconnect
4. Do ?no interface? to the created LAN PHY interface.
With step 4 , commit failure is seen with below commit error & fia_driver get crashed.
RP/0/RP0:frodo(config)#show configuration f
failed formal
RP/0/RP0:frodo(config)#show configuration failed
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
interface TenGigE0/6/0/3
no l2transport
!!% The process 'ether_caps_partner' took too long to respond to a verification request and was timed out
!
Backtrace for Thread 3706
#0 0x00007f92aba28ec7 in key_cmp+0x7a from /opt/cisco/XR/packages/dpa.lc-6.0.0.06I/lib/libbcmdpa_db.so
#1 0x00007f92dab5ac12 in avl_search+0x33 from /opt/cisco/XR/packages/iosxr-os.rp_lc-6.0.0.06I/lib/libcalvados_ios.so.0.0.1
#2 0x00007f92aba29026 in bcmdpa_db_get+0x66 from /opt/cisco/XR/packages/dpa.lc-6.0.0.06I/lib/libbcmdpa_db.so
#3 0x00007f92b562f938 in bcmdpa_server_api_dnx_l2_cross_connect_delete+0x3d from /opt/cisco/XR/packages/dpa.lc-6.0.0.06I/lib/libbcmdpa_dnx_table_server.so
#4 0x00007f92b55de96b in dnx_table_server_dispatcher+0xa6ae from /opt/cisco/XR/packages/dpa.lc-6.0.0.06I/lib/libbcmdpa_dnx_table_server.so
#5 0x00007f92c2ce223d in bcmdpa_msg_dispatcher+0x31 from /opt/cisco/XR/packages/dpa.lc-6.0.0.06I/lib/libbcmdpa.so
#6 0x00007f92c2ce2469 in bcmdpa_zmq_main+0x1e5 from /opt/cisco/XR/packages/dpa.lc-6.0.0.06I/lib/libbcmdpa.so
#7 0x00007f92c0e579bc in start_thread+0xdc from /lib64/libpthread-2.12.so
#8 0x00000004000001a9 in ?? ()
|
|
Last Modified: | 24-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut24724 | Title: | [NCS4K] Unqualified PPM reported as MEA |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The alarm unqualified PPM is reported as MEA alarm, as it does not support unqualified PPM
Conditions:
The alarm unqualified PPM is inserted on a port of LC
AIS-PM is injected on same port
Unqualified PPM is reported as MEA and thus it masks the transport alarm AIS on same port
Workaround:
None
Reproducibility (%):100%
Expected Resolution:This issue will be fixed in a future release.
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE, 5.2.4.FWDG, 5.2.4.K9SEC, 5.2.4.LC, 5.2.4.MCAST, 5.2.4.MGBL, 5.2.4.MPLS, 5.2.4.ROUT, 5.2.4.TOOLS |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup32037 | Title: | NCS4K-24LR-O-S: OC192 and OTU2 jitter generation test failed |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Observed higher error rate on running traffic.
Conditions:
Setup traffic and monitor error rate
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.3.BASE, 5.2.41.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut29336 | Title: | NCS4k:Wrong Wavelength Value in Netconf o/p for Optics Interfaces. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
NCS4k:Wrong Wavelength Value is displayed in Netconf output for Optics Controller.
Conditions:
When wavelength value of optics controller is viewed via Netconf Interface.
Workaround:
Workaround- None
Reproducibility (%):- 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.3.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus88864 | Title: | NCS4K Sonet wrong alarm propagation |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On [NCS4K-24LR-O-S] Sonet traffic may see wrong alarm propagation when the Sonet client port receives Loss Of Signal Alarm
Conditions:
Loss Of Signal on Sonet client port.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE, 5.2.4.LC |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut48167 | Title: | [nCS4K-2H-W] RTRV-OPTICS doesn't show TX pwr set point on Trunk ports |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
If value of transmit-power is set by the user, this value will be not visible to the user, rather current transmit power measured by drivers will be visible.
Conditions:
Retrieve Optics TL1 command rtrv-optics will not show the set point of TX power.
Workaround:
Expected Resolution:Will be given in later release after 5.2.4.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut69236 | Title: | Delete Alarm profile from the NODE but behavior still persist. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On deleting a alarm profile behavior still persist and continue shows last active alarm profile values on reproducing alarm rather than showing default values.
Conditions:
This might occur due to Software conditions like when alarm profile has been actively applied for system level and then deleted.
Workaround:
NONE
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv49651 | Title: | Detailed attribute pane is opening two times. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Detail attribute pane is opening two times. First when Basic attribute pane is open and secondly when source and destination controller are selected.
Conditions:
when user select source and destination controller in Basic attribute pane, detail attribute pane is opening two times.
Workaround:
Reproducibility :100%
Expected Resolution: Release 6.0
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut66413 | Title: | MEM Leak:RTRV commands leaking high memory |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
TL1 retrieve commands may leak memory
Conditions:
TL1 process leaks some bytes of memory for every RTRV command that gets executed.
Workaround:
Workaround: restart the tl1 process
Expected Resolution: Under analysis.
Reproducibility (%): The output of "show memory compare report" is different for same rtrv command executed, several times.
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv15157 | Title: | To Support new feature "Fast Circuit Creation" for release 6.0 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
To introduce feature of fast circuit creation in 6.0 release.
Conditions:
now user can create the circuit through fast circuit creation wizard also.
Workaround:
circuit can also be created through Network view > OTN > Create circuit.
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul99389 | Title: | IPSLA Umbrella SMU |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:This is an Umbrella DDTS for IPSLA related fixes. Please check the individual DDTS list for details.
CSCul33732 Packet MIA calculation is wrong
CSCul64125 XR: IP-SLA interval timer event isn't triggered
Conditions:
Workaround:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: * | 5.1.1, 5.1.11, 5.1.12, 5.1.2, 5.1.2.99i.BASE, 5.1.3, 5.1.4, 5.2.0, 5.2.1, 5.2.2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut81908 | Title: | TL1 help not working for ed-odu4 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Command format help for ED-ODU4 is not visible to the user.
Conditions:
User trying to seek help as "ED-ODU4 ?" in TL1 command prompt will be impacted.
Workaround:
Expected Resolution: Will be given in later release after 5.2.4.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus70578 | Title: | [NCS4K-2H-W] Default for Optics PM Thresholds wrong |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The default thresholds of parameters for optics controllers is wrong
Conditions:
Incorrect thresholds of parameters of optics controllers are seen on CLI,CTC and TL1
Workaround:
Config the correct values using config CLI/CTC options
Reproducibility (%):100%
Expected Resolution: The issue is yet to be committed in next release
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut86949 | Title: | OCI alarm is not removed on Hyphy ASIC reset |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On doing PM5450 device ASIC reset, ODU-OCI alarms was not getting removed by x-connected ODU interfaces on that respective PM5450 device
Conditions:
On PM5450 device reset of NCS4K-24LR-O-S
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu17320 | Title: | Manual switch clear automatically after LCVM Switch-over |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Manual switch clear automatically after LCVM Switch-over
Symptom:
Manual Switch is getting clear after LCVM Switchover.
Conditions:
Apply Manual switch on tunnels and then apply LCVM switchover
Workaround:
No workaround
Further Problem Description:
NA
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv91684 | Title: | call-home messages flood on the console after XRv9k bring up |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:After initial boot, the console is flooded with messages
%HA-HA_CALL_HOME-3-NO_HOSTNAME : Failed to send call-home message due to no hostname configured.
tty_exec_launcher[67161]: %MGBL-TTY-3-OPEN_OR_DUP_DEVICE : Failed to open device file '/dev/pts/4': 'No such file or directory'
tty_exec_launcher[67161]: %MGBL-TTY-3-SET_PROCESS_GROUP : Failed to set '/dev/pts/4' as the controlling terminal for the process: 'No such file or directory'
Conditions:This occurs When we bring up XRV9k without hostname configured
A condition is created when we fail to send call-home message
Workaround:
Configure hostname in XR
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut81555 | Title: | [SBT]ccc_driver crash observd on insertion RP followed by OIR of CPAK |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
CCC Driver Crash
Conditions:
Insert RP Card, OIR CPAK Card
Workaround:
None
Further Problem Description:
1. The system is running DT-20.
2. Did Insertion of the RP card , followed by OIR of CPAK card.
3. Observing ccc_driver crash.
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut82878 | Title: | [NCS4K-20T-O-S] digi extraction in EW triggers otn-framer-digi crash |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Process otn_framer_digi crash is seen while performing OIR of line card NCS4K-20T-O-S.
Conditions:
1. Configure traffic in EW configuration using NCS4K-20T-O-S+NCS4K-2H-O-W line card.
2. Perform Line card OIR of NCS4K-20T-O-S card multiple times.
3. otn_framer_digi crash is seen after Line Card OIR.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE, 5.2.4.FWDG, 5.2.4.K9SEC, 5.2.4.LC, 5.2.4.MCAST, 5.2.4.MGBL, 5.2.4.MPLS, 5.2.4.ROUT, 5.2.4.TOOLS |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut47181 | Title: | RTRV-TADRMAP not able to show the information of IPV6 ADDRESS. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
In RTRV-TADRMAP command with MODE=PROV(it will give all configuration both ipv4 and ipv6 ,if there is no configuration then it will return COMPLD), it first goes for retrieving ipv4 and then ipv6, in the code if it failed to retrieve ipv4 then it returned without trying to retrieve ipv6.
If only IPV6 is configure and we will trying to retrieve with MODE=PROV then it will faile.
Conditions:
To reproduce the bug...
1. Configure Only IPV6 ADDRESS through ENT-TADRMAP command
2. Retrieve the information through RTRV-TADRMAP:::1:::MODE=PROV;
Workaround:
Expected Resolution: Will be given in later release after 5.2.4.
No workaround.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv49650 | Title: | UIT FCC: controller present on the slot 11 is not coming in src text box |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
controllers present on slot 11 was not coming on source text box.
Conditions:
If any controller is present on slot with two digits, it was not coming in source text box.
Workaround:
Reproducibility : 100%
Expected resolution : release 6.0
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut50029 | Title: | SET-ATTR-SECUDFLT showing failing and also showing invalid sysdb logs. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
SET-ATTR-SECUDFLT shows "Config Manager Error" and not able able to set the timeout values and maximum invalid attempts allowed.
Conditions:
Open TL1 session on Scapa chassis and execute SET-ATTR-SECUDFLT command.
Workaround:
None
Expected Resolution: Will be given in later release after 5.2.4.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.MGBL |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu38731 | Title: | Traffic resume late on Tunnel deletion/recreation after stdby RP plugout |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Traffic recovered late on tunnel deletion/recreation
Conditions:
After standby RP plugged out
Workaround:
No workarounds
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut57842 | Title: | [NCS4K-20T-O-S] wrong loopback behavior |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On Configuring Line Loopback or Internal Loopback individually, incorrect loopback behaviour is seen (ie. Both Internal and Line loopback are detected)
Conditions:
Configure Line Loopback or Internal Loopback at ODU2e
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut59420 | Title: | ENT-TADRMAP is not returning any information. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ENT-TADRMAP is not displaying any success/failure response to the user.
Conditions:
Execute TL1 command ENT-TADRMAP on Scapa chassis. No response is given to the user.
Workaround:
None
Expected Resolution: Will be given in a later release after 5.2.4.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut92473 | Title: | AID count to be increased for TL1 RTRV commands |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
RTRV commands in TL1 do not display controller information if number of controllers on Scapa chassis exceed 255.
Not able to retrieve data with 'all' aid when huge number (>255) of controllers/invenotory/tunnels configured.
Conditions:
Create more than 255 ODU controllers on the Scapa chassis. Execute RTRV-ODUk command on TL1 interface.
No controller information would be displayed.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut93103 | Title: | otn_framer_hyphy crash observed on series of RP OIR |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Otn_framer_hyphy process crash observed on LC VM when RP-OIR is performed
Conditions:
PRocess crash on LC VM on RP-OIR when node is in READY state.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv56274 | Title: | FCC UIT : Issue found in opening detail Attribute Pane. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Detailed attribute pane is not opening according to the requirement. In NNI , source and destination controller are shown.
Conditions:
when basic attribute pane is opening for NNI, source and destination controller are shown and when user select one controller in case of UNI, detail attribute pane is getting open.
Workaround:
Reproducibility : 100%
Expected Resolution : Release 6.0
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu12524 | Title: | TCA sent 1 second before for UAS mode. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
TCA is raised one second before entering into UAS mode.
Conditions:
UAS threshold is configured and alarms are triggered.
Workaround:
Workaround: None
Reproducibility: 100%
Expected resolution:
To be fix in next release
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo55977 | Title: | NCS4K-24LR-O-S: OC48&OTU1 jitter generation test failed |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Observed higher error rate on running traffic.
Conditions:
Setup traffic and monitor error rate
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut53463 | Title: | SigLOS (Ethernet) not suppressed by optics-mea alarm |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
SigLOS alarm is not suppressed by optics MEA alarm for Ethernet controller
Conditions:
1. Create Ethernet controller.
2. Replace 10 gig pluggable with 2.5 gig pluggable
3. MEA, SigLOS and OPUK-CSF are visible in show alarm CLI output
Workaround:
NONE
Reproducibility (%):100
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut58001 | Title: | Enable TCE[NCS4K-24LR-O-S] unexpected OPTICS LASER-BIAS-MAX(NE) PM TCA |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Unexpected TCA is raised for OPTICS LASER-BIAS-MAX(NE)
Conditions:
Enable TCA for LBC(mA), and commit the configuration
TCA is raised even if LBC is not supported on LC card
Workaround:
None
Reproducibility (%):100%
Expected Resolution: The fix is yet to be committed in next release
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu08413 | Title: | NCS4K: otn_framer_digi crashed on CPAK NNI Physical OIR on stdby LC vm |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
otn_framer_digi process crashed
Conditions:
CPAK NNI physical OIR
Workaround:
No workarounds
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 5.2.4.BASE, 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu39182 | Title: | Xconnect created via TL1 is not displayed in "show running config" |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Xconnect created via TL1 is not displayed in ?show running config?
Symptom:
Xconnects created via TL1 on Cisco NCS4016 router are not visible in "sh running" output.
Conditions:
1. Open a TL1 session
2. Activate a user using ACT-USER command.
3. Create a cross connect between any ODU controllers.
4. Do " show running"
Workaround:
Workaround: NA
Expected Resolution: In later releases of Cisco NCS4016.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut40965 | Title: | N4K : LEPTON New image version is not comming in-effect after upgrade |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Upgrade the LEPTON fpd on NCS4K-2H-O-K card, the device still runs on the older fpd image version.
Conditions:
After the completion of LEPTON FPD upgrade, Running FPD Version and packaged SW Ver are not same i.e. lepton still runs on older fpd version.
Workaround:
Reload (software/physical OIR) the LC after FPD upgrade then New FPD image version comes in effect.
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv51694 | Title: | UIT FCC : Value of service type is not correct. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Service state on basic attribute pane is not correct shown.
Conditions:
When Basic attribute pane is opened after selecting source and destination node, service state is not shown correctly.
Workaround:
Reproducibility : 100%
Expected Resolution : Release 6.0
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu43956 | Title: | Remote state is not updating at other end for exercise in uni profile |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Remote state is not updating at other end for exercise in uni profile
Symptom:
Far end Remote state does not update on applying exercise command.
Conditions:
Apply Exercise command on one end on 1+1 UNIDIR-APS protection type tunnel.
Workaround:
No Workaround
Further Problem Description:
NA
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu23593 | Title: | RTRV-ALM-ALL command not working with AID FAC-ALL |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | RTRV-ALM-ALL command not working with AID FAC-ALL
Symptom:
Execute TL1 command, RTRV-ALM-ALL with aid as "FAC-ALL" , "Config Manager Error" is shown in response.
Conditions:
On a Scapa node having alarms, execute TL1 command RTRV-ALM-ALL with aid as "FAC-ALL" . Error is shown to the user instead or displaying proper filtered alarms.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: * | 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv83159 | Title: | li_ea process respawning multiple time during MC bootup |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
li_ea process getting abnormally terminated multiple times during Router
Conditions:
This issue is seen only on CRS MULTICHASSIS 8+2 system during bootup.
Workaround:
NA
Further Problem Description:
No functionality impact as the process gets into RUN state after getting terminated abnormally multiple times.
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu76002 | Title: | memleak in fib_mgr @ fib_bcdl_io_rcc_handle_route_label_verify_msg |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Memory utilization by process fib_mgr increases continuously.
Conditions:
Hitting this issue during MPLS tunnel flapping in core network.
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | 5.3.2.13i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv75924 | Title: | SYSLOG CLEANUP - client showd_lc attempted duplicate registration |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Unwanted syslog messages generated during bootup.
Conditions:
These syslog messages are seen on CRS MULTI- CHASSIS and BACK2BACK routers every time while booting.
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE, 5.3.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu79592 | Title: | FABRIC-FIA-3-ERR_CHANNEL_DOWN during fabric upgrade |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
%FABRIC-FIA-3-ERR_CHANNEL_DOWN syslog errors during fabric upgrade on multi chassis
Conditions:
Upgrade from 140G to 400G fabric
Workaround:
None
Further Problem Description:
Fabric upgrade was being performed on Rack 6 and 7 (both Taiko). Half the fabric was upgraded to 400G and is still unpowered but the errors started getting generated on Racks 4 and 5 (only).
RP/0/RP1/CPU0:PHLCRS1(admin)#sh controllers fabric plane all
Plane Admin Oper up->dn up->mcast
Id State State counter counter
---------------------------------------------
0 UP UP 0 0
1 UP UP 0 0
2 UP UP 0 0
3 UP UP 0 0
4 DOWN DOWN 1 0
5 DOWN DOWN 1 0
6 DOWN DOWN 1 0
7 DOWN DOWN 1 0
RP/0/RP1/CPU0:PHLCRS1(admin)#
RP/0/RP1/CPU0:PHLCRS1(admin)#sh plat | inc 400
Wed Jun 10 16:11:09.358 EDT
6/SM4/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
6/SM5/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
6/SM6/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
6/SM7/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
7/SM4/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
7/SM5/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
7/SM6/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
7/SM7/SP FC-400G/M(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM12/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM13/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM14/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM15/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM16/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM17/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM18/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM19/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM20/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM21/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM22/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
F0/SM23/SP FCC-SFC-400G(SP) N/A UNPOWERED NPWR,NSHUT,MON
RP/0/RP1/CPU0:PHLCRS1(admin)#
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: * | 5.3.2.18i.BASE, 5.3.3.3i.BASE, 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq15057 | Title: | Possible delete hw-module for regen with trunk ports in service |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Traffic remains up and running even after deleting hardware-module for NCS4K-2H-W card in regeneration operating mode,
when the trunk-ports are in-service.
Conditions:
1. Equip an NCS4k(4016) node with two 2x100 GE NCS4K-2H-W cards in slot 2 and 5.
2. Configure NCS4K-2H-W in slot 2 with TXP(transponder) card mode (all trunks ports in-service)
3. Configure NCS4K-2H-W in slot 5 with Regen (regeneration) card mode (port 2 and 3 OTU4 in Service).
4. Connect Port 0 and 1 of NCS4K-2H-W in slot 2 with OTU4 sources.
5. Connect Port 2 of NCS4K-2H-W in slot 2 to port 2 of NCS4K-2H-W in slot 5,Port 3 of NCS4K-2H-W in slot 2 to port 3 of NCS4K-2H-W in slot 5.
6. Verify that the Traffic OUT4 is up and running.
7. Delete hw-module on NCS4K-2H-W in slot 5 through CLI (no hw-module)
8. commit
Workaround:
None
Expected Resolution: This issuw will be fixed in a future release.
Reproducibility (%): 100%
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.2.1.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo34571 | Title: | HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT for locald_DSC and drp_pairing |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | The following message floods in syslog after upgrade form 4.0.1 to 4.2.3
RP/0/RP0/CPU0:Apr 7 10:13:29.889 : locald_DSC[311]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/locald_DSC_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:23:30.541 : locald_DSC[311]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/locald_DSC_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:23:30.541 : drp_pairing[181]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/drp_pairing_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:33:31.155 : drp_pairing[181]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/drp_pairing_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:33:31.155 : locald_DSC[311]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/locald_DSC_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
Restart the affected process using $admin processes restart pid (PiD of drp_pairing or local_DSC)
Symptom:
The following message floods in syslog after upgrade form 4.0.1 to 4.2.3
RP/0/RP0/CPU0:Apr 7 10:13:29.889 : locald_DSC[311]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/locald_DSC_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:23:30.541 : locald_DSC[311]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/locald_DSC_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:23:30.541 : drp_pairing[181]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/drp_pairing_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:33:31.155 : drp_pairing[181]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/drp_pairing_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
RP/0/RP0/CPU0:Apr 7 10:33:31.155 : locald_DSC[311]: %HA-CHKPT_MESSAGING-7-STANDBY_OPEN_TIMEOUT : Attempts to open standby channel /dev/chkpt_procs/locald_DSC_001.d/node0_RP1_CPU0 failed after 60 retries - continuing
Conditions:
Single Chassis or Multi chassis CRS. Upgrade from upgrading from
Workaround:
Restart the affected process using $admin processes restart pid (PiD of drp_pairing or local_DSC)
or
Relaod of Standby RP
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: * | 5.3.0, 5.3.0.15i.BASE, 5.3.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu29968 | Title: * | IOS XRv9000 sho cef vrf ipv6 exact-route not working correctly |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:show cef vrf ipv6 exact-route does not give the correct outgoing path for the packet.
Conditions:When the route is via 6pe or 6vpe
Workaround:None
More Info:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv53766 | Title: | ATT-CERT: mac_err_txmac_SpaTimeOut interrupt on JP5 on 1-100GbE PLIM |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | ATT-CERT: mac_err_txmac_SpaTimeOut interrupt on JP5 on 1-100GbE PLIM
Symptom:The below error message is seen while doing plim OIR
%L2-PLIM-2-ERR_HW_HARD_RESET : Device: JP5 Tx MAC. Error: mac_err_txmac_SpaTimeOut. Software action: Hard reset JP5 FPGA
Conditions:Perform 1-100GbE PLIM physical OIR.
Workaround:No impact. No workaround available.
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus28869 | Title: | traffic drop for 1minuter after RP FO with 64k pwhe ipoeds session |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | This issue needs to be on the caveat list for 5.3.0. It was found just before longevity testing and the fix for it involves very important changes to the way PE-HE replication process is performed upon RP-FO triggers and are very risky in nature + will require extensive testing.
Symptom:
With 64,000+ PW-HE IPoE sessions, traffic may be lost for up to one (1) minute upon RP failover events.
Conditions:
This problem only manifests itself in very high (64K+) PW-HE scalability scenarios where traffic may be lost for up to 60 seconds, but does recover.
Workaround:
There is no workaround for this problem.
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.3.0.ADMIN |
|
Known Fixed Releases: * | 5.3.2.18i.FWDG, 5.3.3.3i.FWDG, 6.0.0.12i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv90517 | Title: | ipsec_mp crash at bootup after router upgrade |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ipsec_mp crash is seen during bootup
Conditions:
software image upgrade to 532 to CRS MULTI CHASSIS System
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv54912 | Title: | show controller cli failed after cpak oir followed by arwen oir |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
Optics not up after LC reload on CPAK
Conditions:
Optics not up after LC reload on CPAK
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE, 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv71161 | Title: | Continuous shmwin_svr crashes on PE/P routers during longevity |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
process shmwin_svr crashes continuously on reloading peer router
Conditions:
Observed on CRS single and multi-chassis router while testing 532. This issue is consistently seen when router is forwarding IP/MPLS traffic for more than 24 hours.
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup68651 | Title: | Enhancement of software scrubbing the pse memory for SBE interrupts- |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
In certain conditions the PSE memory gets stuck with single bit errors (SBE) and a message is logged
similar to:
pse_pogo_driver[244]: %PLATFORM-CIH-5-ASIC_ERROR_SCRUB_THRESH : pse[1]: A sbe error has occurred
causing data corrected. 0x12470009 Threshold has been exceeded
Conditions:
When SBE interupts cross a threshold they start logging these messages. An SBE is totally benign since it
will be corrected by the HW whenever the memory is ready. This error is single bit error and hardware
corrects it itself without any user intervention required.
Workaround:
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.1.3.LC |
|
Known Fixed Releases: * | 5.2.3.99i.BASE, 5.3.0, 5.3.0.15i.FWDG, 5.3.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv94859 | Title: | no-export routes being advertised to eBGP nei after upgrade 4.1.1->4.3.2 |
|
Status: | Open |
|
Severity: * | 3 Moderate |
Description: | Symptom:
After CRS upgrade from 4.1.1 to 4.3.2 routes with no-export community set were advertised to eBGP neighbors.
Conditions:
TBD, but definitely upgrade from 4.1.1 to 4.3.2 is one of the triggers.
Workaround:
BGP neighbors reset after leak is being observed.
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.3.2.ROUT |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui18170 | Title: | isis process crash after polling isisMIB |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ISIS process may unexpectedly restart
Conditions:
The problem may happen when ISIS is polled via SNMP for adjacency table (isisISAdjTable in ISIS MIB), and there are no adjacencies established at any level.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.0.0.BASE |
|
Known Fixed Releases: * | 5.0.0, 5.0.0.36i.ADMIN, 5.0.0.36i.ROUT |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv83272 | Title: | MPLS s/w switch is dropping traffic for local-labels assigned to interf. |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
FIB does not treat correctly the local-labels allocated for the interface's addresses. Hence, the incoming traffic with these labels is dropped in MPLS s/w switch. As a result input drops counter on interfaces where traffic is being received is incrementing.
Conditions:
Traffic destined to local interface /32 prefix which has assigned label, but FIB is not awared of it.
Issue could be seen by output like:
show route vrf {vrf_name} {/32 prefix for local interface} detail
<...>
Known via "local", distance 0, metric 0 (connected)
<...>
Route metric is 0
Label: None <--- FIB has no label
Tunnel ID: None
Extended communities count: 0
Route version is 0x2 (2)
Local Label: 0xfffcf (1048527) <--- traffic is coming with additional label assigned by BGP for /32 prefix, but there is no outgoing label in FIB, so it is dropped
Workaround:
None yet known.
Further Problem Description:
tbd
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv97450 | Title: | Arwen asking fresh usrname n pwd to config are powercycle/idletime out |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
Arwen asking fresh usrname n pwd to config are powercycle/idletime out
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv62348 | Title: | OSPF crash on rolling back ospf config with SR and TI-LFA with ASBR |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
OSPFv2 process crash in certain conditions
Conditions:
When OSPF is configured with SR and using TI-LFA. There are multiple ECMP paths (i.e. candidate backups) towards the ASBR.
Workaround:
None
Further Problem Description:
This is a code issue which could hit in certain conditions. It was introduced in 5.3.0 as part of the Segment Routing TI-LFA feature.
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.3.0.ROUT |
|
Known Fixed Releases: | 5.3.2.20i.ROUT, 5.3.3.6i.ROUT, 6.0.0.10i.ROUT |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv61018 | Title: | ctc: Warning msg should be displayed for disabling flooding on WRK link |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ctc: Warning msg should be displayed for disabling flooding on WRK link
Conditions:
If there is any live traffic running on the link where flooding is being disabled, warning message should be displayed stating that "This operation might be traffic impacting"
Workaround:
ctc
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv99911 | Title: | BGP sessions take 30 to 45 mins for NSR Ready after RPFO |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
After RPFO , delay of 30 to 45 mins seen for BGP to come to NSR Ready state.
Conditions:
Route scale approx 500K
Seen with IOX-XR 5.3.1
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv44324 | Title: | ATT-CERT: spa_oc48 assert @ im_attr_owner on bringup post router reload |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Process spa_oc48 crash seen on router reload
Conditions:
4XOC48-POS SPA
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu69561 | Title: | IPv4,v6 Traffic drop as NH PUNT on proc restart fib_mgr on LC |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
IPv4 and IPv6 Traffic drops in the network for short interval.
Conditions:
Process fib_mgr getting restarted
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | 5.3.2.13i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv33193 | Title: | [CTC]Correction for NET layer operating on Delegate |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
[CTC]Correction for NET layer operating on Delegate
Conditions:
removed the delegate method for net layer
Workaround:
CTC NET Layer
Further Problem Description:
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 6.0.0.MGBL |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv44502 | Title: | member-stats for qos-mib not showing up after int-bundle changes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
SNMP unable to poll cbQosIFPolicyIndex
snmpwalk -c public -v 2c xxxx 1.3.6.1.4.1.9.9.166.1.2.1.1.1.1502
iso.3.6.1.4.1.9.9.166.1.2.1.1.1.1502 = No Such Instance currently exists at this OID
Conditions:
Configure interfaces under bundle
Configure snmp-server qos mib member-stats
Query qos-mib for bundle and member interface
Workaround:
Remove and re-add snmp-server qos mib member-stats
Further Problem Description:
Issue can get triggered anytime when Bundle members are added or removed.
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 5.2.0.BASE, 5.3.0.LC, 5.3.0.MGBL, 5.3.0.TOOLS |
|
Known Fixed Releases: | 5.3.2.19i.BASE, 5.3.3.5i.FWDG, 6.0.0.11i.FWDG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv58195 | Title: | qos_ea crash @ plwkr_pmap_get_max_hierarchy on Topaz |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
qos_ea process crash on CRS-X
Conditions:
Crash happens while there are bundles flapping on the router
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv83310 | Title: | MPLS s/w switch is dropping traffic for local-labels assigned to interf. |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
FIB does not treat correctly the local-labels allocated for the interface's addresses. Hence, the incoming traffic with these labels is dropped in MPLS s/w switch. As a result input drops counter on interfaces where traffic is being received is incrementing.
Conditions:
Traffic destined to local interface /32 prefix which has assigned label, but FIB is not awared of it.
Issue could be seen by output like:
show route vrf {vrf_name} {/32 prefix for local interface} detail
<...>
Known via "local", distance 0, metric 0 (connected)
<...>
Route metric is 0
Label: None <--- FIB has no label
Tunnel ID: None
Extended communities count: 0
Route version is 0x2 (2)
Local Label: 0xfffcf (1048527) <--- traffic is coming with additional label assigned by BGP for /32 prefix, but there is no outgoing label in FIB, so it is dropped
<...>
Workaround:
None yet known.
Further Problem Description:
tbd
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv77729 | Title: | Inconsistency in the Time slot of UNI and NNI controller.(10gig-FLEX) |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Incorrect values of time-slots are seen for uni controller always and flex bandwidth is displayed always zero.
Conditions:
When a tunnel is created, nni controller shows correct values of time-slots used but uni controller always shows time-slots values as 8(Default). Values of time-slots are not being updated after tunnel creation using lower number of time-slots.
Workaround:
None
Further Problem Description:
The values of time-slots are not being updated for uni controller by dll-sb when tunnel is created or deleted
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv73389 | Title: | Umbrella ddts to commit CSCuq72480 & CSCuu98459 to 514 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Conditions:
Workaround:
More Info:
Umbrella DDTS for CSCuq72480 & CSCuu98459.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.1.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv73930 | Title: | proc restart plat_sl_client takes longer to increment the respawn count |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show process plat_sl_client
Job Id: 391
PID: 18665
Executable path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/bin/plat_sl_client
Instance #: 1
Version ID: 00.00.0000
Respawn: ON
Respawn count: 4
Last started: Tue Aug 11 09:51:19 2015
Process state: Run (last exit due to SIGKILL)
Package state: Normal
Process group: dsc
core: MAINMEM
Max. core: 0
Level: 250
Placement: DSC Tracker
startup_path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/startup/plat_sl_client.startup
Ready: 2.436s
Process cpu time: 0.000 user, 0.000 kernel, 0.000 total
JID TID Stack pri state NAME rt_pri
391 18665 0K 20 Sleeping Plat SL Client 0
391 18666 0K 20 Sleeping lwm_debug_threa 0
391 18667 0K 20 Sleeping plat_sl_client 0
391 18668 0K 20 Sleeping lwm_service_thr 0
391 18669 0K 20 Sleeping qsm_service_thr 0
391 18670 0K 20 Sleeping plat_sl_client 0
391 18672 0K 20 Sleeping plat_sl_client 0
391 18673 0K 20 Sleeping Plat SL Client 0
391 18689 0K 20 Sleeping Plat SL Client 0
391 18697 0K 20 Sleeping Plat SL Client 0
-------------------------------------------------------------------------------
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#process restart plat_sl_client
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show process plat_sl_client
Job Id: 391
PID: 18665
Executable path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/bin/plat_sl_client
Instance #: 1
Version ID: 00.00.0000
Respawn: ON
Respawn count: 4
Last started: Tue Aug 11 09:51:19 2015
Process state: Terminating (last exit due to SIGKILL)
Package state: Normal
Process group: dsc
core: MAINMEM
Max. core: 0
Level: 250
Placement: DSC Tracker
startup_path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/startup/plat_sl_client.startup
Ready: 2.436s
-------------------------------------------------------------------------------
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show process plat_sl_client
Job Id: 391
PID: 18665
Executable path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/bin/plat_sl_client
Instance #: 1
Version ID: 00.00.0000
Respawn: ON
Respawn count: 4
Last started: Tue Aug 11 09:51:19 2015
Process state: Terminating (last exit due to SIGKILL)
Package state: Normal
Process group: dsc
core: MAINMEM
Max. core: 0
Level: 250
Placement: DSC Tracker
startup_path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/startup/plat_sl_client.startup
Ready: 2.436s
-------------------------------------------------------------------------------
RP/0/RP0/CPU0:ott-ss-dt-16A-uut#show process plat_sl_client
Job Id: 391
PID: 18665
Executable path: /opt/cisco/XR/packages/xrv9k-base.rp-5.4.0.88I/bin/plat_sl_client<
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | 5.4.0.17i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum82798 | Title: | Suppress %ROUTING-MRIB_API-3-LWM_ERR messages in steady state |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
%ROUTING-MRIB_API-3-LWM_ERR messages are seen on router in steady state.
The messages was reported on P2MP-TE mid node label with two egress legs.
If the P2MP-TE mid node label only has one egress leg, then the message will not be reported.
Conditions:
Log message will appear if mcast pie is activated. IP multicast-routing config does not need to be enabled.
Workaround:
No action is required. This log message is for informational purposes only and does not affect functionality.
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.1.0.MCAST, 5.1.1.MCAST |
|
Known Fixed Releases: * | 5.1.1, 5.1.1.MCAST, 5.1.11, 5.1.11.18i.MCAST, 5.1.12, 5.1.2, 5.1.2.14i.MCAST, 5.1.3, 5.1.4, 5.2.0 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv95494 | Title: | SYSLOG CLEANUP: pse_pogo_driver - L2-PSE-7-DEBUG_MSG |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Debug message generated during boot up. No functional impact.
Conditions:
Seen on CRS Multi chassis router
Workaround:
NA
Further Problem Description:
NA
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv75888 | Title: | PKT_INFRA-NETIO-7-DELETE_IDB_SUBINTF_ASSOC_FAILED log msgs during bootup |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
NETIO related error messages generated from multiple bundle interface on CRS-1 Line cards during boot up. No functionality impacted.
Conditions:
Seen on CRS multi-chassis 8+2 system
Workaround:
NA
Further Problem Description:
Netio is giving errors because Bundle sub-interfaces were not deleted and bundle deletion operation was sent to netio.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv53911 | Title: | Fragmented MPLS packets injected with MPLS label 4 |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
MPLS packets are forwarded with outer MPLS label 4.
Conditions:
MPLS packets punted to LC CPU for fragmentation. Label operation should be pop.
Workaround:
No known workarounds
Further Problem Description:
Fragmentation in MPLS core should be avoided through network design.
Some bad consequences of fragmentation are:
- Packets may be delivered out of order. If packet 1 is large, it's delayed on the router because of fragmentation (depending on the platform implementation it may be punted to process level or looped through normal forwarding path). If packet 2 of the same flow is received immediately after the packet 1, it will be forwarded before the two fragments 1a and 1b are forwarded.
- Higher performance strain on the router. Regardless of which fragmentation method is implemented, at minimum a loop through the internal forwarding path is required, if not a punt to process level.
- On ASR9000 packets requiring fragmentation are policed on the punt path towards LC CPU.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: * | 5.2.2.BASE, 5.2.4.MPLS, 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv79859 | Title: | Arwen card view not opening after OIR |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On OIR of Arwen card, user is not able to open card view in CTC.
It is happening for the current session of the CTC.
Conditions:
On OIR of Arwen card .
Workaround:
Close the current session and open new session.
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh56527 | Title: | cIpMRoutePkts is not showing correct packet count for some of the groups |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
cIpMRoutePkts is not showing correct packet count for some of the groups.
Conditions:
No specific conditions needed.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.1.0.MCAST |
|
Known Fixed Releases: * | 4.3.2, 4.3.2.26i.MCAST, 4.3.3, 4.3.31, 4.3.4, 5.1.0, 5.1.0.15i.MCAST, 5.1.1, 5.1.11, 5.1.12 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuf79122 | Title: | CRS PLIMs and Optics version info |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Enhancement for CFP/XFP version support for future version changes
Conditions:
Future version CFP/XFP released
Workaround:
No workaround
More Info:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: * | 5.1.1, 5.1.1.1i.FWDG, 5.1.11, 5.1.12, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1, 5.2.2 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCut91048 | Title: | Layer1 failure in SRP interfaces in 532.02I image |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Seeing Layer1 Failures in SRP interfaces. Due to this the link quality is in Unknown state.
Symptom:
Conditions:
After configuring SRP interfaces and making UP Layer1 Is in UNKOWN and FAILED state, which throws the link quality to Unknown state.
Workaround:
No Workaround
Further Problem Description:
No
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv79222 | Title: | VZ LE1A - unexpected data at "show controller optics" |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
For every port below parameters are visible in show controller optics output
Remove following lines (unless show controller optics refer to NCS4K-2H-W trunk ports 2 and 3):
"Configured Tx Power = 0.00 dBm"
"Configured CD-MIN 0 ps/nm CD-MAX 0 ps/nm"
Conditions:
So TX-Power, CD-MIN and MAX are part of show optics cli only when these are configurable, otherwise this filed is not visible to user.
Workaround : None
Expected Resolution: This issue will be fixed in a future release.
Reproducibility (%):100%
Workaround:
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv50132 | Title: | vm_manager crash after admin reload in calvados |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:
vm_manager crash
Conditions:
after admin reload in calvados
Workaround:
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw01715 | Title: | Wrong entitymib entry under the port slot for GigabitEthernet0/0/0/0 |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Wrong entitymib entry under the port slot for gig0/0/0/0.
Conditions:
when the GSR has 4GE-SFP-LC .
Workaround:
none.
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: * | 4.1.1.TOOLS |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj87433 | Title: | SSHD logs session disconnect messages without logging enabled |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
An ASR9K running 4.0.0 logs the following message every time and ssh session is disconnected
RP/0/RSP1/CPU0:Nov 2 13:04:46.328 : SSHD_[65837]: disconnect_session: sshd.state:10
ssh server logging is not configured
Conditions: ssh server is configured.
Workaround:
None
|
|
Last Modified: | 02-AUG-2015 |
|
Known Affected Releases: | 4.0.0.K9SEC |
|
Known Fixed Releases: * | 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 4.0.4, 4.1.1, 4.1.1.22i.BASE, 4.1.2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu73965 | Title: | Install add pkgs when no space left in root directory and repositories. |
|
Status: | Other |
|
Severity: * | 4 Minor |
Description: | Symptom:correct message is not displayed while doing install add from xr or calvados. Instead messages like these are shown:
Package "ncs4k-mini-x.iso" is invalid: Package has an unknown type or is corrupt"
Failed to distribute packages
Failed to deposit packages
ERROR! Unable to download package
Conditions:This happens in case there is not enough space in root partition of cavados, or xr or in xr install repository or calvados install repository which is present in /install_repo/gl/xr and /install_repo/gl/calvados
Workaround:
None
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCth01206 | Title: | fr_lmi process crash observed with scaled frame-relay config |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
fr_lmi process crash observed sometimes with scaled frame-realy pvc configuration.
Conditions:
Crash occured when 4000 frame relay pvcs were configured.
Workaround:
None.
|
|
Last Modified: | 03-AUG-2015 |
|
Known Affected Releases: | 4.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut29773 | Title: * | Enhance PMengine ltraces |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
Ltraces for PM ui and local port add delete mising
Conditions:
Ltraces for PM ui and local port add delete mising
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut77824 | Title: | LDP interfaces limited to 800 |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
LDP interfaces currently limited to 800
Conditions:
800 ldp interfaces conifgured
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.1.3.MPLS |
|
Known Fixed Releases: * | 5.3.2.21i.MPLS, 5.3.3.6i.MPLS, 6.0.0.12i.MPLS |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv79384 | Title: | 5.2.4 Umbrella SMU for GMPLS with backout of CSCuu32035 |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Umbrella SMU for 5.2.4 for the following DDTS of GMPLS
CSCuu10254 After RP OIR on tail node 1GE and STM16 traffic down(DT22+SMU)
CSCuu11993 After Mid node power cycle OCI observed on HO ODU controller
CSCuu24010 LSP taking 6 sec to 3.5mins to signal restore path.
CSCuu28839 GMPLS Error handling for LAbel mismtach
CSCuu29035 Traffic glitch on RPVM switchover and traffic loss on RPVM switchback
CSCuu34619 After Mid node power cycle Traffic down on few tunnels.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd25917 | Title: | parser_server syslog on executing oper infra from aux |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * |
Symptom:
Unable to execute oper infra CLI's from admin prompt and paser_server syslog floods the console
Conditions:
You may see this issue when show opertioanal CLI is executed from AUX port
Workaround:
unknown
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 3.9.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj31126 | Title: | CLI 'Show operational XML' missing schema when executed from aux port |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom
========
CLI 'Show operational XML' missing schema's when executed from aux port or from any other console port if you used the backdoor of /pkg/bin/exec -a which is an internal debugging way of logging through Standby Console port
Conditions:
=========
CLI 'Show operational XML' missing schema's when executed from aux port.
Workaround:
===========
Not to use Aux ports for show operational or shells which are started using /pkg/bin/exec -a
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: * | 4.0.1.BASE, 4.1.0.MGBL |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq83881 | Title: | describe sh oper <>" cli in admin mode is throwing an error msg |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | RELEASE NOTE TEMPLATE
=====================
Symptom:
=======
parser_server-Error: Following error encountered while processing class(get children)
''MDA'' detected the ''warning'' condition ''A client requested information for a non-existent object class handle'' The command is defined in show_operational_admin.parser
Conditions:
=======
you may see the above error message while describe sh oper <>" cli in admin mode
Workaround:
==========
None Needed
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 3.7.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui25206 | Title: | sysdb_mc[406]: %SYSDB-SMC-7-PARSE_FAILED : Unable to parse node from int |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
Getting below SYSDB error while executing " Sh run interface Serial(WRONG INTERFACE FORMAT)" in 4.3.1 node.This behavior is different from 4.1.2 node in which there is no SYSDB error.Getting error only on Serial interfaces of 4.3.1 node.
RP/0/7/CPU0:SFCHXRPE4#sh run interface serial 0/9/0/0/1/:0
Wed Jul 17 11:17:47.491 EDT
% No such configuratiRP/0/7/CPU0:Jul 17 11:17:47.688 : sysdb_mc[406]: %SYSDB-SMC-7-PARSE_FAILED : Unable to parse node from interface name. Check interface name entered. ('Serial0_9_0_0_1_:0' from 'cfg/if/act/Serial0o_9_0_0_1_:0/') ('ifmgr' detected the 'warning' condition 'One of the arguments is invalid')
n item(s)
RP/0/7/CPU0:Jul 17 11:17:47.688 : nvgen[349]: %MGBL-NVGEN-3-SYSDBOPERATION : sysdb_operation of sysdb_event_find : 'cfg/if/act/Serial0_9_0_0_1_:0/': 'sysdb' detected the 'fatal' condition 'Operation attempted with an unsupported pathname'
Conditions:
giving wrong serial interface to "sh run int serial"
Workaround:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn96452 | Title: | Duplicate month list on scheduling diag test using absolute schedule |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptoms: Duplicate month list on scheduling diagnostig test using absolute
schedule
Conditions: This is a dual RSP3 setup. While schedule the diagnostic test to a
node using absolute schedule follow by "?" to get help, duplicate month list
showing from the output
Workaround: Issue command "diag schedule location 0/7/CPU0 test 3 on ?"
Recovery: No
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx13819 | Title: | 38_CRS_SIT_IP:ctrl+c doesnt terminate the cmd execution |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * |
Symptom:
ctrl+c doesnt terminate the cmd execution
Conditions:
you will see this issue while executing show controller gig < > all
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 3.8.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun59998 | Title: | add an interactive help example for IPv6 BGP neighbor for Flex CLI group |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
when trying to create a regexp for ipv6 neighbor with "\:" as the pattern, it didn't allow.
Conditions:
just create a flexible configuration group, and after "neighbor", try to have "[0-9|A-F]*\:.*\:.*", it failed to commit
Workaround:
For V6 BGP neighbor regexp, it should be "neighbor '[0-9|A-F]*:.*:.*:.*::.*'", without the back slash (\).
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCts98081 | Title: | show tacacs not shown configured tacacs-server host |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
show tacacs CLI not shown thw configured tacacs-server host and
also router not contacting any of these server host when user aaa request .
Conditions:
you may see this issue when multiple tacacs server host configured in MC router ..
No specific condition other than this observed
Workaround:
not known
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.0.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtw47325 | Title: | Sh controller dwdm not displayed when given DWDM permissions |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
show controller dwdm does not display the output, even when the user has
access for dwdm taskgroup.
Conditions:
When the user is part of a group having access dwdm and try "show controllers
dwdm"
Workaround:
Allow also the "interface" taskgroup.
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.1.0.BASE, 4.2.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus12437 | Title: | On setting time(tod) throgh Tl1, bucket doesnt becomes invalid inCTC/CLI |
|
Status: | Open |
|
Severity: * | 4 Minor |
Description: | Symptom:
PM buckets don't get invalidated once system time is changed via TL1 but after 15-20 minutes. According to gr.253 , PM buckets shall be invalidated immediately.
Conditions:
-> Execute RTRV-PM tl1 command to check if PM buckets are valid.
-> Execute SET-TOD for changing system time.
Workaround:
Expected Resolution: This issue will be resolved in future release after CISCO 5.2.4.
Reproducibility (%): 100
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.2.41.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx94103 | Title: | Inconssitencey in Cli and Xml Delete for Service policy interface No-Op |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | -- Release-note --
Symptom:
Under interface, could not able to delete policy-map with invalid policy name in XML request; But working fine in CLI output.
Conditions:
Need to give invalid policy name in the XML request.
Workaround:
Could able to delete policy-name with right and existing one using xml request.
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 3.8.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum18574 | Title: | ARP and LLDP flow should get rejected in 131 and 132 pipeline |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
ARP and LLDP flow should get rejected
Conditions:
131 and 132 pipeline must reject arp and lldp flows because It is L3 Openflow switch
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: * | 5.1.1.BASE, 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup06644 | Title: | flowpsec_mgr process shutdown behavior |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
show flowspec ipv4/ipv6 display output even the process is Killed.
Conditions:
process shut flowspec_mgr
Workaround:
NIL
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.2.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup05835 | Title: | Python PSS: QOS GROUP values > 63 should not be allowed on XR520 |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
When configuring action set qos group via a Python onep app on an XR device, invalid values > 63 can be configured on the ASR9K. No error is observed.
Conditions:
The CLI shows that the valid range for acceptable qos-group values is 0-63:
RP/0/RSP0/CPU0:onep-asr9k-1(config-pmap-c)#set qos-group ?
(0-63) QoS group value
However values as high as 512 can be configured on the ASR9K.
SDK version: rel-1.2.1.229
ASR9K image: asr9k-mini-px-5.2.0.23I
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.2.2.2i.K9SEC |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv83402 | Title: | Broadcast & Multicast fileds to be removed from subinterface stats. |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
Broadcast & Multicast traffic are not getting accounted in L2 sub interface though corresponding field are available.
Conditions:
For L2Subinterfaces.
Workaround:
Further Problem Description:
On Arwen LC , for L2 sub interface though there are filed for broadcast & multicast but corresponding traffic does not get accounted appropriately .
RP/0/RP0:ios#show interfaces tenGigE 0/3/0/4.1 | i pac
Tue Aug 18 00:51:05.706 UTC
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
306211065 packets input, 64115742557 bytes, 0 total input drops
Received 0 broadcast packets, 0 multicast packets
306209245 packets output, 64117942263 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
In case of ASR9k , there is no packet type differentiator under sub interface & all gets accounted as packet input/output like below
RP/0/RSP0/CPU0:ios(config)#do show interfaces tenGigE 0/0/1/2.1 | i pac
Tue Aug 18 08:07:53.107 UTC
13753474 packets input, 10878128066 bytes
4091494875 packets output, 3236325031996 bytes
So for Arwen if adding broadcast & multicast field are intentional to match corresponding packet then it should work or else lets remove those section from o/p & make it same as ASR9k.
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue99169 | Title: | show cef detail displaying incorrect address/interface data |
|
Status: * | Terminated |
|
Severity: | 4 Minor |
Description: * | Symptom:
Missing or incorrect nexthop address displayed on "show cef xxx detail" for a prefix which has a Fast Reroute Backup path.
Forwarding is unaffected. It is a cosmetic display issue.
Conditions:
The condition is transient inasmuch as the trigger is not clear.
Workaround:
None.
The issue is cosmetic. Forwarding is not affected.
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 4.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu21976 | Title: | PLATFORM-CIH-1-ASIC_ERROR_SCRUB_THRESH egressq 531 |
|
Status: * | Other |
|
Severity: * | 4 Minor |
Description: | Symptom:
Getting egress link error on router reload and LC reload.
Conditions:
Router reload and LC reload.
Workaround:
None
Further Problem Description:
This error is displayed when the error register is set in hardware. If the error occurs only one time there is no impact. If it happens beyond the threshold HARD RESET of the card might occur. In this case the error occurs only once.
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur08314 | Title: * | Magic Number Corrupted during router boot/ after FO followed by B2B ISSU |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
Magic Number Corrupted from devc-conaux seen
Conditions:
after FO followed by B2B ISSU
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 5.2.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu68584 | Title: | prefix sid ranges are wrong in CLI |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Out of range prefix SID index or absolute values are accepted by the configuration. Ranges in CLI help are incorrect for both index and prefix configurations.
Allowed ranges should be:
index - 0-65535 (currently supporting single SRGB with max 65536 labels)
absolute - 16000-1048575
When the prefix sid is configured outside currently active SRGB, the config is accepted silently.
The following warning message is being added by this DDTS if such situation is detected:
isis[1010]: %ROUTING-ISIS-6-PREFIX_SID_INFO : Prefix SID info: 'absolute SID value 999999 on Loopback0 outside current SRGB range (90000-99000)'
Conditions:
Workaround:
No workaround is needed.
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0.0.ROUT |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCut88321 | Title: | Topaz line card reload - pciesvr %PLATFORM-PCIE-3-BUS_ERROR on 5.3.2 1i |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:Seeing pciesvr %PLATFORM-PCIE-3-BUS_ERROR error messages on topaz card reload in 5.3.2 1i image.
Conditions:Reload CRS-X PLIM
Workaround:No impact. No workaround.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.2.BASE, 5.3.2.LC |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl56081 | Title: | XML output for "show adjacency *" command doesn't display all the fields |
|
Status: * | Terminated |
|
Severity: | 4 Minor |
Description: * | Symptoms:
For crs-1, XML responses fail to provide some of the fields of the output, when query is done at any level.
Conditions:
This condition is observed on a crs-1 running 4.1.0 image when XML request is queried at any level.
Workaround:
The output is diaplyed correctly with all the fields when query is done using CLI.
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 4.1.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCse53108 | Title: | IPv4 & IPv6 PD API for BGP-PA config hardware verification |
|
Status: * | Terminated |
|
Severity: | 4 Minor |
Description: * |
Symptom: The IPv6 BGP prefix accounting feature appears to be configured on an
interface however the necessary interface flags and statistics memory. As a
result no IPv6 BGP prefix accounting data can be displayed for the interface.
Conditions: This condition occurs when more than 256 interfaces (i.e. VLAN
interfaces) are configured on a linecard with the IPv6 BGP prefix accounting
feature.
Workaround: Do not configure more than 256 logical or physical interfaces on a
specific line card
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 3.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb04314 | Title: | CFM producers have garbage char following the end of proto name for LWM |
|
Status: * | Terminated |
|
Severity: | 4 Minor |
Description: | Symptom:
While adding CFM configuration to the interface, console log message generated saying failed in creating CFM hardware due to Aib process failure
Conditions:
issue seen with ci-39 3.9.0.14I image
Workaround:
Remove and reattach the CFM configuration. check "show ethernet cfm local mep interface gig <>". Check CCM's are sending and receiving without any issue after configuring.
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 3.9.0.LC |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup03920 | Title: | 513-SIT: tcp crash on show tcp dump-file all location 0/rp0/cpu0 |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
tcp process crashes when show tcp dump-file all location 0/rp0/cpu0 is issued.
Conditions:
Configuration for dump-files number should be high (10k).
Workaround:
Further Problem Description:
|
|
Last Modified: | 03-AUG-2015 |
|
Known Affected Releases: * | 5.1.3.BASE, 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc37508 | Title: | Suppress %L2-SPA_ETHER-4-SPA_WARN_RX_PWR on shut and uncofig interfaces |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Power alarms generated for interface in shutdown state (Admin down).
LC/0/0/CPU0:Sep 27 09:55:45.988 : spa_ge_v2(0)[315]: %L2-SPA_ETHER-4-SPA_WARN_RX_PWR : spa_ge_alarm_warn_thread:Port 7, RX Low power warning occurred
interface GigabitEthernet0/0/0/7
!shutdown
Conditions:
When the system is booted or a card with these interfaces is booted there are two log messages per interface regardless of whether the interface is in use. As a result there is no way to tell which active interfaces really have low power and which ones are warning because they are not configured and is nothing connected.
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE, 5.1.3.BASE |
|
Known Fixed Releases: * | 5.3.2.15i.FWDG, 6.0.0.10i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtf52638 | Title: | [MC4] show memory summary location all has duplicate headers |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
Two headers seen on display
Conditions:
sh memory summary location all
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 3.9.1.BASE, 3.9.2.BASE, 4.0.0.BASE |
|
Known Fixed Releases: * | 5.3.2.13i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv74388 | Title: | ATT-CERT: g709 controller configs lost on 4-40G int after router reload |
|
Status: | Open |
|
Severity: | 5 Cosmetic |
Description: | Symptom:After router reload, "fec standard" configuration is lost under controller.
Conditions:Router reload with FEC config on 4-40GbE-OTN PLIM
Workaround:Even though config is not present, It is applied in hardware properly. Hence no functional impact.
remove/re-apply the config once again.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv97266 | Title: | CRS FP-X: FIB tracebacks |
|
Status: | Open |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
FIB traceback:
LC/0/1/CPU0:Aug 19 04:38:20.505 : fib_mgr[169]: %ROUTING-FIB-3-PLATF_UPD_FAIL : FIB platform update failed: Obj=DATA_TYPE_LOADINFO[ptr=61c04968,refc=0x1,flags=0x400a9] Action=MODIFY Proto=ipv6. Cerr='nh_compr' detected the 'fatal' condition 'Not found' : pkg/bin/fib_mgr : (PID=127075) : -Traceback= c1ed187 42fc5f3 42fd519 42f991e 42a6514 42a1658 427f71b 4333d2c 4335afa 427f8e2 428aa68 428f410 42a1fd0 42a4f50 4333d2c 4335afa
LC/0/1/CPU0:Aug 19 04:38:20.505 : fib_mgr[169]: %ROUTING-FIB-3-PD_FAIL : FIB platform error: fib_ldi_platform_update 1815: PD action MODIFY failed for passed_ldi 0x61c04968 type DATA_TYPE_LOADINFO flags 0x400a9. Shared LDI 0x61c04968 num_slots 1 num_buckets 1 depth 2 ldi type 3 ldi protocol ipv6 flags 0x400a9 : 0xa82a0800 'nh_compr' detected the 'fatal' condition 'Not found' : pkg/bin/fib_mgr : (PID=127075) : -Traceback= 42fc74b 42fd519 42f991e 42a6514 42a1658 427f71b 4333d2c 4335afa 427f8e2 428aa68 428f410 42a1fd0 42a4f50 4(TRUNCATED)
Conditions:
-running 5.3.1
-using IPv6
Workaround:
fib_mgr restart on affected LC
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.3.1.ROUT |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul89131 | Title: | duplicate error line when issue "show config failed" |
|
Status: | Open |
|
Severity: | 5 Cosmetic |
Description: * | Symptom:
duplicate error line displaying when any config failed to apply
Conditions:
when we issue "show config failed" after any config failed
Workaround:
None needed
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq83917 | Title: | show oper help command should not be case sensitive |
|
Status: | Open |
|
Severity: | 5 Cosmetic |
Description: * |
RELEASE NOTE TEMPLATE
=====================
Symptom:
========
"show operational " CLI with lower case letters will fail
Conditions:
========
This issue will be seen when entering the show operational command with lower
case letters.
Workaround:
=========
Execute the command with upper case alphabets
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 3.7.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc46263 | Title: | PWD command shows incorrect info on XR CLI |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
In NG/Panini, the file media like disk0:, harddisk: available in root directory are symbolic of the path like misc,
misc/disk1 respectively. Since it is a symbolic link it is used to resolve and display the absolute path for "pwd".
For Example:
RP/0/RP0/CPU0:ios#cd disk0:
RP/0/RP0/CPU0:ios#pwd
Mon Feb 2 23:50:54.091 UTC
misc
RP/0/RP0/CPU0:ios#cd harddisk:
RP/0/RP0/CPU0:ios#pwd
Mon Feb 2 23:51:54.211 UTC
misc/disk1
Conditions:
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.0.0.BASE, 5.2.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui65176 | Title: | voltage information for SPA-OC192POS-XFP shows 0 mV |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
The voltage information for SPA-OC192POS-XFP shows 0 mV.
Conditions:
CRS running IOS XR 4.2.1
Workaround:
reload of the SPA or router may be the workaround
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: * | 4.2.1.BASE, 4.3.1.BASE, 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCur22156 | Title: | Increase preemption events in "show mpls traffic preemption log" to 2000 |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This DDTS tracks 2 enhancements to MPLS TE's preeemption log:
- Increase the number of events to 2,000 entries (increase from 10 currently)
- Increase the number of tracked LSPs to 10,000 (increase from 1,000 currently)
Conditions:
Monitoring preempted MPLS TE LSPs
Workaround:
None - beyond the current preemption log stated limits
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | 5.3.2.20i.MPLS, 5.3.3.6i.MPLS |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv73921 | Title: | FAPID changes for Jericho on NCS4k |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
FAPID changes for Jericho on NCS4k
Conditions:
Change number of AMBAs on LC for Jericho on NCS4k from 1 to 4
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsl08544 | Title: | Add 'location' option to command outputs redirected to pipe file |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
On ios-xr 352, it is not pssible to redirect the output of a show command to a storage device on another target node.
Current syntax:
show xxx | file
Requesting support for :
show xxx | file : location
Conditions:
no specific condition.
Workaround:
The same result can be achieved in 2 steps:
show xxx | file
copy location 0/x/CPU0 location 0/y/CPU0
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 3.5.2.BASE |
|
Known Fixed Releases: * | 3.8.0.6i.BASE, 3.8.0.6i.OSMBI, 3.8.3, 3.8.4 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv53819 | Title: | Breakout feature support from TL1 |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
TL1 does not support configuration of individual lanes.
Conditions:
Breakout feature not supported from TL1
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui84063 | Title: | Increase bgp rlimit to accommodate higher scale |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
BGP RLIMIT is currently set to 2GB. To increase BGP RLIMIT to accommodate higher BGP scale, each platform should return the supported maximum scale.
Conditions:
Currently rlimit of bgp is 2G , if the mem taken by bgp exceeds this number , it may be crashed down by Resmon
Workaround:
Workaround is to reduce scale
Recovery : it recovers after crash but if the scale is the same , it may be taken down by resmon again
Further Problem Description:
|
|
Last Modified: | 18-AUG-2015 |
|
Known Affected Releases: | 5.0.0.BASE, 5.3.2.BASE |
|
Known Fixed Releases: * | 5.3.2.16i.BASE, 5.3.2.16i.ROUT, 5.3.3.3i.BASE, 5.3.3.3i.ROUT, 6.0.0.10i.BASE, 6.0.0.10i.ROUT |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv22503 | Title: | hw-module reload command failure message does not have enough info |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
Failure message on the "hw-module location reload" command doesn't indicate detail failure reason
Conditions:
When "hw-module location reload" command returns failure.
Workaround:
Dump shelf_mgr traces to find out the reason of the failure.
Further Problem Description:
|
|
Last Modified: | 18-AUG-2015 |
|
Known Affected Releases: | 5.0.1.ADMIN |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv63002 | Title: | Wrong check in fsdbagg component |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Conditions:
Workaround:
Further Problem Description:
No functional impact.
Code is Tested, but need to correct.
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: | 5.2.5.22i.BASE, 6.0.0.12i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv63353 | Title: | Request for on-demand per-interface per-client drop accounting in StatsD |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Enhancement request for on-demand per-interface per-client drop accounting in StatsD
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui82933 | Title: | need provide xml support for "sh processes memory" |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Enhancement to add XML/Netconf support for per process memory monitoring
Conditions:
Per process memory monitoring is not supported in XR today
Workaround:
There is no workaround
Further Problem Description:
|
|
Last Modified: | 07-AUG-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: * | 5.3.2.17i.BASE, 5.3.3.3i.BASE, 6.0.0.10i.BASE |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv94750 | Title: | ENH: IOS-XR Filtering of IP addresses from the LDP Address Message |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
By default IOS-XR will announce all his interface IP's in the LDP Address Message - including those which don't have LDP enabled (for example loopbacks used for satellite management)
In current IOS-XR versions we don't have possibility to filter unwanted IP addresses from the Address List TLV in the LDP Address Message.
This is an enhancement request to add possibility of the filtering.
Conditions:
Workaround:
Move local interfaces (for example for satellites management) into the vrf.
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.1.3.MPLS |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtw80254 | Title: | Memory leak on XML agents while rollback |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Seeing memmory leak on xml agents
Conditions:
Bulk config of object and schema list and rollback through XML
Workaround:
N/A
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 4.2.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn50422 | Title: | XR AAA read-only user allowed access to config mode |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptoms:
When a read-only taskgroup is configured and a user is using that taskgroup, the user should not be able to access config mode.
Conditions:
Cisco CRS with default configuration.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.6/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.8.2.2i.BASE |
|
Known Fixed Releases: | 4.0.11.1i.BASE, 4.0.4.11i.BASE, 4.1.1.23i.BASE, 4.2.0.5i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu62728 | Title: | IPv6: Packets addressed to unused addresses in P2P links are pingponged |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Packets sent to addresses that are not used in p2p links (such as serial, tunnel or POS links) will be forwarded
out the receiving interface and back on the link, resulting in these packets looping between both ends of the link until the packet TTL expires.
Conditions:
Packets are sent to an unused address in the subnet used for the p2p link.
Workaround:
Install filters to prevent traffic to be sent to unused addresses within the link subnet.
Alternatively, use a /127 prefix for the P2P link. Please be aware that while this can be implemented and eliminates the problem, using a /127
network is against RFC-3627 and RFC-5375.
Further Problem Description:
This behaviour is non-compliant with RFC 4443.
RFC 4443 sec 3.1 excerpt:
One specific case in which a Destination Unreachable message is sent
with a code 3 is in response to a packet received by a router from a
point-to-point link, destined to an address within a subnet assigned
to that same link (other than one of the receiving router's own
addresses). In such a case, the packet MUST NOT be forwarded back
onto the arrival link.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:W/RC:C&version=2.0
CVE ID CVE-2011-0952 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.4.1.BASE |
|
Known Fixed Releases: | 4.2.1.16i.BASE, 4.2.1.16i.FWDG, 4.2.3.1i.BASE, 4.2.3.1i.FWDG, 4.3.0.2i.BASE, 4.3.0.2i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtq06088 | Title: | Command aliases can lead to privilege escalation |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptoms:
The ''alias'' command can be used by any user to create or modify aliases. There is a potential privilege escalation within the alias command
that could allow an authenticated user to elevate their privileges.
Conditions:
User must be authenticated to the device.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.6/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 4.0.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtf64077 | Title: | IPv6: Packets addressed to unused addresses in P2P links are pingponged |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Packets sent to addresses that are not used in p2p links (such as serial, tunnel or POS links) will be forwarded
out the receiving interface and back on the link, resulting in these packets looping between both ends of the link until the packet TTL expires.
Conditions:
Packets are sent to an unused address in the subnet used for the p2p link.
Workaround:
Install filters to prevent traffic to be sent to unused addresses within the link subnet.
Alternatively, use a /127 prefix for the P2P link. Please be aware that while this can be implemented and eliminates the problem, using a /127
network is against RFC-3627 and RFC-5375.
Further Problem Description:
This behaviour is non-compliant with RFC 4443.
RFC 4443 sec 3.1 excerpt:
One specific case in which a Destination Unreachable message is sent
with a code 3 is in response to a packet received by a router from a
point-to-point link, destined to an address within a subnet assigned
to that same link (other than one of the receiving router's own
addresses). In such a case, the packet MUST NOT be forwarded back
onto the arrival link.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:W/RC:C&version=2.0
CVE ID CVE-2011-0952 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 3.4.1.BASE |
|
Known Fixed Releases: | 4.2.0.15i.FWDG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun82485 | Title: | ability to remove all config related to a particular (sub)interface |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
ability to remove interface references when the parent/main subinterface is removed.
Conditions:
an interface used for different services.
ability to remove that interface from mpls, bd's etc.
Workaround:
do it manually. not a real workaround I know.
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta97984 | Title: | syslog must generate evenif user login via dedicated agent |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * |
-->
Symptom:
there is no visibility to console user about xmlagent user since there is no syslog and show user output info
Conditions:
you may see this issue while login user via xmlagent
Workaround:
none
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 3.8.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv98942 | Title: | Enhance UIDB consistency: UIDB retrieved from buffer-header and Tx ADJ |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
'Nested alternate path found' counter was increased due to mismatch detected between the UIDB retrieved from buffer-header and Tx ADJ (NH2)
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.0.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo58538 | Title: | ANR should be enabled by default |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Some customers have reported issues where traffic through the router was affected triggered by an isolated hardware issue on the RP or linecards. The hardware failure condition may have been caused by a transient issue or a condition where the forwarding ASICs or the RP CPU complex had a hard fault resulting in data path outage. However, the isolated failure of a LC or an RP should not affect any transit traffic through the router, especially when the remaining linecards or the fabric sub-system does not show any error conditions.
The identification of the bad hardware is a time consuming effort and at times it is not clear whether multiple nodes might have been affected. The stability is restored when the bad hardware is shut down or removed from the system but this is usually after a prolonged outage where end-customer traffic is dropped. Often times, focus on service restoration implies that troubleshooting information is not collected and the root cause remains elusive or unknown. Very rarely, we have been able to recreate the problems during EFA but the success rate is low. Customers expect the CRS to be a carrier class product and therefore do not accept isolated hardware failure as an excuse for the single point of failure event.
Conditions:
Faulty HW
Workaround:
Enable ANR
Further Problem Description:
|
|
Last Modified: | 03-AUG-2015 |
|
Known Affected Releases: * | 4.2.4.BASE, 5.1.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu25231 | Title: | Syslog Logging local-file destination with discriminators |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
local file logging storage functionality
Conditions:
syslog functionality
Workaround:
Further Problem Description:
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 4.1.0.BASE, 4.3.4.BASE, 5.1.1.BASE |
|
Known Fixed Releases: | 5.3.3.2i.BASE, 6.0.0.8i.BASE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc85085 | Title: | v6-ND distribution and scale project tracking ddts |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
DDTS providing enhancements for ipv6 ND and scale
Conditions:
IPV6 ND
Workaround:
Not applicable
Further Problem Description:
This fixes amongst others the problem of ipv6 mtu on dynamic template is not used on outgoing ipv6 nd
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: * | 4.2.3.BASE, 5.1.0.BASE |
|
Known Fixed Releases: | 5.1.0.2i.FWDG |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论