| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx73612 | Title: | ASR crash while performing SNMP of IPsec stats. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: A Cisco ASR 1000 may reload while reading IPsec MIBs via SNMP and
write a crashfile.
Conditions: The symptom is observed on a Cisco ASR 1000 that is running Cisco
IOS Release 15.1(1)S1.
Workaround: Do not poll or trap IPsec information via SNMP.
|
|
Last Modified: | 03-OCT-2015 |
|
Known Affected Releases: | 15.1(1)S1 |
|
Known Fixed Releases: * | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EY, 15.0(2)EY1, 15.0(2)EY2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun00875 | Title: | Active ESP crashed after ~5 hours of churning |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A crash may occur after a large amount of ISG session flapping and tunnel flapping. ESP (QFP) memory exhaustion may be seen prior to the crash:
041954: Jun 20 03:22:37.632 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041955: Jun 20 03:43:54.252 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041956: Jun 20 04:10:17.644 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041957: Jun 20 04:16:19.992 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041958: Jun 20 04:26:05.046 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041959: Jun 20 04:26:05.079 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to up
041960: Jun 20 04:29:30.800 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041961: Jun 20 04:32:40.967 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
041962: Jun 20 04:32:41.008 UTC: %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error -Traceback= 1#21fcabb7bf645a0ac69f1ea8c36c64eb errmsg:C565000+2230 cpp_common_os:95E2000+C470 cpp_common_os:95E2000+C270 cpp_common_os:95E2000+19BCC cpp_plutlu_common:9D7A000+2FE0 cpp_plutlu_common:9D7A000+30A8 cpp_cef_mpls_common:9C27000+1A1F8 cpp_cef_mpls_common:9C27000+1CA50 cpp_cef_mpls_common:9C27000+1D374 :10000000+5F4974 :10000000+28B984 aobjman:DE0C000+11A78 :10000000+41345C evlib:9FD0000+E4AC evlib:9FD000
041963: Jun 20 04:35:37.120 UTC: %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error -Traceback= 1#21fcabb7bf645a0ac69f1ea8c36c64eb errmsg:C565000+2230 cpp_common_os:95E2000+C470 cpp_common_os:95E2000+C270 cpp_common_os:95E2000+19BCC cpp_plutlu_common:9D7A000+2FE0 cpp_plutlu_common:9D7A000+30A8 cpp_cef_mpls_common:9C27000+1A1F8 cpp_cef_mpls_common:9C27000+1CA50 cpp_cef_mpls_common:9C27000+1D374 :10000000+5F4974 :10000000+28B984 aobjman:DE0C000+11A78 :10000000+41345C evlib:9FD0000+E4AC evlib:9FD0
041964: Jun 20 04:35:37.832 UTC: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
041965: Jun 20 04:37:08.683 UTC: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CPP Client process failed: FMAN-FP det:HA class:CLIENT_SW sev:FATAL id:1 cppstate:RUNNING res:UNKNOWN flags:0x0 cdmflags:0x0
041966: Jun 20 04:37:08.697 UTC: %IOSXE-6-PLATFORM: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected
041967: Jun 20 04:37:08.843 UTC: %PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)
Conditions:
QFP memory exhaustion and interface flapping
Workaround:
Further Problem Description:
|
|
Last Modified: | 29-OCT-2015 |
|
Known Affected Releases: * | 15.4(2)S, 15.5(1)S |
|
Known Fixed Releases: | 15.4(2)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu85691 | Title: | Under load crash is seen at REFER based scenarios |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Under load crash is seen at REFER based scenarios
Conditions:
Load enclosed configs
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 21-OCT-2015 |
|
Known Affected Releases: | 15.5(2.21)S0.6 |
|
Known Fixed Releases: | 15.5(2)S1.7, 15.5(2)T2, 15.5(3)M0.2, 15.5(3)S0.7, 15.6(0.12)S, 15.6(0.8)T |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu07657 | Title: | binos: Linux Kernel Generic , Proc and Admin access vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 Series Aggregation Services Router includes a version of the Linux Kernel that is affected by the vulnerabilities identified by
the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2011-3593, CVE-2011-3637, CVE-2012-1179
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.7/5.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2011-3593, CVE-2011-3637, CVE-2012-1179 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu55787 | Title: | ASR1001-X: Router fails to come online with No Service Password Recovery |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Router fails to come online after attempting to return to factory defaults with "No Service Password Recovery" enabled.
Conditions:
ASR1001-X with No Service Password Recover enabled. An attempt to send a to the ROMMON followed by answer "Y" to
Do you want to reset the router to the factory default
configuration and proceed [y/n] ?
Workaround:
Do not enable No Service Password Recovery
or
Do not attempt to return router to factory defaults after having done so
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09595 | Title: | binos: Linux Kernel TCP SYN+FIN packets vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-2663, CVE-2012-4530
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/6.2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C&version=2.0
CVE-2012-2663 and CVE-2012-4530 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv09985 | Title: | ESP100 crash if interface is going up/down CPPHA-3-FAULT: F0: cpp_ha |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1k is function as a LNS device and is connected to a core router.
Conditions:
Reload of the core router and ESP crashed during ~20k L2TP sessions were up.
Workaround:
none
Further Problem Description:
Traceback:
*Jun 30 10:54:49.870: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CPP Client process failed: cpp_cp det:HA class:CLIENT_SW sev:FATAL id:1 cppstate:RUNNING res:UNKNOWN flags:0x0 cdmflags:0x0
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur24793 | Title: | l2protocol forward not work for STP, LLDP, PPTPv2 and E-LMI in EVC |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
STP, LLDP, PPTPv2 and E-LMI keep being punted/forward regardless of the l2protocol forward CLI
Conditions:
Config l2protocol forward stp elmi lldp under EVC
Workaround:
N/A
Further Problem Description:
N/A
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.3(3)S5.11, 15.3(3)S6, 15.4(3)S3.3, 15.4(3)S4, 15.5(1)S2.15, 15.5(1)S2.7, 15.5(1.18)S0.9, 15.5(2)S, 15.5(2)SN, 15.5(2.10)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu95254 | Title: | PAE- race condition, RDSprotocol PART-2 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 includes a version of Linux that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures
(CVE) IDs:
CVE-2011-4110
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.1/2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2011-4110 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz61014 | Title: | f Linux kernel NTP leap second handling could cause deadlock |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
There are periodic leap second events which can add or delete a second to global time.
When the leap second update occurs the system will crash when adding or deleting NTP leap second in NTP
master mode.
Conditions:
The leap second update will be propagated via Network Time Protocol (NTP) or via manually setting the clock.
Workaround:
To prevent an issue when the leap second update is received do not configure the system as NTP master.
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: * | 15.1(3)S4, 15.2(2)S1, 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09588 | Title: | binos: Linux Kernel Btrfs vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 Series Aggregation Services Router includes a version of Linux Kernal that is affected by the vulnerabilities identified by the
following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-5374, CVE-2012-5375
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-5374, CVE-2012-5375 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo77017 | Title: | tcam resource has not been released after 32k efp deleted |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
the tcam resource has not released after 32k efp configured and deleted on the asr1001
Conditions:
with a clear configuration running 3.13 img
configure 32k efp
check the tcam resource on the asr1k
and delete the efp then check the tcam on the asr1k
will find the resource hs not beem released
Workaround:
reload the router or FP
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv57459 | Title: | ASR1K Kernel crash at pidns_get() - part 2 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu60301 | Title: | ESP100 crash because of hardware interrupt |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
The crash itself occurs while processing an event to adjust the scheduling
nodes clock.
Conditions:The trigger for this crash is a flat policy with class-default only
applied on scaled LNS sessions.
Workaround:None
More Info:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S2.16 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv94715 | Title: | CENT_CHANNEL_REACHABLE message keeps punting by PD side |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
CENT_CHANNEL_REACHABLE message keeps punting by PD side
In this condition ,if the channel turns to unreachable ,and then reachable ,the TCA may keep sending ,that will make the channel on master is unreachable all the time. while the channel on border is reachable.
Conditions:
in normal PfRv3 testbed with ASR1K as border
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv83793 | Title: | AppNav-XE drop packets when traffic from WAAS has wrong ID |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ICA AO / WAAS Traffic / packet drop is seen in packet capture, application would fail to connect.
Conditions:
IOS-XE 3.13.3x and WAAS code 5.3.x to 5.5.x additional code version may be impacted.
Workaround:
From AppNav-XE Policy, put this traffic as pass-through using port numbers
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S3.3 |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv91545 | Title: | ESP continuous crash on ASR1013 using 03.13.03.S.154-3.S3-ext.bin |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Crash
Conditions:
when customer upgraded from asr1000rp2-adventerprisek9.03.11.02.S.154-1.S2-std to asr1000rp2-adventerprisek9.03.13.03.S.154-3.S3-ext.bi
Workaround:
Removing the deny entries from the ACL used in ZBFW policy-map stops the ESP crash
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S, 15.4(3)S3.1 |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu88964 | Title: | ASR1K Kernel crash at pidns_get() |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09607 | Title: | binos: Linux Kernel VLAN vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) ID:
CVE-2011-4110
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.1/1.7:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE-2011-4110 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu92634 | Title: | ASR1K:FP100: cpp_svr core file seen with uws_wan_xe311 profile |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
cpp_svr core file seen with uws-wan_xe311 profile.
Conditions:
while removing and adding service-policy from parent tunnel policy
Workaround:
-
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv05361 | Title: | cpp_cp_svr crash on AR1K |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A cpp_cp_svr and a fman_fp_image core file was generated after configuring adaptive QoS.
Conditions:
Not known
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus75546 | Title: | mcp_dev hw_dcache invalidates too many dTLBs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Crash due to dTLB miss
Conditions:
Under extremely rare conditions where threads on the same processing core have both opened virtual windows, one thread may accidentally invalidate a dtlb entry associated with another threads virtual window.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S2, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu12008 | Title: | rework CSCut21885: chunk_destroy memory leak. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
fman_fp_image and cpp_cp_svr memory leak. from both outputs - QFP PfR MP Prefix H.. holding ton of memory
show platform software memory forwarding-manager FP active brief
show platform software memory qfp-control-process qfp active brief
QFP PfR MP Prefix H... 3747007512 3746855032 38108 28578
Summary 4262097059 4221917059 81523186 79011936
AL-INET-RTR02#show platform software status control-processor brief
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Healthy 16342752 6469604 (40%) 9873148 (60%) 10926860 (67%)
RAL-INET-RTR02#show platform software process list r0 sort memory
Name Pid PPid Group Id Status Priority Size
------------------------------------------------------------------------------
linux_iosd-imag 23712 22710 23712 S 20 4294967295
fman_fp_image 29760 29456 29760 S 20 3076255744
cpp_cp_svr 28858 28431 28858 S 20 1849511936
fman_rp 21120 20336 21120 S 20 1452556288
4+ weeks later:
RAL-INET-RTR02#show platform software status control-processor brief
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Healthy 16342752 10532628 (64%) 5810124 (36%) 14990352 (92%)
RAL-INET-RTR02#show platform software process list r0 sort memory
Name Pid PPid Group Id Status Priority Size
------------------------------------------------------------------------------
linux_iosd-imag 23712 22710 23712 S 20 4294967295
fman_fp_image 29760 29456 29760 S 20 4294967295
cpp_cp_svr 28858 28431 28858 S 20 2942447616
fman_rp 21120 20336 21120 S 20 1462714368
Conditions:
PfR is enabled and activated.
Workaround:
Avoid using PfR
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(2)S1 |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu85007 | Title: | split-horizon group communication failure |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
split-horizon group communication failure
Conditions:
upgrade from 3.7.4S to 3.10.1S or 3.13.0S
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum88382 | Title: | BFD session not established upon RP Switchover and back |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: BFD session not established upon RP Switchover and back.
Conditions: This symptom is observed during RP switchover and switchback.
Workaround: There is no workaround.
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: * | 15.2(1.30)PSR, 15.2(2)E, 15.2(2)E1, 15.2(2)EA1.1, 15.2(2.2.32)EA, 15.2(2.2.70)ST, 15.2(2a)E1, 15.2(2b)E, 15.2(3)E, 15.2(4.0)ST |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq77051 | Title: | out of ids when configuring xconnect |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Attempting to create or modify a xconnect context using the command
l2vpn xconnect context command may fail with the
error message:
%IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0)
Conditions:
This symptom has been observed after entering and exiting xconnect
context sub-modes many times (over 65000) over an extended period of
time.
Workaround:
There is no workaround. Once this error occurs, the router must be
reloaded.
Further Problem Description:
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.3(3)S4.2, 15.3(3)S5, 15.4(3)M2.1, 15.4(3)M3, 15.4(3)M3.1, 15.4(3)S0.7, 15.4(3)S1, 15.4(3)S2, 15.4(3)SN1a, 15.5(0.18)S0.6 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl09030 | Title: | ARP In or IP InbandSessionInitiator process crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A device configured to function as DHCP relay/server crashes in the ARP input process or IP inband session initiator process.
Conditions:
This symptom is observed when the device is configured with
DHCP relay or server and DHCP initiated IP sessions are configured. This issue
is seen when the ISG inband IP session initiator is configured and an ARP
request is received from a client whose DHCP IP session has timed out or cleared.
Workaround:
Disable ISG DHCP session initiator.
Further Problem Description:
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 15.0(1)S2 |
|
Known Fixed Releases: * | 12.2(33)SB12, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE6, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33.2.39)SB11, 12.2(33.2.81)SB12, 12.2(33.3.0)SB13 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut65374 | Title: | PTP Leap Second: ASR1002-X incorporate leap second addition 6/30/15 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
There are periodic leap second events which can add or delete a second to global time. The leap second event can be propagated via Precision Time Protocol (PTP) if configured.
When the leap second update occurs and the device is configured to use PTP as a Boundary Clock (BC) then an incorrect Coordinated Universal Time (UTC) offset and PTP Leap Indicator could propagate incorrect time downstream. This could cause the PTP network time to be off as much as thirty five seconds.
Conditions:
The leap second update is propagated from the configured PTP Grandmaster clock.
A Cisco device running the PTP protocol would have the "feature ptp" command in the running configuration.
Workaround:
For this problem of the incorrect PTP UTC offset and Leap Second update flag for Cisco devices configured as a PTP boundary clock the following workaround can be used:
1. Increase the Time To Live (TTL) on the IPV4 multicast PTP frames from the PTP Grand Master clock from the default of one (1) to something higher than the number of multicast hops the PTP packets would have to traverse in the network to reach the Cisco device.
2. Disable PTP on the affected cisco devices configured as PTP boundary clocks.
3. If the now disabled Cisco devices configured as a PTP boundary clock supports Internet Group Management Protocol (IGMP) snooping then nothing additional is required.
If the device does not support IGMP snooping then static multicast Content Addressable Memory (CAM) entries would need to be created for the devices downstream which need the PTP frames from the PTP Grand Master clock.
If this workaround cannot be implemented than an upgrade is recommended.
Further Problem Description:
N/A
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut03205 | Title: | SPA modules on ASR1K show "missing" under show platform output |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When a new/compatible SPA module is inserted in a ASR1K chassis in certain cases it may exhibit one of the following symptoms:
1) SPA module shows "missing" under "show platform" output
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1002-X ok 12w0d
0/0 6XGE-BUILT-IN ok 12w0d
0/1 SPA-8XCHT1/E1 missing 5w4d
2) Shows as "Out Of Service". Not to be confused for an existing module which might have failed and shows "out of service".
Chassis type: ASR1002-X
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1002-X ok 12w0d
0/0 6XGE-BUILT-IN ok 12w0d
0/1 SPA-8XCHT1/E1 out of service 5w4d
3) Does not show at all under "show platform" or "show inventory" and no logs are generated when its inserted/removed. The following command will confirm if the router sees it and its state:
# show platform hardware slot 0 spa stat
Bay SPA Type State PST POK SOK PENB RST DENB HSS
-------------------------------------------------------------------------------
0 6XGE-BUILT-IN Online 0 1 1 1 1 0 1
1 Unknown Detection 0 0 0 0 0 1 0 <<<
2 Empty Detection 1 0 0 0 0 1 0
3 Empty Detection 1 0 0 0 0 1 0
Conditions:
Has been seen only when a SPA is installed for the first time in a ASR1K chassis.
Workaround:
The SPA in this case should come online after a reboot.
Further Problem Description:
The same SPA modules work without any issues on other ASR1K chassis.
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.2(4)S, 15.4(3)S1.1 |
|
Known Fixed Releases: * | 15.4(3)S, 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut82336 | Title: | ASR1002-X: Handle leap second in ToD IN |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Time of day variation between master and source when ASR1002-X is used as ToD IN from 30 June 2015.
There will be one second difference between ASR1002-X master and slave, with the actual UTC time.
ASR1002X#show platform software ptpd tod
PTPd ToD information:
Time: 04/21/15 09:07:02
ASR1002X#
There will be one sec difference in above time and the actual UTC time.
Conditions:
ToD input is used to synchronize time-of-day.
When ASR1002-X acts as a MASTER in ordinary clock configuration, it takes 10M or 2M for frequency synchronization and ToD input from symmetricom for ToD synchronization.
This frequency and ToD is transmitted to other PTP Boundary clocks and slave clocks for synchronization.
Due to leap second, when UTC Offset increases by one second, MASTER PTP Clock does not handle that. So, there is a difference between actual UTC time and the time transmitted by PTP Master.
Config
-----------
ptp clock ordinary domain 0
tod R0 ntp
input 1pps R0
clock-port master master
transport ipv4 unicast interface Lo0 negotiation
Workaround:
None
Further Problem Description:
See CSCut65374 for details.
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu75584 | Title: | cpp ucode crash related to Nat config changes |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
cpp-ucode crash followed by fman-Fp crash
Conditions:
possible NAT configuration changes
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S5.9 |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09592 | Title: | binos: Linux Kernel Solar flare Eth. driver vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) ID:
CVE-2012-3412
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2012-3412 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup14212 | Title: | IOS-XE: IPv6 GETVPN dropped after un-configure then re-configure VRF |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
GETVPN IPv6 packets are dropped.
Conditions:
When GETVPN VRF-lite is enabled at an interface, this problem could happen if the VRF definition is de-configured.
Workaround:
When VRF of the GETVPN VRF-lite protected interface has to be modified, please follow these steps:
1. Remove the GDOI-ipv6 crypto-map
2. change the VRF of the interface from old-VRF to new-VRF
3. re-apply GDOI-ipv6 crypto map to interface
After the step3, the unused "old-VRF" can now be de-configured accordingly.
Further Problem Description:
Only GETVPN IPv6 data path is having this issue. This DDTS is to track IOS-XE side fix.
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx02286 | Title: | Active RP restart seen on SSO with PPPoE traffic with mvpnmcast |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
RP switchover of router with mvpn traffic results in RP restart
Conditions:
PPPoesessions with mvpn traffic and then SSO
Workaround:
none
|
|
Last Modified: | 03-OCT-2015 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: * | 15.1(1)SY, 15.1(1.23)SID, 15.1(2)SG1.130, 15.1(2)SIV11.7, 15.1(2)STV11.1, 15.2(1)EX0.5, 15.2(2.15)S, 15.2(2.19)S, 15.2(3.10)PI20c, 15.2(4)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut99067 | Title: | ESP crashed desc:CPP Client process failed: cpp_cp |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ESP crash with traceback:
Mar 30 16:54:47.400: %CPPOSLIB-3-ERROR_NOTIFY: F1: fman_fp_image: fman-fp encountered an error -Traceback= 1#5a9c52533fc6b264935201eb8ca31fc1 errmsg:C53B000+2230 cpp_common_os:95B5000+C470 cpp_common_os:95B5000+C270 cpp_common_os:95B5000+19BCC cpp_fhs_lib:8594000+576C cpp_common_os:95B5000+11908 cpp_common_os:95B5000+11A1C evlib:9FA6000+E16C evlib:9FA6000+10554 :10000000+4154C8 c:77D4000+1E938 c:77D4000+1EAE0
Mar 30 16:55:56.695: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F1
Conditions:
none
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S3 |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut65811 | Title: | Fair-queue with byte-based qlimit will not display q-depth correctly |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The show policy-map interface output might not display correct info for queue-depth.
Conditions:
When flow-based fair-queue feature used with byte-based queue-limit configuration, the display of queue-depth might be wrong.
Workaround:
No workaround. But this is display issue only, the functionality works fine.
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S2, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu68769 | Title: | issue with port allocation routine for NAT HA message |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:Translation with mismatching port created on standby router in NAT B2B setup while processing the HA msg from Active router.
Conditions:It is timing related issue on NAT B2B HA setup so not associated with any specific condition. The occurrence will be rare.
Workaround:No workaround
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu27197 | Title: | ASR1K 1NG: set platform software trace doesn't show IOMD in nightster |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
IOMD set trace commands doesn't work in ASR1001-X.
Conditions:
"set platform software trace" CLI doesn't show iomd option.
Workaround:
Further Problem Description:
Enabling IOMD debugs will not be possible without this command.
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue44587 | Title: | ASR Missing RRI routes is with active SAs |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
After the L2L tunnel has been up for some time, the route created by RRI will be removed from the ASR routing table, even though there is still a valid IPSec SA built for the destination subnet.
Conditions:
ASR configured with L2L tunnel to ASA, and RRI is enabled.
Workaround:
Configure a static route for the destination subnet on the ASR.
Further Problem Description:
|
|
Last Modified: | 04-OCT-2015 |
|
Known Affected Releases: | 15.1(2.0), 15.2(1)S2 |
|
Known Fixed Releases: * | 15.1(1)IB273.6, 15.1(1)SY2.3, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4, 15.2(2)E |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj14019 | Title: | 1RU: %CMRP-3-UDI_AUTH: F0: cmand: Quack Unique Device Identifier authen |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
%CMRP-3-UDI_AUTH: F0: cmand: Quack Unique Device Identifier authentication failed,
show up.on ASR1001
Conditions:
After reloading the box or inserting SFPs.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 16-OCT-2015 |
|
Known Affected Releases: | 15.2(4)S3, 15.4(0.19)S0.8, 15.4(1.6)S |
|
Known Fixed Releases: * | 15.2(4)S4.13, 15.2(4)S5, 15.2(4)S6, 15.3(3)S1.8, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.3(3)S3, 15.3(3)S4, 15.4(1)S0e |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu13292 | Title: | ASR1k ucode crash at ipv4_esf_portbundle_forus |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1k may experience a cpp_ucode crash with a DTL transfer error. The packet in question shows that this crash was triggered with a packet that went through the ISG code path and was and destined locally to a loopback address on the router.
Conditions:
The router has ISG/PBHK services configured on it.
i.e.
"ip portbundle outside" is configured under the interface
Workaround:
None at this time
Further Problem Description:
This crash is due to a timing issue in which the structures within PBHK are freed prematurely. The result is a crash when we tried to reference this memory again later on.
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S2.1 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu26053 | Title: | Incorrect SPD ID in show platform software ipsec fp act flow id |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
An incorrect SPD ID value is printed in the output of the "show platform software ipsec fp act flow id" command. The displayed value actually seemed to correspond to the corresponding 'cgid'.
Conditions:
ASR1k, IPSec, Running IPSec related cli show commands
Workaround:
Use the output of the "sh platform hardware qfp active feature ipsec interface " to get the correct SPD ID
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur44103 | Title: | ASR1k: Port leak while using NAT with interface mappings |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
An ASR1k router will run out of internal ports to be allocated for a given application. This can impact applications such as telnet, FTP, TACACs, etc.
For example, when trying to telnet to a locally defined IP address, the following will be seen if all the internal ports are leaked:
ASR1k#telnet 1.1.1.1
Trying 1.1.1.1 ...
% Out of local ports
Conditions:
This issue is seen when overloading NAT and using an interface-based mapping
"ip nat inside source list ACLNAME interface GigabitEthernet0/0/0 overload"
This issue is only applicable to ASR1k routers.
Workaround:
Once all the avilable ports are leaked, the only way to clear the condtion is to reload the router. The issue still persists even when NAT is removed from the configuration and the translations are cleared. An alternative would be to use a pool-based NAT mapping.
-The rate at which ports are leaked can potentially be reduced by:
1) Configure a maximum number of NAT translations via "ip nat translation max-entries x" before all avilable ports are exhausted
2) Reducing the translation timeout so portblocks are reused instead of having new ones being allocated "ip nat translation tcp-timeout/udp-timeout x"
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut63804 | Title: | CPP crashed when device in pair became active |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When the active asr1k failed due to a parity error, almost at the same time, standby device was also crashed with following logs
Mar 28 14:31:56.511 EDT: %RG_PROTOCOL-5-ROLECHANGE: RG id 1 role change from Active to Init
Mar 28 14:31:56.512 EDT: %CPPDRV-3-LOCKDOWN: F0: cpp_ha: CPP10(0) CPP Driver LOCKDOWN due to fatal error.
Mar 28 14:31:56.515 EDT: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Mar 28 14:31:56.516 EDT: %CPPHA-3-FAULTCRASH: F0: cpp_ha: CPP 0.0 unresolved fault detected, initiating crash dump.
Mar 28 14:31:56.516 EDT: %CPPHA-3-FAULTCRASH: F0: cpp_ha: CPP 0.0 unresolved fault detected, initiating crash dump.
Mar 28 14:31:56.516 EDT: %CPPDRV-6-INTR: F0: cpp_driver-0: CPP10(0) Interrupt : 15-Mar-28 14:31:56.509130 UTC-0400:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0
Mar 28 14:31:56.521 EDT: %CPPDRV-3-LOCKDOWN: F0: fman_fp_image: CPP10(0) CPP Driver LOCKDOWN due to fatal error.
Mar 28 14:31:57.145 EDT: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
Mar 28 14:31:57.145 EDT: %IOSXE_RP_ALARM-6-INFO: ASSERT MAJOR module F0 Unknown state
Mar 28 14:31:57.145 EDT: %IOSXE_RP_ALARM-2-ESP: ASSERT CRITICAL module R0 No Working ESP
Mar 28 14:31:57.542 EDT: %CPPCDM-3-ERROR_NOTIFY: F0: cpp_cdm: QFP 0 thread 143 encountered an error -Traceback= 1#dbab8adbe0e71d7303480441c1e031fc 805F9A1C 805ABD61 80020708 80351FD6 80623E6C
Mar 28 14:31:57.784 EDT: %IOSXE-3-PLATFORM: F0: cpp_cdm: CPP crashed, core file /tmp/corelink/cgn2.wsf.prnynj_ESP_0_cpp-mcplo-ucode_032815143157.core.gz
Mar 28 14:32:00.815 EDT: %CPPDRV-3-LOCKDOWN: F0: cpp_cp: CPP10(0) CPP Driver LOCKDOWN due to fatal error.
Mar 28 14:32:15.560 EDT: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CPP Client process failed: FMAN-FP det:HA class:CLIENT_SW sev:FATAL id:1 cppstate:RUNNING res:UNKNOWN flags:0x0 cdmflags:0x0
Conditions:
Device becoming active
Workaround:
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S2.1 |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur77743 | Title: | ICMP packets generated by the router are wrongly NATted |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The clients don't receive ICMP message for the packets dropped by the router NATting the traffic.
This breaks a few things like PMTUD.
The router doing the NAT also shows the following message :
ICMP: unreachable packet's src is not one of ours?
Conditions:
The issue is seen when the following two conditions are met :
1) Packet is dropped at "nat outside" interface by the router.
2) Dynamic overload NAT is being used (either pool overload or interface overload).
Workaround:
If the ICMP is required for PMTUD then use "ip tcp adjust-mss"
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(3)S1.1 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv46318 | Title: | ESP100 cpp_cp_svr crash issue due to invalid stats_sbs_entry data |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ESP-100 crashes due to invalid stats entry data.
Conditions:
Both PPPoE and IPoE sessions are provisioned on ESP100.
IPoE sessions are configured with Traffic Class.
Workaround:
No workaround.
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.4(1)S2 |
|
Known Fixed Releases: * | 15.4(3)S4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut09922 | Title: | cpp_cp traceback from qos cpp_qm_rm_tree_obj_add |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ESP cpp_cp traceback is logged followed by an fman error:
%CPPOSLIB-3-ERROR_NOTIFY: F1: cpp_cp: cpp_cp encountered an error -Traceback= 1#a0f0f862f90ba980ab16995b5d430ff1 errmsg:C815000+2230 cpp_common_os:CEAE000+C470 cpp_common_os:CEAE000+C270 cpp_common_os:CEAE000+19BCC cpp_bqs_mgr_lib:EDA2000+1B210 cpp_bqs_mgr_lib:EDA2000+2A71C cpp_bqs_mgr_lib:EDA2000+1C448 cpp_qos_ea_lib:F22F000+10DB8 cpp_qos_smc_lib:F2BE000+31AC cpp_common_os:CEAE000+113E4 cpp_common_os:CEAE000+11A1C evlib:CBD9000+E16C evlib:CBD9000+10554 cpp_common_os:CEAE000+1318C :10
%FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F1: fman_fp_image: qos hqf: class=0.0, dpidx=9745, qid=0x13815:0x4000907e (p:0x40014cdf), dir=both directions download to CPP failed
Traceback:
% 0xedbd210 : cpp_qm_rm_tree_obj_add
% 0xedcc71c : cpp_qm_cmn_create_schedule
% 0xedbe448 : cpp_qm_create_schedule
% 0xf23fdb8 : cpp_qos_queue_event
% 0xf2c11ac : cpp_qos_ea_async_event_handler
% 0xcebf3e4 : smc_msg_read_internal
% 0xcebfa1c : smc_msg_read
% 0xcbe716c : __evDispatch
% 0xcbe9554 : __evMainLoop
% 0xcec118c : smc_msg_chan_receive
QOS may not function properly after seeing this error message.
Conditions:
System with QOS and BroadBand QOS. Very rare condition due to timing issue. Modify Interface QOS config while adding/removing session QOS config.
Workaround:
No workaround. Need to reboot the FP to clear the Queue error.
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S3 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu45138 | Title: | MCP-RLS2: SCE: Session Query Request rejected by MCP ISG |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: |
Symptom:
SCE sends wrong IP address in session query request to ISG.
Conditions:
During SCE session query.
Workaround:
None
Further Problem Description:
Still investigating the problem. Not completely sure if the problem is with ISG
|
|
Last Modified: | 27-OCT-2015 |
|
Known Affected Releases: * | 12.2XN, 15.2(4)S1.7, 15.3(1)S0.7, 15.4(2.5)S, 15.4(2.9)S, 15.5(0.7)S, 15.5(1.7)S, 15.6(0.3)S, 15.6(1.7)S, 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup01088 | Title: | CPUHOG and crash on 'clear dmvpn session' with large NHRP cache |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On an ASR 1000 Series Aggregation Services Router configured with DMVPN, CPUHOG messages may be observed after 'clear dmvpn session' is invoked.
In certain cases, this may lead to a watchdog timeout and an unexpected reboot of the router.
Conditions:
This issue is observed when a router has a very large NHRP table (10-20k entries or more) with a large number (thousands) of child entries per parent entry.
Workaround:
Reduce the size of the NHRP database through supernetting or similar.
Further Problem Description:
|
|
Last Modified: | 10-OCT-2015 |
|
Known Affected Releases: | 15.2(4)S1 |
|
Known Fixed Releases: * | 15.2(1)SY1.13, 15.2(4.0)ST, 15.2(4.0.21)E, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(1)IE101.170, 15.3(3)M4.1, 15.3(3)M5, 15.3(3)S4.10, 15.3(3)S5 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc43160 | Title: | fhs-ask1k dynamic Binding Table number not include dhcp prefix entry |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: dynamic binding table number wrong,dhcp iapd prefix entry not count by dynamic, but by total number
Conditions:enable prefix-glean from dhcpv6-pd,
Workaround:none
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: * | 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.13)S, 15.3(2.15.1)XEB |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue74708 | Title: | destination-glean recovery not shown in show snoop policy command |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:In ipv6 snooping policy, destination-glean recovery not shown in show ipv6 snooping policy command, while the data-glean recovery is shown in show ipv6 snooping policy command
Conditions:In ipv6 snooping policy, destination-glean recovery not shown in show ipv6 snooping policy command
Workaround:user can check the destination-glean recovery use show running command.
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 15.2(1)E, 15.3(2)S |
|
Known Fixed Releases: * | 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(2)E, 15.2(2)E1, 15.2(2b)E, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.13)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq30260 | Title: | VC flaps on removing disable-fallback option from pseudowire |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Pseudowire flaps on updating config
Conditions:
Update disable-fallback option that is part of "preferred-path interface " command.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: * | 15.4(3)M2.1, 15.4(3)M3, 15.4(3)M3.1, 15.4(3)S1.8, 15.4(3)S2, 15.5(1)S0.5, 15.5(1)S1, 15.5(1)SN1, 15.5(1)T1.1, 15.5(1)T2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum86116 | Title: | IKEv2 Static Route incorrectly removed due to duplicated SA |
|
Status: | Other |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
IKEv2 static routes are present in the output of "show crypto ikev2 sa remote ... detail" but not in the IP routing table.
Conditions:
In some cases with static tunnels, when a new IKEv2 SA is established, after a connectivity issue, the IKEv2 static routes are not present in the routing table.
Workaround:
In some cases the customer may be able to manually add static routes.
Further Problem Description:
|
|
Last Modified: | 23-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu14810 | Title: | LNS Setup Rate takes over one hour for 58K sessions (copy of CSCut20591) |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
In high scale L2TP/LNS cases where RADIUS sends a QoS-Policy to LNS as a part of Access Accept, session setup rate might be too slow.
For 58.000 sessions, it might take up to 1 hour or even longer to establish all sessions on the LNS side.
The goal of this fix is to improve session setup rate on LNS: without outgoing shaping in RADIUS user profile, it takes only 23 minutes.
Conditions:
In high scale L2TP/LNS cases where RADIUS sends a QoS-Policy to LNS as a part of Access Accept, session setup rate might be too slow.
For 58.000 Sessions, it might take up to 1 hour or even longer to establish all sessions on the LNS side.
The goal of this fix is to improve session setup rate on LNS: without outgoing shaping in RADIUS user profile, it takes only 23 minutes.
Workaround:
Further Problem Description:
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S3.13 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx21652 | Title: | ACL/IPsecEncryption counters not working |
|
Status: | Terminated |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
The 'show access-list' command for crypto ACLs on ASR do not show the match count increasing when we're encrypting traffic.
Also the 'show crypto engine connections active' does not display counters increasing.
Conditions:
ASR platform.
Workaround:
'show crypto ipsec sa' and 'show crypto session detail' will display counters properly.
'show platform software ipsec F0 encryption-processor statistics' will also display low-level statistics about the crypto engine, however note that this platform command is not currently documented externally.
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo40592 | Title: | Add support for PBR on IP sessions |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
As of today, PBR is not supported with ISG IP sessions (Documentation: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/isg/configuration/xe-3s/isg-xe-3s-book/isg-acess-ip-sess.html)
This feature request is to request support for:
Per user PBR on IP sessions
Per interface PBR on interface where ISG is configured (Currently unsupported as well)
Conditions:
N/A
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 26-OCT-2015 |
|
Known Affected Releases: | 15.3(3)S1 |
|
Known Fixed Releases: | |
|
|
| |
:
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论