Cisco Notification Alert -ASR 1000 Series Router-01-Oct-2015 16:50 GMT

Feedback Sign Up Unsubscribe         Field Notice - ASR 1000 Series Aggregation Services Routers Title: Field Notice: FN - 64014 - ASR1009-X and ASR1000-RP2 - RP2 CPLD Incompatible with New Chassis - RP2 CPLD Upgrade Required Description: An ASR1000-RP2 with an old Complex Programmable Logic Device (CPLD) (version earlier than 14111801) is not compatible with the new ASR1009-X chassis. Date: 11-SEP-2015 Find additional information in Field Notices Software Updates for ASR 1000 Series Aggregation Services Routers Product Name: ASR 1001-X Router Software Type: IOS XE Software Alert Type:   Suggested: 3.13.3S     Find additional information in Software Downloads index. Known Bugs - ASR 1000 Series Aggregation Services Routers Alert Type: Updated * Bug Id: CSCus69732 Title: IOS-XE: Evaluation of glibc GHOST vulnerability - CVE-2015-0235 Status: Fixed Severity: 2 Severe Description: * Symptom: On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. This vulnerability is documented in CVE-2015-0235. The following IOS-XE related products are affected: Cisco ASR 1000 Series Aggregation Services Router Cisco ASR 920 Series Aggregation Services Router Cisco ASR 900 Series Aggregation Services Router Cisco 4400 Series Integrated Services Routers Cisco 4300 Series Integrated Services Routers Cisco Cloud Services Router 1000V Series A Cisco Security Advisory has been published to document this vulnerability at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost This bug has been opened to address the potential impact on these products. Conditions: Exposure is not configuration dependent. All versions prior to the following ones are shipping with the vulnerable code: 15.5(1)S/XE3.14.S 15.4(3)S2/XE3.13.2S 15.4(2)S2/XE3.12.2S 15.4(1)S3/XE3.11.3S 15.3(3)S5/XE3.10.5S 15.2(4)S6/XE3.7.6S 15.1(3)S7/XE3.4.7S The following are active releases and planned CCO date: release CCO_Date 15.5(2)S/XE3.15.0S 3/31/2015 15.5(1)S1/XE3.14.1S 3/3/2015 15.4(3)S3/XE3.13.3S 5/29/2015 15.4(2)S3/XE3.12.3S 3/28/2015 15.4(1)S4/XE3.11.4S 5/29/2015 15.3(3)S6/XE3.10.6S 7/30/2015 15.2(4)S7/XE3.7.7S 3/20/2015 15.5(3)S/XE3.16.0S 7/31/2015 Workaround: Not available. Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Last Modified: 02-SEP-2015 Known Affected Releases: 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S, 15.5(1)S, 15.5(2)S, 15.5(3)S Known Fixed Releases: 15.2(4)S7, 15.3(3)S6, 15.4(1)S4, 15.4(2)S3, 15.4(3)S3, 15.5(1)S1, 15.5(2)S Alert Type: New Bug Id: CSCuw01036 Title: ArgusX:EPA1x100G XE316, link remains down for long after reload Status: Open Severity: 2 Severe Description: Symptom:a. EPA1x100G (HundredGigEx/y/z) port remains "down" for a long times, sometimes upto 20 mins and then comes up. b. Even after the delayed coming up of HundredGigEx/y/z, ping doesn't go through and traffic doesn't flow. Conditions:a. One of the known conditions (there may be more) is when the routers at both the ends (in case of a back to back) are reloaded simultaneously. Workaround:NONE, reload may solve the issue, but not guaranteed. slot and subslot reload doesn't solve the issue. More Info: Last Modified: 01-SEP-2015 Known Affected Releases: 15.5(3)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCut47195 Title: MCP_DEV:Unable to activate capture synack and mss value not seen Status: Fixed Severity: 2 Severe Description: Symptom: While testing "xe311_ipv6_tcp_mss" feature with MCP_DEV image in Kingpin platform,Unable to activate capture synack and MSS value is not seen. Conditions: Issue is seen in Kingpin platform Workaround: None Further Problem Description: Last Modified: 02-SEP-2015 Known Affected Releases: 15.5(3)S Known Fixed Releases: * 15.5(2.12)T, 15.5(2.14.1)PIH28, 15.5(2.16.5)PIH28, 15.5(2.18)S, 15.5(3)S, 16.1(0.222) Alert Type: Updated * Bug Id: CSCus23097 Title: RX SC's Failed to install with 16 peers after reload Status: Fixed Severity: 2 Severe Description: Symptom: Traffic may get affected in the interface where RX SC count is not matching the peer count. Conditions: Workaround: Issue "clear mka sessions" to reset SC. Further Problem Description: Last Modified: 02-SEP-2015 Known Affected Releases: 15.5(2)S Known Fixed Releases: * 15.5(2.22)S, 15.5(3)S Alert Type: Updated * Bug Id: CSCuu82192 Title: NatGatekeeper performance degraded Status: Fixed Severity: * 2 Severe Description: Symptom: While sending a traffic stream with 12100 source to 12100 destination qfp load on extended mode is higher than the default mode. Conditions: Send a traffic stream with 12000 source to 1200 destination observe that qfp load will be higher Workaround: N/A Further Problem Description: N/A Last Modified: 12-SEP-2015 Known Affected Releases: 15.5(1)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuu97977 Title: Pfrv2 load-balance not working with passive mode. Status: Fixed Severity: 2 Severe Description: Symptom: Traffic is not load-balancing in Outbound /Inbound direction while running PFRv2 with Internet Edge Solution. Conditions: while running PFRv2 with Internet Edge Solution and load-balance with passive mode. Workaround: Further Problem Description: Customer is running Pfrv2 Internet Edge solution to load-balance Outbound and Inbound Traffic. Seems like the new link-group algorithms not work well for load-balance with passive mode. Last Modified: 24-SEP-2015 Known Affected Releases: 15.4(3)S2.2 Known Fixed Releases: * 15.4(3)M3.2, 15.4(3)S3.10, 15.5(1)S2.12, 15.5(1)S2.15, 15.5(2)S1.7, 15.5(3)M0.2, 15.5(3)S0.7, 15.6(0.14)S, 15.6(0.18)T Alert Type: Updated * Bug Id: CSCun00875 Title: Active ESP crashed after ~5 hours of churning Status: Fixed Severity: 2 Severe Description: * Symptom: A crash may occur after a large amount of ISG session flapping and tunnel flapping. ESP (QFP) memory exhaustion may be seen prior to the crash: 041954: Jun 20 03:22:37.632 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041955: Jun 20 03:43:54.252 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041956: Jun 20 04:10:17.644 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041957: Jun 20 04:16:19.992 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041958: Jun 20 04:26:05.046 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041959: Jun 20 04:26:05.079 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to up 041960: Jun 20 04:29:30.800 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041961: Jun 20 04:32:40.967 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up 041962: Jun 20 04:32:41.008 UTC: %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error -Traceback= 1#21fcabb7bf645a0ac69f1ea8c36c64eb errmsg:C565000+2230 cpp_common_os:95E2000+C470 cpp_common_os:95E2000+C270 cpp_common_os:95E2000+19BCC cpp_plutlu_common:9D7A000+2FE0 cpp_plutlu_common:9D7A000+30A8 cpp_cef_mpls_common:9C27000+1A1F8 cpp_cef_mpls_common:9C27000+1CA50 cpp_cef_mpls_common:9C27000+1D374 :10000000+5F4974 :10000000+28B984 aobjman:DE0C000+11A78 :10000000+41345C evlib:9FD0000+E4AC evlib:9FD000 041963: Jun 20 04:35:37.120 UTC: %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error -Traceback= 1#21fcabb7bf645a0ac69f1ea8c36c64eb errmsg:C565000+2230 cpp_common_os:95E2000+C470 cpp_common_os:95E2000+C270 cpp_common_os:95E2000+19BCC cpp_plutlu_common:9D7A000+2FE0 cpp_plutlu_common:9D7A000+30A8 cpp_cef_mpls_common:9C27000+1A1F8 cpp_cef_mpls_common:9C27000+1CA50 cpp_cef_mpls_common:9C27000+1D374 :10000000+5F4974 :10000000+28B984 aobjman:DE0C000+11A78 :10000000+41345C evlib:9FD0000+E4AC evlib:9FD0 041964: Jun 20 04:35:37.832 UTC: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0 041965: Jun 20 04:37:08.683 UTC: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CPP Client process failed: FMAN-FP det:HA class:CLIENT_SW sev:FATAL id:1 cppstate:RUNNING res:UNKNOWN flags:0x0 cdmflags:0x0 041966: Jun 20 04:37:08.697 UTC: %IOSXE-6-PLATFORM: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected 041967: Jun 20 04:37:08.843 UTC: %PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69) Conditions: QFP memory exhaustion and interface flapping Workaround: Further Problem Description: Last Modified: 24-SEP-2015 Known Affected Releases: 15.4(2)S, 15.5(1)S Known Fixed Releases: 15.4(2)S Alert Type: New Bug Id: CSCuw41346 Title: ESP packets discarded during re-key with static NAT on ASR1k Status: Open Severity: 2 Severe Description: Symptom: Traffic loss through IPSEC tunnels when STATIC NAT is in transit path. The NAT is implemented in such a way that the Tunnel end points are not aware of it. Hence, ASR1k uses ESP NATTING and NAT-T never comes into picture. Example :: A&B are translated to C&D on the first node and back from C&D to A&B on the second node. 1.1.1.1 |--------------------------------------------------IPSEC------------------------------------| 4.4.4.4 ADIA ASR -----------------[nat] ASR1000-1 ------------------- ASR-2 [nat]------------------ADIA ASR BGL.I.06-ASR1000-1#sh ip nat tra esp Pro Inside global Inside local Outside local Outside global esp 8.8.8.8 1.1.1.1: 4.4.4.4 9.9.9.9:1 esp 8.8.8.8 1.1.1.1: 4.4.4.4 9.9.9.9 esp 8.8.8.8 1.1.1.1: 4.4.4.4 9.9.9.9:1 esp 8.8.8.8 1.1.1.1: 4.4.4.4:3360 9.9.9.9:16320 esp 8.8.8.8 1.1.1.1: 4.4.4.4 9.9.9.9:1 esp 8.8.8.8 1.1.1.1: 4.4.4.4:3360 9.9.9.9:16320 esp 8.8.8.8 1.1.1.1: 4.4.4.4:3360 9.9.9.9:16320 esp 8.8.8.8 1.1.1.1: 4.4.4.4 9.9.9.9:1 Conditions: During the re-key process, the NatIN2out drops increments BGL.I.06-ASR1000-1#sh plat hardware qfp active statistics drop ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- NatIn2out 5 670 <<<<<<<<< NatIN2out drops BGL.I.06-ASR1000-1#sh plat packet-trace packet 34 Packet: 34 CBUG ID: 62850 Summary Input : GigabitEthernet0/0/2 Output : GigabitEthernet0/0/3 State : DROP 066 (NatIn2out) <<<<<< Timestamp : 286514253437759 Path Trace Feature: IPV4 Source : 1.1.1.1 Destination : 4.4.4.4 Protocol : 50 (ESP) Feature: NAT Direction : IN to OUT Action : Drop Sub-code : 022 - ESP_CREATE_FAIL <<<<<<<<< Workaround: Deploy NAT in a way that the tunnel end points find out NAT device in between and start to use NAT-T. For example :: ip nat inside source static udp 1.1.1.1 500 8.8.8.8 550 extendable If we force the NAT device to use port other than 500 (both or any one), then IPSEC will use NAT-T Further Problem Description: Last Modified: 26-SEP-2015 Known Affected Releases: 15.3(3)S4 Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuv14195 Title: * ASR1006-X and ASR1009-X Need to have RP2 CPLD upgrade support Status: Fixed Severity: 2 Severe Description: Symptom: ASR1009-X and ASR1006-X will not work without the RP2 CPLD being upgraded. Only the RP2 CPLD is required to be upgraded despite messaging in other slots. The following failure error messages are a good example of what will be experienced: %CMRP-3-FRU_CPLD_INCOMPATIBLE: R0/0: cmand: ASR1000-6TGE in slot 0 has been held in reset as its CPLD firmware version is incompatible with ASR1009-X changed state to up mcp-6ru-25> mcp-6ru-25>en mcp-6ru-25#show plat Chassis type: ASR1009-X Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 0 ASR1000-6TGE act_rp_cpld_incompatib00:04:32 1 ASR1000-SIP40 act_rp_cpld_incompatib00:04:32 2 ASR1000-SIP40 act_rp_cpld_incompatib00:04:32 R0 ASR1000-RP2 act_rp_cpld_incompatib00:04:32 F0 ASR1000-ESP160 act_rp_cpld_incompatib00:04:32 F1 unknown 00:04:32 Slot CPLD Version Firmware Version --------- ------------------- --------------------------------------- 0 N/A N/A 1 N/A N/A 2 N/A N/A R0 10021901 15.4(2r)S Conditions: The failure is specific to customer environments where an existing RP2 which has not been upgraded to the latest CPLD to support the asr1009-x or 1006-x. If the customer installs said RP2(s) into these chassis types the symptoms indicated will occur. The new chassis will come with upgraded RP2's if ordered as part of a bundle. Workaround: none Further Problem Description: Last Modified: 02-SEP-2015 Known Affected Releases: 15.5(3)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCut77070 Title: SPA-1xCHOC12/DS0 not supporting Framed E1 connections. Status: Fixed Severity: 2 Severe Description: Symptom: Framed E1 on SPA-1xCHOC12/DS0 is not coming up. The device is sending AIS to the remote node. Conditions: The issue is with Framed E1's. When we configure unframed E1, the link is coming up. Workaround: No workaround Further Problem Description: NA Last Modified: 14-SEP-2015 Known Affected Releases: 15.1(3)S Known Fixed Releases: * 15.3(3)S6.6, 15.4(3)S3.3, 15.5(1)S2.2, 15.5(2)S0.8, 15.5(2)S1, 15.5(2)SN, 15.5(2.21)S Alert Type: New Bug Id: CSCuw27745 Title: SPA-2XOC48POS/RPR is displayed for ASR1000-2T+20X1GE in show platform Status: Terminated Severity: 3 Moderate Description: Symptom: show platform shows SPA-2XOC48POS/RPR in place of ASR1000-2T+20X1GE. Conditions: When the rommon version of ASR1000-2T+20X1GE is below 15.4(2r)S. Workaround: upgrade rommon to version 15.4(2r)S. Further Problem Description: The output of show platform displays SPA-2XOC48POS/RPR in place of ASR1000-2T+20X1GE. This is due to wrong reading of IDPROM in rommon. Last Modified: 16-SEP-2015 Known Affected Releases: 15.3(3)S7 Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuv51491 Title: dynamic payload type added w/o rtpmap for codec in disabled stream Status: Fixed Severity: 3 Moderate Description: Symptom: dynamic payload type added w/o rtpmap for codec in disabled stream Conditions: if callee add more dynamic codec in sdp answer other than those in sdp offer Workaround: use lua script to remove those extra codecs Further Problem Description: Last Modified: 16-SEP-2015 Known Affected Releases: 15.2(4)S6 Known Fixed Releases: * 15.4(3)S3.13, 15.6(0.18)S, 15.6(1.2)S Alert Type: Updated * Bug Id: CSCuv74763 Title: ASR 1K - SSH Hangs on "Show Logging Count" When SBC Errors Flood Console Status: Fixed Severity: 3 Moderate Description: Symptom: ASR 1K may experience a hang or crash on the SSH process when running "show log count" if SBC is busy printing out a heavy amount of logs to the console. Conditions: SBC is printing many messages to the console at the time "show log count" is issued. Workaround: None known. Further Problem Description: Last Modified: 16-SEP-2015 Known Affected Releases: 15.3(3)S4 Known Fixed Releases: * 15.4(3)S3.13, 15.6(0.18)S, 15.6(1.2)S Alert Type: Updated * Bug Id: CSCuo16316 Title: 1NG: Nightster explicit QinQ entry hitting QinAny entry in VLAN TCAM Status: Open Severity: 3 Moderate Description: * Symptom:On ASR1001-X, for the fixed ports under BUILT-IN-2T+6X1GE, Packets will hit the QIN-ANY entry if configured first, rather than explicitly configured QINQ entry and pick up the classification policy for QIN-ANY entry. Conditions:This problem only occurs on ASR1001-X on BUILT-IN-2T+6X1GE ports, if Customer configures 'QINAny' entry followed by explicit QINQ entry. Eg. encap dot1q 50 second-dot1q any encap dot1q 50 secnd-dot1q 10 encap dot1q 50 secnd-dot1q 50 So all the packet having outer vlan tag as 50 will always hit the hardware entry corresponding to entry '50-any' which will cause the classification policy of '50-any' to be applied to entry '50-10' and '50-50' as well Workaround:Configure explicit QINQ tagged entries first followed by QINAny entry. Eg. encap dot1q 50 secnd-dot1q 10 encap dot1q 50 secnd-dot1q 50 encap dot1q 50 second-dot1q any More Info: Last Modified: 14-SEP-2015 Known Affected Releases: 15.4(2)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuw11786 Title: ISR4451 crash in NAT/ALG due to stuck thread Status: * Other Severity: * 3 Moderate Description: Symptom: ISR4451 crash in NAT/ALG due to stuck thread Conditions: TBD Workaround: TBD Further Problem Description: Last Modified: 11-SEP-2015 Known Affected Releases: 15.4(2)S1 Known Fixed Releases: Alert Type: New Bug Id: CSCuv60858 Title: SSL-GW doesn't listen to the new IP after SSL Port and IP addr change Status: Fixed Severity: 3 Moderate Description: Symptom: Changing the SSLVPN port-number followed by changing the listening address results in SSLVPN-GW not listening to the new IP address Conditions: Client is connected to the GW with active traffic flow, we change the listening port of the SSLVPN-GW. Re-connect the client to the GW via the new port, and start traffic again, and this time change the listening IP address. At this the GW stops listening to SSLVPN connections completely. Workaround: flap the crypto ssl policy Further Problem Description: Last Modified: 10-SEP-2015 Known Affected Releases: 15.5(3)S0.1 Known Fixed Releases: Alert Type: New Bug Id: CSCuv71775 Title: EPA:68byte padding works on port0 of bay but other ports won't work. Status: Fixed Severity: 3 Moderate Description: Symptom: EPA:68byte padding works on port0 of bay but other ports won't work. Conditions: Not working only with EPA'S Workaround: N/A More Info:N/A Last Modified: 09-SEP-2015 Known Affected Releases: 15.5(3)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuu66331 Title: Battlestar:IPV6 Netflow on sub-bundle interfaces crashes both SUP's Status: Fixed Severity: 3 Moderate Description: Symptom: System crashes when NETFLOW is configured with flow exporter IPv6 destination address as one of local interface's address. Which is a misconfiguration, but it will crash the box. Conditions: Misconfigure as noted above Workaround: configure correct addresses on the flow exporter part of the config. Further Problem Description: Last Modified: 08-SEP-2015 Known Affected Releases: * 15.5(3)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuv64324 Title: Memory leak @crypto_ssl_policy_add_addr upon config-replace on SSL-GW Status: Fixed Severity: 3 Moderate Description: * Symptom: Config-replace on a SSLVPN-GW results in a memory leak @crypto_ssl_policy_add_addr Conditions: On a SSLVPN-GW if we happen to perform a config-replace, we happen to observe a memory leak @crypto_ssl_policy_add_addr Workaround: none Further Problem Description: Last Modified: 03-SEP-2015 Known Affected Releases: 15.6(1)S Known Fixed Releases: * 15.5(2)S1.7, 15.6(0.14)S Alert Type: Updated * Bug Id: CSCut39538 Title: vasi subsys not found in ipbasek9 image Status: Fixed Severity: 3 Moderate Description: Symptom: vasi subsys not found in ipbasek9 image Conditions: check subsys in different package images Workaround: n/a Further Problem Description: Last Modified: 02-SEP-2015 Known Affected Releases: 15.5(2)S Known Fixed Releases: * 15.5(2.19)S, 15.5(3)S Alert Type: Updated * Bug Id: CSCuu17470 Title: * XE314:1NGPacket drop Built-In interface configured with EVC and xconnect Status: Open Severity: 3 Moderate Description: * Symptom: While running cfm and vpls feature at a time in Nightster platform, I am seeing vpls feature traffic failure with Built-In Spa port. Conditions: Issue is seen only with BUILT-IN-2T+6X1GE port, not seen in SPA-8X1GE-V2 port. Workaround: Doing a shut/no shut on the interface resolves the problem. Further Problem Description: Last Modified: 29-SEP-2015 Known Affected Releases: 15.5(1)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuj33901 Title: ASR1000-RP2 : Actual ACTV/STBY LED state is incorrect Status: Fixed Severity: 3 Moderate Description: * Symptom: ASR1000-RP2's actual ACTV/STBY LED state is incorrect. Although RP2 state is active, STBY LED light up. This issue is seen while using V04 RP2. Conditions: V04 RP2 Workaround: Please refer to Field Notice FN63704 Further Problem Description: Last Modified: 01-SEP-2015 Known Affected Releases: * 15.2(4)S, 15.3(3)S Known Fixed Releases: 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 Alert Type: New Bug Id: CSCuw40400 Title: Router crashed at cpp_free_exmem Status: Fixed Severity: 3 Moderate Description: Symptom: cpp_cp_svr core file generated during normal operation. Conditions: Running IOS-XE software. Workaround: None. Further Problem Description: This problem is highly unlikely but possible. It is a very rare corner case and has only been seen once before with CSCuv79776 which was solved with a feature specific workaround. Last Modified: 25-SEP-2015 Known Affected Releases: 15.5(3)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuu22481 Title: ISG sends only encoded name when service is applied through shell map Status: Fixed Severity: 3 Moderate Description: Symptom: Policy name is seen as "ISG-X" in accounting packets and in 'show subscriber session detail' output rather than actual policy name Conditions: when sending policy from radius with VSA to add classes Workaround: none Further Problem Description: Last Modified: 24-SEP-2015 Known Affected Releases: 15.4(3)S1.9 Known Fixed Releases: * 15.5(3)M0.2, 15.5(3)S0.6, 15.6(0.5)S, 15.6(0.7)T Alert Type: Updated * Bug Id: CSCus13117 Title: Boadcast to multicast helper results in low receive rate Status: Fixed Severity: 3 Moderate Description: Symptom: when testing broadcast to multicast map function (broadcast in, multicast out), the multicast packet are dropped due to rpf check failed. Receivers only receives few multicast packets. Conditions: when the receiver joins to FHR via dmvpn tunnel, not physical interface. Workaround: none Further Problem Description: none Last Modified: 18-SEP-2015 Known Affected Releases: 15.4(3)S Known Fixed Releases: * 15.4(3)S2.5, 15.4(3)S3, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(1)S2.15, 15.5(1)SN1, 15.5(2)S0.3, 15.5(2)S1, 15.5(2)SN Alert Type: Updated * Bug Id: CSCuv45705 Title: tcam resource has not been released after 32k efp deleted on asr1001 Status: * Terminated Severity: 3 Moderate Description: * Symptom: the tcam resource has not released after 32k efp configured and deleted on the asr1001 Initial status 160 Bit Region Information -------------------------- Name : Leaf Region #1 Number of cells per entry : 2 Current 160 bits entries used : 4 Current used cell entries : 8 Current free cell entries : 4088 Configure 32768 efp 160 Bit Region Information -------------------------- Name : Leaf Region #1 Number of cells per entry : 2 Current 160 bits entries used : 17878 Current used cell entries : 35756 Current free cell entries : 5204 After delete all the efp 160 Bit Region Information -------------------------- Name : Leaf Region #1 Number of cells per entry : 2 Current 160 bits entries used : 1911 Current used cell entries : 3822 Current free cell entries : 20754 Conditions: with a clear configuration running 3.13 img configure 32k efp check the tcam resource on the asr1k and delete the efp then chewith a clear configuration running 3.13 img Workaround: reload the router or FP Further Problem Description: Last Modified: 18-SEP-2015 Known Affected Releases: 15.4(3) Known Fixed Releases: Alert Type: Updated * Bug Id: CSCui96679 Title: SBC No Way Audio on Transfer calls traversing more than two SIP trunks Status: Fixed Severity: 3 Moderate Description: * Symptom: On a Cisco ASR1k running the Cisco CUBE SP (Service Provider) feature set, IOS-XE version 15.1(3)S1, it is sometimes observed that a specific call transfer will have no way audio (dead air) upon the transfer completion. Conditions: The CUBE SP has at least three physical interfaces that terminate three different SIP trunks (for example to ITSP, SIP based IVR and to a Cisco Callmanager) and the problematic transfer call flow signaling traverses all three SIP trunks on the same CUBE. Workaround: If you have more than one CUBE available and if one of the transfer call leg traverses this second CUBE then the problem is not observed. Further Problem Description: Last Modified: 18-SEP-2015 Known Affected Releases: 15.1(3)S1 Known Fixed Releases: 15.2(4)S5, 15.3(3)S1, 15.4(1)S Alert Type: New Bug Id: CSCuv71193 Title: Error: Licensing infrastructure is NOT initialized. Status: Other Severity: 3 Moderate Description: Symptom: ------------------ show license udi ------------------ Error: Licensing infrastructure is NOT initialized. Error: Licensing infrastructure is NOT initialized. ------------------ show license udi standby ------------------ Error: Licensing infrastructure is NOT initialized. Error: Licensing infrastructure is NOT initialized. ------------------ show license feature ------------------ Error: Licensing infrastructure is NOT initialized. Error: Licensing infrastructure is NOT initialized. ------------------ show license feature standby ------------------ Error: Licensing infrastructure is NOT initialized. Error: Licensing infrastructure is NOT initialized. Conditions: unknown Workaround: unknown Further Problem Description: Last Modified: 18-SEP-2015 Known Affected Releases: 15.4(3)S2.2 Known Fixed Releases: Alert Type: Updated * Bug Id: CSCue74708 Title: destination-glean recovery not shown in show snoop policy command Status: Fixed Severity: 3 Moderate Description: Symptom:In ipv6 snooping policy, destination-glean recovery not shown in show ipv6 snooping policy command, while the data-glean recovery is shown in show ipv6 snooping policy command Conditions:In ipv6 snooping policy, destination-glean recovery not shown in show ipv6 snooping policy command Workaround:user can check the destination-glean recovery use show running command. Last Modified: 18-SEP-2015 Known Affected Releases: 15.2(1)E, 15.3(2)S Known Fixed Releases: * 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(2)E, 15.2(2)E1, 15.2(2b)E, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.13)S Alert Type: Updated * Bug Id: CSCto03957 Title: Tracebacks@mcprp_spa_ether_damselfly_plugin_start on SIP OIR Status: Open Severity: 4 Minor Description: * Symptom: Tracebacks seen on SIP OIR Conditions: Problem seen on SIP OIR done for more than 4 iterations Workaround: none Last Modified: 14-SEP-2015 Known Affected Releases: 15.1(0.2)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCsz44879 Title: IOS_INTR_OVER_LIMIT when encap ppp is changed on CT3 serial interfaces Status: Open Severity: 4 Minor Description: * Symptom:- A Cisco series ASR router throws the error "ASR1000_INFRA-5-IOS_INTR_OVER_LIMIT" messages when encap on the SPA-CT3 serial interfaces is removed and then reconfigured. Conditions:- The "ASR1000_INFRA-5-IOS_INTR_OVER_LIMIT" error messages are displayed by ASR1k series router when encap on the serial interfaces are removed and then reconfigured. Workaround:- None Last Modified: 14-SEP-2015 Known Affected Releases: 12.2XN Known Fixed Releases: Alert Type: Updated * Bug Id: CSCtf52049 Title: Incorrect TX K1 value when doing "aps force 1" with SF on protect Status: Open Severity: 4 Minor Description: * Symptom: I am seeing incorrect TX K1 byte value (0xE1 instead of 0xC0) Conditions: The issue happens after the following steps on B2B routers: 1. Injecting 10E-3 B2 error into protect on router 1 2. Issuing "aps force 1" on router 1 to force switchover to protect Last Modified: 14-SEP-2015 Known Affected Releases: 15.0(1)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCsz48301 Title: ASR1k displays Crytpo error message on Standby Console Status: Open Severity: 4 Minor Description: * Symptom: When configuring/enrolling security certificates on the ASR, error messages will start to display on the standby console. crypto pki certificate chainCCM-test ^ % Invalid input detected at '^' marker. certificateca 142E6562B966B93C ^ % Invalid input detected at '^' marker. Conditions: Redunancy Mode SS0 ASR1006 Platform. Workaround: None - ignore Security works on both Active and Standby RP's after failover. Further Problem Description: Last Modified: 18-SEP-2015 Known Affected Releases: 12.2(33)XND Known Fixed Releases: Alert Type: Updated * Bug Id: CSCtx72973 Title: config sync failure when removing crypto gdoi group Status: * Terminated Severity: 4 Minor Description: Symptom: Config-sync failiure is seen when unconfiguring the crypto gdoi group. Conditions: Seen on HA setup. Workaround: NA Last Modified: 18-SEP-2015 Known Affected Releases: 15.2(4)S Known Fixed Releases: Alert Type: Updated * Bug Id: CSCuq30260 Title: VC flaps on removing disable-fallback option from pseudowire Status: Fixed Severity: 6 Enhancement Description: Symptom: Pseudowire flaps on updating config Conditions: Update disable-fallback option that is part of "preferred-path interface " command. Workaround: None Further Problem Description: Last Modified: 18-SEP-2015 Known Affected Releases: 15.4(1)S Known Fixed Releases: * 15.4(3)M2.1, 15.4(3)M3, 15.4(3)M3.1, 15.4(3)S1.8, 15.4(3)S2, 15.5(1)S0.5, 15.5(1)S1, 15.5(1)SN1, 15.5(1)T1.1, 15.5(1)T2 Find additional information in Bug Search index.   2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks